asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:1b00de0f018df441a8e5c5648490f1d272f1b0c8
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2
..
compare: asmir:magento2
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2

1 Commits
1b00de0f01 ... magento2

Author SHA1 Message Date
Asmir A
f70118c33f add magento2 module 2023-07-03 22:48:55 +02:00
32 changed files with 573 additions and 2049 deletions
Expand all files Collapse all files

1
.nixd.json
View File

@@ -1 +0,0 @@
{"formatting":{"command":"alejandra"}}

315
blue/configuration.nix
View File

@@ -1,315 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
...
}: {
imports = [
];
system.stateVersion = "23.05";
system.autoUpgrade.enable = true;
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings.experimental-features = ["nix-command" "flakes"];
};
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
supportedFilesystems = ["btrfs"];
tmpOnTmpfs = true;
initrd.compressor = "zstd";
loader.systemd-boot = {
enable = true;
editor = false;
memtest86.enable = true;
};
loader.efi.canTouchEfiVariables = true;
readOnlyNixStore = true;
};
security = {
rtkit.enable = true;
allowSimultaneousMultithreading = true;
sudo.enable = false;
doas.enable = true;
doas.extraRules = [
{
users = ["akill"];
keepEnv = true;
persist = true;
}
];
};
powerManagement = {
enable = true;
};
networking = {
firewall.enable = true;
hostName = "blue";
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager = {
enable = true;
dns = "none";
/*
wifi.backend = "iwd";
*/
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
wireshark.enable = true;
sway.enable = true;
};
# List services that you want to enable:
systemd = {
services = {
"caps2esc" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/*-kbd | \
/opt/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/*-kbd \
'';
};
};
extraConfig = ''
DefaultTimeoutStartSec=30s
DefaultTimeoutStopSec=30s
'';
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = false;
printing.enable = true;
nextcloud = {
enable = true;
hostName = "localhost";
config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
};
jellyfin = {
enable = false;
user = "akill";
openFirewall = false;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xserver = {
enable = true;
dpi = 144;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager = {
lightdm.enable = false;
startx.enable = true;
defaultSession = "none+i3";
};
windowManager.i3.enable = true;
};
udev.packages = [pkgs.rtl-sdr pkgs.openhantek6022];
tlp = {
enable = true;
};
actkbd = {
enable = true;
bindings = [
{
keys = [113];
events = ["key"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
}
{
keys = [114];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [115];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
}
{
keys = [224];
events = ["key"];
command = "${pkgs.light}/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "${pkgs.light}/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
};
fonts = {
fontconfig = {
cache32Bit = true;
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono"];
};
};
fonts = with pkgs; [
dejavu_fonts
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
inconsolata
iosevka
jetbrains-mono
liberation_ttf
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
proggyfonts
siji
terminus_font
terminus_font_ttf
ubuntu_font_family
];
};
virtualisation = {
containers.storage.settings = {
storage = {
driver = "btrfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout"];
};
}

71
blue/hardware-configuration.nix
View File

@@ -1,71 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."enc_root".device = "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6C85-D29B";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

70
common/suspend.nix
View File

@@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.batteryNotifier;
in {
options = {
services.batteryNotifier = {
enable = mkOption {
default = false;
description = ''
Whether to enable battery notifier.
'';
};
device = mkOption {
default = "BAT0";
description = ''
Device to monitor.
'';
};
notifyCapacity = mkOption {
default = 10;
description = ''
Battery level at which a notification shall be sent.
'';
};
suspendCapacity = mkOption {
default = 5;
description = ''
Battery level at which a suspend unless connected shall be sent.
'';
};
};
};
config = mkIf cfg.enable {
systemd.user.timers."lowbatt" = {
description = "check battery level";
timerConfig.OnBootSec = "1m";
timerConfig.OnUnitInactiveSec = "1m";
timerConfig.Unit = "lowbatt.service";
wantedBy = ["timers.target"];
};
systemd.user.services."lowbatt" = {
description = "battery level notifier";
serviceConfig.PassEnvironment = "DISPLAY";
script = ''
export battery_capacity=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/capacity)
export battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_capacity -le ${builtins.toString cfg.notifyCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Low" "You should probably plug-in."
fi
if [[ $battery_capacity -le ${builtins.toString cfg.suspendCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Critically Low" "Computer will suspend in 60 seconds."
sleep 60s
battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_status = "Discharging" ]]; then
systemctl suspend
fi
fi
'';
};
};
}

45
nixy/configuration.nix → configuration.nix
View File

@@ -5,9 +5,9 @@
config,
pkgs,
lib,
caps2esc,
nix-xilinx,
sops-nix,
zremap,
...
}: {
imports = [];
@@ -15,12 +15,9 @@
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.keyFile = config.users.users.akill.home + "/.config/sops/age/keys.txt";
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
@@ -30,6 +27,9 @@
package = pkgs.nixUnstable;
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-public-keys = [
"binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
];
};
};
@@ -37,15 +37,11 @@
extraModulePackages = with config.boot.kernelPackages; [usbip];
initrd.compressor = "zstd";
initrd.kernelModules = ["amdgpu"];
binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"];
kernelParams = ["psmouse.synaptics_intertouch=0"];
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
loader.systemd-boot.editor = false;
loader.systemd-boot.enable = true;
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
@@ -80,12 +76,12 @@
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 jellyseerr.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.230 mediabox.lan
192.168.88.230 jellyfin.mediabox.lan
192.168.88.230 deluge.mediabox.lan
192.168.88.230 binarycache.mediabox.lan
192.168.88.231 workstation.lan
192.168.88.1 router.lan
'';
networkmanager = {
@@ -131,15 +127,16 @@
# List services that you want to enable:
systemd = {
services = {
"zremap" = {
"caps2esc" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.x86_64-linux}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/platform-i8042-serio-0-event-kbd \
'';
};
};
@@ -181,9 +178,9 @@
};
udev = {
packages = [pkgs.rtl-sdr pkgs.openhantek6022];
packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
extraRules = ''
#Xilinx FTDI
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx Digilent
@@ -272,7 +269,7 @@
};
};
packages = with pkgs; [
fonts = with pkgs; [
dejavu_fonts
dina-font
fira-code

270
flake.lock generated
View File

@@ -1,18 +1,20 @@
{
"nodes": {
"blobs": {
"flake": false,
"caps2esc": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"lastModified": 1684616473,
"narHash": "sha256-e8/7jWl2EA1UROhd9L+D9kLdd5SoFYWi+56n2jer7g4=",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"rev": "4ebc36bef4f4548566df14d94c9c9907e7a76e78",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"type": "gitlab"
}
},
@@ -48,22 +50,6 @@
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -89,11 +75,11 @@
]
},
"locked": {
"lastModified": 1696446489,
"narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=",
"lastModified": 1688220547,
"narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a",
"rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b",
"type": "github"
},
"original": {
@@ -105,16 +91,14 @@
"nix-xilinx": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1696069591,
"narHash": "sha256-YFPEWMV6XRi7CgDB1qJ67dIYPnrOETuxQO4mnPmxbQs=",
"lastModified": 1685780173,
"narHash": "sha256-K18JYyCHrnb05Odb7N9FpU30az7QOV8uL9ch0RgU7i0=",
"owner": "asmir.abdulahovic",
"repo": "nix-xilinx",
"rev": "a20ac5924afa24d45227df7d7d54574a9409a4a6",
"rev": "cc5ab958d31c58481b1f7f3a2c0a4db7c22006e9",
"type": "gitlab"
},
"original": {
@@ -125,57 +109,25 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1696193975,
"narHash": "sha256-mnQjUcYgp9Guu3RNVAB2Srr1TqKcPpRXmJf4LJk6KRY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fdd898f8f79e8d2f99ed2ab6b3751811ef683242",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"lastModified": 1684585791,
"narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1696123266,
"narHash": "sha256-S6MZEneQeE4M/E/C8SMnr7B7oBnjH/hbm96Kak5hAAI=",
"lastModified": 1688256355,
"narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dbe90e63a36762f1fbde546e26a84af774a32455",
"rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
"type": "github"
},
"original": {
@@ -185,33 +137,72 @@
"type": "github"
}
},
"nvim": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"nixpkgs_2": {
"locked": {
"lastModified": 1698363600,
"narHash": "sha256-r71uS/uw3I9xJAnmlgaN0TC9aC/1m2L4iNhKjqBzAtQ=",
"ref": "refs/heads/master",
"rev": "9652f4cb75d799ee5a2511883d2fda60bea00141",
"revCount": 19,
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
"lastModified": 1685677062,
"narHash": "sha256-zoHF7+HNwNwne2XEomphbdc4Y8tdWT16EUxUTXpOKpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95be94370d09f97f6af6a1df1eb9649b5260724e",
"type": "github"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688231357,
"narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1684668519,
"narHash": "sha256-KkVvlXTqdLLwko9Y0p1Xv6KQ9QTcQorrU098cGilb7c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85340996ba67cc02f01ba324e18b1306892ed6f5",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1688188316,
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1684706914,
@@ -229,55 +220,25 @@
},
"root": {
"inputs": {
"caps2esc": "caps2esc",
"home-manager": "home-manager",
"nix-xilinx": "nix-xilinx",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"nixpkgs": "nixpkgs_3",
"peerix": "peerix",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"swaysw": "swaysw",
"zremap": "zremap"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
},
"locked": {
"lastModified": 1689976554,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1696320910,
"narHash": "sha256-fbuEc6wylH+0VxG48lhPBK+SQJHfo2lusUwWHZNipIM=",
"lastModified": 1688268466,
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "746c7fa1a64c1671a4bf287737c27fdc7101c4c2",
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
"type": "github"
},
"original": {
@@ -286,26 +247,6 @@
"type": "github"
}
},
"swaysw": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1698401726,
"narHash": "sha256-kGMqxaNaNSbKJS/55KqqMvLj1xOBc8zCizs6I3xiCo0=",
"ref": "refs/heads/master",
"rev": "1e49032fbfec10b51c9f627aab286290ac15977c",
"revCount": 3,
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -320,41 +261,6 @@
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zremap": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696448728,
"narHash": "sha256-kUc6983IX9n0eQxTFZRK7LYCLHoxoGZ5rOV7nu8hGRI=",
"owner": "asmir.abdulahovic",
"repo": "zremap",
"rev": "9043844893cfc333ed04d04c1d3b67d9904c0afc",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "zremap",
"type": "gitlab"
}
}
},
"root": "root",

128
flake.nix
View File

@@ -3,77 +3,40 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-xilinx = {
url = "gitlab:asmir.abdulahovic/nix-xilinx";
inputs.nixpkgs.follows = "nixpkgs";
};
peerix = {
url = "gitlab:asmir.abdulahovic/peerix";
inputs.nixpkgs.follows = "nixpkgs";
};
zremap = {
url = "gitlab:asmir.abdulahovic/zremap";
inputs.nixpkgs.follows = "nixpkgs";
};
swaysw = {
url = "git+https://git.project-cloud.net/asmir/swaysw";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
url = "git+https://git.project-cloud.net/asmir/nvim_flake";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
caps2esc.url = "gitlab:asmir.abdulahovic/caps2esc";
nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx";
peerix.url = "gitlab:asmir.abdulahovic/peerix";
sops-nix.url = "github:Mic92/sops-nix";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
home-manager,
self,
nixpkgs,
caps2esc,
home-manager,
nix-xilinx,
nvim,
peerix,
simple-nixos-mailserver,
sops-nix,
swaysw,
zremap,
...
}: let
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
in {
}: {
nixosConfigurations = rec {
nixy = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./nixy/configuration.nix
./nixy/hardware-configuration.nix
./common/packages.nix
./configuration.nix
./packages.nix
./hardware-configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs;};
}
peerix.nixosModules.peerix
{
@@ -83,79 +46,12 @@
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
publicKeyFile = ./nixy/peerix-public;
publicKeyFile = ./peerix-public;
publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
};
}
];
};
mediabox = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./common/packages.nix
./common/suspend.nix
./mediabox/configuration.nix
./mediabox/hardware-configuration.nix
./modules/qbittorrent.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
publicKeyFile = ./mediabox/peerix-public;
publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
};
}
];
};
blue = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./blue/configuration.nix
./blue/hardware-configuration.nix
./common/packages.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
}
];
};
magpie = nixpkgs.lib.nixosSystem {
system = "arm64-linux";
modules = [
{_module.args = inputs;}
./magpie/configuration.nix
./magpie/hardware-configuration.nix
sops-nix.nixosModules.sops
simple-nixos-mailserver.nixosModule
(builtins.toPath "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix")
];
};
};
devShell.x86_64-linux = pkgs.mkShell {
buildInputs = with pkgs; [sops ssh-to-age age];
shellHook = ''
echo "Configuring NixOS!"
'';
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
};
}

10
nixy/hardware-configuration.nix → hardware-configuration.nix
View File

@@ -20,7 +20,7 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."sys_enc".device = "/dev/disk/by-uuid/682d030d-189e-4b47-a60a-62cf1f3729d3";
@@ -28,25 +28,25 @@
fileSystems."/home" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
options = ["subvol=log" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {

28
home/home.nix
View File

@@ -2,10 +2,11 @@
pkgs,
config,
lib,
inputs,
...
}:
with lib; {
with lib; let
vimrc = import ./vimrc.nix {inherit pkgs vimUtils fetchFromGitHub;};
in {
imports = [./zsh.nix ./i3status-rust.nix ./sway.nix ./i3.nix ./home_packages.nix ./whatsapp-for-linux.nix];
home.stateVersion = "22.11";
@@ -29,7 +30,7 @@ with lib; {
MOZ_ENABLE_WAYLAND = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SUDO_EDITOR = "nvim";
#WLR_RENDERER = "vulkan";
WLR_RENDERER = "vulkan";
};
wayland.windowManager.sway = {enable = true;};
@@ -48,13 +49,14 @@ with lib; {
mpv = {
enable = true;
package = pkgs.mpv;
config = {
slang = "eng,en";
alang = "eng,en";
hwdec = "auto";
vo = "gpu-next";
ao = "pipewire";
script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
script-opts-set = "sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
};
@@ -126,13 +128,13 @@ with lib; {
qutebrowser = {
enable = true;
package = pkgs.qutebrowser;
package = pkgs.qutebrowser-qt6;
keyBindings = {
normal = {
"j" = "scroll-px 0 25";
"k" = "scroll-px 0 -25";
"u" = "undo --window";
";v" = "hint links spawn mpv {hint-url}";
";v" = "hint links userscript view_in_mpv";
};
};
@@ -170,6 +172,15 @@ with lib; {
};
};
neovim = {
enable = true;
vimAlias = true;
vimdiffAlias = true;
plugins = vimrc.plugins;
extraConfig = "";
extraPackages = vimrc.extraPackages;
};
obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [obs-vkcapture input-overlay obs-multi-rtmp obs-pipewire-audio-capture wlrobs obs-vaapi];
@@ -180,6 +191,11 @@ with lib; {
zsh.enable = true;
};
xdg.configFile."nvim/init.lua" = {
source = ./vimrc.lua;
recursive = true;
};
services = {
lorri.enable = false;
mako.enable = true;

172
home/home_packages.nix
View File

@@ -1,105 +1,79 @@
{
config,
pkgs,
inputs,
...
}: {
home.packages = with pkgs;
[
alejandra
appimage-run
arp-scan
birdtray
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
cmake
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
glab
glaxnimate
gnumake
go
grim
hyperfine
imagemagick
imv
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nix-init
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yewtube
yt-dlp
zathura
zeal-qt6
zig
zls
/* install here until nvim flake is fixed */
alejandra
ccls
gopls
luaformatter
nixd
pyright
rust-analyzer
sumneko-lua-language-server
svls
texlab
tree-sitter
verible
zls
]
++ [
inputs.swaysw.packages.x86_64-linux.swaysw
inputs.nvim.packages.x86_64-linux.nvim
];
home.packages = with pkgs; [
alejandra
appimage-run
arp-scan
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
glab
glaxnimate
gnumake
grim
hyperfine
imagemagick
imv
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yt-dlp
zathura
zeal-qt6
zig
zls
];
}

5
home/i3status-rust.nix
View File

@@ -39,11 +39,6 @@
device = "enp5s0";
interval = 2;
}
{
block = "net";
device = "eno1";
interval = 2;
}
{
block = "memory";
}

15
home/sway.nix
View File

@@ -33,21 +33,16 @@
modifier = "Mod4";
output = {
eDP-1 = {
bg = "~/pic/wallpaper stretch";
bg = "~/pic/weird_dragon.jpg stretch";
/*
scale = "1.4";
*/
};
HDMI-A-4 = {
res = "1920x1080";
};
};
input = {
"type:keyboard" = {repeat_delay = "150";};
"type:keyboard" = {repeat_rate = "70";};
"type:touchpad" = {tap = "enabled";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
"2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
};
bars = [
@@ -100,7 +95,7 @@
"Alt+j" = "focus down";
"Alt+k" = "focus up";
"Alt+l" = "focus right";
"Alt+slash" = "exec swaysw";
"Alt+slash" = "exec lckdo /tmp/.sws_cli_lock footclient -a sws_cli -- sws_cli.sh";
"Alt+Escape" = "workspace back_and_forth";
"Alt+f" = "fullscreen enable";

195
home/vimrc.lua Normal file
View File

@@ -0,0 +1,195 @@
-- Basic settings
vim.g.loaded_matchparen = true
vim.g.netrw_liststyle = 3
vim.go.background = 'dark'
vim.go.belloff = 'all'
vim.go.breakindent = true
vim.go.hlsearch = false
vim.go.laststatus = 0
vim.go.lazyredraw = true
vim.go.showcmd = true
vim.go.synmaxcol = 800
vim.go.syntax = 'on'
vim.go.termguicolors = true
vim.go.titleold = vim.fn.getcwd()
vim.go.title = true
vim.go.wildmenu = true
vim.go.wrap = true
vim.wo.number = true
vim.cmd([[colorscheme gruvbox]])
-- Defines a read-write directory for treesitters in nvim's cache dir
local parser_install_dir = vim.fn.stdpath("cache") .. "/treesitters"
if vim.fn.isdirectory(parser_install_dir) == 0 then
vim.fn.mkdir(parser_install_dir, "p")
end
-- Adding runtime needed for Nix setup on non NixOS
vim.o.runtimepath = vim.o.runtimepath .. "," .. parser_install_dir
require 'nvim-treesitter.install'.compilers = { 'gcc' }
require 'nvim-treesitter.configs'.setup {
ensure_installed = { "c", "cpp", "zig", "python", "verilog", "nix", "lua", "latex" },
parser_install_dir = parser_install_dir,
highlight = { enable = true, disable = {} },
indent = { enable = false, disable = {} },
rainbow = {
enable = true,
extended_mode = true, -- Highlight also non-parentheses delimiters, boolean or table: lang -> boolean
max_file_lines = 1000, -- Do not enable for files with more than 1000 lines, int
colors = {
'#ff0000', '#ffa500', '#ffff00', '#008000', '#0051a0', '#8003f2'
} -- table of hex strings
}
}
-- Mappings.
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap = true, silent = true }
vim.api.nvim_set_keymap('n', '<space>e',
'<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<space>q',
'<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', 'Q', '<cmd>nohl<CR>', opts)
vim.api.nvim_set_keymap('n', 'j', 'gj', opts)
vim.api.nvim_set_keymap('n', 'k', 'gk', opts)
vim.api.nvim_set_keymap('v', 'j', 'gj', opts)
vim.api.nvim_set_keymap('v', 'k', 'gk', opts)
vim.api.nvim_set_keymap('n', '<C-J>', '<C-W><C-J>', opts)
vim.api.nvim_set_keymap('n', '<C-K>', '<C-W><C-K>', opts)
vim.api.nvim_set_keymap('n', '<C-L>', '<C-W><C-L>', opts)
vim.api.nvim_set_keymap('n', '<C-H>', '<C-W><C-H>', opts)
vim.api.nvim_create_autocmd('LspAttach', {
desc = 'LSP actions',
callback = function()
local bufmap = function(mode, lhs, rhs)
vim.keymap.set(mode, lhs, rhs, { buffer = true })
end
-- Displays hover information about the symbol under the cursor
bufmap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<cr>')
-- Jump to the definition
bufmap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<cr>')
-- Jump to declaration
bufmap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<cr>')
-- Lists all the implementations for the symbol under the cursor
bufmap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<cr>')
-- Jumps to the definition of the type symbol
bufmap('n', 'go', '<cmd>lua vim.lsp.buf.type_definition()<cr>')
-- Lists all the references
bufmap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<cr>')
-- Displays a function's signature information
bufmap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<cr>')
-- Renames all references to the symbol under the cursor
bufmap('n', 'rn', '<cmd>lua vim.lsp.buf.rename()<cr>')
-- Selects a code action available at the current cursor position
bufmap('n', '<F4>', '<cmd>lua vim.lsp.buf.code_action()<cr>')
bufmap('x', '<F4>', '<cmd>lua vim.lsp.buf.range_code_action()<cr>')
-- Show diagnostics in a floating window
bufmap('n', 'gl', '<cmd>lua vim.diagnostic.open_float()<cr>')
-- Move to the previous diagnostic
bufmap('n', '[d', '<cmd>lua vim.diagnostic.goto_prev()<cr>')
-- Move to the next diagnostic
bufmap('n', ']d', '<cmd>lua vim.diagnostic.goto_next()<cr>')
-- Format current buffer
bufmap('n', '<space>f', function() vim.lsp.buf.format { async = true } end)
end
})
-- Use a loop to conveniently call 'setup' on multiple servers and
-- map buffer local keybindings when the language server attaches
local cmp = require 'cmp'
cmp.setup({
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'buffer' },
{ name = 'path' },
}),
mapping = {
["<Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
["<S-Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
['<Down>'] = cmp.mapping(cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<Up>'] = cmp.mapping(cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<C-n>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-p>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
['<C-e>'] = cmp.mapping({ i = cmp.mapping.close(), c = cmp.mapping.close() }),
['<CR>'] = cmp.mapping({
i = cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = false }),
}),
}
})
local servers = { 'pyright', 'rust_analyzer', 'ccls', 'lua_ls', 'rnix', 'texlab', 'verible' }
local capabilities = require('cmp_nvim_lsp').default_capabilities()
for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup {
capabilities = capabilities
}
end
require('lspconfig').lua_ls.setup({
single_file_support = true,
})
require('lspconfig').verible.setup({
root_dir = function() return vim.loop.cwd() end
})
if vim.fn.exists('+undofile') ~= 0 then
local undo_dir = vim.env.HOME .. '/.config/nvim/undo'
if vim.fn.isdirectory(undo_dir) == 0 then vim.fn.mkdir(undo_dir, 'p') end
vim.o.undodir = undo_dir
vim.o.undofile = true
end
vim.cmd([[syntax sync minlines=100]])
vim.cmd([[syntax sync maxlines=140]])

44
home/vimrc.nix Normal file
View File

@@ -0,0 +1,44 @@
{
pkgs,
vimUtils,
fetchFromGitHub,
}: {
extraPackages = [
pkgs.ccls
pkgs.clang
pkgs.luaformatter
pkgs.nil
pkgs.pyright
pkgs.rnix-lsp
pkgs.rust-analyzer
pkgs.sumneko-lua-language-server
pkgs.svls
pkgs.texlab
pkgs.tree-sitter
pkgs.zls
pkgs.verible
];
plugins = with pkgs.vimPlugins; [
colorizer
fugitive
fzf-vim
gruvbox
nvim-lspconfig
nvim-treesitter
nvim-ts-rainbow
repeat
targets-vim
UltiSnips
vim-addon-nix
vim-signify
vim-slime
vim-snippets
zig-vim
cmp-nvim-lsp
cmp-buffer
cmp-path
cmp-cmdline
nvim-cmp
];
}

77
magento2-nginx.nix Normal file
View File

@@ -0,0 +1,77 @@
{
pkgs,
lib,
config,
...
}: let
app = "magento2";
domain = "127.0.0.1";
dataDir = config.users.users.akill.home + "/proj/magento2/magento/pub";
in {
services = {
phpfpm.pools.${app} = {
user = "akill";
group = "users";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
nginx = {
user = "akill";
group = "users";
enable = true;
virtualHosts.${domain}.locations."/" = {
root = dataDir;
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
mysql = {
enable = true;
package = pkgs.mysql;
settings.mysqld.port = 3306;
initialDatabases = [{name = "magento2";}];
ensureUsers = [
{
name = "magento2";
ensurePermissions = {"magento2.*" = "ALL PRIVILEGES";};
}
];
};
opensearch.enable = true;
postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE magento2 WITH LOGIN PASSWORD 'magento2' CREATEDB;
CREATE DATABASE magento2;
GRANT ALL PRIVILEGES ON DATABASE magento2 TO magento2;
'';
};
};
systemd.services.phpfpm-magento2.serviceConfig.ProtectHome = lib.mkForce false;
}

254
magpie/configuration.nix
View File

@@ -1,254 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
imports = [];
nix.optimise.automatic = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.grub.devices = ["/dev/sda"];
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
# Set your time zone.
time.timeZone = "Europe/Berlin";
users.users.root.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ=="
];
environment.systemPackages = with pkgs; [
alejandra
curl
fd
file
fzf
fzy
git
htop
tig
unzip
wget
zip
];
programs.mosh.enable = true;
programs.neovim = {
enable = true;
vimAlias = true;
viAlias = true;
};
mailserver = {
enable = true;
debug = false;
fqdn = "mail.project-cloud.net";
domains = ["project-cloud.net"];
enableSubmissionSsl = true;
enableImap = false;
enableImapSsl = true;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"gitea@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
aliases = ["git@project-cloud.net"];
};
"asmir@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
aliases = ["asmir.abdulahovic@project-cloud.net"];
};
};
certificateScheme = "acme-nginx";
};
services.journald.extraConfig = ''SystemMaxUse=50M '';
services.logind.extraConfig = ''KillUserProcesses=yes '';
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.enable = true;
services.opendkim.enable = true;
services.miniflux = {
enable = true;
adminCredentialsFile = config.sops.secrets."miniflux_env".path;
config = {
LISTEN_ADDR = "localhost:5001";
BASE_URL = "https://miniflux.project-cloud.net";
};
};
services.restya-board = {
enable = true;
/*
virtualHost.serverName = "board.project-cloud.net";
*/
virtualHost.listenHost = "localhost";
virtualHost.listenPort = 4001;
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
config.adminpassFile = config.sops.secrets."nextcloud_admin".path;
configureRedis = true;
hostName = "project-cloud.net";
https = true;
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
phpOptions =
config.services.nextcloud.phpOptions.default
// {
"opcache.jit" = "tracing";
"opcache.jit_buffer_size" = "100M";
# recommended by nextcloud admin overview
"opcache.interned_strings_buffer" = "16";
};
};
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts.${config.services.nextcloud.hostName} = {
quic = true;
forceSSL = true;
enableACME = true;
};
virtualHosts."miniflux.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:5001";
};
};
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
virtualHosts."board.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.restya-board.virtualHost.listenPort}";
};
};
};
services.gitea = {
enable = true;
appName = "Project Cloud Gitea server";
database = {
type = "sqlite3";
passwordFile = config.sops.secrets."gitea_db".path;
};
settings.server = {
DOMAIN = "git.project-cloud.net";
ROOT_URL = "https://git.project-cloud.net";
DISABLE_SSH = true;
HTTP_PORT = 3001;
};
settings.mailer = {
ENABLED = true;
FROM = "gitea@project-cloud.net";
PROTOCOL = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
settings.service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
};
settings."markup.restructuredtext" = let
docutils =
pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
in {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
};
/*
needed for sendmail mail functionality
*/
users.users.gitea.extraGroups = ["postdrop"];
systemd.services.gitea.serviceConfig = {
RestrictAddressFamilies = ["AF_NETLINK"];
ProtectSystem = lib.mkForce false;
};
security.acme = {
acceptTerms = true;
defaults.email = "asmir.abdulahovic@gmail.com";
};
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."miniflux_env" = {
sopsFile = ./secrets/miniflux.yaml;
};
sops.secrets."gitea_mail_pw_hash" = {
sopsFile = ./secrets/gitea_mail_pw_hash.yaml;
};
sops.secrets."asmir_mail_pw_hash" = {
sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
};
sops.secrets."gitea_db" = {
sopsFile = ./secrets/gitea_db.yaml;
owner = config.users.users.gitea.name;
};
sops.secrets."nextcloud_admin" = {
sopsFile = ./secrets/nextcloud_admin.yaml;
owner = config.users.users.nextcloud.name;
};
networking.hostName = "magpie";
networking.wireless.enable = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587];
networking.firewall.allowedUDPPorts = [];
networking.networkmanager.enable = true;
system.stateVersion = "22.11";
}

40
magpie/hardware-configuration.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4FEE-DEED";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

21
magpie/secrets/asmir_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
asmir_mail_pw_hash: ENC[AES256_GCM,data:LOKGd9X69fSj81BwaqjiQL18gXPebIdcfjOO2UJM8XOUEzsqP/gHYWuLYGQ5wuZB9zcFm0yeGjNN8hOq,iv:KwunTtk1ca/N4UidUXh3nSBwMNlP8vI4h2kk8roAzNU=,tag:JyfLzweD7sVT/+RVpLA3QQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTM0ZzVHZ1hlNzJ6d25a
eFpZMHdBZjBFSjU4L0dkK1Noby9HK29CMldNCkJWb2NmcC9jNVFBMWJOZjVBalRw
VVZsN3B1WGJseDFiRTA1R3cvU3c2NEEKLS0tIFI4WHFDRHBCN29IQ0tPVC9zbHZS
OFdsQUpvRzNKc2x1WW13b2d4R3lxdXMKJeMJ1IdxS+WUTzUlFdc4WfnUozWU4/80
9GBPz3VCppunrXrh1zFkfIL+Lz48HFyf7HNI4na6TkyqipR6wsW4gw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-20T19:31:29Z"
mac: ENC[AES256_GCM,data:xXiCems/1em6JdK3V5GcD811yc8t6iHHFmz0OOrWM3muR807Ux80TrD3uoMN8GxIMyr0AloH41k8+vxaSlMmHsGGl6o1P13aR03E+A9ZLp1W2Nb3nCy5rH4pF8WSeNMxZ1SoT2iEAtTsh29xusocQTMUvr7Ou8TDLyVvrKhBPZw=,iv:SSPpVTbVQTvhPg1qm9akrg2ji1fRcukkwX5P2FzWMb4=,tag:a6GiGWfwnKLtteVoi9DJtQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_db.yaml
View File

@@ -1,21 +0,0 @@
gitea_db: ENC[AES256_GCM,data:50Hu8vTKZFxd9kjbcDlyqBW9L5s=,iv:ADKMUKbu1YHOp+DUAezpT8tXCi7x3ayA2VN0s7k4kxg=,tag:S1cu5w8qKT7FFpC30Kd3Xg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZ3l1UTRDMFVlM01TR1dW
VzNnRXpuc0R0d3BpVzZveHRrdHRTTVRXNWpnCjVqNittd3BiZ0d3YXVQUXBpWExU
cGdkSmVtOHJBN3FEdDVCeTVjUllHc0EKLS0tIG5TQlpIQXhNNmJiR0Y3L1p3SVpG
ZnlvRDRUam5MaFdZcGgyZlJSZzMvVWcKxiwENpP7qlF0Uy7DJM0WwLFQ0h+ost5T
BCsZtGP61Z2WcQq0EWYLqJItR2Tk3AXox014CJAm+G/G8PMTAKv0xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T21:16:10Z"
mac: ENC[AES256_GCM,data:EPiLv8IzVXqRan9UlBuA3TmxtB3f4Qj4owed+1Pat9Tih1yOe4Z9RT28JIYJQ70R/IK+Yi0NQem9Ec6HU+8kaxLE3fff/4PM+B9QQbB6fjgLFod/nFk+OuWgR7FTcJ2j16OnlxE5ikCP+qdfvAM0eEv+BoDrWv98gSyCXtMCe48=,iv:th0E7zioz7gtgMlns8kvnf5hmlRH0KX65wPxBi3YP6Y=,tag:JhoGvF8LJmrAQpUOEopohA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
gitea_mail_pw_hash: ENC[AES256_GCM,data:HCXKeqnOxcmxbvTWDFd750gXfs/irNvHw+TWQE5qjFsUP6MTRGvJNQvoU5NDYXs6pjgyznIUx1z31DQG,iv:UV7Yf2JsAcpkyfIW/ipYQa3tlTai0WD102iA3V6ba+A=,tag:TIcB+9GOqyuG68uCTAl4Tg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCT2VyNWxUeUZ5aDdHcXJR
WGJVOGgyeC83MEV4REpGZkRUcVJKZDBqYmtjCllQdFhyRWNiTURYQmpucndFWDlr
WUFybGtmckNBdXYzMVZxT3lQM1k3aTgKLS0tIEpNZjU1RkpSOVo3Y1ovR0lmbHJu
bENVWmpCcTVqMDh2Wjhob2I2VzRRblkKPGCV1gRyihDCStM4tmvp89d996v1UzdJ
/NyK49//+uJJqwCEWuvHWWCB+EbkkOE6gPPKXZyXZSTbb/TDDcVF/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-14T21:21:12Z"
mac: ENC[AES256_GCM,data:NE9btXZKE3KJmxtWc0Ytb0atfBJKRs5T+Xk9RDFX6veSGBoB+M2+YMCONQdr8T2w6lLJqlrMBHqlfuvD3YnDj041xZmfSsi9NACliWj6GWVWcFWWc6W9OVH8/5CfwjYBdgTJ2o7wdnF9fYHvwMRcaHThDmoUkaExVtVsyu912og=,iv:kyekfEq32GSKVNKy8MJYfT5ZMKNSRQUk1viB2W6k29U=,tag:7ie/2P/F3bPQXpkWGKqTfA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/miniflux.yaml
View File

@@ -1,21 +0,0 @@
miniflux_env: ENC[AES256_GCM,data:K5FiJcboD3tpWxQQG4EeCuOb9d8+cXTLjqb9Nt+aYUvWHwycA51q3ZQTMY9JS7GevNugGvz7,iv:Xk7aW1/DObGxJxTlJniaCBHuCVfCh6OZEewISdZl2Pc=,tag:BY8uVkkRzyKr9pA6EGCY2A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ1d3aGhud0UyOVV6Vzcw
Q3Q2OVRQOEpXUk1TK2dOOEZtKzNlUkJGZHh3CmJwYnRpWFhJWHZXQ2I1TnhKWDRx
MGlrbXJoQTVPcUFBa0gvME95OVlxWkEKLS0tIHNZWWRwWUJPV3o3REpENzdMYkVk
Y1V5SXhCUllDWGhjK3JzWDRKQU9hMmMKuVmn6OAy2q/mpBKqUhl1qfpnPvFOd72c
/jMqnxClGSVXjJ5qdvcXCfLeYwT8vnhViNZmjE1ebRosE5YupvrjUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T11:17:33Z"
mac: ENC[AES256_GCM,data:CpzC0H2Rfvl7F9tXCJ0WwkhE4Ba7eOIl1QMh1DHP8YQ9rChzAE8S5SXXuJA0jcmVY6NPfZ7zl8VEBepE+LHCq2UdSkAefawLeM6HwNfedP8N+zheqlyCZ8Os48628aHYN0PVI+/dMvpWWcfl+CFaH1mm4c+KYedCIsS9ZEYi9N8=,iv:EbF58pxbtHxPTAgs4dbZ31qyRT3QJ1kQoUShbLE11FY=,tag:FNF/OzS2SL3FweFw0RcRLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/nextcloud_admin.yaml
View File

@@ -1,21 +0,0 @@
nextcloud_admin: ENC[AES256_GCM,data:txb5JSKxFeTS3M9LSk7m5M1XAvg=,iv:Rf6VNFmK+f0pjL7wH0dlcPL4CqQDRq/qQyliTdn2c4I=,tag:wDQqDZCK2p5aG+g8eE4weA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUnQ3SDAyRTUxUDF0dDhY
K3JmQWlYRVJtdEFac0J4U0RGKzZGNXJmUEg4CmtBSW9yNGZScXhKdnhZWkxIamFW
YXEzbGhwR2F3dDJGdzljZUZBeERhU1kKLS0tIGlXZUhsdnI4ell5R3ZZbjZ0NCtO
TUpkZmxBNzZ1UUY1dGRud2hycGUyZW8KFUGikaFQjFfmn068qex2tpGbRHIbmS3l
27lqo8+eRFnq0nw8H/1yRMi8IghR0+XK68T49hlt0VLS9LZJG1aPag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T23:08:24Z"
mac: ENC[AES256_GCM,data:fb9cOL4Q+q5uarmXtXNlpRmWgv/Ao1MqwwH2V2CQxEiP8zFyFBZs2435vdcLzrQrnBXz0JLVu4g10SH2T4dpYFP42teIkrgmneecjjcM+UOsBsGsrxlpHMha1t/ERRhBA7uJze5/kwHqry6eruWehRTu65QF1qBTql3m6ipjCeY=,iv:a7aFuTCcRCIDERlrj/9dFCF7VgCDDakfPteQimHV3lc=,tag:4mwrDHaQWA4EU0AgtgZaMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

405
mediabox/configuration.nix
View File

@@ -1,405 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
sops-nix,
zremap,
...
}: {
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
experimental-features = ["nix-command" "flakes"];
};
};
boot = {
initrd.compressor = "zstd";
kernelModules = ["acpi_call"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
};
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "aasmir@gmx.com";
};
};
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
hostName = "mediabox";
interfaces.enp0s25.useDHCP = true;
interfaces.wlp3s0.useDHCP = false;
useDHCP = false;
wireless.enable = false;
wireless.interfaces = ["wlp3s0"];
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = ''
192.168.1.173 nixy.lan
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
'';
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.zsh.enable = true;
programs.light.enable = true;
programs.firejail.enable = true;
programs.adb.enable = false;
programs.wireshark.enable = true;
programs.sway.enable = true;
# List services that you want to enable:
systemd = {
services = {
"macchanger-wireless" = {
after = ["sys-subsystem-net-devices-wlp3s0.device"];
before = ["network-pre.target"];
bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = ["multi-user.target"];
wants = ["network-pre.target"];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
serviceConfig.Type = "oneshot";
};
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.x86_64-linux}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
"wakeonlan" = {
description = "Reenable wake on lan every boot";
after = ["network.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
};
wantedBy = ["default.target" "suspend.target" "shutdown.target"];
};
/*
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
*/
};
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = true;
restya-board.enable = false;
thinkfan.enable = false;
xrdp = {
enable = true;
defaultWindowManager = "icewm";
openFirewall = true;
};
logind = {
lidSwitch = "ignore";
};
jellyfin = {
enable = true;
user = "akill";
openFirewall = true;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
deluge = {
enable = false;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/deluge";
web = {
enable = true;
openFirewall = false;
};
config = {
download_location = "/media";
allow_remote = true;
daemon_port = 58846;
};
};
transmission = {
enable = false;
openFirewall = true;
settings = {
rpc-whitelist = "192.168.88.*";
download-dir = "/media";
};
};
qbittorrent = {
enable = true;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/qbittorrent";
port = 8081;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."deluge.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8112/";
};
virtualHosts."qbittorrent.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8081/";
};
virtualHosts."jellyfin.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8096/";
};
virtualHosts."jellyseerr.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:5055/";
};
};
xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager.lightdm.enable = false;
displayManager.defaultSession = "none+icewm";
windowManager.icewm.enable = true;
};
udev.packages = [];
tlp = {
enable = true;
settings = {};
};
actkbd = {
enable = true;
bindings = [
{
keys = [121];
events = ["key"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
}
{
keys = [122];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
}
{
keys = [123];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
}
{
keys = [224];
events = ["key"];
command = "/run/current-system/sw/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "/run/current-system/sw/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};
fonts.packages = with pkgs; [
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
iosevka
jetbrains-mono
liberation_ttf
proggyfonts
siji
];
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = false;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.ado = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.mediauser = {
isNormalUser = true;
shell = pkgs.bash;
extraGroups = [];
};
}

64
mediabox/hardware-configuration.nix
View File

@@ -1,64 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4B94-6E7B";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982";}
];
hardware.cpu.intel.updateMicrocode = true;
nix.settings.max-jobs = lib.mkDefault 8;
}

1
mediabox/peerix-public
View File

@@ -1 +0,0 @@
peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=

40
mediabox/secrets/peerix.yaml
View File

@@ -1,40 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:m76hyDWzcIlczegZyPyTtOYOgOGeyX++SeGsqEWS5b3ZbR2M9RqUGYEscLRX3/Dlff2vgs+hI4cOjiMnhq9pnLzP25Xh4XAiJNMkD43fFCCb7zj2RUWEyLAzzmWpR8fSB1mXTpciUGM=,iv:s9EXpkGYR0kI5xQZ8wAmkobK1q4XlVdFH4irEVwy1bs=,tag:L7AF6mFsxss6NDantbqXMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMkdLVEFQMVk1allhK2hL
NXFXc254SmhxK0lFWTd1SUorUGQ0VEJPcXo4ClNYSkhJbnVjUjdFOGtoWFV2VWZC
NmpaRDVhWnRQUmVDWS9WU2pTVlBEQ1EKLS0tIFAydU9aYXJnd1NnRzU2YXpXM1Vq
VWhhbkZTT1kwTEl5VEVWR1A2aW5OUDgKiYcj5Yo42RjQeo1UeUTBV8YBNYL8ccLW
bQ1655MU/q3LQh14lqwbsOfmGjPc9H0ECltm+V+kNPTRi76qFhcodg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eGJCRlhHbk1JQWl2RllZ
R3hkVGtIamJzZlVLazUrVEJnNmU3Z0tLMG5RClp2Z01Fc1p5QzFhUWNzU2NpU0Zo
aTRPMFhPYlA4VmZNUWFsWHZRMUxyaTQKLS0tIG51TW9JRW12RzVmdWpZY3FaVnBR
UTZ2YWdQVjRTTUxPUWVwbHI4aklITmMKZQnfJs01D4FX+MF6oU0FmWYQ4reB/X/k
Lat8FrqerqaCYqYmAKe3HWBR6HEVm0U7I7jkVuoROMqz3uci+5HWbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNTNhaFVzaWFoTU9GdEZD
Z0JWQlFXc3N3SnAwR09YUmIxZlpvNllmU2tnCkFtVlRXMGV2d1V4S0ZxNlRiVzlC
N3dHSFM2eG02UVQrdGR0SnhUMitvelkKLS0tIFpvQUlIZ05HK3F0a2FkKy9EOURY
YzUwa2s0eTliSmxtajdjYmFsOSs2T1kKg08c1uB0swRSo0R6s6hup5JBfkrCKoxf
SjwBAZtjNhr3hrLy1eoo/dpYG6oAkEs3GvaaZ02ldT872dxZvg6r+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-30T14:18:57Z"
mac: ENC[AES256_GCM,data:R0TJ/7uihpsCHwPLXFYKi+ZaEUtbZVz02utDF7vO7gYDN1MFa0c5nZ/mAnJJtTJI41GdAu9ezTUiU6H1HTHLxYMeUoNAAvNlSCkvGc/oMQofXidL34hq1X2vG05N3UQlkbAXTlCBkYc20oVVOVmT/lq7USEx29oB/ytxZzKYFvM=,iv:qpz0g+O4kwChct1ddiT3D8rZBg08YUr4Ba5pJ4WQyzo=,tag:pWLFiQWl1QSzveBxnq4uXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

78
modules/nextcloud.nix
View File

@@ -1,78 +0,0 @@
{
config,
pkgs,
...
}: {
# Enable Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"nextcloud.mediabox.lan" = {
## Force HTTP redirect to HTTPS
#forceSSL = true;
};
};
};
# Actual Nextcloud Config
services.nextcloud = {
enable = true;
hostName = "localhost";
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud25;
# Use HTTPS for links
https = true;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
adminpassFile = "/var/nextcloud-admin-pass";
adminuser = "admin";
};
};
# Enable PostgreSQL
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# Ensure that postgres is running before running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

116
modules/qbittorrent.nix
View File

@@ -1,116 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent;
configDir = "${cfg.dataDir}/.config";
openFilesLimit = 4096;
in {
options.services.qbittorrent = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Run qBittorrent headlessly as systemwide daemon
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = ''
The directory where qBittorrent will create files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open services.qBittorrent.port to the outside network.
'';
};
openFilesLimit = mkOption {
default = openFilesLimit;
description = ''
Number of files to allow qBittorrent to open.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.qbittorrent];
nixpkgs.overlays = [
(final: prev: {
qbittorrent = prev.qbittorrent.override {guiSupport = false;};
})
];
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
description = "qBittorrent Daemon";
wantedBy = ["multi-user.target"];
path = [pkgs.qbittorrent];
serviceConfig = {
ExecStart = ''
${pkgs.qbittorrent}/bin/qbittorrent-nox \
--profile=${configDir} \
--webui-port=${toString cfg.port}
'';
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
home = cfg.dataDir;
createHome = true;
description = "qBittorrent Daemon user";
};
};
users.groups =
mkIf (cfg.group == "qbittorrent") {qbittorrent = {gid = null;};};
};
}

31
nixy/secrets/peerix.yaml
View File

@@ -1,31 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:767u5KKjk2lMr70vtBvX06t8n/1r5xpCrRNKc9QvypJmbPS+vS8vij8JYJZDKKFBh5xUazSLQC1ga2mpb+hEO2rgD0Aa70p22wwfOP+qCJQNYwlEf0MLWhlblTCE9Cr/eQSX7g==,iv:tPEB4NWbLMvzrUIvosj9PfinMhdWNBu5btjElvbDzxg=,tag:wzxaBzW0R6HKCyP5zlMPRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbi9uTGVPYlhYYWdFb25u
SGhSUm9rNmEzSkNVUEVIOGNLb1Z3VFdjNERFCjVEYXlXTlRCV2dLMW1VMWgzcXBR
OWxSOUZjZ2VCTzRycDhZRGRXWS9KRTAKLS0tIG8yMkZNeFRtdHVPTTJOM2tRSk5F
OXp3Wmh0b1lYQnJBWlMxeGZaZXdnY2MKftJPaUc9sDM8YmvUo1eVDNXWX4scr1rH
SMAod/Oq0BvQfyGIpvVBfL5T7RxlF1DwOedg/p3PSfMPjok7QLyv+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdU9WSjZkWUd6NXFpdXNp
R2huUXZQOGZzb0Z0ekN2WkdRdEFJYk54RmhnCmo0ampNK01VR3lQM0RGYWlNQ3cx
Rk1BK1lIUHJPZ2R5YVd6RTlYbXJDVWcKLS0tIGV0Yy8ySnFMQ25PQUNBL3dPdmc3
WjhldWNVL0h6T1lUSEdXeHFQemRBVEEKJzh1HExRoy/iyTtBNaVdNgolWyFHaaLV
VTDZYEHq+eEIrVAG5xefG/nPpj2K6FRItA6+4PcKtyARG+gKYwp2tw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T11:55:00Z"
mac: ENC[AES256_GCM,data:ieNyjQlo1tQ8qxFMyIN5XGgUiclYIfJe6WUyWiR3qJKKOTnx5MBWNUuHfUMkpm2ToNpaxiDUih2Hhqv5S0Bq1zoExMLjqE36GgaOivha6DeoQn5+WH8bMdMAoc1PlCQkj6Fxw2sdZlrIKcswADk4MfDzdaY/vKoQ5AtK5Bdkgok=,iv:JaOfWEwbLhOTquQVIG6Ll38jkGOCzbtD8h5c7SOAzik=,tag:m4Fmor24Q9GDoe7nu2VnEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

11
common/packages.nix → packages.nix
View File

@@ -11,8 +11,6 @@
bluez
bluez-tools
btop
curlHTTP3
dfu-util
dhcpcd
direnv
dmidecode
@@ -24,38 +22,29 @@
git
gnupg
gptfdisk
hdparm
htop
interception-tools
jq
lm_sensors
meson
mosh
msmtp
nano
neovim
ninja
nix-index
nixos-option
nmap
ntfs3g
ntfsprogs
openhantek6022
optipng
pax-utils
pciutils
pstree
psutils
qemu_kvm
ripgrep
rsync
silver-searcher
socat
sshfs
strace
swaylock
tig
traceroute
unrar
unzip
usbutils

0
nixy/peerix-public → peerix-public
View File

31
secrets/peerix.yaml Normal file
View File

@@ -0,0 +1,31 @@
peerix:
private: ENC[AES256_GCM,data:WlWrX0kxeElaGvFllg2EkgfDsj1bkRwD9xMTWQevktDQaRd3IdVD9IwFZcwgTgS4hVM6gy9Q/VWX3M12vKaLdaKeTR/PMOQGCov291w12cAFIg/pYINp+511a9aHqFaIZx0WeA==,iv:Ni0M4Tikcbs6NsanYunOKn1R8jLlC59NiDbqNVPW7gM=,tag:POSZ9OgkLZyvnN8vn8OgDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbWcxaHVYUjVydnZVZkJa
MFA1TDJFcmtpUis2SXBWNjh5QjI0WkgydHhBCklzVFRlZ0VoSitISlpIaVFJaHRZ
enNFaFl1MkRaQUtpb1JUOUNJaXJDT00KLS0tIHZBeGc2ejR4bkcxVjhrWDYyOVpk
V28zVWZsTFpJVHY3bHdqR3dGMHNqWncKcjvVw61Zfh0yXKikjnrlq1CIoN7wDiiQ
5FDAzjdTMGLOXvrxtfKEJ0RUP8/ANJ+b69pJTBl8To4qIAFGKU0syg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1smcrg45udmvl5w8306qec07lqqzjplwx3l8f80tcewpkh7r3h5yqgenrqd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUnNveWIrOEE4UnlGNnpN
WE5oN1hrOTlma0ZWUDc5ZG5pcUFOV1BJam5nCnhiaFRJVjcreDFiTU85RlJzK0tT
eURJdHAwWXVZU2xHbTdsOVc4VjJOaUUKLS0tIGJ2c3JxVGFZWHdCY1p3M1VRNGlk
enVTczYxcjNPZkFHTG5RZEtRTTRJOUEKNTPZFBwdnKNmalgPqpJew8ucwQZ3yK+8
6Zqv3POnq68ms4nFelQynDYDAEK/maN+qYdo8qgFi14pz87liVF/Ug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-03T20:12:05Z"
mac: ENC[AES256_GCM,data:kcfnNiu88VTYGgxfSRIkqK8MXS7Gcan9oXxc+UM6/c7yCj35ogNGtDxJmJ4O1Gov2LrP3+lbhyHjOeQBYN06JmE+3o3SV/bIZ5HUWMYqmj+yO1sG8ugSx2NAgSMKmyESlrZTZvN9Z9Z8JocmN1TtyA9Uip7/URfGOXaIFYYDLwE=,iv:bxRoXN4DEIi4B2bCxKcImKp1rfkps4RxP3UbjBePjPw=,tag:x4yXtvmoOrFEadhZmbJjAQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3