makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

emergency commit

Browse source
This commit is contained in:
makefu 2024-12-22 14:24:48 +01:00
parent 562889dd80
commit 548a99ca50
66 changed files with 792 additions and 584 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
2configs/audio/respeaker.nix
View file

@ -11,7 +11,7 @@ in
security.rtkit.enable = true; security.rtkit.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alsaUtils alsa-utils
i2c-tools i2c-tools
ponymix ponymix
]; ];

4
2configs/bgt/social-to-irc.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; #systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
krebs.brockman = { services.brockman = {
enable = true; enable = true;
config = { config = {
channel = "#binaergewitter"; channel = "#binaergewitter";

1
2configs/bgt/template.md
View file

@ -1,5 +1,6 @@
# <SENDUNGSNUMMER> # <SENDUNGSNUMMER>
-1. in signal "Die letzte sendung ist 10 tage her, wann wollen wir senden?" in 10 Tagen planen
0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) 0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig)
1. `eine` Person anrufen (den Host): 1. `eine` Person anrufen (den Host):
- markus madmas@studio.link - markus madmas@studio.link

1
2configs/bluetooth-mpd.nix
View file

@ -37,7 +37,6 @@ in {
"guest ok" = "yes"; "guest ok" = "yes";
}; };
sound.enable = true;
# connect via https://wiki.nixos.org/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio # connect via https://wiki.nixos.org/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
environment.etc."bluetooth/audio.conf".text = '' environment.etc."bluetooth/audio.conf".text = ''

4
2configs/core.nix
View file

@ -1,4 +1,4 @@
{ {pkgs, lib, config, ... }:{
# users are super important # users are super important
users.users = { users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@ -52,8 +52,6 @@
defaults.email = "letsencrypt@syntax-fehler.de"; defaults.email = "letsencrypt@syntax-fehler.de";
acceptTerms = true; acceptTerms = true;
}; };
system.stateVersion = lib.mkDefault "23.05";
services.postgresql.package = pkgs.postgresql_14;
boot.kernel.sysctl."kernel.dmesg_restrict" = 0; boot.kernel.sysctl."kernel.dmesg_restrict" = 0;
} }

53
2configs/default.nix
View file

@ -8,26 +8,11 @@ with lib;
./binary-cache/nixos.nix ./binary-cache/nixos.nix
./minimal.nix ./minimal.nix
./secrets/ssh_server.nix ./secrets/ssh_server.nix
./core.nix
# ./overlays/default.nix # ./overlays/default.nix
# ./security/hotfix.nix # ./security/hotfix.nix
]; ];
# users are super important
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
makefu = {
uid = 9001;
group = "users";
home = "/home/makefu";
createHome = true;
isNormalUser = true;
useDefaultShell = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
};
# nix.settings.trusted-users = [ config.krebs.build.user.name ];
nix.settings.experimental-features = [ "flakes" "nix-command" ];
# boot.kernelPackages = lib.mkDefault pkgs.linuxPackages; # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
@ -36,46 +21,10 @@ with lib;
# dns.providers.lan = "hosts"; # dns.providers.lan = "hosts";
build.user = config.krebs.users.makefu; build.user = config.krebs.users.makefu;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jq
git
gnumake
rxvt_unicode.terminfo
htop
nix-output-monitor nix-output-monitor
]; ];
#programs.bash.completion.enable = true;
environment.shellAliases = {
# TODO: see .aliases
lsl = "ls -lAtr";
ip = "ip -c -br";
dmesg = "dmesg -L --reltime";
psg = "ps -ef | grep";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
grep = "grep --color=auto";
};
nix.extraOptions = ''
auto-optimise-store = true
'';
#security.wrappers.sendmail = {
# source = "${pkgs.exim}/bin/sendmail";
# setuid = true;
#};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
environment.pathsToLink = [ "/share" ];
security.acme = {
defaults.email = "letsencrypt@syntax-fehler.de";
acceptTerms = true;
};
system.stateVersion = lib.mkDefault "23.05"; system.stateVersion = lib.mkDefault "23.05";
services.postgresql.package = pkgs.postgresql_14; services.postgresql.package = pkgs.postgresql_14;
} }

8
2configs/deployment/atuin.nix
View file

@ -1,12 +1,14 @@
{ { config, ... }:{
services.atuin = { services.atuin = {
enable = true; enable = true;
maxHistory = 900001; maxHistoryLength = 900001;
database.createLocally = true;
# openRegistration = true;
}; };
services.postgresql.enable = true; services.postgresql.enable = true;
services.nginx.virtualHosts."atuin.euer.krebsco.de" = { services.nginx.virtualHosts."atuin.euer.krebsco.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:${config.services.atuin.port}"; locations."/".proxyPass = "http://localhost:${toString config.services.atuin.port}";
}; };
} }

2
2configs/deployment/nextcloud/default.nix
View file

@ -59,7 +59,7 @@ in {
enable = true; enable = true;
configureRedis = true; configureRedis = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud30;
hostName = "o.euer.krebsco.de"; hostName = "o.euer.krebsco.de";
# Use HTTPS for links # Use HTTPS for links
https = true; https = true;

15
2configs/deployment/rss/urls
View file

@ -1,9 +1,6 @@
https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein https://www.kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280 https://www.kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5 https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313 https://www.kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313 https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5 https://www.kleinanzeigen.de/s-stuttgart/kallax-schublade/k0l9280
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5

2
2configs/editor/neovim/vimrc
View file

@ -298,7 +298,7 @@ noremap <leader>p "+gP<CR>
noremap XX "+x<CR> noremap XX "+x<CR>
" Enable mouse for vim " Enable mouse for vim
set mouse=a set mouse=
" Buffer nav " Buffer nav
noremap <leader>z :bp<CR> noremap <leader>z :bp<CR>

2
2configs/editor/vimrc
View file

@ -12,7 +12,7 @@ set background=dark
set number set number
set relativenumber set relativenumber
set mouse=a set mouse=
set ignorecase set ignorecase
set incsearch set incsearch
set wildignore=*.o,*.obj,*.bak,*.exe,*.os set wildignore=*.o,*.obj,*.bak,*.exe,*.os

18
2configs/git/forgejo.nix
View file

@ -5,6 +5,15 @@ let
in in
{ {
services.nginx = { services.nginx = {
virtualHosts."cgit.euer" = {
serverAliases = [
"cgit.gum.r"
"git.gum.r"
"cgit.makefu.r"
"git.makefu.r"
];
globalRedirect = "cgit.euer.krebsco.de";
};
virtualHosts.${DOMAIN} = { virtualHosts.${DOMAIN} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -32,6 +41,7 @@ in
ENABLED = true; ENABLED = true;
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
log.LEVEL = "Warn";
# Sending emails is completely optional # Sending emails is completely optional
# You can send a test email from the web UI at: # You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration # Profile Picture > Site Administration > Configuration > Mailer Configuration
@ -44,4 +54,12 @@ in
}; };
#mailerPasswordFile = config.sops.secrets.forgejo-mailer-password.path; #mailerPasswordFile = config.sops.secrets.forgejo-mailer-password.path;
}; };
sops.secrets.forgejo-admin-password.owner = "forgejo";
# systemd.services.forgejo.serviceConfig.ReadOnlyPaths = [ config.sops.secrets.forgejo-admin-password ];
systemd.services.forgejo.preStart = ''
admin="${lib.getExe config.services.forgejo.package} admin user"
$admin change-password --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
# $admin create --admin --email "makefu@x.r" --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
'';
} }

