Update pass and upgrade to sway
This commit is contained in:
parent
f6a7146b81
commit
59ef569e0e
Binary file not shown.
|
@ -155,7 +155,7 @@ in {
|
|||
EMAIL = me.mail;
|
||||
SUDO_ASKPASS = let
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}";
|
||||
in "${print-pw}/bin/print-pw";
|
||||
};
|
||||
file.".config/nvim/coc-settings.json".text = builtins.toJSON {
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let inherit (import ../../pkgs) desktop-pkgs;
|
||||
in {
|
||||
imports =
|
||||
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
|
||||
imports = [ ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
|
||||
m-0 = {
|
||||
workspaces = [
|
||||
"tasks"
|
||||
|
@ -38,73 +37,8 @@ in {
|
|||
"brightWhite" = "#ffffff";
|
||||
};
|
||||
};
|
||||
xsession.initExtra = "xsetroot -solid black";
|
||||
home = {
|
||||
packages = builtins.attrValues desktop-pkgs;
|
||||
keyboard = {
|
||||
layout = "de";
|
||||
variant = "neo";
|
||||
options = [ "altwin:swap_lalt_lwin" ];
|
||||
};
|
||||
};
|
||||
programs.urxvt = let mkFont = size: name: "xft:${name}:size=${size}";
|
||||
in {
|
||||
enable = true;
|
||||
package = desktop-pkgs.urxvt;
|
||||
fonts = map (mkFont "13") [
|
||||
"Inconsolata"
|
||||
"Droid Sans Mono"
|
||||
"DejaVu Sans Mono"
|
||||
"Droid Sans Fallback"
|
||||
"FreeSans"
|
||||
];
|
||||
keybindings = let
|
||||
switchFont = size:
|
||||
"command:\\033]710;${
|
||||
lib.concatStringsSep "," (map (mkFont size) [
|
||||
"Inconsolata"
|
||||
"Droid Sans Mono"
|
||||
"DejaVu Sans Mono"
|
||||
"Droid Sans Fallback"
|
||||
"FreeSans"
|
||||
])
|
||||
}\\007";
|
||||
in {
|
||||
"C-1" = switchFont "10";
|
||||
"C-2" = switchFont "13";
|
||||
"C-3" = switchFont "16";
|
||||
"C-4" = switchFont "24";
|
||||
"C-f" = "matcher:select";
|
||||
"C-g" = "matcher:last";
|
||||
};
|
||||
extraConfig = {
|
||||
tintColor = config.m-0.colors.background;
|
||||
perl-ext = "default,matcher,clipboard-osc";
|
||||
url-launcher = "firefox";
|
||||
foreground = config.m-0.colors.foreground;
|
||||
background = config.m-0.colors.background;
|
||||
color0 = config.m-0.colors.black;
|
||||
color1 = config.m-0.colors.red;
|
||||
color2 = config.m-0.colors.green;
|
||||
color3 = config.m-0.colors.yellow;
|
||||
color4 = config.m-0.colors.blue;
|
||||
color5 = config.m-0.colors.magenta;
|
||||
color6 = config.m-0.colors.cyan;
|
||||
color7 = config.m-0.colors.white;
|
||||
color8 = config.m-0.colors.brightBlack;
|
||||
color9 = config.m-0.colors.brightRed;
|
||||
color10 = config.m-0.colors.brightGreen;
|
||||
color11 = config.m-0.colors.brightYellow;
|
||||
color12 = config.m-0.colors.brightBlue;
|
||||
color13 = config.m-0.colors.brightMagenta;
|
||||
color14 = config.m-0.colors.brightCyan;
|
||||
color15 = config.m-0.colors.brightWhite;
|
||||
};
|
||||
scroll = {
|
||||
bar.enable = false;
|
||||
lines = 0;
|
||||
};
|
||||
};
|
||||
home = { packages = builtins.attrValues desktop-pkgs; };
|
||||
programs.browserpass.enable = true;
|
||||
gtk = {
|
||||
enable = true;
|
||||
iconTheme = {
|
||||
|
@ -117,18 +51,172 @@ in {
|
|||
};
|
||||
};
|
||||
services = {
|
||||
nextcloud-client.enable = true;
|
||||
redshift = {
|
||||
mpd = {
|
||||
enable = true;
|
||||
temperature.day = 6500;
|
||||
latitude = "49.86667";
|
||||
longitude = "8.65";
|
||||
};
|
||||
screen-locker = {
|
||||
enable = true;
|
||||
lockCmd =
|
||||
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
|
||||
network.listenAddress = "::1";
|
||||
musicDirectory = "${config.home.homeDirectory}/data/aktuell/media/musik";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "pulse"
|
||||
name "Pulseaudio"
|
||||
server "localhost"
|
||||
}
|
||||
'';
|
||||
};
|
||||
mpdris2.enable = true;
|
||||
};
|
||||
xsession.enable = true;
|
||||
systemd.user.services.mpdris2 = {
|
||||
Unit.Requires = [ "dbus.service" ];
|
||||
Install.WantedBy = [ "default.target" ];
|
||||
};
|
||||
xdg.configFile."sway/config".text = builtins.readFile ./sway.config + (let
|
||||
inherit (config.m-0) colors workspaces terminal;
|
||||
swayColors = {
|
||||
focused = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
childBorder = colors.blue;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
focused_inactive = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
childBorder = colors.background;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
unfocused = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
childBorder = colors.background;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
urgent = {
|
||||
background = colors.red;
|
||||
border = colors.red;
|
||||
childBorder = colors.red;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
};
|
||||
barColors = {
|
||||
