maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat

Browse source
This commit is contained in:
Malte Brandy 2019-07-31 23:56:52 +02:00
parent c36c483ab3
commit a1bb4277b1
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
79 changed files with 4803 additions and 4713 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cachix/all-hies.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://all-hies.cachix.org"
];
binaryCachePublicKeys = [
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
];
binaryCaches = [ "https://all-hies.cachix.org" ];
binaryCachePublicKeys =
[ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/cachix.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://cachix.cachix.org"
];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
];
binaryCaches = [ "https://cachix.cachix.org" ];
binaryCachePublicKeys =
[ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/nixfmt.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://nixfmt.cachix.org"
];
binaryCachePublicKeys = [
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
];
binaryCaches = [ "https://nixfmt.cachix.org" ];
binaryCachePublicKeys =
[ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

123
common/default.nix
View file

@ -4,75 +4,70 @@ with lib;
{
imports = [ ./secret ];
imports = [ ./secret ];
config = {
m-0.monitoring = [ {
host = "apollo:9100";
name = "apollo";
} ];
};
options = {
m-0.private = mkOption {
default = {};
type = types.attrs;
config = {
m-0.monitoring = [{
host = "apollo:9100";
name = "apollo";
}];
};
m-0.prefix = mkOption {
default = "2a02:c207:3002:7584";
type = types.str;
};
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
options = {
m-0.private = mkOption {
default = { };
type = types.attrs;
};
m-0.prefix = mkOption {
default = "2a02:c207:3002:7584";
type = types.str;
};
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption { type = types.str; };
host = mkOption { type = types.str; };
};
host = mkOption {
type = types.str;
});
default = [ ];
};
m-0.hosts = mkOption {
type = types.attrs;
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
dav = "${hera-p}:5";
blog = "${hera-p}:6";
chor = "${hera-p}:7";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
web = "${hera-p}:a";
mathechor-cloud = "${hera-p}:b";
monitoring = "${hera-p}:c";
apollo = apollo-wg;
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
mathechor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
monitoring-intern-v4 = "${v4-p}.5";
};
};
});
default = [];
};
m-0.hosts = mkOption {
type = types.attrs;
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
dav = "${hera-p}:5";
blog = "${hera-p}:6";
chor = "${hera-p}:7";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
web = "${hera-p}:a";
mathechor-cloud = "${hera-p}:b";
monitoring = "${hera-p}:c";
apollo = apollo-wg;
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
mathechor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
monitoring-intern-v4 = "${v4-p}.5";
};
};
};
}

34
common/lib.nix
View file

@ -1,18 +1,25 @@
rec {
pkgs = import <nixpkgs> {};
unstable = import <unstable> {};
pkgs = import <nixpkgs> { };
unstable = import <unstable> { };
sources = import ../nix/sources.nix;
shh = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh (drv: {
broken = false;
doCheck = false;
});
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: {
broken = false;
doCheck = false;
});
shh-extras =
unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
(drv: {
broken = false;
doCheck = false;
});
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code:
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } ''
writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
, libraries ? [ ], imports ? [ ] }:
code:
unstable.writers.writeHaskellBin name {
libraries = libraries
++ [ shh unstable.haskellPackages.string-interpolate ];
} ''
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-}
@ -37,9 +44,10 @@ rec {
'';
get-niv-path = writeHaskellScript {
name = "get-niv-path";
bins = [pkgs.nix];
imports = ["System.Console.CmdArgs.Implicit"];
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
bins = [ pkgs.nix ];
imports = [ "System.Console.CmdArgs.Implicit" ];
libraries =
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
} ''
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim
@ -49,7 +57,7 @@ rec {
let expr = [i|(import #{sources}).#{channel}|]
nix_build ["-Q", "-E", expr, "--no-out-link"] &> devNull
nix_instantiate ["--eval", "-E", [i|toString #{expr}|]] |> trimQuotation
'';
home-manager = pkgs.callPackage <home-manager/home-manager> {};
'';
home-manager = pkgs.callPackage <home-manager/home-manager> { };
gcRetentionDays = 5;
}

170
common/pkgs.nix
View file

@ -1,72 +1,46 @@
rec {
my-lib = import ../common/lib.nix;
inherit (my-lib) pkgs unstable sources;
tasktree = pkgs.callPackage ../packages/tasktree {};
tasktree = pkgs.callPackage ../packages/tasktree { };
neovim = pkgs.neovim.override {
vimAlias = true;
withPython3 = true;
};
vimAlias = true;
withPython3 = true;
};
home-neovim = (import ../home-manager/nvim) neovim;
niv = (import sources.niv {}).niv;
niv = (import sources.niv { }).niv;
# pkgs assumed to be present on a non nixos host
core-system-pkgs = {
inherit neovim;
inherit (pkgs)
gitFull
gnumake
python3
mkpasswd
file
wget
curl
wireguard
gnupg
mutt
bind
liboping
psmisc
unzip
rename
whois
lsof;
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
liboping psmisc unzip rename whois lsof;
};
extra-system-pkgs = {
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; };
lorri = import sources.lorri {
src = sources.lorri;
pkgs = unstable;
};
inherit niv;
inherit (pkgs.gitAndTools) git-annex;
inherit (pkgs.rxvt_unicode) terminfo;
inherit (pkgs.pythonPackages) qrcode;
inherit (pkgs)
git-crypt
htop
tree
pwgen
borgbackup
inotifyTools
git-crypt htop tree pwgen borgbackup inotifyTools
direnv
direnv
socat
nmap
tcpdump
socat nmap tcpdump
tmux
tig
exa
fzf
ag
fd
bat
tmux tig exa fzf ag fd bat
ripgrep
ripgrep
ranger
ranger
pass
sshuttle;
pass sshuttle;
};
laptop-home-pkgs = {
@ -80,97 +54,75 @@ rec {
sleep 0.1s;
nmcli r wifi on;
'';
cachix = import sources.cachix {};
nixfmt = import sources.nixfmt {};
cachix = import sources.cachix { };
nixfmt = import sources.nixfmt { };
inherit (pkgs.gnome3) nautilus;
inherit (unstable.haskellPackages) brittany;
inherit (pkgs.xorg) xev xbacklight;
inherit (pkgs)
# web
chromium
chromium
# communication
signal-desktop
tdesktop
acpi
dino
mumble
# communication
signal-desktop tdesktop acpi dino mumble
# config
arandr
# config
arandr
#dev
meld
icedtea8_web
octave
filezilla
#dev
meld icedtea8_web octave filezilla
# tools & office
feh
gimp
imagemagick
ghostscript
libreoffice-fresh
pandoc
xournal
musescore
handbrake
evince
# tools & office
feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
musescore handbrake evince
networkmanagerapplet
# teamviewer
networkmanagerapplet
# teamviewer
# media
ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
# media
ncpamixer
pavucontrol
deluge
mpd
gmpc
calibre
mpv
youtubeDL
minetest
;};
minetest;
};
my-home-pkgs = {
print215 = pkgs.writeShellScriptBin "print215" ''
scp "$@" ag-forward:
ssh ag-forward lpr -Zduplex -r "$@"
'';
print215single = pkgs.writeShellScriptBin "print215single" ''
scp "$@" ag-forward:
ssh ag-forward lpr -r "$@"
'';
};
print215single = pkgs.writeShellScriptBin "print215single" ''
scp "$@" ag-forward:
ssh ag-forward lpr -r "$@"
'';
};
urxvt = pkgs.rxvt_unicode-with-plugins;
terminal = pkgs.writeShellScriptBin "terminal" ''
${urxvt}/bin/urxvtc "$@"
if [ $? -eq 2 ]; then
${urxvt}/bin/urxvtd -q -o -f
${urxvt}/bin/urxvtc "$@"
fi
'';
${urxvt}/bin/urxvtc "$@"
if [ $? -eq 2 ]; then
${urxvt}/bin/urxvtd -q -o -f
${urxvt}/bin/urxvtc "$@"
fi
'';
desktop-pkgs = {
inherit urxvt tasktree terminal;
inherit (pkgs) xautolock;
inherit (pkgs.gnome3) dconf;
};
home-pkgs = {
inherit (pkgs) ncmpcpp;
inherit (my-lib) shh;
inherit home-neovim;
};
accounting-pkgs = {
jali = pkgs.callPackage ../packages/jali {};
inherit (pkgs.haskellPackages) hledger hledger-ui;
inherit (pkgs) ledger;
};
home-pkgs = {
inherit (pkgs) ncmpcpp;
inherit (my-lib) shh;
inherit home-neovim;
};
accounting-pkgs = {
jali = pkgs.callPackage ../packages/jali { };
inherit (pkgs.haskellPackages) hledger hledger-ui;
inherit (pkgs) ledger;
};
system-pkgs = core-system-pkgs // extra-system-pkgs // {
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config;
inherit (import ./test-lib.nix)
test-system-config test-home-config test-and-bump-config;
inherit (import ../common/lib.nix) home-manager;
};
};
foreign-home-pkgs = extra-system-pkgs;
eventd = pkgs.callPackage ../packages/eventd {};
eventd = pkgs.callPackage ../packages/eventd { };
}

BIN
common/secret/default.nix
View file

Binary file not shown.

92
common/test-lib.nix
View file

@ -1,8 +1,8 @@
let
pkgs = import <nixpkgs> {};
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline:
''
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline: ''
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
getNivAssign dir name = fmap process . getNivPath dir $ name
@ -12,57 +12,65 @@ let
(configDir:hostname:args) <- getArgs
paths <- concat <$> mapM (getNivAssign configDir) ["nixpkgs", "unstable", "home-manager"]
${commandline}
'';
'';
bins = [ get-niv-path pkgs.nix ];
test-system-config = writeHaskellScript {
name = "test-system-config";
inherit bins;
} (haskellBody
''
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
'');
} (haskellBody ''
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
'');
test-home-config = writeHaskellScript {
name = "test-home-config";
inherit bins;
} (haskellBody
''
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
'');
} (haskellBody ''
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
'');
repoSrc = "git@hera.m-0.eu:nixos-config";
configPath = "/etc/nixos";
systems = ["apollo" "hera"];
homes = ["apollo" "hera" "hephaistos"];
keys = ["default" "apollo" "hera"];
systems = [ "apollo" "hera" ];
homes = [ "apollo" "hera" "hephaistos" ];
keys = [ "default" "apollo" "hera" ];
test-and-bump-config = writeHaskellScript {
name = "test-and-bump-config";
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ];
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"];
bins = [
test-system-config
test-home-config
pkgs.git
pkgs.coreutils
niv
pkgs.git-crypt
];
imports = [
"Control.Exception (bracket)"
"System.Directory (withCurrentDirectory)"
"Control.Monad (when)"
];
} ''
checkout :: IO FilePath
checkout = do
dir <- LBSC.unpack <$> (readTrim $ mktemp "-d")
git "clone" "${repoSrc}" dir
return dir
checkout :: IO FilePath
checkout = do
dir <- LBSC.unpack <$> (readTrim $ mktemp "-d")
git "clone" "${repoSrc}" dir
return dir
main = do
path <- readTrim pwd
bracket checkout (rm "-rf") $ \dir -> do
withCurrentDirectory dir $ do
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys}
ignoreFailure $ niv "update"
mapM_ (test_system_config dir) ${haskellList systems}
mapM_ (test_home_config dir) ${haskellList homes}
changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain"
when changed $ do
git "-C" dir "config" "user.email" "maralorn@maralorn.de"
git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)"
git "-C" dir "commit" "-am" "Update dependencies with niv"
git "-C" dir "push"
'';
in
{
inherit test-system-config test-home-config test-and-bump-config;
}
main = do
path <- readTrim pwd
bracket checkout (rm "-rf") $ \dir -> do
withCurrentDirectory dir $ do
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
haskellList keys
}
ignoreFailure $ niv "update"
mapM_ (test_system_config dir) ${haskellList systems}
mapM_ (test_home_config dir) ${haskellList homes}
changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain"
when changed $ do
git "-C" dir "config" "user.email" "maralorn@maralorn.de"
git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)"
git "-C" dir "commit" "-am" "Update dependencies with niv"
git "-C" dir "push"
'';
in { inherit test-system-config test-home-config test-and-bump-config; }

42
home-manager/battery.nix
View file

@ -2,37 +2,31 @@
let
inherit (import ../common/pkgs.nix) eventd;
battery-watch = pkgs.writeScript "battery-watch" ''
#!${pkgs.stdenv.shell}
#!${pkgs.stdenv.shell}
critical_level=20 #percent
critical_level=20 #percent
while true
do
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
if [ $battery_level -le $critical_level ]; then
${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'"
else
${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'"
sleep 18m
while true
do
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
if [ $battery_level -le $critical_level ]; then
${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'"
else
${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'"
sleep 18m
fi
fi
fi
sleep 2m
done
'';
sleep 2m
done
'';
in {
systemd.user = {
services.battery = {
Unit = {
Description = "Watch battery state and warn user";
};
Service = {
ExecStart=toString battery-watch;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Watch battery state and warn user"; };
Service = { ExecStart = toString battery-watch; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

270
home-manager/default.nix
View file

@ -1,131 +1,167 @@
{ pkgs, config, ... }:
let
inherit (config.m-0.private) me meWork;
let inherit (config.m-0.private) me meWork;
in {
imports = [
./zsh
./update-script.nix
./modules/taskwarrior.nix
./modules/force-copies.nix
./modules/accounting
./modules/rustdev.nix
./modules/latex.nix
./modules/mail.nix
./modules/home-options.nix
./modules/unlock.nix
./modules/weechat
./modules/bugwarrior.nix
./modules/pythia.nix
../common
];
imports = [
./zsh
./update-script.nix
./modules/taskwarrior.nix
./modules/force-copies.nix
./modules/accounting
./modules/rustdev.nix
./modules/latex.nix
./modules/mail.nix
./modules/home-options.nix
./modules/unlock.nix
./modules/weechat
./modules/bugwarrior.nix
./modules/pythia.nix
../common
];
programs = {
home-manager.enable = true;
direnv = {
enable = true;
enableZshIntegration = true;
};
tmux = {
enable = true;
extraConfig = ''
set default-terminal "screen-256color"
set -g set-titles on
set -g status off
set -g escape-time 1
'';
};
git = {
aliases = {
sync = "!git pull -r && git push";
programs = {
home-manager.enable = true;
direnv = {
enable = true;
enableZshIntegration = true;
};
enable = true;
ignores = [
".syncthing*.tmp"
"*.swp"
"*.autosave~"
"*.aux"
"*.bbl"
"*.fls"
"*.idx"
"*.ilg"
"*.ind"
"*.log"
"*.out"
"*.toc"
"*.bcf"
"*.blg"
"*.fdb*"
"*.thm"
"*.run.xml"
"*.slnc"
"*.glade~"
"__pycache__"
".hledger-web_client_session_key.aes"
".nix-gc-roots"
];
userEmail = me.mail;
userName = me.name;
};
htop = {
enable = true;
hideThreads = true;
hideUserlandThreads = true;
highlightBaseName = true;
shadowOtherUsers = true;
showProgramPath = false;
treeView = true;
};
ssh = {
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks = let
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{ host = "charon"; hostname = "charon.olymp.space"; }
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
{ host = "ag"; hostname = agHost; user = meWork.user; }
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
{ host = "*.darmstadt.ccc.de"; user = me.user; }
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
tmux = {
enable = true;
extraConfig = ''
set default-terminal "screen-256color"
set -g set-titles on
set -g status off
set -g escape-time 1
'';
};
git = {
aliases = { sync = "!git pull -r && git push"; };
enable = true;
ignores = [
".syncthing*.tmp"
"*.swp"
"*.autosave~"
"*.aux"
"*.bbl"
"*.fls"
"*.idx"
"*.ilg"
"*.ind"
"*.log"
"*.out"
"*.toc"
"*.bcf"
"*.blg"
"*.fdb*"
"*.thm"
"*.run.xml"
"*.slnc"
"*.glade~"
"__pycache__"
".hledger-web_client_session_key.aes"
".nix-gc-roots"
];
userEmail = me.mail;
userName = me.name;
};
htop = {
enable = true;
hideThreads = true;
hideUserlandThreads = true;
highlightBaseName = true;
shadowOtherUsers = true;
showProgramPath = false;
treeView = true;
};
ssh = {
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks = let
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{
host = "charon";
hostname = "charon.olymp.space";
}
{
host = "hera";
hostname = "hera.m-0.eu";
forwardAgent = true;
}
{
host = "ag-forward";
hostname = agHost;
proxyCommand = matheGwProxy;
user = meWork.user;
}
{
host = "ag";
hostname = agHost;
user = meWork.user;
}
{
host = "gw";
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = meWork.user;
}
{
host = "shells";
hostname = "shells.darmstadt.ccc.de";
}
{
host = "vorstand";
hostname = "vorstand.darmstadt.ccc.de";
}
{
host = "*.darmstadt.ccc.de";
user = me.user;
}
{
host = "whisky";
hostname = "whisky.w17.io";
user = "chaos";
}
{
host = "kitchen";
hostname = "kitchen.w17.io";
user = "chaos";
}
{
host = "door.w17.io";
identityFile = "~/.ssh/door_rsa";
}
];
};
};
};
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
sessionVariables = {
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
BROWSER = "${pkgs.firefox}/bin/firefox";
EDITOR = "${pkgs.neovim}/bin/nvim";
TERMINAL = config.m-0.terminal;
EMAIL = me.mail;
SUDO_ASKPASS = let
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in
"${print-pw}/bin/print-pw";
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
sessionVariables = {
PATH =
"$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
BROWSER = "${pkgs.firefox}/bin/firefox";
EDITOR = "${pkgs.neovim}/bin/nvim";
TERMINAL = config.m-0.terminal;
EMAIL = me.mail;
SUDO_ASKPASS = let
print-pw = pkgs.writeShellScriptBin "print-pw"
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in "${print-pw}/bin/print-pw";
};
};
};
fonts.fontconfig.enableProfileFonts = true;
fonts.fontconfig.enableProfileFonts = true;
systemd.user.startServices = true;
systemd.user.startServices = true;
services = {
gpg-agent = {
enable = true;
defaultCacheTtl = 31536000; # 1year
maxCacheTtl = 31536000; #1year
services = {
gpg-agent = {
enable = true;
defaultCacheTtl = 31536000; # 1year
maxCacheTtl = 31536000; # 1year
};
};
};
xdg.enable = true;
xdg.enable = true;
}

20
home-manager/desktop/default.nix
View file

@ -1,16 +1,9 @@
{ pkgs, lib, config, ... }:
let
inherit (import ../../common/pkgs.nix) desktop-pkgs;
in
{
let inherit (import ../../common/pkgs.nix) desktop-pkgs;
in {
imports = [
./i3.nix
./rofi.nix
./ssh-agent.nix
./eventd.nix
./sleep-nag.nix
];
imports =
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
m-0 = {
workspaces = [
"tasks"
@ -81,7 +74,7 @@ imports = [
color6 = config.m-0.colors.cyan;
color7 = config.m-0.colors.white;
color8 = config.m-0.colors.brightBlack;
color9= config.m-0.colors.brightRed;
color9 = config.m-0.colors.brightRed;
color10 = config.m-0.colors.brightGreen;
color11 = config.m-0.colors.brightYellow;
color12 = config.m-0.colors.brightBlue;
@ -116,7 +109,8 @@ imports = [
};
screen-locker = {
enable = true;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
lockCmd =
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
};
};
xsession.enable = true;

100
home-manager/desktop/eventd.nix
View file

@ -13,22 +13,18 @@ in {
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
Type="notify";
Sockets="eventd-control.socket eventd.socket";
ExecStart="${eventd}/bin/eventd --listen systemd";
ExecReload="${eventd}/bin/eventdctl reload";
Type = "notify";
Sockets = "eventd-control.socket eventd.socket";
ExecStart = "${eventd}/bin/eventd --listen systemd";
ExecReload = "${eventd}/bin/eventdctl reload";
};
};
};
sockets = {
eventd-control = {
Unit = {
Description = "eventd control socket";
};
Unit = { Description = "eventd control socket"; };
Socket = {
Service = "eventd.service";
SocketMode = "0600";
@ -36,19 +32,17 @@ in {
};
};
eventd = {
Unit = {
Description = "eventd sockets";
};
Unit = { Description = "eventd sockets"; };
Socket = {
SocketMode = "0660";
ListenStream= "%t/eventd/evp";
ListenStream = "%t/eventd/evp";
};
};
};
};
xdg = {
configFile = {
"eventd/eventd.conf".text = lib.generators.toINI {} {
"eventd/eventd.conf".text = lib.generators.toINI { } {
"Queue default" = {
Margin = 10;
Spacing = 2;
@ -72,9 +66,7 @@ in {
Spacing = 1;
Limit = 20;
};
Notification = {
Text = "\${message}";
};
Notification = { Text = "\${message}"; };
NotificationBubble = {
Padding = 10;
Radius = 0;
@ -88,77 +80,49 @@ in {
Colour = colors.foreground;
};
};
"eventd/notification.event".text = lib.generators.toINI {} {
"Event notification *" = {
Actions = "notification";
};
"Event notification kassandra" = {
Actions = "kassandra";
};
"Event command success" = {
Actions = "command-success";
};
"Event command failure" = {
Actions = "command-failure";
};
"Event critical *" = {
Actions = "critical";
};
"eventd/notification.event".text = lib.generators.toINI { } {
"Event notification *" = { Actions = "notification"; };
"Event notification kassandra" = { Actions = "kassandra"; };
"Event command success" = { Actions = "command-success"; };
"Event command failure" = { Actions = "command-failure"; };
"Event critical *" = { Actions = "critical"; };
};
"eventd/command-success.action".text = lib.generators.toINI {} {
Action = {
Name = "command-success";
};
"eventd/command-success.action".text = lib.generators.toINI { } {
Action = { Name = "command-success"; };
Notification = {
Text="<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
};
NotificationBubble = {
Colour = colors.black;
Queue = "command";
};
};
"eventd/command-failure.action".text = lib.generators.toINI {} {
Action = {
Name = "command-failure";
};
"eventd/command-failure.action".text = lib.generators.toINI { } {
Action = { Name = "command-failure"; };
Notification = {
Text="<b>\${command}</b>\\nfailed after \${time} @ \${host}";
Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
};
NotificationBubble = {
Queue = "critical";
Colour = colors.red;
};
};
"eventd/critical.action".text = lib.generators.toINI {} {
Action = {
Name = "critical";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
"eventd/critical.action".text = lib.generators.toINI { } {
Action = { Name = "critical"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = {
Queue = "critical";
Colour = colors.red;
};
};
"eventd/kassandra.action".text = lib.generators.toINI {} {
Action = {
Name = "kassandra";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
NotificationBubble = {
Queue = "critical";
};
"eventd/kassandra.action".text = lib.generators.toINI { } {
Action = { Name = "kassandra"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = { Queue = "critical"; };
};
"eventd/notification.action".text = lib.generators.toINI {} {
Action = {
Name = "notification";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
"eventd/notification.action".text = lib.generators.toINI { } {
Action = { Name = "notification"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
};
};
};

178
home-manager/desktop/i3.nix
View file

@ -4,33 +4,33 @@ let
inherit (config.m-0) colors workspaces terminal;
exec = "exec --no-startup-id";
conkyCommon = ''
background = true,
border_width = 0,
cpu_avg_samples = 2,
draw_borders = false,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
double_buffer = true,
use_xft = true,
font = 'Roboto Mono Nerd Font:size=8',
gap_x = 0,
gap_y = 0,
minimum_width = 316,
maximum_width = 316,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_class = 'Conky',
own_window_type = 'override',
own_window_colour = "${config.m-0.colors.background}",
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
stippled_borders = 0,
update_interval = 1.0,
'';
background = true,
border_width = 0,
cpu_avg_samples = 2,
draw_borders = false,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
double_buffer = true,
use_xft = true,
font = 'Roboto Mono Nerd Font:size=8',
gap_x = 0,
gap_y = 0,
minimum_width = 316,
maximum_width = 316,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_class = 'Conky',
own_window_type = 'override',
own_window_colour = "${config.m-0.colors.background}",
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
stippled_borders = 0,
update_interval = 1.0,
'';
conkyOrgaConfig = pkgs.writeText "conky.conf" ''
conky.config = {
alignment = 'top_right',
@ -47,7 +47,7 @@ let
$hr
''${execi 5 cat ~/tmp/today.md}
]]
'';
'';
conkyMPDConfig = pkgs.writeText "conky.conf" ''
conky.config = {
alignment = 'bottom_right',
@ -63,22 +63,21 @@ let
$mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar
]]
'';
addMods = oldbindings: builtins.foldl' (newbindings: key:
'';
addMods = oldbindings:
builtins.foldl' (newbindings: key:
newbindings // {
"Mod4+${key}" = oldbindings.${key};
"Mod3+Mod4+${key}" = oldbindings.${key};
})
{}
(builtins.attrNames oldbindings);
}) { } (builtins.attrNames oldbindings);
in {
xsession = {
windowManager.i3 = {
enable = true;
extraConfig = ''
gaps right 320
'';
gaps right 320
'';
package = pkgs.i3-gaps.overrideAttrs (oldattrs: rec {
name = "i3-gaps-next";
version = "41264e54b7a3039ce46919851ac73e22ae29d207";
@ -87,13 +86,19 @@ in {
sha256 = "10d80p8bsldx4pld76y8my1zyww03shkcg3fndsxkrkwhfpk0lbh";
};
postUnpack = ''
echo -n "4.16.1" > ./i3-${version}/I3_VERSION
'';
echo -n "4.16.1" > ./i3-${version}/I3_VERSION
'';
});
config = {
startup = [
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; }
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; }
{
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
notification = false;
}
{
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
notification = false;
}
];
focus = {
followMouse = false;
@ -130,8 +135,7 @@ in {
text = colors.foreground;
};
};
bars = [
{
bars = [{
mode = "hide";
colors = {
separator = colors.white;
@ -157,54 +161,60 @@ in {
text = colors.white;
};
};
} ];
}];
window = {
titlebar = false;
border = 1;
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ];
commands = [{
command = "floating disable";
criteria = { class = "Firefox"; };
}];
};
keybindings = {
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86MonBrightnessUp" = "exec xbacklight +5";
"XF86MonBrightnessDown" = "exec xbacklight -5";
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
"Ctrl+Escape" = "${exec} loginctl lock-session;";
} //
addMods ({
"Left" = "focus left";
"Down" = "focus down";
"Up" = "focus up";
"Right" = "focus right";
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
"Prior" = "focus parent";
"Next" = "focus child";
"Return" = "${exec} ${terminal}";
"p" = "${exec} rofi-pass";
"shift+Left" = "move left";
"shift+Down" = "move down";
"shift+Up" = "move up";
"shift+Right" = "move right";
"d" = "split h";
"f" = "fullscreen toggle";
"t" = "layout tabbed";
"s" = "layout toggle split";
"q" = "kill";
"m" = "move workspace to output up";
"n" = "move workspace to output right";
"shift+space" = "floating toggle";
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"space" = "${exec} hotkeys";
} // builtins.foldl' (bindings: name: let
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
in
bindings // {
"${number}" = "workspace ${number}:${name}";
"Shift+${number}" = "move container to workspace ${number}:${name}";
}) {} workspaces
);
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
"XF86AudioLowerVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" =
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86MonBrightnessUp" = "exec xbacklight +5";
"XF86MonBrightnessDown" = "exec xbacklight -5";
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
"Ctrl+Escape" = "${exec} loginctl lock-session;";
} // addMods ({
"Left" = "focus left";
"Down" = "focus down";
"Up" = "focus up";
"Right" = "focus right";
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
"Prior" = "focus parent";
"Next" = "focus child";
"Return" = "${exec} ${terminal}";
"p" = "${exec} rofi-pass";
"shift+Left" = "move left";
"shift+Down" = "move down";
"shift+Up" = "move up";
"shift+Right" = "move right";
"d" = "split h";
"f" = "fullscreen toggle";
"t" = "layout tabbed";
"s" = "layout toggle split";
"q" = "kill";
"m" = "move workspace to output up";
"n" = "move workspace to output right";
"shift+space" = "floating toggle";
"shift+q" =
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"space" = "${exec} hotkeys";
} // builtins.foldl' (bindings: name:
let
number =
toString ((builtins.length (builtins.attrNames bindings)) / 2);
in bindings // {
"${number}" = "workspace ${number}:${name}";
"Shift+${number}" = "move container to workspace ${number}:${name}";
}) { } workspaces);
};
};
};

71
home-manager/desktop/rofi.nix
View file

@ -1,21 +1,16 @@
{ pkgs, lib, config, ... }:
with lib;
let
inherit (config.m-0) colors workspaces terminal;
let inherit (config.m-0) colors workspaces terminal;
in {
home = {
packages = with pkgs; [
rofi-pass
];
};
home = { packages = with pkgs; [ rofi-pass ]; };
programs = {
rofi = {
enable = true;
extraConfig = ''
rofi.modi: combi,window,drun,run,ssh,keys
rofi.combi-modi: window,drun,run
'';
'';
borderWidth = 0;
separator = "none";
fullscreen = false;
@ -29,38 +24,38 @@ in {
font = "Monofur Nerd Font 10.5";
colors = {
window = {
background = "argb:c0${builtins.substring 1 6 colors.background}";
border = colors.blue;
separator = colors.blue;
background = "argb:c0${builtins.substring 1 6 colors.background}";
border = colors.blue;
separator = colors.blue;
};
rows = {
normal = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
active = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
urgent = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
normal = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
active = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
urgent = {
background = colors.background;
foreground = colors.foreground;
backgroundAlt = colors.black;
highlight = {
background = colors.blue;
foreground = colors.white;
};
};
};
};
};

30
home-manager/desktop/sleep-nag.nix
View file

@ -2,29 +2,23 @@
let
inherit (import ../../common/pkgs.nix) eventd;
sleep-nag = pkgs.writeScript "sleep-nag" ''
#!${pkgs.stdenv.shell}
#!${pkgs.stdenv.shell}
while true
do
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
fi
sleep 10m
done
'';
while true
do
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
fi
sleep 10m
done
'';
in {
systemd.user = {
services.sleep-nag = {
Unit = {
Description = "Sleep nag";
};
Service = {
ExecStart=toString sleep-nag;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Sleep nag"; };
Service = { ExecStart = toString sleep-nag; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

6
home-manager/desktop/ssh-agent.nix
View file

@ -1,5 +1,4 @@
{ pkgs , config , lib, ... }:
{
{ pkgs, config, lib, ... }: {
xsession.initExtra = let
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
@ -12,7 +11,6 @@
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
'';
in
". ${start-agent}/bin/start-ssh-agent";
in ". ${start-agent}/bin/start-ssh-agent";
}

32
home-manager/lib.nix
View file

@ -1,25 +1,21 @@
let
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path;
in
{
update-home = configPath: writeHaskellScript
{
inherit (import ../common/lib.nix)
home-manager writeHaskellScript get-niv-path;
in {
update-home = configPath:
writeHaskellScript {
name = "update-home";
bins = [
get-niv-path
home-manager
];
}
''
bins = [ get-niv-path home-manager ];
} ''
getNivPath = get_niv_path "${configPath}/nix/sources.nix"
getNivPath = get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = (tag <$>) . readTrim . getNivPath $ name
where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]]
getNivAssign name = (tag <$>) . readTrim . getNivPath $ name
where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]]
main = do
args <- getArgs
paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
home_manager $ paths ++ ["switch"] ++ args
main = do
args <- getArgs
paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
home_manager $ paths ++ ["switch"] ++ args
'';
}

20
home-manager/modules/accounting/default.nix
View file

@ -1,15 +1,13 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption {
type = types.str;
};
options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption { type = types.str; };
config = mkIf config.m-0.accounting.enable {
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
config = mkIf config.m-0.accounting.enable {
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
home.packages =
builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
}

97
home-manager/modules/bugwarrior.nix
View file

@ -1,61 +1,56 @@
{ config, lib, pkgs , ... }:
{ config, lib, pkgs, ... }:
with lib;
let
inherit (config.m-0.private) me gitlab github otrs;
let inherit (config.m-0.private) me gitlab github otrs;
in {
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers";
config = mkIf config.m-0.bugwarrior.enable {
home.file.".config/bugwarrior/bugwarriorrc".text = ''
[general]
targets=cda_gitlab,github
static_fields = priority, project
options.m-0.bugwarrior.enable =
mkEnableOption "Sync tasks from issuetrackers";
config = mkIf config.m-0.bugwarrior.enable {
home.file.".config/bugwarrior/bugwarriorrc".text = ''
[general]
targets=cda_gitlab,github
static_fields = priority, project
[cda_gitlab]
service=gitlab
gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap
gitlab.login=${me.user}
gitlab.host=${gitlab.host}
gitlab.token=${gitlab.token}
gitlab.only_if_assigned=${me.user}
gitlab.also_unassigned=True
gitlab.default_priority= L
gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku
gitlab.include_regex=(vorstand|jali|${me.user})/.*,
gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}}
gitlab.project_template =
[cda_gitlab]
service=gitlab
gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap
gitlab.login=${me.user}
gitlab.host=${gitlab.host}
gitlab.token=${gitlab.token}
gitlab.only_if_assigned=${me.user}
gitlab.also_unassigned=True
gitlab.default_priority= L
gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku
gitlab.include_regex=(vorstand|jali|${me.user})/.*,
gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}}
gitlab.project_template =
[github]
service=github
github.login = ${me.user}
github.username = ${me.user}
github.token = ${github.token}
github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}}
github.include_user_issues = False
github.include_user_repos = False
github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android
github.default_priority= L
github.project_template =
'';
systemd.user = {
services.bugwarrior = {
Unit = {
Description = "Run bugwarrior";
[github]
service=github
github.login = ${me.user}
github.username = ${me.user}
github.token = ${github.token}
github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}}
github.include_user_issues = False
github.include_user_repos = False
github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android
github.default_priority= L
github.project_template =
'';
systemd.user = {
services.bugwarrior = {
Unit = { Description = "Run bugwarrior"; };
Service = {
Type = "oneshot";
Environment =
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
};
Service = {
Type = "oneshot";
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin'';
ExecStart= "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
};
timers.bugwarrior = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
timers.bugwarrior = {
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
};
};
}

18
home-manager/modules/force-copies.nix
View file

@ -20,16 +20,16 @@ let
echo "Overwriting $HOME/${path}"
cp --remove-destination -T $canonical $HOME/${path};
'';
in with lib;
{
in with lib; {
options.home.forceCopies.paths = mkOption {
default = [];
type = types.listOf types.str;
};
default = [ ];
type = types.listOf types.str;
};
config.home.activation = {
deleteForcedCopies = config.lib.dag.entryBefore ["checkLinkTargets"]
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter ["linkGeneration"]
deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
(builtins.concatStringsSep "\n"
(builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
(builtins.concatStringsSep "\n" (builtins.map copyPath paths));
};
};
}

35
home-manager/modules/home-options.nix
View file

@ -1,25 +1,22 @@
{ lib, config, pkgs, ... }:
with lib;
{
with lib; {
options = {
m-0 = {
hostName = mkOption {
type = types.str;
};
terminal = mkOption {
default = "urxvt";
type = types.str;
};
colors = mkOption {
default = {};
type = types.attrs;
};
workspaces = mkOption {
default = [ "configure some workspaces" ];
type = types.listOf types.str;
options = {
m-0 = {
hostName = mkOption { type = types.str; };
terminal = mkOption {
default = "urxvt";
type = types.str;
};
colors = mkOption {
default = { };
type = types.attrs;
};
workspaces = mkOption {
default = [ "configure some workspaces" ];
type = types.listOf types.str;
};
};
};
};
}

29
home-manager/modules/latex.nix
View file

@ -1,25 +1,20 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.latex.enable = mkEnableOption "Latex";
options.m-0.latex.enable = mkEnableOption "Latex";
config = mkIf config.m-0.latex.enable {
programs = {
texlive = {
enable = true;
extraPackages = tpkgs: {inherit (tpkgs)
scheme-small
pdfjam
latexmk
collection-latexextra
collection-bibtexextra
collection-luatex
collection-mathscience
collection-fontsextra;
config = mkIf config.m-0.latex.enable {
programs = {
texlive = {
enable = true;
extraPackages = tpkgs: {
inherit (tpkgs)
scheme-small pdfjam latexmk collection-latexextra
collection-bibtexextra collection-luatex collection-mathscience
collection-fontsextra;
};
};
};
};
};
}

278
home-manager/modules/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
mail = config.m-0.mail;
@ -6,86 +6,80 @@ let
maildir = config.accounts.email.maildirBasePath;
in {
options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption {
type = types.attrs;
};
options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption { type = types.attrs; };
config = mkIf mail.enable {
config = mkIf mail.enable {
services.mbsync = {
enable = true;
frequency = "*:0/30";
verbose = false;
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
};
accounts.email.accounts = config.m-0.mail.accounts;
systemd.user.services = let
mkService = name: account: let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
function getStdout(cmd) {
var stdout = child_process.execSync(cmd);
return stdout.toString().trim();
}
exports.host = "${account.imap.host}"
exports.port = 993
exports.tls = true;
exports.tlsOptions = { "rejectUnauthorized": false };
exports.username = "${account.userName}";
exports.password = getStdout("${toString account.passwordCommand}");
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in
{
Unit = {
Description = "Run imapnotify for imap account ${name}";
};
Service = {
ExecStart= "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = {
WantedBy = [ "default.target" ];
};
services.mbsync = {
enable = true;
frequency = "*:0/30";
verbose = false;
postExec =
"${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
enable = true;
hooks.postInsert = ''
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
'';
new = {
tags = [];
ignore = [ ".isyncuidmap.db" ];
};
maildir.synchronizeFlags = true;
};
home = {
packages = with pkgs; [
neomutt
];
file = let
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates);
accounts.email.accounts = config.m-0.mail.accounts;
systemd.user.services = let
mkService = name: account:
let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
function getStdout(cmd) {
var stdout = child_process.execSync(cmd);
return stdout.toString().trim();
}
exports.host = "${account.imap.host}"
exports.port = 993
exports.tls = true;
exports.tlsOptions = { "rejectUnauthorized": false };
exports.username = "${account.userName}";
exports.password = getStdout("${toString account.passwordCommand}");
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in {
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = { WantedBy = [ "default.target" ]; };
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in mapAttrs' mkServiceWithName
(filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
enable = true;
hooks.postInsert = ''
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
'';
new = {
tags = [ ];
ignore = [ ".isyncuidmap.db" ];
};
maildir.synchronizeFlags = true;
};
home = {
packages = with pkgs; [ neomutt ];
file = let
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " me.alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
@ -95,7 +89,7 @@ programs.notmuch = {
bind index <space> sidebar-open
bind index <return> sidebar-open
bind index <enter> sidebar-open
'';
'';
hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no
bind index <up> previous-undeleted
@ -105,7 +99,7 @@ programs.notmuch = {
bind index <space> display-message
bind index <return> display-message
bind index <enter> display-message
'';
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
@ -113,76 +107,78 @@ programs.notmuch = {
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
'';
in {
".neomuttrc".text = ''
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
in {
".neomuttrc".text = ''
alternative_order text/plain text/html
auto_view text/*
auto_view message/*
unset wait_key
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query
bind editor ^T complete
set crypt_use_gpgme = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = yes
set pgp_replysign = yes
set pgp_replyencrypt = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_sign_as="${me.gpg}"
set pgp_use_gpg_agent = yes
set pgp_default_key="${me.gpg}"
set timeout = 5
set crypt_use_gpgme = yes
set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes
set pgp_autosign = yes
set pgp_replysign = yes
set pgp_replyencrypt = yes
set crypt_replysignencrypted = yes
set crypt_verify_sig = yes
set pgp_sign_as="${me.gpg}"
set pgp_use_gpg_agent = yes
set pgp_default_key="${me.gpg}"
set timeout = 5
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=date-sent
set realname="${me.name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Inbox"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
alternates ${mutt_alternates}
set folder="${maildir}"
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads
set sort_aux=date-sent
set realname="${me.name}"
set from=fill-later
set use_from=yes
set fast_reply=yes
set mailcap_path=${mailcap};
set include=yes
set edit_headers=yes
set mbox_type=Maildir
set spoolfile="${maildir}/hera/Inbox"
set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes
bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes
set mime_forward_rest=yes
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=yes
set sidebar_short_path=yes
set sidebar_width=40
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=yes
set sidebar_short_path=yes
set sidebar_width=40
set sidebar_sort_method="alpha"
set sidebar_indent_string=" "
color sidebar_indicator black white
color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S"
alias f__0 ${me.name} <${me.mail}>
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
'';
alias f__0 ${me.name} <${me.mail}>
${builtins.concatStringsSep "\n"
(lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
me.alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
'';
};
};
};
};
}

212
home-manager/modules/pythia.nix
View file

@ -1,117 +1,113 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
pythia = pkgs.writeShellScriptBin "pythia" ''
datei=${pythia-path}/$(date +%Y-%m-%d)
touch $datei
vim $datei
grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei
grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei
grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei
grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei
grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei
'';
printslow = pkgs.writeScriptBin "printslow" ''
#!${pkgs.python3}/bin/python
import fileinput
import sys
import time
for line in fileinput.input():
for letter in line:
print(letter, end="")
sys.stdout.flush()
time.sleep(0.1)
options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
pythia = pkgs.writeShellScriptBin "pythia" ''
datei=${pythia-path}/$(date +%Y-%m-%d)
touch $datei
vim $datei
grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei
grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei
grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei
grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei
grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei
'';
fortune = ''
${pkgs.fortune}/bin/fortune | ${run-printslow}
echo
sleep 5s
'';
threefortunes = ''
echo Genieße drei Fortunes: | ${run-printslow}
echo
${fortune}
${fortune}
${fortune}
'';
run-pythia = "${pythia}/bin/pythia";
run-printslow = "${printslow}/bin/printslow";
hold = "echo -n '>'; read a;";
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
meditate = pkgs.writeShellScriptBin "meditate" ''
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
printslow = pkgs.writeScriptBin "printslow" ''
#!${pkgs.python3}/bin/python
hier spricht Pythia.
import fileinput
import sys
import time
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
Bist Du bereit?
EOF
${hold}
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
for line in fileinput.input():
for letter in line:
print(letter, end="")
sys.stdout.flush()
time.sleep(0.1)
'';
fortune = ''
${pkgs.fortune}/bin/fortune | ${run-printslow}
echo
sleep 5s
'';
threefortunes = ''
echo Genieße drei Fortunes: | ${run-printslow}
echo
${fortune}
${fortune}
${fortune}
'';
run-pythia = "${pythia}/bin/pythia";
run-printslow = "${printslow}/bin/printslow";
hold = "echo -n '>'; read a;";
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
meditate = pkgs.writeShellScriptBin "meditate" ''
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
hier spricht Pythia.
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
Bist Du bereit?
EOF
${hold}
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
'';
in {
home.packages = with pkgs; [
pythia
meditate
];
});
home.packages = with pkgs; [ pythia meditate ];
});
}

17
home-manager/modules/rustdev.nix
View file

@ -1,15 +1,10 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [
rustup
nix-prefetch-scripts
gcc
];
};
config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
};
}

328
home-manager/modules/taskwarrior.nix
View file

@ -1,4 +1,4 @@
{ lib, pkgs, config, ...}:
{ lib, pkgs, config, ... }:
with lib;
let
tasksync = pkgs.writeShellScriptBin "tasksync" ''
@ -6,7 +6,9 @@ let
cd ${config.home.homeDirectory}/.task
${pkgs.git}/bin/git add completed.data pending.data > /dev/null
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.git}/bin/git pull -X ${
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
${pkgs.git}/bin/git add completed.data > /dev/null
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
@ -14,192 +16,178 @@ let
true
'';
in {
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled.";
config = mkIf config.m-0.taskwarrior.enable {
systemd.user = {
services.tasksync = {
Unit = {
Description = "Update tasks";
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption
"This machine will prefer its own state in case of a merge conflict, if enabled.";
config = mkIf config.m-0.taskwarrior.enable {
systemd.user = {
services.tasksync = {
Unit = { Description = "Update tasks"; };
Service = {
ExecStart = "${tasksync}/bin/tasksync";
Type = "oneshot";
};
};
Service = {
ExecStart="${tasksync}/bin/tasksync";
Type="oneshot";
timers.tasksync = {
Timer = { OnCalendar = "*:0/1"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
timers.tasksync = {
Timer = {
OnCalendar = "*:0/1";
};
Install = {
WantedBy = [ "timers.target" ];
};
};
};
home = {
packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
file = {
".taskrc".text = ''
data.location=~/.task
default.command=default
alias.inbox=+PENDING -TAGGED limit:1
alias.inboxall=+PENDING -TAGGED
home = {
packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
file = {
".taskrc".text = ''
data.location=~/.task
default.command=default
alias.inbox=+PENDING -TAGGED limit:1
alias.inboxall=+PENDING -TAGGED
verbose=blank,header,footnote,label,new-id,affected,edit,special,sync
nag=
verbose=blank,header,footnote,label,new-id,affected,edit,special,sync
nag=
report.default.columns=id,tags,priority,description,due,start.active,project
report.default.description=List tasks
report.default.filter=status:pending -BLOCKED
report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt
report.default.sort=modified-
report.default.columns=id,tags,priority,description,due,start.active,project
report.default.description=List tasks
report.default.filter=status:pending -BLOCKED
report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt
report.default.sort=modified-
uda.partof.type=string
uda.partof.label=Parent task
uda.generated.type=string
uda.gen_name.type=string
uda.gen_name.label=Generator name
uda.gen_id.type=string
uda.gen_id.label=Generator id
uda.gen_orphan.type=string
uda.gen_orphan.label=Generated orphan behavior
uda.listposition.type=numeric
uda.partof.type=string
uda.partof.label=Parent task
uda.generated.type=string
uda.gen_name.type=string
uda.gen_name.label=Generator name
uda.gen_id.type=string
uda.gen_id.label=Generator id
uda.gen_orphan.type=string
uda.gen_orphan.label=Generated orphan behavior
uda.listposition.type=numeric
# Bugwarrior UDAs
uda.githubtitle.type=string
uda.githubtitle.label=Github Title
uda.githubbody.type=string
uda.githubbody.label=Github Body
uda.githubcreatedon.type=date
uda.githubcreatedon.label=Github Created
uda.githubupdatedat.type=date
uda.githubupdatedat.label=Github Updated
uda.githubmilestone.type=string
uda.githubmilestone.label=Github Milestone
uda.githubrepo.type=string
uda.githubrepo.label=Github Repo Slug
uda.githuburl.type=string
uda.githuburl.label=Github URL
uda.githubtype.type=string
uda.githubtype.label=Github Type
uda.githubnumber.type=numeric
uda.githubnumber.label=Github Issue/PR #
uda.githubuser.type=string
uda.githubuser.label=Github User
uda.gitlabtitle.type=string
uda.gitlabtitle.label=Gitlab Title
uda.gitlabdescription.type=string
uda.gitlabdescription.label=Gitlab Description
uda.gitlabcreatedon.type=date
uda.gitlabcreatedon.label=Gitlab Created
uda.gitlabupdatedat.type=date
uda.gitlabupdatedat.label=Gitlab Updated
uda.gitlabduedate.type=date
uda.gitlabduedate.label=Gitlab Due Date
uda.gitlabmilestone.type=string
uda.gitlabmilestone.label=Gitlab Milestone
uda.gitlaburl.type=string
uda.gitlaburl.label=Gitlab URL
uda.gitlabrepo.type=string
uda.gitlabrepo.label=Gitlab Repo Slug
uda.gitlabtype.type=string
uda.gitlabtype.label=Gitlab Type
uda.gitlabnumber.type=numeric
uda.gitlabnumber.label=Gitlab Issue/MR #
uda.gitlabstate.type=string
uda.gitlabstate.label=Gitlab Issue/MR State
uda.gitlabupvotes.type=numeric
uda.gitlabupvotes.label=Gitlab Upvotes
uda.gitlabdownvotes.type=numeric
uda.gitlabdownvotes.label=Gitlab Downvotes
uda.gitlabwip.type=numeric
uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag
uda.gitlabauthor.type=string
uda.gitlabauthor.label=Gitlab Author
uda.gitlabassignee.type=string
uda.gitlabassignee.label=Gitlab Assignee
uda.gitlabnamespace.type=string
uda.gitlabnamespace.label=Gitlab Namespace
uda.gitlabweight.type=numeric
uda.gitlabweight.label=Gitlab Weight
# END Bugwarrior UDAs
'';
taskwarrior-on-add-hook = {
target = ".task/hooks/on-add.eventd-notification";
text = ''
#!${pkgs.python3}/bin/python
import sys
import json
import subprocess
# Bugwarrior UDAs
uda.githubtitle.type=string
uda.githubtitle.label=Github Title
uda.githubbody.type=string
uda.githubbody.label=Github Body
uda.githubcreatedon.type=date
uda.githubcreatedon.label=Github Created
uda.githubupdatedat.type=date
uda.githubupdatedat.label=Github Updated
uda.githubmilestone.type=string
uda.githubmilestone.label=Github Milestone
uda.githubrepo.type=string
uda.githubrepo.label=Github Repo Slug
uda.githuburl.type=string
uda.githuburl.label=Github URL
uda.githubtype.type=string
uda.githubtype.label=Github Type
uda.githubnumber.type=numeric
uda.githubnumber.label=Github Issue/PR #
uda.githubuser.type=string
uda.githubuser.label=Github User
uda.gitlabtitle.type=string
uda.gitlabtitle.label=Gitlab Title
uda.gitlabdescription.type=string
uda.gitlabdescription.label=Gitlab Description
uda.gitlabcreatedon.type=date
uda.gitlabcreatedon.label=Gitlab Created
uda.gitlabupdatedat.type=date
uda.gitlabupdatedat.label=Gitlab Updated
uda.gitlabduedate.type=date
uda.gitlabduedate.label=Gitlab Due Date
uda.gitlabmilestone.type=string
uda.gitlabmilestone.label=Gitlab Milestone
uda.gitlaburl.type=string
uda.gitlaburl.label=Gitlab URL
uda.gitlabrepo.type=string
uda.gitlabrepo.label=Gitlab Repo Slug
uda.gitlabtype.type=string
uda.gitlabtype.label=Gitlab Type
uda.gitlabnumber.type=numeric
uda.gitlabnumber.label=Gitlab Issue/MR #
uda.gitlabstate.type=string
uda.gitlabstate.label=Gitlab Issue/MR State
uda.gitlabupvotes.type=numeric
uda.gitlabupvotes.label=Gitlab Upvotes
uda.gitlabdownvotes.type=numeric
uda.gitlabdownvotes.label=Gitlab Downvotes
uda.gitlabwip.type=numeric
uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag
uda.gitlabauthor.type=string
uda.gitlabauthor.label=Gitlab Author
uda.gitlabassignee.type=string
uda.gitlabassignee.label=Gitlab Assignee
uda.gitlabnamespace.type=string
uda.gitlabnamespace.label=Gitlab Namespace
uda.gitlabweight.type=numeric
uda.gitlabweight.label=Gitlab Weight
# END Bugwarrior UDAs
'';
taskwarrior-on-add-hook = {
target = ".task/hooks/on-add.eventd-notification";
text = ''
#!${pkgs.python3}/bin/python
import sys
import json
import subprocess
input_string = sys.stdin.readline()
original = json.loads(input_string)
command = ['eventc', 'task', 'add']
for name, value in original.items():
command.append("-d")
if type(value) == list:
value = ', '.join(value)
command.append(name+"='"+str(value)+"'")
subprocess.Popen(command)
print(input_string)
'';
executable = true;
};
taskwarrior-on-modify-hook = {
target = ".task/hooks/on-modify.eventd-notification";
text = ''
#!${pkgs.python3}/bin/python
import sys
import json
import subprocess
input_string = sys.stdin.readline()
original = json.loads(input_string)
input_string = sys.stdin.readline()
new = json.loads(input_string)
command = ['eventc', 'task', 'modify']
for name in set(new.keys()).union(set(original.keys())):
if new.get(name) != original.get(name) or name == "description":
value = new.get(name, "")
input_string = sys.stdin.readline()
original = json.loads(input_string)
command = ['eventc', 'task', 'add']
for name, value in original.items():
command.append("-d")
if type(value) == list:
value = ', '.join([str(item) for item in value])
value = ', '.join(value)
command.append(name+"='"+str(value)+"'")
subprocess.Popen(command)
print(input_string)
subprocess.Popen(command)
print(input_string)
'';
executable = true;
};
};
};
xdg = let
taskAction = name: template: {
"eventd/task-${name}.action".text = generators.toINI {} {
Action = {
Name = "task-${name}";
executable = true;
};
Notification = {
Text = template;
};
NotificationBubble = {
Queue = "tasks";
taskwarrior-on-modify-hook = {
target = ".task/hooks/on-modify.eventd-notification";
text = ''
#!${pkgs.python3}/bin/python
import sys
import json
import subprocess
input_string = sys.stdin.readline()
original = json.loads(input_string)
input_string = sys.stdin.readline()
new = json.loads(input_string)
command = ['eventc', 'task', 'modify']
for name in set(new.keys()).union(set(original.keys())):
if new.get(name) != original.get(name) or name == "description":
value = new.get(name, "")
command.append("-d")
if type(value) == list:
value = ', '.join([str(item) for item in value])
command.append(name+"='"+str(value)+"'")
subprocess.Popen(command)
print(input_string)
'';
executable = true;
};
};
};
in {
configFile = {
"eventd/task.event".text = generators.toINI {} {
"Event task add" = {
Actions = "task-new";
};
"Event task modify" = {
Actions = "task-changed";
xdg = let
taskAction = name: template: {
"eventd/task-${name}.action".text = generators.toINI { } {
Action = { Name = "task-${name}"; };
Notification = { Text = template; };
NotificationBubble = { Queue = "tasks"; };
};
};
} //
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" //
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
in {
configFile = {
"eventd/task.event".text = generators.toINI { } {
"Event task add" = { Actions = "task-new"; };
"Event task modify" = { Actions = "task-changed"; };
};
} // taskAction "changed"
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
// taskAction "new"
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
};
};
};
}

43
home-manager/modules/unlock.nix
View file

@ -1,32 +1,27 @@
{ pkgs, lib, config, ...}:
{ pkgs, lib, config, ... }:
with lib;
let
makeUnlocker = { name, hostName, pubKey, passPath }:
let
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in
pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
echo -n .
/run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break;
sleep 1s;
done;
echo
echo "Ping successful; Entering disk encryption password"
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
'';
in
{
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
echo -n .
/run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break;
sleep 1s;
done;
echo
echo "Ping successful; Entering disk encryption password"
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
'';
in {
options.m-0.unlocker = mkOption {
default = [];
type = types.listOf types.attrs;
};
options.m-0.unlocker = mkOption {
default = [ ];
type = types.listOf types.attrs;
};
config = {
home.packages = map makeUnlocker config.m-0.unlocker;
};
config = { home.packages = map makeUnlocker config.m-0.unlocker; };
}

181
home-manager/modules/weechat/default.nix
View file

@ -3,107 +3,100 @@ with lib;
let
in {
options.m-0.weechat = {
enable = mkEnableOption "Weechat";
channels = mkOption {
type = types.str;
default = "";
};
user = mkOption {
type = types.str;
};
pw = mkOption {
type = types.str;
};
};
config = mkIf config.m-0.weechat.enable {
home.file = {
python_plugins = {
target = ".weechat/python";
source = ./plugins/python;
};
perl_plugins = {
target = ".weechat/perl";
source = ./plugins/perl;
};
plugins = {
target = ".weechat/plugins.conf";
text = ''
[var]
python.buffer_autohide.hide_inactive = on
python.buffer_autohide.hide_private = on
'';
};
weechat = {
target = ".weechat/weechat.conf";
text = ''
[look]
buffer_notify_default = "highlight"
jump_current_to_previous_buffer = off
[color]
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
[filter]
irc_smart = on;*;irc_smart_filter;*
'';
};
logger = {
target = ".weechat/logger.conf";
text = ''
[look]
backlog = 1000
[file]
mask = "$name/%Y"
path = "${config.home.homeDirectory}/data/logs/"
'';
};
irc = {
target = ".weechat/irc.conf";
text = ''
[look]
color_nicks_in_nicklist = on
[server]
freenode.addresses = "chat.freenode.net/6697"
freenode.ssl = on
freenode.sasl_mechanism = plain
freenode.sasl_username = "${config.m-0.weechat.user}"
freenode.sasl_password = "${config.m-0.weechat.pw}"
freenode.autoconnect = on
freenode.username = "${config.m-0.weechat.user}"
freenode.autojoin = "#nixos,#matrix,#haskell"
[server]
hackint.addresses = "irc.hackint.org/6697"
hackint.ssl = on
hackint.sasl_mechanism = plain
hackint.sasl_username = "${config.m-0.weechat.user}"
hackint.sasl_password = "${config.m-0.weechat.pw}"
hackint.autoconnect = on
hackint.username = "${config.m-0.weechat.user}"
hackint.autojoin = "${config.m-0.weechat.channels}"
'';
options.m-0.weechat = {
enable = mkEnableOption "Weechat";
channels = mkOption {
type = types.str;
default = "";
};
user = mkOption { type = types.str; };
pw = mkOption { type = types.str; };
};
systemd.user.services = {
weechat = {
Unit = {
Description = "Weechat Tmux Session";
config = mkIf config.m-0.weechat.enable {
home.file = {
python_plugins = {
target = ".weechat/python";
source = ./plugins/python;
};
Service = {
Type = "forking";
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
Restart = "always";
perl_plugins = {
target = ".weechat/perl";
source = ./plugins/perl;
};
Install = {
WantedBy = [ "default.target" ];
plugins = {
target = ".weechat/plugins.conf";
text = ''
[var]
python.buffer_autohide.hide_inactive = on
python.buffer_autohide.hide_private = on
'';
};
weechat = {
target = ".weechat/weechat.conf";
text = ''
[look]
buffer_notify_default = "highlight"
jump_current_to_previous_buffer = off
[color]
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
[filter]
irc_smart = on;*;irc_smart_filter;*
'';
};
logger = {
target = ".weechat/logger.conf";
text = ''
[look]
backlog = 1000
[file]
mask = "$name/%Y"
path = "${config.home.homeDirectory}/data/logs/"
'';
};
irc = {
target = ".weechat/irc.conf";
text = ''
[look]
color_nicks_in_nicklist = on
[server]
freenode.addresses = "chat.freenode.net/6697"
freenode.ssl = on
freenode.sasl_mechanism = plain
freenode.sasl_username = "${config.m-0.weechat.user}"
freenode.sasl_password = "${config.m-0.weechat.pw}"
freenode.autoconnect = on
freenode.username = "${config.m-0.weechat.user}"
freenode.autojoin = "#nixos,#matrix,#haskell"
[server]
hackint.addresses = "irc.hackint.org/6697"
hackint.ssl = on
hackint.sasl_mechanism = plain
hackint.sasl_username = "${config.m-0.weechat.user}"
hackint.sasl_password = "${config.m-0.weechat.pw}"
hackint.autoconnect = on
hackint.username = "${config.m-0.weechat.user}"
hackint.autojoin = "${config.m-0.weechat.channels}"
'';
};
};
systemd.user.services = {
weechat = {
Unit = { Description = "Weechat Tmux Session"; };
Service = {
Type = "forking";
ExecStart =
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
Restart = "always";
};
Install = { WantedBy = [ "default.target" ]; };
};
};
};
};
}

13
home-manager/nvim/default.nix
View file

@ -6,16 +6,9 @@ neovim.override {
customRC = builtins.readFile ./vimrc;
packages.myVimPackage = {
start = builtins.attrValues {
inherit ((import <nixpkgs> {}).vimPlugins)
vim-nix
vimtex
airline
rust-vim
fugitive
vim-trailing-whitespace
vim-pandoc
vim-pandoc-syntax
haskell-vim;
inherit ((import <nixpkgs> { }).vimPlugins)
vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
vim-pandoc vim-pandoc-syntax haskell-vim;
};
};
};

12
home-manager/on-foreign-machine.nix
View file

@ -1,14 +1,12 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, lib, ... }:
let
inherit (import ../common/lib.nix) writeHaskellScript;
sources = import ../nix/sources.nix;
in
{
in {
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = {
NIX_PATH = "$HOME/.nix-path";
};
packages =
builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
file = {
home-manager-source = {
target = ".nix-path/home-manager";

3
home-manager/on-my-machine.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
home = {
username = "maralorn";
homeDirectory = "/home/maralorn";

18
home-manager/unused/morgenreport.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
cd $HOME/data/aktuell/media/ebooks/morgenreport/
DATE=`date +%Y-%m-%d`
PATH=$PATH:/run/wrappers/bin/
@ -11,24 +11,18 @@ morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
echo "File created, sending to kindle now "
echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
'';
urls = [ "https://erdspektive.org/feed/" ];
urls = [ "https://erdspektive.org/feed/" ];
in {
home.packages = [ morgenreport-script];
home.packages = [ morgenreport-script ];
systemd.user = {
services.morgenreport = {
Unit = {
Description = "Send morgenreport to kindle";
};
Unit = { Description = "Send morgenreport to kindle"; };
Service = {
Type = "oneshot";
ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = {
Timer = {
OnCalendar = "20:00";
ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
};
}

26
home-manager/unused/sort-mail.nix
View file

@ -1,8 +1,6 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.sort-mail =
let
services.sort-mail = let
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
${pkgs.isync}/bin/mbsync -a
@ -17,20 +15,14 @@
${pkgs.isync}/bin/mbsync -a
'';
in {
Unit = {
Description = "Sort E-Mails";
};
in {
Unit = { Description = "Sort E-Mails"; };
Service = {
Type = "oneshot";
ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail";
Service = {
Type = "oneshot";
ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
};
};
};
timers.sort-mail = {
Timer = {
OnCalendar = "minutely";
};
};
timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
};
}

8
home-manager/unused/update-hm.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
home-manager = (import ../../home-manager {
inherit pkgs;
inherit path;
@ -8,13 +8,11 @@ let
in {
systemd.user = {
services.update-hm = {
Unit = {
Description = "Update home-manager";
};
Unit = { Description = "Update home-manager"; };
Service = {
Type = "oneshot";
ExecStart="${home-manager}/bin/home-manager switch";
ExecStart = "${home-manager}/bin/home-manager switch";
};
};
timers.update-hm = {

39
home-manager/unused/urxvt.nix
View file

@ -1,34 +1,29 @@
{ pkgs, lib, config, ... }:
let
colors = config.common.colors;
let colors = config.common.colors;
in {
home = {
packages = with pkgs; [
rxvt_unicode-with-plugins
];
};
home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
xresources.properties = {
"*transparent" = true;
"*tintColor" = colors.background;
"*scrollBar" = false;
"*transparent" = true;
"*tintColor" = colors.background;
"*scrollBar" = false;
"*urgentOnBell" = true;
"*background" = colors.background;
"*foreground" = colors.foreground;
"*color0" = colors.black;
"*color8" = colors.brightBlack;
"*color1" = colors.red;
"*color9" = colors.brightRed;
"*color2" = colors.green;
"*background" = colors.background;
"*foreground" = colors.foreground;
"*color0" = colors.black;
"*color8" = colors.brightBlack;
"*color1" = colors.red;
"*color9" = colors.brightRed;
"*color2" = colors.green;
"*color10" = colors.brightGreen;
"*color3" = colors.yellow;
"*color3" = colors.yellow;
"*color11" = colors.brightYellow;
"*color4" = colors.blue;
"*color4" = colors.blue;
"*color12" = colors.brightBlue;
"*color5" = colors.magenta;
"*color5" = colors.magenta;
"*color13" = colors.brightMagenta;
"*color6" = colors.cyan;
"*color6" = colors.cyan;
"*color14" = colors.brightCyan;
"*color7" = colors.white;
"*color7" = colors.white;
"*color15" = colors.brightWhite;
"*boldFont" = "";
};

15
home-manager/update-script.nix
View file

@ -1,18 +1,21 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, lib, ... }:
let
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ./lib.nix) update-home;
configPath = "/home/${config.home.username}/git/nixos/config";
home-maintenance = writeHaskellScript
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} ''
home-maintenance = writeHaskellScript {
name = "home-maintenance";
imports = [ ];
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_home
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
in {
home = {
packages = builtins.attrValues {
inherit home-maintenance get-niv-path;

24
home-manager/update_tasks.nix
View file

@ -1,26 +1,18 @@
{ config, lib, pkgs , ... }:
let
inherit (import ../common/pkgs.nix) eventd;
in
{
{ config, lib, pkgs, ... }:
let inherit (import ../common/pkgs.nix) eventd;
in {
systemd.user = {
services.update_tasks = {
Unit = {
Description = "Update taskwarrior tasks";
};
Unit = { Description = "Update taskwarrior tasks"; };
Service = {
Type = "oneshot";
Environment="PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
ExecStart= "${config.home.homeDirectory}/.cargo/bin/update_tasks";
Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
ExecStart = "${config.home.homeDirectory}/.cargo/bin/update_tasks";
};
};
timers.update_tasks = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};

28
home-manager/zsh/default.nix
View file

@ -1,20 +1,20 @@
{pkgs, ... }: {
{ pkgs, ... }: {
programs = {
zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
history = {
save = 100000;
size = 100000;
};
initExtra = builtins.readFile ./zshrc;
oh-my-zsh = {
programs = {
zsh = {
enable = true;
plugins = [ "colored-man-pages" "git-prompt" ];
enableAutosuggestions = true;
enableCompletion = true;
history = {
save = 100000;
size = 100000;
};
initExtra = builtins.readFile ./zshrc;
oh-my-zsh = {
enable = true;
plugins = [ "colored-man-pages" "git-prompt" ];
};
};
};
};
}

173
hosts/apollo/configuration.nix
View file

@ -8,116 +8,115 @@ let
nixos-hardware = (import ../../nix/sources.nix).nixos-hardware;
in {
imports = [
"${nixos-hardware}/lenovo/thinkpad"
"${nixos-hardware}/common/pc/ssd"
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
./hardware-configuration.nix
../../system
../../system/fonts.nix
../../system/standalone.nix
];
imports = [
"${nixos-hardware}/lenovo/thinkpad"
"${nixos-hardware}/common/pc/ssd"
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
./hardware-configuration.nix
../../system
../../system/fonts.nix
../../system/standalone.nix
];
networking = {
hostName = "apollo";
firewall.allowedTCPPorts = [ 8888 ];
firewall.allowedUDPPorts = [ 30000 ];
wireguard.interfaces = {
m0wire = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [
{
networking = {
hostName = "apollo";
firewall.allowedTCPPorts = [ 8888 ];
firewall.allowedUDPPorts = [ 30000 ];
wireguard.interfaces = {
m0wire = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
persistentKeepalive = 25;
}
];
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
}];
postSetup =
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
};
};
};
};
m-0 = {
laptop.enable = true;
};
m-0 = { laptop.enable = true; };
#let
#let
#secretsFile = "/var/lib/luks-secret/key";
#secretsInitrd = "/boot/grub/secrets-initrd.gz";
#in
#{
#in
#{
#imports = [
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
#boot.initrd.luks.devices."root" = {
#fallbackToPassword = true;
#keyFile = secretsFile;
#};
## copy the secret into the additional initramfs. `null` means same path
#boot.initrd.secrets."${secretsFile}" = null;
#})
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
#boot.initrd.luks.devices."root" = {
#fallbackToPassword = true;
#keyFile = secretsFile;
#};
## copy the secret into the additional initramfs. `null` means same path
#boot.initrd.secrets."${secretsFile}" = null;
#})
#({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) {
#boot.loader = {
#supportsInitrdSecrets = lib.mkForce true;
#grub.extraInitrd = secretsInitrd;
#grub.extraPrepareConfig = ''
#${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
#'';
#};
#})
#({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) {
#boot.loader = {
#supportsInitrdSecrets = lib.mkForce true;
#grub.extraInitrd = secretsInitrd;
#grub.extraPrepareConfig = ''
#${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
#'';
#};
#})
#];
#}
#}
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI";
};
grub = {
enable = true;
version = 2;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
gfxmodeEfi = "1024x768";
};
grub = {
enable = true;
version = 2;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
gfxmodeEfi = "1024x768";
};
};
supportedFilesystems = [ "exfat" ];
};
services = {
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
autorandr.enable = true;
borgbackup.jobs.data = {
doInit = false;
startAt = [];
exclude = [
"/home/${me.user}/data/aktuell/media"
"/home/${me.user}/data/.stversions"
];
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
};
supportedFilesystems = [ "exfat" ];
};
};
cdark_net = {
enable = true;
hostName = "${me.user}_${config.networking.hostName}";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ip6address = "fd23:42:cda:4342::2";
ip4address = "172.20.71.2";
};
services = {
prometheus.exporters.node.firewallFilter =
"-i m0wire -p tcp -m tcp --dport 9100";
autorandr.enable = true;
borgbackup.jobs.data = {
doInit = false;
startAt = [ ];
exclude = [
"/home/${me.user}/data/aktuell/media"
"/home/${me.user}/data/.stversions"
];
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
};
};
cdark_net = {
enable = true;
hostName = "${me.user}_${config.networking.hostName}";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
+ /secret/tinc/ed25519_key.priv;
hostsDirectory =
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ip6address = "fd23:42:cda:4342::2";
ip4address = "172.20.71.2";
};
}

29
hosts/apollo/hardware-configuration.nix
View file

@ -4,29 +4,28 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs";
};
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
boot.initrd.luks.devices."nixos".device =
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
fileSystems."/boot/EFI" =
{ device = "/dev/disk/by-uuid/C4A6-3DB5";
fsType = "vfat";
};
fileSystems."/boot/EFI" = {
device = "/dev/disk/by-uuid/C4A6-3DB5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }
];
[{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

195
hosts/apollo/home.nix
View file

@ -1,40 +1,41 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
../../home-manager/battery.nix
../../home-manager/update_tasks.nix
../../home-manager/desktop
];
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
../../home-manager/battery.nix
../../home-manager/update_tasks.nix
../../home-manager/desktop
];
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
home.packages =
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
m-0 = {
hostName = "apollo";
latex.enable = true;
accounting = {
enable = true;
config = builtins.readFile secret/jaliconfig.py;
m-0 = {
hostName = "apollo";
latex.enable = true;
accounting = {
enable = true;
config = builtins.readFile secret/jaliconfig.py;
};
rustdev.enable = true;
taskwarrior = {
enable = true;
git_active = true;
};
pythia.enable = true;
unlocker = [{
name = "hera";
hostName = "hera-v4";
pubKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
}];
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
};
rustdev.enable = true;
taskwarrior = {
enable = true;
git_active = true;
};
pythia.enable = true;
unlocker = [ {
name = "hera";
hostName = "hera-v4";
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
} ];
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
};
home.file.".ncmpcpp/config".text = ''
ask_before_clearing_playlists=no
@ -46,9 +47,7 @@ m-0 = {
user_interface = alternative
'';
programs = {
firefox = {
enable = true;
};
firefox = { enable = true; };
git = {
signing = {
signByDefault = true;
@ -65,74 +64,80 @@ m-0 = {
network-manager-applet.enable = true;
};
programs.autorandr = {
enable = true;
hooks = {
postswitch = {
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
};
};
profiles = {
"home" = {
fingerprint = {
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2-2 = {
enable = true;
position = "4000x0";
mode = "1920x1080";
};
DP-2-1 = {
enable = true;
position = "2560x0";
mode = "1440x900";
};
programs.autorandr = {
enable = true;
hooks = {
postswitch = {
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
"update-background" =
"${pkgs.systemd}/bin/systemctl --user restart random-background.service";
};
};
"work" = {
fingerprint = {
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
profiles = {
"home" = {
fingerprint = {
"DP-2-2" =
"00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" =
"00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
};
DP-2 = {
enable = true;
position = "2560x0";
mode = "1920x1080";
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2-2 = {
enable = true;
position = "4000x0";
mode = "1920x1080";
};
DP-2-1 = {
enable = true;
position = "2560x0";
mode = "1440x900";
};
};
};
};
"default" = {
fingerprint = {
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"work" = {
fingerprint = {
"DP-2" =
"00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2 = {
enable = true;
position = "2560x0";
mode = "1920x1080";
};
};
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
"default" = {
fingerprint = {
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
};
};
};
};
};
}

BIN
hosts/apollo/secret/default.nix
View file

Binary file not shown.

23
hosts/apollo/syncthing.nix
View file

@ -1,18 +1,17 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
services = mkIf config.m-0.standalone.enable {
syncthing = {
dataDir = "/home/${me.user}/.config/syncthing";
enable = true;
group = "users";
user = me.user;
openDefaultPorts = true;
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
services = mkIf config.m-0.standalone.enable {
syncthing = {
dataDir = "/home/${me.user}/.config/syncthing";
enable = true;
group = "users";
user = me.user;
openDefaultPorts = true;
};
};
};
}

142
hosts/hephaistos/home.nix
View file

@ -1,80 +1,76 @@
{ pkgs, config, ... }:
{
imports = [
../../home-manager
../../home-manager/on-foreign-machine.nix
];
{ pkgs, config, ... }: {
imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
systemd.user.systemctlPath = "/usr/bin/systemctl";
systemd.user.systemctlPath = "/usr/bin/systemctl";
m-0 = {
hostName = "fb04217";
#latex.enable = true;
#taskwarrior = {
# enable = true;
# git_active = true;
#};
#update_tasks.enable = true;
#eventd.enable = true;
#pythia.enable = true;
};
home = {
username = "brandy";
homeDirectory = "/home/brandy";
language = {
base = "C.UTF-8";
address = "C.UTF-8";
monetary = "C.UTF-8";
paper = "C.UTF-8";
time = "C.UTF-8";
m-0 = {
hostName = "fb04217";
#latex.enable = true;
#taskwarrior = {
# enable = true;
# git_active = true;
#};
#update_tasks.enable = true;
#eventd.enable = true;
#pythia.enable = true;
};
sessionVariables = {
LANGUAGE="en_US";
LC_CTYPE="C.UTF-8";
LC_NUMERIC="C.UTF-8";
LC_COLLATE="C.UTF-8";
LC_MESSAGES="C.UTF-8";
LC_NAME="C.UTF-8";
LC_TELEPHONE="C.UTF-8";
LC_MEASUREMENT="C.UTF-8";
LC_IDENTIFICATION="C.UTF-8";
};
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
file = {
".bashrc".text = ''
[ -z "$PS1" ] && return
unset __HM_SESS_VARS_SOURCED
if [[ -z "$NIX_PATH" ]]
then
exec ~/bin/with-nix zsh
else
exec zsh
fi
'';
"bin" = {
source = ./bootstrap-bin;
recursive = true;
home = {
username = "brandy";
homeDirectory = "/home/brandy";
language = {
base = "C.UTF-8";
address = "C.UTF-8";
monetary = "C.UTF-8";
paper = "C.UTF-8";
time = "C.UTF-8";
};
sessionVariables = {
LANGUAGE = "en_US";
LC_CTYPE = "C.UTF-8";
LC_NUMERIC = "C.UTF-8";
LC_COLLATE = "C.UTF-8";
LC_MESSAGES = "C.UTF-8";
LC_NAME = "C.UTF-8";
LC_TELEPHONE = "C.UTF-8";
LC_MEASUREMENT = "C.UTF-8";
LC_IDENTIFICATION = "C.UTF-8";
};
forceCopies.paths =
[ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
file = {
".bashrc".text = ''
[ -z "$PS1" ] && return
unset __HM_SESS_VARS_SOURCED
if [[ -z "$NIX_PATH" ]]
then
exec ~/bin/with-nix zsh
else
exec zsh
fi
'';
"bin" = {
source = ./bootstrap-bin;
recursive = true;
};
};
};
packages = [
(pkgs.writeShellScriptBin "maintenance" ''
set -e
cd ~/git/nixos/nixpkgs
git checkout nixos-local
git pull --no-edit upstream nixos-19.03
git pull --no-edit origin nixos-maralorn
cd ~/git/nixos/home-manager
git checkout home-manager-local
git pull --no-edit upstream release-19.03
git pull --no-edit origin home-manager-maralorn
home-manager switch
nix-collect-garbage --delete-older-than 5d
nix-store --optimise
'')
] ++ ((import ../../common/pkgs.nix).);
};
packages = [
(pkgs.writeShellScriptBin "maintenance" ''
set -e
cd ~/git/nixos/nixpkgs
git checkout nixos-local
git pull --no-edit upstream nixos-19.03
git pull --no-edit origin nixos-maralorn
cd ~/git/nixos/home-manager
git checkout home-manager-local
git pull --no-edit upstream release-19.03
git pull --no-edit origin home-manager-maralorn
home-manager switch
nix-collect-garbage --delete-older-than 5d
nix-store --optimise
'')
];
};
}

10
hosts/hephaistos/nix-gc.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-gc = {
Unit = {
Description = "Collect garbage";
};
Unit = { Description = "Collect garbage"; };
Service = {
Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
ExecStart =
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
};
};
timers.nix-gc = {

9
hosts/hephaistos/nix-update-channel.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-update = {
Unit = {
Description = "Update nix-channel";
};
Unit = { Description = "Update nix-channel"; };
Service = {
Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-channel --update";
ExecStart = "${pkgs.nix}/bin/nix-channel --update";
};
};
timers.nix-update = {

14
hosts/hephaistos/syncthing.nix
View file

@ -1,18 +1,18 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.syncthing = {
Unit = {
Description = "Syncthing";
ConditionHost = "fb04217";
Wants= "syncthing-inotify.service";
Wants = "syncthing-inotify.service";
};
Service = {
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
Restart="on-failure";
SuccessExitStatus="3 4";
RestartForceExitStatus="3 4";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
Restart = "on-failure";
SuccessExitStatus = "3 4";
RestartForceExitStatus = "3 4";
};
};
};

51
hosts/hera/boot.nix
View file

@ -1,33 +1,30 @@
{ ... }:
{
{ ... }: {
m-0.server.initSSHKey = ./secret/boot_rsa;
m-0.server.initSSHKey = ./secret/boot_rsa;
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
grub = {
enable = true;
version = 2;
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
grub = {
enable = true;
version = 2;
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
};
};
supportedFilesystems = [ "exfat" ];
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
initrd = {
postMountCommands = ''
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}];
};
};
supportedFilesystems = [ "exfat" ];
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
initrd = {
postMountCommands = ''
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}
];
};
};
}

15
hosts/hera/borg.nix
View file

@ -1,20 +1,25 @@
{ config, ... }:
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
containers.borg = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, ... }: {
imports = [../../system];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }];
ipv6.addresses = [{
address = config.m-0.hosts.borg;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
};
services = {

67
hosts/hera/cloud.nix
View file

@ -3,25 +3,34 @@ with lib;
let
inherit (config.m-0.private) me cloud;
inherit (config.m-0) hosts;
nextcloud-container = { v6, v4, hostname , news-updater ? false}: {
nextcloud-container = { v6, v4, hostname, news-updater ? false }: {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, ... }: {
disabledModules = [ "services/web-apps/nextcloud.nix" ];
imports = [
../../system
./nextcloud.nix
];
imports = [ ../../system ./nextcloud.nix ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = v6; prefixLength = 112; }];
ipv4.addresses = [{ address = v4; prefixLength = 24; }];
ipv6.addresses = [{
address = v6;
prefixLength = 112;
}];
ipv4.addresses = [{
address = v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
@ -58,9 +67,7 @@ let
};
};
redis = {
enable = true;
};
redis = { enable = true; };
postgresql = {
enable = true;
@ -71,10 +78,10 @@ let
};
};
systemd = {
services ={
"nextcloud-setup"= {
requires = ["postgresql.service"];
after = ["postgresql.service"];
services = {
"nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
"nextcloud-news-updater" = mkIf news-updater {
startAt = "20:00";
@ -82,15 +89,15 @@ let
Type = "oneshot";
User = "nextcloud";
ExecStart = let
config = pkgs.writeText "updater.ini" (generators.toINI {} {
config = pkgs.writeText "updater.ini" (generators.toINI { } {
updater = {
user = cloud.adminuser;
password = cloud.adminpass;
url = "https://${hostname}/";
mode = "singlerun";
};});
in
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
});
in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
};
};
@ -100,10 +107,22 @@ let
in {
m-0.monitoring = [
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; }
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; }
{ name = "cloud"; host = "cloud:9100"; }
{ name = "cloud-nginx"; host = "cloud:9113"; }
{
name = "mathechor-cloud";
host = "mathechor-cloud:9100";
}
{
name = "mathechor-cloud-nginx";
host = "mathechor-cloud:9113";
}
{
name = "cloud";
host = "cloud:9100";
}
{
name = "cloud-nginx";
host = "cloud:9113";
}
];
containers = {
chor-cloud = nextcloud-container {

91
hosts/hera/configuration.nix
View file

@ -3,57 +3,56 @@
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
let
inherit (config.m-0.private) me;
let inherit (config.m-0.private) me;
in {
imports = [
./hardware-configuration.nix
../../system
../../system/test-timer.nix
../../system/standalone.nix
../../system/server.nix
../../system/git.nix
./borg.nix
./mail.nix
./boot.nix
./cloud.nix
./web.nix
./monitoring.nix
./network.nix
./matrix.nix
./secret
];
imports = [
./hardware-configuration.nix
../../system
../../system/test-timer.nix
../../system/standalone.nix
../../system/server.nix
../../system/git.nix
./borg.nix
./mail.nix
./boot.nix
./cloud.nix
./web.nix
./monitoring.nix
./network.nix
./matrix.nix
./secret
];
nix.sshServe = {
enable = true;
keys = me.keys;
protocol = "ssh-ng";
};
services = {
borgbackup.jobs.data = {
doInit = false;
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
nix.sshServe = {
enable = true;
keys = me.keys;
protocol = "ssh-ng";
};
};
users.users.choreutes = {
linger = true;
description = "choreutes";
isNormalUser = true;
uid = 1001;
extraGroups = [ "wheel" "systemd-journal" ];
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
};
services = {
borgbackup.jobs.data = {
doInit = false;
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
};
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
users.users.choreutes = {
linger = true;
description = "choreutes";
isNormalUser = true;
uid = 1001;
extraGroups = [ "wheel" "systemd-journal" ];
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}

26
hosts/hera/hardware-configuration.nix
View file

@ -4,27 +4,25 @@
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3D8A-20F0";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3D8A-20F0";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }
];
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
nix.maxJobs = lib.mkDefault 4;
}

42
hosts/hera/home.nix
View file

@ -1,28 +1,24 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
./secret
];
imports =
[ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
m-0 = {
hostName = "hera";
taskwarrior.enable = false;
bugwarrior.enable = false;
rustdev.enable = false;
eventd.enable = false;
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
m-0 = {
hostName = "hera";
taskwarrior.enable = false;
bugwarrior.enable = false;
rustdev.enable = false;
eventd.enable = false;
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
weechat = {
enable = true;
user = config.m-0.private.hackint.user;
pw = config.m-0.private.hackint.hackint_pw;
channels = config.m-0.private.hackint.channels;
};
};
weechat = {
enable = true;
user = config.m-0.private.hackint.user;
pw = config.m-0.private.hackint.hackint_pw;
channels = config.m-0.private.hackint.channels;
};
};
}

166
hosts/hera/mail.nix
View file

@ -2,91 +2,97 @@
let
certPath = "/var/lib/acme/hera.m-0.eu";
inherit (config.services.prometheus.exporters.node) firewallFilter;
in
{
networking.firewall = {
allowedTCPPorts = [ 25 143 587 993 ];
extraCommands = ''
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
'';
};
in {
networking.firewall = {
allowedTCPPorts = [ 25 143 587 993 ];
extraCommands = ''
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
'';
};
m-0.monitoring = [
{ name = "mail-server"; host = "hera-intern:9101"; }
{ name = "postfix"; host = "hera-intern:9154"; }
{ name = "dovecot"; host = "hera-intern:9166"; }
];
m-0.monitoring = [
{
name = "mail-server";
host = "hera-intern:9101";
}
{
name = "postfix";
host = "hera-intern:9154";
}
{
name = "dovecot";
host = "hera-intern:9166";
}
];
containers.mail = {
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
autoStart = true;
config = { pkgs, lib, ... }: {
imports = [
../../system
"${(import ../../nix/sources.nix).nixos-mailserver}"
];
services.prometheus.exporters = {
node.port = 9101;
postfix = {
enable = true;
openFirewall = true;
inherit firewallFilter;
systemd.enable = true;
};
dovecot = {
enable = true;
openFirewall = true;
inherit firewallFilter;
};
};
systemd.services = {
atomail = {
script =
let
atomail = pkgs.fetchFromGitHub {
owner = "remko";
repo = "atomail";
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
};
in ''
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
'';
startAt = "19:58:00";
serviceConfig.Type = "oneshot";
};
rss-server = {
preStart = "mkdir -p /var/www";
serviceConfig = {
WorkingDirectory = "/var/www";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
containers.mail = {
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
autoStart = true;
config = { pkgs, lib, ... }: {
imports =
[ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
services.prometheus.exporters = {
node.port = 9101;
postfix = {
enable = true;
openFirewall = true;
inherit firewallFilter;
systemd.enable = true;
};
dovecot = {
enable = true;
openFirewall = true;
inherit firewallFilter;
};
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
mailserver = {
enable = true;
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
loginAccounts = config.m-0.private.mailUsers;
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
extraVirtualAliases = config.m-0.private.lists;
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
'';
systemd.services = {
atomail = {
script = let
atomail = pkgs.fetchFromGitHub {
owner = "remko";
repo = "atomail";
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
};
in ''
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
'';
startAt = "19:58:00";
serviceConfig.Type = "oneshot";
};
rss-server = {
preStart = "mkdir -p /var/www";
serviceConfig = {
WorkingDirectory = "/var/www";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
};
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks =
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
mailserver = {
enable = true;
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
loginAccounts = config.m-0.private.mailUsers;
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
extraVirtualAliases = config.m-0.private.lists;
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
'';
};
};
};
};
}

339
hosts/hera/matrix.nix
View file

@ -3,171 +3,202 @@ let
hostName = "matrix.maralorn.de";
inherit (config.m-0) hosts;
inherit (../../common/lib.nix) unstable;
in
{
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
in {
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
m-0.monitoring = [
{ name = "matrix"; host = "matrix:9100"; }
{ name = "matrix-nginx"; host = "matrix:9113"; }
];
services.coturn = {
enable = true;
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
containers.matrix = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
m-0.monitoring = [
{
name = "matrix";
host = "matrix:9100";
}
{
name = "matrix-nginx";
host = "matrix:9113";
}
];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }];
services.coturn = {
enable = true;
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
containers.matrix = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{
address = hosts.matrix;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.matrix-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 8448 ];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
firewall.allowedTCPPorts = [ 80 443 8448 ];
};
m-0.riot = {
enable = true;
hostname = "riot.maralorn.de";
config = {
default_hs_url = "https://matrix.maralorn.de";
default_is_url = "https://vector.im";
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [];
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
welcomeUserId = "@riot-bot:matrix.org";
piwik = false;
features = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = {
servers = [ "matrix.org" "maralorn.de" ];
};
branding = {
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
};
};
};
services = {
nginx = {
m-0.riot = {
enable = true;
virtualHosts."${hostName}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://[::1]:8008";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
hostname = "riot.maralorn.de";
config = {
default_hs_url = "https://matrix.maralorn.de";
default_is_url = "https://vector.im";
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [ ];
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
welcomeUserId = "@riot-bot:matrix.org";
piwik = false;
features = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
branding = {
welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
};
};
};
# Postgres
postgresql = {
enable = true;
};
# Synapse
matrix-synapse = {
enable = true;
enable_metrics = true;
server_name = "maralorn.de";
public_baseurl = "https://${hostName}";
url_preview_enabled = true;
database_type = "psycopg2";
max_upload_size = "30M";
create_local_database = false;
dynamic_thumbnails = true;
macaroon_secret_key = config.m-0.private.macaroon_secret;
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
turn_shared_secret = config.m-0.private.turn_secret;
turn_user_lifetime = "5h";
allow_guest_access = true;
logConfig = ''
version: 1
formatters:
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
disable_existing_loggers: True
loggers:
synapse:
level: WARN
synapse.storage.SQL:
level: WARN
root:
level: WARN
handlers: [journal]
'';
database_args = {
user = "matrix-synapse";
database = "matrix-synapse";
cp_min = 5;
cp_max = 10;
services = {
nginx = {
enable = true;
virtualHosts."${hostName}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://[::1]:8008";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
};
};
};
# Postgres
postgresql = { enable = true; };
# Synapse
matrix-synapse = {
enable = true;
enable_metrics = true;
server_name = "maralorn.de";
public_baseurl = "https://${hostName}";
url_preview_enabled = true;
database_type = "psycopg2";
max_upload_size = "30M";
create_local_database = false;
dynamic_thumbnails = true;
macaroon_secret_key = config.m-0.private.macaroon_secret;
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
turn_shared_secret = config.m-0.private.turn_secret;
turn_user_lifetime = "5h";
allow_guest_access = true;
logConfig = ''
version: 1
formatters:
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
disable_existing_loggers: True
loggers:
synapse:
level: WARN
synapse.storage.SQL:
level: WARN
root:
level: WARN
handlers: [journal]
'';
database_args = {
user = "matrix-synapse";
database = "matrix-synapse";
cp_min = 5;
cp_max = 10;
};
report_stats = true;
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
listeners = [
{
port = 8448;
bind_address = "::";
resources = [
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [
{
compress = false;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = true;
tls = false;
}
];
};
report_stats = true;
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
listeners = [
{
port = 8448;
bind_address = "::";
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = true;
tls = false;
}
];
};
};
security.acme.certs = {
"${hostName}" = {
group = "matrix-synapse";
allowKeysForGroup = true;
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
security.acme.certs = {
"${hostName}" = {
group = "matrix-synapse";
allowKeysForGroup = true;
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
};
};
};
};
};
}

146
hosts/hera/monitoring.nix
View file

@ -1,38 +1,51 @@
{ config, ... }:
let
inherit (config.m-0) hosts;
in
{
services.prometheus.exporters.node = {
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
};
m-0.monitoring = [
{ name = "hera"; host = "hera-intern:9100"; }
{ name = "monitoring-container"; host = "localhost:9100"; }
];
let inherit (config.m-0) hosts;
in {
services.prometheus.exporters.node = {
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
};
m-0.monitoring = [
{
name = "hera";
host = "hera-intern:9100";
}
{
name = "monitoring-container";
host = "localhost:9100";
}
];
containers.monitoring = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }];
containers.monitoring = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{
address = hosts.monitoring;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.monitoring-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 9090 9093 ];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
firewall.allowedTCPPorts = [ 9090 9093 ];
};
services.prometheus = {
enable = true;
rules = [
''
services.prometheus = {
enable = true;
rules = [''
ALERT node_down
IF (up{name!="apollo"} == 0)
FOR 5m
@ -123,51 +136,44 @@ containers.monitoring = {
summary="{{$labels.alias}}: Running out of swap soon.",
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
}
''
];
scrapeConfigs = [
{
''];
scrapeConfigs = [{
job_name = "nodes";
static_configs = map (entry: {
targets = [ entry.host ];
labels = {"name" = entry.name; };
labels = { "name" = entry.name; };
}) config.m-0.monitoring;
}
];
alertmanagerURL = [ "http://localhost:9093" ];
alertmanager = {
enable = true;
listenAddress = "0.0.0.0";
configuration = {
"global" = {
"smtp_smarthost" = "hera.m-0.eu:587";
"smtp_from" = "alertmanager@m-0.eu";
"smtp_auth_username" = "alertmanager@m-0.eu";
"smtp_auth_password" = config.m-0.private.alertmanager-mail-pw;
};
"route" = {
"group_by" = [ "alertname" "alias" ];
"group_wait" = "30s";
"group_interval" = "2m";
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
}];
alertmanagerURL = [ "http://localhost:9093" ];
alertmanager = {
enable = true;
listenAddress = "0.0.0.0";
configuration = {
"global" = {
"smtp_smarthost" = "hera.m-0.eu:587";
"smtp_from" = "alertmanager@m-0.eu";
"smtp_auth_username" = "alertmanager@m-0.eu";
"smtp_auth_password" = config.m-0.private.alertmanager-mail-pw;
};
"route" = {
"group_by" = [ "alertname" "alias" ];
"group_wait" = "30s";
"group_interval" = "2m";
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [{
"name" = "team-admins";
"email_configs" = [
{
"to" = "malte.brandy@maralorn.de";
"send_resolved" = true;
}
];
}
];
"email_configs" = [{
"to" = "malte.brandy@maralorn.de";
"send_resolved" = true;
}];
}];
};
};
exporters.node.enable = true;
};
};
exporters.node.enable = true;
};
};
};
}

121
hosts/hera/network.nix
View file

@ -1,67 +1,78 @@
{ pkgs, config, ... }:
let
inherit (config.m-0) hosts;
inherit (config.m-0.private) wireguard;
in
{
networking = {
hostName = "hera";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }];
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; };
let
inherit (config.m-0) hosts;
inherit (config.m-0.private) wireguard;
in {
networking = {
hostName = "hera";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{
address = "213.136.94.190";
prefixLength = 24;
}];
ipv6.addresses = [{
address = hosts.hera;
prefixLength = 128;
}];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
extraCommands = ''
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
'';
};
firewall = {
extraCommands = ''
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
'';
};
bridges.bridge.interfaces = [ ];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }];
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }];
};
nat = {
enable = true;
externalInterface = "ens18";
internalInterfaces = [ "bridge" ];
};
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
firewall.allowedUDPPorts = [ wireguard.port ];
wireguard.interfaces = {
m0wire = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
listenPort = wireguard.port;
peers = [
{
bridges.bridge.interfaces = [ ];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{
address = hosts.hera-intern;
prefixLength = 112;
}];
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
};
nat = {
enable = true;
externalInterface = "ens18";
internalInterfaces = [ "bridge" ];
};
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
firewall.allowedUDPPorts = [ wireguard.port ];
wireguard.interfaces = {
m0wire = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
listenPort = wireguard.port;
peers = [{
publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" ];
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
}
];
}];
};
};
};
};
services = {
ndppd = {
enable = true;
configFile = pkgs.writeText "ndppd.conf" ''
proxy ens18 {
rule ${config.m-0.prefix}::/64 {
static
services = {
ndppd = {
enable = true;
configFile = pkgs.writeText "ndppd.conf" ''
proxy ens18 {
rule ${config.m-0.prefix}::/64 {
static
}
}
}
'';
'';
};
};
};
}

221
hosts/hera/nextcloud.nix
View file

@ -9,13 +9,16 @@ let
phpPackages = pkgs.php73Packages;
toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {} " = ";
mkKeyValue = generators.mkKeyValueDefault { } " = ";
};
phpOptionsExtensions = ''
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
${optionalString cfg.caching.apcu
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
zend_extension = opcache.so
opcache.enable = 1
@ -57,7 +60,8 @@ in {
https = mkOption {
type = types.bool;
default = false;
description = "Enable if there is a TLS terminating proxy in front of nextcloud.";
description =
"Enable if there is a TLS terminating proxy in front of nextcloud.";
};
maxUploadSize = mkOption {
@ -208,7 +212,7 @@ in {
extraTrustedDomains = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
description = ''
Trusted domains, from which the nextcloud installation will be
acessible. You don't need to add
@ -277,18 +281,24 @@ in {
};
config = mkIf cfg.enable (mkMerge [
{ assertions = let acfg = cfg.config; in [
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
message = "Please specify no more than one of dbpass or dbpassFile";
}
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message = "Please specify exactly one of adminpass or adminpassFile";
}
];
{
assertions = let acfg = cfg.config;
in [
{
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
message = "Please specify no more than one of dbpass or dbpassFile";
}
{
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message =
"Please specify exactly one of adminpass or adminpassFile";
}
];
}
{ systemd.timers."nextcloud-cron" = {
{
systemd.timers."nextcloud-cron" = {
wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m";
timerConfig.OnUnitActiveSec = "15m";
@ -306,78 +316,98 @@ in {
],
'datadirectory' => '${cfg.home}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
${
optionalString cfg.caching.apcu
"'memcache.local' => '\\OC\\Memcache\\APCu',"
}
'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"}
${
optionalString (cfg.config.overwriteProtocol != null)
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
}
];
'';
occInstallCmd = let
c = cfg.config;
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null
then ''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null
then ''"${toString c.dbpass}"''
else null;
adminpass = if c.adminpassFile != null then
''"$(<"${toString c.adminpassFile}")"''
else
''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null then
''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null then
''"${toString c.dbpass}"''
else
null;
installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
${if (any (x: x != null) [c.dbpass c.dbpassFile])
then "--database-pass" else null} = dbpass;
${if c.dbtableprefix != null
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
"--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
});
in ''
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
(i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
"--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if c.dbname != null then "--database-name" else null} =
''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} =
''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} =
''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} =
''"${c.dbuser}"'';
${
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
"--database-pass"
else
null
} = dbpass;
${
if c.dbtableprefix != null then
"--database-table-prefix"
else
null
} = ''"${toString c.dbtableprefix}"'';
"--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
});
in ''
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
script = ''
chmod og+x ${cfg.home}
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
script = ''
chmod og+x ${cfg.home}
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
# Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then
${occInstallCmd}
fi
# Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then
${occInstallCmd}
fi
${occ}/bin/nextcloud-occ upgrade
${occ}/bin/nextcloud-occ upgrade
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
${occSetTrustedDomainsCmd}
'';
serviceConfig.Type = "oneshot";
};
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
${occSetTrustedDomainsCmd}
'';
serviceConfig.Type = "oneshot";
};
"nextcloud-cron" = {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
serviceConfig.ExecStart =
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
};
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
serviceConfig.Type = "oneshot";
@ -388,25 +418,24 @@ in {
services.phpfpm = {
pools.nextcloud = let
phpAdminValues = (toKeyValue
(foldr (a: b: a // b) {}
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
phpOptions)));
in {
phpOptions = phpOptionsExtensions;
phpPackage = phpPackage;
listen = "/run/phpfpm/nextcloud";
extraConfig = ''
listen.owner = nginx
listen.group = nginx
user = nextcloud
group = nginx
${cfg.poolConfig}
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
${phpAdminValues}
'';
};
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
phpOptions)));
in {
phpOptions = phpOptionsExtensions;
phpPackage = phpPackage;
listen = "/run/phpfpm/nextcloud";
extraConfig = ''
listen.owner = nginx
listen.group = nginx
user = nextcloud
group = nginx
${cfg.poolConfig}
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
${phpAdminValues}
'';
};
};
users.extraUsers.nextcloud = {
@ -457,7 +486,8 @@ in {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
{
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
@ -472,10 +502,11 @@ in {
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";

BIN
hosts/hera/secret/default.nix
View file

Binary file not shown.

188
hosts/hera/web.nix
View file

@ -2,104 +2,120 @@
let
inherit (config.m-0) hosts;
certPath = "/var/lib/acme/hera.m-0.eu";
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [
{ name = "web"; host = "web:9100"; }
{ name = "web-nginx"; host = "web:9113"; }
];
services.sniproxy = {
enable = true;
config = ''
error_log {
syslog daemon
priority warn
in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [
{
name = "web";
host = "web:9100";
}
access_log {
syslog daemon
priority error
{
name = "web-nginx";
host = "web:9113";
}
listen 80 {
proto http
}
listen 443 {
proto tls
}
listen 8448 {
proto tls
table matrix
];
services.sniproxy = {
enable = true;
config = ''
error_log {
syslog daemon
priority warn
}
access_log {
syslog daemon
priority error
}
listen 80 {
proto http
}
listen 443 {
proto tls
}
listen 8448 {
proto tls
table matrix
fallback ${hosts.matrix}:8448
}
table {
cloud.maralorn.de ${hosts.cloud}
cloud.mathechor.de ${hosts.mathechor-cloud}
matrix.maralorn.de ${hosts.matrix}
riot.maralorn.de ${hosts.matrix}
.* ${hosts.web}
}
table matrix {
.* ${hosts.matrix}
}
'';
};
containers.web = {
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; };
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [../../system];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {
blog.enable = true;
mathechor-de = {
enable = true;
password = config.m-0.private.mathechor-pw;
fallback ${hosts.matrix}:8448
}
table {
cloud.maralorn.de ${hosts.cloud}
cloud.mathechor.de ${hosts.mathechor-cloud}
matrix.maralorn.de ${hosts.matrix}
riot.maralorn.de ${hosts.matrix}
.* ${hosts.web}
}
table matrix {
.* ${hosts.matrix}
}
'';
};
containers.web = {
bindMounts = {
"${certPath}" = {
hostPath = certPath;
isReadOnly = false;
};
};
services = {
nginx = {
enable = true;
virtualHosts."hera.m-0.eu" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
extraConfig = ''
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
'';
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{
address = config.m-0.hosts.web;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {
blog.enable = true;
mathechor-de = {
enable = true;
password = config.m-0.private.mathechor-pw;
};
};
services = {
nginx = {
enable = true;
virtualHosts."hera.m-0.eu" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
extraConfig = ''
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
'';
};
};
};
};
virtualHosts."maralorn.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}";
'';
};
"/" = {
extraConfig = ''
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
'';
virtualHosts."maralorn.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}";
'';
};
"/" = {
extraConfig = ''
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
'';
};
};
};
};
};
};
};
};
}

99
nix/sources.nix
View file

@ -1,61 +1,57 @@
# This file has been generated by Niv.
# A record, from name to path, of the third-party packages
with rec
{
pkgs =
if hasNixpkgsPath
then
if hasThisAsNixpkgsPath
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
else import <nixpkgs> {}
with rec {
pkgs = if hasNixpkgsPath then
if hasThisAsNixpkgsPath then
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
import <nixpkgs> { }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ };
sources_nixpkgs =
if builtins.hasAttr "nixpkgs" sources
then sources.nixpkgs
else abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
sources.nixpkgs
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
builtins_fetchTarball = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
builtins_fetchurl = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
# A wrapper around pkgs.fetchzip that has inspectable arguments,
# annoyingly this means we have to specify them
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
hasThisAsNixpkgsPath =
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
== ./.;
sources = builtins.fromJSON (builtins.readFile ./sources.json);
mapAttrs = builtins.mapAttrs or
(f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# borrowed from nixpkgs
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
@ -64,10 +60,11 @@ with rec
in f (auto // args);
getFetcher = spec:
let fetcherName =
if builtins.hasAttr "type" spec
then builtins.getAttr "type" spec
else "builtin-tarball";
let
fetcherName = if builtins.hasAttr "type" spec then
builtins.getAttr "type" spec
else
"builtin-tarball";
in builtins.getAttr fetcherName {
"tarball" = fetchzip;
"builtin-tarball" = builtins_fetchTarball;
@ -77,13 +74,9 @@ with rec
};
# NOTE: spec must _not_ have an "outPath" attribute
mapAttrs (_: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
then
spec //
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
else spec
) sources
if builtins.hasAttr "outPath" spec then
abort "The values in sources.json should not have an 'outPath' attribute"
else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
else
spec) sources

5
packages/eventd/default.nix
View file

@ -1,4 +1,7 @@
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }:
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
, utillinux, libxkbcommon }:
stdenv.mkDerivation rec {
name = "eventd";
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";

3
packages/jali/default.nix
View file

@ -1,5 +1,6 @@
{ aqbanking, python36Packages, fetchgit }:
with python36Packages; buildPythonApplication rec {
with python36Packages;
buildPythonApplication rec {
name = "${pname}-${version}";
pname = "jali";
doCheck = false;

4147
packages/tasktree/Cargo.nix
View file

File diff suppressed because it is too large Load diff

41
packages/tasktree/default.nix
View file

@ -1,26 +1,29 @@
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix {}).tasktree_0_1_0 {}).override {
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
, gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
crateOverrides = defaultCrateOverrides // {
atk-sys = attr: { buildInputs = [ atk ]; };
pango-sys = attr: { buildInputs = [ pango glib ]; };
gio = attr: { buildInputs = [ glib ]; };
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; };
gtk-sys = attr: {
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
};
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
tasktree = attrs:
let
desktopItem = makeDesktopItem {
name = "tasktree";
exec = "tasktree";
icon = "tasktree";
comment = "A taskwarrior UI";
desktopName = "Tasktree";
genericName = "Tasktree";
categories = "Office;";
};
let
desktopItem = makeDesktopItem {
name = "tasktree";
exec = "tasktree";
icon = "tasktree";
comment = "A taskwarrior UI";
desktopName = "Tasktree";
genericName = "Tasktree";
categories = "Office;";
};
version = "abb312f";
in {
in {
src = fetchFromGitHub {
rev = version;
owner = "maralorn";
@ -30,12 +33,12 @@
depsSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
cargoSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
postInstall = ''
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/
rm $out/lib/link
postInstall = ''
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/
rm $out/lib/link
'';
buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ];
};
};
};
}

9
system/admin.nix
View file

@ -1,7 +1,6 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
users.users = {
"${me.user}" = {
@ -13,8 +12,6 @@ in {
openssh.authorizedKeys.keys = me.keys;
passwordFile = me.pw-file;
};
root = {
passwordFile = me.pw-file;
};
root = { passwordFile = me.pw-file; };
};
}

21
system/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, lib, ... }:
let
inherit (import ../common/lib.nix) sources;
me = config.m-0.private.me;
@ -15,23 +15,21 @@ in {
config = {
i18n = {
defaultLocale = "en_US.UTF-8";
};
i18n = { defaultLocale = "en_US.UTF-8"; };
time.timeZone = "Europe/Berlin";
networking = {
firewall.allowPing = true;
useDHCP = false;
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts);
hosts = lib.zipAttrs
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts);
};
users = {
mutableUsers = false;
users.root = {
openssh.authorizedKeys.keys = me.keys;
};
users.root = { openssh.authorizedKeys.keys = me.keys; };
};
environment = {
@ -43,10 +41,11 @@ in {
};
};
nix = {
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
binaryCaches =
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys =
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
nixPath = [ "/etc/nix-path" ];
};

45
system/fonts.nix
View file

@ -7,7 +7,8 @@
antialias = true;
cache32Bit = true;
defaultFonts = {
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
monospace =
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
};
@ -20,44 +21,22 @@
enableFontDir = true;
fonts = builtins.attrValues {
inherit (pkgs)
anonymousPro
arkpandora_ttf
caladea
carlito
comfortaa
comic-relief
crimson
dejavu_fonts
google-fonts
inconsolata
iosevka
liberationsansnarrow
liberation_ttf
libertine
mononoki
montserrat
nerdfonts
norwester-font
opensans-ttf
powerline-fonts
roboto
sampradaya
source-code-pro
source-sans-pro
source-serif-pro
tai-ahom
tempora_lgc
terminus_font
theano
ubuntu_font_family;
anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
crimson dejavu_fonts google-fonts inconsolata iosevka
liberationsansnarrow liberation_ttf libertine mononoki montserrat
nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
terminus_font theano ubuntu_font_family;
};
};
# create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months
environment.etc = let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources);
in builtins.listToAttrs (lib.imap0 (n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
}) font_sources);
}

43
system/git.nix
View file

@ -2,12 +2,14 @@
let
inherit (import ../common/lib.nix) writeHaskellScript haskellList;
me = config.m-0.private.me;
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"];
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"];
test-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
upgrade-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
post-update = writeHaskellScript {
name = "post-update";
bins = [ pkgs.git pkgs.nix ];
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)"];
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)" ];
} ''
main = do
mirror <- lookupEnv "GL_OPTION_MIRROR"
@ -26,17 +28,26 @@ let
exe "sudo" ${haskellList upgrade-command};
writeOutput "Done";
'';
in
{
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [ { commands = [
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; }
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; }
]; users = [ "git" ]; } ];
services.gitolite = {
enable = true;
user = "git";
adminPubkey = builtins.elemAt me.keys 0;
commonHooks = [ "${post-update}/bin/post-update" ];
};
in {
users.users.git.linger =
true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [{
commands = [
{
command = builtins.concatStringsSep " " test-command;
options = [ "NOPASSWD" ];
}
{
command = builtins.concatStringsSep " " upgrade-command;
options = [ "NOPASSWD" ];
}
];
users = [ "git" ];
}];
services.gitolite = {
enable = true;
user = "git";
adminPubkey = builtins.elemAt me.keys 0;
commonHooks = [ "${post-update}/bin/post-update" ];
};
}

33
system/init_ssh.nix
View file

@ -1,28 +1,23 @@
{ config, pkgs, lib, ... }:
with lib;
{
options = {
m-0.server.initSSHKey = mkOption {
type = types.path;
};
};
with lib; {
options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
config = {
boot.initrd = {
network = {
enable = true;
ssh = {
config = {
boot.initrd = {
network = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
# generate file with
# nix-shell -p dropbear
# dropbearkey -t rsa -f boot_rsa
hostRSAKey = config.m-0.server.initSSHKey;
# generate file with
# nix-shell -p dropbear
# dropbearkey -t rsa -f boot_rsa
hostRSAKey = config.m-0.server.initSSHKey;
};
};
postMountCommands = "ip link set eth0 down";
};
postMountCommands = "ip link set eth0 down";
};
};
}

70
system/modules/blog.nix
View file

@ -3,51 +3,51 @@ with lib;
let
page = pkgs.stdenv.mkDerivation {
name = "blog.maralorn.de";
src = builtins.fetchGit "git@hera:blog";
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ];
LC_ALL="en_US.UTF-8";
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
buildPhase = ''
make html
'';
installPhase = ''
mkdir $out
cp -r output/* $out
'';
};
page = pkgs.stdenv.mkDerivation {
name = "blog.maralorn.de";
src = builtins.fetchGit "git@hera:blog";
buildInputs =
[ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
buildPhase = ''
make html
'';
installPhase = ''
mkdir $out
cp -r output/* $out
'';
};
in
{
in {
options = {
m-0.blog = {
enable = mkOption {
type = types.bool;
default = false;
options = {
m-0.blog = {
enable = mkOption {
type = types.bool;
default = false;
};
};
};
};
config = mkIf config.m-0.blog.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
config = mkIf config.m-0.blog.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services = {
nginx = {
enable = true;
virtualHosts."blog.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "${page}";
index = "index.html";
services = {
nginx = {
enable = true;
virtualHosts."blog.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "${page}";
index = "index.html";
};
};
};
};
};
};
};
}

21
system/modules/laptop.nix
View file

@ -5,8 +5,7 @@ let
me = config.m-0.private.me;
in
{
in {
options = {
m-0.laptop.enable = mkOption {
type = types.bool;
@ -14,9 +13,7 @@ in
};
};
config = mkIf config.m-0.laptop.enable {
networking = {
networkmanager.enable = true;
};
networking = { networkmanager.enable = true; };
i18n.consoleKeyMap = "neo";
sound.enable = true;
@ -47,18 +44,18 @@ in
'';
};
mpd = {
enable = true;
user = me.user;
group = "users";
network.listenAddress = "::1";
musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
extraConfig = ''
enable = true;
user = me.user;
group = "users";
network.listenAddress = "::1";
musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
extraConfig = ''
audio_output {
type "pulse"
name "Pulseaudio"
server "localhost"
}
'';
'';
};
xserver = {
enable = true;

19
system/modules/loginctl-linger.nix
View file

@ -12,11 +12,14 @@ let
dataDir = "/var/lib/systemd/linger";
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsers = map (u: u.name)
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsersFile = builtins.toFile "lingering-users"
(concatStrings (map (s: "${s}\n")
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly
lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
(s: ''
${s}
'') (sort (a: b: a < b)
lingeringUsers))); # this sorting is important for `comm` to work correctly
updateLingering = pkgs.writeScript "update-lingering" ''
# Stop when the system is not running, e.g. during nixos-install
@ -26,14 +29,10 @@ let
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
'';
in
{
in {
options = {
users.users = mkOption {
options = [{
linger = mkEnableOption "lingering for the user";
}];
options = [{ linger = mkEnableOption "lingering for the user"; }];
};
};

109
system/modules/mathechor.de.nix
View file

@ -3,73 +3,72 @@ with lib;
let
me = config.m-0.private.me;
page = pkgs.stdenv.mkDerivation {
name = "mathechor.de";
src = builtins.fetchGit "git@hera:mathechor.de";
buildInputs = [ pkgs.pandoc pkgs.python3 ];
LC_ALL="en_US.UTF-8";
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
installPhase = ''
mkdir $out
cp -r intern/output $out/intern
cp -r public/output $out/public
'';
};
me = config.m-0.private.me;
page = pkgs.stdenv.mkDerivation {
name = "mathechor.de";
src = builtins.fetchGit "git@hera:mathechor.de";
buildInputs = [ pkgs.pandoc pkgs.python3 ];
LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
installPhase = ''
mkdir $out
cp -r intern/output $out/intern
cp -r public/output $out/public
'';
};
in
{
in {
options = {
m-0.mathechor-de = {
enable = mkOption {
type = types.bool;
default = false;
};
password = mkOption {
type = types.str;
options = {
m-0.mathechor-de = {
enable = mkOption {
type = types.bool;
default = false;
};
password = mkOption { type = types.str; };
};
};
};
config = mkIf config.m-0.mathechor-de.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
config = mkIf config.m-0.mathechor-de.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services = {
nginx = {
enable = true;
virtualHosts."mathechor.de" = {
serverAliases = ["www.mathechor.de"];
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "${page}/public";
index = "index.html";
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
services = {
nginx = {
enable = true;
virtualHosts."mathechor.de" = {
serverAliases = [ "www.mathechor.de" ];
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "${page}/public";
index = "index.html";
extraConfig =
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
};
};
};
};
virtualHosts."intern.mathechor.de" = {
forceSSL = true;
enableACME = true;
basicAuth.mathechor = config.m-0.mathechor-de.password;
locations = {
"/" = {
root = "${page}/intern";
index = "index.html";
};
"/mathechor.ics" = {
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
extraConfig = ''
proxy_ssl_name cloud.mathechor.de;
proxy_ssl_server_name on;
'';
virtualHosts."intern.mathechor.de" = {
forceSSL = true;
enableACME = true;
basicAuth.mathechor = config.m-0.mathechor-de.password;
locations = {
"/" = {
root = "${page}/intern";
index = "index.html";
};
"/mathechor.ics" = {
proxyPass =
"https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
extraConfig = ''
proxy_ssl_name cloud.mathechor.de;
proxy_ssl_server_name on;
'';
};
};
};
};
};
};
};
}

54
system/modules/riot.nix
View file

@ -1,43 +1,37 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.m-0.riot;
in
{
let cfg = config.m-0.riot;
in {
options = {
m-0.riot = {
enable = mkOption {
type = types.bool;
default = false;
};
hostname = mkOption {
type = types.str;
};
config = mkOption {
type = types.attrs;
options = {
m-0.riot = {
enable = mkOption {
type = types.bool;
default = false;
};
hostname = mkOption { type = types.str; };
config = mkOption { type = types.attrs; };
};
};
};
config = mkIf cfg.enable {
services = {
nginx = {
enable = true;
virtualHosts."${cfg.hostname}" = {
enableACME = true;
forceSSL = true;
root = (import <unstable> {}).riot-web;
locations."/config.json" = {
extraConfig = ''
default_type application/json;
return 200 '${builtins.toJSON cfg.config}';
'';
config = mkIf cfg.enable {
services = {
nginx = {
enable = true;
virtualHosts."${cfg.hostname}" = {
enableACME = true;
forceSSL = true;
root = (import <unstable> { }).riot-web;
locations."/config.json" = {
extraConfig = ''
default_type application/json;
return 200 '${builtins.toJSON cfg.config}';
'';
};
};
};
};
};
};
}

31
system/server.nix
View file

@ -1,20 +1,23 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [ ./init_ssh.nix ];
imports = [ ./init_ssh.nix ];
config = {
systemd.services."system-maintenance" = {
startAt = "2:45";
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
path = [ pkgs.git ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance";
config = {
systemd.services."system-maintenance" = {
startAt = "2:45";
environment.NIX_PATH =
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
path = [ pkgs.git ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${
(import ./update-lib.nix
config.system.build.nixos-rebuild).system-maintenance
}/bin/system-maintenance";
};
};
};
};
}

21
system/standalone.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }:
with lib;
{
with lib; {
imports = [ ./admin.nix ];
@ -12,24 +11,20 @@ with lib;
mutableUsers = false;
};
security.sudo.extraConfig = "
Defaults timestamp_type=global, timestamp_timeout=15
";
security.sudo.extraConfig =
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
services = {
sshd.enable = true;
};
services = { sshd.enable = true; };
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
environment = {
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
systemPackages = builtins.attrValues ({
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance;
} // (import ../common/pkgs.nix).system-pkgs);
sessionVariables = {
TERMINFO = "/run/current-system/sw/share/terminfo";
};
inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
update-system system-maintenance;
} // (import ../common/pkgs.nix).system-pkgs);
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
};
programs = {

7
system/test-timer.nix
View file

@ -1,12 +1,13 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
systemd.services."test-and-bump-config" = {
startAt = "20:30";
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/var/cache/gc-links";
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config";
ExecStart = "${
(import ../common/test-lib.nix).test-and-bump-config
}/bin/test-and-bump-config";
};
};
}

25
system/update-lib.nix
View file

@ -1,13 +1,13 @@
nixos-rebuild:
let
pkgs = import <nixpkgs> {};
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays;
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager gcRetentionDays;
configPath = "/etc/nixos";
update-system = writeHaskellScript {
name = "update-system";
bins = [ get-niv-path nixos-rebuild ];
}
''
name = "update-system";
bins = [ get-niv-path nixos-rebuild ];
} ''
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = tag <$> getNivPath name
@ -17,16 +17,15 @@ let
paths <- fmap concat . mapM getNivAssign $ ["nixpkgs", "unstable", "home-manager"]
args <- getArgs
nixos_rebuild (paths ++ ["switch"] ++ args)
'';
system-maintenance = writeHaskellScript
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} ''
'';
system-maintenance = writeHaskellScript {
name = "system-maintenance";
bins = [ pkgs.nix pkgs.git update-system ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_system
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
inherit update-system system-maintenance;
}
in { inherit update-system system-maintenance; }