maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Reformat

Browse source
This commit is contained in:
Malte Brandy 2019-07-31 23:56:52 +02:00
parent c36c483ab3
commit a1bb4277b1
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
79 changed files with 4803 additions and 4713 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cachix/all-hies.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://all-hies.cachix.org"
];
binaryCachePublicKeys = [
"all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k="
];
binaryCaches = [ "https://all-hies.cachix.org" ];
binaryCachePublicKeys =
[ "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/cachix.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://cachix.cachix.org"
];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
];
binaryCaches = [ "https://cachix.cachix.org" ];
binaryCachePublicKeys =
[ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

11
cachix/nixfmt.nix
View file

@ -1,13 +1,8 @@
{
nix = {
binaryCaches = [
"https://nixfmt.cachix.org"
];
binaryCachePublicKeys = [
"nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI="
];
binaryCaches = [ "https://nixfmt.cachix.org" ];
binaryCachePublicKeys =
[ "nixfmt.cachix.org-1:uyEQg16IhCFeDpFV07aL+Dbmh18XHVUqpkk/35WAgJI=" ];
trustedUsers = [ "root" "maralorn" ];
};
}

27
common/default.nix
View file

@ -4,19 +4,18 @@ with lib;
{
imports = [ ./secret ];
imports = [ ./secret ];
config = {
m-0.monitoring = [ {
config = {
m-0.monitoring = [{
host = "apollo:9100";
name = "apollo";
} ];
};
}];
};
options = {
options = {
m-0.private = mkOption {
default = {};
default = { };
type = types.attrs;
};
m-0.prefix = mkOption {
@ -26,15 +25,11 @@ options = {
m-0.monitoring = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
};
host = mkOption {
type = types.str;
};
name = mkOption { type = types.str; };
host = mkOption { type = types.str; };
};
});
default = [];
default = [ ];
};
m-0.hosts = mkOption {
type = types.attrs;
@ -73,6 +68,6 @@ options = {
monitoring-intern-v4 = "${v4-p}.5";
};
};
};
};
}

26
common/lib.nix
View file

@ -1,18 +1,25 @@
rec {
pkgs = import <nixpkgs> {};
unstable = import <unstable> {};
pkgs = import <nixpkgs> { };
unstable = import <unstable> { };
sources = import ../nix/sources.nix;
shh = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh (drv: {
broken = false;
doCheck = false;
});
shh-extras = unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras (drv: {
shh-extras =
unstable.haskell.lib.overrideCabal unstable.haskellPackages.shh-extras
(drv: {
broken = false;
doCheck = false;
});
haskellList = list: ''["${builtins.concatStringsSep ''", "'' list}"]'';
writeHaskellScript = { name ? "haskell-script", bins ? [pkgs.coreutils], libraries ? [], imports ? []}: code:
unstable.writers.writeHaskellBin name { libraries = libraries ++ [shh unstable.haskellPackages.string-interpolate ]; } ''
writeHaskellScript = { name ? "haskell-script", bins ? [ pkgs.coreutils ]
, libraries ? [ ], imports ? [ ] }:
code:
unstable.writers.writeHaskellBin name {
libraries = libraries
++ [ shh unstable.haskellPackages.string-interpolate ];
} ''
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE TemplateHaskell #-}
{-# LANGUAGE QuasiQuotes #-}
@ -37,9 +44,10 @@ rec {
'';
get-niv-path = writeHaskellScript {
name = "get-niv-path";
bins = [pkgs.nix];
imports = ["System.Console.CmdArgs.Implicit"];
libraries = [ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
bins = [ pkgs.nix ];
imports = [ "System.Console.CmdArgs.Implicit" ];
libraries =
[ unstable.haskellPackages.cmdargs unstable.haskellPackages.text ];
} ''
trimQuotation = pureProc $ LTE.encodeUtf8 . LT.dropAround ('"' ==) . LTE.decodeUtf8 . trim
@ -50,6 +58,6 @@ rec {
nix_build ["-Q", "-E", expr, "--no-out-link"] &> devNull
nix_instantiate ["--eval", "-E", [i|toString #{expr}|]] |> trimQuotation
'';
home-manager = pkgs.callPackage <home-manager/home-manager> {};
home-manager = pkgs.callPackage <home-manager/home-manager> { };
gcRetentionDays = 5;
}

110
common/pkgs.nix
View file

@ -1,72 +1,46 @@
rec {
my-lib = import ../common/lib.nix;
inherit (my-lib) pkgs unstable sources;
tasktree = pkgs.callPackage ../packages/tasktree {};
tasktree = pkgs.callPackage ../packages/tasktree { };
neovim = pkgs.neovim.override {
vimAlias = true;
withPython3 = true;
};
home-neovim = (import ../home-manager/nvim) neovim;
niv = (import sources.niv {}).niv;
niv = (import sources.niv { }).niv;
# pkgs assumed to be present on a non nixos host
core-system-pkgs = {
inherit neovim;
inherit (pkgs)
gitFull
gnumake
python3
mkpasswd
file
wget
curl
wireguard
gnupg
mutt
bind
liboping
psmisc
unzip
rename
whois
lsof;
gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
liboping psmisc unzip rename whois lsof;
};
extra-system-pkgs = {
lorri = import sources.lorri { src = sources.lorri; pkgs = unstable; };
lorri = import sources.lorri {
src = sources.lorri;
pkgs = unstable;
};
inherit niv;
inherit (pkgs.gitAndTools) git-annex;
inherit (pkgs.rxvt_unicode) terminfo;
inherit (pkgs.pythonPackages) qrcode;
inherit (pkgs)
git-crypt
htop
tree
pwgen
borgbackup
inotifyTools
git-crypt htop tree pwgen borgbackup inotifyTools
direnv
socat
nmap
tcpdump
socat nmap tcpdump
tmux
tig
exa
fzf
ag
fd
bat
tmux tig exa fzf ag fd bat
ripgrep
ranger
pass
sshuttle;
pass sshuttle;
};
laptop-home-pkgs = {
@ -80,8 +54,8 @@ rec {
sleep 0.1s;
nmcli r wifi on;
'';
cachix = import sources.cachix {};
nixfmt = import sources.nixfmt {};
cachix = import sources.cachix { };
nixfmt = import sources.nixfmt { };
inherit (pkgs.gnome3) nautilus;
inherit (unstable.haskellPackages) brittany;
inherit (pkgs.xorg) xev xbacklight;
@ -90,49 +64,26 @@ rec {
chromium
# communication
signal-desktop
tdesktop
acpi
dino
mumble
signal-desktop tdesktop acpi dino mumble
# config
arandr
#dev
meld
icedtea8_web
octave
filezilla
meld icedtea8_web octave filezilla
# tools & office
feh
gimp
imagemagick
ghostscript
libreoffice-fresh
pandoc
xournal
musescore
handbrake
evince
feh gimp imagemagick ghostscript libreoffice-fresh pandoc xournal
musescore handbrake evince
networkmanagerapplet
# teamviewer
# teamviewer
# media
ncpamixer
pavucontrol
deluge
mpd
gmpc
calibre
mpv
youtubeDL
ncpamixer pavucontrol deluge mpd gmpc calibre mpv youtubeDL
minetest
;};
minetest;
};
my-home-pkgs = {
print215 = pkgs.writeShellScriptBin "print215" ''
@ -143,7 +94,7 @@ rec {
scp "$@" ag-forward:
ssh ag-forward lpr -r "$@"
'';
};
};
urxvt = pkgs.rxvt_unicode-with-plugins;
terminal = pkgs.writeShellScriptBin "terminal" ''
${urxvt}/bin/urxvtc "$@"
@ -157,20 +108,21 @@ rec {
inherit (pkgs) xautolock;
inherit (pkgs.gnome3) dconf;
};
home-pkgs = {
home-pkgs = {
inherit (pkgs) ncmpcpp;
inherit (my-lib) shh;
inherit home-neovim;
};
accounting-pkgs = {
jali = pkgs.callPackage ../packages/jali {};
};
accounting-pkgs = {
jali = pkgs.callPackage ../packages/jali { };
inherit (pkgs.haskellPackages) hledger hledger-ui;
inherit (pkgs) ledger;
};
};
system-pkgs = core-system-pkgs // extra-system-pkgs // {
inherit (import ./test-lib.nix) test-system-config test-home-config test-and-bump-config;
inherit (import ./test-lib.nix)
test-system-config test-home-config test-and-bump-config;
inherit (import ../common/lib.nix) home-manager;
};
foreign-home-pkgs = extra-system-pkgs;
eventd = pkgs.callPackage ../packages/eventd {};
eventd = pkgs.callPackage ../packages/eventd { };
}

BIN
common/secret/default.nix
View file

Binary file not shown.

44
common/test-lib.nix
View file

@ -1,8 +1,8 @@
let
pkgs = import <nixpkgs> {};
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline:
''
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager unstable niv haskellList;
haskellBody = commandline: ''
getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
getNivAssign dir name = fmap process . getNivPath dir $ name
@ -18,28 +18,37 @@ let
test-system-config = writeHaskellScript {
name = "test-system-config";
inherit bins;
} (haskellBody
''
} (haskellBody ''
nix $ ["build", "-f", "<nixpkgs/nixos>", "system"] ++ paths ++ ["-I", [i|nixos-config=#{configDir}/hosts/#{hostname}/configuration.nix|], "-o", [i|result-system-#{hostname}|]] ++ args
'');
test-home-config = writeHaskellScript {
name = "test-home-config";
inherit bins;
} (haskellBody
''
} (haskellBody ''
nix $ ["build", "-f", "<home-manager/home-manager/home-manager.nix>"] ++ paths ++ ["--argstr", "confPath", [i|#{configDir}/hosts/#{hostname}/home.nix|], "--argstr", "confAttr", "", "--out-link", [i|result-home-manager-#{hostname}|], "activationPackage"] ++ args
'');
repoSrc = "git@hera.m-0.eu:nixos-config";
configPath = "/etc/nixos";
systems = ["apollo" "hera"];
homes = ["apollo" "hera" "hephaistos"];
keys = ["default" "apollo" "hera"];
systems = [ "apollo" "hera" ];
homes = [ "apollo" "hera" "hephaistos" ];
keys = [ "default" "apollo" "hera" ];
test-and-bump-config = writeHaskellScript {
name = "test-and-bump-config";
bins = [ test-system-config test-home-config pkgs.git pkgs.coreutils niv pkgs.git-crypt ];
imports = [ "Control.Exception (bracket)" "System.Directory (withCurrentDirectory)" "Control.Monad (when)"];
bins = [
test-system-config
test-home-config
pkgs.git
pkgs.coreutils
niv
pkgs.git-crypt
];
imports = [
"Control.Exception (bracket)"
"System.Directory (withCurrentDirectory)"
"Control.Monad (when)"
];
} ''
checkout :: IO FilePath
checkout = do
@ -51,7 +60,9 @@ let
path <- readTrim pwd
bracket checkout (rm "-rf") $ \dir -> do
withCurrentDirectory dir $ do
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${haskellList keys}
mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
haskellList keys
}
ignoreFailure $ niv "update"
mapM_ (test_system_config dir) ${haskellList systems}
mapM_ (test_home_config dir) ${haskellList homes}
@ -62,7 +73,4 @@ let
git "-C" dir "commit" "-am" "Update dependencies with niv"
git "-C" dir "push"
'';
in
{
inherit test-system-config test-home-config test-and-bump-config;
}
in { inherit test-system-config test-home-config test-and-bump-config; }

24
home-manager/battery.nix
View file

@ -2,12 +2,12 @@
let
inherit (import ../common/pkgs.nix) eventd;
battery-watch = pkgs.writeScript "battery-watch" ''
#!${pkgs.stdenv.shell}
#!${pkgs.stdenv.shell}
critical_level=20 #percent
critical_level=20 #percent
while true
do
while true
do
if [ "$(${pkgs.acpi}/bin/acpi -a | grep -o off)" == "off" ]; then
battery_level=`${pkgs.acpi}/bin/acpi -b | sed 's/.*[dg], //g;s/\%,.*//g'`
if [ $battery_level -le $critical_level ]; then
@ -18,21 +18,15 @@ do
fi
fi
sleep 2m
done
'';
done
'';
in {
systemd.user = {
services.battery = {
Unit = {
Description = "Watch battery state and warn user";
};
Service = {
ExecStart=toString battery-watch;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Watch battery state and warn user"; };
Service = { ExecStart = toString battery-watch; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

106
home-manager/default.nix
View file

@ -1,9 +1,8 @@
{ pkgs, config, ... }:
let
inherit (config.m-0.private) me meWork;
let inherit (config.m-0.private) me meWork;
in {
imports = [
imports = [
./zsh
./update-script.nix
./modules/taskwarrior.nix
@ -18,10 +17,9 @@ imports = [
./modules/bugwarrior.nix
./modules/pythia.nix
../common
];
];
programs = {
programs = {
home-manager.enable = true;
direnv = {
enable = true;
@ -37,9 +35,7 @@ programs = {
'';
};
git = {
aliases = {
sync = "!git pull -r && git push";
};
aliases = { sync = "!git pull -r && git push"; };
enable = true;
ignores = [
".syncthing*.tmp"
@ -85,47 +81,87 @@ programs = {
matheGwProxy = "ssh -q gw nc -q0 %h %p";
agHost = "fb04217.mathematik.tu-darmstadt.de";
in [
{ host = "charon"; hostname = "charon.olymp.space"; }
{ host = "hera"; hostname = "hera.m-0.eu"; forwardAgent = true; }
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
{ host = "ag"; hostname = agHost; user = meWork.user; }
{ host = "gw"; hostname = "gwres4.mathematik.tu-darmstadt.de"; user = meWork.user; }
{ host = "shells"; hostname = "shells.darmstadt.ccc.de"; }
{ host = "vorstand"; hostname = "vorstand.darmstadt.ccc.de"; }
{ host = "*.darmstadt.ccc.de"; user = me.user; }
{ host = "whisky"; hostname = "whisky.w17.io"; user = "chaos"; }
{ host = "kitchen"; hostname = "kitchen.w17.io"; user = "chaos"; }
{ host = "door.w17.io"; identityFile = "~/.ssh/door_rsa";}
{
host = "charon";
hostname = "charon.olymp.space";
}
{
host = "hera";
hostname = "hera.m-0.eu";
forwardAgent = true;
}
{
host = "ag-forward";
hostname = agHost;
proxyCommand = matheGwProxy;
user = meWork.user;
}
{
host = "ag";
hostname = agHost;
user = meWork.user;
}
{
host = "gw";
hostname = "gwres4.mathematik.tu-darmstadt.de";
user = meWork.user;
}
{
host = "shells";
hostname = "shells.darmstadt.ccc.de";
}
{
host = "vorstand";
hostname = "vorstand.darmstadt.ccc.de";
}
{
host = "*.darmstadt.ccc.de";
user = me.user;
}
{
host = "whisky";
hostname = "whisky.w17.io";
user = "chaos";
}
{
host = "kitchen";
hostname = "kitchen.w17.io";
user = "chaos";
}
{
host = "door.w17.io";
identityFile = "~/.ssh/door_rsa";
}
];
};
};
};
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).home-pkgs;
sessionVariables = {
PATH = "$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
PATH =
"$HOME/.cargo/bin:/etc/profiles/per-user/${config.home.username}/bin:$HOME/.nix-profile/bin:$PATH";
BROWSER = "${pkgs.firefox}/bin/firefox";
EDITOR = "${pkgs.neovim}/bin/nvim";
TERMINAL = config.m-0.terminal;
EMAIL = me.mail;
SUDO_ASKPASS = let
print-pw = pkgs.writeShellScriptBin "print-pw" "pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in
"${print-pw}/bin/print-pw";
print-pw = pkgs.writeShellScriptBin "print-pw"
"pass show eu/m-0/${config.m-0.hostName}/user/${config.home.username}";
in "${print-pw}/bin/print-pw";
};
};
fonts.fontconfig.enableProfileFonts = true;
};
fonts.fontconfig.enableProfileFonts = true;
systemd.user.startServices = true;
systemd.user.startServices = true;
services = {
services = {
gpg-agent = {
enable = true;
defaultCacheTtl = 31536000; # 1year
maxCacheTtl = 31536000; #1year
maxCacheTtl = 31536000; # 1year
};
};
};
xdg.enable = true;
xdg.enable = true;
}

20
home-manager/desktop/default.nix
View file

@ -1,16 +1,9 @@
{ pkgs, lib, config, ... }:
let
inherit (import ../../common/pkgs.nix) desktop-pkgs;
in
{
let inherit (import ../../common/pkgs.nix) desktop-pkgs;
in {
imports = [
./i3.nix
./rofi.nix
./ssh-agent.nix
./eventd.nix
./sleep-nag.nix
];
imports =
[ ./i3.nix ./rofi.nix ./ssh-agent.nix ./eventd.nix ./sleep-nag.nix ];
m-0 = {
workspaces = [
"tasks"
@ -81,7 +74,7 @@ imports = [
color6 = config.m-0.colors.cyan;
color7 = config.m-0.colors.white;
color8 = config.m-0.colors.brightBlack;
color9= config.m-0.colors.brightRed;
color9 = config.m-0.colors.brightRed;
color10 = config.m-0.colors.brightGreen;
color11 = config.m-0.colors.brightYellow;
color12 = config.m-0.colors.brightBlue;
@ -116,7 +109,8 @@ imports = [
};
screen-locker = {
enable = true;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
lockCmd =
"${pkgs.i3lock}/bin/i3lock -n -f -i ~/data/aktuell/media/bilder/lockscreen.png";
};
};
xsession.enable = true;

100
home-manager/desktop/eventd.nix
View file

@ -13,22 +13,18 @@ in {
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
Type="notify";
Sockets="eventd-control.socket eventd.socket";
ExecStart="${eventd}/bin/eventd --listen systemd";
ExecReload="${eventd}/bin/eventdctl reload";
Type = "notify";
Sockets = "eventd-control.socket eventd.socket";
ExecStart = "${eventd}/bin/eventd --listen systemd";
ExecReload = "${eventd}/bin/eventdctl reload";
};
};
};
sockets = {
eventd-control = {
Unit = {
Description = "eventd control socket";
};
Unit = { Description = "eventd control socket"; };
Socket = {
Service = "eventd.service";
SocketMode = "0600";
@ -36,19 +32,17 @@ in {
};
};
eventd = {
Unit = {
Description = "eventd sockets";
};
Unit = { Description = "eventd sockets"; };
Socket = {
SocketMode = "0660";
ListenStream= "%t/eventd/evp";
ListenStream = "%t/eventd/evp";
};
};
};
};
xdg = {
configFile = {
"eventd/eventd.conf".text = lib.generators.toINI {} {
"eventd/eventd.conf".text = lib.generators.toINI { } {
"Queue default" = {
Margin = 10;
Spacing = 2;
@ -72,9 +66,7 @@ in {
Spacing = 1;
Limit = 20;
};
Notification = {
Text = "\${message}";
};
Notification = { Text = "\${message}"; };
NotificationBubble = {
Padding = 10;
Radius = 0;
@ -88,77 +80,49 @@ in {
Colour = colors.foreground;
};
};
"eventd/notification.event".text = lib.generators.toINI {} {
"Event notification *" = {
Actions = "notification";
};
"Event notification kassandra" = {
Actions = "kassandra";
};
"Event command success" = {
Actions = "command-success";
};
"Event command failure" = {
Actions = "command-failure";
};
"Event critical *" = {
Actions = "critical";
};
};
"eventd/command-success.action".text = lib.generators.toINI {} {
Action = {
Name = "command-success";
"eventd/notification.event".text = lib.generators.toINI { } {
"Event notification *" = { Actions = "notification"; };
"Event notification kassandra" = { Actions = "kassandra"; };
"Event command success" = { Actions = "command-success"; };
"Event command failure" = { Actions = "command-failure"; };
"Event critical *" = { Actions = "critical"; };
};
"eventd/command-success.action".text = lib.generators.toINI { } {
Action = { Name = "command-success"; };
Notification = {
Text="<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
Text = "<b>\${command}</b>\\nsucceeded after \${time} @ \${host}";
};
NotificationBubble = {
Colour = colors.black;
Queue = "command";
};
};
"eventd/command-failure.action".text = lib.generators.toINI {} {
Action = {
Name = "command-failure";
};
"eventd/command-failure.action".text = lib.generators.toINI { } {
Action = { Name = "command-failure"; };
Notification = {
Text="<b>\${command}</b>\\nfailed after \${time} @ \${host}";
Text = "<b>\${command}</b>\\nfailed after \${time} @ \${host}";
};
NotificationBubble = {
Queue = "critical";
Colour = colors.red;
};
};
"eventd/critical.action".text = lib.generators.toINI {} {
Action = {
Name = "critical";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
"eventd/critical.action".text = lib.generators.toINI { } {
Action = { Name = "critical"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = {
Queue = "critical";
Colour = colors.red;
};
};
"eventd/kassandra.action".text = lib.generators.toINI {} {
Action = {
Name = "kassandra";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
};
NotificationBubble = {
Queue = "critical";
};
};
"eventd/notification.action".text = lib.generators.toINI {} {
Action = {
Name = "notification";
};
Notification = {
Text = "<b>\${title}</b>\${message/^/\\n}";
"eventd/kassandra.action".text = lib.generators.toINI { } {
Action = { Name = "kassandra"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
NotificationBubble = { Queue = "critical"; };
};
"eventd/notification.action".text = lib.generators.toINI { } {
Action = { Name = "notification"; };
Notification = { Text = "<b>\${title}</b>\${message/^/\\n}"; };
};
};
};

56
home-manager/desktop/i3.nix
View file

@ -30,7 +30,7 @@ let
own_window_hints = 'undecorated,below,skip_taskbar,skip_pager,sticky',
stippled_borders = 0,
update_interval = 1.0,
'';
'';
conkyOrgaConfig = pkgs.writeText "conky.conf" ''
conky.config = {
alignment = 'top_right',
@ -64,13 +64,12 @@ let
]]
'';
addMods = oldbindings: builtins.foldl' (newbindings: key:
addMods = oldbindings:
builtins.foldl' (newbindings: key:
newbindings // {
"Mod4+${key}" = oldbindings.${key};
"Mod3+Mod4+${key}" = oldbindings.${key};
})
{}
(builtins.attrNames oldbindings);
}) { } (builtins.attrNames oldbindings);
in {
xsession = {
@ -92,8 +91,14 @@ in {
});
config = {
startup = [
{ command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}"; notification = false; }
{ command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}"; notification = false; }
{
command = "${pkgs.conky}/bin/conky -c ${conkyOrgaConfig}";
notification = false;
}
{
command = "${pkgs.conky}/bin/conky -c ${conkyMPDConfig}";
notification = false;
}
];
focus = {
followMouse = false;
@ -130,8 +135,7 @@ in {
text = colors.foreground;
};
};
bars = [
{
bars = [{
mode = "hide";
colors = {
separator = colors.white;
@ -157,23 +161,28 @@ in {
text = colors.white;
};
};
} ];
}];
window = {
titlebar = false;
border = 1;
commands = [ { command = "floating disable"; criteria = { class = "Firefox";};} ];
commands = [{
command = "floating disable";
criteria = { class = "Firefox"; };
}];
};
keybindings = {
"XF86AudioMute" = "exec pactl set-sink-mute '@DEFAULT_SINK@' toggle";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" = "exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86AudioLowerVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' -5%";
"XF86AudioRaiseVolume" =
"exec pactl set-sink-volume '@DEFAULT_SINK@' +5%";
"XF86AudioMicMute" =
"exec pactl set-source-mute '@DEFAULT_SOURCE@' toggle";
"XF86MonBrightnessUp" = "exec xbacklight +5";
"XF86MonBrightnessDown" = "exec xbacklight -5";
"XF86Display" = "${exec} ${pkgs.arandr}/bin/arandr";
"Ctrl+Escape" = "${exec} loginctl lock-session;";
} //
addMods ({
} // addMods ({
"Left" = "focus left";
"Down" = "focus down";
"Up" = "focus up";
@ -195,16 +204,17 @@ in {
"m" = "move workspace to output up";
"n" = "move workspace to output right";
"shift+space" = "floating toggle";
"shift+q" = "${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"shift+q" =
"${exec} ${pkgs.i3}/bin/i3-nagbar -t warning -m 'do you want to exit i3?' -b 'yes' 'i3-msg exit'";
"space" = "${exec} hotkeys";
} // builtins.foldl' (bindings: name: let
number = toString ((builtins.length (builtins.attrNames bindings)) / 2);
in
bindings // {
} // builtins.foldl' (bindings: name:
let
number =
toString ((builtins.length (builtins.attrNames bindings)) / 2);
in bindings // {
"${number}" = "workspace ${number}:${name}";
"Shift+${number}" = "move container to workspace ${number}:${name}";
}) {} workspaces
);
}) { } workspaces);
};
};
};

9
home-manager/desktop/rofi.nix
View file

@ -1,14 +1,9 @@
{ pkgs, lib, config, ... }:
with lib;
let
inherit (config.m-0) colors workspaces terminal;
let inherit (config.m-0) colors workspaces terminal;
in {
home = {
packages = with pkgs; [
rofi-pass
];
};
home = { packages = with pkgs; [ rofi-pass ]; };
programs = {
rofi = {
enable = true;

22
home-manager/desktop/sleep-nag.nix
View file

@ -2,29 +2,23 @@
let
inherit (import ../../common/pkgs.nix) eventd;
sleep-nag = pkgs.writeScript "sleep-nag" ''
#!${pkgs.stdenv.shell}
#!${pkgs.stdenv.shell}
while true
do
while true
do
if [[ `date +%H` -ge 23 ]] || [[ `date +%H` -lt 6 ]]; then
${eventd}/bin/eventc notification kassandra -d "title='Es ist $(date +%H:%M) Uhr: Zeit ins Bett zu gehen!'" -d "message='Du kannst das hier auch morgen tun!'"
fi
sleep 10m
done
'';
done
'';
in {
systemd.user = {
services.sleep-nag = {
Unit = {
Description = "Sleep nag";
};
Service = {
ExecStart=toString sleep-nag;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Unit = { Description = "Sleep nag"; };
Service = { ExecStart = toString sleep-nag; };
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};

6
home-manager/desktop/ssh-agent.nix
View file

@ -1,5 +1,4 @@
{ pkgs , config , lib, ... }:
{
{ pkgs, config, lib, ... }: {
xsession.initExtra = let
cat-pw = pkgs.writeShellScriptBin "cat-ssh-pw" ''
@ -12,7 +11,6 @@
systemctl --user set-environment SSH_AGENT_PID="$SSH_AGENT_PID"
SSH_ASKPASS=${cat-pw}/bin/cat-ssh-pw ${pkgs.openssh}/bin/ssh-add & < /dev/null
'';
in
". ${start-agent}/bin/start-ssh-agent";
in ". ${start-agent}/bin/start-ssh-agent";
}

18
home-manager/lib.nix
View file

@ -1,16 +1,12 @@
let
inherit (import ../common/lib.nix) home-manager writeHaskellScript get-niv-path;
in
{
update-home = configPath: writeHaskellScript
{
inherit (import ../common/lib.nix)
home-manager writeHaskellScript get-niv-path;
in {
update-home = configPath:
writeHaskellScript {
name = "update-home";
bins = [
get-niv-path
home-manager
];
}
''
bins = [ get-niv-path home-manager ];
} ''
getNivPath = get_niv_path "${configPath}/nix/sources.nix"

18
home-manager/modules/accounting/default.nix
View file

@ -1,15 +1,13 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption {
type = types.str;
};
options.m-0.accounting.enable = mkEnableOption "Accounting";
options.m-0.accounting.config = mkOption { type = types.str; };
config = mkIf config.m-0.accounting.enable {
config = mkIf config.m-0.accounting.enable {
home.file.".config/jali/config.py".text = config.m-0.accounting.config;
home.packages = builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
home.packages =
builtins.attrValues (import ../../../common/pkgs.nix).accounting-pkgs;
};
}

27
home-manager/modules/bugwarrior.nix
View file

@ -1,10 +1,10 @@
{ config, lib, pkgs , ... }:
{ config, lib, pkgs, ... }:
with lib;
let
inherit (config.m-0.private) me gitlab github otrs;
let inherit (config.m-0.private) me gitlab github otrs;
in {
options.m-0.bugwarrior.enable = mkEnableOption "Sync tasks from issuetrackers";
config = mkIf config.m-0.bugwarrior.enable {
options.m-0.bugwarrior.enable =
mkEnableOption "Sync tasks from issuetrackers";
config = mkIf config.m-0.bugwarrior.enable {
home.file.".config/bugwarrior/bugwarriorrc".text = ''
[general]
targets=cda_gitlab,github
@ -38,24 +38,19 @@ config = mkIf config.m-0.bugwarrior.enable {
'';
systemd.user = {
services.bugwarrior = {
Unit = {
Description = "Run bugwarrior";
};
Unit = { Description = "Run bugwarrior"; };
Service = {
Type = "oneshot";
Environment=''PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin'';
ExecStart= "${pkgs.bugwarrior}/bin/bugwarrior-pull";
Environment =
"PATH=${pkgs.taskwarrior}/bin:${pkgs.eventd}/bin:${pkgs.gnugrep}/bin";
ExecStart = "${pkgs.bugwarrior}/bin/bugwarrior-pull";
};
};
timers.bugwarrior = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
};
};
}

12
home-manager/modules/force-copies.nix
View file

@ -20,16 +20,16 @@ let
echo "Overwriting $HOME/${path}"
cp --remove-destination -T $canonical $HOME/${path};
'';
in with lib;
{
in with lib; {
options.home.forceCopies.paths = mkOption {
default = [];
default = [ ];
type = types.listOf types.str;
};
config.home.activation = {
deleteForcedCopies = config.lib.dag.entryBefore ["checkLinkTargets"]
(builtins.concatStringsSep "\n" (builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter ["linkGeneration"]
deleteForcedCopies = config.lib.dag.entryBefore [ "checkLinkTargets" ]
(builtins.concatStringsSep "\n"
(builtins.map disableCollisionCheck paths));
forceCopies = config.lib.dag.entryAfter [ "linkGeneration" ]
(builtins.concatStringsSep "\n" (builtins.map copyPath paths));
};
}

13
home-manager/modules/home-options.nix
View file

@ -1,18 +1,15 @@
{ lib, config, pkgs, ... }:
with lib;
{
with lib; {
options = {
options = {
m-0 = {
hostName = mkOption {
type = types.str;
};
hostName = mkOption { type = types.str; };
terminal = mkOption {
default = "urxvt";
type = types.str;
};
colors = mkOption {
default = {};
default = { };
type = types.attrs;
};
workspaces = mkOption {
@ -20,6 +17,6 @@ options = {
type = types.listOf types.str;
};
};
};
};
}

21
home-manager/modules/latex.nix
View file

@ -1,25 +1,20 @@
{ lib, pkgs, config, ... }:
with lib;
{
with lib; {
options.m-0.latex.enable = mkEnableOption "Latex";
options.m-0.latex.enable = mkEnableOption "Latex";
config = mkIf config.m-0.latex.enable {
config = mkIf config.m-0.latex.enable {
programs = {
texlive = {
enable = true;
extraPackages = tpkgs: {inherit (tpkgs)
scheme-small
pdfjam
latexmk
collection-latexextra
collection-bibtexextra
collection-luatex
collection-mathscience
extraPackages = tpkgs: {
inherit (tpkgs)
scheme-small pdfjam latexmk collection-latexextra
collection-bibtexextra collection-luatex collection-mathscience
collection-fontsextra;
};
};
};
};
};
}

64
home-manager/modules/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
mail = config.m-0.mail;
@ -6,24 +6,24 @@ let
maildir = config.accounts.email.maildirBasePath;
in {
options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption {
type = types.attrs;
};
options.m-0.mail.enable = mkEnableOption "private-mail";
options.m-0.mail.accounts = mkOption { type = types.attrs; };
config = mkIf mail.enable {
config = mkIf mail.enable {
services.mbsync = {
services.mbsync = {
enable = true;
frequency = "*:0/30";
verbose = false;
postExec = "${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
};
postExec =
"${pkgs.notmuch}/bin/notmuch --config=${config.home.sessionVariables.NOTMUCH_CONFIG} new";
};
accounts.email.accounts = config.m-0.mail.accounts;
accounts.email.accounts = config.m-0.mail.accounts;
systemd.user.services = let
mkService = name: account: let
systemd.user.services = let
mkService = name: account:
let
configjs = pkgs.writeText "config.js" ''
var child_process = require('child_process');
@ -42,31 +42,26 @@ systemd.user.services = let
exports.onNotifyPost = "${pkgs.notmuch}/bin/notmuch new"
exports.boxes = [ "Inbox" ];
'';
in
{
Unit = {
Description = "Run imapnotify for imap account ${name}";
};
in {
Unit = { Description = "Run imapnotify for imap account ${name}"; };
Service = {
ExecStart= "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
ExecStart = "${pkgs.imapnotify}/bin/imapnotify -c ${configjs}";
Restart = "always";
RestartSec = "1min";
};
Install = {
WantedBy = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
};
mkServiceWithName = name: account: {
name = "imapnotify-${name}-inbox";
value = mkService name account;
};
hasImapHost = name: account: account.imap != null;
in
mapAttrs' mkServiceWithName (filterAttrs hasImapHost config.accounts.email.accounts);
in mapAttrs' mkServiceWithName
(filterAttrs hasImapHost config.accounts.email.accounts);
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
programs.msmtp.enable = true;
programs.mbsync.enable = true;
programs.notmuch = {
enable = true;
hooks.postInsert = ''
${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
@ -75,17 +70,16 @@ programs.notmuch = {
${pkgs.notmuch}/bin/notmuch tag -spam -- "(not folder:/Junk|Spam|SPAM/) tag:spam"
'';
new = {
tags = [];
tags = [ ];
ignore = [ ".isyncuidmap.db" ];
};
maildir.synchronizeFlags = true;
};
};
home = {
packages = with pkgs; [
neomutt
];
packages = with pkgs; [ neomutt ];
file = let
mutt_alternates = "@maralorn.de " + (builtins.concatStringsSep " " me.alternates);
mutt_alternates = "@maralorn.de "
+ (builtins.concatStringsSep " " me.alternates);
show-sidebar = pkgs.writeText "show-sidebar" ''
set sidebar_visible=yes
bind index <up> sidebar-prev
@ -178,11 +172,13 @@ programs.notmuch = {
set sidebar_format = "%B%* %?N?%N/?%S"
alias f__0 ${me.name} <${me.mail}>
${builtins.concatStringsSep "\n" (lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>") me.alternates)}
${builtins.concatStringsSep "\n"
(lib.imap1 (n: x: "alias f__${toString n} ${me.name} <${x}>")
me.alternates)}
send2-hook '~f fill-later' "push <edit-from><kill-line>f__<complete><search>${me.mail}<enter>"
'';
};
};
};
};
}

120
home-manager/modules/pythia.nix
View file

@ -1,9 +1,8 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let
options.m-0.pythia.enable = mkEnableOption "Pythia";
config = mkIf config.m-0.pythia.enable (let
pythia-path = "${config.home.homeDirectory}/data/aktuell/pythia";
pythia = pkgs.writeShellScriptBin "pythia" ''
datei=${pythia-path}/$(date +%Y-%m-%d)
@ -45,73 +44,70 @@ config = mkIf config.m-0.pythia.enable (let
hold = "echo -n '>'; read a;";
dong = "${pkgs.mpv}/bin/mpv dong.ogg &> /dev/null &";
meditate = pkgs.writeShellScriptBin "meditate" ''
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
cd ${pythia-path}
i3-msg fullscreen &> /dev/null
start=`${pkgs.taskwarrior}/bin/task calc now`
mpv background.ogg &> /dev/null &
${run-printslow} << EOF
Hallo Malte,
hier spricht Pythia.
hier spricht Pythia.
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
Herzlich willkommen zur Besinnung, Ruhefindung und Orientierung.
Bist Du bereit?
EOF
${hold}
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Bist Du bereit?
EOF
${hold}
${run-printslow} << EOF
Gut, dann lass uns starten.
EOF
sleep 3s
${run-printslow} << EOF
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
Nimm Dir ein wenig Zeit um die Gedanken zu sammeln, die unerledigt sind.
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
EOF
sleep 1s
${run-pythia}
${run-printslow} << EOF
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
Nimm Dir nun mindestens 5 Minuten Auszeit um tief zu entspannen.
Achte auf Deine Atmung und Deinen Körper.
Beruhige Deine Gedanken und gehe in Dich.
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
EOF
${dong}
sleep 5m
${dong}
${hold}
${threefortunes}
${run-printslow} << EOF
Nun ist die Zeit für Reflektion und um an Deinem Credo zu arbeiten.
EOF
sleep 3s
${run-pythia}
${run-printslow} << EOF
Melde Dich, wenn Du bereit für Dein Credo bist.
EOF
${hold}
${run-printslow} credo
${hold}
${run-printslow} << EOF
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
Nun genieße die gewonne Energie um Dich auf die Zukunft vorzubereiten.
EOF
${hold}
${threefortunes}
${dong}
echo Dauer der Meditation | ${run-printslow}
${pkgs.taskwarrior}/bin/task calc now-$start
${pkgs.taskwarrior}/bin/task gen_id:meditation done
${hold}
exit
'';
in {
home.packages = with pkgs; [
pythia
meditate
];
});
home.packages = with pkgs; [ pythia meditate ];
});
}

17
home-manager/modules/rustdev.nix
View file

@ -1,15 +1,10 @@
{ lib, pkgs, config, ...}:
with lib;
{
{ lib, pkgs, config, ... }:
with lib; {
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
options.m-0.rustdev.enable = mkEnableOption "Rust Dev";
config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [
rustup
nix-prefetch-scripts
gcc
];
};
config = mkIf config.m-0.rustdev.enable {
home.packages = with pkgs; [ rustup nix-prefetch-scripts gcc ];
};
}

60
home-manager/modules/taskwarrior.nix
View file

@ -1,4 +1,4 @@
{ lib, pkgs, config, ...}:
{ lib, pkgs, config, ... }:
with lib;
let
tasksync = pkgs.writeShellScriptBin "tasksync" ''
@ -6,7 +6,9 @@ let
cd ${config.home.homeDirectory}/.task
${pkgs.git}/bin/git add completed.data pending.data > /dev/null
${pkgs.git}/bin/git commit -m 'Updating task data' > /dev/null
${pkgs.git}/bin/git pull -X ${if config.m-0.taskwarrior.git_active then "ours" else "theirs"} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.git}/bin/git pull -X ${
if config.m-0.taskwarrior.git_active then "ours" else "theirs"
} | ${pkgs.gnugrep}/bin/grep -v "Already up to date."
${pkgs.taskwarrior}/bin/task diagnostics | ${pkgs.gnugrep}/bin/grep "Found duplicate" | ${pkgs.gnused}/bin/sed 's/.*Found duplicate //' | ${pkgs.findutils}/bin/xargs -i ${pkgs.gnused}/bin/sed -i '0,/uuid:"{}"/{/uuid:"{}"/d}' completed.data > /dev/null
${pkgs.git}/bin/git add completed.data > /dev/null
${pkgs.git}/bin/git commit -m 'Fixing duplicates' > /dev/null
@ -14,26 +16,21 @@ let
true
'';
in {
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption "This machine will prefer its own state in case of a merge conflict, if enabled.";
config = mkIf config.m-0.taskwarrior.enable {
options.m-0.taskwarrior.enable = mkEnableOption "Taskwarrior";
options.m-0.taskwarrior.git_active = mkEnableOption
"This machine will prefer its own state in case of a merge conflict, if enabled.";
config = mkIf config.m-0.taskwarrior.enable {
systemd.user = {
services.tasksync = {
Unit = {
Description = "Update tasks";
};
Unit = { Description = "Update tasks"; };
Service = {
ExecStart="${tasksync}/bin/tasksync";
Type="oneshot";
ExecStart = "${tasksync}/bin/tasksync";
Type = "oneshot";
};
};
timers.tasksync = {
Timer = {
OnCalendar = "*:0/1";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "*:0/1"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};
home = {
@ -174,32 +171,23 @@ config = mkIf config.m-0.taskwarrior.enable {
};
xdg = let
taskAction = name: template: {
"eventd/task-${name}.action".text = generators.toINI {} {
Action = {
Name = "task-${name}";
};
Notification = {
Text = template;
};
NotificationBubble = {
Queue = "tasks";
};
"eventd/task-${name}.action".text = generators.toINI { } {
Action = { Name = "task-${name}"; };
Notification = { Text = template; };
NotificationBubble = { Queue = "tasks"; };
};
};
in {
configFile = {
"eventd/task.event".text = generators.toINI {} {
"Event task add" = {
Actions = "task-new";
"eventd/task.event".text = generators.toINI { } {
"Event task add" = { Actions = "task-new"; };
"Event task modify" = { Actions = "task-changed"; };
};
"Event task modify" = {
Actions = "task-changed";
} // taskAction "changed"
"Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}"
// taskAction "new"
"New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
};
};
} //
taskAction "changed" "Changes in task:\\n<b>\${description}</b>\${status:+\\nStatus: }\${status}\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}" //
taskAction "new" "New \${status} task\${tags:! in inbox}:\\n<b>\${description}</b>\${tags:+\\nTags: }\${tags}\${project:+\\nProject: }\${project}";
};
};
}

21
home-manager/modules/unlock.nix
View file

@ -1,12 +1,10 @@
{ pkgs, lib, config, ...}:
{ pkgs, lib, config, ... }:
with lib;
let
makeUnlocker = { name, hostName, pubKey, passPath }:
let
knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in
pkgs.writeShellScriptBin "unlock-${name}" ''
let knownHosts = pkgs.writeText "KnownBootHosts" "${hostName} ${pubKey}";
in pkgs.writeShellScriptBin "unlock-${name}" ''
echo "Waiting for host to come up";
while true; do
echo -n .
@ -17,16 +15,13 @@ let
echo "Ping successful; Entering disk encryption password"
${pkgs.pass}/bin/pass ${passPath} | ssh -4 root@${hostName} -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass && echo "Unlocking of ${name} successful" || echo "Unlocking of ${name} failed"
'';
in
{
in {
options.m-0.unlocker = mkOption {
default = [];
options.m-0.unlocker = mkOption {
default = [ ];
type = types.listOf types.attrs;
};
};
config = {
home.packages = map makeUnlocker config.m-0.unlocker;
};
config = { home.packages = map makeUnlocker config.m-0.unlocker; };
}

23
home-manager/modules/weechat/default.nix
View file

@ -3,21 +3,17 @@ with lib;
let
in {
options.m-0.weechat = {
options.m-0.weechat = {
enable = mkEnableOption "Weechat";
channels = mkOption {
type = types.str;
default = "";
};
user = mkOption {
type = types.str;
user = mkOption { type = types.str; };
pw = mkOption { type = types.str; };
};
pw = mkOption {
type = types.str;
};
};
config = mkIf config.m-0.weechat.enable {
config = mkIf config.m-0.weechat.enable {
home.file = {
python_plugins = {
target = ".weechat/python";
@ -91,19 +87,16 @@ config = mkIf config.m-0.weechat.enable {
systemd.user.services = {
weechat = {
Unit = {
Description = "Weechat Tmux Session";
};
Unit = { Description = "Weechat Tmux Session"; };
Service = {
Type = "forking";
ExecStart = "${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
ExecStart =
"${pkgs.tmux}/bin/tmux -L weechat -2 new-session -d -s irc -n weechat '${pkgs.weechat}/bin/weechat'";
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
Install = { WantedBy = [ "default.target" ]; };
};
};
};
};
}

13
home-manager/nvim/default.nix
View file

@ -6,16 +6,9 @@ neovim.override {
customRC = builtins.readFile ./vimrc;
packages.myVimPackage = {
start = builtins.attrValues {
inherit ((import <nixpkgs> {}).vimPlugins)
vim-nix
vimtex
airline
rust-vim
fugitive
vim-trailing-whitespace
vim-pandoc
vim-pandoc-syntax
haskell-vim;
inherit ((import <nixpkgs> { }).vimPlugins)
vim-nix vimtex airline rust-vim fugitive vim-trailing-whitespace
vim-pandoc vim-pandoc-syntax haskell-vim;
};
};
};

10
home-manager/on-foreign-machine.nix
View file

@ -2,13 +2,11 @@
let
inherit (import ../common/lib.nix) writeHaskellScript;
sources = import ../nix/sources.nix;
in
{
in {
home = {
packages = builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = {
NIX_PATH = "$HOME/.nix-path";
};
packages =
builtins.attrValues (import ../common/pkgs.nix).foreign-home-pkgs;
sessionVariables = { NIX_PATH = "$HOME/.nix-path"; };
file = {
home-manager-source = {
target = ".nix-path/home-manager";

3
home-manager/on-my-machine.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
home = {
username = "maralorn";
homeDirectory = "/home/maralorn";

18
home-manager/unused/morgenreport.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
cd $HOME/data/aktuell/media/ebooks/morgenreport/
DATE=`date +%Y-%m-%d`
PATH=$PATH:/run/wrappers/bin/
@ -11,24 +11,18 @@ morgenreport-script = pkgs.writeShellScriptBin "morgenreport" ''
echo "File created, sending to kindle now "
echo 'Siehe Anhang' | ${pkgs.mutt}/bin/mutt -s "Morgenreport $DATE" -a morgenreport-$DATE.mobi -- maralorn@kindle.com
'';
urls = [ "https://erdspektive.org/feed/" ];
urls = [ "https://erdspektive.org/feed/" ];
in {
home.packages = [ morgenreport-script];
home.packages = [ morgenreport-script ];
systemd.user = {
services.morgenreport = {
Unit = {
Description = "Send morgenreport to kindle";
};
Unit = { Description = "Send morgenreport to kindle"; };
Service = {
Type = "oneshot";
ExecStart="/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = {
Timer = {
OnCalendar = "20:00";
ExecStart = "/bin/sh ${morgenreport-script}/bin/morgenreport";
};
};
timers.morgenreport = { Timer = { OnCalendar = "20:00"; }; };
};
}

18
home-manager/unused/sort-mail.nix
View file

@ -1,8 +1,6 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.sort-mail =
let
services.sort-mail = let
sort-mail-script = pkgs.writeShellScriptBin "sort-mail" ''
${pkgs.isync}/bin/mbsync -a
@ -18,19 +16,13 @@
${pkgs.isync}/bin/mbsync -a
'';
in {
Unit = {
Description = "Sort E-Mails";
};
Unit = { Description = "Sort E-Mails"; };
Service = {
Type = "oneshot";
ExecStart="/bin/sh ${sort-mail-script}/bin/sort-mail";
};
};
timers.sort-mail = {
Timer = {
OnCalendar = "minutely";
ExecStart = "/bin/sh ${sort-mail-script}/bin/sort-mail";
};
};
timers.sort-mail = { Timer = { OnCalendar = "minutely"; }; };
};
}

8
home-manager/unused/update-hm.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
path = https://github.com/rycee/home-manager/archive/release-17.09.tar.gz;
path = "https://github.com/rycee/home-manager/archive/release-17.09.tar.gz";
home-manager = (import ../../home-manager {
inherit pkgs;
inherit path;
@ -8,13 +8,11 @@ let
in {
systemd.user = {
services.update-hm = {
Unit = {
Description = "Update home-manager";
};
Unit = { Description = "Update home-manager"; };
Service = {
Type = "oneshot";
ExecStart="${home-manager}/bin/home-manager switch";
ExecStart = "${home-manager}/bin/home-manager switch";
};
};
timers.update-hm = {

9
home-manager/unused/urxvt.nix
View file

@ -1,12 +1,7 @@
{ pkgs, lib, config, ... }:
let
colors = config.common.colors;
let colors = config.common.colors;
in {
home = {
packages = with pkgs; [
rxvt_unicode-with-plugins
];
};
home = { packages = with pkgs; [ rxvt_unicode-with-plugins ]; };
xresources.properties = {
"*transparent" = true;
"*tintColor" = colors.background;

13
home-manager/update-script.nix
View file

@ -1,18 +1,21 @@
{ pkgs, config, lib, ... }:
let
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path gcRetentionDays;
inherit (import ./lib.nix) update-home;
configPath = "/home/${config.home.username}/git/nixos/config";
home-maintenance = writeHaskellScript
{ name = "home-maintenance"; imports = [ ]; bins = [ (update-home configPath) pkgs.nix pkgs.git];} ''
home-maintenance = writeHaskellScript {
name = "home-maintenance";
imports = [ ];
bins = [ (update-home configPath) pkgs.nix pkgs.git ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_home
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
in {
home = {
packages = builtins.attrValues {
inherit home-maintenance get-niv-path;

24
home-manager/update_tasks.nix
View file

@ -1,26 +1,18 @@
{ config, lib, pkgs , ... }:
let
inherit (import ../common/pkgs.nix) eventd;
in
{
{ config, lib, pkgs, ... }:
let inherit (import ../common/pkgs.nix) eventd;
in {
systemd.user = {
services.update_tasks = {
Unit = {
Description = "Update taskwarrior tasks";
};
Unit = { Description = "Update taskwarrior tasks"; };
Service = {
Type = "oneshot";
Environment="PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
ExecStart= "${config.home.homeDirectory}/.cargo/bin/update_tasks";
Environment = "PATH=${pkgs.taskwarrior}/bin:${eventd}/bin";
ExecStart = "${config.home.homeDirectory}/.cargo/bin/update_tasks";
};
};
timers.update_tasks = {
Timer = {
OnCalendar = "hourly";
};
Install = {
WantedBy = [ "timers.target" ];
};
Timer = { OnCalendar = "hourly"; };
Install = { WantedBy = [ "timers.target" ]; };
};
};

6
home-manager/zsh/default.nix
View file

@ -1,6 +1,6 @@
{pkgs, ... }: {
{ pkgs, ... }: {
programs = {
programs = {
zsh = {
enable = true;
enableAutosuggestions = true;
@ -15,6 +15,6 @@ programs = {
plugins = [ "colored-man-pages" "git-prompt" ];
};
};
};
};
}

55
hosts/apollo/configuration.nix
View file

@ -8,7 +8,7 @@ let
nixos-hardware = (import ../../nix/sources.nix).nixos-hardware;
in {
imports = [
imports = [
"${nixos-hardware}/lenovo/thinkpad"
"${nixos-hardware}/common/pc/ssd"
"${(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark")}"
@ -16,9 +16,9 @@ imports = [
../../system
../../system/fonts.nix
../../system/standalone.nix
];
];
networking = {
networking = {
hostName = "apollo";
firewall.allowedTCPPorts = [ 8888 ];
firewall.allowedUDPPorts = [ 30000 ];
@ -27,29 +27,26 @@ networking = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [
{
peers = [{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
persistentKeepalive = 25;
}
];
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
}];
postSetup =
[ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
};
};
};
};
m-0 = {
laptop.enable = true;
};
m-0 = { laptop.enable = true; };
#let
#let
#secretsFile = "/var/lib/luks-secret/key";
#secretsInitrd = "/boot/grub/secrets-initrd.gz";
#in
#{
#in
#{
#imports = [
#({lib, config, ...}: lib.mkIf (builtins.pathExists secretsFile) {
@ -71,11 +68,10 @@ m-0 = {
#};
#})
#];
#}
#}
# Use the systemd-boot EFI boot loader.
boot = {
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
efi = {
canTouchEfiVariables = true;
@ -92,14 +88,15 @@ boot = {
};
supportedFilesystems = [ "exfat" ];
};
};
services = {
prometheus.exporters.node.firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
services = {
prometheus.exporters.node.firewallFilter =
"-i m0wire -p tcp -m tcp --dport 9100";
autorandr.enable = true;
borgbackup.jobs.data = {
doInit = false;
startAt = [];
startAt = [ ];
exclude = [
"/home/${me.user}/data/aktuell/media"
"/home/${me.user}/data/.stversions"
@ -109,15 +106,17 @@ services = {
repo = "borg@borg:.";
compression = "zstd,5";
};
};
};
cdark_net = {
cdark_net = {
enable = true;
hostName = "${me.user}_${config.networking.hostName}";
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
hostsDirectory = (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
+ /secret/tinc/ed25519_key.priv;
hostsDirectory =
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
ip6address = "fd23:42:cda:4342::2";
ip4address = "172.20.71.2";
};
};
}

21
hosts/apollo/hardware-configuration.nix
View file

@ -4,29 +4,28 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fileSystems."/" = {
device = "/dev/disk/by-uuid/ce5b0ac6-6eaf-45a6-b6c8-bd4958caf335";
fsType = "btrfs";
};
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
boot.initrd.luks.devices."nixos".device =
"/dev/disk/by-uuid/78acaebe-952a-43b1-acc8-66c35a60577e";
fileSystems."/boot/EFI" =
{ device = "/dev/disk/by-uuid/C4A6-3DB5";
fileSystems."/boot/EFI" = {
device = "/dev/disk/by-uuid/C4A6-3DB5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }
];
[{ device = "/dev/disk/by-uuid/b80468d0-d834-419f-8985-c6fa2274909e"; }];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

51
hosts/apollo/home.nix
View file

@ -1,17 +1,17 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
../../home-manager/battery.nix
../../home-manager/update_tasks.nix
../../home-manager/desktop
];
];
home.packages = builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
home.packages =
builtins.attrValues (import ../../common/pkgs.nix).laptop-home-pkgs;
m-0 = {
m-0 = {
hostName = "apollo";
latex.enable = true;
accounting = {
@ -24,17 +24,18 @@ m-0 = {
git_active = true;
};
pythia.enable = true;
unlocker = [ {
unlocker = [{
name = "hera";
hostName = "hera-v4";
pubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
pubKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt";
passPath = "eu/m-0/hera/disk";
} ];
}];
mail = {
enable = true;
accounts = config.m-0.private.mail_accounts;
};
};
};
home.file.".ncmpcpp/config".text = ''
ask_before_clearing_playlists=no
@ -46,9 +47,7 @@ m-0 = {
user_interface = alternative
'';
programs = {
firefox = {
enable = true;
};
firefox = { enable = true; };
git = {
signing = {
signByDefault = true;
@ -65,20 +64,24 @@ m-0 = {
network-manager-applet.enable = true;
};
programs.autorandr = {
programs.autorandr = {
enable = true;
hooks = {
postswitch = {
"restart-i3" = "${pkgs.i3}/bin/i3-msg restart";
"update-background" = "${pkgs.systemd}/bin/systemctl --user restart random-background.service";
"update-background" =
"${pkgs.systemd}/bin/systemctl --user restart random-background.service";
};
};
profiles = {
"home" = {
fingerprint = {
"DP-2-2" = "00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" = "00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
"DP-2-2" =
"00ffffffffffff00046997244a2e00001615010380351e782a6045a6564a9c25125054bf6f00714f814081809500b300d1c081c08100023a801871382d40582c4500132b2100001e000000ff0042364c4d54463031313835300a000000fd00324b1e5011000a202020202020000000fc00415355532056573234380a20200052";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2-1" =
"00ffffffffffff0005b70000570500000a120103082a1a782ae5b5a355499927135054bfef809500950f8140718f01010101010101019a29a0d05184223050983600a4001100001c000000ff003030313336370a202020202020000000fd00374b1e500e000a202020202020000000fc0058313931305744530a2020202000bf";
};
config = {
eDP-1 = {
@ -101,8 +104,10 @@ programs.autorandr = {
};
"work" = {
fingerprint = {
"DP-2" = "00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"DP-2" =
"00ffffffffffff0009d1ce7845540000101a01030e351e782e6b35a455559f270c5054a56b80d1c081c081008180a9c0b30001010101023a801871382d40582c4500132b2100001e000000ff005334473034343238534c300a20000000fd00324c1e5315000a202020202020000000fc0042656e5120474c323436300a2000e2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
@ -120,7 +125,8 @@ programs.autorandr = {
};
"default" = {
fingerprint = {
"eDP-1" = "00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
"eDP-1" =
"00ffffffffffff0006af362300000000001b0104a51f117802f4f5a4544d9c270f505400000001010101010101010101010101010101e65f00a0a0a040503020350035ae100000180000000f0000000000000000000000000020000000fe0041554f0a202020202020202020000000fe004231343051414e30322e33200a00b2";
};
config = {
eDP-1 = {
@ -132,7 +138,6 @@ programs.autorandr = {
};
};
};
};
};
}

BIN
hosts/apollo/secret/default.nix
View file

Binary file not shown.

11
hosts/apollo/syncthing.nix
View file

@ -1,11 +1,10 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
services = mkIf config.m-0.standalone.enable {
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
services = mkIf config.m-0.standalone.enable {
syncthing = {
dataDir = "/home/${me.user}/.config/syncthing";
enable = true;
@ -13,6 +12,6 @@ services = mkIf config.m-0.standalone.enable {
user = me.user;
openDefaultPorts = true;
};
};
};
}

42
hosts/hephaistos/home.nix
View file

@ -1,14 +1,9 @@
{ pkgs, config, ... }:
{
imports = [
../../home-manager
../../home-manager/on-foreign-machine.nix
];
{ pkgs, config, ... }: {
imports = [ ../../home-manager ../../home-manager/on-foreign-machine.nix ];
systemd.user.systemctlPath = "/usr/bin/systemctl";
systemd.user.systemctlPath = "/usr/bin/systemctl";
m-0 = {
m-0 = {
hostName = "fb04217";
#latex.enable = true;
#taskwarrior = {
@ -18,9 +13,9 @@ m-0 = {
#update_tasks.enable = true;
#eventd.enable = true;
#pythia.enable = true;
};
};
home = {
home = {
username = "brandy";
homeDirectory = "/home/brandy";
language = {
@ -31,17 +26,18 @@ home = {
time = "C.UTF-8";
};
sessionVariables = {
LANGUAGE="en_US";
LC_CTYPE="C.UTF-8";
LC_NUMERIC="C.UTF-8";
LC_COLLATE="C.UTF-8";
LC_MESSAGES="C.UTF-8";
LC_NAME="C.UTF-8";
LC_TELEPHONE="C.UTF-8";
LC_MEASUREMENT="C.UTF-8";
LC_IDENTIFICATION="C.UTF-8";
LANGUAGE = "en_US";
LC_CTYPE = "C.UTF-8";
LC_NUMERIC = "C.UTF-8";
LC_COLLATE = "C.UTF-8";
LC_MESSAGES = "C.UTF-8";
LC_NAME = "C.UTF-8";
LC_TELEPHONE = "C.UTF-8";
LC_MEASUREMENT = "C.UTF-8";
LC_IDENTIFICATION = "C.UTF-8";
};
forceCopies.paths = [ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
forceCopies.paths =
[ "bin/proot" "bin/with-nix" "bin/run-in-nix" ".bashrc" ".zshrc" ];
file = {
".bashrc".text = ''
[ -z "$PS1" ] && return
@ -74,7 +70,7 @@ home = {
nix-collect-garbage --delete-older-than 5d
nix-store --optimise
'')
] ++ ((import ../../common/pkgs.nix).);
};
];
};
}

10
hosts/hephaistos/nix-gc.nix
View file

@ -1,14 +1,12 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-gc = {
Unit = {
Description = "Collect garbage";
};
Unit = { Description = "Collect garbage"; };
Service = {
Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
ExecStart =
"${pkgs.nix}/bin/nix-collect-garbage --delete-older-than 5d";
};
};
timers.nix-gc = {

9
hosts/hephaistos/nix-update-channel.nix
View file

@ -1,14 +1,11 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.nix-update = {
Unit = {
Description = "Update nix-channel";
};
Unit = { Description = "Update nix-channel"; };
Service = {
Type = "oneshot";
ExecStart="${pkgs.nix}/bin/nix-channel --update";
ExecStart = "${pkgs.nix}/bin/nix-channel --update";
};
};
timers.nix-update = {

14
hosts/hephaistos/syncthing.nix
View file

@ -1,18 +1,18 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
systemd.user = {
services.syncthing = {
Unit = {
Description = "Syncthing";
ConditionHost = "fb04217";
Wants= "syncthing-inotify.service";
Wants = "syncthing-inotify.service";
};
Service = {
ExecStart="${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
Restart="on-failure";
SuccessExitStatus="3 4";
RestartForceExitStatus="3 4";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -no-restart -logflags=0";
Restart = "on-failure";
SuccessExitStatus = "3 4";
RestartForceExitStatus = "3 4";
};
};
};

17
hosts/hera/boot.nix
View file

@ -1,10 +1,9 @@
{ ... }:
{
{ ... }: {
m-0.server.initSSHKey = ./secret/boot_rsa;
m-0.server.initSSHKey = ./secret/boot_rsa;
# Use the systemd-boot EFI boot loader.
boot = {
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
grub = {
enable = true;
@ -19,15 +18,13 @@ boot = {
ip address flush dev eth0
ip link set eth0 down
'';
luks.devices = [
{
luks.devices = [{
name = "root";
device = "/dev/disk/by-uuid/536fe284-36f2-425c-b0c5-a737280f9470";
preLVM = true;
allowDiscards = true;
}
];
}];
};
};
};
}

15
hosts/hera/borg.nix
View file

@ -1,20 +1,25 @@
{ config, ... }:
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
containers.borg = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, ... }: {
imports = [../../system];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.borg; prefixLength = 112; }];
ipv6.addresses = [{
address = config.m-0.hosts.borg;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
};
services = {

67
hosts/hera/cloud.nix
View file

@ -3,25 +3,34 @@ with lib;
let
inherit (config.m-0.private) me cloud;
inherit (config.m-0) hosts;
nextcloud-container = { v6, v4, hostname , news-updater ? false}: {
nextcloud-container = { v6, v4, hostname, news-updater ? false }: {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, ... }: {
disabledModules = [ "services/web-apps/nextcloud.nix" ];
imports = [
../../system
./nextcloud.nix
];
imports = [ ../../system ./nextcloud.nix ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = v6; prefixLength = 112; }];
ipv4.addresses = [{ address = v4; prefixLength = 24; }];
ipv6.addresses = [{
address = v6;
prefixLength = 112;
}];
ipv4.addresses = [{
address = v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
@ -58,9 +67,7 @@ let
};
};
redis = {
enable = true;
};
redis = { enable = true; };
postgresql = {
enable = true;
@ -71,10 +78,10 @@ let
};
};
systemd = {
services ={
"nextcloud-setup"= {
requires = ["postgresql.service"];
after = ["postgresql.service"];
services = {
"nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
"nextcloud-news-updater" = mkIf news-updater {
startAt = "20:00";
@ -82,15 +89,15 @@ let
Type = "oneshot";
User = "nextcloud";
ExecStart = let
config = pkgs.writeText "updater.ini" (generators.toINI {} {
config = pkgs.writeText "updater.ini" (generators.toINI { } {
updater = {
user = cloud.adminuser;
password = cloud.adminpass;
url = "https://${hostname}/";
mode = "singlerun";
};});
in
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
});
in "${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
};
};
};
@ -100,10 +107,22 @@ let
in {
m-0.monitoring = [
{ name = "mathechor-cloud"; host = "mathechor-cloud:9100"; }
{ name = "mathechor-cloud-nginx"; host = "mathechor-cloud:9113"; }
{ name = "cloud"; host = "cloud:9100"; }
{ name = "cloud-nginx"; host = "cloud:9113"; }
{
name = "mathechor-cloud";
host = "mathechor-cloud:9100";
}
{
name = "mathechor-cloud-nginx";
host = "mathechor-cloud:9113";
}
{
name = "cloud";
host = "cloud:9100";
}
{
name = "cloud-nginx";
host = "cloud:9113";
}
];
containers = {
chor-cloud = nextcloud-container {

29
hosts/hera/configuration.nix
View file

@ -3,11 +3,10 @@
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
# dropbearkey -t rsa -f /etc/nixos/hosts/<hostname>/secret/boot_rsa
let
inherit (config.m-0.private) me;
let inherit (config.m-0.private) me;
in {
imports = [
imports = [
./hardware-configuration.nix
../../system
../../system/test-timer.nix
@ -23,15 +22,15 @@ imports = [
./network.nix
./matrix.nix
./secret
];
];
nix.sshServe = {
nix.sshServe = {
enable = true;
keys = me.keys;
protocol = "ssh-ng";
};
};
services = {
services = {
borgbackup.jobs.data = {
doInit = false;
encryption.mode = "none";
@ -39,21 +38,21 @@ services = {
repo = "borg@borg:.";
compression = "zstd,5";
};
};
};
users.users.choreutes = {
users.users.choreutes = {
linger = true;
description = "choreutes";
isNormalUser = true;
uid = 1001;
extraGroups = [ "wheel" "systemd-journal" ];
passwordFile = "/etc/nixos/hosts/hera/secret/pw-choreutes";
};
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}

18
hosts/hera/hardware-configuration.nix
View file

@ -4,27 +4,25 @@
{ config, lib, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fileSystems."/" = {
device = "/dev/disk/by-uuid/8e92387a-6785-4b3c-bcdb-a4a423675173";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3D8A-20F0";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3D8A-20F0";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }
];
[{ device = "/dev/disk/by-uuid/1e651bde-94b5-4fe2-9e6a-7af916d80057"; }];
nix.maxJobs = lib.mkDefault 4;
}

14
hosts/hera/home.nix
View file

@ -1,13 +1,9 @@
{ pkgs, config, ... }:
{
{ pkgs, config, ... }: {
imports = [
../../home-manager
../../home-manager/on-my-machine.nix
./secret
];
imports =
[ ../../home-manager ../../home-manager/on-my-machine.nix ./secret ];
m-0 = {
m-0 = {
hostName = "hera";
taskwarrior.enable = false;
bugwarrior.enable = false;
@ -23,6 +19,6 @@ m-0 = {
pw = config.m-0.private.hackint.hackint_pw;
channels = config.m-0.private.hackint.channels;
};
};
};
}

42
hosts/hera/mail.nix
View file

@ -2,9 +2,8 @@
let
certPath = "/var/lib/acme/hera.m-0.eu";
inherit (config.services.prometheus.exporters.node) firewallFilter;
in
{
networking.firewall = {
in {
networking.firewall = {
allowedTCPPorts = [ 25 143 587 993 ];
extraCommands = ''
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9101 -j nixos-fw-accept
@ -12,22 +11,29 @@ networking.firewall = {
ip6tables -A nixos-fw -s ${config.m-0.prefix}::/64 -p tcp -m tcp --dport 9166 -j nixos-fw-accept
iptables -A nixos-fw -s 10.0.0.0/24 -p tcp -m tcp --dport 8842 -j nixos-fw-accept
'';
};
};
m-0.monitoring = [
{ name = "mail-server"; host = "hera-intern:9101"; }
{ name = "postfix"; host = "hera-intern:9154"; }
{ name = "dovecot"; host = "hera-intern:9166"; }
];
m-0.monitoring = [
{
name = "mail-server";
host = "hera-intern:9101";
}
{
name = "postfix";
host = "hera-intern:9154";
}
{
name = "dovecot";
host = "hera-intern:9166";
}
];
containers.mail = {
containers.mail = {
bindMounts = { "${certPath}" = { hostPath = certPath; }; };
autoStart = true;
config = { pkgs, lib, ... }: {
imports = [
../../system
"${(import ../../nix/sources.nix).nixos-mailserver}"
];
imports =
[ ../../system "${(import ../../nix/sources.nix).nixos-mailserver}" ];
services.prometheus.exporters = {
node.port = 9101;
postfix = {
@ -44,8 +50,7 @@ containers.mail = {
};
systemd.services = {
atomail = {
script =
let
script = let
atomail = pkgs.fetchFromGitHub {
owner = "remko";
repo = "atomail";
@ -68,7 +73,8 @@ containers.mail = {
wantedBy = [ "multi-user.target" ];
};
};
services.postfix.networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
services.postfix.networks =
[ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
mailserver = {
enable = true;
enableImapSsl = true;
@ -87,6 +93,6 @@ containers.mail = {
'';
};
};
};
};
}

89
hosts/hera/matrix.nix
View file

@ -3,16 +3,21 @@ let
hostName = "matrix.maralorn.de";
inherit (config.m-0) hosts;
inherit (../../common/lib.nix) unstable;
in
{
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
in {
networking.firewall.allowedTCPPorts = [ 3478 8448 ];
m-0.monitoring = [
{ name = "matrix"; host = "matrix:9100"; }
{ name = "matrix-nginx"; host = "matrix:9113"; }
];
m-0.monitoring = [
{
name = "matrix";
host = "matrix:9100";
}
{
name = "matrix-nginx";
host = "matrix:9113";
}
];
services.coturn = {
services.coturn = {
enable = true;
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
@ -20,24 +25,34 @@ services.coturn = {
static-auth-secret = config.m-0.private.turn_secret;
realm = "maralorn.de";
use-auth-secret = true;
};
};
containers.matrix = {
containers.matrix = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.matrix; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.matrix-intern-v4; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.matrix;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.matrix-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 8448 ];
};
m-0.riot = {
@ -48,7 +63,7 @@ containers.matrix = {
default_is_url = "https://vector.im";
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = [];
integrations_widgets_urls = [ ];
bug_report_endpoint_url = "https://riot.im/bugreports/submit";
welcomeUserId = "@riot-bot:matrix.org";
piwik = false;
@ -56,11 +71,10 @@ containers.matrix = {
feature_lazyloading = "enable";
feature_room_breadcrumbs = "enable";
};
roomDirectory = {
servers = [ "matrix.org" "maralorn.de" ];
};
roomDirectory = { servers = [ "matrix.org" "maralorn.de" ]; };
branding = {
welcomeBackgroundUrl = "https://cloud.maralorn.de/apps/theming/image/background";
welcomeBackgroundUrl =
"https://cloud.maralorn.de/apps/theming/image/background";
};
};
};
@ -83,9 +97,7 @@ containers.matrix = {
};
# Postgres
postgresql = {
enable = true;
};
postgresql = { enable = true; };
# Synapse
matrix-synapse = {
@ -147,13 +159,31 @@ containers.matrix = {
{
port = 8448;
bind_address = "::";
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
resources = [
{
compress = true;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
resources = [
{
compress = false;
names = [ "client" ];
}
{
compress = false;
names = [ "federation" ];
}
];
x_forwarded = true;
tls = false;
}
@ -164,10 +194,11 @@ containers.matrix = {
"${hostName}" = {
group = "matrix-synapse";
allowKeysForGroup = true;
postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
postRun =
"systemctl reload nginx.service; systemctl restart matrix-synapse.service";
};
};
};
};
};
}

78
hosts/hera/monitoring.nix
View file

@ -1,38 +1,51 @@
{ config, ... }:
let
inherit (config.m-0) hosts;
in
{
services.prometheus.exporters.node = {
let inherit (config.m-0) hosts;
in {
services.prometheus.exporters.node = {
firewallFilter = "! -i ens18 -p tcp -m tcp --dport 9100";
};
m-0.monitoring = [
{ name = "hera"; host = "hera-intern:9100"; }
{ name = "monitoring-container"; host = "localhost:9100"; }
];
};
m-0.monitoring = [
{
name = "hera";
host = "hera-intern:9100";
}
{
name = "monitoring-container";
host = "localhost:9100";
}
];
containers.monitoring = {
containers.monitoring = {
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [
../../system
];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = hosts.monitoring; prefixLength = 112; }];
ipv4.addresses = [{ address = hosts.monitoring-intern-v4; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.monitoring;
prefixLength = 112;
}];
ipv4.addresses = [{
address = hosts.monitoring-intern-v4;
prefixLength = 24;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = hosts.hera-intern; interface = "eth0"; };
defaultGateway = { address = hosts.hera-intern-v4; interface = "eth0"; };
defaultGateway6 = {
address = hosts.hera-intern;
interface = "eth0";
};
defaultGateway = {
address = hosts.hera-intern-v4;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 9090 9093 ];
};
services.prometheus = {
enable = true;
rules = [
''
rules = [''
ALERT node_down
IF (up{name!="apollo"} == 0)
FOR 5m
@ -123,17 +136,14 @@ containers.monitoring = {
summary="{{$labels.alias}}: Running out of swap soon.",
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
}
''
];
scrapeConfigs = [
{
''];
scrapeConfigs = [{
job_name = "nodes";
static_configs = map (entry: {
targets = [ entry.host ];
labels = {"name" = entry.name; };
labels = { "name" = entry.name; };
}) config.m-0.monitoring;
}
];
}];
alertmanagerURL = [ "http://localhost:9093" ];
alertmanager = {
enable = true;
@ -152,22 +162,18 @@ containers.monitoring = {
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
"receivers" = [{
"name" = "team-admins";
"email_configs" = [
{
"email_configs" = [{
"to" = "malte.brandy@maralorn.de";
"send_resolved" = true;
}
];
}
];
}];
}];
};
};
exporters.node.enable = true;
};
};
};
};
}

45
hosts/hera/network.nix
View file

@ -1,18 +1,26 @@
{ pkgs, config, ... }:
let
let
inherit (config.m-0) hosts;
inherit (config.m-0.private) wireguard;
in
{
networking = {
in {
networking = {
hostName = "hera";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{ address = "213.136.94.190"; prefixLength = 24; }];
ipv6.addresses = [{ address = hosts.hera; prefixLength = 128; }];
ipv4.addresses = [{
address = "213.136.94.190";
prefixLength = 24;
}];
ipv6.addresses = [{
address = hosts.hera;
prefixLength = 128;
}];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = { address = "fe80::1"; interface = "ens18"; };
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
extraCommands = ''
@ -22,12 +30,17 @@ networking = {
'';
};
bridges.bridge.interfaces = [ ];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{ address = hosts.hera-intern; prefixLength = 112; }];
ipv4.addresses = [{ address = "10.0.0.1"; prefixLength = 24; }];
ipv6.addresses = [{
address = hosts.hera-intern;
prefixLength = 112;
}];
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
};
nat = {
enable = true;
@ -41,17 +54,15 @@ networking = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
listenPort = wireguard.port;
peers = [
{
peers = [{
publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" ];
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
}
];
}];
};
};
};
services = {
};
services = {
ndppd = {
enable = true;
configFile = pkgs.writeText "ndppd.conf" ''
@ -62,6 +73,6 @@ services = {
}
'';
};
};
};
}

103
hosts/hera/nextcloud.nix
View file

@ -9,13 +9,16 @@ let
phpPackages = pkgs.php73Packages;
toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {} " = ";
mkKeyValue = generators.mkKeyValueDefault { } " = ";
};
phpOptionsExtensions = ''
${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
${optionalString cfg.caching.apcu
"extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis
"extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached
"extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
zend_extension = opcache.so
opcache.enable = 1
@ -57,7 +60,8 @@ in {
https = mkOption {
type = types.bool;
default = false;
description = "Enable if there is a TLS terminating proxy in front of nextcloud.";
description =
"Enable if there is a TLS terminating proxy in front of nextcloud.";
};
maxUploadSize = mkOption {
@ -208,7 +212,7 @@ in {
extraTrustedDomains = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
description = ''
Trusted domains, from which the nextcloud installation will be
acessible. You don't need to add
@ -277,18 +281,24 @@ in {
};
config = mkIf cfg.enable (mkMerge [
{ assertions = let acfg = cfg.config; in [
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
{
assertions = let acfg = cfg.config;
in [
{
assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
message = "Please specify no more than one of dbpass or dbpassFile";
}
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
{
assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message = "Please specify exactly one of adminpass or adminpassFile";
message =
"Please specify exactly one of adminpass or adminpassFile";
}
];
}
{ systemd.timers."nextcloud-cron" = {
{
systemd.timers."nextcloud-cron" = {
wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m";
timerConfig.OnUnitActiveSec = "15m";
@ -306,36 +316,56 @@ in {
],
'datadirectory' => '${cfg.home}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
${
optionalString cfg.caching.apcu
"'memcache.local' => '\\OC\\Memcache\\APCu',"
}
'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"}
${
optionalString (cfg.config.overwriteProtocol != null)
"'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"
}
];
'';
occInstallCmd = let
c = cfg.config;
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null
then ''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null
then ''"${toString c.dbpass}"''
else null;
adminpass = if c.adminpassFile != null then
''"$(<"${toString c.adminpassFile}")"''
else
''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null then
''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null then
''"${toString c.dbpass}"''
else
null;
installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
${if (any (x: x != null) [c.dbpass c.dbpassFile])
then "--database-pass" else null} = dbpass;
${if c.dbtableprefix != null
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
${if c.dbname != null then "--database-name" else null} =
''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} =
''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} =
''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} =
''"${c.dbuser}"'';
${
if (any (x: x != null) [ c.dbpass c.dbpassFile ]) then
"--database-pass"
else
null
} = dbpass;
${
if c.dbtableprefix != null then
"--database-table-prefix"
else
null
} = ''"${toString c.dbtableprefix}"'';
"--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
@ -344,8 +374,7 @@ in {
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
(i: v: ''
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 (i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
@ -377,7 +406,8 @@ in {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
serviceConfig.ExecStart =
"${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php";
};
"nextcloud-update-plugins" = mkIf cfg.autoUpdateApps.enable {
serviceConfig.Type = "oneshot";
@ -388,8 +418,7 @@ in {
services.phpfpm = {
pools.nextcloud = let
phpAdminValues = (toKeyValue
(foldr (a: b: a // b) {}
phpAdminValues = (toKeyValue (foldr (a: b: a // b) { }
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
phpOptions)));
in {
@ -457,7 +486,8 @@ in {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" =
{
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
@ -472,7 +502,8 @@ in {
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig =
''
try_files $uri/ =404;
index index.php;
'';

BIN
hosts/hera/secret/default.nix
View file

Binary file not shown.

46
hosts/hera/web.nix
View file

@ -2,14 +2,19 @@
let
inherit (config.m-0) hosts;
certPath = "/var/lib/acme/hera.m-0.eu";
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [
{ name = "web"; host = "web:9100"; }
{ name = "web-nginx"; host = "web:9113"; }
];
services.sniproxy = {
in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
m-0.monitoring = [
{
name = "web";
host = "web:9100";
}
{
name = "web-nginx";
host = "web:9113";
}
];
services.sniproxy = {
enable = true;
config = ''
error_log {
@ -43,20 +48,31 @@ services.sniproxy = {
.* ${hosts.matrix}
}
'';
};
containers.web = {
bindMounts = { "${certPath}" = { hostPath = certPath; isReadOnly = false; }; };
};
containers.web = {
bindMounts = {
"${certPath}" = {
hostPath = certPath;
isReadOnly = false;
};
};
autoStart = true;
privateNetwork = true;
hostBridge = "bridge";
config = { pkgs, lib, ... }: {
imports = [../../system];
imports = [ ../../system ];
networking = {
interfaces.eth0 = {
ipv6.addresses = [{ address = config.m-0.hosts.web; prefixLength = 112; }];
ipv6.addresses = [{
address = config.m-0.hosts.web;
prefixLength = 112;
}];
};
inherit (config.networking) nameservers;
defaultGateway6 = { address = config.m-0.hosts.hera-intern; interface = "eth0"; };
defaultGateway6 = {
address = config.m-0.hosts.hera-intern;
interface = "eth0";
};
firewall.allowedTCPPorts = [ 80 443 ];
};
m-0 = {
@ -100,6 +116,6 @@ containers.web = {
};
};
};
};
};
}

83
nix/sources.nix
View file

@ -1,44 +1,37 @@
# This file has been generated by Niv.
# A record, from name to path, of the third-party packages
with rec
{
pkgs =
if hasNixpkgsPath
then
if hasThisAsNixpkgsPath
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
else import <nixpkgs> {}
with rec {
pkgs = if hasNixpkgsPath then
if hasThisAsNixpkgsPath then
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
import <nixpkgs> { }
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; })
{ };
sources_nixpkgs =
if builtins.hasAttr "nixpkgs" sources
then sources.nixpkgs
else abort
''
sources_nixpkgs = if builtins.hasAttr "nixpkgs" sources then
sources.nixpkgs
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12" then
builtins_fetchTarball = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchTarball;
in if lessThan nixVersion "1.12" then
fetchTarball { inherit url; }
else
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl =
{ url, sha256 }@attrs:
let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12" then
builtins_fetchurl = { url, sha256 }@attrs:
let inherit (builtins) lessThan nixVersion fetchurl;
in if lessThan nixVersion "1.12" then
fetchurl { inherit url; }
else
fetchurl attrs;
@ -48,14 +41,17 @@ with rec
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
hasThisAsNixpkgsPath =
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
hasThisAsNixpkgsPath = (builtins.tryEval <nixpkgs>).success && <nixpkgs>
== ./.;
sources = builtins.fromJSON (builtins.readFile ./sources.json);
mapAttrs = builtins.mapAttrs or
(f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
mapAttrs = builtins.mapAttrs or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# borrowed from nixpkgs
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
@ -64,10 +60,11 @@ with rec
in f (auto // args);
getFetcher = spec:
let fetcherName =
if builtins.hasAttr "type" spec
then builtins.getAttr "type" spec
else "builtin-tarball";
let
fetcherName = if builtins.hasAttr "type" spec then
builtins.getAttr "type" spec
else
"builtin-tarball";
in builtins.getAttr fetcherName {
"tarball" = fetchzip;
"builtin-tarball" = builtins_fetchTarball;
@ -77,13 +74,9 @@ with rec
};
# NOTE: spec must _not_ have an "outPath" attribute
mapAttrs (_: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
then
spec //
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
else spec
) sources
if builtins.hasAttr "outPath" spec then
abort "The values in sources.json should not have an 'outPath' attribute"
else if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec then
spec // { outPath = callFunctionWith spec (getFetcher spec) { }; }
else
spec) sources

5
packages/eventd/default.nix
View file

@ -1,4 +1,7 @@
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool, utillinux, libxkbcommon }:
{ fetchFromGitHub, stdenv, ninja, meson, pkgconfig, glib, cairo, gdk_pixbuf
, glib_networking, pango, libudev, xorg, libxslt, docbook_xml_xslt, git, libuuid
, dbus, libsoup, docbook_xml_dtd_45, docbook5_xsl, gettext, autoconf, libtool
, utillinux, libxkbcommon }:
stdenv.mkDerivation rec {
name = "eventd";
version = "d7c7ba59aa6b225b3e2b8aebdd853137c05d8445";

3
packages/jali/default.nix
View file

@ -1,5 +1,6 @@
{ aqbanking, python36Packages, fetchgit }:
with python36Packages; buildPythonApplication rec {
with python36Packages;
buildPythonApplication rec {
name = "${pname}-${version}";
pname = "jali";
doCheck = false;

2709
packages/tasktree/Cargo.nix
View file

File diff suppressed because it is too large Load diff

9
packages/tasktree/default.nix
View file

@ -1,11 +1,14 @@
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk , pango, gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix {}).tasktree_0_1_0 {}).override {
{ pkgs, fetchFromGitHub, defaultCrateOverrides, makeDesktopItem, atk, pango
, gnome3, cairo, gdk_pixbuf, glib, ... }:
((pkgs.callPackage ./Cargo.nix { }).tasktree_0_1_0 { }).override {
crateOverrides = defaultCrateOverrides // {
atk-sys = attr: { buildInputs = [ atk ]; };
pango-sys = attr: { buildInputs = [ pango glib ]; };
gio = attr: { buildInputs = [ glib ]; };
gdk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango ]; };
gtk-sys = attr: { buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ]; };
gtk-sys = attr: {
buildInputs = [ gdk_pixbuf glib cairo pango atk gnome3.gtk ];
};
gdk = attr: { buildInputs = [ cairo gnome3.gtk gdk_pixbuf pango ]; };
gtk = attr: { buildInputs = [ cairo atk gnome3.gtk gdk_pixbuf pango ]; };
tasktree = attrs:

9
system/admin.nix
View file

@ -1,7 +1,6 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
me = config.m-0.private.me;
let me = config.m-0.private.me;
in {
users.users = {
"${me.user}" = {
@ -13,8 +12,6 @@ in {
openssh.authorizedKeys.keys = me.keys;
passwordFile = me.pw-file;
};
root = {
passwordFile = me.pw-file;
};
root = { passwordFile = me.pw-file; };
};
}

19
system/default.nix
View file

@ -15,23 +15,21 @@ in {
config = {
i18n = {
defaultLocale = "en_US.UTF-8";
};
i18n = { defaultLocale = "en_US.UTF-8"; };
time.timeZone = "Europe/Berlin";
networking = {
firewall.allowPing = true;
useDHCP = false;
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip: {"${ip}" = "${host} ${host}.m-0.eu";} ) config.m-0.hosts);
hosts = lib.zipAttrs
(lib.mapAttrsToList (host: ip: { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts);
};
users = {
mutableUsers = false;
users.root = {
openssh.authorizedKeys.keys = me.keys;
};
users.root = { openssh.authorizedKeys.keys = me.keys; };
};
environment = {
@ -43,10 +41,11 @@ in {
};
};
nix = {
binaryCaches = [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
binaryCaches =
[ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
binaryCachePublicKeys =
[ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
nixPath = [ "/etc/nix-path" ];
};

45
system/fonts.nix
View file

@ -7,7 +7,8 @@
antialias = true;
cache32Bit = true;
defaultFonts = {
monospace = [ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
monospace =
[ "Source Code Pro For Powerline" "Roboto Mono" "DejaVu Sans Mono" ];
sansSerif = [ "Roboto Regular" "DejaVu Sans" ];
serif = [ "Roboto Slab Regular" "DejaVu Serif" ];
};
@ -20,44 +21,22 @@
enableFontDir = true;
fonts = builtins.attrValues {
inherit (pkgs)
anonymousPro
arkpandora_ttf
caladea
carlito
comfortaa
comic-relief
crimson
dejavu_fonts
google-fonts
inconsolata
iosevka
liberationsansnarrow
liberation_ttf
libertine
mononoki
montserrat
nerdfonts
norwester-font
opensans-ttf
powerline-fonts
roboto
sampradaya
source-code-pro
source-sans-pro
source-serif-pro
tai-ahom
tempora_lgc
terminus_font
theano
ubuntu_font_family;
anonymousPro arkpandora_ttf caladea carlito comfortaa comic-relief
crimson dejavu_fonts google-fonts inconsolata iosevka
liberationsansnarrow liberation_ttf libertine mononoki montserrat
nerdfonts norwester-font opensans-ttf powerline-fonts roboto sampradaya
source-code-pro source-sans-pro source-serif-pro tai-ahom tempora_lgc
terminus_font theano ubuntu_font_family;
};
};
# create a cache of the font sources, often slow internet connections make it painful to
# re-download them after a few months
environment.etc = let
# fonts with src attributes
font_sources = map (v: v.src) (lib.filter (v: v ? src) config.fonts.fonts);
in builtins.listToAttrs (lib.imap0 (n: v: lib.nameValuePair "src-cache/fonts/${toString n}" { source = builtins.toPath v; }) font_sources);
in builtins.listToAttrs (lib.imap0 (n: v:
lib.nameValuePair "src-cache/fonts/${toString n}" {
source = builtins.toPath v;
}) font_sources);
}

31
system/git.nix
View file

@ -2,12 +2,14 @@
let
inherit (import ../common/lib.nix) writeHaskellScript haskellList;
me = config.m-0.private.me;
test-command = ["${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service"];
upgrade-command = ["${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service"];
test-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "test-and-bump-config.service" ];
upgrade-command =
[ "${pkgs.systemd}/bin/systemctl" "start" "system-maintenance.service" ];
post-update = writeHaskellScript {
name = "post-update";
bins = [ pkgs.git pkgs.nix ];
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)"];
imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)" ];
} ''
main = do
mirror <- lookupEnv "GL_OPTION_MIRROR"
@ -26,13 +28,22 @@ let
exe "sudo" ${haskellList upgrade-command};
writeOutput "Done";
'';
in
{
users.users.git.linger = true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [ { commands = [
{ command = builtins.concatStringsSep " " test-command; options = [ "NOPASSWD" ]; }
{ command = builtins.concatStringsSep " " upgrade-command; options = [ "NOPASSWD" ]; }
]; users = [ "git" ]; } ];
in {
users.users.git.linger =
true; # Frequent restarting of the systemd-user-unit leads to errors
security.sudo.extraRules = [{
commands = [
{
command = builtins.concatStringsSep " " test-command;
options = [ "NOPASSWD" ];
}
{
command = builtins.concatStringsSep " " upgrade-command;
options = [ "NOPASSWD" ];
}
];
users = [ "git" ];
}];
services.gitolite = {
enable = true;
user = "git";

13
system/init_ssh.nix
View file

@ -1,13 +1,8 @@
{ config, pkgs, lib, ... }:
with lib;
{
options = {
m-0.server.initSSHKey = mkOption {
type = types.path;
};
};
with lib; {
options = { m-0.server.initSSHKey = mkOption { type = types.path; }; };
config = {
config = {
boot.initrd = {
network = {
enable = true;
@ -23,6 +18,6 @@ config = {
};
postMountCommands = "ip link set eth0 down";
};
};
};
}

22
system/modules/blog.nix
View file

@ -3,12 +3,13 @@ with lib;
let
page = pkgs.stdenv.mkDerivation {
page = pkgs.stdenv.mkDerivation {
name = "blog.maralorn.de";
src = builtins.fetchGit "git@hera:blog";
buildInputs = [ (pkgs.python3.withPackages (ps: [ps.pelican ps.markdown])) ];
LC_ALL="en_US.UTF-8";
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
buildInputs =
[ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
buildPhase = ''
make html
'';
@ -16,21 +17,20 @@ page = pkgs.stdenv.mkDerivation {
mkdir $out
cp -r output/* $out
'';
};
};
in
{
in {
options = {
options = {
m-0.blog = {
enable = mkOption {
type = types.bool;
default = false;
};
};
};
};
config = mkIf config.m-0.blog.enable {
config = mkIf config.m-0.blog.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services = {
@ -48,6 +48,6 @@ config = mkIf config.m-0.blog.enable {
};
};
};
};
};
}

7
system/modules/laptop.nix
View file

@ -5,8 +5,7 @@ let
me = config.m-0.private.me;
in
{
in {
options = {
m-0.laptop.enable = mkOption {
type = types.bool;
@ -14,9 +13,7 @@ in
};
};
config = mkIf config.m-0.laptop.enable {
networking = {
networkmanager.enable = true;
};
networking = { networkmanager.enable = true; };
i18n.consoleKeyMap = "neo";
sound.enable = true;

19
system/modules/loginctl-linger.nix
View file

@ -12,11 +12,14 @@ let
dataDir = "/var/lib/systemd/linger";
lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsers = map (u: u.name)
(attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
lingeringUsersFile = builtins.toFile "lingering-users"
(concatStrings (map (s: "${s}\n")
(sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly
lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
(s: ''
${s}
'') (sort (a: b: a < b)
lingeringUsers))); # this sorting is important for `comm` to work correctly
updateLingering = pkgs.writeScript "update-lingering" ''
# Stop when the system is not running, e.g. during nixos-install
@ -26,14 +29,10 @@ let
echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
'';
in
{
in {
options = {
users.users = mkOption {
options = [{
linger = mkEnableOption "lingering for the user";
}];
options = [{ linger = mkEnableOption "lingering for the user"; }];
};
};

31
system/modules/mathechor.de.nix
View file

@ -3,50 +3,48 @@ with lib;
let
me = config.m-0.private.me;
page = pkgs.stdenv.mkDerivation {
me = config.m-0.private.me;
page = pkgs.stdenv.mkDerivation {
name = "mathechor.de";
src = builtins.fetchGit "git@hera:mathechor.de";
buildInputs = [ pkgs.pandoc pkgs.python3 ];
LC_ALL="en_US.UTF-8";
LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
installPhase = ''
mkdir $out
cp -r intern/output $out/intern
cp -r public/output $out/public
'';
};
};
in
{
in {
options = {
options = {
m-0.mathechor-de = {
enable = mkOption {
type = types.bool;
default = false;
};
password = mkOption {
type = types.str;
password = mkOption { type = types.str; };
};
};
};
config = mkIf config.m-0.mathechor-de.enable {
config = mkIf config.m-0.mathechor-de.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services = {
nginx = {
enable = true;
virtualHosts."mathechor.de" = {
serverAliases = ["www.mathechor.de"];
serverAliases = [ "www.mathechor.de" ];
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "${page}/public";
index = "index.html";
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
extraConfig =
"location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
};
};
};
@ -60,7 +58,8 @@ config = mkIf config.m-0.mathechor-de.enable {
index = "index.html";
};
"/mathechor.ics" = {
proxyPass = "https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
proxyPass =
"https://cloud.mathechor.de/remote.php/dav/public-calendars/nebsfFTzQKGSSsDc?export";
extraConfig = ''
proxy_ssl_name cloud.mathechor.de;
proxy_ssl_server_name on;
@ -70,6 +69,6 @@ config = mkIf config.m-0.mathechor-de.enable {
};
};
};
};
};
}

22
system/modules/riot.nix
View file

@ -1,34 +1,28 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.m-0.riot;
in
{
let cfg = config.m-0.riot;
in {
options = {
options = {
m-0.riot = {
enable = mkOption {
type = types.bool;
default = false;
};
hostname = mkOption {
type = types.str;
};
config = mkOption {
type = types.attrs;
hostname = mkOption { type = types.str; };
config = mkOption { type = types.attrs; };
};
};
};
config = mkIf cfg.enable {
config = mkIf cfg.enable {
services = {
nginx = {
enable = true;
virtualHosts."${cfg.hostname}" = {
enableACME = true;
forceSSL = true;
root = (import <unstable> {}).riot-web;
root = (import <unstable> { }).riot-web;
locations."/config.json" = {
extraConfig = ''
default_type application/json;
@ -38,6 +32,6 @@ config = mkIf cfg.enable {
};
};
};
};
};
}

17
system/server.nix
View file

@ -1,20 +1,23 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [ ./init_ssh.nix ];
imports = [ ./init_ssh.nix ];
config = {
config = {
systemd.services."system-maintenance" = {
startAt = "2:45";
environment.NIX_PATH = "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
environment.NIX_PATH =
"/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
path = [ pkgs.git ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${(import ./update-lib.nix config.system.build.nixos-rebuild).system-maintenance}/bin/system-maintenance";
ExecStart = "${
(import ./update-lib.nix
config.system.build.nixos-rebuild).system-maintenance
}/bin/system-maintenance";
};
};
};
};
}

19
system/standalone.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }:
with lib;
{
with lib; {
imports = [ ./admin.nix ];
@ -12,24 +11,20 @@ with lib;
mutableUsers = false;
};
security.sudo.extraConfig = "
Defaults timestamp_type=global, timestamp_timeout=15
";
security.sudo.extraConfig =
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
services = {
sshd.enable = true;
};
services = { sshd.enable = true; };
nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
environment = {
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
systemPackages = builtins.attrValues ({
inherit (import ./update-lib.nix config.system.build.nixos-rebuild) update-system system-maintenance;
inherit (import ./update-lib.nix config.system.build.nixos-rebuild)
update-system system-maintenance;
} // (import ../common/pkgs.nix).system-pkgs);
sessionVariables = {
TERMINFO = "/run/current-system/sw/share/terminfo";
};
sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
};
programs = {

7
system/test-timer.nix
View file

@ -1,12 +1,13 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
systemd.services."test-and-bump-config" = {
startAt = "20:30";
path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
serviceConfig = {
Type = "oneshot";
WorkingDirectory = "/var/cache/gc-links";
ExecStart = "${(import ../common/test-lib.nix).test-and-bump-config}/bin/test-and-bump-config";
ExecStart = "${
(import ../common/test-lib.nix).test-and-bump-config
}/bin/test-and-bump-config";
};
};
}

19
system/update-lib.nix
View file

@ -1,13 +1,13 @@
nixos-rebuild:
let
pkgs = import <nixpkgs> {};
inherit (import ../common/lib.nix) writeHaskellScript get-niv-path home-manager gcRetentionDays;
pkgs = import <nixpkgs> { };
inherit (import ../common/lib.nix)
writeHaskellScript get-niv-path home-manager gcRetentionDays;
configPath = "/etc/nixos";
update-system = writeHaskellScript {
name = "update-system";
bins = [ get-niv-path nixos-rebuild ];
}
''
} ''
getNivPath = readTrim . get_niv_path "${configPath}/nix/sources.nix"
getNivAssign name = tag <$> getNivPath name
@ -18,15 +18,14 @@ let
args <- getArgs
nixos_rebuild (paths ++ ["switch"] ++ args)
'';
system-maintenance = writeHaskellScript
{ name = "system-maintenance"; bins = [ pkgs.nix pkgs.git update-system ];} ''
system-maintenance = writeHaskellScript {
name = "system-maintenance";
bins = [ pkgs.nix pkgs.git update-system ];
} ''
main = do
git "-C" "${configPath}" "pull"
update_system
nix_collect_garbage "--delete-older-than" "${toString gcRetentionDays}d"
nix "optimise-store"
'';
in
{
inherit update-system system-maintenance;
}
in { inherit update-system system-maintenance; }