active_workspace = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
text = colors.white;
|
||||
};
|
||||
binding_mode = {
|
||||
background = colors.red;
|
||||
border = colors.red;
|
||||
text = colors.white;
|
||||
};
|
||||
focused_workspace = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
text = colors.white;
|
||||
};
|
||||
inactive_workspace = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
text = colors.white;
|
||||
};
|
||||
};
|
||||
bindings = {
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
|
||||
"XF86AudioLowerVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" =
|
||||
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86MonBrightnessUp" =
|
||||
"exec ${pkgs.brightnessctl}/bin/brightnessctl +5%";
|
||||
"XF86MonBrightnessDown" =
|
||||
"exec ${pkgs.brightnessctl}/bin/brightnessctl +5%";
|
||||
"Tab" = "exec ${pkgs.skippy-xd}/bin/skippy-xd";
|
||||
"Left" = "focus left";
|
||||
"Down" = "focus down";
|
||||
"Up" = "focus up";
|
||||
"Right" = "focus right";
|
||||
"Shift+Left" = "move left";
|
||||
"Shift+Down" = "move down";
|
||||
"Shift+Up" = "move up";
|
||||
"Shift+Right" = "move right";
|
||||
"d" = "splith";
|
||||
"t" = "layout tabbed";
|
||||
"s" = "layout toggle split";
|
||||
"f" = "fullscreen";
|
||||
"Shift+space" = "floating toggle";
|
||||
"prior" = "focus parent";
|
||||
"next" = "focus child";
|
||||
"shift+q" =
|
||||
"exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
|
||||
"Return" = "exec ${terminal}";
|
||||
"q" = "kill";
|
||||
"space" = "exec hotkeys";
|
||||
"m" = "bar mode toggle monitoring";
|
||||
};
|
||||
workspaceBindings = builtins.foldl' (bindings: name:
|
||||
let
|
||||
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in bindings // {
|
||||
"${number}" = "workspace ${number}:${name}";
|
||||
"Shift+${number}" = "move container to workspace ${number}:${name}";
|
||||
}) { } workspaces;
|
||||
bindingsConfig = lib.concatStringsSep "\n" (lib.mapAttrsToList
|
||||
(binding: command: ''
|
||||
bindsym $mod+${binding} ${command}
|
||||
'') (bindings // workspaceBindings));
|
||||
in bindingsConfig + (lib.concatStringsSep "\n" (lib.mapAttrsToList (category:
|
||||
{ border, background, text, indicator, childBorder }: ''
|
||||
client.${category} ${border}a0 ${background}c0 ${text} ${indicator} ${childBorder}
|
||||
'') swayColors)) + ''
|
||||
bar {
|
||||
status_command i3status-rs ${./status.toml};
|
||||
status_padding 0
|
||||
status_edge_padding 0
|
||||
font monospace 9.5
|
||||
height 17
|
||||
strip_workspace_numbers yes
|
||||
|
||||
mode hide
|
||||
|
||||
colors {
|
||||
statusline #ffffff
|
||||
background #00000000
|
||||
${
|
||||
lib.concatStringsSep "\n" (lib.mapAttrsToList (category:
|
||||
{ background, border, text }: ''
|
||||
${category} ${background}c0 ${border} ${text}
|
||||
'') barColors)
|
||||
}
|
||||
}
|
||||
}
|
||||
bar {
|
||||
id monitoring
|
||||
status_command i3status-rs ${./status-monitoring.toml};
|
||||
status_padding 0
|
||||
status_edge_padding 0
|
||||
font monospace 9.5
|
||||
height 17
|
||||
workspace_buttons no
|
||||
position top
|
||||
modifier none
|
||||
|
||||
mode invisible
|
||||
|
||||
colors {
|
||||
statusline #ffffff
|
||||
background #00000000
|
||||
${
|
||||
lib.concatStringsSep "\n" (lib.mapAttrsToList (category:
|
||||
{ background, border, text }: ''
|
||||
${category} ${background}c0 ${border} ${text}
|
||||
'') barColors)
|
||||
}
|
||||
}
|
||||
}
|
||||
'');
|
||||
}
|
||||
|
|
|
@ -1,215 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0) colors workspaces terminal;
|
||||
exec = "exec --no-startup-id";
|
||||
conkyCommon = ''
|
||||
background = false,
|
||||
border_width = 0,
|
||||
cpu_avg_samples = 2,
|
||||
draw_borders = false,
|
||||
draw_graph_borders = true,
|
||||
draw_outline = false,
|
||||
draw_shades = false,
|
||||
double_buffer = true,
|
||||
use_xft = true,
|
||||
font = 'Source Code Pro For Powerline:size=8',
|
||||
gap_x = 0,
|
||||
gap_y = 0,
|
||||
minimum_width = 316,
|
||||
maximum_width = 316,
|
||||
net_avg_samples = 2,
|
||||
no_buffers = true,
|
||||
out_to_console = false,
|
||||
out_to_stderr = false,
|
||||
extra_newline = false,
|
||||
own_window = true,
|
||||
own_window_class = 'Conky',
|
||||
own_window_type = 'override',
|
||||
own_window_colour = "${config.m-0.colors.background}",
|
||||
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
|
||||
stippled_borders = 0,
|
||||
update_interval = 1.0,
|
||||
'';
|
||||
conkyOrgaConfig = pkgs.writeText "conky.conf" ''
|
||||
conky.config = {
|
||||
alignment = 'top_right',
|
||||
${conkyCommon}
|
||||
}
|
||||
|
||||
conky.text = [[
|
||||
''${font Source Code Pro For Powerline:bold:size=14}''${color #8888ff}$alignc''${exec date '+%a %_d. %B, %H:%M:%S'}
|
||||
''${font Source Code Pro For Powerline:size=12}
|
||||
''${color #d0d0d0}''${execpi 60 ${pkgs.gcal}/bin/gcal -K -s1 --iso-week-number=yes | sed -e 's|5\d/1|01|' | sed -ne '3,10p' | sed -e 's/</ ''${color 8888ff}/'| sed -e 's/>/ ''${color}/' | sed 's/^/$alignc/'}
|
||||
$font
|
||||
$hr
|
||||
''${execi 5 cat ~/.kassandra_state | tail -n4}
|
||||
$hr
|
||||
''${execi 5 cat ~/tmp/today.md}
|
||||
]]
|
||||
'';
|
||||
conkyMPDConfig = pkgs.writeText "conky.conf" ''
|
||||
conky.config = {
|
||||
alignment = 'bottom_right',
|
||||
${conkyCommon}
|
||||
mpd_host = "::0",
|
||||
mpd_port = 6600
|
||||
}
|
||||
|
||||
conky.text = [[
|
||||
MPD $mpd_status | Vol: $mpd_vol% | Ran: $mpd_random | Rep: $mpd_repeat
|
||||
$mpd_smart
|
||||
$mpd_album
|
||||
$mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar
|
||||
]]
|
||||
|
||||
'';
|
||||
addMods = oldbindings:
|
||||
builtins.foldl' (newbindings: key:
|
||||
newbindings // {
|
||||
"Mod4+${key}" = oldbindings.${key};
|
||||
"Mod3+Mod4+${key}" = oldbindings.${key};
|
||||
}) { } (builtins.attrNames oldbindings);
|
||||
in {
|
||||
|
||||
xsession = {
|
||||
windowManager.i3 = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
gaps right 320
|
||||
'';
|
||||
package = (import <unstable> { }).i3-gaps;
|
||||
config = let fonts = [ "Source Code Pro For Powerline 9" ];
|
||||
in {
|
||||
startup = [
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
|
||||
notification = false;
|
||||
}
|
||||
];
|
||||
focus = {
|
||||
followMouse = false;
|
||||
forceWrapping = true;
|
||||
};
|
||||
inherit fonts;
|
||||
colors = {
|
||||
focused = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
childBorder = colors.blue;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
focusedInactive = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
childBorder = colors.background;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
unfocused = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
childBorder = colors.background;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
urgent = {
|
||||
background = colors.red;
|
||||
border = colors.red;
|
||||
childBorder = colors.red;
|
||||
indicator = colors.green;
|
||||
text = colors.foreground;
|
||||
};
|
||||
};
|
||||
bars = [{
|
||||
mode = "hide";
|
||||
inherit fonts;
|
||||
colors = {
|
||||
separator = colors.white;
|
||||
background = colors.background;
|
||||
activeWorkspace = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
text = colors.white;
|
||||
};
|
||||
bindingMode = {
|
||||
background = colors.red;
|
||||
border = colors.red;
|
||||
text = colors.white;
|
||||
};
|
||||
focusedWorkspace = {
|
||||
background = colors.blue;
|
||||
border = colors.blue;
|
||||
text = colors.white;
|
||||
};
|
||||
inactiveWorkspace = {
|
||||
background = colors.background;
|
||||
border = colors.background;
|
||||
text = colors.white;
|
||||
};
|
||||
};
|
||||
}];
|
||||
window = {
|
||||
titlebar = false;
|
||||
border = 1;
|
||||
commands = [{
|
||||
command = "floating disable";
|
||||
criteria = { class = "Firefox"; };
|
||||
}];
|
||||
};
|
||||
|
||||
keybindings = {
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
|
||||
"XF86AudioLowerVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" =
|
||||
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86MonBrightnessUp" = "exec xbacklight +5";
|
||||
"XF86MonBrightnessDown" = "exec xbacklight -5";
|
||||
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
|
||||
"Ctrl+Escape" = "${exec} loginctl lock-session;";
|
||||
} // addMods ({
|
||||
"Left" = "focus left";
|
||||
"Down" = "focus down";
|
||||
"Up" = "focus up";
|
||||
"Right" = "focus right";
|
||||
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
|
||||
"Prior" = "focus parent";
|
||||
"Next" = "focus child";
|
||||
"Return" = "${exec} ${terminal}";
|
||||
"p" = "${exec} rofi-pass";
|
||||
"shift+Left" = "move left";
|
||||
"shift+Down" = "move down";
|
||||
"shift+Up" = "move up";
|
||||
"shift+Right" = "move right";
|
||||
"d" = "split h";
|
||||
"f" = "fullscreen toggle";
|
||||
"t" = "layout tabbed";
|
||||
"s" = "layout toggle split";
|
||||
"q" = "kill";
|
||||
"m" = "move workspace to output up";
|
||||
"n" = "move workspace to output right";
|
||||
"shift+space" = "floating toggle";
|
||||
"shift+q" =
|
||||
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
|
||||
"space" = "${exec} hotkeys";
|
||||
} // builtins.foldl' (bindings: name:
|
||||
let
|
||||
number =
|
||||
toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in bindings // {
|
||||
"${number}" = "workspace ${number}:${name}";
|
||||
"Shift+${number}" = "move container to workspace ${number}:${name}";
