diff --git a/common/secret/default.nix b/common/secret/default.nix index 430b36ca..484f249c 100644 Binary files a/common/secret/default.nix and b/common/secret/default.nix differ diff --git a/home/default.nix b/home/default.nix index cbff2c4b..99bad208 100644 --- a/home/default.nix +++ b/home/default.nix @@ -155,7 +155,7 @@ in { EMAIL = me.mail; SUDO_ASKPASS = let print-pw = pkgs.writeShellScriptBin "print-pw" - "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}"; + "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"; in "${print-pw}/bin/print-pw"; }; file.".config/nvim/coc-settings.json".text = builtins.toJSON { diff --git a/home/desktop/default.nix b/home/desktop/default.nix index abd5f5e1..6c149d11 100644 --- a/home/desktop/default.nix +++ b/home/desktop/default.nix @@ -1,8 +1,7 @@ { pkgs, lib, config, ... }: let inherit (import ../../pkgs) desktop-pkgs; in { - imports = - [ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ]; + imports = [ ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ]; m-0 = { workspaces = [ "tasks" @@ -38,73 +37,8 @@ in { "brightWhite" = "#ffffff"; }; }; - xsession.initExtra = "xsetroot -solid black"; - home = { - packages = builtins.attrValues desktop-pkgs; - keyboard = { - layout = "de"; - variant = "neo"; - options = [ "altwin:swap_lalt_lwin" ]; - }; - }; - programs.urxvt = let mkFont = size: name: "xft:${name}:size=${size}"; - in { - enable = true; - package = desktop-pkgs.urxvt; - fonts = map (mkFont "13") [ - "Inconsolata" - "Droid Sans Mono" - "DejaVu Sans Mono" - "Droid Sans Fallback" - "FreeSans" - ]; - keybindings = let - switchFont = size: - "command:\\033]710;${ - lib.concatStringsSep "," (map (mkFont size) [ - "Inconsolata" - "Droid Sans Mono" - "DejaVu Sans Mono" - "Droid Sans Fallback" - "FreeSans" - ]) - }\\007"; - in { - "C-1" = switchFont "10"; - "C-2" = switchFont "13"; - "C-3" = switchFont "16"; - "C-4" = switchFont "24"; - "C-f" = "matcher:select"; - "C-g" = "matcher:last"; - }; - extraConfig = { - tintColor = config.m-0.colors.background; - perl-ext = "default,matcher,clipboard-osc"; - url-launcher = "firefox"; - foreground = config.m-0.colors.foreground; - background = config.m-0.colors.background; - color0 = config.m-0.colors.black; - color1 = config.m-0.colors.red; - color2 = config.m-0.colors.green; - color3 = config.m-0.colors.yellow; - color4 = config.m-0.colors.blue; - color5 = config.m-0.colors.magenta; - color6 = config.m-0.colors.cyan; - color7 = config.m-0.colors.white; - color8 = config.m-0.colors.brightBlack; - color9 = config.m-0.colors.brightRed; - color10 = config.m-0.colors.brightGreen; - color11 = config.m-0.colors.brightYellow; - color12 = config.m-0.colors.brightBlue; - color13 = config.m-0.colors.brightMagenta; - color14 = config.m-0.colors.brightCyan; - color15 = config.m-0.colors.brightWhite; - }; - scroll = { - bar.enable = false; - lines = 0; - }; - }; + home = { packages = builtins.attrValues desktop-pkgs; }; + programs.browserpass.enable = true; gtk = { enable = true; iconTheme = { @@ -117,18 +51,172 @@ in { }; }; services = { - nextcloud-client.enable = true; - redshift = { + mpd = { enable = true; - temperature.day = 6500; - latitude = "49.86667"; - longitude = "8.65"; - }; - screen-locker = { - enable = true; - lockCmd = - "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png"; + network.listenAddress = "::1"; + musicDirectory = "${config.home.homeDirectory}/data/aktuell/media/musik"; + extraConfig = '' + audio_output { + type "pulse" + name "Pulseaudio" + server "localhost" + } + ''; }; + mpdris2.enable = true; }; - xsession.enable = true; + systemd.user.services.mpdris2 = { + Unit.Requires = [ "dbus.service" ]; + Install.WantedBy = [ "default.target" ]; + }; + xdg.configFile."sway/config".text = builtins.readFile ./sway.config + (let + inherit (config.m-0) colors workspaces terminal; + swayColors = { + focused = { + background = colors.blue; + border = colors.blue; + childBorder = colors.blue; + indicator = colors.green; + text = colors.foreground; + }; + focused_inactive = { + background = colors.background; + border = colors.background; + childBorder = colors.background; + indicator = colors.green; + text = colors.foreground; + }; + unfocused = { + background = colors.background; + border = colors.background; + childBorder = colors.background; + indicator = colors.green; + text = colors.foreground; + }; + urgent = { + background = colors.red; + border = colors.red; + childBorder = colors.red; + indicator = colors.green; + text = colors.foreground; + }; + }; + barColors = { + active_workspace = { + background = colors.blue; + border = colors.blue; + text = colors.white; + }; + binding_mode = { + background = colors.red; + border = colors.red; + text = colors.white; + }; + focused_workspace = { + background = colors.blue; + border = colors.blue; + text = colors.white; + }; + inactive_workspace = { + background = colors.background; + border = colors.background; + text = colors.white; + }; + }; + bindings = { + "XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle"; + "XF86AudioLowerVolume" = + "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%"; + "XF86AudioRaiseVolume" = + "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%"; + "XF86AudioMicMute" = + "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle"; + "XF86MonBrightnessUp" = + "exec ${pkgs.brightnessctl}/bin/brightnessctl +5%"; + "XF86MonBrightnessDown" = + "exec ${pkgs.brightnessctl}/bin/brightnessctl +5%"; + "Tab" = "exec ${pkgs.skippy-xd}/bin/skippy-xd"; + "Left" = "focus left"; + "Down" = "focus down"; + "Up" = "focus up"; + "Right" = "focus right"; + "Shift+Left" = "move left"; + "Shift+Down" = "move down"; + "Shift+Up" = "move up"; + "Shift+Right" = "move right"; + "d" = "splith"; + "t" = "layout tabbed"; + "s" = "layout toggle split"; + "f" = "fullscreen"; + "Shift+space" = "floating toggle"; + "prior" = "focus parent"; + "next" = "focus child"; + "shift+q" = + "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "Return" = "exec ${terminal}"; + "q" = "kill"; + "space" = "exec hotkeys"; + "m" = "bar mode toggle monitoring"; + }; + workspaceBindings = builtins.foldl' (bindings: name: + let + number = toString ((builtins.length (builtins.attrNames bindings)) / 2); + in bindings // { + "${number}" = "workspace ${number}:${name}"; + "Shift+${number}" = "move container to workspace ${number}:${name}"; + }) { } workspaces; + bindingsConfig = lib.concatStringsSep "\n" (lib.mapAttrsToList + (binding: command: '' + bindsym $mod+${binding} ${command} + '') (bindings // workspaceBindings)); + in bindingsConfig + (lib.concatStringsSep "\n" (lib.mapAttrsToList (category: + { border, background, text, indicator, childBorder }: '' + client.${category} ${border}a0 ${background}c0 ${text} ${indicator} ${childBorder} + '') swayColors)) + '' + bar { + status_command i3status-rs ${./status.toml}; + status_padding 0 + status_edge_padding 0 + font monospace 9.5 + height 17 + strip_workspace_numbers yes + + mode hide + + colors { + statusline #ffffff + background #00000000 + ${ + lib.concatStringsSep "\n" (lib.mapAttrsToList (category: + { background, border, text }: '' + ${category} ${background}c0 ${border} ${text} + '') barColors) + } + } + } + bar { + id monitoring + status_command i3status-rs ${./status-monitoring.toml}; + status_padding 0 + status_edge_padding 0 + font monospace 9.5 + height 17 + workspace_buttons no + position top + modifier none + + mode invisible + + colors { + statusline #ffffff + background #00000000 + ${ + lib.concatStringsSep "\n" (lib.mapAttrsToList (category: + { background, border, text }: '' + ${category} ${background}c0 ${border} ${text} + '') barColors) + } + } + } + ''); } diff --git a/home/desktop/i3.nix b/home/desktop/i3.nix deleted file mode 100644 index a68257ed..00000000 --- a/home/desktop/i3.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - inherit (config.m-0) colors workspaces terminal; - exec = "exec --no-startup-id"; - conkyCommon = '' - background = false, - border_width = 0, - cpu_avg_samples = 2, - draw_borders = false, - draw_graph_borders = true, - draw_outline = false, - draw_shades = false, - double_buffer = true, - use_xft = true, - font = 'Source Code Pro For Powerline:size=8', - gap_x = 0, - gap_y = 0, - minimum_width = 316, - maximum_width = 316, - net_avg_samples = 2, - no_buffers = true, - out_to_console = false, - out_to_stderr = false, - extra_newline = false, - own_window = true, - own_window_class = 'Conky', - own_window_type = 'override', - own_window_colour = "${config.m-0.colors.background}", - own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky', - stippled_borders = 0, - update_interval = 1.0, - ''; - conkyOrgaConfig = pkgs.writeText "conky.conf" '' - conky.config = { - alignment = 'top_right', - ${conkyCommon} - } - - conky.text = [[ - ''${font Source Code Pro For Powerline:bold:size=14}''${color #8888ff}$alignc''${exec date '+%a %_d. %B, %H:%M:%S'} - ''${font Source Code Pro For Powerline:size=12} - ''${color #d0d0d0}''${execpi 60 ${pkgs.gcal}/bin/gcal -K -s1 --iso-week-number=yes | sed -e 's|5\d/1|01|' | sed -ne '3,10p' | sed -e 's// ''${color}/' | sed 's/^/$alignc/'} - $font - $hr - ''${execi 5 cat ~/.kassandra_state | tail -n4} - $hr - ''${execi 5 cat ~/tmp/today.md} - ]] - ''; - conkyMPDConfig = pkgs.writeText "conky.conf" '' - conky.config = { - alignment = 'bottom_right', - ${conkyCommon} - mpd_host = "::0", - mpd_port = 6600 - } - - conky.text = [[ - MPD $mpd_status | Vol: $mpd_vol% | Ran: $mpd_random | Rep: $mpd_repeat - $mpd_smart - $mpd_album - $mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar - ]] - - ''; - addMods = oldbindings: - builtins.foldl' (newbindings: key: - newbindings // { - "Mod4+${key}" = oldbindings.${key}; - "Mod3+Mod4+${key}" = oldbindings.${key}; - }) { } (builtins.attrNames oldbindings); -in { - - xsession = { - windowManager.i3 = { - enable = true; - extraConfig = '' - gaps right 320 - ''; - package = (import { }).i3-gaps; - config = let fonts = [ "Source Code Pro For Powerline 9" ]; - in { - startup = [ - { - command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; - notification = false; - } - { - command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; - notification = false; - } - ]; - focus = { - followMouse = false; - forceWrapping = true; - }; - inherit fonts; - colors = { - focused = { - background = colors.blue; - border = colors.blue; - childBorder = colors.blue; - indicator = colors.green; - text = colors.foreground; - }; - focusedInactive = { - background = colors.background; - border = colors.background; - childBorder = colors.background; - indicator = colors.green; - text = colors.foreground; - }; - unfocused = { - background = colors.background; - border = colors.background; - childBorder = colors.background; - indicator = colors.green; - text = colors.foreground; - }; - urgent = { - background = colors.red; - border = colors.red; - childBorder = colors.red; - indicator = colors.green; - text = colors.foreground; - }; - }; - bars = [{ - mode = "hide"; - inherit fonts; - colors = { - separator = colors.white; - background = colors.background; - activeWorkspace = { - background = colors.blue; - border = colors.blue; - text = colors.white; - }; - bindingMode = { - background = colors.red; - border = colors.red; - text = colors.white; - }; - focusedWorkspace = { - background = colors.blue; - border = colors.blue; - text = colors.white; - }; - inactiveWorkspace = { - background = colors.background; - border = colors.background; - text = colors.white; - }; - }; - }]; - window = { - titlebar = false; - border = 1; - commands = [{ - command = "floating disable"; - criteria = { class = "Firefox"; }; - }]; - }; - - keybindings = { - "XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle"; - "XF86AudioLowerVolume" = - "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%"; - "XF86AudioRaiseVolume" = - "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%"; - "XF86AudioMicMute" = - "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle"; - "XF86MonBrightnessUp" = "exec xbacklight +5"; - "XF86MonBrightnessDown" = "exec xbacklight -5"; - "XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr"; - "Ctrl+Escape" = "${exec} loginctl lock-session;"; - } // addMods ({ - "Left" = "focus left"; - "Down" = "focus down"; - "Up" = "focus up"; - "Right" = "focus right"; - "Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd"; - "Prior" = "focus parent"; - "Next" = "focus child"; - "Return" = "${exec} ${terminal}"; - "p" = "${exec} rofi-pass"; - "shift+Left" = "move left"; - "shift+Down" = "move down"; - "shift+Up" = "move up"; - "shift+Right" = "move right"; - "d" = "split h"; - "f" = "fullscreen toggle"; - "t" = "layout tabbed"; - "s" = "layout toggle split"; - "q" = "kill"; - "m" = "move workspace to output up"; - "n" = "move workspace to output right"; - "shift+space" = "floating toggle"; - "shift+q" = - "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'"; - "space" = "${exec} hotkeys"; - } // builtins.foldl' (bindings: name: - let - number = - toString ((builtins.length (builtins.attrNames bindings)) / 2); - in bindings // { - "${number}" = "workspace ${number}:${name}"; - "Shift+${number}" = "move container to workspace ${number}:${name}"; - }) { } workspaces); - }; - }; - }; - -} diff --git a/home/desktop/ssh-agent.nix b/home/desktop/ssh-agent.nix index 652db363..5b2db23d 100644 --- a/home/desktop/ssh-agent.nix +++ b/home/desktop/ssh-agent.nix @@ -2,7 +2,7 @@ xsession.initExtra = let cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" '' - pass eu/m-0/${config.m-0.hostName}/ssh + pass eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key ''; start-agent = pkgs.writeShellScriptBin "start-ssh-agent" '' ${pkgs.psmisc}/bin/killall -q ssh-agent diff --git a/home/desktop/status-monitoring.toml b/home/desktop/status-monitoring.toml new file mode 100644 index 00000000..3ca835f5 --- /dev/null +++ b/home/desktop/status-monitoring.toml @@ -0,0 +1,57 @@ +theme = "slick" +icons = "awesome" + +[[block]] +block = "speedtest" +bytes = false +interval = 1800 + +[[block]] +block = "temperature" +collapsed = false +interval = 10 +format = "{min}° min, {max}° max, {average}° avg" +chip = "*-isa-*" + +[[block]] +block = "net" +device = "wlp61s0" +ssid = true +ip = true +speed_up = true +speed_down = true +graph_up = true +graph_down = true +interval = 5 + +[[block]] +block = "net" +device = "enp0s31f6" +ssid = true +ip = true +speed_up = true +speed_down = true +graph_up = true +graph_down = true +interval = 5 + +[[block]] +block = "disk_space" +path = "/" +alias = "/" +info_type = "available" +unit = "GB" +interval = 60 +warning = 20.0 +alert = 10.0 + +[[block]] +block = "memory" +display_type = "memory" +format_mem = "{Mup}%" +format_swap = "{SUp}%" + +[[block]] +block = "load" +interval = 5 +format = "{1m}" diff --git a/home/desktop/status.toml b/home/desktop/status.toml new file mode 100644 index 00000000..87a0d751 --- /dev/null +++ b/home/desktop/status.toml @@ -0,0 +1,35 @@ +theme = "slick" +icons = "awesome" + +[[block]] +block = "music" +buttons = ["play", "next"] +max_width = 64 + +[[block]] +block = "net" +device = "wlp61s0" +ssid = true +ip = false +speed_up = false +speed_down = false +graph_up = false +graph_down = false +interval = 5 + +[[block]] +block = "sound" + +[[block]] +block = "backlight" +device = "intel_backlight" + +[[block]] +block = "battery" +driver = "upower" +format = "{percentage}% ({power}W) {time}" + +[[block]] +block = "time" +interval = 5 +format = "%F %a %T" diff --git a/home/desktop/sway.config b/home/desktop/sway.config new file mode 100644 index 00000000..36945fb9 --- /dev/null +++ b/home/desktop/sway.config @@ -0,0 +1,28 @@ +set $mod Mod4 +set $term ate +set $lock swaylock -e -F -l -s fill -f -i ~/.wallpaper.jpg + +exec my-ssh-add +exec swayidle -w \ + timeout 600 '$lock' \ + timeout 570 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep '$lock' + +output * bg ~/.wallpaper.jpg fill + +input type:keyboard { + xkb_layout de + xkb_variant neo + xkb_options altwin:swap_lalt_lwin +} + +focus_follows_mouse no +hide_edge_borders --i3 smart +titlebar_border_thickness 0 +titlebar_padding 1 +font monospace 9.5 +default_border pixel 1 +floating_modifier $mod normal + +bindsym ctrl+escape exec $lock diff --git a/home/zsh/zshrc b/home/zsh/zshrc index a7b6173c..58dcd8cf 100644 --- a/home/zsh/zshrc +++ b/home/zsh/zshrc @@ -1,3 +1,10 @@ +# If running from tty1 start sway +if [ "$(tty)" = "/dev/tty1" ]; then + . start-ssh-agent + exec sway +fi + +# If not in a tmux, start tmux if [[ -z "$TMUX" ]] { session=$(tmux ls | grep -v attached | head -1 | cut -f1 -d:) if [[ -n $session ]] { diff --git a/hosts/apollo/configuration.nix b/hosts/apollo/configuration.nix index 6560d42b..19034b6c 100644 --- a/hosts/apollo/configuration.nix +++ b/hosts/apollo/configuration.nix @@ -23,8 +23,6 @@ in { networking = { hostName = "apollo"; - firewall.allowedTCPPorts = [ 8888 ]; - firewall.allowedUDPPorts = [ 30000 ]; wireguard.interfaces = { m0wire = { allowedIPsAsRoutes = false; @@ -79,15 +77,10 @@ in { cleanupInterval = "15m"; snapshotInterval = "*:00/3:00"; }; - printing = { - enable = true; - drivers = [ pkgs.gutenprint pkgs.hplip ]; - }; prometheus.exporters.node = { firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100"; openFirewall = true; }; - autorandr.enable = true; }; cdark_net = { diff --git a/hosts/apollo/home.nix b/hosts/apollo/home.nix index f8e59958..e0e25775 100644 --- a/hosts/apollo/home.nix +++ b/hosts/apollo/home.nix @@ -27,7 +27,7 @@ hostName = "hera-v4"; pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt"; - passPath = "eu/m-0/hera/disk"; + passPath = "eu/m-0/hera.m-0.eu/disk"; }]; mail = { enable = true; diff --git a/hosts/apollo/secret/jaliconfig.py b/hosts/apollo/secret/jaliconfig.py index 97cbf394..b72119fe 100644 Binary files a/hosts/apollo/secret/jaliconfig.py and b/hosts/apollo/secret/jaliconfig.py differ diff --git a/hosts/hera/cloud.nix b/hosts/hera/cloud.nix index 093e37c2..445ae7ae 100644 --- a/hosts/hera/cloud.nix +++ b/hosts/hera/cloud.nix @@ -16,10 +16,7 @@ let privateNetwork = true; hostBridge = "bridge"; config = { pkgs, ... }: { - #disabledModules = [ "services/web-apps/nextcloud.nix" ]; - imports = [ - ../../system # ./nextcloud.nix - ]; + imports = [ ../../system ]; networking = { interfaces.eth0 = { diff --git a/hosts/hera/nextcloud.nix b/hosts/hera/nextcloud.nix deleted file mode 100644 index b85cafa1..00000000 --- a/hosts/hera/nextcloud.nix +++ /dev/null @@ -1,558 +0,0 @@ -{ config, lib, pkgs, ... }@args: - -with lib; - -let - cfg = config.services.nextcloud; - - phpPackage = pkgs.php73; - phpPackages = pkgs.php73Packages; - - toKeyValue = generators.toKeyValue { - mkKeyValue = generators.mkKeyValueDefault { } " = "; - }; - - phpOptionsExtensions = '' - ${optionalString cfg.caching.apcu - "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} - ${optionalString cfg.caching.redis - "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} - ${optionalString cfg.caching.memcached - "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} - extension=${phpPackages.imagick}/lib/php/extensions/imagick.so - zend_extension = opcache.so - opcache.enable = 1 - ''; - phpOptions = { - upload_max_filesize = cfg.maxUploadSize; - post_max_size = cfg.maxUploadSize; - memory_limit = cfg.maxUploadSize; - } // cfg.phpOptions; - phpOptionsStr = phpOptionsExtensions + (toKeyValue phpOptions); - - occ = pkgs.writeScriptBin "nextcloud-occ" '' - #! ${pkgs.stdenv.shell} - cd ${pkgs.nextcloud} - exec /run/wrappers/bin/sudo -u nextcloud \ - NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" \ - ${phpPackage}/bin/php \ - -c ${pkgs.writeText "php.ini" phpOptionsStr}\ - occ $* - ''; - -in { - options.services.nextcloud = { - enable = mkEnableOption "nextcloud"; - hostName = mkOption { - type = types.str; - description = "FQDN for the nextcloud instance."; - }; - home = mkOption { - type = types.str; - default = "/var/lib/nextcloud"; - description = "Storage path of nextcloud."; - }; - logLevel = mkOption { - type = types.ints.between 0 4; - default = 2; - description = "Log level value between 0 (DEBUG) and 4 (FATAL)."; - }; - https = mkOption { - type = types.bool; - default = false; - description = - "Enable if there is a TLS terminating proxy in front of nextcloud."; - }; - - maxUploadSize = mkOption { - default = "512M"; - type = types.str; - description = '' - Defines the upload limit for files. This changes the relevant options - in php.ini and nginx if enabled. - ''; - }; - - skeletonDirectory = mkOption { - default = ""; - type = types.str; - description = '' - The directory where the skeleton files are located. These files will be - copied to the data directory of new users. Leave empty to not copy any - skeleton files. - ''; - }; - - nginx.enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable nginx virtual host management. - Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>. - See for further information. - ''; - }; - - webfinger = mkOption { - type = types.bool; - default = false; - description = '' - Enable this option if you plan on using the webfinger plugin. - The appropriate nginx rewrite rules will be added to your configuration. - ''; - }; - - phpOptions = mkOption { - type = types.attrsOf types.str; - default = { - "short_open_tag" = "Off"; - "expose_php" = "Off"; - "error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; - "display_errors" = "stderr"; - "opcache.enable_cli" = "1"; - "opcache.interned_strings_buffer" = "8"; - "opcache.max_accelerated_files" = "10000"; - "opcache.memory_consumption" = "128"; - "opcache.revalidate_freq" = "1"; - "opcache.fast_shutdown" = "1"; - "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; - "catch_workers_output" = "yes"; - }; - description = '' - Options for PHP's php.ini file for nextcloud. - ''; - }; - - poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 - ''; - description = '' - Options for nextcloud's PHP pool. See the documentation on php-fpm.conf for details on configuration directives. - ''; - }; - - config = { - dbtype = mkOption { - type = types.enum [ "sqlite" "pgsql" "mysql" ]; - default = "sqlite"; - description = "Database type."; - }; - dbname = mkOption { - type = types.nullOr types.str; - default = "nextcloud"; - description = "Database name."; - }; - dbuser = mkOption { - type = types.nullOr types.str; - default = "nextcloud"; - description = "Database user."; - }; - dbpass = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Database password. Use dbpassFile to avoid this - being world-readable in the /nix/store. - ''; - }; - dbpassFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The full path to a file that contains the database password. - ''; - }; - dbhost = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = '' - Database host. - - Note: for using Unix authentication with PostgreSQL, this should be - set to /run/postgresql. - ''; - }; - dbport = mkOption { - type = with types; nullOr (either int str); - default = null; - description = "Database port."; - }; - dbtableprefix = mkOption { - type = types.nullOr types.str; - default = null; - description = "Table prefix in Nextcloud database."; - }; - adminuser = mkOption { - type = types.str; - default = "root"; - description = "Admin username."; - }; - adminpass = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Admin password. Use adminpassFile to avoid this - being world-readable in the /nix/store. - ''; - }; - adminpassFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The full path to a file that contains the admin's password. - ''; - }; - - extraTrustedDomains = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - Trusted domains, from which the nextcloud installation will be - acessible. You don't need to add - services.nextcloud.hostname here. - ''; - }; - - overwriteProtocol = mkOption { - type = types.nullOr (types.enum [ "http" "https" ]); - default = null; - example = "https"; - - description = '' - Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud - uses the currently used protocol by default, but when behind a reverse-proxy, - it may use http for everything although Nextcloud - may be served via HTTPS. - ''; - }; - }; - - caching = { - apcu = mkOption { - type = types.bool; - default = true; - description = '' - Whether to load the APCu module into PHP. - ''; - }; - redis = mkOption { - type = types.bool; - default = false; - description = '' - Whether to load the Redis module into PHP. - You still need to enable Redis in your config.php. - See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - ''; - }; - memcached = mkOption { - type = types.bool; - default = false; - description = '' - Whether to load the Memcached module into PHP. - You still need to enable Memcached in your config.php. - See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - ''; - }; - }; - autoUpdateApps = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Run a auto update of all installed apps from the nextcloud repository. - ''; - }; - startAt = mkOption { - type = with types; either str (listOf str); - default = "05:00:00"; - example = "Sun 14:00:00"; - description = '' - When to run the update. See `systemd.services..startAt`. - ''; - }; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - { - assertions = let acfg = cfg.config; - in [ - { - assertion = !(acfg.dbpass != null && acfg.dbpassFile != null); - message = "Please specify no more than one of dbpass or dbpassFile"; - } - { - assertion = ((acfg.adminpass != null || acfg.adminpassFile != null) - && !(acfg.adminpass != null && acfg.adminpassFile != null)); - message = - "Please specify exactly one of adminpass or adminpassFile"; - } - ]; - } - - { - systemd.timers."nextcloud-cron" = { - wantedBy = [ "timers.target" ]; - timerConfig.OnBootSec = "5m"; - timerConfig.OnUnitActiveSec = "15m"; - timerConfig.Unit = "nextcloud-cron.service"; - }; - - systemd.services = { - "nextcloud-setup" = let - overrideConfig = pkgs.writeText "nextcloud-config.php" '' - [ - [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], - [ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ], - ], - 'datadirectory' => '${cfg.home}/data', - 'skeletondirectory' => '${cfg.skeletonDirectory}', - ${ - optionalString cfg.caching.apcu - "'memcache.local' => '\\OC\\Memcache\\APCu'," - } - 'log_type' => 'syslog', - 'log_level' => '${builtins.toString cfg.logLevel}', - ${ - optionalString (cfg.config.overwriteProtocol != null) - "'overwriteprotocol' => '${cfg.config.overwriteProtocol}'," - } - ]; - ''; - occInstallCmd = let - c = cfg.config; - adminpass = if c.adminpassFile != null then - ''"$(<"${toString c.adminpassFile}")"'' - else - ''"${toString c.adminpass}"''; - dbpass = if c.dbpassFile != null then - ''"$(<"${toString c.dbpassFile}")"'' - else if c.dbpass != null then - ''"${toString c.dbpass}"'' - else - null; - installFlags = concatStringsSep " \\\n " - (mapAttrsToList (k: v: "${k} ${toString v}") { - "--database" = ''"${c.dbtype}"''; - # The following attributes are optional depending on the type of - # database. Those that evaluate to null on the left hand side - # will be omitted. - ${if c.dbname != null then "--database-name" else null} = - ''"${c.dbname}"''; - ${if c.dbhost != null then "--database-host" else null} = - ''"${c.dbhost}"''; - ${if c.dbport != null then "--database-port" else null} = - ''"${toString c.dbport}"''; - ${if c.dbuser != null then "--database-user" else null} = - ''"${c.dbuser}"''; - ${ - if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then - "--database-pass" - else - null - } = dbpass; - ${ - if c.dbtableprefix != null then - "--database-table-prefix" - else - null - } = ''"${toString c.dbtableprefix}"''; - "--admin-user" = ''"${c.adminuser}"''; - "--admin-pass" = adminpass; - "--data-dir" = ''"${cfg.home}/data"''; - }); - in '' - ${occ}/bin/nextcloud-occ maintenance:install \ - ${installFlags} - ''; - occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: '' - ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ - ${toString i} --value="${toString v}" - '') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains)); - - in { - wantedBy = [ "multi-user.target" ]; - before = [ "phpfpm-nextcloud.service" ]; - script = '' - chmod og+x ${cfg.home} - ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/ - mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps - ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php - - chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps - - # Do not install if already installed - if [[ ! -e ${cfg.home}/config/config.php ]]; then - ${occInstallCmd} - fi - - ${occ}/bin/nextcloud-occ upgrade - - ${occ}/bin/nextcloud-occ config:system:delete trusted_domains - ${occSetTrustedDomainsCmd} - ''; - serviceConfig.Type = "oneshot"; - }; - "nextcloud-cron" = { - environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "nextcloud"; - serviceConfig.ExecStart = - "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php"; - }; - "nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable { - serviceConfig.Type = "oneshot"; - serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all"; - startAt = cfg.autoUpdateApps.startAt; - }; - }; - - services.phpfpm = { - pools.nextcloud = let - phpAdminValues = (toKeyValue (foldr (a: b: a // b) { } - (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) - phpOptions))); - in { - phpOptions = phpOptionsExtensions; - phpPackage = phpPackage; - listen = "/run/phpfpm/nextcloud"; - extraConfig = '' - listen.owner = nginx - listen.group = nginx - user = nextcloud - group = nginx - ${cfg.poolConfig} - env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config - env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin - ${phpAdminValues} - ''; - }; - }; - - users.extraUsers.nextcloud = { - home = "${cfg.home}"; - group = "nginx"; - createHome = true; - }; - - environment.systemPackages = [ occ ]; - } - - (mkIf cfg.nginx.enable { - services.nginx = { - enable = true; - virtualHosts = { - "${cfg.hostName}" = { - root = pkgs.nextcloud; - locations = { - "= /robots.txt" = { - priority = 100; - extraConfig = '' - allow all; - log_not_found off; - access_log off; - ''; - }; - "/" = { - priority = 200; - extraConfig = "rewrite ^ /index.php$request_uri;"; - }; - "~ ^/store-apps" = { - priority = 201; - extraConfig = "root ${cfg.home};"; - }; - "= /.well-known/carddav" = { - priority = 210; - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "= /.well-known/caldav" = { - priority = 210; - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = { - priority = 300; - extraConfig = "deny all;"; - }; - "~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = { - priority = 300; - extraConfig = "deny all;"; - }; - "~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = - { - priority = 500; - extraConfig = '' - include ${config.services.nginx.package}/conf/fastcgi.conf; - fastcgi_split_path_info ^(.+\.php)(\\/.*)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass unix:/run/phpfpm/nextcloud; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - fastcgi_read_timeout 120s; - ''; - }; - "~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = - '' - try_files $uri/ =404; - index index.php; - ''; - "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - access_log off; - ''; - "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' - try_files $uri /index.php$request_uri; - access_log off; - ''; - }; - extraConfig = '' - more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://*.mathechor.de"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - client_max_body_size ${cfg.maxUploadSize}; - fastcgi_buffers 64 4K; - fastcgi_hide_header X-Powered-By; - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - ${optionalString cfg.webfinger '' - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - ''} - ''; - }; - }; - }; - }) - ]); - - meta.doc = ./nextcloud.xml; -} diff --git a/hosts/hera/nextcloud.xml b/hosts/hera/nextcloud.xml deleted file mode 100644 index dfefa55c..00000000 --- a/hosts/hera/nextcloud.xml +++ /dev/null @@ -1,115 +0,0 @@ - - Nextcloud - - Nextcloud is an open-source, - self-hostable cloud platform. The server setup can be automated using - services.nextcloud. A - desktop client is packaged at pkgs.nextcloud-client. - -
- Basic usage - - - Nextcloud is a PHP-based application which requires an HTTP server - (services.nextcloud - optionally supports - services.nginx) - and a database (it's recommended to use - services.postgresql). - - - - A very basic configuration may look like this: -{ pkgs, ... }: -{ - services.nextcloud = { - enable = true; - hostName = "nextcloud.tld"; - nginx.enable = true; - config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; - adminpassFile = "/path/to/admin-pass-file"; - adminuser = "root"; - }; - }; - - services.postgresql = { - enable = true; - initialScript = pkgs.writeText "psql-init" '' - CREATE ROLE nextcloud WITH LOGIN; - CREATE DATABASE nextcloud WITH OWNER nextcloud; - ''; - }; - - # ensure that postgres is running *before* running the setup - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} - - - - The options hostName and nginx.enable - are used internally to configure an HTTP server using - PHP-FPM - and nginx. The config attribute set is - used for the config.php which is used for the - application's configuration. Beware: this isn't entirely pure - since the config is modified by the application's runtime! - - - - In case the application serves multiple hosts (those are checked with - $_SERVER['HTTP_HOST']) - those can be added using - services.nextcloud.config.extraTrustedDomains. - -
-
- Pitfalls - - - Unfortunately Nextcloud appears to be very stateful when it comes to - managing its own configuration. The config file lives in the home directory - of the nextcloud user (by default - /var/lib/nextcloud/config/config.php) and is also used to - track several states of the application (e.g. whether installed or not). - - - - Right now changes to the services.nextcloud.config - attribute set won't take effect after the first install (except - services.nextcloud.config.extraTrustedDomains) - since the actual configuration file is generated by the NextCloud installer - which also sets up critical parts such as the database structure. - - - - Warning: don't delete config.php! This file - tracks the application's state and a deletion can cause unwanted - side-effects! - - - - Warning: don't rerun nextcloud-occ - maintenance:install! This command tries to install the application - and can cause unwanted side-effects! - - - - The issues are known and reported in - #49783, - for now it's unfortunately necessary to manually work around these issues. - -
- diff --git a/lib/default.nix b/lib/default.nix index 5797dcbc..baee26ba 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -34,6 +34,7 @@ rec { p.hlint p.ghcid p.cabal-install + p.classy-prelude p.haskell-ci p.shake ]); diff --git a/pkgs/default.nix b/pkgs/default.nix index 1fc829cb..df04ba99 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -26,12 +26,25 @@ in rec { BACKGROUND_COLOR = colors.background; }; keybindings = { - DECREMENT_FONT = - "control+shift+minus"; # Das ist neo für control+minus, k.A. warum. + INCREMENT_FONT = "control+minus"; + DECREMENT_FONT = "control+plus"; }; }; }; + start-agent = pkgs.writeShellScriptBin "start-ssh-agent" '' + ${pkgs.psmisc}/bin/killall -q ssh-agent + eval `${pkgs.openssh}/bin/ssh-agent -s` + systemctl --user set-environment SSH_AUTH_SOCK="$SSH_AUTH_SOCK" + systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID" + ''; + cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" '' + pass eu/m-0/$(hostname).m-0.eu/ssh-key + ''; + my-ssh-add = pkgs.writeShellScriptBin "my-ssh-add" '' + SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add < /dev/null + ''; + gitstatus = pkgs.callPackage ./powerlevel10k/gitstatus.nix { libgit2 = pkgs.libgit2.overrideAttrs (attrs: { src = pkgs.fetchFromGitHub { @@ -151,6 +164,8 @@ in rec { # web chromium + upower speedtest-cli + # communication signal-desktop tdesktop acpi dino mumble @@ -196,9 +211,12 @@ in rec { fi ''; desktop-pkgs = { - inherit urxvt terminal ate; - inherit (pkgs) xautolock; + inherit urxvt terminal ate start-agent my-ssh-add; inherit (pkgs.gnome3) dconf; + inherit (pkgs) + lm_sensors sway swaylock swayidle xwayland rofi i3status-rust waybar + dmenu; + }; home-pkgs = { nixfmt = import sources.nixfmt { }; diff --git a/pkgs/nvim/vimrc b/pkgs/nvim/vimrc index fa8710de..8f7d9b6d 100644 --- a/pkgs/nvim/vimrc +++ b/pkgs/nvim/vimrc @@ -40,7 +40,6 @@ nnoremap gT nnoremap gt let mapleader="," -hi CursorColumn ctermbg=black set winaltkeys=no set noai @@ -73,6 +72,7 @@ let g:autoformat_autoindent = 0 let g:autoformat_retab = 0 colorscheme PaperColor +hi Normal ctermbg=black " if hidden is not set, TextEdit might fail. set hidden diff --git a/system/modules/laptop.nix b/system/modules/laptop.nix index 344e2ace..45e5a657 100644 --- a/system/modules/laptop.nix +++ b/system/modules/laptop.nix @@ -13,13 +13,14 @@ in { }; }; config = mkIf config.m-0.laptop.enable { + networking = { networkmanager.enable = true; }; i18n.consoleKeyMap = "neo"; sound.enable = true; hardware.opengl = { - driSupport = true; - driSupport32Bit = true; + enable = true; + driSupport32Bit = true; # for gw2 }; hardware.pulseaudio = { enable = true; @@ -29,8 +30,19 @@ in { }; }; nixpkgs.config.allowUnfree = true; + security.pam.services.swaylock = { }; + programs.dconf.enable = true; services = { + upower.enable = true; + printing = { + enable = true; + drivers = [ pkgs.gutenprint pkgs.hplip ]; + }; + udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness" + ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; unbound = { enable = true; extraConfig = '' @@ -42,29 +54,6 @@ in { forward-addr: 172.23.0.53 ''; }; - mpd = { - enable = true; - user = me.user; - group = "users"; - network.listenAddress = "::1"; - musicDirectory = "/home/${me.user}/data/aktuell/media/musik"; - extraConfig = '' - audio_output { - type "pulse" - name "Pulseaudio" - server "localhost" - } - ''; - }; - xserver = { - enable = true; - layout = "de"; - xkbVariant = "neo"; - displayManager.auto = { - enable = true; - user = "maralorn"; - }; - }; }; }; } diff --git a/system/standalone/admin.nix b/system/standalone/admin.nix index b151a676..9fe50cd7 100644 --- a/system/standalone/admin.nix +++ b/system/standalone/admin.nix @@ -8,7 +8,8 @@ in { description = me.name; isNormalUser = true; uid = 1000; - extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ]; + extraGroups = + [ "wheel" "systemd-journal" "networkmanager" "docker" "video" ]; openssh.authorizedKeys.keys = me.keys; passwordFile = me.pw-file; };