maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat

Browse source
This commit is contained in:
Malte Brandy 2019-07-31 23:56:52 +02:00
parent c36c483ab3
commit a1bb4277b1
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
79 changed files with 4803 additions and 4713 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cachix/all-hies.nix
View file

@ -1,13 +1,8 @@
{ {
nix = { nix = {
binaryCaches = [ binaryCaches = [ "https://all-hies.cachix.org" ];
"https://all-hies.cachix.org" binaryCachePublicKeys =
]; [ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
binaryCachePublicKeys = [
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
];
trustedUsers = [ "root" "maralorn" ]; trustedUsers = [ "root" "maralorn" ];
}; };
} }

11
cachix/cachix.nix
View file

@ -1,13 +1,8 @@
{ {
nix = { nix = {
binaryCaches = [ binaryCaches = [ "https://cachix.cachix.org" ];
"https://cachix.cachix.org" binaryCachePublicKeys =
]; [ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
];
trustedUsers = [ "root" "maralorn" ]; trustedUsers = [ "root" "maralorn" ];
}; };
} }

11
cachix/nixfmt.nix
View file

@ -1,13 +1,8 @@
{ {
nix = { nix = {
binaryCaches = [ binaryCaches = [ "https://nixfmt.cachix.org" ];
"https://nixfmt.cachix.org" binaryCachePublicKeys =
]; [ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
binaryCachePublicKeys = [
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
];
trustedUsers = [ "root" "maralorn" ]; trustedUsers = [ "root" "maralorn" ];
}; };
} }

123
common/default.nix
View file

@ -4,75 +4,70 @@ with lib;
{ {
imports = [ ./secret ]; imports = [ ./secret ];
config = { config = {
m-0.monitoring = [ { m-0.monitoring = [{
host = "apollo:9100"; host = "apollo:9100";
name = "apollo"; name = "apollo";
} ]; }];
};
options = {
m-0.private = mkOption {
default = {};
type = types.attrs;
}; };
m-0.prefix = mkOption {
default = "2a02:c207:3002:7584"; options = {
type = types.str; m-0.private = mkOption {
}; default = { };
m-0.monitoring = mkOption { type = types.attrs;
type = types.listOf (types.submodule { };
options = { m-0.prefix = mkOption {
name = mkOption { default = "2a02:c207:3002:7584";
type = types.str; type = types.str;
};
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption { type = types.str; };
host = mkOption { type = types.str; };
}; };
host = mkOption { });
type = types.str; default = [ ];
};
m-0.hosts = mkOption {
type = types.attrs;
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
dav = "${hera-p}:5";
blog = "${hera-p}:6";
chor = "${hera-p}:7";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
web = "${hera-p}:a";
mathechor-cloud = "${hera-p}:b";
monitoring = "${hera-p}:c";
apollo = apollo-wg;
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
mathechor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
monitoring-intern-v4 = "${v4-p}.5";
}; };
};
});
default = [];
};
m-0.hosts = mkOption {
type = types.attrs;
default = let
p = config.m-0.prefix;
hera-p = "${p}::3";
apollo-p = "${p}::1";
wg-p = "${p}::100";
v4-p = "10.0.0";
in rec {
hera = "${p}::1";
hera-v4 = "213.136.94.190";
hera-wg = "${wg-p}:1";
apollo-wg = "${wg-p}:2";
hera-intern = "${hera-p}:1";
git = "${hera-p}:2";
borg = "${hera-p}:3";
dav = "${hera-p}:5";
blog = "${hera-p}:6";
chor = "${hera-p}:7";
matrix = "${hera-p}:8";
cloud = "${hera-p}:9";
web = "${hera-p}:a";
mathechor-cloud = "${hera-p}:b";
monitoring = "${hera-p}:c";
apollo = apollo-wg;
hera-intern-v4 = "${v4-p}.1";
cloud-intern-v4 = "${v4-p}.2";
mathechor-cloud-intern-v4 = "${v4-p}.3";
matrix-intern-v4 = "${v4-p}.4";
monitoring-intern-v4 = "${v4-p}.5";
}; };
}; };
};
} }

34
common/lib.nix
View file

@ -1,18 +1,25 @@
rec { rec {
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> { };
unstable = import <unstable> {}; unstable = import <unstable> { };
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
shh = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh (drv: { shh = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh (drv: {
broken = false; broken = false;
doCheck = false; doCheck = false;
}); });
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: { shh-extras =
broken = false; unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
doCheck = false; (drv: {
}); broken = false;
doCheck = false;
});
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]''; haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code: writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } '' , libraries ? [ ], imports ? [ ] }:
code:
unstable.writers.writeHaskellBin name {
libraries = libraries
++ [ shh unstable.haskellPackages.string-interpolate ];
} ''
{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE TemplateHaskell #-} {-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-} {-# LANGUAGE QuasiQuotes #-}
@ -37,9 +44,10 @@ rec {
''; '';
get-niv-path = writeHaskellScript { get-niv-path = writeHaskellScript {
name = "get-niv-path"; name = "get-niv-path";
bins = [pkgs.nix]; bins = [ pkgs.nix ];
imports = ["System.Console.CmdArgs.Implicit"]; imports = [ "System.Console.CmdArgs.Implicit" ];
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ]; libraries =
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
} '' } ''
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim
@ -49,7 +57,7 @@ rec {
let expr = [i|(import #{sources}).#{channel}|] let expr = [i|(import #{sources}).#{channel}|]
nix_build ["-Q", "-E", expr, "--no-out-link"] &> devNull nix_build ["-Q", "-E", expr, "--no-out-link"] &> devNull
nix_instantiate ["--eval", "-E", [i|toString #{expr}|]] |> trimQuotation nix_instantiate ["--eval", "-E", [i|toString #{expr}|]] |> trimQuotation
''; '';
home-manager = pkgs.callPackage <home-manager/home-manager> {}; home-manager = pkgs.callPackage <home-manager/home-manager> { };
gcRetentionDays = 5; gcRetentionDays = 5;
} }

170
common/pkgs.nix
View file

@ -1,72 +1,46 @@
rec { rec {
my-lib = import ../common/lib.nix; my-lib = import ../common/lib.nix;
inherit (my-lib) pkgs unstable sources; inherit (my-lib) pkgs unstable sources;
tasktree = pkgs.callPackage ../packages/tasktree {}; tasktree = pkgs.callPackage ../packages/tasktree { };
neovim = pkgs.neovim.override { neovim = pkgs.neovim.override {
vimAlias = true; vimAlias = true;
withPython3 = true; withPython3 = true;
}; };
home-neovim = (import ../home-manager/nvim) neovim; home-neovim = (import ../home-manager/nvim) neovim;
niv = (import sources.niv {}).niv; niv = (import sources.niv { }).niv;
# pkgs assumed to be present on a non nixos host # pkgs assumed to be present on a non nixos host
core-system-pkgs = { core-system-pkgs = {
inherit neovim; inherit neovim;
inherit (pkgs) inherit (pkgs)
gitFull gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
gnumake liboping psmisc unzip rename whois lsof;
python3
mkpasswd
file
wget
curl
wireguard
gnupg
mutt
bind
liboping
psmisc
unzip
rename
whois
lsof;
}; };
extra-system-pkgs = { extra-system-pkgs = {
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; }; lorri = import sources.lorri {
src = sources.lorri;
pkgs = unstable;
};
inherit niv; inherit niv;
inherit (pkgs.gitAndTools) git-annex; inherit (pkgs.gitAndTools) git-annex;
inherit (pkgs.rxvt_unicode) terminfo; inherit (pkgs.rxvt_unicode) terminfo;
inherit (pkgs.pythonPackages) qrcode; inherit (pkgs.pythonPackages) qrcode;
inherit (pkgs) inherit (pkgs)
git-crypt git-crypt htop tree pwgen borgbackup inotifyTools
htop
tree
pwgen
borgbackup
inotifyTools
direnv direnv
socat socat nmap tcpdump
nmap
tcpdump
tmux tmux tig exa fzf ag fd bat
tig
exa
fzf
ag
fd
bat
ripgrep ripgrep
ranger ranger
pass pass sshuttle;
sshuttle;
}; };
laptop-home-pkgs = { laptop-home-pkgs = {
@ -80,97 +54,75 @@ rec {
sleep 0.1s; sleep 0.1s;
nmcli r wifi on; nmcli r wifi on;
''; '';
cachix = import sources.cachix {}; cachix = import sources.cachix { };
nixfmt = import sources.nixfmt {}; nixfmt = import sources.nixfmt { };
inherit (pkgs.gnome3) nautilus; inherit (pkgs.gnome3) nautilus;
inherit (unstable.haskellPackages) brittany; inherit (unstable.haskellPackages) brittany;
inherit (pkgs.xorg) xev xbacklight; inherit (pkgs.xorg) xev xbacklight;
inherit (pkgs) inherit (pkgs)
# web # web
chromium chromium
# communication # communication
signal-desktop signal-desktop tdesktop acpi dino mumble
tdesktop
acpi
dino
mumble
# config # config
arandr arandr
#dev #dev
meld meld icedtea8_web octave filezilla
icedtea8_web
octave
filezilla
# tools & office # tools & office
feh feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
gimp musescore handbrake evince
imagemagick
ghostscript
libreoffice-fresh
pandoc
xournal
musescore
handbrake
evince
networkmanagerapplet
# teamviewer
networkmanagerapplet # media
# teamviewer ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
# media minetest;
ncpamixer };
pavucontrol
deluge
mpd
gmpc
calibre
mpv
youtubeDL
minetest
;};
my-home-pkgs = { my-home-pkgs = {
print215 = pkgs.writeShellScriptBin "print215" '' print215 = pkgs.writeShellScriptBin "print215" ''
scp "$@" ag-forward: scp "$@" ag-forward:
ssh ag-forward lpr -Zduplex -r "$@" ssh ag-forward lpr -Zduplex -r "$@"
''; '';
print215single = pkgs.writeShellScriptBin "print215single" '' print215single = pkgs.writeShellScriptBin "print215single" ''
scp "$@" ag-forward: scp "$@" ag-forward:
ssh ag-forward lpr -r "$@" ssh ag-forward lpr -r "$@"
''; '';
}; };
urxvt = pkgs.rxvt_unicode-with-plugins; urxvt = pkgs.rxvt_unicode-with-plugins;
terminal = pkgs.writeShellScriptBin "terminal" '' terminal = pkgs.writeShellScriptBin "terminal" ''
${urxvt}/bin/urxvtc "$@" ${urxvt}/bin/urxvtc "$@"
if [ $? -eq 2 ]; then if [ $? -eq 2 ]; then
${urxvt}/bin/urxvtd -q -o -f ${urxvt}/bin/urxvtd -q -o -f
${urxvt}/bin/urxvtc "$@" ${urxvt}/bin/urxvtc "$@"
fi fi
''; '';
desktop-pkgs = { desktop-pkgs = {
inherit urxvt tasktree terminal; inherit urxvt tasktree terminal;
inherit (pkgs) xautolock; inherit (pkgs) xautolock;
inherit (pkgs.gnome3) dconf; inherit (pkgs.gnome3) dconf;
}; };
home-pkgs = { home-pkgs = {
inherit (pkgs) ncmpcpp; inherit (pkgs) ncmpcpp;
inherit (my-lib) shh; inherit (my-lib) shh;
inherit home-neovim; inherit home-neovim;
}; };
accounting-pkgs = { accounting-pkgs = {
jali = pkgs.callPackage ../packages/jali {}; jali = pkgs.callPackage ../packages/jali { };
inherit (pkgs.haskellPackages) hledger hledger-ui; inherit (pkgs.haskellPackages) hledger hledger-ui;
inherit (pkgs) ledger; inherit (pkgs) ledger;
}; };
system-pkgs = core-system-pkgs // extra-system-pkgs // { system-pkgs = core-system-pkgs // extra-system-pkgs // {
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config; inherit (import ./test-lib.nix)
test-system-config test-home-config test-and-bump-config;
inherit (import ../common/lib.nix) home-manager; inherit (import ../common/lib.nix) home-manager;
}; };
foreign-home-pkgs = extra-system-pkgs; foreign-home-pkgs = extra-system-pkgs;
eventd = pkgs.callPackage ../packages/eventd {}; eventd = pkgs.callPackage ../packages/eventd { };
} }

BIN
common/secret/default.nix
View file

Binary file not shown.

92
common/test-lib.nix
View file

@ -1,8 +1,8 @@
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList; inherit (import ../common/lib.nix)
haskellBody = commandline: writeHaskellScript get-niv-path home-manager unstable niv haskellList;
'' haskellBody = commandline: ''
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String) getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
getNivAssign dir name = fmap process . getNivPath dir $ name getNivAssign dir name = fmap process . getNivPath dir $ name
@ -12,57 +12,65 @@ let
(configDir:hostname:args) <- getArgs (configDir:hostname:args) <- getArgs
paths <- concat <$> mapM (getNivAssign configDir) ["nixpkgs", "unstable", "home-manager"] paths <- concat <$> mapM (getNivAssign configDir) ["nixpkgs", "unstable", "home-manager"]
${commandline} ${commandline}
''; '';
bins = [ get-niv-path pkgs.nix ]; bins = [ get-niv-path pkgs.nix ];
test-system-config = writeHaskellScript { test-system-config = writeHaskellScript {
name = "test-system-config"; name = "test-system-config";
inherit bins; inherit bins;
} (haskellBody } (haskellBody ''
'' nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args '');
'');
test-home-config = writeHaskellScript { test-home-config = writeHaskellScript {
name = "test-home-config"; name = "test-home-config";
inherit bins; inherit bins;
} (haskellBody } (haskellBody ''
'' nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args '');
'');
repoSrc = "git@hera.m-0.eu:nixos-config"; repoSrc = "git@hera.m-0.eu:nixos-config";
configPath = "/etc/nixos"; configPath = "/etc/nixos";
systems = ["apollo" "hera"]; systems = [ "apollo" "hera" ];
homes = ["apollo" "hera" "hephaistos"]; homes = [ "apollo" "hera" "hephaistos" ];
keys = ["default" "apollo" "hera"]; keys = [ "default" "apollo" "hera" ];
test-and-bump-config = writeHaskellScript { test-and-bump-config = writeHaskellScript {
name = "test-and-bump-config"; name = "test-and-bump-config";
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ]; bins = [
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"]; test-system-config
test-home-config
pkgs.git
pkgs.coreutils
niv
pkgs.git-crypt
];
imports = [
"Control.Exception (bracket)"
"System.Directory (withCurrentDirectory)"
"Control.Monad (when)"
];
} '' } ''
checkout :: IO FilePath checkout :: IO FilePath
checkout = do checkout = do
dir <- LBSC.unpack <$> (readTrim $ mktemp "-d") dir <- LBSC.unpack <$> (readTrim $ mktemp "-d")
git "clone" "${repoSrc}" dir git "clone" "${repoSrc}" dir
return dir return dir
main = do main = do
path <- readTrim pwd path <- readTrim pwd
bracket checkout (rm "-rf") $ \dir -> do bracket checkout (rm "-rf") $ \dir -> do
withCurrentDirectory dir $ do withCurrentDirectory dir $ do
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys} mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
ignoreFailure $ niv "update" haskellList keys
mapM_ (test_system_config dir) ${haskellList systems} }
mapM_ (test_home_config dir) ${haskellList homes} ignoreFailure $ niv "update"
changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain" mapM_ (test_system_config dir) ${haskellList systems}
when changed $ do mapM_ (test_home_config dir) ${haskellList homes}
git "-C" dir "config" "user.email" "maralorn@maralorn.de" changed <- ((mempty /=) <$>) . readTrim $ git "-C" dir "status" "--porcelain"
git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)" when changed $ do
git "-C" dir "commit" "-am" "Update dependencies with niv" git "-C" dir "config" "user.email" "maralorn@maralorn.de"
git "-C" dir "push" git "-C" dir "config" "user.name" "maralorn (nix-auto-updater)"
''; git "-C" dir "commit" "-am" "Update dependencies with niv"
in git "-C" dir "push"
{ '';
inherit test-system-config test-home-config test-and-bump-config; in { inherit test-system-config test-home-config test-and-bump-config; }
}

42
home-manager/battery.nix
View file

@ -2,37 +2,31 @@
let let
inherit (import ../common/pkgs.nix) eventd; inherit (import ../common/pkgs.nix) eventd;
battery-watch = pkgs.writeScript "battery-watch" '' battery-watch = pkgs.writeScript "battery-watch" ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
critical_level=20 #percent critical_level=20 #percent
while true while true
do do
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'` battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
if [ $battery_level -le $critical_level ]; then if [ $battery_level -le $critical_level ]; then
${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'" ${eventd}/bin/eventc critical battery -d "title='Battery level is low!'" -d "message='Only $battery_level% of the charge remains.'"
else else
${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'" ${eventd}/bin/eventc notification battery -d "title='Battery is discharging!'" -d "message='Only $battery_level% of the charge remains.'"
sleep 18m sleep 18m
fi
fi fi
fi sleep 2m
sleep 2m done
done '';
'';
in { in {
systemd.user = { systemd.user = {
services.battery = { services.battery = {
Unit = { Unit = { Description = "Watch battery state and warn user"; };
Description = "Watch battery state and warn user"; Service = { ExecStart = toString battery-watch; };
}; Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart=toString battery-watch;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
}; };
}; };

270
home-manager/default.nix
View file

@ -1,131 +1,167 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let inherit (config.m-0.private) me meWork;
inherit (config.m-0.private) me meWork;
in { in {
imports = [ imports = [
./zsh ./zsh
./update-script.nix ./update-script.nix
./modules/taskwarrior.nix ./modules/taskwarrior.nix
./modules/force-copies.nix ./modules/force-copies.nix
./modules/accounting ./modules/accounting
./modules/rustdev.nix ./modules/rustdev.nix
./modules/latex.nix ./modules/latex.nix
./modules/mail.nix ./modules/mail.nix
./modules/home-options.nix ./modules/home-options.nix
./modules/unlock.nix ./modules/unlock.nix
./modules/weechat ./modules/weechat
./modules/bugwarrior.nix ./modules/bugwarrior.nix
./modules/pythia.nix ./modules/pythia.nix
../common ../common
]; ];
programs = {
programs = { home-manager.enable = true;
home-manager.enable = true; direnv = {
direnv = { enable = true;
enable = true; enableZshIntegration = true;
enableZshIntegration = true;
};
tmux = {
enable = true;
extraConfig = ''
set default-terminal "screen-256color"
set -g set-titles on
set -g status off
set -g escape-time 1
'';
};
git = {
aliases = {
sync = "!git pull -r && git push";
}; };
enable = true; tmux = {
ignores = [ enable = true;
".syncthing*.tmp" extraConfig = ''
"*.swp" set default-terminal "screen-256color"
"*.autosave~" set -g set-titles on
"*.aux" set -g status off
"*.bbl" set -g escape-time 1
"*.fls" '';
"*.idx" };
"*.ilg" git = {
"*.ind" aliases = { sync = "!git pull -r && git push"; };
"*.log" enable = true;
"*.out" ignores = [
"*.toc" ".syncthing*.tmp"
"*.bcf" "*.swp"
"*.blg" "*.autosave~"
"*.fdb*" "*.aux"
"*.thm" "*.bbl"
"*.run.xml" "*.fls"
"*.slnc" "*.idx"
"*.glade~" "*.ilg"
"__pycache__" "*.ind"
".hledger-web_client_session_key.aes" "*.log"
".nix-gc-roots" "*.out"
]; "*.toc"
userEmail = me.mail; "*.bcf"
userName = me.name; "*.blg"
}; "*.fdb*"
htop = { "*.thm"
enable = true; "*.run.xml"
hideThreads = true; "*.slnc"
hideUserlandThreads = true; "*.glade~"
highlightBaseName = true; "__pycache__"
shadowOtherUsers = true; ".hledger-web_client_session_key.aes"
showProgramPath = false; ".nix-gc-roots"
treeView = true;
};
ssh = {
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks = let
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{ host = "charon"; hostname = "charon.olymp.space"; }
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
{ host = "ag"; hostname = agHost; user = meWork.user; }
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
{ host = "*.darmstadt.ccc.de"; user = me.user; }
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
]; ];
userEmail = me.mail;
userName = me.name;
};
htop = {
enable = true;
hideThreads = true;
hideUserlandThreads = true;
highlightBaseName = true;
shadowOtherUsers = true;
showProgramPath = false;
treeView = true;
};
ssh = {
controlMaster = "auto";
controlPersist = "120";
enable = true;
matchBlocks = let
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{
host = "charon";
hostname = "charon.olymp.space";
}
{
host = "hera";
hostname = "hera.m-0.eu";
forwardAgent = true;
}
{
host = "ag-forward";
hostname = agHost;
proxyCommand = matheGwProxy;
user = meWork.user;
}
{
host = "ag";
hostname = agHost;
user = meWork.user;
}
{
host = "gw";
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = meWork.user;
}
{
host = "shells";
hostname = "shells.darmstadt.ccc.de";
}
{
host = "vorstand";
hostname = "vorstand.darmstadt.ccc.de";
}
{
host = "*.darmstadt.ccc.de";
user = me.user;
}
{
host = "whisky";
hostname = "whisky.w17.io";
user = "chaos";
}
{
host = "kitchen";
hostname = "kitchen.w17.io";
user = "chaos";
}
{
host = "door.w17.io";
identityFile = "~/.ssh/door_rsa";
}
];
};
}; };
};
home = { home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs; packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
sessionVariables = { sessionVariables = {
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH"; PATH =
BROWSER = "${pkgs.firefox}/bin/firefox"; "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
EDITOR = "${pkgs.neovim}/bin/nvim"; BROWSER = "${pkgs.firefox}/bin/firefox";
TERMINAL = config.m-0.terminal; EDITOR = "${pkgs.neovim}/bin/nvim";
EMAIL = me.mail; TERMINAL = config.m-0.terminal;
SUDO_ASKPASS = let EMAIL = me.mail;
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}"; SUDO_ASKPASS = let
in print-pw = pkgs.writeShellScriptBin "print-pw"
"${print-pw}/bin/print-pw"; "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in "${print-pw}/bin/print-pw";
};
}; };
}; fonts.fontconfig.enableProfileFonts = true;
fonts.fontconfig.enableProfileFonts = true;
systemd.user.startServices = true; systemd.user.startServices = true;
services = { services = {
gpg-agent = { gpg-agent = {
enable = true; enable = true;
defaultCacheTtl = 31536000; # 1year defaultCacheTtl = 31536000; # 1year
maxCacheTtl = 31536000; #1year maxCacheTtl = 31536000; # 1year
};
}; };
};
xdg.enable = true;
xdg.enable = true;
} }

20
home-manager/desktop/default.nix
View file

@ -1,16 +1,9 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let inherit (import ../../common/pkgs.nix) desktop-pkgs;
inherit (import ../../common/pkgs.nix) desktop-pkgs; in {
in
{
imports = [ imports =
./i3.nix [ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
./rofi.nix
./ssh-agent.nix
./eventd.nix
./sleep-nag.nix
];
m-0 = { m-0 = {
workspaces = [ workspaces = [
"tasks" "tasks"
@ -81,7 +74,7 @@ imports = [
color6 = config.m-0.colors.cyan; color6 = config.m-0.colors.cyan;
color7 = config.m-0.colors.white; color7 = config.m-0.colors.white;
color8 = config.m-0.colors.brightBlack; color8 = config.m-0.colors.brightBlack;
color9= config.m-0.colors.brightRed; color9 = config.m-0.colors.brightRed;
color10 = config.m-0.colors.brightGreen; color10 = config.m-0.colors.brightGreen;
color11 = config.m-0.colors.brightYellow; color11 = config.m-0.colors.brightYellow;
color12 = config.m-0.colors.brightBlue; color12 = config.m-0.colors.brightBlue;
@ -116,7 +109,8 @@ imports = [
}; };
screen-locker = { screen-locker = {
enable = true; enable = true;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png"; lockCmd =
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
}; };
}; };
xsession.enable = true; xsession.enable = true;

100
home-manager/desktop/eventd.nix
View file

@ -13,22 +13,18 @@ in {
After = [ "graphical-session-pre.target" ]; After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ]; PartOf = [ "graphical-session.target" ];
}; };
Install = { Install = { WantedBy = [ "default.target" ]; };
WantedBy = [ "default.target" ];
};
Service = { Service = {
Type="notify"; Type = "notify";
Sockets="eventd-control.socket eventd.socket"; Sockets = "eventd-control.socket eventd.socket";
ExecStart="${eventd}/bin/eventd --listen systemd"; ExecStart = "${eventd}/bin/eventd --listen systemd";
ExecReload="${eventd}/bin/eventdctl reload"; ExecReload = "${eventd}/bin/eventdctl reload";
}; };
}; };
}; };
sockets = { sockets = {
eventd-control = { eventd-control = {
Unit = { Unit = { Description = "eventd control socket"; };
Description = "eventd control socket";
};
Socket = { Socket = {
Service = "eventd.service"; Service = "eventd.service";
SocketMode = "0600"; SocketMode = "0600";
@ -36,19 +32,17 @@ in {
}; };
}; };
eventd = { eventd = {
Unit = { Unit = { Description = "eventd sockets"; };
Description = "eventd sockets";
};
Socket = { Socket = {
SocketMode = "0660"; SocketMode = "0660";
ListenStream= "%t/eventd/evp"; ListenStream = "%t/eventd/evp";
}; };
}; };
}; };
}; };
xdg = { xdg = {
configFile = { configFile = {
"eventd/eventd.conf".text = lib.generators.toINI {} { "eventd/eventd.conf".text = lib.generators.toINI { } {
"Queue default" = { "Queue default" = {
Margin = 10; Margin = 10;
Spacing = 2; Spacing = 2;
@ -72,9 +66,7 @@ in {
Spacing = 1; Spacing = 1;
Limit = 20; Limit = 20;
}; };
Notification = { Notification = { Text = "\${message}"; };
Text = "\${message}";
};
NotificationBubble = { NotificationBubble = {
Padding = 10; Padding = 10;
Radius = 0; Radius = 0;
@ -88,77 +80,49 @@ in {
Colour = colors.foreground; Colour = colors.foreground;
}; };
}; };
"eventd/notification.event".text = lib.generators.toINI {} { "eventd/notification.event".text = lib.generators.toINI { } {
"Event notification *" = { "Event notification *" = { Actions = "notification"; };
Actions = "notification"; "Event notification kassandra" = { Actions = "kassandra"; };
}; "Event command success" = { Actions = "command-success"; };
"Event notification kassandra" = { "Event command failure" = { Actions = "command-failure"; };
Actions = "kassandra"; "Event critical *" = { Actions = "critical"; };
};
"Event command success" = {
Actions = "command-success";
};
"Event command failure" = {
Actions = "command-failure";
};
"Event critical *" = {
Actions = "critical";
};
}; };
"eventd/command-success.action".text = lib.generators.toINI {} { "eventd/command-success.action".text = lib.generators.toINI { } {
Action = { Action = { Name = "command-success"; };
Name = "command-success";
};
Notification = { Notification = {
Text="<b>\${command}</b>\\nsucceeded after \${time} @ \${host}"; Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
}; };
NotificationBubble = { NotificationBubble = {
Colour = colors.black; Colour = colors.black;
Queue = "command"; Queue = "command";
}; };
}; };
"eventd/command-failure.action".text = lib.generators.toINI {} { "eventd/command-failure.action".text = lib.generators.toINI { } {
Action = { Action = { Name = "command-failure"; };
Name = "command-failure";
};
Notification = { Notification = {
Text="<b>\${command}</b>\\nfailed after \${time} @ \${host}"; Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
}; };
NotificationBubble = { NotificationBubble = {
Queue = "critical"; Queue = "critical";
Colour = colors.red; Colour = colors.red;
}; };
}; };
"eventd/critical.action".text = lib.generators.toINI {} { "eventd/critical.action".text = lib.generators.toINI { } {
Action = { Action = { Name = "critical"; };
Name = "critical"; Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
NotificationBubble = { NotificationBubble = {
Queue = "critical"; Queue = "critical";
Colour = colors.red; Colour = colors.red;
}; };
}; };
"eventd/kassandra.action".text = lib.generators.toINI {} { "eventd/kassandra.action".text = lib.generators.toINI { } {
Action = { Action = { Name = "kassandra"; };
Name = "kassandra"; Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
}; NotificationBubble = { Queue = "critical"; };
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
NotificationBubble = {
Queue = "critical";
};
}; };
"eventd/notification.action".text = lib.generators.toINI {} { "eventd/notification.action".text = lib.generators.toINI { } {
Action = { Action = { Name = "notification"; };
Name = "notification"; Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
}; };
}; };
}; };

178
home-manager/desktop/i3.nix
View file

@ -4,33 +4,33 @@ let
inherit (config.m-0) colors workspaces terminal; inherit (config.m-0) colors workspaces terminal;
exec = "exec --no-startup-id"; exec = "exec --no-startup-id";
conkyCommon = '' conkyCommon = ''
background = true, background = true,
border_width = 0, border_width = 0,
cpu_avg_samples = 2, cpu_avg_samples = 2,
draw_borders = false, draw_borders = false,
draw_graph_borders = true, draw_graph_borders = true,
draw_outline = false, draw_outline = false,
draw_shades = false, draw_shades = false,
double_buffer = true, double_buffer = true,
use_xft = true, use_xft = true,
font = 'Roboto Mono Nerd Font:size=8', font = 'Roboto Mono Nerd Font:size=8',
gap_x = 0, gap_x = 0,
gap_y = 0, gap_y = 0,
minimum_width = 316, minimum_width = 316,
maximum_width = 316, maximum_width = 316,
net_avg_samples = 2, net_avg_samples = 2,
no_buffers = true, no_buffers = true,
out_to_console = false, out_to_console = false,
out_to_stderr = false, out_to_stderr = false,
extra_newline = false, extra_newline = false,
own_window = true, own_window = true,
own_window_class = 'Conky', own_window_class = 'Conky',
own_window_type = 'override', own_window_type = 'override',
own_window_colour = "${config.m-0.colors.background}", own_window_colour = "${config.m-0.colors.background}",
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky', own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
stippled_borders = 0, stippled_borders = 0,
update_interval = 1.0, update_interval = 1.0,
''; '';
conkyOrgaConfig = pkgs.writeText "conky.conf" '' conkyOrgaConfig = pkgs.writeText "conky.conf" ''
conky.config = { conky.config = {
alignment = 'top_right', alignment = 'top_right',
@ -47,7 +47,7 @@ let
$hr $hr
''${execi 5 cat ~/tmp/today.md} ''${execi 5 cat ~/tmp/today.md}
]] ]]
''; '';
conkyMPDConfig = pkgs.writeText "conky.conf" '' conkyMPDConfig = pkgs.writeText "conky.conf" ''
conky.config = { conky.config = {
alignment = 'bottom_right', alignment = 'bottom_right',
@ -63,22 +63,21 @@ let
$mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar $mpd_elapsed/$mpd_length ($mpd_percent%) $mpd_bar
]] ]]
''; '';
addMods = oldbindings: builtins.foldl' (newbindings: key: addMods = oldbindings:
builtins.foldl' (newbindings: key:
newbindings // { newbindings // {
"Mod4+${key}" = oldbindings.${key}; "Mod4+${key}" = oldbindings.${key};
"Mod3+Mod4+${key}" = oldbindings.${key}; "Mod3+Mod4+${key}" = oldbindings.${key};
}) }) { } (builtins.attrNames oldbindings);
{}
(builtins.attrNames oldbindings);
in { in {
xsession = { xsession = {
windowManager.i3 = { windowManager.i3 = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
gaps right 320 gaps right 320
''; '';
package = pkgs.i3-gaps.overrideAttrs (oldattrs: rec { package = pkgs.i3-gaps.overrideAttrs (oldattrs: rec {
name = "i3-gaps-next"; name = "i3-gaps-next";
version = "41264e54b7a3039ce46919851ac73e22ae29d207"; version = "41264e54b7a3039ce46919851ac73e22ae29d207";
@ -87,13 +86,19 @@ in {
sha256 = "10d80p8bsldx4pld76y8my1zyww03shkcg3fndsxkrkwhfpk0lbh"; sha256 = "10d80p8bsldx4pld76y8my1zyww03shkcg3fndsxkrkwhfpk0lbh";
}; };
postUnpack = '' postUnpack = ''
echo -n "4.16.1" > ./i3-${version}/I3_VERSION echo -n "4.16.1" > ./i3-${version}/I3_VERSION
''; '';
}); });
config = { config = {
startup = [ startup = [
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; } {
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; } command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
notification = false;
}
{
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
notification = false;
}
]; ];
focus = { focus = {
followMouse = false; followMouse = false;
@ -130,8 +135,7 @@ in {
text = colors.foreground; text = colors.foreground;
}; };
}; };
bars = [ bars = [{
{
mode = "hide"; mode = "hide";
colors = { colors = {
separator = colors.white; separator = colors.white;
@ -157,54 +161,60 @@ in {
text = colors.white; text = colors.white;
}; };
}; };
} ]; }];
window = { window = {
titlebar = false; titlebar = false;
border = 1; border = 1;
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ]; commands = [{
command = "floating disable";
criteria = { class = "Firefox"; };
}];
}; };
keybindings = { keybindings = {
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle"; "XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%"; "XF86AudioLowerVolume" =
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%"; "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle"; "XF86AudioRaiseVolume" =
"XF86MonBrightnessUp" = "exec xbacklight +5"; "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86MonBrightnessDown" = "exec xbacklight -5"; "XF86AudioMicMute" =
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr"; "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"Ctrl+Escape" = "${exec} loginctl lock-session;"; "XF86MonBrightnessUp" = "exec xbacklight +5";
} // "XF86MonBrightnessDown" = "exec xbacklight -5";
addMods ({ "XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
"Left" = "focus left"; "Ctrl+Escape" = "${exec} loginctl lock-session;";
"Down" = "focus down"; } // addMods ({
"Up" = "focus up"; "Left" = "focus left";
"Right" = "focus right"; "Down" = "focus down";
"Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd"; "Up" = "focus up";
"Prior" = "focus parent"; "Right" = "focus right";
"Next" = "focus child"; "Tab" = "${exec} ${pkgs.skippy-xd}/bin/skippy-xd";
"Return" = "${exec} ${terminal}"; "Prior" = "focus parent";
"p" = "${exec} rofi-pass"; "Next" = "focus child";
"shift+Left" = "move left"; "Return" = "${exec} ${terminal}";
"shift+Down" = "move down"; "p" = "${exec} rofi-pass";
"shift+Up" = "move up"; "shift+Left" = "move left";
"shift+Right" = "move right"; "shift+Down" = "move down";
"d" = "split h"; "shift+Up" = "move up";
"f" = "fullscreen toggle"; "shift+Right" = "move right";
"t" = "layout tabbed"; "d" = "split h";
"s" = "layout toggle split"; "f" = "fullscreen toggle";
"q" = "kill"; "t" = "layout tabbed";
"m" = "move workspace to output up"; "s" = "layout toggle split";
"n" = "move workspace to output right"; "q" = "kill";
"shift+space" = "floating toggle"; "m" = "move workspace to output up";
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'"; "n" = "move workspace to output right";
"space" = "${exec} hotkeys"; "shift+space" = "floating toggle";
} // builtins.foldl' (bindings: name: let "shift+q" =
number = toString ((builtins.length (builtins.attrNames bindings)) / 2); "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
in "space" = "${exec} hotkeys";
bindings // { } // builtins.foldl' (bindings: name:
"${number}" = "workspace ${number}:${name}"; let
"Shift+${number}" = "move container to workspace ${number}:${name}"; number =
}) {} workspaces toString ((builtins.length (builtins.attrNames bindings)) / 2);
); in bindings // {
"${number}" = "workspace ${number}:${name}";
"Shift+${number}" = "move container to workspace ${number}:${name}";
}) { } workspaces);
}; };
}; };
}; };

71
home-manager/desktop/rofi.nix
View file

@ -1,21 +1,16 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with lib; with lib;
let let inherit (config.m-0) colors workspaces terminal;
inherit (config.m-0) colors workspaces terminal;
in { in {
home = { home = { packages = with pkgs; [ rofi-pass ]; };
packages = with pkgs; [
rofi-pass
];
};
programs = { programs = {
rofi = { rofi = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
rofi.modi: combi,window,drun,run,ssh,keys rofi.modi: combi,window,drun,run,ssh,keys
rofi.combi-modi: window,drun,run rofi.combi-modi: window,drun,run
''; '';
borderWidth = 0; borderWidth = 0;
separator = "none"; separator = "none";
fullscreen = false; fullscreen = false;
@ -29,38 +24,38 @@ in {
font = "Monofur Nerd Font 10.5"; font = "Monofur Nerd Font 10.5";
colors = { colors = {
window = { window = {
background = "argb:c0${builtins.substring 1 6 colors.background}"; background = "argb:c0${builtins.substring 1 6 colors.background}";
border = colors.blue; border = colors.blue;
separator = colors.blue; separator = colors.blue;
}; };
rows = { rows = {
normal = { normal = {
background = colors.background; background = colors.background;
foreground = colors.foreground; foreground = colors.foreground;
backgroundAlt = colors.black; backgroundAlt = colors.black;
highlight = { highlight = {
background = colors.blue; background = colors.blue;
foreground = colors.white; foreground = colors.white;
}; };
}; };
active = { active = {
background = colors.background; background = colors.background;
foreground = colors.foreground; foreground = colors.foreground;
backgroundAlt = colors.black; backgroundAlt = colors.black;
highlight = { highlight = {
background = colors.blue; background = colors.blue;
foreground = colors.white; foreground = colors.white;
}; };
}; };
urgent = { urgent = {
background = colors.background; background = colors.background;
foreground = colors.foreground; foreground = colors.foreground;
backgroundAlt = colors.black; backgroundAlt = colors.black;
highlight = { highlight = {
background = colors.blue; background = colors.blue;
foreground = colors.white; foreground = colors.white;
}; };
}; };
}; };
}; };
}; };

