Nebucatnetzer
/
nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Switch to nixfmt-rfc-style

This commit is contained in:
Andreas Zweili 2024-02-02 13:45:05 +01:00
parent c823e50b2a
commit ce88b03198
108 changed files with 1301 additions and 627 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock
View File

@ -89,11 +89,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1706182238,
"narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=",
"lastModified": 1706834982,
"narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "f84eaffc35d1a655e84749228cde19922fcf55f1",
"rev": "83e571bb291161682b9c3ccd48318f115143a550",
"type": "github"
},
"original": {
@ -104,11 +104,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"lastModified": 1706718339,
"narHash": "sha256-S+S97c/HzkO2A/YsU7ZmNF9w2s7Xk6P8dzmfDdckzLs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"rev": "53fbe41cf76b6a685004194e38e889bc8857e8c2",
"type": "github"
},
"original": {
@ -120,11 +120,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1706191920,
"narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
"lastModified": 1706550542,
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
"type": "github"
},
"original": {

31
flake.nix
View File

@ -19,16 +19,22 @@
};
};
outputs = inputs@{ self, agenix, nixpkgs, nixpkgs-unstable, nixos-hardware
, home-manager }:
outputs =
inputs@{
self,
agenix,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
}:
let
mkComputer = import "${inputs.self}/lib/mk_computer.nix";
mkRaspi = import "${inputs.self}/lib/mk_raspi.nix";
mksdImage = host:
mksdImage =
host:
(self.nixosConfigurations.${host}.extendModules {
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];
}).config.system.build.sdImage;
# required for home-manager only setup {
overlay-unstable = final: prev: {
@ -39,11 +45,14 @@
};
pkgs = import inputs.nixpkgs {
system = "x86_64-linux";
config = { allowUnfree = true; };
config = {
allowUnfree = true;
};
overlays = [ overlay-unstable ];
};
# }
in {
in
# }
{
images = {
git = mksdImage "git";
loki-test = mksdImage "loki-test";
@ -131,7 +140,9 @@
];
extraSpecialArgs = {
inherit inputs;
nixosConfig = { az-username = "zweili"; };
nixosConfig = {
az-username = "zweili";
};
};
};
};

20
home-manager/modules/common/default.nix
View File

@ -1,4 +1,11 @@
{ config, lib, nixosConfig, pkgs, ... }: {
{
config,
lib,
nixosConfig,
pkgs,
...
}:
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
programs = {
@ -23,7 +30,9 @@
"$git_status"
"$character"
];
python = { format = "[\${symbol}($virtualenv) ]($style)"; };
python = {
format = "[\${symbol}($virtualenv) ]($style)";
};
};
enable = true;
};
@ -74,9 +83,8 @@
};
shellAliases = {
format-modules = "nixfmt **/*.nix";
nix-generations =
"sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
format-modules = "unstable.nixfmt-rfc-style **/*.nix";
nix-generations = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
rebuild = ''
nixos-rebuild -j auto switch --use-remote-sudo
'';
@ -93,7 +101,7 @@
highlight
killall
ncdu
nixfmt
unstable.nixfmt-rfc-style
nmon
tree
unzip

3
home-manager/modules/default.nix
View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./common
./programs/alacritty

9
home-manager/modules/programs/alacritty/default.nix
View File

@ -1,9 +1,10 @@
{ config, lib, ... }:
let cfg = config.programs.az-alacritty;
in {
let
cfg = config.programs.az-alacritty;
in
{
options = {
programs.az-alacritty.enable =
lib.mkEnableOption "Enable alacritty terminal.";
programs.az-alacritty.enable = lib.mkEnableOption "Enable alacritty terminal.";
};
config = lib.mkIf cfg.enable {

13
home-manager/modules/programs/ansible/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-ansible;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-ansible;
in
{
options = {
programs.az-ansible.enable = lib.mkEnableOption "Enable ansible.";
};

13
home-manager/modules/programs/calibre/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-calibre;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-calibre;
in
{
options = {
programs.az-calibre.enable = lib.mkEnableOption "Enable calibre.";
};

13
home-manager/modules/programs/czkawka/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-czkawka;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-czkawka;
in
{
options = {
programs.az-czkawka.enable = lib.mkEnableOption "Enable czkawka.";
};

21
home-manager/modules/programs/emacs/default.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-emacs;
in {
options = { programs.az-emacs.enable = lib.mkEnableOption "Enable emacs."; };
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-emacs;
in
{
options = {
programs.az-emacs.enable = lib.mkEnableOption "Enable emacs.";
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
@ -25,8 +34,8 @@ in {
languagetool-console-command "${pkgs.languagetool}/share/languagetool-commandline.jar"
languagetool-server-command "${pkgs.languagetool}/share/languagetool-server.jar")
'';
extraPackages = epkgs:
with pkgs; [
extraPackages =
epkgs: with pkgs; [
epkgs.ag
epkgs.amx
epkgs.annotate

29
home-manager/modules/programs/email/default.nix
View File

@ -1,9 +1,15 @@
{ config, inputs, lib, ... }:
let cfg = config.programs.az-email;
in {
{
config,
inputs,
lib,
...
}:
let
cfg = config.programs.az-email;
in
{
options = {
programs.az-email.enable =
lib.mkEnableOption "Configure everything required for sending emails.";
programs.az-email.enable = lib.mkEnableOption "Configure everything required for sending emails.";
};
config = lib.mkIf cfg.enable {
@ -18,14 +24,21 @@ in {
userName = "andreas@zweili.ch";
primary = true;
passwordCommand = "cat /run/user/1000/agenix/personalEmailKey";
aliases = [ "andreas.zweili@gmail.com" "andreas@2li.ch" ];
aliases = [
"andreas.zweili@gmail.com"
"andreas@2li.ch"
];
msmtp.enable = true;
mu.enable = true;
offlineimap = {
enable = true;
extraConfig = {
account = { autorefresh = 15; };
local = { sync_deletes = true; };
account = {
autorefresh = 15;
};
local = {
sync_deletes = true;
};
};
};
imap = {

13
home-manager/modules/programs/evince/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-evince;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-evince;
in
{
options = {
programs.az-evince.enable = lib.mkEnableOption "Enable evince.";
};

33
home-manager/modules/programs/git/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.programs.az-git;
in {
let
cfg = config.programs.az-git;
in
{
options = {
programs.az-git = {
enable = lib.mkEnableOption "Enable git.";
@ -25,15 +27,25 @@ in {
syntax-theme = "GitHub";
};
};
includes = [{
path = "~/.config/git/workconfig";
condition = "gitdir:~/git_repos/work/";
}];
includes = [
{
path = "~/.config/git/workconfig";
condition = "gitdir:~/git_repos/work/";
}
];
extraConfig = {
core = { hooksPath = "~/.config/git/hooks/"; };
safe = { directory = "*"; };
pull = { rebase = false; };
push = { autoSetupRemote = true; };
core = {
hooksPath = "~/.config/git/hooks/";
};
safe = {
directory = "*";
};
pull = {
rebase = false;
};
push = {
autoSetupRemote = true;
};
merge.conflictStyle = "diff3";
rerere.enabled = true;
};
@ -122,7 +134,6 @@ in {
# ignore pycache"
"__pycache__/"
];
};
# raw files

13
home-manager/modules/programs/hunspell/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-hunspell;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-hunspell;
in
{
options = {
programs.az-hunspell.enable = lib.mkEnableOption "Add dictionaries";
};

17
home-manager/modules/programs/keeweb/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-keeweb;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-keeweb;
in
{
options = {
programs.az-keeweb.enable = lib.mkEnableOption "Enable keeweb.";
};
@ -17,7 +24,9 @@ in {
Environment = "QT_SCALE_FACTOR=1.25";
ExecStart = "${pkgs.keeweb}/bin/keeweb --no-sandbox";
};
Install = { WantedBy = [ "graphical-session.target" ]; };
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
};
}

51
home-manager/modules/programs/mpv/default.nix
View File

@ -1,22 +1,31 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-mpv;
delete-file = (pkgs.stdenvNoCC.mkDerivation rec {
name = "mpv-delete-file";
src = pkgs.fetchurl {
url =
"https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
};
dontBuild = true;
dontUnpack = true;
installPhase = ''
install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
'';
passthru.scriptName = "delete_file.lua";
});
in {
options = { programs.az-mpv.enable = lib.mkEnableOption "Enable MPV."; };
delete-file = (
pkgs.stdenvNoCC.mkDerivation rec {
name = "mpv-delete-file";
src = pkgs.fetchurl {
url = "https://git.2li.ch/various/mpv-scripts/raw/commit/19ea069abcb794d1bf8fac2f59b50d71ab992130/delete_file.lua";
sha256 = "sha256-1FX23t+O1aFZnbuvl+9zDT8OcKEziWNGj5cAMSvRIas=";
};
dontBuild = true;
dontUnpack = true;
installPhase = ''
install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua
'';
passthru.scriptName = "delete_file.lua";
}
);
in
{
options = {
programs.az-mpv.enable = lib.mkEnableOption "Enable MPV.";
};
config = lib.mkIf cfg.enable {
programs.mpv = {
@ -25,13 +34,17 @@ in {
s = "playlist-shuffle";
r = "cycle_values video-rotate 90 180 270 0";
};
config = { "keepaspect-window" = "no"; };
config = {
"keepaspect-window" = "no";
};
scripts = [ delete-file ];
};
xdg.mimeApps = {
enable = true;
associations.added = { "inode/directory" = [ "mpv.desktop" ]; };
associations.added = {
"inode/directory" = [ "mpv.desktop" ];
};
defaultApplications = {
"application/mxf" = "mpv.desktop";
"application/sdp" = "mpv.desktop";

