nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

huge cleanup

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-11-09 19:48:52 +01:00
parent c19c270775
commit 104d1334df
35 changed files with 1314 additions and 2521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configuration.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, inputs, ... }:
{ pkgs, inputs, lib, host, ... }:
{
imports = [
imports = ([
inputs.sops-nix.nixosModules.sops
./system-modules/auto-mount.nix
./system-modules/hardware-configuration.nix
@@ -26,7 +26,6 @@
./system-modules/kodi.nix
./system-modules/networking.nix
./system-modules/nvidia.nix
./system-modules/nx2site.nix
./system-modules/ollama.nix
./system-modules/qmk.nix
./system-modules/sops.nix
@@ -36,8 +35,12 @@
./system-modules/users.nix
./system-modules/virtualisation.nix
./system-modules/ydotool.nix
]) ++ (if (host == "NxACE") then [
./system-modules/nx2site.nix
./system-modules/nx2site/proxy.nix
];
# ./system-modules/nx2site/gitea.nix
# ./system-modules/nx2site/vaultwarden.nix
] else []);
# Set your time zone.
time.timeZone = "Europe/Berlin";

6
flake.nix
View File

@@ -22,6 +22,7 @@
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-latest, home-manager, ... }@inputs: let
system = "x86_64-linux";
user = "nx2";
domain = "nx2.site";
config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
@@ -42,7 +43,7 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs user host pkgs-unstable pkgs-latest secrets rice nvidia; };
in { inherit inputs user host domain pkgs-unstable pkgs-latest secrets rice nvidia; };
};
in {
NxXPS = make-nixos-system "NxXPS";
@@ -59,13 +60,12 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs system user host pkgs-unstable pkgs-latest rice secrets nvidia; };
in { inherit inputs system user host domain pkgs-unstable pkgs-latest rice secrets nvidia; };
};
in {
"${user}@NxXPS" = make-home-configuration "NxXPS" user;
"${user}@NxNORTH" = make-home-configuration "NxNORTH" user;
"${user}@NxACE" = make-home-configuration "NxACE" user;
"tv@NxACE" = make-home-configuration "NxACE" "tv";
};
};
}

12
home-modules/bash.nix
View File

@@ -1,9 +1,5 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ ... }:
{
home.packages = with pkgs; [
bash
];
programs.bash = {
enable = true;
shellAliases = {
@@ -19,11 +15,5 @@ lib.mkIf (user != "tv")
"checkjobs"
];
enableCompletion = false;
# initExtra = ''
# if [[ $- == *i* ]] # if interactive
# then
# eval "$(${pkgs.starship}/bin/starship init bash)"
# fi
# '';
};
}

2055
home-modules/chatterino.nix
View File

File diff suppressed because it is too large Load Diff

1
home-modules/direnv.nix
View File

@@ -1,5 +1,4 @@
{ lib, user, ... }:
lib.mkIf (user != "tv")
{
programs = {
direnv = {

1
home-modules/fish.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, rice, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
fish

270
home-modules/foot.nix
View File

@@ -1,270 +0,0 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
foot
];
programs.foot = {
enable = true;
# background = rice.color.background;
# foreground = rice.color.foreground;
# cursor = rice.color.foreground;
# color0 = rice.color.black.base;
# color8 = rice.color.black.bright;
# color1 = rice.color.red.base;
# color9 = rice.color.red.bright;
# color2 = rice.color.green.base;
# color10 = rice.color.green.bright;
# color3 = rice.color.yellow.base;
# color11 = rice.color.yellow.bright;
# color4 = rice.color.blue.base;
# color12 = rice.color.blue.bright;
# color5 = rice.color.magenta.base;
# color13 = rice.color.magenta.bright;
# color6 = rice.color.cyan.base;
# color14 = rice.color.cyan.bright;
# color7 = rice.color.white.base;
# color15 = rice.color.white.bright;
# background_opacity = builtins.toString rice.transparency;
# window_padding_width = 5;
# remember_window_size = false;
# settings = {
# main = {
# shell = ''$SHELL (if set, otherwise user's default shell from /etc/passwd)'';
# term = ''foot (or xterm-256color if built with -Dterminfo=disabled)'';
# login-shell = ''no'';
# # app-id = ''foot'';
# title = ''foot'';
# locked-title = ''no'';
# font = ''${rice.font.code.name}:size=8'';
# font-size-adjustment = ''0.5'';
# line-height = "<font metrics>";
# letter-spacing = ''0'';
# horizontal-letter-offset = ''0'';
# vertical-letter-offset = ''0'';
# underline-offset = "<font metrics>";
# underline-thickness = "<font underline thickness>";
# # box-drawings-uses-font-glyphs = "no";
# # dpi-aware = ''no'';
# # initial-window-size-pixels = ''700x500'';
# # initial-window-size-chars = "<COLSxROWS>";
# # initial-window-mode = ''windowed'';
# pad = ''5x5'';
# resize-by-cells = ''yes'';
# resize-keep-grid = ''yes'';
# resize-delay-ms = ''100'';
# # bold-text-in-bright = false;
# word-delimiters = '',│`|:"'()[]{}<>'';
# selection-target = ''primary'';
# workers = "<number of logical CPUs>";
# utmp-helper = ''/usr/lib/utempter/utempter'';
# # environment = {
# # name = ''value'';
# # };
# };
# bell = {
# urgent = ''no'';
# notify = ''no'';
# visual = ''no'';
# command = '''';
# command-focused = ''no'';
# };
# desktop-notifications = {
# command = ''notify-send --wait --app-name ''${app-id} --icon ''${app-id} --category ''${category} --urgency ''${urgency} --expire-time ''${expire-time} --hint STRING:image-path:''${icon} --hint BOOLEAN:suppress-sound:''${muted} --hint STRING:sound-name:''${sound-name} --replace-id ''${replace-id} ''${action-argument} --print-id -- ''${title} ''${body}'';
# command-action-argument = ''--action ''${action-name}=''${action-label}'';
# close = ''""'';
# inhibit-when-focused = ''yes'';
# };
# scrollback = {
# lines = ''1000'';
# multiplier = ''3.0'';
# indicator-position = ''relative'';
# indicator-format = ''""'';
# };
# url = {
# launch = ''xdg-open ''${url}'';
# label-letters = ''sadfjklewcmpgh'';
# osc8-underline = ''url-mode'';
# protocols = ''http, https, ftp, ftps, file, gemini, gopher'';
# uri-characters = ''abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.,~:;/?#@!$&%*+="'()[]'';
# };
# cursor = {
# style = ''block'';
# color = "<inverse foreground/background>";
# blink = ''no'';
# blink-rate = ''500'';
# beam-thickness = ''1.5'';
# underline-thickness = "<font underline thickness>";
# };
# mouse = {
# hide-when-typing = ''no'';
# alternate-scroll-mode = ''yes'';
# };
# touch = {
# long-press-delay = ''400'';
# };
# colors = {
# alpha = ''1.0'';
# background = ''242424'';
# foreground = ''ffffff'';
# flash = ''7f7f00'';
# flash-alpha = ''0.5'';
# # Normal/regular colors (color palette 0-7)
# regular0 = ''242424'';
# regular1 = ''f62b5a'';
# regular2 = ''47b413'';
# regular3 = ''e3c401'';
# regular4 = ''24acd4'';
# regular5 = ''f2affd'';
# regular6 = ''13c299'';
# regular7 = ''e6e6e6'';
# # Bright colors (color palette 8-15)
# bright0 = ''616161'';
# bright1 = ''ff4d51'';
# bright2 = ''35d450'';
# bright3 = ''e9e836'';
# bright4 = ''5dc5f8'';
# bright5 = ''feabf2'';
# bright6 = ''24dfc4'';
# bright7 = ''ffffff'';
# # dimmed colors (see foot.ini(5) man page)
# # dim0 = "<not set>";
# # ...
