maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat

Browse source
This commit is contained in:
Malte Brandy 2022-03-08 02:42:46 +01:00
parent 6e84d7d3ef
commit 57123b08e1
151 changed files with 4171 additions and 3256 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cachix.nix
View file

@ -1,13 +1,14 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
folder = ./cachix;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in
{
in {
inherit imports;
nix.binaryCaches = [ "https://cache.nixos.org/" ];
nix.binaryCaches = ["https://cache.nixos.org/"];
}

1
cachix/mweinelt.nix
View file

@ -8,4 +8,3 @@
];
};
}

1
cachix/pre-commit-hooks.nix
View file

@ -8,4 +8,3 @@
];
};
}

3
channels.nix
View file

@ -7,8 +7,7 @@ let
# nixpkgs-channel = "nixos-unstable";
# home-manager-channel = "home-manager-master";
#};
in
rec {
in rec {
hera = nixos-21-11;
apollo = nixos-21-11;
zeus = nixos-21-11;

50
common/common.nix
View file

@ -1,31 +1,29 @@
{ pkgs }: {
{pkgs}: {
syncthing = {
declarativeWith = hosts: path:
let
mkFolder = name: {
path = "${path}/${name}";
devices = hosts;
};
devices = {
apollo.id = "BOTTTGS-QQUHWAK-IFBT3T2-HGHHUZ7-QHRZXC7-JC42VT7-67ZOJBE-WHDWEQX";
zeus.id = "5BUZIS5-ESTYAJO-IQQD7EA-O3VGONJ-E74OHUJ-ZSLF4JK-6HS3UHG-4CQ5OAO";
hera = {
addresses = [ "tcp6://hera.m-0.eu" ];
id = "TJHVUM6-RTB6V3D-JF4GIB2-TVDF2ST-5MTN6N2-ZDIWGF7-XZUCCFG-EQG5WA6";
};
};
in
{
devices = pkgs.lib.getAttrs hosts devices;
folders = {
science = mkFolder "science";
documents = mkFolder "documents";
audio = mkFolder "audio";
video = mkFolder "video";
images = mkFolder "images";
books = mkFolder "books";
tmp = mkFolder "tmp";
declarativeWith = hosts: path: let
mkFolder = name: {
path = "${path}/${name}";
devices = hosts;
};
devices = {
apollo.id = "BOTTTGS-QQUHWAK-IFBT3T2-HGHHUZ7-QHRZXC7-JC42VT7-67ZOJBE-WHDWEQX";
zeus.id = "5BUZIS5-ESTYAJO-IQQD7EA-O3VGONJ-E74OHUJ-ZSLF4JK-6HS3UHG-4CQ5OAO";
hera = {
addresses = ["tcp6://hera.m-0.eu"];
id = "TJHVUM6-RTB6V3D-JF4GIB2-TVDF2ST-5MTN6N2-ZDIWGF7-XZUCCFG-EQG5WA6";
};
};
in {
devices = pkgs.lib.getAttrs hosts devices;
folders = {
science = mkFolder "science";
documents = mkFolder "documents";
audio = mkFolder "audio";
video = mkFolder "video";
images = mkFolder "images";
books = mkFolder "books";
tmp = mkFolder "tmp";
};
};
};
}

86
common/default.nix
View file

@ -1,9 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
config = {
m-0.monitoring = [
{
@ -52,7 +53,7 @@ with lib;
options = {
m-0.private = mkOption {
default = { };
default = {};
type = types.attrs;
};
m-0.prefix = mkOption {
@ -62,8 +63,8 @@ with lib;
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption { type = types.str; };
host = mkOption { type = types.str; };
name = mkOption {type = types.str;};
host = mkOption {type = types.str;};
container = mkOption {
type = types.bool;
default = false;
@ -74,46 +75,43 @@ with lib;
};
};
});
default = [ ];
default = [];
};
m-0.hosts = mkOption {
type = types.attrs;
default =
let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in
rec {
hera = "${p}::1";
vpn = rec {
prefix = "fdc0:7";
hera = "${prefix}::1";
fluffy = "${prefix}::2";
apollo = "${prefix}::5";
zeus = "${prefix}::4";
pegasus = "${prefix}::6";
};
hera-wg-host = "${p}::100:0:1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
zeus-wg = "${wg-p}:3";
hera-intern = "${hera-p}:1";
chor-cloud = "${hera-p}:b";
apollo = apollo-wg;
zeus = zeus-wg;
hera-intern-v4 = "${v4-p}.1";
chor-cloud-intern-v4 = "${v4-p}.3";
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
vpn = rec {
prefix = "fdc0:7";
hera = "${prefix}::1";
fluffy = "${prefix}::2";
apollo = "${prefix}::5";
zeus = "${prefix}::4";
pegasus = "${prefix}::6";
};
hera-wg-host = "${p}::100:0:1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
zeus-wg = "${wg-p}:3";
hera-intern = "${hera-p}:1";
chor-cloud = "${hera-p}:b";
apollo = apollo-wg;
zeus = zeus-wg;
hera-intern-v4 = "${v4-p}.1";
chor-cloud-intern-v4 = "${v4-p}.3";
};
};
};
}

171
home-manager/machines.nix
View file

@ -1,19 +1,21 @@
let
restrictedPages = [
"reddit.com"
"github.com"
"*.ccc.de"
"haskell.org"
"*.haskell.org"
"*.nixos.org"
"nixos.org"
"matrix.org"
"element.io"
"youtube.*"
"*.element.io"
"chaos.social"
"twitter.com"
] ++ newsPages;
restrictedPages =
[
"reddit.com"
"github.com"
"*.ccc.de"
"haskell.org"
"*.haskell.org"
"*.nixos.org"
"nixos.org"
"matrix.org"
"element.io"
"youtube.*"
"*.element.io"
"chaos.social"
"twitter.com"
]
++ newsPages;
newsPages = [
"zeit.de"
"heise.de"
@ -30,17 +32,14 @@ let
"zdf.de"
];
makeConfig = hostName: imports:
{ ... }: {
imports = imports ++ [ ./roles/default.nix ];
m-0.hostName = hostName;
nixpkgs.overlays = [ (_: _: (import ../channels.nix).${hostName}) ];
};
makeAutostart = name:
{ config, ... }: {
config.xdg.configFile."autostart/${name}.desktop".source =
"${config.home.path}/share/applications/${name}.desktop";
};
makeConfig = hostName: imports: {...}: {
imports = imports ++ [./roles/default.nix];
m-0.hostName = hostName;
nixpkgs.overlays = [(_: _: (import ../channels.nix).${hostName})];
};
makeAutostart = name: {config, ...}: {
config.xdg.configFile."autostart/${name}.desktop".source = "${config.home.path}/share/applications/${name}.desktop";
};
on-my-machines = [
./roles/on-my-machine.nix
./roles/accounting.nix
@ -53,9 +52,11 @@ let
./roles/mode-switching.nix
./roles/systemd-exporter.nix
];
daily-driver = name: extra:
let
all = extra ++ on-my-machines ++ [
daily-driver = name: extra: let
all =
extra
++ on-my-machines
++ [
(import ./roles/firefox.nix "http://localhost:7000")
(makeAutostart "planning")
(makeAutostart "unlock-ssh")
@ -76,56 +77,65 @@ let
./roles/wallpaper.nix
./roles/zettelkasten.nix
];
orgaExtra = [
./roles/accounting.nix
./roles/mail-client.nix
./roles/pythia.nix
./roles/tinkering.nix
];
blockServer = import ./roles/block-server.nix;
in
{
klausur = makeConfig name (
all ++ [
(blockServer restrictedPages)
]
);
orga = makeConfig name (
all ++ orgaExtra ++ [
(blockServer restrictedPages)
]
);
communication = makeConfig name (
all ++ orgaExtra ++ [
./roles/chat.nix
(blockServer restrictedPages)
]
);
code = makeConfig name (
all ++ orgaExtra ++ [
./roles/chat.nix
(blockServer newsPages)
]
);
leisure = makeConfig name (
all ++ orgaExtra ++ [
./roles/games.nix
./roles/chat.nix
./roles/leisure.nix
(blockServer newsPages)
]
);
unrestricted = makeConfig name (
all ++ orgaExtra ++ [
./roles/games.nix
./roles/chat.nix
./roles/leisure.nix
(blockServer [ ])
]
);
};
in
{
orgaExtra = [
./roles/accounting.nix
./roles/mail-client.nix
./roles/pythia.nix
./roles/tinkering.nix
];
blockServer = import ./roles/block-server.nix;
in {
klausur = makeConfig name (
all
++ [
(blockServer restrictedPages)
]
);
orga = makeConfig name (
all
++ orgaExtra
++ [
(blockServer restrictedPages)
]
);
communication = makeConfig name (
all
++ orgaExtra
++ [
./roles/chat.nix
(blockServer restrictedPages)
]
);
code = makeConfig name (
all
++ orgaExtra
++ [
./roles/chat.nix
(blockServer newsPages)
]
);
leisure = makeConfig name (
all
++ orgaExtra
++ [
./roles/games.nix
./roles/chat.nix
./roles/leisure.nix
(blockServer newsPages)
]
);
unrestricted = makeConfig name (
all
++ orgaExtra
++ [
./roles/games.nix
./roles/chat.nix
./roles/leisure.nix
(blockServer [])
]
);
};
in {
apollo = daily-driver "apollo" [
./roles/battery.nix
./roles/untrusted-env.nix
@ -143,7 +153,8 @@ in
./roles/headless.nix
(import ./roles/state.nix "default")
];
hera.default = makeConfig "hera" (on-my-machines ++ [
hera.default = makeConfig "hera" (on-my-machines
++ [
./roles/fetch-banking-timer.nix
./roles/weechat
./roles/mail-sort.nix

2
home-manager/roles/accounting.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
xdg.configFile."jali/config.py".source = pkgs.privateFile "jaliconfig.py";
home.packages = builtins.attrValues pkgs.accounting-pkgs;
}

6
home-manager/roles/arbtt/default.nix
View file

@ -1,3 +1,7 @@
{ pkgs, config, ... }: {
{
pkgs,
config,
...
}: {
home.file.".arbtt/categorize.cfg".source = pkgs.privateValue (builtins.toFile "empty-file" "") "arbtt/default";
}

41
home-manager/roles/battery.nix
View file

@ -1,19 +1,23 @@
{ lib, pkgs, config, ... }:
let
{
lib,
pkgs,
config,
...
}: let
battery-watch = pkgs.writeHaskellScript
{
name = "battery-watch";
bins = [ pkgs.acpi ];
imports = [
"DBus.Notify"
"Control.Concurrent"
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"Replace.Megaparsec"
"Data.Maybe"
];
} ''
{
name = "battery-watch";
bins = [pkgs.acpi];
imports = [
"DBus.Notify"
"Control.Concurrent"
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"Replace.Megaparsec"
"Data.Maybe"
];
} ''
moderateLevel = 50 -- percent
lowLevel = 20 -- percent
criticalLevel = 8 -- percent
@ -59,9 +63,7 @@ let
where
myNote = blankNote { body = Just $ Text [i|#{currentLevel}% remaining.|]}
'';
in
{
in {
systemd.user = {
services.battery = {
Unit.Description = "Watch battery state and warn user";
@ -70,8 +72,7 @@ in
Restart = "always";
RestartSec = 60;
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
};
}

17
home-manager/roles/beets.nix
View file

@ -1,4 +1,8 @@
{ pkgs, config, ... }: {
{
pkgs,
config,
...
}: {
xdg.configFile."beets/config.yaml".text = builtins.toJSON {
directory = config.services.mpd.musicDirectory;
import.move = true;
@ -7,22 +11,19 @@
singleton = "$genre/%the{$artist}/singles/$title";
comp = "$genre/%the{$artist}/$album%aunique{}/$track. $title";
"genre:soundtrack" = "Soundtrack/$album%aunique{}/$track. $title";
"genre::classical" =
"$genre/%the{$composer}/$album%aunique{}/$track. $title";
"genre::classical" = "$genre/%the{$composer}/$album%aunique{}/$track. $title";
};
plugins =
"convert web mpdstats mpdupdate fromfilename the duplicates missing";
plugins = "convert web mpdstats mpdupdate fromfilename the duplicates missing";
convert = {
auto = true;
command =
"${pkgs.ffmpeg}/bin/ffmpeg -i $source -y -vn -acodec libopus -ab 192k $dest";
command = "${pkgs.ffmpeg}/bin/ffmpeg -i $source -y -vn -acodec libopus -ab 192k $dest";
extension = "opus";
never_convert_lossy_files = true;
};
};
systemd.user.services.beets-mpdstats = {
Unit.Description = "beets.io mpdstats recorder";
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
Service = {
ExecStart = "${pkgs.beets}/bin/beet mpdstats";
Restart = "always";

30
home-manager/roles/block-server.nix
View file

@ -1,16 +1,22 @@
list:
{ pkgs, lib, ... }: {
list: {
pkgs,
lib,
...
}: {
systemd.user.services.blockserver = {
Unit.Description = "Serve a blocklist";
Service =
let
blocklist = pkgs.writeTextDir "blocklist" (lib.concatStringsSep "\r\n" list);
startpage = pkgs.writeTextDir "index.html" (builtins.readFile ./startpage.html);
in
{
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842 -d ${pkgs.symlinkJoin { name = "blockserver-dir"; paths = [ blocklist startpage ]; }}";
Restart = "always";
};
Install.WantedBy = [ "default.target" ];
Service = let
blocklist = pkgs.writeTextDir "blocklist" (lib.concatStringsSep "\r\n" list);
startpage = pkgs.writeTextDir "index.html" (builtins.readFile ./startpage.html);
in {
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842 -d ${
pkgs.symlinkJoin {
name = "blockserver-dir";
paths = [blocklist startpage];
}
}";
Restart = "always";
};
Install.WantedBy = ["default.target"];
};
}

11
home-manager/roles/chat.nix
View file

@ -1,10 +1,9 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = builtins.attrValues
{
inherit (pkgs) discord signal-desktop tdesktop element-desktop;
weechat = pkgs.writeShellScriptBin "weechat" "ssh -t hera 'TMUX_TMPDIR=/run/user/1000 tmux -L weechat attach'";
};
{
inherit (pkgs) discord signal-desktop tdesktop element-desktop;
weechat = pkgs.writeShellScriptBin "weechat" "ssh -t hera 'TMUX_TMPDIR=/run/user/1000 tmux -L weechat attach'";
};
xdg.configFile."Element/config.json".text = builtins.toJSON {
settingDefaults.custom_themes = [
{

52
home-manager/roles/daily-driver-programs.nix
View file

@ -1,29 +1,51 @@
{ pkgs, lib, config, ... }:
{
imports = [ ./mpv ];
pkgs,
lib,
config,
...
}: {
imports = [./mpv];
home.packages = builtins.attrValues rec {
zoom = pkgs.zoom-us.overrideAttrs (old: {
postFixup = old.postFixup + ''
wrapProgram $out/bin/zoom-us --unset XDG_SESSION_TYPE
wrapProgram $out/bin/zoom --unset XDG_SESSION_TYPE
'';
postFixup =
old.postFixup
+ ''
wrapProgram $out/bin/zoom-us --unset XDG_SESSION_TYPE
wrapProgram $out/bin/zoom --unset XDG_SESSION_TYPE
'';
});
inherit (pkgs.gnome) nautilus;
inherit (pkgs.xorg) xbacklight;
inherit (pkgs)
inherit
(pkgs)
# web
chromium
mumble upower speedtest-cli acpi
mumble
upower
speedtest-cli
acpi
anki
# tools & office
feh gimp imagemagick libreoffice-fresh xournal musescore handbrake evince
abcde beets zbar
feh
gimp
imagemagick
libreoffice-fresh
xournal
musescore
handbrake
evince
abcde
beets
zbar
# media
ncpamixer pavucontrol deluge gmpc vlc youtubeDL syncplay;
ncpamixer
pavucontrol
deluge
gmpc
vlc
youtubeDL
syncplay
;
};
}

158
home-manager/roles/default.nix
View file

@ -1,5 +1,9 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}: {
imports = [
./zsh
./home-options.nix
@ -9,7 +13,7 @@
./neovim
./nvd.nix
];
nixpkgs.overlays = import ../../overlays { inherit lib; };
nixpkgs.overlays = import ../../overlays {inherit lib;};
news.display = "silent";
@ -60,7 +64,7 @@
'';
};
password-store = {
package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-update pkgs.pass-clip exts.pass-otp ]);
package = pkgs.pass-wayland.withExtensions (exts: [exts.pass-update pkgs.pass-clip exts.pass-otp]);
enable = true;
settings.PASSWORD_STORE_DIR = "${config.home.homeDirectory}/git/password-store";
};
@ -120,81 +124,81 @@
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks =
let
agHost = "fb04217.mathematik.tu-darmstadt.de";
in
{
athene.hostname = "192.168.178.22";
git-auto = {
hostname = "hera.m-0.eu";
user = "git";
identityFile = "~/.ssh/id_auto_ed25519";
};
git = {
hostname = "hera.m-0.eu";
user = "git";
};
hera = {
hostname = "hera.m-0.eu";
user = "maralorn";
};
ag-forward = {
hostname = agHost;
proxyJump = "gw";
user = "brandy";
};
ag = {
hostname = agHost;
user = "brandy";
};
gw = {
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = "brandy";
};
shells = {
hostname = "shells.darmstadt.ccc.de";
user = "maralorn";
};
whisky = {
hostname = "whisky.w17.io";
user = "chaos";
};
kitchen = {
hostname = "kitchen.w17.io";
user = "chaos";
};
"door.w17.io".identityFile = "~/.ssh/door_rsa";
matchBlocks = let
agHost = "fb04217.mathematik.tu-darmstadt.de";
in {
athene.hostname = "192.168.178.22";
git-auto = {
hostname = "hera.m-0.eu";
user = "git";
identityFile = "~/.ssh/id_auto_ed25519";
};
git = {
hostname = "hera.m-0.eu";
user = "git";
};
hera = {
hostname = "hera.m-0.eu";
user = "maralorn";
};
ag-forward = {
hostname = agHost;
proxyJump = "gw";
user = "brandy";
};
ag = {
hostname = agHost;
user = "brandy";
};
gw = {
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = "brandy";
};
shells = {
hostname = "shells.darmstadt.ccc.de";
user = "maralorn";
};
whisky = {
hostname = "whisky.w17.io";
user = "chaos";
};
kitchen = {
hostname = "kitchen.w17.io";
user = "chaos";
};
"door.w17.io".identityFile = "~/.ssh/door_rsa";
};
};
};
home = {
packages = builtins.attrValues pkgs.home-pkgs ++ [
(
pkgs.writeShellScriptBin "unlock-ssh" ''
SSH_ASKPASS="print-ssh-pw" DISPLAY="a" ssh-add < /dev/null
''
)
(
pkgs.writeShellScriptBin "print-radicle-pw"
packages =
builtins.attrValues pkgs.home-pkgs
++ [
(
pkgs.writeShellScriptBin "unlock-ssh" ''
SSH_ASKPASS="print-ssh-pw" DISPLAY="a" ssh-add < /dev/null
''
)
(
pkgs.writeShellScriptBin "print-radicle-pw"
"pass show etc/radicle/${config.m-0.hostName}"
)
(
pkgs.writeShellScriptBin "print-ssh-pw"
)
(
pkgs.writeShellScriptBin "print-ssh-pw"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
)
(
pkgs.writeShellScriptBin "dingdingding" (builtins.readFile ./signal.sh)
)
];
)
(
pkgs.writeShellScriptBin "dingdingding" (builtins.readFile ./signal.sh)
)
];
sessionVariables = {
PATH = "$HOME/.nix-profile/bin:$PATH";
BROWSER = "firefox";
EMAIL = "malte.brandy@maralorn.de";
SUDO_ASKPASS = toString (
pkgs.writeShellScript "print-sudo-pw"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
);
};
};
@ -219,17 +223,17 @@
mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/chrome" = [ "firefox.desktop" ];
"text/html" = [ "firefox.desktop" ];
"application/x-extension-htm" = [ "firefox.desktop" ];
"application/x-extension-html" = [ "firefox.desktop" ];
"application/x-extension-shtml" = [ "firefox.desktop" ];
"application/xhtml+xml" = [ "firefox.desktop" ];
"application/x-extension-xhtml" = [ "firefox.desktop" ];
"application/x-extension-xht" = [ "firefox.desktop" ];
"application/pdf" = ["org.gnome.Evince.desktop"];
"x-scheme-handler/http" = ["firefox.desktop"];
"x-scheme-handler/https" = ["firefox.desktop"];
"x-scheme-handler/chrome" = ["firefox.desktop"];
"text/html" = ["firefox.desktop"];
"application/x-extension-htm" = ["firefox.desktop"];
"application/x-extension-html" = ["firefox.desktop"];
"application/x-extension-shtml" = ["firefox.desktop"];
"application/xhtml+xml" = ["firefox.desktop"];
"application/x-extension-xhtml" = ["firefox.desktop"];
"application/x-extension-xht" = ["firefox.desktop"];
};
};
userDirs = {

13
home-manager/roles/desktop-items.nix
View file

@ -1,5 +1,8 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
simpleDesktopItem = name: command:
pkgs.makeDesktopItem {
name = name;
@ -15,8 +18,6 @@ let
};
superSimpleDesktopItem = name: simpleDesktopItem name name;
terminalDesktopItem = name: namedTerminalDesktopItem name name;
in
{
home.packages = map superSimpleDesktopItem [ "kassandra2" ] ++ map terminalDesktopItem [ "unlock-ssh" ];
in {
home.packages = map superSimpleDesktopItem ["kassandra2"] ++ map terminalDesktopItem ["unlock-ssh"];
}

13
home-manager/roles/desktop.nix
View file

@ -1,12 +1,15 @@
{ pkgs, lib, config, ... }:
let inherit (import ../../lib) colors;
in
{
pkgs,
lib,
config,
...
}: let
inherit (import ../../lib) colors;
in {
m-0.colors = colors;
home = {
packages = builtins.attrValues pkgs.desktop-pkgs;
file.".zprofile".text =
". $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh";
file.".zprofile".text = ". $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh";
};
gtk = {
enable = true;

4
home-manager/roles/fetch-banking-timer.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
systemd.user = {
services.fetch-banking = {
Unit.Description = "Fetch banking";
@ -23,7 +23,7 @@
timers.fetch-banking = {
Unit.Description = "Fetch banking";
Timer.OnCalendar = "2/6:00"; # Every 6 hours from 2:00
Install.WantedBy = [ "timers.target" ];
Install.WantedBy = ["timers.target"];
};
};
}

4
home-manager/roles/firefox.nix
View file

@ -1,4 +1,4 @@
startpage: { pkgs, ... }: {
startpage: {pkgs, ...}: {
programs.firefox = {
profiles.maralorn-default = {
extraConfig = ""; # user.js
@ -21,7 +21,7 @@ startpage: { pkgs, ... }: {
};
programs.browserpass = {
browsers = [ "firefox" ];
browsers = ["firefox"];
enable = true;
};
home.sessionVariables = {

12
home-manager/roles/games.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
gw2dir = "${config.home.homeDirectory}/volatile/GW2";
wine = pkgs.wineWowPackages.staging;
gw2env = ''
@ -45,9 +49,7 @@ let
cd "${gw2dir}/data/drive_c/Guild Wars 2"
${wine}/bin/wine64 ./Gw2-64.exe $@ -autologin
'';
in
{
in {
#dconf.settings."org/gnome/settings-daemon/plugins/media-keys" = {
#mic-mute = lib.mkForce [ ];
#next = lib.mkForce [ ];

2
home-manager/roles/git-sign.nix
View file

@ -1,3 +1,3 @@
{ ... }: {
{...}: {
programs.git.signing.key = "6C3D12CD88CDF46C5EAF4D12226A2D41EF5378C9";
}

140
home-manager/roles/gnome.nix
View file

@ -1,16 +1,19 @@
{ pkgs, lib, ... }@args:
let
{
pkgs,
lib,
...
} @ args: let
hotkeys = import ./hotkeys.nix args;
mkTuple = lib.hm.gvariant.mkTuple;
statusScript = pkgs.writeHaskellScript
{
name = "status-script";
bins = [ pkgs.notmuch pkgs.coreutils pkgs.git pkgs.playerctl pkgs.khal ];
imports = [
"Control.Exception"
"System.Directory"
];
} ''
{
name = "status-script";
bins = [pkgs.notmuch pkgs.coreutils pkgs.git pkgs.playerctl pkgs.khal];
imports = [
"Control.Exception"
"System.Directory"
];
} ''
data Mode = Klausur | Orga | Communication | Code | Leisure | Unrestricted deriving (Eq, Ord, Show, Enum, Bounded)
modes = enumFrom Klausur
getMode = do
@ -46,17 +49,16 @@ let
memptyIfFalse (length unpushed /= 0) (one [i|<span foreground='\#d2691e'>Unpushed: #{Text.intercalate " " unpushed}</span>|]) ++
memptyIfFalse (length dirty /= 0) (one [i|<span foreground='\#ff7f50'>Dirty: #{Text.intercalate " " dirty}</span>|])
'';
in
{
in {
services.gpg-agent.pinentryFlavor = "gnome3";
dconf.settings = {
"org/gnome/desktop/wm/keybindings" = {
switch-input-source = [ ];
switch-input-source-backward = [ ];
switch-applications = [ ];
switch-applications-backward = [ ];
cycle-windows = [ "<Super>Tab" ];
cycle-windows-backward = [ "<Shift><Super>Tab" ];
switch-input-source = [];
switch-input-source-backward = [];
switch-applications = [];
switch-applications-backward = [];
cycle-windows = ["<Super>Tab"];
cycle-windows-backward = ["<Shift><Super>Tab"];
};
"org/gnome/settings-daemon/plugins/color" = {
@ -71,39 +73,37 @@ in
};
"org/gnome/desktop/wm/keybindings" = {
close = [ "<Super>q" ];
close = ["<Super>q"];
};
"org/gnome/shell/extensions/gtile" =
let
left = r: "0:${r} 1:${r},0:${r} 2:${r},0:${r} 3:${r},0:${r} 0:${r}, 1:${r} 1:${r}";
right = r: "4:${r} 5:${r},3:${r} 5:${r},2:${r} 5:${r},5:${r} 5:${r}, 4:${r} 4:${r}";
middle = r: "2:${r} 3:${r}, 1:${r} 4:${r}, 0:${r} 5:${r}, 1:${r} 3:${r}, 2:${r} 4:${r}, 2:${r} 2:${r}, 3:${r} 3:${r}";
in
{
global-presets = true;
grid-sizes = "6x2";
preset-resize-1 = [ "<Control><Super>m" ];
preset-resize-2 = [ "<Control><Super>comma" ];
preset-resize-3 = [ "<Control><Super>period" ];
preset-resize-4 = [ "<Control><Super>n" ];
preset-resize-5 = [ "<Control><Super>r" ];
preset-resize-6 = [ "<Control><Super>t" ];
preset-resize-7 = [ "<Control><Super>h" ];
preset-resize-8 = [ "<Control><Super>g" ];
preset-resize-9 = [ "<Control><Super>f" ];
resize1 = "6x2 ${left "1"}";
resize2 = "6x2 ${middle "1"}";
resize3 = "6x2 ${right "1"}";
resize4 = "6x1 ${left "0"}";
resize5 = "6x1 ${middle "0"}";
resize6 = "6x1 ${right "0"}";
resize7 = "6x2 ${left "0"}";
resize8 = "6x2 ${middle "0"}";
resize9 = "6x2 ${right "0"}";
show-toggle-tiling-alt = [ "<Super>t" ];
show-icon = false;
};
"org/gnome/shell/extensions/gtile" = let
left = r: "0:${r} 1:${r},0:${r} 2:${r},0:${r} 3:${r},0:${r} 0:${r}, 1:${r} 1:${r}";
right = r: "4:${r} 5:${r},3:${r} 5:${r},2:${r} 5:${r},5:${r} 5:${r}, 4:${r} 4:${r}";
middle = r: "2:${r} 3:${r}, 1:${r} 4:${r}, 0:${r} 5:${r}, 1:${r} 3:${r}, 2:${r} 4:${r}, 2:${r} 2:${r}, 3:${r} 3:${r}";
in {
global-presets = true;
grid-sizes = "6x2";
preset-resize-1 = ["<Control><Super>m"];
preset-resize-2 = ["<Control><Super>comma"];
preset-resize-3 = ["<Control><Super>period"];
preset-resize-4 = ["<Control><Super>n"];
preset-resize-5 = ["<Control><Super>r"];
preset-resize-6 = ["<Control><Super>t"];
preset-resize-7 = ["<Control><Super>h"];
preset-resize-8 = ["<Control><Super>g"];
preset-resize-9 = ["<Control><Super>f"];
resize1 = "6x2 ${left "1"}";
resize2 = "6x2 ${middle "1"}";
resize3 = "6x2 ${right "1"}";
resize4 = "6x1 ${left "0"}";
resize5 = "6x1 ${middle "0"}";
resize6 = "6x1 ${right "0"}";
resize7 = "6x2 ${left "0"}";
resize8 = "6x2 ${middle "0"}";
resize9 = "6x2 ${right "0"}";
show-toggle-tiling-alt = ["<Super>t"];
show-icon = false;
};
# Generated via dconf2nix: https://github.com/gvolpe/dconf2nix
"org/gnome/desktop/a11y/keyboard" = {
mousekeys-accel-time = 2000;
@ -218,24 +218,22 @@ in
};
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "de+neo" ]) ]; # use neo
sources = [(mkTuple ["xkb" "de+neo"])]; # use neo
xkb-options = [
"altwin:swap_lalt_lwin" # swap alt and win
"lv3:menu_switch" # So that gnome-settings does not set it to ralt
];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal" =
{
binding = "<Super>Return";
command = "foot";
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/hotkeys" =
{
binding = "<Super>space";
command = "foot ${pkgs.haskell-dialog}/bin/hotkeys ${pkgs.writeText "hotkeys.yaml" (builtins.toJSON hotkeys)}";
name = "Hotkeys";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal" = {
binding = "<Super>Return";
command = "foot";
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/hotkeys" = {
binding = "<Super>space";
command = "foot ${pkgs.haskell-dialog}/bin/hotkeys ${pkgs.writeText "hotkeys.yaml" (builtins.toJSON hotkeys)}";
name = "Hotkeys";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/standby" = {
binding = "<Super>F5";
command = "systemctl suspend";
@ -244,7 +242,7 @@ in
"org/gnome/shell/extensions/nothing-to-say" = {
icon-visibility = "always";
keybinding-toggle-mute = [ "<Primary><Shift>U+2113" ]; # Mouse key side middle
keybinding-toggle-mute = ["<Primary><Shift>U+2113"]; # Mouse key side middle
};
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
@ -252,14 +250,14 @@ in
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/hotkeys/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/standby/"
];
next = [ "<Primary><Shift>dollar" ];
play = [ "<Primary><Shift>guillemotleft" ];
previous = [ "<Primary><Shift>EuroSign" ];
screensaver = [ "<Primary>Escape" ];
volume-down = [ "<Primary><Shift>section" ];
volume-up = [ "<Primary><Shift>degree" ];
area-screenshot-clip = [ "Print" ];
screenshot = [ ];
next = ["<Primary><Shift>dollar"];
play = ["<Primary><Shift>guillemotleft"];
previous = ["<Primary><Shift>EuroSign"];
screensaver = ["<Primary>Escape"];
volume-down = ["<Primary><Shift>section"];
volume-up = ["<Primary><Shift>degree"];
area-screenshot-clip = ["Print"];
screenshot = [];
};
};
}

2
home-manager/roles/headless-mpd.nix
View file

@ -1,4 +1,4 @@
{ ... }: {
{...}: {
services = {
mpd = {
enable = true;

2
home-manager/roles/headless.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
{pkgs, ...}: {
services.gpg-agent.pinentryFlavor = "curses";
}

8
home-manager/roles/home-options.nix
View file

@ -1,17 +1,15 @@
{ lib, ... }: {
{lib, ...}: {
options = {
m-0 = {
hostName = lib.mkOption { type = lib.types.str; };
hostName = lib.mkOption {type = lib.types.str;};
terminal = lib.mkOption {
default = "foot";
type = lib.types.str;
};
colors = lib.mkOption {
default = { };
default = {};
type = lib.types.attrs;
};
};
};
}

5
home-manager/roles/hoogle.nix
View file

@ -1,8 +1,7 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
systemd.user.services.hoogle = {
Unit.Description = "Hoogle server";
Install.WantedBy = [ "graphical-session.target" ];
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.ghcWithPackages}/bin/hoogle server --local --links";
Restart = "always";

74
home-manager/roles/hotkeys.nix
View file

@ -1,17 +1,15 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
fork = cmd: "fork ${cmd}";
in
[
in [
{
Orga = [
{ Kassandra = fork "planning"; }
{ Kalendar = "calendar"; }
{ Habitica = fork "firefox https://habitica.com"; }
{ Tasks = "tasksh"; }
{ Meditate = "meditate"; }
{ Pythia = "pythia"; }
{ Notes = "codium ~/git/notes"; }
{Kassandra = fork "planning";}
{Kalendar = "calendar";}
{Habitica = fork "firefox https://habitica.com";}
{Tasks = "tasksh";}
{Meditate = "meditate";}
{Pythia = "pythia";}
{Notes = "codium ~/git/notes";}
];
}
{
@ -31,24 +29,22 @@ in
};
}
{
SSH =
let
ssh = host: "ssh ${host}";
in
[
{ "hera via vpn" = ssh "hera.vpn.m-0.eu"; }
{ "fluffy via vpn" = ssh "fluffy.vpn.m-0.eu"; }
{ remote-builder = ssh "phoibe.cased.de -i /etc/nixos/private/id_ed25519-nix-builder"; }
{ ag = ssh "ag-forward"; }
{ gwres1 = ssh "gw"; }
{ backup-server = ssh "borg.cysec.de"; }
{ shells = ssh "shells"; }
{ "bach (ved)" = ssh "bach.vocalensemble-darmstadt.de"; }
{ "nixbuild.net" = "${pkgs.rlwrap}/bin/rlwrap ssh eu.nixbuild.net -i /etc/nixos/private/id_ed25519-nix-builder shell"; }
{ "fluffy via local network" = ssh "fluffy.lo.m-0.eu"; }
{ "hera via public v4" = ssh "hera-v4"; }
{ "TU Tunnel" = "sshuttle --python python3.8 -r gw 130.83.0.0/16"; }
];
SSH = let
ssh = host: "ssh ${host}";
in [
{"hera via vpn" = ssh "hera.vpn.m-0.eu";}
{"fluffy via vpn" = ssh "fluffy.vpn.m-0.eu";}
{remote-builder = ssh "phoibe.cased.de -i /etc/nixos/private/id_ed25519-nix-builder";}
{ag = ssh "ag-forward";}
{gwres1 = ssh "gw";}
{backup-server = ssh "borg.cysec.de";}
{shells = ssh "shells";}
{"bach (ved)" = ssh "bach.vocalensemble-darmstadt.de";}
{"nixbuild.net" = "${pkgs.rlwrap}/bin/rlwrap ssh eu.nixbuild.net -i /etc/nixos/private/id_ed25519-nix-builder shell";}
{"fluffy via local network" = ssh "fluffy.lo.m-0.eu";}
{"hera via public v4" = ssh "hera-v4";}
{"TU Tunnel" = "sshuttle --python python3.8 -r gw 130.83.0.0/16";}
];
}
{
Sound = {
@ -85,11 +81,11 @@ in
VoxMachina = fork "mpv https://www.youtube.com/playlist?list=PL1tiwbzkOjQz7D0l_eLJGAISVtcL7oRu_";
};
}
{ Passmenu = "pass clip -f"; }
{ "Select Mode" = "select-mode"; }
{Passmenu = "pass clip -f";}
{"Select Mode" = "select-mode";}
{
Communication = [
{ Matrix = fork "element-desktop"; }
{Matrix = fork "element-desktop";}
{
Mail = {
Open = "neomutt";
@ -103,15 +99,15 @@ in
Nixos = fork "mumble mumble://maralorn@lassul.us/nixos";
};
}
{ Weechat = "weechat"; }
{ Signal = fork "signal-desktop"; }
{ Zoom = fork "zoom"; }
{ Telegram = fork "telegram-desktop"; }
{ Discord = fork "Discord"; }
{ Tmate = "tmate"; }
{Weechat = "weechat";}
{Signal = fork "signal-desktop";}
{Zoom = fork "zoom";}
{Telegram = fork "telegram-desktop";}
{Discord = fork "Discord";}
{Tmate = "tmate";}
];
}
{ "Monitor (htop)" = "htop"; }
{"Monitor (htop)" = "htop";}
{
"W17" = {
Summer = "ssh door@burbon.w17.io buzzer";

13
home-manager/roles/hourly-maintenance.nix
View file

@ -1,6 +1,8 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
configPath = "${config.home.homeDirectory}/git/config";
configGit = "${pkgs.git}/bin/git -C ${configPath}";
script = pkgs.writeShellScript "hourly-maintenance" ''
@ -13,8 +15,7 @@ let
${pkgs.foot}/bin/foot --hold ${config.home.profileDirectory}/bin/maintenance
fi
'';
in
{
in {
systemd.user = {
services.maintenance = {
Unit.Description = "Routine maintenance";
@ -26,7 +27,7 @@ in
timers.maintenance = {
Unit.Description = "Hourly maintenance";
Timer.OnCalendar = "hourly";
Install.WantedBy = [ "timers.target" ];
Install.WantedBy = ["timers.target"];
};
};
}

20
home-manager/roles/kassandra.nix
View file

@ -1,6 +1,5 @@
{ pkgs, ... }:
let
dhallFiles = pkgs.runCommand "kassandra-config-src" { } ''
{pkgs, ...}: let
dhallFiles = pkgs.runCommand "kassandra-config-src" {} ''
mkdir $out
${pkgs.kassandra}/bin/kassandra2 print-types > $out/types.dhall
ln -s ${./kassandra}/{config,backend}.dhall $out
@ -10,24 +9,25 @@ let
name = "kassandra-backend-config";
code = "${dhallFiles}/backend.dhall : (${dhallFiles}/types.dhall).BackendConfig";
source = true;
dependencies = [ pkgs.dhallPackages.Prelude ];
dependencies = [pkgs.dhallPackages.Prelude];
};
standalone = pkgs.dhallPackages.buildDhallPackage {
name = "kassandra-standalone-config";
code = "${dhallFiles}/config.dhall : (${dhallFiles}/types.dhall).StandaloneConfig";
source = true;
dependencies = [ pkgs.dhallPackages.Prelude ];
dependencies = [pkgs.dhallPackages.Prelude];
};
dhallResult = pkgs.runCommand "kassandra-config" { } ''
dhallResult = pkgs.runCommand "kassandra-config" {} ''
mkdir $out
ln -s ${backend}/source.dhall $out/backend.dhall
ln -s ${standalone}/source.dhall $out/config.dhall
'';
in
{
in {
xdg.configFile =
if pkgs.withSecrets then {
if pkgs.withSecrets
then {
kassandra.source = dhallResult.out;
} else { };
}
else {};
}

75
home-manager/roles/khal.nix
View file

@ -1,26 +1,25 @@
{ pkgs, ... }:
let
calendars = pkgs.privateValue [ ] "calendars";
{pkgs, ...}: let
calendars = pkgs.privateValue [] "calendars";
plans = pkgs.privateValue
{
"workDay" = "pass";
"weekend" = "pass";
}
"plans";
{
"workDay" = "pass";
"weekend" = "pass";
}
"plans";
planning = pkgs.writeShellScriptBin "planning" ''
create-plans; kassandra2
'';
ui = pkgs.writeShellScriptBin "calendar" ''
create-plans; ikhal -d Serien
create-plans; ikhal -d Serien
'';
createPlans = pkgs.writeHaskellScript
{
name = "create-plans";
bins = [ pkgs.khal pkgs.vdirsyncer ];
imports = [
"Data.Time"
];
} ''
{
name = "create-plans";
bins = [pkgs.khal pkgs.vdirsyncer];
imports = [
"Data.Time"
];
} ''
main = do
today <- localDay . zonedTimeToLocalTime <$> getZonedTime
[0..7] & fmap (`addDays` today) & mapM_ \day -> do
@ -32,23 +31,33 @@ let
else do
${plans.workDay}
'';
in
{
home.packages = [ pkgs.khal createPlans planning ui ];
in {
home.packages = [pkgs.khal createPlans planning ui];
xdg.configFile."khal/config".text = ''
[locale]
dateformat = "%Y-%m-%d"
datetimeformat = "%Y-%m-%d %H:%M"
timeformat = "%H:%M"
[default]
default_calendar = Standard
[calendars]
${pkgs.lib.concatMapStringsSep "\n" (
{ name, readOnly ? false, ... }: ''
[[${name}]]
type = discover
path = ~/.calendars/${name}/*
readonly = ${if readOnly then "True" else "False"}''
) calendars}
[locale]
dateformat = "%Y-%m-%d"
datetimeformat = "%Y-%m-%d %H:%M"
timeformat = "%H:%M"
[default]
default_calendar = Standard
[calendars]
${
pkgs.lib.concatMapStringsSep "\n" (
{
name,
readOnly ? false,
...
}: ''
[[${name}]]
type = discover
path = ~/.calendars/${name}/*
readonly = ${
if readOnly
then "True"
else "False"
}''
)
calendars
}
'';
}

4
home-manager/roles/khard.nix
View file

@ -1,5 +1,5 @@
{ pkgs, ... }: {
home.packages = [ pkgs.khard ];
{pkgs, ...}: {
home.packages = [pkgs.khard];
xdg.configFile."khard/khard.conf".text = ''
[addressbooks]
[[Kontakte]]

13
home-manager/roles/leisure.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
serien = pkgs.writeShellScript "serien.rss" ''
cat <<EOF
<?xml version="1.0"?>
@ -39,10 +43,9 @@ let
urls-source "ocnews"
ocnews-url "https://cloud.maralorn.de"
ocnews-login "maralorn"
ocnews-password "${(pkgs.privateValue { adminpass =""; } "nextcloud-admin").adminpass}"
ocnews-password "${(pkgs.privateValue {adminpass = "";} "nextcloud-admin").adminpass}"
'';
in
{
in {
xdg.configFile."newsboat/urls".text = lib.concatStringsSep "\n" watchfeeds;
home = {
packages = builtins.attrValues {

4
home-manager/roles/mail-client.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
home.packages = [ pkgs.neomutt ];
{pkgs, ...}: {
home.packages = [pkgs.neomutt];
}

141
home-manager/roles/mail-sort.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
mail2task = pkgs.writeShellScript "mail2task" ''
set -euo pipefail
${pkgs.isync}/bin/mbsync hera:Move/todo
@ -8,7 +12,11 @@ let
${pkgs.mblaze}/bin/mlist ${maildir}/hera/Move/todo | ${pkgs.mblaze}/bin/mrefile ${unsorted}
${pkgs.notmuch}/bin/notmuch new
'';
lists = pkgs.privateValue { sortLists = [ ]; stupidLists = [ ]; notifications = [ ]; } "mail/filters";
lists = pkgs.privateValue {
sortLists = [];
stupidLists = [];
notifications = [];
} "mail/filters";
maildir = config.accounts.email.maildirBasePath;
# mhdr -h List-ID -d Maildir/hera/Archiv/unsortiert | sort | sed 's/^.*<\(.*\)>$/\1/' | uniq | xargs -I '{}' sh -c "notmuch count List:{} | sed 's/$/: {}/'" | sort
# To find candidates
@ -21,91 +29,94 @@ let
toFolder (lib.concatStringsSep "." (lib.splitString "@" name));
toFolder = name:
lib.concatStringsSep "/" (lib.reverseList (lib.splitString "." name));
simple = filter: target: { inherit filter target; };
simple = filter: target: {inherit filter target;};
notifications = notify:
simple "from:${notify}" "notifications/${mailToFolder notify}";
stupidList = list: simple "to:${list}" "list/${mailToFolder list}";
simpleSortList = listName:
simple "List:${listName}" "list/${toFolder listName}";
};
myFilters = builtins.map filter.simpleSortList lists.sortLists
myFilters =
builtins.map filter.simpleSortList lists.sortLists
++ builtins.map filter.stupidList lists.stupidLists
++ builtins.map filter.notifications lists.notifications;
sortMail = pkgs.writeHaskellScript
{
name = "sort-mail-archive";
bins = [ pkgs.notmuch pkgs.coreutils pkgs.mblaze pkgs.findutils ];
imports = [
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"qualified Data.List.NonEmpty as NE"
"qualified Data.Text as T"
"System.Environment (setEnv)"
];
} ''
reScan = notmuch "new" "--quiet"
{
name = "sort-mail-archive";
bins = [pkgs.notmuch pkgs.coreutils pkgs.mblaze pkgs.findutils];
imports = [
"Text.Megaparsec"
"Text.Megaparsec.Char"
"Text.Megaparsec.Char.Lexer"
"qualified Data.List.NonEmpty as NE"
"qualified Data.Text as T"
"System.Environment (setEnv)"
];
} ''
reScan = notmuch "new" "--quiet"
findFilterMail :: (Text,Text) -> IO (Maybe (LByteString, Text, Text))
findFilterMail (filter_, target) = do
files <- notmuch "search" "--output" "files" (toString filter_) "folder:${unsortedSuffix}" |> capture
pure $ if (LBS.length files > 0) then Just (files, filter_, target) else Nothing
findFilterMail :: (Text,Text) -> IO (Maybe (LByteString, Text, Text))
findFilterMail (filter_, target) = do
files <- notmuch "search" "--output" "files" (toString filter_) "folder:${unsortedSuffix}" |> capture
pure $ if (LBS.length files > 0) then Just (files, filter_, target) else Nothing
executeFilterMail :: (LByteString, Text, Text) -> IO ()
executeFilterMail (files, filter_, target) = do
say [i|Sorting "#{filter_}" into #{target}|]
writeOutput files |> mscan
mmkdir ([i|${archive}/#{target}|] :: String)
writeOutput files |> mrefile ([i|${archive}/#{target}|] :: String)
executeFilterMail :: (LByteString, Text, Text) -> IO ()
executeFilterMail (files, filter_, target) = do
say [i|Sorting "#{filter_}" into #{target}|]
writeOutput files |> mscan
mmkdir ([i|${archive}/#{target}|] :: String)
writeOutput files |> mrefile ([i|${archive}/#{target}|] :: String)
myFilters :: [(Text,Text)]
myFilters = [${
lib.concatStringsSep ","
myFilters :: [(Text,Text)]
myFilters = [${
lib.concatStringsSep ","
(
builtins.map ({ filter, target }: ''("${filter}","${target}")'')
myFilters
builtins.map ({
filter,
target,
}: ''("${filter}","${target}")'')
myFilters
)
}]
filtersFromTo :: Text -> Maybe (Text,Text)
filtersFromTo = filtersFromField "to" [toToName]
toToName :: Text -> Maybe Text
toToName (T.splitOn "@" -> [name, "maralorn.de"])
| not (T.isInfixOf "randy" name) = Just . ("to/" <>) . T.intercalate "_" . T.splitOn "." $ name
toToName _ = Nothing
filtersFromField :: Text -> [Text-> Maybe Text] -> Text -> Maybe (Text,Text)
filtersFromField field filters text = fmap ([i|#{field}:#{text}|],) . viaNonEmpty Relude.head . mapMaybe ($ text) $ filters
filtersFromListIDs :: Text -> Maybe (Text,Text)
filtersFromListIDs = filtersFromField "List" [githubNameFolderFromId, gitlabNameFolderFromId]
githubNameFolderFromId :: Text -> Maybe Text
githubNameFolderFromId (reverse . T.splitOn "." -> ("com":"github":org:name)) = Just [i|github/#{org}/#{T.intercalate "_" $ reverse name}|]
githubNameFolderFromId _ = Nothing
gitlabNameFolderFromId :: Text -> Maybe Text
gitlabNameFolderFromId (reverse . T.splitOn "." -> ("de":"ccc":"darmstadt":"git":org:name1:name)) = Just [i|cda-gitlab/#{org}/#{T.intercalate "_" . toList . Relude.tail $ NE.reverse (name1:|name)}|]
gitlabNameFolderFromId _ = Nothing
filtersFromTo :: Text -> Maybe (Text,Text)
filtersFromTo = filtersFromField "to" [toToName]
toToName :: Text -> Maybe Text
toToName (T.splitOn "@" -> [name, "maralorn.de"])
| not (T.isInfixOf "randy" name) = Just . ("to/" <>) . T.intercalate "_" . T.splitOn "." $ name
toToName _ = Nothing
filtersFromField :: Text -> [Text-> Maybe Text] -> Text -> Maybe (Text,Text)
filtersFromField field filters text = fmap ([i|#{field}:#{text}|],) . viaNonEmpty Relude.head . mapMaybe ($ text) $ filters
filtersFromListIDs :: Text -> Maybe (Text,Text)
filtersFromListIDs = filtersFromField "List" [githubNameFolderFromId, gitlabNameFolderFromId]
githubNameFolderFromId :: Text -> Maybe Text
githubNameFolderFromId (reverse . T.splitOn "." -> ("com":"github":org:name)) = Just [i|github/#{org}/#{T.intercalate "_" $ reverse name}|]
githubNameFolderFromId _ = Nothing
gitlabNameFolderFromId :: Text -> Maybe Text
gitlabNameFolderFromId (reverse . T.splitOn "." -> ("de":"ccc":"darmstadt":"git":org:name1:name)) = Just [i|cda-gitlab/#{org}/#{T.intercalate "_" . toList . Relude.tail $ NE.reverse (name1:|name)}|]
gitlabNameFolderFromId _ = Nothing
type Parser = Parsec Text Text
listId :: Parser Text
listId = manyTill anySingle (char '<') *> (toText <$> manyTill anySingle (char '>'))
type Parser = Parsec Text Text
listId :: Parser Text
listId = manyTill anySingle (char '<') *> (toText <$> manyTill anySingle (char '>'))
main = do
setEnv "MBLAZE_PAGER" "cat"
setEnv "NOTMUCH_CONFIG" "${config.home.sessionVariables.NOTMUCH_CONFIG or ""}"
reScan
(listIDs,tos) <- concurrently (mhdr "-h" "List-ID" "-d" "${unsorted}" |> capture) (mhdr "-h" "To" "-d" "${unsorted}" "-A" |> capture)
let listFilters = mapMaybe filtersFromListIDs . sortNub . mapMaybe (parseMaybe listId) . lines . decodeUtf8 $ listIDs
toFilters = mapMaybe filtersFromTo . sortNub . fmap (\x -> maybe x Relude.id $ parseMaybe listId x) . lines . decodeUtf8 $ tos
applicableFilters <- catMaybes <$> forConcurrently (listFilters <> myFilters <> toFilters) findFilterMail
for_ applicableFilters executeFilterMail
reScan
main = do
setEnv "MBLAZE_PAGER" "cat"
setEnv "NOTMUCH_CONFIG" "${config.home.sessionVariables.NOTMUCH_CONFIG or ""}"
reScan
(listIDs,tos) <- concurrently (mhdr "-h" "List-ID" "-d" "${unsorted}" |> capture) (mhdr "-h" "To" "-d" "${unsorted}" "-A" |> capture)
let listFilters = mapMaybe filtersFromListIDs . sortNub . mapMaybe (parseMaybe listId) . lines . decodeUtf8 $ listIDs
toFilters = mapMaybe filtersFromTo . sortNub . fmap (\x -> maybe x Relude.id $ parseMaybe listId x) . lines . decodeUtf8 $ tos
applicableFilters <- catMaybes <$> forConcurrently (listFilters <> myFilters <> toFilters) findFilterMail
for_ applicableFilters executeFilterMail
reScan
'';
in
{
in {
services.mbsync.postExec = "${sortMail}/bin/sort-mail-archive";
accounts.email.accounts = lib.mkIf pkgs.withSecrets {
hera.imapnotify = {
onNotifyPost = "${mail2task}";
boxes = [ "Move/todo" ];
boxes = ["Move/todo"];
};
};
}

288
home-manager/roles/mail.nix
View file

@ -1,17 +1,19 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
gpg = "6C3D12CD88CDF46C5EAF4D12226A2D41EF5378C9";
name = "Malte Brandy";
mail = "malte.brandy@maralorn.de";
alternates = pkgs.privateValue [ ] "mail/alternates";
alternates = pkgs.privateValue [] "mail/alternates";
quick-mail-sync = pkgs.writeShellScriptBin "quick-mail-sync" ''
${pkgs.isync}/bin/mbsync hera:INBOX,Code
${pkgs.notmuch}/bin/notmuch new
'';
maildir = config.accounts.email.maildirBasePath;
in
{
in {
services = {
mbsync = {
enable = true;
@ -22,28 +24,27 @@ in
};
systemd.user.timers.mbsync.Timer.RandomizedDelaySec = "10m";
accounts.email.accounts = pkgs.privateValue { } "mail/accounts";
systemd.user.services =
let
hasImapHost = name: account: account.imap != null;
mkWatchService = name: account: {
name = "watch-${name}-maildir";
value = {
Unit.Description = "Watch maildir for changes for account ${name}";
Service = {
ExecStart = toString (pkgs.writeShellScript "watch-${name}-maildir" ''
while ${pkgs.coreutils}/bin/sleep 1s; do
${quick-mail-sync}/bin/quick-mail-sync
${pkgs.inotify-tools}/bin/inotifywait -e move,create,delete -r ${maildir}/${name}/Inbox ${maildir}/${name}/Code
done
'');
};
Install.WantedBy = [ "default.target" ];
accounts.email.accounts = pkgs.privateValue {} "mail/accounts";
systemd.user.services = let
hasImapHost = name: account: account.imap != null;
mkWatchService = name: account: {
name = "watch-${name}-maildir";
value = {
Unit.Description = "Watch maildir for changes for account ${name}";
Service = {
ExecStart = toString (pkgs.writeShellScript "watch-${name}-maildir" ''
while ${pkgs.coreutils}/bin/sleep 1s; do
${quick-mail-sync}/bin/quick-mail-sync
${pkgs.inotify-tools}/bin/inotifywait -e move,create,delete -r ${maildir}/${name}/Inbox ${maildir}/${name}/Code
done
'');
};
Install.WantedBy = ["default.target"];
};
in
lib.mapAttrs' mkWatchService (lib.filterAttrs hasImapHost config.accounts.email.accounts) //
{
};
in
lib.mapAttrs' mkWatchService (lib.filterAttrs hasImapHost config.accounts.email.accounts)
// {
mbsync.Service = {
Environment = "PATH=${pkgs.coreutils}/bin";
Restart = "on-failure";
@ -63,142 +64,141 @@ in
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
'';
new = {
tags = [ ];
ignore = [ ".isyncuidmap.db" ];
tags = [];
ignore = [".isyncuidmap.db"];
};
maildir.synchronizeFlags = true;
};
};
home = {
packages = [ quick-mail-sync ];
file =
let
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
bind index <down> sidebar-next
bind index <pageup> sidebar-page-up
bind index <pagedown> sidebar-page-down
bind index <space> sidebar-open
bind index <return> sidebar-open
bind index <enter> sidebar-open
'';
hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no
bind index <up> previous-undeleted
bind index <down> next-undeleted
bind index <pageup> previous-page
bind index <pagedown> next-page
bind index <space> display-message
bind index <return> display-message
bind index <enter> display-message
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -assume_charset=%{charset} -display_charset=utf-8 -collapse_br_tags -dump %s; nametemplate=%s.html; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
image/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
'';
in
{
".neomuttrc".text = ''
set editor = "vim"
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
color normal default default
packages = [quick-mail-sync];
file = let
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
bind index <down> sidebar-next
bind index <pageup> sidebar-page-up
bind index <pagedown> sidebar-page-down
bind index <space> sidebar-open
bind index <return> sidebar-open
bind index <enter> sidebar-open
'';
hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no
bind index <up> previous-undeleted
bind index <down> next-undeleted
bind index <pageup> previous-page
bind index <pagedown> next-page
bind index <space> display-message
bind index <return> display-message
bind index <enter> display-message
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -assume_charset=%{charset} -display_charset=utf-8 -collapse_br_tags -dump %s; nametemplate=%s.html; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
image/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
'';
in {
".neomuttrc".text = ''
set editor = "vim"
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
color normal default default
macro index,pager a ":set confirmappend=no\n<save-message>=hera/Archiv/unsortiert\n:set confirmappend=yes\n" "move message to archive"
macro index,pager s ":set confirmappend=no\n<save-message>=hera/Junk\n:set confirmappend=yes\n" "move message to spam"
macro index,pager t ":set confirmappend=no\n<save-message>=hera/Move/todo\n:set confirmappend=yes\n" "move message to todo list"
macro index,pager l ":set confirmappend=no\n<save-message>=hera/Move/readlater\n:set confirmappend=yes\n" "move message to readlater list"
macro attach 'V' "<pipe-entry>iconv -c --to-code=UTF8 > ~/.cache/mutt/mail.html<enter><shell-escape>firefox ~/.cache/mutt/mail.html<enter>"
macro index,pager a ":set confirmappend=no\n<save-message>=hera/Archiv/unsortiert\n:set confirmappend=yes\n" "move message to archive"
macro index,pager s ":set confirmappend=no\n<save-message>=hera/Junk\n:set confirmappend=yes\n" "move message to spam"
macro index,pager t ":set confirmappend=no\n<save-message>=hera/Move/todo\n:set confirmappend=yes\n" "move message to todo list"
macro index,pager l ":set confirmappend=no\n<save-message>=hera/Move/readlater\n:set confirmappend=yes\n" "move message to readlater list"
macro attach 'V' "<pipe-entry>iconv -c --to-code=UTF8 > ~/.cache/mutt/mail.html<enter><shell-escape>firefox ~/.cache/mutt/mail.html<enter>"
macro index,pager <F6> "<shell-escape>${pkgs.zsh}/bin/zsh -c '${pkgs.sieve-connect}/bin/sieve-connect -s ${config.accounts.email.accounts.hera.imap.host or ""} -u ${config.accounts.email.accounts.hera.userName or ""} --passwordfd 3 --edit --remotesieve filter 3<<(pass eu/m-0/hera/mail.hera.m-0.eu/maralorn)'\n"
macro index,pager A "<pipe-message>${pkgs.khard}/bin/khard add-email<return>" "add sender to to khard"
macro index,pager <F6> "<shell-escape>${pkgs.zsh}/bin/zsh -c '${pkgs.sieve-connect}/bin/sieve-connect -s ${config.accounts.email.accounts.hera.imap.host or ""} -u ${config.accounts.email.accounts.hera.userName or ""} --passwordfd 3 --edit --remotesieve filter 3<<(pass eu/m-0/hera/mail.hera.m-0.eu/maralorn)'\n"
macro index,pager A "<pipe-message>${pkgs.khard}/bin/khard add-email<return>" "add sender to to khard"
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set delete = yes
set crypt_use_gpgme = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = no
set pgp_replysign = yes
set pgp_replyencrypt = yes
set pgp_sign_as="${gpg}"
set pgp_default_key="${gpg}"
set timeout = 5
set ts_enabled = yes
set delete = yes
set crypt_use_gpgme = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = no
set pgp_replysign = yes
set pgp_replyencrypt = yes
set pgp_sign_as="${gpg}"
set pgp_default_key="${gpg}"
set timeout = 5
set ts_enabled = yes
set abort_noattach = ask-no
set abort_noattach_regex = "(hängt an|anhäng|anhang|anbei|angehängt|attach|attached|attachments?)"
set abort_unmodified = ask-yes
set abort_noattach = ask-no
set abort_noattach_regex = "(hängt an|anhäng|anhang|anbei|angehängt|attach|attached|attachments?)"
set abort_unmodified = ask-yes
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find -L ${maildir} -type d -name Inbox -printf '"%h" '` `find -L ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=last-date-received
set realname="${name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Archiv"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find -L ${maildir} -type d -name Inbox -printf '"%h" '` `find -L ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=last-date-received
set realname="${name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Archiv"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
macro index <F5> "!${quick-mail-sync}/bin/quick-mail-sync > /dev/null<enter>"
macro index <F5> "!${quick-mail-sync}/bin/quick-mail-sync > /dev/null<enter>"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=no
set sidebar_short_path=no
set sidebar_component_depth=2
set sidebar_width=60
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=no
set sidebar_short_path=no
set sidebar_component_depth=2
set sidebar_width=60
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
set date_format="%F %R"
set index_format="%Z %D %-15.15L %s"
set date_format="%F %R"
set index_format="%Z %D %-15.15L %s"
ignore *
unignore from date cc bcc to subject list-unsubscribe
ignore *
unignore from date cc bcc to subject list-unsubscribe
alias f__0 ${name} <${mail}>
${builtins.concatStringsSep "\n"
alias f__0 ${name} <${mail}>
${
builtins.concatStringsSep "\n"
(
lib.imap1 (n: x: "alias f__${toString n} ${name} <${x}>")
alternates
)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${mail}<enter>"
set query_command = "${pkgs.khard}/bin/khard email --parsable %s"
'';
};
alternates
)
}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${mail}<enter>"
set query_command = "${pkgs.khard}/bin/khard email --parsable %s"
'';
};
};
}

27
home-manager/roles/mail2rss.nix
View file

@ -1,15 +1,19 @@
{ lib, pkgs, config, ... }:
let
{
lib,
pkgs,
config,
...
}: let
mail2rss = pkgs.writeHaskellScript
{
name = "mail2rss";
bins = [ pkgs.notmuch pkgs.mblaze pkgs.isync pkgs.logfeed ];
imports = [ "System.Environment (setEnv)" ];
} ''
{
name = "mail2rss";
bins = [pkgs.notmuch pkgs.mblaze pkgs.isync pkgs.logfeed];
imports = ["System.Environment (setEnv)"];
} ''
main = do
setEnv "NOTMUCH_CONFIG" "${
config.home.sessionVariables.NOTMUCH_CONFIG or ""
}"
config.home.sessionVariables.NOTMUCH_CONFIG or ""
}"
mbsync "-a"
notmuch "new" "--quiet"
mail2rss "${config.accounts.email.maildirBasePath}" "hera/Move/readlater" &> Truncate "/var/www/rss/mails2.xml"
@ -18,12 +22,11 @@ let
mbsync "-a"
notmuch "new" "--quiet"
'';
in
{
in {
systemd.user = {
timers.mail2rss = {
Timer.OnCalendar = "19:58";
Install.WantedBy = [ "timers.target" ];
Install.WantedBy = ["timers.target"];
};
services = {
mail2rss = {

51
home-manager/roles/mode-switching.nix
View file

@ -1,13 +1,16 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
inherit (config.m-0) hostName;
modes = pkgs.lib.attrNames (import ../machines.nix).${hostName};
modeFile = "${config.home.homeDirectory}/.mode";
modeDir = "${config.home.homeDirectory}/.volatile/modes";
configPath = "${config.home.homeDirectory}/git/config";
configGit = "${pkgs.git}/bin/git -C ${configPath}";
in
{
in {
home.packages = builtins.attrValues rec {
maintenance = pkgs.writeShellScriptBin "maintenance" ''
set -e
@ -16,7 +19,7 @@ in
${updateModes}/bin/update-modes
/run/wrappers/bin/sudo -A /run/current-system/sw/bin/update-system
'';
activateMode = pkgs.writeHaskellScript { name = "activate-mode"; } ''
activateMode = pkgs.writeHaskellScript {name = "activate-mode";} ''
getMode :: IO Text
getMode = decodeUtf8 <$> (cat "${modeFile}" |> captureTrim)
@ -29,10 +32,10 @@ in
whenM (elem wallpaperCmd <$> pathBins) $ exe wallpaperCmd
'';
updateModes = pkgs.writeHaskellScript
{
name = "update-modes";
bins = [ activateMode pkgs.git pkgs.nix-output-monitor ];
} ''
{
name = "update-modes";
bins = [activateMode pkgs.git pkgs.nix-output-monitor];
} ''
params = ["${configPath}/home-manager/target.nix", "-A", "${hostName}", "-o", "${modeDir}"]
main = do
@ -45,10 +48,10 @@ in
activate_mode
'';
quickUpdateMode = pkgs.writeHaskellScript
{
name = "quick-update-mode";
bins = [ updateModes pkgs.git pkgs.home-manager pkgs.nix-output-monitor ];
} ''
{
name = "quick-update-mode";
bins = [updateModes pkgs.git pkgs.home-manager pkgs.nix-output-monitor];
} ''
getMode :: IO Text
getMode = decodeUtf8 <$> (cat "${modeFile}" |> captureTrim)
@ -60,19 +63,19 @@ in
update_modes
'';
selectMode = pkgs.writeHaskellScript
{
name = "select-mode";
bins = [
pkgs.dialog
activateMode
pkgs.ncurses
pkgs.psmisc
];
} ''
{
name = "select-mode";
bins = [
pkgs.dialog
activateMode
pkgs.ncurses
pkgs.psmisc
];
} ''
main = do
mode <- decodeUtf8 <$> (dialog "--menu" "Select Mode" "20" "80" "5" ${
lib.concatStrings (map (mode: ''"${mode}" "" '') modes)
} |!> captureTrim)
lib.concatStrings (map (mode: ''"${mode}" "" '') modes)
} |!> captureTrim)
clear
writeFile "${modeFile}" mode
activate_mode

3
home-manager/roles/monitor-config/default.nix
View file

@ -1,4 +1,3 @@
{ config, ... }:
{
{config, ...}: {
xdg.configFile."monitors.xml".source = ./. + "/${config.m-0.hostName}-monitors.xml";
}

4
home-manager/roles/mpclient.nix
View file

@ -1,5 +1,5 @@
{ pkgs, ... }: {
home.packages = [ pkgs.ncmpcpp ];
{pkgs, ...}: {
home.packages = [pkgs.ncmpcpp];
home.file.".ncmpcpp/config".text = ''
ask_before_clearing_playlists=no
mouse_support = yes

7
home-manager/roles/mpd.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}: {
services = {
mpd = {
enable = true;

13
home-manager/roles/mpv/default.nix
View file

@ -1,10 +1,9 @@
{ pkgs, ... }:
let script = pkgs.runCommand "autosave.lua" { passthru.scriptName = "autosave.lua"; } ''
mkdir -p $out/share/mpv/scripts/
ln -s ${./autosave.lua} $out/share/mpv/scripts/autosave.lua
'';
in
{
{pkgs, ...}: let
script = pkgs.runCommand "autosave.lua" {passthru.scriptName = "autosave.lua";} ''
mkdir -p $out/share/mpv/scripts/
ln -s ${./autosave.lua} $out/share/mpv/scripts/autosave.lua
'';
in {
programs.mpv = {
enable = true;
config = {

67
home-manager/roles/neovim/default.nix
View file

@ -1,5 +1,8 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
list = builtins.attrValues;
cocSettings = {
"diagnostic.maxWindowHeight" = 60;
@ -9,68 +12,70 @@ let
languageserver = {
nix = {
command = "rnix-lsp";
filetypes = [ "nix" ];
filetypes = ["nix"];
};
haskell = {
command = "haskell-language-server";
args = [ "--lsp" "-d" "-l" "/tmp/LanguageServer.log" ];
rootPatterns = [ ".hie-bios" "cabal.project" ];
filetypes = [ "hs" "lhs" "haskell" ];
args = ["--lsp" "-d" "-l" "/tmp/LanguageServer.log"];
rootPatterns = [".hie-bios" "cabal.project"];
filetypes = ["hs" "lhs" "haskell"];
settings.languageServerHaskell.formattingProvider = "fourmolu";
};
};
explorer.icon.enableNerdfont = true;
explorer.file.child.template =
"[git | 2] [selection | clip | 1] [indent][icon | 1] [diagnosticError & 1][diagnosticWarning & 1][filename omitCenter 1][modified][readonly] [linkIcon & 1][link growRight 1 omitCenter 5][size]";
explorer.file.child.template = "[git | 2] [selection | clip | 1] [indent][icon | 1] [diagnosticError & 1][diagnosticWarning & 1][filename omitCenter 1][modified][readonly] [linkIcon & 1][link growRight 1 omitCenter 5][size]";
};
in
{
imports = [ ./spelling.nix ];
in {
imports = [./spelling.nix];
programs.neovim = {
enable = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = builtins.readFile ./vimrc;
plugins = list {
inherit (pkgs.vimPlugins)
inherit
(pkgs.vimPlugins)
# coc-tabnine (TODO: Why doesnt it work?)
# TODO: tabnine config in home-manager
# TODO: tabnine lsp: nix, rust, pandoc/latex lsp? was noch?
# ===
# Basic IDE plugins
coc-nvim airline
coc-nvim
airline
# same word highlighting when not supported by language
coc-highlight coc-explorer
coc-highlight
coc-explorer
# searches
coc-fzf fzf-vim
coc-fzf
fzf-vim
# general whitespace
vim-trailing-whitespace vim-autoformat
vim-trailing-whitespace
vim-autoformat
# Git
coc-git# statusline, numberline and explorer infos
fugitive# various git commands
coc-git
# statusline, numberline and explorer infos
fugitive
# various git commands
# Commenting and Uncommenting
nerdcommenter
# Theme
papercolor-theme vim-airline-themes
papercolor-theme
vim-airline-themes
LanguageTool-nvim
vim-css-color
vista-vim
# ===
# Languages
# haskell syntax highlighting
haskell-vim vim-hoogle
haskell-vim
vim-hoogle
# nix syntax highlighting
vim-nix vim-markdown
vim-nix
vim-markdown
# latex
vimtex coc-vimtex# not sure if I need two
vimtex
coc-vimtex
# not sure if I need two
# ledger
vim-ledger
# rust
@ -92,7 +97,7 @@ in
};
xdg.configFile."nvim/coc-settings.json".text = builtins.toJSON cocSettings;
home = {
packages = [ pkgs.languagetool ];
packages = [pkgs.languagetool];
sessionVariables = {
EDITOR = "nvim";
VISUAL = "nvim";

6
home-manager/roles/neovim/spelling.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
let
{config, ...}: let
nvim-spell-de-utf8-dictionary = builtins.fetchurl {
url = "http://ftp.vim.org/vim/runtime/spell/de.utf-8.spl";
sha256 = "1ld3hgv1kpdrl4fjc1wwxgk4v74k8lmbkpi1x7dnr19rldz11ivk";
@ -19,8 +18,7 @@ let
url = "http://ftp.vim.org/vim/runtime/spell/de.latin1.sug";
sha256 = "0mz07d0a68fhxl9vmy1548vnbayvwv1pc24zhva9klgi84gssgwm";
};
in
{
in {
home.file."${config.xdg.configHome}/nvim/spell/de.utf-8.spl".source = nvim-spell-de-utf8-dictionary;
home.file."${config.xdg.configHome}/nvim/spell/de.utf-8.sug".source = nvim-spell-de-utf8-suggestions;
home.file."${config.xdg.configHome}/nvim/spell/de.latin1.spl".source = nvim-spell-de-latin1-dictionary;

30
home-manager/roles/night-shutdown.nix
View file

@ -1,17 +1,16 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
night-shutdown = pkgs.writeHaskellScript
{
name = "night-shutdown";
imports = [
"Data.Time.LocalTime"
"Data.Time.Format"
"Data.Time.Clock"
"Control.Concurrent"
"Data.Functor"
];
bins = [ pkgs.libnotify pkgs.systemd ];
} ''
{
name = "night-shutdown";
imports = [
"Data.Time.LocalTime"
"Data.Time.Format"
"Data.Time.Clock"
"Control.Concurrent"
"Data.Functor"
];
bins = [pkgs.libnotify pkgs.systemd];
} ''
interval = 5
main = forever $ do
@ -28,11 +27,10 @@ let
action
threadDelay $ (interval - (minute `mod` interval)) * 60 * 1000000
'';
in
{
in {
systemd.user.services.night-shutdown = {
Unit.Description = "Night Shutdown";
Service.ExecStart = "${night-shutdown}/bin/night-shutdown";
Install.WantedBy = [ "graphical-session.target" ];
Install.WantedBy = ["graphical-session.target"];
};
}

13
home-manager/roles/nvd.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
dag = config.lib.dag;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
dag = config.lib.dag;
in {
home.activation.report-changes = dag.entryAnywhere ''
if [[ -n "$oldGenPath" && "$oldGenPath" != "$newGenPath" ]]; then
${pkgs.nvd}/bin/nvd diff $oldGenPath $newGenPath

7
home-manager/roles/on-my-machine.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}: {
home = {
username = "maralorn";
homeDirectory = "/home/maralorn";

10
home-manager/roles/pythia.nix
View file

@ -1,5 +1,8 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
pythia-path = "${config.home.homeDirectory}/documents/pythia";
pythia = pkgs.writeShellScriptBin "pythia" ''
today=$(date +%Y-%m-%d)
@ -101,5 +104,4 @@ let
${hold}
exit
'';
in
{ home.packages = [ pythia meditate ]; }
in {home.packages = [pythia meditate];}

6
home-manager/roles/research.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: {
home.packages = [ pkgs.zotero ];
{pkgs, ...}: {
home.packages = [pkgs.zotero];
programs.texlive = {
enable = true;
extraPackages = p: { inherit (p) scheme-full; };
extraPackages = p: {inherit (p) scheme-full;};
};
}

46
home-manager/roles/state.nix
View file

@ -1,5 +1,8 @@
defaultMode: { lib, config, ... }:
let
defaultMode: {
lib,
config,
...
}: let
# Persistent means that files get snapshoted and kept for a month
# Volatile means that files just lay on the disk
# Backups are organized independently on this system
@ -34,27 +37,26 @@ let
"git"
"media"
];
persistentStateFiles = [ ".chpwd-recent-dirs" ".zsh_history" ];
volatileStateFiles = [ ];
volatileStateDirs = [ ".steam" ".local/share/Steam" ];
persistentStateFiles = [".chpwd-recent-dirs" ".zsh_history"];
volatileStateFiles = [];
volatileStateDirs = [".steam" ".local/share/Steam"];
mkLine = type: to: from: "${type} ${to} - - - - ${from}";
mkEntry = type: persistence: name:
let
target = "/disk/${persistence}/maralorn/${name}";
in
[ (mkLine "L+" "${home}/${name}" target) (mkLine type target "") ];
in
{
systemd.user.tmpfiles.rules = lib.concatLists
mkEntry = type: persistence: name: let
target = "/disk/${persistence}/maralorn/${name}";
in [(mkLine "L+" "${home}/${name}" target) (mkLine type target "")];
in {
systemd.user.tmpfiles.rules =
lib.concatLists
(
map (mkEntry "f" "volatile") volatileStateFiles ++ map (mkEntry "d" "volatile") volatileStateDirs ++ map (mkEntry "f" "persist") persistentStateFiles ++ map (mkEntry "d" "persist") persistentStateDirs
) ++ [
(mkLine "L+" "${home}/.password-store" "git/password-store")
(mkLine "L+" "${home}/.volatile" "/disk/volatile/maralorn")
(mkLine "L+" "${home}/.config/nixpkgs/home.nix" "${home}/git/config/home.nix")
(mkLine "L+" "${home}/.persist" "/disk/persist/maralorn")
(mkLine "f" "${home}/.mode" defaultMode)
(mkLine "f" "${home}/.config/lazygit/state.yml" "startuppopupversion: 5")
(mkLine "d" "${home}/.cache/mutt" "")
];
)
++ [
(mkLine "L+" "${home}/.password-store" "git/password-store")
(mkLine "L+" "${home}/.volatile" "/disk/volatile/maralorn")
(mkLine "L+" "${home}/.config/nixpkgs/home.nix" "${home}/git/config/home.nix")
(mkLine "L+" "${home}/.persist" "/disk/persist/maralorn")
(mkLine "f" "${home}/.mode" defaultMode)
(mkLine "f" "${home}/.config/lazygit/state.yml" "startuppopupversion: 5")
(mkLine "d" "${home}/.cache/mutt" "")
];
}

5
home-manager/roles/systemd-exporter.nix
View file

@ -1,12 +1,11 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
systemd.user = {
services.prometheus-systemd-exporter = {
Unit.Description = "Prometheus systemd exporter";
Service = {
ExecStart = "${pkgs.prometheus-systemd-exporter}/bin/systemd_exporter --collector.user";
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
};
}

9
home-manager/roles/taskwarrior-git.nix
View file

@ -1,5 +1,10 @@
{ lib, pkgs, config, ... }: {
home.packages = [ pkgs.taskwarrior-git ];
{
lib,
pkgs,
config,
...
}: {
home.packages = [pkgs.taskwarrior-git];
home.file = {
"add-git" = {
target = ".task/hooks/on-add.git";

22
home-manager/roles/taskwarrior.nix
View file

@ -1,5 +1,10 @@
{ lib, pkgs, config, ... }: {
home.packages = [ pkgs.taskwarrior-git ];
{
lib,
pkgs,
config,
...
}: {
home.packages = [pkgs.taskwarrior-git];
services.taskwarrior-sync = {
enable = true;
frequency = "*:0/1";
@ -16,7 +21,7 @@
''
);
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
home.file = {
"add-kassandra-notification" = {
@ -38,11 +43,12 @@
"modify-done-habitica-points" = {
target = ".task/hooks/on-modify.habitica-points";
executable = true;
source = "${pkgs.writeHaskellScript
source = "${
pkgs.writeHaskellScript
{
name = "habitica-points";
bins = [ pkgs.curl pkgs.jq pkgs.libnotify ];
imports = [ "Data.Aeson" ];
bins = [pkgs.curl pkgs.jq pkgs.libnotify];
imports = ["Data.Aeson"];
} ''
data Task = Task { status :: Text } deriving (Generic, FromJSON)
@ -56,7 +62,8 @@
result :: String <- curl "-XPOST" "-H" "x-api-user: dbd97aba-8b6b-4649-9dd4-dad284333925" "-H" "x-api-key: ${pkgs.privateValue "" "habitica-token"}" "https://habitica.com/api/v3/tasks/6e95cccd-06e1-466c-b871-643dff31423c/score/up" |> jq "-c" ".data._tmp" |> captureTrim <&> decodeUtf8
notify_send "Task Completed!" result
putTextLn newTask
''}/bin/habitica-points";
''
}/bin/habitica-points";
};
};
programs.taskwarrior = {
@ -92,4 +99,3 @@
'';
};
}

8
home-manager/roles/terminal.nix
View file

@ -1,12 +1,10 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
my-lib = import ../../lib;
theme = my-lib.themes.default;
in
{
in {
home.sessionVariables.TERMINAL = "${pkgs.foot}/bin/foot";
home.packages = [
(pkgs.runCommandLocal "fake-gnome-terminal" { } ''
(pkgs.runCommandLocal "fake-gnome-terminal" {} ''
mkdir -p $out/bin
ln -s ${pkgs.foot}/bin/foot $out/bin/gnome-terminal
'')

19
home-manager/roles/tinkering.nix
View file

@ -1,9 +1,16 @@
{ pkgs, ... }: {
{pkgs, ...}: {
home.packages = builtins.attrValues {
inherit (pkgs.xorg) xev;
inherit (pkgs)
meld icedtea8_web octave filezilla nix-review gparted
grafana-devel;
inherit
(pkgs)
meld
icedtea8_web
octave
filezilla
nix-review
gparted
grafana-devel
;
};
home.file = {
".config/VSCodium/User/tasks.json".text = builtins.toJSON {
@ -13,7 +20,7 @@
"tasks" = [
{
"label" = "lazygit";
"problemMatcher" = [ ];
"problemMatcher" = [];
"type" = "shell";
"command" = "lazygit";
}
@ -62,7 +69,7 @@
"extensions.autoUpdate" = false;
"extensions.autoCheckUpdates" = false;
"local-history.path" = "~/.volatile/vscode-local-history/";
"projectManager.git.baseFolders" = [ "~/git/" ];
"projectManager.git.baseFolders" = ["~/git/"];
"ltex.enabled" = false;
"memo.links.rules" = [
{

3
home-manager/roles/trusted-env.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
dconf.settings = {
"org/gnome/desktop/screensaver" = {
lock-enabled = false;

32
home-manager/roles/unlock.nix
View file

@ -1,8 +1,12 @@
{ pkgs, ... }:
let
makeUnlocker = { name, hostName, pubKey, passPath }:
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in
{pkgs, ...}: let
makeUnlocker = {
name,
hostName,
pubKey,
passPath,
}: let
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in
pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
@ -14,12 +18,12 @@ let
echo "Ping successful; Entering disk encryption password"
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
'';
unlocker = [{
name = "hera";
hostName = "hera-v4";
pubKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera.m-0.eu/disk";
}];
in
{ config = { home.packages = map makeUnlocker unlocker; }; }
unlocker = [
{
name = "hera";
hostName = "hera-v4";
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera.m-0.eu/disk";
}
];
in {config = {home.packages = map makeUnlocker unlocker;};}

3
home-manager/roles/untrusted-env.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
dconf.settings = {
"org/gnome/desktop/screensaver" = {
lock-enabled = true;

163
home-manager/roles/vdirsyncer.nix
View file

@ -1,82 +1,99 @@
{ pkgs, lib, config, ... }:
let
addressbooks = pkgs.privateValue [ ] "addressbooks";
calendars = pkgs.privateValue [ ] "calendars";
{
pkgs,
lib,
config,
...
}: let
addressbooks = pkgs.privateValue [] "addressbooks";
calendars = pkgs.privateValue [] "calendars";
mkConfig = config:
(pkgs.formats.ini { }).generate "vdirsyncer-config" (
(pkgs.formats.ini {}).generate "vdirsyncer-config" (
lib.mapAttrs
(
name: section:
(lib.mapAttrs (name: option: builtins.toJSON option) section)
)
config
(
name: section: (lib.mapAttrs (name: option: builtins.toJSON option) section)
)
config
);
mkCalendar = { name, url, username, passwordPath, collections ? [ "from a" "from b" ], readOnly ? false, type ? "caldav" }:
let
pairName = "${name}_calendar";
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
metadata = [ "color" ];
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.calendars/${name}/";
fileext = ".ics";
};
"storage ${remoteName}" = {
mkCalendar = {
name,
url,
username,
passwordPath,
collections ? ["from a" "from b"],
readOnly ? false,
type ? "caldav",
}: let
pairName = "${name}_calendar";
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in {
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
metadata = ["color"];
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.calendars/${name}/";
fileext = ".ics";
};
"storage ${remoteName}" =
{
inherit type;
inherit url;
} // (
if (type == "caldav") then {
}
// (
if (type == "caldav")
then {
inherit username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
"password.fetch" = ["command" "${pkgs.pass}/bin/pass" passwordPath];
read_only = readOnly;
} else { }
);
};
mkAddressbook = { name, url, username, passwordPath, collections ? [ "from a" "from b" ], readOnly ? false }:
let
pairName = "${name}_contacts";
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in
{
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.contacts/${name}/";
fileext = ".vcf";
};
"storage ${remoteName}" = {
type = "carddav";
inherit url username;
"password.fetch" = [ "command" "${pkgs.pass}/bin/pass" passwordPath ];
read_only = readOnly;
};
};
in
{
xdg.configFile."vdirsyncer/config".source = mkConfig
(
pkgs.lib.fold (a: b: a // b)
{
general.status_path = "~/.vdirsyncer/status";
}
(map mkCalendar calendars ++ map mkAddressbook addressbooks)
);
home.packages = [ pkgs.vdirsyncer ];
else {}
);
};
mkAddressbook = {
name,
url,
username,
passwordPath,
collections ? ["from a" "from b"],
readOnly ? false,
}: let
pairName = "${name}_contacts";
remoteName = "${pairName}_remote";
localName = "${pairName}_local";
in {
"pair ${pairName}" = {
a = localName;
b = remoteName;
inherit collections;
conflict_resolution = "b wins";
};
"storage ${localName}" = {
type = "filesystem";
path = "~/.contacts/${name}/";
fileext = ".vcf";
};
"storage ${remoteName}" = {
type = "carddav";
inherit url username;
"password.fetch" = ["command" "${pkgs.pass}/bin/pass" passwordPath];
read_only = readOnly;
};
};
in {
xdg.configFile."vdirsyncer/config".source = mkConfig
(
pkgs.lib.fold (a: b: a // b)
{
general.status_path = "~/.vdirsyncer/status";
}
(map mkCalendar calendars ++ map mkAddressbook addressbooks)
);
home.packages = [pkgs.vdirsyncer];
systemd.user = {
services.watch-vdir = {
@ -91,7 +108,7 @@ in
''
);
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
services.vdirsyncer = {
Unit.Description = "vdirsyncer sync";
@ -105,7 +122,7 @@ in
timers.vdirsyncer = {
Unit.Description = "vdirsync sync timer";
Timer.OnCalendar = "*:0/15";
Install.WantedBy = [ "timers.target" ];
Install.WantedBy = ["timers.target"];
};
};
}

32
home-manager/roles/wallpaper.nix
View file

@ -1,13 +1,16 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
modeFile = "${config.home.homeDirectory}/.mode";
wallPapers = "${config.home.homeDirectory}/media/images/wallpapers";
randomWallpaper = pkgs.writeHaskellScript
{
name = "random-wallpaper";
imports = [ "System.Random" ];
bins = [ pkgs.coreutils pkgs.glib ];
} ''
{
name = "random-wallpaper";
imports = ["System.Random"];
bins = [pkgs.coreutils pkgs.glib];
} ''
main = do
mode <- cat "${modeFile}" |> captureTrim
(lines . decodeUtf8 -> files) <- ls ([i|${wallPapers}/#{mode}|] :: String) |> captureTrim
@ -18,21 +21,22 @@ let
gsettings "set" "org.gnome.desktop.background" "picture-uri" new
gsettings "set" "org.gnome.desktop.screensaver" "picture-uri" new
'';
in
{
home.packages = [ randomWallpaper ];
in {
home.packages = [randomWallpaper];
systemd.user = {
services.random-wallpaper = {
Unit = { Description = "Random Wallpaper"; };
Unit = {Description = "Random Wallpaper";};
Service = {
ExecStart = "${randomWallpaper}/bin/random-wallpaper";
Type = "oneshot";
};
};
timers.random-wallpaper = {
Timer = { OnCalendar = "*:00/30:00"; OnActiveSec = 1; };
Install = { WantedBy = [ "timers.target" ]; };
Timer = {
OnCalendar = "*:00/30:00";
OnActiveSec = 1;
};
Install = {WantedBy = ["timers.target"];};
};
};
}

40
home-manager/roles/weechat/default.nix
View file

@ -1,18 +1,21 @@
{ lib, pkgs, config, ... }:
with lib;
let
{
lib,
pkgs,
config,
...
}:
with lib; let
weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
plugins = builtins.attrValues (availablePlugins // {
configure = {availablePlugins, ...}: {
plugins = builtins.attrValues (availablePlugins
// {
python = (availablePlugins.python.withPackages
(ps: [ pkgs.weechatScripts.weechat-matrix ]));
(ps: [pkgs.weechatScripts.weechat-matrix]));
});
scripts = [ pkgs.weechatScripts.weechat-matrix ];
scripts = [pkgs.weechatScripts.weechat-matrix];
};
};
in
{
in {
home.file = {
python_plugins = {
target = ".weechat/python";
@ -68,13 +71,15 @@ in
[look]
human_buffer_names = on
[server]
${lib.concatStringsSep "\n" (lib.mapAttrsToList
${
lib.concatStringsSep "\n" (lib.mapAttrsToList
(server: serverConfig: ''
${server}.address = "${serverConfig.address}"
${server}.autoconnect = on
${server}.username = "${serverConfig.user}"
${server}.password = "${serverConfig.password}"
'') (pkgs.privateValue { } "weechat/matrix"))}
'') (pkgs.privateValue {} "weechat/matrix"))
}
'';
};
};
@ -82,14 +87,13 @@ in
systemd.user = {
timers.log2rss = {
Timer.OnCalendar = "19:55";
Install.WantedBy = [ "timers.target" ];
Install.WantedBy = ["timers.target"];
};
services = {
log2rss = {
Unit.Description = "log2rss";
Service = {
ExecStart =
"${pkgs.logfeed}/bin/log2rss /var/www/rss/chats.xml";
ExecStart = "${pkgs.logfeed}/bin/log2rss /var/www/rss/chats.xml";
Type = "oneshot";
};
};
@ -97,13 +101,11 @@ in
Unit.Description = "Weechat Tmux Session";
Service = {
Type = "forking";
ExecStart =
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${weechat}/bin/weechat'";
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${weechat}/bin/weechat'";
Restart = "always";
};
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
};
};
}

12
home-manager/roles/zettelkasten.nix
View file

@ -1,9 +1,11 @@
{ config, pkgs, ... }:
let
emanote = import (import ../../nix/sources.nix).emanote;
in
{
imports = [ emanote.homeManagerModule ];
config,
pkgs,
...
}: let
emanote = import (import ../../nix/sources.nix).emanote;
in {
imports = [emanote.homeManagerModule];
services.emanote = {
enable = true;
# host = "127.0.0.1"; # default listen address is 127.0.0.1

4
home-manager/roles/zsh/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
programs.zsh = {
enable = true;
enableAutosuggestions = true;
@ -18,7 +18,7 @@
'';
oh-my-zsh = {
enable = true;
plugins = [ "colored-man-pages" ];
plugins = ["colored-man-pages"];
};
plugins = [
# {

12
home-manager/target.nix
View file

@ -1,17 +1,17 @@
let
sources = import ../nix/sources.nix;
inherit (import sources.nixos-unstable { }) lib pkgs;
inherit (import sources.nixos-unstable {}) lib pkgs;
modes = import ./machines.nix;
home-manager = channel: import "${sources.${channel}}/home-manager/home-manager.nix";
buildHomeManager = host: mode:
(home-manager (import ../channels.nix).${host}.home-manager-channel {
confPath = ../home.nix;
confAttr = "${host}-${mode}";
}).activationPackage;
})
.activationPackage;
buildModesForHost = host: modes:
pkgs.runCommandLocal "${host}-modes" { } ''
pkgs.runCommandLocal "${host}-modes" {} ''
mkdir $out
${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config:
"ln -s ${buildHomeManager host mode} $out/${mode}") modes)}'';
${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config: "ln -s ${buildHomeManager host mode} $out/${mode}") modes)}'';
in
lib.mapAttrs buildModesForHost modes
lib.mapAttrs buildModesForHost modes

14
home.nix
View file

@ -1,13 +1,13 @@
let
inherit (import (import ./nix/sources.nix).nixos-unstable { }) lib;
inherit (import (import ./nix/sources.nix).nixos-unstable {}) lib;
modes = import home-manager/machines.nix;
in
lib.listToAttrs (lib.flatten (lib.mapAttrsToList
lib.listToAttrs (lib.flatten (lib.mapAttrsToList
(host: configs:
lib.mapAttrsToList
(mode: config: {
name = "${host}-${mode}";
value = config;
})
configs)
(mode: config: {
name = "${host}-${mode}";
value = config;
})
configs)
modes))

1
lib/default.nix
View file

@ -83,5 +83,4 @@ rec {
};
};
};
}

17
lib/update-system.nix
View file

@ -1,13 +1,14 @@
{ pkgs, nixos-rebuild }:
let
configPath = "/etc/nixos";
in
{
pkgs,
nixos-rebuild,
}: let
configPath = "/etc/nixos";
in {
update-system = pkgs.writeHaskellScript
{
name = "update-system";
bins = [ nixos-rebuild pkgs.nix-output-monitor pkgs.nvd ];
} ''
{
name = "update-system";
bins = [nixos-rebuild pkgs.nix-output-monitor pkgs.nvd];
} ''
main = do
paths <- myNixPath "${configPath}"
args <- getArgs

279
nix/sources.nix
View file

@ -1,118 +1,156 @@
# This file has been generated by Niv.
let
#
# The fetchers. fetch_<type> fetches specs of type <type>.
#
fetch_file = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
fetch_file = pkgs: name: spec: let
name' = sanitizeName name + "-src";
in
if spec.builtin or true
then
builtins_fetchurl {
inherit (spec) url sha256;
name = name';
}
else
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
pkgs.fetchurl {
inherit (spec) url sha256;
name = name';
};
fetch_tarball = pkgs: name: spec:
let
name' = sanitizeName name + "-src";
in
if spec.builtin or true then
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
fetch_tarball = pkgs: name: spec: let
name' = sanitizeName name + "-src";
in
if spec.builtin or true
then
builtins_fetchTarball {
name = name';
inherit (spec) url sha256;
}
else
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
pkgs.fetchzip {
name = name';
inherit (spec) url sha256;
};
fetch_git = name: spec:
let
ref =
if spec ? ref then spec.ref else
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
fetch_git = name: spec: let
ref =
if spec ? ref
then spec.ref
else if spec ? branch
then "refs/heads/${spec.branch}"
else if spec ? tag
then "refs/tags/${spec.tag}"
else abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
in
builtins.fetchGit {
url = spec.repo;
inherit (spec) rev;
inherit ref;
};
fetch_local = spec: spec.path;
fetch_builtin-tarball = name: throw
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-tarball = name:
throw
'' [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=tarball -a builtin=true'';
fetch_builtin-url = name: throw
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
fetch_builtin-url = name:
throw
'' [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
$ niv modify ${name} -a type=file -a builtin=true'';
#
# Various helpers
#
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
sanitizeName = name:
sanitizeName = name: (
concatMapStrings (s:
if builtins.isList s
then "-"
else s)
(
concatMapStrings (s: if builtins.isList s then "-" else s)
(
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
builtins.split "[^[:alnum:]+._?=-]+"
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
)
);
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: system:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
mkPkgs = sources: system: let
sourcesNixpkgs =
import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) {inherit system;};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> { }
else if hasNixpkgsPath && !hasThisAsNixpkgsPath
then import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs name spec
else if spec.type == "tarball" then fetch_tarball pkgs name spec
else if spec.type == "git" then fetch_git name spec
else if spec.type == "local" then fetch_local spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
else if spec.type == "builtin-url" then fetch_builtin-url name
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
if !builtins.hasAttr "type" spec
then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file"
then fetch_file pkgs name spec
else if spec.type == "tarball"
then fetch_tarball pkgs name spec
else if spec.type == "git"
then fetch_git name spec
else if spec.type == "local"
then fetch_local spec
else if spec.type == "builtin-tarball"
then fetch_builtin-tarball name
else if spec.type == "builtin-url"
then fetch_builtin-url name
else abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# If the environment variable NIV_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
replace = name: drv:
let
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == "" then drv else
replace = name: drv: let
saneName = stringAsChars (c:
if isNull (builtins.match "[a-zA-Z0-9]" c)
then "_"
else c)
name;
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
in
if ersatz == ""
then drv
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
if builtins.substring 0 1 ersatz == "/"
then /. + ersatz
else /. + builtins.getEnv "PWD" + "/${ersatz}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
mapAttrs =
builtins.mapAttrs
or (
f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set))
);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
range = first: last:
if first > last
then []
else builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
@ -123,55 +161,66 @@ let
concatStrings = builtins.concatStringsSep "";
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
optionalAttrs = cond: as: if cond then as else { };
optionalAttrs = cond: as:
if cond
then as
else {};
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchTarball attrs;
builtins_fetchTarball = {
url,
name ? null,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12"
then fetchTarball ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;}))
else fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
else
fetchurl attrs;
builtins_fetchurl = {
url,
name ? null,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12"
then fetchurl ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;}))
else fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs
(
name: spec:
if builtins.hasAttr "outPath" spec
then
abort
"The values in sources.json should not have an 'outPath' attribute"
else
spec // { outPath = replace name (fetch config.pkgs name spec); }
)
config.sources;
(
name: spec:
if builtins.hasAttr "outPath" spec
then
abort
"The values in sources.json should not have an 'outPath' attribute"
else spec // {outPath = replace name (fetch config.pkgs name spec);}
)
config.sources;
# The "config" used by the fetchers
mkConfig =
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
, sources ? if isNull sourcesFile then { } else builtins.fromJSON (builtins.readFile sourcesFile)
, system ? builtins.currentSystem
, pkgs ? mkPkgs sources system
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
mkConfig = {
sourcesFile ?
if builtins.pathExists ./sources.json
then ./sources.json
else null,
sources ?
if isNull sourcesFile
then {}
else builtins.fromJSON (builtins.readFile sourcesFile),
system ? builtins.currentSystem,
pkgs ? mkPkgs sources system,
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
mkSources (mkConfig {}) // {__functor = _: settings: mkSources (mkConfig settings);}

47
nixos/machines/apollo/configuration.nix
View file

@ -1,14 +1,15 @@
{ lib, config, pkgs, ... }:
let
{
lib,
config,
pkgs,
...
}: let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts prefix;
nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: { }) "vpn";
in
{
inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: {}) "vpn";
in {
imports = [
"${nixos-hardware}/lenovo/thinkpad/t480s"
./hardware-configuration.nix
@ -19,7 +20,7 @@ in
../../roles/standalone
(vpn "apollo")
];
systemd.services.lenovo_fix.path = [ pkgs.kmod ];
systemd.services.lenovo_fix.path = [pkgs.kmod];
networking = {
hostName = "apollo";
@ -36,12 +37,12 @@ in
wireguard.interfaces = {
m0wire = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64" ];
ips = ["${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64"];
privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
peers = [
{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
allowedIPs = ["::/0"];
# endpoint =
# "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
@ -49,8 +50,7 @@ in
persistentKeepalive = 25;
}
];
postSetup =
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
postSetup = ["${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire"];
};
};
};
@ -85,7 +85,7 @@ in
upower.enable = true;
printing = {
enable = true;
drivers = [ pkgs.gutenprint pkgs.hplip ];
drivers = [pkgs.gutenprint pkgs.hplip];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
@ -112,15 +112,16 @@ in
firewallFilter = "-i m0wire -p tcp -m tcp -m multiport --dports 9100,9558";
openFirewall = true;
};
syncthing = {
enable = true;
group = "users";
user = "maralorn";
openDefaultPorts = true;
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
key = pkgs.privatePath "syncthing/apollo/key.pem";
}
// syncthing.declarativeWith [ "hera" "zeus" ] "/home/maralorn/media";
syncthing =
{
enable = true;
group = "users";
user = "maralorn";
openDefaultPorts = true;
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
key = pkgs.privatePath "syncthing/apollo/key.pem";
}
// syncthing.declarativeWith ["hera" "zeus"] "/home/maralorn/media";
xserver = {
enable = true;
displayManager = {

21
nixos/machines/apollo/hardware-configuration.nix
View file

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot = {
loader = {
@ -19,20 +22,18 @@
};
};
initrd = {
luks.devices."nixos".device =
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
};
kernelModules = [ "kvm-intel" ];
supportedFilesystems = [ "exfat" ];
kernelModules = ["kvm-intel"];
supportedFilesystems = ["exfat"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs";
options = [ "compress=zstd" "autodefrag" "noatime" ];
options = ["compress=zstd" "autodefrag" "noatime"];
};
"/boot/EFI" = {
device = "/dev/disk/by-uuid/C4A6-3DB5";

60
nixos/machines/fluffy/configuration.nix
View file

@ -1,12 +1,13 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts prefix;
localAddress = "fdc0:1::2";
in
{
in {
imports = [
./hardware-configuration.nix
../../roles
@ -17,14 +18,12 @@ in
../../roles/home-assistant
];
fileSystems =
let
btrfsOptions = { options = [ "compress=zstd" "autodefrag" "noatime" ]; };
in
{
"/disk" = { neededForBoot = true; } // btrfsOptions;
"/nix" = btrfsOptions;
};
fileSystems = let
btrfsOptions = {options = ["compress=zstd" "autodefrag" "noatime"];};
in {
"/disk" = {neededForBoot = true;} // btrfsOptions;
"/nix" = btrfsOptions;
};
environment.etc = {
nixos.source = "/disk/persist/maralorn/git/config";
@ -34,7 +33,7 @@ in
systemd.services = {
ensure-printers.serviceConfig.SuccessExitStatus = "0 1";
activate-home-manager = {
path = [ pkgs.nix pkgs.dbus ];
path = [pkgs.nix pkgs.dbus];
script = ''
if [[ -e /home/maralorn/.mode ]]; then
MODE="$(cat /home/maralorn/.mode)"
@ -47,9 +46,9 @@ in
Type = "oneshot";
User = "maralorn";
};
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
# Try to avoid race conditions, when the user gets logged in before activation was completed.
before = [ "display-manager.service" ];
before = ["display-manager.service"];
};
};
@ -91,22 +90,32 @@ in
hostName = "fluffy";
domain = "lo.m-0.eu";
firewall = {
allowedUDPPorts = [ 631 ];
allowedTCPPorts = [ 21 80 631 ];
allowedTCPPortRanges = [{ from = 51000; to = 51999; }];
allowedUDPPorts = [631];
allowedTCPPorts = [21 80 631];
allowedTCPPortRanges = [
{
from = 51000;
to = 51999;
}
];
};
interfaces.enp1s0 = {
ipv6.addresses = [{ address = localAddress; prefixLength = 64; }];
ipv6.addresses = [
{
address = localAddress;
prefixLength = 64;
}
];
useDHCP = true;
};
wireguard.interfaces = {
m0wire = {
ips = [ "${hosts.vpn.fluffy}/64" ];
ips = ["${hosts.vpn.fluffy}/64"];
privateKeyFile = "/disk/persist/wireguard-private-key";
peers = [
{
publicKey = wireguard.pub.hera;
allowedIPs = [ "${hosts.vpn.prefix}::/64" ];
allowedIPs = ["${hosts.vpn.prefix}::/64"];
endpoint = "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
presharedKeyFile = pkgs.privatePath "wireguard/psk";
persistentKeepalive = 25;
@ -139,8 +148,8 @@ in
fwupd.enable = true;
printing = {
enable = true;
allowFrom = [ "all" ];
listenAddresses = [ "[${localAddress}]:631" ];
allowFrom = ["all"];
listenAddresses = ["[${localAddress}]:631"];
extraConf = "ServerAlias *";
defaultShared = true;
};
@ -190,5 +199,4 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

50
nixos/machines/fluffy/hardware-configuration.nix
View file

@ -1,38 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
config,
lib,
pkgs,
modulesPath,
...
}: {
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
boot.kernelModules = ["kvm-intel"];
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/" = {
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/C617-5CCC";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C617-5CCC";
fsType = "vfat";
};
fileSystems."/disk" =
{
device = "/dev/disk/by-uuid/9acbc122-e818-49fa-bc2e-de7d9f822d5a";
fsType = "btrfs";
};
fileSystems."/disk" = {
device = "/dev/disk/by-uuid/9acbc122-e818-49fa-bc2e-de7d9f822d5a";
fsType = "btrfs";
};
boot.initrd.luks.devices."crypted-nixos".device = "/dev/disk/by-uuid/020fde09-f651-45a2-9c6a-9b060edf967d";
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/9acbc122-e818-49fa-bc2e-de7d9f822d5a";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9acbc122-e818-49fa-bc2e-de7d9f822d5a";
fsType = "btrfs";
options = ["subvol=nix"];
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

8
nixos/machines/hera/boot.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
m-0.server.initSSHKey = pkgs.privatePath "hera-boot-ssh-key";
boot = {
@ -8,13 +7,12 @@
version = 2;
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
};
supportedFilesystems = [ "exfat" ];
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
supportedFilesystems = ["exfat"];
kernelParams = ["ip=213.136.94.190::213.136.94.1:255.255.255.0:hera"];
initrd.luks.devices.root = {
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
};
};
}

136
nixos/machines/hera/cloud.nix
View file

@ -1,23 +1,25 @@
{ pkgs, config, lib, ... }:
with lib;
let
{
pkgs,
config,
lib,
...
}:
with lib; let
adminCreds = pkgs.privateValue
{
adminpass = "";
dbpass = "";
adminuser = "";
} "nextcloud-admin";
{
adminpass = "";
dbpass = "";
adminuser = "";
} "nextcloud-admin";
inherit (config.m-0) hosts;
certPath = "/var/lib/acme";
nextcloudServices = hostname: {
nextcloud-pg-backup = {
script =
let
name = "nextcloud-psql-${hostname}";
in
''
${config.services.postgresql.package}/bin/pg_dump nextcloud > /var/lib/db-backup-dumps/${name}
'';
script = let
name = "nextcloud-psql-${hostname}";
in ''
${config.services.postgresql.package}/bin/pg_dump nextcloud > /var/lib/db-backup-dumps/${name}
'';
serviceConfig = {
User = "nextcloud";
Type = "oneshot";
@ -25,37 +27,40 @@ let
};
prometheus-nginx-exporter.serviceConfig.RestartSec = 10;
nextcloud-setup = {
requires = [ "postgresql.service" "redis.service" ];
after = [ "postgresql.service" "redis.service" ];
requires = ["postgresql.service" "redis.service"];
after = ["postgresql.service" "redis.service"];
};
};
nextcloudConf = hostname:
{
enable = true;
hostName = hostname;
package = pkgs.nextcloud22;
maxUploadSize = "10g";
caching = {
redis = true;
apcu = false;
memcached = false;
};
config = {
dbtype = "pgsql";
dbname = "nextcloud";
dbuser = "nextcloud";
dbhost = "localhost";
defaultPhoneRegion = "DE";
adminuser = "maralorn";
dbpassFile = builtins.toFile "nextcloud-dbpass" adminCreds.dbpass;
adminpassFile = builtins.toFile "nextcloud-adminpass" adminCreds.adminpass;
};
autoUpdateApps = {
enable = true;
startAt = "20:30";
};
nextcloudConf = hostname: {
enable = true;
hostName = hostname;
package = pkgs.nextcloud22;
maxUploadSize = "10g";
caching = {
redis = true;
apcu = false;
memcached = false;
};
nextcloud-container = { v6, v4, hostname }: {
config = {
dbtype = "pgsql";
dbname = "nextcloud";
dbuser = "nextcloud";
dbhost = "localhost";
defaultPhoneRegion = "DE";
adminuser = "maralorn";
dbpassFile = builtins.toFile "nextcloud-dbpass" adminCreds.dbpass;
adminpassFile = builtins.toFile "nextcloud-adminpass" adminCreds.adminpass;
};
autoUpdateApps = {
enable = true;
startAt = "20:30";
};
};
nextcloud-container = {
v6,
v4,
hostname,
}: {
bindMounts = {
"${certPath}" = {
hostPath = certPath;
@ -70,8 +75,8 @@ let
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, ... }: {
imports = [ ../../roles ];
config = {pkgs, ...}: {
imports = [../../roles];
networking = {
interfaces.eth0 = {
@ -97,7 +102,7 @@ let
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
firewall.allowedTCPPorts = [80 443];
};
systemd.services = nextcloudServices hostname;
@ -113,35 +118,36 @@ let
postgresql = {
enable = true;
package = pkgs.postgresql_14;
ensureDatabases = [ "nextcloud" ];
ensureDatabases = ["nextcloud"];
};
};
};
};
mainHostName = "cloud.maralorn.de";
in
{
in {
systemd = {
services = {
"container@chor-cloud" = {
#serviceConfig.RestartSec = 10;
unitConfig = {
#StartLimitIntervalSec = 30;
#StartLimitBurst = 2;
services =
{
"container@chor-cloud" = {
#serviceConfig.RestartSec = 10;
unitConfig = {
#StartLimitIntervalSec = 30;
#StartLimitBurst = 2;
};
};
};
rss-server = {
serviceConfig = {
WorkingDirectory = "/var/www/rss";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
rss-server = {
serviceConfig = {
WorkingDirectory = "/var/www/rss";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
};
wantedBy = ["multi-user.target"];
};
wantedBy = [ "multi-user.target" ];
};
} // nextcloudServices mainHostName;
}
// nextcloudServices mainHostName;
};
services = {
nextcloud = nextcloudConf mainHostName;
postgresql.ensureDatabases = [ "nextcloud" ];
postgresql.ensureDatabases = ["nextcloud"];
nginx = {
enable = true;
virtualHosts."cloud.maralorn.de" = {
@ -197,5 +203,5 @@ in
v4 = hosts.chor-cloud-intern-v4;
};
};
users.users.nextcloud.extraGroups = [ "nginx" ];
users.users.nextcloud.extraGroups = ["nginx"];
}

80
nixos/machines/hera/configuration.nix
View file

@ -1,11 +1,13 @@
{ config, pkgs, lib, ... }:
let
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
backupJobs = pkgs.privateValue { } "borgbackup";
backupJobNames = map (name: "borgbackup-job-${name}") (lib.attrNames backupJobs);
in
{
config,
pkgs,
lib,
...
}: let
inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
backupJobs = pkgs.privateValue {} "borgbackup";
backupJobNames = map (name: "borgbackup-job-${name}") (lib.attrNames backupJobs);
in {
imports = [
./hardware-configuration.nix
../../roles
@ -51,24 +53,22 @@ in
java.enable = true;
};
nixpkgs.config.android_sdk.accept_license = true;
systemd.services = {
pg_backup =
{
systemd.services =
{
pg_backup = {
script = lib.concatMapStringsSep "\n"
(name: "${config.services.postgresql.package}/bin/pg_dump ${name} > /var/lib/db-backup-dumps/${name}")
config.services.postgresql.ensureDatabases;
(name: "${config.services.postgresql.package}/bin/pg_dump ${name} > /var/lib/db-backup-dumps/${name}")
config.services.postgresql.ensureDatabases;
serviceConfig = {
User = "postgres";
Type = "oneshot";
};
};
night-routines = {
script =
let
night-routines = {
script = let
start = "${pkgs.systemd}/bin/systemctl start";
container = "${pkgs.nixos-container}/bin/nixos-container run";
in
''
in ''
set -x
set +e
${start} pg_backup
@ -82,12 +82,17 @@ in
${start} synapse-cleanup
${pkgs.laminar}/bin/laminarc queue bump-config
'';
serviceConfig = {
Type = "oneshot";
serviceConfig = {
Type = "oneshot";
};
startAt = "03:00";
};
startAt = "03:00";
};
} // lib.listToAttrs (map (name: { name = name; value = { serviceConfig.Type = "oneshot"; }; }) backupJobNames);
}
// lib.listToAttrs (map (name: {
name = name;
value = {serviceConfig.Type = "oneshot";};
})
backupJobNames);
services = {
postgresql = {
enable = true;
@ -98,23 +103,25 @@ in
enable = true;
fqdn = "hera.m-0.eu";
listenHost = "::";
organisations."maralorn.de".users = [ "maralorn" ];
organisations."maralorn.de".users = ["maralorn"];
};
syncthing = {
enable = true;
group = "nginx";
user = "maralorn";
openDefaultPorts = true;
cert = pkgs.privatePath "syncthing/hera/cert.pem";
key = pkgs.privatePath "syncthing/hera/key.pem";
} // syncthing.declarativeWith [ "apollo" "zeus" ] "/media";
syncthing =
{
enable = true;
group = "nginx";
user = "maralorn";
openDefaultPorts = true;
cert = pkgs.privatePath "syncthing/hera/cert.pem";
key = pkgs.privatePath "syncthing/hera/key.pem";
}
// syncthing.declarativeWith ["apollo" "zeus"] "/media";
};
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
systemd.tmpfiles.rules = [ "Z /media 0770 maralorn nginx - -" ];
boot.kernel.sysctl = {"fs.inotify.max_user_watches" = 204800;};
systemd.tmpfiles.rules = ["Z /media 0770 maralorn nginx - -"];
nix.sshServe = {
protocol = "ssh-ng";
enable = true;
keys = pkgs.privateValue [ ] "root-ssh-keys";
keys = pkgs.privateValue [] "root-ssh-keys";
};
users.users = {
@ -122,12 +129,12 @@ in
description = "choreutes";
isNormalUser = true;
uid = 1001;
extraGroups = [ "wheel" "systemd-journal" ];
extraGroups = ["wheel" "systemd-journal"];
passwordFile = pkgs.privatePath "pam-login-password-choreutes";
};
ved-backup = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSldCn4LJcIos8PVI7PJZSM5aQ8FoDPUzMTwSHm6NUl root@bach" ];
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSldCn4LJcIos8PVI7PJZSM5aQ8FoDPUzMTwSHm6NUl root@bach"];
};
};
@ -136,5 +143,4 @@ in
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}

19
nixos/machines/hera/hardware-configuration.nix
View file

@ -1,15 +1,17 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
config,
lib,
pkgs,
...
}: {
imports = [<nixpkgs/nixos/modules/profiles/qemu-guest.nix>];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
@ -21,8 +23,7 @@
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
swapDevices = [{device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057";}];
nix.maxJobs = lib.mkDefault 4;
}

93
nixos/machines/hera/mail.nix
View file

@ -1,10 +1,13 @@
{ pkgs, config, lib, ... }:
let
certPath = "/var/lib/acme/hera.m-0.eu";
nonMailboxDomains = [ "lists.maralorn.de" ];
inherit (config.m-0) hosts;
in
{
pkgs,
config,
lib,
...
}: let
certPath = "/var/lib/acme/hera.m-0.eu";
nonMailboxDomains = ["lists.maralorn.de"];
inherit (config.m-0) hosts;
in {
m-0.monitoring = [
{
name = "postfix on hera";
@ -12,7 +15,7 @@ in
}
];
imports = [ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
imports = [../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}"];
services = {
unbound.enable = true;
@ -25,45 +28,43 @@ in
};
};
rspamd.locals = {
"multimap.conf".text =
let
allow-ip = builtins.toFile "allow-ip.map" ''
'';
allow-host = builtins.toFile "allow-host.map" ''
gmx.de
web.de
google.com
meteosafe.com # Wetterwarnungen
# tu-darmstadt.de # Not safe because of spam via cda
ccc.de
discourse.cloud
haskell.org
github.com
vocalensemble-darmstadt.de
sit-mainz.info # Bistum Mainz
'';
in
''
# local.d/multimap.conf
# allow lists
LOCAL_AL_IP {
type = "ip"; # matches IP of the host that performed message handoff (against radix map)
map = "${allow-ip}";
group = "local_al_ip";
score = -15;
description = "Submitting IP listed in local allow list";
}
LOCAL_AL_HOST {
type = "hostname"; # matches reverse DNS name of the host that performed message handoff
filter = "tld" ; # matches eSLD (effective second level domain - a second-level domain or something thats effectively so like example.com or example.za.org)
score = -15;
map = "${allow-host}";
description = "Submitting host RDNS listed in local allow list";
}
"multimap.conf".text = let
allow-ip = builtins.toFile "allow-ip.map" ''
'';
allow-host = builtins.toFile "allow-host.map" ''
gmx.de
web.de
google.com
meteosafe.com # Wetterwarnungen
# tu-darmstadt.de # Not safe because of spam via cda
ccc.de
discourse.cloud
haskell.org
github.com
vocalensemble-darmstadt.de
sit-mainz.info # Bistum Mainz
'';
in ''
# local.d/multimap.conf
# allow lists
LOCAL_AL_IP {
type = "ip"; # matches IP of the host that performed message handoff (against radix map)
map = "${allow-ip}";
group = "local_al_ip";
score = -15;
description = "Submitting IP listed in local allow list";
}
LOCAL_AL_HOST {
type = "hostname"; # matches reverse DNS name of the host that performed message handoff
filter = "tld" ; # matches eSLD (effective second level domain - a second-level domain or something thats effectively so like example.com or example.za.org)
score = -15;
map = "${allow-host}";
description = "Submitting host RDNS listed in local allow list";
}
'';
};
postfix = {
networks = [ "[::1]/128" "127.0.0.1/32" "[${config.m-0.prefix}::]/64" "[${hosts.vpn.prefix}::]/64" "10.0.0.0/24" ];
networks = ["[::1]/128" "127.0.0.1/32" "[${config.m-0.prefix}::]/64" "[${hosts.vpn.prefix}::]/64" "10.0.0.0/24"];
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
config = {
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
@ -83,9 +84,9 @@ in
enableManageSieve = true;
fqdn = "hera.m-0.eu";
rewriteMessageId = true;
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" "lists.maralorn.de" "malte-und-clai.re" ];
forwards = pkgs.privateValue { } "mail/forwards";
loginAccounts = pkgs.privateValue { } "mail/users";
domains = ["m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" "lists.maralorn.de" "malte-und-clai.re"];
forwards = pkgs.privateValue {} "mail/forwards";
loginAccounts = pkgs.privateValue {} "mail/users";
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";

61
nixos/machines/hera/network.nix
View file

@ -1,19 +1,23 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts;
in
{
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
hostName = "hera";
domain = "m-0.eu";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{
address = "213.136.94.190";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "213.136.94.190";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = hosts.hera;
@ -40,50 +44,54 @@ in
'';
};
bridges.bridge.interfaces = [ ];
bridges.bridge.interfaces = [];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{
address = hosts.hera-intern;
prefixLength = 112;
}];
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
ipv6.addresses = [
{
address = hosts.hera-intern;
prefixLength = 112;
}
];
ipv4.addresses = [
{
address = "10.0.0.1";
prefixLength = 24;
}
];
};
nat = {
enable = true;
externalInterface = "ens18";
internalInterfaces = [ "bridge" ];
internalInterfaces = ["bridge"];
};
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
firewall.allowedTCPPorts = [ 8666 ];
firewall.allowedUDPPorts = [ wireguard.port ];
nameservers = ["213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53"];
firewall.allowedTCPPorts = [8666];
firewall.allowedUDPPorts = [wireguard.port];
wireguard.interfaces = {
m0wire = {
ips = [ "${hosts.hera-wg}/112" "${hosts.vpn.hera}/64" ];
ips = ["${hosts.hera-wg}/112" "${hosts.vpn.hera}/64"];
privateKeyFile = pkgs.privatePath "wireguard/hera-private";
listenPort = wireguard.port;
peers = [
{
publicKey = wireguard.pub.zeus;
allowedIPs = [ "${hosts.zeus-wg}/128" "${hosts.vpn.zeus}/128" ];
allowedIPs = ["${hosts.zeus-wg}/128" "${hosts.vpn.zeus}/128"];
presharedKeyFile = pkgs.privatePath "wireguard/psk";
}
{
publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" "${hosts.vpn.apollo}/128" ];
allowedIPs = ["${hosts.apollo-wg}/128" "${hosts.vpn.apollo}/128"];
presharedKeyFile = pkgs.privatePath "wireguard/psk";
}
{
publicKey = wireguard.pub.fluffy;
allowedIPs = [ "${hosts.vpn.fluffy}/128" ];
allowedIPs = ["${hosts.vpn.fluffy}/128"];
presharedKeyFile = pkgs.privatePath "wireguard/psk";
}
{
publicKey = wireguard.pub.pegasus;
allowedIPs = [ "${hosts.vpn.pegasus}/128" ];
allowedIPs = ["${hosts.vpn.pegasus}/128"];
presharedKeyFile = pkgs.privatePath "wireguard/psk";
}
];
@ -102,5 +110,4 @@ in
'';
};
};
}

29
nixos/machines/hera/web.nix
View file

@ -1,13 +1,18 @@
{ config, pkgs, lib, ... }:
let
locations."/".extraConfig = "return 301 https://blog.maralorn.de$request_uri;";
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [{
name = "hera-nginx";
host = "hera-intern:9113";
}];
config,
pkgs,
lib,
...
}: let
locations."/".extraConfig = "return 301 https://blog.maralorn.de$request_uri;";
in {
networking.firewall.allowedTCPPorts = [80 443];
m-0.monitoring = [
{
name = "hera-nginx";
host = "hera-intern:9113";
}
];
security.acme.certs."hera.m-0.eu".keyType = "rsa4096";
services = {
nginx = {
@ -16,8 +21,7 @@ in
"stream.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://[${config.m-0.hosts.apollo-wg}]:8123";
locations."/".proxyPass = "http://[${config.m-0.hosts.apollo-wg}]:8123";
};
"tasks.maralorn.de" = {
forceSSL = true;
@ -28,7 +32,7 @@ in
};
};
"hera.m-0.eu" = {
serverAliases = [ "malte-und-clai.re" ];
serverAliases = ["malte-und-clai.re"];
default = true;
forceSSL = true;
enableACME = true;
@ -51,5 +55,4 @@ in
};
};
};
}

86
nixos/machines/zeus/configuration.nix
View file

@ -1,15 +1,16 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts prefix;
nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
nixos-unstable = (import ../../../nix/sources.nix).nixos-unstable;
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: { }) "vpn";
in
{
inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: {}) "vpn";
in {
imports = [
"${nixos-hardware}/common/gpu/amd/sea-islands"
./hardware-configuration.nix
@ -22,20 +23,18 @@ in
(vpn "zeus")
];
fileSystems =
let
btrfsOptions = { options = [ "compress=zstd" "autodefrag" "noatime" ]; };
in
{
"/disk" = { neededForBoot = true; } // btrfsOptions;
"/boot" = btrfsOptions;
"/nix" = btrfsOptions;
"/home/maralorn/.config/pulse" = {
mountPoint = "/home/maralorn/.config/pulse";
device = "/disk/persist/maralorn/.config/pulse";
options = [ "bind" ];
};
fileSystems = let
btrfsOptions = {options = ["compress=zstd" "autodefrag" "noatime"];};
in {
"/disk" = {neededForBoot = true;} // btrfsOptions;
"/boot" = btrfsOptions;
"/nix" = btrfsOptions;
"/home/maralorn/.config/pulse" = {
mountPoint = "/home/maralorn/.config/pulse";
device = "/disk/persist/maralorn/.config/pulse";
options = ["bind"];
};
};
environment.etc = {
nixos.source = "/disk/persist/maralorn/git/config";
@ -43,7 +42,7 @@ in
};
systemd.services."activate-home-manager" = {
path = [ pkgs.nix pkgs.dbus ];
path = [pkgs.nix pkgs.dbus];
script = ''
if [[ -e /home/maralorn/.mode ]]; then
MODE="$(cat /home/maralorn/.mode)"
@ -56,9 +55,9 @@ in
Type = "oneshot";
User = "maralorn";
};
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
# Try to avoid race conditions, when the user gets logged in before activation was completed.
before = [ "display-manager.service" ];
before = ["display-manager.service"];
};
systemd.tmpfiles.rules = [
@ -90,7 +89,7 @@ in
backgroundColor = "#000000";
};
};
kernelParams = [ "amdgpu.cik_support=1" ];
kernelParams = ["amdgpu.cik_support=1"];
initrd = {
luks.devices."crypted-nixos" = {
# device defined in hardware-configuration.nix
@ -112,24 +111,28 @@ in
networkmanager.enable = false;
interfaces.enp34s0 = {
useDHCP = true;
ipv6.addresses = [{ address = "fdc0:1::4"; prefixLength = 64; }];
ipv6.addresses = [
{
address = "fdc0:1::4";
prefixLength = 64;
}
];
};
wireguard.interfaces = {
m0wire = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.zeus-wg}/112" "${hosts.vpn.zeus}/64" ];
ips = ["${hosts.zeus-wg}/112" "${hosts.vpn.zeus}/64"];
privateKeyFile = "/disk/persist/wireguard-private-key";
peers = [
{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
allowedIPs = ["::/0"];
endpoint = "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
presharedKeyFile = pkgs.privatePath "wireguard/psk";
persistentKeepalive = 25;
}
];
postSetup =
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
postSetup = ["${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire"];
};
};
};
@ -153,7 +156,10 @@ in
services = {
pipewire.enable = lib.mkForce false;
fwupd.enable = true;
printing = { enable = true; clientConf = "ServerName fluffy.lo.m-0.eu"; };
printing = {
enable = true;
clientConf = "ServerName fluffy.lo.m-0.eu";
};
fstrim.enable = true;
snapper = {
configs.persist = {
@ -174,13 +180,15 @@ in
firewallFilter = "-i m0wire -p tcp -m tcp -m multiport --dports 9100,9558";
openFirewall = true;
};
syncthing = {
enable = true;
group = "users";
user = "maralorn";
openDefaultPorts = true;
configDir = "/disk/persist/syncthing";
} // syncthing.declarativeWith [ "hera" "apollo" ] "/disk/persist/maralorn/media";
syncthing =
{
enable = true;
group = "users";
user = "maralorn";
openDefaultPorts = true;
configDir = "/disk/persist/syncthing";
}
// syncthing.declarativeWith ["hera" "apollo"] "/disk/persist/maralorn/media";
xserver = {
enable = true;
displayManager = {
@ -222,7 +230,7 @@ in
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "::1" ];
anonymousClients.allowedIpRanges = ["127.0.0.1" "::1"];
};
};
};

75
nixos/machines/zeus/hardware-configuration.nix
View file

@ -1,53 +1,50 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/" = {
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/disk" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
};
fileSystems."/disk" = {
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
};
boot.initrd.luks.devices."crypted-nixos".device = "/dev/disk/by-uuid/2518e0e0-c263-40bc-b378-419832dc62cc";
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = [ "subvol=boot" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = ["subvol=boot"];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/C41C-0C8E";
fsType = "vfat";
};
swapDevices = [ ];
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/C41C-0C8E";
fsType = "vfat";
};
swapDevices = [];
}

5
nixos/roles/5etools-url.nix
View file

@ -1 +1,4 @@
{ url = "https://github.com/5etools-mirror-1/5etools-mirror-1.github.io/releases/download/v1.150.1/5etools-v1.150.1.zip"; sha256 = "05m5s2swlgs4g21j28hxyniga8mdx0vll2wh8bxcgfaryibqw90l"; }
{
url = "https://github.com/5etools-mirror-1/5etools-mirror-1.github.io/releases/download/v1.150.1/5etools-v1.150.1.zip";
sha256 = "05m5s2swlgs4g21j28hxyniga8mdx0vll2wh8bxcgfaryibqw90l";
}

18
nixos/roles/admin.nix
View file

@ -1,18 +1,20 @@
{ config, pkgs, lib, ... }:
let
passwordFile = pkgs.privatePath "pam-login-password";
openssh.authorizedKeys.keys = pkgs.privateValue [ ] "ssh-keys";
in
{
config,
pkgs,
lib,
...
}: let
passwordFile = pkgs.privatePath "pam-login-password";
openssh.authorizedKeys.keys = pkgs.privateValue [] "ssh-keys";
in {
users.users = {
maralorn = {
description = "maralorn";
isNormalUser = true;
uid = 1000;
extraGroups =
[ "wheel" "systemd-journal" "networkmanager" "docker" "video" ];
extraGroups = ["wheel" "systemd-journal" "networkmanager" "docker" "video"];
inherit openssh passwordFile;
};
root = { inherit openssh passwordFile; };
root = {inherit openssh passwordFile;};
};
}

8
nixos/roles/blog.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
services = {
nginx = {
enable = true;
@ -25,5 +30,4 @@
};
};
};
}

9
nixos/roles/boot-key.nix
View file

@ -1,7 +1,10 @@
{ lib, config, ... }:
let secretsFile = "/var/lib/luks-secret/key";
in
{
lib,
config,
...
}: let
secretsFile = "/var/lib/luks-secret/key";
in {
boot = {
initrd = {
luks.devices."nixos" = {

54
nixos/roles/coturn.nix
View file

@ -1,29 +1,31 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
fqdn = "${config.networking.hostName}.${config.networking.domain}";
key_dir = config.security.acme.certs."${fqdn}".directory;
in
{
users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
networking.firewall =
let
range = [{
in {
users.users.turnserver.extraGroups = ["nginx"]; # For read access to certs;
networking.firewall = let
range = [
{
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
}];
ports = [
config.services.coturn.listening-port
config.services.coturn.alt-listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-tls-listening-port
];
in
{
allowedUDPPortRanges = range;
allowedTCPPortRanges = range;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
}
];
ports = [
config.services.coturn.listening-port
config.services.coturn.alt-listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-tls-listening-port
];
in {
allowedUDPPortRanges = range;
allowedTCPPortRanges = range;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
security.acme.certs.${fqdn} = {
postRun = "systemctl restart coturn.service";
};
@ -37,10 +39,12 @@ in
max-port = 52100;
pkey = "${key_dir}/key.pem";
cert = "${key_dir}/fullchain.pem";
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
"matrix/server-secrets").turn_shared_secret;
static-auth-secret =
(pkgs.privateValue {turn_shared_secret = "";}
"matrix/server-secrets")
.turn_shared_secret;
realm = fqdn;
listening-ips = [ config.m-0.hosts.hera config.m-0.hosts.hera-v4 ];
listening-ips = [config.m-0.hosts.hera config.m-0.hosts.hera-v4];
extraConfig = ''
fingerprint

112
nixos/roles/default.nix
View file

@ -1,12 +1,17 @@
{ pkgs, config, lib, ... }: {
imports = [ ../../common ./admin.nix ../../cachix.nix ];
{
pkgs,
config,
lib,
...
}: {
imports = [../../common ./admin.nix ../../cachix.nix];
i18n.defaultLocale = "en_US.UTF-8";
# For nixos-rebuild
nixpkgs.overlays =
[ (_: _: (import ../../channels.nix).${config.networking.hostName}) ]
++ import ../../overlays { inherit lib; };
[(_: _: (import ../../channels.nix).${config.networking.hostName})]
++ import ../../overlays {inherit lib;};
time.timeZone = "Europe/Berlin";
@ -14,10 +19,13 @@
firewall.allowPing = true;
useDHCP = false;
hosts = lib.zipAttrs
(
lib.mapAttrsToList (host: ip: if builtins.typeOf ip == "set" then { } else { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts
);
(
lib.mapAttrsToList (host: ip:
if builtins.typeOf ip == "set"
then {}
else {"${ip}" = "${host} ${host}.m-0.eu";})
config.m-0.hosts
);
};
security.acme = {
@ -31,38 +39,39 @@
};
environment = {
etc = lib.mapAttrs'
(name: value: lib.nameValuePair "nix-path/${name}" { source = value; })
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources) // {
"nix-path/nixos".source = pkgs.sources.${pkgs.nixpkgs-channel};
"nix-path/nixpkgs".source = pkgs.sources.${pkgs.nixpkgs-channel};
"nix-path/home-manager".source =
pkgs.sources.${pkgs.home-manager-channel};
};
etc =
lib.mapAttrs'
(name: value: lib.nameValuePair "nix-path/${name}" {source = value;})
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
// {
"nix-path/nixos".source = pkgs.sources.${pkgs.nixpkgs-channel};
"nix-path/nixpkgs".source = pkgs.sources.${pkgs.nixpkgs-channel};
"nix-path/home-manager".source =
pkgs.sources.${pkgs.home-manager-channel};
};
variables =
lib.genAttrs [ "CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE" ]
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"]
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
};
system.activationScripts =
lib.mkIf (!pkgs.withSecrets) { text = "echo No secrets loaded!; exit 1;"; };
lib.mkIf (!pkgs.withSecrets) {text = "echo No secrets loaded!; exit 1;";};
nix = {
binaryCaches = lib.mkAfter (
pkgs.privateValue [ ] "binary-caches"
pkgs.privateValue [] "binary-caches"
# ++ (
# if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ]
# )
);
binaryCachePublicKeys =
[
"ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
];
nixPath = [ "/etc/nix-path" ];
trustedUsers = [ "maralorn" "laminar" ];
buildMachines = pkgs.privateValue [ ] "remote-builders";
binaryCachePublicKeys = [
"ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
];
nixPath = ["/etc/nix-path"];
trustedUsers = ["maralorn" "laminar"];
buildMachines = pkgs.privateValue [] "remote-builders";
extraOptions = ''
experimental-features = nix-command flakes
fallback = true
@ -70,29 +79,28 @@
builders-use-substitutes = true
'';
optimise = {
dates = [ ];
dates = [];
automatic = true;
};
};
systemd.services =
let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
};
systemd.services = let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
};
};
in
{ nix-optimise.serviceConfig.Type = "oneshot"; } // builtins.listToAttrs (map makeConfig hosts);
};
in
{nix-optimise.serviceConfig.Type = "oneshot";} // builtins.listToAttrs (map makeConfig hosts);
services = {
logind.killUserProcesses = false;
@ -100,8 +108,8 @@
prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" "logind" ];
disabledCollectors = [ "timex" ];
enabledCollectors = ["systemd" "logind"];
disabledCollectors = ["timex"];
};
nginx = {
enable = config.services.nginx.enable;
@ -117,9 +125,11 @@
};
};
programs = {
command-not-found.dbPath = "${builtins.fetchTarball {
url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz";
}}/programs.sqlite";
command-not-found.dbPath = "${
builtins.fetchTarball {
url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz";
}
}/programs.sqlite";
zsh = {
enable = true;
autosuggestions.enable = true;

3
nixos/roles/earlyoom.nix
View file

@ -1,9 +1,8 @@
{ ... }: {
{...}: {
services.earlyoom = {
enableNotifications = true;
freeSwapThreshold = 100;
freeMemThreshold = 5;
enable = true;
};
}

22
nixos/roles/element.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
elementConfig = {
default_server_config."m.homeserver" = {
server_name = "maralorn.de";
@ -8,20 +11,17 @@ let
};
integrations_ui_url = "";
integgrations_rest_url = "";
integrations_widgets_urls = [ ];
roomDirectory.servers = [ "matrix.org" "maralorn.de" ];
branding.welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
integrations_widgets_urls = [];
roomDirectory.servers = ["matrix.org" "maralorn.de"];
branding.welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
};
in
{
in {
services.nginx = {
enable = true;
virtualHosts."element.maralorn.de" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override (old: { conf = elementConfig; });
root = pkgs.element-web.override (old: {conf = elementConfig;});
};
};
}

