Switch to nixfmt-rfc-style
This commit is contained in:
parent
c823e50b2a
commit
ce88b03198
18
flake.lock
18
flake.lock
|
@ -89,11 +89,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1706182238,
|
||||
"narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=",
|
||||
"lastModified": 1706834982,
|
||||
"narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "f84eaffc35d1a655e84749228cde19922fcf55f1",
|
||||
"rev": "83e571bb291161682b9c3ccd48318f115143a550",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -104,11 +104,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"lastModified": 1706718339,
|
||||
"narHash": "sha256-S+S97c/HzkO2A/YsU7ZmNF9w2s7Xk6P8dzmfDdckzLs=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"rev": "53fbe41cf76b6a685004194e38e889bc8857e8c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -120,11 +120,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1706191920,
|
||||
"narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
|
||||
"lastModified": 1706550542,
|
||||
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
|
||||
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
31
flake.nix
31
flake.nix
|
@ -19,16 +19,22 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, agenix, nixpkgs, nixpkgs-unstable, nixos-hardware
|
||||
, home-manager }:
|
||||
outputs =
|
||||
inputs@{
|
||||
self,
|
||||
agenix,
|
||||
nixpkgs,
|
||||
nixpkgs-unstable,
|
||||
nixos-hardware,
|
||||
home-manager,
|
||||
}:
|
||||
let
|
||||
mkComputer = import "${inputs.self}/lib/mk_computer.nix";
|
||||
mkRaspi = import "${inputs.self}/lib/mk_raspi.nix";
|
||||
mksdImage = host:
|
||||
mksdImage =
|
||||
host:
|
||||
(self.nixosConfigurations.${host}.extendModules {
|
||||
modules = [
|
||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
];
|
||||
modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];
|
||||
}).config.system.build.sdImage;
|
||||
# required for home-manager only setup {
|
||||
overlay-unstable = final: prev: {
|
||||
|
@ -39,11 +45,14 @@
|
|||
};
|
||||
pkgs = import inputs.nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
config = { allowUnfree = true; };
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
overlays = [ overlay-unstable ];
|
||||
};
|
||||
# }
|
||||
in {
|
||||
in
|
||||
# }
|
||||
{
|
||||
images = {
|
||||
git = mksdImage "git";
|
||||
loki-test = mksdImage "loki-test";
|
||||
|
@ -131,7 +140,9 @@
|
|||
];
|
||||
extraSpecialArgs = {
|
||||
inherit inputs;
|
||||
nixosConfig = { az-username = "zweili"; };
|
||||
nixosConfig = {
|
||||
az-username = "zweili";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
{ config, lib, nixosConfig, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
nixosConfig,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# Home Manager needs a bit of information about you and the
|
||||
# paths it should manage.
|
||||
programs = {
|
||||
|
@ -23,7 +30,9 @@
|
|||
"$git_status"
|
||||
"$character"
|
||||
];
|
||||
python = { format = "[\${symbol}($virtualenv) ]($style)"; };
|
||||
python = {
|
||||
format = "[\${symbol}($virtualenv) ]($style)";
|
||||
};
|
||||
};
|
||||
enable = true;
|
||||
};
|
||||
|
@ -74,9 +83,8 @@
|
|||
};
|
||||
|
||||
shellAliases = {
|
||||
format-modules = "nixfmt **/*.nix";
|
||||
nix-generations =
|
||||
"sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
|
||||
format-modules = "unstable.nixfmt-rfc-style **/*.nix";
|
||||
nix-generations = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
|
||||
rebuild = ''
|
||||
nixos-rebuild -j auto switch --use-remote-sudo
|
||||
'';
|
||||
|
@ -93,7 +101,7 @@
|
|||
highlight
|
||||
killall
|
||||
ncdu
|
||||
nixfmt
|
||||
unstable.nixfmt-rfc-style
|
||||
nmon
|
||||
tree
|
||||
unzip
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./common
|
||||
./programs/alacritty
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-alacritty;
|
||||
in {
|
||||
let
|
||||
cfg = config.programs.az-alacritty;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-alacritty.enable =
|
||||
lib.mkEnableOption "Enable alacritty terminal.";
|
||||
programs.az-alacritty.enable = lib.mkEnableOption "Enable alacritty terminal.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-ansible;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-ansible;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-ansible.enable = lib.mkEnableOption "Enable ansible.";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-calibre;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-calibre;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-calibre.enable = lib.mkEnableOption "Enable calibre.";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-czkawka;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-czkawka;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-czkawka.enable = lib.mkEnableOption "Enable czkawka.";
|
||||
};
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-emacs;
|
||||
in {
|
||||
options = { programs.az-emacs.enable = lib.mkEnableOption "Enable emacs."; };
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-emacs;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-emacs.enable = lib.mkEnableOption "Enable emacs.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
|
@ -25,8 +34,8 @@ in {
|
|||
languagetool-console-command "${pkgs.languagetool}/share/languagetool-commandline.jar"
|
||||
languagetool-server-command "${pkgs.languagetool}/share/languagetool-server.jar")
|
||||
'';
|
||||
extraPackages = epkgs:
|
||||
with pkgs; [
|
||||
extraPackages =
|
||||
epkgs: with pkgs; [
|
||||
epkgs.ag
|
||||
epkgs.amx
|
||||
epkgs.annotate
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, inputs, lib, ... }:
|
||||
let cfg = config.programs.az-email;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-email;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-email.enable =
|
||||
lib.mkEnableOption "Configure everything required for sending emails.";
|
||||
programs.az-email.enable = lib.mkEnableOption "Configure everything required for sending emails.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -18,14 +24,21 @@ in {
|
|||
userName = "andreas@zweili.ch";
|
||||
primary = true;
|
||||
passwordCommand = "cat /run/user/1000/agenix/personalEmailKey";
|
||||
aliases = [ "andreas.zweili@gmail.com" "andreas@2li.ch" ];
|
||||
aliases = [
|
||||
"andreas.zweili@gmail.com"
|
||||
"andreas@2li.ch"
|
||||
];
|
||||
msmtp.enable = true;
|
||||
mu.enable = true;
|
||||
offlineimap = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
account = { autorefresh = 15; };
|
||||
local = { sync_deletes = true; };
|
||||
account = {
|
||||
autorefresh = 15;
|
||||
};
|
||||
local = {
|
||||
sync_deletes = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
imap = {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-evince;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-evince;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-evince.enable = lib.mkEnableOption "Enable evince.";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-git;
|
||||
in {
|
||||
let
|
||||
cfg = config.programs.az-git;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-git = {
|
||||
enable = lib.mkEnableOption "Enable git.";
|
||||
|
@ -25,15 +27,25 @@ in {
|
|||
syntax-theme = "GitHub";
|
||||
};
|
||||
};
|
||||
includes = [{
|
||||
path = "~/.config/git/workconfig";
|
||||
condition = "gitdir:~/git_repos/work/";
|
||||
}];
|
||||
includes = [
|
||||
{
|
||||
path = "~/.config/git/workconfig";
|
||||
condition = "gitdir:~/git_repos/work/";
|
||||
}
|
||||
];
|
||||
extraConfig = {
|
||||
core = { hooksPath = "~/.config/git/hooks/"; };
|
||||
safe = { directory = "*"; };
|
||||
pull = { rebase = false; };
|
||||
push = { autoSetupRemote = true; };
|
||||
core = {
|
||||
hooksPath = "~/.config/git/hooks/";
|
||||
};
|
||||
safe = {
|
||||
directory = "*";
|
||||
};
|
||||
pull = {
|
||||
rebase = false;
|
||||
};
|
||||
push = {
|
||||
autoSetupRemote = true;
|
||||
};
|
||||
merge.conflictStyle = "diff3";
|
||||
rerere.enabled = true;
|
||||
};
|
||||
|
@ -122,7 +134,6 @@ in {
|
|||
|
||||
# ignore pycache"
|
||||
"__pycache__/"
|
||||
|
||||
];
|
||||
};
|
||||
# raw files
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-hunspell;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-hunspell;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-hunspell.enable = lib.mkEnableOption "Add dictionaries";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-keeweb;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-keeweb;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-keeweb.enable = lib.mkEnableOption "Enable keeweb.";
|
||||
};
|
||||
|
@ -17,7 +24,9 @@ in {
|
|||
Environment = "QT_SCALE_FACTOR=1.25";
|
||||
ExecStart = "${pkgs.keeweb}/bin/keeweb --no-sandbox";
|
||||
};
|
||||
Install = { WantedBy = [ "graphical-session.target" ]; };
|
||||
Install = {
|
||||
WantedBy = [ "graphical-session.target" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,22 +1,31 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-mpv;
|
||||
delete-file = (pkgs.stdenvNoCC.mkDerivation rec {
|
||||
name = "mpv-delete-file";
|
||||
