emergency commit
This commit is contained in:
parent
562889dd80
commit
548a99ca50
|
@ -11,7 +11,7 @@ in
|
|||
security.rtkit.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
alsaUtils
|
||||
alsa-utils
|
||||
i2c-tools
|
||||
ponymix
|
||||
];
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
|
||||
krebs.brockman = {
|
||||
#systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
|
||||
services.brockman = {
|
||||
enable = true;
|
||||
config = {
|
||||
channel = "#binaergewitter";
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# <SENDUNGSNUMMER>
|
||||
|
||||
-1. in signal "Die letzte sendung ist 10 tage her, wann wollen wir senden?" in 10 Tagen planen
|
||||
0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig)
|
||||
1. `eine` Person anrufen (den Host):
|
||||
- markus madmas@studio.link
|
||||
|
|
|
@ -37,7 +37,6 @@ in {
|
|||
"guest ok" = "yes";
|
||||
};
|
||||
|
||||
sound.enable = true;
|
||||
# connect via https://wiki.nixos.org/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
|
||||
hardware.bluetooth.enable = true;
|
||||
environment.etc."bluetooth/audio.conf".text = ''
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{
|
||||
{pkgs, lib, config, ... }:{
|
||||
# users are super important
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
|
@ -52,8 +52,6 @@
|
|||
defaults.email = "letsencrypt@syntax-fehler.de";
|
||||
acceptTerms = true;
|
||||
};
|
||||
system.stateVersion = lib.mkDefault "23.05";
|
||||
services.postgresql.package = pkgs.postgresql_14;
|
||||
|
||||
boot.kernel.sysctl."kernel.dmesg_restrict" = 0;
|
||||
}
|
||||
|
|
|
@ -8,26 +8,11 @@ with lib;
|
|||
./binary-cache/nixos.nix
|
||||
./minimal.nix
|
||||
./secrets/ssh_server.nix
|
||||
./core.nix
|
||||
# ./overlays/default.nix
|
||||
# ./security/hotfix.nix
|
||||
];
|
||||
|
||||
# users are super important
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
makefu = {
|
||||
uid = 9001;
|
||||
group = "users";
|
||||
home = "/home/makefu";
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
};
|
||||
# nix.settings.trusted-users = [ config.krebs.build.user.name ];
|
||||
nix.settings.experimental-features = [ "flakes" "nix-command" ];
|
||||
|
||||
# boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
||||
|
||||
|
@ -36,46 +21,10 @@ with lib;
|
|||
# dns.providers.lan = "hosts";
|
||||
build.user = config.krebs.users.makefu;
|
||||
};
|
||||
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
git
|
||||
gnumake
|
||||
rxvt_unicode.terminfo
|
||||
htop
|
||||
nix-output-monitor
|
||||
];
|
||||
|
||||
#programs.bash.completion.enable = true;
|
||||
|
||||
environment.shellAliases = {
|
||||
# TODO: see .aliases
|
||||
lsl = "ls -lAtr";
|
||||
ip = "ip -c -br";
|
||||
dmesg = "dmesg -L --reltime";
|
||||
psg = "ps -ef | grep";
|
||||
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
|
||||
grep = "grep --color=auto";
|
||||
};
|
||||
|
||||
nix.extraOptions = ''
|
||||
auto-optimise-store = true
|
||||
'';
|
||||
|
||||
#security.wrappers.sendmail = {
|
||||
# source = "${pkgs.exim}/bin/sendmail";
|
||||
# setuid = true;
|
||||
#};
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
environment.pathsToLink = [ "/share" ];
|
||||
security.acme = {
|
||||
defaults.email = "letsencrypt@syntax-fehler.de";
|
||||
acceptTerms = true;
|
||||
};
|
||||
system.stateVersion = lib.mkDefault "23.05";
|
||||
services.postgresql.package = pkgs.postgresql_14;
|
||||
}
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
{
|
||||
{ config, ... }:{
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
maxHistory = 900001;
|
||||
maxHistoryLength = 900001;
|
||||
database.createLocally = true;
|
||||
# openRegistration = true;
|
||||
};
|
||||
services.postgresql.enable = true;
|
||||
services.nginx.virtualHosts."atuin.euer.krebsco.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://localhost:${config.services.atuin.port}";
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.atuin.port}";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -59,7 +59,7 @@ in {
|
|||
enable = true;
|
||||
configureRedis = true;
|
||||
|
||||
package = pkgs.nextcloud29;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "o.euer.krebsco.de";
|
||||
# Use HTTPS for links
|
||||
https = true;
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein
|
||||
https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
|
||||
https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
|
||||
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
|
||||
https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
|
||||
https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5
|
||||
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
|
||||
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5
|
||||
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5
|
||||
https://www.kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
|
||||
https://www.kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
|
||||
https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
|
||||
https://www.kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
|
||||
https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
|
||||
https://www.kleinanzeigen.de/s-stuttgart/kallax-schublade/k0l9280
|
||||
|
|
|
@ -298,7 +298,7 @@ noremap <leader>p "+gP<CR>
|
|||
noremap XX "+x<CR>
|
||||
|
||||
" Enable mouse for vim
|
||||
set mouse=a
|
||||
set mouse=
|
||||
|
||||
" Buffer nav
|
||||
noremap <leader>z :bp<CR>
|
||||
|
|
|
@ -12,7 +12,7 @@ set background=dark
|
|||
|
||||
set number
|
||||
set relativenumber
|
||||
set mouse=a
|
||||
set mouse=
|
||||
set ignorecase
|
||||
set incsearch
|
||||
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
|
||||
|
|
|
@ -5,6 +5,15 @@ let
|
|||
in
|
||||
{
|
||||
services.nginx = {
|
||||
virtualHosts."cgit.euer" = {
|
||||
serverAliases = [
|
||||
"cgit.gum.r"
|
||||
"git.gum.r"
|
||||
"cgit.makefu.r"
|
||||
"git.makefu.r"
|
||||
];
|
||||
globalRedirect = "cgit.euer.krebsco.de";
|
||||
};
|
||||
virtualHosts.${DOMAIN} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -32,6 +41,7 @@ in
|
|||
ENABLED = true;
|
||||
DEFAULT_ACTIONS_URL = "github";
|
||||
};
|
||||
log.LEVEL = "Warn";
|
||||
# Sending emails is completely optional
|
||||
# You can send a test email from the web UI at:
|
||||
# Profile Picture > Site Administration > Configuration > Mailer Configuration
|
||||
|
@ -44,4 +54,12 @@ in
|
|||
};
|
||||
#mailerPasswordFile = config.sops.secrets.forgejo-mailer-password.path;
|
||||
};
|
||||
|
||||
sops.secrets.forgejo-admin-password.owner = "forgejo";
|
||||
# systemd.services.forgejo.serviceConfig.ReadOnlyPaths = [ config.sops.secrets.forgejo-admin-password ];
|
||||
systemd.services.forgejo.preStart = ''
|
||||
admin="${lib.getExe config.services.forgejo.package} admin user"
|
||||
$admin change-password --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
|
||||
# $admin create --admin --email "makefu@x.r" --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ in
|
|||
# };
|
||||
# displayManager.defaultSession = lib.mkDefault "none+awesome";
|
||||
};
|
||||
environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ];
|
||||
environment.systemPackages = [ pkgs.adwaita-icon-theme ];
|
||||
# lid switch is handled via button presses
|
||||
# services.logind.lidSwitch = lib.mkDefault "ignore";
|
||||
#makefu.awesome.enable = true;
|
||||
|
@ -55,7 +55,7 @@ in
|
|||
packages = with pkgs;[
|
||||
pavucontrol
|
||||
xlockmore
|
||||
rxvt_unicode-with-plugins
|
||||
rxvt-unicode-unwrapped
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ in {
|
|||
{
|
||||
general = {
|
||||
disable_loading_bar = false;
|
||||
grace = 10;
|
||||
# grace = 10;
|
||||
hide_cursor = true;
|
||||
no_fade_in = false;
|
||||
};
|
||||
|
@ -70,16 +70,16 @@ in {
|
|||
settings = {
|
||||
general = {
|
||||
ignore_dbus_inhibit = false;
|
||||
before_sleep_cmd = "loginctl lock-session";
|
||||
# before_sleep_cmd = "hyprlock";
|
||||
after_sleep_cmd = "hyprctl dispatch dpms on";
|
||||
# what to do when `loginctl lock-session` sends dbus lock event
|
||||
lock_cmd = "pidof hyprlock || hyprlock";
|
||||
lock_cmd = "hyprlock";
|
||||
};
|
||||
|
||||
listener = [
|
||||
{
|
||||
timeout = 600;
|
||||
on-timeout = "loginctl lock-session";
|
||||
on-timeout = "hyprlock";
|
||||
}
|
||||
{
|
||||
timeout = 630;
|
||||
|
@ -159,10 +159,10 @@ in {
|
|||
active_opacity = 1.0;
|
||||
inactive_opacity = 1.0;
|
||||
|
||||
drop_shadow = false;
|
||||
shadow_range = 4;
|
||||
shadow_render_power = 3;
|
||||
"col.shadow" = "rgba(1a1a1aee)";
|
||||
#drop_shadow = false;
|
||||
#shadow_range = 4;
|
||||
#shadow_render_power = 3;
|
||||
#"col.shadow" = "rgba(1a1a1aee)";
|
||||
|
||||
blur = {
|
||||
enabled = true;
|
||||
|
@ -220,7 +220,7 @@ in {
|
|||
"$mainMod, R, exec, $menu"
|
||||
"$mainMod, P, pseudo, # dwindle"
|
||||
"$mainMod, J, togglesplit, # dwindle"
|
||||
"$mainMod, L, exec, hyprlock"
|
||||
"$mainMod, L, exec, loginctl lock-session"
|
||||
|
||||
# Move focus with mainMod + arrow keys
|
||||
"$mainMod, left, movefocus, l"
|
||||
|
@ -249,9 +249,8 @@ in {
|
|||
"$mainMod SHIFT, 6, movetoworkspace, 6"
|
||||
"$mainMod SHIFT, 7, movetoworkspace, 7"
|
||||
"$mainMod SHIFT, 8, movetoworkspace, 8"
|
||||
"$mainMod SHIFT, 8, movetoworkspace, 8"
|
||||
"$mainMod SHIFT, 9, movetoworkspace, 9"
|
||||
"$mainMod SHIFT, 10, movetoworkspace, 10"
|
||||
"$mainMod SHIFT, 0, movetoworkspace, 10"
|
||||
# screenshot
|
||||
"$mainMod, Print, exec, grimblast --notify --cursor save area ~/shots/$(date +'%Y-%m-%d-At-%Ih%Mm%Ss').png"
|
||||
",Print, exec, grimblast --notify --cursor copy area"
|
||||
|
|
|
@ -11,6 +11,10 @@ in {
|
|||
name = "Terminus";
|
||||
size = 12;
|
||||
};
|
||||
keybindings = {
|
||||
"shift+insert" = "paste_from_clipboard";
|
||||
"ctrl+c" = "copy_or_interrupt";
|
||||
};
|
||||
settings = {
|
||||
update_check_interval = 0;
|
||||
enable_audio_bell = false;
|
||||
|
|
|
@ -11,4 +11,6 @@ in {
|
|||
settings.email = "makefu@x";
|
||||
};
|
||||
};
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
security.pam.services.hyprland.enableGnomeKeyring = true;
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
"hyprland/window"
|
||||
],
|
||||
"modules-right": [
|
||||
"mpd",
|
||||
// "mpd",
|
||||
"idle_inhibitor",
|
||||
"pulseaudio",
|
||||
"network",
|
||||
|
@ -45,12 +45,12 @@
|
|||
"temperature",
|
||||
"backlight",
|
||||
"keyboard-state",
|
||||
"hyprland/language",
|
||||
// "hyprland/language",
|
||||
"battery",
|
||||
"battery#bat2",
|
||||
// "battery#bat2",
|
||||
"clock",
|
||||
"tray",
|
||||
"custom/power"
|
||||
"tray"
|
||||
// "custom/power"
|
||||
],
|
||||
"keyboard-state": {
|
||||
"numlock": true,
|
||||
|
@ -130,8 +130,9 @@
|
|||
},
|
||||
"backlight": {
|
||||
// "device": "acpi_video1",
|
||||
"format": "{percent}% {icon}",
|
||||
"format-icons": ["", "", "", "", "", "", "", "", ""]
|
||||
//"format": "{percent}% {icon}",
|
||||
"format": "{percent}% ☼"
|
||||
// "format-icons": ["", "", "", "", "", "", "", "", ""]
|
||||
},
|
||||
"battery": {
|
||||
"states": {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
hardware.pulseaudio.enable = lib.mkForce false;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
alsaUtils
|
||||
alsa-utils
|
||||
pulseaudio
|
||||
ponymix
|
||||
];
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries.privatefox = {
|
||||
home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries = {
|
||||
privatefox = {
|
||||
name = "Privatefox";
|
||||
exec = "${pkgs.firefox}/bin/firefox -P Privatefox";
|
||||
};
|
||||
bambu-studio-large = {
|
||||
name = "BambuStudioLarge";
|
||||
exec = toString (pkgs.writers.writeDash "bambu-studio-large" ''
|
||||
GDK_SCALE=2 XCURSOR_SIZE=32 exec ${pkgs.bambu-studio}/bin/bambu-studio
|
||||
'');
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ in {
|
|||
serviceConfig = {
|
||||
SyslogIdentifier = "urxvtd";
|
||||
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd";
|
||||
ExecStart = "${pkgs.rxvt-unicode}/bin/urxvtd";
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
StartLimitBurst = 0;
|
||||
|
|
|
@ -9,7 +9,7 @@ in
|
|||
systemd.services.mausdownload = {
|
||||
startAt = "6:15:00";
|
||||
path = [ pkg ];
|
||||
script = "mausdownload.sh /media/silent/music/kinder/hoerbucher";
|
||||
script = "alldownload.sh /media/silent/music/kinder/podcasts";
|
||||
serviceConfig= {
|
||||
User = "makefu"; # TODO unprivileged user
|
||||
};
|
||||
|
|
|
@ -10,7 +10,7 @@ in {
|
|||
state = [ config ];
|
||||
virtualisation.oci-containers.containers.signal-rest = {
|
||||
image = image;
|
||||
#ports = [ "127.0.0.1:${toString port}:${toString port}" ];
|
||||
ports = [ "127.0.0.1:${toString port}:${toString port}" ];
|
||||
extraOptions = [ "--network=host"];
|
||||
volumes = [
|
||||
"${config}:/home/.local/share/signal-cli"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config,lib, ... }:
|
||||
{ pkgs,config,lib, ... }:
|
||||
let
|
||||
internal-ip = "192.168.111.11";
|
||||
port = 4533;
|
||||
|
@ -12,10 +12,13 @@ in
|
|||
PlaylistsPath = "/media/silent/playlists";
|
||||
Address = "0.0.0.0";
|
||||
};
|
||||
sops.secrets.navidrome-secrets.owner = "navidrome";
|
||||
systemd.services.navidrome = {
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "15";
|
||||
EnvironmentFile = config.sops.secrets.navidrome-secrets.path;
|
||||
ExecStartPre = pkgs.writers.writeDash "lol" "echo LND_LASTFM_APIKEY $ND_LASTFM_APIKEY";
|
||||
BindReadOnlyPaths =
|
||||
[
|
||||
# navidrome uses online services to download additional album metadata / covers
|
||||
|
@ -32,6 +35,7 @@ in
|
|||
];
|
||||
};
|
||||
unitConfig.RequiresMountsFor = [ "/media/silent" ];
|
||||
|
||||
};
|
||||
|
||||
state = [ "/var/lib/navidrome" ];
|
||||
|
|
|
@ -14,10 +14,8 @@
|
|||
# Import | docker-compose exec photoprism photoprism import
|
||||
# -------------------------------------------------------------------
|
||||
let
|
||||
port = "2347";
|
||||
photodir = "/media/cryptX/photos";
|
||||
statedir = "/media/cryptX/lib/photoprism/appsrv";
|
||||
db-dir = "/media/cryptX/lib/photoprism/mysql";
|
||||
port = 2347;
|
||||
originalsPath = "/media/cryptX/photos";
|
||||
internal-ip = "192.168.111.11";
|
||||
in
|
||||
{
|
||||
|
@ -28,7 +26,7 @@ in
|
|||
"fotos" "fotos.lan"
|
||||
];
|
||||
|
||||
locations."/".proxyPass = "http://localhost:${port}";
|
||||
locations."/".proxyPass = "http://localhost:${toString port}";
|
||||
locations."/".proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ( $server_addr != "${internal-ip}" ) {
|
||||
|
@ -36,111 +34,43 @@ in
|
|||
}
|
||||
'';
|
||||
};
|
||||
|
||||
#systemd.services.photoprism-network = {
|
||||
# enable = true;
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# script = ''
|
||||
# ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||:
|
||||
# '';
|
||||
# after = [ "docker.service" ];
|
||||
# before = [
|
||||
# "docker-photoprism.service"
|
||||
# "docker-mysql-photoprism.service"
|
||||
# ];
|
||||
#};
|
||||
|
||||
|
||||
virtualisation.oci-containers.containers.photoprism = {
|
||||
image = "photoprism/photoprism:preview";
|
||||
#ports = ["${port}:${port}" ];
|
||||
volumes = [
|
||||
"${photodir}:/photoprism/originals"
|
||||
"${statedir}:/photoprism/storage"
|
||||
];
|
||||
extraOptions = [
|
||||
"--security-opt" "seccomp=unconfined"
|
||||
"--security-opt" "apparmor=unconfined"
|
||||
#"--network=photoprism"
|
||||
"--network=host"
|
||||
"--device=/dev/dri" # hardware encoding
|
||||
];
|
||||
environment = {
|
||||
PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port
|
||||
PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip)
|
||||
PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages)
|
||||
# PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection)
|
||||
PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality)
|
||||
PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features
|
||||
# PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server
|
||||
PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI
|
||||
PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification
|
||||
PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion
|
||||
PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow)
|
||||
PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive
|
||||
PHOTOPRISM_AUTH_MODE = "password";
|
||||
|
||||
#PHOTOPRISM_DATABASE_DRIVER = "postgres";
|
||||
#PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432";
|
||||
#PHOTOPRISM_DATABASE_NAME = "photoprism";
|
||||
#PHOTOPRISM_DATABASE_USER = "photoprism";
|
||||
#PHOTOPRISM_DATABASE_PASSWORD = "photoprism";
|
||||
|
||||
PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance
|
||||
PHOTOPRISM_DATABASE_SERVER= "localhost:3306" ; # MariaDB database server (hostname:port)
|
||||
PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name
|
||||
|
||||
PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL
|
||||
systemd.services.photoprism.serviceConfig = {
|
||||
SupplementaryGroups = [ "download" "video" "render" ];
|
||||
PrivateDevices = lib.mkForce false;
|
||||
};
|
||||
state = [ "/var/lib/photoprism" ];
|
||||
sops.secrets."omo-photoprism-pw" = {
|
||||
group = "video";
|
||||
mode = "0750";
|
||||
};
|
||||
services.photoprism = {
|
||||
enable = true;
|
||||
inherit port originalsPath;
|
||||
passwordFile = config.sops.secrets."omo-photoprism-pw".path;
|
||||
storagePath = "/var/lib/photoprism";
|
||||
settings = {
|
||||
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
|
||||
PHOTOPRISM_SITE_CAPTION = "FeMi Fotos";
|
||||
PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos";
|
||||
PHOTOPRISM_SITE_AUTHOR = "FeMi";
|
||||
PHOTOPRISM_SPONSOR = "true";
|
||||
PHOTOPRISM_DEFAULT_LOCALE = "de";
|
||||
PHOTOPRISM_READONLY = "false";
|
||||
|
||||
# Hardware encoding
|
||||
PHOTOPRISM_FFMPEG_ENCODER = "intel";
|
||||
PHOTOPRISM_INIT = "intel";
|
||||
|
||||
|
||||
};
|
||||
environmentFiles = [
|
||||
config.sops.secrets."omo-photoprism-envfile".path
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.mysql-photoprism = {
|
||||
image = "mariadb:10.5";
|
||||
extraOptions = [
|
||||
"--security-opt" "seccomp=unconfined"
|
||||
"--security-opt" "apparmor=unconfined"
|
||||
#"--network=photoprism"
|
||||
"--network=host"
|
||||
];
|
||||
#ports = [ "3306:3306" ]; # no need to expose the database
|
||||
#cmd = [ "mysqld"
|
||||
# "--transaction-isolation=READ-COMMITTED"
|
||||
# "--character-set-server=utf8mb4"
|
||||
# "--collation-server=utf8mb4_unicode_ci"
|
||||
# "--max-connections=512"
|
||||
# "--innodb-rollback-on-timeout=OFF"
|
||||
# "--innodb-lock-wait-timeout=50"
|
||||
#];
|
||||
volumes= [ "${db-dir}:/var/lib/mysql" ];
|
||||
environmentFiles = [
|
||||
config.sops.secrets."omo-photoprism-envfile".path
|
||||
];
|
||||
environment = {
|
||||
MYSQL_DATABASE= "photoprism";
|
||||
PHOTOPRISM_DEBUG = "false";
|
||||
PHOTOPRISM_EXPERIMENTAL = "true";
|
||||
PHOTOPRISM_DISABLE_SETTINGS = "false";
|
||||
PHOTOPRISM_DISABLE_TENSORFLOW = "false";
|
||||
PHOTOPRISM_DARKTABLE_PRESETS = "false";
|
||||
PHOTOPRISM_DETECT_NSFW = "false";
|
||||
PHOTOPRISM_UPLOAD_NSFW = "true";
|
||||
PHOTOPRISM_AUTH_MODE = "password";
|
||||
PHOTOPRISM_ADMIN_USER = "admin";
|
||||
PHOTOPRISM_SITE_URL = "http://192.168.111.11:2342/"; # Public PhotoPrism URL
|
||||
};
|
||||
};
|
||||
#virtualisation.oci-containers.containers.postgres-prism = {
|
||||
# image = "postgres:12-alpine";
|
||||
# ports = [ "5432" ]; # no need to expose the database
|
||||
# environment = {
|
||||
# POSTGRES_DB = "photoprism";
|
||||
# POSTGRES_USER = "photoprism";
|
||||
# POSTGRES_PASSWORD = "photoprism";
|
||||
# };
|
||||
#};
|
||||
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
extraGroups = [ "networkmanager" ];
|
||||
packages = with pkgs;[
|
||||
networkmanagerapplet
|
||||
gnome3.gnome-keyring dconf
|
||||
gnome-keyring dconf
|
||||
];
|
||||
};
|
||||
networking.wireless.enable = lib.mkForce false;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.upower.enable = true;
|
||||
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
|
||||
users.users.makefu.packages = [ pkgs.gnome-power-manager ];
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [ kdeconnect ];
|
||||
environment.systemPackages = with pkgs; [ plasma5Packages.kdeconnect-kde ];
|
||||
networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ in {
|
|||
./gui/base.nix
|
||||
# ./gui/look-up.nix
|
||||
./fetchWallpaper.nix
|
||||
./zsh-user.nix
|
||||
./zsh
|
||||
./tools/core.nix
|
||||
./tools/core-gui.nix
|
||||
./gui/automatic-diskmount.nix
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, config, ... }:
|
||||
{
|
||||
# lassulus network
|
||||
clan.networking.zerotier = {
|
||||
clan.core.networking.zerotier = {
|
||||
networkId = "ccc5da5295c853d4";
|
||||
name = "nether";
|
||||
};
|
||||
|
|
|
@ -17,11 +17,16 @@ in {
|
|||
|
||||
users.users."${mainUser}".extraGroups = [ "scanner" "lp" ];
|
||||
|
||||
services.udev.packages = [ pkgs.utsushi ];
|
||||
# scanners are printers just in reverse anyway
|
||||
services.saned.enable = true;
|
||||
|
||||
# network scan
|
||||
services.avahi.enable = true;
|
||||
services.avahi.nssmdns4 = true;
|
||||
hardware.sane = {
|
||||
enable = true;
|
||||
extraBackends = [ ];
|
||||
extraBackends = [ pkgs.epkowa pkgs.utsushi ];
|
||||
extraConfig.xerox_mfp = ''
|
||||
usb 0x04e8 0x3441
|
||||
'';
|
||||
|
|
|
@ -21,15 +21,12 @@ in {
|
|||
"valid users" = "download";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
# guest account = smbguest
|
||||
# map to guest = bad user
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
settings.global = {
|
||||
"load printers" = "no";
|
||||
"printing" = "bsd";
|
||||
"printcap name" = "/dev/null";
|
||||
"disable spoolss" = "yes";
|
||||
};
|
||||
};
|
||||
networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ];
|
||||
networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ];
|
||||
|
|
|
@ -17,7 +17,7 @@ in {
|
|||
"uid=${toString config.users.users.download.uid}"
|
||||
"gid=${toString config.users.groups.download.gid}"
|
||||
"vers=3"
|
||||
#"vers=2.1"
|
||||
"fsc"
|
||||
"rsize=65536"
|
||||
"wsize=130048"
|
||||
"iocharset=utf8"
|
||||
|
|
|
@ -101,17 +101,17 @@ in {
|
|||
# "guest ok" = "yes";
|
||||
#};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
settings.global = {
|
||||
"guest account" = "smbguest";
|
||||
"map to guest" = "bad user";
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
workgroup = WORKGROUP
|
||||
server string = ${config.networking.hostName}
|
||||
netbios name = ${config.networking.hostName}
|
||||
'';
|
||||
"load printers" = "no";
|
||||
"printing" = "bsd";
|
||||
"printcap name" = "/dev/null";
|
||||
"disable spoolss" = "yes";
|
||||
"workgroup" = "WORKGROUP";
|
||||
"server string" = config.networking.hostName;
|
||||
"netbios name" = config.networking.hostName;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -34,14 +34,14 @@
|
|||
"guest ok" = "no";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
settings.global = {
|
||||
"guest account" = "smbguest";
|
||||
"map to guest" = "bad user";
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
"load printers" = "no";
|
||||
"printing" = "bsd";
|
||||
"printcap name" = "/dev/null";
|
||||
"disable spoolss" = "yes" ;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ in {
|
|||
devices = (mk_peers used_peers) // {
|
||||
makefu-phone.id = "YP57S7C-4U7PTEV-7PNVREJ-574YUTC-XMZ6TH5-P7UL5IJ-VYGW7GV-Z6QYOQR";
|
||||
makefu-ebook.id = "RRNPQ7N-BUGZUKX-EU7VSDJ-Z5BTW33-55DOSF4-RJXWV7W-BL7TUHT-TV7EJQN";
|
||||
makefu-tablet-medion.id = "RRJGBJC-B4WHTRY-MGFWEZU-JLTQWM6-M5N3CWM-MDSVVYC-LP67NM2-B3ZK4AI";
|
||||
gum.id = "463N4HM-LFU3ARM-M7YU6O5-7FAVRIZ-WUOX5FN-C6A3XLZ-UCDUXQ5-2MVXDA6";
|
||||
x.id = "ETMOWBT-XOYB7LJ-J4OKD7U-WHBEAP5-MPAHKXM-O4GGRKM-WERF7R4-MRS7EAU"; # override config for x
|
||||
omo.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.cachefilesd.enable = true;
|
||||
systemd.services.download-sync = {
|
||||
# startAt = "hourly";
|
||||
startAt = "*:0/30"; # 30 minutes
|
||||
path = [ pkgs.rsync ];
|
||||
script = ''
|
||||
rsync -a --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/.
|
||||
rsync -a --size-only --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/.
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "download";
|
||||
|
|
|
@ -1,5 +1,12 @@
|
|||
{
|
||||
services.syncthing.user = "download";
|
||||
systemd.services.syncthing = {
|
||||
environment.GOMEMLIMIT = "400MiB";
|
||||
serviceConfig = {
|
||||
MemoryHigh="750M";
|
||||
MemoryMax="1G";
|
||||
};
|
||||
};
|
||||
services.syncthing.settings.folders = {
|
||||
manga = {
|
||||
path = "/media/cloud/sync/manga/";
|
||||
|
@ -11,10 +18,12 @@
|
|||
id = "makefu-audiobooks";
|
||||
devices = [ "omo" "makefu-phone" "x" ];
|
||||
};
|
||||
download = {
|
||||
path = "/media/cloud/download/";
|
||||
id = "makefu-download";
|
||||
devices = [ "omo" ];
|
||||
};
|
||||
#download = {
|
||||
# path = "/media/cloud/download/";
|
||||
# id = "makefu-download";
|
||||
# #config.fsWatcherEnabled = false;
|
||||
# #config.rescanIntervalS = 300;
|
||||
# devices = [ "omo" ];
|
||||
#};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,10 +15,15 @@
|
|||
id = "makefu-audiobooks";
|
||||
devices = [ "omo" "gum" "makefu-phone" "x" ];
|
||||
};
|
||||
download = {
|
||||
path = "/media/crypt1/download";
|
||||
id = "makefu-download";
|
||||
devices = [ "gum" ];
|
||||
sync-photos = {
|
||||
path = "/media/cryptX/photos/photoframe";
|
||||
id = "makefu-photoframe";
|
||||
devices = [ "makefu-tablet-medion" ];
|
||||
};
|
||||
#download = {
|
||||
# path = "/media/crypt1/download";
|
||||
# id = "makefu-download";
|
||||
# devices = [ "gum" ];
|
||||
#};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
|
||||
#systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
|
||||
|
||||
services.rss-bridge = {
|
||||
enable = true;
|
||||
|
@ -7,7 +7,7 @@
|
|||
virtualHost = "rss.makefu.r";
|
||||
};
|
||||
|
||||
krebs.brockman = {
|
||||
services.brockman = {
|
||||
enable = true;
|
||||
config = {
|
||||
channel = "#systemdultras";
|
||||
|
|
|
@ -50,7 +50,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
|
|||
parallel
|
||||
proot
|
||||
|
||||
rxvt_unicode.terminfo
|
||||
rxvt-unicode-unwrapped.terminfo
|
||||
|
||||
# TODO: missing stockholm overlay
|
||||
# kpaste
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
hydra-check
|
||||
# git-related
|
||||
git-preview
|
||||
jujutsu
|
||||
tig
|
||||
# (pkgs.callPackage ./init-host {})
|
||||
# used more than once
|
||||
|
|
|
@ -15,6 +15,12 @@
|
|||
# cura
|
||||
bambu-studio
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
1990 2021 # bambu-studio ssdp
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
8883 6000 # bambu-studio lan mode
|
||||
];
|
||||
xdg.portal.enable = true;
|
||||
#xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
users.users.makefu.packages = with pkgs; [
|
||||
aria2
|
||||
# mitmproxy
|
||||
python3Packages.binwalk-full
|
||||
binwalk
|
||||
dnsmasq
|
||||
iodine
|
||||
mtr
|
||||
|
|
|
@ -22,8 +22,8 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||
ip6 = "${pkgs.iptables}/bin/ip6tables";
|
||||
in {
|
||||
ips =
|
||||
(optional (!isNull self.ip4) self.ip4.addr) ++
|
||||
(optional (!isNull self.ip6) self.ip6.addr);
|
||||
(optional (!isNull self.ip4) (self.ip4.addr + "/32")) ++
|
||||
(optional (!isNull self.ip6) (self.ip6.addr + "/128"));
|
||||
listenPort = self.wireguard.port;
|
||||
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path;
|
||||
allowedIPsAsRoutes = true;
|
||||
|
|
|
@ -35,10 +35,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||
services.dnsmasq = {
|
||||
enable = true;
|
||||
resolveLocalQueries = false;
|
||||
extraConfig = /* dnsmasq */ ''
|
||||
bind-interfaces
|
||||
interface=retiolum,wiregrill
|
||||
'';
|
||||
settings = {
|
||||
bind-interfaces = true;
|
||||
interface = "retiolum,wiregrill";
|
||||
};
|
||||
servers = [ "1.1.1.1" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
{
|
||||
home-manager.users.makefu.programs.atuin = {
|
||||
enable = true;
|
||||
flags = [ "--disable-up-arrow" ];
|
||||
daemon.enable = true;
|
||||
settings = {
|
||||
auto_sync = true;
|
||||
sync_address = "https://atuin.euer.krebsco.de";
|
||||
search_mode = "prefix";
|
||||
# fuzzy,fulltext
|
||||
search_mode = "fulltext";
|
||||
# fuzzy,fulltext,prefix
|
||||
update_check = false;
|
||||
# filter_mode = "host";
|
||||
filter_mode = "global";
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
, xorg
|
||||
, gst_all_1
|
||||
, krb5
|
||||
, alsaLib
|
||||
, alsa-lib
|
||||
}:
|
||||
# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ autoPatchelfHook ];
|
||||
|
||||
buildInputs = with xorg; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm
|
||||
libxkbcommon libpulseaudio alsaLib
|
||||
libxkbcommon libpulseaudio alsa-lib
|
||||
xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms
|
||||
gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{stdenv, lib, alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}:
|
||||
{stdenv, lib, alsaToolTarget,fetchurl, alsa-lib, ncurses, fltk13, gtk3}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "alsa-${alsaToolTarget}-${version}";
|
||||
|
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
|
||||
};
|
||||
sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
|
||||
buildInputs = [ alsaLib fltk13 gtk3 ncurses ];
|
||||
buildInputs = [ alsa-lib fltk13 gtk3 ncurses ];
|
||||
|
||||
meta = {
|
||||
homepage = http://www.alsa-project.org/;
|
||||
|
|
|
@ -41,7 +41,6 @@ in {
|
|||
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
|
||||
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
|
||||
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
|
||||
brother_ql_web = (builtins.getFlake "github:makefu/brother_ql_web?rev=a3f8625f48111da8cd6f8e562c966cdca445b82d").packages.x86_64-linux.default;
|
||||
qcma = prev.libsForQt5.callPackage ./custom/qcma { };
|
||||
inherit (callPackage ./devpi {}) devpi-web ;
|
||||
nodemcu-uploader = prev.pkgs.callPackage ./nodemcu-uploader {};
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ stdenv
|
||||
, lib
|
||||
, fetchurl
|
||||
, alsaLib
|
||||
, alsa-lib
|
||||
, unzip
|
||||
, openssl
|
||||
, zlib
|
||||
|
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
|
|||
];
|
||||
sourceRoot = ".";
|
||||
buildInputs = [
|
||||
alsaLib
|
||||
alsa-lib
|
||||
openssl
|
||||
zlib
|
||||
pulseaudio
|
||||
|
|
608
flake.lock
608
flake.lock
File diff suppressed because it is too large
Load diff
|
@ -51,7 +51,7 @@
|
|||
inventory4ce.inputs.nixpkgs.follows = "nixpkgs";
|
||||
inventory4ce.inputs.poetry2nix.follows = "poetry2nix";
|
||||
|
||||
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
|
||||
lanzaboote.url = "github:nix-community/lanzaboote";
|
||||
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
|
||||
lanzaboote.inputs.flake-parts.follows = "flake-parts";
|
||||
#lanzaboote.inputs.pre-commit-hooks-nix.follows = "";
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
primaryInterface = "eth0";
|
||||
primaryInterface = "end0";
|
||||
in {
|
||||
imports = [
|
||||
./hardware-config.nix
|
||||
../../2configs
|
||||
../../2configs/home-manager
|
||||
../../2configs/home/3dprint
|
||||
../../2configs/home/zigbee/cake.nix
|
||||
#./hardware-config.nix
|
||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
|
||||
# ../../2configs/tools/core.nix
|
||||
|
@ -14,7 +14,7 @@ in {
|
|||
#../../2configs/support-nixos.nix
|
||||
# ../../2configs/homeautomation/default.nix
|
||||
# ../../2configs/homeautomation/google-muell.nix
|
||||
../../2configs/hw/pseyecam.nix
|
||||
#../../2configs/hw/pseyecam.nix
|
||||
# configure your hw:
|
||||
# ../../2configs/save-diskspace.nix
|
||||
|
||||
|
|
|
@ -16,18 +16,18 @@ in {
|
|||
# systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
|
||||
systemd.services.samba-smbd.wantedBy = lib.mkForce [];
|
||||
}
|
||||
{
|
||||
users.users.lass = {
|
||||
uid = 19002;
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
makefu.pubkey
|
||||
];
|
||||
};
|
||||
}
|
||||
#{
|
||||
# users.users.lass = {
|
||||
# uid = 19002;
|
||||
# isNormalUser = true;
|
||||
# createHome = true;
|
||||
# useDefaultShell = true;
|
||||
# openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
# lass.pubkey
|
||||
# makefu.pubkey
|
||||
# ];
|
||||
# };
|
||||
#}
|
||||
../../2configs
|
||||
|
||||
../../2configs/nur.nix
|
||||
|
@ -49,10 +49,10 @@ in {
|
|||
# ../../2configs/tools/sec.nix
|
||||
# ../../2configs/tools/desktop.nix
|
||||
|
||||
../../2configs/zsh-user.nix
|
||||
../../2configs/zsh
|
||||
../../2configs/mosh.nix
|
||||
# ../../2configs/disable_v6.nix
|
||||
../../2configs/storj/forward-port.nix
|
||||
# ../../2configs/storj/forward-port.nix
|
||||
# ../../2configs/gui/xpra.nix
|
||||
|
||||
# networking
|
||||
|
@ -92,17 +92,19 @@ in {
|
|||
|
||||
# ci
|
||||
# ../../2configs/exim-retiolum.nix
|
||||
../../2configs/git/cgit-retiolum.nix
|
||||
# ../../2configs/git/cgit-retiolum.nix
|
||||
../../2configs/git/forgejo.nix
|
||||
|
||||
### systemdUltras ###
|
||||
../../2configs/systemdultras/ircbot.nix
|
||||
|
||||
###### Shack #####
|
||||
# ../../2configs/shack/events-publisher
|
||||
# ../../2configs/shack/gitlab-runner
|
||||
|
||||
|
||||
../../2configs/remote-build/slave.nix
|
||||
# ../../2configs/deployment/buildbot/master.nix
|
||||
../../2configs/deployment/atuin.nix
|
||||
|
||||
# ../../2configs/remote-build/slave.nix
|
||||
# ../../2configs/remote-build/aarch64-community.nix
|
||||
../../2configs/taskd.nix
|
||||
|
||||
|
@ -130,7 +132,7 @@ in {
|
|||
## network
|
||||
# ../../2configs/vpn/openvpn-server.nix
|
||||
# ../../2configs/vpn/vpnws/server.nix
|
||||
../../2configs/binary-cache/server.nix
|
||||
# ../../2configs/binary-cache/server.nix
|
||||
{ makefu.backup.server.repo = "/var/backup/borg"; }
|
||||
../../2configs/backup/server.nix
|
||||
../../2configs/backup/state.nix
|
||||
|
@ -149,11 +151,10 @@ in {
|
|||
../../2configs/deployment/rss/rss.euer.krebsco.de.nix # postgres backend
|
||||
../../2configs/deployment/rss/ratt.nix
|
||||
|
||||
../../2configs/deployment/ntfysh.nix
|
||||
# ../../2configs/deployment/ntfysh.nix
|
||||
../../2configs/deployment/nextcloud #postgres backend
|
||||
../../2configs/deployment/nextcloud/screeenly.nix
|
||||
# ../../2configs/deployment/nextcloud/screeenly.nix
|
||||
|
||||
../../2configs/deployment/buildbot/master.nix
|
||||
# ../../2configs/deployment/buildbot/worker.nix
|
||||
### Moving owncloud data dir to /media/cloud/nextcloud-data
|
||||
{
|
||||
|
@ -191,7 +192,7 @@ in {
|
|||
#../../2configs/deployment/owncloud.nix
|
||||
# ../../2configs/deployment/board.euer.krebsco.de.nix
|
||||
#../../2configs/deployment/feed.euer.krebsco.de
|
||||
../../2configs/deployment/boot-euer.nix
|
||||
# ../../2configs/deployment/boot-euer.nix
|
||||
../../2configs/deployment/gecloudpad
|
||||
#../../2configs/deployment/docker/archiveteam-warrior.nix
|
||||
../../2configs/deployment/mediengewitter.de.nix
|
||||
|
@ -200,7 +201,7 @@ in {
|
|||
|
||||
../../2configs/deployment/wiki.euer.nix
|
||||
|
||||
../../2configs/shiori.nix
|
||||
# ../../2configs/shiori.nix
|
||||
#../../2configs/workadventure
|
||||
|
||||
../../2configs/bgt/download.binaergewitter.de.nix
|
||||
|
@ -227,25 +228,11 @@ in {
|
|||
# krebs infrastructure services
|
||||
# ../../2configs/stats/server.nix
|
||||
];
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
|
||||
# makefu.dl-dir = "/var/download";
|
||||
makefu.dl-dir = "/media/cloud/download/finished";
|
||||
|
||||
###### stable
|
||||
security.acme.certs."cgit.euer.krebsco.de" = {
|
||||
email = "letsencrypt@syntax-fehler.de";
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
group = "nginx";
|
||||
};
|
||||
services.nginx.virtualHosts."cgit" = {
|
||||
serverAliases = [ "cgit.euer.krebsco.de" ];
|
||||
addSSL = true;
|
||||
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
|
||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
||||
root /var/lib/acme/acme-challenge;
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
||||
|
@ -254,7 +241,7 @@ in {
|
|||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
80 443
|
||||
28967 # storj
|
||||
# 28967 # storj
|
||||
];
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
|
@ -263,4 +250,5 @@ in {
|
|||
};
|
||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||
state = [ "/home/makefu/.weechat" ];
|
||||
clan.networking.targetHost = "root@gum.i";
|
||||
}
|
||||
|
|
|
@ -2,10 +2,14 @@
|
|||
{
|
||||
|
||||
imports =
|
||||
[ ./network.nix
|
||||
[
|
||||
./network.nix
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
./single-disk-ext4.nix
|
||||
|
||||
];
|
||||
zramSwap.enable = true;
|
||||
zramSwap.memoryPercent = 75;
|
||||
# Disk
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.uki.tries = 3;
|
||||
|
@ -13,39 +17,7 @@
|
|||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "rpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "rpool/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "rpool/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
zramSwap.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
networking.hostId = "3150697b"; # required for zfs use
|
||||
boot.tmp.useTmpfs = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.copyKernels = true;
|
||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
||||
boot.kernelParams = [
|
||||
"zfs.zfs_arc_max=1073741824"
|
||||
"boot.shell_on_fail"
|
||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
||||
];
|
||||
|
|
53
machines/gum/hetznercloud/olddefault.nix
Normal file
53
machines/gum/hetznercloud/olddefault.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{
|
||||
|
||||
imports =
|
||||
[ ./network.nix
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
# Disk
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.uki.tries = 3;
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "rpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "rpool/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "rpool/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sda1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
# zramSwap.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
networking.hostId = "3150697b"; # required for zfs use
|
||||
# boot.tmp.useTmpfs = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.copyKernels = true;
|
||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
||||
boot.kernelParams = [
|
||||
#"zfs.zfs_arc_max=1073741824" # 1gb
|
||||
"zfs.zfs_arc_max=134217728" # 128mb
|
||||
"boot.shell_on_fail"
|
||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
||||
];
|
||||
}
|
|
@ -1,25 +1,33 @@
|
|||
{ disk ? "/dev/sda", ... }: {
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
{ ... }: {
|
||||
#boot.loader.efi.canTouchEfiVariables = true;
|
||||
#boot.loader.systemd-boot.enable = true;
|
||||
#boot.loader.grub.device = "/dev/sda";
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.copyKernels = true;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
|
||||
disko.devices = {
|
||||
disk = {
|
||||
disk1 = {
|
||||
device = disk;
|
||||
main = {
|
||||
type = "disk";
|
||||
# device = disk;
|
||||
device = "/dev/sda";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
boot = { # required for embedding grub
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
priority = 1;
|
||||
};
|
||||
ESP = {
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
#start = "1M";
|
||||
type = "EF00";
|
||||
end = "1G";
|
||||
bootable = true;
|
||||
priority = 2;
|
||||
size = "1G";
|
||||
# bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
|
@ -27,24 +35,28 @@
|
|||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
size = "4G";
|
||||
#size = "100%";
|
||||
#end = "-4G";
|
||||
priority = 3;
|
||||
content = {
|
||||
type = "swap";
|
||||
priority = 1; # lowest prio
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
start = "500MiB";
|
||||
end = "-4G";
|
||||
part-type = "primary";
|
||||
priority = 4;
|
||||
#start = "1G";
|
||||
#end = "-4G";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
size = "4G";
|
||||
content = {
|
||||
type = "swap";
|
||||
priority = 1; # lowest prio
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{ pkgs, modulesPath, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
|
||||
../../2configs
|
||||
../../2configs/core.nix
|
||||
|
||||
];
|
||||
# start sshd in any case
|
||||
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
||||
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
|
||||
|
||||
krebs.build.host.name = "liveiso";
|
||||
}
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
|
||||
# New machine!
|
||||
}
|
|
@ -13,6 +13,12 @@ in {
|
|||
../../2configs/default.nix
|
||||
../../2configs/support-nixos.nix
|
||||
../../2configs/nur.nix
|
||||
{
|
||||
systemd.coredump.extraConfig = ''
|
||||
Storage=none
|
||||
ProcessSizeMax=0
|
||||
'';
|
||||
}
|
||||
{
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
|
@ -34,7 +40,7 @@ in {
|
|||
### systemdUltras ###
|
||||
../../2configs/systemdultras/ircbot.nix
|
||||
|
||||
../../2configs/zsh-user.nix
|
||||
../../2configs/zsh
|
||||
../../2configs/home-manager
|
||||
../../2configs/home-manager/cli.nix
|
||||
../../2configs/editor/neovim
|
||||
|
@ -49,7 +55,7 @@ in {
|
|||
# ../../2configs/smart-monitor.nix
|
||||
../../2configs/mail-client.nix
|
||||
../../2configs/mosh.nix
|
||||
../../2configs/nix-ld.nix
|
||||
#../../2configs/nix-ld.nix
|
||||
../../2configs/tools/core.nix
|
||||
../../2configs/tools/dev.nix
|
||||
../../2configs/tools/desktop.nix
|
||||
|
@ -63,8 +69,10 @@ in {
|
|||
|
||||
../../2configs/share
|
||||
../../2configs/share/omo.nix
|
||||
../../2configs/share/gum-client.nix
|
||||
../../2configs/share/hetzner-client.nix
|
||||
#../../2configs/share/gum-client.nix
|
||||
../../2configs/sync
|
||||
../../2configs/sync/omo-download-sync.nix
|
||||
../../2configs/sync/share/omo.nix
|
||||
|
||||
../../2configs/wireguard/wiregrill-client.nix
|
||||
|
@ -123,7 +131,7 @@ in {
|
|||
../../2configs/home/metube.nix
|
||||
# ../../2configs/home/ham
|
||||
../../2configs/home/ham/docker.nix
|
||||
../../2configs/home/zigbee2mqtt
|
||||
../../2configs/home/zigbee/omo.nix
|
||||
../../2configs/home/streams.nix
|
||||
../../2configs/home/esphome.nix
|
||||
../../2configs/home/audio-dl.nix
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
vaapi = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
in
|
||||
{
|
||||
hardware.opengl = {
|
||||
# 2024-08-18: https://wiki.nixos.org/wiki/Jellyfin
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
};
|
||||
hardware.graphics = { # hardware.opengl in 24.05
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
vaapi # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
intel-media-driver
|
||||
intel-vaapi-driver # previously vaapiIntel
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
|
||||
vpl-gpu-rt # QSV on 11th gen or newer
|
||||
intel-media-sdk # QSV up to 11th gen
|
||||
];
|
||||
};
|
||||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapi ];
|
||||
environment.systemPackages = [ pkgs.libva-utils ];
|
||||
|
||||
}
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
# Tools
|
||||
../../2configs/tools/core.nix
|
||||
../../2configs/zsh-user.nix
|
||||
../../2configs/zsh
|
||||
../../2configs/mosh.nix
|
||||
# Networking
|
||||
../../2configs/tinc/retiolum.nix
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
# ../../2configs/rad1o.nix
|
||||
|
||||
../../2configs/zsh-user.nix
|
||||
../../2configs/zsh
|
||||
../../2configs/home-manager
|
||||
../../2configs/home-manager/desktop.nix
|
||||
../../2configs/home-manager/cli.nix
|
||||
|
|
|
@ -14,7 +14,7 @@ in {
|
|||
../../2configs/networking/zerotier.nix
|
||||
../../2configs/home-manager
|
||||
../../2configs/support-nixos.nix
|
||||
../../2configs/zsh-user.nix
|
||||
../../2configs/zsh
|
||||
../../2configs/tools/core.nix
|
||||
# ../../2configs/disable_v6.nix
|
||||
../../2configs/tools/core-gui.nix
|
||||
|
|
|
@ -2,10 +2,14 @@
|
|||
{
|
||||
imports =
|
||||
[
|
||||
|
||||
# ./x230
|
||||
./x13
|
||||
{
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"jitsi-meet-1.0.8043"
|
||||
];
|
||||
}
|
||||
# do not build in tmpfs
|
||||
{ systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";}
|
||||
|
||||
|
@ -37,6 +41,7 @@
|
|||
../../2configs/home-manager/taskwarrior.nix
|
||||
|
||||
../../2configs/main-laptop.nix
|
||||
../../2configs/zsh/atuin.nix
|
||||
../../2configs/kdeconnect.nix
|
||||
../../2configs/extra-fonts.nix
|
||||
../../2configs/editor/neovim
|
||||
|
@ -264,6 +269,7 @@
|
|||
"aarch64-linux"
|
||||
];
|
||||
|
||||
|
||||
# services.syncthing.user = lib.mkForce "makefu";
|
||||
# services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
#boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
#hardware.opengl.driSupport = true;
|
||||
hardware.graphics.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
|
||||
hardware.graphics.extraPackages = with pkgs; [ amdvlk rocmPackages.clr.icd rocmPackages.clr ];
|
||||
# For 32 bit applications
|
||||
hardware.graphics.enable32Bit = true;
|
||||
hardware.graphics.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
|
||||
|
|
Loading…
Reference in a new issue