9
home-manager/modules/programs/open-port/default.nix
View File

@ -1,9 +1,10 @@
{ config, lib, ... }:
let cfg = config.programs.az-open-port;
in {
let
cfg = config.programs.az-open-port;
in
{
options = {
programs.az-open-port.enable =
lib.mkEnableOption "Two functions to quickly open a port in iptables.";
programs.az-open-port.enable = lib.mkEnableOption "Two functions to quickly open a port in iptables.";
};
config = lib.mkIf cfg.enable {

16
home-manager/modules/programs/rapid-photo-downloader/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-rapid-photo-downloader;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-rapid-photo-downloader;
in
{
options = {
programs.az-rapid-photo-downloader.enable =
lib.mkEnableOption "Enable Rapid Photo Downloader.";
programs.az-rapid-photo-downloader.enable = lib.mkEnableOption "Enable Rapid Photo Downloader.";
};
config = lib.mkIf cfg.enable {

27
home-manager/modules/programs/signal/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-signal;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-signal;
in
{
options = {
programs.az-signal.enable = lib.mkEnableOption "Enable Signal.";
};
@ -12,14 +19,20 @@ in {
xdg.desktopEntries = {
signal = {
name = "Signal with tray icon";
exec =
"${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
exec = "${pkgs.unstable.signal-desktop}/bin/signal-desktop --use-tray-icon --no-sandbox %U";
terminal = false;
type = "Application";
icon = "signal-desktop";
comment = "Private messaging from your desktop";
mimeType = [ "x-scheme-handler/sgnl" "x-scheme-handler/signalcaptcha" ];
categories = [ "Network" "InstantMessaging" "Chat" ];
mimeType = [
"x-scheme-handler/sgnl"
"x-scheme-handler/signalcaptcha"
];
categories = [
"Network"
"InstantMessaging"
"Chat"
];
};
};
};

10
home-manager/modules/programs/ssh/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.programs.az-ssh;
in {
options = { programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host."; };
let
cfg = config.programs.az-ssh;
in
{
options = {
programs.az-ssh.enable = lib.mkEnableOption "Enable SSH host.";
};
config = lib.mkIf cfg.enable {
programs.ssh = {

13
home-manager/modules/programs/telegram/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-telegram;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-telegram;
in
{
options = {
programs.az-telegram.enable = lib.mkEnableOption "Enable Telegram.";
};

11
home-manager/modules/programs/tmux/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.programs.az-tmux;
in {
options = { programs.az-tmux.enable = lib.mkEnableOption "Enable tmux"; };
let
cfg = config.programs.az-tmux;
in
{
options = {
programs.az-tmux.enable = lib.mkEnableOption "Enable tmux";
};
config = lib.mkIf cfg.enable {
programs.tmux = {
@ -70,4 +74,3 @@ in {
};
};
}

16
home-manager/modules/programs/vagrant-wsl/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-vagrant-wsl;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-vagrant-wsl;
in
{
options = {
programs.az-vagrant-wsl.enable =
lib.mkEnableOption "Enable Vagrant in WSL.";
programs.az-vagrant-wsl.enable = lib.mkEnableOption "Enable Vagrant in WSL.";
};
config = lib.mkIf cfg.enable {

24
home-manager/modules/programs/work-desktop/default.nix
View File

@ -1,11 +1,21 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-work-desktop;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-work-desktop;
in
{
options = {
programs.az-work-desktop.enable =
lib.mkEnableOption "Applications and config required for work.";
programs.az-work-desktop.enable = lib.mkEnableOption "Applications and config required for work.";
};
config =
lib.mkIf cfg.enable { home.packages = with pkgs; [ dbeaver vagrant ]; };
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
dbeaver
vagrant
];
};
}

10
home-manager/modules/programs/yt-dlp/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.programs.az-yt-dlp;
in {
let
cfg = config.programs.az-yt-dlp;
in
{
options = {
programs.az-yt-dlp.enable = lib.mkEnableOption "Enable yt-dlp.";
};
@ -11,7 +13,9 @@ in {
extraConfig = ''
-S "+codec:h264"
'';
settings = { remux-video = "mkv"; };
settings = {
remux-video = "mkv";
};
};
};
}

30
home-manager/modules/services/desktop-base/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-desktop-base;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-desktop-base;
in
{
options = {
services.az-desktop-base.enable =
lib.mkEnableOption "Base configuration for a destkop.";
services.az-desktop-base.enable = lib.mkEnableOption "Base configuration for a destkop.";
};
config = lib.mkIf cfg.enable {
@ -23,10 +29,8 @@ in {
az-tmux.enable = true;
bash = {
shellAliases = {
management-server =
"mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
work-management =
"mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
management-server = "mosh ${config.home.username}@10.7.89.150 -- tmux new -A -s 0";
work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
};
};
};
@ -40,8 +44,7 @@ in {
remmina
];
# raw config files
home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source =
./xdg-portal-add-path.sh;
home.file.".config/qtile/autostart.d/xdg-portal-add-path.sh".source = ./xdg-portal-add-path.sh;
gtk.theme.name = "Arc-Darker";
@ -94,7 +97,9 @@ in {
configFile."mimeapps.list".force = true;
};
xsession = { numlock.enable = true; };
xsession = {
numlock.enable = true;
};
services = {
az-dunst.enable = true;
@ -109,4 +114,3 @@ in {
systemd.user.startServices = "sd-switch";
};
}

10
home-manager/modules/services/dunst/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.services.az-dunst;
in {
options = { services.az-dunst.enable = lib.mkEnableOption "Enable dunst."; };
let
cfg = config.services.az-dunst;
in
{
options = {
services.az-dunst.enable = lib.mkEnableOption "Enable dunst.";
};
config = lib.mkIf cfg.enable {
services.dunst = {

35
home-manager/modules/services/espanso/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.services.az-espanso;
in {
let
cfg = config.services.az-espanso;
in
{
options = {
services.az-espanso.enable = lib.mkEnableOption "Enable espanso.";
};
@ -16,23 +18,30 @@ in {
{
trigger = "<dd";
replace = "{{current_date}}";
vars = [{
name = "current_date";
type = "date";
params = { format = "%Y-%m-%d"; };
}];
vars = [
{
name = "current_date";
type = "date";
params = {
format = "%Y-%m-%d";
};
}
];
}
{
trigger = "<ds";
replace = "{{current_date}}";
vars = [{
name = "current_date";
type = "date";
params = { format = "%Y-%m-%d_%H%M%S"; };
}];
vars = [
{
name = "current_date";
type = "date";
params = {
format = "%Y-%m-%d_%H%M%S";
};
}
];
}
];
};
};
}

21
home-manager/modules/services/grobi/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-grobi;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-grobi;
in
{
options = {
services.az-grobi.enable =
lib.mkEnableOption "Enabel grobi display manager.";
services.az-grobi.enable = lib.mkEnableOption "Enabel grobi display manager.";
};
config = lib.mkIf cfg.enable {
@ -23,7 +29,10 @@ in {
}
{
name = "docked";
outputs_connected = [ "eDP-1" "DP-1-2" ];
outputs_connected = [
"eDP-1"
"DP-1-2"
];
atomic = true;
configure_single = "DP-1-2";
primary = true;

11
home-manager/profiles/desktop.nix
View File

@ -8,7 +8,8 @@ let
nvidia-offload mpv --shuffle --mute=yes "/run/user/1000/gvfs/smb-share:server=10.7.89.108,share=various2/$directory/" &
done
'';
in {
in
{
imports = [ "${inputs.self}/home-manager/modules" ];
home = {
packages = with pkgs; [
@ -22,8 +23,7 @@ in {
az-media
];
shellAliases = {
unlock-luks =
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
};
};
@ -34,6 +34,7 @@ in {
az-yt-dlp.enable = true;
};
services = { az-desktop-base.enable = true; };
services = {
az-desktop-base.enable = true;
};
}

3
home-manager/profiles/headless.nix
View File

@ -1,4 +1,5 @@
{ inputs, ... }: {
{ inputs, ... }:
{
imports = [ "${inputs.self}/home-manager/modules" ];
systemd.user.startServices = "sd-switch";
}

6
home-manager/profiles/management.nix
View File

@ -1,4 +1,5 @@
{ inputs, pkgs, ... }: {
{ inputs, pkgs, ... }:
{
imports = [ "${inputs.self}/home-manager/modules" ];
home = {
@ -9,8 +10,7 @@
xclip
];
shellAliases = {
unlock-luks =
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
unlock-luks = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
};
};

3
home-manager/profiles/ubuntu.nix
View File

@ -1,4 +1,5 @@
{ inputs, ... }: {
{ inputs, ... }:
{
imports = [ "${inputs.self}/home-manager/modules" ];
targets.genericLinux.enable = true;