src = pkgs.fetchurl {
|
||||
url =
|
||||
"https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
|
||||
sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
|
||||
};
|
||||
dontBuild = true;
|
||||
dontUnpack = true;
|
||||
installPhase = ''
|
||||
install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
|
||||
'';
|
||||
passthru.scriptName = "delete_file.lua";
|
||||
});
|
||||
in {
|
||||
options = { programs.az-mpv.enable = lib.mkEnableOption "Enable MPV."; };
|
||||
delete-file = (
|
||||
pkgs.stdenvNoCC.mkDerivation rec {
|
||||
name = "mpv-delete-file";
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
|
||||
sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
|
||||
};
|
||||
dontBuild = true;
|
||||
dontUnpack = true;
|
||||
installPhase = ''
|
||||
install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
|
||||
'';
|
||||
passthru.scriptName = "delete_file.lua";
|
||||
}
|
||||
);
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-mpv.enable = lib.mkEnableOption "Enable MPV.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.mpv = {
|
||||
|
@ -25,13 +34,17 @@ in {
|
|||
s = "playlist-shuffle";
|
||||
r = "cycle_values video-rotate 90 180 270 0";
|
||||
};
|
||||
config = { "keepaspect-window" = "no"; };
|
||||
config = {
|
||||
"keepaspect-window" = "no";
|
||||
};
|
||||
scripts = [ delete-file ];
|
||||
};
|
||||
|
||||
xdg.mimeApps = {
|
||||
enable = true;
|
||||
associations.added = { "inode/directory" = [ "mpv.desktop" ]; };
|
||||
associations.added = {
|
||||
"inode/directory" = [ "mpv.desktop" ];
|
||||
};
|
||||
defaultApplications = {
|
||||
"application/mxf" = "mpv.desktop";
|
||||
"application/sdp" = "mpv.desktop";
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-open-port;
|
||||
in {
|
||||
let
|
||||
cfg = config.programs.az-open-port;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-open-port.enable =
|
||||
lib.mkEnableOption "Two functions to quickly open a port in iptables.";
|
||||
programs.az-open-port.enable = lib.mkEnableOption "Two functions to quickly open a port in iptables.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-rapid-photo-downloader;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-rapid-photo-downloader;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-rapid-photo-downloader.enable =
|
||||
lib.mkEnableOption "Enable Rapid Photo Downloader.";
|
||||
programs.az-rapid-photo-downloader.enable = lib.mkEnableOption "Enable Rapid Photo Downloader.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-signal;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-signal;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-signal.enable = lib.mkEnableOption "Enable Signal.";
|
||||
};
|
||||
|
@ -12,14 +19,20 @@ in {
|
|||
xdg.desktopEntries = {
|
||||
signal = {
|
||||
name = "Signal with tray icon";
|
||||
exec =
|
||||
"${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
|
||||
exec = "${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
|
||||
terminal = false;
|
||||
type = "Application";
|
||||
icon = "signal-desktop";
|
||||
comment = "Private messaging from your desktop";
|
||||
mimeType = [ "x-scheme-handler/sgnl" "x-scheme-handler/signalcaptcha" ];
|
||||
categories = [ "Network" "InstantMessaging" "Chat" ];
|
||||
mimeType = [
|
||||
"x-scheme-handler/sgnl"
|
||||
"x-scheme-handler/signalcaptcha"
|
||||
];
|
||||
categories = [
|
||||
"Network"
|
||||
"InstantMessaging"
|
||||
"Chat"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-ssh;
|
||||
in {
|
||||
options = { programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host."; };
|
||||
let
|
||||
cfg = config.programs.az-ssh;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.ssh = {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-telegram;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-telegram;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-telegram.enable = lib.mkEnableOption "Enable Telegram.";
|
||||
};
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-tmux;
|
||||
in {
|
||||
options = { programs.az-tmux.enable = lib.mkEnableOption "Enable tmux"; };
|
||||
let
|
||||
cfg = config.programs.az-tmux;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-tmux.enable = lib.mkEnableOption "Enable tmux";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.tmux = {
|
||||
|
@ -70,4 +74,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-vagrant-wsl;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-vagrant-wsl;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-vagrant-wsl.enable =
|
||||
lib.mkEnableOption "Enable Vagrant in WSL.";
|
||||
programs.az-vagrant-wsl.enable = lib.mkEnableOption "Enable Vagrant in WSL.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,11 +1,21 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-work-desktop;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-work-desktop;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-work-desktop.enable =
|
||||
lib.mkEnableOption "Applications and config required for work.";
|
||||
programs.az-work-desktop.enable = lib.mkEnableOption "Applications and config required for work.";
|
||||
};
|
||||
|
||||
config =
|
||||
lib.mkIf cfg.enable { home.packages = with pkgs; [ dbeaver vagrant ]; };
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
dbeaver
|
||||
vagrant
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-yt-dlp;
|
||||
in {
|
||||
let
|
||||
cfg = config.programs.az-yt-dlp;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-yt-dlp.enable = lib.mkEnableOption "Enable yt-dlp.";
|
||||
};
|
||||
|
@ -11,7 +13,9 @@ in {
|
|||
extraConfig = ''
|
||||
-S "+codec:h264"
|
||||
'';
|
||||
settings = { remux-video = "mkv"; };
|
||||
settings = {
|
||||
remux-video = "mkv";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-desktop-base;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-desktop-base;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-desktop-base.enable =
|
||||
lib.mkEnableOption "Base configuration for a destkop.";
|
||||
services.az-desktop-base.enable = lib.mkEnableOption "Base configuration for a destkop.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -23,10 +29,8 @@ in {
|
|||
az-tmux.enable = true;
|
||||
bash = {
|
||||
shellAliases = {
|
||||
management-server =
|
||||
"mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
|
||||
work-management =
|
||||
"mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
|
||||
management-server = "mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
|
||||
work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -40,8 +44,7 @@ in {
|
|||
remmina
|
||||
];
|
||||
# raw config files
|
||||
home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source =
|
||||
./xdg-portal-add-path.sh;
|
||||
home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source = ./xdg-portal-add-path.sh;
|
||||
|
||||
gtk.theme.name = "Arc-Darker";
|
||||
|
||||
|
@ -94,7 +97,9 @@ in {
|
|||
configFile."mimeapps.list".force = true;
|
||||
};
|
||||
|
||||
xsession = { numlock.enable = true; };
|
||||
xsession = {
|
||||
numlock.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
az-dunst.enable = true;
|
||||
|
@ -109,4 +114,3 @@ in {
|
|||
systemd.user.startServices = "sd-switch";
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-dunst;
|
||||
in {
|
||||
options = { services.az-dunst.enable = lib.mkEnableOption "Enable dunst."; };
|
||||
let
|
||||
cfg = config.services.az-dunst;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-dunst.enable = lib.mkEnableOption "Enable dunst.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.dunst = {
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-espanso;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-espanso;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-espanso.enable = lib.mkEnableOption "Enable espanso.";
|
||||
};
|
||||
|
@ -16,23 +18,30 @@ in {
|
|||
{
|
||||
trigger = "<dd";
|
||||
replace = "{{current_date}}";
|
||||
vars = [{
|
||||
name = "current_date";
|
||||
type = "date";
|
||||
params = { format = "%Y-%m-%d"; };
|
||||
}];
|
||||
vars = [
|
||||
{
|
||||
name = "current_date";
|
||||
type = "date";
|
||||
params = {
|
||||
format = "%Y-%m-%d";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
trigger = "<ds";
|
||||
replace = "{{current_date}}";
|
||||
vars = [{
|
||||
name = "current_date";
|
||||
type = "date";
|
||||
params = { format = "%Y-%m-%d_%H%M%S"; };
|
||||
}];
|
||||
vars = [
|
||||
{
|
||||
name = "current_date";
|
||||
type = "date";
|
||||
params = {
|
||||
format = "%Y-%m-%d_%H%M%S";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-grobi;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-grobi;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-grobi.enable =
|
||||
lib.mkEnableOption "Enabel grobi display manager.";
|
||||
services.az-grobi.enable = lib.mkEnableOption "Enabel grobi display manager.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -23,7 +29,10 @@ in {
|
|||
}
|
||||
{
|
||||
name = "docked";
|
||||
outputs_connected = [ "eDP-1" "DP-1-2" ];
|
||||
outputs_connected = [
|
||||
"eDP-1"
|
||||
"DP-1-2"
|
||||
];
|
||||
atomic = true;
|
||||
configure_single = "DP-1-2";
|
||||
primary = true;
|
||||
|
|
|
@ -8,7 +8,8 @@ let
|
|||
nvidia-offload mpv --shuffle --mute=yes "/run/user/1000/gvfs/smb-share:server=10.7.89.108,share=various2/$directory/" &
|
||||
done
|
||||
'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
|
@ -22,8 +23,7 @@ in {
|
|||
az-media
|
||||
];
|
||||
shellAliases = {
|
||||
unlock-luks =
|
||||
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -34,6 +34,7 @@ in {
|
|||
az-yt-dlp.enable = true;
|
||||
};
|
||||
|
||||
services = { az-desktop-base.enable = true; };
|
||||
services = {
|
||||
az-desktop-base.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ inputs, ... }: {
|
||||
{ inputs, ... }:
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
systemd.user.startServices = "sd-switch";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ inputs, pkgs, ... }: {
|
||||
{ inputs, pkgs, ... }:
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
|
||||
home = {
|
||||
|
@ -9,8 +10,7 @@
|
|||
xclip
|
||||
];
|
||||
shellAliases = {
|
||||
unlock-luks =
|
||||
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ inputs, ... }: {
|
||||
{ inputs, ... }:
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
|
||||
targets.genericLinux.enable = true;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ inputs, pkgs, ... }: {
|
||||
{ inputs, pkgs, ... }:
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
|
@ -8,10 +9,13 @@
|
|||
};
|
||||
|
||||
programs = {
|
||||
az-git = { userEmail = "zweili@contria.com"; };
|
||||
az-git = {
|
||||
userEmail = "zweili@contria.com";
|
||||
};
|
||||
az-work-desktop.enable = true;
|
||||
};
|
||||
|
||||
services = { az-desktop-base.enable = true; };
|
||||
services = {
|
||||
az-desktop-base.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, inputs, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
|
||||
programs.direnv = {
|
||||
|
@ -15,7 +21,13 @@
|
|||
NIX_PATH = "nixpkgs=${inputs.nixpkgs}";
|
||||
PATH = "$PATH:$HOME/.local/bin";
|
||||
};
|
||||
packages = with pkgs; [ keychain nixfmt mosh gyre-fonts source-code-pro ];
|
||||
packages = with pkgs; [
|
||||
keychain
|
||||
unstable.nixfmt-rfc-style
|
||||
mosh
|
||||
gyre-fonts
|
||||
source-code-pro
|
||||
];
|
||||
};
|
||||
nix = {
|
||||
package = pkgs.nix;
|
||||
|
@ -25,8 +37,10 @@
|
|||
experimental-features = "nix-command flakes";
|
||||
fallback = true;
|
||||
warn-dirty = false;
|
||||
substituters =
|
||||
[ "https://nix-community.cachix.org" "https://cache.nixos.org" ];
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
|
@ -38,7 +52,9 @@
|
|||
programs = {
|
||||
az-ansible.enable = true;
|
||||
az-emacs.enable = true;
|
||||
az-git = { userEmail = "zweili@contria.com"; };
|
||||
az-git = {
|
||||
userEmail = "zweili@contria.com";
|
||||
};
|
||||
az-hunspell.enable = true;
|
||||
az-tmux.enable = true;
|
||||
az-vagrant-wsl.enable = true;
|
||||
|
@ -47,8 +63,7 @@
|
|||
. /home/zweili/.nix-profile/etc/profile.d/nix.sh
|
||||
'';
|
||||
shellAliases = {
|
||||
work-management =
|
||||
"mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
|
||||
work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
|
||||
work-vm = ''ssh andreas@localhost -p 2222 -t "$@" "tmux new -A -s 0"'';
|
||||
hm-rebuild = "home-manager switch";
|
||||
};
|
||||
|
@ -56,4 +71,3 @@
|
|||
};
|
||||
systemd.user.startServices = "suggest";
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ hostname, inputs, system ? "x86_64-linux", home-module ? "headless"
|
||||
, username ? "andreas" }:
|
||||
{
|
||||
hostname,
|
||||
inputs,
|
||||
system ? "x86_64-linux",
|
||||
home-module ? "headless",
|
||||
username ? "andreas",
|
||||
}:
|
||||
let
|
||||
overlay-unstable = final: prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
|
@ -10,7 +15,9 @@ let
|
|||
|
||||
pkgs = import inputs.nixpkgs {
|
||||
inherit system;
|
||||
config = { allowUnfree = true; };
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
overlays = [
|
||||
overlay-unstable
|
||||
# (final: prev: {
|
||||
|
@ -26,9 +33,12 @@ let
|
|||
# })
|
||||
];
|
||||
};
|
||||
in inputs.nixpkgs.lib.nixosSystem {
|
||||
in
|
||||
inputs.nixpkgs.lib.nixosSystem {
|
||||
inherit system pkgs;
|
||||
specialArgs = { inherit inputs; };
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = ([
|
||||
# System configuration for this host
|
||||
(import "${inputs.self}/systems/${hostname}" { inherit hostname; })
|
||||
|
@ -46,7 +56,9 @@ in inputs.nixpkgs.lib.nixosSystem {
|
|||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.extraSpecialArgs = { inherit inputs system; };
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit inputs system;
|
||||
};
|
||||
age.identityPaths = [ "/home/${username}/.ssh/id_rsa" ];
|
||||
home-manager.users.${username}.imports = [
|
||||
inputs.agenix.homeManagerModules.default
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ hostname, inputs, system ? "aarch64-linux", home-module ? "headless"
|
||||
, username ? "andreas" }:
|
||||
{
|
||||
hostname,
|
||||
inputs,
|
||||
system ? "aarch64-linux",
|
||||
home-module ? "headless",
|
||||
username ? "andreas",
|
||||
}:
|
||||
let
|
||||
overlay-unstable = final: prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
|
@ -10,34 +15,39 @@ let
|
|||
|
||||
pkgs = import inputs.nixpkgs {
|
||||
inherit system;
|
||||
config = { allowUnfree = true; };
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
overlays = [
|
||||
overlay-unstable
|
||||
(final: prev: {
|
||||
freshrss = prev.freshrss.overrideAttrs (_: rec {
|
||||
version = "1.32.1";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "FreshRSS";
|
||||
repo = "FreshRSS";
|
||||
rev = "c89073d60e491f775a13a9ec57915313eb073964";
|
||||
sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
|
||||
};
|
||||
});
|
||||
freshrss = prev.freshrss.overrideAttrs (
|
||||
_: rec {
|
||||
version = "1.32.1";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "FreshRSS";
|
||||
repo = "FreshRSS";
|
||||
rev = "c89073d60e491f775a13a9ec57915313eb073964";
|
||||
sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
|
||||
};
|
||||
}
|
||||
);
|
||||
})
|
||||
|
||||
# The following is requried for building images {
|
||||
# https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
|
||||
(final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // { allowMissing = true; });
|
||||
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
|
||||
})
|
||||
# }
|
||||
];
|
||||
};
|
||||
|
||||
in inputs.nixpkgs.lib.nixosSystem {
|
||||
in
|
||||
inputs.nixpkgs.lib.nixosSystem {
|
||||
inherit pkgs system;
|
||||
specialArgs = { inherit inputs; };
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = ([
|
||||
# System configuration for this host
|
||||
(import "${inputs.self}/systems/${hostname}" { inherit hostname; })
|
||||
|
@ -55,7 +65,9 @@ in inputs.nixpkgs.lib.nixosSystem {
|
|||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.extraSpecialArgs = { inherit inputs system; };
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit inputs system;
|
||||
};
|
||||
home-manager.users.${username}.imports = [
|
||||
inputs.agenix.homeManagerModules.default
|
||||
"${inputs.self}/home-manager/profiles/${home-module}.nix"
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware/bluetooth
|
||||
./hardware/dvd
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.hardware.az-bluetooth;
|
||||
in {
|
||||
let
|
||||
cfg = config.hardware.az-bluetooth;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-bluetooth.enable = lib.mkEnableOption "Enable Bluetooth";
|
||||
};
|
||||
|
@ -21,4 +23,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.hardware.az-dvd;
|
||||
in {
|
||||
options = { hardware.az-dvd.enable = lib.mkEnableOption "DVD"; };
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.hardware.az-dvd;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-dvd.enable = lib.mkEnableOption "DVD";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.hardware.az-nvidia;
|
||||
in {
|
||||
let
|
||||
cfg = config.hardware.az-nvidia;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-nvidia.enable = lib.mkEnableOption "Nvidia GPU Support";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment = { variables = { XDG_DATA_HOME = "$HOME/.local/share"; }; };
|
||||
environment = {
|
||||
variables = {
|
||||
XDG_DATA_HOME = "$HOME/.local/share";
|
||||
};
|
||||
};
|
||||
|
||||
hardware.nvidia.prime = {
|
||||
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
{ ... }: {
|
||||
imports = [ ./raspi-base.nix ./raspi-ethernet.nix ./raspi-usb.nix ];
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./raspi-base.nix
|
||||
./raspi-ethernet.nix
|
||||
./raspi-usb.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
"${
|
||||
fetchTarball
|
||||
"https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"
|
||||
}/raspberry-pi/4"
|
||||
"${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"}/raspberry-pi/4"
|
||||
];
|
||||
|
||||
fileSystems = {
|
||||
|
@ -14,7 +12,10 @@
|
|||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ raspberrypi-eeprom vim ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
