asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:magento2
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2
..
compare: asmir:c7b8b486ea3d76dbf5464260a1f4cdc3727b687c
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2

173 Commits
magento2 ... c7b8b486ea

Author SHA1 Message Date
Asmir A
c7b8b486ea mediabox/sysctl: set BRR congestion control 2023-11-06 22:31:06 +01:00
Asmir A
3c3c3dab6e nixy/sysctl: set BRR congestion control 2023-11-06 22:30:39 +01:00
Asmir A
a2daa8e145 magpie/sysctl: set BRR congestion control 2023-11-06 22:26:03 +01:00
Asmir A
2f3c3f3f0c magpie/systemd: disable sleep, emergencymode; setup watchdog 2023-11-06 22:16:41 +01:00
Asmir A
bca4baf226 Merge remote-tracking branch 'origin/master' 2023-11-06 19:26:08 +01:00
Asmir A
eccdb771ce magpie/nextcloud: tune php interpreter 2023-11-06 19:25:49 +01:00
Asmir A
3d7385616b Revert "mediabox/kernel: temporary fix for console issue" 
This reverts commit 5025dd2571.
 2023-11-06 19:24:34 +01:00
Asmir A
2f0bc3ef58 Revert "flake: update" 
This reverts commit bb306d3145.
 2023-11-06 19:24:19 +01:00
Asmir A
9c2f2a932f Revert "nixy/kernel: temporary fix for console issue" 
This reverts commit b432b209c3.
 2023-11-06 19:24:05 +01:00
Asmir A
70d3c338c8 Revert "home/qutebrowser: temporary fix where qutebrowser hangs with vulkan enabled" 
This reverts commit 2cc745ea26.
 2023-11-06 19:23:55 +01:00
Asmir A
e4c0207bd3 magpie/firewall: do not log refused connections, enable ping 2023-11-06 19:23:21 +01:00
Asmir A
5025dd2571 mediabox/kernel: temporary fix for console issue 2023-11-04 10:26:23 +01:00
Asmir A
bb306d3145 flake: update 2023-11-04 10:23:49 +01:00
Asmir A
b432b209c3 nixy/kernel: temporary fix for console issue 2023-11-04 10:23:36 +01:00
Asmir A
2cc745ea26 home/qutebrowser: temporary fix where qutebrowser hangs with vulkan enabled 2023-11-03 12:39:24 +01:00
Asmir A
3d2d8ea274 viber: wrap with bubblewrap to disable $HOME access 2023-11-03 00:38:02 +01:00
Asmir A
70efe40a80 packages: add bubblewrap with overlay patches 2023-11-03 00:37:32 +01:00
Asmir A
4ce7d3fc89 Revert "flake: update" 
This reverts commit 3106fe565d.
 2023-11-02 17:01:04 +01:00
Asmir A
747d488bfb packages/viber: add direct link as archive.org is slow atm 2023-11-02 16:28:16 +01:00
Asmir A
d720a9cefb home/packages: temporary disable glaxnimate 2023-11-02 15:44:10 +01:00
Asmir A
3106fe565d flake: update 2023-11-02 14:32:57 +01:00
Asmir A
ef5dd97e8f flake: update nvim 2023-11-02 13:48:09 +01:00
Asmir A
641bed9cad packages: add dtach, tmux 2023-11-02 13:47:55 +01:00
Asmir A
036ffda2f8 nixy/fs: change fs uuid 2023-11-02 13:46:30 +01:00
Asmir A
b2b5a9564c nixy/environment: remove SSH_ASKPASS from env 2023-10-31 21:23:16 +01:00
Asmir A
9f958a5643 home/gpg: set pinentry to curses 2023-10-31 21:22:47 +01:00
Asmir A
ee5102e959 home/zsh: update prompt 2023-10-31 19:41:46 +01:00
Asmir A
fb4cf11448 nixy/nix: enable sandbox 2023-10-30 23:58:49 +01:00
Asmir A
139b48e84b home/packages: add tea 2023-10-30 23:58:31 +01:00
Asmir A
9c77a6775b home/packages: add ghostscript and poppler_utils 2023-10-30 20:24:43 +01:00
Asmir A
6ddeed17ac home/packages: add inkscape 2023-10-30 17:18:33 +01:00
Asmir A
99699ca2de Revert "home/sway: replace swaybar with waybar" 
This reverts commit 65caa07dc0.
 2023-10-29 18:41:23 +01:00
Asmir A
60e18856a7 packages/viber: add webarchive url instead of direct link 2023-10-29 14:34:52 +01:00
Asmir A
9d7436939b home/packages: add viber 2023-10-29 14:34:21 +01:00
Asmir A
65caa07dc0 home/sway: replace swaybar with waybar 2023-10-29 14:34:10 +01:00
Asmir A
5f57ca4b79 packages/viber: add derivation 2023-10-29 12:15:51 +01:00
Asmir A
4613b26503 home/sway: switch whatsapp-for-linux with zapzap 2023-10-29 00:59:12 +02:00
Asmir A
b7b2d5fc72 home/packages: add zapzap 2023-10-29 00:42:00 +02:00
Asmir A
33fffd5f92 packages/zapzap: add derivation 2023-10-29 00:41:39 +02:00
Asmir A
2c015fc1e6 packages/zapzap: remove flake from repo 2023-10-29 00:41:21 +02:00
Asmir A
5275d7a226 packages: add zapzap flake 2023-10-28 23:45:13 +02:00
Asmir A
f4a7213057 home/git: add sign key and enable signing by default 2023-10-28 18:11:08 +02:00
Asmir A
d5fbf61c34 blue: remove header from configuration 2023-10-28 16:55:04 +02:00
Asmir A
cc74cb1484 nixy/configuration remove header 2023-10-28 16:33:45 +02:00
Asmir A
d0fb21119f readme: remove md escapes 2023-10-28 15:47:25 +02:00
Asmir A
b7c578c304 readme: change format from md to txt 2023-10-28 15:46:58 +02:00
Asmir A
27691ecf66 readme: Add main repo URL 2023-10-28 15:44:17 +02:00
Asmir A
a307927cf3 mediabox: add inputs to home-manager 2023-10-28 15:39:32 +02:00
Asmir A
77190240a5 mediabox: limit systemd journal size 2023-10-28 14:51:13 +02:00
Asmir A
4ef5ab21a8 magpie/nextcloud: add php optimizations 2023-10-27 20:46:40 +02:00
Asmir A
9c6df06d38 Merge remote-tracking branch 'origin/master' 2023-10-27 20:43:20 +02:00
Asmir A
1b00de0f01 magpie/nextcloud: add php optimizations 2023-10-27 20:42:23 +02:00
Asmir A
780646d2fc packages: add mosh, socat, optipng 2023-10-27 14:20:50 +02:00
Asmir A
47a78f866d home/vim: remove local files since utilizing nvim_flake 2023-10-27 14:19:00 +02:00
Asmir A
a7ddf03de6 flake: update swaysw input 2023-10-27 12:42:56 +02:00
Asmir A
e822f08a6e home/sway: add swaysw shortcut 2023-10-27 12:42:07 +02:00
Asmir A
eb40751a7b flake: add nvim_flake input 2023-10-27 12:40:58 +02:00
Asmir A
142db429ec home/packages: add nvim flake and additional utils 2023-10-27 12:40:33 +02:00
Asmir A
c3a51a524a home-manager/nvim: remove settings from home.nix 2023-10-27 12:40:04 +02:00
Asmir A
ff1333ac48 nvim: add flake input 2023-10-27 01:46:36 +02:00
Asmir A
d8e200de3a nixy/home_packages: add swaysw 2023-10-26 22:48:15 +02:00
Asmir A
a0ba9ec680 nixy/sway: change def wallpaper location 2023-10-26 22:48:15 +02:00
Asmir A
91bbc1e360 home/packages: add go 2023-10-26 22:48:15 +02:00
Asmir A
c21c7751e2 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/68f7d8c0fb0bfc67d1916dd7f06288424360d43a' (2023-10-04)
  → 'github:nix-community/home-manager/09587fbbc6a669f7725613e044c2577dc5d43ab5' (2023-10-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fdd898f8f79e8d2f99ed2ab6b3751811ef683242' (2023-10-01)
  → 'github:nixos/nixpkgs/7c9cc5a6e5d38010801741ac830a3f8fd667a7a0' (2023-10-19)
• Updated input 'simple-nixos-mailserver':
    'gitlab:simple-nixos-mailserver/nixos-mailserver/c63f6e7b053c18325194ff0e274dba44e8d2271e' (2023-07-21)
  → 'gitlab:simple-nixos-mailserver/nixos-mailserver/84783b661ecf33927c534b6476beb74ea3308968' (2023-09-28)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/746c7fa1a64c1671a4bf287737c27fdc7101c4c2' (2023-10-03)
  → 'github:Mic92/sops-nix/30a0ba4a20703b4bfe047fe5def1fc24978e322c' (2023-10-22)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dbe90e63a36762f1fbde546e26a84af774a32455' (2023-10-01)
  → 'github:NixOS/nixpkgs/fb000224952bf7749a9e8b3779104ef7ea4465c8' (2023-10-21)
 2023-10-25 20:57:34 +02:00
Asmir A
95f0e95b56 magpie/mail: enable imap 2023-10-25 20:56:34 +02:00
Asmir A
447dca1927 magpie/programs: add alejandra, neovim alias 2023-10-20 22:09:44 +02:00
Asmir A
ae2c9694c5 magpie/programs: enable mosh 2023-10-20 21:41:23 +02:00
Asmir A
91b0c91c9c magpie/mail: add account "asmir" 2023-10-20 21:38:28 +02:00
Asmir A
4daf2f851b magpie/mail: add account "asmir" 2023-10-20 21:37:04 +02:00
Asmir A
8a40c727e0 magpie/nextcloud: add admin account/pass 2023-10-20 21:35:43 +02:00
Asmir A
93c6ae5f9c magpie/mail: add account "asmir" 2023-10-20 21:10:56 +02:00
Asmir A
f0fca6c74e magpie: remove config header 2023-10-18 00:16:52 +02:00
Asmir A
7514c94880 magpie/gitea: remove unused postgres password 2023-10-18 00:00:51 +02:00
Asmir A
ae58ed03cb magpie/gitea: remove unused pass 2023-10-17 23:51:56 +02:00
Asmir A
fdc36b2708 magpie/gitea: switch to sqlite3 2023-10-17 23:51:20 +02:00
Asmir A
a5000b9889 magpie/gitea: disable registration and ssh 2023-10-17 23:14:06 +02:00
Asmir A
8492b26016 magpie/mailserver: update configuration syntax 2023-10-17 22:51:43 +02:00
Asmir A
f2dcdb6d5c magpie/gitea: update configuration syntax 2023-10-17 22:50:31 +02:00
Asmir A
cadaede0ee magpie/gitea: replace smtp with sendmail, fix pass reset bug 2023-10-17 22:41:22 +02:00
Asmir A
eb43638c3b magpie/gitea: remove unneeded pass 2023-10-17 22:40:26 +02:00
Asmir A
f0e7c5bed7 magpie/gitea: add mail pass 2023-10-17 20:35:55 +02:00
Asmir A
1afa53239a magpie/sops: rename gitea secrets file 2023-10-14 23:24:16 +02:00
Asmir A
805e72c516 magpie/sops: rename gitea secrets file 2023-10-14 23:21:59 +02:00
Asmir A
fc45fdf0a5 magpie/gitea: change mail pass 2023-10-14 23:19:24 +02:00
Asmir A
9e90599099 magpie/miniflux: export url, add https cert 2023-10-13 13:29:25 +02:00
Asmir A
b467130209 magpie/sops: update minflux secrets format 2023-10-13 13:28:48 +02:00
Asmir A
dcf7736468 magpie/sops: update minflux secrets format 2023-10-13 13:13:00 +02:00
Asmir A
5ac247d951 magpie: add miniflux credentials 2023-10-13 12:52:26 +02:00
Asmir A
fb25519cdb magpie: enable miniflux 2023-10-13 12:44:20 +02:00
Asmir A
edd421eb45 packages: add hdparm 2023-10-07 11:05:41 +02:00
Asmir A
c600fe8663 nixy/hosts: add jellyseerr.mediabox.lan 2023-10-05 22:53:56 +02:00
Asmir A
4b2db9f1b4 mediabox: enable jellyseerr 2023-10-05 22:52:30 +02:00
Asmir A
0561f3d1b4 magpie/restya: set different local and remote host name 2023-10-05 21:28:28 +02:00
Asmir A
a73ad5f3b7 magpie/restya: remove duplicate nginx config 2023-10-05 19:53:08 +02:00
Asmir A
d5a2b982cc magpie/restya: change local port and listenHost 2023-10-05 19:13:19 +02:00
Asmir A
695157c354 magpie/gitea: update config syntax 2023-10-05 19:04:23 +02:00
Asmir A
48e0a3c06d flake: update 2023-10-05 19:00:12 +02:00
Asmir A
fc96961fc3 packages: add curlHTTP3 2023-10-05 19:00:03 +02:00
Asmir A
622d8ce02b magpie: enable quic/http3 on nginx 2023-10-05 18:59:43 +02:00
Asmir A
f4276fdf04 mediabox: select correct peerix priv key 2023-10-03 23:55:54 +02:00
Asmir A
283f1c297e nixy: set mem_sleep_default to deep in kernel cmd line; enable wasi and x64-windows binfmt emulation 2023-10-03 23:55:01 +02:00
Asmir A
880d6e9aed mediabox: update nix options naming 2023-10-01 21:26:33 +02:00
Asmir A
469146da60 all systems: enable memtest86; blue/nix_store: set read only 2023-10-01 21:14:30 +02:00
Asmir A
a379efdf01 mediabox: disable undervolt 2023-10-01 21:10:27 +02:00
Asmir A
09612ae44e mediabox: enable intel microcode update 2023-10-01 21:07:17 +02:00
Asmir A
d5468f6b67 magpie: format new files 2023-10-01 16:16:25 +02:00
Asmir A
d6bef987c4 magpie: fix simple-nixos-mailserver 2023-10-01 16:11:38 +02:00
Asmir A
1368873bdf magpie: add base files 2023-10-01 16:03:02 +02:00
Asmir A
e21f69439a flake: nix-xilinx follows nixpkgs 2023-09-30 20:13:43 +02:00
Asmir A
271570605b mediabox: add peerix secrets file 2023-09-30 16:19:55 +02:00
Asmir A
8e14ba0fe4 flake/shell: add age to buildInputs 2023-09-30 16:16:21 +02:00
Asmir A
e0e30163ed mediabox: add qbitsotrrents as module 2023-09-30 16:12:03 +02:00
Asmir A
b0a16b44c2 flake/shell: add ssh-to-age to buildInputs 2023-09-30 16:10:36 +02:00
Asmir A
4daf6275dc mediabox: update configuration to match nixy 2023-09-30 14:31:03 +02:00
Asmir A
2a2824e6e9 nixy: remove dead code 2023-09-30 14:30:28 +02:00
Asmir A
9f279bfe8d modules: add nextcloud and qbittorrent 2023-09-30 14:11:42 +02:00
Asmir A
46609fff8d modules: add suspend 2023-09-30 14:11:16 +02:00
Asmir A
53fbdb1e85 mediabox: add base file structure 2023-09-30 14:10:53 +02:00
Asmir A
f0a9569507 meta: format files with alejandra 2023-09-30 12:45:55 +02:00
Asmir A
cd678803fd flake: move packages.nix to separate directory 2023-09-30 12:38:13 +02:00
Asmir A
e8fe3d3f8f nixy/peerix: move public key file into own folder 2023-09-30 12:36:02 +02:00
Asmir A
ddb76ace37 home/sway: use correct sway syntax for input device type config 2023-09-29 22:51:22 +02:00
Asmir A
de7f060142 home/i3status-rust: reenable network interfaces for nixy 2023-09-29 22:43:34 +02:00
Asmir A
ad25a3cfe1 meta: move config to separate file 2023-09-29 22:39:06 +02:00
Asmir A
fcc0f05167 flake: set nix-xillinx to not follow nixpkgs 2023-09-29 22:38:49 +02:00
Asmir A
c7353452ee meta: format blue/configuration.nix 2023-09-29 21:13:48 +02:00
Asmir A
5500b7f633 flake: update 2023-09-29 21:03:10 +02:00
Asmir A
3368f755f5 nixy: move nixy secrets directory to nixy folder 2023-09-29 21:01:40 +02:00
Asmir A
de81dc1f58 flake: adjust paths for new layout, add packages followin nixpkgs 2023-09-29 20:59:39 +02:00
Asmir A
1f8440a351 nixy: move hw config into own directory 2023-09-29 20:56:23 +02:00
Asmir A
f86e8d9ce7 home_packages: reenable openocd and kicad 2023-09-29 20:55:18 +02:00
Asmir A
d30100c70e sway: add wallpaper 2023-09-29 20:54:23 +02:00
Asmir A
0b32c60d8e flake: restore lock file from master before merge 2023-09-29 20:51:15 +02:00
Asmir A
46209f2a68 Merge branch 'blue' 2023-09-29 20:49:16 +02:00
Asmir A
74b009b816 meta: start amalgamization of all configs 2023-09-29 20:09:11 +02:00
Asmir A
c7dce9e6b7 flake: update 2023-09-29 19:53:16 +02:00
Asmir A
f869966b60 home/qutebrowser: update package name, open hints directly in mpv 2023-09-20 19:44:52 +02:00
Asmir A
874cc98c11 flake: update 2023-09-20 19:44:14 +02:00
Asmir A
83e23db173 filesystem: btrfs change compression from zstd to lzo on all subvolumes 2023-09-20 19:43:53 +02:00
Asmir A
794e304ab8 flake: add zremap, hosts: update 2023-09-20 19:43:01 +02:00
Asmir A
2d8a742ed1 blue: add skelet for blue host 2023-09-07 10:57:18 +02:00
Asmir A
a16f26e597 flake.lock: update 2023-08-27 19:22:28 +02:00
Asmir A
296b227382 sops-nix: add input.nixpkgs follows nixpkgs 2023-08-27 19:22:13 +02:00
Asmir A
7b119977bc packages: add lm_sensors 2023-08-27 19:21:32 +02:00
Asmir A
3fcf854c2d services/caps2esc: add second delay before starting intercepting to avoid enter beeing stuck 2023-08-27 19:20:53 +02:00
Asmir A
55a2150b03 blue: start flake migration 2023-08-11 20:41:58 +02:00
Asmir A
c003245bb5 home/mpv: select dmabuf_wayland as vo, diasble sway vulkan renderer 2023-08-10 20:24:24 +02:00
Asmir A
52d493a1d2 flake: update 2023-08-10 20:23:43 +02:00
Asmir A
3bf4127203 meta: update flake 2023-08-08 16:08:01 +02:00
Asmir A
cc32a2e506 home/packages: temporary disable openocd because of build failure 2023-08-08 16:07:42 +02:00
Asmir A
9a11bc0a12 reemove openocd udev rules, update fonts.fonts to fonts.packages 2023-08-08 16:07:01 +02:00
Asmir A
8f6bf7544a home/mpv: remove default config 2023-08-08 16:06:23 +02:00
Asmir A
cac3f1f301 home/packages: add cmake 2023-08-05 21:31:59 +02:00
Asmir A
d3fa790243 home/packages: add meson and ninja 2023-08-05 21:30:27 +02:00
Asmir A
d7da18132b meta: add nixd config 2023-08-04 21:04:34 +02:00
Asmir A
e2a7d6b2ca packages: add traceroute 2023-08-04 21:03:49 +02:00
Asmir A
c93d2186d9 home/packages: add qemu_kvm 2023-07-30 16:10:52 +02:00
Asmir A
282cd51542 home/packages: add yewtube 2023-07-29 21:35:19 +02:00
Asmir A
46100007da flake: update 2023-07-29 21:34:23 +02:00
Asmir A
4f5cc851de sops/peerix: change key 2023-07-29 21:33:28 +02:00
Asmir A
e63a197299 home/mps: use yt-dlp instead of youtube-dl 2023-07-29 21:32:54 +02:00
Asmir A
82e5645493 sops: use ssh key 2023-07-29 21:32:14 +02:00
Asmir A
c1d5993f7e home_packages: add birdtray, nix-init 2023-07-26 20:37:46 +02:00
Asmir A
a61e978631 packages add dfu-util 2023-07-20 17:25:36 +02:00
Asmir A
eb43190b7c vim: add zls, do keybind cleanup 2023-07-10 10:50:42 +02:00
Asmir A
7a54d9fa15 vim: disable lus_ls telemetry, don't call setup twice 2023-07-09 12:38:01 +02:00
Asmir A
020fcdc0ab vim: remove unused pkgs 2023-07-09 12:02:50 +02:00
Asmir A
c6fd52e0c0 vim: lua_ls fix vim global not found 2023-07-09 12:02:21 +02:00
Asmir A
e7e79986ad vim: update and cleanup 2023-07-08 22:09:45 +02:00
Asmir A
4d52dcadc7 vim: add ultisnips as cmp source, cleanup 2023-07-07 11:12:48 +02:00
Asmir A
2a9bcf2f24 vim: experiment with nixd, add ultisnips to nvim-cmp 2023-07-06 22:30:52 +02:00
Asmir A
4630720d82 flake: add formater 2023-07-06 22:29:34 +02:00
Asmir A
f0d881de5d nix flake: add devShell 2023-07-03 23:10:39 +02:00
39 changed files with 2352 additions and 579 deletions
Expand all files Collapse all files

1
.nixd.json Normal file
View File

@@ -0,0 +1 @@
{"formatting":{"command":"alejandra"}}

1
README.md
View File

@@ -1 +0,0 @@
NixOS configuration using nix flakes and home-manager

3
README.txt Normal file
View File

@@ -0,0 +1,3 @@
NixOS configuration using nix flakes and home-manager
Main repository found at: https://git.project-cloud.net/asmir/nixos_flake_config

312
blue/configuration.nix Normal file
View File

@@ -0,0 +1,312 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
];
system.stateVersion = "23.05";
system.autoUpgrade.enable = true;
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings.experimental-features = ["nix-command" "flakes"];
};
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
supportedFilesystems = ["btrfs"];
tmpOnTmpfs = true;
initrd.compressor = "zstd";
loader.systemd-boot = {
enable = true;
editor = false;
memtest86.enable = true;
};
loader.efi.canTouchEfiVariables = true;
readOnlyNixStore = true;
};
security = {
rtkit.enable = true;
allowSimultaneousMultithreading = true;
sudo.enable = false;
doas.enable = true;
doas.extraRules = [
{
users = ["akill"];
keepEnv = true;
persist = true;
}
];
};
powerManagement = {
enable = true;
};
networking = {
firewall.enable = true;
hostName = "blue";
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager = {
enable = true;
dns = "none";
/*
wifi.backend = "iwd";
*/
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
wireshark.enable = true;
sway.enable = true;
};
# List services that you want to enable:
systemd = {
services = {
"caps2esc" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/*-kbd | \
/opt/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/*-kbd \
'';
};
};
extraConfig = ''
DefaultTimeoutStartSec=30s
DefaultTimeoutStopSec=30s
'';
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = false;
printing.enable = true;
nextcloud = {
enable = true;
hostName = "localhost";
config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
};
jellyfin = {
enable = false;
user = "akill";
openFirewall = false;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xserver = {
enable = true;
dpi = 144;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager = {
lightdm.enable = false;
startx.enable = true;
defaultSession = "none+i3";
};
windowManager.i3.enable = true;
};
udev.packages = [pkgs.rtl-sdr pkgs.openhantek6022];
tlp = {
enable = true;
};
actkbd = {
enable = true;
bindings = [
{
keys = [113];
events = ["key"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
}
{
keys = [114];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [115];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
}
{
keys = [224];
events = ["key"];
command = "${pkgs.light}/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "${pkgs.light}/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
};
fonts = {
fontconfig = {
cache32Bit = true;
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono"];
};
};
fonts = with pkgs; [
dejavu_fonts
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
inconsolata
iosevka
jetbrains-mono
liberation_ttf
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
proggyfonts
siji
terminus_font
terminus_font_ttf
ubuntu_font_family
];
};
virtualisation = {
containers.storage.settings = {
storage = {
driver = "btrfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout"];
};
}

71
blue/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,71 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."enc_root".device = "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6C85-D29B";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
packages.nix → common/packages.nix
View File

@@ -11,10 +11,13 @@
bluez
bluez-tools
btop
curlHTTP3
dfu-util
dhcpcd
direnv
dmidecode
dnsmasq
dtach
fd
file
fzf
@@ -22,29 +25,39 @@
git
gnupg
gptfdisk
hdparm
htop
interception-tools
jq
lm_sensors
meson
mosh
msmtp
nano
neovim
ninja
nix-index
nixos-option
nmap
ntfs3g
ntfsprogs
openhantek6022
optipng
pax-utils
pciutils
pstree
psutils
qemu_kvm
ripgrep
rsync
silver-searcher
socat
sshfs
strace
swaylock
tig
tmux
traceroute
unrar
unzip
usbutils

70
common/suspend.nix Normal file
View File

@@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.batteryNotifier;
in {
options = {
services.batteryNotifier = {
enable = mkOption {
default = false;
description = ''
Whether to enable battery notifier.
'';
};
device = mkOption {
default = "BAT0";
description = ''
Device to monitor.
'';
};
notifyCapacity = mkOption {
default = 10;
description = ''
Battery level at which a notification shall be sent.
'';
};
suspendCapacity = mkOption {
default = 5;
description = ''
Battery level at which a suspend unless connected shall be sent.
'';
};
};
};
config = mkIf cfg.enable {
systemd.user.timers."lowbatt" = {
description = "check battery level";
timerConfig.OnBootSec = "1m";
timerConfig.OnUnitInactiveSec = "1m";
timerConfig.Unit = "lowbatt.service";
wantedBy = ["timers.target"];
};
systemd.user.services."lowbatt" = {
description = "battery level notifier";
serviceConfig.PassEnvironment = "DISPLAY";
script = ''
export battery_capacity=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/capacity)
export battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_capacity -le ${builtins.toString cfg.notifyCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Low" "You should probably plug-in."
fi
if [[ $battery_capacity -le ${builtins.toString cfg.suspendCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Critically Low" "Computer will suspend in 60 seconds."
sleep 60s
battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_status = "Discharging" ]]; then
systemctl suspend
fi
fi
'';
};
};
}

260
flake.lock generated
View File

@@ -1,20 +1,18 @@
{
"nodes": {
"caps2esc": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1684616473,
"narHash": "sha256-e8/7jWl2EA1UROhd9L+D9kLdd5SoFYWi+56n2jer7g4=",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"rev": "4ebc36bef4f4548566df14d94c9c9907e7a76e78",
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
@@ -50,6 +48,22 @@
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -75,11 +89,11 @@
]
},
"locked": {
"lastModified": 1688220547,
"narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=",
"lastModified": 1698250431,
"narHash": "sha256-qs2gTeH4wpnWPO6Oi6sOhp2IhG0i0DzcnrJxIY3/CP8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b",
"rev": "09587fbbc6a669f7725613e044c2577dc5d43ab5",
"type": "github"
},
"original": {
@@ -91,14 +105,16 @@
"nix-xilinx": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1685780173,
"narHash": "sha256-K18JYyCHrnb05Odb7N9FpU30az7QOV8uL9ch0RgU7i0=",
"lastModified": 1696069591,
"narHash": "sha256-YFPEWMV6XRi7CgDB1qJ67dIYPnrOETuxQO4mnPmxbQs=",
"owner": "asmir.abdulahovic",
"repo": "nix-xilinx",
"rev": "cc5ab958d31c58481b1f7f3a2c0a4db7c22006e9",
"rev": "a20ac5924afa24d45227df7d7d54574a9409a4a6",
"type": "gitlab"
},
"original": {
@@ -109,55 +125,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1684585791,
"narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1688256355,
"narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1685677062,
"narHash": "sha256-zoHF7+HNwNwne2XEomphbdc4Y8tdWT16EUxUTXpOKpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95be94370d09f97f6af6a1df1eb9649b5260724e",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688231357,
"narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
"lastModified": 1697723726,
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
"type": "github"
},
"original": {
@@ -167,42 +139,79 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs-22_11": {
"locked": {
"lastModified": 1684668519,
"narHash": "sha256-KkVvlXTqdLLwko9Y0p1Xv6KQ9QTcQorrU098cGilb7c=",
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85340996ba67cc02f01ba324e18b1306892ed6f5",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs_5": {
"nixpkgs-23_05": {
"locked": {
"lastModified": 1688188316,
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1697929210,
"narHash": "sha256-RkQZif6QhswEwv7484mrKfIU8XmIWm+ED6llbr4IyxM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fb000224952bf7749a9e8b3779104ef7ea4465c8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1698783626,
"narHash": "sha256-esHANPDZbeIiBlXdFjBXpalHzSgtn+2TOmUa76dE6us=",
"ref": "refs/heads/master",
"rev": "b660608fb3ff05e1ba88222d2e8d16a8ca5e580e",
"revCount": 20,
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1684706914,
@@ -220,25 +229,55 @@
},
"root": {
"inputs": {
"caps2esc": "caps2esc",
"home-manager": "home-manager",
"nix-xilinx": "nix-xilinx",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"peerix": "peerix",
"sops-nix": "sops-nix"
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"swaysw": "swaysw",
"zremap": "zremap"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
},
"locked": {
"lastModified": 1695910380,
"narHash": "sha256-CyzeiXQGm8ceEOSK1dffBCfO7JNp8XhQeNkUiJ5HxgY=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "84783b661ecf33927c534b6476beb74ea3308968",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1688268466,
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
"lastModified": 1697943852,
"narHash": "sha256-DaBxUPaZhQ3yLCmAATshYB7qo7NwcMvSFWz9T3bjYYY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
"rev": "30a0ba4a20703b4bfe047fe5def1fc24978e322c",
"type": "github"
},
"original": {
@@ -247,6 +286,26 @@
"type": "github"
}
},
"swaysw": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1698401726,
"narHash": "sha256-kGMqxaNaNSbKJS/55KqqMvLj1xOBc8zCizs6I3xiCo0=",
"ref": "refs/heads/master",
"rev": "1e49032fbfec10b51c9f627aab286290ac15977c",
"revCount": 3,
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -261,6 +320,41 @@
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zremap": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696448728,
"narHash": "sha256-kUc6983IX9n0eQxTFZRK7LYCLHoxoGZ5rOV7nu8hGRI=",
"owner": "asmir.abdulahovic",
"repo": "zremap",
"rev": "9043844893cfc333ed04d04c1d3b67d9904c0afc",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "zremap",
"type": "gitlab"
}
}
},
"root": "root",

129
flake.nix
View File

@@ -3,40 +3,77 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
caps2esc.url = "gitlab:asmir.abdulahovic/caps2esc";
nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx";
peerix.url = "gitlab:asmir.abdulahovic/peerix";
sops-nix.url = "github:Mic92/sops-nix";
nix-xilinx = {
url = "gitlab:asmir.abdulahovic/nix-xilinx";
inputs.nixpkgs.follows = "nixpkgs";
};
peerix = {
url = "gitlab:asmir.abdulahovic/peerix";
inputs.nixpkgs.follows = "nixpkgs";
};
zremap = {
url = "gitlab:asmir.abdulahovic/zremap";
inputs.nixpkgs.follows = "nixpkgs";
};
swaysw = {
url = "git+https://git.project-cloud.net/asmir/swaysw";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
url = "git+https://git.project-cloud.net/asmir/nvim_flake";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
self,
nixpkgs,
caps2esc,
home-manager,
nixpkgs,
nix-xilinx,
nvim,
peerix,
simple-nixos-mailserver,
sops-nix,
swaysw,
zremap,
...
}: {
}: let
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
in {
nixosConfigurations = rec {
nixy = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./configuration.nix
./packages.nix
./hardware-configuration.nix
./nixy/configuration.nix
./nixy/hardware-configuration.nix
./common/packages.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs;};
}
peerix.nixosModules.peerix
{
@@ -46,12 +83,80 @@
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
publicKeyFile = ./peerix-public;
publicKeyFile = ./nixy/peerix-public;
publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
};
}
];
};
mediabox = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./common/packages.nix
./common/suspend.nix
./mediabox/configuration.nix
./mediabox/hardware-configuration.nix
./modules/qbittorrent.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs;};
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
publicKeyFile = ./mediabox/peerix-public;
publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
};
}
];
};
blue = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
./blue/configuration.nix
./blue/hardware-configuration.nix
./common/packages.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
}
];
};
magpie = nixpkgs.lib.nixosSystem {
system = "arm64-linux";
modules = [
{_module.args = inputs;}
./magpie/configuration.nix
./magpie/hardware-configuration.nix
sops-nix.nixosModules.sops
simple-nixos-mailserver.nixosModule
(builtins.toPath "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix")
];
};
};
devShell.x86_64-linux = pkgs.mkShell {
buildInputs = with pkgs; [sops ssh-to-age age];
shellHook = ''
echo "Configuring NixOS!"
'';
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
};
}

31
home/home.nix
View File

@@ -2,11 +2,10 @@
pkgs,
config,
lib,
inputs,
...
}:
with lib; let
vimrc = import ./vimrc.nix {inherit pkgs vimUtils fetchFromGitHub;};
in {
with lib; {
imports = [./zsh.nix ./i3status-rust.nix ./sway.nix ./i3.nix ./home_packages.nix ./whatsapp-for-linux.nix];
home.stateVersion = "22.11";
@@ -30,7 +29,7 @@ in {
MOZ_ENABLE_WAYLAND = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SUDO_EDITOR = "nvim";
WLR_RENDERER = "vulkan";
#WLR_RENDERER = "vulkan";
};
wayland.windowManager.sway = {enable = true;};
@@ -49,14 +48,13 @@ in {
mpv = {
enable = true;
package = pkgs.mpv;
config = {
slang = "eng,en";
alang = "eng,en";
hwdec = "auto";
vo = "gpu-next";
ao = "pipewire";
script-opts-set = "sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
};
@@ -128,13 +126,13 @@ in {
qutebrowser = {
enable = true;
package = pkgs.qutebrowser-qt6;
package = pkgs.qutebrowser;
keyBindings = {
normal = {
"j" = "scroll-px 0 25";
"k" = "scroll-px 0 -25";
"u" = "undo --window";
";v" = "hint links userscript view_in_mpv";
";v" = "hint links spawn mpv {hint-url}";
};
};
@@ -170,15 +168,8 @@ in {
pull = {rebase = true;};
credential = {helper = "store";};
};
};
neovim = {
enable = true;
vimAlias = true;
vimdiffAlias = true;
plugins = vimrc.plugins;
extraConfig = "";
extraPackages = vimrc.extraPackages;
signing.key = "020C42B7A9ABA3E2";
signing.signByDefault = true;
};
obs-studio = {
@@ -191,11 +182,6 @@ in {
zsh.enable = true;
};
xdg.configFile."nvim/init.lua" = {
source = ./vimrc.lua;
recursive = true;
};
services = {
lorri.enable = false;
mako.enable = true;
@@ -213,6 +199,7 @@ in {
enable = true;
defaultCacheTtl = 1800;
enableSshSupport = true;
pinentryFlavor = "curses";
};
swayidle = {

181
home/home_packages.nix
View File

@@ -1,79 +1,114 @@
{
config,
pkgs,
inputs,
...
}: {
home.packages = with pkgs; [
alejandra
appimage-run
arp-scan
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
glab
glaxnimate
gnumake
grim
hyperfine
imagemagick
imv
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yt-dlp
zathura
zeal-qt6
zig
zls
];
home.packages = with pkgs;
[
alejandra
appimage-run
arp-scan
birdtray
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
cmake
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
ghostscript
glab
/*glaxnimate*/
gnumake
go
grim
hyperfine
imagemagick
imv
inkscape
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nix-init
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
poppler_utils
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
tea
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yewtube
yt-dlp
zathura
zeal-qt6
zig
zls
/*
install here until nvim flake is fixed
*/
alejandra
ccls
gopls
luaformatter
nixd
pyright
rust-analyzer
sumneko-lua-language-server
svls
texlab
tree-sitter
verible
zls
]
++ [
inputs.swaysw.packages.x86_64-linux.swaysw
inputs.nvim.packages.x86_64-linux.nvim
(import ../packages/zapzap/default.nix {inherit pkgs;})
(pkgs.callPackage ../packages/viber/default.nix {})
(pkgs.callPackage ../packages/bubblewrap/default.nix {})
];
}

5
home/i3status-rust.nix
View File

@@ -39,6 +39,11 @@
device = "enp5s0";
interval = 2;
}
{
block = "net";
device = "eno1";
interval = 2;
}
{
block = "memory";
}

23
home/sway.nix
View File

@@ -18,11 +18,11 @@
window.commands = [
{
command = "move scratchpad, resize set 1152 648";
criteria = {app_id = "pulsemixer|python3|whatsapp-for-linux|com.viber.Viber";};
criteria = {app_id = "pulsemixer|python3|com.rtosta.zapzap|whatsapp-for-linux|com.viber";};
}
{
command = "move scratchpad, resize set 1502 845";
criteria = {class = "ViberPC";};
criteria = {app_id = "com.viber";};
}
{
command = "floating enable";
@@ -33,16 +33,21 @@
modifier = "Mod4";
output = {
eDP-1 = {
bg = "~/pic/weird_dragon.jpg stretch";
bg = "~/pic/wallpaper stretch";
/*
scale = "1.4";
*/
};
HDMI-A-4 = {
res = "1920x1080";
};
};
input = {
"1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
"2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
"type:keyboard" = {repeat_delay = "150";};
"type:keyboard" = {repeat_rate = "70";};
"type:touchpad" = {tap = "enabled";};
};
bars = [
@@ -95,14 +100,14 @@
"Alt+j" = "focus down";
"Alt+k" = "focus up";
"Alt+l" = "focus right";
"Alt+slash" = "exec lckdo /tmp/.sws_cli_lock footclient -a sws_cli -- sws_cli.sh";
"Alt+slash" = "exec swaysw";
"Alt+Escape" = "workspace back_and_forth";
"Alt+f" = "fullscreen enable";
"Mod4+l" = ''
exec swaymsg [app_id="python3"] scratchpad show || exec foot -a python3 python3'';
"Mod4+h" = "exec swaymsg [app_id=whatsapp-for-linux] scratchpad show || exec whatsapp-for-linux";
"Mod4+j" = "exec swaymsg [app_id=com.viber.Viber] scratchpad show";
"Mod4+h" = "exec swaymsg [app_id=com.rtosta.zapzap] scratchpad show || exec zapzap";
"Mod4+j" = "exec swaymsg [app_id=com.viber] scratchpad show || exec viber";
"Mod4+y" = ''
exec swaymsg [app_id="pulsemixer"] scratchpad show || exec foot -a pulsemixer pulsemixer'';

195
home/vimrc.lua
View File

@@ -1,195 +0,0 @@
-- Basic settings
vim.g.loaded_matchparen = true
vim.g.netrw_liststyle = 3
vim.go.background = 'dark'
vim.go.belloff = 'all'
vim.go.breakindent = true
vim.go.hlsearch = false
vim.go.laststatus = 0
vim.go.lazyredraw = true
vim.go.showcmd = true
vim.go.synmaxcol = 800
vim.go.syntax = 'on'
vim.go.termguicolors = true
vim.go.titleold = vim.fn.getcwd()
vim.go.title = true
vim.go.wildmenu = true
vim.go.wrap = true
vim.wo.number = true
vim.cmd([[colorscheme gruvbox]])
-- Defines a read-write directory for treesitters in nvim's cache dir
local parser_install_dir = vim.fn.stdpath("cache") .. "/treesitters"
if vim.fn.isdirectory(parser_install_dir) == 0 then
vim.fn.mkdir(parser_install_dir, "p")
end
-- Adding runtime needed for Nix setup on non NixOS
vim.o.runtimepath = vim.o.runtimepath .. "," .. parser_install_dir
require 'nvim-treesitter.install'.compilers = { 'gcc' }
require 'nvim-treesitter.configs'.setup {
ensure_installed = { "c", "cpp", "zig", "python", "verilog", "nix", "lua", "latex" },
parser_install_dir = parser_install_dir,
highlight = { enable = true, disable = {} },
indent = { enable = false, disable = {} },
rainbow = {
enable = true,
extended_mode = true, -- Highlight also non-parentheses delimiters, boolean or table: lang -> boolean
max_file_lines = 1000, -- Do not enable for files with more than 1000 lines, int
colors = {
'#ff0000', '#ffa500', '#ffff00', '#008000', '#0051a0', '#8003f2'
} -- table of hex strings
}
}
-- Mappings.
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap = true, silent = true }
vim.api.nvim_set_keymap('n', '<space>e',
'<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<space>q',
'<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', 'Q', '<cmd>nohl<CR>', opts)
vim.api.nvim_set_keymap('n', 'j', 'gj', opts)
vim.api.nvim_set_keymap('n', 'k', 'gk', opts)
vim.api.nvim_set_keymap('v', 'j', 'gj', opts)
vim.api.nvim_set_keymap('v', 'k', 'gk', opts)
vim.api.nvim_set_keymap('n', '<C-J>', '<C-W><C-J>', opts)
vim.api.nvim_set_keymap('n', '<C-K>', '<C-W><C-K>', opts)
vim.api.nvim_set_keymap('n', '<C-L>', '<C-W><C-L>', opts)
vim.api.nvim_set_keymap('n', '<C-H>', '<C-W><C-H>', opts)
vim.api.nvim_create_autocmd('LspAttach', {
desc = 'LSP actions',
callback = function()
local bufmap = function(mode, lhs, rhs)
vim.keymap.set(mode, lhs, rhs, { buffer = true })
end
-- Displays hover information about the symbol under the cursor
bufmap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<cr>')
-- Jump to the definition
bufmap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<cr>')
-- Jump to declaration
bufmap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<cr>')
-- Lists all the implementations for the symbol under the cursor
bufmap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<cr>')
-- Jumps to the definition of the type symbol
bufmap('n', 'go', '<cmd>lua vim.lsp.buf.type_definition()<cr>')
-- Lists all the references
bufmap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<cr>')
-- Displays a function's signature information
bufmap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<cr>')
-- Renames all references to the symbol under the cursor
bufmap('n', 'rn', '<cmd>lua vim.lsp.buf.rename()<cr>')
-- Selects a code action available at the current cursor position
bufmap('n', '<F4>', '<cmd>lua vim.lsp.buf.code_action()<cr>')
bufmap('x', '<F4>', '<cmd>lua vim.lsp.buf.range_code_action()<cr>')
-- Show diagnostics in a floating window
bufmap('n', 'gl', '<cmd>lua vim.diagnostic.open_float()<cr>')
-- Move to the previous diagnostic
bufmap('n', '[d', '<cmd>lua vim.diagnostic.goto_prev()<cr>')
-- Move to the next diagnostic
bufmap('n', ']d', '<cmd>lua vim.diagnostic.goto_next()<cr>')
-- Format current buffer
bufmap('n', '<space>f', function() vim.lsp.buf.format { async = true } end)
end
})
-- Use a loop to conveniently call 'setup' on multiple servers and
-- map buffer local keybindings when the language server attaches
local cmp = require 'cmp'
cmp.setup({
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'buffer' },
{ name = 'path' },
}),
mapping = {
["<Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
["<S-Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
['<Down>'] = cmp.mapping(cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<Up>'] = cmp.mapping(cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<C-n>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-p>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
['<C-e>'] = cmp.mapping({ i = cmp.mapping.close(), c = cmp.mapping.close() }),
['<CR>'] = cmp.mapping({
i = cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = false }),
}),
}
})
local servers = { 'pyright', 'rust_analyzer', 'ccls', 'lua_ls', 'rnix', 'texlab', 'verible' }
local capabilities = require('cmp_nvim_lsp').default_capabilities()
for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup {
capabilities = capabilities
}
end
require('lspconfig').lua_ls.setup({
single_file_support = true,
})
require('lspconfig').verible.setup({
root_dir = function() return vim.loop.cwd() end
})
if vim.fn.exists('+undofile') ~= 0 then
local undo_dir = vim.env.HOME .. '/.config/nvim/undo'
if vim.fn.isdirectory(undo_dir) == 0 then vim.fn.mkdir(undo_dir, 'p') end
vim.o.undodir = undo_dir
vim.o.undofile = true
end
vim.cmd([[syntax sync minlines=100]])
vim.cmd([[syntax sync maxlines=140]])

44
home/vimrc.nix
View File

@@ -1,44 +0,0 @@
{
pkgs,
vimUtils,
fetchFromGitHub,
}: {
extraPackages = [
pkgs.ccls
pkgs.clang
pkgs.luaformatter
pkgs.nil
pkgs.pyright
pkgs.rnix-lsp
pkgs.rust-analyzer
pkgs.sumneko-lua-language-server
pkgs.svls
pkgs.texlab
pkgs.tree-sitter
pkgs.zls
pkgs.verible
];
plugins = with pkgs.vimPlugins; [
colorizer
fugitive
fzf-vim
gruvbox
nvim-lspconfig
nvim-treesitter
nvim-ts-rainbow
repeat
targets-vim
UltiSnips
vim-addon-nix
vim-signify
vim-slime
vim-snippets
zig-vim
cmp-nvim-lsp
cmp-buffer
cmp-path
cmp-cmdline
nvim-cmp
];
}

4
home/zsh.nix
View File

@@ -52,8 +52,8 @@
src = pkgs.fetchFromGitHub {
owner = "sindresorhus";
repo = "pure";
rev = "47c0c881f0e7cfdb5eaccd335f52ad17b897c060";
sha256 = "15xdhi72pq88ls5gx1h0k23jvb41j6kq6ar17dqmd5d38zsgwl3v";
rev = "87e6f5dd4c793f6d980532205aaefe196780606f";
hash = "sha256-TR4CyBZ+KoZRs9XDmWE5lJuUXXU1J8E2Z63nt+FS+5w=";
};
file = "pure.plugin.zsh";
}

77
magento2-nginx.nix
View File

@@ -1,77 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
app = "magento2";
domain = "127.0.0.1";
dataDir = config.users.users.akill.home + "/proj/magento2/magento/pub";
in {
services = {
phpfpm.pools.${app} = {
user = "akill";
group = "users";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
nginx = {
user = "akill";
group = "users";
enable = true;
virtualHosts.${domain}.locations."/" = {
root = dataDir;
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
mysql = {
enable = true;
package = pkgs.mysql;
settings.mysqld.port = 3306;
initialDatabases = [{name = "magento2";}];
ensureUsers = [
{
name = "magento2";
ensurePermissions = {"magento2.*" = "ALL PRIVILEGES";};
}
];
};
opensearch.enable = true;
postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE magento2 WITH LOGIN PASSWORD 'magento2' CREATEDB;
CREATE DATABASE magento2;
GRANT ALL PRIVILEGES ON DATABASE magento2 TO magento2;
'';
};
};
systemd.services.phpfpm-magento2.serviceConfig.ProtectHome = lib.mkForce false;
}

271
magpie/configuration.nix Normal file
View File

@@ -0,0 +1,271 @@
{
config,
pkgs,
lib,
...
}: {
imports = [];
nix.optimise.automatic = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.grub.devices = ["/dev/sda"];
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
users.users.root.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ=="
];
environment.systemPackages = with pkgs; [
alejandra
curl
fd
file
fzf
fzy
git
htop
tig
unzip
wget
zip
];
programs.mosh.enable = true;
programs.neovim = {
enable = true;
vimAlias = true;
viAlias = true;
};
mailserver = {
enable = true;
debug = false;
fqdn = "mail.project-cloud.net";
domains = ["project-cloud.net"];
enableSubmissionSsl = true;
enableImap = false;
enableImapSsl = true;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"gitea@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
aliases = ["git@project-cloud.net"];
};
"asmir@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
aliases = ["asmir.abdulahovic@project-cloud.net"];
};
};
certificateScheme = "acme-nginx";
};
services.journald.extraConfig = ''SystemMaxUse=50M '';
services.logind.extraConfig = ''KillUserProcesses=yes '';
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.enable = true;
services.opendkim.enable = true;
services.miniflux = {
enable = true;
adminCredentialsFile = config.sops.secrets."miniflux_env".path;
config = {
LISTEN_ADDR = "localhost:5001";
BASE_URL = "https://miniflux.project-cloud.net";
};
};
services.restya-board = {
enable = true;
/*
virtualHost.serverName = "board.project-cloud.net";
*/
virtualHost.listenHost = "localhost";
virtualHost.listenPort = 4001;
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
config.adminpassFile = config.sops.secrets."nextcloud_admin".path;
configureRedis = true;
hostName = "project-cloud.net";
https = true;
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
phpOptions = {
"opcache.jit" = "tracing";
"opcache.jit_buffer_size" = "100M";
"opcache.interned_strings_buffer" = "16";
};
};
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts.${config.services.nextcloud.hostName} = {
quic = true;
forceSSL = true;
enableACME = true;
};
virtualHosts."miniflux.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:5001";
};
};
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
virtualHosts."board.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.restya-board.virtualHost.listenPort}";
};
};
};
services.gitea = {
enable = true;
appName = "Project Cloud Gitea server";
database = {
type = "sqlite3";
passwordFile = config.sops.secrets."gitea_db".path;
};
settings.server = {
DOMAIN = "git.project-cloud.net";
ROOT_URL = "https://git.project-cloud.net";
DISABLE_SSH = true;
HTTP_PORT = 3001;
};
settings.mailer = {
ENABLED = true;
FROM = "gitea@project-cloud.net";
PROTOCOL = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
settings.service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
};
settings."markup.restructuredtext" = let
docutils =
pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
in {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
};
/*
needed for sendmail mail functionality
*/
users.users.gitea.extraGroups = ["postdrop"];
systemd.services.gitea.serviceConfig = {
RestrictAddressFamilies = ["AF_NETLINK"];
ProtectSystem = lib.mkForce false;
};
security.acme = {
acceptTerms = true;
defaults.email = "asmir.abdulahovic@gmail.com";
};
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."miniflux_env" = {
sopsFile = ./secrets/miniflux.yaml;
};
sops.secrets."gitea_mail_pw_hash" = {
sopsFile = ./secrets/gitea_mail_pw_hash.yaml;
};
sops.secrets."asmir_mail_pw_hash" = {
sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
};
sops.secrets."gitea_db" = {
sopsFile = ./secrets/gitea_db.yaml;
owner = config.users.users.gitea.name;
};
sops.secrets."nextcloud_admin" = {
sopsFile = ./secrets/nextcloud_admin.yaml;
owner = config.users.users.nextcloud.name;
};
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587];
networking.firewall.allowedUDPPorts = [];
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.hostName = "magpie";
networking.networkmanager.enable = true;
networking.wireless.enable = false;
systemd = {
enableEmergencyMode = false;
watchdog = {
runtimeTime = "20s";
rebootTime = "30s";
};
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
};
system.stateVersion = "22.11";
}

40
magpie/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4FEE-DEED";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

21
magpie/secrets/asmir_mail_pw_hash.yaml Normal file
View File

@@ -0,0 +1,21 @@
asmir_mail_pw_hash: ENC[AES256_GCM,data:LOKGd9X69fSj81BwaqjiQL18gXPebIdcfjOO2UJM8XOUEzsqP/gHYWuLYGQ5wuZB9zcFm0yeGjNN8hOq,iv:KwunTtk1ca/N4UidUXh3nSBwMNlP8vI4h2kk8roAzNU=,tag:JyfLzweD7sVT/+RVpLA3QQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTM0ZzVHZ1hlNzJ6d25a
eFpZMHdBZjBFSjU4L0dkK1Noby9HK29CMldNCkJWb2NmcC9jNVFBMWJOZjVBalRw
VVZsN3B1WGJseDFiRTA1R3cvU3c2NEEKLS0tIFI4WHFDRHBCN29IQ0tPVC9zbHZS
OFdsQUpvRzNKc2x1WW13b2d4R3lxdXMKJeMJ1IdxS+WUTzUlFdc4WfnUozWU4/80
9GBPz3VCppunrXrh1zFkfIL+Lz48HFyf7HNI4na6TkyqipR6wsW4gw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-20T19:31:29Z"
mac: ENC[AES256_GCM,data:xXiCems/1em6JdK3V5GcD811yc8t6iHHFmz0OOrWM3muR807Ux80TrD3uoMN8GxIMyr0AloH41k8+vxaSlMmHsGGl6o1P13aR03E+A9ZLp1W2Nb3nCy5rH4pF8WSeNMxZ1SoT2iEAtTsh29xusocQTMUvr7Ou8TDLyVvrKhBPZw=,iv:SSPpVTbVQTvhPg1qm9akrg2ji1fRcukkwX5P2FzWMb4=,tag:a6GiGWfwnKLtteVoi9DJtQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_db.yaml Normal file
View File

@@ -0,0 +1,21 @@
gitea_db: ENC[AES256_GCM,data:50Hu8vTKZFxd9kjbcDlyqBW9L5s=,iv:ADKMUKbu1YHOp+DUAezpT8tXCi7x3ayA2VN0s7k4kxg=,tag:S1cu5w8qKT7FFpC30Kd3Xg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZ3l1UTRDMFVlM01TR1dW
VzNnRXpuc0R0d3BpVzZveHRrdHRTTVRXNWpnCjVqNittd3BiZ0d3YXVQUXBpWExU
cGdkSmVtOHJBN3FEdDVCeTVjUllHc0EKLS0tIG5TQlpIQXhNNmJiR0Y3L1p3SVpG
ZnlvRDRUam5MaFdZcGgyZlJSZzMvVWcKxiwENpP7qlF0Uy7DJM0WwLFQ0h+ost5T
BCsZtGP61Z2WcQq0EWYLqJItR2Tk3AXox014CJAm+G/G8PMTAKv0xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T21:16:10Z"
mac: ENC[AES256_GCM,data:EPiLv8IzVXqRan9UlBuA3TmxtB3f4Qj4owed+1Pat9Tih1yOe4Z9RT28JIYJQ70R/IK+Yi0NQem9Ec6HU+8kaxLE3fff/4PM+B9QQbB6fjgLFod/nFk+OuWgR7FTcJ2j16OnlxE5ikCP+qdfvAM0eEv+BoDrWv98gSyCXtMCe48=,iv:th0E7zioz7gtgMlns8kvnf5hmlRH0KX65wPxBi3YP6Y=,tag:JhoGvF8LJmrAQpUOEopohA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_mail_pw_hash.yaml Normal file
View File

@@ -0,0 +1,21 @@
gitea_mail_pw_hash: ENC[AES256_GCM,data:HCXKeqnOxcmxbvTWDFd750gXfs/irNvHw+TWQE5qjFsUP6MTRGvJNQvoU5NDYXs6pjgyznIUx1z31DQG,iv:UV7Yf2JsAcpkyfIW/ipYQa3tlTai0WD102iA3V6ba+A=,tag:TIcB+9GOqyuG68uCTAl4Tg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCT2VyNWxUeUZ5aDdHcXJR
WGJVOGgyeC83MEV4REpGZkRUcVJKZDBqYmtjCllQdFhyRWNiTURYQmpucndFWDlr
WUFybGtmckNBdXYzMVZxT3lQM1k3aTgKLS0tIEpNZjU1RkpSOVo3Y1ovR0lmbHJu
bENVWmpCcTVqMDh2Wjhob2I2VzRRblkKPGCV1gRyihDCStM4tmvp89d996v1UzdJ
/NyK49//+uJJqwCEWuvHWWCB+EbkkOE6gPPKXZyXZSTbb/TDDcVF/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-14T21:21:12Z"
mac: ENC[AES256_GCM,data:NE9btXZKE3KJmxtWc0Ytb0atfBJKRs5T+Xk9RDFX6veSGBoB+M2+YMCONQdr8T2w6lLJqlrMBHqlfuvD3YnDj041xZmfSsi9NACliWj6GWVWcFWWc6W9OVH8/5CfwjYBdgTJ2o7wdnF9fYHvwMRcaHThDmoUkaExVtVsyu912og=,iv:kyekfEq32GSKVNKy8MJYfT5ZMKNSRQUk1viB2W6k29U=,tag:7ie/2P/F3bPQXpkWGKqTfA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/miniflux.yaml Normal file
View File

@@ -0,0 +1,21 @@
miniflux_env: ENC[AES256_GCM,data:K5FiJcboD3tpWxQQG4EeCuOb9d8+cXTLjqb9Nt+aYUvWHwycA51q3ZQTMY9JS7GevNugGvz7,iv:Xk7aW1/DObGxJxTlJniaCBHuCVfCh6OZEewISdZl2Pc=,tag:BY8uVkkRzyKr9pA6EGCY2A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ1d3aGhud0UyOVV6Vzcw
Q3Q2OVRQOEpXUk1TK2dOOEZtKzNlUkJGZHh3CmJwYnRpWFhJWHZXQ2I1TnhKWDRx
MGlrbXJoQTVPcUFBa0gvME95OVlxWkEKLS0tIHNZWWRwWUJPV3o3REpENzdMYkVk
Y1V5SXhCUllDWGhjK3JzWDRKQU9hMmMKuVmn6OAy2q/mpBKqUhl1qfpnPvFOd72c
/jMqnxClGSVXjJ5qdvcXCfLeYwT8vnhViNZmjE1ebRosE5YupvrjUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T11:17:33Z"
mac: ENC[AES256_GCM,data:CpzC0H2Rfvl7F9tXCJ0WwkhE4Ba7eOIl1QMh1DHP8YQ9rChzAE8S5SXXuJA0jcmVY6NPfZ7zl8VEBepE+LHCq2UdSkAefawLeM6HwNfedP8N+zheqlyCZ8Os48628aHYN0PVI+/dMvpWWcfl+CFaH1mm4c+KYedCIsS9ZEYi9N8=,iv:EbF58pxbtHxPTAgs4dbZ31qyRT3QJ1kQoUShbLE11FY=,tag:FNF/OzS2SL3FweFw0RcRLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/nextcloud_admin.yaml Normal file
View File

@@ -0,0 +1,21 @@
nextcloud_admin: ENC[AES256_GCM,data:txb5JSKxFeTS3M9LSk7m5M1XAvg=,iv:Rf6VNFmK+f0pjL7wH0dlcPL4CqQDRq/qQyliTdn2c4I=,tag:wDQqDZCK2p5aG+g8eE4weA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUnQ3SDAyRTUxUDF0dDhY
K3JmQWlYRVJtdEFac0J4U0RGKzZGNXJmUEg4CmtBSW9yNGZScXhKdnhZWkxIamFW
YXEzbGhwR2F3dDJGdzljZUZBeERhU1kKLS0tIGlXZUhsdnI4ell5R3ZZbjZ0NCtO
TUpkZmxBNzZ1UUY1dGRud2hycGUyZW8KFUGikaFQjFfmn068qex2tpGbRHIbmS3l
27lqo8+eRFnq0nw8H/1yRMi8IghR0+XK68T49hlt0VLS9LZJG1aPag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T23:08:24Z"
mac: ENC[AES256_GCM,data:fb9cOL4Q+q5uarmXtXNlpRmWgv/Ao1MqwwH2V2CQxEiP8zFyFBZs2435vdcLzrQrnBXz0JLVu4g10SH2T4dpYFP42teIkrgmneecjjcM+UOsBsGsrxlpHMha1t/ERRhBA7uJze5/kwHqry6eruWehRTu65QF1qBTql3m6ipjCeY=,iv:a7aFuTCcRCIDERlrj/9dFCF7VgCDDakfPteQimHV3lc=,tag:4mwrDHaQWA4EU0AgtgZaMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