12
home-manager/profiles/work-vm.nix
View File

@ -1,4 +1,5 @@
{ inputs, pkgs, ... }: {
{ inputs, pkgs, ... }:
{
imports = [ "${inputs.self}/home-manager/modules" ];
home = {
packages = with pkgs; [
@ -8,10 +9,13 @@
};
programs = {
az-git = { userEmail = "zweili@contria.com"; };
az-git = {
userEmail = "zweili@contria.com";
};
az-work-desktop.enable = true;
};
services = { az-desktop-base.enable = true; };
services = {
az-desktop-base.enable = true;
};
}

30
home-manager/profiles/work-wsl.nix
View File

@ -1,4 +1,10 @@
{ config, inputs, pkgs, ... }: {
{
config,
inputs,
pkgs,
...
}:
{
imports = [ "${inputs.self}/home-manager/modules" ];
programs.direnv = {
@ -15,7 +21,13 @@
NIX_PATH = "nixpkgs=${inputs.nixpkgs}";
PATH = "$PATH:$HOME/.local/bin";
};
packages = with pkgs; [ keychain nixfmt mosh gyre-fonts source-code-pro ];
packages = with pkgs; [
keychain
unstable.nixfmt-rfc-style
mosh
gyre-fonts
source-code-pro
];
};
nix = {
package = pkgs.nix;
@ -25,8 +37,10 @@
experimental-features = "nix-command flakes";
fallback = true;
warn-dirty = false;
substituters =
[ "https://nix-community.cachix.org" "https://cache.nixos.org" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@ -38,7 +52,9 @@
programs = {
az-ansible.enable = true;
az-emacs.enable = true;
az-git = { userEmail = "zweili@contria.com"; };
az-git = {
userEmail = "zweili@contria.com";
};
az-hunspell.enable = true;
az-tmux.enable = true;
az-vagrant-wsl.enable = true;
@ -47,8 +63,7 @@
. /home/zweili/.nix-profile/etc/profile.d/nix.sh
'';
shellAliases = {
work-management =
"mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
work-management = "mosh --ssh='ssh -i ~/.ssh/zweili.key' zweili@10.49.0.100 -- tmux new -A -s 0";
work-vm = ''ssh andreas@localhost -p 2222 -t "$@" "tmux new -A -s 0"'';
hm-rebuild = "home-manager switch";
};
@ -56,4 +71,3 @@
};
systemd.user.startServices = "suggest";
}

24
lib/mk_computer.nix
View File

@ -1,5 +1,10 @@
{ hostname, inputs, system ? "x86_64-linux", home-module ? "headless"
, username ? "andreas" }:
{
hostname,
inputs,
system ? "x86_64-linux",
home-module ? "headless",
username ? "andreas",
}:
let
overlay-unstable = final: prev: {
unstable = import inputs.nixpkgs-unstable {
@ -10,7 +15,9 @@ let
pkgs = import inputs.nixpkgs {
inherit system;
config = { allowUnfree = true; };
config = {
allowUnfree = true;
};
overlays = [
overlay-unstable
# (final: prev: {
@ -26,9 +33,12 @@ let
# })
];
};
in inputs.nixpkgs.lib.nixosSystem {
in
inputs.nixpkgs.lib.nixosSystem {
inherit system pkgs;
specialArgs = { inherit inputs; };
specialArgs = {
inherit inputs;
};
modules = ([
# System configuration for this host
(import "${inputs.self}/systems/${hostname}" { inherit hostname; })
@ -46,7 +56,9 @@ in inputs.nixpkgs.lib.nixosSystem {
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit inputs system; };
home-manager.extraSpecialArgs = {
inherit inputs system;
};
age.identityPaths = [ "/home/${username}/.ssh/id_rsa" ];
home-manager.users.${username}.imports = [
inputs.agenix.homeManagerModules.default

48
lib/mk_raspi.nix
View File

@ -1,5 +1,10 @@
{ hostname, inputs, system ? "aarch64-linux", home-module ? "headless"
, username ? "andreas" }:
{
hostname,
inputs,
system ? "aarch64-linux",
home-module ? "headless",
username ? "andreas",
}:
let
overlay-unstable = final: prev: {
unstable = import inputs.nixpkgs-unstable {
@ -10,34 +15,39 @@ let
pkgs = import inputs.nixpkgs {
inherit system;
config = { allowUnfree = true; };
config = {
allowUnfree = true;
};
overlays = [
overlay-unstable
(final: prev: {
freshrss = prev.freshrss.overrideAttrs (_: rec {
version = "1.32.1";
src = pkgs.fetchFromGitHub {
owner = "FreshRSS";
repo = "FreshRSS";
rev = "c89073d60e491f775a13a9ec57915313eb073964";
sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
};
});
freshrss = prev.freshrss.overrideAttrs (
_: rec {
version = "1.32.1";
src = pkgs.fetchFromGitHub {
owner = "FreshRSS";
repo = "FreshRSS";
rev = "c89073d60e491f775a13a9ec57915313eb073964";
sha256 = "sha256-DqfkbfvqGkAMQ2oawfb7Ggiv2u6/Qq6UgygLTNov9CA=";
};
}
);
})
# The following is requried for building images {
# https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
# }
];
};
in inputs.nixpkgs.lib.nixosSystem {
in
inputs.nixpkgs.lib.nixosSystem {
inherit pkgs system;
specialArgs = { inherit inputs; };
specialArgs = {
inherit inputs;
};
modules = ([
# System configuration for this host
(import "${inputs.self}/systems/${hostname}" { inherit hostname; })
@ -55,7 +65,9 @@ in inputs.nixpkgs.lib.nixosSystem {
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit inputs system; };
home-manager.extraSpecialArgs = {
inherit inputs system;
};
home-manager.users.${username}.imports = [
inputs.agenix.homeManagerModules.default
"${inputs.self}/home-manager/profiles/${home-module}.nix"

3
modules/default.nix
View File

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
imports = [
./hardware/bluetooth
./hardware/dvd

7
modules/hardware/bluetooth/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.hardware.az-bluetooth;
in {
let
cfg = config.hardware.az-bluetooth;
in
{
options = {
hardware.az-bluetooth.enable = lib.mkEnableOption "Enable Bluetooth";
};
@ -21,4 +23,3 @@ in {
};
};
}

17
modules/hardware/dvd/default.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.hardware.az-dvd;
in {
options = { hardware.az-dvd.enable = lib.mkEnableOption "DVD"; };
{
config,
lib,
pkgs,
...
}:
let
cfg = config.hardware.az-dvd;
in
{
options = {
hardware.az-dvd.enable = lib.mkEnableOption "DVD";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [

12
modules/hardware/nvidia/default.nix
View File

@ -1,12 +1,18 @@
{ config, lib, ... }:
let cfg = config.hardware.az-nvidia;
in {
let
cfg = config.hardware.az-nvidia;
in
{
options = {
hardware.az-nvidia.enable = lib.mkEnableOption "Nvidia GPU Support";
};
config = lib.mkIf cfg.enable {
environment = { variables = { XDG_DATA_HOME = "$HOME/.local/share"; }; };
environment = {
variables = {
XDG_DATA_HOME = "$HOME/.local/share";
};
};
hardware.nvidia.prime = {
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA

9
modules/hardware/raspi4/default.nix
View File

@ -1,3 +1,8 @@
{ ... }: {
imports = [ ./raspi-base.nix ./raspi-ethernet.nix ./raspi-usb.nix ];
{ ... }:
{
imports = [
./raspi-base.nix
./raspi-ethernet.nix
./raspi-usb.nix
];
}

56
modules/hardware/raspi4/init_config.nix
View File

@ -1,9 +1,7 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
"${
fetchTarball
"https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"
}/raspberry-pi/4"
"${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/32f61571b486efc987baca553fb35df22532ba63.tar.gz"}/raspberry-pi/4"
];
fileSystems = {
@ -14,7 +12,10 @@
};
};
environment.systemPackages = with pkgs; [ raspberrypi-eeprom vim ];
environment.systemPackages = with pkgs; [
raspberrypi-eeprom
vim
];
system.stateVersion = "23.05";
services.openssh.enable = true;
@ -26,7 +27,12 @@
experimental-features = nix-command flakes
warn-dirty = false
'';
settings = { trusted-users = [ "root" "@wheel" ]; };
settings = {
trusted-users = [
"root"
"@wheel"
];
};
};
users = {
@ -46,22 +52,24 @@
};
security.sudo = {
extraRules = [{
users = [ "nixos" ];
commands = [
{
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
{
command = "ALL";
options = [ "SETENV" ];
}
];
}];
extraRules = [
{
users = [ "nixos" ];
commands = [
{
command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild -j auto switch";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
{
command = "ALL";
options = [ "SETENV" ];
}
];
}
];
};
}

33
modules/hardware/raspi4/raspi-base.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.hardware.az-raspi4-base;
test-sd-card = pkgs.writeShellScriptBin "test-sd-card" ''
@ -53,16 +58,26 @@ let
printf "microSD card benchmark complete!\n\n"
'';
in {
in
{
options = {
hardware.az-raspi4-base.enable =
lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
hardware.az-raspi4-base.enable = lib.mkEnableOption "Enable the base config for a Raspberry Pi 4.";
};
config = lib.mkIf cfg.enable {
boot.supportedFilesystems =
lib.mkForce [ "f2fs" "ntfs" "cifs" "ext4" "vfat" "nfs" "nfs4" ];
boot.kernelParams = [ "rootflags=atgc" "rw" ];
boot.supportedFilesystems = lib.mkForce [
"f2fs"
"ntfs"
"cifs"
"ext4"
"vfat"
"nfs"
"nfs4"
];
boot.kernelParams = [
"rootflags=atgc"
"rw"
];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
@ -96,7 +111,9 @@ in {
device = "/dev/disk/by-label/cryptroot";
allowDiscards = true; # required for TRIM
};
loader = { systemd-boot.enable = true; };
loader = {
systemd-boot.enable = true;
};
};
boot.extraModulePackages = [ ];

17
modules/hardware/raspi4/raspi-ethernet.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.hardware.az-raspi4-ethernet;
in {
let
cfg = config.hardware.az-raspi4-ethernet;
in
{
options = {
hardware.az-raspi4-ethernet = {
enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
@ -29,10 +31,12 @@ in {
};
defaultGateway = "10.7.89.1";
nameservers = [ "10.7.89.1" ];
interfaces.eth0.ipv4.addresses = [{
address = cfg.ip;
prefixLength = 24;
}];
interfaces.eth0.ipv4.addresses = [
{
address = cfg.ip;
prefixLength = 24;
}
];
};
services = {
@ -41,4 +45,3 @@ in {
};
};
}

28
modules/hardware/raspi4/raspi-usb.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.hardware.az-raspi4-usb;
in {
let
cfg = config.hardware.az-raspi4-usb;
in
{
options = {
hardware.az-raspi4-usb = {
enable = lib.mkEnableOption "Enable options required for Raspberry Pi 4.";
@ -31,15 +33,21 @@ in {
"127.0.0.1" = [ "${cfg.hostname}.2li.local" ];
ip = [ "${cfg.hostname}.2li.local" ];
};
interfaces.usb0.ipv4.addresses = [{
address = cfg.ip;
prefixLength = 24;
}];
interfaces.usb0.ipv4.addresses = [
{
address = cfg.ip;
prefixLength = 24;
}
];
wireless = {
enable = true;
userControlled.enable = true;
interfaces = [ "wlan0" ];
networks = { "Gröibschi" = { psk = "schottland"; }; };
networks = {
"Gröibschi" = {
psk = "schottland";
};
};
};
};
@ -52,7 +60,10 @@ in {
dhcp-range = [ "10.213.0.100,10.213.0.200,255.255.255.0,24h" ];
dhcp-option = [ "option:router,${cfg.ip}" ];
interface = "usb0";
server = [ "84.200.69.80" "84.200.70.40" ];
server = [
"84.200.69.80"
"84.200.70.40"
];
};
};
@ -96,4 +107,3 @@ in {
systemd.services."network-addresses-usb0".after = [ "usb-otg.service" ];
};
}

45
modules/misc/common/default.nix
View File

@ -1,4 +1,11 @@
{ config, inputs, lib, pkgs, ... }: {
{
config,
inputs,
lib,
pkgs,
...
}:
{
# The rough location
location = {
latitude = 46.948;
@ -17,11 +24,15 @@
allowPing = true;
allowedTCPPorts = [ 22 ];
};
timeServers = [ "10.7.89.1" "ch.pool.ntp.org" ];
timeServers = [
"10.7.89.1"
"ch.pool.ntp.org"
];
};
hardware = { enableRedistributableFirmware = true; };
hardware = {
enableRedistributableFirmware = true;
};
# required in order to have apropos and whatis working
programs.mosh.enable = true;
@ -68,7 +79,11 @@
btm = "btm --color default-light";
sudo = "sudo ";
};
systemPackages = [ pkgs.bottom pkgs.man-pages pkgs.vim ];
systemPackages = [
pkgs.bottom
pkgs.man-pages
pkgs.vim
];
};
# Disable the root user
users.users.root.hashedPassword = "!";
@ -76,7 +91,10 @@
users.users.${config.az-username} = {
isNormalUser = true;
initialPassword = "password";
extraGroups = [ "wheel" "networkmanager" ];
extraGroups = [
"wheel"
"networkmanager"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn"
@ -98,8 +116,14 @@
settings = {
warn-dirty = false;
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "root" "@wheel" ];
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
min-free = 1000000000;
max-free = 10000000000;
connect-timeout = 5;
@ -113,7 +137,9 @@
};
};
security.sudo = { wheelNeedsPassword = false; };
security.sudo = {
wheelNeedsPassword = false;
};
system.activationScripts.diff = {
supportsDryActivation = true;
@ -132,4 +158,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05";
}

6
modules/misc/initrd-ssh/default.nix
View File

@ -1,12 +1,12 @@
{ config, inputs, ... }: {
{ config, inputs, ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
authorizedKeys =
config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
authorizedKeys = config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
};

3
modules/misc/username/default.nix
View File

@ -1,4 +1,5 @@
{ lib, ... }: {
{ lib, ... }:
{
options = {
az-username = lib.mkOption {
type = lib.types.str;

26
modules/profiles/desktop/default.nix
View File

@ -1,12 +1,21 @@
{ config, lib, pkgs, ... }:
let cfg = config.profiles.az-desktop;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.profiles.az-desktop;
in
{
options = {
profiles.az-desktop.enable = lib.mkEnableOption "Enable desktop";
};
config = lib.mkIf cfg.enable {
networking = { networkmanager.enable = true; };
networking = {
networkmanager.enable = true;
};
documentation = {
man.generateCaches = true;
@ -60,7 +69,10 @@ in {
serif = [ "TeX Gyre Pagella" ];
monospace = [ "Source Code Pro" ];
};
packages = [ pkgs.gyre-fonts pkgs.source-code-pro ];
packages = [
pkgs.gyre-fonts
pkgs.source-code-pro
];
};
# Enable keyring
@ -109,7 +121,9 @@ in {
source-code-pro
unrar
];
variables = { WINIT_X11_SCALE_FACTOR = "1"; };
variables = {
WINIT_X11_SCALE_FACTOR = "1";
};
sessionVariables = {
DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
QT_SCALE_FACTOR = "1.25";

21
modules/programs/distrobox/default.nix
View File

@ -1,13 +1,22 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-distrobox;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-distrobox;
in
{
options = {
programs.az-distrobox.enable = lib.mkEnableOption
"Install distrobox and configure it to run GUI applications.";
programs.az-distrobox.enable = lib.mkEnableOption "Install distrobox and configure it to run GUI applications.";
};
config = lib.mkIf cfg.enable {
environment = {
systemPackages = [ pkgs.unstable.distrobox pkgs.xorg.xhost ];
systemPackages = [
pkgs.unstable.distrobox
pkgs.xorg.xhost
];
shellInit = ''
[ -n "$DISPLAY" ] && xhost +si:localuser:$USER || true
'';

14
modules/programs/eog/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-eog;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-eog;
in
{
options = {
programs.az-eog.enable = lib.mkEnableOption "Gnome Image Viewer";
};
@ -24,4 +31,3 @@ in {
};
};
}

16
modules/programs/libimobiledevice/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-idevices;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-idevices;
in
{
options = {
programs.az-idevices.enable =
lib.mkEnableOption "Enable support for iDevices.";
programs.az-idevices.enable = lib.mkEnableOption "Enable support for iDevices.";
};
config = lib.mkIf cfg.enable {

14
modules/programs/lockscreen/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-lockscreen;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-lockscreen;
in
{
options = {
programs.az-lockscreen.enable = lib.mkEnableOption "Lockscreen";
};
@ -14,4 +21,3 @@ in {
environment.systemPackages = with pkgs; [ i3lock ];
};
}

17
modules/programs/makemkv/default.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-makemkv;
in {
options = { programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV"; };
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-makemkv;
in
{
options = {
programs.az-makemkv.enable = lib.mkEnableOption "MakeMKV";
};
config = lib.mkIf cfg.enable {
home-manager.users.${config.az-username} = {

13
modules/programs/nautilus/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.programs.az-nautilus;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-nautilus;
in
{
options = {
programs.az-nautilus.enable = lib.mkEnableOption "Enable Nautilus";
};

7
modules/programs/nix-direnv/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.programs.az-nix-direnv;
in {
let
cfg = config.programs.az-nix-direnv;
in
{
options = {
programs.az-nix-direnv.enable = lib.mkEnableOption "Enable nix-direnv";
};
@ -16,5 +18,4 @@ in {
programs.direnv.nix-direnv.enable = true;
};
};
}

29
modules/programs/restic-management/default.nix
View File

@ -1,4 +1,10 @@
{ config, inputs, lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-restic-management;
password_file = config.age.secrets.resticKey.path;
@ -33,20 +39,19 @@ let
${pkgs.restic}/bin/restic --password-file ${password_file} snapshots'';
restic-infomaniak-mount =
pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
export RESTIC_REPOSITORY="${infomaniak-repo}"
export OS_AUTH_URL="${infomaniak-auth-url}"
export OS_USER_DOMAIN_NAME=default
restic-infomaniak-mount = pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
export RESTIC_REPOSITORY="${infomaniak-repo}"
export OS_AUTH_URL="${infomaniak-auth-url}"
export OS_USER_DOMAIN_NAME=default
mkdir -p /tmp/restic &&
mkdir -p /tmp/restic &&
${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
in {
${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
in
{
options = {
programs.az-restic-management.enable =
lib.mkEnableOption "Enable restic management commands.";
programs.az-restic-management.enable = lib.mkEnableOption "Enable restic management commands.";
};
config = lib.mkIf cfg.enable {
age.secrets.infomaniakEnv = {

21
modules/programs/scripts/default.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.az-scripts;
compress-pdf = pkgs.writeShellScriptBin "compress-pdf" ''
@ -9,8 +14,7 @@ let
-dBATCH \
-sOutputFile=compressed_$1 $1'';
files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase"
"${builtins.readFile ./files-to-lowercase.sh}";
files-to-lowercase = pkgs.writeScriptBin "files-to-lowercase" "${builtins.readFile ./files-to-lowercase.sh}";
heif-to-jpeg = pkgs.writeShellScriptBin "heif-to-jpeg" ''
for f in *.heic
@ -19,17 +23,16 @@ let
${pkgs.libheif}/bin/heif-convert $f $f.jpg
done'';
remove-special-characters = pkgs.writeScriptBin "remove-special-characters"
"${builtins.readFile ./remove_special_characters.sh}";
remove-special-characters = pkgs.writeScriptBin "remove-special-characters" "${builtins.readFile ./remove_special_characters.sh}";
replace-listings = pkgs.writeScriptBin "replace-listings"
"${builtins.readFile ./replace-listings.sh}";
replace-listings = pkgs.writeScriptBin "replace-listings" "${builtins.readFile ./replace-listings.sh}";
thumbnails = pkgs.writeShellScriptBin "thumbnails" ''
for d in $1/*; do
${pkgs.ffmpeg}/bin/ffmpeg -i "$d" -t 2 -r 0.5 "$d".jpg
done'';
in {
in
{
options = {
programs.az-scripts.enable = lib.mkEnableOption "Enable scripts";
};
@ -44,6 +47,4 @@ in {
thumbnails
];
};
}

13
modules/programs/steam/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.programs.az-steam;
in {
options = { programs.az-steam.enable = lib.mkEnableOption "Enable Steam"; };
let
cfg = config.programs.az-steam;
in
{
options = {
programs.az-steam.enable = lib.mkEnableOption "Enable Steam";
};
config = lib.mkIf cfg.enable {
programs.steam.enable = true;
@ -11,8 +15,7 @@ in {
allowedUDPPorts = [ 27031 ];
};
home-manager.users.${config.az-username} = {
home.file.".local/share/applications/steam.desktop".source =
./steam.desktop;
home.file.".local/share/applications/steam.desktop".source = ./steam.desktop;
};
};
}

13
modules/services/common-x86/default.nix
View File

@ -1,9 +1,10 @@
{ config, lib, ... }:
let cfg = config.services.az-x86;
in {
let
cfg = config.services.az-x86;
in
{
options = {
services.az-x86.enable =
lib.mkEnableOption "Enable options for x86 systems";
services.az-x86.enable = lib.mkEnableOption "Enable options for x86 systems";
};
config = lib.mkIf cfg.enable {
@ -14,6 +15,8 @@ in {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
hardware = { cpu.intel.updateMicrocode = true; };
hardware = {
cpu.intel.updateMicrocode = true;
};
};
}

10
modules/services/data-share/default.nix
View File

@ -1,9 +1,10 @@
{ config, lib, ... }:
let cfg = config.services.az-data-share;
in {
let
cfg = config.services.az-data-share;
in
{
options = {
services.az-data-share.enable =
lib.mkEnableOption "Enable the server data FNS share";
services.az-data-share.enable = lib.mkEnableOption "Enable the server data FNS share";
};
config = lib.mkIf cfg.enable {
fileSystems."/mnt/data" = {
@ -19,4 +20,3 @@ in {
};
};
}

55
modules/services/docker-mailserver/default.nix
View File

@ -1,22 +1,33 @@
{ config, inputs, lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-mailserver;
version = "13.2.0";
mailserver-setup = (pkgs.writeScriptBin "mailserver-setup"
"${builtins.readFile (pkgs.fetchurl {
url =
"https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
})}").overrideAttrs (old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out'';
});
mailserver-setup =
(pkgs.writeScriptBin "mailserver-setup" "${builtins.readFile (
pkgs.fetchurl {
url = "https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v${version}/setup.sh";
sha256 = "sha256-HMT790mp5ADdNYaOLUJfHJq9LWI0OPilTabAhogVXnc=";
}
)}"
).overrideAttrs
(
old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out'';
}
);
volumePath = "/mnt/server-data/docker-mailserver";
in {
in
{
options = {
services.az-mailserver.enable =
lib.mkEnableOption "Enable docker-mailserver";
services.az-mailserver.enable = lib.mkEnableOption "Enable docker-mailserver";
};
config = lib.mkIf cfg.enable {
@ -51,7 +62,11 @@ in {
fileSystems."${volumePath}" = {
device = "10.7.89.108:server_data/docker-mailserver";
fsType = "nfs";
options = [ "hard" "noatime" "rw" ];
options = [
"hard"
"noatime"
"rw"
];
};
services.az-docker.enable = true;
@ -62,8 +77,14 @@ in {
image = "docker.io/mailserver/docker-mailserver:${version}";
autoStart = true;
environmentFiles = [ ./mailserver.env ];
ports =
[ "25:25" "143:143" "465:465" "587:587" "993:993" "11334:11334" ];
ports = [
"25:25"
"143:143"
"465:465"
"587:587"
"993:993"
"11334:11334"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/etc/dkim:/etc/dkim:ro"

17
modules/services/docker/default.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-docker;
in {
options = { services.az-docker.enable = lib.mkEnableOption "Enable Docker"; };
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-docker;
in
{
options = {
services.az-docker.enable = lib.mkEnableOption "Enable Docker";
};
config = lib.mkIf cfg.enable {
virtualisation.docker = {

34
modules/services/freshrss/default.nix
View File

@ -1,6 +1,14 @@
{ config, inputs, lib, pkgs, ... }:
let cfg = config.services.az-freshrss;
in {
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-freshrss;
in
{
options = {
services.az-freshrss.enable = lib.mkEnableOption "Enable FreshRSS.";
};
@ -20,7 +28,10 @@ in {
group = config.services.freshrss.user;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = {
acceptTerms = true;
defaults.email = "admin+acme@zweili.ch";
@ -42,11 +53,15 @@ in {
mysql = {
enable = true;
package = pkgs.mariadb_110;
ensureUsers = [{
name = "freshrss";
ensurePermissions = { "freshrss.*" = "ALL PRIVILEGES"; };
}];
initialDatabases = [{ name = "freshrss"; }];
ensureUsers = [
{
name = "freshrss";
ensurePermissions = {
"freshrss.*" = "ALL PRIVILEGES";
};
}
];
initialDatabases = [ { name = "freshrss"; } ];
settings = {
mysqld = {
innodb_file_per_table = 1;
@ -95,4 +110,3 @@ in {
};
};
}

25
modules/services/gitea/default.nix
View File

@ -1,8 +1,14 @@
{ config, inputs, lib, ... }:
{
config,
inputs,
lib,
...
}:
let
cfg = config.services.az-gitea;
volumePath = "/mnt/server-data/gitea";
in {
in
{
options = {
services.az-gitea.enable = lib.mkEnableOption "Enable Gitea in Docker.";
services.az-gitea.domain = lib.mkOption {
@ -17,13 +23,19 @@ in {
fileSystems."${volumePath}" = {
device = "10.7.89.108:server_data/gitea/data";
fsType = "nfs";
options = [ "hard" "noatime" "rw" ];
options = [
"hard"
"noatime"
"rw"
];
};
services = {
az-docker.enable = true;
az-mariadb-for-containers.enable = true;
mysql.settings = {
mysql = { default-character-set = "utf8mb4"; };
mysql = {
default-character-set = "utf8mb4";
};
mysqld = {
collation-server = "utf8mb4_unicode_ci";
init-connect = "SET NAMES utf8mb4";
@ -55,7 +67,10 @@ in {
DISABLE_REGISTRATION = "true";
};
environmentFiles = [ config.age.secrets.giteaEnv.path ];
ports = [ "2222:22" "8080:3000" ];
ports = [
"2222:22"
"8080:3000"
];
volumes = [
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"

17
modules/services/grav/default.nix
View File

@ -2,8 +2,11 @@
let
cfg = config.services.az-grav;
volumePath = "/mnt/server-data/grav";
in {
options = { services.az-grav.enable = lib.mkEnableOption "Enable Grav."; };
in
{
options = {
services.az-grav.enable = lib.mkEnableOption "Enable Grav.";
};
config = lib.mkIf cfg.enable {
services.az-docker.enable = true;
@ -11,14 +14,17 @@ in {
fileSystems."${volumePath}" = {
device = "10.7.89.108:server_data/grav";
fsType = "nfs";
options = [ "hard" "noatime" "rw" ];
options = [
"hard"
"noatime"
"rw"
];
};
virtualisation.oci-containers = {
backend = "docker";
containers."grav" = {
# https://fleet.linuxserver.io/image?name=linuxserver/grav
image =
"lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
image = "lscr.io/linuxserver/grav:1.7.43@sha256:6cc4e340eda8c72f4671f9b9a4c1fad195deac59b9a88b6221f8b31d4fd64c08";
autoStart = true;
environment = {
TZ = "Europe/Zurich";
@ -36,4 +42,3 @@ in {
};
};
}

12
modules/services/haproxy/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.services.az-haproxy;
in {
let
cfg = config.services.az-haproxy;
in
{
options = {
services.az-haproxy.enable = lib.mkEnableOption "Enable HAProxy";
};
@ -8,7 +10,11 @@ in {
config = lib.mkIf cfg.enable {
networking = {
enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 1936 ];
firewall.allowedTCPPorts = [
80
443
1936
];
};
services.haproxy = {
enable = true;

19
modules/services/heimdall/default.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.az-heimdall;
volumePath = "/mnt/server-data/heimdall";
in {
in
{
options = {
services.az-heimdall.enable = lib.mkEnableOption "Enable Heimdall";
};
@ -13,14 +14,17 @@ in {
fileSystems."${volumePath}" = {
device = "10.7.89.108:server_data/heimdall";
fsType = "nfs";
options = [ "hard" "noatime" "rw" ];
options = [
"hard"
"noatime"
"rw"
];
};
virtualisation.oci-containers = {
backend = "docker";
containers."heimdall" = {
# https://fleet.linuxserver.io/image?name=linuxserver/heimdall
image =
"linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
image = "linuxserver/heimdall:2.5.8@sha256:2bf4feba39a64ceabb8e8aef1395c69513c8ab7dd122caa605c307d7ffcdad6f";
autoStart = true;
environment = {
TZ = "Europe/Zurich";
@ -28,11 +32,12 @@ in {
PGID = "100";
};
ports = [ "8081:80" ];
volumes =
[ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/config" ];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${volumePath}:/config"
];
extraOptions = [ "--log-opt=tag='heimdall'" ];
};
};
};
}

11
modules/services/log-to-ram/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.services.az-log2ram;
in {
let
cfg = config.services.az-log2ram;
in
{
options = {
services.az-log2ram.enable = lib.mkEnableOption "Enable log to RAM";
};
@ -9,7 +11,10 @@ in {
fileSystems."/var/log" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=512M" ];
options = [
"defaults"
"size=512M"
];
};
services.journald.extraConfig = ''
SystemMaxUse=300M

13
modules/services/logs-share/default.nix
View File

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-logs-share;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-logs-share;
in
{
options = {
services.az-logs-share.enable = lib.mkEnableOption "Enable mount share";
};

25
modules/services/mariadb-for-containers/default.nix
View File

@ -1,18 +1,27 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-mariadb-for-containers;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-mariadb-for-containers;
in
{
options = {
services.az-mariadb-for-containers.enable =
lib.mkEnableOption "Enable MariaDB configured for container clients.";
services.az-mariadb-for-containers.enable = lib.mkEnableOption "Enable MariaDB configured for container clients.";
};
config = lib.mkIf cfg.enable {
services.mysql = {
enable = true;
package = pkgs.mariadb_110;
settings = { mysqld = { bind-address = "172.17.0.1"; }; };
settings = {
mysqld = {
bind-address = "172.17.0.1";
};
};
};
networking.firewall.extraCommands =
"iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
};
}

15
modules/services/media-share/default.nix
View File

@ -1,16 +1,21 @@
{ config, lib, ... }:
let cfg = config.services.az-media-share;
in {
let
cfg = config.services.az-media-share;
in
{
options = {
services.az-media-share.enable =
lib.mkEnableOption "Mount the NFS share for with my media.";
services.az-media-share.enable = lib.mkEnableOption "Mount the NFS share for with my media.";
};
config = lib.mkIf cfg.enable {
fileSystems."/mnt/media" = {
device = "10.7.89.108:media";
fsType = "nfs";
options = [ "noatime" "hard" "nfsvers=4.0" ];
options = [
"noatime"
"hard"
"nfsvers=4.0"
];
};
};
}

56
modules/services/nextcloud/default.nix
View File

@ -1,4 +1,10 @@
{ config, inputs, lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-nextcloud;
cronService = "${config.virtualisation.oci-containers.backend}-cron";
@ -6,8 +12,7 @@ let
MYSQL_DATABASE = "nextcloud";
MYSQL_USER = "nextcloud";
MYSQL_HOST = "172.17.0.1";
NEXTCLOUD_TRUSTED_DOMAINS =
"${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
NEXTCLOUD_TRUSTED_DOMAINS = "${cfg.domain} ${config.networking.hostName}.2li.local 10.7.89.103";
REDIS_HOST = "redis";
SMTP_HOST = "mail.infomaniak.com";
SMTP_SECURE = "ssl";
@ -15,15 +20,13 @@ let
};
networkName = "nextcloud";
# https://github.com/Nebucatnetzer/nextcloud-smb
nextcloudImage =
"ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
nextcloudService =
"${config.virtualisation.oci-containers.backend}-nextcloud";
nextcloudImage = "ghcr.io/nebucatnetzer/nextcloud-smb/nextcloud-smb:28.0.1@sha256:2fc015f2844e44e861099474927696244ddb59bcfb3fc7b693468a30543a211e";
nextcloudService = "${config.virtualisation.oci-containers.backend}-nextcloud";
volumePath = "/mnt/server-data/nextcloud";
in {
in
{
options = {
services.az-nextcloud.enable =
lib.mkEnableOption "Enable Nextcloud running in a container.";
services.az-nextcloud.enable = lib.mkEnableOption "Enable Nextcloud running in a container.";
services.az-nextcloud.domain = lib.mkOption {
type = lib.types.str;
description = "The domain Nextcloud is being run from.";
@ -36,7 +39,11 @@ in {
fileSystems."${volumePath}" = {
device = "10.7.89.108:server_data/nextcloud/data";
fsType = "nfs";
options = [ "hard" "noatime" "rw" ];
options = [
"hard"
"noatime"
"rw"
];
};
services = {
az-acme-base.enable = true;
@ -99,8 +106,10 @@ in {
"/etc/localtime:/etc/localtime:ro"
"${volumePath}:/var/www/html"
];
extraOptions =
[ "--net=${networkName}" "--log-opt=tag='nextcloud-nginx'" ];
extraOptions = [
"--net=${networkName}"
"--log-opt=tag='nextcloud-nginx'"
];
};
containers."cron" = {
image = nextcloudImage;
@ -109,8 +118,10 @@ in {
environmentFiles = [ config.age.secrets.nextcloudEnv.path ];
entrypoint = "/cron.sh";
dependsOn = [ "redis" ];
volumes =
[ "/etc/localtime:/etc/localtime:ro" "${volumePath}:/var/www/html" ];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${volumePath}:/var/www/html"
];
extraOptions = [
"--add-host=host.docker.internal:host-gateway"
"--net=nextcloud"
@ -121,7 +132,10 @@ in {
image = "redis:alpine";
autoStart = true;
volumes = [ "/etc/localtime:/etc/localtime:ro" ];
extraOptions = [ "--net=${networkName}" "--log-opt=tag='redis'" ];
extraOptions = [
"--net=${networkName}"
"--log-opt=tag='redis'"
];
};
};
system.activationScripts.makeDockerNetwork = ''
@ -129,7 +143,9 @@ in {
'';
systemd.services.nextcloud-previews = {
serviceConfig = { Type = "oneshot"; };
serviceConfig = {
Type = "oneshot";
};
script = ''
${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ preview:pre-generate
'';
@ -142,8 +158,10 @@ in {
environment.shellAliases = {
occ = "${pkgs.docker}/bin/docker exec -u www-data nextcloud php occ";
};
systemd.services.${nextcloudService}.after =
[ "mysql.service" "nginx.service" ];
systemd.services.${nextcloudService}.after = [
"mysql.service"
"nginx.service"
];
systemd.services.${cronService}.after = [ "mysql.service" ];
};
}

14
modules/services/nginx-acme-base/default.nix
View File

@ -1,13 +1,17 @@
{ config, lib, ... }:
let cfg = config.services.az-acme-base;
in {
let
cfg = config.services.az-acme-base;
in
{
options = {
services.az-acme-base.enable =
lib.mkEnableOption "All the common options I need for ACME certs.";
services.az-acme-base.enable = lib.mkEnableOption "All the common options I need for ACME certs.";
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = {
acceptTerms = true;
defaults.email = "admin+acme@zweili.ch";

17
modules/services/nginx-fpm/default.nix
View File

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-nginx-fpm;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-nginx-fpm;
in
{
options = {
services.az-nginx-fpm = {
enable =
lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
enable = lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
dataDir = lib.mkOption {
type = lib.types.str;
description = "The directory where the application lives on the host.";
@ -53,5 +59,4 @@ in {
};
};
};
}

6
modules/services/nginx-proxy/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.services.az-nginx-proxy;
in {
let
cfg = config.services.az-nginx-proxy;
in
{
options = {
services.az-nginx-proxy = {
enable = lib.mkEnableOption "Enable Nginx proxy, mainly to provide SSL.";

6
modules/services/pipewire/default.nix
View File

@ -1,6 +1,8 @@
{ config, lib, ... }:
let cfg = config.services.az-pipewire;
in {
let
cfg = config.services.az-pipewire;
in
{
options = {
services.az-pipewire.enable = lib.mkEnableOption "Enable pipewire";
};

21
modules/services/plex/default.nix
View File

@ -1,11 +1,16 @@
{ config, inputs, lib, ... }:
{
config,
inputs,
lib,
...
}:
let
cfg = config.services.az-plex;
volumePath = "/mnt/media";
in {
in
{
options = {
services.az-plex.enable =
lib.mkEnableOption "Enable Plex running in Docker";
services.az-plex.enable = lib.mkEnableOption "Enable Plex running in Docker";
};
config = lib.mkIf cfg.enable {
@ -33,8 +38,7 @@ in {
containers."plex" = {
autoStart = true;
# https://fleet.linuxserver.io/image?name=linuxserver/plex
image =
"lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
image = "lscr.io/linuxserver/plex:1.32.8@sha256:656cfa13024d3d1a96e2fa91aa4e8a9a5e2d8c4bb67fc1feb5da0e13ef99e705";
environment = {
TZ = " Europe/Zurich ";
PUID = "1000";
@ -48,7 +52,10 @@ in {
"/var/lib/plex/tmp:/transcode"
"/etc/localtime:/etc/localtime:ro"
];
extraOptions = [ "--network=host" "--log-opt=tag='plex'" ];
extraOptions = [
"--network=host"
"--log-opt=tag='plex'"
];
};
};
};

19
modules/services/postgresql/default.nix
View File

@ -1,9 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-postgresql;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-postgresql;
in
{
options = {
services.az-postgresql.enable = lib.mkEnableOption
"Enable PostgreSQL with settings for container clients.";
services.az-postgresql.enable = lib.mkEnableOption "Enable PostgreSQL with settings for container clients.";
};
config = lib.mkIf cfg.enable {
@ -13,7 +19,6 @@ in {
package = pkgs.postgresql_14;
settings.listen_addresses = pkgs.lib.mkForce "127.0.0.1,172.17.0.1";
};
networking.firewall.extraCommands =
"iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
};
}

13
modules/services/qtile/default.nix
View File

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-qtile;
rofi-search = pkgs.writeShellScriptBin "rofi-search" ''
@ -15,10 +20,10 @@ let
echo "No input provided."
fi
'';
in {
in
{
options = {
services.az-qtile.enable =
lib.mkEnableOption "Enable Qtile window manager.";
services.az-qtile.enable = lib.mkEnableOption "Enable Qtile window manager.";
};
config = lib.mkIf cfg.enable {

17
modules/services/rdp/default.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }:
let cfg = config.services.az-rdp;
in {
options = { services.az-rdp.enable = lib.mkEnableOption "enable rdp"; };
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.az-rdp;
in
{
options = {
services.az-rdp.enable = lib.mkEnableOption "enable rdp";
};
config = lib.mkIf cfg.enable {
services.xrdp = {

14
modules/services/restic-client-desktop/default.nix
View File

@ -1,12 +1,18 @@
{ config, inputs, lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-restic-client-desktop;
password_file = config.age.secrets.resticKey.path;
repository = "rest:http://10.7.89.30:8000";
in {
in
{
options = {
services.az-restic-client-desktop.enable =
lib.mkEnableOption "Enable restic backups";
services.az-restic-client-desktop.enable = lib.mkEnableOption "Enable restic backups";
};
config = lib.mkIf cfg.enable {
services.az-telegram-notifications.enable = true;

22
modules/services/restic-client-server-mysql/default.nix
View File

@ -1,6 +1,14 @@
{ config, inputs, lib, pkgs, ... }:
let cfg = config.services.az-restic-client-server-mysql;
in {
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-restic-client-server-mysql;
in
{
options = {
services.az-restic-client-server-mysql = {
enable = lib.mkEnableOption "Enable restic backups for MariaDB.";
@ -21,14 +29,18 @@ in {
};
config = lib.mkIf cfg.enable {
services.az-telegram-notifications = { enable = true; };
services.az-telegram-notifications = {
enable = true;
};
age.secrets.resticKey.file = "${inputs.self}/scrts/restic.key.age";
systemd.timers."restic-backups" = {
wantedBy = [ "timers.target" ];
partOf = [ "restic-backups.service" ];
timerConfig = { OnCalendar = cfg.time; };
timerConfig = {
OnCalendar = cfg.time;
};
};
systemd.services."restic-backups" = {

18
modules/services/restic-client-server-postgres/default.nix
View File

@ -1,6 +1,14 @@
{ config, inputs, lib, pkgs, ... }:
let cfg = config.services.az-restic-client-server-postgres;
in {
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-restic-client-server-postgres;
in
{
options = {
services.az-restic-client-server-postgres = {
enable = lib.mkEnableOption "Enable restic backups for PostgreSQL.";
@ -28,7 +36,9 @@ in {
systemd.timers."restic-backups" = {
wantedBy = [ "timers.target" ];
partOf = [ "restic-backups.service" ];
timerConfig = { OnCalendar = cfg.time; };
timerConfig = {
OnCalendar = cfg.time;
};
};
systemd.services."restic-backups" = {

18
modules/services/restic-client-server/default.nix
View File

@ -1,6 +1,14 @@
{ config, inputs, lib, pkgs, ... }:
let cfg = config.services.az-restic-client-server;
in {
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-restic-client-server;
in
{
options = {
services.az-restic-client-server = {
enable = lib.mkEnableOption "Enable restic backups on server systems.";
@ -27,7 +35,9 @@ in {
systemd.timers."restic-backups" = {
wantedBy = [ "timers.target" ];
partOf = [ "restic-backups.service" ];
timerConfig = { OnCalendar = cfg.time; };
timerConfig = {
OnCalendar = cfg.time;
};
};
systemd.services."restic-backups" = {

20
modules/services/restic-server/default.nix
View File

@ -1,6 +1,14 @@
{ config, inputs, lib, pkgs, ... }:
let cfg = config.services.az-restic-server;
in {
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-restic-server;
in
{
options = {
services.az-restic-server = {
enable = lib.mkEnableOption "Enable a restic server.";
@ -27,7 +35,11 @@ in {
fileSystems."${cfg.repository}" = {
device = "10.7.89.108:restic-server";
fsType = "nfs";
options = [ "noatime" "hard" "nfsvers=4.0" ];
options = [
"noatime"
"hard"
"nfsvers=4.0"
];
};
services.restic.server = {
enable = true;

6
modules/services/rss-bridge/default.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.az-rss-bridge;
whitelist = builtins.toFile "whitelist.txt" "*";
in {
in
{
options = {
services.az-rss-bridge.enable = lib.mkEnableOption "Enable RSS bridge.";
};
@ -14,8 +15,7 @@ in {
backend = "docker";
containers."rss-bridge" = {
# https://hub.docker.com/r/rssbridge/rss-bridge/tags
image =
"rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
image = "rssbridge/rss-bridge@sha256:908ee2936c1acdddbff69020cf4f01f259b4e230fd924876b3c8dfbaa8e3326c";
autoStart = true;
ports = [ "8082:80" ];
volumes = [

11
modules/services/syslog/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.services.az-syslog;
in {
options = { services.az-syslog.enable = lib.mkEnableOption "Enable syslog"; };
let
cfg = config.services.az-syslog;
in
{
options = {
services.az-syslog.enable = lib.mkEnableOption "Enable syslog";
};
config = lib.mkIf cfg.enable {
services.rsyslogd = {
@ -15,4 +19,3 @@ in {
systemd.services.syslog.after = [ "network-online.target" ];
};
}

21
modules/services/telegram-notifications/default.nix
View File

@ -1,4 +1,10 @@
{ config, inputs, lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-telegram-notifications;
@ -16,18 +22,19 @@ let
${send-to-telegram} "$ALERT Unit failed $UNIT $ALERT
Status:
$UNITSTATUS"'';
in {
in
{
options = {
services.az-telegram-notifications.enable =
lib.mkEnableOption "Enable Telegram Notifications";
services.az-telegram-notifications.enable = lib.mkEnableOption "Enable Telegram Notifications";
};
config = lib.mkIf cfg.enable {
age.secrets.telegramNotifyEnv.file =
"${inputs.self}/scrts/telegram_notify_env.age";
age.secrets.telegramNotifyEnv.file = "${inputs.self}/scrts/telegram_notify_env.age";
systemd.services."unit-status-telegram@" = {
description = "Unit Status Telegram Service";
unitConfig = { After = "network-online.target"; };
unitConfig = {
After = "network-online.target";
};
serviceConfig = {
Type = "simple";
ExecStart = "${unit-status-telegram} %I";

10
modules/services/tlp/default.nix
View File

@ -1,7 +1,11 @@
{ config, lib, ... }:
let cfg = config.services.az-tlp;
in {
options = { services.az-tlp.enable = lib.mkEnableOption "Enable TLP"; };
let
cfg = config.services.az-tlp;
in
{
options = {
services.az-tlp.enable = lib.mkEnableOption "Enable TLP";
};
config = lib.mkIf cfg.enable {
services.tlp = {

14
modules/services/virtualbox-guest/default.nix
View File

@ -1,15 +1,17 @@
{ config, lib, ... }:
let cfg = config.services.az-virtualbox-guest;
in {
let
cfg = config.services.az-virtualbox-guest;
in
{
options = {
services.az-virtualbox-guest.enable =
lib.mkEnableOption "Enable virtualbox services";
services.az-virtualbox-guest.enable = lib.mkEnableOption "Enable virtualbox services";
};
config = lib.mkIf cfg.enable {
virtualisation.virtualbox.guest.enable = true;
virtualisation.virtualbox.guest.x11 = true;
users.users.${config.az-username} = { extraGroups = [ "vboxsf" ]; };
users.users.${config.az-username} = {
extraGroups = [ "vboxsf" ];
};
};
}

61
scrts/secrets.nix
View File

@ -1,34 +1,23 @@
let
andreas =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
andreas-nixos-vm =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
users = [ andreas andreas-nixos-vm ];
andreas = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR+JXNHSAEQamn2QiaKV0vejCPy6OmzOePXoaQF6CEknXyvBO4j7+qpgZ5RAhe7ups8xZrEpBKdtxRMf7OdQQEXg1PLlfWZSJTC8EGu1TbMltbwwHizgsK/15LkDhJ0Gk/GFz9O9GvGqjizik8Kvvqz8XWY0tEtYs5Riq8bB5D5Ctwl10iultqnIQkdaX0bNa/2X57XKeutWdbqhuSC/C7awC1aVDIdfy1BNT3weHhQhFVAeAlH7Fy4rx3gYPclICfzu27lulLeXKJj9F+NdeY84zEy7E8IkE7eqdo1zfdJJpXSIh3FqekWen5njzWJsXqZCa2Ynk1poK/Rv/ti+ySE+4XicyXp0VJM8fDz6iUI0S/pjumHwzpoN9CeNe5PDK3Y7iQzSlO9REvkj/+v7r2s6XKslk9B7hTKunvH5JgHlIeYymzXb4r2LggNrP/1KUgNk1Ztu+s1c5onXYfBNul1iQOFU3+kgTk8Oh/UFK3FA0dYeWrOLA02TdH2S7U6yE= andreas@gwyn";
andreas-nixos-vm = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA3/7NfN0GSFq4CCZa1BSizm95tFx7Ogz4IS2SaIosZ7xdjVpqAQ7iK/UG5GRKvBjhUnrGUwU9CRt6wYLhs47/qj20pMlnpvLb/0yDUwvY+2SfH6taZeLArL/o4d6jFrPuOGxP5Lt213qe/hZA0hnc6f7gZY13vXJ37Wm4K+st3N8qtk3lcTncb9aPrPoYBfrm7DGWBczdJtPPp/eJmgKATDHsy95hUuUYm17Pu2uzSVRaXIZnuevfySgRHi9qsk962GdC7CcWlctMGry7++1D0lzXdollseZQaKf40wRzMQJrOb7OueI0s5hlKsVNJR9SXbZm0rJhTeUJOzh3v+b5nNzcjqG4Cx6BOOg400ayvTxBC5pH7GRBO1Pgpj3+r2mWFOlPYwfIYS0EjoQIdKYQBefrqRrzDavancIFlqyifs8XQIru7PnF6IP6EmyQwIoybUlZzLPAWXSTXyyx7F0+w181+hYLnbHd7+u6ddVLXbUKfZ77SXiPThep9Tfw3J8= andreas@nixos";
users = [
andreas
andreas-nixos-vm
];
git =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
gwyn =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
loki-test =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
mail =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
management =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
nextcloud =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
nixos-vm =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
plex =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
proxy =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
staubfinger =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
restic-server =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
ttrss =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO40In82pEqQJexG9nlXOsYb4T/sYrb/4EVtGc0bfEb";
gwyn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNmtdodpXHcwEsX2x89RyxjX5F6eERanzM4OXlNDx50";
loki-test = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqCmY9F2nWasFtmBpk401lacclXeddDm+OTZ4+tNM94";
mail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ64p/o1u8KUqxmOQkngMdNkfTCNkqYh8ptinatxUDX";
management = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr5M2m7cic6fCaVNEesCn8Ii/VDB0EtyxYWs79aE4BD";
nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHASRPSKyADQUBe6lQEo8EHixPwktbHQjAPX24GIoWwg";
nixos-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcmWE9b7GQKOOq61gYLdFA5uZ+hhpBYePmmdRDGwIVu";
plex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAp4qkxNLabAuwRSKjD1e7nNZ0QuB+BO2VxcYpdfr/X";
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOhI/rT7BMrXmDgFC2VnrWyFwnMiZPED0z1QFwVgA4B";
staubfinger = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHaGKfqdWGUC5vg+EFHK19rR+fz29p0rV/9/lbT0lyq";
restic-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX9Sm69VGPrek8PRgWa8xJPqzRrixs1g+8hBu2F6265";
ttrss = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfWq/ZWeMNIMqXsI4rnkwR+wc/FVdb2jA70sdLMEnyX";
systems = [
git
gwyn
@ -43,10 +32,17 @@ let
staubfinger
ttrss
];
defaultKeys =
[ andreas andreas-nixos-vm gwyn management nixos-vm staubfinger ];
defaultKeys = [
andreas
andreas-nixos-vm
gwyn
management
nixos-vm
staubfinger
];
all = users ++ systems;
in {
in
{
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
@ -60,4 +56,3 @@ in {
"telegram_notify_env.age".publicKeys = all;
"webdav_andreas.age".publicKeys = defaultKeys;
}

13
setup-shell.nix
View File

@ -1,14 +1,13 @@
{ pkgs ? import <nixpkgs> { } }:
{
pkgs ? import <nixpkgs> { },
}:
pkgs.mkShell {
name = "nixosbuildshell";
nativeBuildInputs = with pkgs; [ nixFlakes ];
shellHook = ''
PATH=${
pkgs.writeShellScriptBin "nix" ''
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
''
}/bin:$PATH
PATH=${pkgs.writeShellScriptBin "nix" ''
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
''}/bin:$PATH
'';
}

13
shell.nix
View File

@ -1,4 +1,6 @@
{ pkgs ? import <nixpkgs> { } }:
{
pkgs ? import <nixpkgs> { },
}:
pkgs.mkShell {
name = "nixosbuildshell";
nativeBuildInputs = with pkgs; [
@ -14,11 +16,8 @@ pkgs.mkShell {
];
shellHook = ''
PATH=${
pkgs.writeShellScriptBin "nix" ''
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
''
}/bin:$PATH
PATH=${pkgs.writeShellScriptBin "nix" ''
${pkgs.nixFlakes}/bin/nix --experimental-features "nix-command flakes" "$@"
''}/bin:$PATH
'';
}

18
systems/desktop-vm/default.nix
View File

@ -1,7 +1,12 @@
{ hostname }:
{ config, inputs, ... }: {
boot.initrd.availableKernelModules =
[ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ];
{ config, inputs, ... }:
{
boot.initrd.availableKernelModules = [
"ata_piix"
"ohci_pci"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -22,7 +27,7 @@
interfaces.enp0s3.useDHCP = true;
};
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
users.users.${config.az-username} = {
openssh.authorizedKeys.keys = [
@ -30,10 +35,11 @@
];
};
profiles.az-desktop.enable = true;
programs = { az-distrobox.enable = true; };
programs = {
az-distrobox.enable = true;
};
services = {
az-virtualbox-guest.enable = true;
az-x86.enable = true;
};
}

6
systems/git/default.nix
View File

@ -1,7 +1,9 @@
{ hostname }:
{ inputs, pkgs, ... }:
let domain = "git.2li.ch";
in {
let
domain = "git.2li.ch";
in
{
hardware = {
az-raspi4-ethernet = {
enable = true;

28
systems/gwyn/default.nix
View File

@ -1,5 +1,11 @@
{ hostname }:
{ inputs, lib, pkgs, ... }: {
{
inputs,
lib,
pkgs,
...
}:
{
imports = [
inputs.nixos-hardware.nixosModules.dell-precision-5530
inputs.nixos-hardware.nixosModules.common-gpu-nvidia
@ -19,7 +25,10 @@
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" "sg" ];
boot.kernelModules = [
"kvm-intel"
"sg"
];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"ip=dhcp" # required for ssh at initrd
@ -32,8 +41,16 @@
# Required to build aarch64 packages
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.supportedFilesystems =
[ "apfs" "exfat" "ext4" "nfs" "nfs4" "ntfs" "cifs" "f2fs" ];
boot.supportedFilesystems = [
"apfs"
"exfat"
"ext4"
"nfs"
"nfs4"
"ntfs"
"cifs"
"f2fs"
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
@ -46,7 +63,7 @@
networking.hostName = hostname;
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
hardware = {
az-bluetooth.enable = true;
@ -75,4 +92,3 @@
virtualisation.virtualbox.host.enable = true;
}

3
systems/loki-test/default.nix
View File

@ -1,5 +1,6 @@
{ hostname }:
{ inputs, pkgs, ... }: {
{ inputs, pkgs, ... }:
{
hardware = {
az-raspi4-ethernet = {
enable = true;

4
systems/mail/default.nix
View File

@ -1,5 +1,6 @@
{ hostname }:
{ inputs, pkgs, ... }: {
{ inputs, pkgs, ... }:
{
hardware = {
az-raspi4-ethernet = {
enable = true;
@ -22,4 +23,3 @@
};
};
}

4
systems/management/default.nix
View File

@ -1,5 +1,6 @@
{ hostname }:
{ inputs, ... }: {
{ inputs, ... }:
{
hardware = {
az-raspi4-ethernet = {
enable = true;
@ -24,5 +25,4 @@
az-nix-direnv.enable = true;
az-restic-management.enable = true;
};
}

Some files were not shown because too many files have changed in this diff Show More