raspberrypi-eeprom
|
||||
vim
|
||||
];
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
services.openssh.enable = true;
|
||||
|
@ -26,7 +27,12 @@
|
|||
experimental-features = nix-command flakes
|
||||
warn-dirty = false
|
||||
'';
|
||||
settings = { trusted-users = [ "root" "@wheel" ]; };
|
||||
settings = {
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
|
@ -46,22 +52,24 @@
|
|||
};
|
||||
|
||||
security.sudo = {
|
||||
extraRules = [{
|
||||
users = [ "nixos" ];
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = "/run/current-system/sw/bin/nixos-rebuild";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = "ALL";
|
||||
options = [ "SETENV" ];
|
||||
}
|
||||
];
|
||||
}];
|
||||
extraRules = [
|
||||
{
|
||||
users = [ "nixos" ];
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = "/run/current-system/sw/bin/nixos-rebuild";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
{
|
||||
command = "ALL";
|
||||
options = [ "SETENV" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.hardware.az-raspi4-base;
|
||||
test-sd-card = pkgs.writeShellScriptBin "test-sd-card" ''
|
||||
|
@ -53,16 +58,26 @@ let
|
|||
|
||||
printf "microSD card benchmark complete!\n\n"
|
||||
'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-raspi4-base.enable =
|
||||
lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
|
||||
hardware.az-raspi4-base.enable = lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
boot.supportedFilesystems =
|
||||
lib.mkForce [ "f2fs" "ntfs" "cifs" "ext4" "vfat" "nfs" "nfs4" ];
|
||||
boot.kernelParams = [ "rootflags=atgc" "rw" ];
|
||||
boot.supportedFilesystems = lib.mkForce [
|
||||
"f2fs"
|
||||
"ntfs"
|
||||
"cifs"
|
||||
"ext4"
|
||||
"vfat"
|
||||
"nfs"
|
||||
"nfs4"
|
||||
];
|
||||
boot.kernelParams = [
|
||||
"rootflags=atgc"
|
||||
"rw"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/root";
|
||||
|
@ -96,7 +111,9 @@ in {
|
|||
device = "/dev/disk/by-label/cryptroot";
|
||||
allowDiscards = true; # required for TRIM
|
||||
};
|
||||
loader = { systemd-boot.enable = true; };
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
};
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.hardware.az-raspi4-ethernet;
|
||||
in {
|
||||
let
|
||||
cfg = config.hardware.az-raspi4-ethernet;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-raspi4-ethernet = {
|
||||
enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
|
||||
|
@ -29,10 +31,12 @@ in {
|
|||
};
|
||||
defaultGateway = "10.7.89.1";
|
||||
nameservers = [ "10.7.89.1" ];
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = cfg.ip;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
interfaces.eth0.ipv4.addresses = [
|
||||
{
|
||||
address = cfg.ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
|
@ -41,4 +45,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.hardware.az-raspi4-usb;
|
||||
in {
|
||||
let
|
||||
cfg = config.hardware.az-raspi4-usb;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
hardware.az-raspi4-usb = {
|
||||
enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
|
||||
|
@ -31,15 +33,21 @@ in {
|
|||
"127.0.0.1" = [ "${cfg.hostname}.2li.local" ];
|
||||
ip = [ "${cfg.hostname}.2li.local" ];
|
||||
};
|
||||
interfaces.usb0.ipv4.addresses = [{
|
||||
address = cfg.ip;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
interfaces.usb0.ipv4.addresses = [
|
||||
{
|
||||
address = cfg.ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
wireless = {
|
||||
enable = true;
|
||||
userControlled.enable = true;
|
||||
interfaces = [ "wlan0" ];
|
||||
networks = { "Gröibschi" = { psk = "schottland"; }; };
|
||||
networks = {
|
||||
"Gröibschi" = {
|
||||
psk = "schottland";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -52,7 +60,10 @@ in {
|
|||
dhcp-range = [ "10.213.0.100,10.213.0.200,255.255.255.0,24h" ];
|
||||
dhcp-option = [ "option:router,${cfg.ip}" ];
|
||||
interface = "usb0";
|
||||
server = [ "84.200.69.80" "84.200.70.40" ];
|
||||
server = [
|
||||
"84.200.69.80"
|
||||
"84.200.70.40"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -96,4 +107,3 @@ in {
|
|||
systemd.services."network-addresses-usb0".after = [ "usb-otg.service" ];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
{ config, inputs, lib, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# The rough location
|
||||
location = {
|
||||
latitude = 46.948;
|
||||
|
@ -17,11 +24,15 @@
|
|||
allowPing = true;
|
||||
allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
timeServers = [ "10.7.89.1" "ch.pool.ntp.org" ];
|
||||
|
||||
timeServers = [
|
||||
"10.7.89.1"
|
||||
"ch.pool.ntp.org"
|
||||
];
|
||||
};
|
||||
|
||||
hardware = { enableRedistributableFirmware = true; };
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true;
|
||||
};
|
||||
|
||||
# required in order to have apropos and whatis working
|
||||
programs.mosh.enable = true;
|
||||
|
@ -68,7 +79,11 @@
|
|||
btm = "btm --color default-light";
|
||||
sudo = "sudo ";
|
||||
};
|
||||
systemPackages = [ pkgs.bottom pkgs.man-pages pkgs.vim ];
|
||||
systemPackages = [
|
||||
pkgs.bottom
|
||||
pkgs.man-pages
|
||||
pkgs.vim
|
||||
];
|
||||
};
|
||||
# Disable the root user
|
||||
users.users.root.hashedPassword = "!";
|
||||
|
@ -76,7 +91,10 @@
|
|||
users.users.${config.az-username} = {
|
||||
isNormalUser = true;
|
||||
initialPassword = "password";
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn"
|
||||
|
||||
|
@ -98,8 +116,14 @@
|
|||
settings = {
|
||||
warn-dirty = false;
|
||||
auto-optimise-store = true;
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
trusted-users = [ "root" "@wheel" ];
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
];
|
||||
min-free = 1000000000;
|
||||
max-free = 10000000000;
|
||||
connect-timeout = 5;
|
||||
|
@ -113,7 +137,9 @@
|
|||
};
|
||||
};
|
||||
|
||||
security.sudo = { wheelNeedsPassword = false; };
|
||||
security.sudo = {
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
system.activationScripts.diff = {
|
||||
supportsDryActivation = true;
|
||||
|
@ -132,4 +158,3 @@
|
|||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ config, inputs, ... }: {
|
||||
{ config, inputs, ... }:
|
||||
{
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 22;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
authorizedKeys =
|
||||
config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
|
||||
authorizedKeys = config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
|
||||
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ lib, ... }: {
|
||||
{ lib, ... }:
|
||||
{
|
||||
options = {
|
||||
az-username = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -1,12 +1,21 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.profiles.az-desktop;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.profiles.az-desktop;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
profiles.az-desktop.enable = lib.mkEnableOption "Enable desktop";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking = { networkmanager.enable = true; };
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
|
||||
documentation = {
|
||||
man.generateCaches = true;
|
||||
|
@ -60,7 +69,10 @@ in {
|
|||
serif = [ "TeX Gyre Pagella" ];
|
||||
monospace = [ "Source Code Pro" ];
|
||||
};
|
||||
packages = [ pkgs.gyre-fonts pkgs.source-code-pro ];
|
||||
packages = [
|
||||
pkgs.gyre-fonts
|
||||
pkgs.source-code-pro
|
||||
];
|
||||
};
|
||||
|
||||
# Enable keyring
|
||||
|
@ -109,7 +121,9 @@ in {
|
|||
source-code-pro
|
||||
unrar
|
||||
];
|
||||
variables = { WINIT_X11_SCALE_FACTOR = "1"; };
|
||||
variables = {
|
||||
WINIT_X11_SCALE_FACTOR = "1";
|
||||
};
|
||||
sessionVariables = {
|
||||
DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
QT_SCALE_FACTOR = "1.25";
|
||||
|
|
|
@ -1,13 +1,22 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-distrobox;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-distrobox;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-distrobox.enable = lib.mkEnableOption
|
||||
"Install distrobox and configure it to run GUI applications.";
|
||||
programs.az-distrobox.enable = lib.mkEnableOption "Install distrobox and configure it to run GUI applications.";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = [ pkgs.unstable.distrobox pkgs.xorg.xhost ];
|
||||
systemPackages = [
|
||||
pkgs.unstable.distrobox
|
||||
pkgs.xorg.xhost
|
||||
];
|
||||
shellInit = ''
|
||||
[ -n "$DISPLAY" ] && xhost +si:localuser:$USER || true
|
||||
'';
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-eog;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-eog;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-eog.enable = lib.mkEnableOption "Gnome Image Viewer";
|
||||
};
|
||||
|
@ -24,4 +31,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-idevices;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-idevices;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-idevices.enable =
|
||||
lib.mkEnableOption "Enable support for iDevices.";
|
||||
programs.az-idevices.enable = lib.mkEnableOption "Enable support for iDevices.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-lockscreen;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-lockscreen;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-lockscreen.enable = lib.mkEnableOption "Lockscreen";
|
||||
};
|
||||
|
@ -14,4 +21,3 @@ in {
|
|||
environment.systemPackages = with pkgs; [ i3lock ];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-makemkv;
|
||||
in {
|
||||
options = { programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV"; };
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-makemkv;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home-manager.users.${config.az-username} = {
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.programs.az-nautilus;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-nautilus;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-nautilus.enable = lib.mkEnableOption "Enable Nautilus";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-nix-direnv;
|
||||
in {
|
||||
let
|
||||
cfg = config.programs.az-nix-direnv;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-nix-direnv.enable = lib.mkEnableOption "Enable nix-direnv";
|
||||
};
|
||||
|
@ -16,5 +18,4 @@ in {
|
|||
programs.direnv.nix-direnv.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-restic-management;
|
||||
password_file = config.age.secrets.resticKey.path;
|
||||
|
@ -33,20 +39,19 @@ let
|
|||
|
||||
${pkgs.restic}/bin/restic --password-file ${password_file} snapshots'';
|
||||
|
||||
restic-infomaniak-mount =
|
||||
pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
|
||||
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
|
||||
export RESTIC_REPOSITORY="${infomaniak-repo}"
|
||||
export OS_AUTH_URL="${infomaniak-auth-url}"
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
restic-infomaniak-mount = pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
|
||||
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
|
||||
export RESTIC_REPOSITORY="${infomaniak-repo}"
|
||||
export OS_AUTH_URL="${infomaniak-auth-url}"
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
|
||||
mkdir -p /tmp/restic &&
|
||||
mkdir -p /tmp/restic &&
|
||||
|
||||
${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
|
||||
in {
|
||||
${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-restic-management.enable =
|
||||
lib.mkEnableOption "Enable restic management commands.";
|
||||
programs.az-restic-management.enable = lib.mkEnableOption "Enable restic management commands.";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.infomaniakEnv = {
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.programs.az-scripts;
|
||||
compress-pdf = pkgs.writeShellScriptBin "compress-pdf" ''
|
||||
|
@ -9,8 +14,7 @@ let
|
|||
-dBATCH \
|
||||
-sOutputFile=compressed_$1 $1'';
|
||||
|
||||
files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase"
|
||||
"${builtins.readFile ./files-to-lowercase.sh}";
|
||||
files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase" "${builtins.readFile ./files-to-lowercase.sh}";
|
||||
|
||||
heif-to-jpeg = pkgs.writeShellScriptBin "heif-to-jpeg" ''
|
||||
for f in *.heic
|
||||
|
@ -19,17 +23,16 @@ let
|
|||
${pkgs.libheif}/bin/heif-convert $f $f.jpg
|
||||
done'';
|
||||
|
||||
remove-special-characters = pkgs.writeScriptBin "remove-special-characters"
|
||||
"${builtins.readFile ./remove_special_characters.sh}";
|
||||
remove-special-characters = pkgs.writeScriptBin "remove-special-characters" "${builtins.readFile ./remove_special_characters.sh}";
|
||||
|
||||
replace-listings = pkgs.writeScriptBin "replace-listings"
|
||||
"${builtins.readFile ./replace-listings.sh}";
|
||||
replace-listings = pkgs.writeScriptBin "replace-listings" "${builtins.readFile ./replace-listings.sh}";
|
||||
|
||||
thumbnails = pkgs.writeShellScriptBin "thumbnails" ''
|
||||
for d in $1/*; do
|
||||
${pkgs.ffmpeg}/bin/ffmpeg -i "$d" -t 2 -r 0.5 "$d".jpg
|
||||
done'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-scripts.enable = lib.mkEnableOption "Enable scripts";
|
||||
};
|
||||
|
@ -44,6 +47,4 @@ in {
|
|||
thumbnails
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.programs.az-steam;
|
||||
in {
|
||||
options = { programs.az-steam.enable = lib.mkEnableOption "Enable Steam"; };
|
||||
let
|
||||
cfg = config.programs.az-steam;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.az-steam.enable = lib.mkEnableOption "Enable Steam";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.steam.enable = true;
|
||||
|
@ -11,8 +15,7 @@ in {
|
|||
allowedUDPPorts = [ 27031 ];
|
||||
};
|
||||
home-manager.users.${config.az-username} = {
|
||||
home.file.".local/share/applications/steam.desktop".source =
|
||||
./steam.desktop;
|
||||
home.file.".local/share/applications/steam.desktop".source = ./steam.desktop;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-x86;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-x86;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-x86.enable =
|
||||
lib.mkEnableOption "Enable options for x86 systems";
|
||||
services.az-x86.enable = lib.mkEnableOption "Enable options for x86 systems";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -14,6 +15,8 @@ in {
|
|||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
hardware = { cpu.intel.updateMicrocode = true; };
|
||||
hardware = {
|
||||
cpu.intel.updateMicrocode = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-data-share;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-data-share;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-data-share.enable =
|
||||
lib.mkEnableOption "Enable the server data FNS share";
|
||||
services.az-data-share.enable = lib.mkEnableOption "Enable the server data FNS share";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
fileSystems."/mnt/data" = {
|
||||
|
@ -19,4 +20,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,22 +1,33 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-mailserver;
|
||||
version = "13.2.0";
|
||||
mailserver-setup = (pkgs.writeScriptBin "mailserver-setup"
|
||||
"${builtins.readFile (pkgs.fetchurl {
|
||||
url =
|
||||
"https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
|
||||
sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
|
||||
})}").overrideAttrs (old: {
|
||||
buildCommand = ''
|
||||
${old.buildCommand}
|
||||
patchShebangs $out'';
|
||||
});
|
||||
mailserver-setup =
|
||||
(pkgs.writeScriptBin "mailserver-setup" "${builtins.readFile (
|
||||
pkgs.fetchurl {
|
||||
url = "https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
|
||||
sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
|
||||
}
|
||||
)}"
|
||||
).overrideAttrs
|
||||
(
|
||||
old: {
|
||||
buildCommand = ''
|
||||
${old.buildCommand}
|
||||
patchShebangs $out'';
|
||||
}
|
||||
);
|
||||
volumePath = "/mnt/server-data/docker-mailserver";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-mailserver.enable =
|
||||
lib.mkEnableOption "Enable docker-mailserver";
|
||||
services.az-mailserver.enable = lib.mkEnableOption "Enable docker-mailserver";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -51,7 +62,11 @@ in {
|
|||
fileSystems."${volumePath}" = {
|
||||
device = "10.7.89.108:server_data/docker-mailserver";
|
||||
fsType = "nfs";
|
||||
options = [ "hard" "noatime" "rw" ];
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
services.az-docker.enable = true;
|
||||
|
||||
|
@ -62,8 +77,14 @@ in {
|
|||
image = "docker.io/mailserver/docker-mailserver:${version}";
|
||||
autoStart = true;
|
||||
environmentFiles = [ ./mailserver.env ];
|
||||
ports =
|
||||
[ "25:25" "143:143" "465:465" "587:587" "993:993" "11334:11334" ];
|
||||
ports = [
|
||||
"25:25"
|
||||
"143:143"
|
||||
"465:465"
|
||||
"587:587"
|
||||
"993:993"
|
||||
"11334:11334"
|
||||
];
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"/etc/dkim:/etc/dkim:ro"
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-docker;
|
||||
in {
|
||||
options = { services.az-docker.enable = lib.mkEnableOption "Enable Docker"; };
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-docker;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-docker.enable = lib.mkEnableOption "Enable Docker";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation.docker = {
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-freshrss;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-freshrss;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-freshrss.enable = lib.mkEnableOption "Enable FreshRSS.";
|
||||
};
|
||||
|
@ -20,7 +28,10 @@ in {
|
|||
group = config.services.freshrss.user;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "admin+acme@zweili.ch";
|
||||
|
@ -42,11 +53,15 @@ in {
|
|||
mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb_110;
|
||||
ensureUsers = [{
|
||||
name = "freshrss";
|
||||
ensurePermissions = { "freshrss.*" = "ALL PRIVILEGES"; };
|
||||
}];
|
||||
initialDatabases = [{ name = "freshrss"; }];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "freshrss";
|
||||
ensurePermissions = {
|
||||
"freshrss.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
initialDatabases = [ { name = "freshrss"; } ];
|
||||
settings = {
|
||||
mysqld = {
|
||||
innodb_file_per_table = 1;
|
||||
|
@ -95,4 +110,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,14 @@
|
|||
{ config, inputs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-gitea;
|
||||
volumePath = "/mnt/server-data/gitea";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-gitea.enable = lib.mkEnableOption "Enable Gitea in Docker.";
|
||||
services.az-gitea.domain = lib.mkOption {
|
||||
|
@ -17,13 +23,19 @@ in {
|
|||
fileSystems."${volumePath}" = {
|
||||
device = "10.7.89.108:server_data/gitea/data";
|
||||
fsType = "nfs";
|
||||
options = [ "hard" "noatime" "rw" ];
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
services = {
|
||||
az-docker.enable = true;
|
||||
az-mariadb-for-containers.enable = true;
|
||||
mysql.settings = {
|
||||
mysql = { default-character-set = "utf8mb4"; };
|
||||
mysql = {
|
||||
default-character-set = "utf8mb4";
|
||||
};
|
||||
mysqld = {
|
||||
collation-server = "utf8mb4_unicode_ci";
|
||||
init-connect = "SET NAMES utf8mb4";
|
||||
|
@ -55,7 +67,10 @@ in {
|
|||
DISABLE_REGISTRATION = "true";
|
||||
};
|
||||
environmentFiles = [ config.age.secrets.giteaEnv.path ];
|
||||
ports = [ "2222:22" "8080:3000" ];
|
||||
ports = [
|
||||
"2222:22"
|
||||
"8080:3000"
|
||||
];
|
||||
volumes = [
|
||||
"/etc/timezone:/etc/timezone:ro"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
|
|
|
@ -2,8 +2,11 @@
|
|||
let
|
||||
cfg = config.services.az-grav;
|
||||
volumePath = "/mnt/server-data/grav";
|
||||
in {
|
||||
options = { services.az-grav.enable = lib.mkEnableOption "Enable Grav."; };
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-grav.enable = lib.mkEnableOption "Enable Grav.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.az-docker.enable = true;
|
||||
|
@ -11,14 +14,17 @@ in {
|
|||
fileSystems."${volumePath}" = {
|
||||
device = "10.7.89.108:server_data/grav";
|
||||
fsType = "nfs";
|
||||
options = [ "hard" "noatime" "rw" ];
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers = {
|
||||
backend = "docker";
|
||||
containers."grav" = {
|
||||
# https://fleet.linuxserver.io/image?name=linuxserver/grav
|
||||
image =
|
||||
"lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
|
||||
image = "lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
|
||||
autoStart = true;
|
||||
environment = {
|
||||
TZ = "Europe/Zurich";
|
||||
|
@ -36,4 +42,3 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-haproxy;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-haproxy;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-haproxy.enable = lib.mkEnableOption "Enable HAProxy";
|
||||
};
|
||||
|
@ -8,7 +10,11 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
networking = {
|
||||
enableIPv6 = false;
|
||||
firewall.allowedTCPPorts = [ 80 443 1936 ];
|
||||
firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
1936
|
||||
];
|
||||
};
|
||||
services.haproxy = {
|
||||
enable = true;
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
let
|
||||
cfg = config.services.az-heimdall;
|
||||
volumePath = "/mnt/server-data/heimdall";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-heimdall.enable = lib.mkEnableOption "Enable Heimdall";
|
||||
};
|
||||
|
@ -13,14 +14,17 @@ in {
|
|||
fileSystems."${volumePath}" = {
|
||||
device = "10.7.89.108:server_data/heimdall";
|
||||
fsType = "nfs";
|
||||
options = [ "hard" "noatime" "rw" ];
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers = {
|
||||
backend = "docker";
|
||||
containers."heimdall" = {
|
||||
# https://fleet.linuxserver.io/image?name=linuxserver/heimdall
|
||||
image =
|
||||
"linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
|
||||
image = "linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
|
||||
autoStart = true;
|
||||
environment = {
|
||||
TZ = "Europe/Zurich";
|
||||
|
@ -28,11 +32,12 @@ in {
|
|||
PGID = "100";
|
||||
};
|
||||
ports = [ "8081:80" ];
|
||||
volumes =
|
||||
[ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/config" ];
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${volumePath}:/config"
|
||||
];
|
||||
extraOptions = [ "--log-opt=tag='heimdall'" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-log2ram;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-log2ram;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-log2ram.enable = lib.mkEnableOption "Enable log to RAM";
|
||||
};
|
||||
|
@ -9,7 +11,10 @@ in {
|
|||
fileSystems."/var/log" = {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [ "defaults" "size=512M" ];
|
||||
options = [
|
||||
"defaults"
|
||||
"size=512M"
|
||||
];
|
||||
};
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=300M
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-logs-share;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-logs-share;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-logs-share.enable = lib.mkEnableOption "Enable mount share";
|
||||
};
|
||||
|
|
|
@ -1,18 +1,27 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-mariadb-for-containers;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-mariadb-for-containers;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-mariadb-for-containers.enable =
|
||||
lib.mkEnableOption "Enable MariaDB configured for container clients.";
|
||||
services.az-mariadb-for-containers.enable = lib.mkEnableOption "Enable MariaDB configured for container clients.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb_110;
|
||||
settings = { mysqld = { bind-address = "172.17.0.1"; }; };
|
||||
settings = {
|
||||
mysqld = {
|
||||
bind-address = "172.17.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.firewall.extraCommands =
|
||||
"iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
|
||||
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,16 +1,21 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-media-share;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-media-share;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-media-share.enable =
|
||||
lib.mkEnableOption "Mount the NFS share for with my media.";
|
||||
services.az-media-share.enable = lib.mkEnableOption "Mount the NFS share for with my media.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
fileSystems."/mnt/media" = {
|
||||
device = "10.7.89.108:media";
|
||||
fsType = "nfs";
|
||||
options = [ "noatime" "hard" "nfsvers=4.0" ];
|
||||
options = [
|
||||
"noatime"
|
||||
"hard"
|
||||
"nfsvers=4.0"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-nextcloud;
|
||||
cronService = "${config.virtualisation.oci-containers.backend}-cron";
|
||||
|
@ -6,8 +12,7 @@ let
|
|||
MYSQL_DATABASE = "nextcloud";
|
||||
MYSQL_USER = "nextcloud";
|
||||
MYSQL_HOST = "172.17.0.1";
|
||||
NEXTCLOUD_TRUSTED_DOMAINS =
|
||||
"${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
|
||||
NEXTCLOUD_TRUSTED_DOMAINS = "${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
|
||||
REDIS_HOST = "redis";
|
||||
SMTP_HOST = "mail.infomaniak.com";
|
||||
SMTP_SECURE = "ssl";
|
||||
|
@ -15,15 +20,13 @@ let
|
|||
};
|
||||
networkName = "nextcloud";
|
||||
# https://github.com/Nebucatnetzer/nextcloud-smb
|
||||
nextcloudImage =
|
||||
"ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
|
||||
nextcloudService =
|
||||
"${config.virtualisation.oci-containers.backend}-nextcloud";
|
||||
nextcloudImage = "ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
|
||||
nextcloudService = "${config.virtualisation.oci-containers.backend}-nextcloud";
|
||||
volumePath = "/mnt/server-data/nextcloud";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-nextcloud.enable =
|
||||
lib.mkEnableOption "Enable Nextcloud running in a container.";
|
||||
services.az-nextcloud.enable = lib.mkEnableOption "Enable Nextcloud running in a container.";
|
||||
services.az-nextcloud.domain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The domain Nextcloud is being run from.";
|
||||
|
@ -36,7 +39,11 @@ in {
|
|||
fileSystems."${volumePath}" = {
|
||||
device = "10.7.89.108:server_data/nextcloud/data";
|
||||
fsType = "nfs";
|
||||
options = [ "hard" "noatime" "rw" ];
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
services = {
|
||||
az-acme-base.enable = true;
|
||||
|
@ -99,8 +106,10 @@ in {
|
|||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${volumePath}:/var/www/html"
|
||||
];
|
||||
extraOptions =
|
||||
[ "--net=${networkName}" "--log-opt=tag='nextcloud-nginx'" ];
|
||||
extraOptions = [
|
||||
"--net=${networkName}"
|
||||
"--log-opt=tag='nextcloud-nginx'"
|
||||
];
|
||||
};
|
||||
containers."cron" = {
|
||||
image = nextcloudImage;
|
||||
|
@ -109,8 +118,10 @@ in {
|
|||
environmentFiles = [ config.age.secrets.nextcloudEnv.path ];
|
||||
entrypoint = "/cron.sh";
|
||||
dependsOn = [ "redis" ];
|
||||
volumes =
|
||||
[ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/var/www/html" ];
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${volumePath}:/var/www/html"
|
||||
];
|
||||
extraOptions = [
|
||||
"--add-host=host.docker.internal:host-gateway"
|
||||
"--net=nextcloud"
|
||||
|
@ -121,7 +132,10 @@ in {
|
|||
image = "redis:alpine";
|
||||
autoStart = true;
|
||||
volumes = [ "/etc/localtime:/etc/localtime:ro" ];
|
||||
extraOptions = [ "--net=${networkName}" "--log-opt=tag='redis'" ];
|
||||
extraOptions = [
|
||||
"--net=${networkName}"
|
||||
"--log-opt=tag='redis'"
|
||||
];
|
||||
};
|
||||
};
|
||||
system.activationScripts.makeDockerNetwork = ''
|
||||
|
@ -129,7 +143,9 @@ in {
|
|||
'';
|
||||
|
||||
systemd.services.nextcloud-previews = {
|
||||
serviceConfig = { Type = "oneshot"; };
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
script = ''
|
||||
${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ preview:pre-generate
|
||||
'';
|
||||
|
@ -142,8 +158,10 @@ in {
|
|||
environment.shellAliases = {
|
||||
occ = "${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ";
|
||||
};
|
||||
systemd.services.${nextcloudService}.after =
|
||||
[ "mysql.service" "nginx.service" ];
|
||||
systemd.services.${nextcloudService}.after = [
|
||||
"mysql.service"
|
||||
"nginx.service"
|
||||
];
|
||||
systemd.services.${cronService}.after = [ "mysql.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-acme-base;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-acme-base;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-acme-base.enable =
|
||||
lib.mkEnableOption "All the common options I need for ACME certs.";
|
||||
services.az-acme-base.enable = lib.mkEnableOption "All the common options I need for ACME certs.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "admin+acme@zweili.ch";
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-nginx-fpm;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-nginx-fpm;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-nginx-fpm = {
|
||||
enable =
|
||||
lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
|
||||
enable = lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
|
||||
dataDir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The directory where the application lives on the host.";
|
||||
|
@ -53,5 +59,4 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-nginx-proxy;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-nginx-proxy;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-nginx-proxy = {
|
||||
enable = lib.mkEnableOption "Enable Nginx proxy, mainly to provide SSL.";
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-pipewire;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-pipewire;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-pipewire.enable = lib.mkEnableOption "Enable pipewire";
|
||||
};
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
{ config, inputs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-plex;
|
||||
volumePath = "/mnt/media";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-plex.enable =
|
||||
lib.mkEnableOption "Enable Plex running in Docker";
|
||||
services.az-plex.enable = lib.mkEnableOption "Enable Plex running in Docker";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -33,8 +38,7 @@ in {
|
|||
containers."plex" = {
|
||||
autoStart = true;
|
||||
# https://fleet.linuxserver.io/image?name=linuxserver/plex
|
||||
image =
|
||||
"lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
|
||||
image = "lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
|
||||
environment = {
|
||||
TZ = " Europe/Zurich ";
|
||||
PUID = "1000";
|
||||
|
@ -48,7 +52,10 @@ in {
|
|||
"/var/lib/plex/tmp:/transcode"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
extraOptions = [ "--network=host" "--log-opt=tag='plex'" ];
|
||||
extraOptions = [
|
||||
"--network=host"
|
||||
"--log-opt=tag='plex'"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-postgresql;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-postgresql;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-postgresql.enable = lib.mkEnableOption
|
||||
"Enable PostgreSQL with settings for container clients.";
|
||||
services.az-postgresql.enable = lib.mkEnableOption "Enable PostgreSQL with settings for container clients.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -13,7 +19,6 @@ in {
|
|||
package = pkgs.postgresql_14;
|
||||
settings.listen_addresses = pkgs.lib.mkForce "127.0.0.1,172.17.0.1";
|
||||
};
|
||||
networking.firewall.extraCommands =
|
||||
"iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
|
||||
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-qtile;
|
||||
rofi-search = pkgs.writeShellScriptBin "rofi-search" ''
|
||||
|
@ -15,10 +20,10 @@ let
|
|||
echo "No input provided."
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-qtile.enable =
|
||||
lib.mkEnableOption "Enable Qtile window manager.";
|
||||
services.az-qtile.enable = lib.mkEnableOption "Enable Qtile window manager.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-rdp;
|
||||
in {
|
||||
options = { services.az-rdp.enable = lib.mkEnableOption "enable rdp"; };
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-rdp;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-rdp.enable = lib.mkEnableOption "enable rdp";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.xrdp = {
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-restic-client-desktop;
|
||||
password_file = config.age.secrets.resticKey.path;
|
||||
repository = "rest:http://10.7.89.30:8000";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-restic-client-desktop.enable =
|
||||
lib.mkEnableOption "Enable restic backups";
|
||||
services.az-restic-client-desktop.enable = lib.mkEnableOption "Enable restic backups";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.az-telegram-notifications.enable = true;
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-restic-client-server-mysql;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-restic-client-server-mysql;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-restic-client-server-mysql = {
|
||||
enable = lib.mkEnableOption "Enable restic backups for MariaDB.";
|
||||
|
@ -21,14 +29,18 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.az-telegram-notifications = { enable = true; };
|
||||
services.az-telegram-notifications = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
age.secrets.resticKey.file = "${inputs.self}/scrts/restic.key.age";
|
||||
|
||||
systemd.timers."restic-backups" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "restic-backups.service" ];
|
||||
timerConfig = { OnCalendar = cfg.time; };
|
||||
timerConfig = {
|
||||
OnCalendar = cfg.time;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."restic-backups" = {
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-restic-client-server-postgres;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-restic-client-server-postgres;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-restic-client-server-postgres = {
|
||||
enable = lib.mkEnableOption "Enable restic backups for PostgreSQL.";
|
||||
|
@ -28,7 +36,9 @@ in {
|
|||
systemd.timers."restic-backups" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "restic-backups.service" ];
|
||||
timerConfig = { OnCalendar = cfg.time; };
|
||||
timerConfig = {
|
||||
OnCalendar = cfg.time;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."restic-backups" = {
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-restic-client-server;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-restic-client-server;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-restic-client-server = {
|
||||
enable = lib.mkEnableOption "Enable restic backups on server systems.";
|
||||
|
@ -27,7 +35,9 @@ in {
|
|||
systemd.timers."restic-backups" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "restic-backups.service" ];
|
||||
timerConfig = { OnCalendar = cfg.time; };
|
||||
timerConfig = {
|
||||
OnCalendar = cfg.time;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."restic-backups" = {
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
let cfg = config.services.az-restic-server;
|
||||
in {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-restic-server;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-restic-server = {
|
||||
enable = lib.mkEnableOption "Enable a restic server.";
|
||||
|
@ -27,7 +35,11 @@ in {
|
|||
fileSystems."${cfg.repository}" = {
|
||||
device = "10.7.89.108:restic-server";
|
||||
fsType = "nfs";
|
||||
options = [ "noatime" "hard" "nfsvers=4.0" ];
|
||||
options = [
|
||||
"noatime"
|
||||
"hard"
|
||||
"nfsvers=4.0"
|
||||
];
|
||||
};
|
||||
services.restic.server = {
|
||||
enable = true;
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
let
|
||||
cfg = config.services.az-rss-bridge;
|
||||
whitelist = builtins.toFile "whitelist.txt" "*";
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-rss-bridge.enable = lib.mkEnableOption "Enable RSS bridge.";
|
||||
};
|
||||
|
@ -14,8 +15,7 @@ in {
|
|||
backend = "docker";
|
||||
containers."rss-bridge" = {
|
||||
# https://hub.docker.com/r/rssbridge/rss-bridge/tags
|
||||
image =
|
||||
"rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
|
||||
image = "rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
|
||||
autoStart = true;
|
||||
ports = [ "8082:80" ];
|
||||
volumes = [
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-syslog;
|
||||
in {
|
||||
options = { services.az-syslog.enable = lib.mkEnableOption "Enable syslog"; };
|
||||
let
|
||||
cfg = config.services.az-syslog;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-syslog.enable = lib.mkEnableOption "Enable syslog";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.rsyslogd = {
|
||||
|
@ -15,4 +19,3 @@ in {
|
|||
systemd.services.syslog.after = [ "network-online.target" ];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-telegram-notifications;
|
||||
|
||||
|
@ -16,18 +22,19 @@ let
|
|||
${send-to-telegram} "$ALERT Unit failed $UNIT $ALERT
|
||||
Status:
|
||||
$UNITSTATUS"'';
|
||||
in {
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-telegram-notifications.enable =
|
||||
lib.mkEnableOption "Enable Telegram Notifications";
|
||||
services.az-telegram-notifications.enable = lib.mkEnableOption "Enable Telegram Notifications";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.telegramNotifyEnv.file =
|
||||
"${inputs.self}/scrts/telegram_notify_env.age";
|
||||
age.secrets.telegramNotifyEnv.file = "${inputs.self}/scrts/telegram_notify_env.age";
|
||||
systemd.services."unit-status-telegram@" = {
|
||||
description = "Unit Status Telegram Service";
|
||||
unitConfig = { After = "network-online.target"; };
|
||||
unitConfig = {
|
||||
After = "network-online.target";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${unit-status-telegram} %I";
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-tlp;
|
||||
in {
|
||||
options = { services.az-tlp.enable = lib.mkEnableOption "Enable TLP"; };
|
||||
let
|
||||
cfg = config.services.az-tlp;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-tlp.enable = lib.mkEnableOption "Enable TLP";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.tlp = {
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.services.az-virtualbox-guest;
|
||||
in {
|
||||
let
|
||||
cfg = config.services.az-virtualbox-guest;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-virtualbox-guest.enable =
|
||||
lib.mkEnableOption "Enable virtualbox services";
|
||||
services.az-virtualbox-guest.enable = lib.mkEnableOption "Enable virtualbox services";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation.virtualbox.guest.enable = true;
|
||||
virtualisation.virtualbox.guest.x11 = true;
|
||||
users.users.${config.az-username} = { extraGroups = [ "vboxsf" ]; };
|
||||
users.users.${config.az-username} = {
|
||||
extraGroups = [ "vboxsf" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,34 +1,23 @@
|
|||
let
|
||||
andreas =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
|
||||
andreas-nixos-vm =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
|
||||
users = [ andreas andreas-nixos-vm ];
|
||||
andreas = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
|
||||
andreas-nixos-vm = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
|
||||
users = [
|
||||
andreas
|
||||
andreas-nixos-vm
|
||||
];
|
||||
|
||||
git =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
|
||||
gwyn =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
|
||||
loki-test =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
|
||||
mail =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
|
||||
management =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
|
||||
nextcloud =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
|
||||
nixos-vm =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
|
||||
plex =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
|
||||
proxy =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
|
||||
staubfinger =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
|
||||
restic-server =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
|
||||
ttrss =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
|
||||
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
|
||||
gwyn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
|
||||
loki-test = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
|
||||
mail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
|
||||
management = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
|
||||
nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
|
||||
nixos-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
|
||||
plex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
|
||||
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
|
||||
staubfinger = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
|
||||
restic-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
|
||||
ttrss = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
|
||||
systems = [
|
||||
git
|
||||
gwyn
|
||||
|
@ -43,10 +32,17 @@ let
|
|||
staubfinger
|
||||
ttrss
|
||||
];
|
||||
defaultKeys =
|
||||
[ andreas andreas-nixos-vm gwyn management nixos-vm staubfinger ];
|
||||
defaultKeys = [
|
||||
andreas
|
||||
andreas-nixos-vm
|
||||
gwyn
|
||||
management
|
||||
nixos-vm
|
||||
staubfinger
|
||||
];
|
||||
all = users ++ systems;
|
||||
in {
|
||||
in
|
||||
{
|
||||
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||
|
@ -60,4 +56,3 @@ in {
|
|||
"telegram_notify_env.age".publicKeys = all;
|
||||
"webdav_andreas.age".publicKeys = defaultKeys;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
{
|
||||
pkgs ? import <nixpkgs> { },
|
||||
}:
|
||||
pkgs.mkShell {
|
||||
name = "nixosbuildshell";
|
||||
nativeBuildInputs = with pkgs; [ nixFlakes ];
|
||||
|
||||
shellHook = ''
|
||||
PATH=${
|
||||
pkgs.writeShellScriptBin "nix" ''
|
||||
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
|
||||
''
|
||||
}/bin:$PATH
|
||||
PATH=${pkgs.writeShellScriptBin "nix" ''
|
||||
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
|
||||
''}/bin:$PATH
|
||||
'';
|
||||
}
|
||||
|
||||
|
|
13
shell.nix
13
shell.nix
|
@ -1,4 +1,6 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
{
|
||||
pkgs ? import <nixpkgs> { },
|
||||
}:
|
||||
pkgs.mkShell {
|
||||
name = "nixosbuildshell";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
|
@ -14,11 +16,8 @@ pkgs.mkShell {
|
|||
];
|
||||
|
||||
shellHook = ''
|
||||
PATH=${
|
||||
pkgs.writeShellScriptBin "nix" ''
|
||||
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
|
||||
''
|
||||
}/bin:$PATH
|
||||
PATH=${pkgs.writeShellScriptBin "nix" ''
|
||||
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
|
||||
''}/bin:$PATH
|
||||
'';
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
{ hostname }:
|
||||
{ config, inputs, ... }: {
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ];
|
||||
{ config, inputs, ... }:
|
||||
{
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"ohci_pci"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
@ -22,7 +27,7 @@
|
|||
interfaces.enp0s3.useDHCP = true;
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
|
||||
|
||||
users.users.${config.az-username} = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -30,10 +35,11 @@
|
|||
];
|
||||
};
|
||||
profiles.az-desktop.enable = true;
|
||||
programs = { az-distrobox.enable = true; };
|
||||
programs = {
|
||||
az-distrobox.enable = true;
|
||||
};
|
||||
services = {
|
||||
az-virtualbox-guest.enable = true;
|
||||
az-x86.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
{ hostname }:
|
||||
{ inputs, pkgs, ... }:
|
||||
let domain = "git.2li.ch";
|
||||
in {
|
||||
let
|
||||
domain = "git.2li.ch";
|
||||
in
|
||||
{
|
||||
hardware = {
|
||||
az-raspi4-ethernet = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,5 +1,11 @@
|
|||
{ hostname }:
|
||||
{ inputs, lib, pkgs, ... }: {
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.dell-precision-5530
|
||||
inputs.nixos-hardware.nixosModules.common-gpu-nvidia
|
||||
|
@ -19,7 +25,10 @@
|
|||
];
|
||||
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" "sg" ];
|
||||
boot.kernelModules = [
|
||||
"kvm-intel"
|
||||
"sg"
|
||||
];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [
|
||||
"ip=dhcp" # required for ssh at initrd
|
||||
|
@ -32,8 +41,16 @@
|
|||
|
||||
# Required to build aarch64 packages
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
boot.supportedFilesystems =
|
||||
[ "apfs" "exfat" "ext4" "nfs" "nfs4" "ntfs" "cifs" "f2fs" ];
|
||||
boot.supportedFilesystems = [
|
||||
"apfs"
|
||||
"exfat"
|
||||
"ext4"
|
||||
"nfs"
|
||||
"nfs4"
|
||||
"ntfs"
|
||||
"cifs"
|
||||
"f2fs"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
|
@ -46,7 +63,7 @@
|
|||
|
||||
networking.hostName = hostname;
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
|
||||
|
||||
hardware = {
|
||||
az-bluetooth.enable = true;
|
||||
|
@ -75,4 +92,3 @@
|
|||
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ hostname }:
|
||||
{ inputs, pkgs, ... }: {
|
||||
{ inputs, pkgs, ... }:
|
||||
{
|
||||
hardware = {
|
||||
az-raspi4-ethernet = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ hostname }:
|
||||
{ inputs, pkgs, ... }: {
|
||||
{ inputs, pkgs, ... }:
|
||||
{
|
||||
hardware = {
|
||||
az-raspi4-ethernet = {
|
||||
enable = true;
|
||||
|
@ -22,4 +23,3 @@
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ hostname }:
|
||||
{ inputs, ... }: {
|
||||
{ inputs, ... }:
|
||||
{
|
||||
hardware = {
|
||||
az-raspi4-ethernet = {
|
||||
enable = true;
|
||||
|
@ -24,5 +25,4 @@
|
|||
az-nix-direnv.enable = true;
|
||||
az-restic-management.enable = true;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue