asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:3a6d18e50752c115909db17739c083e72252ea5d
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2
..
compare: asmir:magento2
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2

1 Commits
3a6d18e507 ... magento2

Author SHA1 Message Date
Asmir A
f70118c33f add magento2 module 2023-07-03 22:48:55 +02:00
48 changed files with 669 additions and 3076 deletions
Expand all files Collapse all files

1
.nixd.json
View File

@@ -1 +0,0 @@
{"formatting":{"command":"alejandra"}}

1
README.md Normal file
View File

@@ -0,0 +1 @@
NixOS configuration using nix flakes and home-manager

3
README.txt
View File

@@ -1,3 +0,0 @@
NixOS configuration using nix flakes and home-manager
Main repository found at: https://git.project-cloud.net/asmir/nixos_flake_config

71
blue/hardware-configuration.nix
View File

@@ -1,71 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."enc_root".device = "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6C85-D29B";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

70
common/suspend.nix
View File

@@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.batteryNotifier;
in {
options = {
services.batteryNotifier = {
enable = mkOption {
default = false;
description = ''
Whether to enable battery notifier.
'';
};
device = mkOption {
default = "BAT0";
description = ''
Device to monitor.
'';
};
notifyCapacity = mkOption {
default = 10;
description = ''
Battery level at which a notification shall be sent.
'';
};
suspendCapacity = mkOption {
default = 5;
description = ''
Battery level at which a suspend unless connected shall be sent.
'';
};
};
};
config = mkIf cfg.enable {
systemd.user.timers."lowbatt" = {
description = "check battery level";
timerConfig.OnBootSec = "1m";
timerConfig.OnUnitInactiveSec = "1m";
timerConfig.Unit = "lowbatt.service";
wantedBy = ["timers.target"];
};
systemd.user.services."lowbatt" = {
description = "battery level notifier";
serviceConfig.PassEnvironment = "DISPLAY";
script = ''
export battery_capacity=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/capacity)
export battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_capacity -le ${builtins.toString cfg.notifyCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Low" "You should probably plug-in."
fi
if [[ $battery_capacity -le ${builtins.toString cfg.suspendCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Critically Low" "Computer will suspend in 60 seconds."
sleep 60s
battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_status = "Discharging" ]]; then
systemctl suspend
fi
fi
'';
};
};
}

127
blue/configuration.nix → configuration.nix
View File

@@ -1,42 +1,56 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
caps2esc,
nix-xilinx,
sops-nix,
...
}: {
imports = [
];
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = true;
system.autoUpgrade.enable = false;
sops.age.keyFile = config.users.users.akill.home + "/.config/sops/age/keys.txt";
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings.experimental-features = ["nix-command" "flakes"];
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-public-keys = [
"binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
];
};
};
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
supportedFilesystems = ["btrfs"];
tmpOnTmpfs = true;
extraModulePackages = with config.boot.kernelPackages; [usbip];
initrd.compressor = "zstd";
loader.systemd-boot = {
enable = true;
editor = false;
memtest86.enable = true;
};
initrd.kernelModules = ["amdgpu"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["psmouse.synaptics_intertouch=0"];
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.editor = false;
loader.systemd-boot.enable = true;
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
};
security = {
rtkit.enable = true;
allowSimultaneousMultithreading = true;
sudo.enable = false;
sudo.enable = true;
doas.enable = true;
doas.extraRules = [
{
@@ -52,23 +66,45 @@
};
networking = {
firewall.enable = true;
hostName = "blue";
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
hostName = "nixy";
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
192.168.88.230 mediabox.lan
192.168.88.230 jellyfin.mediabox.lan
192.168.88.230 deluge.mediabox.lan
192.168.88.230 binarycache.mediabox.lan
192.168.88.231 workstation.lan
192.168.88.1 router.lan
'';
networkmanager = {
enable = true;
dns = "none";
/*
wifi.backend = "iwd";
*/
};
wireless.iwd = {
enable = true;
settings = {
General = {
AddressRandomization = "network";
#EnableNetworkConfiguration = true;
};
};
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nix-xilinx.overlay];
environment = {
homeBinInPath = true;
variables = {
@@ -98,9 +134,9 @@
serviceConfig.Nice = -20;
script = ''
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/*-kbd | \
/opt/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/*-kbd \
-g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/platform-i8042-serio-0-event-kbd \
'';
};
};
@@ -118,21 +154,9 @@
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = false;
openssh.enable = true;
printing.enable = true;
nextcloud = {
enable = true;
hostName = "localhost";
config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
};
jellyfin = {
enable = false;
user = "akill";
openFirewall = false;
};
pipewire = {
enable = true;
alsa.enable = true;
@@ -153,7 +177,17 @@
windowManager.i3.enable = true;
};
udev.packages = [pkgs.rtl-sdr pkgs.openhantek6022];
udev = {
packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
extraRules = ''
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx Digilent
ATTR{idVendor}=="1443", MODE:="666"
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
'';
};
tlp = {
enable = true;
@@ -194,18 +228,6 @@
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
dnscrypt-proxy2 = {
enable = true;
settings = {
@@ -223,6 +245,11 @@
};
};
nix-serve = {
enable = false;
secretKeyFile = "/var/cache-priv-key.pem";
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
@@ -274,6 +301,7 @@
};
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
};
@@ -294,8 +322,7 @@
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
];
extraPackages = with pkgs; [];
};
};
@@ -307,6 +334,6 @@
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout"];
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
};
}

444
flake.lock generated
View File

@@ -1,54 +1,24 @@
{
"nodes": {
"blobs": {
"flake": false,
"caps2esc": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"lastModified": 1684616473,
"narHash": "sha256-e8/7jWl2EA1UROhd9L+D9kLdd5SoFYWi+56n2jer7g4=",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"rev": "4ebc36bef4f4548566df14d94c9c9907e7a76e78",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -64,14 +34,14 @@
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@@ -80,39 +50,6 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1692742795,
"narHash": "sha256-f+Y0YhVCIJ06LemO+3Xx00lIcqQxSKJHXT/yk1RTKxw=",
"owner": "srid",
"repo": "flake-root",
"rev": "d9a70d9c7a5fd7f3258ccf48da9335e9b47c3937",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -131,30 +68,6 @@
"type": "github"
}
},
"goatcounter": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-root": "flake-root",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1705880453,
"narHash": "sha256-Y1O6tia2Pc1MA5ZoFH3B2y7FwjZuIDiNT4C9+bBawrY=",
"owner": "asmir-abdulahovic",
"repo": "goatcounter-flake",
"rev": "f912ab7024cbc47d5fa80a416b643707a9b50b06",
"type": "github"
},
"original": {
"owner": "asmir-abdulahovic",
"repo": "goatcounter-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -162,11 +75,11 @@
]
},
"locked": {
"lastModified": 1711868868,
"narHash": "sha256-QpZanlbVu6Gb2K96u3vgu0F2BvZD74+fOsIFWcYEXoY=",
"lastModified": 1688220547,
"narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "30f2ec39519f4f5a8a96af808c439e730c15aeab",
"rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b",
"type": "github"
},
"original": {
@@ -177,17 +90,15 @@
},
"nix-xilinx": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
]
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1699035130,
"narHash": "sha256-emK4aJCC2gW94b2P3N2LjkQ6PEMLUcDduVWwYQ7aq+o=",
"lastModified": 1685780173,
"narHash": "sha256-K18JYyCHrnb05Odb7N9FpU30az7QOV8uL9ch0RgU7i0=",
"owner": "asmir.abdulahovic",
"repo": "nix-xilinx",
"rev": "0323990db46c32e361e4fd70600d859eb90862af",
"rev": "cc5ab958d31c58481b1f7f3a2c0a4db7c22006e9",
"type": "gitlab"
},
"original": {
@@ -198,81 +109,100 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1711703276,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "nixos",
"lastModified": 1684585791,
"narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1711819797,
"narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
"lastModified": 1688256355,
"narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c",
"rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710623348,
"narHash": "sha256-hDoBWudKaqY+NMPicHo83PitZCwxXQeej2xHQBjEIfM=",
"ref": "refs/heads/master",
"rev": "2b10f5cb327c8af9aad32ee5548eb246295c3a52",
"revCount": 29,
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
"lastModified": 1685677062,
"narHash": "sha256-zoHF7+HNwNwne2XEomphbdc4Y8tdWT16EUxUTXpOKpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95be94370d09f97f6af6a1df1eb9649b5260724e",
"type": "github"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688231357,
"narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1684668519,
"narHash": "sha256-KkVvlXTqdLLwko9Y0p1Xv6KQ9QTcQorrU098cGilb7c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85340996ba67cc02f01ba324e18b1306892ed6f5",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1688188316,
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1684706914,
@@ -288,79 +218,27 @@
"type": "gitlab"
}
},
"project-cloud": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"theme_anemone": "theme_anemone",
"theme_deepthought": "theme_deepthought"
},
"locked": {
"lastModified": 1705870326,
"narHash": "sha256-ojdGSeqztnnGMyLKjnSCGq0muGh3U+Zb9iwzaaDsaF4=",
"ref": "refs/heads/master",
"rev": "ad6af66a6142279789db8967b285eb04c6d18c02",
"revCount": 26,
"type": "git",
"url": "https://git.project-cloud.net/asmir/project-cloud"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/project-cloud"
}
},
"root": {
"inputs": {
"goatcounter": "goatcounter",
"caps2esc": "caps2esc",
"home-manager": "home-manager",
"nix-xilinx": "nix-xilinx",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"nixpkgs": "nixpkgs_3",
"peerix": "peerix",
"project-cloud": "project-cloud",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"swaysw": "swaysw",
"zremap": "zremap"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1710449465,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1711855048,
"narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
"lastModified": 1688268466,
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
"type": "github"
},
"original": {
@@ -369,26 +247,6 @@
"type": "github"
}
},
"swaysw": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1711800706,
"narHash": "sha256-VuClUfWEmuv6Ysf6g42rfIm4cRZ/DWYZJxlNd9f1IL4=",
"ref": "refs/heads/master",
"rev": "7422c005ffdd282c389d21c5f8a4ea835bc1a0f0",
"revCount": 4,
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -403,112 +261,6 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"theme_anemone": {
"flake": false,
"locked": {
"lastModified": 1699399376,
"narHash": "sha256-u2baLVhc/tWd9h9+g9vKBN1m4qG23uL1HUizFigOJXw=",
"owner": "Speyll",
"repo": "anemone",
"rev": "565a6e84e3054a45ec31729125801ab1f403c936",
"type": "github"
},
"original": {
"owner": "Speyll",
"repo": "anemone",
"type": "github"
}
},
"theme_deepthought": {
"flake": false,
"locked": {
"lastModified": 1681035730,
"narHash": "sha256-dzhfGmhuNCbloqknM7lVnFbNYmf2/ue7az6DQok44yM=",
"owner": "RatanShreshtha",
"repo": "DeepThought",
"rev": "430c1d5085dd6bea4cd6bd2d55003db67ba6bea0",
"type": "github"
},
"original": {
"owner": "RatanShreshtha",
"repo": "DeepThought",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"goatcounter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702461037,
"narHash": "sha256-ssyGxfGHRuuLHuMex+vV6RMOt7nAo07nwufg9L5GkLg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "d06b70e5163a903f19009c3f97770014787a080f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zremap": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696448728,
"narHash": "sha256-kUc6983IX9n0eQxTFZRK7LYCLHoxoGZ5rOV7nu8hGRI=",
"owner": "asmir.abdulahovic",
"repo": "zremap",
"rev": "9043844893cfc333ed04d04c1d3b67d9904c0afc",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "zremap",
"type": "gitlab"
}
}
},
"root": "root",

154
flake.nix
View File

@@ -3,92 +3,40 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-xilinx = {
url = "gitlab:asmir.abdulahovic/nix-xilinx";
inputs.nixpkgs.follows = "nixpkgs";
};
peerix = {
url = "gitlab:asmir.abdulahovic/peerix";
inputs.nixpkgs.follows = "nixpkgs";
};
zremap = {
url = "gitlab:asmir.abdulahovic/zremap";
inputs.nixpkgs.follows = "nixpkgs";
};
swaysw = {
url = "git+https://git.project-cloud.net/asmir/swaysw";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
url = "git+https://git.project-cloud.net/asmir/nvim_flake";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
goatcounter = {
url = "github:asmir-abdulahovic/goatcounter-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
caps2esc.url = "gitlab:asmir.abdulahovic/caps2esc";
nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx";
peerix.url = "gitlab:asmir.abdulahovic/peerix";
sops-nix.url = "github:Mic92/sops-nix";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
project-cloud = {
url = "git+https://git.project-cloud.net/asmir/project-cloud";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
goatcounter,
home-manager,
self,
nixpkgs,
caps2esc,
home-manager,
nix-xilinx,
nvim,
peerix,
project-cloud,
simple-nixos-mailserver,
sops-nix,
swaysw,
zremap,
...
}: let
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
in {
}: {
nixosConfigurations = rec {
nixy = nixpkgs.lib.nixosSystem rec {
nixy = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./common/packages.nix
./common/suspend.nix
./nixy/configuration.nix
./nixy/hardware-configuration.nix
./configuration.nix
./packages.nix
./hardware-configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
peerix.nixosModules.peerix
{
@@ -98,88 +46,12 @@
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
publicKeyFile = ./nixy/peerix-public;
publicKeyFile = ./peerix-public;
publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
};
}
];
};
mediabox = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./common/packages.nix
./common/suspend.nix
./mediabox/configuration.nix
./mediabox/hardware-configuration.nix
./modules/qbittorrent.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
publicKeyFile = ./mediabox/peerix-public;
publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
};
}
];
};
blue = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./blue/configuration.nix
./blue/hardware-configuration.nix
./common/packages.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
];
};
magpie = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./magpie/configuration.nix
./magpie/hardware-configuration.nix
goatcounter.nixosModules.goatcounter
simple-nixos-mailserver.nixosModule
sops-nix.nixosModules.sops
(builtins.toPath "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix")
];
};
};
devShell.x86_64-linux = pkgs.mkShell {
buildInputs = with pkgs; [sops ssh-to-age age];
shellHook = ''
echo "Configuring NixOS!"
'';
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
};
}

12
nixy/hardware-configuration.nix → hardware-configuration.nix
View File

@@ -20,7 +20,7 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."sys_enc".device = "/dev/disk/by-uuid/682d030d-189e-4b47-a60a-62cf1f3729d3";
@@ -28,25 +28,25 @@
fileSystems."/home" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
options = ["subvol=log" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
@@ -55,7 +55,7 @@
};
fileSystems."/opt/xilinx" = {
device = "/dev/disk/by-uuid/f5c27ef2-8053-4d96-9f8f-c6a50d6193b9";
device = "/dev/disk/by-uuid/09912fb9-0284-4b4e-add1-d4a27329539f";
fsType = "erofs";
};

71
home/home.nix
View File

@@ -2,15 +2,11 @@
pkgs,
config,
lib,
inputs,
...
}:
let
qutebrowser_firejail = pkgs.writeShellScriptBin "qutebrowser" ''
firejail -- ${pkgs.qutebrowser}/bin/qutebrowser "$@"
'';
in
with lib; {
with lib; let
vimrc = import ./vimrc.nix {inherit pkgs vimUtils fetchFromGitHub;};
in {
imports = [./zsh.nix ./i3status-rust.nix ./sway.nix ./i3.nix ./home_packages.nix ./whatsapp-for-linux.nix];
home.stateVersion = "22.11";
@@ -21,20 +17,14 @@ with lib; {
xdg.mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = "sioyek.desktop";
"text/html" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
"application/pdf" = ["sioyek.desktop"];
};
};
fonts.fontconfig.enable = true;
home.sessionVariables = rec {
BROWSER = "${qutebrowser_firejail}/bin/qutebrowser";
DEFAULT_BROWSER = "${BROWSER}";
home.sessionVariables = {
BROWSER = "qutebrowser";
EDITOR = "nvim";
_JAVA_AWT_WM_NONREPARENTING = "1";
MOZ_ENABLE_WAYLAND = "1";
@@ -57,23 +47,16 @@ with lib; {
};
};
tmux = {
enable = true;
clock24 = true;
keyMode = "vi";
terminal = "screen-256color";
plugins = with pkgs.tmuxPlugins; [ sysstat net-speed gruvbox ];
};
mpv = {
enable = true;
package = pkgs.mpv;
config = {
slang = "eng,en";
alang = "eng,en";
hwdec = "auto";
vo = "gpu-next";
ao = "pipewire";
script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
script-opts-set = "sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
};
@@ -145,13 +128,13 @@ with lib; {
qutebrowser = {
enable = true;
package = qutebrowser_firejail;
package = pkgs.qutebrowser-qt6;
keyBindings = {
normal = {
"j" = "scroll-px 0 25";
"k" = "scroll-px 0 -25";
"u" = "undo --window";
";v" = "hint links spawn mpv {hint-url}";
";v" = "hint links userscript view_in_mpv";
};
};
@@ -187,8 +170,15 @@ with lib; {
pull = {rebase = true;};
credential = {helper = "store";};
};
signing.key = "020C42B7A9ABA3E2";
signing.signByDefault = true;
};
neovim = {
enable = true;
vimAlias = true;
vimdiffAlias = true;
plugins = vimrc.plugins;
extraConfig = "";
extraPackages = vimrc.extraPackages;
};
obs-studio = {
@@ -201,10 +191,14 @@ with lib; {
zsh.enable = true;
};
xdg.configFile."nvim/init.lua" = {
source = ./vimrc.lua;
recursive = true;
};
services = {
lorri.enable = false;
mako.enable = true;
cliphist.enable = true;
gammastep = {
enable = true;
latitude = "44.53";
@@ -221,33 +215,26 @@ with lib; {
enableSshSupport = true;
};
swayidle = let
locker = pkgs.writeShellScriptBin "swaylock_fancy" ''
TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
${pkgs.grim}/bin/grim -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
${pkgs.swaylock}/bin/swaylock -f -i "$TMP_FILE"
${pkgs.coreutils}/bin/rm "$TMP_FILE"
'';
in {
swayidle = {
enable = true;
events = [
{
event = "before-sleep";
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
{
event = "lock";
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
{
event = "after-resume";
command = "${pkgs.procps}/bin/pkill -USR1 i3status-rs";
command = "pkill -USR1 i3status-rs";
}
];
timeouts = [
{
timeout = 15 * 60;
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
];
};

211
home/home_packages.nix
View File

@@ -1,142 +1,79 @@
{
config,
pkgs,
inputs,
system,
...
}: let
chromium_teams = pkgs.writeShellScriptBin "chromium_teams" ''
${pkgs.chromium}/bin/chromium --socket=wayland org.chromium.Chromium --app=https://teams.microsoft.com/
'';
chromium_discord = pkgs.writeShellScriptBin "chromium_discord" ''
${pkgs.chromium}/bin/chromium --socket=wayland org.chromium.Chromium --app=https://discordapp.com/channels/@me
'';
ssh_proxy = pkgs.writeShellScriptBin "ssh_proxy" ''
if ${pkgs.coreutils}/bin/test $# -ne 1; then
echo "Usage: $0 <user>@<ssh_host>"
exit
fi
PROXY_PORT="1337"
${pkgs.openssh}/bin/ssh -D "$PROXY_PORT" -q -N "$@"
'';
wrap_sh = let
bubblewrap = pkgs.callPackage ../packages/bubblewrap/default.nix {};
in
pkgs.writeShellScriptBin "wrap.sh" ''
if ${pkgs.coreutils-full}/bin/test $# -ne 1; then
echo "Usage: $0 <directory>"
exit
fi
FULL_PATH=$(${pkgs.coreutils-full}/bin/realpath "$1")
BUBBLEWRAP_DIR="$1" ${bubblewrap}/bin/bwrap \
--bind / / \
--dev /dev \
--overlay-src "$FULL_PATH" \
--tmp-overlay "$FULL_PATH" \
"$SHELL"
'';
in {
home.packages = with pkgs;
[
anydesk
appimage-run
arp-scan
birdtray
blackmagic
blender
btop
cached-nix-shell
caddy
cargo
chromium
cmake
compsize
cura
deluge
discord
dmenu-wayland
ffmpeg-full
firefox
freecad
gcc
gdb
ghostscript
glab
glaxnimate
gnumake
go
grim
hyperfine
imagemagick
imv
inkscape
jellyfin-media-player
kdenlive
kicad
kodi-wayland
krita
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nix-init
nixpkgs-fmt
nix-prefetch-git
nodePackages.peerflix
openocd
openscad
pandoc
pass-wayland
patchelf
pavucontrol
pirate-get
poppler_utils
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
screen
seer
sioyek
skypeforlinux
slurp
stm32cubemx
tea
teams-for-linux
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wine
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yewtube
yt-dlp
zapzap
zathura
zeal-qt6
zig
]
++ [
chromium_discord
chromium_teams
ssh_proxy
wrap_sh
]
++ [
inputs.swaysw.packages.${system}.swaysw
(pkgs.callPackage ../packages/viber/default.nix {})
(pkgs.callPackage ../packages/bubblewrap/default.nix {})
];
}: {
home.packages = with pkgs; [
alejandra
appimage-run
arp-scan
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
glab
glaxnimate
gnumake
grim
hyperfine
imagemagick
imv
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yt-dlp
zathura
zeal-qt6
zig
zls
];
}

5
home/i3status-rust.nix
View File

@@ -39,11 +39,6 @@
device = "enp5s0";
interval = 2;
}
{
block = "net";
device = "eno1";
interval = 2;
}
{
block = "memory";
}

56
home/sway.nix
View File

@@ -2,24 +2,8 @@
config,
lib,
pkgs,
inputs,
system,
...
}: let
cliphist_sway = pkgs.writeShellScriptBin "cliphist_sway" ''
${pkgs.cliphist}/bin/cliphist list | \
${pkgs.wofi}/bin/wofi --dmenu --insensitive | \
${pkgs.cliphist}/bin/cliphist decode | \
${pkgs.wl-clipboard}/bin/wl-copy
'';
screenshot_clip = pkgs.writeShellScriptBin "screenshot_clip" ''
GEOM="$(${pkgs.slurp}/bin/slurp -d)"
${pkgs.grim}/bin/grim -g "$GEOM" - | ${pkgs.wl-clipboard}/bin/wl-copy
'';
swaysw = inputs.swaysw.packages.${system}.swaysw;
viber = pkgs.callPackage ../packages/viber/default.nix {};
term = "${pkgs.foot}/bin/footclient";
in {
}: {
wayland.windowManager.sway = {
enable = true;
extraSessionCommands = "";
@@ -34,11 +18,11 @@ in {
window.commands = [
{
command = "move scratchpad, resize set 1152 648";
criteria = {app_id = "pulsemixer|python3|com.rtosta.zapzap|whatsapp-for-linux|com.viber";};
criteria = {app_id = "pulsemixer|python3|whatsapp-for-linux|com.viber.Viber";};
}
{
command = "move scratchpad, resize set 1502 845";
criteria = {app_id = "com.viber";};
criteria = {class = "ViberPC";};
}
{
command = "floating enable";
@@ -49,21 +33,16 @@ in {
modifier = "Mod4";
output = {
eDP-1 = {
bg = "~/pic/wallpaper stretch";
bg = "~/pic/weird_dragon.jpg stretch";
/*
scale = "1.4";
*/
};
HDMI-A-4 = {
res = "1920x1080";
};
};
input = {
"type:keyboard" = {repeat_delay = "150";};
"type:keyboard" = {repeat_rate = "70";};
"type:touchpad" = {tap = "enabled";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
"2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
};
bars = [
@@ -74,16 +53,14 @@ in {
style = "Bold Semi-Condensed";
size = 12.0;
};
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml";
statusCommand = "i3status-rs ~/.config/i3status-rust/config-top.toml";
}
];
keybindings = {
"Alt+Shift+q" = "kill";
"Alt+Shift+Return" = "exec ${term}";
"Alt+Shift+Return" = "exec ${pkgs.foot}/bin/footclient";
"Alt+p" = "exec ${pkgs.dmenu-wayland}/bin/dmenu-wl_run -fn \"mono 14\"";
"Alt+c" = "exec ${pkgs.moreutils}/bin/lckdo cliphist_sway ${cliphist_sway}/bin/cliphist_sway";
"Print" = "exec ${pkgs.moreutils}/bin/lckdo screenshot_clip ${screenshot_clip}/bin/screenshot_clip";
"Alt+Shift+space" = "floating toggle";
"Alt+space" = "focus mode_toggle";
@@ -118,16 +95,21 @@ in {
"Alt+j" = "focus down";
"Alt+k" = "focus up";
"Alt+l" = "focus right";
"Alt+slash" = "exec ${pkgs.moreutils}/bin/lckdo swaysw ${swaysw}/bin/swaysw";
"Alt+slash" = "exec lckdo /tmp/.sws_cli_lock footclient -a sws_cli -- sws_cli.sh";
"Alt+Escape" = "workspace back_and_forth";
"Alt+f" = "fullscreen enable";
"Mod4+l" = ''
exec ${pkgs.sway}/bin/swaymsg [app_id="python3"] scratchpad show || exec ${term} -a python3 ${pkgs.python3}/bin/python3'';
"Mod4+h" = "exec ${pkgs.sway}/bin/swaymsg [app_id=com.rtosta.zapzap] scratchpad show || exec ${pkgs.zapzap}/bin/zapzap";
"Mod4+j" = "exec ${pkgs.sway}/bin/swaymsg [app_id=com.viber] scratchpad show || exec ${viber}/bin/viber";
exec swaymsg [app_id="python3"] scratchpad show || exec foot -a python3 python3'';
"Mod4+h" = "exec swaymsg [app_id=whatsapp-for-linux] scratchpad show || exec whatsapp-for-linux";
"Mod4+j" = "exec swaymsg [app_id=com.viber.Viber] scratchpad show";
"Mod4+y" = ''
exec ${pkgs.sway}/bin/swaymsg [app_id="pulsemixer"] scratchpad show || exec ${term} -a pulsemixer ${pkgs.pulsemixer}/bin/pulsemixer'';
exec swaymsg [app_id="pulsemixer"] scratchpad show || exec foot -a pulsemixer pulsemixer'';
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
"XF86AudioMute" = "exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
"XF86AudioMicMute" = "exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
};
};
};

195
home/vimrc.lua Normal file
View File

@@ -0,0 +1,195 @@
-- Basic settings
vim.g.loaded_matchparen = true
vim.g.netrw_liststyle = 3
vim.go.background = 'dark'
vim.go.belloff = 'all'
vim.go.breakindent = true
vim.go.hlsearch = false
vim.go.laststatus = 0
vim.go.lazyredraw = true
vim.go.showcmd = true
vim.go.synmaxcol = 800
vim.go.syntax = 'on'
vim.go.termguicolors = true
vim.go.titleold = vim.fn.getcwd()
vim.go.title = true
vim.go.wildmenu = true
vim.go.wrap = true
vim.wo.number = true
vim.cmd([[colorscheme gruvbox]])
-- Defines a read-write directory for treesitters in nvim's cache dir
local parser_install_dir = vim.fn.stdpath("cache") .. "/treesitters"
if vim.fn.isdirectory(parser_install_dir) == 0 then
vim.fn.mkdir(parser_install_dir, "p")
end
-- Adding runtime needed for Nix setup on non NixOS
vim.o.runtimepath = vim.o.runtimepath .. "," .. parser_install_dir
require 'nvim-treesitter.install'.compilers = { 'gcc' }
require 'nvim-treesitter.configs'.setup {
ensure_installed = { "c", "cpp", "zig", "python", "verilog", "nix", "lua", "latex" },
parser_install_dir = parser_install_dir,
highlight = { enable = true, disable = {} },
indent = { enable = false, disable = {} },
rainbow = {
enable = true,
extended_mode = true, -- Highlight also non-parentheses delimiters, boolean or table: lang -> boolean
max_file_lines = 1000, -- Do not enable for files with more than 1000 lines, int
colors = {
'#ff0000', '#ffa500', '#ffff00', '#008000', '#0051a0', '#8003f2'
} -- table of hex strings
}
}
-- Mappings.
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap = true, silent = true }
vim.api.nvim_set_keymap('n', '<space>e',
'<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<space>q',
'<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', 'Q', '<cmd>nohl<CR>', opts)
vim.api.nvim_set_keymap('n', 'j', 'gj', opts)
vim.api.nvim_set_keymap('n', 'k', 'gk', opts)
vim.api.nvim_set_keymap('v', 'j', 'gj', opts)
vim.api.nvim_set_keymap('v', 'k', 'gk', opts)
vim.api.nvim_set_keymap('n', '<C-J>', '<C-W><C-J>', opts)
vim.api.nvim_set_keymap('n', '<C-K>', '<C-W><C-K>', opts)
vim.api.nvim_set_keymap('n', '<C-L>', '<C-W><C-L>', opts)
vim.api.nvim_set_keymap('n', '<C-H>', '<C-W><C-H>', opts)
vim.api.nvim_create_autocmd('LspAttach', {
desc = 'LSP actions',
callback = function()
local bufmap = function(mode, lhs, rhs)
vim.keymap.set(mode, lhs, rhs, { buffer = true })
end
-- Displays hover information about the symbol under the cursor
bufmap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<cr>')
-- Jump to the definition
bufmap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<cr>')
-- Jump to declaration
bufmap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<cr>')
-- Lists all the implementations for the symbol under the cursor
bufmap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<cr>')
-- Jumps to the definition of the type symbol
bufmap('n', 'go', '<cmd>lua vim.lsp.buf.type_definition()<cr>')
-- Lists all the references
bufmap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<cr>')
-- Displays a function's signature information
bufmap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<cr>')
-- Renames all references to the symbol under the cursor
bufmap('n', 'rn', '<cmd>lua vim.lsp.buf.rename()<cr>')
-- Selects a code action available at the current cursor position
bufmap('n', '<F4>', '<cmd>lua vim.lsp.buf.code_action()<cr>')
bufmap('x', '<F4>', '<cmd>lua vim.lsp.buf.range_code_action()<cr>')
-- Show diagnostics in a floating window
bufmap('n', 'gl', '<cmd>lua vim.diagnostic.open_float()<cr>')
-- Move to the previous diagnostic
bufmap('n', '[d', '<cmd>lua vim.diagnostic.goto_prev()<cr>')
-- Move to the next diagnostic
bufmap('n', ']d', '<cmd>lua vim.diagnostic.goto_next()<cr>')
-- Format current buffer
bufmap('n', '<space>f', function() vim.lsp.buf.format { async = true } end)
end
})
-- Use a loop to conveniently call 'setup' on multiple servers and
-- map buffer local keybindings when the language server attaches
local cmp = require 'cmp'
cmp.setup({
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'buffer' },
{ name = 'path' },
}),
mapping = {
["<Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
["<S-Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
['<Down>'] = cmp.mapping(cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<Up>'] = cmp.mapping(cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<C-n>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-p>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
['<C-e>'] = cmp.mapping({ i = cmp.mapping.close(), c = cmp.mapping.close() }),
['<CR>'] = cmp.mapping({
i = cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = false }),
}),
}
})
local servers = { 'pyright', 'rust_analyzer', 'ccls', 'lua_ls', 'rnix', 'texlab', 'verible' }
local capabilities = require('cmp_nvim_lsp').default_capabilities()
for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup {
capabilities = capabilities
}
end
require('lspconfig').lua_ls.setup({
single_file_support = true,
})
require('lspconfig').verible.setup({
root_dir = function() return vim.loop.cwd() end
})
if vim.fn.exists('+undofile') ~= 0 then
local undo_dir = vim.env.HOME .. '/.config/nvim/undo'
if vim.fn.isdirectory(undo_dir) == 0 then vim.fn.mkdir(undo_dir, 'p') end
vim.o.undodir = undo_dir
vim.o.undofile = true
end
vim.cmd([[syntax sync minlines=100]])
vim.cmd([[syntax sync maxlines=140]])

44
home/vimrc.nix Normal file
View File

@@ -0,0 +1,44 @@
{
pkgs,
vimUtils,
fetchFromGitHub,
}: {
extraPackages = [
pkgs.ccls
pkgs.clang
pkgs.luaformatter
pkgs.nil
pkgs.pyright
pkgs.rnix-lsp
pkgs.rust-analyzer
pkgs.sumneko-lua-language-server
pkgs.svls
pkgs.texlab
pkgs.tree-sitter
pkgs.zls
pkgs.verible
];
plugins = with pkgs.vimPlugins; [
colorizer
fugitive
fzf-vim
gruvbox
nvim-lspconfig
nvim-treesitter
nvim-ts-rainbow
repeat
targets-vim
UltiSnips
vim-addon-nix
vim-signify
vim-slime
vim-snippets
zig-vim
cmp-nvim-lsp
cmp-buffer
cmp-path
cmp-cmdline
nvim-cmp
];
}

14
home/zsh.nix
View File

@@ -52,8 +52,8 @@
src = pkgs.fetchFromGitHub {
owner = "sindresorhus";
repo = "pure";
rev = "a02209d36c8509c0e62f44324127632999c9c0cf";
hash = "sha256-BmQO4xqd/3QnpLUitD2obVxL0UulpboT8jGNEh4ri8k=";
rev = "47c0c881f0e7cfdb5eaccd335f52ad17b897c060";
sha256 = "15xdhi72pq88ls5gx1h0k23jvb41j6kq6ar17dqmd5d38zsgwl3v";
};
file = "pure.plugin.zsh";
}
@@ -86,6 +86,7 @@
setopt c_bases
setopt completeinword
setopt completealiases
setopt extendedglob
setopt notify
#
@@ -98,15 +99,6 @@
eval "$(direnv hook zsh)"
zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then
TMUX_EXE="${pkgs.tmux}/bin/tmux"
systemd-run --scope --user $TMUX_EXE attach-session -t $USER || systemd-run --scope --user $TMUX_EXE new-session -s $USER
fi
if [[ -n "$BUBBLEWRAP_DIR" ]]; then
RPS1="{{$BUBBLEWRAP_DIR}}"
fi
'';
};
}

77
magento2-nginx.nix Normal file
View File

@@ -0,0 +1,77 @@
{
pkgs,
lib,
config,
...
}: let
app = "magento2";
domain = "127.0.0.1";
dataDir = config.users.users.akill.home + "/proj/magento2/magento/pub";
in {
services = {
phpfpm.pools.${app} = {
user = "akill";
group = "users";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
nginx = {
user = "akill";
group = "users";
enable = true;
virtualHosts.${domain}.locations."/" = {
root = dataDir;
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
mysql = {
enable = true;
package = pkgs.mysql;
settings.mysqld.port = 3306;
initialDatabases = [{name = "magento2";}];
ensureUsers = [
{
name = "magento2";
ensurePermissions = {"magento2.*" = "ALL PRIVILEGES";};
}
];
};
opensearch.enable = true;
postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE magento2 WITH LOGIN PASSWORD 'magento2' CREATEDB;
CREATE DATABASE magento2;
GRANT ALL PRIVILEGES ON DATABASE magento2 TO magento2;
'';
};
};
systemd.services.phpfpm-magento2.serviceConfig.ProtectHome = lib.mkForce false;
}

370
magpie/configuration.nix
View File

@@ -1,370 +0,0 @@
{
config,
pkgs,
lib,
project-cloud,
goatcounter,
nvim,
system,
...
}: {
imports = [];
nix.optimise.automatic = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 2;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
users.users.root.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ=="
];
environment.systemPackages = with pkgs; [
curl
fd
file
fzf
fzy
git
goatcounter.packages.${system}.goatcounter
nvim.packages.${system}.nvim
htop-vim
nvim
pciutils
tig
tmux
unzip
usbutils
wget
zip
];
programs.mosh.enable = true;
mailserver = {
enable = true;
debug = false;
fqdn = "mail.project-cloud.net";
domains = ["project-cloud.net"];
enableSubmissionSsl = true;
enableImap = false;
enableImapSsl = true;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"gitea@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
aliases = ["git@project-cloud.net"];
};
"asmir@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
aliases = ["asmir.abdulahovic@project-cloud.net"];
};
};
certificateScheme = "acme-nginx";
};
services.journald.extraConfig = ''SystemMaxUse=50M '';
services.logind.extraConfig = ''KillUserProcesses=yes '';
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.enable = true;
services.openssh.listenAddresses = [
{
addr = "10.100.0.1"; # wireguard
port = 22;
}
];
services.opendkim.enable = true;
services.miniflux = {
enable = false;
adminCredentialsFile = config.sops.secrets."miniflux_env".path;
config = {
LISTEN_ADDR = "localhost:5001";
BASE_URL = "https://miniflux.project-cloud.net";
};
};
services.goatcounter = {
enable = true;
environmentFile = "/var/lib/goatcounter.env";
extraArgs = ["-listen='*:8002'" "-tls=proxy"];
database = {
backend = "sqlite";
name = "goatcounter";
user = "goatcounter";
automigrate = true;
};
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
config.adminpassFile = config.sops.secrets."nextcloud_admin".path;
configureRedis = true;
hostName = "cloud.project-cloud.net";
https = true;
settings = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
phpOptions = {
"opcache.jit" = "tracing";
"opcache.jit_buffer_size" = "100M";
"opcache.interned_strings_buffer" = "16";
};
};
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."project-cloud.net" = {
quic = true;
http3 = true;
forceSSL = true;
enableACME = true;
root = "${project-cloud.packages.${system}.default}/public";
};
virtualHosts.${config.services.nextcloud.hostName} = {
quic = true;
http3 = true;
forceSSL = true;
enableACME = true;
};
virtualHosts."miniflux.project-cloud.net" = {
quic = true;
http3 = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:5001";
};
};
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
quic = true;
http3 = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
virtualHosts."stats.project-cloud.net" = {
quic = true;
http3 = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8002/";
};
};
};
services.gitea = {
enable = true;
appName = "Project Cloud Gitea server";
database = {
type = "sqlite3";
passwordFile = config.sops.secrets."gitea_db".path;
};
settings.server = {
DOMAIN = "git.project-cloud.net";
ROOT_URL = "https://git.project-cloud.net";
DISABLE_SSH = true;
HTTP_PORT = 3001;
LANDING_PAGE = "explore";
};
settings.mailer = {
ENABLED = true;
FROM = "gitea@project-cloud.net";
PROTOCOL = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
settings.service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
settings."markup.restructuredtext" = let
docutils =
pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
in {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
};
services.nfs.server.enable = true;
services.nfs.server.extraNfsdConfig = ''
rdma = true
vers3 = false
vers4.0 = false
vers4.1 = false
'';
services.nfs.server.exports = ''
/export/nixy 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,all_squash,anonuid=1000,anongid=100)
'';
services.borgbackup.jobs."borgbase" = {
paths = [
"/var/lib/gitea"
];
exclude = [];
repo = "ssh://na9fqv67@na9fqv67.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
/*
needed for sendmail mail functionality
*/
users.users.gitea.extraGroups = ["postdrop"];
systemd.services.gitea.serviceConfig = {
RestrictAddressFamilies = ["AF_NETLINK"];
ProtectSystem = lib.mkForce false;
};
security.acme = {
acceptTerms = true;
defaults.email = "asmir.abdulahovic@gmail.com";
};
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."miniflux_env" = {
sopsFile = ./secrets/miniflux.yaml;
};
sops.secrets."gitea_mail_pw_hash" = {
sopsFile = ./secrets/gitea_mail_pw_hash.yaml;
};
sops.secrets."asmir_mail_pw_hash" = {
sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
};
sops.secrets."gitea_db" = {
sopsFile = ./secrets/gitea_db.yaml;
owner = config.users.users.gitea.name;
};
sops.secrets."nextcloud_admin" = {
sopsFile = ./secrets/nextcloud_admin.yaml;
owner = config.users.users.nextcloud.name;
};
sops.secrets."wg_privkey" = {
sopsFile = ./secrets/wg_privkey.yaml;
};
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
};
sops.secrets."borgbase_ssh_key" = {
sopsFile = ./secrets/borgbase_ssh_key.yaml;
};
networking.hostName = "magpie";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587 2049]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [443 51820]; #mail, wireguard
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.nat.enable = true;
networking.nat.externalInterface = "enp1s0";
networking.nat.internalInterfaces = ["wg0"];
networking.networkmanager.enable = true;
networking.wireless.enable = false;
networking.wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.1/24"];
listenPort = 51820;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../nixy/wg_pubkey;
allowedIPs = ["10.100.0.6/32"];
}
{
publicKey = builtins.readFile ../mediabox/wg_pubkey;
allowedIPs = ["10.100.0.5/32"];
}
];
};
};
systemd = {
enableEmergencyMode = false;
watchdog = {
runtimeTime = "20s";
rebootTime = "30s";
};
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
};
system.stateVersion = "22.11";
}

40
magpie/hardware-configuration.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4FEE-DEED";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

21
magpie/secrets/3proxy.yaml
View File

@@ -1,21 +0,0 @@
string: ENC[AES256_GCM,data:9PAgqNliAEo5NIc8uFho1dYt/90X9Y6iOz2HP2aLzqA3ghvasi5l3n79wV0wxI+Vnw==,iv:Atkz33cnTLQ4RyT0nVt2/VhWgLiQE0acGbOJUbWZ2kM=,tag:IWLpVYeiYtzLK6h2K/MjLA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVTAvOFAvbGdLUWxNcElp
NmY2MC9XUzBHWVdOek1oTkFSaWdENnhmZWgwCktock10L3YrL2JoTHVaOWhtWlhK
K2lMeUpqNFZTNnBOMmtJajdHWjRLT1UKLS0tIFd2OXBLRGQzVzF4TzhrOXFjWDVL
VzRqWXBYT0RHN1V3bnVMRHc2SXVUcDAKD8Et0nJv8mT1KoWQKcxfpv8s57zqIK0J
TCm3sby77wZ9i3BpO1Mg8S2GGwM0X+fZme8S5HVTzAgpzIyUbdcmww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-17T18:25:56Z"
mac: ENC[AES256_GCM,data:ezv1W5jPjZxDt5gs+ljha/ywjSc1P00QtdEZBoWye6y61iOAMlF+VeWgI1yAIz9h2STdb2mqbFj1pmJcFujCYzxTY6Vx4j1GHpVv+Zczvnj1AnepDgLZn320FzwUmWscGcSL/Tn9+H/g0rH0BR2qv5GfRE9vmdXpXPsS6jZ+mcw=,iv:t4yaE56jPI4ozMpEChAT6y0zN9v1vlsR2J5VriFoV48=,tag:zs7vtq5J0EnwBgT9rjZIMA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
magpie/secrets/asmir_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
asmir_mail_pw_hash: ENC[AES256_GCM,data:LOKGd9X69fSj81BwaqjiQL18gXPebIdcfjOO2UJM8XOUEzsqP/gHYWuLYGQ5wuZB9zcFm0yeGjNN8hOq,iv:KwunTtk1ca/N4UidUXh3nSBwMNlP8vI4h2kk8roAzNU=,tag:JyfLzweD7sVT/+RVpLA3QQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTM0ZzVHZ1hlNzJ6d25a
eFpZMHdBZjBFSjU4L0dkK1Noby9HK29CMldNCkJWb2NmcC9jNVFBMWJOZjVBalRw
VVZsN3B1WGJseDFiRTA1R3cvU3c2NEEKLS0tIFI4WHFDRHBCN29IQ0tPVC9zbHZS
OFdsQUpvRzNKc2x1WW13b2d4R3lxdXMKJeMJ1IdxS+WUTzUlFdc4WfnUozWU4/80
9GBPz3VCppunrXrh1zFkfIL+Lz48HFyf7HNI4na6TkyqipR6wsW4gw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-20T19:31:29Z"
mac: ENC[AES256_GCM,data:xXiCems/1em6JdK3V5GcD811yc8t6iHHFmz0OOrWM3muR807Ux80TrD3uoMN8GxIMyr0AloH41k8+vxaSlMmHsGGl6o1P13aR03E+A9ZLp1W2Nb3nCy5rH4pF8WSeNMxZ1SoT2iEAtTsh29xusocQTMUvr7Ou8TDLyVvrKhBPZw=,iv:SSPpVTbVQTvhPg1qm9akrg2ji1fRcukkwX5P2FzWMb4=,tag:a6GiGWfwnKLtteVoi9DJtQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/borgbase_enc_key.yaml
View File

@@ -1,21 +0,0 @@
borgbase_enc_key: ENC[AES256_GCM,data:bnSjKRY6HlmOyhjyuJLH8Xqzzpm7NgZI5g==,iv:RYlg83PqV2DIQHa5FoD6ls/utVjuSwmrv56N6Lrtn8s=,tag:hC6e9d5/EH9V7kG23XblEQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbGhiTHNXczdHZGd6Mjg4
dGtVUmorcHVtaDJQRHRFSlVNZVA2ZUV6NVF3CllsNWRTT2YzS1ZnQ1dJTGRHbjJE
N3l5L00rK2RpT0VWenVVR2Nxald2cGsKLS0tIE9EZ0hXeWM0dEZuYW9lTDc4NS9Q
bFUzRjE3aVNLQ1RaRHk0RStrUkRaMncKxwHapHc7cMA2YB1uZyZ5vPxGwDc9+RBW
xj1FBWUVe0kaLibThqHWH7D9KuBComk/rkBPF3xk4As2M7O/UixTpg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T19:01:07Z"
mac: ENC[AES256_GCM,data:Fz1ZwYR7cg+bcgNe/JZ2oEqhYihQWnCoy3J76VIPb089PNCXXp0xJ/eYjOoKlGK42z1wEO8hJ8FoaLvzuqhO0aatKpHDx0bBos8YqZYuGAuW115AdK5m6ecby7yi5lBIBpXOv1sU8uOtdBR32UPFAQ9oQf0KleWju47phF43v9o=,iv:Lbu5eLKfEnrehSY1+r0z75pZnNDNEVSmrEaJRDpDTU4=,tag:TLdtQTNbo0dxlpV9ZPm+uQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
magpie/secrets/borgbase_ssh_key.yaml
View File

@@ -1,21 +0,0 @@
borgbase_ssh_key: ENC[AES256_GCM,data:W/aAQPSaPxGPeY50arJr50OWZjN+RJt9Y4MlpPNtw3KT2y+fUuMpNAjMuGd+3mzA2bs9YpE2WlgJ7KO5XPH7M36tSI+K2pcnjX1NMl8giJ952iCsqW4siij64JguK/gUi3GAe3LXHTjr3VgubSdqVd25k0bys+GiMfsHXXGD6tinKmEheis6XgfcChrvyYgQ4DKPW4HOHC4/V6roXaK+GTe+qY0BdzM27cDHc3a85cuHAAeDnYdNfdRAItI3KmDCx8edeBwt4vonR/v9AaDRH2PjZWq583Rlqoa8TQvQi0+yWf6O6MikHQlP1GoYCe5iI+rOF6KTseDjS2aoLZ+mXNxVmmOVdZrq1vx0UpsbJWRZE+1UluQwdrEm1mLMrI4Z2wFNfzjg9rOiJ36AL1YdcXtI0RHLYp8r92Qt3IFVwcC1NT/AWJkFOGr5z0PX0w+mi4J+f1wDvVguXp2KaguB2XAJbnpgQQ2ZqYv0gTkBLZ/RAOyQgaMaESCfJBWXE3DESMOspj4AYUsjQiaxmF13,iv:ph++5hCX3DzqwCoObz73/Xn0qy/+Za5+DI/EVsc67yY=,tag:0VkALd0j3D6yA7jCE7vogg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5UHRuVS95ZFNTWU5LdS8z
UDVaTjZReWc4T2ZKaTVSdDExY2drSHFIcEM0CnkvZkhkSHVFVG1pVUJvUzRxMWYv
SE1sZEJBazRBcW53bzV4QXFiM0p5ZEkKLS0tIGNhaTB1NFBLd2NjTWs0V1BaVEE2
WDZadWdTMFIwei83clhkNVRLNUhVTk0KiJGENx2jXnStGslESR5aWp/LolbF2f0u
QDbs0yW+I4Tzw6Tg4FMS4rFzlmesFqoj+3JBgegb/dDRhIvuWrwCig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T20:03:21Z"
mac: ENC[AES256_GCM,data:YpXUK6UNKpdudVZ+YManWreHufFzw9XbF1cBYutdAaTdqhlzPErpuOmEKLuMA7nr7SQkLK4pu1Eg0P5CA3QXsh0VUHMTiFWxNz7KZeoYAkacK9WzutEldsMG4iVlKmGHhQApSNW4kfPBKs1TgYyZdndBHEdILcoLDxke8kfkoVU=,iv:rpNeNTfXoMpScSfyrY7uK9ZkKasJGVAhgiMoe0XyJFo=,tag:Rl4Ya+iq0BvMSM/J0wySnQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
magpie/secrets/gitea_db.yaml
View File

@@ -1,21 +0,0 @@
gitea_db: ENC[AES256_GCM,data:50Hu8vTKZFxd9kjbcDlyqBW9L5s=,iv:ADKMUKbu1YHOp+DUAezpT8tXCi7x3ayA2VN0s7k4kxg=,tag:S1cu5w8qKT7FFpC30Kd3Xg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZ3l1UTRDMFVlM01TR1dW
VzNnRXpuc0R0d3BpVzZveHRrdHRTTVRXNWpnCjVqNittd3BiZ0d3YXVQUXBpWExU
cGdkSmVtOHJBN3FEdDVCeTVjUllHc0EKLS0tIG5TQlpIQXhNNmJiR0Y3L1p3SVpG
ZnlvRDRUam5MaFdZcGgyZlJSZzMvVWcKxiwENpP7qlF0Uy7DJM0WwLFQ0h+ost5T
BCsZtGP61Z2WcQq0EWYLqJItR2Tk3AXox014CJAm+G/G8PMTAKv0xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T21:16:10Z"
mac: ENC[AES256_GCM,data:EPiLv8IzVXqRan9UlBuA3TmxtB3f4Qj4owed+1Pat9Tih1yOe4Z9RT28JIYJQ70R/IK+Yi0NQem9Ec6HU+8kaxLE3fff/4PM+B9QQbB6fjgLFod/nFk+OuWgR7FTcJ2j16OnlxE5ikCP+qdfvAM0eEv+BoDrWv98gSyCXtMCe48=,iv:th0E7zioz7gtgMlns8kvnf5hmlRH0KX65wPxBi3YP6Y=,tag:JhoGvF8LJmrAQpUOEopohA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
gitea_mail_pw_hash: ENC[AES256_GCM,data:HCXKeqnOxcmxbvTWDFd750gXfs/irNvHw+TWQE5qjFsUP6MTRGvJNQvoU5NDYXs6pjgyznIUx1z31DQG,iv:UV7Yf2JsAcpkyfIW/ipYQa3tlTai0WD102iA3V6ba+A=,tag:TIcB+9GOqyuG68uCTAl4Tg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCT2VyNWxUeUZ5aDdHcXJR
WGJVOGgyeC83MEV4REpGZkRUcVJKZDBqYmtjCllQdFhyRWNiTURYQmpucndFWDlr
WUFybGtmckNBdXYzMVZxT3lQM1k3aTgKLS0tIEpNZjU1RkpSOVo3Y1ovR0lmbHJu
bENVWmpCcTVqMDh2Wjhob2I2VzRRblkKPGCV1gRyihDCStM4tmvp89d996v1UzdJ
/NyK49//+uJJqwCEWuvHWWCB+EbkkOE6gPPKXZyXZSTbb/TDDcVF/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-14T21:21:12Z"
mac: ENC[AES256_GCM,data:NE9btXZKE3KJmxtWc0Ytb0atfBJKRs5T+Xk9RDFX6veSGBoB+M2+YMCONQdr8T2w6lLJqlrMBHqlfuvD3YnDj041xZmfSsi9NACliWj6GWVWcFWWc6W9OVH8/5CfwjYBdgTJ2o7wdnF9fYHvwMRcaHThDmoUkaExVtVsyu912og=,iv:kyekfEq32GSKVNKy8MJYfT5ZMKNSRQUk1viB2W6k29U=,tag:7ie/2P/F3bPQXpkWGKqTfA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/miniflux.yaml
View File

@@ -1,21 +0,0 @@
miniflux_env: ENC[AES256_GCM,data:K5FiJcboD3tpWxQQG4EeCuOb9d8+cXTLjqb9Nt+aYUvWHwycA51q3ZQTMY9JS7GevNugGvz7,iv:Xk7aW1/DObGxJxTlJniaCBHuCVfCh6OZEewISdZl2Pc=,tag:BY8uVkkRzyKr9pA6EGCY2A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ1d3aGhud0UyOVV6Vzcw
Q3Q2OVRQOEpXUk1TK2dOOEZtKzNlUkJGZHh3CmJwYnRpWFhJWHZXQ2I1TnhKWDRx
MGlrbXJoQTVPcUFBa0gvME95OVlxWkEKLS0tIHNZWWRwWUJPV3o3REpENzdMYkVk
Y1V5SXhCUllDWGhjK3JzWDRKQU9hMmMKuVmn6OAy2q/mpBKqUhl1qfpnPvFOd72c
/jMqnxClGSVXjJ5qdvcXCfLeYwT8vnhViNZmjE1ebRosE5YupvrjUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T11:17:33Z"
mac: ENC[AES256_GCM,data:CpzC0H2Rfvl7F9tXCJ0WwkhE4Ba7eOIl1QMh1DHP8YQ9rChzAE8S5SXXuJA0jcmVY6NPfZ7zl8VEBepE+LHCq2UdSkAefawLeM6HwNfedP8N+zheqlyCZ8Os48628aHYN0PVI+/dMvpWWcfl+CFaH1mm4c+KYedCIsS9ZEYi9N8=,iv:EbF58pxbtHxPTAgs4dbZ31qyRT3QJ1kQoUShbLE11FY=,tag:FNF/OzS2SL3FweFw0RcRLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/nextcloud_admin.yaml
View File

@@ -1,21 +0,0 @@
nextcloud_admin: ENC[AES256_GCM,data:txb5JSKxFeTS3M9LSk7m5M1XAvg=,iv:Rf6VNFmK+f0pjL7wH0dlcPL4CqQDRq/qQyliTdn2c4I=,tag:wDQqDZCK2p5aG+g8eE4weA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUnQ3SDAyRTUxUDF0dDhY
K3JmQWlYRVJtdEFac0J4U0RGKzZGNXJmUEg4CmtBSW9yNGZScXhKdnhZWkxIamFW
YXEzbGhwR2F3dDJGdzljZUZBeERhU1kKLS0tIGlXZUhsdnI4ell5R3ZZbjZ0NCtO
TUpkZmxBNzZ1UUY1dGRud2hycGUyZW8KFUGikaFQjFfmn068qex2tpGbRHIbmS3l
27lqo8+eRFnq0nw8H/1yRMi8IghR0+XK68T49hlt0VLS9LZJG1aPag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T23:08:24Z"
mac: ENC[AES256_GCM,data:fb9cOL4Q+q5uarmXtXNlpRmWgv/Ao1MqwwH2V2CQxEiP8zFyFBZs2435vdcLzrQrnBXz0JLVu4g10SH2T4dpYFP42teIkrgmneecjjcM+UOsBsGsrxlpHMha1t/ERRhBA7uJze5/kwHqry6eruWehRTu65QF1qBTql3m6ipjCeY=,iv:a7aFuTCcRCIDERlrj/9dFCF7VgCDDakfPteQimHV3lc=,tag:4mwrDHaQWA4EU0AgtgZaMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/wg_privkey.yaml
View File

@@ -1,21 +0,0 @@
wg_privkey: ENC[AES256_GCM,data:TnUTZheznQqnyK59qdLmAcuVr9JICWlNVtPF1qRMDPbBblD0ALn10qbEC7M=,iv:83fum5iYUrw08XJ0s7RE+/WDGeVjVswPlptzQjWOjeQ=,tag:YhQlmilbnrpRxcUb6rzfHg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZW1IOGNtVG1uNjlQTE5l
ZThlcHVTWVgwek8zQTQ0NEFoV0pNUTMrRUNzCjhGMFRPdDJ0Z0ZiUTRkRXZqOUtZ
RFNtYmNFbGdpWElET1VwckhRY2c3bzQKLS0tIDFKVDdKdWVPZFVjMmVGQVEyREZZ
VEpUK1d3cUJvd2Y5VHNVNlpKazIxZTAK6WKMvsf8CE3BJxHtyt0Gw4baQ/FQB0Q3
4ehZeDi7cYiH4EG5HmeIBVcgpv/i25GNLFDP3E3TdJJs62F5X08Qng==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-04T19:04:00Z"
mac: ENC[AES256_GCM,data:qYNlokRd1lQnOwNNVbV4PwdYeybIRNrxDKX4RPfHJxvQGHBmISzd52JCnCe7zJ14FP/bSNhQqfuxyjdxid/DVPUvkHP+HlaKUR0SLv6c91ORDoaMRC93hrPXypRGplFSbSjnd3dME43ll3oH8fLe4lP9z9KhGS2lRMdduptfWvg=,iv:/j6OOT1dK94vrPOk1Lbcca8KeWvoD+ZaHoH6nMMo0y8=,tag:syHuBVkhOCJ8JCONKkqFkg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
magpie/wg_pubkey
View File

@@ -1 +0,0 @@
xhjJdIXtTBNhtSoehsi6p+znIgOfMRetl5/wtnMxJGk=

440
mediabox/configuration.nix
View File

@@ -1,440 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
sops-nix,
zremap,
system,
nvim,
...
}: {
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
sops.secrets."wg_privkey" = {
sopsFile = ./secrets/wg_privkey.yaml;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
experimental-features = ["nix-command" "flakes"];
};
};
boot = {
initrd.compressor = "zstd";
kernelModules = ["acpi_call"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
tmp.tmpfsSize = "80%";
};
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "aasmir@gmx.com";
};
};
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443 51820];
};
hostName = "mediabox";
interfaces.enp0s25.useDHCP = true;
interfaces.wlp3s0.useDHCP = false;
useDHCP = false;
wireless.enable = false;
wireless.interfaces = ["wlp3s0"];
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = ''
192.168.1.173 nixy.lan
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
'';
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.5/24"];
listenPort = 51820;
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
allowedIPs = ["10.100.0.1"];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;
}
];
};
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nvim.overlays.${system}.overlay];
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.zsh.enable = true;
programs.light.enable = true;
programs.firejail.enable = true;
programs.adb.enable = false;
programs.wireshark.enable = true;
programs.sway.enable = true;
# List services that you want to enable:
systemd = {
services = {
"macchanger-wireless" = {
after = ["sys-subsystem-net-devices-wlp3s0.device"];
before = ["network-pre.target"];
bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = ["multi-user.target"];
wants = ["network-pre.target"];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
serviceConfig.Type = "oneshot";
};
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.${system}}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
"wakeonlan" = {
description = "Reenable wake on lan every boot";
after = ["network.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
};
wantedBy = ["default.target" "suspend.target" "shutdown.target"];
};
/*
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
*/
};
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = true;
thinkfan.enable = false;
xrdp = {
enable = true;
defaultWindowManager = "icewm";
openFirewall = true;
};
logind = {
lidSwitch = "ignore";
};
jellyfin = {
enable = true;
user = "akill";
openFirewall = true;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
deluge = {
enable = false;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/deluge";
web = {
enable = true;
openFirewall = false;
};
config = {
download_location = "/media";
allow_remote = true;
daemon_port = 58846;
};
};
transmission = {
enable = false;
openFirewall = true;
settings = {
rpc-whitelist = "192.168.88.*";
download-dir = "/media";
};
};
qbittorrent = {
enable = true;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/qbittorrent";
port = 8081;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."deluge.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8112/";
};
virtualHosts."qbittorrent.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8081/";
};
virtualHosts."jellyfin.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8096/";
};
virtualHosts."jellyseerr.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:5055/";
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager.lightdm.enable = false;
displayManager.defaultSession = "none+icewm";
windowManager.icewm.enable = true;
};
udev.packages = [];
tlp = {
enable = true;
settings = {};
};
actkbd = {
enable = true;
bindings = [
{
keys = [121];
events = ["key"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
}
{
keys = [122];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
}
{
keys = [123];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
}
{
keys = [224];
events = ["key"];
command = "/run/current-system/sw/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "/run/current-system/sw/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};
fonts.packages = with pkgs; [
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
iosevka
jetbrains-mono
liberation_ttf
proggyfonts
siji
];
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = false;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.ado = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.mediauser = {
isNormalUser = true;
shell = pkgs.bash;
extraGroups = [];
};
}

64
mediabox/hardware-configuration.nix
View File

@@ -1,64 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4B94-6E7B";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982";}
];
hardware.cpu.intel.updateMicrocode = true;
nix.settings.max-jobs = lib.mkDefault 8;
}

1
mediabox/peerix-public
View File

@@ -1 +0,0 @@
peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=

40
mediabox/secrets/peerix.yaml
View File

@@ -1,40 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:m76hyDWzcIlczegZyPyTtOYOgOGeyX++SeGsqEWS5b3ZbR2M9RqUGYEscLRX3/Dlff2vgs+hI4cOjiMnhq9pnLzP25Xh4XAiJNMkD43fFCCb7zj2RUWEyLAzzmWpR8fSB1mXTpciUGM=,iv:s9EXpkGYR0kI5xQZ8wAmkobK1q4XlVdFH4irEVwy1bs=,tag:L7AF6mFsxss6NDantbqXMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMkdLVEFQMVk1allhK2hL
NXFXc254SmhxK0lFWTd1SUorUGQ0VEJPcXo4ClNYSkhJbnVjUjdFOGtoWFV2VWZC
NmpaRDVhWnRQUmVDWS9WU2pTVlBEQ1EKLS0tIFAydU9aYXJnd1NnRzU2YXpXM1Vq
VWhhbkZTT1kwTEl5VEVWR1A2aW5OUDgKiYcj5Yo42RjQeo1UeUTBV8YBNYL8ccLW
bQ1655MU/q3LQh14lqwbsOfmGjPc9H0ECltm+V+kNPTRi76qFhcodg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eGJCRlhHbk1JQWl2RllZ
R3hkVGtIamJzZlVLazUrVEJnNmU3Z0tLMG5RClp2Z01Fc1p5QzFhUWNzU2NpU0Zo
aTRPMFhPYlA4VmZNUWFsWHZRMUxyaTQKLS0tIG51TW9JRW12RzVmdWpZY3FaVnBR
UTZ2YWdQVjRTTUxPUWVwbHI4aklITmMKZQnfJs01D4FX+MF6oU0FmWYQ4reB/X/k
Lat8FrqerqaCYqYmAKe3HWBR6HEVm0U7I7jkVuoROMqz3uci+5HWbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNTNhaFVzaWFoTU9GdEZD
Z0JWQlFXc3N3SnAwR09YUmIxZlpvNllmU2tnCkFtVlRXMGV2d1V4S0ZxNlRiVzlC
N3dHSFM2eG02UVQrdGR0SnhUMitvelkKLS0tIFpvQUlIZ05HK3F0a2FkKy9EOURY
YzUwa2s0eTliSmxtajdjYmFsOSs2T1kKg08c1uB0swRSo0R6s6hup5JBfkrCKoxf
SjwBAZtjNhr3hrLy1eoo/dpYG6oAkEs3GvaaZ02ldT872dxZvg6r+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-30T14:18:57Z"
mac: ENC[AES256_GCM,data:R0TJ/7uihpsCHwPLXFYKi+ZaEUtbZVz02utDF7vO7gYDN1MFa0c5nZ/mAnJJtTJI41GdAu9ezTUiU6H1HTHLxYMeUoNAAvNlSCkvGc/oMQofXidL34hq1X2vG05N3UQlkbAXTlCBkYc20oVVOVmT/lq7USEx29oB/ytxZzKYFvM=,iv:qpz0g+O4kwChct1ddiT3D8rZBg08YUr4Ba5pJ4WQyzo=,tag:pWLFiQWl1QSzveBxnq4uXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

30
mediabox/secrets/wg_privkey.yaml
View File

@@ -1,30 +0,0 @@
wg_privkey: ENC[AES256_GCM,data:rUF4DpNwHqTCZTIkcZBU757g3HRn8V9Xs3AayRf5DBkmEmysyV+ga7jH62A=,iv:fLKqZjkrDAerygrkf6PsRflBlv2CLdTYAEegvDN8w2w=,tag:ds2nxmQdL/ra1JkS8tWB9w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYc21BbHQxT3BWMVFwVGp5
Rk9PTHhzY2JZcHg2dGRSTm9qdGJ1UjUvZTM4CjZkd0Rnakd2NUxTSjN0QzJlWlpq
L3JaYi9uOTBjZGNObkVYVExSNG0yTDQKLS0tIHdlcmc0ejAwd3p2SHc4UWwvQ1hH
bmkweWxRdmtkRVJrVkhBWUVNNkl1dm8KCxe2xNU5QqP5hXxEWNv3gXhmb8yyhq1j
s5eIRKir1YI6/JxiVJaCwMDNXiycwKfgBiDBEpBayv3hUVwR0nTl0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVEo2QVFSOGFkTDJMK1Vy
aWVzR0drMGV0OHB4MVVWTHgvQ3kraVpCeTJrClFLZG9mZWQyTDh4Tnh5LzlsNkFp
aGtiNlFMdDhOUDNqYWN1aEF1SysrTnMKLS0tIEpCNHdURVdFQitPQzM3VGpiOVdM
Y3BzWFNuNjBEQk5zNzNJbzF2Nk5RTVUK/Y2/zCHfRlqawD/sUnfG+Tg6Ekzt7tPk
yIPT/qdxwclfegL6yD9OJPSk0qDfX/9PDRZTNFn3hvBodHhyFV6KIA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-09T13:03:51Z"
mac: ENC[AES256_GCM,data:qIgvPf7dFi81zrBQ7VK5/ygEycLYJzpxtTABrHnBpI39h4zjeaii+tEH3OxkKZ7q4Iiwy9fZV+Yz4b0YMRja3/Xd0baLkWhmrpfAyEPCKyaSp8+hevpKBq1UvZyywBwPFdLAcUn6r4niGsMOjo+5flERCU9EI1mNIm+35GB+jNc=,iv:6qb6lW/tWBXpyxjQi3ewe8/hTaNVc8IxjnEGNEFfzA0=,tag:gHhojyQaPp8VSlP0DIrIlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
mediabox/wg_pubkey
View File

@@ -1 +0,0 @@
S+tL/pTm4D7bsWj/dhpPXHYxcye/DuNMguLD5l1ACEU=

78
modules/nextcloud.nix
View File

@@ -1,78 +0,0 @@
{
config,
pkgs,
...
}: {
# Enable Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"nextcloud.mediabox.lan" = {
## Force HTTP redirect to HTTPS
#forceSSL = true;
};
};
};
# Actual Nextcloud Config
services.nextcloud = {
enable = true;
hostName = "localhost";
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud25;
# Use HTTPS for links
https = true;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
adminpassFile = "/var/nextcloud-admin-pass";
adminuser = "admin";
};
};
# Enable PostgreSQL
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# Ensure that postgres is running before running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

116
modules/qbittorrent.nix
View File

@@ -1,116 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent;
configDir = "${cfg.dataDir}/.config";
openFilesLimit = 4096;
in {
options.services.qbittorrent = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Run qBittorrent headlessly as systemwide daemon
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = ''
The directory where qBittorrent will create files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open services.qBittorrent.port to the outside network.
'';
};
openFilesLimit = mkOption {
default = openFilesLimit;
description = ''
Number of files to allow qBittorrent to open.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.qbittorrent];
nixpkgs.overlays = [
(final: prev: {
qbittorrent = prev.qbittorrent.override {guiSupport = false;};
})
];
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
description = "qBittorrent Daemon";
wantedBy = ["multi-user.target"];
path = [pkgs.qbittorrent];
serviceConfig = {
ExecStart = ''
${pkgs.qbittorrent}/bin/qbittorrent-nox \
--profile=${configDir} \
--webui-port=${toString cfg.port}
'';
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
home = cfg.dataDir;
createHome = true;
description = "qBittorrent Daemon user";
};
};
users.groups =
mkIf (cfg.group == "qbittorrent") {qbittorrent = {gid = null;};};
};
}

418
nixy/configuration.nix
View File

@@ -1,418 +0,0 @@
{
config,
pkgs,
lib,
nix-xilinx,
sops-nix,
system,
nvim,
zremap,
...
}: {
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
sops.secrets."wg_privkey" = {
sopsFile = ./secrets/wg_privkey.yaml;
};
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
owner = config.users.users.akill.name;
};
sops.secrets."borgbase_ssh_key" = {
sopsFile = ./secrets/borgbase_ssh_key.yaml;
owner = config.users.users.akill.name;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
sandbox = true;
experimental-features = ["nix-command" "flakes"];
};
};
boot = {
extraModulePackages = with config.boot.kernelPackages; [usbip v4l2loopback];
initrd.compressor = "zstd";
initrd.kernelModules = ["amdgpu"];
binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs" "nfs"];
tmp.useTmpfs = true;
};
security = {
rtkit.enable = true;
allowSimultaneousMultithreading = true;
sudo.enable = true;
doas.enable = true;
doas.extraRules = [
{
users = ["akill"];
keepEnv = true;
persist = true;
}
];
};
powerManagement = {
enable = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443 51820];
};
hostName = "nixy";
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 jellyseerr.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
192.168.88.121 ender.lan
'';
networkmanager = {
enable = true;
dns = "none";
wifi.backend = "iwd";
};
wireless.iwd = {
enable = true;
settings = {
General = {
AddressRandomization = "network";
#EnableNetworkConfiguration = true;
};
};
};
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.6/24"];
listenPort = 51820;
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
allowedIPs = ["10.100.0.1"];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;
}
];
};
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nix-xilinx.overlay nvim.overlays.${system}.overlay];
environment = {
extraInit = ''
unset -v SSH_ASKPASS
'';
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
wireshark.enable = true;
sway.enable = true;
};
# List services that you want to enable:
systemd = {
services = {
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.${system}}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
};
extraConfig = ''
DefaultTimeoutStartSec=30s
DefaultTimeoutStopSec=30s
'';
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = true;
printing.enable = true;
rpcbind.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xserver = {
enable = true;
dpi = 144;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager = {
lightdm.enable = false;
startx.enable = true;
defaultSession = "none+i3";
};
windowManager.i3.enable = false;
};
udev = {
packages = [pkgs.rtl-sdr pkgs.openhantek6022 pkgs.openocd];
extraRules = ''
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx Digilent
ATTR{idVendor}=="1443", MODE:="666"
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
#Arduino UNO r4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666"
'';
};
tlp = {
enable = true;
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
actkbd = {
enable = true;
bindings = [
{
keys = [113];
events = ["key"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
}
{
keys = [114];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [115];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
}
{
keys = [224];
events = ["key"];
command = "${pkgs.light}/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "${pkgs.light}/bin/light -A 5";
}
];
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
borgbackup.jobs."borgbase" = let
user = config.users.users.akill;
home = user.home;
in {
user = user.name;
paths = [
(home + "/pic/priv")
(home + "/pproj")
(home + "/videos/priv")
];
exclude = [
"**/.ccls_cache"
"**/*.d"
"**/*.map"
"**/*.o"
"**/zig-cache"
"**/zig-out"
];
repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
nix-serve = {
enable = false;
secretKeyFile = "/var/cache-priv-key.pem";
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
};
fonts = {
fontconfig = {
cache32Bit = true;
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono"];
};
};
packages = with pkgs; [
dejavu_fonts
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
inconsolata
iosevka
jetbrains-mono
liberation_ttf
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
proggyfonts
siji
terminus_font
terminus_font_ttf
ubuntu_font_family
];
};
virtualisation = {
containers.storage.settings = {
storage = {
driver = "btrfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
};
}

30
nixy/secrets/borgbase_enc_key.yaml
View File

@@ -1,30 +0,0 @@
borgbase_enc_key: ENC[AES256_GCM,data:HBjoQkV3wDor8olcM4cejfi+1HDZWsjypL0=,iv:cgKsWfPY0+IvgobxVbz/IN4ujNLJzBZ0iGx7D4hj4YM=,tag:M2EC1eWtCYuTvgrauzJ7JQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTTFkWkkxK3hsa3p4NnZY
MEUvZ1N3VUozZ1dtSmRldVR1YTFCdU1Nd2hjCndHenR1d2sxcjhVN2NVZlQ2R1Br
VmdhMWlSaStDSmpNSmVpMmd2dkpEZ1kKLS0tIFlDdEx5RWxjKytXWlFLeEVmNmtk
TVhYVkRuM1pIbXdiMEc5eW1EQi9nWHcKIDT3i5UWvL/2T8TvBNSITdl77BamTwNK
2OjhkvGtM+L7LSniO8OYm/i+CjsfiSmFScWbDr9JsjFPUpedt96mHg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNlBzMUJBTW5kMVU2R1Z1
VXBlRmxndHFEMTFRMXZRZnBpSzBOOVhzcmtRCkZCL20wend0cDFDNlNsemdwclRt
TUJTNjVrUVljS3VRandST3lqclM2MFkKLS0tIEc1ZCsyNFViQmhUZ0xOTVNza3B2
Y0ROa0Y4M2YzbjduYjJqRW9pUEVpMWMKMR4gJdaVW/ke7wV+9lq3vR/FzkY+Kgs/
qm0MwdSJSEcUnYUyyH6YL1yW/I/LqIuLLYozgD8DgNZFPMta38T9hA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T19:19:16Z"
mac: ENC[AES256_GCM,data:dAMQvSiNQASgtT807D1104P1/yYGazqEBKXJ/W69kLPh75sxIz8tFs6A6qzp3XW750OFHqwItaFZXBDXqAOt1/513bZAN8Nvy+NN9/mwbkHzsYY1ygpuq/YHjXAa0VSiWNigwrNLejMmk58k3TWukUYQ7QnR64ARXRSWFtJji1Y=,iv:111Wzv0qYS+EdRd+byNGJFumVyp/sIhlYGVkzOJZhjo=,tag:4xR8LZTRlfYQsbgYnm1t2g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
nixy/secrets/borgbase_ssh_key.yaml
View File

@@ -1,30 +0,0 @@
borgbase_ssh_key: ENC[AES256_GCM,data:3DweTqDZP5TCmgq7aH3ZIgXFKEKdFmpntLhOSTinjkfmldx3vumWLpRu5r2FChOptfsA0iBj1S8semA0b4pdZthDKQwixsf9k0sg4YZOiPkSewwgyQqigoiO6mug2yHetZNYYVfxFaEGLLNqdLHqVEYa7UPtxH4XzFKARs0lv1dNGq6i8Vd4ZZWgd2zMohMlLQT8frR/CZPYk5SsRzbZ44AkyVlb80ktDn7SDs48H/aJvdlQ3VPkyPO/SIAaTm9BxzNPVApzksdsydvVUnUjlnugKtp9a4rwX0rFxvDORzNu/wPCX7OGaHJxwEczLlQmYckpxGh7Cpt1YqwobrSl8BU3vhywrYtOulBhdJuCnHZL+mQ2WpLspm5nuo6w3LmaEGe+/rMu6GxYFcLeSxSnON8kqNg0Nfe4jLokf15CADmXoMAgqd3Kax+s8xJQL/bgpHvY38qIoDJ1fS30jwCXImWRZzOozmgpFwP42fT/a5N4x/m7BvYFLzBRve3SLMRuQf3iWS44IKo0Zvm+2T22ECK72h4a2YpfcKQu,iv:WWUs/yHYbHVWwyXgmkBP1585N4AsthD4u6atug0L3nM=,tag:x+unGowhm8IbpEg3scQ5CA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZmMwY0JVdjlmYkJNbjF0
ZmM3MXNzakI0cDlmZk5KYmd0K2N3SXJMTlhZCjNQSURBN1JuMk40NXlsVG5aZzRq
NnprYm9jTVZwWGdSOElEM1JGVFRyRDAKLS0tIEEybnpQci9YL3F3NTRod1VQWmVG
MkMvSC8rcDZkaUFJU2E2dGRHUE0wVHMK5KypL9Yx/fpwRMc4gKVXLLXOyHpdqS+S
OWywZxSRd7dRG7If3ZDRCtvZ34XGKwOrAHoZrCc4lAa4drXmBrP3Iw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYk5EVHU5emVVVEc0elhZ
M1ZOYTNPU1B3OUFJc3N3b1hEUlFIYjlOUkVJCjhka01LSW1lMENLanplcUxPZHhM
WDU1ZDB4enloUDlMNHo1dDU2SFA5ZUEKLS0tIGFJU2k1WHcyT3NTeFZkRi9pUHNy
Tm5UbTY5U0xmMUUweHZNWHlOMU1maTAK6NEU4Bl7uY8NcgrzJtIRjtusoggreIHc
+xDRaROFCzpWkwNh1m5olPSP1C/fdUbKaGJ35if+Pj5Rt8GwaUdcRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T19:18:12Z"
mac: ENC[AES256_GCM,data:0B25mCDuyw7Ts98GZZ1+MukEwE3Ud8ytyC0VNJ5FuHG78h1uIEuWLBhw8YoYDsaMegiQBalJwK8oCGKnEI0uVHmoaktrGQoqsxAwMfC2vr/PhckJGx/5uILDrIW+/wCJz18evGB7/yGk6Sgvtk0oGqZDKXbNgUXvUQKByxZ+Id0=,iv:0eFOkVPnDohf79yMGepLmwHusV7T13mUbyXGapq4eYc=,tag:6PDerYjQOf9bss+tdvQDlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

31
nixy/secrets/peerix.yaml
View File

@@ -1,31 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:767u5KKjk2lMr70vtBvX06t8n/1r5xpCrRNKc9QvypJmbPS+vS8vij8JYJZDKKFBh5xUazSLQC1ga2mpb+hEO2rgD0Aa70p22wwfOP+qCJQNYwlEf0MLWhlblTCE9Cr/eQSX7g==,iv:tPEB4NWbLMvzrUIvosj9PfinMhdWNBu5btjElvbDzxg=,tag:wzxaBzW0R6HKCyP5zlMPRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbi9uTGVPYlhYYWdFb25u
SGhSUm9rNmEzSkNVUEVIOGNLb1Z3VFdjNERFCjVEYXlXTlRCV2dLMW1VMWgzcXBR
OWxSOUZjZ2VCTzRycDhZRGRXWS9KRTAKLS0tIG8yMkZNeFRtdHVPTTJOM2tRSk5F
OXp3Wmh0b1lYQnJBWlMxeGZaZXdnY2MKftJPaUc9sDM8YmvUo1eVDNXWX4scr1rH
SMAod/Oq0BvQfyGIpvVBfL5T7RxlF1DwOedg/p3PSfMPjok7QLyv+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdU9WSjZkWUd6NXFpdXNp
R2huUXZQOGZzb0Z0ekN2WkdRdEFJYk54RmhnCmo0ampNK01VR3lQM0RGYWlNQ3cx
Rk1BK1lIUHJPZ2R5YVd6RTlYbXJDVWcKLS0tIGV0Yy8ySnFMQ25PQUNBL3dPdmc3
WjhldWNVL0h6T1lUSEdXeHFQemRBVEEKJzh1HExRoy/iyTtBNaVdNgolWyFHaaLV
VTDZYEHq+eEIrVAG5xefG/nPpj2K6FRItA6+4PcKtyARG+gKYwp2tw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T11:55:00Z"
mac: ENC[AES256_GCM,data:ieNyjQlo1tQ8qxFMyIN5XGgUiclYIfJe6WUyWiR3qJKKOTnx5MBWNUuHfUMkpm2ToNpaxiDUih2Hhqv5S0Bq1zoExMLjqE36GgaOivha6DeoQn5+WH8bMdMAoc1PlCQkj6Fxw2sdZlrIKcswADk4MfDzdaY/vKoQ5AtK5Bdkgok=,iv:JaOfWEwbLhOTquQVIG6Ll38jkGOCzbtD8h5c7SOAzik=,tag:m4Fmor24Q9GDoe7nu2VnEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

30
nixy/secrets/wg_privkey.yaml
View File

@@ -1,30 +0,0 @@
wg_privkey: ENC[AES256_GCM,data:HcOkr+leeB6QmEx77KHWgFlp2m2qr4TvakoHyy0SaPpML2o/51IDYjcu2H4=,iv:8nHJIqz3+LmL4rM7idXbvbQKdhkDqmoY/TAvAf/Zfvw=,tag:VSHRKjVgottVC0uPsC0JgA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaTRxUDZJREhyYjQraUsw
T1p2UlpkSjBnbjZTWUJDM2lHUVN5Z1ZQQWdvCnFmV1RRazBpTHhrTHpQelpjcnlq
NnJ0dUNwZTB0V0hOdTJJamY3azBUbXcKLS0tIGpZUG5KUFhPbW1LWWQ1RUd2OFVq
WlBMd0tGcnBHSFk4SHhkVkZPZXJPY28Keh/k5yQ/iJgy9S9rf2DhCr3M2ozgMBRp
NJrCKJuiDugeK8q29x6a+4pyg2zSwlA6Q2lxGDca3m3TX45QImLt3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEelBJaCtJVnVZcHQ4V1Nz
ZDV4T21VZGNjanpRbERxOWx1RXNZZ2hwTFdrCmg4MHdWTnVTd0hiL2F2VXRxUk5P
eHRrRTduZjZ6T3dCcW0yMENKMHg5TVkKLS0tIDVSMFJqQU1uTEpzTElIN3RZNi95
S2Y2dFROYkJCOTVlS00rZWZDeWlGV2sKWKV7lMoLQbDBTql5+xWW+uOKxS6FG7jT
BtAMbL2YfTCEcV7nimzco649UUtoY9oOk2635uoToIxBI1mr9UVlNw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-04T19:26:58Z"
mac: ENC[AES256_GCM,data:ZA1Rc1sMvIwEQBZ6d+u4RZ00KzLxjMW/Tzr3ZlHMduuJmvDXjPjobpALwbJoEraa3yBwwJyf0b0Grwhlz1kvoWYjos3rTk8noy4UiEjav5Dxf8aZP5j6YL5HSzHgwWvRkzYvIAaaVGVpUM7Wl2llDSCeQluIw0R3kUXEiRW10RU=,iv:/fq3S0kmo9IZNvnP2o4kT2beaRgEMtJIMlQNCqSotd0=,tag:eMOrWijXQsc8agWGJmyLjw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
nixy/wg_pubkey
View File

@@ -1 +0,0 @@
oHVmhw80daHjDjo7nwt/Y9eKBaH5FoTiVeukwDObijM=

23
common/packages.nix → packages.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
nix-xilinx,
system,
...
}: {
environment.systemPackages = with pkgs;
@@ -12,13 +11,10 @@
bluez
bluez-tools
btop
curlHTTP3
dfu-util
dhcpcd
direnv
dmidecode
dnsmasq
dtach
fd
file
fzf
@@ -26,42 +22,29 @@
git
gnupg
gptfdisk
hcxdumptool
hdparm
htop-vim
htop
interception-tools
jq
lm_sensors
meson
mosh
msmtp
nano
neovim
ninja
nix-index
nixos-option
nmap
ntfs3g
ntfsprogs
nvim
openhantek6022
optipng
pax-utils
pciutils
proxychains-ng
pstree
psutils
qemu_kvm
ripgrep
rsync
silver-searcher
socat
sshfs
strace
swaylock
tig
tmux
traceroute
unrar
unzip
usbutils
@@ -73,11 +56,9 @@
vulkan-tools-lunarg
vulkan-validation-layers
wget
wirelesstools
wol
xdg-utils
zip
z-lua
]
++ (with nix-xilinx.packages.${system}; [vivado vitis vitis_hls model_composer xilinx-shell]);
++ (with nix-xilinx.packages.x86_64-linux; [vivado vitis vitis_hls model_composer xilinx-shell]);
}

56
packages/bubblewrap/default.nix
View File

@@ -1,56 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
docbook_xsl,
libxslt,
meson,
ninja,
pkg-config,
bash-completion,
libcap,
libselinux,
}:
stdenv.mkDerivation rec {
pname = "bubblewrap";
version = "0.8.0";
src = fetchFromGitHub {
owner = "rhendric";
repo = "bubblewrap";
rev = "23ff0f875b3a0200c1796daa01173ecec7deaf88";
hash = "sha256-EWsuAGsShaHEmLi0jUHX2bFQZkinIOsRbgB7tZSfq8E=";
};
postPatch = ''
substituteInPlace tests/libtest.sh \
--replace "/var/tmp" "$TMPDIR"
'';
nativeBuildInputs = [
docbook_xsl
libxslt
meson
ninja
pkg-config
];
buildInputs = [
bash-completion
libcap
libselinux
];
# incompatible with Nix sandbox
doCheck = false;
meta = with lib; {
changelog = "https://github.com/containers/bubblewrap/releases/tag/${src.rev}";
description = "Unprivileged sandboxing tool";
homepage = "https://github.com/containers/bubblewrap";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [dotlambda];
platforms = platforms.linux;
mainProgram = "bwrap";
};
}

169
packages/viber/default.nix
View File

@@ -1,169 +0,0 @@
{
alsa-lib,
brotli,
cups,
curl,
bubblewrap,
bash,
writeShellScriptBin,
dbus,
dpkg,
expat,
fetchurl,
fontconfig,
freetype,
glib,
gst_all_1,
harfbuzz,
krb5,
lcms,
lib,
libcap,
libevent,
libGL,
libGLU,
libopus,
libpulseaudio,
libwebp,
libxkbcommon,
libxml2,
libxslt,
makeWrapper,
mesa,
nspr,
nss,
openssl,
snappy,
stdenv,
systemd,
wayland,
xorg,
zlib,
zstd,
...
}:
stdenv.mkDerivation {
pname = "viber";
version = "21.8.0.11";
src = fetchurl {
# Official link: https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb
url = "https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb";
hash = "sha256-RrObmN21QOm5nk0R2avgCH0ulrfiUIo2PnyYWvQaGVw=";
};
nativeBuildInputs = [makeWrapper];
buildInputs = [dpkg];
dontUnpack = true;
libPath = lib.makeLibraryPath [
alsa-lib
brotli
cups
curl
dbus
expat
fontconfig
freetype
glib
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
harfbuzz
krb5
lcms
libcap
libevent
libGLU
libGL
libopus
libpulseaudio
libwebp
libxkbcommon
libxml2
libxslt
mesa
nspr
nss
openssl
snappy
stdenv.cc.cc
systemd
wayland
zlib
zstd
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libxcb
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXScrnSaver
xorg.libXtst
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.libxkbfile
];
installPhase = let
viberWrap = writeShellScriptBin "viberWrap" ''
${bubblewrap}/bin/bwrap --bind / / \
--dev /dev \
--tmpfs $HOME \
--bind $HOME/.ViberPC/ $HOME/.ViberPC \
--bind $HOME/Downloads/ $HOME/Downloads \
$@
'';
in ''
dpkg-deb -x $src $out
mkdir -p $out/bin
# Soothe nix-build "suspicions"
chmod -R g-w $out
for file in $(find $out -type f \( -perm /0111 -o -name \*.so\* \) ); do
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$file" || true
patchelf --set-rpath $libPath:$out/opt/viber/lib $file || true
done
# qt.conf is not working, so override everything using environment variables
wrapProgram $out/opt/viber/Viber \
--set QT_PLUGIN_PATH "$out/opt/viber/plugins" \
--set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \
--set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale" \
--set QML2_IMPORT_PATH "$out/opt/viber/qml"
echo "#!${bash}/bin/bash" > $out/bin/viber
echo "${viberWrap}/bin/viberWrap $out/opt/viber/Viber" >> $out/bin/viber
chmod +x $out/bin/viber
mv $out/usr/share $out/share
rm -rf $out/usr
# Fix the desktop link
substituteInPlace $out/share/applications/viber.desktop \
--replace /opt/viber/Viber $out/opt/viber/Viber \
--replace /usr/share/ $out/share/
'';
dontStrip = true;
dontPatchELF = true;
meta = {
homepage = "https://www.viber.com";
description = "An instant messaging and Voice over IP (VoIP) app";
sourceProvenance = with lib.sourceTypes; [binaryNativeCode];
license = lib.licenses.unfree;
platforms = ["x86_64-linux"];
maintainers = with lib.maintainers; [jagajaga];
};
}

0
nixy/peerix-public → peerix-public
View File

31
secrets/peerix.yaml Normal file
View File

@@ -0,0 +1,31 @@
peerix:
private: ENC[AES256_GCM,data:WlWrX0kxeElaGvFllg2EkgfDsj1bkRwD9xMTWQevktDQaRd3IdVD9IwFZcwgTgS4hVM6gy9Q/VWX3M12vKaLdaKeTR/PMOQGCov291w12cAFIg/pYINp+511a9aHqFaIZx0WeA==,iv:Ni0M4Tikcbs6NsanYunOKn1R8jLlC59NiDbqNVPW7gM=,tag:POSZ9OgkLZyvnN8vn8OgDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbWcxaHVYUjVydnZVZkJa
MFA1TDJFcmtpUis2SXBWNjh5QjI0WkgydHhBCklzVFRlZ0VoSitISlpIaVFJaHRZ
enNFaFl1MkRaQUtpb1JUOUNJaXJDT00KLS0tIHZBeGc2ejR4bkcxVjhrWDYyOVpk
V28zVWZsTFpJVHY3bHdqR3dGMHNqWncKcjvVw61Zfh0yXKikjnrlq1CIoN7wDiiQ
5FDAzjdTMGLOXvrxtfKEJ0RUP8/ANJ+b69pJTBl8To4qIAFGKU0syg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1smcrg45udmvl5w8306qec07lqqzjplwx3l8f80tcewpkh7r3h5yqgenrqd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUnNveWIrOEE4UnlGNnpN
WE5oN1hrOTlma0ZWUDc5ZG5pcUFOV1BJam5nCnhiaFRJVjcreDFiTU85RlJzK0tT
eURJdHAwWXVZU2xHbTdsOVc4VjJOaUUKLS0tIGJ2c3JxVGFZWHdCY1p3M1VRNGlk
enVTczYxcjNPZkFHTG5RZEtRTTRJOUEKNTPZFBwdnKNmalgPqpJew8ucwQZ3yK+8
6Zqv3POnq68ms4nFelQynDYDAEK/maN+qYdo8qgFi14pz87liVF/Ug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-03T20:12:05Z"
mac: ENC[AES256_GCM,data:kcfnNiu88VTYGgxfSRIkqK8MXS7Gcan9oXxc+UM6/c7yCj35ogNGtDxJmJ4O1Gov2LrP3+lbhyHjOeQBYN06JmE+3o3SV/bIZ5HUWMYqmj+yO1sG8ugSx2NAgSMKmyESlrZTZvN9Z9Z8JocmN1TtyA9Uip7/URfGOXaIFYYDLwE=,iv:bxRoXN4DEIi4B2bCxKcImKp1rfkps4RxP3UbjBePjPw=,tag:x4yXtvmoOrFEadhZmbJjAQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3