b12f restructure #1
|
@ -24,6 +24,14 @@ charset = unset
|
||||||
indent_style = unset
|
indent_style = unset
|
||||||
indent_size = unset
|
indent_size = unset
|
||||||
|
|
||||||
|
[*.rom]
|
||||||
|
end_of_line = unset
|
||||||
|
insert_final_newline = unset
|
||||||
|
trim_trailing_whitespace = unset
|
||||||
|
charset = unset
|
||||||
|
indent_style = unset
|
||||||
|
indent_size = unset
|
||||||
|
|
||||||
[*.py]
|
[*.py]
|
||||||
indent_size = 4
|
indent_size = 4
|
||||||
|
|
||||||
|
|
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -7,7 +7,7 @@ vm
|
||||||
iso
|
iso
|
||||||
doi
|
doi
|
||||||
|
|
||||||
pkgs/_sources/.shake*
|
# PubSolarOS
|
||||||
|
|
||||||
tags
|
tags
|
||||||
/owners
|
/owners
|
||||||
|
pkgs/_sources/.shake*
|
||||||
|
|
78
flake.lock
78
flake.lock
|
@ -42,11 +42,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1665392861,
|
"lastModified": 1667294277,
|
||||||
"narHash": "sha256-bCd8fYJMAb0LzabsiXl4nxECDoz483bJOCa2hjox7N0=",
|
"narHash": "sha256-YhVGYUpPZNpJZ8z3Sq9aT6n1/B8vKtfRfwaCtbsosxk=",
|
||||||
"owner": "LnL7",
|
"owner": "LnL7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "ef56fd8979b5f4e800c4716f62076e00600b1172",
|
"rev": "b7177030643374e698c29e993c2808efa7b85aaf",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -276,11 +276,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1665996265,
|
"lastModified": 1667299227,
|
||||||
"narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=",
|
"narHash": "sha256-vAJPFSDYUq3DdCL8OzTg4xObRNW+yA1Pt+NzbhGu1f8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891",
|
"rev": "f0ecd4b1db5e15103e955b18cb94bea4296e5c45",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -308,11 +308,11 @@
|
||||||
},
|
},
|
||||||
"latest_2": {
|
"latest_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1665940183,
|
"lastModified": 1667231093,
|
||||||
"narHash": "sha256-cPe3F7CtnxU9YbJpc3Adl4d9kX+turqTv5FxM98i8vg=",
|
"narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "104e8082de1b20f9d0e1f05b1028795ed0e0e4bc",
|
"rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -322,6 +322,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"master": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1667394072,
|
||||||
|
"narHash": "sha256-RFTHGjI46hg3ggVwSdssAsni5q5YRsQl2SENv5PPAnQ=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "07c0c2707bfc78e2b615eb69977ffc6e366c5ec6",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"naersk": {
|
"naersk": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -359,11 +375,11 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1666014999,
|
"lastModified": 1667318659,
|
||||||
"narHash": "sha256-gvKl8xlPJreezNG1NVTJv/HdGC69MSrM+IpCxS+eFvw=",
|
"narHash": "sha256-mRXqCdlnxPgm3Wk7mNAOanl7B3Q3U5scYTEiyYmNEOE=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1935dd8fdab8e022a9d958419663162fd840014c",
|
"rev": "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -379,11 +395,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1666016402,
|
"lastModified": 1666812839,
|
||||||
"narHash": "sha256-Cm/nrdUMXwXiFQforG1Mv8OA4o8yhuVx6E1eDFH4rew=",
|
"narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "688db42a1eb34853f050267ff65c975f664312f0",
|
"rev": "41f3518bc194389df22a3d198215eae75e6b5ab9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -394,11 +410,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1665987993,
|
"lastModified": 1667283320,
|
||||||
"narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=",
|
"narHash": "sha256-qHvB/6XBKVjjJJCUM+z6/t9HzUC7J55wdY3KJ/ZWSHo=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "0e6593630071440eb89cd97a52921497482b22c6",
|
"rev": "18934557eeba8fa2e575b0fd4ab95186e2e3bde3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -460,11 +476,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664550666,
|
"lastModified": 1667246446,
|
||||||
"narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
|
"narHash": "sha256-LTnDoH6B8cez7RAc7K/DJqFrnZr75OMtVsNqtIHIPBU=",
|
||||||
"owner": "berberman",
|
"owner": "berberman",
|
||||||
"repo": "nvfetcher",
|
"repo": "nvfetcher",
|
||||||
"rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
|
"rev": "d5d1289327f26e870991656b2c5598ce62693311",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -473,6 +489,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"pub-solar": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1654372286,
|
||||||
|
"narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
|
||||||
|
"owner": "pub-solar",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "pub-solar",
|
||||||
|
"ref": "fix/use-latest-unstable-yubikey-agent",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -481,12 +513,14 @@
|
||||||
"digga": "digga",
|
"digga": "digga",
|
||||||
"home": "home",
|
"home": "home",
|
||||||
"latest": "latest_2",
|
"latest": "latest_2",
|
||||||
|
"master": "master",
|
||||||
"naersk": "naersk",
|
"naersk": "naersk",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"nvfetcher": "nvfetcher"
|
"nvfetcher": "nvfetcher",
|
||||||
|
"pub-solar": "pub-solar"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
|
|
22
flake.nix
22
flake.nix
|
@ -10,6 +10,8 @@
|
||||||
# Track channels with commits tested and built by hydra
|
# Track channels with commits tested and built by hydra
|
||||||
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
|
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||||
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
master.url = "github:nixos/nixpkgs/master";
|
||||||
|
pub-solar.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
|
||||||
|
|
||||||
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
|
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
|
||||||
digga.inputs.nixpkgs.follows = "nixos";
|
digga.inputs.nixpkgs.follows = "nixos";
|
||||||
|
@ -57,7 +59,7 @@
|
||||||
inherit self inputs;
|
inherit self inputs;
|
||||||
|
|
||||||
channelsConfig = {
|
channelsConfig = {
|
||||||
# allowUnfree = true;
|
allowUnfree = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
|
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
|
@ -68,6 +70,7 @@
|
||||||
overlays = [ ];
|
overlays = [ ];
|
||||||
};
|
};
|
||||||
latest = { };
|
latest = { };
|
||||||
|
master = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
lib = import ./lib { lib = digga.lib // nixos.lib; };
|
lib = import ./lib { lib = digga.lib // nixos.lib; };
|
||||||
|
@ -125,6 +128,13 @@
|
||||||
iso = base ++ [ base-user graphical pub-solar-iso ];
|
iso = base ++ [ base-user graphical pub-solar-iso ];
|
||||||
pubsolaros = [ full-install base-user users.root ];
|
pubsolaros = [ full-install base-user users.root ];
|
||||||
anonymous = [ pubsolaros users.pub-solar ];
|
anonymous = [ pubsolaros users.pub-solar ];
|
||||||
|
|
||||||
|
b12f = pubsolaros ++ [ users.ben social gaming mobile ];
|
||||||
|
biolimo = b12f ++ [ graphical ];
|
||||||
|
chocolatebar = b12f ++ [ graphical virtualisation ];
|
||||||
|
|
||||||
|
yule = pubsolaros ++ [ users.yule ];
|
||||||
|
droppie = yule ++ [ ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -135,11 +145,13 @@
|
||||||
importables = rec {
|
importables = rec {
|
||||||
profiles = digga.lib.rakeLeaves ./users/profiles;
|
profiles = digga.lib.rakeLeaves ./users/profiles;
|
||||||
suites = with profiles; rec {
|
suites = with profiles; rec {
|
||||||
base = [ direnv git ];
|
base = [ direnv ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
pub-solar = { suites, ... }: { imports = suites.base; };
|
pub-solar = { suites, ... }: { imports = suites.base; };
|
||||||
|
ben = { suites, ... }: { imports = suites.base; };
|
||||||
|
yule = { suites, ... }: { imports = suites.base; };
|
||||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -147,6 +159,10 @@
|
||||||
|
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||||
|
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||||
|
droppie = {
|
||||||
|
sshUser = "yule";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
6
hosts/biolimo/.config/sway/config.d/autostart.conf
Normal file
6
hosts/biolimo/.config/sway/config.d/autostart.conf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# Autostart applications
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# exec swayidle
|
||||||
|
|
||||||
|
exec keepassxc
|
19
hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
Normal file
19
hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Touchpad controls
|
||||||
|
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
|
||||||
|
|
||||||
|
# Screen brightness controls
|
||||||
|
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
|
||||||
|
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Keyboard backlight brightness controls
|
||||||
|
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Pulse Audio controls
|
||||||
|
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
|
||||||
|
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
|
||||||
|
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
|
||||||
|
# Media player controls
|
||||||
|
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
|
||||||
|
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
|
||||||
|
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
|
9
hosts/biolimo/.config/sway/config.d/input-defaults.conf
Normal file
9
hosts/biolimo/.config/sway/config.d/input-defaults.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
input "1739:0:Synaptics_TM3288-011" {
|
||||||
|
dwt enabled
|
||||||
|
tap enabled
|
||||||
|
middle_emulation enabled
|
||||||
|
}
|
||||||
|
input * {
|
||||||
|
xkb_layout us(intl),de
|
||||||
|
xkb_options ctrl:nocaps
|
||||||
|
}
|
20
hosts/biolimo/.config/sway/config.d/screens.conf
Normal file
20
hosts/biolimo/.config/sway/config.d/screens.conf
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
set $internal eDP-1
|
||||||
|
set $middle "Hewlett Packard HP E231 3CQ4290S5J"
|
||||||
|
set $standup "Hewlett Packard HP E231 3CQ4251F33"
|
||||||
|
|
||||||
|
output $internal {
|
||||||
|
scale 1
|
||||||
|
pos 1080 1080
|
||||||
|
}
|
||||||
|
|
||||||
|
output $middle {
|
||||||
|
scale 1
|
||||||
|
|
||||||
|
pos 1080 0
|
||||||
|
}
|
||||||
|
|
||||||
|
output $standup {
|
||||||
|
scale 1
|
||||||
|
transform 90
|
||||||
|
pos 0 0
|
||||||
|
}
|
36
hosts/biolimo/biolimo.nix
Normal file
36
hosts/biolimo/biolimo.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
pub-solar.paranoia.enable = true;
|
||||||
|
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||||
|
pub-solar.core.hibernation.resumeOffset = 15296512;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 5000 ];
|
||||||
|
|
||||||
|
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
|
||||||
|
|
||||||
|
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||||
|
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||||
|
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = [
|
||||||
|
inkscape
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
26
hosts/biolimo/configuration.nix
Normal file
26
hosts/biolimo/configuration.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/biolimo/default.nix
Normal file
6
hosts/biolimo/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./biolimo.nix
|
||||||
|
] ++ suites.biolimo;
|
||||||
|
}
|
38
hosts/biolimo/hardware-configuration.nix
Normal file
38
hosts/biolimo/hardware-configuration.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/3B67-0CAB";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 18 * 1024; # 18 GB
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
# high-resolution display
|
||||||
|
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||||
|
}
|
6
hosts/chocolatebar/.config/sway/config.d/autostart.conf
Normal file
6
hosts/chocolatebar/.config/sway/config.d/autostart.conf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# Autostart applications
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# exec swayidle
|
||||||
|
|
||||||
|
exec keepassxc
|
|
@ -0,0 +1,19 @@
|
||||||
|
# Touchpad controls
|
||||||
|
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
|
||||||
|
|
||||||
|
# Screen brightness controls
|
||||||
|
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
|
||||||
|
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Keyboard backlight brightness controls
|
||||||
|
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Pulse Audio controls
|
||||||
|
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
|
||||||
|
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
|
||||||
|
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
|
||||||
|
# Media player controls
|
||||||
|
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
|
||||||
|
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
|
||||||
|
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
|
|
@ -0,0 +1,4 @@
|
||||||
|
input * {
|
||||||
|
xkb_layout us(intl),de
|
||||||
|
xkb_options ctrl:nocaps
|
||||||
|
}
|
18
hosts/chocolatebar/.config/sway/config.d/screens.conf
Normal file
18
hosts/chocolatebar/.config/sway/config.d/screens.conf
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
set $left DP-3
|
||||||
|
set $middle DP-1
|
||||||
|
set $right HDMI-A-1
|
||||||
|
|
||||||
|
output $left {
|
||||||
|
scale 1
|
||||||
|
pos 0 0
|
||||||
|
}
|
||||||
|
|
||||||
|
output $middle {
|
||||||
|
scale 1
|
||||||
|
pos 1920 0
|
||||||
|
}
|
||||||
|
|
||||||
|
output $right {
|
||||||
|
scale 1
|
||||||
|
pos 3840 0
|
||||||
|
}
|
64
hosts/chocolatebar/chocolatebar.nix
Normal file
64
hosts/chocolatebar/chocolatebar.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./virtualisation
|
||||||
|
./factorio
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
|
hardware.opengl.extraPackages = with pkgs; [
|
||||||
|
rocm-opencl-icd
|
||||||
|
rocm-opencl-runtime
|
||||||
|
];
|
||||||
|
|
||||||
|
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||||
|
pub-solar.core.hibernation.resumeOffset = 115075072;
|
||||||
|
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 443 ] ++ (if psCfg.sway.vnc.enable then [ 5901 ] else [ ]);
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wayvnc
|
||||||
|
drone-docker-runner
|
||||||
|
stdenv.cc.cc.lib
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets."vnc-key.pem" = {
|
||||||
|
file = "${self}/secrets/vnc-key-chocolatebar.pem";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
age.secrets."vnc-cert.pem" = {
|
||||||
|
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
pub-solar.sway.vnc.enable = true;
|
||||||
|
pub-solar.ci-runner.enable = true;
|
||||||
|
|
||||||
|
home-manager.users."${psCfg.user.name}" = {
|
||||||
|
xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||||
|
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.sessionVariables = {
|
||||||
|
NIX_CC = "${pkgs.stdenv.cc}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# For OpenProject development with https
|
||||||
|
security.pki.certificates = [
|
||||||
|
(builtins.readFile ./step-roots.pem)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
25
hosts/chocolatebar/configuration.nix
Normal file
25
hosts/chocolatebar/configuration.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
}
|
6
hosts/chocolatebar/default.nix
Normal file
6
hosts/chocolatebar/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./chocolatebar.nix
|
||||||
|
] ++ suites.chocolatebar;
|
||||||
|
}
|
38
hosts/chocolatebar/factorio/default.nix
Normal file
38
hosts/chocolatebar/factorio/default.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
|
||||||
|
far-reach = pkgs.stdenv.mkDerivation rec {
|
||||||
|
pname = "factorio-far-reach";
|
||||||
|
version = "1.1.2";
|
||||||
|
src = ./far-reach_1.1.2.zip;
|
||||||
|
phases = [ "installPhase" ];
|
||||||
|
deps = [ ];
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp $src far-reach_1.1.2.zip
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
services.factorio = {
|
||||||
|
enable = true;
|
||||||
|
port = 34197; # The default, but make it explicit
|
||||||
|
lan = true;
|
||||||
|
admins = [
|
||||||
|
"doubtwriter"
|
||||||
|
"kattykat"
|
||||||
|
];
|
||||||
|
openFirewall = true;
|
||||||
|
autosave-interval = 3;
|
||||||
|
game-name = "Babes plays v2";
|
||||||
|
requireUserVerification = false;
|
||||||
|
mods = [
|
||||||
|
far-reach
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
hosts/chocolatebar/factorio/far-reach_1.1.2.zip
Normal file
BIN
hosts/chocolatebar/factorio/far-reach_1.1.2.zip
Normal file
Binary file not shown.
38
hosts/chocolatebar/hardware-configuration.nix
Normal file
38
hosts/chocolatebar/hardware-configuration.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbcore" "usbhid" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/a3a74208-b244-4268-b374-e58265810fce";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/afcde41f-9811-4ac8-bb7b-a683844acc5c";
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/12FD-62A8";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 68 * 1024; # 68 GB
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
13
hosts/chocolatebar/step-roots.pem
Normal file
13
hosts/chocolatebar/step-roots.pem
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB6DCCAY2gAwIBAgIQD4Q4blCl/ZrTIRU2QpqEOTAKBggqhkjOPQQDAjBSMSMw
|
||||||
|
IQYDVQQKExpPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQTErMCkGA1UEAxMiT3Bl
|
||||||
|
blByb2plY3QgRGV2ZWxvcG1lbnQgQ0EgUm9vdCBDQTAeFw0yMjEwMTgxMTE1NDBa
|
||||||
|
Fw0zMjEwMTUxMTE1NDBaMFIxIzAhBgNVBAoTGk9wZW5Qcm9qZWN0IERldmVsb3Bt
|
||||||
|
ZW50IENBMSswKQYDVQQDEyJPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQSBSb290
|
||||||
|
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu4rN0lOtgxoC83UKONMy2Ns7
|
||||||
|
tI0/u6qPp/Cw92xhaTdh/X9ZWKqIhp2VGj2HUJOOfQXrFew7jbLGOvvoXib0Y6NF
|
||||||
|
MEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
|
||||||
|
FPjV1zK2GZu8x4uR0QDotk5kNinEMAoGCCqGSM49BAMCA0kAMEYCIQDS2OpCnHM7
|
||||||
|
RV7fFHT3KsG3q4lA3dJUKGighQaQ2qOwNwIhAOMmWGWd3EaD87q4RROyVt3h7vIN
|
||||||
|
nMJRu7L9il84hFF2
|
||||||
|
-----END CERTIFICATE-----
|
97
hosts/chocolatebar/virtualisation/create-service.nix
Normal file
97
hosts/chocolatebar/virtualisation/create-service.nix
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
{ config, pkgs, lib, vm, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
|
||||||
|
generateXML = import ./guest-xml.nix;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
||||||
|
Restart = "no";
|
||||||
|
};
|
||||||
|
|
||||||
|
script =
|
||||||
|
let
|
||||||
|
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
|
||||||
|
machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
|
||||||
|
in
|
||||||
|
''
|
||||||
|
echo "Checking if ${vm.name} is already running"
|
||||||
|
STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
|
||||||
|
if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
|
||||||
|
echo "Domain ${vm.name} is already running or in an inconsistent state:"
|
||||||
|
${pkgs.libvirt}/bin/virsh list --all
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Creating network XML"
|
||||||
|
NET_TMP_FILE="/tmp/network.xml"
|
||||||
|
|
||||||
|
NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
|
||||||
|
(sed "s/UUID/$NETUUID/" '${networkXML}') > "$NET_TMP_FILE"
|
||||||
|
|
||||||
|
echo "Defining and starting network"
|
||||||
|
${pkgs.libvirt}/bin/virsh net-define "$NET_TMP_FILE"
|
||||||
|
${pkgs.libvirt}/bin/virsh net-start 'default' || true
|
||||||
|
|
||||||
|
VARS_FILE=${varsFile}
|
||||||
|
if [ ! -f "$VARS_FILE" ]; then
|
||||||
|
echo "Copying vars filej"
|
||||||
|
cp /run/libvirt/nix-ovmf/OVMF_VARS.fd "$VARS_FILE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Replacing USB device IDs in the XML"
|
||||||
|
# Load the template contents into a tmp file
|
||||||
|
TMP_FILE="/tmp/${vm.name}.xml"
|
||||||
|
cat "${machineXML}" > "$TMP_FILE"
|
||||||
|
|
||||||
|
# Set VM UUID
|
||||||
|
UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
|
||||||
|
sed -i "s/UUID/''${UUID}/" "$TMP_FILE"
|
||||||
|
|
||||||
|
${if vm.handOverUSBDevices then ''
|
||||||
|
# Hand over mouse
|
||||||
|
USB_BUS=5
|
||||||
|
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 005' | cut -b 18)
|
||||||
|
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
|
||||||
|
sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" "$TMP_FILE"
|
||||||
|
|
||||||
|
# Hand over keyboard
|
||||||
|
USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
|
||||||
|
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
|
||||||
|
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
|
||||||
|
sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" "$TMP_FILE"
|
||||||
|
'' else ""}
|
||||||
|
|
||||||
|
# TODO: Set correct pci address for the GPU too
|
||||||
|
|
||||||
|
# Setup looking glass shm file
|
||||||
|
echo "Setting up looking glass shm file"
|
||||||
|
${pkgs.coreutils-full}/bin/truncate -s 0 /dev/shm/looking-glass
|
||||||
|
${pkgs.coreutils-full}/bin/dd if=/dev/zero of=/dev/shm/looking-glass bs=1M count=32
|
||||||
|
|
||||||
|
# Load and start the xml definition
|
||||||
|
echo "Loading and starting the VM XML definition"
|
||||||
|
${pkgs.libvirt}/bin/virsh define "$TMP_FILE"
|
||||||
|
${pkgs.libvirt}/bin/virsh start '${vm.name}'
|
||||||
|
'';
|
||||||
|
|
||||||
|
preStop =
|
||||||
|
''
|
||||||
|
${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
|
||||||
|
let "timeout = $(date +%s) + 10"
|
||||||
|
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
|
||||||
|
if [ "$(date +%s)" -ge "$timeout" ]; then
|
||||||
|
# Meh, we warned it...
|
||||||
|
${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
|
||||||
|
else
|
||||||
|
# The machine is still running, let's give it some time to shut down
|
||||||
|
sleep 0.5
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
|
||||||
|
'';
|
||||||
|
}
|
78
hosts/chocolatebar/virtualisation/default.nix
Normal file
78
hosts/chocolatebar/virtualisation/default.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
createService = import ./create-service.nix;
|
||||||
|
generateXML = import ./guest-xml.nix;
|
||||||
|
generateTailsXML = import ./tails-xml.nix;
|
||||||
|
|
||||||
|
isolateGPU = "rx550x";
|
||||||
|
memory = 48; # in GB
|
||||||
|
handOverUSBDevices = true;
|
||||||
|
|
||||||
|
isolateAnyGPU = isolateGPU != null;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf psCfg.virtualisation.enable {
|
||||||
|
boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
|
||||||
|
"softdep amdgpu pre: vfio vfio_pci"
|
||||||
|
(if isolateGPU == "rx5700xt"
|
||||||
|
then "options vfio-pci ids=1002:731f,1002:ab38"
|
||||||
|
else "options vfio-pci ids=1002:699f,1002:aae0"
|
||||||
|
)
|
||||||
|
]);
|
||||||
|
|
||||||
|
systemd.user.services = {
|
||||||
|
vm-windows = createService {
|
||||||
|
inherit config;
|
||||||
|
inherit pkgs;
|
||||||
|
inherit lib;
|
||||||
|
vm = {
|
||||||
|
name = "windows";
|
||||||
|
disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
|
||||||
|
id = "http://microsoft.com/win/10";
|
||||||
|
gpu = true;
|
||||||
|
mountHome = false;
|
||||||
|
memory = memory;
|
||||||
|
isolateGPU = isolateGPU;
|
||||||
|
handOverUSBDevices = handOverUSBDevices;
|
||||||
|
generateXML = generateXML;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
vm-manjaro = createService {
|
||||||
|
inherit config;
|
||||||
|
inherit pkgs;
|
||||||
|
inherit lib;
|
||||||
|
vm = {
|
||||||
|
name = "manjaro";
|
||||||
|
disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
|
||||||
|
id = "https://manjaro.org/download/#i3";
|
||||||
|
gpu = true;
|
||||||
|
mountHome = true;
|
||||||
|
memory = memory;
|
||||||
|
isolateGPU = isolateGPU;
|
||||||
|
handOverUSBDevices = handOverUSBDevices;
|
||||||
|
generateXML = generateXML;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
vm-tails = createService {
|
||||||
|
inherit config;
|
||||||
|
inherit pkgs;
|
||||||
|
inherit lib;
|
||||||
|
vm = {
|
||||||
|
name = "tails";
|
||||||
|
disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
|
||||||
|
# disk = "/var/lib/vms/nixos/nixos-minimal.iso";
|
||||||
|
id = "https://tails.boum.org/install/index.en.html";
|
||||||
|
gpu = false;
|
||||||
|
mountHome = false;
|
||||||
|
memory = 16;
|
||||||
|
isolateGPU = isolateGPU;
|
||||||
|
handOverUSBDevices = false;
|
||||||
|
generateXML = generateTailsXML;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
246
hosts/chocolatebar/virtualisation/guest-xml.nix
Normal file
246
hosts/chocolatebar/virtualisation/guest-xml.nix
Normal file
|
@ -0,0 +1,246 @@
|
||||||
|
{ config, pkgs, lib, vm, varsFile, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
home = config.home-manager.users."${psCfg.user.name}".home;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
|
||||||
|
<name>${vm.name}</name>
|
||||||
|
<uuid>UUID</uuid>
|
||||||
|
<metadata>
|
||||||
|
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
||||||
|
<libosinfo:os id="${vm.id}"/>
|
||||||
|
</libosinfo:libosinfo>
|
||||||
|
</metadata>
|
||||||
|
<memory unit='GB'>${toString vm.memory}</memory>
|
||||||
|
<currentMemory unit='GB'>${toString vm.memory}</currentMemory>
|
||||||
|
<vcpu placement='static'>12</vcpu>
|
||||||
|
<cputune>
|
||||||
|
<vcpupin vcpu='0' cpuset='6'/>
|
||||||
|
<vcpupin vcpu='1' cpuset='7'/>
|
||||||
|
<vcpupin vcpu='2' cpuset='8'/>
|
||||||
|
<vcpupin vcpu='3' cpuset='9'/>
|
||||||
|
<vcpupin vcpu='4' cpuset='10'/>
|
||||||
|
<vcpupin vcpu='5' cpuset='11'/>
|
||||||
|
<vcpupin vcpu='6' cpuset='18'/>
|
||||||
|
<vcpupin vcpu='7' cpuset='19'/>
|
||||||
|
<vcpupin vcpu='8' cpuset='20'/>
|
||||||
|
<vcpupin vcpu='9' cpuset='21'/>
|
||||||
|
<vcpupin vcpu='10' cpuset='22'/>
|
||||||
|
<vcpupin vcpu='11' cpuset='23'/>
|
||||||
|
</cputune>
|
||||||
|
<resource>
|
||||||
|
<partition>/machine</partition>
|
||||||
|
</resource>
|
||||||
|
<os>
|
||||||
|
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
|
||||||
|
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
|
||||||
|
<nvram>${varsFile}</nvram>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
</os>
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<hyperv>
|
||||||
|
<relaxed state='on'/>
|
||||||
|
<vapic state='on'/>
|
||||||
|
<spinlocks state='on' retries='8191'/>
|
||||||
|
<vendor_id state='on' value='wahtever'/>
|
||||||
|
</hyperv>
|
||||||
|
<kvm>
|
||||||
|
<hidden state='on'/>
|
||||||
|
</kvm>
|
||||||
|
<vmport state='off'/>
|
||||||
|
</features>
|
||||||
|
<cpu mode='custom' match='exact' check='full'>
|
||||||
|
<model fallback='forbid'>EPYC-IBPB</model>
|
||||||
|
<vendor>AMD</vendor>
|
||||||
|
<topology sockets='1' dies='1' cores='6' threads='2'/>
|
||||||
|
<feature policy='require' name='x2apic'/>
|
||||||
|
<feature policy='require' name='tsc-deadline'/>
|
||||||
|
<feature policy='require' name='hypervisor'/>
|
||||||
|
<feature policy='require' name='tsc_adjust'/>
|
||||||
|
<feature policy='require' name='clwb'/>
|
||||||
|
<feature policy='require' name='umip'/>
|
||||||
|
<feature policy='require' name='stibp'/>
|
||||||
|
<feature policy='require' name='arch-capabilities'/>
|
||||||
|
<feature policy='require' name='ssbd'/>
|
||||||
|
<feature policy='require' name='xsaves'/>
|
||||||
|
<feature policy='require' name='cmp_legacy'/>
|
||||||
|
<feature policy='require' name='perfctr_core'/>
|
||||||
|
<feature policy='require' name='clzero'/>
|
||||||
|
<feature policy='require' name='wbnoinvd'/>
|
||||||
|
<feature policy='require' name='amd-ssbd'/>
|
||||||
|
<feature policy='require' name='virt-ssbd'/>
|
||||||
|
<feature policy='require' name='rdctl-no'/>
|
||||||
|
<feature policy='require' name='skip-l1dfl-vmentry'/>
|
||||||
|
<feature policy='require' name='mds-no'/>
|
||||||
|
<feature policy='require' name='pschange-mc-no'/>
|
||||||
|
<feature policy='disable' name='monitor'/>
|
||||||
|
<feature policy='disable' name='svm'/>
|
||||||
|
<feature policy='require' name='topoext'/>
|
||||||
|
</cpu>
|
||||||
|
<clock offset='utc'>
|
||||||
|
<timer name='rtc' tickpolicy='catchup'/>
|
||||||
|
<timer name='pit' tickpolicy='delay'/>
|
||||||
|
<timer name='hpet' present='no'/>
|
||||||
|
</clock>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<pm>
|
||||||
|
<suspend-to-mem enabled='no'/>
|
||||||
|
<suspend-to-disk enabled='no'/>
|
||||||
|
</pm>
|
||||||
|
<devices>
|
||||||
|
<emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
|
||||||
|
<disk type='block' device='disk'>
|
||||||
|
<driver name='qemu' type='raw' cache='none' discard='unmap' />
|
||||||
|
<source dev='${vm.disk}'/>
|
||||||
|
<backingStore/>
|
||||||
|
<target dev='vdb' bus='virtio'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
|
||||||
|
</disk>
|
||||||
|
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='sata' index='0'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='0' model='pcie-root'/>
|
||||||
|
<controller type='pci' index='1' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='1' port='0x10'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='2' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='2' port='0x11'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='3' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='3' port='0x12'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='4' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='4' port='0x13'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='5' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='5' port='0x14'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='6' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='6' port='0x15'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='7' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='7' port='0x16'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='8' model='pcie-to-pci-bridge'>
|
||||||
|
<model name='pcie-pci-bridge'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='pci' index='9' model='pcie-root-port'>
|
||||||
|
<model name='pcie-root-port'/>
|
||||||
|
<target chassis='9' port='0x17'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
|
||||||
|
</controller>
|
||||||
|
<controller type='virtio-serial' index='0'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
|
||||||
|
</controller>
|
||||||
|
${if vm.mountHome then ''
|
||||||
|
<filesystem type='mount' accessmode='mapped'>
|
||||||
|
<source dir='/home/${psCfg.user.name}'/>
|
||||||
|
<target dir='/media/home'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
|
||||||
|
</filesystem>
|
||||||
|
'' else ""}
|
||||||
|
<interface type='network'>
|
||||||
|
<mac address='52:54:00:44:cd:ac'/>
|
||||||
|
<source network='default'/>
|
||||||
|
<model type='virtio'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
|
||||||
|
</interface>
|
||||||
|
<console type='pty'>
|
||||||
|
<target type='serial' port='0'/>
|
||||||
|
</console>
|
||||||
|
<input type='tablet' bus='usb'>
|
||||||
|
<address type='usb' bus='0' port='1'/>
|
||||||
|
</input>
|
||||||
|
<input type='mouse' bus='virtio'/>
|
||||||
|
<input type='keyboard' bus='virtio'/>
|
||||||
|
<graphics type='spice' autoport='yes' listen='127.0.0.1'>
|
||||||
|
<listen type='address' address='127.0.0.1'/>
|
||||||
|
<image compression='off'/>
|
||||||
|
</graphics>
|
||||||
|
<video>
|
||||||
|
<model type='cirrus' vram='16384' heads='1' primary='yes'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
|
||||||
|
</video>
|
||||||
|
${if vm.handOverUSBDevices then ''
|
||||||
|
<hostdev mode='subsystem' type='usb' managed='yes'>
|
||||||
|
<source>
|
||||||
|
<vendor id='0x046d'/>
|
||||||
|
<product id='0xc328'/>
|
||||||
|
<address bus='1' device='1'/>
|
||||||
|
</source>
|
||||||
|
<address type='usb' bus='0' port='4'/>
|
||||||
|
</hostdev>
|
||||||
|
<hostdev mode='subsystem' type='usb' managed='yes'>
|
||||||
|
<source>
|
||||||
|
<vendor id='0x046d'/>
|
||||||
|
<product id='0xc52b'/>
|
||||||
|
<address bus='1' device='1'/>
|
||||||
|
</source>
|
||||||
|
<address type='usb' bus='0' port='5'/>
|
||||||
|
</hostdev>
|
||||||
|
'' else ""}
|
||||||
|
${if vm.gpu && vm.isolateGPU != null then ''
|
||||||
|
<hostdev mode='subsystem' type='pci' managed='yes'>
|
||||||
|
<driver name='vfio'/>
|
||||||
|
<source>
|
||||||
|
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
|
||||||
|
</source>
|
||||||
|
<rom bar='on' file='/etc/nixos/hosts/chocolatebar/virtualisation/${vm.isolateGPU}.rom'/>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
|
||||||
|
</hostdev>
|
||||||
|
<hostdev mode='subsystem' type='pci' managed='yes'>
|
||||||
|
<driver name='vfio'/>
|
||||||
|
<source>
|
||||||
|
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
|
||||||
|
</source>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
|
||||||
|
</hostdev>
|
||||||
|
'' else ""}
|
||||||
|
<redirdev bus='usb' type='spicevmc'>
|
||||||
|
<address type='usb' bus='0' port='2'/>
|
||||||
|
</redirdev>
|
||||||
|
<redirdev bus='usb' type='spicevmc'>
|
||||||
|
<address type='usb' bus='0' port='3'/>
|
||||||
|
</redirdev>
|
||||||
|
<memballoon model='virtio'>
|
||||||
|
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
|
||||||
|
</memballoon>
|
||||||
|
<shmem name='looking-glass'>
|
||||||
|
<model type='ivshmem-plain'/>
|
||||||
|
<size unit='M'>32</size>
|
||||||
|
</shmem>
|
||||||
|
</devices>
|
||||||
|
<qemu:commandline>
|
||||||
|
<qemu:arg value='-device'/>
|
||||||
|
<qemu:arg value='ich9-intel-hda,bus=pcie.0,addr=0x1b'/>
|
||||||
|
<qemu:arg value='-device'/>
|
||||||
|
<qemu:arg value='hda-micro,audiodev=hda'/>
|
||||||
|
<qemu:arg value='-audiodev'/>
|
||||||
|
<qemu:arg value='pa,id=hda,server=unix:/run/user/1001/pulse/native'/>
|
||||||
|
</qemu:commandline>
|
||||||
|
</domain>
|
||||||
|
''
|
19
hosts/chocolatebar/virtualisation/network-xml.nix
Normal file
19
hosts/chocolatebar/virtualisation/network-xml.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
''
|
||||||
|
<network>
|
||||||
|
<name>default</name>
|
||||||
|
<uuid>UUID</uuid>
|
||||||
|
<forward mode='nat'>
|
||||||
|
<nat>
|
||||||
|
<port start='1024' end='65535'/>
|
||||||
|
</nat>
|
||||||
|
</forward>
|
||||||
|
<bridge name='virbr0' stp='on' delay='0'/>
|
||||||
|
<mac address='52:54:00:bd:a0:73'/>
|
||||||
|
<ip address='192.168.122.1' netmask='255.255.255.0'>
|
||||||
|
<dhcp>
|
||||||
|
<range start='192.168.122.2' end='192.168.122.254'/>
|
||||||
|
</dhcp>
|
||||||
|
</ip>
|
||||||
|
</network>
|
||||||
|
''
|
BIN
hosts/chocolatebar/virtualisation/rx550x.rom
Normal file
BIN
hosts/chocolatebar/virtualisation/rx550x.rom
Normal file
Binary file not shown.
BIN
hosts/chocolatebar/virtualisation/rx5700xt.rom
Normal file
BIN
hosts/chocolatebar/virtualisation/rx5700xt.rom
Normal file
Binary file not shown.
183
hosts/chocolatebar/virtualisation/tails-xml.nix
Normal file
183
hosts/chocolatebar/virtualisation/tails-xml.nix
Normal file
|
@ -0,0 +1,183 @@
|
||||||
|
{ config, pkgs, lib, vm, varsFile, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
home = config.home-manager.users."${psCfg.user.name}".home;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
|
||||||
|
<name>${vm.name}</name>
|
||||||
|
<uuid>UUID</uuid>
|
||||||
|
<metadata>
|
||||||
|
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
||||||
|
<libosinfo:os id="${vm.id}"/>
|
||||||
|
</libosinfo:libosinfo>
|
||||||
|
</metadata>
|
||||||
|
<memory unit='GB'>${toString vm.memory}</memory>
|
||||||
|
<currentMemory unit='GB'>${toString vm.memory}</currentMemory>
|
||||||
|
<vcpu placement="static">8</vcpu>
|
||||||
|
<os>
|
||||||
|
<type arch="x86_64" machine="pc-q35-7.0">hvm</type>
|
||||||
|
<boot dev="cdrom"/>
|
||||||
|
</os>
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<vmport state="off"/>
|
||||||
|
</features>
|
||||||
|
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||||
|
<clock offset="utc">
|
||||||
|
<timer name="rtc" tickpolicy="catchup"/>
|
||||||
|
<timer name="pit" tickpolicy="delay"/>
|
||||||
|
<timer name="hpet" present="no"/>
|
||||||
|
</clock>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<pm>
|
||||||
|
<suspend-to-mem enabled="no"/>
|
||||||
|
<suspend-to-disk enabled="no"/>
|
||||||
|
</pm>
|
||||||
|
<devices>
|
||||||
|
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
|
||||||
|
<disk type="file" device="cdrom">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="${vm.disk}"/>
|
||||||
|
<target dev="sda" bus="sata"/>
|
||||||
|
<readonly/>
|
||||||
|
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
|
||||||
|
</disk>
|
||||||
|
<controller type="usb" index="0" model="qemu-xhci" ports="15">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="0" model="pcie-root"/>
|
||||||
|
<controller type="pci" index="1" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="1" port="0x10"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="2" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="2" port="0x11"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="3" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="3" port="0x12"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="4" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="4" port="0x13"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="5" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="5" port="0x14"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="6" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="6" port="0x15"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="7" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="7" port="0x16"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="8" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="8" port="0x17"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="9" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="9" port="0x18"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="10" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="10" port="0x19"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="11" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="11" port="0x1a"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="12" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="12" port="0x1b"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="13" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="13" port="0x1c"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="14" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="14" port="0x1d"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="sata" index="0">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="virtio-serial" index="0">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
|
||||||
|
</controller>
|
||||||
|
<interface type="network">
|
||||||
|
<mac address="52:54:00:58:5e:36"/>
|
||||||
|
<source network="default"/>
|
||||||
|
<model type="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
|
||||||
|
</interface>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="0">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<console type="pty">
|
||||||
|
<target type="serial" port="0"/>
|
||||||
|
</console>
|
||||||
|
<channel type="unix">
|
||||||
|
<target type="virtio" name="org.qemu.guest_agent.0"/>
|
||||||
|
<address type="virtio-serial" controller="0" bus="0" port="1"/>
|
||||||
|
</channel>
|
||||||
|
<channel type="spicevmc">
|
||||||
|
<target type="virtio" name="com.redhat.spice.0"/>
|
||||||
|
<address type="virtio-serial" controller="0" bus="0" port="2"/>
|
||||||
|
</channel>
|
||||||
|
<input type="tablet" bus="usb">
|
||||||
|
<address type="usb" bus="0" port="1"/>
|
||||||
|
</input>
|
||||||
|
<input type="mouse" bus="ps2"/>
|
||||||
|
<input type="keyboard" bus="ps2"/>
|
||||||
|
<graphics type="spice" autoport="yes">
|
||||||
|
<listen type="address"/>
|
||||||
|
<image compression="off"/>
|
||||||
|
</graphics>
|
||||||
|
<sound model="ich9">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
|
||||||
|
</sound>
|
||||||
|
<audio id="1" type="spice"/>
|
||||||
|
<video>
|
||||||
|
<model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
|
||||||
|
</video>
|
||||||
|
<redirdev bus="usb" type="spicevmc">
|
||||||
|
<address type="usb" bus="0" port="2"/>
|
||||||
|
</redirdev>
|
||||||
|
<redirdev bus="usb" type="spicevmc">
|
||||||
|
<address type="usb" bus="0" port="3"/>
|
||||||
|
</redirdev>
|
||||||
|
<memballoon model="virtio">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
|
||||||
|
</memballoon>
|
||||||
|
<rng model="virtio">
|
||||||
|
<backend model="random">/dev/urandom</backend>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
|
||||||
|
</rng>
|
||||||
|
</devices>
|
||||||
|
</domain>''
|
29
hosts/droppie/configuration.nix
Normal file
29
hosts/droppie/configuration.nix
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/droppie/default.nix
Normal file
6
hosts/droppie/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./droppie.nix
|
||||||
|
] ++ suites.droppie;
|
||||||
|
}
|
66
hosts/droppie/droppie.nix
Normal file
66
hosts/droppie/droppie.nix
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
pub-solar.core.lite = true;
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = [ "${psCfg.user.name}" ];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = [ "NOPASSWD" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.openssh.knownHosts = {
|
||||||
|
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.ssh-tunnel-cloud-pub-solar = {
|
||||||
|
unitConfig = {
|
||||||
|
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
|
||||||
|
After = [ "network.target" ];
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
|
||||||
|
User = psCfg.user.name;
|
||||||
|
Group = "users";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "5s";
|
||||||
|
};
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = true;
|
||||||
|
ipv6 = true;
|
||||||
|
domains = [ "backup.b12f.io" ];
|
||||||
|
server = "ddns.hosting.de";
|
||||||
|
username = "b12f";
|
||||||
|
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
|
||||||
|
passwordFile = "/run/agenix/dyndns-droppie.key";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."dyndns-droppie.key" = {
|
||||||
|
file = "${self}/secrets/dyndns-droppie.key";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
54
hosts/droppie/hardware-configuration.nix
Normal file
54
hosts/droppie/hardware-configuration.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/1dca9d02-555c-4b23-9450-8f3413fa7694";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/A24C-F252";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/media/internal" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/2ef980f1-1f27-4d2a-9789-00f45e791fcc";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/0203b641-280f-4a3d-971d-fd32a666c852"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -5,7 +5,7 @@ pkgs: {
|
||||||
mopidy-soundcloud
|
mopidy-soundcloud
|
||||||
mopidy-youtube
|
mopidy-youtube
|
||||||
mopidy-local
|
mopidy-local
|
||||||
mopidy-jellyfin
|
# mopidy-jellyfin
|
||||||
];
|
];
|
||||||
|
|
||||||
configuration = ''
|
configuration = ''
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
with lib;
|
|
||||||
let
|
let
|
||||||
cfg = config.pub-solar.core;
|
cfg = config.pub-solar.core;
|
||||||
in
|
in
|
||||||
|
with lib;
|
||||||
{
|
{
|
||||||
options.pub-solar.core.iso-options.enable = mkOption {
|
options.pub-solar.core.iso-options.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
|
|
@ -12,6 +12,7 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
home.packages = [
|
home.packages = [
|
||||||
|
croc
|
||||||
drone-cli
|
drone-cli
|
||||||
nmap
|
nmap
|
||||||
pgcli
|
pgcli
|
||||||
|
@ -20,6 +21,7 @@ in
|
||||||
restic
|
restic
|
||||||
shellcheck
|
shellcheck
|
||||||
terraform_0_15
|
terraform_0_15
|
||||||
|
tea
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
19
modules/mobile/default.nix
Normal file
19
modules/mobile/default.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ lib, config, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
cfg = config.pub-solar.mobile;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.pub-solar.mobile = {
|
||||||
|
enable = mkEnableOption "Add android adb and tooling";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
programs.adb.enable = true;
|
||||||
|
|
||||||
|
users.users = with pkgs; lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
|
extraGroups = [ "adbusers" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
37
modules/paperless/default.nix
Normal file
37
modules/paperless/default.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ lib, config, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
cfg = config.pub-solar.paperless;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.pub-solar.paperless = {
|
||||||
|
enable = mkEnableOption "All you need to go paperless";
|
||||||
|
ocrLanguage = mkOption {
|
||||||
|
description = "OCR language";
|
||||||
|
type = types.str;
|
||||||
|
example = "eng+deu";
|
||||||
|
default = "eng";
|
||||||
|
};
|
||||||
|
consumptionDir = mkOption {
|
||||||
|
description = "Directory to be watched";
|
||||||
|
type = types.str;
|
||||||
|
example = "/var/lib/paperless/consume";
|
||||||
|
default = "/home/${psCfg.user.name}/Documents";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.paperless-ng = {
|
||||||
|
enable = true;
|
||||||
|
consumptionDir = cfg.consumptionDir;
|
||||||
|
extraConfig = {
|
||||||
|
PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.hplip
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -22,6 +22,10 @@ in
|
||||||
pub-solar.core.hibernation.enable = true;
|
pub-solar.core.hibernation.enable = true;
|
||||||
services.logind.lidSwitch = "hibernate";
|
services.logind.lidSwitch = "hibernate";
|
||||||
|
|
||||||
|
services.tor.settings = {
|
||||||
|
UseBridges = true;
|
||||||
|
};
|
||||||
|
|
||||||
# The options below are directly taken from or inspired by
|
# The options below are directly taken from or inspired by
|
||||||
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,7 @@ in
|
||||||
hardware.sane = {
|
hardware.sane = {
|
||||||
enable = true;
|
enable = true;
|
||||||
brscan4.enable = true;
|
brscan4.enable = true;
|
||||||
|
extraBackends = [ pkgs.hplipWithPlugin ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,3 +36,11 @@ bindsym $mod+Ctrl+r exec record-screen
|
||||||
# Launcher
|
# Launcher
|
||||||
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
|
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
|
||||||
bindsym $mod+Space exec $menu
|
bindsym $mod+Space exec $menu
|
||||||
|
|
||||||
|
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
|
||||||
|
bindsym $mod+Num_Lock mode "$mode_vncclient"
|
||||||
|
bindsym $mod+Shift+Escape mode "$mode_vncclient"
|
||||||
|
mode "$mode_vncclient" {
|
||||||
|
bindsym $mod+Num_Lock mode "default"
|
||||||
|
bindsym $mod+Shift+Escape mode "default"
|
||||||
|
}
|
||||||
|
|
8
modules/sway/config/wayvnc/config.nix
Normal file
8
modules/sway/config/wayvnc/config.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ psCfg, pkgs }: "
|
||||||
|
address=0.0.0.0
|
||||||
|
enable_auth=true
|
||||||
|
username=${psCfg.user.name}
|
||||||
|
password=testtest
|
||||||
|
private_key_file=/run/agenix/vnc-key.pem
|
||||||
|
certificate_file=/run/agenix/vnc-cert.pem
|
||||||
|
"
|
|
@ -13,6 +13,8 @@ in
|
||||||
description = "Choose sway's default terminal";
|
description = "Choose sway's default terminal";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
vnc.enable = mkEnableOption "Enable vnc service";
|
||||||
|
|
||||||
v4l2loopback.enable = mkOption {
|
v4l2loopback.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -93,6 +95,8 @@ in
|
||||||
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
|
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
|
||||||
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
|
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
|
||||||
|
|
||||||
|
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
|
||||||
|
|
||||||
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
|
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
|
||||||
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
|
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
|
||||||
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
||||||
|
@ -101,6 +105,7 @@ in
|
||||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
|
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
|
||||||
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
||||||
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
||||||
|
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
]);
|
]);
|
||||||
|
|
19
modules/sway/wayvnc.service.nix
Normal file
19
modules/sway/wayvnc.service.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
pkgs:
|
||||||
|
{
|
||||||
|
Unit = {
|
||||||
|
Description = "A VNC server for wlroots based Wayland compositors ";
|
||||||
|
Documentation = "https://github.com/any1/wayvnc";
|
||||||
|
BindsTo = [ "sway-session.target" ];
|
||||||
|
After = [ "graphical-session-pre.target" "network-online.target" ];
|
||||||
|
Wants = [ "graphical-session-pre.target" "network-online.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
Service = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
|
||||||
|
};
|
||||||
|
|
||||||
|
Install = {
|
||||||
|
WantedBy = [ "sway-session.target" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -56,6 +56,16 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
vim-mdx-js = pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "vim-mdx-js";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "jxnblk";
|
||||||
|
repo = "vim-mdx-js";
|
||||||
|
rev = "17179d7f2a73172af5f9a8d65b01a3acf12ddd50";
|
||||||
|
sha256 = "wfYCvw9JVGG8p8PQhRPT6CeGGf2OVz9SR2KQM0LjQhY=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
apprentice = pkgs.vimUtils.buildVimPlugin {
|
apprentice = pkgs.vimUtils.buildVimPlugin {
|
||||||
name = "vim-apprentice";
|
name = "vim-apprentice";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
|
@ -90,13 +100,13 @@ in
|
||||||
nodePackages.vue-language-server
|
nodePackages.vue-language-server
|
||||||
nodePackages.vscode-langservers-extracted
|
nodePackages.vscode-langservers-extracted
|
||||||
nodePackages.yaml-language-server
|
nodePackages.yaml-language-server
|
||||||
|
vscode-extensions.angular.ng-template
|
||||||
python39Packages.python-lsp-server
|
python39Packages.python-lsp-server
|
||||||
python3Full
|
python3Full
|
||||||
solargraph
|
solargraph
|
||||||
rnix-lsp
|
rnix-lsp
|
||||||
rust-analyzer
|
rust-analyzer
|
||||||
terraform-ls
|
terraform-ls
|
||||||
universal-ctags
|
|
||||||
];
|
];
|
||||||
|
|
||||||
plugins = with pkgs.vimPlugins; [
|
plugins = with pkgs.vimPlugins; [
|
||||||
|
@ -117,7 +127,6 @@ in
|
||||||
quick-scope
|
quick-scope
|
||||||
suda-vim
|
suda-vim
|
||||||
syntastic
|
syntastic
|
||||||
vim-gutentags
|
|
||||||
vim-vinegar
|
vim-vinegar
|
||||||
workspace
|
workspace
|
||||||
|
|
||||||
|
@ -156,6 +165,7 @@ in
|
||||||
vim-toml
|
vim-toml
|
||||||
vim-vue
|
vim-vue
|
||||||
yats-vim
|
yats-vim
|
||||||
|
vim-mdx-js
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = builtins.concatStringsSep "\n" [
|
extraConfig = builtins.concatStringsSep "\n" [
|
||||||
|
|
|
@ -74,7 +74,8 @@ lua <<EOF
|
||||||
|
|
||||||
-- Add additional capabilities supported by nvim-cmp
|
-- Add additional capabilities supported by nvim-cmp
|
||||||
local capabilities = vim.lsp.protocol.make_client_capabilities()
|
local capabilities = vim.lsp.protocol.make_client_capabilities()
|
||||||
capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities)
|
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
|
||||||
|
capabilities.textDocument.completion.completionItem.snippetSupport = true
|
||||||
|
|
||||||
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
|
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
|
||||||
capabilities.textDocument.completion.completionItem.snippetSupport = true
|
capabilities.textDocument.completion.completionItem.snippetSupport = true
|
||||||
|
@ -173,6 +174,13 @@ lua <<EOF
|
||||||
end
|
end
|
||||||
end -- ‡
|
end -- ‡
|
||||||
|
|
||||||
|
-- configure floating diagnostics appearance, symbols
|
||||||
|
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
|
||||||
|
for type, icon in pairs(signs) do
|
||||||
|
local hl = "DiagnosticSign" .. type
|
||||||
|
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
|
||||||
|
end
|
||||||
|
|
||||||
-- Set completeopt to have a better completion experience
|
-- Set completeopt to have a better completion experience
|
||||||
vim.o.completeopt = 'menuone,noselect'
|
vim.o.completeopt = 'menuone,noselect'
|
||||||
|
|
||||||
|
|
|
@ -134,6 +134,5 @@ in
|
||||||
source ${pkgs.fzf}/share/fzf/completion.zsh
|
source ${pkgs.fzf}/share/fzf/completion.zsh
|
||||||
source ${pkgs.git-bug}/share/zsh/site-functions/git-bug
|
source ${pkgs.git-bug}/share/zsh/site-functions/git-bug
|
||||||
eval "$(direnv hook zsh)"
|
eval "$(direnv hook zsh)"
|
||||||
''
|
'';
|
||||||
+ builtins.readFile ./fzf.zsh;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,8 @@ channels: final: prev: {
|
||||||
|
|
||||||
inherit (channels.latest)
|
inherit (channels.latest)
|
||||||
cachix
|
cachix
|
||||||
|
docker
|
||||||
|
docker-compose
|
||||||
dhall
|
dhall
|
||||||
discord
|
discord
|
||||||
element-desktop
|
element-desktop
|
||||||
|
@ -19,6 +21,16 @@ channels: final: prev: {
|
||||||
tdesktop
|
tdesktop
|
||||||
arduino
|
arduino
|
||||||
arduino-cli
|
arduino-cli
|
||||||
|
steam
|
||||||
|
firefox
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (channels.pub-solar)
|
||||||
|
yubikey-agent
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (channels.master)
|
||||||
|
factorio-headless
|
||||||
;
|
;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,5 @@ with final; {
|
||||||
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
|
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
|
||||||
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
|
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
|
||||||
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
|
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
|
||||||
|
scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
|
||||||
# ps-fixes
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ self: with self; ''
|
||||||
--env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \
|
--env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \
|
||||||
--env=DRONE_RUNNER_CAPACITY=8 \
|
--env=DRONE_RUNNER_CAPACITY=8 \
|
||||||
--env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \
|
--env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \
|
||||||
--publish=3000:3000 \
|
--publish=30010:30010 \
|
||||||
--restart=always \
|
--restart=always \
|
||||||
--name=drone-runner \
|
--name=drone-runner \
|
||||||
drone/drone-runner-docker:1
|
drone/drone-runner-docker:1
|
||||||
|
|
3
pkgs/scan2paperless.nix
Normal file
3
pkgs/scan2paperless.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
self: with self; ''
|
||||||
|
export PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.sane-frontends pkgs.sane-backends pkgs.ghostscript pkgs.imagemagick ]}
|
||||||
|
''
|
|
@ -9,7 +9,7 @@ in
|
||||||
./session-variables.nix
|
./session-variables.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
home-manager.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
# Let Home Manager install and manage itself.
|
# Let Home Manager install and manage itself.
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
|
|
132
profiles/core/default.nix
Normal file
132
profiles/core/default.nix
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
{ self, config, lib, pkgs, inputs, ... }:
|
||||||
|
let inherit (lib) fileContents;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
|
||||||
|
imports = [ ../cachix ];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
pub-solar.terminal-life.enable = true;
|
||||||
|
pub-solar.audio.enable = true;
|
||||||
|
pub-solar.crypto.enable = true;
|
||||||
|
pub-solar.devops.enable = true;
|
||||||
|
|
||||||
|
# This is just a representation of the nix default
|
||||||
|
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
# Core unix utility packages
|
||||||
|
coreutils-full
|
||||||
|
progress
|
||||||
|
dnsutils
|
||||||
|
inetutils
|
||||||
|
mtr
|
||||||
|
pciutils
|
||||||
|
usbutils
|
||||||
|
gitFull
|
||||||
|
git-lfs
|
||||||
|
git-bug
|
||||||
|
wget
|
||||||
|
openssl
|
||||||
|
openssh
|
||||||
|
curl
|
||||||
|
htop
|
||||||
|
lsof
|
||||||
|
psmisc
|
||||||
|
xdg-utils
|
||||||
|
sysfsutils
|
||||||
|
renameutils
|
||||||
|
nfs-utils
|
||||||
|
moreutils
|
||||||
|
mailutils
|
||||||
|
keyutils
|
||||||
|
input-utils
|
||||||
|
elfutils
|
||||||
|
binutils
|
||||||
|
dateutils
|
||||||
|
diffutils
|
||||||
|
findutils
|
||||||
|
exfat
|
||||||
|
file
|
||||||
|
|
||||||
|
# zippit
|
||||||
|
zip
|
||||||
|
unzip
|
||||||
|
|
||||||
|
# Modern modern utilities
|
||||||
|
p7zip
|
||||||
|
croc
|
||||||
|
jq
|
||||||
|
|
||||||
|
# Nix specific utilities
|
||||||
|
niv
|
||||||
|
manix
|
||||||
|
nix-index
|
||||||
|
nix-tree
|
||||||
|
nixpkgs-review
|
||||||
|
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
|
||||||
|
#nixops
|
||||||
|
psos
|
||||||
|
nvd
|
||||||
|
|
||||||
|
# Fun
|
||||||
|
neofetch
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
fonts = with pkgs; [ powerline-fonts dejavu_fonts ];
|
||||||
|
|
||||||
|
fontconfig.defaultFonts = {
|
||||||
|
|
||||||
|
monospace = [ "DejaVu Sans Mono for Powerline" ];
|
||||||
|
|
||||||
|
sansSerif = [ "DejaVu Sans" ];
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
# use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram
|
||||||
|
package = inputs.nix-dram.packages.${pkgs.system}.nix-dram;
|
||||||
|
|
||||||
|
# Improve nix store disk usage
|
||||||
|
autoOptimiseStore = true;
|
||||||
|
gc.automatic = true;
|
||||||
|
optimise.automatic = true;
|
||||||
|
|
||||||
|
# Prevents impurities in builds
|
||||||
|
useSandbox = true;
|
||||||
|
|
||||||
|
# give root and @wheel special privileges with nix
|
||||||
|
trustedUsers = [ "root" "@wheel" ];
|
||||||
|
|
||||||
|
# Generally useful nix option defaults
|
||||||
|
extraOptions = ''
|
||||||
|
min-free = 536870912
|
||||||
|
keep-outputs = true
|
||||||
|
keep-derivations = true
|
||||||
|
fallback = true
|
||||||
|
# used by nix-dram
|
||||||
|
default-flake = flake:nixpkgs
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# For rage encryption, all hosts need a ssh key pair
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = lib.mkDefault true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Service that makes Out of Memory Killer more effective
|
||||||
|
services.earlyoom.enable = true;
|
||||||
|
|
||||||
|
# Use latest LTS linux kernel by default
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
||||||
|
|
||||||
|
boot.supportedFilesystems = [ "ntfs" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,7 +3,4 @@ let inherit (lib) fileContents;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
pub-solar.gaming.enable = true;
|
pub-solar.gaming.enable = true;
|
||||||
pub-solar.docker.enable = true;
|
}
|
||||||
pub-solar.docker.enable = true;
|
|
||||||
pub-solar.docker.enable = true;
|
|
||||||
};
|
|
||||||
|
|
8
profiles/iot/default.nix
Normal file
8
profiles/iot/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ self, config, lib, pkgs, ... }:
|
||||||
|
let inherit (lib) fileContents;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
pub-solar.graphical.enable = false;
|
||||||
|
pub-solar.x-os.localProxyService.enable = false;
|
||||||
|
pub-solar.sway.enable = false;
|
||||||
|
}
|
6
profiles/mobile/default.nix
Normal file
6
profiles/mobile/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ self, config, lib, pkgs, ... }:
|
||||||
|
let inherit (lib) fileContents;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
pub-solar.mobile.enable = true;
|
||||||
|
}
|
6
profiles/virtualisation/default.nix
Normal file
6
profiles/virtualisation/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ self, config, lib, pkgs, ... }:
|
||||||
|
let inherit (lib) fileContents;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
pub-solar.virtualisation.enable = true;
|
||||||
|
}
|
BIN
secrets/crypto_keyfile-chocolatebar.bin
Normal file
BIN
secrets/crypto_keyfile-chocolatebar.bin
Normal file
Binary file not shown.
BIN
secrets/drone-runner-exec-config
Normal file
BIN
secrets/drone-runner-exec-config
Normal file
Binary file not shown.
27
secrets/dyndns-droppie.key
Normal file
27
secrets/dyndns-droppie.key
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
|
||||||
|
3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
|
||||||
|
eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
|
||||||
|
jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
|
||||||
|
Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
|
||||||
|
enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
|
||||||
|
XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
|
||||||
|
fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
|
||||||
|
DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
|
||||||
|
8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
|
||||||
|
QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
|
||||||
|
-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
|
||||||
|
58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
|
||||||
|
-> ssh-rsa wVtlwQ
|
||||||
|
RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
|
||||||
|
J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
|
||||||
|
bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
|
||||||
|
EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
|
||||||
|
KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
|
||||||
|
SJDLmHOos2RKTmx06aidDg
|
||||||
|
-> Dz(k-grease ~FF p m)E{J3E
|
||||||
|
7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
|
||||||
|
MzOYiM+PIQmn
|
||||||
|
--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
|
||||||
|
l%Àu¯¯ÃE„\ÎüÔ?2\&ÚwG&@¡W£~9"úŠ^ÊƆý¼Á<>oån^šë<C5A1>㻳xšèOI‡¢uOíò‡21c*ãm¸%ô)ý#”جeõIÙ6îA/i
|
BIN
secrets/hdd_keyfile-chocolatebar.bin
Normal file
BIN
secrets/hdd_keyfile-chocolatebar.bin
Normal file
Binary file not shown.
BIN
secrets/keyfile-biolimo.bin
Normal file
BIN
secrets/keyfile-biolimo.bin
Normal file
Binary file not shown.
BIN
secrets/keyfile-chocolatebar.bin
Normal file
BIN
secrets/keyfile-chocolatebar.bin
Normal file
Binary file not shown.
44
secrets/mopidy.conf
Normal file
44
secrets/mopidy.conf
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
pgJUXnYT0UgB7h8dWOBCIO6OuXwpjmBuQpJBXnI2Zh5X2fiGQVyrrcrm8VSWLHOd
|
||||||
|
za9SME+PxcGXDGgwaGpCl8tOh93WRUC0RtNTBmoiyzrfkbQtm9gfnt51JpHscuTc
|
||||||
|
wzZ9cxMvtKSNGsCuK5oeX9ZxVgXH5QFomwvADXoy14HacgEOzLTPU6vrPrOonGAG
|
||||||
|
kDqYDzf87V2BfPttzONoScsVsFV26EQntxDx5/8Hja4ceOvgBwm2GczUzpgfIRCA
|
||||||
|
To+az2B1Y0h/BWMqzRAhobuN/UIQcZAKro4uf8SbpKqPQrON+k1tAE+lrMUFLx1A
|
||||||
|
2ZayulT/Partcm6L8Yb0JAn24eXFla52XQ6JyukSbtoqZxEQIcjbM34+KFKMftIA
|
||||||
|
M8taZIG2JWyFdHBPO4RAMyGbNpQN5hsDvJWGIJePj4bAxW7GX9JJiT7gg1iCKce3
|
||||||
|
SINdaBt4O3RJ49wTGqJtMSJSlfzLf7s4zHx5oaozAEt84h97A2Yt/8Lg1Wmc2Aji
|
||||||
|
Q4XG6w8OQ/Fk8E/EeSZ27udMHF94TfQ9mzbKdMJRclLDlKKlxeYA6gea4QYb6GLi
|
||||||
|
8tY6qnDpF9jwV7ehehM9KYhJcCLw7MYNwGI6oPmTagZCRhXDYULbmK5gfkspcrZ1
|
||||||
|
zZn5yOCwt+MA3U2NfpxNOMs0LvaGU7HOruzyD9DLp+4
|
||||||
|
-> ssh-ed25519 TnSWKQ SWZZJeUCYeSkYwIKmrsMa/MUkNK7xIn+213hy6X51Uk
|
||||||
|
FDzM+HzDh+5+9RI+gjTPKNT74DPSvxA+CKJpHXSMX5c
|
||||||
|
-> ssh-rsa 8daibg
|
||||||
|
XthUstyN7tDd/vAw3y6knQWNI1M2GEKGDzvmOXFMgwxUcBUNPZmPnZvTfmUXY81Z
|
||||||
|
iF13Lruwid0/4Pb9dcYyyifzoqnNb6SvnzczoUSpqQc6m+6BLX4kSTIN1Pulwt8A
|
||||||
|
kWrOekvKy9J7Z2QsW6QKfxB4xaAc+BA9kHOgWWpLTyx2GOm0ksLjUnsd3Zo/xXsc
|
||||||
|
JpjuSNcsUM9mCP00RjamX1SwrAc/tRnoOSOD6jmED5M0Xfb7bE2AORUQ3Em8B4iG
|
||||||
|
CgaTEXFppZN96+BHOumOP1wAbH7uI0EdQP/SvR+qelCH35C0pSWZ4AuyvT5kvoYL
|
||||||
|
CyK6GQ8rVnDrBaWQIj4TPhpB1xVxKd01AZX9ITdhPdTATJFwCcVxoWgCTtjNGaIc
|
||||||
|
4GldFh0+nXUUV9spzxFbAhiJwy+PHfNfuJ1gyYMrgLY4mQPhA6ntPeWqZOb20cYZ
|
||||||
|
ABl7eHN9AAQnibw6EufkgH/U9v81HlWjbLWedAHNPGAldDF5uNrY+FRiqXWT2Ivb
|
||||||
|
9CkU/pUFAAcZs7GwEHTVz2dWsuxthS/P/DhN1YshDmY17gTBEf+40SUATsD1wBV0
|
||||||
|
tdmbU3i79djbfXXvazR+hi7qDtKo+zJKCDORSq66J70njl0pwN/QIKGQnKt5sYCm
|
||||||
|
3kPTZHrR6ys82MhTFk/C1G4aJjQScTz4buA5UH+0hsE
|
||||||
|
-> ssh-ed25519 2Ca8Kg eqyr8Yr3rrWlhCd+TmKsnywFdp1mwt3jZwuJzO0TwzM
|
||||||
|
mcfYZGTAebrZY9Ool8sPn25wPiwe6StBUzdVAyEErAE
|
||||||
|
-> ssh-rsa 2ggJWw
|
||||||
|
h00c7evck2bHux9EhMjLQa1f3O3tReLd65LDJB28jH7SbpT6t8Gxfk9tamGFHg4Z
|
||||||
|
lGxkzZjK9xnroBpZv5ikuP+tD7A6A2saDXDnnAw+wHUGv0UO5yzr0HPIvwE1bVR5
|
||||||
|
GOW1iqPMHKB2v6NeTaBG1g5TohSYEDDINkQv+Q4NyPhdpX9bGd3biWiBAa1gy3Xp
|
||||||
|
XmDwtUfBg9IN+EeQTpC/tc4C1pLd3k7E+5pZDQebfTlvXZ83SH05BpBnpakPWNty
|
||||||
|
Pf3s/iMwWBiJ+8GiwQ7c6FjTrr9ImJe8nD6mknWGpsMEQ9wB4Bd9l5RTjpTW9wCo
|
||||||
|
DNtN8Mo0SGgFXjj/5XO0kMDhDike/GLr6wfD0HVgRP9MtcatvEaezp4RY6NIknjy
|
||||||
|
F49KFsZWhzqwU2c4VX3ayFGJHcn/TT6o2QL3qZoI6x23ZFHQlXtQjXfhTkXk2qJt
|
||||||
|
565cgrWzLYV7y+DB5fwaG/+Twlnr8rMQOPwyEnrWylh+AY3H/2/M1qQz2b2UQapl
|
||||||
|
|
||||||
|
-> }L0d&,o-grease QVMP gPkF4&,`
|
||||||
|
YaavYxfymQIl4xRnz1AZxLAY7+r2R9Mftt9AIk11bEymVtCWhsWtSbnhsq9q+fjm
|
||||||
|
yYwVUyIh4eeH4oOdz3ssnmB3gg
|
||||||
|
--- 5VOiRneXGtTtik3m0OJY8zV8Sboh18DIB4eM07M+1Lo
|
||||||
|
ö™:üŠØþI{ˆzþ)ƒô½-tÈ«½©jT»0rE™ÚYæg4wFA³SÖ÷9RÐ…çëQ¡5<C2A1>c{ºÈz–j…lÁRAØãàÛH”L y£ø²W•6¢¢l>¸–ߪ}m¤Ý¿óÆbѱ“ô6*ÎËg"ßãÈè}Xˆí>W¬œÛÇ<C39B>ÕTÉÞ™é¼Ì#
mÍi@êiö:°zõ愲jbc(ƦŸýìùô{ô™¨ª¯©âwã(ÖθÈäyÔ§`iÌó_ïC-`ŽP‘ô³²e«¶ç<C2B6>CÈ»tSÆ5Ž·e÷Zp%þQ´B¿Êh4yžC°dY¿«<C2BF>—Lˆ<Nw½µýÆ<>„ÊVñ4ù/ð:•+Ÿãx5ÚÞÁ8_V F6ð½)a>….
}É‘^h¿óÖ®îÍ<C3AE>ø.Ÿ’<C5B8>»ËË¿GÑà”›ÿ~ÝŒd¢EoZ=|×C•O
ö”x7›,Nƒ•ïú¹PÖ䥈%*I%®kÎ[<5B>ØÐ|-<2D>ÈžT¦úe~3¥6ËÞ!C"Öai/kDmì]<5D>íJ÷Û>ü¬n^»OýÚ—MãÌíü‚SÁ°7„¼»<C2BC>1P\ý€ú?x\;B¸#u”BŽ$hѵ:¶Ë
|
|
@ -1,9 +1,60 @@
|
||||||
let
|
let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
system = "";
|
bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
|
||||||
user = "";
|
|
||||||
allKeys = [ system user ];
|
biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
|
||||||
|
biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo";
|
||||||
|
|
||||||
|
chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
|
||||||
|
chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
|
||||||
|
|
||||||
|
droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
|
||||||
|
droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
|
||||||
|
|
||||||
|
allKeys = [
|
||||||
|
bbcom
|
||||||
|
|
||||||
|
biolimo-host
|
||||||
|
biolimo-user
|
||||||
|
|
||||||
|
chocolatebar-host
|
||||||
|
chocolatebar-user
|
||||||
|
];
|
||||||
|
|
||||||
|
biolimoKeys = [
|
||||||
|
bbcom
|
||||||
|
|
||||||
|
biolimo-host
|
||||||
|
biolimo-user
|
||||||
|
];
|
||||||
|
|
||||||
|
chocolatebarKeys = [
|
||||||
|
bbcom
|
||||||
|
|
||||||
|
chocolatebar-host
|
||||||
|
chocolatebar-user
|
||||||
|
];
|
||||||
|
|
||||||
|
droppieKeys = [
|
||||||
|
bbcom
|
||||||
|
|
||||||
|
droppie-host
|
||||||
|
droppie-user
|
||||||
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"secret.age".publicKeys = allKeys;
|
"keyfile-biolimo.bin".publicKeys = biolimoKeys;
|
||||||
|
|
||||||
|
"keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
|
||||||
|
"crypto_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
|
||||||
|
"hdd_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
|
||||||
|
|
||||||
|
"vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
|
||||||
|
"vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
|
||||||
|
|
||||||
|
"drone-runner-exec-config".publicKeys = allKeys;
|
||||||
|
|
||||||
|
"dyndns-droppie.key".publicKeys = droppieKeys;
|
||||||
|
|
||||||
|
"mopidy.conf".publicKeys = allKeys;
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/vnc-cert-chocolatebar.pem
Normal file
BIN
secrets/vnc-cert-chocolatebar.pem
Normal file
Binary file not shown.
BIN
secrets/vnc-key-chocolatebar.pem
Normal file
BIN
secrets/vnc-key-chocolatebar.pem
Normal file
Binary file not shown.
72
users/ben/.config/msmtp/config
Normal file
72
users/ben/.config/msmtp/config
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
account hello@benjaminbaedorf.eu
|
||||||
|
host mail.hosting.de
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from hello@benjaminbaedorf.eu
|
||||||
|
user hello@benjaminbaedorf.eu
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account benjamin.baedorf@rwth-aachen.de
|
||||||
|
host mail.rwth-aachen.de
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from benjamin.baedorf@rwth-aachen.de
|
||||||
|
user bb564306@rwth-aachen.de
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account b.baedorf@openproject.com
|
||||||
|
host smtp.mailbox.org
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from b.baedorf@openproject.com
|
||||||
|
user b.baedorf@openproject.com
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account byb@miom.space
|
||||||
|
host mail.hosting.de
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from byb@miom.space
|
||||||
|
user byb@miom.space
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account admins@pub.solar
|
||||||
|
host mail.greenbaum.cloud
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from admins@pub.solar
|
||||||
|
user admins@pub.solar
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account crew@pub.solar
|
||||||
|
host mail.greenbaum.cloud
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from crew@pub.solar
|
||||||
|
user crew@pub.solar
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
account mail@b12f.io
|
||||||
|
host mail.b12f.io
|
||||||
|
port 587
|
||||||
|
protocol smtp
|
||||||
|
auth on
|
||||||
|
from mail@b12f.io
|
||||||
|
user mail@b12f.io
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
|
||||||
|
account default : hello@benjaminbaedorf.eu
|
19
users/ben/.config/mutt/admins@pub.solar.muttrc
Normal file
19
users/ben/.config/mutt/admins@pub.solar.muttrc
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "pub.solar Admins <admins@pub.solar>"
|
||||||
|
set sendmail = "msmtp -a admins@pub.solar"
|
||||||
|
set signature = "~/.config/mutt/admins@pub.solar.signature"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+admins\@pub.solar/INBOX"
|
||||||
|
set postponed = "+admins\@pub.solar/Drafts"
|
||||||
|
set record = "+admins\@pub.solar/Sent"
|
||||||
|
set trash = "+admins\@pub.solar/Trash"
|
||||||
|
mbox-hook = "+admins\@pub.solar/Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +admins\@pub.solar/INBOX \
|
||||||
|
+admins\@pub.solar/Drafts \
|
||||||
|
+admins\@pub.solar/Sent \
|
||||||
|
+admins\@pub.solar/Archive \
|
||||||
|
+admins\@pub.solar/Trash
|
7
users/ben/.config/mutt/admins@pub.solar.signature
Normal file
7
users/ben/.config/mutt/admins@pub.solar.signature
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
|
||||||
|
pub.solar Admins (they/them)
|
||||||
|
|
||||||
|
MAIL: admins@pub.solar
|
||||||
|
GIT: git.b12f.io/pub-solar
|
||||||
|
MATRIX: #general:pub.solar
|
||||||
|
WEB: pub.solar
|
24
users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
Normal file
24
users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "Benjamin Bädorf <b.baedorf@openproject.com>"
|
||||||
|
set sendmail = "msmtp -a b.baedorf@openproject.com"
|
||||||
|
set signature = "~/.config/mutt/b.baedorf@openproject.com.signature"
|
||||||
|
|
||||||
|
set pgp_default_key="DB94333951EC9A362B33FBA5069CA2D117AB5CCF"
|
||||||
|
|
||||||
|
set imap_user = b.baedorf@openproject.com
|
||||||
|
set imap_pass = `secret-tool lookup service smtp host smtp.mailbox.org user b.baedorf@openproject.com`
|
||||||
|
|
||||||
|
set folder = imaps://imap.mailbox.org:993
|
||||||
|
|
||||||
|
set spoolfile = "+INBOX"
|
||||||
|
set postponed = "+Drafts"
|
||||||
|
set record = "+Sent"
|
||||||
|
set trash = "+Trash"
|
||||||
|
mbox-hook = "+Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +INBOX \
|
||||||
|
+Drafts \
|
||||||
|
+Sent \
|
||||||
|
+Archive \
|
||||||
|
+Trash
|
18
users/ben/.config/mutt/b.baedorf@openproject.com.signature
Normal file
18
users/ben/.config/mutt/b.baedorf@openproject.com.signature
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
|
||||||
|
Benjamin Bädorf
|
||||||
|
Senior Frontend Engineer
|
||||||
|
|
||||||
|
OpenProject GmbH
|
||||||
|
Krausenstraße 9
|
||||||
|
10117 Berlin
|
||||||
|
|
||||||
|
E: b.baedorf@openproject.com
|
||||||
|
GPG: DB94 3339 51EC 9A36 2B33 FBA5 069C A2D1 17AB 5CC
|
||||||
|
|
||||||
|
T: +49 9599 899 22
|
||||||
|
M: +49 151 2266 2777
|
||||||
|
I: www.openproject.org
|
||||||
|
|
||||||
|
Amtsgericht Berlin-Charlottenburg HRB 117935
|
||||||
|
Geschäftsführer Niels Lindenthal
|
||||||
|
UStID DE211309779
|
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "Benjamin Bädorf <benjamin.baedorf@rwth-aachen.de>"
|
||||||
|
set sendmail = "msmtp -a benjamin.baedorf@rwth-aachen.de"
|
||||||
|
set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
|
||||||
|
|
||||||
|
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+benjamin.baedorf\@rwth-aachen.de/INBOX"
|
||||||
|
set postponed = "+benjamin.baedorf\@rwth-aachen.de/Drafts"
|
||||||
|
set record = "+benjamin.baedorf\@rwth-aachen.de/Sent"
|
||||||
|
set trash = "+benjamin.baedorf\@rwth-aachen.de/Trash"
|
||||||
|
mbox-hook = "+benjamin.baedorf\@rwth-aachen.de/Journal"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +benjamin.baedorf\@rwth-aachen.de/INBOX \
|
||||||
|
+benjamin.baedorf\@rwth-aachen.de/Drafts \
|
||||||
|
+benjamin.baedorf\@rwth-aachen.de/Sent \
|
||||||
|
+benjamin.baedorf\@rwth-aachen.de/Journal \
|
||||||
|
+benjamin.baedorf\@rwth-aachen.de/Trash
|
21
users/ben/.config/mutt/byb@miom.space.muttrc
Normal file
21
users/ben/.config/mutt/byb@miom.space.muttrc
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "Benjamin Bädorf <byb@miom.space>"
|
||||||
|
set sendmail = "msmtp -a byb@miom.space"
|
||||||
|
set signature = "~/.config/mutt/byb@miom.space.signature"
|
||||||
|
|
||||||
|
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+byb\@miom.space/INBOX"
|
||||||
|
set postponed = "+byb\@miom.space/Drafts"
|
||||||
|
set record = "+byb\@miom.space/Sent"
|
||||||
|
set trash = "+byb\@miom.space/Trash"
|
||||||
|
mbox-hook = "+byb\@miom.space/Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +byb\@miom.space/INBOX \
|
||||||
|
+byb\@miom.space/Drafts \
|
||||||
|
+byb\@miom.space/Sent \
|
||||||
|
+byb\@miom.space/Archive \
|
||||||
|
+byb\@miom.space/Trash
|
10
users/ben/.config/mutt/byb@miom.space.signature
Normal file
10
users/ben/.config/mutt/byb@miom.space.signature
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
|
||||||
|
Benjamin Yule Bädorf (they/them)
|
||||||
|
Software Engineer at MiOM 202
|
||||||
|
|
||||||
|
MAIL: byb@miom.space
|
||||||
|
TEL: +49 15 778 959 877
|
||||||
|
GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
|
||||||
|
GIT: git.b12f.io/b12f
|
||||||
|
MATRIX: @b12f:pub.solar
|
||||||
|
WEB: benjaminbaedorf.eu
|
19
users/ben/.config/mutt/crew@pub.solar.muttrc
Normal file
19
users/ben/.config/mutt/crew@pub.solar.muttrc
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "pub.solar crew <crew@pub.solar>"
|
||||||
|
set sendmail = "msmtp -a crew@pub.solar"
|
||||||
|
set signature = "~/.config/mutt/crew@pub.solar.signature"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+crew\@pub.solar/INBOX"
|
||||||
|
set postponed = "+crew\@pub.solar/Drafts"
|
||||||
|
set record = "+crew\@pub.solar/Sent"
|
||||||
|
set trash = "+crew\@pub.solar/Trash"
|
||||||
|
mbox-hook = "+crew\@pub.solar/Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +crew\@pub.solar/INBOX \
|
||||||
|
+crew\@pub.solar/Drafts \
|
||||||
|
+crew\@pub.solar/Sent \
|
||||||
|
+crew\@pub.solar/Archive \
|
||||||
|
+crew\@pub.solar/Trash
|
8
users/ben/.config/mutt/crew@pub.solar.signature
Normal file
8
users/ben/.config/mutt/crew@pub.solar.signature
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
|
||||||
|
pub.solar crew (they/them)
|
||||||
|
|
||||||
|
MAIL: crew@pub.solar
|
||||||
|
MASTODON: @crew@pub.solar
|
||||||
|
GIT: git.b12f.io/pub-solar
|
||||||
|
MATRIX: #general:pub.solar
|
||||||
|
WEB: pub.solar
|
21
users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
Normal file
21
users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "Benjamin Bädorf <hello@benjaminbaedorf.eu>"
|
||||||
|
set sendmail = "msmtp -a hello@benjaminbaedorf.eu"
|
||||||
|
set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
|
||||||
|
|
||||||
|
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+hello\@benjaminbaedorf.eu/INBOX"
|
||||||
|
set postponed = "+hello\@benjaminbaedorf.eu/Drafts"
|
||||||
|
set record = "+hello\@benjaminbaedorf.eu/Sent"
|
||||||
|
set trash = "+hello\@benjaminbaedorf.eu/Trash"
|
||||||
|
mbox-hook = "+hello\@benjaminbaedorf.eu/Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +hello\@benjaminbaedorf.eu/INBOX \
|
||||||
|
+hello\@benjaminbaedorf.eu/Drafts \
|
||||||
|
+hello\@benjaminbaedorf.eu/Sent \
|
||||||
|
+hello\@benjaminbaedorf.eu/Archive \
|
||||||
|
+hello\@benjaminbaedorf.eu/Trash
|
10
users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
Normal file
10
users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
|
||||||
|
Benjamin Yule Bädorf (they/them)
|
||||||
|
Software Engineer
|
||||||
|
|
||||||
|
MAIL: hello@benjaminbaedorf.eu
|
||||||
|
TEL: +49 15 778 959 877
|
||||||
|
GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
|
||||||
|
GIT: git.b12f.io/b12f
|
||||||
|
MATRIX: @b12f:pub.solar
|
||||||
|
WEB: benjaminbaedorf.eu
|
21
users/ben/.config/mutt/mail@b12f.io.muttrc
Normal file
21
users/ben/.config/mutt/mail@b12f.io.muttrc
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: filetype=muttrc
|
||||||
|
|
||||||
|
set from = "Benjamin Bädorf <mail@b12f.io>"
|
||||||
|
set sendmail = "msmtp -a mail@b12f.io"
|
||||||
|
set signature = "~/.config/mutt/mail@b12f.io.signature"
|
||||||
|
|
||||||
|
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
|
||||||
|
|
||||||
|
set mbox_type = Maildir
|
||||||
|
set folder = ~/Mail
|
||||||
|
set spoolfile = "+mail\@b12f.io/INBOX"
|
||||||
|
set postponed = "+mail\@b12f.io/Drafts"
|
||||||
|
set record = "+mail\@b12f.io/Sent"
|
||||||
|
set trash = "+mail\@b12f.io/Trash"
|
||||||
|
mbox-hook = "+mail\@b12f.io/Archive"
|
||||||
|
unmailboxes *
|
||||||
|
mailboxes +mail\@b12f.io/INBOX \
|
||||||
|
+mail\@b12f.io/Drafts \
|
||||||
|
+mail\@b12f.io/Sent \
|
||||||
|
+mail\@b12f.io/Archive \
|
||||||
|
+mail\@b12f.io/Trash
|
10
users/ben/.config/mutt/mail@b12f.io.signature
Normal file
10
users/ben/.config/mutt/mail@b12f.io.signature
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
|
||||||
|
Benjamin Yule Bädorf (they/them)
|
||||||
|
Software Engineer
|
||||||
|
|
||||||
|
MAIL: mail@b12f.io
|
||||||
|
TEL: +49 15 778 959 877
|
||||||
|
GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
|
||||||
|
GIT: git.b12f.io/b12f
|
||||||
|
MATRIX: @b12f:pub.solar
|
||||||
|
WEB: benjaminbaedorf.eu
|
109
users/ben/.config/offlineimap/config
Normal file
109
users/ben/.config/offlineimap/config
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
[general]
|
||||||
|
pythonfile = $XDG_CONFIG_HOME/offlineimap/functions.py
|
||||||
|
metadata = $XDG_DATA_HOME/offlineimap
|
||||||
|
accounts = BBEU, MiOM, AdminsPubSolar, CrewPubSolar, b12f, RWTH
|
||||||
|
|
||||||
|
[Account BBEU]
|
||||||
|
localrepository = LocalBBEU
|
||||||
|
remoterepository = RemoteBBEU
|
||||||
|
|
||||||
|
[Repository LocalBBEU]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/hello@benjaminbaedorf.eu
|
||||||
|
|
||||||
|
[Repository RemoteBBEU]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.hosting.de
|
||||||
|
remoteuser = hello@benjaminbaedorf.eu
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "hello@benjaminbaedorf.eu")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account OPGmail]
|
||||||
|
localrepository = LocalOPGmail
|
||||||
|
remoterepository = RemoteOPGmail
|
||||||
|
|
||||||
|
[Repository LocalOPGmail]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/b.baedorf@openproject.com
|
||||||
|
|
||||||
|
[Repository RemoteOPGmail]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = imap.gmail.com
|
||||||
|
remoteuser = b.baedorf@openproject.com
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "smtp.gmail.com", "user", "b.baedorf@openproject.com")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account MiOM]
|
||||||
|
localrepository = LocalMiOM
|
||||||
|
remoterepository = RemoteMiOM
|
||||||
|
|
||||||
|
[Repository LocalMiOM]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/byb@miom.space
|
||||||
|
|
||||||
|
[Repository RemoteMiOM]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.hosting.de
|
||||||
|
remoteuser = byb@miom.space
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "byb@miom.space")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account AdminsPubSolar]
|
||||||
|
localrepository = LocalAdminsPubSolar
|
||||||
|
remoterepository = RemoteAdminsPubSolar
|
||||||
|
|
||||||
|
[Repository LocalAdminsPubSolar]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/admins@pub.solar
|
||||||
|
|
||||||
|
[Repository RemoteAdminsPubSolar]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.greenbaum.cloud
|
||||||
|
remoteuser = admins@pub.solar
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "admins@pub.solar")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account CrewPubSolar]
|
||||||
|
localrepository = LocalCrewPubSolar
|
||||||
|
remoterepository = RemoteCrewPubSolar
|
||||||
|
|
||||||
|
[Repository LocalCrewPubSolar]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/crew@pub.solar
|
||||||
|
|
||||||
|
[Repository RemoteCrewPubSolar]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.greenbaum.cloud
|
||||||
|
remoteuser = crew@pub.solar
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "crew@pub.solar")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account b12f]
|
||||||
|
localrepository = Localb12f
|
||||||
|
remoterepository = Remoteb12f
|
||||||
|
|
||||||
|
[Repository Localb12f]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/mail@b12f.io
|
||||||
|
|
||||||
|
[Repository Remoteb12f]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.b12f.io
|
||||||
|
remoteuser = mail@b12f.io
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.b12f.io", "user", "mail@b12f.io")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
[Account RWTH]
|
||||||
|
localrepository = LocalRWTH
|
||||||
|
remoterepository = RemoteRWTH
|
||||||
|
|
||||||
|
[Repository LocalRWTH]
|
||||||
|
type = Maildir
|
||||||
|
localfolders = ~/Mail/benjamin.baedorf@rwth-aachen.de
|
||||||
|
|
||||||
|
[Repository RemoteRWTH]
|
||||||
|
type = IMAP
|
||||||
|
remotehost = mail.rwth-aachen.de
|
||||||
|
remoteuser = bb564306@rwth-aachen.de
|
||||||
|
remotepasseval = get_secret("service", "smtp", "host", "mail.rwth-aachen.de", "user", "bb564306@rwth-aachen.de")
|
||||||
|
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
|
59
users/ben/default.nix
Normal file
59
users/ben/default.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{ config, hmUsers, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./home.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
home-manager.users = { inherit (hmUsers) ben; };
|
||||||
|
|
||||||
|
services.yubikey-agent.enable = true;
|
||||||
|
|
||||||
|
pub-solar = {
|
||||||
|
# These are your personal settings
|
||||||
|
# The only required settings are `name` and `password`,
|
||||||
|
# The rest is used for programs like git
|
||||||
|
user = {
|
||||||
|
name = "ben";
|
||||||
|
description = "b12f";
|
||||||
|
password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
|
||||||
|
fullName = "Benjamin Bädorf";
|
||||||
|
email = "hello@benjaminbaedorf.eu";
|
||||||
|
gpgKeyId = "4406E80E13CD656C";
|
||||||
|
publicKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
paperless.enable = true;
|
||||||
|
arduino.enable = true;
|
||||||
|
email.enable = true;
|
||||||
|
uhk.enable = true;
|
||||||
|
audio.spotify.enable = true;
|
||||||
|
audio.spotify.username = "spotify@benjaminbaedorf.eu";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Needed for the udev rules for solaar
|
||||||
|
hardware.logitech.wireless.enable = true;
|
||||||
|
networking.hosts =
|
||||||
|
let
|
||||||
|
localDomains = [
|
||||||
|
"openproject.local"
|
||||||
|
"traefik.local"
|
||||||
|
"nextcloud.local"
|
||||||
|
"step.local"
|
||||||
|
"saas-1.openproject.local"
|
||||||
|
"transmission.local"
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"127.0.0.1" = localDomains;
|
||||||
|
"::1" = localDomains;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
115
users/ben/home.nix
Normal file
115
users/ben/home.nix
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./session-variables.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
tigervnc
|
||||||
|
dogecoin
|
||||||
|
nodejs
|
||||||
|
itch
|
||||||
|
solaar
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
"git.b12f.io" = {
|
||||||
|
hostname = "git.b12f.io";
|
||||||
|
user = "git";
|
||||||
|
port = 2222;
|
||||||
|
};
|
||||||
|
|
||||||
|
"aur.archlinux.org" = {
|
||||||
|
user = "aur";
|
||||||
|
};
|
||||||
|
|
||||||
|
"leavieler.art" = {
|
||||||
|
hostname = "web5svsvy.wh.hosting.zone";
|
||||||
|
user = "web5svsvy_cgzqa3";
|
||||||
|
port = 2244;
|
||||||
|
};
|
||||||
|
|
||||||
|
"benjaminbaedorf.eu" = {
|
||||||
|
hostname = "web5svsvy.wh.hosting.zone";
|
||||||
|
user = "web5svsvy_cgzqa3";
|
||||||
|
port = 2244;
|
||||||
|
};
|
||||||
|
|
||||||
|
"miom.space" = {
|
||||||
|
hostname = "web7dgkba.wh.hosting.zone";
|
||||||
|
user = "web7dgkba_c9em8f";
|
||||||
|
port = 2244;
|
||||||
|
};
|
||||||
|
|
||||||
|
"latenight.blue" = {
|
||||||
|
hostname = "latenight.blue";
|
||||||
|
user = "lnb";
|
||||||
|
extraOptions = {
|
||||||
|
MACs = "hmac-sha2-512-etm@openssh.com";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"blacktea.io" = {
|
||||||
|
hostname = "latenight.blue";
|
||||||
|
user = "lnb";
|
||||||
|
extraOptions = {
|
||||||
|
MACs = "hmac-sha2-512-etm@openssh.com";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"laurakirst.de" = {
|
||||||
|
hostname = "webj4bsux.wh.hosting.zone";
|
||||||
|
user = "webj4bsux_36qkrk";
|
||||||
|
port = 2244;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
xdg.configFile."mutt/accounts.muttrc".text = ''
|
||||||
|
source ./hello@benjaminbaedorf.eu.muttrc
|
||||||
|
|
||||||
|
macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
|
||||||
|
macro index <f7> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
|
||||||
|
'';
|
||||||
|
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
|
||||||
|
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
|
||||||
|
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
|
||||||
|
xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
|
||||||
|
xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
|
||||||
|
xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
|
||||||
|
xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
|
||||||
|
xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
|
||||||
|
xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
|
||||||
|
xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
|
||||||
|
xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
|
||||||
|
xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
|
||||||
|
xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
|
||||||
|
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
|
||||||
|
xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
|
||||||
|
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."mopidy.conf" = {
|
||||||
|
file = "${self}/secrets/mopidy.conf";
|
||||||
|
mode = "700";
|
||||||
|
owner = "mopidy";
|
||||||
|
};
|
||||||
|
services.mopidy.extraConfigFiles = [ "/run/agenix/mopidy.conf" ];
|
||||||
|
|
||||||
|
programs.ssh.extraConfig = "
|
||||||
|
PubkeyAcceptedKeyTypes +ssh-rsa
|
||||||
|
";
|
||||||
|
}
|
19
users/ben/session-variables.nix
Normal file
19
users/ben/session-variables.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
DRONE_RPC_PROTO = "https";
|
||||||
|
DRONE_RPC_HOST = "ci.b12f.io";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
home.sessionVariables = {
|
||||||
|
inherit DRONE_RPC_HOST;
|
||||||
|
inherit DRONE_RPC_PROTO;
|
||||||
|
DRONE_SERVER = DRONE_RPC_PROTO + "://" + DRONE_RPC_HOST;
|
||||||
|
|
||||||
|
RESTIC_REPOSITORY = "sftp:root@backup.b12f.io:/media/internal/backups";
|
||||||
|
RESTIC_PASSWORD_COMMAND = "secret-tool lookup restic repository-password";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
35
users/yule/default.nix
Normal file
35
users/yule/default.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, hmUsers, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
home-manager.users = { inherit (hmUsers) yule; };
|
||||||
|
|
||||||
|
pub-solar = {
|
||||||
|
# These are your personal settings
|
||||||
|
# The only required settings are `name` and `password`,
|
||||||
|
# The rest is used for programs like git
|
||||||
|
user = {
|
||||||
|
name = "yule";
|
||||||
|
description = "b12f";
|
||||||
|
password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1";
|
||||||
|
fullName = "Benjamin Bädorf";
|
||||||
|
email = "hello@benjaminbaedorf.eu";
|
||||||
|
gpgKeyId = "4406E80E13CD656C";
|
||||||
|
publicKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
|
||||||
|
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
|
||||||
|
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
|
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue