Reformat
This commit is contained in:
parent
c36c483ab3
commit
a1bb4277b1
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://all-hies.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
|
||||
];
|
||||
binaryCaches = [ "https://all-hies.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://cachix.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
||||
];
|
||||
binaryCaches = [ "https://cachix.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,13 +1,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = [
|
||||
"https://nixfmt.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
|
||||
];
|
||||
binaryCaches = [ "https://nixfmt.cachix.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
|
||||
trustedUsers = [ "root" "maralorn" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -4,75 +4,70 @@ with lib;
|
|||
|
||||
{
|
||||
|
||||
imports = [ ./secret ];
|
||||
imports = [ ./secret ];
|
||||
|
||||
config = {
|
||||
m-0.monitoring = [ {
|
||||
host = "apollo:9100";
|
||||
name = "apollo";
|
||||
} ];
|
||||
};
|
||||
|
||||
|
||||
options = {
|
||||
m-0.private = mkOption {
|
||||
default = {};
|
||||
type = types.attrs;
|
||||
config = {
|
||||
m-0.monitoring = [{
|
||||
host = "apollo:9100";
|
||||
name = "apollo";
|
||||
}];
|
||||
};
|
||||
m-0.prefix = mkOption {
|
||||
default = "2a02:c207:3002:7584";
|
||||
type = types.str;
|
||||
};
|
||||
m-0.monitoring = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
|
||||
options = {
|
||||
m-0.private = mkOption {
|
||||
default = { };
|
||||
type = types.attrs;
|
||||
};
|
||||
m-0.prefix = mkOption {
|
||||
default = "2a02:c207:3002:7584";
|
||||
type = types.str;
|
||||
};
|
||||
m-0.monitoring = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
name = mkOption { type = types.str; };
|
||||
host = mkOption { type = types.str; };
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
});
|
||||
default = [ ];
|
||||
};
|
||||
m-0.hosts = mkOption {
|
||||
type = types.attrs;
|
||||
default = let
|
||||
p = config.m-0.prefix;
|
||||
hera-p = "${p}::3";
|
||||
apollo-p = "${p}::1";
|
||||
wg-p = "${p}::100";
|
||||
v4-p = "10.0.0";
|
||||
in rec {
|
||||
hera = "${p}::1";
|
||||
|
||||
hera-v4 = "213.136.94.190";
|
||||
|
||||
hera-wg = "${wg-p}:1";
|
||||
apollo-wg = "${wg-p}:2";
|
||||
|
||||
hera-intern = "${hera-p}:1";
|
||||
git = "${hera-p}:2";
|
||||
borg = "${hera-p}:3";
|
||||
dav = "${hera-p}:5";
|
||||
blog = "${hera-p}:6";
|
||||
chor = "${hera-p}:7";
|
||||
matrix = "${hera-p}:8";
|
||||
cloud = "${hera-p}:9";
|
||||
web = "${hera-p}:a";
|
||||
mathechor-cloud = "${hera-p}:b";
|
||||
monitoring = "${hera-p}:c";
|
||||
|
||||
apollo = apollo-wg;
|
||||
|
||||
hera-intern-v4 = "${v4-p}.1";
|
||||
cloud-intern-v4 = "${v4-p}.2";
|
||||
mathechor-cloud-intern-v4 = "${v4-p}.3";
|
||||
matrix-intern-v4 = "${v4-p}.4";
|
||||
monitoring-intern-v4 = "${v4-p}.5";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [];
|
||||
};
|
||||
m-0.hosts = mkOption {
|
||||
type = types.attrs;
|
||||
default = let
|
||||
p = config.m-0.prefix;
|
||||
hera-p = "${p}::3";
|
||||
apollo-p = "${p}::1";
|
||||
wg-p = "${p}::100";
|
||||
v4-p = "10.0.0";
|
||||
in rec {
|
||||
hera = "${p}::1";
|
||||
|
||||
hera-v4 = "213.136.94.190";
|
||||
|
||||
hera-wg = "${wg-p}:1";
|
||||
apollo-wg = "${wg-p}:2";
|
||||
|
||||
hera-intern = "${hera-p}:1";
|
||||
git = "${hera-p}:2";
|
||||
borg = "${hera-p}:3";
|
||||
dav = "${hera-p}:5";
|
||||
blog = "${hera-p}:6";
|
||||
chor = "${hera-p}:7";
|
||||
matrix = "${hera-p}:8";
|
||||
cloud = "${hera-p}:9";
|
||||
web = "${hera-p}:a";
|
||||
mathechor-cloud = "${hera-p}:b";
|
||||
monitoring = "${hera-p}:c";
|
||||
|
||||
apollo = apollo-wg;
|
||||
|
||||
hera-intern-v4 = "${v4-p}.1";
|
||||
cloud-intern-v4 = "${v4-p}.2";
|
||||
mathechor-cloud-intern-v4 = "${v4-p}.3";
|
||||
matrix-intern-v4 = "${v4-p}.4";
|
||||
monitoring-intern-v4 = "${v4-p}.5";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,18 +1,25 @@
|
|||
rec {
|
||||
pkgs = import <nixpkgs> {};
|
||||
unstable = import <unstable> {};
|
||||
pkgs = import <nixpkgs> { };
|
||||
unstable = import <unstable> { };
|
||||
sources = import ../nix/sources.nix;
|
||||
shh = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh (drv: {
|
||||
broken = false;
|
||||
doCheck = false;
|
||||
});
|
||||
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: {
|
||||
broken = false;
|
||||
doCheck = false;
|
||||
});
|
||||
shh-extras =
|
||||
unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
|
||||
(drv: {
|
||||
broken = false;
|
||||
doCheck = false;
|
||||
});
|
||||
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
|
||||
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code:
|
||||
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } ''
|
||||
writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
|
||||
, libraries ? [ ], imports ? [ ] }:
|
||||
code:
|
||||
unstable.writers.writeHaskellBin name {
|
||||
libraries = libraries
|
||||
++ [ shh unstable.haskellPackages.string-interpolate ];
|
||||
} ''
|
||||
{-# LANGUAGE DeriveDataTypeable #-}
|
||||
{-# LANGUAGE TemplateHaskell #-}
|
||||
{-# LANGUAGE QuasiQuotes #-}
|
||||
|
@ -37,9 +44,10 @@ rec {
|
|||
'';
|
||||
get-niv-path = writeHaskellScript {
|
||||
name = "get-niv-path";
|
||||
bins = [pkgs.nix];
|
||||
imports = ["System.Console.CmdArgs.Implicit"];
|
||||
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
|
||||
bins = [ pkgs.nix ];
|
||||
imports = [ "System.Console.CmdArgs.Implicit" ];
|
||||
libraries =
|
||||
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
|
||||
} ''
|
||||
|
||||
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim
|
||||
|
@ -49,7 +57,7 @@ rec {
|
|||
let expr = [i|(import #{sources}).#{channel}|]
|
||||
nix_build ["-Q", "-E", expr, "--no-out-link"] &> devNull
|
||||
nix_instantiate ["--eval", "-E", [i|toString #{expr}|]] |> trimQuotation
|
||||
'';
|
||||
home-manager = pkgs.callPackage <home-manager/home-manager> {};
|
||||
'';
|
||||
home-manager = pkgs.callPackage <home-manager/home-manager> { };
|
||||
gcRetentionDays = 5;
|
||||
}
|
||||
|
|
170
common/pkgs.nix
170
common/pkgs.nix
|
@ -1,72 +1,46 @@
|
|||
rec {
|
||||
my-lib = import ../common/lib.nix;
|
||||
inherit (my-lib) pkgs unstable sources;
|
||||
tasktree = pkgs.callPackage ../packages/tasktree {};
|
||||
tasktree = pkgs.callPackage ../packages/tasktree { };
|
||||
neovim = pkgs.neovim.override {
|
||||
vimAlias = true;
|
||||
withPython3 = true;
|
||||
};
|
||||
vimAlias = true;
|
||||
withPython3 = true;
|
||||
};
|
||||
home-neovim = (import ../home-manager/nvim) neovim;
|
||||
niv = (import sources.niv {}).niv;
|
||||
niv = (import sources.niv { }).niv;
|
||||
|
||||
# pkgs assumed to be present on a non nixos host
|
||||
core-system-pkgs = {
|
||||
inherit neovim;
|
||||
inherit (pkgs)
|
||||
gitFull
|
||||
gnumake
|
||||
python3
|
||||
mkpasswd
|
||||
file
|
||||
wget
|
||||
curl
|
||||
wireguard
|
||||
gnupg
|
||||
mutt
|
||||
bind
|
||||
liboping
|
||||
psmisc
|
||||
unzip
|
||||
rename
|
||||
whois
|
||||
lsof;
|
||||
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
|
||||
liboping psmisc unzip rename whois lsof;
|
||||
};
|
||||
|
||||
extra-system-pkgs = {
|
||||
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; };
|
||||
lorri = import sources.lorri {
|
||||
src = sources.lorri;
|
||||
pkgs = unstable;
|
||||
};
|
||||
inherit niv;
|
||||
inherit (pkgs.gitAndTools) git-annex;
|
||||
inherit (pkgs.rxvt_unicode) terminfo;
|
||||
inherit (pkgs.pythonPackages) qrcode;
|
||||
inherit (pkgs)
|
||||
|
||||
git-crypt
|
||||
htop
|
||||
tree
|
||||
pwgen
|
||||
borgbackup
|
||||
inotifyTools
|
||||
git-crypt htop tree pwgen borgbackup inotifyTools
|
||||
|
||||
direnv
|
||||
direnv
|
||||
|
||||
socat
|
||||
nmap
|
||||
tcpdump
|
||||
socat nmap tcpdump
|
||||
|
||||
tmux
|
||||
tig
|
||||
exa
|
||||
fzf
|
||||
ag
|
||||
fd
|
||||
bat
|
||||
tmux tig exa fzf ag fd bat
|
||||
|
||||
ripgrep
|
||||
ripgrep
|
||||
|
||||
ranger
|
||||
ranger
|
||||
|
||||
pass
|
||||
sshuttle;
|
||||
pass sshuttle;
|
||||
};
|
||||
|
||||
laptop-home-pkgs = {
|
||||
|
@ -80,97 +54,75 @@ rec {
|
|||
sleep 0.1s;
|
||||
nmcli r wifi on;
|
||||
'';
|
||||
cachix = import sources.cachix {};
|
||||
nixfmt = import sources.nixfmt {};
|
||||
cachix = import sources.cachix { };
|
||||
nixfmt = import sources.nixfmt { };
|
||||
inherit (pkgs.gnome3) nautilus;
|
||||
inherit (unstable.haskellPackages) brittany;
|
||||
inherit (pkgs.xorg) xev xbacklight;
|
||||
inherit (pkgs)
|
||||
# web
|
||||
chromium
|
||||
chromium
|
||||
|
||||
# communication
|
||||
signal-desktop
|
||||
tdesktop
|
||||
acpi
|
||||
dino
|
||||
mumble
|
||||
# communication
|
||||
signal-desktop tdesktop acpi dino mumble
|
||||
|
||||
# config
|
||||
arandr
|
||||
# config
|
||||
arandr
|
||||
|
||||
#dev
|
||||
meld
|
||||
icedtea8_web
|
||||
octave
|
||||
filezilla
|
||||
#dev
|
||||
meld icedtea8_web octave filezilla
|
||||
|
||||
# tools & office
|
||||
feh
|
||||
gimp
|
||||
imagemagick
|
||||
ghostscript
|
||||
libreoffice-fresh
|
||||
pandoc
|
||||
xournal
|
||||
musescore
|
||||
handbrake
|
||||
evince
|
||||
# tools & office
|
||||
feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
|
||||
musescore handbrake evince
|
||||
|
||||
networkmanagerapplet
|
||||
# teamviewer
|
||||
|
||||
networkmanagerapplet
|
||||
# teamviewer
|
||||
# media
|
||||
ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
|
||||
|
||||
# media
|
||||
ncpamixer
|
||||
pavucontrol
|
||||
deluge
|
||||
mpd
|
||||
gmpc
|
||||
calibre
|
||||
mpv
|
||||
youtubeDL
|
||||
|
||||
minetest
|
||||
;};
|
||||
minetest;
|
||||
};
|
||||
|
||||
my-home-pkgs = {
|
||||
print215 = pkgs.writeShellScriptBin "print215" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -Zduplex -r "$@"
|
||||
'';
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
print215single = pkgs.writeShellScriptBin "print215single" ''
|
||||
scp "$@" ag-forward:
|
||||
ssh ag-forward lpr -r "$@"
|
||||
'';
|
||||
};
|
||||
urxvt = pkgs.rxvt_unicode-with-plugins;
|
||||
terminal = pkgs.writeShellScriptBin "terminal" ''
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
${urxvt}/bin/urxvtd -q -o -f
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
fi
|
||||
'';
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
if [ $? -eq 2 ]; then
|
||||
${urxvt}/bin/urxvtd -q -o -f
|
||||
${urxvt}/bin/urxvtc "$@"
|
||||
fi
|
||||
'';
|
||||
desktop-pkgs = {
|
||||
inherit urxvt tasktree terminal;
|
||||
inherit (pkgs) xautolock;
|
||||
inherit (pkgs.gnome3) dconf;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs) ncmpcpp;
|
||||
inherit (my-lib) shh;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ../packages/jali {};
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
home-pkgs = {
|
||||
inherit (pkgs) ncmpcpp;
|
||||
inherit (my-lib) shh;
|
||||
inherit home-neovim;
|
||||
};
|
||||
accounting-pkgs = {
|
||||
jali = pkgs.callPackage ../packages/jali { };
|
||||
inherit (pkgs.haskellPackages) hledger hledger-ui;
|
||||
inherit (pkgs) ledger;
|
||||
};
|
||||
system-pkgs = core-system-pkgs // extra-system-pkgs // {
|
||||
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config;
|
||||
inherit (import ./test-lib.nix)
|
||||
test-system-config test-home-config test-and-bump-config;
|
||||
inherit (import ../common/lib.nix) home-manager;
|
||||
};
|
||||
};
|
||||
foreign-home-pkgs = extra-system-pkgs;
|
||||
eventd = pkgs.callPackage ../packages/eventd {};
|
||||
eventd = pkgs.callPackage ../packages/eventd { };
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,8 +1,8 @@
|
|||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList;
|
||||
haskellBody = commandline:
|
||||
''
|
||||
pkgs = import <nixpkgs> { };
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path home-manager unstable niv haskellList;
|
||||
haskellBody = commandline: ''
|
||||
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
|
||||
|
||||
getNivAssign dir name = fmap process . getNivPath dir $ name
|
||||
|
@ -12,57 +12,65 @@ let
|
|||
(configDir:hostname:args) <- getArgs
|
||||
paths <- concat <$> mapM (getNivAssign configDir) ["nixpkgs", "unstable", "home-manager"]
|
||||
${commandline}
|
||||
'';
|
||||
'';
|
||||
bins = [ get-niv-path pkgs.nix ];
|
||||
|
||||
test-system-config = writeHaskellScript {
|
||||
name = "test-system-config";
|
||||
inherit bins;
|
||||
} (haskellBody
|
||||
''
|
||||
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
|
||||
'');
|
||||
} (haskellBody ''
|
||||
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
|
||||
'');
|
||||
|
||||
test-home-config = writeHaskellScript {
|
||||
name = "test-home-config";
|
||||
inherit bins;
|
||||
} (haskellBody
|
||||
''
|
||||
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
|
||||
'');
|
||||
} (haskellBody ''
|
||||
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
|
||||
'');
|
||||
|
||||
repoSrc = "git@hera.m-0.eu:nixos-config";
|
||||
configPath = "/etc/nixos";
|
||||
systems = ["apollo" "hera"];
|
||||
homes = ["apollo" "hera" "hephaistos"];
|
||||
keys = ["default" "apollo" "hera"];
|
||||
systems = [ "apollo" "hera" ];
|
||||
homes = [ "apollo" "hera" "hephaistos" ];
|
||||
keys = [ "default" "apollo" "hera" ];
|
||||
test-and-bump-config = writeHaskellScript {
|
||||
name = "test-and-bump-config";
|
||||
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ];
|
||||
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"];
|
||||
bins = [
|
||||
test-system-config
|
||||
test-home-config
|
||||
pkgs.git
|
||||
pkgs.coreutils
|
||||
niv
|
||||
pkgs.git-crypt
|
||||
];
|
||||
imports = [
|
||||
"Control.Exception (bracket)"
|
||||
"System.Directory (withCurrentDirectory)"
|
||||
"Control.Monad (when)"
|
||||
];
|
||||
} ''
|
||||
checkout :: IO FilePath
|
||||
checkout = do
|
||||
dir <- LBSC.unpack <$> (readTrim $ mktemp "-d")
|
||||
git "clone" "${repoSrc}" dir
|
||||
return dir
|
||||
checkout :: IO FilePath
|
||||
checkout = do
|
||||
dir <- LBSC.unpack <$> (readTrim $ mktemp "-d")
|
||||
git "clone" "${repoSrc}" dir
|
||||
return dir
|
||||
|
||||
main = do
|
||||
path <- readTrim pwd
|
||||
bracket checkout (rm "-rf") $ \dir -> do
|
||||
withCurrentDirectory dir $ do
|
||||
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys}
|
||||
ignoreFailure $ niv "update"
|
||||
mapM_ (test_system_config dir) ${haskellList systems}
|
||||
mapM_ (test_home_config dir) ${haskellList homes}
|
||||
changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain"
|
||||
when changed $ do
|
||||
git "-C" dir "config" "user.email" "maralorn@maralorn.de"
|
||||
git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)"
|
||||
git "-C" dir "commit" "-am" "Update dependencies with niv"
|
||||
git "-C" dir "push"
|
||||
'';
|
||||
in
|
||||
{
|
||||
inherit test-system-config test-home-config test-and-bump-config;
|
||||
}
|
||||
main = do
|
||||
path <- readTrim pwd
|
||||
bracket checkout (rm "-rf") $ \dir -> do
|
||||
withCurrentDirectory dir $ do
|
||||
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
|
||||
haskellList keys
|
||||
}
|
||||
ignoreFailure $ niv "update"
|
||||
mapM_ (test_system_config dir) ${haskellList systems}
|
||||
mapM_ (test_home_config dir) ${haskellList homes}
|
||||
changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain"
|
||||
when changed $ do
|
||||
git "-C" dir "config" "user.email" "maralorn@maralorn.de"
|
||||
git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)"
|
||||
git "-C" dir "commit" "-am" "Update dependencies with niv"
|
||||
git "-C" dir "push"
|
||||
'';
|
||||
in { inherit test-system-config test-home-config test-and-bump-config; }
|
||||
|
|
|
@ -2,37 +2,31 @@
|
|||
let
|
||||
inherit (import ../common/pkgs.nix) eventd;
|
||||
battery-watch = pkgs.writeScript "battery-watch" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
||||
critical_level=20 #percent
|
||||
critical_level=20 #percent
|
||||
|
||||
while true
|
||||
do
|
||||
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
|
||||
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
|
||||
if [ $battery_level -le $critical_level ]; then
|
||||
${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'"
|
||||
else
|
||||
${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'"
|
||||
sleep 18m
|
||||
while true
|
||||
do
|
||||
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
|
||||
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
|
||||
if [ $battery_level -le $critical_level ]; then
|
||||
${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'"
|
||||
else
|
||||
${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'"
|
||||
sleep 18m
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
sleep 2m
|
||||
done
|
||||
'';
|
||||
sleep 2m
|
||||
done
|
||||
'';
|
||||
in {
|
||||
|
||||
systemd.user = {
|
||||
services.battery = {
|
||||
Unit = {
|
||||
Description = "Watch battery state and warn user";
|
||||
};
|
||||
Service = {
|
||||
ExecStart=toString battery-watch;
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Unit = { Description = "Watch battery state and warn user"; };
|
||||
Service = { ExecStart = toString battery-watch; };
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,131 +1,167 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
inherit (config.m-0.private) me meWork;
|
||||
let inherit (config.m-0.private) me meWork;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
./zsh
|
||||
./update-script.nix
|
||||
./modules/taskwarrior.nix
|
||||
./modules/force-copies.nix
|
||||
./modules/accounting
|
||||
./modules/rustdev.nix
|
||||
./modules/latex.nix
|
||||
./modules/mail.nix
|
||||
./modules/home-options.nix
|
||||
./modules/unlock.nix
|
||||
./modules/weechat
|
||||
./modules/bugwarrior.nix
|
||||
./modules/pythia.nix
|
||||
../common
|
||||
];
|
||||
imports = [
|
||||
./zsh
|
||||
./update-script.nix
|
||||
./modules/taskwarrior.nix
|
||||
./modules/force-copies.nix
|
||||
./modules/accounting
|
||||
./modules/rustdev.nix
|
||||
./modules/latex.nix
|
||||
./modules/mail.nix
|
||||
./modules/home-options.nix
|
||||
./modules/unlock.nix
|
||||
./modules/weechat
|
||||
./modules/bugwarrior.nix
|
||||
./modules/pythia.nix
|
||||
../common
|
||||
];
|
||||
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
direnv = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
tmux = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
set default-terminal "screen-256color"
|
||||
set -g set-titles on
|
||||
set -g status off
|
||||
set -g escape-time 1
|
||||
'';
|
||||
};
|
||||
git = {
|
||||
aliases = {
|
||||
sync = "!git pull -r && git push";
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
direnv = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
enable = true;
|
||||
ignores = [
|
||||
".syncthing*.tmp"
|
||||
"*.swp"
|
||||
"*.autosave~"
|
||||
"*.aux"
|
||||
"*.bbl"
|
||||
"*.fls"
|
||||
"*.idx"
|
||||
"*.ilg"
|
||||
"*.ind"
|
||||
"*.log"
|
||||
"*.out"
|
||||
"*.toc"
|
||||
"*.bcf"
|
||||
"*.blg"
|
||||
"*.fdb*"
|
||||
"*.thm"
|
||||
"*.run.xml"
|
||||
"*.slnc"
|
||||
"*.glade~"
|
||||
"__pycache__"
|
||||
".hledger-web_client_session_key.aes"
|
||||
".nix-gc-roots"
|
||||
];
|
||||
userEmail = me.mail;
|
||||
userName = me.name;
|
||||
};
|
||||
htop = {
|
||||
enable = true;
|
||||
hideThreads = true;
|
||||
hideUserlandThreads = true;
|
||||
highlightBaseName = true;
|
||||
shadowOtherUsers = true;
|
||||
showProgramPath = false;
|
||||
treeView = true;
|
||||
};
|
||||
ssh = {
|
||||
controlMaster = "auto";
|
||||
controlPersist = "120";
|
||||
enable = true;
|
||||
matchBlocks = let
|
||||
matheGwProxy = "ssh -q gw nc -q0 %h %p";
|
||||
agHost = "fb04217.mathematik.tu-darmstadt.de";
|
||||
in [
|
||||
{ host = "charon"; hostname = "charon.olymp.space"; }
|
||||
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
|
||||
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
|
||||
{ host = "ag"; hostname = agHost; user = meWork.user; }
|
||||
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
|
||||
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
|
||||
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
|
||||
{ host = "*.darmstadt.ccc.de"; user = me.user; }
|
||||
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
|
||||
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
|
||||
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
|
||||
tmux = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
set default-terminal "screen-256color"
|
||||
set -g set-titles on
|
||||
set -g status off
|
||||
set -g escape-time 1
|
||||
'';
|
||||
};
|
||||
git = {
|
||||
aliases = { sync = "!git pull -r && git push"; };
|
||||
enable = true;
|
||||
ignores = [
|
||||
".syncthing*.tmp"
|
||||
"*.swp"
|
||||
"*.autosave~"
|
||||
"*.aux"
|
||||
"*.bbl"
|
||||
"*.fls"
|
||||
"*.idx"
|
||||
"*.ilg"
|
||||
"*.ind"
|
||||
"*.log"
|
||||
"*.out"
|
||||
"*.toc"
|
||||
"*.bcf"
|
||||
"*.blg"
|
||||
"*.fdb*"
|
||||
"*.thm"
|
||||
"*.run.xml"
|
||||
"*.slnc"
|
||||
"*.glade~"
|
||||
"__pycache__"
|
||||
".hledger-web_client_session_key.aes"
|
||||
".nix-gc-roots"
|
||||
];
|
||||
userEmail = me.mail;
|
||||
userName = me.name;
|
||||
};
|
||||
htop = {
|
||||
enable = true;
|
||||
hideThreads = true;
|
||||
hideUserlandThreads = true;
|
||||
highlightBaseName = true;
|
||||
shadowOtherUsers = true;
|
||||
showProgramPath = false;
|
||||
treeView = true;
|
||||
};
|
||||
ssh = {
|
||||
controlMaster = "auto";
|
||||
controlPersist = "120";
|
||||
enable = true;
|
||||
matchBlocks = let
|
||||
matheGwProxy = "ssh -q gw nc -q0 %h %p";
|
||||
agHost = "fb04217.mathematik.tu-darmstadt.de";
|
||||
in [
|
||||
{
|
||||
host = "charon";
|
||||
hostname = "charon.olymp.space";
|
||||
}
|
||||
{
|
||||
host = "hera";
|
||||
hostname = "hera.m-0.eu";
|
||||
forwardAgent = true;
|
||||
}
|
||||
{
|
||||
host = "ag-forward";
|
||||
hostname = agHost;
|
||||
proxyCommand = matheGwProxy;
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "ag";
|
||||
hostname = agHost;
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "gw";
|
||||
hostname = "gwres4.mathematik.tu-darmstadt.de";
|
||||
user = meWork.user;
|
||||
}
|
||||
{
|
||||
host = "shells";
|
||||
hostname = "shells.darmstadt.ccc.de";
|
||||
}
|
||||
{
|
||||
host = "vorstand";
|
||||
hostname = "vorstand.darmstadt.ccc.de";
|
||||
}
|
||||
{
|
||||
host = "*.darmstadt.ccc.de";
|
||||
user = me.user;
|
||||
}
|
||||
{
|
||||
host = "whisky";
|
||||
hostname = "whisky.w17.io";
|
||||
user = "chaos";
|
||||
}
|
||||
{
|
||||
host = "kitchen";
|
||||
hostname = "kitchen.w17.io";
|
||||
user = "chaos";
|
||||
}
|
||||
{
|
||||
host = "door.w17.io";
|
||||
identityFile = "~/.ssh/door_rsa";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home = {
|
||||
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
|
||||
sessionVariables = {
|
||||
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
|
||||
BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
EDITOR = "${pkgs.neovim}/bin/nvim";
|
||||
TERMINAL = config.m-0.terminal;
|
||||
EMAIL = me.mail;
|
||||
SUDO_ASKPASS = let
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
|
||||
in
|
||||
"${print-pw}/bin/print-pw";
|
||||
home = {
|
||||
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
|
||||
sessionVariables = {
|
||||
PATH =
|
||||
"$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
|
||||
BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
EDITOR = "${pkgs.neovim}/bin/nvim";
|
||||
TERMINAL = config.m-0.terminal;
|
||||
EMAIL = me.mail;
|
||||
SUDO_ASKPASS = let
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
|
||||
in "${print-pw}/bin/print-pw";
|
||||
};
|
||||
};
|
||||
};
|
||||
fonts.fontconfig.enableProfileFonts = true;
|
||||
fonts.fontconfig.enableProfileFonts = true;
|
||||
|
||||
systemd.user.startServices = true;
|
||||
systemd.user.startServices = true;
|
||||
|
||||
services = {
|
||||
gpg-agent = {
|
||||
enable = true;
|
||||
defaultCacheTtl = 31536000; # 1year
|
||||
maxCacheTtl = 31536000; #1year
|
||||
services = {
|
||||
gpg-agent = {
|
||||
enable = true;
|
||||
defaultCacheTtl = 31536000; # 1year
|
||||
maxCacheTtl = 31536000; # 1year
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
xdg.enable = true;
|
||||
xdg.enable = true;
|
||||
}
|
||||
|
|
|
@ -1,16 +1,9 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
inherit (import ../../common/pkgs.nix) desktop-pkgs;
|
||||
in
|
||||
{
|
||||
let inherit (import ../../common/pkgs.nix) desktop-pkgs;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
./i3.nix
|
||||
./rofi.nix
|
||||
./ssh-agent.nix
|
||||
./eventd.nix
|
||||
./sleep-nag.nix
|
||||
];
|
||||
imports =
|
||||
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
|
||||
m-0 = {
|
||||
workspaces = [
|
||||
"tasks"
|
||||
|
@ -81,7 +74,7 @@ imports = [
|
|||
color6 = config.m-0.colors.cyan;
|
||||
color7 = config.m-0.colors.white;
|
||||
color8 = config.m-0.colors.brightBlack;
|
||||
color9= config.m-0.colors.brightRed;
|
||||
color9 = config.m-0.colors.brightRed;
|
||||
color10 = config.m-0.colors.brightGreen;
|
||||
color11 = config.m-0.colors.brightYellow;
|
||||
color12 = config.m-0.colors.brightBlue;
|
||||
|
@ -116,7 +109,8 @@ imports = [
|
|||
};
|
||||
screen-locker = {
|
||||
enable = true;
|
||||
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
|
||||
lockCmd =
|
||||
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
|
||||
};
|
||||
};
|
||||
xsession.enable = true;
|
||||
|
|
|
@ -13,22 +13,18 @@ in {
|
|||
After = [ "graphical-session-pre.target" ];
|
||||
PartOf = [ "graphical-session.target" ];
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
Service = {
|
||||
Type="notify";
|
||||
Sockets="eventd-control.socket eventd.socket";
|
||||
ExecStart="${eventd}/bin/eventd --listen systemd";
|
||||
ExecReload="${eventd}/bin/eventdctl reload";
|
||||
Type = "notify";
|
||||
Sockets = "eventd-control.socket eventd.socket";
|
||||
ExecStart = "${eventd}/bin/eventd --listen systemd";
|
||||
ExecReload = "${eventd}/bin/eventdctl reload";
|
||||
};
|
||||
};
|
||||
};
|
||||
sockets = {
|
||||
eventd-control = {
|
||||
Unit = {
|
||||
Description = "eventd control socket";
|
||||
};
|
||||
Unit = { Description = "eventd control socket"; };
|
||||
Socket = {
|
||||
Service = "eventd.service";
|
||||
SocketMode = "0600";
|
||||
|
@ -36,19 +32,17 @@ in {
|
|||
};
|
||||
};
|
||||
eventd = {
|
||||
Unit = {
|
||||
Description = "eventd sockets";
|
||||
};
|
||||
Unit = { Description = "eventd sockets"; };
|
||||
Socket = {
|
||||
SocketMode = "0660";
|
||||
ListenStream= "%t/eventd/evp";
|
||||
ListenStream = "%t/eventd/evp";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
xdg = {
|
||||
configFile = {
|
||||
"eventd/eventd.conf".text = lib.generators.toINI {} {
|
||||
"eventd/eventd.conf".text = lib.generators.toINI { } {
|
||||
"Queue default" = {
|
||||
Margin = 10;
|
||||
Spacing = 2;
|
||||
|
@ -72,9 +66,7 @@ in {
|
|||
Spacing = 1;
|
||||
Limit = 20;
|
||||
};
|
||||
Notification = {
|
||||
Text = "\${message}";
|
||||
};
|
||||
Notification = { Text = "\${message}"; };
|
||||
NotificationBubble = {
|
||||
Padding = 10;
|
||||
Radius = 0;
|
||||
|
@ -88,77 +80,49 @@ in {
|
|||
Colour = colors.foreground;
|
||||
};
|
||||
};
|
||||
"eventd/notification.event".text = lib.generators.toINI {} {
|
||||
"Event notification *" = {
|
||||
Actions = "notification";
|
||||
};
|
||||
"Event notification kassandra" = {
|
||||
Actions = "kassandra";
|
||||
};
|
||||
"Event command success" = {
|
||||
Actions = "command-success";
|
||||
};
|
||||
"Event command failure" = {
|
||||
Actions = "command-failure";
|
||||
};
|
||||
"Event critical *" = {
|
||||
Actions = "critical";
|
||||
};
|
||||
"eventd/notification.event".text = lib.generators.toINI { } {
|
||||
"Event notification *" = { Actions = "notification"; };
|
||||
"Event notification kassandra" = { Actions = "kassandra"; };
|
||||
"Event command success" = { Actions = "command-success"; };
|
||||
"Event command failure" = { Actions = "command-failure"; };
|
||||
"Event critical *" = { Actions = "critical"; };
|
||||
};
|
||||
"eventd/command-success.action".text = lib.generators.toINI {} {
|
||||
Action = {
|
||||
Name = "command-success";
|
||||
};
|
||||
"eventd/command-success.action".text = lib.generators.toINI { } {
|
||||
Action = { Name = "command-success"; };
|
||||
Notification = {
|
||||
Text="<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
|
||||
Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
|
||||
};
|
||||
NotificationBubble = {
|
||||
Colour = colors.black;
|
||||
Queue = "command";
|
||||
};
|
||||
};
|
||||
"eventd/command-failure.action".text = lib.generators.toINI {} {
|
||||
Action = {
|
||||
Name = "command-failure";
|
||||
};
|
||||
"eventd/command-failure.action".text = lib.generators.toINI { } {
|
||||
Action = { Name = "command-failure"; };
|
||||
Notification = {
|
||||
Text="<b>\${command}</b>\\nfailed after \${time} @ \${host}";
|
||||
Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
|
||||
};
|
||||
NotificationBubble = {
|
||||
Queue = "critical";
|
||||
Colour = colors.red;
|
||||
};
|
||||
};
|
||||
"eventd/critical.action".text = lib.generators.toINI {} {
|
||||
Action = {
|
||||
Name = "critical";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
"eventd/critical.action".text = lib.generators.toINI { } {
|
||||
Action = { Name = "critical"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
NotificationBubble = {
|
||||
Queue = "critical";
|
||||
Colour = colors.red;
|
||||
};
|
||||
};
|
||||
"eventd/kassandra.action".text = lib.generators.toINI {} {
|
||||
Action = {
|
||||
Name = "kassandra";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
NotificationBubble = {
|
||||
Queue = "critical";
|
||||
};
|
||||
"eventd/kassandra.action".text = lib.generators.toINI { } {
|
||||
Action = { Name = "kassandra"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
NotificationBubble = { Queue = "critical"; };
|
||||
};
|
||||
"eventd/notification.action".text = lib.generators.toINI {} {
|
||||
Action = {
|
||||
Name = "notification";
|
||||
};
|
||||
Notification = {
|
||||
Text = "<b>\${title}</b>\${message/^/\\n}";
|
||||
};
|
||||
"eventd/notification.action".text = lib.generators.toINI { } {
|
||||
Action = { Name = "notification"; };
|
||||
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,33 +4,33 @@ let
|
|||
inherit (config.m-0) colors workspaces terminal;
|
||||
exec = "exec --no-startup-id";
|
||||
conkyCommon = ''
|
||||
background = true,
|
||||
border_width = 0,
|
||||
cpu_avg_samples = 2,
|
||||
draw_borders = false,
|
||||
draw_graph_borders = true,
|
||||
draw_outline = false,
|
||||
draw_shades = false,
|
||||
double_buffer = true,
|
||||
use_xft = true,
|
||||
font = 'Roboto Mono Nerd Font:size=8',
|
||||
gap_x = 0,
|
||||
gap_y = 0,
|
||||
minimum_width = 316,
|
||||
maximum_width = 316,
|
||||
net_avg_samples = 2,
|
||||
no_buffers = true,
|
||||
out_to_console = false,
|
||||
out_to_stderr = false,
|
||||
extra_newline = false,
|
||||
own_window = true,
|
||||
own_window_class = 'Conky',
|
||||
own_window_type = 'override',
|
||||
own_window_colour = "${config.m-0.colors.background}",
|
||||
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
|
||||
stippled_borders = 0,
|
||||
update_interval = 1.0,
|
||||
'';
|
||||
background = true,
|
||||
border_width = 0,
|
||||
cpu_avg_samples = 2,
|
||||
draw_borders = false,
|
||||
draw_graph_borders = true,
|
||||
draw_outline = false,
|
||||
draw_shades = false,
|
||||
double_buffer = true,
|
||||
use_xft = true,
|
||||
font = 'Roboto Mono Nerd Font:size=8',
|
||||
gap_x = 0,
|
||||
gap_y = 0,
|
||||
minimum_width = 316,
|
||||
maximum_width = 316,
|
||||
net_avg_samples = 2,
|
||||
no_buffers = true,
|
||||
out_to_console = false,
|
||||
out_to_stderr = false,
|
||||
extra_newline = false,
|
||||
own_window = true,
|
||||
own_window_class = 'Conky',
|
||||
own_window_type = 'override',
|
||||
own_window_colour = "${config.m-0.colors.background}",
|
||||
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
|
||||
stippled_borders = 0,
|
||||
update_interval = 1.0,
|
||||
'';
|
||||
conkyOrgaConfig = pkgs.writeText "conky.conf" ''
|
||||
conky.config = {
|
||||
alignment = 'top_right',
|
||||
|
@ -47,7 +47,7 @@ let
|
|||
$hr
|
||||
''${execi 5 cat ~/tmp/today.md}
|
||||
]]
|
||||
'';
|
||||
'';
|
||||
conkyMPDConfig = pkgs.writeText "conky.conf" ''
|
||||
conky.config = {
|
||||
alignment = 'bottom_right',
|
||||
|
@ -63,22 +63,21 @@ let
|
|||
$mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar
|
||||
]]
|
||||
|
||||
'';
|
||||
addMods = oldbindings: builtins.foldl' (newbindings: key:
|
||||
'';
|
||||
addMods = oldbindings:
|
||||
builtins.foldl' (newbindings: key:
|
||||
newbindings // {
|
||||
"Mod4+${key}" = oldbindings.${key};
|
||||
"Mod3+Mod4+${key}" = oldbindings.${key};
|
||||
})
|
||||
{}
|
||||
(builtins.attrNames oldbindings);
|
||||
}) { } (builtins.attrNames oldbindings);
|
||||
in {
|
||||
|
||||
xsession = {
|
||||
windowManager.i3 = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
gaps right 320
|
||||
'';
|
||||
gaps right 320
|
||||
'';
|
||||
package = pkgs.i3-gaps.overrideAttrs (oldattrs: rec {
|
||||
name = "i3-gaps-next";
|
||||
version = "41264e54b7a3039ce46919851ac73e22ae29d207";
|
||||
|
@ -87,13 +86,19 @@ in {
|
|||
sha256 = "10d80p8bsldx4pld76y8my1zyww03shkcg3fndsxkrkwhfpk0lbh";
|
||||
};
|
||||
postUnpack = ''
|
||||
echo -n "4.16.1" > ./i3-${version}/I3_VERSION
|
||||
'';
|
||||
echo -n "4.16.1" > ./i3-${version}/I3_VERSION
|
||||
'';
|
||||
});
|
||||
config = {
|
||||
startup = [
|
||||
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; }
|
||||
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; }
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
|
||||
notification = false;
|
||||
}
|
||||
];
|
||||
focus = {
|
||||
followMouse = false;
|
||||
|
@ -130,8 +135,7 @@ in {
|
|||
text = colors.foreground;
|
||||
};
|
||||
};
|
||||
bars = [
|
||||
{
|
||||
bars = [{
|
||||
mode = "hide";
|
||||
colors = {
|
||||
separator = colors.white;
|
||||
|
@ -157,54 +161,60 @@ in {
|
|||
text = colors.white;
|
||||
};
|
||||
};
|
||||
} ];
|
||||
}];
|
||||
window = {
|
||||
titlebar = false;
|
||||
border = 1;
|
||||
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ];
|
||||
commands = [{
|
||||
command = "floating disable";
|
||||
criteria = { class = "Firefox"; };
|
||||
}];
|
||||
};
|
||||
keybindings = {
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
|
||||
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86MonBrightnessUp" = "exec xbacklight +5";
|
||||
"XF86MonBrightnessDown" = "exec xbacklight -5";
|
||||
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
|
||||
"Ctrl+Escape" = "${exec} loginctl lock-session;";
|
||||
} //
|
||||
addMods ({
|
||||
"Left" = "focus left";
|
||||
"Down" = "focus down";
|
||||
"Up" = "focus up";
|
||||
"Right" = "focus right";
|
||||
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
|
||||
"Prior" = "focus parent";
|
||||
"Next" = "focus child";
|
||||
"Return" = "${exec} ${terminal}";
|
||||
"p" = "${exec} rofi-pass";
|
||||
"shift+Left" = "move left";
|
||||
"shift+Down" = "move down";
|
||||
"shift+Up" = "move up";
|
||||
"shift+Right" = "move right";
|
||||
"d" = "split h";
|
||||
"f" = "fullscreen toggle";
|
||||
"t" = "layout tabbed";
|
||||
"s" = "layout toggle split";
|
||||
"q" = "kill";
|
||||
"m" = "move workspace to output up";
|
||||
"n" = "move workspace to output right";
|
||||
"shift+space" = "floating toggle";
|
||||
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
|
||||
"space" = "${exec} hotkeys";
|
||||
} // builtins.foldl' (bindings: name: let
|
||||
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in
|
||||
bindings // {
|
||||
"${number}" = "workspace ${number}:${name}";
|
||||
"Shift+${number}" = "move container to workspace ${number}:${name}";
|
||||
}) {} workspaces
|
||||
);
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
|
||||
"XF86AudioLowerVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
|
||||
"XF86AudioRaiseVolume" =
|
||||
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
|
||||
"XF86AudioMicMute" =
|
||||
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
|
||||
"XF86MonBrightnessUp" = "exec xbacklight +5";
|
||||
"XF86MonBrightnessDown" = "exec xbacklight -5";
|
||||
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
|
||||
"Ctrl+Escape" = "${exec} loginctl lock-session;";
|
||||
} // addMods ({
|
||||
"Left" = "focus left";
|
||||
"Down" = "focus down";
|
||||
"Up" = "focus up";
|
||||
"Right" = "focus right";
|
||||
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
|
||||
"Prior" = "focus parent";
|
||||
"Next" = "focus child";
|
||||
"Return" = "${exec} ${terminal}";
|
||||
"p" = "${exec} rofi-pass";
|
||||
"shift+Left" = "move left";
|
||||
"shift+Down" = "move down";
|
||||
"shift+Up" = "move up";
|
||||
"shift+Right" = "move right";
|
||||
"d" = "split h";
|
||||
"f" = "fullscreen toggle";
|
||||
"t" = "layout tabbed";
|
||||
"s" = "layout toggle split";
|
||||
"q" = "kill";
|
||||
"m" = "move workspace to output up";
|
||||
"n" = "move workspace to output right";
|
||||
"shift+space" = "floating toggle";
|
||||
"shift+q" =
|
||||
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
|
||||
"space" = "${exec} hotkeys";
|
||||
} // builtins.foldl' (bindings: name:
|
||||
let
|
||||
number =
|
||||
toString ((builtins.length (builtins.attrNames bindings)) / 2);
|
||||
in bindings // {
|
||||
"${number}" = "workspace ${number}:${name}";
|
||||
"Shift+${number}" = "move container to workspace ${number}:${name}";
|
||||
}) { } workspaces);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,21 +1,16 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0) colors workspaces terminal;
|
||||
let inherit (config.m-0) colors workspaces terminal;
|
||||
in {
|
||||
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
rofi-pass
|
||||
];
|
||||
};
|
||||
home = { packages = with pkgs; [ rofi-pass ]; };
|
||||
programs = {
|
||||
rofi = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
rofi.modi: combi,window,drun,run,ssh,keys
|
||||
rofi.combi-modi: window,drun,run
|
||||
'';
|
||||
'';
|
||||
borderWidth = 0;
|
||||
separator = "none";
|
||||
fullscreen = false;
|
||||
|
@ -29,38 +24,38 @@ in {
|
|||
font = "Monofur Nerd Font 10.5";
|
||||
colors = {
|
||||
window = {
|
||||
background = "argb:c0${builtins.substring 1 6 colors.background}";
|
||||
border = colors.blue;
|
||||
separator = colors.blue;
|
||||
background = "argb:c0${builtins.substring 1 6 colors.background}";
|
||||
border = colors.blue;
|
||||
separator = colors.blue;
|
||||
};
|
||||
rows = {
|
||||
normal = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
active = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
urgent = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
normal = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
active = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
urgent = {
|
||||
background = colors.background;
|
||||
foreground = colors.foreground;
|
||||
backgroundAlt = colors.black;
|
||||
highlight = {
|
||||
background = colors.blue;
|
||||
foreground = colors.white;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,29 +2,23 @@
|
|||
let
|
||||
inherit (import ../../common/pkgs.nix) eventd;
|
||||
sleep-nag = pkgs.writeScript "sleep-nag" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
||||
while true
|
||||
do
|
||||
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
|
||||
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
|
||||
fi
|
||||
sleep 10m
|
||||
done
|
||||
'';
|
||||
while true
|
||||
do
|
||||
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
|
||||
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
|
||||
fi
|
||||
sleep 10m
|
||||
done
|
||||
'';
|
||||
in {
|
||||
|
||||
systemd.user = {
|
||||
services.sleep-nag = {
|
||||
Unit = {
|
||||
Description = "Sleep nag";
|
||||
};
|
||||
Service = {
|
||||
ExecStart=toString sleep-nag;
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
Unit = { Description = "Sleep nag"; };
|
||||
Service = { ExecStart = toString sleep-nag; };
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs , config , lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
|
||||
xsession.initExtra = let
|
||||
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
|
||||
|
@ -12,7 +11,6 @@
|
|||
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
|
||||
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
|
||||
'';
|
||||
in
|
||||
". ${start-agent}/bin/start-ssh-agent";
|
||||
in ". ${start-agent}/bin/start-ssh-agent";
|
||||
|
||||
}
|
||||
|
|
|
@ -1,25 +1,21 @@
|
|||
let
|
||||
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path;
|
||||
in
|
||||
{
|
||||
update-home = configPath: writeHaskellScript
|
||||
{
|
||||
inherit (import ../common/lib.nix)
|
||||
home-manager writeHaskellScript get-niv-path;
|
||||
in {
|
||||
update-home = configPath:
|
||||
writeHaskellScript {
|
||||
name = "update-home";
|
||||
bins = [
|
||||
get-niv-path
|
||||
home-manager
|
||||
];
|
||||
}
|
||||
''
|
||||
bins = [ get-niv-path home-manager ];
|
||||
} ''
|
||||
|
||||
getNivPath = get_niv_path "${configPath}/nix/sources.nix"
|
||||
getNivPath = get_niv_path "${configPath}/nix/sources.nix"
|
||||
|
||||
getNivAssign name = (tag <$>) . readTrim . getNivPath $ name
|
||||
where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]]
|
||||
getNivAssign name = (tag <$>) . readTrim . getNivPath $ name
|
||||
where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]]
|
||||
|
||||
main = do
|
||||
args <- getArgs
|
||||
paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
|
||||
home_manager $ paths ++ ["switch"] ++ args
|
||||
main = do
|
||||
args <- getArgs
|
||||
paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
|
||||
home_manager $ paths ++ ["switch"] ++ args
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,15 +1,13 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
with lib;
|
||||
{
|
||||
{ lib, pkgs, config, ... }:
|
||||
with lib; {
|
||||
|
||||
options.m-0.accounting.enable = mkEnableOption "Accounting";
|
||||
options.m-0.accounting.config = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
options.m-0.accounting.enable = mkEnableOption "Accounting";
|
||||
options.m-0.accounting.config = mkOption { type = types.str; };
|
||||
|
||||
config = mkIf config.m-0.accounting.enable {
|
||||
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
|
||||
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
|
||||
};
|
||||
config = mkIf config.m-0.accounting.enable {
|
||||
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
|
||||
home.packages =
|
||||
builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,61 +1,56 @@
|
|||
{ config, lib, pkgs , ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0.private) me gitlab github otrs;
|
||||
let inherit (config.m-0.private) me gitlab github otrs;
|
||||
in {
|
||||
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers";
|
||||
config = mkIf config.m-0.bugwarrior.enable {
|
||||
home.file.".config/bugwarrior/bugwarriorrc".text = ''
|
||||
[general]
|
||||
targets=cda_gitlab,github
|
||||
static_fields = priority, project
|
||||
options.m-0.bugwarrior.enable =
|
||||
mkEnableOption "Sync tasks from issuetrackers";
|
||||
config = mkIf config.m-0.bugwarrior.enable {
|
||||
home.file.".config/bugwarrior/bugwarriorrc".text = ''
|
||||
[general]
|
||||
targets=cda_gitlab,github
|
||||
static_fields = priority, project
|
||||
|
||||
[cda_gitlab]
|
||||
service=gitlab
|
||||
gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap
|
||||
gitlab.login=${me.user}
|
||||
gitlab.host=${gitlab.host}
|
||||
gitlab.token=${gitlab.token}
|
||||
gitlab.only_if_assigned=${me.user}
|
||||
gitlab.also_unassigned=True
|
||||
gitlab.default_priority= L
|
||||
gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku
|
||||
gitlab.include_regex=(vorstand|jali|${me.user})/.*,
|
||||
gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}}
|
||||
gitlab.project_template =
|
||||
[cda_gitlab]
|
||||
service=gitlab
|
||||
gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap
|
||||
gitlab.login=${me.user}
|
||||
gitlab.host=${gitlab.host}
|
||||
gitlab.token=${gitlab.token}
|
||||
gitlab.only_if_assigned=${me.user}
|
||||
gitlab.also_unassigned=True
|
||||
gitlab.default_priority= L
|
||||
gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku
|
||||
gitlab.include_regex=(vorstand|jali|${me.user})/.*,
|
||||
gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}}
|
||||
gitlab.project_template =
|
||||
|
||||
[github]
|
||||
service=github
|
||||
github.login = ${me.user}
|
||||
github.username = ${me.user}
|
||||
github.token = ${github.token}
|
||||
github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}}
|
||||
github.include_user_issues = False
|
||||
github.include_user_repos = False
|
||||
github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android
|
||||
github.default_priority= L
|
||||
github.project_template =
|
||||
'';
|
||||
systemd.user = {
|
||||
services.bugwarrior = {
|
||||
Unit = {
|
||||
Description = "Run bugwarrior";
|
||||
[github]
|
||||
service=github
|
||||
github.login = ${me.user}
|
||||
github.username = ${me.user}
|
||||
github.token = ${github.token}
|
||||
github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}}
|
||||
github.include_user_issues = False
|
||||
github.include_user_repos = False
|
||||
github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android
|
||||
github.default_priority= L
|
||||
github.project_template =
|
||||
'';
|
||||
systemd.user = {
|
||||
services.bugwarrior = {
|
||||
Unit = { Description = "Run bugwarrior"; };
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
Environment =
|
||||
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
|
||||
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
|
||||
};
|
||||
};
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin'';
|
||||
ExecStart= "${pkgs.bugwarrior}/bin/bugwarrior-pull";
|
||||
};
|
||||
};
|
||||
timers.bugwarrior = {
|
||||
Timer = {
|
||||
OnCalendar = "hourly";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
timers.bugwarrior = {
|
||||
Timer = { OnCalendar = "hourly"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -20,16 +20,16 @@ let
|
|||
echo "Overwriting $HOME/${path}"
|
||||
cp --remove-destination -T $canonical $HOME/${path};
|
||||
'';
|
||||
in with lib;
|
||||
{
|
||||
in with lib; {
|
||||
options.home.forceCopies.paths = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
default = [ ];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
config.home.activation = {
|
||||
deleteForcedCopies = config.lib.dag.entryBefore ["checkLinkTargets"]
|
||||
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths));
|
||||
forceCopies = config.lib.dag.entryAfter ["linkGeneration"]
|
||||
deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
|
||||
(builtins.concatStringsSep "\n"
|
||||
(builtins.map disableCollisionCheck paths));
|
||||
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
|
||||
(builtins.concatStringsSep "\n" (builtins.map copyPath paths));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,25 +1,22 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options = {
|
||||
m-0 = {
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
terminal = mkOption {
|
||||
default = "urxvt";
|
||||
type = types.str;
|
||||
};
|
||||
colors = mkOption {
|
||||
default = {};
|
||||
type = types.attrs;
|
||||
};
|
||||
workspaces = mkOption {
|
||||
default = [ "configure some workspaces" ];
|
||||
type = types.listOf types.str;
|
||||
options = {
|
||||
m-0 = {
|
||||
hostName = mkOption { type = types.str; };
|
||||
terminal = mkOption {
|
||||
default = "urxvt";
|
||||
type = types.str;
|
||||
};
|
||||
colors = mkOption {
|
||||
default = { };
|
||||
type = types.attrs;
|
||||
};
|
||||
workspaces = mkOption {
|
||||
default = [ "configure some workspaces" ];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,25 +1,20 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
options.m-0.latex.enable = mkEnableOption "Latex";
|
||||
options.m-0.latex.enable = mkEnableOption "Latex";
|
||||
|
||||
config = mkIf config.m-0.latex.enable {
|
||||
programs = {
|
||||
texlive = {
|
||||
enable = true;
|
||||
extraPackages = tpkgs: {inherit (tpkgs)
|
||||
scheme-small
|
||||
pdfjam
|
||||
latexmk
|
||||
collection-latexextra
|
||||
collection-bibtexextra
|
||||
collection-luatex
|
||||
collection-mathscience
|
||||
collection-fontsextra;
|
||||
config = mkIf config.m-0.latex.enable {
|
||||
programs = {
|
||||
texlive = {
|
||||
enable = true;
|
||||
extraPackages = tpkgs: {
|
||||
inherit (tpkgs)
|
||||
scheme-small pdfjam latexmk collection-latexextra
|
||||
collection-bibtexextra collection-luatex collection-mathscience
|
||||
collection-fontsextra;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, config, pkgs, ...}:
|
||||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
mail = config.m-0.mail;
|
||||
|
@ -6,86 +6,80 @@ let
|
|||
maildir = config.accounts.email.maildirBasePath;
|
||||
in {
|
||||
|
||||
options.m-0.mail.enable = mkEnableOption "private-mail";
|
||||
options.m-0.mail.accounts = mkOption {
|
||||
type = types.attrs;
|
||||
};
|
||||
options.m-0.mail.enable = mkEnableOption "private-mail";
|
||||
options.m-0.mail.accounts = mkOption { type = types.attrs; };
|
||||
|
||||
config = mkIf mail.enable {
|
||||
config = mkIf mail.enable {
|
||||
|
||||
services.mbsync = {
|
||||
enable = true;
|
||||
frequency = "*:0/30";
|
||||
verbose = false;
|
||||
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
|
||||
};
|
||||
|
||||
accounts.email.accounts = config.m-0.mail.accounts;
|
||||
|
||||
systemd.user.services = let
|
||||
mkService = name: account: let
|
||||
configjs = pkgs.writeText "config.js" ''
|
||||
var child_process = require('child_process');
|
||||
|
||||
function getStdout(cmd) {
|
||||
var stdout = child_process.execSync(cmd);
|
||||
return stdout.toString().trim();
|
||||
}
|
||||
|
||||
exports.host = "${account.imap.host}"
|
||||
exports.port = 993
|
||||
exports.tls = true;
|
||||
exports.tlsOptions = { "rejectUnauthorized": false };
|
||||
exports.username = "${account.userName}";
|
||||
exports.password = getStdout("${toString account.passwordCommand}");
|
||||
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
|
||||
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
|
||||
exports.boxes = [ "Inbox" ];
|
||||
'';
|
||||
in
|
||||
{
|
||||
Unit = {
|
||||
Description = "Run imapnotify for imap account ${name}";
|
||||
};
|
||||
Service = {
|
||||
ExecStart= "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
|
||||
Restart = "always";
|
||||
RestartSec = "1min";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
};
|
||||
services.mbsync = {
|
||||
enable = true;
|
||||
frequency = "*:0/30";
|
||||
verbose = false;
|
||||
postExec =
|
||||
"${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
|
||||
};
|
||||
mkServiceWithName = name: account: {
|
||||
name = "imapnotify-${name}-inbox";
|
||||
value = mkService name account;
|
||||
};
|
||||
hasImapHost = name: account: account.imap != null;
|
||||
in
|
||||
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
|
||||
|
||||
programs.msmtp.enable = true;
|
||||
programs.mbsync.enable = true;
|
||||
programs.notmuch = {
|
||||
enable = true;
|
||||
hooks.postInsert = ''
|
||||
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
|
||||
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
|
||||
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
|
||||
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
|
||||
'';
|
||||
new = {
|
||||
tags = [];
|
||||
ignore = [ ".isyncuidmap.db" ];
|
||||
};
|
||||
maildir.synchronizeFlags = true;
|
||||
};
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
neomutt
|
||||
];
|
||||
file = let
|
||||
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates);
|
||||
accounts.email.accounts = config.m-0.mail.accounts;
|
||||
|
||||
systemd.user.services = let
|
||||
mkService = name: account:
|
||||
let
|
||||
configjs = pkgs.writeText "config.js" ''
|
||||
var child_process = require('child_process');
|
||||
|
||||
function getStdout(cmd) {
|
||||
var stdout = child_process.execSync(cmd);
|
||||
return stdout.toString().trim();
|
||||
}
|
||||
|
||||
exports.host = "${account.imap.host}"
|
||||
exports.port = 993
|
||||
exports.tls = true;
|
||||
exports.tlsOptions = { "rejectUnauthorized": false };
|
||||
exports.username = "${account.userName}";
|
||||
exports.password = getStdout("${toString account.passwordCommand}");
|
||||
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
|
||||
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
|
||||
exports.boxes = [ "Inbox" ];
|
||||
'';
|
||||
in {
|
||||
Unit = { Description = "Run imapnotify for imap account ${name}"; };
|
||||
Service = {
|
||||
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
|
||||
Restart = "always";
|
||||
RestartSec = "1min";
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
};
|
||||
mkServiceWithName = name: account: {
|
||||
name = "imapnotify-${name}-inbox";
|
||||
value = mkService name account;
|
||||
};
|
||||
hasImapHost = name: account: account.imap != null;
|
||||
in mapAttrs' mkServiceWithName
|
||||
(filterAttrs hasImapHost config.accounts.email.accounts);
|
||||
|
||||
programs.msmtp.enable = true;
|
||||
programs.mbsync.enable = true;
|
||||
programs.notmuch = {
|
||||
enable = true;
|
||||
hooks.postInsert = ''
|
||||
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
|
||||
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
|
||||
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
|
||||
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
|
||||
'';
|
||||
new = {
|
||||
tags = [ ];
|
||||
ignore = [ ".isyncuidmap.db" ];
|
||||
};
|
||||
maildir.synchronizeFlags = true;
|
||||
};
|
||||
home = {
|
||||
packages = with pkgs; [ neomutt ];
|
||||
file = let
|
||||
mutt_alternates = "@maralorn.de "
|
||||
+ (builtins.concatStringsSep " " me.alternates);
|
||||
show-sidebar = pkgs.writeText "show-sidebar" ''
|
||||
set sidebar_visible=yes
|
||||
bind index <up> sidebar-prev
|
||||
|
@ -95,7 +89,7 @@ programs.notmuch = {
|
|||
bind index <space> sidebar-open
|
||||
bind index <return> sidebar-open
|
||||
bind index <enter> sidebar-open
|
||||
'';
|
||||
'';
|
||||
hide-sidebar = pkgs.writeText "hide-sidebar" ''
|
||||
set sidebar_visible=no
|
||||
bind index <up> previous-undeleted
|
||||
|
@ -105,7 +99,7 @@ programs.notmuch = {
|
|||
bind index <space> display-message
|
||||
bind index <return> display-message
|
||||
bind index <enter> display-message
|
||||
'';
|
||||
'';
|
||||
mailcap = pkgs.writeText "mailcap" ''
|
||||
text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput
|
||||
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
|
||||
|
@ -113,76 +107,78 @@ programs.notmuch = {
|
|||
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
|
||||
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
|
||||
'';
|
||||
in {
|
||||
".neomuttrc".text = ''
|
||||
alternative_order text/plain text/html
|
||||
auto_view text/*
|
||||
auto_view message/*
|
||||
unset wait_key
|
||||
in {
|
||||
".neomuttrc".text = ''
|
||||
alternative_order text/plain text/html
|
||||
auto_view text/*
|
||||
auto_view message/*
|
||||
unset wait_key
|
||||
|
||||
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
|
||||
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
|
||||
bind editor <Tab> complete-query
|
||||
bind editor ^T complete
|
||||
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
|
||||
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
|
||||
bind editor <Tab> complete-query
|
||||
bind editor ^T complete
|
||||
|
||||
set crypt_use_gpgme = yes
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_auto_decode = yes
|
||||
set pgp_autosign = yes
|
||||
set pgp_replysign = yes
|
||||
set pgp_replyencrypt = yes
|
||||
set crypt_replysignencrypted = yes
|
||||
set crypt_verify_sig = yes
|
||||
set pgp_sign_as="${me.gpg}"
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_default_key="${me.gpg}"
|
||||
set timeout = 5
|
||||
set crypt_use_gpgme = yes
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_auto_decode = yes
|
||||
set pgp_autosign = yes
|
||||
set pgp_replysign = yes
|
||||
set pgp_replyencrypt = yes
|
||||
set crypt_replysignencrypted = yes
|
||||
set crypt_verify_sig = yes
|
||||
set pgp_sign_as="${me.gpg}"
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_default_key="${me.gpg}"
|
||||
set timeout = 5
|
||||
|
||||
|
||||
alternates ${mutt_alternates}
|
||||
set folder="${maildir}"
|
||||
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
|
||||
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
|
||||
set sort=threads
|
||||
set sort_aux=date-sent
|
||||
set realname="${me.name}"
|
||||
set from=fill-later
|
||||
set use_from=yes
|
||||
set fast_reply=yes
|
||||
set mailcap_path=${mailcap};
|
||||
set include=yes
|
||||
set edit_headers=yes
|
||||
set mbox_type=Maildir
|
||||
set spoolfile="${maildir}/hera/Inbox"
|
||||
set record="${maildir}/hera/Archiv/unsortiert"
|
||||
set postponed="${maildir}/hera/Drafts"
|
||||
set mail_check_stats=yes
|
||||
bind index / vfolder-from-query
|
||||
set header_cache = "~/.cache/neomutt"
|
||||
set date_format="!%y-%m-%d %H:%M"
|
||||
set mime_forward=yes
|
||||
set mime_forward_rest=yes
|
||||
alternates ${mutt_alternates}
|
||||
set folder="${maildir}"
|
||||
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
|
||||
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
|
||||
set sort=threads
|
||||
set sort_aux=date-sent
|
||||
set realname="${me.name}"
|
||||
set from=fill-later
|
||||
set use_from=yes
|
||||
set fast_reply=yes
|
||||
set mailcap_path=${mailcap};
|
||||
set include=yes
|
||||
set edit_headers=yes
|
||||
set mbox_type=Maildir
|
||||
set spoolfile="${maildir}/hera/Inbox"
|
||||
set record="${maildir}/hera/Archiv/unsortiert"
|
||||
set postponed="${maildir}/hera/Drafts"
|
||||
set mail_check_stats=yes
|
||||
bind index / vfolder-from-query
|
||||
set header_cache = "~/.cache/neomutt"
|
||||
set date_format="!%y-%m-%d %H:%M"
|
||||
set mime_forward=yes
|
||||
set mime_forward_rest=yes
|
||||
|
||||
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
|
||||
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
|
||||
|
||||
source "${hide-sidebar}"
|
||||
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
|
||||
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
|
||||
set sidebar_folder_indent=yes
|
||||
set sidebar_short_path=yes
|
||||
set sidebar_width=40
|
||||
set sidebar_sort_method="alpha"
|
||||
set sidebar_indent_string=" "
|
||||
color sidebar_indicator black white
|
||||
color sidebar_highlight white blue
|
||||
set sidebar_format = "%B%* %?N?%N/?%S"
|
||||
source "${hide-sidebar}"
|
||||
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
|
||||
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
|
||||
set sidebar_folder_indent=yes
|
||||
set sidebar_short_path=yes
|
||||
set sidebar_width=40
|
||||
set sidebar_sort_method="alpha"
|
||||
set sidebar_indent_string=" "
|
||||
color sidebar_indicator black white
|
||||
color sidebar_highlight white blue
|
||||
set sidebar_format = "%B%* %?N?%N/?%S"
|
||||
|
||||
alias f__0 ${me.name} <${me.mail}>
|
||||
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)}
|
||||
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
|
||||
'';
|
||||
alias f__0 ${me.name} <${me.mail}>
|
||||
${builtins.concatStringsSep "\n"
|
||||
(lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
|
||||
me.alternates)}
|
||||
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,117 +1,113 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
with lib;
|
||||
{
|
||||
{ lib, pkgs, config, ... }:
|
||||
with lib; {
|
||||
|
||||
options.m-0.pythia.enable = mkEnableOption "Pythia";
|
||||
config = mkIf config.m-0.pythia.enable (let
|
||||
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
|
||||
pythia = pkgs.writeShellScriptBin "pythia" ''
|
||||
datei=${pythia-path}/$(date +%Y-%m-%d)
|
||||
touch $datei
|
||||
vim $datei
|
||||
grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei
|
||||
grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei
|
||||
grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei
|
||||
grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei
|
||||
grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei
|
||||
'';
|
||||
printslow = pkgs.writeScriptBin "printslow" ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
|
||||
import fileinput
|
||||
import sys
|
||||
import time
|
||||
|
||||
for line in fileinput.input():
|
||||
for letter in line:
|
||||
print(letter, end="")
|
||||
sys.stdout.flush()
|
||||
time.sleep(0.1)
|
||||
options.m-0.pythia.enable = mkEnableOption "Pythia";
|
||||
config = mkIf config.m-0.pythia.enable (let
|
||||
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
|
||||
pythia = pkgs.writeShellScriptBin "pythia" ''
|
||||
datei=${pythia-path}/$(date +%Y-%m-%d)
|
||||
touch $datei
|
||||
vim $datei
|
||||
grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei
|
||||
grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei
|
||||
grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei
|
||||
grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei
|
||||
grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei
|
||||
'';
|
||||
fortune = ''
|
||||
${pkgs.fortune}/bin/fortune | ${run-printslow}
|
||||
echo
|
||||
sleep 5s
|
||||
'';
|
||||
threefortunes = ''
|
||||
echo Genieße drei Fortunes: | ${run-printslow}
|
||||
echo
|
||||
${fortune}
|
||||
${fortune}
|
||||
${fortune}
|
||||
'';
|
||||
run-pythia = "${pythia}/bin/pythia";
|
||||
run-printslow = "${printslow}/bin/printslow";
|
||||
hold = "echo -n '>'; read a;";
|
||||
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
|
||||
meditate = pkgs.writeShellScriptBin "meditate" ''
|
||||
cd ${pythia-path}
|
||||
i3-msg fullscreen &> /dev/null
|
||||
start=`${pkgs.taskwarrior}/bin/task calc now`
|
||||
mpv background.ogg &> /dev/null &
|
||||
${run-printslow} << EOF
|
||||
Hallo Malte,
|
||||
printslow = pkgs.writeScriptBin "printslow" ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
|
||||
hier spricht Pythia.
|
||||
import fileinput
|
||||
import sys
|
||||
import time
|
||||
|
||||
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
|
||||
|
||||
Bist Du bereit?
|
||||
EOF
|
||||
${hold}
|
||||
${run-printslow} << EOF
|
||||
Gut, dann lass uns starten.
|
||||
EOF
|
||||
sleep 3s
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
|
||||
|
||||
EOF
|
||||
sleep 1s
|
||||
${run-pythia}
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
|
||||
Achte auf Deine Atmung und Deinen Körper.
|
||||
Beruhige Deine Gedanken und gehe in Dich.
|
||||
|
||||
EOF
|
||||
${dong}
|
||||
sleep 5m
|
||||
${dong}
|
||||
${hold}
|
||||
${threefortunes}
|
||||
${run-printslow} << EOF
|
||||
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
|
||||
EOF
|
||||
sleep 3s
|
||||
${run-pythia}
|
||||
${run-printslow} << EOF
|
||||
Melde Dich, wenn Du bereit für Dein Credo bist.
|
||||
EOF
|
||||
${hold}
|
||||
${run-printslow} credo
|
||||
${hold}
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
|
||||
EOF
|
||||
${hold}
|
||||
${threefortunes}
|
||||
${dong}
|
||||
echo Dauer der Meditation | ${run-printslow}
|
||||
${pkgs.taskwarrior}/bin/task calc now-$start
|
||||
${pkgs.taskwarrior}/bin/task gen_id:meditation done
|
||||
${hold}
|
||||
exit
|
||||
for line in fileinput.input():
|
||||
for letter in line:
|
||||
print(letter, end="")
|
||||
sys.stdout.flush()
|
||||
time.sleep(0.1)
|
||||
'';
|
||||
fortune = ''
|
||||
${pkgs.fortune}/bin/fortune | ${run-printslow}
|
||||
echo
|
||||
sleep 5s
|
||||
'';
|
||||
threefortunes = ''
|
||||
echo Genieße drei Fortunes: | ${run-printslow}
|
||||
echo
|
||||
${fortune}
|
||||
${fortune}
|
||||
${fortune}
|
||||
'';
|
||||
run-pythia = "${pythia}/bin/pythia";
|
||||
run-printslow = "${printslow}/bin/printslow";
|
||||
hold = "echo -n '>'; read a;";
|
||||
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
|
||||
meditate = pkgs.writeShellScriptBin "meditate" ''
|
||||
cd ${pythia-path}
|
||||
i3-msg fullscreen &> /dev/null
|
||||
start=`${pkgs.taskwarrior}/bin/task calc now`
|
||||
mpv background.ogg &> /dev/null &
|
||||
${run-printslow} << EOF
|
||||
Hallo Malte,
|
||||
|
||||
hier spricht Pythia.
|
||||
|
||||
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
|
||||
|
||||
Bist Du bereit?
|
||||
EOF
|
||||
${hold}
|
||||
${run-printslow} << EOF
|
||||
Gut, dann lass uns starten.
|
||||
EOF
|
||||
sleep 3s
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
|
||||
|
||||
EOF
|
||||
sleep 1s
|
||||
${run-pythia}
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
|
||||
Achte auf Deine Atmung und Deinen Körper.
|
||||
Beruhige Deine Gedanken und gehe in Dich.
|
||||
|
||||
EOF
|
||||
${dong}
|
||||
sleep 5m
|
||||
${dong}
|
||||
${hold}
|
||||
${threefortunes}
|
||||
${run-printslow} << EOF
|
||||
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
|
||||
EOF
|
||||
sleep 3s
|
||||
${run-pythia}
|
||||
${run-printslow} << EOF
|
||||
Melde Dich, wenn Du bereit für Dein Credo bist.
|
||||
EOF
|
||||
${hold}
|
||||
${run-printslow} credo
|
||||
${hold}
|
||||
${run-printslow} << EOF
|
||||
|
||||
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
|
||||
EOF
|
||||
${hold}
|
||||
${threefortunes}
|
||||
${dong}
|
||||
echo Dauer der Meditation | ${run-printslow}
|
||||
${pkgs.taskwarrior}/bin/task calc now-$start
|
||||
${pkgs.taskwarrior}/bin/task gen_id:meditation done
|
||||
${hold}
|
||||
exit
|
||||
'';
|
||||
in {
|
||||
|
||||
home.packages = with pkgs; [
|
||||
pythia
|
||||
meditate
|
||||
];
|
||||
});
|
||||
home.packages = with pkgs; [ pythia meditate ];
|
||||
});
|
||||
|
||||
}
|
||||
|
|
|
@ -1,15 +1,10 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
with lib;
|
||||
{
|
||||
{ lib, pkgs, config, ... }:
|
||||
with lib; {
|
||||
|
||||
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
|
||||
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
|
||||
|
||||
config = mkIf config.m-0.rustdev.enable {
|
||||
home.packages = with pkgs; [
|
||||
rustup
|
||||
nix-prefetch-scripts
|
||||
gcc
|
||||
];
|
||||
};
|
||||
config = mkIf config.m-0.rustdev.enable {
|
||||
home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
tasksync = pkgs.writeShellScriptBin "tasksync" ''
|
||||
|
@ -6,7 +6,9 @@ let
|
|||
cd ${config.home.homeDirectory}/.task
|
||||
${pkgs.git}/bin/git add completed.data pending.data > /dev/null
|
||||
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
|
||||
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
|
||||
${pkgs.git}/bin/git pull -X ${
|
||||
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
|
||||
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
|
||||
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
|
||||
${pkgs.git}/bin/git add completed.data > /dev/null
|
||||
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
|
||||
|
@ -14,192 +16,178 @@ let
|
|||
true
|
||||
'';
|
||||
in {
|
||||
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
|
||||
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled.";
|
||||
config = mkIf config.m-0.taskwarrior.enable {
|
||||
systemd.user = {
|
||||
services.tasksync = {
|
||||
Unit = {
|
||||
Description = "Update tasks";
|
||||
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
|
||||
options.m-0.taskwarrior.git_active = mkEnableOption
|
||||
"This machine will prefer its own state in case of a merge conflict, if enabled.";
|
||||
config = mkIf config.m-0.taskwarrior.enable {
|
||||
systemd.user = {
|
||||
services.tasksync = {
|
||||
Unit = { Description = "Update tasks"; };
|
||||
Service = {
|
||||
ExecStart = "${tasksync}/bin/tasksync";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
Service = {
|
||||
ExecStart="${tasksync}/bin/tasksync";
|
||||
Type="oneshot";
|
||||
timers.tasksync = {
|
||||
Timer = { OnCalendar = "*:0/1"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
timers.tasksync = {
|
||||
Timer = {
|
||||
OnCalendar = "*:0/1";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
home = {
|
||||
packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
|
||||
file = {
|
||||
".taskrc".text = ''
|
||||
data.location=~/.task
|
||||
default.command=default
|
||||
alias.inbox=+PENDING -TAGGED limit:1
|
||||
alias.inboxall=+PENDING -TAGGED
|
||||
home = {
|
||||
packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
|
||||
file = {
|
||||
".taskrc".text = ''
|
||||
data.location=~/.task
|
||||
default.command=default
|
||||
alias.inbox=+PENDING -TAGGED limit:1
|
||||
alias.inboxall=+PENDING -TAGGED
|
||||
|
||||
verbose=blank,header,footnote,label,new-id,affected,edit,special,sync
|
||||
nag=
|
||||
verbose=blank,header,footnote,label,new-id,affected,edit,special,sync
|
||||
nag=
|
||||
|
||||
report.default.columns=id,tags,priority,description,due,start.active,project
|
||||
report.default.description=List tasks
|
||||
report.default.filter=status:pending -BLOCKED
|
||||
report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt
|
||||
report.default.sort=modified-
|
||||
report.default.columns=id,tags,priority,description,due,start.active,project
|
||||
report.default.description=List tasks
|
||||
report.default.filter=status:pending -BLOCKED
|
||||
report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt
|
||||
report.default.sort=modified-
|
||||
|
||||
uda.partof.type=string
|
||||
uda.partof.label=Parent task
|
||||
uda.generated.type=string
|
||||
uda.gen_name.type=string
|
||||
uda.gen_name.label=Generator name
|
||||
uda.gen_id.type=string
|
||||
uda.gen_id.label=Generator id
|
||||
uda.gen_orphan.type=string
|
||||
uda.gen_orphan.label=Generated orphan behavior
|
||||
uda.listposition.type=numeric
|
||||
uda.partof.type=string
|
||||
uda.partof.label=Parent task
|
||||
uda.generated.type=string
|
||||
uda.gen_name.type=string
|
||||
uda.gen_name.label=Generator name
|
||||
uda.gen_id.type=string
|
||||
uda.gen_id.label=Generator id
|
||||
uda.gen_orphan.type=string
|
||||
uda.gen_orphan.label=Generated orphan behavior
|
||||
uda.listposition.type=numeric
|
||||
|
||||
# Bugwarrior UDAs
|
||||
uda.githubtitle.type=string
|
||||
uda.githubtitle.label=Github Title
|
||||
uda.githubbody.type=string
|
||||
uda.githubbody.label=Github Body
|
||||
uda.githubcreatedon.type=date
|
||||
uda.githubcreatedon.label=Github Created
|
||||
uda.githubupdatedat.type=date
|
||||
uda.githubupdatedat.label=Github Updated
|
||||
uda.githubmilestone.type=string
|
||||
uda.githubmilestone.label=Github Milestone
|
||||
uda.githubrepo.type=string
|
||||
uda.githubrepo.label=Github Repo Slug
|
||||
uda.githuburl.type=string
|
||||
uda.githuburl.label=Github URL
|
||||
uda.githubtype.type=string
|
||||
uda.githubtype.label=Github Type
|
||||
uda.githubnumber.type=numeric
|
||||
uda.githubnumber.label=Github Issue/PR #
|
||||
uda.githubuser.type=string
|
||||
uda.githubuser.label=Github User
|
||||
uda.gitlabtitle.type=string
|
||||
uda.gitlabtitle.label=Gitlab Title
|
||||
uda.gitlabdescription.type=string
|
||||
uda.gitlabdescription.label=Gitlab Description
|
||||
uda.gitlabcreatedon.type=date
|
||||
uda.gitlabcreatedon.label=Gitlab Created
|
||||
uda.gitlabupdatedat.type=date
|
||||
uda.gitlabupdatedat.label=Gitlab Updated
|
||||
uda.gitlabduedate.type=date
|
||||
uda.gitlabduedate.label=Gitlab Due Date
|
||||
uda.gitlabmilestone.type=string
|
||||
uda.gitlabmilestone.label=Gitlab Milestone
|
||||
uda.gitlaburl.type=string
|
||||
uda.gitlaburl.label=Gitlab URL
|
||||
uda.gitlabrepo.type=string
|
||||
uda.gitlabrepo.label=Gitlab Repo Slug
|
||||
uda.gitlabtype.type=string
|
||||
uda.gitlabtype.label=Gitlab Type
|
||||
uda.gitlabnumber.type=numeric
|
||||
uda.gitlabnumber.label=Gitlab Issue/MR #
|
||||
uda.gitlabstate.type=string
|
||||
uda.gitlabstate.label=Gitlab Issue/MR State
|
||||
uda.gitlabupvotes.type=numeric
|
||||
uda.gitlabupvotes.label=Gitlab Upvotes
|
||||
uda.gitlabdownvotes.type=numeric
|
||||
uda.gitlabdownvotes.label=Gitlab Downvotes
|
||||
uda.gitlabwip.type=numeric
|
||||
uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag
|
||||
uda.gitlabauthor.type=string
|
||||
uda.gitlabauthor.label=Gitlab Author
|
||||
uda.gitlabassignee.type=string
|
||||
uda.gitlabassignee.label=Gitlab Assignee
|
||||
uda.gitlabnamespace.type=string
|
||||
uda.gitlabnamespace.label=Gitlab Namespace
|
||||
uda.gitlabweight.type=numeric
|
||||
uda.gitlabweight.label=Gitlab Weight
|
||||
# END Bugwarrior UDAs
|
||||
'';
|
||||
taskwarrior-on-add-hook = {
|
||||
target = ".task/hooks/on-add.eventd-notification";
|
||||
text = ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
import sys
|
||||
import json
|
||||
import subprocess
|
||||
# Bugwarrior UDAs
|
||||
uda.githubtitle.type=string
|
||||
uda.githubtitle.label=Github Title
|
||||
uda.githubbody.type=string
|
||||
uda.githubbody.label=Github Body
|
||||
uda.githubcreatedon.type=date
|
||||
uda.githubcreatedon.label=Github Created
|
||||
uda.githubupdatedat.type=date
|
||||
uda.githubupdatedat.label=Github Updated
|
||||
uda.githubmilestone.type=string
|
||||
uda.githubmilestone.label=Github Milestone
|
||||
uda.githubrepo.type=string
|
||||
uda.githubrepo.label=Github Repo Slug
|
||||
uda.githuburl.type=string
|
||||
uda.githuburl.label=Github URL
|
||||
uda.githubtype.type=string
|
||||
uda.githubtype.label=Github Type
|
||||
uda.githubnumber.type=numeric
|
||||
uda.githubnumber.label=Github Issue/PR #
|
||||
uda.githubuser.type=string
|
||||
uda.githubuser.label=Github User
|
||||
uda.gitlabtitle.type=string
|
||||
uda.gitlabtitle.label=Gitlab Title
|
||||
uda.gitlabdescription.type=string
|
||||
uda.gitlabdescription.label=Gitlab Description
|
||||
uda.gitlabcreatedon.type=date
|
||||
uda.gitlabcreatedon.label=Gitlab Created
|
||||
uda.gitlabupdatedat.type=date
|
||||
uda.gitlabupdatedat.label=Gitlab Updated
|
||||
uda.gitlabduedate.type=date
|
||||
uda.gitlabduedate.label=Gitlab Due Date
|
||||
uda.gitlabmilestone.type=string
|
||||
uda.gitlabmilestone.label=Gitlab Milestone
|
||||
uda.gitlaburl.type=string
|
||||
uda.gitlaburl.label=Gitlab URL
|
||||
uda.gitlabrepo.type=string
|
||||
uda.gitlabrepo.label=Gitlab Repo Slug
|
||||
uda.gitlabtype.type=string
|
||||
uda.gitlabtype.label=Gitlab Type
|
||||
uda.gitlabnumber.type=numeric
|
||||
uda.gitlabnumber.label=Gitlab Issue/MR #
|
||||
uda.gitlabstate.type=string
|
||||
uda.gitlabstate.label=Gitlab Issue/MR State
|
||||
uda.gitlabupvotes.type=numeric
|
||||
uda.gitlabupvotes.label=Gitlab Upvotes
|
||||
uda.gitlabdownvotes.type=numeric
|
||||
uda.gitlabdownvotes.label=Gitlab Downvotes
|
||||
uda.gitlabwip.type=numeric
|
||||
uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag
|
||||
uda.gitlabauthor.type=string
|
||||
uda.gitlabauthor.label=Gitlab Author
|
||||
uda.gitlabassignee.type=string
|
||||
uda.gitlabassignee.label=Gitlab Assignee
|
||||
uda.gitlabnamespace.type=string
|
||||
uda.gitlabnamespace.label=Gitlab Namespace
|
||||
uda.gitlabweight.type=numeric
|
||||
uda.gitlabweight.label=Gitlab Weight
|
||||
# END Bugwarrior UDAs
|
||||
'';
|
||||
taskwarrior-on-add-hook = {
|
||||
target = ".task/hooks/on-add.eventd-notification";
|
||||
text = ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
import sys
|
||||
import json
|
||||
import subprocess
|
||||
|
||||
input_string = sys.stdin.readline()
|
||||
original = json.loads(input_string)
|
||||
command = ['eventc', 'task', 'add']
|
||||
for name, value in original.items():
|
||||
command.append("-d")
|
||||
if type(value) == list:
|
||||
value = ', '.join(value)
|
||||
command.append(name+"='"+str(value)+"'")
|
||||
subprocess.Popen(command)
|
||||
print(input_string)
|
||||
'';
|
||||
executable = true;
|
||||
};
|
||||
taskwarrior-on-modify-hook = {
|
||||
target = ".task/hooks/on-modify.eventd-notification";
|
||||
text = ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
import sys
|
||||
import json
|
||||
import subprocess
|
||||
|
||||
input_string = sys.stdin.readline()
|
||||
original = json.loads(input_string)
|
||||
input_string = sys.stdin.readline()
|
||||
new = json.loads(input_string)
|
||||
command = ['eventc', 'task', 'modify']
|
||||
for name in set(new.keys()).union(set(original.keys())):
|
||||
if new.get(name) != original.get(name) or name == "description":
|
||||
value = new.get(name, "")
|
||||
input_string = sys.stdin.readline()
|
||||
original = json.loads(input_string)
|
||||
command = ['eventc', 'task', 'add']
|
||||
for name, value in original.items():
|
||||
command.append("-d")
|
||||
if type(value) == list:
|
||||
value = ', '.join([str(item) for item in value])
|
||||
value = ', '.join(value)
|
||||
command.append(name+"='"+str(value)+"'")
|
||||
subprocess.Popen(command)
|
||||
print(input_string)
|
||||
subprocess.Popen(command)
|
||||
print(input_string)
|
||||
'';
|
||||
executable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
xdg = let
|
||||
taskAction = name: template: {
|
||||
"eventd/task-${name}.action".text = generators.toINI {} {
|
||||
Action = {
|
||||
Name = "task-${name}";
|
||||
executable = true;
|
||||
};
|
||||
Notification = {
|
||||
Text = template;
|
||||
};
|
||||
NotificationBubble = {
|
||||
Queue = "tasks";
|
||||
taskwarrior-on-modify-hook = {
|
||||
target = ".task/hooks/on-modify.eventd-notification";
|
||||
text = ''
|
||||
#!${pkgs.python3}/bin/python
|
||||
import sys
|
||||
import json
|
||||
import subprocess
|
||||
|
||||
input_string = sys.stdin.readline()
|
||||
original = json.loads(input_string)
|
||||
input_string = sys.stdin.readline()
|
||||
new = json.loads(input_string)
|
||||
command = ['eventc', 'task', 'modify']
|
||||
for name in set(new.keys()).union(set(original.keys())):
|
||||
if new.get(name) != original.get(name) or name == "description":
|
||||
value = new.get(name, "")
|
||||
command.append("-d")
|
||||
if type(value) == list:
|
||||
value = ', '.join([str(item) for item in value])
|
||||
command.append(name+"='"+str(value)+"'")
|
||||
subprocess.Popen(command)
|
||||
print(input_string)
|
||||
'';
|
||||
executable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
in {
|
||||
configFile = {
|
||||
"eventd/task.event".text = generators.toINI {} {
|
||||
"Event task add" = {
|
||||
Actions = "task-new";
|
||||
};
|
||||
"Event task modify" = {
|
||||
Actions = "task-changed";
|
||||
xdg = let
|
||||
taskAction = name: template: {
|
||||
"eventd/task-${name}.action".text = generators.toINI { } {
|
||||
Action = { Name = "task-${name}"; };
|
||||
Notification = { Text = template; };
|
||||
NotificationBubble = { Queue = "tasks"; };
|
||||
};
|
||||
};
|
||||
} //
|
||||
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" //
|
||||
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
|
||||
in {
|
||||
configFile = {
|
||||
"eventd/task.event".text = generators.toINI { } {
|
||||
"Event task add" = { Actions = "task-new"; };
|
||||
"Event task modify" = { Actions = "task-changed"; };
|
||||
};
|
||||
} // taskAction "changed"
|
||||
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
|
||||
// taskAction "new"
|
||||
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,32 +1,27 @@
|
|||
{ pkgs, lib, config, ...}:
|
||||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
makeUnlocker = { name, hostName, pubKey, passPath }:
|
||||
let
|
||||
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
|
||||
in
|
||||
pkgs.writeShellScriptBin "unlock-${name}" ''
|
||||
echo "Waiting for host to come up";
|
||||
while true; do
|
||||
echo -n .
|
||||
/run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break;
|
||||
sleep 1s;
|
||||
done;
|
||||
echo
|
||||
echo "Ping successful; Entering disk encryption password"
|
||||
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
|
||||
'';
|
||||
in
|
||||
{
|
||||
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
|
||||
in pkgs.writeShellScriptBin "unlock-${name}" ''
|
||||
echo "Waiting for host to come up";
|
||||
while true; do
|
||||
echo -n .
|
||||
/run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break;
|
||||
sleep 1s;
|
||||
done;
|
||||
echo
|
||||
echo "Ping successful; Entering disk encryption password"
|
||||
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
|
||||
'';
|
||||
in {
|
||||
|
||||
options.m-0.unlocker = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.attrs;
|
||||
};
|
||||
options.m-0.unlocker = mkOption {
|
||||
default = [ ];
|
||||
type = types.listOf types.attrs;
|
||||
};
|
||||
|
||||
config = {
|
||||
home.packages = map makeUnlocker config.m-0.unlocker;
|
||||
};
|
||||
config = { home.packages = map makeUnlocker config.m-0.unlocker; };
|
||||
|
||||
}
|
||||
|
|
|
@ -3,107 +3,100 @@ with lib;
|
|||
let
|
||||
in {
|
||||
|
||||
options.m-0.weechat = {
|
||||
enable = mkEnableOption "Weechat";
|
||||
channels = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
pw = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.m-0.weechat.enable {
|
||||
home.file = {
|
||||
python_plugins = {
|
||||
target = ".weechat/python";
|
||||
source = ./plugins/python;
|
||||
};
|
||||
perl_plugins = {
|
||||
target = ".weechat/perl";
|
||||
source = ./plugins/perl;
|
||||
};
|
||||
plugins = {
|
||||
target = ".weechat/plugins.conf";
|
||||
text = ''
|
||||
[var]
|
||||
python.buffer_autohide.hide_inactive = on
|
||||
python.buffer_autohide.hide_private = on
|
||||
'';
|
||||
};
|
||||
weechat = {
|
||||
target = ".weechat/weechat.conf";
|
||||
text = ''
|
||||
[look]
|
||||
buffer_notify_default = "highlight"
|
||||
jump_current_to_previous_buffer = off
|
||||
|
||||
[color]
|
||||
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
|
||||
|
||||
[filter]
|
||||
irc_smart = on;*;irc_smart_filter;*
|
||||
'';
|
||||
};
|
||||
logger = {
|
||||
target = ".weechat/logger.conf";
|
||||
text = ''
|
||||
[look]
|
||||
backlog = 1000
|
||||
|
||||
[file]
|
||||
mask = "$name/%Y"
|
||||
path = "${config.home.homeDirectory}/data/logs/"
|
||||
'';
|
||||
};
|
||||
irc = {
|
||||
target = ".weechat/irc.conf";
|
||||
text = ''
|
||||
[look]
|
||||
color_nicks_in_nicklist = on
|
||||
|
||||
[server]
|
||||
freenode.addresses = "chat.freenode.net/6697"
|
||||
freenode.ssl = on
|
||||
freenode.sasl_mechanism = plain
|
||||
freenode.sasl_username = "${config.m-0.weechat.user}"
|
||||
freenode.sasl_password = "${config.m-0.weechat.pw}"
|
||||
freenode.autoconnect = on
|
||||
freenode.username = "${config.m-0.weechat.user}"
|
||||
freenode.autojoin = "#nixos,#matrix,#haskell"
|
||||
|
||||
[server]
|
||||
hackint.addresses = "irc.hackint.org/6697"
|
||||
hackint.ssl = on
|
||||
hackint.sasl_mechanism = plain
|
||||
hackint.sasl_username = "${config.m-0.weechat.user}"
|
||||
hackint.sasl_password = "${config.m-0.weechat.pw}"
|
||||
hackint.autoconnect = on
|
||||
hackint.username = "${config.m-0.weechat.user}"
|
||||
hackint.autojoin = "${config.m-0.weechat.channels}"
|
||||
'';
|
||||
options.m-0.weechat = {
|
||||
enable = mkEnableOption "Weechat";
|
||||
channels = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
user = mkOption { type = types.str; };
|
||||
pw = mkOption { type = types.str; };
|
||||
};
|
||||
|
||||
systemd.user.services = {
|
||||
weechat = {
|
||||
Unit = {
|
||||
Description = "Weechat Tmux Session";
|
||||
config = mkIf config.m-0.weechat.enable {
|
||||
home.file = {
|
||||
python_plugins = {
|
||||
target = ".weechat/python";
|
||||
source = ./plugins/python;
|
||||
};
|
||||
Service = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
|
||||
Restart = "always";
|
||||
perl_plugins = {
|
||||
target = ".weechat/perl";
|
||||
source = ./plugins/perl;
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "default.target" ];
|
||||
plugins = {
|
||||
target = ".weechat/plugins.conf";
|
||||
text = ''
|
||||
[var]
|
||||
python.buffer_autohide.hide_inactive = on
|
||||
python.buffer_autohide.hide_private = on
|
||||
'';
|
||||
};
|
||||
weechat = {
|
||||
target = ".weechat/weechat.conf";
|
||||
text = ''
|
||||
[look]
|
||||
buffer_notify_default = "highlight"
|
||||
jump_current_to_previous_buffer = off
|
||||
|
||||
[color]
|
||||
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
|
||||
|
||||
[filter]
|
||||
irc_smart = on;*;irc_smart_filter;*
|
||||
'';
|
||||
};
|
||||
logger = {
|
||||
target = ".weechat/logger.conf";
|
||||
text = ''
|
||||
[look]
|
||||
backlog = 1000
|
||||
|
||||
[file]
|
||||
mask = "$name/%Y"
|
||||
path = "${config.home.homeDirectory}/data/logs/"
|
||||
'';
|
||||
};
|
||||
irc = {
|
||||
target = ".weechat/irc.conf";
|
||||
text = ''
|
||||
[look]
|
||||
color_nicks_in_nicklist = on
|
||||
|
||||
[server]
|
||||
freenode.addresses = "chat.freenode.net/6697"
|
||||
freenode.ssl = on
|
||||
freenode.sasl_mechanism = plain
|
||||
freenode.sasl_username = "${config.m-0.weechat.user}"
|
||||
freenode.sasl_password = "${config.m-0.weechat.pw}"
|
||||
freenode.autoconnect = on
|
||||
freenode.username = "${config.m-0.weechat.user}"
|
||||
freenode.autojoin = "#nixos,#matrix,#haskell"
|
||||
|
||||
[server]
|
||||
hackint.addresses = "irc.hackint.org/6697"
|
||||
hackint.ssl = on
|
||||
hackint.sasl_mechanism = plain
|
||||
hackint.sasl_username = "${config.m-0.weechat.user}"
|
||||
hackint.sasl_password = "${config.m-0.weechat.pw}"
|
||||
hackint.autoconnect = on
|
||||
hackint.username = "${config.m-0.weechat.user}"
|
||||
hackint.autojoin = "${config.m-0.weechat.channels}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.user.services = {
|
||||
weechat = {
|
||||
Unit = { Description = "Weechat Tmux Session"; };
|
||||
Service = {
|
||||
Type = "forking";
|
||||
ExecStart =
|
||||
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
|
||||
Restart = "always";
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -6,16 +6,9 @@ neovim.override {
|
|||
customRC = builtins.readFile ./vimrc;
|
||||
packages.myVimPackage = {
|
||||
start = builtins.attrValues {
|
||||
inherit ((import <nixpkgs> {}).vimPlugins)
|
||||
vim-nix
|
||||
vimtex
|
||||
airline
|
||||
rust-vim
|
||||
fugitive
|
||||
vim-trailing-whitespace
|
||||
vim-pandoc
|
||||
vim-pandoc-syntax
|
||||
haskell-vim;
|
||||
inherit ((import <nixpkgs> { }).vimPlugins)
|
||||
vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
|
||||
vim-pandoc vim-pandoc-syntax haskell-vim;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript;
|
||||
sources = import ../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
home = {
|
||||
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
|
||||
sessionVariables = {
|
||||
NIX_PATH = "$HOME/.nix-path";
|
||||
};
|
||||
packages =
|
||||
builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
|
||||
sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
|
||||
file = {
|
||||
home-manager-source = {
|
||||
target = ".nix-path/home-manager";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
home = {
|
||||
username = "maralorn";
|
||||
homeDirectory = "/home/maralorn";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
|
||||
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
|
||||
cd $HOME/data/aktuell/media/ebooks/morgenreport/
|
||||
DATE=`date +%Y-%m-%d`
|
||||
PATH=$PATH:/run/wrappers/bin/
|
||||
|
@ -11,24 +11,18 @@ morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
|
|||
echo "File created, sending to kindle now …"
|
||||
echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
|
||||
'';
|
||||
urls = [ "https://erdspektive.org/feed/" ];
|
||||
urls = [ "https://erdspektive.org/feed/" ];
|
||||
in {
|
||||
home.packages = [ morgenreport-script];
|
||||
home.packages = [ morgenreport-script ];
|
||||
systemd.user = {
|
||||
services.morgenreport = {
|
||||
Unit = {
|
||||
Description = "Send morgenreport to kindle";
|
||||
};
|
||||
Unit = { Description = "Send morgenreport to kindle"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport";
|
||||
};
|
||||
};
|
||||
timers.morgenreport = {
|
||||
Timer = {
|
||||
OnCalendar = "20:00";
|
||||
ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
|
||||
};
|
||||
};
|
||||
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.sort-mail =
|
||||
let
|
||||
services.sort-mail = let
|
||||
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
|
||||
${pkgs.isync}/bin/mbsync -a
|
||||
|
||||
|
@ -17,20 +15,14 @@
|
|||
|
||||
${pkgs.isync}/bin/mbsync -a
|
||||
'';
|
||||
in {
|
||||
Unit = {
|
||||
Description = "Sort E-Mails";
|
||||
};
|
||||
in {
|
||||
Unit = { Description = "Sort E-Mails"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail";
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
|
||||
};
|
||||
};
|
||||
};
|
||||
timers.sort-mail = {
|
||||
Timer = {
|
||||
OnCalendar = "minutely";
|
||||
};
|
||||
};
|
||||
timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
|
||||
path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
|
||||
home-manager = (import ../../home-manager {
|
||||
inherit pkgs;
|
||||
inherit path;
|
||||
|
@ -8,13 +8,11 @@ let
|
|||
in {
|
||||
systemd.user = {
|
||||
services.update-hm = {
|
||||
Unit = {
|
||||
Description = "Update home-manager";
|
||||
};
|
||||
Unit = { Description = "Update home-manager"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="${home-manager}/bin/home-manager switch";
|
||||
ExecStart = "${home-manager}/bin/home-manager switch";
|
||||
};
|
||||
};
|
||||
timers.update-hm = {
|
||||
|
|
|
@ -1,34 +1,29 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
colors = config.common.colors;
|
||||
let colors = config.common.colors;
|
||||
in {
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
rxvt_unicode-with-plugins
|
||||
];
|
||||
};
|
||||
home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
|
||||
xresources.properties = {
|
||||
"*transparent" = true;
|
||||
"*tintColor" = colors.background;
|
||||
"*scrollBar" = false;
|
||||
"*transparent" = true;
|
||||
"*tintColor" = colors.background;
|
||||
"*scrollBar" = false;
|
||||
"*urgentOnBell" = true;
|
||||
"*background" = colors.background;
|
||||
"*foreground" = colors.foreground;
|
||||
"*color0" = colors.black;
|
||||
"*color8" = colors.brightBlack;
|
||||
"*color1" = colors.red;
|
||||
"*color9" = colors.brightRed;
|
||||
"*color2" = colors.green;
|
||||
"*background" = colors.background;
|
||||
"*foreground" = colors.foreground;
|
||||
"*color0" = colors.black;
|
||||
"*color8" = colors.brightBlack;
|
||||
"*color1" = colors.red;
|
||||
"*color9" = colors.brightRed;
|
||||
"*color2" = colors.green;
|
||||
"*color10" = colors.brightGreen;
|
||||
"*color3" = colors.yellow;
|
||||
"*color3" = colors.yellow;
|
||||
"*color11" = colors.brightYellow;
|
||||
"*color4" = colors.blue;
|
||||
"*color4" = colors.blue;
|
||||
"*color12" = colors.brightBlue;
|
||||
"*color5" = colors.magenta;
|
||||
"*color5" = colors.magenta;
|
||||
"*color13" = colors.brightMagenta;
|
||||
"*color6" = colors.cyan;
|
||||
"*color6" = colors.cyan;
|
||||
"*color14" = colors.brightCyan;
|
||||
"*color7" = colors.white;
|
||||
"*color7" = colors.white;
|
||||
"*color15" = colors.brightWhite;
|
||||
"*boldFont" = "";
|
||||
};
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays;
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path gcRetentionDays;
|
||||
inherit (import ./lib.nix) update-home;
|
||||
configPath = "/home/${config.home.username}/git/nixos/config";
|
||||
home-maintenance = writeHaskellScript
|
||||
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} ''
|
||||
home-maintenance = writeHaskellScript {
|
||||
name = "home-maintenance";
|
||||
imports = [ ];
|
||||
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
|
||||
} ''
|
||||
main = do
|
||||
git "-C" "${configPath}" "pull"
|
||||
update_home
|
||||
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
|
||||
nix "optimise-store"
|
||||
'';
|
||||
in
|
||||
{
|
||||
in {
|
||||
home = {
|
||||
packages = builtins.attrValues {
|
||||
inherit home-maintenance get-niv-path;
|
||||
|
|
|
@ -1,26 +1,18 @@
|
|||
{ config, lib, pkgs , ... }:
|
||||
let
|
||||
inherit (import ../common/pkgs.nix) eventd;
|
||||
in
|
||||
{
|
||||
{ config, lib, pkgs, ... }:
|
||||
let inherit (import ../common/pkgs.nix) eventd;
|
||||
in {
|
||||
systemd.user = {
|
||||
services.update_tasks = {
|
||||
Unit = {
|
||||
Description = "Update taskwarrior tasks";
|
||||
};
|
||||
Unit = { Description = "Update taskwarrior tasks"; };
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
Environment="PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
|
||||
ExecStart= "${config.home.homeDirectory}/.cargo/bin/update_tasks";
|
||||
Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
|
||||
ExecStart = "${config.home.homeDirectory}/.cargo/bin/update_tasks";
|
||||
};
|
||||
};
|
||||
timers.update_tasks = {
|
||||
Timer = {
|
||||
OnCalendar = "hourly";
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "timers.target" ];
|
||||
};
|
||||
Timer = { OnCalendar = "hourly"; };
|
||||
Install = { WantedBy = [ "timers.target" ]; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
{pkgs, ... }: {
|
||||
{ pkgs, ... }: {
|
||||
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = true;
|
||||
enableCompletion = true;
|
||||
history = {
|
||||
save = 100000;
|
||||
size = 100000;
|
||||
};
|
||||
initExtra = builtins.readFile ./zshrc;
|
||||
oh-my-zsh = {
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
plugins = [ "colored-man-pages" "git-prompt" ];
|
||||
enableAutosuggestions = true;
|
||||
enableCompletion = true;
|
||||
history = {
|
||||
save = 100000;
|
||||
size = 100000;
|
||||
};
|
||||
initExtra = builtins.readFile ./zshrc;
|
||||
oh-my-zsh = {
|
||||
enable = true;
|
||||
plugins = [ "colored-man-pages" "git-prompt" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -8,116 +8,115 @@ let
|
|||
nixos-hardware = (import ../../nix/sources.nix).nixos-hardware;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
"${nixos-hardware}/lenovo/thinkpad"
|
||||
"${nixos-hardware}/common/pc/ssd"
|
||||
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
|
||||
./hardware-configuration.nix
|
||||
../../system
|
||||
../../system/fonts.nix
|
||||
../../system/standalone.nix
|
||||
];
|
||||
imports = [
|
||||
"${nixos-hardware}/lenovo/thinkpad"
|
||||
"${nixos-hardware}/common/pc/ssd"
|
||||
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
|
||||
./hardware-configuration.nix
|
||||
../../system
|
||||
../../system/fonts.nix
|
||||
../../system/standalone.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
firewall.allowedTCPPorts = [ 8888 ];
|
||||
firewall.allowedUDPPorts = [ 30000 ];
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = [ "${hosts.apollo-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
|
||||
peers = [
|
||||
{
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
firewall.allowedTCPPorts = [ 8888 ];
|
||||
firewall.allowedUDPPorts = [ 30000 ];
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = [ "${hosts.apollo-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
|
||||
peers = [{
|
||||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = [ "::/0" ];
|
||||
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
|
||||
}];
|
||||
postSetup =
|
||||
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
m-0 = {
|
||||
laptop.enable = true;
|
||||
};
|
||||
m-0 = { laptop.enable = true; };
|
||||
|
||||
#let
|
||||
#let
|
||||
#secretsFile = "/var/lib/luks-secret/key";
|
||||
#secretsInitrd = "/boot/grub/secrets-initrd.gz";
|
||||
#in
|
||||
#{
|
||||
#in
|
||||
#{
|
||||
#imports = [
|
||||
|
||||
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
|
||||
#boot.initrd.luks.devices."root" = {
|
||||
#fallbackToPassword = true;
|
||||
#keyFile = secretsFile;
|
||||
#};
|
||||
## copy the secret into the additional initramfs. `null` means same path
|
||||
#boot.initrd.secrets."${secretsFile}" = null;
|
||||
#})
|
||||
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
|
||||
#boot.initrd.luks.devices."root" = {
|
||||
#fallbackToPassword = true;
|
||||
#keyFile = secretsFile;
|
||||
#};
|
||||
## copy the secret into the additional initramfs. `null` means same path
|
||||
#boot.initrd.secrets."${secretsFile}" = null;
|
||||
#})
|
||||
|
||||
#({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) {
|
||||
#boot.loader = {
|
||||
#supportsInitrdSecrets = lib.mkForce true;
|
||||
#grub.extraInitrd = secretsInitrd;
|
||||
#grub.extraPrepareConfig = ''
|
||||
#${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
|
||||
#'';
|
||||
#};
|
||||
#})
|
||||
#({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) {
|
||||
#boot.loader = {
|
||||
#supportsInitrdSecrets = lib.mkForce true;
|
||||
#grub.extraInitrd = secretsInitrd;
|
||||
#grub.extraPrepareConfig = ''
|
||||
#${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
|
||||
#'';
|
||||
#};
|
||||
#})
|
||||
#];
|
||||
#}
|
||||
#}
|
||||
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
efiSysMountPoint = "/boot/EFI";
|
||||
};
|
||||
grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "nodev";
|
||||
efiSupport = true;
|
||||
enableCryptodisk = true;
|
||||
gfxmodeEfi = "1024x768";
|
||||
};
|
||||
grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "nodev";
|
||||
efiSupport = true;
|
||||
enableCryptodisk = true;
|
||||
gfxmodeEfi = "1024x768";
|
||||
};
|
||||
|
||||
};
|
||||
supportedFilesystems = [ "exfat" ];
|
||||
};
|
||||
|
||||
services = {
|
||||
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
|
||||
autorandr.enable = true;
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
startAt = [];
|
||||
exclude = [
|
||||
"/home/${me.user}/data/aktuell/media"
|
||||
"/home/${me.user}/data/.stversions"
|
||||
];
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
};
|
||||
supportedFilesystems = [ "exfat" ];
|
||||
};
|
||||
};
|
||||
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
services = {
|
||||
prometheus.exporters.node.firewallFilter =
|
||||
"-i m0wire -p tcp -m tcp --dport 9100";
|
||||
autorandr.enable = true;
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
startAt = [ ];
|
||||
exclude = [
|
||||
"/home/${me.user}/data/aktuell/media"
|
||||
"/home/${me.user}/data/.stversions"
|
||||
];
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
};
|
||||
};
|
||||
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
|
||||
+ /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory =
|
||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -4,29 +4,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
|
||||
boot.initrd.luks.devices."nixos".device =
|
||||
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
|
||||
|
||||
fileSystems."/boot/EFI" =
|
||||
{ device = "/dev/disk/by-uuid/C4A6-3DB5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot/EFI" = {
|
||||
device = "/dev/disk/by-uuid/C4A6-3DB5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
|
|
|
@ -1,40 +1,41 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
{ pkgs, config, ... }: {
|
||||
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-my-machine.nix
|
||||
../../home-manager/battery.nix
|
||||
../../home-manager/update_tasks.nix
|
||||
../../home-manager/desktop
|
||||
];
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-my-machine.nix
|
||||
../../home-manager/battery.nix
|
||||
../../home-manager/update_tasks.nix
|
||||
../../home-manager/desktop
|
||||
];
|
||||
|
||||
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
|
||||
home.packages =
|
||||
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
|
||||
|
||||
m-0 = {
|
||||
hostName = "apollo";
|
||||
latex.enable = true;
|
||||
accounting = {
|
||||
enable = true;
|
||||
config = builtins.readFile secret/jaliconfig.py;
|
||||
m-0 = {
|
||||
hostName = "apollo";
|
||||
latex.enable = true;
|
||||
accounting = {
|
||||
enable = true;
|
||||
config = builtins.readFile secret/jaliconfig.py;
|
||||
};
|
||||
rustdev.enable = true;
|
||||
taskwarrior = {
|
||||
enable = true;
|
||||
git_active = true;
|
||||
};
|
||||
pythia.enable = true;
|
||||
unlocker = [{
|
||||
name = "hera";
|
||||
hostName = "hera-v4";
|
||||
pubKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
|
||||
passPath = "eu/m-0/hera/disk";
|
||||
}];
|
||||
mail = {
|
||||
enable = true;
|
||||
accounts = config.m-0.private.mail_accounts;
|
||||
};
|
||||
};
|
||||
rustdev.enable = true;
|
||||
taskwarrior = {
|
||||
enable = true;
|
||||
git_active = true;
|
||||
};
|
||||
pythia.enable = true;
|
||||
unlocker = [ {
|
||||
name = "hera";
|
||||
hostName = "hera-v4";
|
||||
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
|
||||
passPath = "eu/m-0/hera/disk";
|
||||
} ];
|
||||
mail = {
|
||||
enable = true;
|
||||
accounts = config.m-0.private.mail_accounts;
|
||||
};
|
||||
};
|
||||
|
||||
home.file.".ncmpcpp/config".text = ''
|
||||
ask_before_clearing_playlists=no
|
||||
|
@ -46,9 +47,7 @@ m-0 = {
|
|||
user_interface = alternative
|
||||
'';
|
||||
programs = {
|
||||
firefox = {
|
||||
enable = true;
|
||||
};
|
||||
firefox = { enable = true; };
|
||||
git = {
|
||||
signing = {
|
||||
signByDefault = true;
|
||||
|
@ -65,74 +64,80 @@ m-0 = {
|
|||
network-manager-applet.enable = true;
|
||||
};
|
||||
|
||||
programs.autorandr = {
|
||||
enable = true;
|
||||
hooks = {
|
||||
postswitch = {
|
||||
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
|
||||
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
|
||||
};
|
||||
};
|
||||
profiles = {
|
||||
"home" = {
|
||||
fingerprint = {
|
||||
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
};
|
||||
DP-2-2 = {
|
||||
enable = true;
|
||||
position = "4000x0";
|
||||
mode = "1920x1080";
|
||||
};
|
||||
DP-2-1 = {
|
||||
enable = true;
|
||||
position = "2560x0";
|
||||
mode = "1440x900";
|
||||
};
|
||||
programs.autorandr = {
|
||||
enable = true;
|
||||
hooks = {
|
||||
postswitch = {
|
||||
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
|
||||
"update-background" =
|
||||
"${pkgs.systemd}/bin/systemctl --user restart random-background.service";
|
||||
};
|
||||
};
|
||||
"work" = {
|
||||
fingerprint = {
|
||||
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
profiles = {
|
||||
"home" = {
|
||||
fingerprint = {
|
||||
"DP-2-2" =
|
||||
"00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"DP-2-1" =
|
||||
"00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
|
||||
};
|
||||
DP-2 = {
|
||||
enable = true;
|
||||
position = "2560x0";
|
||||
mode = "1920x1080";
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
};
|
||||
DP-2-2 = {
|
||||
enable = true;
|
||||
position = "4000x0";
|
||||
mode = "1920x1080";
|
||||
};
|
||||
DP-2-1 = {
|
||||
enable = true;
|
||||
position = "2560x0";
|
||||
mode = "1440x900";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
"default" = {
|
||||
fingerprint = {
|
||||
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
"work" = {
|
||||
fingerprint = {
|
||||
"DP-2" =
|
||||
"00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
};
|
||||
DP-2 = {
|
||||
enable = true;
|
||||
position = "2560x0";
|
||||
mode = "1920x1080";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
"default" = {
|
||||
fingerprint = {
|
||||
"eDP-1" =
|
||||
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
|
||||
};
|
||||
config = {
|
||||
eDP-1 = {
|
||||
enable = true;
|
||||
primary = true;
|
||||
position = "0x0";
|
||||
mode = "2560x1440";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,18 +1,17 @@
|
|||
{config, lib, ...}:
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
services = mkIf config.m-0.standalone.enable {
|
||||
syncthing = {
|
||||
dataDir = "/home/${me.user}/.config/syncthing";
|
||||
enable = true;
|
||||
group = "users";
|
||||
user = me.user;
|
||||
openDefaultPorts = true;
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
services = mkIf config.m-0.standalone.enable {
|
||||
syncthing = {
|
||||
dataDir = "/home/${me.user}/.config/syncthing";
|
||||
enable = true;
|
||||
group = "users";
|
||||
user = me.user;
|
||||
openDefaultPorts = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,80 +1,76 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-foreign-machine.nix
|
||||
];
|
||||
{ pkgs, config, ... }: {
|
||||
imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
|
||||
|
||||
systemd.user.systemctlPath = "/usr/bin/systemctl";
|
||||
systemd.user.systemctlPath = "/usr/bin/systemctl";
|
||||
|
||||
|
||||
m-0 = {
|
||||
hostName = "fb04217";
|
||||
#latex.enable = true;
|
||||
#taskwarrior = {
|
||||
# enable = true;
|
||||
# git_active = true;
|
||||
#};
|
||||
#update_tasks.enable = true;
|
||||
#eventd.enable = true;
|
||||
#pythia.enable = true;
|
||||
};
|
||||
|
||||
home = {
|
||||
username = "brandy";
|
||||
homeDirectory = "/home/brandy";
|
||||
language = {
|
||||
base = "C.UTF-8";
|
||||
address = "C.UTF-8";
|
||||
monetary = "C.UTF-8";
|
||||
paper = "C.UTF-8";
|
||||
time = "C.UTF-8";
|
||||
m-0 = {
|
||||
hostName = "fb04217";
|
||||
#latex.enable = true;
|
||||
#taskwarrior = {
|
||||
# enable = true;
|
||||
# git_active = true;
|
||||
#};
|
||||
#update_tasks.enable = true;
|
||||
#eventd.enable = true;
|
||||
#pythia.enable = true;
|
||||
};
|
||||
sessionVariables = {
|
||||
LANGUAGE="en_US";
|
||||
LC_CTYPE="C.UTF-8";
|
||||
LC_NUMERIC="C.UTF-8";
|
||||
LC_COLLATE="C.UTF-8";
|
||||
LC_MESSAGES="C.UTF-8";
|
||||
LC_NAME="C.UTF-8";
|
||||
LC_TELEPHONE="C.UTF-8";
|
||||
LC_MEASUREMENT="C.UTF-8";
|
||||
LC_IDENTIFICATION="C.UTF-8";
|
||||
};
|
||||
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
|
||||
file = {
|
||||
".bashrc".text = ''
|
||||
[ -z "$PS1" ] && return
|
||||
unset __HM_SESS_VARS_SOURCED
|
||||
if [[ -z "$NIX_PATH" ]]
|
||||
then
|
||||
exec ~/bin/with-nix zsh
|
||||
else
|
||||
exec zsh
|
||||
fi
|
||||
'';
|
||||
"bin" = {
|
||||
source = ./bootstrap-bin;
|
||||
recursive = true;
|
||||
|
||||
home = {
|
||||
username = "brandy";
|
||||
homeDirectory = "/home/brandy";
|
||||
language = {
|
||||
base = "C.UTF-8";
|
||||
address = "C.UTF-8";
|
||||
monetary = "C.UTF-8";
|
||||
paper = "C.UTF-8";
|
||||
time = "C.UTF-8";
|
||||
};
|
||||
sessionVariables = {
|
||||
LANGUAGE = "en_US";
|
||||
LC_CTYPE = "C.UTF-8";
|
||||
LC_NUMERIC = "C.UTF-8";
|
||||
LC_COLLATE = "C.UTF-8";
|
||||
LC_MESSAGES = "C.UTF-8";
|
||||
LC_NAME = "C.UTF-8";
|
||||
LC_TELEPHONE = "C.UTF-8";
|
||||
LC_MEASUREMENT = "C.UTF-8";
|
||||
LC_IDENTIFICATION = "C.UTF-8";
|
||||
};
|
||||
forceCopies.paths =
|
||||
[ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
|
||||
file = {
|
||||
".bashrc".text = ''
|
||||
[ -z "$PS1" ] && return
|
||||
unset __HM_SESS_VARS_SOURCED
|
||||
if [[ -z "$NIX_PATH" ]]
|
||||
then
|
||||
exec ~/bin/with-nix zsh
|
||||
else
|
||||
exec zsh
|
||||
fi
|
||||
'';
|
||||
"bin" = {
|
||||
source = ./bootstrap-bin;
|
||||
recursive = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
packages = [
|
||||
(pkgs.writeShellScriptBin "maintenance" ''
|
||||
set -e
|
||||
cd ~/git/nixos/nixpkgs
|
||||
git checkout nixos-local
|
||||
git pull --no-edit upstream nixos-19.03
|
||||
git pull --no-edit origin nixos-maralorn
|
||||
cd ~/git/nixos/home-manager
|
||||
git checkout home-manager-local
|
||||
git pull --no-edit upstream release-19.03
|
||||
git pull --no-edit origin home-manager-maralorn
|
||||
home-manager switch
|
||||
nix-collect-garbage --delete-older-than 5d
|
||||
nix-store --optimise
|
||||
'')
|
||||
] ++ ((import ../../common/pkgs.nix).);
|
||||
};
|
||||
packages = [
|
||||
(pkgs.writeShellScriptBin "maintenance" ''
|
||||
set -e
|
||||
cd ~/git/nixos/nixpkgs
|
||||
git checkout nixos-local
|
||||
git pull --no-edit upstream nixos-19.03
|
||||
git pull --no-edit origin nixos-maralorn
|
||||
cd ~/git/nixos/home-manager
|
||||
git checkout home-manager-local
|
||||
git pull --no-edit upstream release-19.03
|
||||
git pull --no-edit origin home-manager-maralorn
|
||||
home-manager switch
|
||||
nix-collect-garbage --delete-older-than 5d
|
||||
nix-store --optimise
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.nix-gc = {
|
||||
Unit = {
|
||||
Description = "Collect garbage";
|
||||
};
|
||||
Unit = { Description = "Collect garbage"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
|
||||
ExecStart =
|
||||
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
|
||||
};
|
||||
};
|
||||
timers.nix-gc = {
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.nix-update = {
|
||||
Unit = {
|
||||
Description = "Update nix-channel";
|
||||
};
|
||||
Unit = { Description = "Update nix-channel"; };
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart="${pkgs.nix}/bin/nix-channel --update";
|
||||
ExecStart = "${pkgs.nix}/bin/nix-channel --update";
|
||||
};
|
||||
};
|
||||
timers.nix-update = {
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
systemd.user = {
|
||||
services.syncthing = {
|
||||
Unit = {
|
||||
Description = "Syncthing";
|
||||
ConditionHost = "fb04217";
|
||||
Wants= "syncthing-inotify.service";
|
||||
Wants = "syncthing-inotify.service";
|
||||
};
|
||||
|
||||
Service = {
|
||||
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
|
||||
Restart="on-failure";
|
||||
SuccessExitStatus="3 4";
|
||||
RestartForceExitStatus="3 4";
|
||||
ExecStart =
|
||||
"${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
|
||||
Restart = "on-failure";
|
||||
SuccessExitStatus = "3 4";
|
||||
RestartForceExitStatus = "3 4";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,33 +1,30 @@
|
|||
{ ... }:
|
||||
{
|
||||
{ ... }: {
|
||||
|
||||
m-0.server.initSSHKey = ./secret/boot_rsa;
|
||||
m-0.server.initSSHKey = ./secret/boot_rsa;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
|
||||
};
|
||||
};
|
||||
supportedFilesystems = [ "exfat" ];
|
||||
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
|
||||
initrd = {
|
||||
postMountCommands = ''
|
||||
ip address flush dev eth0
|
||||
ip link set eth0 down
|
||||
'';
|
||||
luks.devices = [{
|
||||
name = "root";
|
||||
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}];
|
||||
};
|
||||
};
|
||||
supportedFilesystems = [ "exfat" ];
|
||||
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
|
||||
initrd = {
|
||||
postMountCommands = ''
|
||||
ip address flush dev eth0
|
||||
ip link set eth0 down
|
||||
'';
|
||||
luks.devices = [
|
||||
{
|
||||
name = "root";
|
||||
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
containers.borg = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, ... }: {
|
||||
imports = [../../system];
|
||||
imports = [ ../../system ];
|
||||
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }];
|
||||
ipv6.addresses = [{
|
||||
address = config.m-0.hosts.borg;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = config.m-0.hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
@ -3,25 +3,34 @@ with lib;
|
|||
let
|
||||
inherit (config.m-0.private) me cloud;
|
||||
inherit (config.m-0) hosts;
|
||||
nextcloud-container = { v6, v4, hostname , news-updater ? false}: {
|
||||
nextcloud-container = { v6, v4, hostname, news-updater ? false }: {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, ... }: {
|
||||
disabledModules = [ "services/web-apps/nextcloud.nix" ];
|
||||
imports = [
|
||||
../../system
|
||||
./nextcloud.nix
|
||||
];
|
||||
imports = [ ../../system ./nextcloud.nix ];
|
||||
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = v6; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = v4; prefixLength = 24; }];
|
||||
ipv6.addresses = [{
|
||||
address = v6;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
|
@ -58,9 +67,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
redis = {
|
||||
enable = true;
|
||||
};
|
||||
redis = { enable = true; };
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
|
@ -71,10 +78,10 @@ let
|
|||
};
|
||||
};
|
||||
systemd = {
|
||||
services ={
|
||||
"nextcloud-setup"= {
|
||||
requires = ["postgresql.service"];
|
||||
after = ["postgresql.service"];
|
||||
services = {
|
||||
"nextcloud-setup" = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
"nextcloud-news-updater" = mkIf news-updater {
|
||||
startAt = "20:00";
|
||||
|
@ -82,15 +89,15 @@ let
|
|||
Type = "oneshot";
|
||||
User = "nextcloud";
|
||||
ExecStart = let
|
||||
config = pkgs.writeText "updater.ini" (generators.toINI {} {
|
||||
config = pkgs.writeText "updater.ini" (generators.toINI { } {
|
||||
updater = {
|
||||
user = cloud.adminuser;
|
||||
password = cloud.adminpass;
|
||||
url = "https://${hostname}/";
|
||||
mode = "singlerun";
|
||||
};});
|
||||
in
|
||||
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
|
||||
};
|
||||
});
|
||||
in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -100,10 +107,22 @@ let
|
|||
|
||||
in {
|
||||
m-0.monitoring = [
|
||||
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; }
|
||||
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; }
|
||||
{ name = "cloud"; host = "cloud:9100"; }
|
||||
{ name = "cloud-nginx"; host = "cloud:9113"; }
|
||||
{
|
||||
name = "mathechor-cloud";
|
||||
host = "mathechor-cloud:9100";
|
||||
}
|
||||
{
|
||||
name = "mathechor-cloud-nginx";
|
||||
host = "mathechor-cloud:9113";
|
||||
}
|
||||
{
|
||||
name = "cloud";
|
||||
host = "cloud:9100";
|
||||
}
|
||||
{
|
||||
name = "cloud-nginx";
|
||||
host = "cloud:9113";
|
||||
}
|
||||
];
|
||||
containers = {
|
||||
chor-cloud = nextcloud-container {
|
||||
|
|
|
@ -3,57 +3,56 @@
|
|||
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
|
||||
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
|
||||
|
||||
let
|
||||
inherit (config.m-0.private) me;
|
||||
let inherit (config.m-0.private) me;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../system
|
||||
../../system/test-timer.nix
|
||||
../../system/standalone.nix
|
||||
../../system/server.nix
|
||||
../../system/git.nix
|
||||
./borg.nix
|
||||
./mail.nix
|
||||
./boot.nix
|
||||
./cloud.nix
|
||||
./web.nix
|
||||
./monitoring.nix
|
||||
./network.nix
|
||||
./matrix.nix
|
||||
./secret
|
||||
];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../system
|
||||
../../system/test-timer.nix
|
||||
../../system/standalone.nix
|
||||
../../system/server.nix
|
||||
../../system/git.nix
|
||||
./borg.nix
|
||||
./mail.nix
|
||||
./boot.nix
|
||||
./cloud.nix
|
||||
./web.nix
|
||||
./monitoring.nix
|
||||
./network.nix
|
||||
./matrix.nix
|
||||
./secret
|
||||
];
|
||||
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
keys = me.keys;
|
||||
protocol = "ssh-ng";
|
||||
};
|
||||
|
||||
services = {
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
keys = me.keys;
|
||||
protocol = "ssh-ng";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.choreutes = {
|
||||
linger = true;
|
||||
description = "choreutes";
|
||||
isNormalUser = true;
|
||||
uid = 1001;
|
||||
extraGroups = [ "wheel" "systemd-journal" ];
|
||||
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
|
||||
};
|
||||
services = {
|
||||
borgbackup.jobs.data = {
|
||||
doInit = false;
|
||||
encryption.mode = "none";
|
||||
paths = "/home/${me.user}/data";
|
||||
repo = "borg@borg:.";
|
||||
compression = "zstd,5";
|
||||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.03"; # Did you read the comment?
|
||||
users.users.choreutes = {
|
||||
linger = true;
|
||||
description = "choreutes";
|
||||
isNormalUser = true;
|
||||
uid = 1001;
|
||||
extraGroups = [ "wheel" "systemd-journal" ];
|
||||
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.03"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
|
|
@ -4,27 +4,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
];
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/3D8A-20F0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/3D8A-20F0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
}
|
||||
|
|
|
@ -1,28 +1,24 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
{ pkgs, config, ... }: {
|
||||
|
||||
imports = [
|
||||
../../home-manager
|
||||
../../home-manager/on-my-machine.nix
|
||||
./secret
|
||||
];
|
||||
imports =
|
||||
[ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
|
||||
|
||||
m-0 = {
|
||||
hostName = "hera";
|
||||
taskwarrior.enable = false;
|
||||
bugwarrior.enable = false;
|
||||
rustdev.enable = false;
|
||||
eventd.enable = false;
|
||||
mail = {
|
||||
enable = true;
|
||||
accounts = config.m-0.private.mail_accounts;
|
||||
m-0 = {
|
||||
hostName = "hera";
|
||||
taskwarrior.enable = false;
|
||||
bugwarrior.enable = false;
|
||||
rustdev.enable = false;
|
||||
eventd.enable = false;
|
||||
mail = {
|
||||
enable = true;
|
||||
accounts = config.m-0.private.mail_accounts;
|
||||
};
|
||||
weechat = {
|
||||
enable = true;
|
||||
user = config.m-0.private.hackint.user;
|
||||
pw = config.m-0.private.hackint.hackint_pw;
|
||||
channels = config.m-0.private.hackint.channels;
|
||||
};
|
||||
};
|
||||
weechat = {
|
||||
enable = true;
|
||||
user = config.m-0.private.hackint.user;
|
||||
pw = config.m-0.private.hackint.hackint_pw;
|
||||
channels = config.m-0.private.hackint.channels;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -2,91 +2,97 @@
|
|||
let
|
||||
certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
inherit (config.services.prometheus.exporters.node) firewallFilter;
|
||||
in
|
||||
{
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 25 143 587 993 ];
|
||||
extraCommands = ''
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
|
||||
'';
|
||||
};
|
||||
in {
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 25 143 587 993 ];
|
||||
extraCommands = ''
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept
|
||||
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
|
||||
'';
|
||||
};
|
||||
|
||||
m-0.monitoring = [
|
||||
{ name = "mail-server"; host = "hera-intern:9101"; }
|
||||
{ name = "postfix"; host = "hera-intern:9154"; }
|
||||
{ name = "dovecot"; host = "hera-intern:9166"; }
|
||||
];
|
||||
m-0.monitoring = [
|
||||
{
|
||||
name = "mail-server";
|
||||
host = "hera-intern:9101";
|
||||
}
|
||||
{
|
||||
name = "postfix";
|
||||
host = "hera-intern:9154";
|
||||
}
|
||||
{
|
||||
name = "dovecot";
|
||||
host = "hera-intern:9166";
|
||||
}
|
||||
];
|
||||
|
||||
containers.mail = {
|
||||
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
|
||||
autoStart = true;
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
"${(import ../../nix/sources.nix).nixos-mailserver}"
|
||||
];
|
||||
services.prometheus.exporters = {
|
||||
node.port = 9101;
|
||||
postfix = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
inherit firewallFilter;
|
||||
systemd.enable = true;
|
||||
};
|
||||
dovecot = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
inherit firewallFilter;
|
||||
};
|
||||
};
|
||||
systemd.services = {
|
||||
atomail = {
|
||||
script =
|
||||
let
|
||||
atomail = pkgs.fetchFromGitHub {
|
||||
owner = "remko";
|
||||
repo = "atomail";
|
||||
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
|
||||
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
|
||||
};
|
||||
in ''
|
||||
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
|
||||
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
|
||||
'';
|
||||
startAt = "19:58:00";
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
rss-server = {
|
||||
preStart = "mkdir -p /var/www";
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/www";
|
||||
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
|
||||
containers.mail = {
|
||||
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
|
||||
autoStart = true;
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports =
|
||||
[ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
|
||||
services.prometheus.exporters = {
|
||||
node.port = 9101;
|
||||
postfix = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
inherit firewallFilter;
|
||||
systemd.enable = true;
|
||||
};
|
||||
dovecot = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
inherit firewallFilter;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
mailserver = {
|
||||
enable = true;
|
||||
enableImapSsl = true;
|
||||
fqdn = "hera.m-0.eu";
|
||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||
loginAccounts = config.m-0.private.mailUsers;
|
||||
hierarchySeparator = "/";
|
||||
certificateScheme = 1;
|
||||
certificateFile = "${certPath}/fullchain.pem";
|
||||
keyFile = "${certPath}/key.pem";
|
||||
extraVirtualAliases = config.m-0.private.lists;
|
||||
policydSPFExtraConfig = ''
|
||||
Mail_From_reject = False
|
||||
HELO_Whitelist = hosteurope.de
|
||||
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
|
||||
'';
|
||||
systemd.services = {
|
||||
atomail = {
|
||||
script = let
|
||||
atomail = pkgs.fetchFromGitHub {
|
||||
owner = "remko";
|
||||
repo = "atomail";
|
||||
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
|
||||
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
|
||||
};
|
||||
in ''
|
||||
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
|
||||
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
|
||||
'';
|
||||
startAt = "19:58:00";
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
rss-server = {
|
||||
preStart = "mkdir -p /var/www";
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/www";
|
||||
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
services.postfix.networks =
|
||||
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
mailserver = {
|
||||
enable = true;
|
||||
enableImapSsl = true;
|
||||
fqdn = "hera.m-0.eu";
|
||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||
loginAccounts = config.m-0.private.mailUsers;
|
||||
hierarchySeparator = "/";
|
||||
certificateScheme = 1;
|
||||
certificateFile = "${certPath}/fullchain.pem";
|
||||
keyFile = "${certPath}/key.pem";
|
||||
extraVirtualAliases = config.m-0.private.lists;
|
||||
policydSPFExtraConfig = ''
|
||||
Mail_From_reject = False
|
||||
HELO_Whitelist = hosteurope.de
|
||||
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -3,171 +3,202 @@ let
|
|||
hostName = "matrix.maralorn.de";
|
||||
inherit (config.m-0) hosts;
|
||||
inherit (../../common/lib.nix) unstable;
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
|
||||
|
||||
m-0.monitoring = [
|
||||
{ name = "matrix"; host = "matrix:9100"; }
|
||||
{ name = "matrix-nginx"; host = "matrix:9113"; }
|
||||
];
|
||||
|
||||
services.coturn = {
|
||||
enable = true;
|
||||
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
|
||||
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
|
||||
no-tcp = true;
|
||||
static-auth-secret = config.m-0.private.turn_secret;
|
||||
realm = "maralorn.de";
|
||||
use-auth-secret = true;
|
||||
};
|
||||
|
||||
containers.matrix = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
m-0.monitoring = [
|
||||
{
|
||||
name = "matrix";
|
||||
host = "matrix:9100";
|
||||
}
|
||||
{
|
||||
name = "matrix-nginx";
|
||||
host = "matrix:9113";
|
||||
}
|
||||
];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }];
|
||||
|
||||
services.coturn = {
|
||||
enable = true;
|
||||
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
|
||||
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
|
||||
no-tcp = true;
|
||||
static-auth-secret = config.m-0.private.turn_secret;
|
||||
realm = "maralorn.de";
|
||||
use-auth-secret = true;
|
||||
};
|
||||
|
||||
containers.matrix = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{
|
||||
address = hosts.matrix;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = hosts.matrix-intern-v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 8448 ];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
firewall.allowedTCPPorts = [ 80 443 8448 ];
|
||||
};
|
||||
m-0.riot = {
|
||||
enable = true;
|
||||
hostname = "riot.maralorn.de";
|
||||
config = {
|
||||
default_hs_url = "https://matrix.maralorn.de";
|
||||
default_is_url = "https://vector.im";
|
||||
integrations_ui_url = "";
|
||||
integrations_rest_url = "";
|
||||
integrations_widgets_urls = [];
|
||||
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
|
||||
welcomeUserId = "@riot-bot:matrix.org";
|
||||
piwik = false;
|
||||
features = {
|
||||
feature_lazyloading = "enable";
|
||||
feature_room_breadcrumbs = "enable";
|
||||
};
|
||||
roomDirectory = {
|
||||
servers = [ "matrix.org" "maralorn.de" ];
|
||||
};
|
||||
branding = {
|
||||
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
nginx = {
|
||||
m-0.riot = {
|
||||
enable = true;
|
||||
virtualHosts."${hostName}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://[::1]:8008";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
'';
|
||||
};
|
||||
hostname = "riot.maralorn.de";
|
||||
config = {
|
||||
default_hs_url = "https://matrix.maralorn.de";
|
||||
default_is_url = "https://vector.im";
|
||||
integrations_ui_url = "";
|
||||
integrations_rest_url = "";
|
||||
integrations_widgets_urls = [ ];
|
||||
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
|
||||
welcomeUserId = "@riot-bot:matrix.org";
|
||||
piwik = false;
|
||||
features = {
|
||||
feature_lazyloading = "enable";
|
||||
feature_room_breadcrumbs = "enable";
|
||||
};
|
||||
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
|
||||
branding = {
|
||||
welcomeBackgroundUrl =
|
||||
"https://cloud.maralorn.de/apps/theming/image/background";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Postgres
|
||||
postgresql = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Synapse
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
enable_metrics = true;
|
||||
server_name = "maralorn.de";
|
||||
public_baseurl = "https://${hostName}";
|
||||
url_preview_enabled = true;
|
||||
database_type = "psycopg2";
|
||||
max_upload_size = "30M";
|
||||
create_local_database = false;
|
||||
dynamic_thumbnails = true;
|
||||
macaroon_secret_key = config.m-0.private.macaroon_secret;
|
||||
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
|
||||
turn_shared_secret = config.m-0.private.turn_secret;
|
||||
turn_user_lifetime = "5h";
|
||||
allow_guest_access = true;
|
||||
logConfig = ''
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
disable_existing_loggers: True
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: WARN
|
||||
synapse.storage.SQL:
|
||||
level: WARN
|
||||
|
||||
root:
|
||||
level: WARN
|
||||
handlers: [journal]
|
||||
'';
|
||||
database_args = {
|
||||
user = "matrix-synapse";
|
||||
database = "matrix-synapse";
|
||||
cp_min = 5;
|
||||
cp_max = 10;
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${hostName}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://[::1]:8008";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Postgres
|
||||
postgresql = { enable = true; };
|
||||
|
||||
# Synapse
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
enable_metrics = true;
|
||||
server_name = "maralorn.de";
|
||||
public_baseurl = "https://${hostName}";
|
||||
url_preview_enabled = true;
|
||||
database_type = "psycopg2";
|
||||
max_upload_size = "30M";
|
||||
create_local_database = false;
|
||||
dynamic_thumbnails = true;
|
||||
macaroon_secret_key = config.m-0.private.macaroon_secret;
|
||||
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
|
||||
turn_shared_secret = config.m-0.private.turn_secret;
|
||||
turn_user_lifetime = "5h";
|
||||
allow_guest_access = true;
|
||||
logConfig = ''
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
disable_existing_loggers: True
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: WARN
|
||||
synapse.storage.SQL:
|
||||
level: WARN
|
||||
|
||||
root:
|
||||
level: WARN
|
||||
handlers: [journal]
|
||||
'';
|
||||
database_args = {
|
||||
user = "matrix-synapse";
|
||||
database = "matrix-synapse";
|
||||
cp_min = 5;
|
||||
cp_max = 10;
|
||||
};
|
||||
report_stats = true;
|
||||
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
|
||||
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
|
||||
listeners = [
|
||||
{
|
||||
port = 8448;
|
||||
bind_address = "::";
|
||||
resources = [
|
||||
{
|
||||
compress = true;
|
||||
names = [ "client" ];
|
||||
}
|
||||
{
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
}
|
||||
];
|
||||
x_forwarded = false;
|
||||
}
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
resources = [
|
||||
{
|
||||
compress = false;
|
||||
names = [ "client" ];
|
||||
}
|
||||
{
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
}
|
||||
];
|
||||
x_forwarded = true;
|
||||
tls = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
report_stats = true;
|
||||
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
|
||||
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
|
||||
listeners = [
|
||||
{
|
||||
port = 8448;
|
||||
bind_address = "::";
|
||||
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
x_forwarded = false;
|
||||
}
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
|
||||
x_forwarded = true;
|
||||
tls = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
security.acme.certs = {
|
||||
"${hostName}" = {
|
||||
group = "matrix-synapse";
|
||||
allowKeysForGroup = true;
|
||||
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
|
||||
security.acme.certs = {
|
||||
"${hostName}" = {
|
||||
group = "matrix-synapse";
|
||||
allowKeysForGroup = true;
|
||||
postRun =
|
||||
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,38 +1,51 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
inherit (config.m-0) hosts;
|
||||
in
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
|
||||
};
|
||||
m-0.monitoring = [
|
||||
{ name = "hera"; host = "hera-intern:9100"; }
|
||||
{ name = "monitoring-container"; host = "localhost:9100"; }
|
||||
];
|
||||
let inherit (config.m-0) hosts;
|
||||
in {
|
||||
services.prometheus.exporters.node = {
|
||||
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
|
||||
};
|
||||
m-0.monitoring = [
|
||||
{
|
||||
name = "hera";
|
||||
host = "hera-intern:9100";
|
||||
}
|
||||
{
|
||||
name = "monitoring-container";
|
||||
host = "localhost:9100";
|
||||
}
|
||||
];
|
||||
|
||||
containers.monitoring = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../../system
|
||||
];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }];
|
||||
containers.monitoring = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{
|
||||
address = hosts.monitoring;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = hosts.monitoring-intern-v4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = {
|
||||
address = hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = hosts.hera-intern-v4;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 9090 9093 ];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
|
||||
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
|
||||
firewall.allowedTCPPorts = [ 9090 9093 ];
|
||||
};
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
rules = [
|
||||
''
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
rules = [''
|
||||
ALERT node_down
|
||||
IF (up{name!="apollo"} == 0)
|
||||
FOR 5m
|
||||
|
@ -123,51 +136,44 @@ containers.monitoring = {
|
|||
summary="{{$labels.alias}}: Running out of swap soon.",
|
||||
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
|
||||
}
|
||||
''
|
||||
];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
''];
|
||||
scrapeConfigs = [{
|
||||
job_name = "nodes";
|
||||
static_configs = map (entry: {
|
||||
targets = [ entry.host ];
|
||||
labels = {"name" = entry.name; };
|
||||
labels = { "name" = entry.name; };
|
||||
}) config.m-0.monitoring;
|
||||
}
|
||||
];
|
||||
alertmanagerURL = [ "http://localhost:9093" ];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
configuration = {
|
||||
"global" = {
|
||||
"smtp_smarthost" = "hera.m-0.eu:587";
|
||||
"smtp_from" = "alertmanager@m-0.eu";
|
||||
"smtp_auth_username" = "alertmanager@m-0.eu";
|
||||
"smtp_auth_password" = config.m-0.private.alertmanager-mail-pw;
|
||||
};
|
||||
"route" = {
|
||||
"group_by" = [ "alertname" "alias" ];
|
||||
"group_wait" = "30s";
|
||||
"group_interval" = "2m";
|
||||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
}];
|
||||
alertmanagerURL = [ "http://localhost:9093" ];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
configuration = {
|
||||
"global" = {
|
||||
"smtp_smarthost" = "hera.m-0.eu:587";
|
||||
"smtp_from" = "alertmanager@m-0.eu";
|
||||
"smtp_auth_username" = "alertmanager@m-0.eu";
|
||||
"smtp_auth_password" = config.m-0.private.alertmanager-mail-pw;
|
||||
};
|
||||
"route" = {
|
||||
"group_by" = [ "alertname" "alias" ];
|
||||
"group_wait" = "30s";
|
||||
"group_interval" = "2m";
|
||||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [{
|
||||
"name" = "team-admins";
|
||||
"email_configs" = [
|
||||
{
|
||||
"to" = "malte.brandy@maralorn.de";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
"email_configs" = [{
|
||||
"to" = "malte.brandy@maralorn.de";
|
||||
"send_resolved" = true;
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
exporters.node.enable = true;
|
||||
};
|
||||
};
|
||||
exporters.node.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,67 +1,78 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
inherit (config.m-0) hosts;
|
||||
inherit (config.m-0.private) wireguard;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
hostName = "hera";
|
||||
interfaces.ens18 = {
|
||||
proxyARP = true;
|
||||
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }];
|
||||
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }];
|
||||
};
|
||||
defaultGateway = "213.136.94.1";
|
||||
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; };
|
||||
let
|
||||
inherit (config.m-0) hosts;
|
||||
inherit (config.m-0.private) wireguard;
|
||||
in {
|
||||
networking = {
|
||||
hostName = "hera";
|
||||
interfaces.ens18 = {
|
||||
proxyARP = true;
|
||||
ipv4.addresses = [{
|
||||
address = "213.136.94.190";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.hera;
|
||||
prefixLength = 128;
|
||||
}];
|
||||
};
|
||||
defaultGateway = "213.136.94.1";
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
|
||||
firewall = {
|
||||
extraCommands = ''
|
||||
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
|
||||
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
|
||||
'';
|
||||
};
|
||||
firewall = {
|
||||
extraCommands = ''
|
||||
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
|
||||
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
bridges.bridge.interfaces = [ ];
|
||||
interfaces.bridge = {
|
||||
proxyARP = true;
|
||||
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }];
|
||||
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }];
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "ens18";
|
||||
internalInterfaces = [ "bridge" ];
|
||||
};
|
||||
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
|
||||
firewall.allowedUDPPorts = [ wireguard.port ];
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
ips = [ "${hosts.hera-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
|
||||
listenPort = wireguard.port;
|
||||
peers = [
|
||||
{
|
||||
bridges.bridge.interfaces = [ ];
|
||||
interfaces.bridge = {
|
||||
proxyARP = true;
|
||||
ipv6.addresses = [{
|
||||
address = hosts.hera-intern;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = "10.0.0.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "ens18";
|
||||
internalInterfaces = [ "bridge" ];
|
||||
};
|
||||
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
|
||||
firewall.allowedUDPPorts = [ wireguard.port ];
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
ips = [ "${hosts.hera-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
|
||||
listenPort = wireguard.port;
|
||||
peers = [{
|
||||
publicKey = wireguard.pub.apollo;
|
||||
allowedIPs = [ "${hosts.apollo-wg}/128" ];
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
}
|
||||
];
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
ndppd = {
|
||||
enable = true;
|
||||
configFile = pkgs.writeText "ndppd.conf" ''
|
||||
proxy ens18 {
|
||||
rule ${config.m-0.prefix}::/64 {
|
||||
static
|
||||
services = {
|
||||
ndppd = {
|
||||
enable = true;
|
||||
configFile = pkgs.writeText "ndppd.conf" ''
|
||||
proxy ens18 {
|
||||
rule ${config.m-0.prefix}::/64 {
|
||||
static
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -9,13 +9,16 @@ let
|
|||
phpPackages = pkgs.php73Packages;
|
||||
|
||||
toKeyValue = generators.toKeyValue {
|
||||
mkKeyValue = generators.mkKeyValueDefault {} " = ";
|
||||
mkKeyValue = generators.mkKeyValueDefault { } " = ";
|
||||
};
|
||||
|
||||
phpOptionsExtensions = ''
|
||||
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
|
||||
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
|
||||
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
|
||||
${optionalString cfg.caching.apcu
|
||||
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
|
||||
${optionalString cfg.caching.redis
|
||||
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
|
||||
${optionalString cfg.caching.memcached
|
||||
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
|
||||
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
|
||||
zend_extension = opcache.so
|
||||
opcache.enable = 1
|
||||
|
@ -57,7 +60,8 @@ in {
|
|||
https = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable if there is a TLS terminating proxy in front of nextcloud.";
|
||||
description =
|
||||
"Enable if there is a TLS terminating proxy in front of nextcloud.";
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
|
@ -208,7 +212,7 @@ in {
|
|||
|
||||
extraTrustedDomains = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = ''
|
||||
Trusted domains, from which the nextcloud installation will be
|
||||
acessible. You don't need to add
|
||||
|
@ -277,18 +281,24 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{ assertions = let acfg = cfg.config; in [
|
||||
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||
message = "Please specify no more than one of dbpass or dbpassFile";
|
||||
}
|
||||
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
|
||||
message = "Please specify exactly one of adminpass or adminpassFile";
|
||||
}
|
||||
];
|
||||
{
|
||||
assertions = let acfg = cfg.config;
|
||||
in [
|
||||
{
|
||||
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||
message = "Please specify no more than one of dbpass or dbpassFile";
|
||||
}
|
||||
{
|
||||
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
|
||||
message =
|
||||
"Please specify exactly one of adminpass or adminpassFile";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
{ systemd.timers."nextcloud-cron" = {
|
||||
{
|
||||
systemd.timers."nextcloud-cron" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnBootSec = "5m";
|
||||
timerConfig.OnUnitActiveSec = "15m";
|
||||
|
@ -306,78 +316,98 @@ in {
|
|||
],
|
||||
'datadirectory' => '${cfg.home}/data',
|
||||
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
||||
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
|
||||
${
|
||||
optionalString cfg.caching.apcu
|
||||
"'memcache.local' => '\\OC\\Memcache\\APCu',"
|
||||
}
|
||||
'log_type' => 'syslog',
|
||||
'log_level' => '${builtins.toString cfg.logLevel}',
|
||||
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"}
|
||||
${
|
||||
optionalString (cfg.config.overwriteProtocol != null)
|
||||
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
|
||||
}
|
||||
];
|
||||
'';
|
||||
occInstallCmd = let
|
||||
c = cfg.config;
|
||||
adminpass = if c.adminpassFile != null
|
||||
then ''"$(<"${toString c.adminpassFile}")"''
|
||||
else ''"${toString c.adminpass}"'';
|
||||
dbpass = if c.dbpassFile != null
|
||||
then ''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null
|
||||
then ''"${toString c.dbpass}"''
|
||||
else null;
|
||||
adminpass = if c.adminpassFile != null then
|
||||
''"$(<"${toString c.adminpassFile}")"''
|
||||
else
|
||||
''"${toString c.adminpass}"'';
|
||||
dbpass = if c.dbpassFile != null then
|
||||
''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null then
|
||||
''"${toString c.dbpass}"''
|
||||
else
|
||||
null;
|
||||
installFlags = concatStringsSep " \\\n "
|
||||
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
||||
"--database" = ''"${c.dbtype}"'';
|
||||
# The following attributes are optional depending on the type of
|
||||
# database. Those that evaluate to null on the left hand side
|
||||
# will be omitted.
|
||||
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
|
||||
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
|
||||
${if (any (x: x != null) [c.dbpass c.dbpassFile])
|
||||
then "--database-pass" else null} = dbpass;
|
||||
${if c.dbtableprefix != null
|
||||
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
|
||||
"--admin-user" = ''"${c.adminuser}"'';
|
||||
"--admin-pass" = adminpass;
|
||||
"--data-dir" = ''"${cfg.home}/data"'';
|
||||
});
|
||||
in ''
|
||||
${occ}/bin/nextcloud-occ maintenance:install \
|
||||
${installFlags}
|
||||
'';
|
||||
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
|
||||
(i: v: ''
|
||||
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||
${toString i} --value="${toString v}"
|
||||
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||
"--database" = ''"${c.dbtype}"'';
|
||||
# The following attributes are optional depending on the type of
|
||||
# database. Those that evaluate to null on the left hand side
|
||||
# will be omitted.
|
||||
${if c.dbname != null then "--database-name" else null} =
|
||||
''"${c.dbname}"'';
|
||||
${if c.dbhost != null then "--database-host" else null} =
|
||||
''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} =
|
||||
''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} =
|
||||
''"${c.dbuser}"'';
|
||||
${
|
||||
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
|
||||
"--database-pass"
|
||||
else
|
||||
null
|
||||
} = dbpass;
|
||||
${
|
||||
if c.dbtableprefix != null then
|
||||
"--database-table-prefix"
|
||||
else
|
||||
null
|
||||
} = ''"${toString c.dbtableprefix}"'';
|
||||
"--admin-user" = ''"${c.adminuser}"'';
|
||||
"--admin-pass" = adminpass;
|
||||
"--data-dir" = ''"${cfg.home}/data"'';
|
||||
});
|
||||
in ''
|
||||
${occ}/bin/nextcloud-occ maintenance:install \
|
||||
${installFlags}
|
||||
'';
|
||||
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
|
||||
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||
${toString i} --value="${toString v}"
|
||||
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-nextcloud.service" ];
|
||||
script = ''
|
||||
chmod og+x ${cfg.home}
|
||||
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
|
||||
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-nextcloud.service" ];
|
||||
script = ''
|
||||
chmod og+x ${cfg.home}
|
||||
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
|
||||
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
|
||||
|
||||
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
|
||||
|
||||
# Do not install if already installed
|
||||
if [[ ! -e ${cfg.home}/config/config.php ]]; then
|
||||
${occInstallCmd}
|
||||
fi
|
||||
# Do not install if already installed
|
||||
if [[ ! -e ${cfg.home}/config/config.php ]]; then
|
||||
${occInstallCmd}
|
||||
fi
|
||||
|
||||
${occ}/bin/nextcloud-occ upgrade
|
||||
${occ}/bin/nextcloud-occ upgrade
|
||||
|
||||
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
|
||||
${occSetTrustedDomainsCmd}
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
|
||||
${occSetTrustedDomainsCmd}
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
};
|
||||
"nextcloud-cron" = {
|
||||
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.User = "nextcloud";
|
||||
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
|
||||
serviceConfig.ExecStart =
|
||||
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
|
||||
};
|
||||
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -388,25 +418,24 @@ in {
|
|||
|
||||
services.phpfpm = {
|
||||
pools.nextcloud = let
|
||||
phpAdminValues = (toKeyValue
|
||||
(foldr (a: b: a // b) {}
|
||||
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
|
||||
phpOptions)));
|
||||
in {
|
||||
phpOptions = phpOptionsExtensions;
|
||||
phpPackage = phpPackage;
|
||||
listen = "/run/phpfpm/nextcloud";
|
||||
extraConfig = ''
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
user = nextcloud
|
||||
group = nginx
|
||||
${cfg.poolConfig}
|
||||
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
|
||||
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
|
||||
${phpAdminValues}
|
||||
'';
|
||||
};
|
||||
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
|
||||
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
|
||||
phpOptions)));
|
||||
in {
|
||||
phpOptions = phpOptionsExtensions;
|
||||
phpPackage = phpPackage;
|
||||
listen = "/run/phpfpm/nextcloud";
|
||||
extraConfig = ''
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
user = nextcloud
|
||||
group = nginx
|
||||
${cfg.poolConfig}
|
||||
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
|
||||
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
|
||||
${phpAdminValues}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.nextcloud = {
|
||||
|
@ -457,7 +486,8 @@ in {
|
|||
priority = 300;
|
||||
extraConfig = "deny all;";
|
||||
};
|
||||
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
|
||||
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
|
||||
{
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
|
@ -472,10 +502,11 @@ in {
|
|||
fastcgi_read_timeout 120s;
|
||||
'';
|
||||
};
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
'';
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
|
||||
''
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
'';
|
||||
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
|
|
Binary file not shown.
|
@ -2,104 +2,120 @@
|
|||
let
|
||||
inherit (config.m-0) hosts;
|
||||
certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
m-0.monitoring = [
|
||||
{ name = "web"; host = "web:9100"; }
|
||||
{ name = "web-nginx"; host = "web:9113"; }
|
||||
];
|
||||
services.sniproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
error_log {
|
||||
syslog daemon
|
||||
priority warn
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
m-0.monitoring = [
|
||||
{
|
||||
name = "web";
|
||||
host = "web:9100";
|
||||
}
|
||||
access_log {
|
||||
syslog daemon
|
||||
priority error
|
||||
{
|
||||
name = "web-nginx";
|
||||
host = "web:9113";
|
||||
}
|
||||
listen 80 {
|
||||
proto http
|
||||
}
|
||||
listen 443 {
|
||||
proto tls
|
||||
}
|
||||
listen 8448 {
|
||||
proto tls
|
||||
table matrix
|
||||
];
|
||||
services.sniproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
error_log {
|
||||
syslog daemon
|
||||
priority warn
|
||||
}
|
||||
access_log {
|
||||
syslog daemon
|
||||
priority error
|
||||
}
|
||||
listen 80 {
|
||||
proto http
|
||||
}
|
||||
listen 443 {
|
||||
proto tls
|
||||
}
|
||||
listen 8448 {
|
||||
proto tls
|
||||
table matrix
|
||||
|
||||
fallback ${hosts.matrix}:8448
|
||||
}
|
||||
table {
|
||||
cloud.maralorn.de ${hosts.cloud}
|
||||
cloud.mathechor.de ${hosts.mathechor-cloud}
|
||||
matrix.maralorn.de ${hosts.matrix}
|
||||
riot.maralorn.de ${hosts.matrix}
|
||||
.* ${hosts.web}
|
||||
}
|
||||
table matrix {
|
||||
.* ${hosts.matrix}
|
||||
}
|
||||
'';
|
||||
};
|
||||
containers.web = {
|
||||
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; };
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [../../system];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
m-0 = {
|
||||
blog.enable = true;
|
||||
mathechor-de = {
|
||||
enable = true;
|
||||
password = config.m-0.private.mathechor-pw;
|
||||
fallback ${hosts.matrix}:8448
|
||||
}
|
||||
table {
|
||||
cloud.maralorn.de ${hosts.cloud}
|
||||
cloud.mathechor.de ${hosts.mathechor-cloud}
|
||||
matrix.maralorn.de ${hosts.matrix}
|
||||
riot.maralorn.de ${hosts.matrix}
|
||||
.* ${hosts.web}
|
||||
}
|
||||
table matrix {
|
||||
.* ${hosts.matrix}
|
||||
}
|
||||
'';
|
||||
};
|
||||
containers.web = {
|
||||
bindMounts = {
|
||||
"${certPath}" = {
|
||||
hostPath = certPath;
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."hera.m-0.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
|
||||
'';
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "bridge";
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports = [ ../../system ];
|
||||
networking = {
|
||||
interfaces.eth0 = {
|
||||
ipv6.addresses = [{
|
||||
address = config.m-0.hosts.web;
|
||||
prefixLength = 112;
|
||||
}];
|
||||
};
|
||||
inherit (config.networking) nameservers;
|
||||
defaultGateway6 = {
|
||||
address = config.m-0.hosts.hera-intern;
|
||||
interface = "eth0";
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
m-0 = {
|
||||
blog.enable = true;
|
||||
mathechor-de = {
|
||||
enable = true;
|
||||
password = config.m-0.private.mathechor-pw;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."hera.m-0.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."maralorn.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}";
|
||||
'';
|
||||
};
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
|
||||
'';
|
||||
virtualHosts."maralorn.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}";
|
||||
'';
|
||||
};
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,61 +1,57 @@
|
|||
# This file has been generated by Niv.
|
||||
|
||||
# A record, from name to path, of the third-party packages
|
||||
with rec
|
||||
{
|
||||
pkgs =
|
||||
if hasNixpkgsPath
|
||||
then
|
||||
if hasThisAsNixpkgsPath
|
||||
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
|
||||
else import <nixpkgs> {}
|
||||
with rec {
|
||||
pkgs = if hasNixpkgsPath then
|
||||
if hasThisAsNixpkgsPath then
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
|
||||
{ }
|
||||
else
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
|
||||
import <nixpkgs> { }
|
||||
else
|
||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
|
||||
{ };
|
||||
|
||||
sources_nixpkgs =
|
||||
if builtins.hasAttr "nixpkgs" sources
|
||||
then sources.nixpkgs
|
||||
else abort
|
||||
''
|
||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||
add a package called "nixpkgs" to your sources.json.
|
||||
sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
|
||||
sources.nixpkgs
|
||||
else
|
||||
abort ''
|
||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||
add a package called "nixpkgs" to your sources.json.
|
||||
'';
|
||||
|
||||
# fetchTarball version that is compatible between all the versions of Nix
|
||||
builtins_fetchTarball =
|
||||
{ url, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchTarball { inherit url; }
|
||||
else
|
||||
fetchTarball attrs;
|
||||
builtins_fetchTarball = { url, sha256 }@attrs:
|
||||
let inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchTarball { inherit url; }
|
||||
else
|
||||
fetchTarball attrs;
|
||||
|
||||
# fetchurl version that is compatible between all the versions of Nix
|
||||
builtins_fetchurl =
|
||||
{ url, sha256 }@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchurl { inherit url; }
|
||||
else
|
||||
fetchurl attrs;
|
||||
builtins_fetchurl = { url, sha256 }@attrs:
|
||||
let inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in if lessThan nixVersion "1.12" then
|
||||
fetchurl { inherit url; }
|
||||
else
|
||||
fetchurl attrs;
|
||||
|
||||
# A wrapper around pkgs.fetchzip that has inspectable arguments,
|
||||
# annoyingly this means we have to specify them
|
||||
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
|
||||
|
||||
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
|
||||
hasThisAsNixpkgsPath =
|
||||
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
|
||||
hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
|
||||
== ./.;
|
||||
|
||||
sources = builtins.fromJSON (builtins.readFile ./sources.json);
|
||||
|
||||
mapAttrs = builtins.mapAttrs or
|
||||
(f: set: with builtins;
|
||||
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
|
||||
mapAttrs = builtins.mapAttrs or (f: set:
|
||||
with builtins;
|
||||
listToAttrs (map (attr: {
|
||||
name = attr;
|
||||
value = f attr set.${attr};
|
||||
}) (attrNames set)));
|
||||
|
||||
# borrowed from nixpkgs
|
||||
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
|
||||
|
@ -64,10 +60,11 @@ with rec
|
|||
in f (auto // args);
|
||||
|
||||
getFetcher = spec:
|
||||
let fetcherName =
|
||||
if builtins.hasAttr "type" spec
|
||||
then builtins.getAttr "type" spec
|
||||
else "builtin-tarball";
|
||||
let
|
||||
fetcherName = if builtins.hasAttr "type" spec then
|
||||
builtins.getAttr "type" spec
|
||||
else
|
||||
"builtin-tarball";
|
||||
in builtins.getAttr fetcherName {
|
||||
"tarball" = fetchzip;
|
||||
"builtin-tarball" = builtins_fetchTarball;
|
||||
|
@ -77,13 +74,9 @@ with rec
|
|||
};
|
||||
# NOTE: spec must _not_ have an "outPath" attribute
|
||||
mapAttrs (_: spec:
|
||||
if builtins.hasAttr "outPath" spec
|
||||
then abort
|
||||
"The values in sources.json should not have an 'outPath' attribute"
|
||||
else
|
||||
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
|
||||
then
|
||||
spec //
|
||||
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
|
||||
else spec
|
||||
) sources
|
||||
if builtins.hasAttr "outPath" spec then
|
||||
abort "The values in sources.json should not have an 'outPath' attribute"
|
||||
else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
|
||||
spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
|
||||
else
|
||||
spec) sources
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }:
|
||||
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
|
||||
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
|
||||
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
|
||||
, utillinux, libxkbcommon }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "eventd";
|
||||
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ aqbanking, python36Packages, fetchgit }:
|
||||
with python36Packages; buildPythonApplication rec {
|
||||
with python36Packages;
|
||||
buildPythonApplication rec {
|
||||
name = "${pname}-${version}";
|
||||
pname = "jali";
|
||||
doCheck = false;
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,26 +1,29 @@
|
|||
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }:
|
||||
((pkgs.callPackage ./Cargo.nix {}).tasktree_0_1_0 {}).override {
|
||||
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
|
||||
, gnome3, cairo, gdk_pixbuf, glib, ... }:
|
||||
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
|
||||
crateOverrides = defaultCrateOverrides // {
|
||||
atk-sys = attr: { buildInputs = [ atk ]; };
|
||||
pango-sys = attr: { buildInputs = [ pango glib ]; };
|
||||
gio = attr: { buildInputs = [ glib ]; };
|
||||
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
|
||||
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; };
|
||||
gtk-sys = attr: {
|
||||
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
|
||||
};
|
||||
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
|
||||
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
|
||||
tasktree = attrs:
|
||||
let
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "tasktree";
|
||||
exec = "tasktree";
|
||||
icon = "tasktree";
|
||||
comment = "A taskwarrior UI";
|
||||
desktopName = "Tasktree";
|
||||
genericName = "Tasktree";
|
||||
categories = "Office;";
|
||||
};
|
||||
let
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "tasktree";
|
||||
exec = "tasktree";
|
||||
icon = "tasktree";
|
||||
comment = "A taskwarrior UI";
|
||||
desktopName = "Tasktree";
|
||||
genericName = "Tasktree";
|
||||
categories = "Office;";
|
||||
};
|
||||
version = "abb312f";
|
||||
in {
|
||||
in {
|
||||
src = fetchFromGitHub {
|
||||
rev = version;
|
||||
owner = "maralorn";
|
||||
|
@ -30,12 +33,12 @@
|
|||
depsSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
|
||||
cargoSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/applications
|
||||
ln -s ${desktopItem}/share/applications/* $out/share/applications/
|
||||
rm $out/lib/link
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/applications
|
||||
ln -s ${desktopItem}/share/applications/* $out/share/applications/
|
||||
rm $out/lib/link
|
||||
'';
|
||||
buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{config, lib, ...}:
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
let me = config.m-0.private.me;
|
||||
in {
|
||||
users.users = {
|
||||
"${me.user}" = {
|
||||
|
@ -13,8 +12,6 @@ in {
|
|||
openssh.authorizedKeys.keys = me.keys;
|
||||
passwordFile = me.pw-file;
|
||||
};
|
||||
root = {
|
||||
passwordFile = me.pw-file;
|
||||
};
|
||||
root = { passwordFile = me.pw-file; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
inherit (import ../common/lib.nix) sources;
|
||||
me = config.m-0.private.me;
|
||||
|
@ -15,23 +15,21 @@ in {
|
|||
|
||||
config = {
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
i18n = { defaultLocale = "en_US.UTF-8"; };
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
useDHCP = false;
|
||||
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts);
|
||||
hosts = lib.zipAttrs
|
||||
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
|
||||
config.m-0.hosts);
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root = {
|
||||
openssh.authorizedKeys.keys = me.keys;
|
||||
};
|
||||
users.root = { openssh.authorizedKeys.keys = me.keys; };
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
@ -43,10 +41,11 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
nix = {
|
||||
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
|
||||
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
binaryCaches =
|
||||
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
|
||||
binaryCachePublicKeys =
|
||||
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
|
||||
nixPath = [ "/etc/nix-path" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -7,7 +7,8 @@
|
|||
antialias = true;
|
||||
cache32Bit = true;
|
||||
defaultFonts = {
|
||||
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
|
||||
monospace =
|
||||
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
|
||||
sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
|
||||
serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
|
||||
};
|
||||
|
@ -20,44 +21,22 @@
|
|||
enableFontDir = true;
|
||||
fonts = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
anonymousPro
|
||||
arkpandora_ttf
|
||||
caladea
|
||||
carlito
|
||||
comfortaa
|
||||
comic-relief
|
||||
crimson
|
||||
dejavu_fonts
|
||||
google-fonts
|
||||
inconsolata
|
||||
iosevka
|
||||
liberationsansnarrow
|
||||
liberation_ttf
|
||||
libertine
|
||||
mononoki
|
||||
montserrat
|
||||
nerdfonts
|
||||
norwester-font
|
||||
opensans-ttf
|
||||
powerline-fonts
|
||||
roboto
|
||||
sampradaya
|
||||
source-code-pro
|
||||
source-sans-pro
|
||||
source-serif-pro
|
||||
tai-ahom
|
||||
tempora_lgc
|
||||
terminus_font
|
||||
theano
|
||||
ubuntu_font_family;
|
||||
anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
|
||||
crimson dejavu_fonts google-fonts inconsolata iosevka
|
||||
liberationsansnarrow liberation_ttf libertine mononoki montserrat
|
||||
nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
|
||||
source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
|
||||
terminus_font theano ubuntu_font_family;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# create a cache of the font sources, often slow internet connections make it painful to
|
||||
# re-download them after a few months
|
||||
environment.etc = let
|
||||
# fonts with src attributes
|
||||
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
|
||||
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources);
|
||||
in builtins.listToAttrs (lib.imap0 (n: v:
|
||||
lib.nameValuePair "src-cache/fonts/${toString n}" {
|
||||
source = builtins.toPath v;
|
||||
}) font_sources);
|
||||
}
|
||||
|
|
|
@ -2,12 +2,14 @@
|
|||
let
|
||||
inherit (import ../common/lib.nix) writeHaskellScript haskellList;
|
||||
me = config.m-0.private.me;
|
||||
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"];
|
||||
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"];
|
||||
test-command =
|
||||
[ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
|
||||
upgrade-command =
|
||||
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
|
||||
post-update = writeHaskellScript {
|
||||
name = "post-update";
|
||||
bins = [ pkgs.git pkgs.nix ];
|
||||
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)"];
|
||||
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)" ];
|
||||
} ''
|
||||
main = do
|
||||
mirror <- lookupEnv "GL_OPTION_MIRROR"
|
||||
|
@ -26,17 +28,26 @@ let
|
|||
exe "sudo" ${haskellList upgrade-command};
|
||||
writeOutput "Done";
|
||||
'';
|
||||
in
|
||||
{
|
||||
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors
|
||||
security.sudo.extraRules = [ { commands = [
|
||||
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; }
|
||||
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; }
|
||||
]; users = [ "git" ]; } ];
|
||||
services.gitolite = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
adminPubkey = builtins.elemAt me.keys 0;
|
||||
commonHooks = [ "${post-update}/bin/post-update" ];
|
||||
};
|
||||
in {
|
||||
users.users.git.linger =
|
||||
true; # Frequent restarting of the systemd-user-unit leads to errors
|
||||
security.sudo.extraRules = [{
|
||||
commands = [
|
||||
{
|
||||
command = builtins.concatStringsSep " " test-command;
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = builtins.concatStringsSep " " upgrade-command;
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
users = [ "git" ];
|
||||
}];
|
||||
services.gitolite = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
adminPubkey = builtins.elemAt me.keys 0;
|
||||
commonHooks = [ "${post-update}/bin/post-update" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,28 +1,23 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
m-0.server.initSSHKey = mkOption {
|
||||
type = types.path;
|
||||
};
|
||||
};
|
||||
with lib; {
|
||||
options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
|
||||
|
||||
config = {
|
||||
boot.initrd = {
|
||||
network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
config = {
|
||||
boot.initrd = {
|
||||
network = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
|
||||
# generate file with
|
||||
# nix-shell -p dropbear
|
||||
# dropbearkey -t rsa -f boot_rsa
|
||||
hostRSAKey = config.m-0.server.initSSHKey;
|
||||
# generate file with
|
||||
# nix-shell -p dropbear
|
||||
# dropbearkey -t rsa -f boot_rsa
|
||||
hostRSAKey = config.m-0.server.initSSHKey;
|
||||
};
|
||||
};
|
||||
postMountCommands = "ip link set eth0 down";
|
||||
};
|
||||
postMountCommands = "ip link set eth0 down";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -3,51 +3,51 @@ with lib;
|
|||
|
||||
let
|
||||
|
||||
page = pkgs.stdenv.mkDerivation {
|
||||
name = "blog.maralorn.de";
|
||||
src = builtins.fetchGit "git@hera:blog";
|
||||
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ];
|
||||
LC_ALL="en_US.UTF-8";
|
||||
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
buildPhase = ''
|
||||
make html
|
||||
'';
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -r output/* $out
|
||||
'';
|
||||
};
|
||||
page = pkgs.stdenv.mkDerivation {
|
||||
name = "blog.maralorn.de";
|
||||
src = builtins.fetchGit "git@hera:blog";
|
||||
buildInputs =
|
||||
[ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
buildPhase = ''
|
||||
make html
|
||||
'';
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -r output/* $out
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.blog = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
options = {
|
||||
m-0.blog = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.m-0.blog.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
config = mkIf config.m-0.blog.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."blog.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}";
|
||||
index = "index.html";
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."blog.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}";
|
||||
index = "index.html";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -5,8 +5,7 @@ let
|
|||
|
||||
me = config.m-0.private.me;
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
options = {
|
||||
m-0.laptop.enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -14,9 +13,7 @@ in
|
|||
};
|
||||
};
|
||||
config = mkIf config.m-0.laptop.enable {
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
networking = { networkmanager.enable = true; };
|
||||
i18n.consoleKeyMap = "neo";
|
||||
|
||||
sound.enable = true;
|
||||
|
@ -47,18 +44,18 @@ in
|
|||
'';
|
||||
};
|
||||
mpd = {
|
||||
enable = true;
|
||||
user = me.user;
|
||||
group = "users";
|
||||
network.listenAddress = "::1";
|
||||
musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
|
||||
extraConfig = ''
|
||||
enable = true;
|
||||
user = me.user;
|
||||
group = "users";
|
||||
network.listenAddress = "::1";
|
||||
musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "pulse"
|
||||
name "Pulseaudio"
|
||||
server "localhost"
|
||||
}
|
||||
'';
|
||||
'';
|
||||
};
|
||||
xserver = {
|
||||
enable = true;
|
||||
|
|
|
@ -12,11 +12,14 @@ let
|
|||
|
||||
dataDir = "/var/lib/systemd/linger";
|
||||
|
||||
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
|
||||
lingeringUsers = map (u: u.name)
|
||||
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
|
||||
|
||||
lingeringUsersFile = builtins.toFile "lingering-users"
|
||||
(concatStrings (map (s: "${s}\n")
|
||||
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly
|
||||
lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
|
||||
(s: ''
|
||||
${s}
|
||||
'') (sort (a: b: a < b)
|
||||
lingeringUsers))); # this sorting is important for `comm` to work correctly
|
||||
|
||||
updateLingering = pkgs.writeScript "update-lingering" ''
|
||||
# Stop when the system is not running, e.g. during nixos-install
|
||||
|
@ -26,14 +29,10 @@ let
|
|||
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
in {
|
||||
options = {
|
||||
users.users = mkOption {
|
||||
options = [{
|
||||
linger = mkEnableOption "lingering for the user";
|
||||
}];
|
||||
options = [{ linger = mkEnableOption "lingering for the user"; }];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -3,73 +3,72 @@ with lib;
|
|||
|
||||
let
|
||||
|
||||
me = config.m-0.private.me;
|
||||
page = pkgs.stdenv.mkDerivation {
|
||||
name = "mathechor.de";
|
||||
src = builtins.fetchGit "git@hera:mathechor.de";
|
||||
buildInputs = [ pkgs.pandoc pkgs.python3 ];
|
||||
LC_ALL="en_US.UTF-8";
|
||||
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -r intern/output $out/intern
|
||||
cp -r public/output $out/public
|
||||
'';
|
||||
};
|
||||
me = config.m-0.private.me;
|
||||
page = pkgs.stdenv.mkDerivation {
|
||||
name = "mathechor.de";
|
||||
src = builtins.fetchGit "git@hera:mathechor.de";
|
||||
buildInputs = [ pkgs.pandoc pkgs.python3 ];
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp -r intern/output $out/intern
|
||||
cp -r public/output $out/public
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.mathechor-de = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
options = {
|
||||
m-0.mathechor-de = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
password = mkOption { type = types.str; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.m-0.mathechor-de.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
config = mkIf config.m-0.mathechor-de.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."mathechor.de" = {
|
||||
serverAliases = ["www.mathechor.de"];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}/public";
|
||||
index = "index.html";
|
||||
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."mathechor.de" = {
|
||||
serverAliases = [ "www.mathechor.de" ];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}/public";
|
||||
index = "index.html";
|
||||
extraConfig =
|
||||
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."intern.mathechor.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
basicAuth.mathechor = config.m-0.mathechor-de.password;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}/intern";
|
||||
index = "index.html";
|
||||
};
|
||||
"/mathechor.ics" = {
|
||||
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
|
||||
extraConfig = ''
|
||||
proxy_ssl_name cloud.mathechor.de;
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
virtualHosts."intern.mathechor.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
basicAuth.mathechor = config.m-0.mathechor-de.password;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "${page}/intern";
|
||||
index = "index.html";
|
||||
};
|
||||
"/mathechor.ics" = {
|
||||
proxyPass =
|
||||
"https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
|
||||
extraConfig = ''
|
||||
proxy_ssl_name cloud.mathechor.de;
|
||||
proxy_ssl_server_name on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,43 +1,37 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.m-0.riot;
|
||||
in
|
||||
{
|
||||
let cfg = config.m-0.riot;
|
||||
in {
|
||||
|
||||
options = {
|
||||
m-0.riot = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
hostname = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.attrs;
|
||||
options = {
|
||||
m-0.riot = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
hostname = mkOption { type = types.str; };
|
||||
config = mkOption { type = types.attrs; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${cfg.hostname}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = (import <unstable> {}).riot-web;
|
||||
locations."/config.json" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '${builtins.toJSON cfg.config}';
|
||||
'';
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${cfg.hostname}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = (import <unstable> { }).riot-web;
|
||||
locations."/config.json" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '${builtins.toJSON cfg.config}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,20 +1,23 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
imports = [ ./init_ssh.nix ];
|
||||
imports = [ ./init_ssh.nix ];
|
||||
|
||||
config = {
|
||||
systemd.services."system-maintenance" = {
|
||||
startAt = "2:45";
|
||||
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.git ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance";
|
||||
config = {
|
||||
systemd.services."system-maintenance" = {
|
||||
startAt = "2:45";
|
||||
environment.NIX_PATH =
|
||||
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
|
||||
path = [ pkgs.git ];
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${
|
||||
(import ./update-lib.nix
|
||||
config.system.build.nixos-rebuild).system-maintenance
|
||||
}/bin/system-maintenance";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
|
||||
imports = [ ./admin.nix ];
|
||||
|
||||
|
@ -12,24 +11,20 @@ with lib;
|
|||
mutableUsers = false;
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = "
|
||||
Defaults timestamp_type=global, timestamp_timeout=15
|
||||
";
|
||||
security.sudo.extraConfig =
|
||||
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
|
||||
|
||||
services = {
|
||||
sshd.enable = true;
|
||||
};
|
||||
services = { sshd.enable = true; };
|
||||
|
||||
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
|
||||
|
||||
environment = {
|
||||
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
|
||||
systemPackages = builtins.attrValues ({
|
||||
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance;
|
||||
} // (import ../common/pkgs.nix).system-pkgs);
|
||||
sessionVariables = {
|
||||
TERMINFO = "/run/current-system/sw/share/terminfo";
|
||||
};
|
||||
inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
|
||||
update-system system-maintenance;
|
||||
} // (import ../common/pkgs.nix).system-pkgs);
|
||||
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
{ pkgs, config, lib, ... }: {
|
||||
systemd.services."test-and-bump-config" = {
|
||||
startAt = "20:30";
|
||||
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
WorkingDirectory = "/var/cache/gc-links";
|
||||
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config";
|
||||
ExecStart = "${
|
||||
(import ../common/test-lib.nix).test-and-bump-config
|
||||
}/bin/test-and-bump-config";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
nixos-rebuild:
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays;
|
||||
pkgs = import <nixpkgs> { };
|
||||
inherit (import ../common/lib.nix)
|
||||
writeHaskellScript get-niv-path home-manager gcRetentionDays;
|
||||
configPath = "/etc/nixos";
|
||||
update-system = writeHaskellScript {
|
||||
name = "update-system";
|
||||
bins = [ get-niv-path nixos-rebuild ];
|
||||
}
|
||||
''
|
||||
name = "update-system";
|
||||
bins = [ get-niv-path nixos-rebuild ];
|
||||
} ''
|
||||
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
|
||||
|
||||
getNivAssign name = tag <$> getNivPath name
|
||||
|
@ -17,16 +17,15 @@ let
|
|||
paths <- fmap concat . mapM getNivAssign $ ["nixpkgs", "unstable", "home-manager"]
|
||||
args <- getArgs
|
||||
nixos_rebuild (paths ++ ["switch"] ++ args)
|
||||
'';
|
||||
system-maintenance = writeHaskellScript
|
||||
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} ''
|
||||
'';
|
||||
system-maintenance = writeHaskellScript {
|
||||
name = "system-maintenance";
|
||||
bins = [ pkgs.nix pkgs.git update-system ];
|
||||
} ''
|
||||
main = do
|
||||
git "-C" "${configPath}" "pull"
|
||||
update_system
|
||||
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
|
||||
nix "optimise-store"
|
||||
'';
|
||||
in
|
||||
{
|
||||
inherit update-system system-maintenance;
|
||||
}
|
||||
in { inherit update-system system-maintenance; }
|
||||
|
|
Loading…
Reference in a new issue