68
nixos/roles/email2matrix.nix
View file

@ -1,5 +1,8 @@
{ pkgs, config, ... }:
let
{
pkgs,
config,
...
}: let
default_mailbox = {
MailboxName = "<missing>";
MatrixRoomId = "<missing>";
@ -11,36 +14,37 @@ let
SkipMarkdown = false;
};
email2matrix-config = pkgs.writeText "email2matrix-config.json"
(builtins.toJSON {
Smtp = {
ListenInterface = "[::1]:2525";
Hostname = "email2matrix.maralorn.de";
Workers = 10;
};
Matrix = {
Mappings = [
(default_mailbox // {
MailboxName = "notify";
MatrixRoomId = "!kTKVQjRwxjaoMQmcve:maralorn.de";
})
(default_mailbox // {
MailboxName = "subjects";
MatrixRoomId = "!kTKVQjRwxjaoMQmcve:maralorn.de";
IgnoreBody = true;
})
(default_mailbox // {
MailboxName = "weather";
MatrixRoomId = "!ELeFcSrHXgMqOmwnxg:maralorn.de";
})
];
};
Misc = { Debug = true; };
});
in
{
(builtins.toJSON {
Smtp = {
ListenInterface = "[::1]:2525";
Hostname = "email2matrix.maralorn.de";
Workers = 10;
};
Matrix = {
Mappings = [
(default_mailbox
// {
MailboxName = "notify";
MatrixRoomId = "!kTKVQjRwxjaoMQmcve:maralorn.de";
})
(default_mailbox
// {
MailboxName = "subjects";
MatrixRoomId = "!kTKVQjRwxjaoMQmcve:maralorn.de";
IgnoreBody = true;
})
(default_mailbox
// {
MailboxName = "weather";
MatrixRoomId = "!ELeFcSrHXgMqOmwnxg:maralorn.de";
})
];
};
Misc = {Debug = true;};
});
in {
systemd.services.email2matrix = {
script =
"${pkgs.email2matrix}/bin/devture-email2matrix --config ${email2matrix-config}";
wantedBy = [ "multi-user.target" ];
script = "${pkgs.email2matrix}/bin/devture-email2matrix --config ${email2matrix-config}";
wantedBy = ["multi-user.target"];
};
}

75
nixos/roles/firefox-sync.nix
View file

@ -1,9 +1,10 @@
{ config, lib, ... }:
with lib;
let
pkgs = import (import ../../nix/sources.nix)."nixos-19.09" { };
{
config,
lib,
...
}:
with lib; let
pkgs = import (import ../../nix/sources.nix)."nixos-19.09" {};
cfg = config.services.firefox.syncserver;
@ -35,12 +36,10 @@ let
user = "syncserver";
group = "syncserver";
in
in {
disabledModules = ["services/networking/firefox/sync-server.nix"];
{
disabledModules = [ "services/networking/firefox/sync-server.nix" ];
meta.maintainers = with lib.maintainers; [ nadrieril ];
meta.maintainers = with lib.maintainers; [nadrieril];
options = {
services.firefox.syncserver = {
@ -132,14 +131,13 @@ in
};
config = {
systemd.services.syncserver = {
after = [ "network.target" ];
after = ["network.target"];
description = "Firefox Sync Server";
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
path = [
pkgs.coreutils
(pkgs.python.withPackages (ps: [ pkgs.syncserver ps.gunicorn ]))
(pkgs.python.withPackages (ps: [pkgs.syncserver ps.gunicorn]))
];
serviceConfig = {
@ -148,30 +146,32 @@ in
PermissionsStartOnly = true;
};
preStart = ''
if ! test -e ${cfg.privateConfig}; then
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
preStart =
''
if ! test -e ${cfg.privateConfig}; then
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
chmod 600 ${cfg.privateConfig}
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
chmod 600 ${cfg.privateConfig}
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
chmod 600 ${cfg.privateConfig}
chmod 755 $(dirname ${cfg.privateConfig})
chown ${user}:${group} ${cfg.privateConfig}
chmod 755 $(dirname ${cfg.privateConfig})
chown ${user}:${group} ${cfg.privateConfig}
'' + optionalString (cfg.sqlUri == defaultSqlUri) ''
if ! test -e $(dirname ${defaultDbLocation}); then
mkdir -m 700 -p $(dirname ${defaultDbLocation})
chown ${user}:${group} $(dirname ${defaultDbLocation})
fi
''
+ optionalString (cfg.sqlUri == defaultSqlUri) ''
if ! test -e $(dirname ${defaultDbLocation}); then
mkdir -m 700 -p $(dirname ${defaultDbLocation})
chown ${user}:${group} $(dirname ${defaultDbLocation})
fi
# Move previous database file if it exists
oldDb="/var/db/firefox-sync-server.db"
if test -f $oldDb; then
mv $oldDb ${defaultDbLocation}
chown ${user}:${group} ${defaultDbLocation}
fi
'';
# Move previous database file if it exists
oldDb="/var/db/firefox-sync-server.db"
if test -f $oldDb; then
mv $oldDb ${defaultDbLocation}
chown ${user}:${group} ${defaultDbLocation}
fi
'';
script = ''
gunicorn --paste ${syncServerIni}
@ -183,7 +183,7 @@ in
isSystemUser = true;
};
users.groups.${group} = { };
users.groups.${group} = {};
services = {
firefox.syncserver = {
@ -205,6 +205,5 @@ in
};
};
};
};
}

47
nixos/roles/fonts.nix
View file

@ -1,36 +1,45 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
fonts = {
fontconfig = {
enable = true;
cache32Bit = true;
defaultFonts = {
monospace = [ "JetBrainsMono Nerd Font" "DejaVu Sans Mono" ];
sansSerif = [ "B612" "DejaVu Sans" ];
serif = [ "Libertinus" "DejaVu Serif" ];
monospace = ["JetBrainsMono Nerd Font" "DejaVu Sans Mono"];
sansSerif = ["B612" "DejaVu Sans"];
serif = ["Libertinus" "DejaVu Serif"];
};
};
enableDefaultFonts = true;
#fontDir.enable = true;
fonts = builtins.attrValues {
inherit (pkgs)
nerdfonts# For all my terminal needs.
libertinus# nice text font
material-icons# icons in my app
b612; # sans font, very good for displays
inherit
(pkgs)
nerdfonts
# For all my terminal needs.
libertinus
# nice text font
material-icons
# icons in my app
b612
; # sans font, very good for displays
};
};
# create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months
environment.etc =
let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in
environment.etc = let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in
builtins.listToAttrs (lib.imap0
(n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
})
font_sources);
(n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
})
font_sources);
}

15
nixos/roles/foundryvtt.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
let
{
pkgs,
lib,
config,
...
}: let
name = "foundryvtt";
stateDir = "/var/lib/${name}";
dataDir = "${stateDir}/data";
@ -15,11 +19,10 @@ let
updateChannel = "release";
};
declarativeConfigFile = builtins.toFile "foundry-options.json" (builtins.toJSON config);
in
{
in {
config = {
systemd.services.${name} = {
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
description = "Foundryvtt server";
preStart = ''
mkdir -p ${dataDir}
@ -55,7 +58,7 @@ in
enableACME = true;
locations = {
"/rules/" = {
alias = "${pkgs.fetchzip (import ./5etools-url.nix // { stripRoot = false;})}/";
alias = "${pkgs.fetchzip (import ./5etools-url.nix // {stripRoot = false;})}/";
index = "index.html";
};
"/" = {

40
nixos/roles/git.nix
View file

@ -1,15 +1,19 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
gitoliteCfg = config.services.gitolite;
post-update = pkgs.writeHaskellScript
{
name = "post-update";
bins = [ pkgs.git pkgs.laminar ];
imports = [
"System.Environment (lookupEnv)"
"System.Directory (withCurrentDirectory)"
];
} ''
{
name = "post-update";
bins = [pkgs.git pkgs.laminar];
imports = [
"System.Environment (lookupEnv)"
"System.Directory (withCurrentDirectory)"
];
} ''
checkout :: String -> IO FilePath
checkout path = do
(decodeUtf8 -> repoDir) <- mktemp "-d" |> captureTrim
@ -88,14 +92,13 @@ let
project-list=/var/lib/gitolite/projects.list
scan-path=/var/lib/gitolite/repositories
'';
in
{
in {
systemd.tmpfiles.rules =
lib.mkAfter
[
"z ${gitoliteCfg.dataDir}/.ssh/id_ed25519 0600 ${gitoliteCfg.user} ${gitoliteCfg.group} - -"
"v /var/cache/cgit 0700 cgit ${gitoliteCfg.group} - -"
];
[
"z ${gitoliteCfg.dataDir}/.ssh/id_ed25519 0600 ${gitoliteCfg.user} ${gitoliteCfg.group} - -"
"v /var/cache/cgit 0700 cgit ${gitoliteCfg.group} - -"
];
users.users.cgit = {
isSystemUser = true;
group = gitoliteCfg.group;
@ -119,8 +122,8 @@ in
gitolite = {
enable = true;
user = "git";
adminPubkey = builtins.elemAt (pkgs.privateValue [ "" ] "ssh-keys") 0;
commonHooks = [ "${post-update}/bin/post-update" ];
adminPubkey = builtins.elemAt (pkgs.privateValue [""] "ssh-keys") 0;
commonHooks = ["${post-update}/bin/post-update"];
extraGitoliteRc = ''
$RC{UMASK} = 0027;
$RC{GIT_CONFIG_KEYS} = 'gitweb\..*';
@ -157,5 +160,4 @@ in
};
};
};
}

32
nixos/roles/go-neb.nix
View file

@ -1,28 +1,33 @@
{ pkgs, config, ... }: {
{
pkgs,
config,
...
}: {
#imports = [ modules/go-neb.nix ];
services.go-neb = {
enable = true;
baseUrl = "http://localhost";
config = {
clients = [{
UserId = "@marabot:maralorn.de";
AccessToken = pkgs.privateValue "" "matrix/marabot-token";
HomeServerUrl = "https://matrix.maralorn.de";
Sync = true;
AutoJoinRooms = true;
DisplayName = "marabot";
}];
realms = [ ];
sessions = [ ];
clients = [
{
UserId = "@marabot:maralorn.de";
AccessToken = pkgs.privateValue "" "matrix/marabot-token";
HomeServerUrl = "https://matrix.maralorn.de";
Sync = true;
AutoJoinRooms = true;
DisplayName = "marabot";
}
];
realms = [];
sessions = [];
services = [
{
ID = "alertmanager_service";
Type = "alertmanager";
UserId = "@marabot:maralorn.de";
Config = {
webhook_url =
"http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2UK";
webhook_url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2UK";
rooms = {
"!negVsngnYOmXYCLKiO:maralorn.de" = {
text_template = ''
@ -38,5 +43,4 @@
];
};
};
}

44
nixos/roles/goatcounter.nix
View file

@ -1,34 +1,38 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
src = pkgs.fetchurl {
url = "https://github.com/zgoat/goatcounter/releases/download/v2.0.4/goatcounter-v2.0.4-linux-amd64.gz";
sha256 = "1h7hv5lk2gm3klbfbgwfa7xn31az9zmlryd8bqqq38lp5r56cpb4";
};
goatcounter-bin = pkgs.runCommand "goatcounter-bin" { } ''
goatcounter-bin = pkgs.runCommand "goatcounter-bin" {} ''
mkdir -p $out/bin
gunzip -c ${src} > $out/bin/goatcounter
chmod +x $out/bin/goatcounter
'';
goatcounter-token = pkgs.privateValue "" "goatcounter-token";
in
{
environment.systemPackages = [ goatcounter-bin ];
in {
environment.systemPackages = [goatcounter-bin];
users = {
users.goatcounter = {
isSystemUser = true;
group = "goatcounter";
};
groups.goatcounter = { };
groups.goatcounter = {};
};
services.postgresql = {
enable = true;
ensureUsers = [{
name = "goatcounter";
ensurePermissions = {
"DATABASE goatcounter" = "ALL PRIVILEGES";
};
}];
ensureDatabases = [ "goatcounter" ];
ensureUsers = [
{
name = "goatcounter";
ensurePermissions = {
"DATABASE goatcounter" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = ["goatcounter"];
};
services.nginx = {
appendHttpConfig = lib.mkAfter ''
@ -45,8 +49,8 @@ in
};
systemd.services = {
goatcounter = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
requires = ["postgresql.service"];
after = ["postgresql.service"];
serviceConfig = {
User = "goatcounter";
ExecStart = "${goatcounter-bin}/bin/goatcounter serve -db 'postgresql://host=/run/postgresql dbname=goatcounter' -listen *:8081 -tls http -automigrate";
@ -54,11 +58,11 @@ in
WatchdogSec = "20m";
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
};
goatcounter-feeder = {
requires = [ "goatcounter.service" ];
after = [ "goatcounter.service" ];
requires = ["goatcounter.service"];
after = ["goatcounter.service"];
serviceConfig = {
User = "nginx";
Type = "oneshot";
@ -78,7 +82,7 @@ in
systemd.timers = {
goatcounter-feeder = {
timerConfig.OnCalendar = "minutely";
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
};
};
}

1728
nixos/roles/home-assistant/default.nix
View file

File diff suppressed because it is too large Load diff

9
nixos/roles/home-assistant/hexa-cards.nix
View file

@ -1,13 +1,11 @@
{ pkgs, ... }:
let
nur = import pkgs.sources.hexa-nur-packages { };
{pkgs, ...}: let
nur = import pkgs.sources.hexa-nur-packages {};
mkLovelaceModule = name: {
url = "custom/${name}.js?${nur.hassLovelaceModules."${name}".version}";
type = "module";
};
in
{
in {
systemd.tmpfiles.rules = [
# Lovelace Cards
"d /run/hass 0700 nginx nginx"
@ -32,4 +30,3 @@ in
];
};
}

2
nixos/roles/home-assistant/jinja.nix
View file

@ -5,7 +5,7 @@ lib: rec {
${default}
{% endif %}
'';
if' = condition: ifTrue: ifFalse: case ifFalse { ${condition} = ifTrue; };
if' = condition: ifTrue: ifFalse: case ifFalse {${condition} = ifTrue;};
or = lhs: rhs: "(${lhs} or ${rhs})";
and = lhs: rhs: "(${lhs} and ${rhs})";
isState = entity: state: "is_state('${entity}','${state}')";

99
nixos/roles/home-assistant/lib.nix
View file

@ -1,30 +1,28 @@
lib:
let
lib: let
# name refers to an internal name
# title refers to a human readable name
# mode = { name, title, options = { <option_name> : { title , icon } } }
in
rec {
in rec {
jinja = import ./jinja.nix lib;
tap_actions =
let
fromServiceAction = action:
{
action = "call-service";
inherit (action) service;
service_data = action.data or { } // {
inherit (action) entity_id;
};
tap_actions = let
fromServiceAction = action: {
action = "call-service";
inherit (action) service;
service_data =
action.data
or {}
// {
inherit (action) entity_id;
};
in
{
setMode = mode: option: fromServiceAction (actions.setMode mode option);
cycleMode = mode: fromServiceAction (actions.cycleMode mode);
};
in {
setMode = mode: option: fromServiceAction (actions.setMode mode option);
cycleMode = mode: fromServiceAction (actions.cycleMode mode);
};
actions = {
notify = message: {
service = "notify.notify";
data = { inherit message; };
data = {inherit message;};
};
cycleMode = mode: {
service = "input_select.select_next";
@ -32,63 +30,68 @@ rec {
};
setMode = mode: option: {
service = "input_select.select_option";
data = { inherit option; };
data = {inherit option;};
entity_id = util.modeSelectEntity mode;
};
};
util = rec {
mkIcon = name: "mdi:${name}";
mkMode = name: options: { inherit name options; };
mkMode = name: options: {inherit name options;};
modeSelectEntity = mode: "input_select.${modeSelectName mode}";
modeSelectName = mode: "mode_${mode.name}";
modeBinarySensorName = mode: option: "${modeSelectName mode}_is_${option}";
modeBinarySensorEntity = mode: option: "binary_sensor.${modeBinarySensorName mode option}";
};
triggers = rec {
stateTrigger = entity: { platform = "state"; entity_id = entity; };
stateTrigger = entity: {
platform = "state";
entity_id = entity;
};
modeSwitchTrigger = mode: stateTrigger (util.modeSelectEntity mode);
};
conditions = {
modeIs = mode: option: { condition = "state"; entity_id = util.modeSelectEntity mode; state = option; };
modeIs = mode: option: {
condition = "state";
entity_id = util.modeSelectEntity mode;
state = option;
};
};
modules = rec {
mkHAConfig = attrs: {
services.home-assistant.config = attrs;
};
mkModeSwitcher = mode: attrs: { ... }:
let
options = builtins.attrNames mode.options;
in
mkModeSwitcher = mode: attrs: {...}: let
options = builtins.attrNames mode.options;
in
mkHAConfig {
input_select.${util.modeSelectName mode} = {
inherit options;
name = mode.title;
} // attrs;
input_select.${util.modeSelectName mode} =
{
inherit options;
name = mode.title;
}
// attrs;
template = builtins.map (templates.binarySensorForMode mode) options;
};
};
cards = {
modeSwitcher = mode:
let
mkEntity = optionName: option:
{
entity = util.modeBinarySensorEntity mode optionName;
name = option.title;
inherit (option) icon;
tap_action = tap_actions.setMode mode optionName;
};
in
{
type = "glance";
inherit (mode) title;
columns = builtins.length (builtins.attrNames mode.options);
show_state = false;
entities = lib.mapAttrsToList mkEntity mode.options;
modeSwitcher = mode: let
mkEntity = optionName: option: {
entity = util.modeBinarySensorEntity mode optionName;
name = option.title;
inherit (option) icon;
tap_action = tap_actions.setMode mode optionName;
};
in {
type = "glance";
inherit (mode) title;
columns = builtins.length (builtins.attrNames mode.options);
show_state = false;
entities = lib.mapAttrsToList mkEntity mode.options;
};
};
templates = rec {
binarySensor = state: attrs: { binary_sensor = [ ({ inherit state; } // attrs) ]; };
binarySensor = state: attrs: {binary_sensor = [({inherit state;} // attrs)];};
binarySensorFromCondition = condition: binarySensor (jinja.if' condition "1" "0");
binarySensorForMode = mode: option: binarySensorFromCondition (jinja.isState (util.modeSelectEntity mode) option) { name = util.modeBinarySensorName mode option; };
binarySensorForMode = mode: option: binarySensorFromCondition (jinja.isState (util.modeSelectEntity mode) option) {name = util.modeBinarySensorName mode option;};
};
}

10
nixos/roles/kassandra-server.nix
View file

@ -1,12 +1,10 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
serverPath = "/var/cache/gc-links/kassandra-server";
in
{
in {
systemd.services.kassandra = {
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
description = "Kassandra Server";
path = [ pkgs.coreutils pkgs.taskwarrior ];
path = [pkgs.coreutils pkgs.taskwarrior];
serviceConfig = {
WorkingDirectory = serverPath;
ExecStart = "${serverPath}/backend -b '::1' ";

Some files were not shown because too many files have changed in this diff Show more