# # dim7 = "<not-set>";
# # The remaining 256-color palette
# # 16 = <256-color palette #16>
# # ...
# # 255 = <256-color palette #255>
# # Misc colors
# selection-foreground = "<inverse foreground/background>";
# selection-background = "<inverse foreground/background>";
# jump-labels = "<regular0> <regular3>";
# scrollback-indicator = "<regular0> <bright4>";
# search-box-no-match = "<regular0> <regular1>";
# search-box-match = "<regular0> <regular3>";
# urls = "<regular3>";
# };
# csd = {
# preferred = ''server'';
# size = ''26'';
# font = "<primary font>";
# color = "<foreground color>";
# hide-when-maximized = ''no'';
# double-click-to-maximize = ''yes'';
# border-width = ''0'';
# border-color = "<csd.color>";
# button-width = ''26'';
# button-color = "<background color>";
# button-minimize-color = "<regular4>";
# button-maximize-color = "<regular2>";
# button-close-color = "<regular1>";
# };
# key-bindings = {
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# clipboard-copy = ''Control+Shift+c XF86Copy'';
# clipboard-paste = ''Control+Shift+v XF86Paste'';
# primary-paste = ''Shift+Insert'';
# search-start = ''Control+Shift+r'';
# font-increase = ''Control+plus Control+equal Control+KP_Add'';
# font-decrease = ''Control+minus Control+KP_Subtract'';
# font-reset = ''Control+0 Control+KP_0'';
# spawn-terminal = ''Control+Shift+n'';
# minimize = ''none'';
# maximize = ''none'';
# fullscreen = ''none'';
# pipe-visible = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-scrollback = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-selected = ''[xargs -r firefox] none'';
# pipe-command-output = ''[wl-copy] none'';
# show-urls-launch = ''Control+Shift+o'';
# show-urls-copy = ''none'';
# show-urls-persistent = ''none'';
# prompt-prev = ''Control+Shift+z'';
# prompt-next = ''Control+Shift+x'';
# unicode-input = ''Control+Shift+u'';
# noop = ''none'';
# };
# search-bindings = {
# cancel = ''Control+g Control+c Escape'';
# commit = ''Return'';
# find-prev = ''Control+r'';
# find-next = ''Control+s'';
# cursor-left = ''Left Control+b'';
# cursor-left-word = ''Control+Left Mod1+b'';
# cursor-right = ''Right Control+f'';
# cursor-right-word = ''Control+Right Mod1+f'';
# cursor-home = ''Home Control+a'';
# cursor-end = ''End Control+e'';
# delete-prev = ''BackSpace'';
# delete-prev-word = ''Mod1+BackSpace Control+BackSpace'';
# delete-next = ''Delete'';
# delete-next-word = ''Mod1+d Control+Delete'';
# extend-char = ''Shift+Right'';
# extend-to-word-boundary = ''Control+w Control+Shift+Right'';
# extend-to-next-whitespace = ''Control+Shift+w'';
# extend-line-down = ''Shift+Down'';
# extend-backward-char = ''Shift+Left'';
# extend-backward-to-word-boundary = ''Control+Shift+Left'';
# extend-backward-to-next-whitespace = ''none'';
# extend-line-up = ''Shift+Up'';
# clipboard-paste = ''Control+v Control+Shift+v Control+y XF86Paste'';
# primary-paste = ''Shift+Insert'';
# unicode-input = ''none'';
# quit = ''none'';
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# };
# url-bindings = {
# cancel = ''Control+g Control+c Control+d Escape'';
# toggle-url-visible = ''t'';
# };
# text-bindings = {
# "\x03" = ''Mod4+c'';
# };
# mouse-bindings = {
# scrollback-up-mouse = ''BTN_WHEEL_BACK'';
# scrollback-down-mouse = ''BTN_WHEEL_FORWARD'';
# font-increase = ''Control+BTN_WHEEL_BACK'';
# font-decrease = ''Control+BTN_WHEEL_FORWARD'';
# selection-override-modifiers = ''Shift'';
# primary-paste = ''BTN_MIDDLE'';
# select-begin = ''BTN_LEFT'';
# select-begin-block = ''Control+BTN_LEFT'';
# select-extend = ''BTN_RIGHT'';
# select-extend-character-wise = ''Control+BTN_RIGHT'';
# select-word = ''BTN_LEFT-2'';
# select-word-whitespace = ''Control+BTN_LEFT-2'';
# select-quote = ''BTN_LEFT-3'';
# select-row = ''BTN_LEFT-4'';
# # vim: ft = ''dosini'';
# };
# };
};
}

7
home-modules/git.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = with pkgs; [
git
@@ -11,9 +10,7 @@ lib.mkIf (user != "tv")
# List of directories to check
directories=(
"$HOME/nix-dots"
"$HOME/shared/nx-obsidian-vault"
"$HOME/shared/HSMW/Praxis/BCAM/bolt-llmserver"
"$HOME/shared/HSMW/Praxis/BCAM/bcam-tools"
"$HOME/obsidian-vault"
"$HOME/Pictures/wallpapers"
)
echo ""

5
home-modules/gpg.nix
View File

@@ -9,8 +9,7 @@
]);
# services.pcscd.enable = true;
services.gpg-agent =
let
services.gpg-agent = let
min2sec = min: (min * 60);
in {
enable = true;
@@ -22,7 +21,7 @@
enableFishIntegration = true;
defaultCacheTtlSsh = min2sec 60;
defaultCacheTtl = min2sec 30;
# pinentryPackage = pkgs.pinentry-gtk2;
# pinentryPackage = pkgs.pinentry-curses;
};
home.file.".gnupg/gpg.conf".text = ''

7
home-modules/gtk.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, rice, user, ... }:
let
{ config, pkgs, lib, rice, user, ... }: let
# theme-name = "Colloid-Pink-Dark-Compact";
# theme-package = pkgs.colloid-gtk-theme.override {
# themeVariants = [ "pink" ];
@@ -14,9 +13,7 @@ let
tweaks = [ "rimless" "black" ];
variant = "macchiato";
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = with pkgs; [
# gnome.gnome-themes-extra
# gnome.adwaita-icon-theme