417
mediabox/configuration.nix Normal file
View File

@@ -0,0 +1,417 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
sops-nix,
zremap,
...
}: {
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
experimental-features = ["nix-command" "flakes"];
};
};
boot = {
initrd.compressor = "zstd";
kernelModules = ["acpi_call"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
};
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "aasmir@gmx.com";
};
};
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
hostName = "mediabox";
interfaces.enp0s25.useDHCP = true;
interfaces.wlp3s0.useDHCP = false;
useDHCP = false;
wireless.enable = false;
wireless.interfaces = ["wlp3s0"];
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = ''
192.168.1.173 nixy.lan
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
'';
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.zsh.enable = true;
programs.light.enable = true;
programs.firejail.enable = true;
programs.adb.enable = false;
programs.wireshark.enable = true;
programs.sway.enable = true;
# List services that you want to enable:
systemd = {
services = {
"macchanger-wireless" = {
after = ["sys-subsystem-net-devices-wlp3s0.device"];
before = ["network-pre.target"];
bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = ["multi-user.target"];
wants = ["network-pre.target"];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
serviceConfig.Type = "oneshot";
};
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.x86_64-linux}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
"wakeonlan" = {
description = "Reenable wake on lan every boot";
after = ["network.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
};
wantedBy = ["default.target" "suspend.target" "shutdown.target"];
};
/*
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
*/
};
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = true;
restya-board.enable = false;
thinkfan.enable = false;
xrdp = {
enable = true;
defaultWindowManager = "icewm";
openFirewall = true;
};
logind = {
lidSwitch = "ignore";
};
jellyfin = {
enable = true;
user = "akill";
openFirewall = true;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
deluge = {
enable = false;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/deluge";
web = {
enable = true;
openFirewall = false;
};
config = {
download_location = "/media";
allow_remote = true;
daemon_port = 58846;
};
};
transmission = {
enable = false;
openFirewall = true;
settings = {
rpc-whitelist = "192.168.88.*";
download-dir = "/media";
};
};
qbittorrent = {
enable = true;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/qbittorrent";
port = 8081;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."deluge.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8112/";
};
virtualHosts."qbittorrent.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8081/";
};
virtualHosts."jellyfin.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8096/";
};
virtualHosts."jellyseerr.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:5055/";
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager.lightdm.enable = false;
displayManager.defaultSession = "none+icewm";
windowManager.icewm.enable = true;
};
udev.packages = [];
tlp = {
enable = true;
settings = {};
};
actkbd = {
enable = true;
bindings = [
{
keys = [121];
events = ["key"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
}
{
keys = [122];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
}
{
keys = [123];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
}
{
keys = [224];
events = ["key"];
command = "/run/current-system/sw/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "/run/current-system/sw/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};
fonts.packages = with pkgs; [
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
iosevka
jetbrains-mono
liberation_ttf
proggyfonts
siji
];
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = false;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.ado = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.mediauser = {
isNormalUser = true;
shell = pkgs.bash;
extraGroups = [];
};
}

64
mediabox/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,64 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4B94-6E7B";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982";}
];
hardware.cpu.intel.updateMicrocode = true;
nix.settings.max-jobs = lib.mkDefault 8;
}

1
mediabox/peerix-public Normal file
View File

@@ -0,0 +1 @@
peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=

40
mediabox/secrets/peerix.yaml Normal file
View File

@@ -0,0 +1,40 @@
peerix:
private: ENC[AES256_GCM,data:m76hyDWzcIlczegZyPyTtOYOgOGeyX++SeGsqEWS5b3ZbR2M9RqUGYEscLRX3/Dlff2vgs+hI4cOjiMnhq9pnLzP25Xh4XAiJNMkD43fFCCb7zj2RUWEyLAzzmWpR8fSB1mXTpciUGM=,iv:s9EXpkGYR0kI5xQZ8wAmkobK1q4XlVdFH4irEVwy1bs=,tag:L7AF6mFsxss6NDantbqXMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMkdLVEFQMVk1allhK2hL
NXFXc254SmhxK0lFWTd1SUorUGQ0VEJPcXo4ClNYSkhJbnVjUjdFOGtoWFV2VWZC
NmpaRDVhWnRQUmVDWS9WU2pTVlBEQ1EKLS0tIFAydU9aYXJnd1NnRzU2YXpXM1Vq
VWhhbkZTT1kwTEl5VEVWR1A2aW5OUDgKiYcj5Yo42RjQeo1UeUTBV8YBNYL8ccLW
bQ1655MU/q3LQh14lqwbsOfmGjPc9H0ECltm+V+kNPTRi76qFhcodg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eGJCRlhHbk1JQWl2RllZ
R3hkVGtIamJzZlVLazUrVEJnNmU3Z0tLMG5RClp2Z01Fc1p5QzFhUWNzU2NpU0Zo
aTRPMFhPYlA4VmZNUWFsWHZRMUxyaTQKLS0tIG51TW9JRW12RzVmdWpZY3FaVnBR
UTZ2YWdQVjRTTUxPUWVwbHI4aklITmMKZQnfJs01D4FX+MF6oU0FmWYQ4reB/X/k
Lat8FrqerqaCYqYmAKe3HWBR6HEVm0U7I7jkVuoROMqz3uci+5HWbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNTNhaFVzaWFoTU9GdEZD
Z0JWQlFXc3N3SnAwR09YUmIxZlpvNllmU2tnCkFtVlRXMGV2d1V4S0ZxNlRiVzlC
N3dHSFM2eG02UVQrdGR0SnhUMitvelkKLS0tIFpvQUlIZ05HK3F0a2FkKy9EOURY
YzUwa2s0eTliSmxtajdjYmFsOSs2T1kKg08c1uB0swRSo0R6s6hup5JBfkrCKoxf
SjwBAZtjNhr3hrLy1eoo/dpYG6oAkEs3GvaaZ02ldT872dxZvg6r+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-30T14:18:57Z"
mac: ENC[AES256_GCM,data:R0TJ/7uihpsCHwPLXFYKi+ZaEUtbZVz02utDF7vO7gYDN1MFa0c5nZ/mAnJJtTJI41GdAu9ezTUiU6H1HTHLxYMeUoNAAvNlSCkvGc/oMQofXidL34hq1X2vG05N3UQlkbAXTlCBkYc20oVVOVmT/lq7USEx29oB/ytxZzKYFvM=,iv:qpz0g+O4kwChct1ddiT3D8rZBg08YUr4Ba5pJ4WQyzo=,tag:pWLFiQWl1QSzveBxnq4uXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

78
modules/nextcloud.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
pkgs,
...
}: {
# Enable Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"nextcloud.mediabox.lan" = {
## Force HTTP redirect to HTTPS
#forceSSL = true;
};
};
};
# Actual Nextcloud Config
services.nextcloud = {
enable = true;
hostName = "localhost";
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud25;
# Use HTTPS for links
https = true;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
adminpassFile = "/var/nextcloud-admin-pass";
adminuser = "admin";
};
};
# Enable PostgreSQL
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# Ensure that postgres is running before running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

116
modules/qbittorrent.nix Normal file
View File

@@ -0,0 +1,116 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent;
configDir = "${cfg.dataDir}/.config";
openFilesLimit = 4096;
in {
options.services.qbittorrent = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Run qBittorrent headlessly as systemwide daemon
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = ''
The directory where qBittorrent will create files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open services.qBittorrent.port to the outside network.
'';
};
openFilesLimit = mkOption {
default = openFilesLimit;
description = ''
Number of files to allow qBittorrent to open.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.qbittorrent];
nixpkgs.overlays = [
(final: prev: {
qbittorrent = prev.qbittorrent.override {guiSupport = false;};
})
];
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
description = "qBittorrent Daemon";
wantedBy = ["multi-user.target"];
path = [pkgs.qbittorrent];
serviceConfig = {
ExecStart = ''
${pkgs.qbittorrent}/bin/qbittorrent-nox \
--profile=${configDir} \
--webui-port=${toString cfg.port}
'';
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
home = cfg.dataDir;
createHome = true;
description = "qBittorrent Daemon user";
};
};
users.groups =
mkIf (cfg.group == "qbittorrent") {qbittorrent = {gid = null;};};
};
}

56
configuration.nix → nixy/configuration.nix
View File

@@ -1,13 +1,10 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
caps2esc,
nix-xilinx,
sops-nix,
zremap,
...
}: {
imports = [];
@@ -15,9 +12,12 @@
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.keyFile = config.users.users.akill.home + "/.config/sops/age/keys.txt";
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
@@ -26,10 +26,8 @@
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
sandbox = true;
experimental-features = ["nix-command" "flakes"];
trusted-public-keys = [
"binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
];
};
};
@@ -37,11 +35,19 @@
extraModulePackages = with config.boot.kernelPackages; [usbip];
initrd.compressor = "zstd";
initrd.kernelModules = ["amdgpu"];
binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["psmouse.synaptics_intertouch=0"];
kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.editor = false;
loader.systemd-boot.enable = true;
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
@@ -76,12 +82,12 @@
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
192.168.88.230 mediabox.lan
192.168.88.230 jellyfin.mediabox.lan
192.168.88.230 deluge.mediabox.lan
192.168.88.230 binarycache.mediabox.lan
192.168.88.231 workstation.lan
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 jellyseerr.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
'';
networkmanager = {
@@ -106,6 +112,9 @@
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nix-xilinx.overlay];
environment = {
extraInit = ''
unset -v SSH_ASKPASS
'';
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
@@ -127,16 +136,15 @@
# List services that you want to enable:
systemd = {
services = {
"caps2esc" = {
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/platform-i8042-serio-0-event-kbd \
sleep 1
${zremap.defaultPackage.x86_64-linux}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
};
@@ -178,9 +186,9 @@
};
udev = {
packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
packages = [pkgs.rtl-sdr pkgs.openhantek6022];
extraRules = ''
#Xilinx FTDI
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx Digilent
@@ -269,7 +277,7 @@
};
};
fonts = with pkgs; [
packages = with pkgs; [
dejavu_fonts
dina-font
fira-code

12
hardware-configuration.nix → nixy/hardware-configuration.nix
View File

@@ -20,7 +20,7 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
options = ["subvol=root" "compress=lzo" "noatime"];
};
boot.initrd.luks.devices."sys_enc".device = "/dev/disk/by-uuid/682d030d-189e-4b47-a60a-62cf1f3729d3";
@@ -28,25 +28,25 @@
fileSystems."/home" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
options = ["subvol=home" "compress=lzo" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
options = ["subvol=nix" "compress=lzo" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
options = ["subvol=persist" "compress=lzo" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
options = ["subvol=log" "compress=lzo" "noatime"];
};
fileSystems."/boot" = {
@@ -55,7 +55,7 @@
};
fileSystems."/opt/xilinx" = {
device = "/dev/disk/by-uuid/09912fb9-0284-4b4e-add1-d4a27329539f";
device = "/dev/disk/by-uuid/f5c27ef2-8053-4d96-9f8f-c6a50d6193b9";
fsType = "erofs";
};

0
peerix-public → nixy/peerix-public
View File

31
nixy/secrets/peerix.yaml Normal file
View File

@@ -0,0 +1,31 @@
peerix:
private: ENC[AES256_GCM,data:767u5KKjk2lMr70vtBvX06t8n/1r5xpCrRNKc9QvypJmbPS+vS8vij8JYJZDKKFBh5xUazSLQC1ga2mpb+hEO2rgD0Aa70p22wwfOP+qCJQNYwlEf0MLWhlblTCE9Cr/eQSX7g==,iv:tPEB4NWbLMvzrUIvosj9PfinMhdWNBu5btjElvbDzxg=,tag:wzxaBzW0R6HKCyP5zlMPRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbi9uTGVPYlhYYWdFb25u
SGhSUm9rNmEzSkNVUEVIOGNLb1Z3VFdjNERFCjVEYXlXTlRCV2dLMW1VMWgzcXBR
OWxSOUZjZ2VCTzRycDhZRGRXWS9KRTAKLS0tIG8yMkZNeFRtdHVPTTJOM2tRSk5F
OXp3Wmh0b1lYQnJBWlMxeGZaZXdnY2MKftJPaUc9sDM8YmvUo1eVDNXWX4scr1rH
SMAod/Oq0BvQfyGIpvVBfL5T7RxlF1DwOedg/p3PSfMPjok7QLyv+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdU9WSjZkWUd6NXFpdXNp
R2huUXZQOGZzb0Z0ekN2WkdRdEFJYk54RmhnCmo0ampNK01VR3lQM0RGYWlNQ3cx
Rk1BK1lIUHJPZ2R5YVd6RTlYbXJDVWcKLS0tIGV0Yy8ySnFMQ25PQUNBL3dPdmc3
WjhldWNVL0h6T1lUSEdXeHFQemRBVEEKJzh1HExRoy/iyTtBNaVdNgolWyFHaaLV
VTDZYEHq+eEIrVAG5xefG/nPpj2K6FRItA6+4PcKtyARG+gKYwp2tw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T11:55:00Z"
mac: ENC[AES256_GCM,data:ieNyjQlo1tQ8qxFMyIN5XGgUiclYIfJe6WUyWiR3qJKKOTnx5MBWNUuHfUMkpm2ToNpaxiDUih2Hhqv5S0Bq1zoExMLjqE36GgaOivha6DeoQn5+WH8bMdMAoc1PlCQkj6Fxw2sdZlrIKcswADk4MfDzdaY/vKoQ5AtK5Bdkgok=,iv:JaOfWEwbLhOTquQVIG6Ll38jkGOCzbtD8h5c7SOAzik=,tag:m4Fmor24Q9GDoe7nu2VnEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

56
packages/bubblewrap/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
lib,
stdenv,
fetchFromGitHub,
docbook_xsl,
libxslt,
meson,
ninja,
pkg-config,
bash-completion,
libcap,
libselinux,
}:
stdenv.mkDerivation rec {
pname = "bubblewrap";
version = "0.8.0";
src = fetchFromGitHub {
owner = "rhendric";
repo = "bubblewrap";
rev = "23ff0f875b3a0200c1796daa01173ecec7deaf88";
hash = "sha256-EWsuAGsShaHEmLi0jUHX2bFQZkinIOsRbgB7tZSfq8E=";
};
postPatch = ''
substituteInPlace tests/libtest.sh \
--replace "/var/tmp" "$TMPDIR"
'';
nativeBuildInputs = [
docbook_xsl
libxslt
meson
ninja
pkg-config
];
buildInputs = [
bash-completion
libcap
libselinux
];
# incompatible with Nix sandbox
doCheck = false;
meta = with lib; {
changelog = "https://github.com/containers/bubblewrap/releases/tag/${src.rev}";
description = "Unprivileged sandboxing tool";
homepage = "https://github.com/containers/bubblewrap";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [dotlambda];
platforms = platforms.linux;
mainProgram = "bwrap";
};
}

169
packages/viber/default.nix Normal file
View File

@@ -0,0 +1,169 @@
{
alsa-lib,
brotli,
cups,
curl,
bubblewrap,
bash,
writeShellScriptBin,
dbus,
dpkg,
expat,
fetchurl,
fontconfig,
freetype,
glib,
gst_all_1,
harfbuzz,
krb5,
lcms,
lib,
libcap,
libevent,
libGL,
libGLU,
libopus,
libpulseaudio,
libwebp,
libxkbcommon,
libxml2,
libxslt,
makeWrapper,
mesa,
nspr,
nss,
openssl,
snappy,
stdenv,
systemd,
wayland,
xorg,
zlib,
zstd,
...
}:
stdenv.mkDerivation {
pname = "viber";
version = "21.0.0.1";
src = fetchurl {
# Official link: https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb
url = "https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb";
sha256 = "0q34mwbk0i2vj2f16hk7pyshl8fqwym3lyr7iss22qw8cxx3mcg3";
};
nativeBuildInputs = [makeWrapper];
buildInputs = [dpkg];
dontUnpack = true;
libPath = lib.makeLibraryPath [
alsa-lib
brotli
cups
curl
dbus
expat
fontconfig
freetype
glib
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
harfbuzz
krb5
lcms
libcap
libevent
libGLU
libGL
libopus
libpulseaudio
libwebp
libxkbcommon
libxml2
libxslt
mesa
nspr
nss
openssl
snappy
stdenv.cc.cc
systemd
wayland
zlib
zstd
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libxcb
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXScrnSaver
xorg.libXtst
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.libxkbfile
];
installPhase = let
viberWrap = writeShellScriptBin "viberWrap" ''
${bubblewrap}/bin/bwrap --bind / / \
--dev /dev \
--tmpfs $HOME \
--bind $HOME/.ViberPC/ $HOME/.ViberPC \
--bind $HOME/Downloads/ $HOME/Downloads \
$@
'';
in ''
dpkg-deb -x $src $out
mkdir -p $out/bin
# Soothe nix-build "suspicions"
chmod -R g-w $out
for file in $(find $out -type f \( -perm /0111 -o -name \*.so\* \) ); do
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$file" || true
patchelf --set-rpath $libPath:$out/opt/viber/lib $file || true
done
# qt.conf is not working, so override everything using environment variables
wrapProgram $out/opt/viber/Viber \
--set QT_PLUGIN_PATH "$out/opt/viber/plugins" \
--set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \
--set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale" \
--set QML2_IMPORT_PATH "$out/opt/viber/qml"
echo "#!${bash}/bin/bash" > $out/bin/viber
echo "${viberWrap}/bin/viberWrap $out/opt/viber/Viber" >> $out/bin/viber
chmod +x $out/bin/viber
mv $out/usr/share $out/share
rm -rf $out/usr
# Fix the desktop link
substituteInPlace $out/share/applications/viber.desktop \
--replace /opt/viber/Viber $out/opt/viber/Viber \
--replace /usr/share/ $out/share/
'';
dontStrip = true;
dontPatchELF = true;
meta = {
homepage = "https://www.viber.com";
description = "An instant messaging and Voice over IP (VoIP) app";
sourceProvenance = with lib.sourceTypes; [binaryNativeCode];
license = lib.licenses.unfree;
platforms = ["x86_64-linux"];
maintainers = with lib.maintainers; [jagajaga];
};
}

1
packages/zapzap/.nixd.json Symbolic link
View File

@@ -0,0 +1 @@
../../.nixd.json

23
packages/zapzap/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{pkgs}:
pkgs.python3Packages.buildPythonPackage {
name = "zapzap";
src = pkgs.fetchFromGitHub {
owner = "zapzap-linux";
repo = "zapzap";
rev = "5de4a4015128c164af3c964ecbe5b6358d98b521";
hash = "sha256-bd3YcITK4lraOu7D/xZfnibilAZQZWqazVVtUwqJ4wc=";
};
dontWrapQtApps = true;
propagatedBuildInputs = with pkgs.python3Packages; [pyqt6-webengine qt6.qtwayland qt6.qtsvg];
nativeBuildInputs = with pkgs; [qt6.wrapQtAppsHook makeWrapper];
env = {
HOME = "/tmp";
};
preFixup = ''
makeWrapperArgs+=(
# Force the app to use QT_PLUGIN_PATH values from wrapper
--unset QT_PLUGIN_PATH
"''${qtWrapperArgs[@]}"
)
'';
}

31
secrets/peerix.yaml
View File

@@ -1,31 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:WlWrX0kxeElaGvFllg2EkgfDsj1bkRwD9xMTWQevktDQaRd3IdVD9IwFZcwgTgS4hVM6gy9Q/VWX3M12vKaLdaKeTR/PMOQGCov291w12cAFIg/pYINp+511a9aHqFaIZx0WeA==,iv:Ni0M4Tikcbs6NsanYunOKn1R8jLlC59NiDbqNVPW7gM=,tag:POSZ9OgkLZyvnN8vn8OgDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbWcxaHVYUjVydnZVZkJa
MFA1TDJFcmtpUis2SXBWNjh5QjI0WkgydHhBCklzVFRlZ0VoSitISlpIaVFJaHRZ
enNFaFl1MkRaQUtpb1JUOUNJaXJDT00KLS0tIHZBeGc2ejR4bkcxVjhrWDYyOVpk
V28zVWZsTFpJVHY3bHdqR3dGMHNqWncKcjvVw61Zfh0yXKikjnrlq1CIoN7wDiiQ
5FDAzjdTMGLOXvrxtfKEJ0RUP8/ANJ+b69pJTBl8To4qIAFGKU0syg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1smcrg45udmvl5w8306qec07lqqzjplwx3l8f80tcewpkh7r3h5yqgenrqd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUnNveWIrOEE4UnlGNnpN
WE5oN1hrOTlma0ZWUDc5ZG5pcUFOV1BJam5nCnhiaFRJVjcreDFiTU85RlJzK0tT
eURJdHAwWXVZU2xHbTdsOVc4VjJOaUUKLS0tIGJ2c3JxVGFZWHdCY1p3M1VRNGlk
enVTczYxcjNPZkFHTG5RZEtRTTRJOUEKNTPZFBwdnKNmalgPqpJew8ucwQZ3yK+8
6Zqv3POnq68ms4nFelQynDYDAEK/maN+qYdo8qgFi14pz87liVF/Ug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-03T20:12:05Z"
mac: ENC[AES256_GCM,data:kcfnNiu88VTYGgxfSRIkqK8MXS7Gcan9oXxc+UM6/c7yCj35ogNGtDxJmJ4O1Gov2LrP3+lbhyHjOeQBYN06JmE+3o3SV/bIZ5HUWMYqmj+yO1sG8ugSx2NAgSMKmyESlrZTZvN9Z9Z8JocmN1TtyA9Uip7/URfGOXaIFYYDLwE=,iv:bxRoXN4DEIi4B2bCxKcImKp1rfkps4RxP3UbjBePjPw=,tag:x4yXtvmoOrFEadhZmbJjAQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3