4
2configs/gui/base.nix
View file

@ -38,7 +38,7 @@ in
# }; # };
# displayManager.defaultSession = lib.mkDefault "none+awesome"; # displayManager.defaultSession = lib.mkDefault "none+awesome";
}; };
environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ]; environment.systemPackages = [ pkgs.adwaita-icon-theme ];
# lid switch is handled via button presses # lid switch is handled via button presses
# services.logind.lidSwitch = lib.mkDefault "ignore"; # services.logind.lidSwitch = lib.mkDefault "ignore";
#makefu.awesome.enable = true; #makefu.awesome.enable = true;
@ -55,7 +55,7 @@ in
packages = with pkgs;[ packages = with pkgs;[
pavucontrol pavucontrol
xlockmore xlockmore
rxvt_unicode-with-plugins rxvt-unicode-unwrapped
]; ];
}; };

21
2configs/gui/hyprland/default.nix
View file

@ -35,7 +35,7 @@ in {
{ {
general = { general = {
disable_loading_bar = false; disable_loading_bar = false;
grace = 10; # grace = 10;
hide_cursor = true; hide_cursor = true;
no_fade_in = false; no_fade_in = false;
}; };
@ -70,16 +70,16 @@ in {
settings = { settings = {
general = { general = {
ignore_dbus_inhibit = false; ignore_dbus_inhibit = false;
before_sleep_cmd = "loginctl lock-session"; # before_sleep_cmd = "hyprlock";
after_sleep_cmd = "hyprctl dispatch dpms on"; after_sleep_cmd = "hyprctl dispatch dpms on";
# what to do when `loginctl lock-session` sends dbus lock event # what to do when `loginctl lock-session` sends dbus lock event
lock_cmd = "pidof hyprlock || hyprlock"; lock_cmd = "hyprlock";
}; };
listener = [ listener = [
{ {
timeout = 600; timeout = 600;
on-timeout = "loginctl lock-session"; on-timeout = "hyprlock";
} }
{ {
timeout = 630; timeout = 630;
@ -159,10 +159,10 @@ in {
active_opacity = 1.0; active_opacity = 1.0;
inactive_opacity = 1.0; inactive_opacity = 1.0;
drop_shadow = false; #drop_shadow = false;
shadow_range = 4; #shadow_range = 4;
shadow_render_power = 3; #shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)"; #"col.shadow" = "rgba(1a1a1aee)";
blur = { blur = {
enabled = true; enabled = true;
@ -220,7 +220,7 @@ in {
"$mainMod, R, exec, $menu" "$mainMod, R, exec, $menu"
"$mainMod, P, pseudo, # dwindle" "$mainMod, P, pseudo, # dwindle"
"$mainMod, J, togglesplit, # dwindle" "$mainMod, J, togglesplit, # dwindle"
"$mainMod, L, exec, hyprlock" "$mainMod, L, exec, loginctl lock-session"
# Move focus with mainMod + arrow keys # Move focus with mainMod + arrow keys
"$mainMod, left, movefocus, l" "$mainMod, left, movefocus, l"
@ -249,9 +249,8 @@ in {
"$mainMod SHIFT, 6, movetoworkspace, 6" "$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7" "$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8" "$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9" "$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 10, movetoworkspace, 10" "$mainMod SHIFT, 0, movetoworkspace, 10"
# screenshot # screenshot
"$mainMod, Print, exec, grimblast --notify --cursor save area ~/shots/$(date +'%Y-%m-%d-At-%Ih%Mm%Ss').png" "$mainMod, Print, exec, grimblast --notify --cursor save area ~/shots/$(date +'%Y-%m-%d-At-%Ih%Mm%Ss').png"
",Print, exec, grimblast --notify --cursor copy area" ",Print, exec, grimblast --notify --cursor copy area"

4
2configs/gui/hyprland/kitty.nix
View file

@ -11,6 +11,10 @@ in {
name = "Terminus"; name = "Terminus";
size = 12; size = 12;
}; };
keybindings = {
"shift+insert" = "paste_from_clipboard";
"ctrl+c" = "copy_or_interrupt";
};
settings = { settings = {
update_check_interval = 0; update_check_interval = 0;
enable_audio_bell = false; enable_audio_bell = false;

2
2configs/gui/hyprland/passwords.nix
View file

@ -11,4 +11,6 @@ in {
settings.email = "makefu@x"; settings.email = "makefu@x";
}; };
}; };
services.gnome.gnome-keyring.enable = true;
security.pam.services.hyprland.enableGnomeKeyring = true;
} }

15
2configs/gui/hyprland/waybar.jsonc
View file

@ -35,7 +35,7 @@
"hyprland/window" "hyprland/window"
], ],
"modules-right": [ "modules-right": [
"mpd", // "mpd",
"idle_inhibitor", "idle_inhibitor",
"pulseaudio", "pulseaudio",
"network", "network",
@ -45,12 +45,12 @@
"temperature", "temperature",
"backlight", "backlight",
"keyboard-state", "keyboard-state",
"hyprland/language", // "hyprland/language",
"battery", "battery",
"battery#bat2", // "battery#bat2",
"clock", "clock",
"tray", "tray"
"custom/power" // "custom/power"
], ],
"keyboard-state": { "keyboard-state": {
"numlock": true, "numlock": true,
@ -130,8 +130,9 @@
}, },
"backlight": { "backlight": {
// "device": "acpi_video1", // "device": "acpi_video1",
"format": "{percent}% {icon}", //"format": "{percent}% {icon}",
"format-icons": ["", "", "", "", "", "", "", "", ""] "format": "{percent}% ☼"
// "format-icons": ["", "", "", "", "", "", "", "", ""]
}, },
"battery": { "battery": {
"states": { "states": {

2
2configs/gui/pipewire.nix
View file

@ -5,7 +5,7 @@
hardware.pulseaudio.enable = lib.mkForce false; hardware.pulseaudio.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alsaUtils alsa-utils
pulseaudio pulseaudio
ponymix ponymix
]; ];

10
2configs/gui/tools.nix
View file

@ -1,7 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries.privatefox = { home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries = {
privatefox = {
name = "Privatefox"; name = "Privatefox";
exec = "${pkgs.firefox}/bin/firefox -P Privatefox"; exec = "${pkgs.firefox}/bin/firefox -P Privatefox";
}; };
bambu-studio-large = {
name = "BambuStudioLarge";
exec = toString (pkgs.writers.writeDash "bambu-studio-large" ''
GDK_SCALE=2 XCURSOR_SIZE=32 exec ${pkgs.bambu-studio}/bin/bambu-studio
'');
};
};
} }

2
2configs/gui/urxvtd.nix
View file

@ -10,7 +10,7 @@ in {
serviceConfig = { serviceConfig = {
SyslogIdentifier = "urxvtd"; SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd"; ExecStart = "${pkgs.rxvt-unicode}/bin/urxvtd";
Restart = "always"; Restart = "always";
RestartSec = "2s"; RestartSec = "2s";
StartLimitBurst = 0; StartLimitBurst = 0;

2
2configs/home/audio-dl.nix
View file

@ -9,7 +9,7 @@ in
systemd.services.mausdownload = { systemd.services.mausdownload = {
startAt = "6:15:00"; startAt = "6:15:00";
path = [ pkg ]; path = [ pkg ];
script = "mausdownload.sh /media/silent/music/kinder/hoerbucher"; script = "alldownload.sh /media/silent/music/kinder/podcasts";
serviceConfig= { serviceConfig= {
User = "makefu"; # TODO unprivileged user User = "makefu"; # TODO unprivileged user
}; };

2
2configs/home/ham/signal-rest/service.nix
View file

@ -10,7 +10,7 @@ in {
state = [ config ]; state = [ config ];
virtualisation.oci-containers.containers.signal-rest = { virtualisation.oci-containers.containers.signal-rest = {
image = image; image = image;
#ports = [ "127.0.0.1:${toString port}:${toString port}" ]; ports = [ "127.0.0.1:${toString port}:${toString port}" ];
extraOptions = [ "--network=host"]; extraOptions = [ "--network=host"];
volumes = [ volumes = [
"${config}:/home/.local/share/signal-cli" "${config}:/home/.local/share/signal-cli"

6
2configs/home/music.nix
View file

@ -1,4 +1,4 @@
{ config,lib, ... }: { pkgs,config,lib, ... }:
let let
internal-ip = "192.168.111.11"; internal-ip = "192.168.111.11";
port = 4533; port = 4533;
@ -12,10 +12,13 @@ in
PlaylistsPath = "/media/silent/playlists"; PlaylistsPath = "/media/silent/playlists";
Address = "0.0.0.0"; Address = "0.0.0.0";
}; };
sops.secrets.navidrome-secrets.owner = "navidrome";
systemd.services.navidrome = { systemd.services.navidrome = {
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
RestartSec = "15"; RestartSec = "15";
EnvironmentFile = config.sops.secrets.navidrome-secrets.path;
ExecStartPre = pkgs.writers.writeDash "lol" "echo LND_LASTFM_APIKEY $ND_LASTFM_APIKEY";
BindReadOnlyPaths = BindReadOnlyPaths =
[ [
# navidrome uses online services to download additional album metadata / covers # navidrome uses online services to download additional album metadata / covers
@ -32,6 +35,7 @@ in
]; ];
}; };
unitConfig.RequiresMountsFor = [ "/media/silent" ]; unitConfig.RequiresMountsFor = [ "/media/silent" ];
}; };
state = [ "/var/lib/navidrome" ]; state = [ "/var/lib/navidrome" ];

130
2configs/home/photoprism.nix
View file

@ -14,10 +14,8 @@
# Import | docker-compose exec photoprism photoprism import # Import | docker-compose exec photoprism photoprism import
# ------------------------------------------------------------------- # -------------------------------------------------------------------
let let
port = "2347"; port = 2347;
photodir = "/media/cryptX/photos"; originalsPath = "/media/cryptX/photos";
statedir = "/media/cryptX/lib/photoprism/appsrv";
db-dir = "/media/cryptX/lib/photoprism/mysql";
internal-ip = "192.168.111.11"; internal-ip = "192.168.111.11";
in in
{ {
@ -28,7 +26,7 @@ in
"fotos" "fotos.lan" "fotos" "fotos.lan"
]; ];
locations."/".proxyPass = "http://localhost:${port}"; locations."/".proxyPass = "http://localhost:${toString port}";
locations."/".proxyWebsockets = true; locations."/".proxyWebsockets = true;
extraConfig = '' extraConfig = ''
if ( $server_addr != "${internal-ip}" ) { if ( $server_addr != "${internal-ip}" ) {
@ -36,111 +34,43 @@ in
} }
''; '';
}; };
systemd.services.photoprism.serviceConfig = {
#systemd.services.photoprism-network = { SupplementaryGroups = [ "download" "video" "render" ];
# enable = true; PrivateDevices = lib.mkForce false;
# wantedBy = [ "multi-user.target" ]; };
# script = '' state = [ "/var/lib/photoprism" ];
# ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||: sops.secrets."omo-photoprism-pw" = {
# ''; group = "video";
# after = [ "docker.service" ]; mode = "0750";
# before = [ };
# "docker-photoprism.service" services.photoprism = {
# "docker-mysql-photoprism.service" enable = true;
# ]; inherit port originalsPath;
#}; passwordFile = config.sops.secrets."omo-photoprism-pw".path;
storagePath = "/var/lib/photoprism";
settings = {
virtualisation.oci-containers.containers.photoprism = {
image = "photoprism/photoprism:preview";
#ports = ["${port}:${port}" ];
volumes = [
"${photodir}:/photoprism/originals"
"${statedir}:/photoprism/storage"
];
extraOptions = [
"--security-opt" "seccomp=unconfined"
"--security-opt" "apparmor=unconfined"
#"--network=photoprism"
"--network=host"
"--device=/dev/dri" # hardware encoding
];
environment = {
PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port
PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages)
# PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection)
PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features
# PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI
PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification
PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion
PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive
PHOTOPRISM_AUTH_MODE = "password";
#PHOTOPRISM_DATABASE_DRIVER = "postgres";
#PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432";
#PHOTOPRISM_DATABASE_NAME = "photoprism";
#PHOTOPRISM_DATABASE_USER = "photoprism";
#PHOTOPRISM_DATABASE_PASSWORD = "photoprism";
PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER= "localhost:3306" ; # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name
PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL
PHOTOPRISM_SITE_TITLE = "PhotoPrism"; PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "FeMi Fotos"; PHOTOPRISM_SITE_CAPTION = "FeMi Fotos";
PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos"; PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos";
PHOTOPRISM_SITE_AUTHOR = "FeMi"; PHOTOPRISM_SITE_AUTHOR = "FeMi";
PHOTOPRISM_SPONSOR = "true"; PHOTOPRISM_SPONSOR = "true";
PHOTOPRISM_DEFAULT_LOCALE = "de";
PHOTOPRISM_READONLY = "false";
# Hardware encoding # Hardware encoding
PHOTOPRISM_FFMPEG_ENCODER = "intel"; PHOTOPRISM_FFMPEG_ENCODER = "intel";
PHOTOPRISM_INIT = "intel"; PHOTOPRISM_INIT = "intel";
PHOTOPRISM_DEBUG = "false";
}; PHOTOPRISM_EXPERIMENTAL = "true";
environmentFiles = [ PHOTOPRISM_DISABLE_SETTINGS = "false";
config.sops.secrets."omo-photoprism-envfile".path PHOTOPRISM_DISABLE_TENSORFLOW = "false";
]; PHOTOPRISM_DARKTABLE_PRESETS = "false";
}; PHOTOPRISM_DETECT_NSFW = "false";
PHOTOPRISM_UPLOAD_NSFW = "true";
virtualisation.oci-containers.containers.mysql-photoprism = { PHOTOPRISM_AUTH_MODE = "password";
image = "mariadb:10.5"; PHOTOPRISM_ADMIN_USER = "admin";
extraOptions = [ PHOTOPRISM_SITE_URL = "http://192.168.111.11:2342/"; # Public PhotoPrism URL
"--security-opt" "seccomp=unconfined"
"--security-opt" "apparmor=unconfined"
#"--network=photoprism"
"--network=host"
];
#ports = [ "3306:3306" ]; # no need to expose the database
#cmd = [ "mysqld"
# "--transaction-isolation=READ-COMMITTED"
# "--character-set-server=utf8mb4"
# "--collation-server=utf8mb4_unicode_ci"
# "--max-connections=512"
# "--innodb-rollback-on-timeout=OFF"
# "--innodb-lock-wait-timeout=50"
#];
volumes= [ "${db-dir}:/var/lib/mysql" ];
environmentFiles = [
config.sops.secrets."omo-photoprism-envfile".path
];
environment = {
MYSQL_DATABASE= "photoprism";
}; };
}; };
#virtualisation.oci-containers.containers.postgres-prism = {
# image = "postgres:12-alpine";
# ports = [ "5432" ]; # no need to expose the database
# environment = {
# POSTGRES_DB = "photoprism";
# POSTGRES_USER = "photoprism";
# POSTGRES_PASSWORD = "photoprism";
# };
#};
} }

2
2configs/hw/network-manager.nix
View file

@ -4,7 +4,7 @@
extraGroups = [ "networkmanager" ]; extraGroups = [ "networkmanager" ];
packages = with pkgs;[ packages = with pkgs;[
networkmanagerapplet networkmanagerapplet
gnome3.gnome-keyring dconf gnome-keyring dconf
]; ];
}; };
networking.wireless.enable = lib.mkForce false; networking.wireless.enable = lib.mkForce false;

2
2configs/hw/upower.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.upower.enable = true; services.upower.enable = true;
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; users.users.makefu.packages = [ pkgs.gnome-power-manager ];
} }

2
2configs/kdeconnect.nix
View file

@ -1,6 +1,6 @@
{pkgs, ... }: {pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ kdeconnect ]; environment.systemPackages = with pkgs; [ plasma5Packages.kdeconnect-kde ];
networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
} }

2
2configs/main-laptop.nix
View file

@ -13,7 +13,7 @@ in {
./gui/base.nix ./gui/base.nix
# ./gui/look-up.nix # ./gui/look-up.nix
./fetchWallpaper.nix ./fetchWallpaper.nix
./zsh-user.nix ./zsh
./tools/core.nix ./tools/core.nix
./tools/core-gui.nix ./tools/core-gui.nix
./gui/automatic-diskmount.nix ./gui/automatic-diskmount.nix

2
2configs/networking/zerotier.nix
View file

@ -1,7 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
# lassulus network # lassulus network
clan.networking.zerotier = { clan.core.networking.zerotier = {
networkId = "ccc5da5295c853d4"; networkId = "ccc5da5295c853d4";
name = "nether"; name = "nether";
}; };

7
2configs/printer.nix
View file

@ -17,11 +17,16 @@ in {
users.users."${mainUser}".extraGroups = [ "scanner" "lp" ]; users.users."${mainUser}".extraGroups = [ "scanner" "lp" ];
services.udev.packages = [ pkgs.utsushi ];
# scanners are printers just in reverse anyway # scanners are printers just in reverse anyway
services.saned.enable = true; services.saned.enable = true;
# network scan
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
hardware.sane = { hardware.sane = {
enable = true; enable = true;
extraBackends = [ ]; extraBackends = [ pkgs.epkowa pkgs.utsushi ];
extraConfig.xerox_mfp = '' extraConfig.xerox_mfp = ''
usb 0x04e8 0x3441 usb 0x04e8 0x3441
''; '';

15
2configs/share/gum.nix
View file

@ -21,15 +21,12 @@ in {
"valid users" = "download"; "valid users" = "download";
}; };
}; };
extraConfig = '' settings.global = {
# guest account = smbguest "load printers" = "no";
# map to guest = bad user "printing" = "bsd";
# disable printing "printcap name" = "/dev/null";
load printers = no "disable spoolss" = "yes";
printing = bsd };
printcap name = /dev/null
disable spoolss = yes
'';
}; };
networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ]; networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ];
networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ]; networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ];

2
2configs/share/hetzner-client.nix
View file

@ -17,7 +17,7 @@ in {
"uid=${toString config.users.users.download.uid}" "uid=${toString config.users.users.download.uid}"
"gid=${toString config.users.groups.download.gid}" "gid=${toString config.users.groups.download.gid}"
"vers=3" "vers=3"
#"vers=2.1" "fsc"
"rsize=65536" "rsize=65536"
"wsize=130048" "wsize=130048"
"iocharset=utf8" "iocharset=utf8"

22
2configs/share/omo.nix
View file

@ -101,17 +101,17 @@ in {
# "guest ok" = "yes"; # "guest ok" = "yes";
#}; #};
}; };
extraConfig = '' settings.global = {
guest account = smbguest "guest account" = "smbguest";
map to guest = bad user "map to guest" = "bad user";
# disable printing # disable printing
load printers = no "load printers" = "no";
printing = bsd "printing" = "bsd";
printcap name = /dev/null "printcap name" = "/dev/null";
disable spoolss = yes "disable spoolss" = "yes";
workgroup = WORKGROUP "workgroup" = "WORKGROUP";
server string = ${config.networking.hostName} "server string" = config.networking.hostName;
netbios name = ${config.networking.hostName} "netbios name" = config.networking.hostName;
''; };
}; };
} }

16
2configs/share/wbob.nix
View file

@ -34,14 +34,14 @@
"guest ok" = "no"; "guest ok" = "no";
}; };
}; };
extraConfig = '' settings.global = {
guest account = smbguest "guest account" = "smbguest";
map to guest = bad user "map to guest" = "bad user";
# disable printing # disable printing
load printers = no "load printers" = "no";
printing = bsd "printing" = "bsd";
printcap name = /dev/null "printcap name" = "/dev/null";
disable spoolss = yes "disable spoolss" = "yes" ;
''; };
}; };
} }

1
2configs/sync/default.nix
View file

@ -16,6 +16,7 @@ in {
devices = (mk_peers used_peers) // { devices = (mk_peers used_peers) // {
makefu-phone.id = "YP57S7C-4U7PTEV-7PNVREJ-574YUTC-XMZ6TH5-P7UL5IJ-VYGW7GV-Z6QYOQR"; makefu-phone.id = "YP57S7C-4U7PTEV-7PNVREJ-574YUTC-XMZ6TH5-P7UL5IJ-VYGW7GV-Z6QYOQR";
makefu-ebook.id = "RRNPQ7N-BUGZUKX-EU7VSDJ-Z5BTW33-55DOSF4-RJXWV7W-BL7TUHT-TV7EJQN"; makefu-ebook.id = "RRNPQ7N-BUGZUKX-EU7VSDJ-Z5BTW33-55DOSF4-RJXWV7W-BL7TUHT-TV7EJQN";
makefu-tablet-medion.id = "RRJGBJC-B4WHTRY-MGFWEZU-JLTQWM6-M5N3CWM-MDSVVYC-LP67NM2-B3ZK4AI";
gum.id = "463N4HM-LFU3ARM-M7YU6O5-7FAVRIZ-WUOX5FN-C6A3XLZ-UCDUXQ5-2MVXDA6"; gum.id = "463N4HM-LFU3ARM-M7YU6O5-7FAVRIZ-WUOX5FN-C6A3XLZ-UCDUXQ5-2MVXDA6";
x.id = "ETMOWBT-XOYB7LJ-J4OKD7U-WHBEAP5-MPAHKXM-O4GGRKM-WERF7R4-MRS7EAU"; # override config for x x.id = "ETMOWBT-XOYB7LJ-J4OKD7U-WHBEAP5-MPAHKXM-O4GGRKM-WERF7R4-MRS7EAU"; # override config for x
omo.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; omo.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";

3
2configs/sync/omo-download-sync.nix
View file

@ -1,11 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
services.cachefilesd.enable = true;
systemd.services.download-sync = { systemd.services.download-sync = {
# startAt = "hourly"; # startAt = "hourly";
startAt = "*:0/30"; # 30 minutes startAt = "*:0/30"; # 30 minutes
path = [ pkgs.rsync ]; path = [ pkgs.rsync ];
script = '' script = ''
rsync -a --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/. rsync -a --size-only --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/.
''; '';
serviceConfig = { serviceConfig = {
User = "download"; User = "download";

19
2configs/sync/share/gum.nix
View file

@ -1,5 +1,12 @@
{ {
services.syncthing.user = "download"; services.syncthing.user = "download";
systemd.services.syncthing = {
environment.GOMEMLIMIT = "400MiB";
serviceConfig = {
MemoryHigh="750M";
MemoryMax="1G";
};
};
services.syncthing.settings.folders = { services.syncthing.settings.folders = {
manga = { manga = {
path = "/media/cloud/sync/manga/"; path = "/media/cloud/sync/manga/";
@ -11,10 +18,12 @@
id = "makefu-audiobooks"; id = "makefu-audiobooks";
devices = [ "omo" "makefu-phone" "x" ]; devices = [ "omo" "makefu-phone" "x" ];
}; };
download = { #download = {
path = "/media/cloud/download/"; # path = "/media/cloud/download/";
id = "makefu-download"; # id = "makefu-download";
devices = [ "omo" ]; # #config.fsWatcherEnabled = false;
}; # #config.rescanIntervalS = 300;
# devices = [ "omo" ];
#};
}; };
} }

13
2configs/sync/share/omo.nix
View file

@ -15,10 +15,15 @@
id = "makefu-audiobooks"; id = "makefu-audiobooks";
devices = [ "omo" "gum" "makefu-phone" "x" ]; devices = [ "omo" "gum" "makefu-phone" "x" ];
}; };
download = { sync-photos = {
path = "/media/crypt1/download"; path = "/media/cryptX/photos/photoframe";
id = "makefu-download"; id = "makefu-photoframe";
devices = [ "gum" ]; devices = [ "makefu-tablet-medion" ];
}; };
#download = {
# path = "/media/crypt1/download";
# id = "makefu-download";
# devices = [ "gum" ];
#};
}; };
} }

4
2configs/systemdultras/ircbot.nix
View file

@ -1,5 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }: {
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; #systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
services.rss-bridge = { services.rss-bridge = {
enable = true; enable = true;
@ -7,7 +7,7 @@
virtualHost = "rss.makefu.r"; virtualHost = "rss.makefu.r";
}; };
krebs.brockman = { services.brockman = {
enable = true; enable = true;
config = { config = {
channel = "#systemdultras"; channel = "#systemdultras";

2
2configs/tools/core.nix
View file

@ -50,7 +50,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
parallel parallel
proot proot
rxvt_unicode.terminfo rxvt-unicode-unwrapped.terminfo
# TODO: missing stockholm overlay # TODO: missing stockholm overlay
# kpaste # kpaste

1
2configs/tools/dev.nix
View file

@ -31,6 +31,7 @@
hydra-check hydra-check
# git-related # git-related
git-preview git-preview
jujutsu
tig tig
# (pkgs.callPackage ./init-host {}) # (pkgs.callPackage ./init-host {})
# used more than once # used more than once

6
2configs/tools/maker.nix
View file

@ -15,6 +15,12 @@
# cura # cura
bambu-studio bambu-studio
]; ];
networking.firewall.allowedUDPPorts = [
1990 2021 # bambu-studio ssdp
];
networking.firewall.allowedTCPPorts = [
8883 6000 # bambu-studio lan mode
];
xdg.portal.enable = true; xdg.portal.enable = true;
#xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; #xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
} }

2
2configs/tools/sec.nix
View file

@ -4,7 +4,7 @@
users.users.makefu.packages = with pkgs; [ users.users.makefu.packages = with pkgs; [
aria2 aria2
# mitmproxy # mitmproxy
python3Packages.binwalk-full binwalk
dnsmasq dnsmasq
iodine iodine
mtr mtr

4
2configs/wireguard/wiregrill-client.nix
View file

@ -22,8 +22,8 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
ip6 = "${pkgs.iptables}/bin/ip6tables"; ip6 = "${pkgs.iptables}/bin/ip6tables";
in { in {
ips = ips =
(optional (!isNull self.ip4) self.ip4.addr) ++ (optional (!isNull self.ip4) (self.ip4.addr + "/32")) ++
(optional (!isNull self.ip6) self.ip6.addr); (optional (!isNull self.ip6) (self.ip6.addr + "/128"));
listenPort = self.wireguard.port; listenPort = self.wireguard.port;
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path; privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path;
allowedIPsAsRoutes = true; allowedIPsAsRoutes = true;

8
2configs/wireguard/wiregrill-server.nix
View file

@ -35,10 +35,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
resolveLocalQueries = false; resolveLocalQueries = false;
extraConfig = /* dnsmasq */ '' settings = {
bind-interfaces bind-interfaces = true;
interface=retiolum,wiregrill interface = "retiolum,wiregrill";
''; };
servers = [ "1.1.1.1" ]; servers = [ "1.1.1.1" ];
}; };

6
2configs/zsh/atuin.nix
View file

@ -1,11 +1,13 @@
{ {
home-manager.users.makefu.programs.atuin = { home-manager.users.makefu.programs.atuin = {
enable = true; enable = true;
flags = [ "--disable-up-arrow" ];
daemon.enable = true;
settings = { settings = {
auto_sync = true; auto_sync = true;
sync_address = "https://atuin.euer.krebsco.de"; sync_address = "https://atuin.euer.krebsco.de";
search_mode = "prefix"; search_mode = "fulltext";
# fuzzy,fulltext # fuzzy,fulltext,prefix
update_check = false; update_check = false;
# filter_mode = "host"; # filter_mode = "host";
filter_mode = "global"; filter_mode = "global";

4
5pkgs/chitubox/default.nix
View file

@ -5,7 +5,7 @@
, xorg , xorg
, gst_all_1 , gst_all_1
, krb5 , krb5
, alsaLib , alsa-lib
}: }:
# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix # via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoPatchelfHook ]; nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = with xorg; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm buildInputs = with xorg; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm
libxkbcommon libpulseaudio alsaLib libxkbcommon libpulseaudio alsa-lib
xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms
gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5 gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5
]; ];

4
5pkgs/custom/alsa-tools/default.nix
View file

@ -1,4 +1,4 @@
{stdenv, lib, alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}: {stdenv, lib, alsaToolTarget,fetchurl, alsa-lib, ncurses, fltk13, gtk3}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "alsa-${alsaToolTarget}-${version}"; name = "alsa-${alsaToolTarget}-${version}";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl"; sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
}; };
sourceRoot = "${alsaToolsName}/${alsaToolTarget}/"; sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
buildInputs = [ alsaLib fltk13 gtk3 ncurses ]; buildInputs = [ alsa-lib fltk13 gtk3 ncurses ];
meta = { meta = {
homepage = http://www.alsa-project.org/; homepage = http://www.alsa-project.org/;

1
5pkgs/default.nix
View file

@ -41,7 +41,6 @@ in {
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
brother_ql_web = (builtins.getFlake "github:makefu/brother_ql_web?rev=a3f8625f48111da8cd6f8e562c966cdca445b82d").packages.x86_64-linux.default;
qcma = prev.libsForQt5.callPackage ./custom/qcma { }; qcma = prev.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ; inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = prev.pkgs.callPackage ./nodemcu-uploader {}; nodemcu-uploader = prev.pkgs.callPackage ./nodemcu-uploader {};

4
5pkgs/studio-link/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv { stdenv
, lib , lib
, fetchurl , fetchurl
, alsaLib , alsa-lib
, unzip , unzip
, openssl , openssl
, zlib , zlib
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
]; ];
sourceRoot = "."; sourceRoot = ".";
buildInputs = [ buildInputs = [
alsaLib alsa-lib
openssl openssl
zlib zlib
pulseaudio pulseaudio

608
flake.lock
View file

File diff suppressed because it is too large Load diff

2
flake.nix
View file

@ -51,7 +51,7 @@
inventory4ce.inputs.nixpkgs.follows = "nixpkgs"; inventory4ce.inputs.nixpkgs.follows = "nixpkgs";
inventory4ce.inputs.poetry2nix.follows = "poetry2nix"; inventory4ce.inputs.poetry2nix.follows = "poetry2nix";
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0"; lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.inputs.flake-parts.follows = "flake-parts"; lanzaboote.inputs.flake-parts.follows = "flake-parts";
#lanzaboote.inputs.pre-commit-hooks-nix.follows = ""; #lanzaboote.inputs.pre-commit-hooks-nix.follows = "";

6
machines/cake/config.nix
View file

@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
primaryInterface = "eth0"; primaryInterface = "end0";
in { in {
imports = [ imports = [
./hardware-config.nix ./hardware-config.nix
../../2configs ../../2configs
../../2configs/home-manager ../../2configs/home-manager
../../2configs/home/3dprint ../../2configs/home/zigbee/cake.nix
#./hardware-config.nix #./hardware-config.nix
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
# ../../2configs/tools/core.nix # ../../2configs/tools/core.nix
@ -14,7 +14,7 @@ in {
#../../2configs/support-nixos.nix #../../2configs/support-nixos.nix
# ../../2configs/homeautomation/default.nix # ../../2configs/homeautomation/default.nix
# ../../2configs/homeautomation/google-muell.nix # ../../2configs/homeautomation/google-muell.nix
../../2configs/hw/pseyecam.nix #../../2configs/hw/pseyecam.nix
# configure your hw: # configure your hw:
# ../../2configs/save-diskspace.nix # ../../2configs/save-diskspace.nix

68
machines/gum/config.nix
View file

@ -16,18 +16,18 @@ in {
# systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce []; # systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
systemd.services.samba-smbd.wantedBy = lib.mkForce []; systemd.services.samba-smbd.wantedBy = lib.mkForce [];
} }
{ #{
users.users.lass = { # users.users.lass = {
uid = 19002; # uid = 19002;
isNormalUser = true; # isNormalUser = true;
createHome = true; # createHome = true;
useDefaultShell = true; # useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ # openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey # lass.pubkey
makefu.pubkey # makefu.pubkey
]; # ];
}; # };
} #}
../../2configs ../../2configs
../../2configs/nur.nix ../../2configs/nur.nix
@ -49,10 +49,10 @@ in {
# ../../2configs/tools/sec.nix # ../../2configs/tools/sec.nix
# ../../2configs/tools/desktop.nix # ../../2configs/tools/desktop.nix
../../2configs/zsh-user.nix ../../2configs/zsh
../../2configs/mosh.nix ../../2configs/mosh.nix
# ../../2configs/disable_v6.nix # ../../2configs/disable_v6.nix
../../2configs/storj/forward-port.nix # ../../2configs/storj/forward-port.nix
# ../../2configs/gui/xpra.nix # ../../2configs/gui/xpra.nix
# networking # networking
@ -92,17 +92,19 @@ in {
# ci # ci
# ../../2configs/exim-retiolum.nix # ../../2configs/exim-retiolum.nix
../../2configs/git/cgit-retiolum.nix # ../../2configs/git/cgit-retiolum.nix
../../2configs/git/forgejo.nix
### systemdUltras ###
../../2configs/systemdultras/ircbot.nix
###### Shack ##### ###### Shack #####
# ../../2configs/shack/events-publisher # ../../2configs/shack/events-publisher
# ../../2configs/shack/gitlab-runner # ../../2configs/shack/gitlab-runner
../../2configs/remote-build/slave.nix # ../../2configs/deployment/buildbot/master.nix
../../2configs/deployment/atuin.nix
# ../../2configs/remote-build/slave.nix
# ../../2configs/remote-build/aarch64-community.nix # ../../2configs/remote-build/aarch64-community.nix
../../2configs/taskd.nix ../../2configs/taskd.nix
@ -130,7 +132,7 @@ in {
## network ## network
# ../../2configs/vpn/openvpn-server.nix # ../../2configs/vpn/openvpn-server.nix
# ../../2configs/vpn/vpnws/server.nix # ../../2configs/vpn/vpnws/server.nix
../../2configs/binary-cache/server.nix # ../../2configs/binary-cache/server.nix
{ makefu.backup.server.repo = "/var/backup/borg"; } { makefu.backup.server.repo = "/var/backup/borg"; }
../../2configs/backup/server.nix ../../2configs/backup/server.nix
../../2configs/backup/state.nix ../../2configs/backup/state.nix
@ -149,11 +151,10 @@ in {
../../2configs/deployment/rss/rss.euer.krebsco.de.nix # postgres backend ../../2configs/deployment/rss/rss.euer.krebsco.de.nix # postgres backend
../../2configs/deployment/rss/ratt.nix ../../2configs/deployment/rss/ratt.nix
../../2configs/deployment/ntfysh.nix # ../../2configs/deployment/ntfysh.nix
../../2configs/deployment/nextcloud #postgres backend ../../2configs/deployment/nextcloud #postgres backend
../../2configs/deployment/nextcloud/screeenly.nix # ../../2configs/deployment/nextcloud/screeenly.nix
../../2configs/deployment/buildbot/master.nix
# ../../2configs/deployment/buildbot/worker.nix # ../../2configs/deployment/buildbot/worker.nix
### Moving owncloud data dir to /media/cloud/nextcloud-data ### Moving owncloud data dir to /media/cloud/nextcloud-data
{ {
@ -191,7 +192,7 @@ in {
#../../2configs/deployment/owncloud.nix #../../2configs/deployment/owncloud.nix
# ../../2configs/deployment/board.euer.krebsco.de.nix # ../../2configs/deployment/board.euer.krebsco.de.nix
#../../2configs/deployment/feed.euer.krebsco.de #../../2configs/deployment/feed.euer.krebsco.de
../../2configs/deployment/boot-euer.nix # ../../2configs/deployment/boot-euer.nix
../../2configs/deployment/gecloudpad ../../2configs/deployment/gecloudpad
#../../2configs/deployment/docker/archiveteam-warrior.nix #../../2configs/deployment/docker/archiveteam-warrior.nix
../../2configs/deployment/mediengewitter.de.nix ../../2configs/deployment/mediengewitter.de.nix
@ -200,7 +201,7 @@ in {
../../2configs/deployment/wiki.euer.nix ../../2configs/deployment/wiki.euer.nix
../../2configs/shiori.nix # ../../2configs/shiori.nix
#../../2configs/workadventure #../../2configs/workadventure
../../2configs/bgt/download.binaergewitter.de.nix ../../2configs/bgt/download.binaergewitter.de.nix
@ -227,25 +228,11 @@ in {
# krebs infrastructure services # krebs infrastructure services
# ../../2configs/stats/server.nix # ../../2configs/stats/server.nix
]; ];
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
# makefu.dl-dir = "/var/download"; # makefu.dl-dir = "/var/download";
makefu.dl-dir = "/media/cloud/download/finished"; makefu.dl-dir = "/media/cloud/download/finished";
###### stable ###### stable
security.acme.certs."cgit.euer.krebsco.de" = {
email = "letsencrypt@syntax-fehler.de";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
};
services.nginx.virtualHosts."cgit" = {
serverAliases = [ "cgit.euer.krebsco.de" ];
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;
@ -254,7 +241,7 @@ in {
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
80 443 80 443
28967 # storj # 28967 # storj
]; ];
allowPing = true; allowPing = true;
logRefusedConnections = false; logRefusedConnections = false;
@ -263,4 +250,5 @@ in {
}; };
users.users.makefu.extraGroups = [ "download" "nginx" ]; users.users.makefu.extraGroups = [ "download" "nginx" ];
state = [ "/home/makefu/.weechat" ]; state = [ "/home/makefu/.weechat" ];
clan.networking.targetHost = "root@gum.i";
} }

40
machines/gum/hetznercloud/default.nix
View file

@ -2,10 +2,14 @@
{ {
imports = imports =
[ ./network.nix [
./network.nix
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ./single-disk-ext4.nix
];
zramSwap.enable = true;
zramSwap.memoryPercent = 75;
# Disk # Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.uki.tries = 3; boot.uki.tries = 3;
@ -13,39 +17,7 @@
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "vfat";
};
swapDevices = [ ];
zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [ boot.kernelParams = [
"zfs.zfs_arc_max=1073741824"
"boot.shell_on_fail" "boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
]; ];

53
machines/gum/hetznercloud/olddefault.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ ./network.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
# Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.uki.tries = 3;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "vfat";
};
swapDevices = [ ];
# zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
# boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [
#"zfs.zfs_arc_max=1073741824" # 1gb
"zfs.zfs_arc_max=134217728" # 128mb
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
}

54
machines/gum/hetznercloud/single-disk-ext4.nix
View file

@ -1,25 +1,33 @@
{ disk ? "/dev/sda", ... }: { { ... }: {
boot.loader.efi.canTouchEfiVariables = true; #boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true; #boot.loader.systemd-boot.enable = true;
#boot.loader.grub.device = "/dev/sda";
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
disko.devices = { disko.devices = {
disk = { disk = {
disk1 = { main = {
device = disk;
type = "disk"; type = "disk";
# device = disk;
device = "/dev/sda";
content = { content = {
type = "table"; type = "gpt";
format = "gpt";
partitions = { partitions = {
boot = { boot = { # required for embedding grub
size = "1M"; size = "1M";
type = "EF02"; type = "EF02";
priority = 1;
}; };
ESP = { ESP = {
name = "ESP"; name = "ESP";
start = "1MiB"; #start = "1M";
type = "EF00"; type = "EF00";
end = "1G"; priority = 2;
bootable = true; size = "1G";
# bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
@ -27,24 +35,28 @@
mountOptions = [ "umask=0077" ]; mountOptions = [ "umask=0077" ];
}; };
}; };
swap = {
size = "4G";
#size = "100%";
#end = "-4G";
priority = 3;
content = {
type = "swap";
priority = 1; # lowest prio
};
};
root = { root = {
name = "root"; name = "root";
start = "500MiB"; priority = 4;
end = "-4G"; #start = "1G";
part-type = "primary"; #end = "-4G";
size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/";
}; };
}; };
swap = {
size = "4G";
content = {
type = "swap";
priority = 1; # lowest prio
};
};
}; };
}; };
}; };

4
machines/liveiso/config.nix
View file

@ -1,11 +1,11 @@
{ pkgs, modulesPath, ... }: { { pkgs, modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
../../2configs ../../2configs/core.nix
]; ];
# start sshd in any case # start sshd in any case
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
krebs.build.host.name = "liveiso";
} }

7
machines/liveiso/configuration.nix
View file

@ -1,7 +0,0 @@
{
imports = [
];
# New machine!
}

16
machines/omo/config.nix
View file

@ -13,6 +13,12 @@ in {
../../2configs/default.nix ../../2configs/default.nix
../../2configs/support-nixos.nix ../../2configs/support-nixos.nix
../../2configs/nur.nix ../../2configs/nur.nix
{
systemd.coredump.extraConfig = ''
Storage=none
ProcessSizeMax=0
'';
}
{ {
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
@ -34,7 +40,7 @@ in {
### systemdUltras ### ### systemdUltras ###
../../2configs/systemdultras/ircbot.nix ../../2configs/systemdultras/ircbot.nix
../../2configs/zsh-user.nix ../../2configs/zsh
../../2configs/home-manager ../../2configs/home-manager
../../2configs/home-manager/cli.nix ../../2configs/home-manager/cli.nix
../../2configs/editor/neovim ../../2configs/editor/neovim
@ -49,7 +55,7 @@ in {
# ../../2configs/smart-monitor.nix # ../../2configs/smart-monitor.nix
../../2configs/mail-client.nix ../../2configs/mail-client.nix
../../2configs/mosh.nix ../../2configs/mosh.nix
../../2configs/nix-ld.nix #../../2configs/nix-ld.nix
../../2configs/tools/core.nix ../../2configs/tools/core.nix
../../2configs/tools/dev.nix ../../2configs/tools/dev.nix
../../2configs/tools/desktop.nix ../../2configs/tools/desktop.nix
@ -63,8 +69,10 @@ in {
../../2configs/share ../../2configs/share
../../2configs/share/omo.nix ../../2configs/share/omo.nix
../../2configs/share/gum-client.nix ../../2configs/share/hetzner-client.nix
#../../2configs/share/gum-client.nix
../../2configs/sync ../../2configs/sync
../../2configs/sync/omo-download-sync.nix
../../2configs/sync/share/omo.nix ../../2configs/sync/share/omo.nix
../../2configs/wireguard/wiregrill-client.nix ../../2configs/wireguard/wiregrill-client.nix
@ -123,7 +131,7 @@ in {
../../2configs/home/metube.nix ../../2configs/home/metube.nix
# ../../2configs/home/ham # ../../2configs/home/ham
../../2configs/home/ham/docker.nix ../../2configs/home/ham/docker.nix
../../2configs/home/zigbee2mqtt ../../2configs/home/zigbee/omo.nix
../../2configs/home/streams.nix ../../2configs/home/streams.nix
../../2configs/home/esphome.nix ../../2configs/home/esphome.nix
../../2configs/home/audio-dl.nix ../../2configs/home/audio-dl.nix

20
machines/omo/hw/vaapi.nix
View file

@ -1,17 +1,19 @@
{ pkgs, ... }: { pkgs, ... }:
let
vaapi = pkgs.vaapiIntel.override { enableHybridCodec = true; };
in
{ {
hardware.opengl = { # 2024-08-18: https://wiki.nixos.org/wiki/Jellyfin
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = { # hardware.opengl in 24.05
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver
vaapi # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) intel-vaapi-driver # previously vaapiIntel
vaapiVdpau vaapiVdpau
libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
]; ];
}; };
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapi ];
environment.systemPackages = [ pkgs.libva-utils ];
} }

2
machines/savarcast/config.nix
View file

@ -24,7 +24,7 @@
# Tools # Tools
../../2configs/tools/core.nix ../../2configs/tools/core.nix
../../2configs/zsh-user.nix ../../2configs/zsh
../../2configs/mosh.nix ../../2configs/mosh.nix
# Networking # Networking
../../2configs/tinc/retiolum.nix ../../2configs/tinc/retiolum.nix

2
machines/tsp/config.nix
View file

@ -22,7 +22,7 @@
# ../../2configs/rad1o.nix # ../../2configs/rad1o.nix
../../2configs/zsh-user.nix ../../2configs/zsh
../../2configs/home-manager ../../2configs/home-manager
../../2configs/home-manager/desktop.nix ../../2configs/home-manager/desktop.nix
../../2configs/home-manager/cli.nix ../../2configs/home-manager/cli.nix

2
machines/wbob/config.nix
View file

@ -14,7 +14,7 @@ in {
../../2configs/networking/zerotier.nix ../../2configs/networking/zerotier.nix
../../2configs/home-manager ../../2configs/home-manager
../../2configs/support-nixos.nix ../../2configs/support-nixos.nix
../../2configs/zsh-user.nix ../../2configs/zsh
../../2configs/tools/core.nix ../../2configs/tools/core.nix
# ../../2configs/disable_v6.nix # ../../2configs/disable_v6.nix
../../2configs/tools/core-gui.nix ../../2configs/tools/core-gui.nix

8
machines/x/config.nix
View file

@ -2,10 +2,14 @@
{ {
imports = imports =
[ [
# ./x230 # ./x230
./x13 ./x13
{
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
];
}
# do not build in tmpfs # do not build in tmpfs
{ systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";} { systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";}
@ -37,6 +41,7 @@
../../2configs/home-manager/taskwarrior.nix ../../2configs/home-manager/taskwarrior.nix
../../2configs/main-laptop.nix ../../2configs/main-laptop.nix
../../2configs/zsh/atuin.nix
../../2configs/kdeconnect.nix ../../2configs/kdeconnect.nix
../../2configs/extra-fonts.nix ../../2configs/extra-fonts.nix
../../2configs/editor/neovim ../../2configs/editor/neovim
@ -264,6 +269,7 @@
"aarch64-linux" "aarch64-linux"
]; ];
# services.syncthing.user = lib.mkForce "makefu"; # services.syncthing.user = lib.mkForce "makefu";
# services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
} }

2
machines/x/x13/amdgpu.nix
View file

@ -3,7 +3,7 @@
services.xserver.videoDrivers = [ "amdgpu" ]; services.xserver.videoDrivers = [ "amdgpu" ];
#boot.initrd.kernelModules = [ "amdgpu" ]; #boot.initrd.kernelModules = [ "amdgpu" ];
#hardware.opengl.driSupport = true; #hardware.opengl.driSupport = true;
hardware.graphics.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ]; hardware.graphics.extraPackages = with pkgs; [ amdvlk rocmPackages.clr.icd rocmPackages.clr ];
# For 32 bit applications # For 32 bit applications
hardware.graphics.enable32Bit = true; hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; hardware.graphics.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];