180
home-modules/hyprland-autoname-workspaces.nix
View File

@@ -1,109 +1,107 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.hyprland-autoname-workspaces
];
home = {
packages = with pkgs; [ hyprland-autoname-workspaces ];
file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
home.file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class_active]
"(?i)ExampleOneTerm" = "icon"
[class_active]
"(?i)ExampleOneTerm" = "icon"
[initial_class]
[initial_class]
[initial_class_active]
[initial_class_active]
[workspaces_name]
[workspaces_name]
[title_in_class]
[title_in_class]
[title_in_class_active]
[title_in_class_active]
[title_in_initial_class]
[title_in_initial_class]
[title_in_initial_class_active]
[title_in_initial_class_active]
[initial_title_in_class]
[initial_title_in_class]
[initial_title]
"Spotify Premium" = ""
[initial_title]
"Spotify Premium" = ""
[initial_title_in_class_active]
[initial_title_in_class_active]
[initial_title_in_initial_class]
[initial_title_in_initial_class]
[initial_title_in_initial_class_active]
[initial_title_in_initial_class_active]
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
};
}

4
home-modules/hyprland.nix
View File

@@ -46,9 +46,7 @@ let
};
};
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = (with pkgs; [
# hyprland itself is a system package
hyprland-protocols

49
home-modules/kitty.nix
View File

@@ -1,37 +1,32 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ rice, ... }:
{
home.packages = with pkgs; [
kitty
];
programs.kitty = {
enable = true;
font = {
name = rice.font.code.name2;
package = rice.font.code.package;
};
settings = {
background = rice.color.background;
foreground = rice.color.foreground;
cursor = rice.color.foreground;
color0 = rice.color.black.base;
color8 = rice.color.black.bright;
color1 = rice.color.red.base;
color9 = rice.color.red.bright;
color2 = rice.color.green.base;
color10 = rice.color.green.bright;
color3 = rice.color.yellow.base;
color11 = rice.color.yellow.bright;
color4 = rice.color.blue.base;
color12 = rice.color.blue.bright;
color5 = rice.color.magenta.base;
color13 = rice.color.magenta.bright;
color6 = rice.color.cyan.base;
color14 = rice.color.cyan.bright;
color7 = rice.color.white.base;
color15 = rice.color.white.bright;
background_opacity = builtins.toString rice.transparency;
settings = with rice.color; {
background = background;
foreground = foreground;
cursor = foreground;
color0 = black.base;
color8 = black.bright;
color1 = red.base;
color9 = red.bright;
color2 = green.base;
color10 = green.bright;
color3 = yellow.base;
color11 = yellow.bright;
color4 = blue.base;
color12 = blue.bright;
color5 = magenta.base;
color13 = magenta.bright;
color6 = cyan.base;
color14 = cyan.bright;
color7 = white.base;
color15 = white.bright;
background_opacity = builtins.toString rice.transparency;
window_padding_width = 5;
remember_window_size = false;
};

8
home-modules/mako.nix
View File

@@ -1,10 +1,6 @@
{ pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = [
pkgs.mako
pkgs.libnotify
];
home.packages = with pkgs; [ libnotify ];
services.mako = with rice; {
enable = true;
defaultTimeout = 5000; # in ms

11
home-modules/nx-gcal-event.nix
View File

@@ -1,9 +1,6 @@
{ config, pkgs, secrets, lib, user, ... }:
let
sep = " ";
in
lib.mkIf (user != "tv")
{
{ config, pkgs, secrets, ... }: let
sep = " ";
in {
home = {
file."${config.xdg.dataHome}/nx-gcal-event-credentials.json".text = ''
{
@@ -26,7 +23,7 @@ lib.mkIf (user != "tv")
# (pkgs.python311.withPackages (python-pkgs: [
# python-pkgs.google
# ]))
(writeScriptBin "nx_gcal_event" ''
(writeScriptBin "nx_gcal_event" /* python */ ''
#!${pkgs.python3}/bin/python3
import datetime
import os

3
home-modules/nx2site.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, host, user, ... }:
lib.mkIf (host == "NxACE" && user != "tv")
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellApplication {

1
home-modules/office.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
libreoffice

35
home-modules/programming/python.nix
View File

@@ -1,21 +1,20 @@
{ config, pkgs, lib, user, ... }:
let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
python-with-packages
];
home.sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
home = let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in {
packages = [
python-with-packages
];
sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
};
};
}

1
home-modules/qt.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
qt = {
platformTheme = "gtk";

201
home-modules/rofi.nix
View File

@@ -1,114 +1,113 @@
{ pkgs, rice, lib, user, ... }:
let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in
lib.mkIf (user != "tv")
{
{ pkgs, rice, ... }: {
home.packages = with pkgs; [
rofi-wayland
];
home.file.".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
home.file = let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in with rice.color; {
".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${rice.color.foreground};
background-color: ${rice.color.background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${foreground};
background-color: ${background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
#window {
background-color: ${rice.color.background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${rice.color.border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${rice.color.foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#window {
background-color: ${background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element.normal.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.accent.base}; }
#element.selected.normal { background-color: ${rice.color.tertiary.base}${trdr}; text-color: ${rice.color.background}; }
#element.alternate.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.secondary.base}; }
#element.normal.normal { background-color: ${background}${trdr}; text-color: ${accent.base}; }
#element.selected.normal { background-color: ${tertiary.base}${trdr}; text-color: ${background}; }
#element.alternate.normal { background-color: ${background}${trdr}; text-color: ${secondary.base}; }
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${rice.color.foreground};
}
#inputbar {
spacing: 0;
text-color: ${rice.color.background};
background-color: ${rice.color.accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${rice.color.foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${rice.color.background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${rice.color.foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${rice.color.background};
background-color: transparent;
placeholder: "";
}
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${foreground};
}
#inputbar {
spacing: 0;
text-color: ${background};
background-color: ${accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${background};
background-color: transparent;
placeholder: "";
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
};
}

56
home-modules/ssh.nix
View File

@@ -1,36 +1,32 @@
{ config, pkgs, lib, system, user, allowed, secrets, ... }:
lib.mkIf (user != "tv")
{ pkgs, domain, ... }:
{
home = {
packages = with pkgs; [ sshfs ];
file.".ssh/config".text = ''
HOST nxace
HostName ${domain}
User nx2
Port 50022
home.packages = with pkgs; [
sshfs
];
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
HOST nxrpi
HostName ${domain}
User pi
Port 50023
home.file.".ssh/config".text = ''
HOST nxace
HostName nx2.site
User nx2
Port 50022
HOST nxrpil
HostName 192.168.178.31
User pi
Port 50023
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
HOST nxrpi
HostName nx2.site
User pi
Port 50023
HOST nxrpil
HostName 192.168.178.31
User pi
Port 50023
HOST nxgit
HostName git.nx2.site
User git
Port 20022
'';
HOST nxgit
HostName git.${domain}
User git
Port 20022
'';
};
}

7
home-modules/starship.nix
View File

@@ -1,10 +1,5 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ lib, rice, ... }:
{
home.packages = [
pkgs.starship
];
programs.starship = {
enable = true;
# enableBashIntegration = true;

7
home-modules/vale.nix
View File

@@ -1,9 +1,6 @@
{ pkgs, lib, user, ... }:
let
{ pkgs, ... }: let
vws = pkgs.vale.withStyles (s: [ s.alex s.google ]);
in
lib.mkIf (user != "tv")
{
in {
home = {
packages = [
vws

16
home-modules/waybar.nix
View File

@@ -1,9 +1,6 @@
{ lib, pkgs, user, rice, ... }:
let
{ lib, pkgs, user, rice, ... }: let
sep = " ";
in
lib.mkIf (user != "tv")
{
in {
home.packages =
let
waybar_mode_script = /*bash*/ ''
@@ -100,10 +97,10 @@ lib.mkIf (user != "tv")
exec = "cclock";
restart-interval = 60;
};
"custom/ctimeremaining" = {
exec = "nx_gcal_event lookup";
restart-interval = 60;
};
# "custom/ctimeremaining" = {
# exec = "nx_gcal_event lookup";
# restart-interval = 60;
# };
"custom/mode" = {
exec = "cat /tmp/waybar-mode";
interval = "once";
@@ -184,7 +181,6 @@ lib.mkIf (user != "tv")
#clock,
#custom-cclock,
#custom-ctimeremaining,
#custom-mode,
#battery,
#cpu,

171
home-modules/wlogout.nix
View File

@@ -1,98 +1,85 @@
{ config, pkgs, lib, user, rice,... }:
lib.mkIf (user != "tv")
{ pkgs, rice,... }:
{
home.packages = with pkgs; [
wlogout
];
home = {
packages = with pkgs; [ wlogout ];
file = {
".config/wlogout/style.css".text = /* css */ ''
* { all: unset; }
home.file.".config/wlogout/style.css".text = ''
* { all: unset; }
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button:hover {
color: ${rice.color.blue.base};
}
button:hover {
color: ${rice.color.blue.base} ;
}
button:focus {
color: ${rice.color.blue.base} ;
}
'';
home.file.".config/wlogout/layout".text = ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
# lock { background-image: image(url("./lock.png")); }
# lock:focus { background-image: image(url("./lock-hover.png")); }
# logout { background-image: image(url("./logout.png")); }
# logout:focus { background-image: image(url("./logout-hover.png")); }
# suspend { background-image: image(url("./suspend.png")); }
# suspend:focus { background-image: image(url("./suspend-hover.png")); }
# shutdown { background-image: image(url("./power.png")); }
# shutdown:focus { background-image: image(url("./power-hover.png")); }
# reboot { background-image: image(url("./restart.png")); }
# reboot:focus { background-image: image(url("./restart-hover.png")); }
# hibernate { background-image: image(url("./hibernate.png")); }
# hibernate:hover { background-image: image(url("./hibernate-hover.png"));}
button:focus {
color: ${rice.color.blue.base};
}
'';
".config/wlogout/layout".text = /* json */ ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
};
};
}

3
home-modules/yazi.nix
View File

@@ -1,6 +1,5 @@
{ pkgs, lib, system, user, rice, inputs, ... }:
lib.mkIf (user != "tv")
{ pkgs, system, rice, inputs, ... }:
{
home.packages = with pkgs; [
# yazi

3
home-modules/zoxide.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.zoxide

2
home.nix
View File

@@ -27,7 +27,7 @@
./home-modules/nh.nix
./home-modules/nvidia.nix
./home-modules/nx2site.nix
./home-modules/nx-gcal-event.nix
# ./home-modules/nx-gcal-event.nix
./home-modules/obs.nix
./home-modules/office.nix
./home-modules/ollama.nix

4
system-modules/boot.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, pkgs-unstable, lib, host, inputs, ... }:
{ config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }:
let
grub-theme-ascii-diana = (pkgs.fetchFromGitea {
domain = "git.nx2.site";
domain = "git.${domain}";
owner = "nx2";
repo = "grub-theme-ascii-diana";
rev = "0.5.0";

26
system-modules/dm.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, user, host, lib, ... }:
if (host != "NxACE") then
{ pkgs, user, ... }:
{
services.greetd = {
enable = true;
@@ -23,26 +22,3 @@ if (host != "NxACE") then
TTYVTDisallocate = true;
};
}
else
{
services = {
displayManager = {
defaultSession = "hyprland";
sddm = {
enable = true;
# theme = "where_is_my_sddm_theme";
settings = {
theme = {
# background = /home/nx2/Pictures/
passwordFontSize = 12;
passwordInputCursorVisible = true;
};
};
};
autoLogin = lib.mkIf (host == "NxACE") {
enable = true;
user = "tv";
};
};
};
}

6
system-modules/gitea.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }:
{
services.gitea = {
enable = true;
};
}

446
system-modules/nx2site.nix
View File

@@ -1,272 +1,186 @@
{ config, pkgs, lib, user, host, secrets, ... }:
# lib.mkIf false
lib.mkIf (host == "NxACE" && user != "tv")
{ config, pkgs, domain, secrets, ... }:
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
};
"nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
};
systemd = {
timers."dynamic-dns" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "10m";
Unit = "dynamic-dns.service";
};
};
# services."dynamic-dns" = let
# u = let
# domain = "nx2.site";
# passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
# log-file-path = "/var/log/update_namecheap.log";
# count-file-path = "/var/log/update_namecheap-count.txt";
# in pkgs.writers.writePython3Bin "update_namecheap" {
# libraries = with pkgs.python311Packages; [ requests ];
# flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
# } ''
# import requests
# import argparse
# import socket
# from datetime import datetime
# def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
# def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
# def main(force_update):
# my_ip = get_public_ip()
# dns_ip = get_dns_ip()
# with open("${count-file-path}", "r") as f:
# content = f.read()
# if content == "": count = 0
# else: count = int(content)
# count += 1
# with open("${count-file-path}", "w") as f:
# f.write(str(count))
# if not (force_update or my_ip != dns_ip):
# print(f"Host IP and DNS response are both {my_ip} --> No Action")
# exit(0)
# else:
# with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
# # Perform DNS updates
# resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
# resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
# # Reset the count file
# with open("${count-file-path}", 'w') as f: f.write('0')
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
# if __name__ == "__main__":
# parser = argparse.ArgumentParser()
# parser.add_argument('-f', '--force', action='store_true', help='Force update')
# args = parser.parse_args()
# main(args.force)
# '';
# in {
# script = ''
# set -eu
# ${u}/bin/update_namecheap
# '';
# serviceConfig = {
# Type = "oneshot";
# };
services."dynamic-dns" = let
u = let
domain = "nx2.site";
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
} ''
import requests
import subprocess
from datetime import datetime
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def main():
my_ip = get_public_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
if content == "": count = 0
else: count = int(content)
count += 1
with open("${count-file-path}", "w") as f:
f.write(str(count))
# 4
with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip()
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
main()
'';
in {
script = ''
set -eu
${u}/bin/dyn_dns
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
systemd = {
timers."dynamic-dns" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "10m";
Unit = "dynamic-dns.service";
};
};
# I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have
# security.acme = {
# acceptTerms = true;
# certs."nx2site" = { };
# };
environment.systemPackages = with pkgs; [
certbot
(writeShellApplication {
name = "refresh_ssl_certificate";
runtimeInputs = [ certbot ];
# https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431
text = let
webroot = /home/nx2/nx2site/staticweb/content;
in /*bash*/ ''
cartbot
ls ${webroot}
'';
})
];
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
"172.1.2.1" = [ "staticweb.docker" ];
"172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ];
"172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
"172.1.7.1" = [ "nn.docker" ];
"172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ];
"172.1.10.1" = [ "share.docker" ];
"172.1.11.1" = [ "odq.docker" ];
services."dynamic-dns" = let
u = let
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
} /* python */ ''
import requests
import subprocess
from datetime import datetime
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def main():
my_ip = get_public_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
if content == "": count = 0
else: count = int(content)
count += 1
with open("${count-file-path}", "w") as f:
f.write(str(count))
# 4
with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip()
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
main()
'';
in {
script = ''
set -eu
${u}/bin/dyn_dns
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}
};
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
# "172.1.2.1" = [ "staticweb.docker" ];
# "172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
# "172.1.7.1" = [ "nn.docker" ];
# "172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ];
# "172.1.10.1" = [ "share.docker" ];
# "172.1.11.1" = [ "odq.docker" ];
};
}

197
system-modules/nx2site/proxy.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, user, ... }:
{ config, pkgs, lib, domain, ... }:
{
sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
@@ -8,13 +8,13 @@
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@nx2.site";
email = "acme@${domain}";
webroot = "/var/nginx/webroot";
group = "nginx";
};
certs = {
"nx2.site" = {
extraDomainNames = [ "git.nx2.site" "pw.nx2.site" ];
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "git2" "pw" "pw2" "sync" ];
};
};
};
@@ -29,40 +29,28 @@
isNormalUser = false;
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx = {
services.nginx = let
dl = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::0]"; port = 443; ssl = true; }
{ addr = "[::0]"; port = 80; ssl = false; }
];
in {
enable = true;
user = "nginx";
group = "nginx";
additionalModules = [];
# appendConfig = '''';
clientMaxBodySize = "20m";
defaultHTTPListenPort = 80;
defaultListenAddresses = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]";
defaultListen = [
{
addr = "0.0.0.0";
ssl = true;
port = 443;
proxyProtocol = true;
}
{
addr = "[::0]";
ssl = true;
port = 443;
proxyProtocol = true;
}
];
defaultListen = dl;
defaultMimeTypes = "${pkgs.mailcap}/etc/nginx/mime.types";
defaultSSLListenPort = 443;
enableQuicBPF = true;
enableReload = true;
# eventsConfig = '''';
# logError = ;
# mapHashBucketSize = ;
# mapHashMaxSize = ;
package = pkgs.nginxQuic;
# preStart = true;
proxyResolveWhileRunning = false;
proxyTimeout = "20s";
recommendedBrotliSettings = true;
@@ -72,27 +60,12 @@
recommendedTlsSettings = true;
recommendedZstdSettings = true;
serverTokens = false;
# sslCiphers = # useing default;
sslDhparam = config.sops.secrets."nx2site/dhparams.pem".path;
sslProtocols = "TLSv1.2 TLSv1.3";
statusPage = false;
streamConfig = ""; # udp config
validateConfigFile = true;
upstreams = {
"staticweb".servers = { "staticweb.docker:80" = {}; };
"matrix".servers = { "matrix.docker:80" = {}; };
"matrix-ss".servers = { "matrix-ss.docker:80" = {}; };
"pw".servers = { "pw.docker:80" = {}; };
"git".servers = { "git.docker:3000" = {}; };
"nn".servers = { "nn.docker:80" = {}; };
"llm".servers = { "llm.docker:80" = {}; };
"share".servers = { "share.docker:80" = {}; };
"sync".servers = { "localhost:8384" = {}; };
};
virtualHosts = let
# sslCertificate = config.sops.secrets."nx2site/sslCertificate.pem".path;
# sslCertificateKey = config.sops.secrets."nx2site/sslCertificateKey.pem".path;
vh = {
kTLS = true;
http2 = true;
@@ -102,21 +75,13 @@
addSSL = true;
enableACME = true;
};
dl = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::0]"; port = 443; ssl = true; }
{ addr = "[::0]"; port = 80; ssl = false; }
];
in {
"nx2.site" = vh // {
"${domain}" = vh // {
root = "/var/nginx/webroot";
default = true;
listen = dl;
locations = {
"/" = {
# index = "index.html";
# tryFiles = "$uri/ $uri.html =404";
extraConfig = ''
index index.html;
if ($request_uri ~ ^/(.*)\.html(\?|$)) {
@@ -125,115 +90,51 @@
try_files $uri $uri.html $uri/ /404.html =404;
'';
};
"~^(/ba)$" = {
return = "301 /BA.pdf";
};
"/.well-known/matrix/client" = {
return = "502";
# return = ''200 '{"m.homeserver": {"base_url": "https://matrix.nx2.site"}, "org.matrix.msc3575.proxy": {"url": "https://matrix-ss.nx2.site"}}' '';
# extraConfig = builtins.concatStringsSep "\n" [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
"/.well-known/matrix/server" = {
return = "502";
# return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
# extraConfig = builtins.concatStringsSep "\n" [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
# "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
# proxyPass = "http://matrix-ss";
# # extraConfig = [ ''proxy_set_header X-Forwarded-For $remote_addr;'' ''proxy_set_header X-Forwarded-Proto $scheme;'' ''proxy_set_header Host $host;'' ];
# };
# "~ ^(\/_matrix|\/_synapse\/client)" = {
# return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
# # extraConfig = [];
# };
"~^(/ba)$" = { return = "301 /BA.pdf"; };
"/.well-known/matrix/client" = { return = "502"; };
"/.well-known/matrix/server" = { return = "502"; };
};
};
"matrix.nx2.site" = {
listen = dl ++ [
# { addr = "0.0.0.0"; port = 8448; ssl = true; }
# { addr = "0.0.0.0"; port = 8448; ssl = true; }
];
locations = {
# "/" = {
# proxyPass = "http://matrix";
# # extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf;
# };
"~.*" = { return = "502"; };
};
};
# "matrix-ss.nx2.site" = {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME;
# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# # "resolver 1.1.1.1;"
# # "client_max_body_size 500M;"
# # ];
# locations = {
# "/" = { proxyPass = "http://pw"; };
# };
# };
# # "dev.nx2.site" = {
# # inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME;
# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# # locations = {
# # "/" = {
# # proxyPass = "http://dev";
# # };
# # };
# # };
"pw.nx2.site" = vh // {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
"matrix.${domain}" = {
listen = dl;
locations = {
"/" = { proxyPass = "http://pw"; };
"/admin" = { proxyPass = "http://pw"; };
"/notifications/hub" = { proxyPass = "http://pw"; };
"/notifications/hub/negotiate" = { proxyPass = "http://pw"; };
};
locations = { "~.*" = { return = "502"; }; };
};
# "share.nx2.site" = {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME;
# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# locations = {
# "/" = { proxyPass = "http://share"; # ''proxy_hide_header Content-Disposition;''
# # ''proxy_set_header Content-Disposition $upstream_http_content_disposition;''
# # ''proxy_set_header X-Real-IP $remote_addr;''
# # ''proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;''
# # ''proxy_set_header Host $http_host;''
# # ];
# };
# "/socket.io" = {
# proxyPass = "http://share/socket.io";
# proxyWebsockets = true;
# # extraConfig = [
# # ''proxy_http_version 1.1;''
# # ''proxy_set_header Upgrade $http_upgrade;''
# # ''proxy_set_header Connection "upgrade";''
# # ];
# };
# };
# };
# "sync.nx2.site" = {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME;
# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# locations = {
# "/" = { proxyPass = "http://sync"; };
# };
# };
"git.nx2.site" = vh // {
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
"pw.${domain}" = vh // {
listen = dl;
locations = {
"/" = { proxyPass = "http://git"; };
locations = let d = "pw.docker:80"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"~^(.*).nx2.site$" = {
"pw2.${domain}" = vh // {
listen = dl;
locations = let d = "127.0.0.1:8222"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"sync.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; };
};
"git.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
};
"git2.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; };
};
"~^(.*).${domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = {
"~.*" = { return = "301 https://nx2.site/502.html"; };
};
locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
};
};
};
}

15
system-modules/syncthing.nix
View File

@@ -1,5 +1,10 @@
{ config, lib, user, host, secrets, ...}:
let
{
config,
lib,
user,
host,
secrets,
... }: let
# helper funcitons
conv = _: device: with device; { "${name}" = {id = id;};};
justname = devices: (builtins.map (device: device.name)) devices;
@@ -24,15 +29,11 @@ let
daniel-dcim = { name = "daniel-dcim"; path = "/vault/Pictures/Daniel"; };
tessa-dcim = { name = "tessa-dcim"; path = "/vault/Pictures/Tessa"; };
};
in
lib.mkIf (user != "tv")
{
in {
sops.secrets = {
"syncthing/${host}/cert.pem" = { owner = user; };
"syncthing/${host}/key.pem" = { owner = user; };
};
services.syncthing = with (builtins.mapAttrs conv devices); {
enable = true;
user = "${user}";

6
system-modules/users.nix
View File

@@ -11,12 +11,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
];
};
users.users.tv = lib.mkIf (host == "NxACE") {
isNormalUser = true;
extraGroups = [ "networkmanager" "audio" "video" "uinput" ];
useDefaultShell = true;
};
programs = {
bash = {