30
home-manager/desktop/sleep-nag.nix
View file

@ -2,29 +2,23 @@
let let
inherit (import ../../common/pkgs.nix) eventd; inherit (import ../../common/pkgs.nix) eventd;
sleep-nag = pkgs.writeScript "sleep-nag" '' sleep-nag = pkgs.writeScript "sleep-nag" ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
while true while true
do do
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'" ${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
fi fi
sleep 10m sleep 10m
done done
''; '';
in { in {
systemd.user = { systemd.user = {
services.sleep-nag = { services.sleep-nag = {
Unit = { Unit = { Description = "Sleep nag"; };
Description = "Sleep nag"; Service = { ExecStart = toString sleep-nag; };
}; Install = { WantedBy = [ "graphical-session.target" ]; };
Service = {
ExecStart=toString sleep-nag;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
}; };
}; };

6
home-manager/desktop/ssh-agent.nix
View file

@ -1,5 +1,4 @@
{ pkgs , config , lib, ... }: { pkgs, config, lib, ... }: {
{
xsession.initExtra = let xsession.initExtra = let
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" '' cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
@ -12,7 +11,6 @@
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID" systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
''; '';
in in ". ${start-agent}/bin/start-ssh-agent";
". ${start-agent}/bin/start-ssh-agent";
} }

32
home-manager/lib.nix
View file

@ -1,25 +1,21 @@
let let
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path; inherit (import ../common/lib.nix)
in home-manager writeHaskellScript get-niv-path;
{ in {
update-home = configPath: writeHaskellScript update-home = configPath:
{ writeHaskellScript {
name = "update-home"; name = "update-home";
bins = [ bins = [ get-niv-path home-manager ];
get-niv-path } ''
home-manager
];
}
''
getNivPath = get_niv_path "${configPath}/nix/sources.nix" getNivPath = get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = (tag <$>) . readTrim . getNivPath $ name getNivAssign name = (tag <$>) . readTrim . getNivPath $ name
where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]] where tag str = ["-I", [i|#{name}=#{str :: LBS.ByteString}|]]
main = do main = do
args <- getArgs args <- getArgs
paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"] paths <- concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
home_manager $ paths ++ ["switch"] ++ args home_manager $ paths ++ ["switch"] ++ args
''; '';
} }

20
home-manager/modules/accounting/default.nix
View file

@ -1,15 +1,13 @@
{ lib, pkgs, config, ...}: { lib, pkgs, config, ... }:
with lib; with lib; {
{
options.m-0.accounting.enable = mkEnableOption "Accounting"; options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption { options.m-0.accounting.config = mkOption { type = types.str; };
type = types.str;
};
config = mkIf config.m-0.accounting.enable { config = mkIf config.m-0.accounting.enable {
home.file.".config/jali/config.py".text = config.m-0.accounting.config; home.file.".config/jali/config.py".text = config.m-0.accounting.config;
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs; home.packages =
}; builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
} }

97
home-manager/modules/bugwarrior.nix
View file

@ -1,61 +1,56 @@
{ config, lib, pkgs , ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let inherit (config.m-0.private) me gitlab github otrs;
inherit (config.m-0.private) me gitlab github otrs;
in { in {
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers"; options.m-0.bugwarrior.enable =
config = mkIf config.m-0.bugwarrior.enable { mkEnableOption "Sync tasks from issuetrackers";
home.file.".config/bugwarrior/bugwarriorrc".text = '' config = mkIf config.m-0.bugwarrior.enable {
[general] home.file.".config/bugwarrior/bugwarriorrc".text = ''
targets=cda_gitlab,github [general]
static_fields = priority, project targets=cda_gitlab,github
static_fields = priority, project
[cda_gitlab] [cda_gitlab]
service=gitlab service=gitlab
gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap gitlab.password=@oracle:eval:pass de/darmstadt/ccc/ldap
gitlab.login=${me.user} gitlab.login=${me.user}
gitlab.host=${gitlab.host} gitlab.host=${gitlab.host}
gitlab.token=${gitlab.token} gitlab.token=${gitlab.token}
gitlab.only_if_assigned=${me.user} gitlab.only_if_assigned=${me.user}
gitlab.also_unassigned=True gitlab.also_unassigned=True
gitlab.default_priority= L gitlab.default_priority= L
gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku gitlab.include_repos=cda/tasks, cda/chaos-darmstadt.de, cda/doku
gitlab.include_regex=(vorstand|jali|${me.user})/.*, gitlab.include_regex=(vorstand|jali|${me.user})/.*,
gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}} gitlab.description_template = {{gitlabnamespace}}/{{gitlabrepo}} {{gitlabtype[:1]}}#{{gitlabnumber}}: {{gitlabtitle}}
gitlab.project_template = gitlab.project_template =
[github] [github]
service=github service=github
github.login = ${me.user} github.login = ${me.user}
github.username = ${me.user} github.username = ${me.user}
github.token = ${github.token} github.token = ${github.token}
github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}} github.description_template = {{githubrepo}} {{githubtype[:1]}}#{{githubnumber}}: {{githubtitle}}
github.include_user_issues = False github.include_user_issues = False
github.include_user_repos = False github.include_user_repos = False
github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android github.query = is:open involves:maralorn archived:false -repo:maxtaco/coffee-script -repo:QMatrixClient/libqmatrixclient -repo:QMatrixClient/Quaternion -repo:trollhoehle/pythonlights -repo:MirakelX/mirakel-android
github.default_priority= L github.default_priority= L
github.project_template = github.project_template =
''; '';
systemd.user = { systemd.user = {
services.bugwarrior = { services.bugwarrior = {
Unit = { Unit = { Description = "Run bugwarrior"; };
Description = "Run bugwarrior"; Service = {
Type = "oneshot";
Environment =
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
}; };
Service = { timers.bugwarrior = {
Type = "oneshot"; Timer = { OnCalendar = "hourly"; };
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin''; Install = { WantedBy = [ "timers.target" ]; };
ExecStart= "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
};
timers.bugwarrior = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
}; };
}; };
}; };
};
} }

18
home-manager/modules/force-copies.nix
View file

@ -20,16 +20,16 @@ let
echo "Overwriting $HOME/${path}" echo "Overwriting $HOME/${path}"
cp --remove-destination -T $canonical $HOME/${path}; cp --remove-destination -T $canonical $HOME/${path};
''; '';
in with lib; in with lib; {
{
options.home.forceCopies.paths = mkOption { options.home.forceCopies.paths = mkOption {
default = []; default = [ ];
type = types.listOf types.str; type = types.listOf types.str;
}; };
config.home.activation = { config.home.activation = {
deleteForcedCopies = config.lib.dag.entryBefore ["checkLinkTargets"] deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths)); (builtins.concatStringsSep "\n"
forceCopies = config.lib.dag.entryAfter ["linkGeneration"] (builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
(builtins.concatStringsSep "\n" (builtins.map copyPath paths)); (builtins.concatStringsSep "\n" (builtins.map copyPath paths));
}; };
} }

35
home-manager/modules/home-options.nix
View file

@ -1,25 +1,22 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib; with lib; {
{
options = { options = {
m-0 = { m-0 = {
hostName = mkOption { hostName = mkOption { type = types.str; };
type = types.str; terminal = mkOption {
}; default = "urxvt";
terminal = mkOption { type = types.str;
default = "urxvt"; };
type = types.str; colors = mkOption {
}; default = { };
colors = mkOption { type = types.attrs;
default = {}; };
type = types.attrs; workspaces = mkOption {
}; default = [ "configure some workspaces" ];
workspaces = mkOption { type = types.listOf types.str;
default = [ "configure some workspaces" ]; };
type = types.listOf types.str;
}; };
}; };
};
} }

29
home-manager/modules/latex.nix
View file

@ -1,25 +1,20 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
with lib; with lib; {
{
options.m-0.latex.enable = mkEnableOption "Latex"; options.m-0.latex.enable = mkEnableOption "Latex";
config = mkIf config.m-0.latex.enable { config = mkIf config.m-0.latex.enable {
programs = { programs = {
texlive = { texlive = {
enable = true; enable = true;
extraPackages = tpkgs: {inherit (tpkgs) extraPackages = tpkgs: {
scheme-small inherit (tpkgs)
pdfjam scheme-small pdfjam latexmk collection-latexextra
latexmk collection-bibtexextra collection-luatex collection-mathscience
collection-latexextra collection-fontsextra;
collection-bibtexextra };
collection-luatex
collection-mathscience
collection-fontsextra;
}; };
}; };
}; };
};
} }

278
home-manager/modules/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ...}: { lib, config, pkgs, ... }:
with lib; with lib;
let let
mail = config.m-0.mail; mail = config.m-0.mail;
@ -6,86 +6,80 @@ let
maildir = config.accounts.email.maildirBasePath; maildir = config.accounts.email.maildirBasePath;
in { in {
options.m-0.mail.enable = mkEnableOption "private-mail"; options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption { options.m-0.mail.accounts = mkOption { type = types.attrs; };
type = types.attrs;
};
config = mkIf mail.enable { config = mkIf mail.enable {
services.mbsync = { services.mbsync = {
enable = true; enable = true;
frequency = "*:0/30"; frequency = "*:0/30";
verbose = false; verbose = false;
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new"; postExec =
}; "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
accounts.email.accounts = config.m-0.mail.accounts;
systemd.user.services = let
mkService = name: account: let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
function getStdout(cmd) {
var stdout = child_process.execSync(cmd);
return stdout.toString().trim();
}
exports.host = "${account.imap.host}"
exports.port = 993
exports.tls = true;
exports.tlsOptions = { "rejectUnauthorized": false };
exports.username = "${account.userName}";
exports.password = getStdout("${toString account.passwordCommand}");
exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in
{
Unit = {
Description = "Run imapnotify for imap account ${name}";
};
Service = {
ExecStart= "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = {
WantedBy = [ "default.target" ];
};
}; };
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true; accounts.email.accounts = config.m-0.mail.accounts;
programs.mbsync.enable = true;
programs.notmuch = { systemd.user.services = let
enable = true; mkService = name: account:
hooks.postInsert = '' let
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)" configjs = pkgs.writeText "config.js" ''
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted" var child_process = require('child_process');
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam" function getStdout(cmd) {
''; var stdout = child_process.execSync(cmd);
new = { return stdout.toString().trim();
tags = []; }
ignore = [ ".isyncuidmap.db" ];
}; exports.host = "${account.imap.host}"
maildir.synchronizeFlags = true; exports.port = 993
}; exports.tls = true;
home = { exports.tlsOptions = { "rejectUnauthorized": false };
packages = with pkgs; [ exports.username = "${account.userName}";
neomutt exports.password = getStdout("${toString account.passwordCommand}");
]; exports.onNotify = "${pkgs.isync}/bin/mbsync ${name}"
file = let exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates); exports.boxes = [ "Inbox" ];
'';
in {
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = { WantedBy = [ "default.target" ]; };
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in mapAttrs' mkServiceWithName
(filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
enable = true;
hooks.postInsert = ''
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"
${pkgs.notmuch}/bin/notmuch tag +spam -- "folder:/Junk|Spam|SPAM/ (not tag:spam)"
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
'';
new = {
tags = [ ];
ignore = [ ".isyncuidmap.db" ];
};
maildir.synchronizeFlags = true;
};
home = {
packages = with pkgs; [ neomutt ];
file = let
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " me.alternates);
show-sidebar = pkgs.writeText "show-sidebar" '' show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes set sidebar_visible=yes
bind index <up> sidebar-prev bind index <up> sidebar-prev
@ -95,7 +89,7 @@ programs.notmuch = {
bind index <space> sidebar-open bind index <space> sidebar-open
bind index <return> sidebar-open bind index <return> sidebar-open
bind index <enter> sidebar-open bind index <enter> sidebar-open
''; '';
hide-sidebar = pkgs.writeText "hide-sidebar" '' hide-sidebar = pkgs.writeText "hide-sidebar" ''
set sidebar_visible=no set sidebar_visible=no
bind index <up> previous-undeleted bind index <up> previous-undeleted
@ -105,7 +99,7 @@ programs.notmuch = {
bind index <space> display-message bind index <space> display-message
bind index <return> display-message bind index <return> display-message
bind index <enter> display-message bind index <enter> display-message
''; '';
mailcap = pkgs.writeText "mailcap" '' mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput text/html; ${pkgs.lynx}/bin/lynx -stdin -dump -force_html ; copiousoutput
application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null application/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
@ -113,76 +107,78 @@ programs.notmuch = {
video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null video/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null audio/*; ${pkgs.xdg_utils}/bin/xdg-open %s > /dev/null
''; '';
in { in {
".neomuttrc".text = '' ".neomuttrc".text = ''
alternative_order text/plain text/html alternative_order text/plain text/html
auto_view text/* auto_view text/*
auto_view message/* auto_view message/*
unset wait_key unset wait_key
set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?" set query_format="%4c %t %-70.70a %-70.70n %?e?(%e)?"
set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'" set query_command = "${pkgs.notmuch}/bin/notmuch address --output=recipients --deduplicate=address '%s' | grep -i '%s'"
bind editor <Tab> complete-query bind editor <Tab> complete-query
bind editor ^T complete bind editor ^T complete
set crypt_use_gpgme = yes set crypt_use_gpgme = yes
set pgp_use_gpg_agent = yes set pgp_use_gpg_agent = yes
set pgp_auto_decode = yes set pgp_auto_decode = yes
set pgp_autosign = yes set pgp_autosign = yes
set pgp_replysign = yes set pgp_replysign = yes
set pgp_replyencrypt = yes set pgp_replyencrypt = yes
set crypt_replysignencrypted = yes set crypt_replysignencrypted = yes
set crypt_verify_sig = yes set crypt_verify_sig = yes
set pgp_sign_as="${me.gpg}" set pgp_sign_as="${me.gpg}"
set pgp_use_gpg_agent = yes set pgp_use_gpg_agent = yes
set pgp_default_key="${me.gpg}" set pgp_default_key="${me.gpg}"
set timeout = 5 set timeout = 5
alternates ${mutt_alternates} alternates ${mutt_alternates}
set folder="${maildir}" set folder="${maildir}"
mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '` mailboxes `find ${maildir} -type d -name Inbox -printf '"%h" '` `find ${maildir} -type d -name cur -printf '"%h" '`
set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from" set sendmail="${pkgs.msmtp}/bin/msmtp --read-envelope-from"
set sort=threads set sort=threads
set sort_aux=date-sent set sort_aux=date-sent
set realname="${me.name}" set realname="${me.name}"
set from=fill-later set from=fill-later
set use_from=yes set use_from=yes
set fast_reply=yes set fast_reply=yes
set mailcap_path=${mailcap}; set mailcap_path=${mailcap};
set include=yes set include=yes
set edit_headers=yes set edit_headers=yes
set mbox_type=Maildir set mbox_type=Maildir
set spoolfile="${maildir}/hera/Inbox" set spoolfile="${maildir}/hera/Inbox"
set record="${maildir}/hera/Archiv/unsortiert" set record="${maildir}/hera/Archiv/unsortiert"
set postponed="${maildir}/hera/Drafts" set postponed="${maildir}/hera/Drafts"
set mail_check_stats=yes set mail_check_stats=yes
bind index / vfolder-from-query bind index / vfolder-from-query
set header_cache = "~/.cache/neomutt" set header_cache = "~/.cache/neomutt"
set date_format="!%y-%m-%d %H:%M" set date_format="!%y-%m-%d %H:%M"
set mime_forward=yes set mime_forward=yes
set mime_forward_rest=yes set mime_forward_rest=yes
macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>" macro index <F5> "!systemctl --user start mbsync > /dev/null<enter>"
source "${hide-sidebar}" source "${hide-sidebar}"
macro index <right> "<enter-command>source ${hide-sidebar}<enter>" macro index <right> "<enter-command>source ${hide-sidebar}<enter>"
macro index <left> "<enter-command>source ${show-sidebar}<enter>" macro index <left> "<enter-command>source ${show-sidebar}<enter>"
set sidebar_folder_indent=yes set sidebar_folder_indent=yes
set sidebar_short_path=yes set sidebar_short_path=yes
set sidebar_width=40 set sidebar_width=40
set sidebar_sort_method="alpha" set sidebar_sort_method="alpha"
set sidebar_indent_string=" " set sidebar_indent_string=" "
color sidebar_indicator black white color sidebar_indicator black white
color sidebar_highlight white blue color sidebar_highlight white blue
set sidebar_format = "%B%* %?N?%N/?%S" set sidebar_format = "%B%* %?N?%N/?%S"
alias f__0 ${me.name} <${me.mail}> alias f__0 ${me.name} <${me.mail}>
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)} ${builtins.concatStringsSep "\n"
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
''; me.alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
'';
};
}; };
}; };
};
} }

212
home-manager/modules/pythia.nix
View file

@ -1,117 +1,113 @@
{ lib, pkgs, config, ...}: { lib, pkgs, config, ... }:
with lib; with lib; {
{
options.m-0.pythia.enable = mkEnableOption "Pythia"; options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let config = mkIf config.m-0.pythia.enable (let
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia"; pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
pythia = pkgs.writeShellScriptBin "pythia" '' pythia = pkgs.writeShellScriptBin "pythia" ''
datei=${pythia-path}/$(date +%Y-%m-%d) datei=${pythia-path}/$(date +%Y-%m-%d)
touch $datei touch $datei
vim $datei vim $datei
grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei grep TODO: $datei | sed 's/TODO: //' | while read -r line; do task add "$line"; done && sed -i 's/TODO: /Notiert: /' $datei
grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei grep WEAK: $datei | sed 's/WEAK: //' >> ${pythia-path}/schwächen && sed -i 's/WEAK: /Schwäche: /' $datei
grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei grep STRONG: $datei | sed 's/STRONG: //' >> ${pythia-path}/stärken && sed -i 's/STRONG: /Stärke: /' $datei
grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei grep RULE: $datei | sed 's/RULE: //' >> ${pythia-path}/richtlinien && sed -i 's/RULE: /Richtlinie: /' $datei
grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei grep INDICATOR: $datei | sed 's/INDICATOR: //' >> ${pythia-path}/warnzeichen && sed -i 's/INDICATOR: /Warnzeichen: /' $datei
'';
printslow = pkgs.writeScriptBin "printslow" ''
#!${pkgs.python3}/bin/python
import fileinput
import sys
import time
for line in fileinput.input():
for letter in line:
print(letter, end="")
sys.stdout.flush()
time.sleep(0.1)
''; '';
fortune = '' printslow = pkgs.writeScriptBin "printslow" ''
${pkgs.fortune}/bin/fortune | ${run-printslow} #!${pkgs.python3}/bin/python
echo
sleep 5s
'';
threefortunes = ''
echo Genieße drei Fortunes: | ${run-printslow}
echo
${fortune}
${fortune}
${fortune}
'';
run-pythia = "${pythia}/bin/pythia";
run-printslow = "${printslow}/bin/printslow";
hold = "echo -n '>'; read a;";
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
meditate = pkgs.writeShellScriptBin "meditate" ''
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
hier spricht Pythia. import fileinput
import sys
import time
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung. for line in fileinput.input():
for letter in line:
Bist Du bereit? print(letter, end="")
EOF sys.stdout.flush()
${hold} time.sleep(0.1)
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
''; '';
fortune = ''
${pkgs.fortune}/bin/fortune | ${run-printslow}
echo
sleep 5s
'';
threefortunes = ''
echo Genieße drei Fortunes: | ${run-printslow}
echo
${fortune}
${fortune}
${fortune}
'';
run-pythia = "${pythia}/bin/pythia";
run-printslow = "${printslow}/bin/printslow";
hold = "echo -n '>'; read a;";
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
meditate = pkgs.writeShellScriptBin "meditate" ''
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
hier spricht Pythia.
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
Bist Du bereit?
EOF
${hold}
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
'';
in { in {
home.packages = with pkgs; [ home.packages = with pkgs; [ pythia meditate ];
pythia });
meditate
];
});
} }

17
home-manager/modules/rustdev.nix
View file

@ -1,15 +1,10 @@
{ lib, pkgs, config, ...}: { lib, pkgs, config, ... }:
with lib; with lib; {
{
options.m-0.rustdev.enable = mkEnableOption "Rust Dev"; options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
config = mkIf config.m-0.rustdev.enable { config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
rustup };
nix-prefetch-scripts
gcc
];
};
} }

328
home-manager/modules/taskwarrior.nix
View file

@ -1,4 +1,4 @@
{ lib, pkgs, config, ...}: { lib, pkgs, config, ... }:
with lib; with lib;
let let
tasksync = pkgs.writeShellScriptBin "tasksync" '' tasksync = pkgs.writeShellScriptBin "tasksync" ''
@ -6,7 +6,9 @@ let
cd ${config.home.homeDirectory}/.task cd ${config.home.homeDirectory}/.task
${pkgs.git}/bin/git add completed.data pending.data > /dev/null ${pkgs.git}/bin/git add completed.data pending.data > /dev/null
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null ${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date." ${pkgs.git}/bin/git pull -X ${
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null ${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
${pkgs.git}/bin/git add completed.data > /dev/null ${pkgs.git}/bin/git add completed.data > /dev/null
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null ${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
@ -14,192 +16,178 @@ let
true true
''; '';
in { in {
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior"; options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled."; options.m-0.taskwarrior.git_active = mkEnableOption
config = mkIf config.m-0.taskwarrior.enable { "This machine will prefer its own state in case of a merge conflict, if enabled.";
systemd.user = { config = mkIf config.m-0.taskwarrior.enable {
services.tasksync = { systemd.user = {
Unit = { services.tasksync = {
Description = "Update tasks"; Unit = { Description = "Update tasks"; };
Service = {
ExecStart = "${tasksync}/bin/tasksync";
Type = "oneshot";
};
}; };
Service = { timers.tasksync = {
ExecStart="${tasksync}/bin/tasksync"; Timer = { OnCalendar = "*:0/1"; };
Type="oneshot"; Install = { WantedBy = [ "timers.target" ]; };
}; };
}; };
timers.tasksync = { home = {
Timer = { packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
OnCalendar = "*:0/1"; file = {
}; ".taskrc".text = ''
Install = { data.location=~/.task
WantedBy = [ "timers.target" ]; default.command=default
}; alias.inbox=+PENDING -TAGGED limit:1
}; alias.inboxall=+PENDING -TAGGED
};
home = {
packages = [ pkgs.taskwarrior tasksync pkgs.tasksh ];
file = {
".taskrc".text = ''
data.location=~/.task
default.command=default
alias.inbox=+PENDING -TAGGED limit:1
alias.inboxall=+PENDING -TAGGED
verbose=blank,header,footnote,label,new-id,affected,edit,special,sync verbose=blank,header,footnote,label,new-id,affected,edit,special,sync
nag= nag=
report.default.columns=id,tags,priority,description,due,start.active,project report.default.columns=id,tags,priority,description,due,start.active,project
report.default.description=List tasks report.default.description=List tasks
report.default.filter=status:pending -BLOCKED report.default.filter=status:pending -BLOCKED
report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt report.default.labels=ID,Tags,,Beschreibung,Bis,Start,Projekt
report.default.sort=modified- report.default.sort=modified-
uda.partof.type=string uda.partof.type=string
uda.partof.label=Parent task uda.partof.label=Parent task
uda.generated.type=string uda.generated.type=string
uda.gen_name.type=string uda.gen_name.type=string
uda.gen_name.label=Generator name uda.gen_name.label=Generator name
uda.gen_id.type=string uda.gen_id.type=string
uda.gen_id.label=Generator id uda.gen_id.label=Generator id
uda.gen_orphan.type=string uda.gen_orphan.type=string
uda.gen_orphan.label=Generated orphan behavior uda.gen_orphan.label=Generated orphan behavior
uda.listposition.type=numeric uda.listposition.type=numeric
# Bugwarrior UDAs # Bugwarrior UDAs
uda.githubtitle.type=string uda.githubtitle.type=string
uda.githubtitle.label=Github Title uda.githubtitle.label=Github Title
uda.githubbody.type=string uda.githubbody.type=string
uda.githubbody.label=Github Body uda.githubbody.label=Github Body
uda.githubcreatedon.type=date uda.githubcreatedon.type=date
uda.githubcreatedon.label=Github Created uda.githubcreatedon.label=Github Created
uda.githubupdatedat.type=date uda.githubupdatedat.type=date
uda.githubupdatedat.label=Github Updated uda.githubupdatedat.label=Github Updated
uda.githubmilestone.type=string uda.githubmilestone.type=string
uda.githubmilestone.label=Github Milestone uda.githubmilestone.label=Github Milestone
uda.githubrepo.type=string uda.githubrepo.type=string
uda.githubrepo.label=Github Repo Slug uda.githubrepo.label=Github Repo Slug
uda.githuburl.type=string uda.githuburl.type=string
uda.githuburl.label=Github URL uda.githuburl.label=Github URL
uda.githubtype.type=string uda.githubtype.type=string
uda.githubtype.label=Github Type uda.githubtype.label=Github Type
uda.githubnumber.type=numeric uda.githubnumber.type=numeric
uda.githubnumber.label=Github Issue/PR # uda.githubnumber.label=Github Issue/PR #
uda.githubuser.type=string uda.githubuser.type=string
uda.githubuser.label=Github User uda.githubuser.label=Github User
uda.gitlabtitle.type=string uda.gitlabtitle.type=string
uda.gitlabtitle.label=Gitlab Title uda.gitlabtitle.label=Gitlab Title
uda.gitlabdescription.type=string uda.gitlabdescription.type=string
uda.gitlabdescription.label=Gitlab Description uda.gitlabdescription.label=Gitlab Description
uda.gitlabcreatedon.type=date uda.gitlabcreatedon.type=date
uda.gitlabcreatedon.label=Gitlab Created uda.gitlabcreatedon.label=Gitlab Created
uda.gitlabupdatedat.type=date uda.gitlabupdatedat.type=date
uda.gitlabupdatedat.label=Gitlab Updated uda.gitlabupdatedat.label=Gitlab Updated
uda.gitlabduedate.type=date uda.gitlabduedate.type=date
uda.gitlabduedate.label=Gitlab Due Date uda.gitlabduedate.label=Gitlab Due Date
uda.gitlabmilestone.type=string uda.gitlabmilestone.type=string
uda.gitlabmilestone.label=Gitlab Milestone uda.gitlabmilestone.label=Gitlab Milestone
uda.gitlaburl.type=string uda.gitlaburl.type=string
uda.gitlaburl.label=Gitlab URL uda.gitlaburl.label=Gitlab URL
uda.gitlabrepo.type=string uda.gitlabrepo.type=string
uda.gitlabrepo.label=Gitlab Repo Slug uda.gitlabrepo.label=Gitlab Repo Slug
uda.gitlabtype.type=string uda.gitlabtype.type=string
uda.gitlabtype.label=Gitlab Type uda.gitlabtype.label=Gitlab Type
uda.gitlabnumber.type=numeric uda.gitlabnumber.type=numeric
uda.gitlabnumber.label=Gitlab Issue/MR # uda.gitlabnumber.label=Gitlab Issue/MR #
uda.gitlabstate.type=string uda.gitlabstate.type=string
uda.gitlabstate.label=Gitlab Issue/MR State uda.gitlabstate.label=Gitlab Issue/MR State
uda.gitlabupvotes.type=numeric uda.gitlabupvotes.type=numeric
uda.gitlabupvotes.label=Gitlab Upvotes uda.gitlabupvotes.label=Gitlab Upvotes
uda.gitlabdownvotes.type=numeric uda.gitlabdownvotes.type=numeric
uda.gitlabdownvotes.label=Gitlab Downvotes uda.gitlabdownvotes.label=Gitlab Downvotes
uda.gitlabwip.type=numeric uda.gitlabwip.type=numeric
uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag uda.gitlabwip.label=Gitlab MR Work-In-Progress Flag
uda.gitlabauthor.type=string uda.gitlabauthor.type=string
uda.gitlabauthor.label=Gitlab Author uda.gitlabauthor.label=Gitlab Author
uda.gitlabassignee.type=string uda.gitlabassignee.type=string
uda.gitlabassignee.label=Gitlab Assignee uda.gitlabassignee.label=Gitlab Assignee
uda.gitlabnamespace.type=string uda.gitlabnamespace.type=string
uda.gitlabnamespace.label=Gitlab Namespace uda.gitlabnamespace.label=Gitlab Namespace
uda.gitlabweight.type=numeric uda.gitlabweight.type=numeric
uda.gitlabweight.label=Gitlab Weight uda.gitlabweight.label=Gitlab Weight
# END Bugwarrior UDAs # END Bugwarrior UDAs
''; '';
taskwarrior-on-add-hook = { taskwarrior-on-add-hook = {
target = ".task/hooks/on-add.eventd-notification"; target = ".task/hooks/on-add.eventd-notification";
text = '' text = ''
#!${pkgs.python3}/bin/python #!${pkgs.python3}/bin/python
import sys import sys
import json import json
import subprocess import subprocess
input_string = sys.stdin.readline() input_string = sys.stdin.readline()
original = json.loads(input_string) original = json.loads(input_string)
command = ['eventc', 'task', 'add'] command = ['eventc', 'task', 'add']
for name, value in original.items(): for name, value in original.items():
command.append("-d")
if type(value) == list:
value = ', '.join(value)
command.append(name+"='"+str(value)+"'")
subprocess.Popen(command)
print(input_string)
'';
executable = true;
};
taskwarrior-on-modify-hook = {
target = ".task/hooks/on-modify.eventd-notification";
text = ''
#!${pkgs.python3}/bin/python
import sys
import json
import subprocess
input_string = sys.stdin.readline()
original = json.loads(input_string)
input_string = sys.stdin.readline()
new = json.loads(input_string)
command = ['eventc', 'task', 'modify']
for name in set(new.keys()).union(set(original.keys())):
if new.get(name) != original.get(name) or name == "description":
value = new.get(name, "")
command.append("-d") command.append("-d")
if type(value) == list: if type(value) == list:
value = ', '.join([str(item) for item in value]) value = ', '.join(value)
command.append(name+"='"+str(value)+"'") command.append(name+"='"+str(value)+"'")
subprocess.Popen(command) subprocess.Popen(command)
print(input_string) print(input_string)
''; '';
executable = true; executable = true;
};
};
};
xdg = let
taskAction = name: template: {
"eventd/task-${name}.action".text = generators.toINI {} {
Action = {
Name = "task-${name}";
}; };
Notification = { taskwarrior-on-modify-hook = {
Text = template; target = ".task/hooks/on-modify.eventd-notification";
}; text = ''
NotificationBubble = { #!${pkgs.python3}/bin/python
Queue = "tasks"; import sys
import json
import subprocess
input_string = sys.stdin.readline()
original = json.loads(input_string)
input_string = sys.stdin.readline()
new = json.loads(input_string)
command = ['eventc', 'task', 'modify']
for name in set(new.keys()).union(set(original.keys())):
if new.get(name) != original.get(name) or name == "description":
value = new.get(name, "")
command.append("-d")
if type(value) == list:
value = ', '.join([str(item) for item in value])
command.append(name+"='"+str(value)+"'")
subprocess.Popen(command)
print(input_string)
'';
executable = true;
}; };
}; };
}; };
in { xdg = let
configFile = { taskAction = name: template: {
"eventd/task.event".text = generators.toINI {} { "eventd/task-${name}.action".text = generators.toINI { } {
"Event task add" = { Action = { Name = "task-${name}"; };
Actions = "task-new"; Notification = { Text = template; };
}; NotificationBubble = { Queue = "tasks"; };
"Event task modify" = {
Actions = "task-changed";
}; };
}; };
} // in {
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" // configFile = {
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"; "eventd/task.event".text = generators.toINI { } {
"Event task add" = { Actions = "task-new"; };
"Event task modify" = { Actions = "task-changed"; };
};
} // taskAction "changed"
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
// taskAction "new"
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
};
}; };
};
} }

43
home-manager/modules/unlock.nix
View file

@ -1,32 +1,27 @@
{ pkgs, lib, config, ...}: { pkgs, lib, config, ... }:
with lib; with lib;
let let
makeUnlocker = { name, hostName, pubKey, passPath }: makeUnlocker = { name, hostName, pubKey, passPath }:
let let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}"; in pkgs.writeShellScriptBin "unlock-${name}" ''
in echo "Waiting for host to come up";
pkgs.writeShellScriptBin "unlock-${name}" '' while true; do
echo "Waiting for host to come up"; echo -n .
while true; do /run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break;
echo -n . sleep 1s;
/run/wrappers/bin/ping -4 ${hostName} -c 1 -w 1 > /dev/null && break; done;
sleep 1s; echo
done; echo "Ping successful; Entering disk encryption password"
echo ${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
echo "Ping successful; Entering disk encryption password" '';
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed" in {
'';
in
{
options.m-0.unlocker = mkOption { options.m-0.unlocker = mkOption {
default = []; default = [ ];
type = types.listOf types.attrs; type = types.listOf types.attrs;
}; };
config = { config = { home.packages = map makeUnlocker config.m-0.unlocker; };
home.packages = map makeUnlocker config.m-0.unlocker;
};
} }

181
home-manager/modules/weechat/default.nix
View file

@ -3,107 +3,100 @@ with lib;
let let
in { in {
options.m-0.weechat = { options.m-0.weechat = {
enable = mkEnableOption "Weechat"; enable = mkEnableOption "Weechat";
channels = mkOption { channels = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
};
user = mkOption {
type = types.str;
};
pw = mkOption {
type = types.str;
};
};
config = mkIf config.m-0.weechat.enable {
home.file = {
python_plugins = {
target = ".weechat/python";
source = ./plugins/python;
};
perl_plugins = {
target = ".weechat/perl";
source = ./plugins/perl;
};
plugins = {
target = ".weechat/plugins.conf";
text = ''
[var]
python.buffer_autohide.hide_inactive = on
python.buffer_autohide.hide_private = on
'';
};
weechat = {
target = ".weechat/weechat.conf";
text = ''
[look]
buffer_notify_default = "highlight"
jump_current_to_previous_buffer = off
[color]
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
[filter]
irc_smart = on;*;irc_smart_filter;*
'';
};
logger = {
target = ".weechat/logger.conf";
text = ''
[look]
backlog = 1000
[file]
mask = "$name/%Y"
path = "${config.home.homeDirectory}/data/logs/"
'';
};
irc = {
target = ".weechat/irc.conf";
text = ''
[look]
color_nicks_in_nicklist = on
[server]
freenode.addresses = "chat.freenode.net/6697"
freenode.ssl = on
freenode.sasl_mechanism = plain
freenode.sasl_username = "${config.m-0.weechat.user}"
freenode.sasl_password = "${config.m-0.weechat.pw}"
freenode.autoconnect = on
freenode.username = "${config.m-0.weechat.user}"
freenode.autojoin = "#nixos,#matrix,#haskell"
[server]
hackint.addresses = "irc.hackint.org/6697"
hackint.ssl = on
hackint.sasl_mechanism = plain
hackint.sasl_username = "${config.m-0.weechat.user}"
hackint.sasl_password = "${config.m-0.weechat.pw}"
hackint.autoconnect = on
hackint.username = "${config.m-0.weechat.user}"
hackint.autojoin = "${config.m-0.weechat.channels}"
'';
}; };
user = mkOption { type = types.str; };
pw = mkOption { type = types.str; };
}; };
systemd.user.services = { config = mkIf config.m-0.weechat.enable {
weechat = { home.file = {
Unit = { python_plugins = {
Description = "Weechat Tmux Session"; target = ".weechat/python";
source = ./plugins/python;
}; };
Service = { perl_plugins = {
Type = "forking"; target = ".weechat/perl";
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'"; source = ./plugins/perl;
Restart = "always";
}; };
Install = { plugins = {
WantedBy = [ "default.target" ]; target = ".weechat/plugins.conf";
text = ''
[var]
python.buffer_autohide.hide_inactive = on
python.buffer_autohide.hide_private = on
'';
};
weechat = {
target = ".weechat/weechat.conf";
text = ''
[look]
buffer_notify_default = "highlight"
jump_current_to_previous_buffer = off
[color]
chat_nick_colors = "cyan,magenta,green,brown,lightblue,default,lightcyan,lightmagenta,lightgreen,blue,31,35,38,40,49,63,70,80,92,99,112,126,130,138,142,148,160,162,167,169,174,176,178,184,186,210,212,215,228"
[filter]
irc_smart = on;*;irc_smart_filter;*
'';
};
logger = {
target = ".weechat/logger.conf";
text = ''
[look]
backlog = 1000
[file]
mask = "$name/%Y"
path = "${config.home.homeDirectory}/data/logs/"
'';
};
irc = {
target = ".weechat/irc.conf";
text = ''
[look]
color_nicks_in_nicklist = on
[server]
freenode.addresses = "chat.freenode.net/6697"
freenode.ssl = on
freenode.sasl_mechanism = plain
freenode.sasl_username = "${config.m-0.weechat.user}"
freenode.sasl_password = "${config.m-0.weechat.pw}"
freenode.autoconnect = on
freenode.username = "${config.m-0.weechat.user}"
freenode.autojoin = "#nixos,#matrix,#haskell"
[server]
hackint.addresses = "irc.hackint.org/6697"
hackint.ssl = on
hackint.sasl_mechanism = plain
hackint.sasl_username = "${config.m-0.weechat.user}"
hackint.sasl_password = "${config.m-0.weechat.pw}"
hackint.autoconnect = on
hackint.username = "${config.m-0.weechat.user}"
hackint.autojoin = "${config.m-0.weechat.channels}"
'';
};
};
systemd.user.services = {
weechat = {
Unit = { Description = "Weechat Tmux Session"; };
Service = {
Type = "forking";
ExecStart =
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
Restart = "always";
};
Install = { WantedBy = [ "default.target" ]; };
}; };
}; };
}; };
};
} }

13
home-manager/nvim/default.nix
View file

@ -6,16 +6,9 @@ neovim.override {
customRC = builtins.readFile ./vimrc; customRC = builtins.readFile ./vimrc;
packages.myVimPackage = { packages.myVimPackage = {
start = builtins.attrValues { start = builtins.attrValues {
inherit ((import <nixpkgs> {}).vimPlugins) inherit ((import <nixpkgs> { }).vimPlugins)
vim-nix vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
vimtex vim-pandoc vim-pandoc-syntax haskell-vim;
airline
rust-vim
fugitive
vim-trailing-whitespace
vim-pandoc
vim-pandoc-syntax
haskell-vim;
}; };
}; };
}; };

12
home-manager/on-foreign-machine.nix
View file

@ -1,14 +1,12 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
inherit (import ../common/lib.nix) writeHaskellScript; inherit (import ../common/lib.nix) writeHaskellScript;
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
in in {
{
home = { home = {
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs; packages =
sessionVariables = { builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
NIX_PATH = "$HOME/.nix-path"; sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
};
file = { file = {
home-manager-source = { home-manager-source = {
target = ".nix-path/home-manager"; target = ".nix-path/home-manager";

3
home-manager/on-my-machine.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }: {
{
home = { home = {
username = "maralorn"; username = "maralorn";
homeDirectory = "/home/maralorn"; homeDirectory = "/home/maralorn";

18
home-manager/unused/morgenreport.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
let let
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" '' morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
cd $HOME/data/aktuell/media/ebooks/morgenreport/ cd $HOME/data/aktuell/media/ebooks/morgenreport/
DATE=`date +%Y-%m-%d` DATE=`date +%Y-%m-%d`
PATH=$PATH:/run/wrappers/bin/ PATH=$PATH:/run/wrappers/bin/
@ -11,24 +11,18 @@ morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
echo "File created, sending to kindle now " echo "File created, sending to kindle now "
echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
''; '';
urls = [ "https://erdspektive.org/feed/" ]; urls = [ "https://erdspektive.org/feed/" ];
in { in {
home.packages = [ morgenreport-script]; home.packages = [ morgenreport-script ];
systemd.user = { systemd.user = {
services.morgenreport = { services.morgenreport = {
Unit = { Unit = { Description = "Send morgenreport to kindle"; };
Description = "Send morgenreport to kindle";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport"; ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = {
Timer = {
OnCalendar = "20:00";
}; };
}; };
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
}; };
} }

26
home-manager/unused/sort-mail.nix
View file

@ -1,8 +1,6 @@
{ pkgs, ... }: { pkgs, ... }: {
{
systemd.user = { systemd.user = {
services.sort-mail = services.sort-mail = let
let
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" '' sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
${pkgs.isync}/bin/mbsync -a ${pkgs.isync}/bin/mbsync -a
@ -17,20 +15,14 @@
${pkgs.isync}/bin/mbsync -a ${pkgs.isync}/bin/mbsync -a
''; '';
in { in {
Unit = { Unit = { Description = "Sort E-Mails"; };
Description = "Sort E-Mails";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail"; ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
};
}; };
}; timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
timers.sort-mail = {
Timer = {
OnCalendar = "minutely";
};
};
}; };
} }

8
home-manager/unused/update-hm.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
let let
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz; path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
home-manager = (import ../../home-manager { home-manager = (import ../../home-manager {
inherit pkgs; inherit pkgs;
inherit path; inherit path;
@ -8,13 +8,11 @@ let
in { in {
systemd.user = { systemd.user = {
services.update-hm = { services.update-hm = {
Unit = { Unit = { Description = "Update home-manager"; };
Description = "Update home-manager";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart="${home-manager}/bin/home-manager switch"; ExecStart = "${home-manager}/bin/home-manager switch";
}; };
}; };
timers.update-hm = { timers.update-hm = {

39
home-manager/unused/urxvt.nix
View file

@ -1,34 +1,29 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let colors = config.common.colors;
colors = config.common.colors;
in { in {
home = { home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
packages = with pkgs; [
rxvt_unicode-with-plugins
];
};
xresources.properties = { xresources.properties = {
"*transparent" = true; "*transparent" = true;
"*tintColor" = colors.background; "*tintColor" = colors.background;
"*scrollBar" = false; "*scrollBar" = false;
"*urgentOnBell" = true; "*urgentOnBell" = true;
"*background" = colors.background; "*background" = colors.background;
"*foreground" = colors.foreground; "*foreground" = colors.foreground;
"*color0" = colors.black; "*color0" = colors.black;
"*color8" = colors.brightBlack; "*color8" = colors.brightBlack;
"*color1" = colors.red; "*color1" = colors.red;
"*color9" = colors.brightRed; "*color9" = colors.brightRed;
"*color2" = colors.green; "*color2" = colors.green;
"*color10" = colors.brightGreen; "*color10" = colors.brightGreen;
"*color3" = colors.yellow; "*color3" = colors.yellow;
"*color11" = colors.brightYellow; "*color11" = colors.brightYellow;
"*color4" = colors.blue; "*color4" = colors.blue;
"*color12" = colors.brightBlue; "*color12" = colors.brightBlue;
"*color5" = colors.magenta; "*color5" = colors.magenta;
"*color13" = colors.brightMagenta; "*color13" = colors.brightMagenta;
"*color6" = colors.cyan; "*color6" = colors.cyan;
"*color14" = colors.brightCyan; "*color14" = colors.brightCyan;
"*color7" = colors.white; "*color7" = colors.white;
"*color15" = colors.brightWhite; "*color15" = colors.brightWhite;
"*boldFont" = ""; "*boldFont" = "";
}; };

15
home-manager/update-script.nix
View file

@ -1,18 +1,21 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays; inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ./lib.nix) update-home; inherit (import ./lib.nix) update-home;
configPath = "/home/${config.home.username}/git/nixos/config"; configPath = "/home/${config.home.username}/git/nixos/config";
home-maintenance = writeHaskellScript home-maintenance = writeHaskellScript {
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} '' name = "home-maintenance";
imports = [ ];
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
} ''
main = do main = do
git "-C" "${configPath}" "pull" git "-C" "${configPath}" "pull"
update_home update_home
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d" nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store" nix "optimise-store"
''; '';
in in {
{
home = { home = {
packages = builtins.attrValues { packages = builtins.attrValues {
inherit home-maintenance get-niv-path; inherit home-maintenance get-niv-path;

24
home-manager/update_tasks.nix
View file

@ -1,26 +1,18 @@
{ config, lib, pkgs , ... }: { config, lib, pkgs, ... }:
let let inherit (import ../common/pkgs.nix) eventd;
inherit (import ../common/pkgs.nix) eventd; in {
in
{
systemd.user = { systemd.user = {
services.update_tasks = { services.update_tasks = {
Unit = { Unit = { Description = "Update taskwarrior tasks"; };
Description = "Update taskwarrior tasks";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
Environment="PATH=${pkgs.taskwarrior}/bin:${eventd}/bin"; Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
ExecStart= "${config.home.homeDirectory}/.cargo/bin/update_tasks"; ExecStart = "${config.home.homeDirectory}/.cargo/bin/update_tasks";
}; };
}; };
timers.update_tasks = { timers.update_tasks = {
Timer = { Timer = { OnCalendar = "hourly"; };
OnCalendar = "hourly"; Install = { WantedBy = [ "timers.target" ]; };
};
Install = {
WantedBy = [ "timers.target" ];
};
}; };
}; };

28
home-manager/zsh/default.nix
View file

@ -1,20 +1,20 @@
{pkgs, ... }: { { pkgs, ... }: {
programs = { programs = {
zsh = { zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
history = {
save = 100000;
size = 100000;
};
initExtra = builtins.readFile ./zshrc;
oh-my-zsh = {
enable = true; enable = true;
plugins = [ "colored-man-pages" "git-prompt" ]; enableAutosuggestions = true;
enableCompletion = true;
history = {
save = 100000;
size = 100000;
};
initExtra = builtins.readFile ./zshrc;
oh-my-zsh = {
enable = true;
plugins = [ "colored-man-pages" "git-prompt" ];
};
}; };
}; };
};
} }

173
hosts/apollo/configuration.nix
View file

@ -8,116 +8,115 @@ let
nixos-hardware = (import ../../nix/sources.nix).nixos-hardware; nixos-hardware = (import ../../nix/sources.nix).nixos-hardware;
in { in {
imports = [ imports = [
"${nixos-hardware}/lenovo/thinkpad" "${nixos-hardware}/lenovo/thinkpad"
"${nixos-hardware}/common/pc/ssd" "${nixos-hardware}/common/pc/ssd"
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}" "${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
./hardware-configuration.nix ./hardware-configuration.nix
../../system ../../system
../../system/fonts.nix ../../system/fonts.nix
../../system/standalone.nix ../../system/standalone.nix
]; ];
networking = { networking = {
hostName = "apollo"; hostName = "apollo";
firewall.allowedTCPPorts = [ 8888 ]; firewall.allowedTCPPorts = [ 8888 ];
firewall.allowedUDPPorts = [ 30000 ]; firewall.allowedUDPPorts = [ 30000 ];
wireguard.interfaces = { wireguard.interfaces = {
m0wire = { m0wire = {
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ]; ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private"; privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [ peers = [{
{
publicKey = wireguard.pub.hera; publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ]; allowedIPs = [ "::/0" ];
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}"; endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk"; presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
persistentKeepalive = 25; persistentKeepalive = 25;
} }];
]; postSetup =
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ]; [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
};
}; };
}; };
};
m-0 = { m-0 = { laptop.enable = true; };
laptop.enable = true;
};
#let #let
#secretsFile = "/var/lib/luks-secret/key"; #secretsFile = "/var/lib/luks-secret/key";
#secretsInitrd = "/boot/grub/secrets-initrd.gz"; #secretsInitrd = "/boot/grub/secrets-initrd.gz";
#in #in
#{ #{
#imports = [ #imports = [
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) { #({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
#boot.initrd.luks.devices."root" = { #boot.initrd.luks.devices."root" = {
#fallbackToPassword = true; #fallbackToPassword = true;
#keyFile = secretsFile; #keyFile = secretsFile;
#}; #};
## copy the secret into the additional initramfs. `null` means same path ## copy the secret into the additional initramfs. `null` means same path
#boot.initrd.secrets."${secretsFile}" = null; #boot.initrd.secrets."${secretsFile}" = null;
#}) #})
#({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) { #({lib, config, ...}: lib.mkIf (config.boot.loader.grub.enable && config.boot.initrd.secrets != {}) {
#boot.loader = { #boot.loader = {
#supportsInitrdSecrets = lib.mkForce true; #supportsInitrdSecrets = lib.mkForce true;
#grub.extraInitrd = secretsInitrd; #grub.extraInitrd = secretsInitrd;
#grub.extraPrepareConfig = '' #grub.extraPrepareConfig = ''
#${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd} #${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
#''; #'';
#}; #};
#}) #})
#]; #];
#} #}
# Use the systemd-boot EFI boot loader.
# Use the systemd-boot EFI boot loader. boot = {
boot = { loader = {
loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI"; efiSysMountPoint = "/boot/EFI";
}; };
grub = { grub = {
enable = true; enable = true;
version = 2; version = 2;
device = "nodev"; device = "nodev";
efiSupport = true; efiSupport = true;
enableCryptodisk = true; enableCryptodisk = true;
gfxmodeEfi = "1024x768"; gfxmodeEfi = "1024x768";
}; };
}; };
supportedFilesystems = [ "exfat" ]; supportedFilesystems = [ "exfat" ];
};
services = {
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
autorandr.enable = true;
borgbackup.jobs.data = {
doInit = false;
startAt = [];
exclude = [
"/home/${me.user}/data/aktuell/media"
"/home/${me.user}/data/.stversions"
];
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
}; };
};
cdark_net = { services = {
enable = true; prometheus.exporters.node.firewallFilter =
hostName = "${me.user}_${config.networking.hostName}"; "-i m0wire -p tcp -m tcp --dport 9100";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv; autorandr.enable = true;
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"); borgbackup.jobs.data = {
ip6address = "fd23:42:cda:4342::2"; doInit = false;
ip4address = "172.20.71.2"; startAt = [ ];
}; exclude = [
"/home/${me.user}/data/aktuell/media"
"/home/${me.user}/data/.stversions"
];
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
};
};
cdark_net = {
enable = true;
hostName = "${me.user}_${config.networking.hostName}";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
+ /secret/tinc/ed25519_key.priv;
hostsDirectory =
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ip6address = "fd23:42:cda:4342::2";
ip4address = "172.20.71.2";
};
} }

29
hosts/apollo/hardware-configuration.nix
View file

@ -4,29 +4,28 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335"; device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs"; fsType = "btrfs";
}; };
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e"; boot.initrd.luks.devices."nixos".device =
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
fileSystems."/boot/EFI" = fileSystems."/boot/EFI" = {
{ device = "/dev/disk/by-uuid/C4A6-3DB5"; device = "/dev/disk/by-uuid/C4A6-3DB5";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; } [{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
];
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

195
hosts/apollo/home.nix
View file

@ -1,40 +1,41 @@
{ pkgs, config, ... }: { pkgs, config, ... }: {
{
imports = [ imports = [
../../home-manager ../../home-manager
../../home-manager/on-my-machine.nix ../../home-manager/on-my-machine.nix
../../home-manager/battery.nix ../../home-manager/battery.nix
../../home-manager/update_tasks.nix ../../home-manager/update_tasks.nix
../../home-manager/desktop ../../home-manager/desktop
]; ];
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs; home.packages =
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
m-0 = { m-0 = {
hostName = "apollo"; hostName = "apollo";
latex.enable = true; latex.enable = true;
accounting = { accounting = {
enable = true; enable = true;
config = builtins.readFile secret/jaliconfig.py; config = builtins.readFile secret/jaliconfig.py;
};
rustdev.enable = true;
taskwarrior = {
enable = true;
git_active = true;
};
pythia.enable = true;
unlocker = [{
name = "hera";
hostName = "hera-v4";
pubKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
}];
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
}; };
rustdev.enable = true;
taskwarrior = {
enable = true;
git_active = true;
};
pythia.enable = true;
unlocker = [ {
name = "hera";
hostName = "hera-v4";
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
} ];
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
};
home.file.".ncmpcpp/config".text = '' home.file.".ncmpcpp/config".text = ''
ask_before_clearing_playlists=no ask_before_clearing_playlists=no
@ -46,9 +47,7 @@ m-0 = {
user_interface = alternative user_interface = alternative
''; '';
programs = { programs = {
firefox = { firefox = { enable = true; };
enable = true;
};
git = { git = {
signing = { signing = {
signByDefault = true; signByDefault = true;
@ -65,74 +64,80 @@ m-0 = {
network-manager-applet.enable = true; network-manager-applet.enable = true;
}; };
programs.autorandr = { programs.autorandr = {
enable = true; enable = true;
hooks = { hooks = {
postswitch = { postswitch = {
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart"; "restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service"; "update-background" =
}; "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
};
profiles = {
"home" = {
fingerprint = {
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2-2 = {
enable = true;
position = "4000x0";
mode = "1920x1080";
};
DP-2-1 = {
enable = true;
position = "2560x0";
mode = "1440x900";
};
}; };
}; };
"work" = { profiles = {
fingerprint = { "home" = {
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2"; fingerprint = {
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2"; "DP-2-2" =
}; "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
config = { "eDP-1" =
eDP-1 = { "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
enable = true; "DP-2-1" =
primary = true; "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
position = "0x0";
mode = "2560x1440";
}; };
DP-2 = { config = {
enable = true; eDP-1 = {
position = "2560x0"; enable = true;
mode = "1920x1080"; primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2-2 = {
enable = true;
position = "4000x0";
mode = "1920x1080";
};
DP-2-1 = {
enable = true;
position = "2560x0";
mode = "1440x900";
};
}; };
}; };
}; "work" = {
"default" = { fingerprint = {
fingerprint = { "DP-2" =
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2"; "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
DP-2 = {
enable = true;
position = "2560x0";
mode = "1920x1080";
};
};
}; };
config = { "default" = {
eDP-1 = { fingerprint = {
enable = true; "eDP-1" =
primary = true; "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
position = "0x0"; };
mode = "2560x1440"; config = {
eDP-1 = {
enable = true;
primary = true;
position = "0x0";
mode = "2560x1440";
};
}; };
}; };
}; };
}; };
};
} }

BIN
hosts/apollo/secret/default.nix
View file

Binary file not shown.

23
hosts/apollo/syncthing.nix
View file

@ -1,18 +1,17 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let me = config.m-0.private.me;
me = config.m-0.private.me;
in { in {
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; }; boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
services = mkIf config.m-0.standalone.enable { services = mkIf config.m-0.standalone.enable {
syncthing = { syncthing = {
dataDir = "/home/${me.user}/.config/syncthing"; dataDir = "/home/${me.user}/.config/syncthing";
enable = true; enable = true;
group = "users"; group = "users";
user = me.user; user = me.user;
openDefaultPorts = true; openDefaultPorts = true;
};
}; };
};
} }

142
hosts/hephaistos/home.nix
View file

@ -1,80 +1,76 @@
{ pkgs, config, ... }: { pkgs, config, ... }: {
{ imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
imports = [
../../home-manager
../../home-manager/on-foreign-machine.nix
];
systemd.user.systemctlPath = "/usr/bin/systemctl"; systemd.user.systemctlPath = "/usr/bin/systemctl";
m-0 = {
m-0 = { hostName = "fb04217";
hostName = "fb04217"; #latex.enable = true;
#latex.enable = true; #taskwarrior = {
#taskwarrior = { # enable = true;
# enable = true; # git_active = true;
# git_active = true; #};
#}; #update_tasks.enable = true;
#update_tasks.enable = true; #eventd.enable = true;
#eventd.enable = true; #pythia.enable = true;
#pythia.enable = true;
};
home = {
username = "brandy";
homeDirectory = "/home/brandy";
language = {
base = "C.UTF-8";
address = "C.UTF-8";
monetary = "C.UTF-8";
paper = "C.UTF-8";
time = "C.UTF-8";
}; };
sessionVariables = {
LANGUAGE="en_US"; home = {
LC_CTYPE="C.UTF-8"; username = "brandy";
LC_NUMERIC="C.UTF-8"; homeDirectory = "/home/brandy";
LC_COLLATE="C.UTF-8"; language = {
LC_MESSAGES="C.UTF-8"; base = "C.UTF-8";
LC_NAME="C.UTF-8"; address = "C.UTF-8";
LC_TELEPHONE="C.UTF-8"; monetary = "C.UTF-8";
LC_MEASUREMENT="C.UTF-8"; paper = "C.UTF-8";
LC_IDENTIFICATION="C.UTF-8"; time = "C.UTF-8";
}; };
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ]; sessionVariables = {
file = { LANGUAGE = "en_US";
".bashrc".text = '' LC_CTYPE = "C.UTF-8";
[ -z "$PS1" ] && return LC_NUMERIC = "C.UTF-8";
unset __HM_SESS_VARS_SOURCED LC_COLLATE = "C.UTF-8";
if [[ -z "$NIX_PATH" ]] LC_MESSAGES = "C.UTF-8";
then LC_NAME = "C.UTF-8";
exec ~/bin/with-nix zsh LC_TELEPHONE = "C.UTF-8";
else LC_MEASUREMENT = "C.UTF-8";
exec zsh LC_IDENTIFICATION = "C.UTF-8";
fi };
''; forceCopies.paths =
"bin" = { [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
source = ./bootstrap-bin; file = {
recursive = true; ".bashrc".text = ''
[ -z "$PS1" ] && return
unset __HM_SESS_VARS_SOURCED
if [[ -z "$NIX_PATH" ]]
then
exec ~/bin/with-nix zsh
else
exec zsh
fi
'';
"bin" = {
source = ./bootstrap-bin;
recursive = true;
};
}; };
};
packages = [ packages = [
(pkgs.writeShellScriptBin "maintenance" '' (pkgs.writeShellScriptBin "maintenance" ''
set -e set -e
cd ~/git/nixos/nixpkgs cd ~/git/nixos/nixpkgs
git checkout nixos-local git checkout nixos-local
git pull --no-edit upstream nixos-19.03 git pull --no-edit upstream nixos-19.03
git pull --no-edit origin nixos-maralorn git pull --no-edit origin nixos-maralorn
cd ~/git/nixos/home-manager cd ~/git/nixos/home-manager
git checkout home-manager-local git checkout home-manager-local
git pull --no-edit upstream release-19.03 git pull --no-edit upstream release-19.03
git pull --no-edit origin home-manager-maralorn git pull --no-edit origin home-manager-maralorn
home-manager switch home-manager switch
nix-collect-garbage --delete-older-than 5d nix-collect-garbage --delete-older-than 5d
nix-store --optimise nix-store --optimise
'') '')
] ++ ((import ../../common/pkgs.nix).); ];
}; };
} }

10
hosts/hephaistos/nix-gc.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }: { pkgs, ... }: {
{
systemd.user = { systemd.user = {
services.nix-gc = { services.nix-gc = {
Unit = { Unit = { Description = "Collect garbage"; };
Description = "Collect garbage";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d"; ExecStart =
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
}; };
}; };
timers.nix-gc = { timers.nix-gc = {

9
hosts/hephaistos/nix-update-channel.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }: { pkgs, ... }: {
{
systemd.user = { systemd.user = {
services.nix-update = { services.nix-update = {
Unit = { Unit = { Description = "Update nix-channel"; };
Description = "Update nix-channel";
};
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-channel --update"; ExecStart = "${pkgs.nix}/bin/nix-channel --update";
}; };
}; };
timers.nix-update = { timers.nix-update = {

14
hosts/hephaistos/syncthing.nix
View file

@ -1,18 +1,18 @@
{ pkgs, ... }: { pkgs, ... }: {
{
systemd.user = { systemd.user = {
services.syncthing = { services.syncthing = {
Unit = { Unit = {
Description = "Syncthing"; Description = "Syncthing";
ConditionHost = "fb04217"; ConditionHost = "fb04217";
Wants= "syncthing-inotify.service"; Wants = "syncthing-inotify.service";
}; };
Service = { Service = {
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0"; ExecStart =
Restart="on-failure"; "${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
SuccessExitStatus="3 4"; Restart = "on-failure";
RestartForceExitStatus="3 4"; SuccessExitStatus = "3 4";
RestartForceExitStatus = "3 4";
}; };
}; };
}; };

51
hosts/hera/boot.nix
View file

@ -1,33 +1,30 @@
{ ... }: { ... }: {
{
m-0.server.initSSHKey = ./secret/boot_rsa; m-0.server.initSSHKey = ./secret/boot_rsa;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot = { boot = {
loader = { loader = {
grub = { grub = {
enable = true; enable = true;
version = 2; version = 2;
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
};
};
supportedFilesystems = [ "exfat" ];
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
initrd = {
postMountCommands = ''
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}];
}; };
}; };
supportedFilesystems = [ "exfat" ];
kernelParams = [ "ip=213.136.94.190::213.136.94.1:255.255.255.0:hera" ];
initrd = {
postMountCommands = ''
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}
];
};
};
} }

15
hosts/hera/borg.nix
View file

@ -1,20 +1,25 @@
{ config, ... }: { config, ... }:
let let me = config.m-0.private.me;
me = config.m-0.private.me;
in { in {
containers.borg = { containers.borg = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostBridge = "bridge"; hostBridge = "bridge";
config = { pkgs, ... }: { config = { pkgs, ... }: {
imports = [../../system]; imports = [ ../../system ];
networking = { networking = {
interfaces.eth0 = { interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }]; ipv6.addresses = [{
address = config.m-0.hosts.borg;
prefixLength = 112;
}];
}; };
inherit (config.networking) nameservers; inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; }; defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
}; };
services = { services = {

67
hosts/hera/cloud.nix
View file

@ -3,25 +3,34 @@ with lib;
let let
inherit (config.m-0.private) me cloud; inherit (config.m-0.private) me cloud;
inherit (config.m-0) hosts; inherit (config.m-0) hosts;
nextcloud-container = { v6, v4, hostname , news-updater ? false}: { nextcloud-container = { v6, v4, hostname, news-updater ? false }: {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostBridge = "bridge"; hostBridge = "bridge";
config = { pkgs, ... }: { config = { pkgs, ... }: {
disabledModules = [ "services/web-apps/nextcloud.nix" ]; disabledModules = [ "services/web-apps/nextcloud.nix" ];
imports = [ imports = [ ../../system ./nextcloud.nix ];
../../system
./nextcloud.nix
];
networking = { networking = {
interfaces.eth0 = { interfaces.eth0 = {
ipv6.addresses = [{ address = v6; prefixLength = 112; }]; ipv6.addresses = [{
ipv4.addresses = [{ address = v4; prefixLength = 24; }]; address = v6;
prefixLength = 112;
}];
ipv4.addresses = [{
address = v4;
prefixLength = 24;
}];
}; };
inherit (config.networking) nameservers; inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; }; defaultGateway6 = {
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; }; address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
@ -58,9 +67,7 @@ let
}; };
}; };
redis = { redis = { enable = true; };
enable = true;
};
postgresql = { postgresql = {
enable = true; enable = true;
@ -71,10 +78,10 @@ let
}; };
}; };
systemd = { systemd = {
services ={ services = {
"nextcloud-setup"= { "nextcloud-setup" = {
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
"nextcloud-news-updater" = mkIf news-updater { "nextcloud-news-updater" = mkIf news-updater {
startAt = "20:00"; startAt = "20:00";
@ -82,15 +89,15 @@ let
Type = "oneshot"; Type = "oneshot";
User = "nextcloud"; User = "nextcloud";
ExecStart = let ExecStart = let
config = pkgs.writeText "updater.ini" (generators.toINI {} { config = pkgs.writeText "updater.ini" (generators.toINI { } {
updater = { updater = {
user = cloud.adminuser; user = cloud.adminuser;
password = cloud.adminpass; password = cloud.adminpass;
url = "https://${hostname}/"; url = "https://${hostname}/";
mode = "singlerun"; mode = "singlerun";
};}); };
in });
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}"; in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
}; };
}; };
}; };
@ -100,10 +107,22 @@ let
in { in {
m-0.monitoring = [ m-0.monitoring = [
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; } {
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; } name = "mathechor-cloud";
{ name = "cloud"; host = "cloud:9100"; } host = "mathechor-cloud:9100";
{ name = "cloud-nginx"; host = "cloud:9113"; } }
{
name = "mathechor-cloud-nginx";
host = "mathechor-cloud:9113";
}
{
name = "cloud";
host = "cloud:9100";
}
{
name = "cloud-nginx";
host = "cloud:9113";
}
]; ];
containers = { containers = {
chor-cloud = nextcloud-container { chor-cloud = nextcloud-container {

91
hosts/hera/configuration.nix
View file

@ -3,57 +3,56 @@
# You need pw-files for every configured user in ./secret/pw-useralias for login to work. # You need pw-files for every configured user in ./secret/pw-useralias for login to work.
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa # dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
let let inherit (config.m-0.private) me;
inherit (config.m-0.private) me;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../system ../../system
../../system/test-timer.nix ../../system/test-timer.nix
../../system/standalone.nix ../../system/standalone.nix
../../system/server.nix ../../system/server.nix
../../system/git.nix ../../system/git.nix
./borg.nix ./borg.nix
./mail.nix ./mail.nix
./boot.nix ./boot.nix
./cloud.nix ./cloud.nix
./web.nix ./web.nix
./monitoring.nix ./monitoring.nix
./network.nix ./network.nix
./matrix.nix ./matrix.nix
./secret ./secret
]; ];
nix.sshServe = { nix.sshServe = {
enable = true; enable = true;
keys = me.keys; keys = me.keys;
protocol = "ssh-ng"; protocol = "ssh-ng";
};
services = {
borgbackup.jobs.data = {
doInit = false;
encryption.mode = "none";
paths = "/home/${me.user}/data";
repo = "borg@borg:.";
compression = "zstd,5";
}; };
};
users.users.choreutes = { services = {
linger = true; borgbackup.jobs.data = {
description = "choreutes"; doInit = false;
isNormalUser = true; encryption.mode = "none";
uid = 1001; paths = "/home/${me.user}/data";
extraGroups = [ "wheel" "systemd-journal" ]; repo = "borg@borg:.";
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes"; compression = "zstd,5";
}; };
};
# This value determines the NixOS release with which your system is to be users.users.choreutes = {
# compatible, in order to avoid breaking some software such as database linger = true;
# servers. You should change this only after NixOS release notes say you description = "choreutes";
# should. isNormalUser = true;
system.stateVersion = "18.03"; # Did you read the comment? uid = 1001;
extraGroups = [ "wheel" "systemd-journal" ];
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
} }

26
hosts/hera/hardware-configuration.nix
View file

@ -4,27 +4,25 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173"; device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/3D8A-20F0"; device = "/dev/disk/by-uuid/3D8A-20F0";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; } [{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
} }

42
hosts/hera/home.nix
View file

@ -1,28 +1,24 @@
{ pkgs, config, ... }: { pkgs, config, ... }: {
{
imports = [ imports =
../../home-manager [ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
../../home-manager/on-my-machine.nix
./secret
];
m-0 = { m-0 = {
hostName = "hera"; hostName = "hera";
taskwarrior.enable = false; taskwarrior.enable = false;
bugwarrior.enable = false; bugwarrior.enable = false;
rustdev.enable = false; rustdev.enable = false;
eventd.enable = false; eventd.enable = false;
mail = { mail = {
enable = true; enable = true;
accounts = config.m-0.private.mail_accounts; accounts = config.m-0.private.mail_accounts;
};
weechat = {
enable = true;
user = config.m-0.private.hackint.user;
pw = config.m-0.private.hackint.hackint_pw;
channels = config.m-0.private.hackint.channels;
};
}; };
weechat = {
enable = true;
user = config.m-0.private.hackint.user;
pw = config.m-0.private.hackint.hackint_pw;
channels = config.m-0.private.hackint.channels;
};
};
} }

166
hosts/hera/mail.nix
View file

@ -2,91 +2,97 @@
let let
certPath = "/var/lib/acme/hera.m-0.eu"; certPath = "/var/lib/acme/hera.m-0.eu";
inherit (config.services.prometheus.exporters.node) firewallFilter; inherit (config.services.prometheus.exporters.node) firewallFilter;
in in {
{ networking.firewall = {
networking.firewall = { allowedTCPPorts = [ 25 143 587 993 ];
allowedTCPPorts = [ 25 143 587 993 ]; extraCommands = ''
extraCommands = '' ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9154 -j nixos-fw-accept ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept '';
''; };
};
m-0.monitoring = [ m-0.monitoring = [
{ name = "mail-server"; host = "hera-intern:9101"; } {
{ name = "postfix"; host = "hera-intern:9154"; } name = "mail-server";
{ name = "dovecot"; host = "hera-intern:9166"; } host = "hera-intern:9101";
]; }
{
name = "postfix";
host = "hera-intern:9154";
}
{
name = "dovecot";
host = "hera-intern:9166";
}
];
containers.mail = { containers.mail = {
bindMounts = { "${certPath}" = { hostPath = certPath; }; }; bindMounts = { "${certPath}" = { hostPath = certPath; }; };
autoStart = true; autoStart = true;
config = { pkgs, lib, ... }: { config = { pkgs, lib, ... }: {
imports = [ imports =
../../system [ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
"${(import ../../nix/sources.nix).nixos-mailserver}" services.prometheus.exporters = {
]; node.port = 9101;
services.prometheus.exporters = { postfix = {
node.port = 9101; enable = true;
postfix = { openFirewall = true;
enable = true; inherit firewallFilter;
openFirewall = true; systemd.enable = true;
inherit firewallFilter; };
systemd.enable = true; dovecot = {
}; enable = true;
dovecot = { openFirewall = true;
enable = true; inherit firewallFilter;
openFirewall = true;
inherit firewallFilter;
};
};
systemd.services = {
atomail = {
script =
let
atomail = pkgs.fetchFromGitHub {
owner = "remko";
repo = "atomail";
rev = "f079966cb808f51fcc67be91b609942cdb49898a";
sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
};
in ''
${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
'';
startAt = "19:58:00";
serviceConfig.Type = "oneshot";
};
rss-server = {
preStart = "mkdir -p /var/www";
serviceConfig = {
WorkingDirectory = "/var/www";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
}; };
wantedBy = [ "multi-user.target" ];
}; };
}; systemd.services = {
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ]; atomail = {
mailserver = { script = let
enable = true; atomail = pkgs.fetchFromGitHub {
enableImapSsl = true; owner = "remko";
fqdn = "hera.m-0.eu"; repo = "atomail";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ]; rev = "f079966cb808f51fcc67be91b609942cdb49898a";
loginAccounts = config.m-0.private.mailUsers; sha256 = "0a4j4xajn2yysgcb17jmb6ak148kk0kwf7khml7dbnh7807fv9b6";
hierarchySeparator = "/"; };
certificateScheme = 1; in ''
certificateFile = "${certPath}/fullchain.pem"; ${pkgs.python}/bin/python ${atomail}/atomail.py --title "Readlater-E-Mails" --uri="http://hera-intern-v4:8842/rss.xml" /var/www/rss.xml --mode=maildir --file "/var/vmail/maralorn.de/malte.brandy/.Move.readlater/" --max-items=100
keyFile = "${certPath}/key.pem"; ${pkgs.rsync}/bin/rsync -a /var/vmail/maralorn.de/malte.brandy/.Move.readlater/cur/ /var/vmail/maralorn.de/malte.brandy/.Archiv.unsortiert/cur --remove-source-files
extraVirtualAliases = config.m-0.private.lists; '';
policydSPFExtraConfig = '' startAt = "19:58:00";
Mail_From_reject = False serviceConfig.Type = "oneshot";
HELO_Whitelist = hosteurope.de };
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16 rss-server = {
''; preStart = "mkdir -p /var/www";
serviceConfig = {
WorkingDirectory = "/var/www";
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
};
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks =
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
mailserver = {
enable = true;
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
loginAccounts = config.m-0.private.mailUsers;
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
extraVirtualAliases = config.m-0.private.lists;
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
'';
};
}; };
}; };
};
} }

339
hosts/hera/matrix.nix
View file

@ -3,171 +3,202 @@ let
hostName = "matrix.maralorn.de"; hostName = "matrix.maralorn.de";
inherit (config.m-0) hosts; inherit (config.m-0) hosts;
inherit (../../common/lib.nix) unstable; inherit (../../common/lib.nix) unstable;
in in {
{ networking.firewall.allowedTCPPorts = [ 3478 8448 ];
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
m-0.monitoring = [ m-0.monitoring = [
{ name = "matrix"; host = "matrix:9100"; } {
{ name = "matrix-nginx"; host = "matrix:9113"; } name = "matrix";
]; host = "matrix:9100";
}
services.coturn = { {
enable = true; name = "matrix-nginx";
pkey = "/var/lib/acme/hera.m-0.eu/key.pem"; host = "matrix:9113";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem"; }
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
containers.matrix = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
]; ];
networking = {
interfaces.eth0 = { services.coturn = {
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }]; enable = true;
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }]; pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
no-tcp = true;
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
containers.matrix = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{
address = hosts.matrix;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.matrix-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 8448 ];
}; };
inherit (config.networking) nameservers; m-0.riot = {
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
firewall.allowedTCPPorts = [ 80 443 8448 ];
};
m-0.riot = {
enable = true;
hostname = "riot.maralorn.de";
config = {
default_hs_url = "https://matrix.maralorn.de";
default_is_url = "https://vector.im";
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [];
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
welcomeUserId = "@riot-bot:matrix.org";
piwik = false;
features = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = {
servers = [ "matrix.org" "maralorn.de" ];
};
branding = {
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
};
};
};
services = {
nginx = {
enable = true; enable = true;
virtualHosts."${hostName}" = { hostname = "riot.maralorn.de";
forceSSL = true; config = {
enableACME = true; default_hs_url = "https://matrix.maralorn.de";
locations = { default_is_url = "https://vector.im";
"/" = { integrations_ui_url = "";
proxyPass = "http://[::1]:8008"; integrations_rest_url = "";
extraConfig = '' integrations_widgets_urls = [ ];
proxy_http_version 1.1; bug_report_endpoint_url = "https://riot.im/bugreports/submit";
proxy_set_header X-Forwarded-For $remote_addr; welcomeUserId = "@riot-bot:matrix.org";
''; piwik = false;
}; features = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
branding = {
welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
}; };
}; };
}; };
services = {
# Postgres nginx = {
postgresql = { enable = true;
enable = true; virtualHosts."${hostName}" = {
}; forceSSL = true;
enableACME = true;
# Synapse locations = {
matrix-synapse = { "/" = {
enable = true; proxyPass = "http://[::1]:8008";
enable_metrics = true; extraConfig = ''
server_name = "maralorn.de"; proxy_http_version 1.1;
public_baseurl = "https://${hostName}"; proxy_set_header X-Forwarded-For $remote_addr;
url_preview_enabled = true; '';
database_type = "psycopg2"; };
max_upload_size = "30M"; };
create_local_database = false; };
dynamic_thumbnails = true; };
macaroon_secret_key = config.m-0.private.macaroon_secret;
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ]; # Postgres
turn_shared_secret = config.m-0.private.turn_secret; postgresql = { enable = true; };
turn_user_lifetime = "5h";
allow_guest_access = true; # Synapse
logConfig = '' matrix-synapse = {
version: 1 enable = true;
enable_metrics = true;
formatters: server_name = "maralorn.de";
journal_fmt: public_baseurl = "https://${hostName}";
format: '%(name)s: [%(request)s] %(message)s' url_preview_enabled = true;
database_type = "psycopg2";
filters: max_upload_size = "30M";
context: create_local_database = false;
(): synapse.util.logcontext.LoggingContextFilter dynamic_thumbnails = true;
request: "" macaroon_secret_key = config.m-0.private.macaroon_secret;
turn_uris = [ "turn:hera.m-0.eu:3478?transport=udp" ];
handlers: turn_shared_secret = config.m-0.private.turn_secret;
journal: turn_user_lifetime = "5h";
class: systemd.journal.JournalHandler allow_guest_access = true;
formatter: journal_fmt logConfig = ''
filters: [context] version: 1
SYSLOG_IDENTIFIER: synapse
formatters:
disable_existing_loggers: True journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
loggers:
synapse: filters:
level: WARN context:
synapse.storage.SQL: (): synapse.util.logcontext.LoggingContextFilter
level: WARN request: ""
root: handlers:
level: WARN journal:
handlers: [journal] class: systemd.journal.JournalHandler
''; formatter: journal_fmt
database_args = { filters: [context]
user = "matrix-synapse"; SYSLOG_IDENTIFIER: synapse
database = "matrix-synapse";
cp_min = 5; disable_existing_loggers: True
cp_max = 10;
loggers:
synapse:
level: WARN
synapse.storage.SQL:
level: WARN
root:
level: WARN
handlers: [journal]
'';
database_args = {
user = "matrix-synapse";
database = "matrix-synapse";
cp_min = 5;
cp_max = 10;
};
report_stats = true;
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
listeners = [
{
port = 8448;
bind_address = "::";
resources = [
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [
{
compress = false;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = true;
tls = false;
}
];
}; };
report_stats = true;
tls_certificate_path = "/var/lib/acme/${hostName}/fullchain.pem";
tls_private_key_path = "/var/lib/acme/${hostName}/key.pem";
listeners = [
{
port = 8448;
bind_address = "::";
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = true;
tls = false;
}
];
}; };
}; security.acme.certs = {
security.acme.certs = { "${hostName}" = {
"${hostName}" = { group = "matrix-synapse";
group = "matrix-synapse"; allowKeysForGroup = true;
allowKeysForGroup = true; postRun =
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
};
}; };
}; };
}; };
};
} }

146
hosts/hera/monitoring.nix
View file

@ -1,38 +1,51 @@
{ config, ... }: { config, ... }:
let let inherit (config.m-0) hosts;
inherit (config.m-0) hosts; in {
in services.prometheus.exporters.node = {
{ firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
services.prometheus.exporters.node = { };
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100"; m-0.monitoring = [
}; {
m-0.monitoring = [ name = "hera";
{ name = "hera"; host = "hera-intern:9100"; } host = "hera-intern:9100";
{ name = "monitoring-container"; host = "localhost:9100"; } }
]; {
name = "monitoring-container";
host = "localhost:9100";
}
];
containers.monitoring = { containers.monitoring = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostBridge = "bridge"; hostBridge = "bridge";
config = { pkgs, lib, ... }: { config = { pkgs, lib, ... }: {
imports = [ imports = [ ../../system ];
../../system networking = {
]; interfaces.eth0 = {
networking = { ipv6.addresses = [{
interfaces.eth0 = { address = hosts.monitoring;
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }]; prefixLength = 112;
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }]; }];
ipv4.addresses = [{
address = hosts.monitoring-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 9090 9093 ];
}; };
inherit (config.networking) nameservers; services.prometheus = {
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; }; enable = true;
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; }; rules = [''
firewall.allowedTCPPorts = [ 9090 9093 ];
};
services.prometheus = {
enable = true;
rules = [
''
ALERT node_down ALERT node_down
IF (up{name!="apollo"} == 0) IF (up{name!="apollo"} == 0)
FOR 5m FOR 5m
@ -123,51 +136,44 @@ containers.monitoring = {
summary="{{$labels.alias}}: Running out of swap soon.", summary="{{$labels.alias}}: Running out of swap soon.",
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
} }
'' ''];
]; scrapeConfigs = [{
scrapeConfigs = [
{
job_name = "nodes"; job_name = "nodes";
static_configs = map (entry: { static_configs = map (entry: {
targets = [ entry.host ]; targets = [ entry.host ];
labels = {"name" = entry.name; }; labels = { "name" = entry.name; };
}) config.m-0.monitoring; }) config.m-0.monitoring;
} }];
]; alertmanagerURL = [ "http://localhost:9093" ];
alertmanagerURL = [ "http://localhost:9093" ]; alertmanager = {
alertmanager = { enable = true;
enable = true; listenAddress = "0.0.0.0";
listenAddress = "0.0.0.0"; configuration = {
configuration = { "global" = {
"global" = { "smtp_smarthost" = "hera.m-0.eu:587";
"smtp_smarthost" = "hera.m-0.eu:587"; "smtp_from" = "alertmanager@m-0.eu";
"smtp_from" = "alertmanager@m-0.eu"; "smtp_auth_username" = "alertmanager@m-0.eu";
"smtp_auth_username" = "alertmanager@m-0.eu"; "smtp_auth_password" = config.m-0.private.alertmanager-mail-pw;
"smtp_auth_password" = config.m-0.private.alertmanager-mail-pw; };
}; "route" = {
"route" = { "group_by" = [ "alertname" "alias" ];
"group_by" = [ "alertname" "alias" ]; "group_wait" = "30s";
"group_wait" = "30s"; "group_interval" = "2m";
"group_interval" = "2m"; "repeat_interval" = "4h";
"repeat_interval" = "4h"; "receiver" = "team-admins";
"receiver" = "team-admins"; };
}; "receivers" = [{
"receivers" = [
{
"name" = "team-admins"; "name" = "team-admins";
"email_configs" = [ "email_configs" = [{
{ "to" = "malte.brandy@maralorn.de";
"to" = "malte.brandy@maralorn.de"; "send_resolved" = true;
"send_resolved" = true; }];
} }];
]; };
} };
]; exporters.node.enable = true;
}; };
}; };
exporters.node.enable = true;
};
}; };
};
} }

121
hosts/hera/network.nix
View file

@ -1,67 +1,78 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
inherit (config.m-0) hosts; inherit (config.m-0) hosts;
inherit (config.m-0.private) wireguard; inherit (config.m-0.private) wireguard;
in in {
{ networking = {
networking = { hostName = "hera";
hostName = "hera"; interfaces.ens18 = {
interfaces.ens18 = { proxyARP = true;
proxyARP = true; ipv4.addresses = [{
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }]; address = "213.136.94.190";
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }]; prefixLength = 24;
}; }];
defaultGateway = "213.136.94.1"; ipv6.addresses = [{
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; }; address = hosts.hera;
prefixLength = 128;
}];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = { firewall = {
extraCommands = '' extraCommands = ''
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
''; '';
}; };
bridges.bridge.interfaces = [ ];
bridges.bridge.interfaces = [ ]; interfaces.bridge = {
interfaces.bridge = { proxyARP = true;
proxyARP = true; ipv6.addresses = [{
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }]; address = hosts.hera-intern;
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }]; prefixLength = 112;
}; }];
nat = { ipv4.addresses = [{
enable = true; address = "10.0.0.1";
externalInterface = "ens18"; prefixLength = 24;
internalInterfaces = [ "bridge" ]; }];
}; };
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ]; nat = {
firewall.allowedUDPPorts = [ wireguard.port ]; enable = true;
wireguard.interfaces = { externalInterface = "ens18";
m0wire = { internalInterfaces = [ "bridge" ];
ips = [ "${hosts.hera-wg}/112" ]; };
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private"; nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
listenPort = wireguard.port; firewall.allowedUDPPorts = [ wireguard.port ];
peers = [ wireguard.interfaces = {
{ m0wire = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
listenPort = wireguard.port;
peers = [{
publicKey = wireguard.pub.apollo; publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" ]; allowedIPs = [ "${hosts.apollo-wg}/128" ];
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk"; presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
} }];
]; };
}; };
}; };
}; services = {
services = { ndppd = {
ndppd = { enable = true;
enable = true; configFile = pkgs.writeText "ndppd.conf" ''
configFile = pkgs.writeText "ndppd.conf" '' proxy ens18 {
proxy ens18 { rule ${config.m-0.prefix}::/64 {
rule ${config.m-0.prefix}::/64 { static
static }
} }
} '';
''; };
}; };
};
} }

221
hosts/hera/nextcloud.nix
View file

@ -9,13 +9,16 @@ let
phpPackages = pkgs.php73Packages; phpPackages = pkgs.php73Packages;
toKeyValue = generators.toKeyValue { toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {} " = "; mkKeyValue = generators.mkKeyValueDefault { } " = ";
}; };
phpOptionsExtensions = '' phpOptionsExtensions = ''
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} ${optionalString cfg.caching.apcu
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} ${optionalString cfg.caching.redis
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
zend_extension = opcache.so zend_extension = opcache.so
opcache.enable = 1 opcache.enable = 1
@ -57,7 +60,8 @@ in {
https = mkOption { https = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enable if there is a TLS terminating proxy in front of nextcloud."; description =
"Enable if there is a TLS terminating proxy in front of nextcloud.";
}; };
maxUploadSize = mkOption { maxUploadSize = mkOption {
@ -208,7 +212,7 @@ in {
extraTrustedDomains = mkOption { extraTrustedDomains = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
description = '' description = ''
Trusted domains, from which the nextcloud installation will be Trusted domains, from which the nextcloud installation will be
acessible. You don't need to add acessible. You don't need to add
@ -277,18 +281,24 @@ in {
}; };
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ assertions = let acfg = cfg.config; in [ {
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null); assertions = let acfg = cfg.config;
message = "Please specify no more than one of dbpass or dbpassFile"; in [
} {
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null) assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
&& !(acfg.adminpass != null && acfg.adminpassFile != null)); message = "Please specify no more than one of dbpass or dbpassFile";
message = "Please specify exactly one of adminpass or adminpassFile"; }
} {
]; assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message =
"Please specify exactly one of adminpass or adminpassFile";
}
];
} }
{ systemd.timers."nextcloud-cron" = { {
systemd.timers."nextcloud-cron" = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m"; timerConfig.OnBootSec = "5m";
timerConfig.OnUnitActiveSec = "15m"; timerConfig.OnUnitActiveSec = "15m";
@ -306,78 +316,98 @@ in {
], ],
'datadirectory' => '${cfg.home}/data', 'datadirectory' => '${cfg.home}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}', 'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} ${
optionalString cfg.caching.apcu
"'memcache.local' => '\\OC\\Memcache\\APCu',"
}
'log_type' => 'syslog', 'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}', 'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} ${
optionalString (cfg.config.overwriteProtocol != null)
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
}
]; ];
''; '';
occInstallCmd = let occInstallCmd = let
c = cfg.config; c = cfg.config;
adminpass = if c.adminpassFile != null adminpass = if c.adminpassFile != null then
then ''"$(<"${toString c.adminpassFile}")"'' ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"''; else
dbpass = if c.dbpassFile != null ''"${toString c.adminpass}"'';
then ''"$(<"${toString c.dbpassFile}")"'' dbpass = if c.dbpassFile != null then
else if c.dbpass != null ''"$(<"${toString c.dbpassFile}")"''
then ''"${toString c.dbpass}"'' else if c.dbpass != null then
else null; ''"${toString c.dbpass}"''
else
null;
installFlags = concatStringsSep " \\\n " installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") { (mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"''; "--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of # The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side # database. Those that evaluate to null on the left hand side
# will be omitted. # will be omitted.
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"''; ${if c.dbname != null then "--database-name" else null} =
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"''; ''"${c.dbname}"'';
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"''; ${if c.dbhost != null then "--database-host" else null} =
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"''; ''"${c.dbhost}"'';
${if (any (x: x != null) [c.dbpass c.dbpassFile]) ${if c.dbport != null then "--database-port" else null} =
then "--database-pass" else null} = dbpass; ''"${toString c.dbport}"'';
${if c.dbtableprefix != null ${if c.dbuser != null then "--database-user" else null} =
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"''; ''"${c.dbuser}"'';
"--admin-user" = ''"${c.adminuser}"''; ${
"--admin-pass" = adminpass; if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
"--data-dir" = ''"${cfg.home}/data"''; "--database-pass"
}); else
in '' null
${occ}/bin/nextcloud-occ maintenance:install \ } = dbpass;
${installFlags} ${
''; if c.dbtableprefix != null then
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 "--database-table-prefix"
(i: v: '' else
${occ}/bin/nextcloud-occ config:system:set trusted_domains \ null
${toString i} --value="${toString v}" } = ''"${toString c.dbtableprefix}"'';
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains)); "--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
});
in ''
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
in { in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ]; before = [ "phpfpm-nextcloud.service" ];
script = '' script = ''
chmod og+x ${cfg.home} chmod og+x ${cfg.home}
ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/ ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
# Do not install if already installed # Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then if [[ ! -e ${cfg.home}/config/config.php ]]; then
${occInstallCmd} ${occInstallCmd}
fi fi
${occ}/bin/nextcloud-occ upgrade ${occ}/bin/nextcloud-occ upgrade
${occ}/bin/nextcloud-occ config:system:delete trusted_domains ${occ}/bin/nextcloud-occ config:system:delete trusted_domains
${occSetTrustedDomainsCmd} ${occSetTrustedDomainsCmd}
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
}; };
"nextcloud-cron" = { "nextcloud-cron" = {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud"; serviceConfig.User = "nextcloud";
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php"; serviceConfig.ExecStart =
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
}; };
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable { "nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
@ -388,25 +418,24 @@ in {
services.phpfpm = { services.phpfpm = {
pools.nextcloud = let pools.nextcloud = let
phpAdminValues = (toKeyValue phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
(foldr (a: b: a // b) {} (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) phpOptions)));
phpOptions))); in {
in { phpOptions = phpOptionsExtensions;
phpOptions = phpOptionsExtensions; phpPackage = phpPackage;
phpPackage = phpPackage; listen = "/run/phpfpm/nextcloud";
listen = "/run/phpfpm/nextcloud"; extraConfig = ''
extraConfig = '' listen.owner = nginx
listen.owner = nginx listen.group = nginx
listen.group = nginx user = nextcloud
user = nextcloud group = nginx
group = nginx ${cfg.poolConfig}
${cfg.poolConfig} env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config
env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin
env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin ${phpAdminValues}
${phpAdminValues} '';
''; };
};
}; };
users.extraUsers.nextcloud = { users.extraUsers.nextcloud = {
@ -457,7 +486,8 @@ in {
priority = 300; priority = 300;
extraConfig = "deny all;"; extraConfig = "deny all;";
}; };
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = { "~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
{
priority = 500; priority = 500;
extraConfig = '' extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf; include ${config.services.nginx.package}/conf/fastcgi.conf;
@ -472,10 +502,11 @@ in {
fastcgi_read_timeout 120s; fastcgi_read_timeout 120s;
''; '';
}; };
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = '' "~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
try_files $uri/ =404; ''
index index.php; try_files $uri/ =404;
''; index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";

BIN
hosts/hera/secret/default.nix
View file

Binary file not shown.

188
hosts/hera/web.nix
View file

@ -2,104 +2,120 @@
let let
inherit (config.m-0) hosts; inherit (config.m-0) hosts;
certPath = "/var/lib/acme/hera.m-0.eu"; certPath = "/var/lib/acme/hera.m-0.eu";
in in {
{ networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [ 80 443 ]; m-0.monitoring = [
m-0.monitoring = [ {
{ name = "web"; host = "web:9100"; } name = "web";
{ name = "web-nginx"; host = "web:9113"; } host = "web:9100";
];
services.sniproxy = {
enable = true;
config = ''
error_log {
syslog daemon
priority warn
} }
access_log { {
syslog daemon name = "web-nginx";
priority error host = "web:9113";
} }
listen 80 { ];
proto http services.sniproxy = {
} enable = true;
listen 443 { config = ''
proto tls error_log {
} syslog daemon
listen 8448 { priority warn
proto tls }
table matrix access_log {
syslog daemon
priority error
}
listen 80 {
proto http
}
listen 443 {
proto tls
}
listen 8448 {
proto tls
table matrix
fallback ${hosts.matrix}:8448 fallback ${hosts.matrix}:8448
} }
table { table {
cloud.maralorn.de ${hosts.cloud} cloud.maralorn.de ${hosts.cloud}
cloud.mathechor.de ${hosts.mathechor-cloud} cloud.mathechor.de ${hosts.mathechor-cloud}
matrix.maralorn.de ${hosts.matrix} matrix.maralorn.de ${hosts.matrix}
riot.maralorn.de ${hosts.matrix} riot.maralorn.de ${hosts.matrix}
.* ${hosts.web} .* ${hosts.web}
} }
table matrix { table matrix {
.* ${hosts.matrix} .* ${hosts.matrix}
} }
''; '';
}; };
containers.web = { containers.web = {
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; }; bindMounts = {
autoStart = true; "${certPath}" = {
privateNetwork = true; hostPath = certPath;
hostBridge = "bridge"; isReadOnly = false;
config = { pkgs, lib, ... }: {
imports = [../../system];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {
blog.enable = true;
mathechor-de = {
enable = true;
password = config.m-0.private.mathechor-pw;
}; };
}; };
services = { autoStart = true;
nginx = { privateNetwork = true;
enable = true; hostBridge = "bridge";
virtualHosts."hera.m-0.eu" = { config = { pkgs, lib, ... }: {
enableACME = true; imports = [ ../../system ];
forceSSL = true; networking = {
locations = { interfaces.eth0 = {
"/" = { ipv6.addresses = [{
extraConfig = '' address = config.m-0.hosts.web;
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain."; prefixLength = 112;
''; }];
};
inherit (config.networking) nameservers;
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {
blog.enable = true;
mathechor-de = {
enable = true;
password = config.m-0.private.mathechor-pw;
};
};
services = {
nginx = {
enable = true;
virtualHosts."hera.m-0.eu" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
extraConfig = ''
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
'';
};
}; };
}; };
}; virtualHosts."maralorn.de" = {
virtualHosts."maralorn.de" = { enableACME = true;
enableACME = true; forceSSL = true;
forceSSL = true; locations = {
locations = { "/.well-known/matrix/server" = {
"/.well-known/matrix/server" = { extraConfig = ''
extraConfig = '' default_type application/json;
default_type application/json; return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}";
return 200 "{\"m.server\": \"matrix.maralorn.de:443\"}"; '';
''; };
}; "/" = {
"/" = { extraConfig = ''
extraConfig = '' return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain.";
return 200 "Hello there. I hope you are having a very nice day! If you don't know what to find here, you probably don't care about this domain."; '';
''; };
}; };
}; };
}; };
}; };
}; };
}; };
};
} }

99
nix/sources.nix
View file

@ -1,61 +1,57 @@
# This file has been generated by Niv. # This file has been generated by Niv.
# A record, from name to path, of the third-party packages # A record, from name to path, of the third-party packages
with rec with rec {
{ pkgs = if hasNixpkgsPath then
pkgs = if hasThisAsNixpkgsPath then
if hasNixpkgsPath import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
then { }
if hasThisAsNixpkgsPath
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
else import <nixpkgs> {}
else else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}; import <nixpkgs> { }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ };
sources_nixpkgs = sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
if builtins.hasAttr "nixpkgs" sources sources.nixpkgs
then sources.nixpkgs else
else abort abort ''
'' Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or add a package called "nixpkgs" to your sources.json.
add a package called "nixpkgs" to your sources.json.
''; '';
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = builtins_fetchTarball = { url, sha256 }@attrs:
{ url, sha256 }@attrs: let inherit (builtins) lessThan nixVersion fetchTarball;
let in if lessThan nixVersion "1.12" then
inherit (builtins) lessThan nixVersion fetchTarball; fetchTarball { inherit url; }
in else
if lessThan nixVersion "1.12" then fetchTarball attrs;
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = builtins_fetchurl = { url, sha256 }@attrs:
{ url, sha256 }@attrs: let inherit (builtins) lessThan nixVersion fetchurl;
let in if lessThan nixVersion "1.12" then
inherit (builtins) lessThan nixVersion fetchurl; fetchurl { inherit url; }
in else
if lessThan nixVersion "1.12" then fetchurl attrs;
fetchurl { inherit url; }
else
fetchurl attrs;
# A wrapper around pkgs.fetchzip that has inspectable arguments, # A wrapper around pkgs.fetchzip that has inspectable arguments,
# annoyingly this means we have to specify them # annoyingly this means we have to specify them
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs; fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success; hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
hasThisAsNixpkgsPath = hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.; == ./.;
sources = builtins.fromJSON (builtins.readFile ./sources.json); sources = builtins.fromJSON (builtins.readFile ./sources.json);
mapAttrs = builtins.mapAttrs or mapAttrs = builtins.mapAttrs or (f: set:
(f: set: with builtins; with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))); listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# borrowed from nixpkgs # borrowed from nixpkgs
functionArgs = f: f.__functionArgs or (builtins.functionArgs f); functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
@ -64,10 +60,11 @@ with rec
in f (auto // args); in f (auto // args);
getFetcher = spec: getFetcher = spec:
let fetcherName = let
if builtins.hasAttr "type" spec fetcherName = if builtins.hasAttr "type" spec then
then builtins.getAttr "type" spec builtins.getAttr "type" spec
else "builtin-tarball"; else
"builtin-tarball";
in builtins.getAttr fetcherName { in builtins.getAttr fetcherName {
"tarball" = fetchzip; "tarball" = fetchzip;
"builtin-tarball" = builtins_fetchTarball; "builtin-tarball" = builtins_fetchTarball;
@ -77,13 +74,9 @@ with rec
}; };
# NOTE: spec must _not_ have an "outPath" attribute # NOTE: spec must _not_ have an "outPath" attribute
mapAttrs (_: spec: mapAttrs (_: spec:
if builtins.hasAttr "outPath" spec if builtins.hasAttr "outPath" spec then
then abort abort "The values in sources.json should not have an 'outPath' attribute"
"The values in sources.json should not have an 'outPath' attribute" else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
else spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec else
then spec) sources
spec //
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
else spec
) sources

5
packages/eventd/default.nix
View file

@ -1,4 +1,7 @@
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }: { fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
, utillinux, libxkbcommon }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "eventd"; name = "eventd";
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445"; version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";

3
packages/jali/default.nix
View file

@ -1,5 +1,6 @@
{ aqbanking, python36Packages, fetchgit }: { aqbanking, python36Packages, fetchgit }:
with python36Packages; buildPythonApplication rec { with python36Packages;
buildPythonApplication rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "jali"; pname = "jali";
doCheck = false; doCheck = false;

4147
packages/tasktree/Cargo.nix
View file

File diff suppressed because it is too large Load diff

41
packages/tasktree/default.nix
View file

@ -1,26 +1,29 @@
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }: { pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
((pkgs.callPackage ./Cargo.nix {}).tasktree_0_1_0 {}).override { , gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
crateOverrides = defaultCrateOverrides // { crateOverrides = defaultCrateOverrides // {
atk-sys = attr: { buildInputs = [ atk ]; }; atk-sys = attr: { buildInputs = [ atk ]; };
pango-sys = attr: { buildInputs = [ pango glib ]; }; pango-sys = attr: { buildInputs = [ pango glib ]; };
gio = attr: { buildInputs = [ glib ]; }; gio = attr: { buildInputs = [ glib ]; };
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; }; gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; }; gtk-sys = attr: {
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
};
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; }; gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; }; gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
tasktree = attrs: tasktree = attrs:
let let
desktopItem = makeDesktopItem { desktopItem = makeDesktopItem {
name = "tasktree"; name = "tasktree";
exec = "tasktree"; exec = "tasktree";
icon = "tasktree"; icon = "tasktree";
comment = "A taskwarrior UI"; comment = "A taskwarrior UI";
desktopName = "Tasktree"; desktopName = "Tasktree";
genericName = "Tasktree"; genericName = "Tasktree";
categories = "Office;"; categories = "Office;";
}; };
version = "abb312f"; version = "abb312f";
in { in {
src = fetchFromGitHub { src = fetchFromGitHub {
rev = version; rev = version;
owner = "maralorn"; owner = "maralorn";
@ -30,12 +33,12 @@
depsSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h"; depsSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
cargoSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h"; cargoSha256 = "14acvigygrrqyvxra2n01vpadc3mcf8981jrggpvwfbz58jrsa7h";
postInstall = '' postInstall = ''
mkdir -p $out/share/applications mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications/ ln -s ${desktopItem}/share/applications/* $out/share/applications/
rm $out/lib/link rm $out/lib/link
''; '';
buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ];
}; };
}; };
} }

9
system/admin.nix
View file

@ -1,7 +1,6 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let me = config.m-0.private.me;
me = config.m-0.private.me;
in { in {
users.users = { users.users = {
"${me.user}" = { "${me.user}" = {
@ -13,8 +12,6 @@ in {
openssh.authorizedKeys.keys = me.keys; openssh.authorizedKeys.keys = me.keys;
passwordFile = me.pw-file; passwordFile = me.pw-file;
}; };
root = { root = { passwordFile = me.pw-file; };
passwordFile = me.pw-file;
};
}; };
} }

21
system/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
inherit (import ../common/lib.nix) sources; inherit (import ../common/lib.nix) sources;
me = config.m-0.private.me; me = config.m-0.private.me;
@ -15,23 +15,21 @@ in {
config = { config = {
i18n = { i18n = { defaultLocale = "en_US.UTF-8"; };
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
networking = { networking = {
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = false; useDHCP = false;
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts); hosts = lib.zipAttrs
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts);
}; };
users = { users = {
mutableUsers = false; mutableUsers = false;
users.root = { users.root = { openssh.authorizedKeys.keys = me.keys; };
openssh.authorizedKeys.keys = me.keys;
};
}; };
environment = { environment = {
@ -43,10 +41,11 @@ in {
}; };
}; };
nix = { nix = {
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ]; binaryCaches =
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ]; [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys =
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
nixPath = [ "/etc/nix-path" ]; nixPath = [ "/etc/nix-path" ];
}; };

45
system/fonts.nix
View file

@ -7,7 +7,8 @@
antialias = true; antialias = true;
cache32Bit = true; cache32Bit = true;
defaultFonts = { defaultFonts = {
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ]; monospace =
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
sansSerif = [ "Roboto Regular" "DejaVu Sans" ]; sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
serif = [ "Roboto Slab Regular" "DejaVu Serif" ]; serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
}; };
@ -20,44 +21,22 @@
enableFontDir = true; enableFontDir = true;
fonts = builtins.attrValues { fonts = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
anonymousPro anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
arkpandora_ttf crimson dejavu_fonts google-fonts inconsolata iosevka
caladea liberationsansnarrow liberation_ttf libertine mononoki montserrat
carlito nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
comfortaa source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
comic-relief terminus_font theano ubuntu_font_family;
crimson
dejavu_fonts
google-fonts
inconsolata
iosevka
liberationsansnarrow
liberation_ttf
libertine
mononoki
montserrat
nerdfonts
norwester-font
opensans-ttf
powerline-fonts
roboto
sampradaya
source-code-pro
source-sans-pro
source-serif-pro
tai-ahom
tempora_lgc
terminus_font
theano
ubuntu_font_family;
}; };
}; };
# create a cache of the font sources, often slow internet connections make it painful to # create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months # re-download them after a few months
environment.etc = let environment.etc = let
# fonts with src attributes # fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts); font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources); in builtins.listToAttrs (lib.imap0 (n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
}) font_sources);
} }

43
system/git.nix
View file

@ -2,12 +2,14 @@
let let
inherit (import ../common/lib.nix) writeHaskellScript haskellList; inherit (import ../common/lib.nix) writeHaskellScript haskellList;
me = config.m-0.private.me; me = config.m-0.private.me;
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"]; test-command =
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"]; [ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
upgrade-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
post-update = writeHaskellScript { post-update = writeHaskellScript {
name = "post-update"; name = "post-update";
bins = [ pkgs.git pkgs.nix ]; bins = [ pkgs.git pkgs.nix ];
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)"]; imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)" ];
} '' } ''
main = do main = do
mirror <- lookupEnv "GL_OPTION_MIRROR" mirror <- lookupEnv "GL_OPTION_MIRROR"
@ -26,17 +28,26 @@ let
exe "sudo" ${haskellList upgrade-command}; exe "sudo" ${haskellList upgrade-command};
writeOutput "Done"; writeOutput "Done";
''; '';
in in {
{ users.users.git.linger =
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [ { commands = [ security.sudo.extraRules = [{
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; } commands = [
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; } {
]; users = [ "git" ]; } ]; command = builtins.concatStringsSep " " test-command;
services.gitolite = { options = [ "NOPASSWD" ];
enable = true; }
user = "git"; {
adminPubkey = builtins.elemAt me.keys 0; command = builtins.concatStringsSep " " upgrade-command;
commonHooks = [ "${post-update}/bin/post-update" ]; options = [ "NOPASSWD" ];
}; }
];
users = [ "git" ];
}];
services.gitolite = {
enable = true;
user = "git";
adminPubkey = builtins.elemAt me.keys 0;
commonHooks = [ "${post-update}/bin/post-update" ];
};
} }

33
system/init_ssh.nix
View file

@ -1,28 +1,23 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib; {
{ options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
options = {
m-0.server.initSSHKey = mkOption {
type = types.path;
};
};
config = { config = {
boot.initrd = { boot.initrd = {
network = { network = {
enable = true;
ssh = {
enable = true; enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
# generate file with # generate file with
# nix-shell -p dropbear # nix-shell -p dropbear
# dropbearkey -t rsa -f boot_rsa # dropbearkey -t rsa -f boot_rsa
hostRSAKey = config.m-0.server.initSSHKey; hostRSAKey = config.m-0.server.initSSHKey;
};
}; };
postMountCommands = "ip link set eth0 down";
}; };
postMountCommands = "ip link set eth0 down";
}; };
};
} }

70
system/modules/blog.nix
View file

@ -3,51 +3,51 @@ with lib;
let let
page = pkgs.stdenv.mkDerivation { page = pkgs.stdenv.mkDerivation {
name = "blog.maralorn.de"; name = "blog.maralorn.de";
src = builtins.fetchGit "git@hera:blog"; src = builtins.fetchGit "git@hera:blog";
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ]; buildInputs =
LC_ALL="en_US.UTF-8"; [ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive"; LC_ALL = "en_US.UTF-8";
buildPhase = '' LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
make html buildPhase = ''
''; make html
installPhase = '' '';
mkdir $out installPhase = ''
cp -r output/* $out mkdir $out
''; cp -r output/* $out
}; '';
};
in in {
{
options = { options = {
m-0.blog = { m-0.blog = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
};
}; };
}; };
};
config = mkIf config.m-0.blog.enable { config = mkIf config.m-0.blog.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
virtualHosts."blog.maralorn.de" = { virtualHosts."blog.maralorn.de" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/" = { "/" = {
root = "${page}"; root = "${page}";
index = "index.html"; index = "index.html";
};
}; };
}; };
}; };
}; };
}; };
};
} }

21
system/modules/laptop.nix
View file

@ -5,8 +5,7 @@ let
me = config.m-0.private.me; me = config.m-0.private.me;
in in {
{
options = { options = {
m-0.laptop.enable = mkOption { m-0.laptop.enable = mkOption {
type = types.bool; type = types.bool;
@ -14,9 +13,7 @@ in
}; };
}; };
config = mkIf config.m-0.laptop.enable { config = mkIf config.m-0.laptop.enable {
networking = { networking = { networkmanager.enable = true; };
networkmanager.enable = true;
};
i18n.consoleKeyMap = "neo"; i18n.consoleKeyMap = "neo";
sound.enable = true; sound.enable = true;
@ -47,18 +44,18 @@ in
''; '';
}; };
mpd = { mpd = {
enable = true; enable = true;
user = me.user; user = me.user;
group = "users"; group = "users";
network.listenAddress = "::1"; network.listenAddress = "::1";
musicDirectory = "/home/${me.user}/data/aktuell/media/musik"; musicDirectory = "/home/${me.user}/data/aktuell/media/musik";
extraConfig = '' extraConfig = ''
audio_output { audio_output {
type "pulse" type "pulse"
name "Pulseaudio" name "Pulseaudio"
server "localhost" server "localhost"
} }
''; '';
}; };
xserver = { xserver = {
enable = true; enable = true;

19
system/modules/loginctl-linger.nix
View file

@ -12,11 +12,14 @@ let
dataDir = "/var/lib/systemd/linger"; dataDir = "/var/lib/systemd/linger";
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger))); lingeringUsers = map (u: u.name)
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsersFile = builtins.toFile "lingering-users" lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
(concatStrings (map (s: "${s}\n") (s: ''
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly ${s}
'') (sort (a: b: a < b)
lingeringUsers))); # this sorting is important for `comm` to work correctly
updateLingering = pkgs.writeScript "update-lingering" '' updateLingering = pkgs.writeScript "update-lingering" ''
# Stop when the system is not running, e.g. during nixos-install # Stop when the system is not running, e.g. during nixos-install
@ -26,14 +29,10 @@ let
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
''; '';
in in {
{
options = { options = {
users.users = mkOption { users.users = mkOption {
options = [{ options = [{ linger = mkEnableOption "lingering for the user"; }];
linger = mkEnableOption "lingering for the user";
}];
}; };
}; };

109
system/modules/mathechor.de.nix
View file

@ -3,73 +3,72 @@ with lib;
let let
me = config.m-0.private.me; me = config.m-0.private.me;
page = pkgs.stdenv.mkDerivation { page = pkgs.stdenv.mkDerivation {
name = "mathechor.de"; name = "mathechor.de";
src = builtins.fetchGit "git@hera:mathechor.de"; src = builtins.fetchGit "git@hera:mathechor.de";
buildInputs = [ pkgs.pandoc pkgs.python3 ]; buildInputs = [ pkgs.pandoc pkgs.python3 ];
LC_ALL="en_US.UTF-8"; LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive"; LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
installPhase = '' installPhase = ''
mkdir $out mkdir $out
cp -r intern/output $out/intern cp -r intern/output $out/intern
cp -r public/output $out/public cp -r public/output $out/public
''; '';
}; };
in in {
{
options = { options = {
m-0.mathechor-de = { m-0.mathechor-de = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
}; };
password = mkOption { password = mkOption { type = types.str; };
type = types.str;
}; };
}; };
};
config = mkIf config.m-0.mathechor-de.enable { config = mkIf config.m-0.mathechor-de.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
virtualHosts."mathechor.de" = { virtualHosts."mathechor.de" = {
serverAliases = ["www.mathechor.de"]; serverAliases = [ "www.mathechor.de" ];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/" = { "/" = {
root = "${page}/public"; root = "${page}/public";
index = "index.html"; index = "index.html";
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}"; extraConfig =
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
};
}; };
}; };
}; virtualHosts."intern.mathechor.de" = {
virtualHosts."intern.mathechor.de" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; basicAuth.mathechor = config.m-0.mathechor-de.password;
basicAuth.mathechor = config.m-0.mathechor-de.password; locations = {
locations = { "/" = {
"/" = { root = "${page}/intern";
root = "${page}/intern"; index = "index.html";
index = "index.html"; };
}; "/mathechor.ics" = {
"/mathechor.ics" = { proxyPass =
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export"; "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
extraConfig = '' extraConfig = ''
proxy_ssl_name cloud.mathechor.de; proxy_ssl_name cloud.mathechor.de;
proxy_ssl_server_name on; proxy_ssl_server_name on;
''; '';
};
}; };
}; };
}; };
}; };
}; };
};
} }

54
system/modules/riot.nix
View file

@ -1,43 +1,37 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let let cfg = config.m-0.riot;
cfg = config.m-0.riot; in {
in
{
options = { options = {
m-0.riot = { m-0.riot = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
}; };
hostname = mkOption { hostname = mkOption { type = types.str; };
type = types.str; config = mkOption { type = types.attrs; };
};
config = mkOption {
type = types.attrs;
}; };
}; };
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
virtualHosts."${cfg.hostname}" = { virtualHosts."${cfg.hostname}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = (import <unstable> {}).riot-web; root = (import <unstable> { }).riot-web;
locations."/config.json" = { locations."/config.json" = {
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
return 200 '${builtins.toJSON cfg.config}'; return 200 '${builtins.toJSON cfg.config}';
''; '';
};
}; };
}; };
}; };
}; };
};
} }

31
system/server.nix
View file

@ -1,20 +1,23 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{
imports = [ ./init_ssh.nix ]; imports = [ ./init_ssh.nix ];
config = { config = {
systemd.services."system-maintenance" = { systemd.services."system-maintenance" = {
startAt = "2:45"; startAt = "2:45";
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix"; environment.NIX_PATH =
path = [ pkgs.git ]; "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
restartIfChanged = false; path = [ pkgs.git ];
unitConfig.X-StopOnRemoval = false; restartIfChanged = false;
serviceConfig = { unitConfig.X-StopOnRemoval = false;
Type = "oneshot"; serviceConfig = {
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance"; Type = "oneshot";
ExecStart = "${
(import ./update-lib.nix
config.system.build.nixos-rebuild).system-maintenance
}/bin/system-maintenance";
};
}; };
}; };
};
} }

21
system/standalone.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
with lib; with lib; {
{
imports = [ ./admin.nix ]; imports = [ ./admin.nix ];
@ -12,24 +11,20 @@ with lib;
mutableUsers = false; mutableUsers = false;
}; };
security.sudo.extraConfig = " security.sudo.extraConfig =
Defaults timestamp_type=global, timestamp_timeout=15 "\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
";
services = { services = { sshd.enable = true; };
sshd.enable = true;
};
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ]; nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
environment = { environment = {
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager # Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
systemPackages = builtins.attrValues ({ systemPackages = builtins.attrValues ({
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance; inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
} // (import ../common/pkgs.nix).system-pkgs); update-system system-maintenance;
sessionVariables = { } // (import ../common/pkgs.nix).system-pkgs);
TERMINFO = "/run/current-system/sw/share/terminfo"; sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
};
}; };
programs = { programs = {

7
system/test-timer.nix
View file

@ -1,12 +1,13 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }: {
{
systemd.services."test-and-bump-config" = { systemd.services."test-and-bump-config" = {
startAt = "20:30"; startAt = "20:30";
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ]; path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
WorkingDirectory = "/var/cache/gc-links"; WorkingDirectory = "/var/cache/gc-links";
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config"; ExecStart = "${
(import ../common/test-lib.nix).test-and-bump-config
}/bin/test-and-bump-config";
}; };
}; };
} }

25
system/update-lib.nix
View file

@ -1,13 +1,13 @@
nixos-rebuild: nixos-rebuild:
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays; inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager gcRetentionDays;
configPath = "/etc/nixos"; configPath = "/etc/nixos";
update-system = writeHaskellScript { update-system = writeHaskellScript {
name = "update-system"; name = "update-system";
bins = [ get-niv-path nixos-rebuild ]; bins = [ get-niv-path nixos-rebuild ];
} } ''
''
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix" getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = tag <$> getNivPath name getNivAssign name = tag <$> getNivPath name
@ -17,16 +17,15 @@ let
paths <- fmap concat . mapM getNivAssign $ ["nixpkgs", "unstable", "home-manager"] paths <- fmap concat . mapM getNivAssign $ ["nixpkgs", "unstable", "home-manager"]
args <- getArgs args <- getArgs
nixos_rebuild (paths ++ ["switch"] ++ args) nixos_rebuild (paths ++ ["switch"] ++ args)
''; '';
system-maintenance = writeHaskellScript system-maintenance = writeHaskellScript {
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} '' name = "system-maintenance";
bins = [ pkgs.nix pkgs.git update-system ];
} ''
main = do main = do
git "-C" "${configPath}" "pull" git "-C" "${configPath}" "pull"
update_system update_system
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d" nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store" nix "optimise-store"
''; '';
in in { inherit update-system system-maintenance; }
{
inherit update-system system-maintenance;
}