|
||||
}) { } workspaces);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
xsession.initExtra = let
|
||||
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
|
||||
pass eu/m-0/${config.m-0.hostName}/ssh
|
||||
pass eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key
|
||||
'';
|
||||
start-agent = pkgs.writeShellScriptBin "start-ssh-agent" ''
|
||||
${pkgs.psmisc}/bin/killall -q ssh-agent
|
||||
|
|
57
home/desktop/status-monitoring.toml
Normal file
57
home/desktop/status-monitoring.toml
Normal file
|
@ -0,0 +1,57 @@
|
|||
theme = "slick"
|
||||
icons = "awesome"
|
||||
|
||||
[[block]]
|
||||
block = "speedtest"
|
||||
bytes = false
|
||||
interval = 1800
|
||||
|
||||
[[block]]
|
||||
block = "temperature"
|
||||
collapsed = false
|
||||
interval = 10
|
||||
format = "{min}° min, {max}° max, {average}° avg"
|
||||
chip = "*-isa-*"
|
||||
|
||||
[[block]]
|
||||
block = "net"
|
||||
device = "wlp61s0"
|
||||
ssid = true
|
||||
ip = true
|
||||
speed_up = true
|
||||
speed_down = true
|
||||
graph_up = true
|
||||
graph_down = true
|
||||
interval = 5
|
||||
|
||||
[[block]]
|
||||
block = "net"
|
||||
device = "enp0s31f6"
|
||||
ssid = true
|
||||
ip = true
|
||||
speed_up = true
|
||||
speed_down = true
|
||||
graph_up = true
|
||||
graph_down = true
|
||||
interval = 5
|
||||
|
||||
[[block]]
|
||||
block = "disk_space"
|
||||
path = "/"
|
||||
alias = "/"
|
||||
info_type = "available"
|
||||
unit = "GB"
|
||||
interval = 60
|
||||
warning = 20.0
|
||||
alert = 10.0
|
||||
|
||||
[[block]]
|
||||
block = "memory"
|
||||
display_type = "memory"
|
||||
format_mem = "{Mup}%"
|
||||
format_swap = "{SUp}%"
|
||||
|
||||
[[block]]
|
||||
block = "load"
|
||||
interval = 5
|
||||
format = "{1m}"
|
35
home/desktop/status.toml
Normal file
35
home/desktop/status.toml
Normal file
|
@ -0,0 +1,35 @@
|
|||
theme = "slick"
|
||||
icons = "awesome"
|
||||
|
||||
[[block]]
|
||||
block = "music"
|
||||
buttons = ["play", "next"]
|
||||
max_width = 64
|
||||
|
||||
[[block]]
|
||||
block = "net"
|
||||
device = "wlp61s0"
|
||||
ssid = true
|
||||
ip = false
|
||||
speed_up = false
|
||||
speed_down = false
|
||||
graph_up = false
|
||||
graph_down = false
|
||||
interval = 5
|
||||
|
||||
[[block]]
|
||||
block = "sound"
|
||||
|
||||
[[block]]
|
||||
block = "backlight"
|
||||
device = "intel_backlight"
|
||||
|
||||
[[block]]
|
||||
block = "battery"
|
||||
driver = "upower"
|
||||
format = "{percentage}% ({power}W) {time}"
|
||||
|
||||
[[block]]
|
||||
block = "time"
|
||||
interval = 5
|
||||
format = "%F %a %T"
|
28
home/desktop/sway.config
Normal file
28
home/desktop/sway.config
Normal file
|
@ -0,0 +1,28 @@
|
|||
set $mod Mod4
|
||||
set $term ate
|
||||
set $lock swaylock -e -F -l -s fill -f -i ~/.wallpaper.jpg
|
||||
|
||||
exec my-ssh-add
|
||||
exec swayidle -w \
|
||||
timeout 600 '$lock' \
|
||||
timeout 570 'swaymsg "output * dpms off"' \
|
||||
resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep '$lock'
|
||||
|
||||
output * bg ~/.wallpaper.jpg fill
|
||||
|
||||
input type:keyboard {
|
||||
xkb_layout de
|
||||
xkb_variant neo
|
||||
xkb_options altwin:swap_lalt_lwin
|
||||
}
|
||||
|
||||
focus_follows_mouse no
|
||||
hide_edge_borders --i3 smart
|
||||
titlebar_border_thickness 0
|
||||
titlebar_padding 1
|
||||
font monospace 9.5
|
||||
default_border pixel 1
|
||||
floating_modifier $mod normal
|
||||
|
||||
bindsym ctrl+escape exec $lock
|
|
@ -1,3 +1,10 @@
|
|||
# If running from tty1 start sway
|
||||
if [ "$(tty)" = "/dev/tty1" ]; then
|
||||
. start-ssh-agent
|
||||
exec sway
|
||||
fi
|
||||
|
||||
# If not in a tmux, start tmux
|
||||
if [[ -z "$TMUX" ]] {
|
||||
session=$(tmux ls | grep -v attached | head -1 | cut -f1 -d:)
|
||||
if [[ -n $session ]] {
|
||||
|
|
|
@ -23,8 +23,6 @@ in {
|
|||
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
firewall.allowedTCPPorts = [ 8888 ];
|
||||
firewall.allowedUDPPorts = [ 30000 ];
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
|
@ -79,15 +77,10 @@ in {
|
|||
cleanupInterval = "15m";
|
||||
snapshotInterval = "*:00/3:00";
|
||||
};
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint pkgs.hplip ];
|
||||
};
|
||||
prometheus.exporters.node = {
|
||||
firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
|
||||
openFirewall = true;
|
||||
};
|
||||
autorandr.enable = true;
|
||||
};
|
||||
|
||||
cdark_net = {
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
hostName = "hera-v4";
|
||||
pubKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
|
||||
passPath = "eu/m-0/hera/disk";
|
||||
passPath = "eu/m-0/hera.m-0.eu/disk";
|
||||
}];
|
||||
mail = {
|
||||
enable = true;
|
||||
|
|
Binary file not shown.
|
@ -16,10 +16,7 @@ let
|
|||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, ... }: {
|
||||
#disabledModules = [ "services/web-apps/nextcloud.nix" ];
|
||||
imports = [
|
||||
../../system # ./nextcloud.nix
|
||||
];
|
||||
imports = [ ../../system ];
|
||||
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
|
|
|
@ -1,558 +0,0 @@
|
|||
{ config, lib, pkgs, ... }@args:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.nextcloud;
|
||||
|
||||
phpPackage = pkgs.php73;
|
||||
phpPackages = pkgs.php73Packages;
|
||||
|
||||
toKeyValue = generators.toKeyValue {
|
||||
mkKeyValue = generators.mkKeyValueDefault { } " = ";
|
||||
};
|
||||
|
||||
phpOptionsExtensions = ''
|
||||
${optionalString cfg.caching.apcu
|
||||
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
|
||||
${optionalString cfg.caching.redis
|
||||
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
|
||||
${optionalString cfg.caching.memcached
|
||||
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
|
||||
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
|
||||
zend_extension = opcache.so
|
||||
opcache.enable = 1
|
||||
'';
|
||||
phpOptions = {
|
||||
upload_max_filesize = cfg.maxUploadSize;
|
||||
post_max_size = cfg.maxUploadSize;
|
||||
memory_limit = cfg.maxUploadSize;
|
||||
} // cfg.phpOptions;
|
||||
phpOptionsStr = phpOptionsExtensions + (toKeyValue phpOptions);
|
||||
|
||||
occ = pkgs.writeScriptBin "nextcloud-occ" ''
|
||||
#! ${pkgs.stdenv.shell}
|
||||
cd ${pkgs.nextcloud}
|
||||
exec /run/wrappers/bin/sudo -u nextcloud \
|
||||
NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" \
|
||||
${phpPackage}/bin/php \
|
||||
-c ${pkgs.writeText "php.ini" phpOptionsStr}\
|
||||
occ $*
|
||||
'';
|
||||
|
||||
in {
|
||||
options.services.nextcloud = {
|
||||
enable = mkEnableOption "nextcloud";
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
description = "FQDN for the nextcloud instance.";
|
||||
};
|
||||
home = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/nextcloud";
|
||||
description = "Storage path of nextcloud.";
|
||||
};
|
||||
logLevel = mkOption {
|
||||
type = types.ints.between 0 4;
|
||||
default = 2;
|
||||
description = "Log level value between 0 (DEBUG) and 4 (FATAL).";
|
||||
};
|
||||
https = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description =
|
||||
"Enable if there is a TLS terminating proxy in front of nextcloud.";
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
default = "512M";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Defines the upload limit for files. This changes the relevant options
|
||||
in php.ini and nginx if enabled.
|
||||
'';
|
||||
};
|
||||
|
||||
skeletonDirectory = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = ''
|
||||
The directory where the skeleton files are located. These files will be
|
||||
copied to the data directory of new users. Leave empty to not copy any
|
||||
skeleton files.
|
||||
'';
|
||||
};
|
||||
|
||||
nginx.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable nginx virtual host management.
|
||||
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.<name></literal>.
|
||||
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
|
||||
'';
|
||||
};
|
||||
|
||||
webfinger = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable this option if you plan on using the webfinger plugin.
|
||||
The appropriate nginx rewrite rules will be added to your configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
phpOptions = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {
|
||||
"short_open_tag" = "Off";
|
||||
"expose_php" = "Off";
|
||||
"error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
||||
"display_errors" = "stderr";
|
||||
"opcache.enable_cli" = "1";
|
||||
"opcache.interned_strings_buffer" = "8";
|
||||
"opcache.max_accelerated_files" = "10000";
|
||||
"opcache.memory_consumption" = "128";
|
||||
"opcache.revalidate_freq" = "1";
|
||||
"opcache.fast_shutdown" = "1";
|
||||
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
||||
"catch_workers_output" = "yes";
|
||||
};
|
||||
description = ''
|
||||
Options for PHP's php.ini file for nextcloud.
|
||||
'';
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
pm = dynamic
|
||||
pm.max_children = 32
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 2
|
||||
pm.max_spare_servers = 4
|
||||
pm.max_requests = 500
|
||||
'';
|
||||
description = ''
|
||||
Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
config = {
|
||||
dbtype = mkOption {
|
||||
type = types.enum [ "sqlite" "pgsql" "mysql" ];
|
||||
default = "sqlite";
|
||||
description = "Database type.";
|
||||
};
|
||||
dbname = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "nextcloud";
|
||||
description = "Database name.";
|
||||
};
|
||||
dbuser = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "nextcloud";
|
||||
description = "Database user.";
|
||||
};
|
||||
dbpass = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Database password. Use <literal>dbpassFile</literal> to avoid this
|
||||
being world-readable in the <literal>/nix/store</literal>.
|
||||
'';
|
||||
};
|
||||
dbpassFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
The full path to a file that contains the database password.
|
||||
'';
|
||||
};
|
||||
dbhost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Database host.
|
||||
|
||||
Note: for using Unix authentication with PostgreSQL, this should be
|
||||
set to <literal>/run/postgresql</literal>.
|
||||
'';
|
||||
};
|
||||
dbport = mkOption {
|
||||
type = with types; nullOr (either int str);
|
||||
default = null;
|
||||
description = "Database port.";
|
||||
};
|
||||
dbtableprefix = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Table prefix in Nextcloud database.";
|
||||
};
|
||||
adminuser = mkOption {
|
||||
type = types.str;
|
||||
default = "root";
|
||||
description = "Admin username.";
|
||||
};
|
||||
adminpass = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Admin password. Use <literal>adminpassFile</literal> to avoid this
|
||||
being world-readable in the <literal>/nix/store</literal>.
|
||||
'';
|
||||
};
|
||||
adminpassFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
The full path to a file that contains the admin's password.
|
||||
'';
|
||||
};
|
||||
|
||||
extraTrustedDomains = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Trusted domains, from which the nextcloud installation will be
|
||||
acessible. You don't need to add
|
||||
<literal>services.nextcloud.hostname</literal> here.
|
||||
'';
|
||||
};
|
||||
|
||||
overwriteProtocol = mkOption {
|
||||
type = types.nullOr (types.enum [ "http" "https" ]);
|
||||
default = null;
|
||||
example = "https";
|
||||
|
||||
description = ''
|
||||
Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud
|
||||
uses the currently used protocol by default, but when behind a reverse-proxy,
|
||||
it may use <literal>http</literal> for everything although Nextcloud
|
||||
may be served via HTTPS.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
caching = {
|
||||
apcu = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to load the APCu module into PHP.
|
||||
'';
|
||||
};
|
||||
redis = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to load the Redis module into PHP.
|
||||
You still need to enable Redis in your config.php.
|
||||
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
||||
'';
|
||||
};
|
||||
memcached = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to load the Memcached module into PHP.
|
||||
You still need to enable Memcached in your config.php.
|
||||
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
||||
'';
|
||||
};
|
||||
};
|
||||
autoUpdateApps = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Run a auto update of all installed apps from the nextcloud repository.
|
||||
'';
|
||||
};
|
||||
startAt = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = "05:00:00";
|
||||
example = "Sun 14:00:00";
|
||||
description = ''
|
||||
When to run the update. See `systemd.services.<name>.startAt`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{
|
||||
assertions = let acfg = cfg.config;
|
||||
in [
|
||||
{
|
||||
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||
message = "Please specify no more than one of dbpass or dbpassFile";
|
||||
}
|
||||
{
|
||||
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
|
||||
message =
|
||||
"Please specify exactly one of adminpass or adminpassFile";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
{
|
||||
systemd.timers."nextcloud-cron" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnBootSec = "5m";
|
||||
timerConfig.OnUnitActiveSec = "15m";
|
||||
timerConfig.Unit = "nextcloud-cron.service";
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
"nextcloud-setup" = let
|
||||
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
|
||||
<?php
|
||||
$CONFIG = [
|
||||
'apps_paths' => [
|
||||
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
|
||||
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
|
||||
],
|
||||
'datadirectory' => '${cfg.home}/data',
|
||||
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
||||
${
|
||||
optionalString cfg.caching.apcu
|
||||
"'memcache.local' => '\\OC\\Memcache\\APCu',"
|
||||
}
|
||||
'log_type' => 'syslog',
|
||||
'log_level' => '${builtins.toString cfg.logLevel}',
|
||||
${
|
||||
optionalString (cfg.config.overwriteProtocol != null)
|
||||
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
|
||||
}
|
||||
];
|
||||
'';
|
||||
occInstallCmd = let
|
||||
c = cfg.config;
|
||||
adminpass = if c.adminpassFile != null then
|
||||
''"$(<"${toString c.adminpassFile}")"''
|
||||
else
|
||||
''"${toString c.adminpass}"'';
|
||||
dbpass = if c.dbpassFile != null then
|
||||
''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null then
|
||||
''"${toString c.dbpass}"''
|
||||
else
|
||||
null;
|
||||
installFlags = concatStringsSep " \\\n "
|
||||
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
||||
"--database" = ''"${c.dbtype}"'';
|
||||
# The following attributes are optional depending on the type of
|
||||
# database. Those that evaluate to null on the left hand side
|
||||
# will be omitted.
|
||||
${if c.dbname != null then "--database-name" else null} =
|
||||
''"${c.dbname}"'';
|
||||
${if c.dbhost != null then "--database-host" else null} =
|
||||
''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} =
|
||||
''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} =
|
||||
''"${c.dbuser}"'';
|
||||
${
|
||||
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
|
||||
"--database-pass"
|
||||
else
|
||||
null
|
||||
} = dbpass;
|
||||
${
|
||||
if c.dbtableprefix != null then
|
||||
"--database-table-prefix"
|
||||
else
|
||||
null
|
||||
} = ''"${toString c.dbtableprefix}"'';
|
||||
"--admin-user" = ''"${c.adminuser}"'';
|
||||
"--admin-pass" = adminpass;
|
||||
"--data-dir" = ''"${cfg.home}/data"'';
|
||||
});
|
||||
in ''
|
||||
${occ}/bin/nextcloud-occ maintenance:install \
|
||||
${installFlags}
|
||||
'';
|
||||
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
|
||||
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||
${toString i} --value="${toString v}"
|
||||
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-nextcloud.service" ];
|
||||
script = ''
|
||||
chmod og+x ${cfg.home}
|
||||
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
|
||||
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
|
||||
|
||||
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
|
||||
# Do not install if already installed
|
||||
if [[ ! -e ${cfg.home}/config/config.php ]]; then
|
||||
${occInstallCmd}
|
||||
fi
|
||||
|
||||
${occ}/bin/nextcloud-occ upgrade
|
||||
|
||||
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
|
||||
${occSetTrustedDomainsCmd}
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
"nextcloud-cron" = {
|
||||
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.User = "nextcloud";
|
||||
serviceConfig.ExecStart =
|
||||
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
|
||||
};
|
||||
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all";
|
||||
startAt = cfg.autoUpdateApps.startAt;
|
||||
};
|
||||
};
|
||||
|
||||
services.phpfpm = {
|
||||
pools.nextcloud = let
|
||||
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
|
||||
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
|
||||
phpOptions)));
|
||||
in {
|
||||
phpOptions = phpOptionsExtensions;
|
||||
phpPackage = phpPackage;
|
||||
listen = "/run/phpfpm/nextcloud";
|
||||
extraConfig = ''
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
user = nextcloud
|
||||
group = nginx
|
||||
${cfg.poolConfig}
|
||||
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
|
||||
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
|
||||
${phpAdminValues}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.nextcloud = {
|
||||
home = "${cfg.home}";
|
||||
group = "nginx";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ occ ];
|
||||
}
|
||||
|
||||
(mkIf cfg.nginx.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${cfg.hostName}" = {
|
||||
root = pkgs.nextcloud;
|
||||
locations = {
|
||||
"= /robots.txt" = {
|
||||
priority = 100;
|
||||
extraConfig = ''
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
'';
|
||||
};
|
||||
"/" = {
|
||||
priority = 200;
|
||||
extraConfig = "rewrite ^ /index.php$request_uri;";
|
||||
};
|
||||
"~ ^/store-apps" = {
|
||||
priority = 201;
|
||||
extraConfig = "root ${cfg.home};";
|
||||
};
|
||||
"= /.well-known/carddav" = {
|
||||
priority = 210;
|
||||
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
|
||||
};
|
||||
"= /.well-known/caldav" = {
|
||||
priority = 210;
|
||||
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
|
||||
};
|
||||
"~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
|
||||
priority = 300;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
|
||||
priority = 300;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
|
||||
{
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass unix:/run/phpfpm/nextcloud;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
fastcgi_read_timeout 120s;
|
||||
'';
|
||||
};
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
|
||||
''
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
'';
|
||||
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
access_log off;
|
||||
'';
|
||||
"~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
access_log off;
|
||||
'';
|
||||
};
|
||||
extraConfig = ''
|
||||
more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://*.mathechor.de";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
error_page 403 /core/templates/403.php;
|
||||
error_page 404 /core/templates/404.php;
|
||||
client_max_body_size ${cfg.maxUploadSize};
|
||||
fastcgi_buffers 64 4K;
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
${optionalString cfg.webfinger ''
|
||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
''}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
]);
|
||||
|
||||
meta.doc = ./nextcloud.xml;
|
||||
}
|
|
@ -1,115 +0,0 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="module-services-nextcloud">
|
||||
<title>Nextcloud</title>
|
||||
<para>
|
||||
<link xlink:href="https://nextcloud.com/">Nextcloud</link> is an open-source,
|
||||
self-hostable cloud platform. The server setup can be automated using
|
||||
<link linkend="opt-services.nextcloud.enable">services.nextcloud</link>. A
|
||||
desktop client is packaged at <literal>pkgs.nextcloud-client</literal>.
|
||||
</para>
|
||||
<section xml:id="module-services-nextcloud-basic-usage">
|
||||
<title>Basic usage</title>
|
||||
|
||||
<para>
|
||||
Nextcloud is a PHP-based application which requires an HTTP server
|
||||
(<literal><link linkend="opt-services.nextcloud.enable">services.nextcloud</link></literal>
|
||||
optionally supports
|
||||
<literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>)
|
||||
and a database (it's recommended to use
|
||||
<literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A very basic configuration may look like this:
|
||||
<programlisting>{ pkgs, ... }:
|
||||
{
|
||||
services.nextcloud = {
|
||||
<link linkend="opt-services.nextcloud.enable">enable</link> = true;
|
||||
<link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld";
|
||||
<link linkend="opt-services.nextcloud.nginx.enable">nginx.enable</link> = true;
|
||||
config = {
|
||||
<link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
|
||||
<link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
|
||||
<link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
||||
<link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud";
|
||||
<link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file";
|
||||
<link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
<link linkend="opt-services.postgresql.enable">enable</link> = true;
|
||||
<link linkend="opt-services.postgresql.initialScript">initialScript</link> = pkgs.writeText "psql-init" ''
|
||||
CREATE ROLE nextcloud WITH LOGIN;
|
||||
CREATE DATABASE nextcloud WITH OWNER nextcloud;
|
||||
'';
|
||||
};
|
||||
|
||||
# ensure that postgres is running *before* running the setup
|
||||
systemd.services."nextcloud-setup" = {
|
||||
requires = ["postgresql.service"];
|
||||
after = ["postgresql.service"];
|
||||
};
|
||||
|
||||
<link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
|
||||
}</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The options <literal>hostName</literal> and <literal>nginx.enable</literal>
|
||||
are used internally to configure an HTTP server using
|
||||
<literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
|
||||
and <literal>nginx</literal>. The <literal>config</literal> attribute set is
|
||||
used for the <literal>config.php</literal> which is used for the
|
||||
application's configuration. <emphasis>Beware: this isn't entirely pure
|
||||
since the config is modified by the application's runtime!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In case the application serves multiple hosts (those are checked with
|
||||
<literal><link xlink:href="http://php.net/manual/en/reserved.variables.server.php">$_SERVER['HTTP_HOST']</link></literal>)
|
||||
those can be added using
|
||||
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="module-services-nextcloud-pitfalls-during-upgrade">
|
||||
<title>Pitfalls</title>
|
||||
|
||||
<para>
|
||||
Unfortunately Nextcloud appears to be very stateful when it comes to
|
||||
managing its own configuration. The config file lives in the home directory
|
||||
of the <literal>nextcloud</literal> user (by default
|
||||
<literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to
|
||||
track several states of the application (e.g. whether installed or not).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Right now changes to the <literal>services.nextcloud.config</literal>
|
||||
attribute set won't take effect after the first install (except
|
||||
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>)
|
||||
since the actual configuration file is generated by the NextCloud installer
|
||||
which also sets up critical parts such as the database structure.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Warning: don't delete <literal>config.php</literal>! This file
|
||||
tracks the application's state and a deletion can cause unwanted
|
||||
side-effects!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Warning: don't rerun <literal>nextcloud-occ
|
||||
maintenance:install</literal>! This command tries to install the application
|
||||
and can cause unwanted side-effects!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The issues are known and reported in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/49783">#49783</link>,
|
||||
for now it's unfortunately necessary to manually work around these issues.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -34,6 +34,7 @@ rec {
|
|||
p.hlint
|
||||
p.ghcid
|
||||
p.cabal-install
|
||||
p.classy-prelude
|
||||
p.haskell-ci
|
||||
p.shake
|
||||
]);
|
||||
|
|
|
@ -26,12 +26,25 @@ in rec {
|
|||
BACKGROUND_COLOR = colors.background;
|
||||
};
|
||||
keybindings = {
|
||||
DECREMENT_FONT =
|
||||
"control+shift+minus"; # Das ist neo für control+minus, k.A. warum.
|
||||
INCREMENT_FONT = "control+minus";
|
||||
DECREMENT_FONT = "control+plus";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
start-agent = pkgs.writeShellScriptBin "start-ssh-agent" ''
|
||||
${pkgs.psmisc}/bin/killall -q ssh-agent
|
||||
eval `${pkgs.openssh}/bin/ssh-agent -s`
|
||||
systemctl --user set-environment SSH_AUTH_SOCK="$SSH_AUTH_SOCK"
|
||||
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
|
||||
'';
|
||||
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
|
||||
pass eu/m-0/$(hostname).m-0.eu/ssh-key
|
||||
'';
|
||||
my-ssh-add = pkgs.writeShellScriptBin "my-ssh-add" ''
|
||||
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add < /dev/null
|
||||
'';
|
||||
|
||||
gitstatus = pkgs.callPackage ./powerlevel10k/gitstatus.nix {
|
||||
libgit2 = pkgs.libgit2.overrideAttrs (attrs: {
|
||||
src = pkgs.fetchFromGitHub {
|
||||
|
@ -151,6 +164,8 @@ in rec {
|
|||
# web
|
||||
chromium
|
||||
|
||||
upower speedtest-cli
|
||||
|
||||
# communication
|
||||
signal-desktop tdesktop acpi dino mumble
|
||||
|
||||
|
@ -196,9 +211,12 @@ in rec {
|
|||
fi
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt terminal ate;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit urxvt terminal ate start-agent my-ssh-add;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
inherit (pkgs)
|
||||
lm_sensors sway swaylock swayidle xwayland rofi i3status-rust waybar
|
||||
dmenu;
|
||||
|
||||
};
|
||||
home-pkgs = {
|
||||
nixfmt = import sources.nixfmt { };
|
||||
|
|
|
@ -40,7 +40,6 @@ nnoremap <a-left> gT
|
|||
nnoremap <a-right> gt
|
||||
let mapleader=","
|
||||
|
||||
hi CursorColumn ctermbg=black
|
||||
|
||||
set winaltkeys=no
|
||||
set noai
|
||||
|
@ -73,6 +72,7 @@ let g:autoformat_autoindent = 0
|
|||
let g:autoformat_retab = 0
|
||||
|
||||
colorscheme PaperColor
|
||||
hi Normal ctermbg=black
|
||||
|
||||
" if hidden is not set, TextEdit might fail.
|
||||
set hidden
|
||||
|
|
|
@ -13,13 +13,14 @@ in {
|
|||
};
|
||||
};
|
||||
config = mkIf config.m-0.laptop.enable {
|
||||
|
||||
networking = { networkmanager.enable = true; };
|
||||
i18n.consoleKeyMap = "neo";
|
||||
|
||||
sound.enable = true;
|
||||
hardware.opengl = {
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
enable = true;
|
||||
driSupport32Bit = true; # for gw2
|
||||
};
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
|
@ -29,8 +30,19 @@ in {
|
|||
};
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
security.pam.services.swaylock = { };
|
||||
programs.dconf.enable = true;
|
||||
|
||||
services = {
|
||||
upower.enable = true;
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint pkgs.hplip ];
|
||||
};
|
||||
udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
unbound = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
@ -42,29 +54,6 @@ in {
|
|||
forward-addr: 172.23.0.53
|
||||
'';
|
||||
};
|
||||
mpd = {
|
||||
enable = true;
|
||||
user = me.user;
|
||||
group = "users";
|
||||
network.listenAddress = "::1";
|
||||
musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "pulse"
|
||||
name "Pulseaudio"
|
||||
server "localhost"
|
||||
}
|
||||
'';
|
||||
};
|
||||
xserver = {
|
||||
enable = true;
|
||||
layout = "de";
|
||||
xkbVariant = "neo";
|
||||
displayManager.auto = {
|
||||
enable = true;
|
||||
user = "maralorn";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,7 +8,8 @@ in {
|
|||
description = me.name;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ];
|
||||
extraGroups =
|
||||
[ "wheel" "systemd-journal" "networkmanager" "docker" "video" ];
|
||||
openssh.authorizedKeys.keys = me.keys;
|
||||
passwordFile = me.pw-file;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue