nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-11-09 23:56:05 +01:00
parent 2e1c0f495b ab4c26c178
commit 966f9d67fc
38 changed files with 1428 additions and 2373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configuration.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, inputs, ... }:
{ pkgs, inputs, lib, host, ... }:
{
imports = [
imports = ([
inputs.sops-nix.nixosModules.sops
./system-modules/adb.nix
./system-modules/auto-mount.nix
@@ -28,7 +28,6 @@
./system-modules/networking.nix
./system-modules/nixd.nix
./system-modules/nvidia.nix
./system-modules/nx2site.nix
./system-modules/ollama.nix
./system-modules/qmk.nix
./system-modules/sops.nix
@@ -38,7 +37,12 @@
./system-modules/users.nix
./system-modules/virtualisation.nix
./system-modules/ydotool.nix
];
]) ++ (if (host == "NxACE") then [
./system-modules/nx2site.nix
./system-modules/nx2site/proxy.nix
# ./system-modules/nx2site/gitea.nix
# ./system-modules/nx2site/vaultwarden.nix
] else []);
# Set your time zone.
time.timeZone = "Europe/Berlin";

6
flake.nix
View File

@@ -22,6 +22,7 @@
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-latest, home-manager, ... }@inputs: let
system = "x86_64-linux";
user = "nx2";
domain = "nx2.site";
config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
@@ -42,7 +43,7 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs user host pkgs-unstable pkgs-latest secrets rice nvidia; };
in { inherit inputs user host domain pkgs-unstable pkgs-latest secrets rice nvidia; };
};
in {
NxXPS = make-nixos-system "NxXPS";
@@ -59,13 +60,12 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs system user host pkgs-unstable pkgs-latest rice secrets nvidia; };
in { inherit inputs system user host domain pkgs-unstable pkgs-latest rice secrets nvidia; };
};
in {
"${user}@NxXPS" = make-home-configuration "NxXPS" user;
"${user}@NxNORTH" = make-home-configuration "NxNORTH" user;
"${user}@NxACE" = make-home-configuration "NxACE" user;
"tv@NxACE" = make-home-configuration "NxACE" "tv";
};
};
}

12
home-modules/bash.nix
View File

@@ -1,9 +1,5 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ ... }:
{
home.packages = with pkgs; [
bash
];
programs.bash = {
enable = true;
shellAliases = {
@@ -19,11 +15,5 @@ lib.mkIf (user != "tv")
"checkjobs"
];
enableCompletion = false;
# initExtra = ''
# if [[ $- == *i* ]] # if interactive
# then
# eval "$(${pkgs.starship}/bin/starship init bash)"
# fi
# '';
};
}

2055
home-modules/chatterino.nix
View File

File diff suppressed because it is too large Load Diff

1
home-modules/direnv.nix
View File

@@ -1,5 +1,4 @@
{ lib, user, ... }:
lib.mkIf (user != "tv")
{
programs = {
direnv = {

1
home-modules/fish.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, rice, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
fish

270
home-modules/foot.nix
View File

@@ -1,270 +0,0 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
foot
];
programs.foot = {
enable = true;
# background = rice.color.background;
# foreground = rice.color.foreground;
# cursor = rice.color.foreground;
# color0 = rice.color.black.base;
# color8 = rice.color.black.bright;
# color1 = rice.color.red.base;
# color9 = rice.color.red.bright;
# color2 = rice.color.green.base;
# color10 = rice.color.green.bright;
# color3 = rice.color.yellow.base;
# color11 = rice.color.yellow.bright;
# color4 = rice.color.blue.base;
# color12 = rice.color.blue.bright;
# color5 = rice.color.magenta.base;
# color13 = rice.color.magenta.bright;
# color6 = rice.color.cyan.base;
# color14 = rice.color.cyan.bright;
# color7 = rice.color.white.base;
# color15 = rice.color.white.bright;
# background_opacity = builtins.toString rice.transparency;
# window_padding_width = 5;
# remember_window_size = false;
# settings = {
# main = {
# shell = ''$SHELL (if set, otherwise user's default shell from /etc/passwd)'';
# term = ''foot (or xterm-256color if built with -Dterminfo=disabled)'';
# login-shell = ''no'';
# # app-id = ''foot'';
# title = ''foot'';
# locked-title = ''no'';
# font = ''${rice.font.code.name}:size=8'';
# font-size-adjustment = ''0.5'';
# line-height = "<font metrics>";
# letter-spacing = ''0'';
# horizontal-letter-offset = ''0'';
# vertical-letter-offset = ''0'';
# underline-offset = "<font metrics>";
# underline-thickness = "<font underline thickness>";
# # box-drawings-uses-font-glyphs = "no";
# # dpi-aware = ''no'';
# # initial-window-size-pixels = ''700x500'';
# # initial-window-size-chars = "<COLSxROWS>";
# # initial-window-mode = ''windowed'';
# pad = ''5x5'';
# resize-by-cells = ''yes'';
# resize-keep-grid = ''yes'';
# resize-delay-ms = ''100'';
# # bold-text-in-bright = false;
# word-delimiters = '',│`|:"'()[]{}<>'';
# selection-target = ''primary'';
# workers = "<number of logical CPUs>";
# utmp-helper = ''/usr/lib/utempter/utempter'';
# # environment = {
# # name = ''value'';
# # };
# };
# bell = {
# urgent = ''no'';
# notify = ''no'';
# visual = ''no'';
# command = '''';
# command-focused = ''no'';
# };
# desktop-notifications = {
# command = ''notify-send --wait --app-name ''${app-id} --icon ''${app-id} --category ''${category} --urgency ''${urgency} --expire-time ''${expire-time} --hint STRING:image-path:''${icon} --hint BOOLEAN:suppress-sound:''${muted} --hint STRING:sound-name:''${sound-name} --replace-id ''${replace-id} ''${action-argument} --print-id -- ''${title} ''${body}'';
# command-action-argument = ''--action ''${action-name}=''${action-label}'';
# close = ''""'';
# inhibit-when-focused = ''yes'';
# };
# scrollback = {
# lines = ''1000'';
# multiplier = ''3.0'';
# indicator-position = ''relative'';
# indicator-format = ''""'';
# };
# url = {
# launch = ''xdg-open ''${url}'';
# label-letters = ''sadfjklewcmpgh'';
# osc8-underline = ''url-mode'';
# protocols = ''http, https, ftp, ftps, file, gemini, gopher'';
# uri-characters = ''abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.,~:;/?#@!$&%*+="'()[]'';
# };
# cursor = {
# style = ''block'';
# color = "<inverse foreground/background>";
# blink = ''no'';
# blink-rate = ''500'';
# beam-thickness = ''1.5'';
# underline-thickness = "<font underline thickness>";
# };
# mouse = {
# hide-when-typing = ''no'';
# alternate-scroll-mode = ''yes'';
# };
# touch = {
# long-press-delay = ''400'';
# };
# colors = {
# alpha = ''1.0'';
# background = ''242424'';
# foreground = ''ffffff'';
# flash = ''7f7f00'';
# flash-alpha = ''0.5'';
# # Normal/regular colors (color palette 0-7)
# regular0 = ''242424'';
# regular1 = ''f62b5a'';
# regular2 = ''47b413'';
# regular3 = ''e3c401'';
# regular4 = ''24acd4'';
# regular5 = ''f2affd'';
# regular6 = ''13c299'';
# regular7 = ''e6e6e6'';
# # Bright colors (color palette 8-15)
# bright0 = ''616161'';
# bright1 = ''ff4d51'';
# bright2 = ''35d450'';
# bright3 = ''e9e836'';
# bright4 = ''5dc5f8'';
# bright5 = ''feabf2'';
# bright6 = ''24dfc4'';
# bright7 = ''ffffff'';
# # dimmed colors (see foot.ini(5) man page)
# # dim0 = "<not set>";
# # ...
# # dim7 = "<not-set>";
# # The remaining 256-color palette
# # 16 = <256-color palette #16>
# # ...
# # 255 = <256-color palette #255>
# # Misc colors
# selection-foreground = "<inverse foreground/background>";
# selection-background = "<inverse foreground/background>";
# jump-labels = "<regular0> <regular3>";
# scrollback-indicator = "<regular0> <bright4>";
# search-box-no-match = "<regular0> <regular1>";
# search-box-match = "<regular0> <regular3>";
# urls = "<regular3>";
# };
# csd = {
# preferred = ''server'';
# size = ''26'';
# font = "<primary font>";
# color = "<foreground color>";
# hide-when-maximized = ''no'';
# double-click-to-maximize = ''yes'';
# border-width = ''0'';
# border-color = "<csd.color>";
# button-width = ''26'';
# button-color = "<background color>";
# button-minimize-color = "<regular4>";
# button-maximize-color = "<regular2>";
# button-close-color = "<regular1>";
# };
# key-bindings = {
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# clipboard-copy = ''Control+Shift+c XF86Copy'';
# clipboard-paste = ''Control+Shift+v XF86Paste'';
# primary-paste = ''Shift+Insert'';
# search-start = ''Control+Shift+r'';
# font-increase = ''Control+plus Control+equal Control+KP_Add'';
# font-decrease = ''Control+minus Control+KP_Subtract'';
# font-reset = ''Control+0 Control+KP_0'';
# spawn-terminal = ''Control+Shift+n'';
# minimize = ''none'';
# maximize = ''none'';
# fullscreen = ''none'';
# pipe-visible = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-scrollback = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-selected = ''[xargs -r firefox] none'';
# pipe-command-output = ''[wl-copy] none'';
# show-urls-launch = ''Control+Shift+o'';
# show-urls-copy = ''none'';
# show-urls-persistent = ''none'';
# prompt-prev = ''Control+Shift+z'';
# prompt-next = ''Control+Shift+x'';
# unicode-input = ''Control+Shift+u'';
# noop = ''none'';
# };
# search-bindings = {
# cancel = ''Control+g Control+c Escape'';
# commit = ''Return'';
# find-prev = ''Control+r'';
# find-next = ''Control+s'';
# cursor-left = ''Left Control+b'';
# cursor-left-word = ''Control+Left Mod1+b'';
# cursor-right = ''Right Control+f'';
# cursor-right-word = ''Control+Right Mod1+f'';
# cursor-home = ''Home Control+a'';
# cursor-end = ''End Control+e'';
# delete-prev = ''BackSpace'';
# delete-prev-word = ''Mod1+BackSpace Control+BackSpace'';
# delete-next = ''Delete'';
# delete-next-word = ''Mod1+d Control+Delete'';
# extend-char = ''Shift+Right'';
# extend-to-word-boundary = ''Control+w Control+Shift+Right'';
# extend-to-next-whitespace = ''Control+Shift+w'';
# extend-line-down = ''Shift+Down'';
# extend-backward-char = ''Shift+Left'';
# extend-backward-to-word-boundary = ''Control+Shift+Left'';
# extend-backward-to-next-whitespace = ''none'';
# extend-line-up = ''Shift+Up'';
# clipboard-paste = ''Control+v Control+Shift+v Control+y XF86Paste'';
# primary-paste = ''Shift+Insert'';
# unicode-input = ''none'';
# quit = ''none'';
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# };
# url-bindings = {
# cancel = ''Control+g Control+c Control+d Escape'';
# toggle-url-visible = ''t'';
# };
# text-bindings = {
# "\x03" = ''Mod4+c'';
# };
# mouse-bindings = {
# scrollback-up-mouse = ''BTN_WHEEL_BACK'';
# scrollback-down-mouse = ''BTN_WHEEL_FORWARD'';
# font-increase = ''Control+BTN_WHEEL_BACK'';
# font-decrease = ''Control+BTN_WHEEL_FORWARD'';
# selection-override-modifiers = ''Shift'';
# primary-paste = ''BTN_MIDDLE'';
# select-begin = ''BTN_LEFT'';
# select-begin-block = ''Control+BTN_LEFT'';
# select-extend = ''BTN_RIGHT'';
# select-extend-character-wise = ''Control+BTN_RIGHT'';
# select-word = ''BTN_LEFT-2'';
# select-word-whitespace = ''Control+BTN_LEFT-2'';
# select-quote = ''BTN_LEFT-3'';
# select-row = ''BTN_LEFT-4'';
# # vim: ft = ''dosini'';
# };
# };
};
}

7
home-modules/git.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = with pkgs; [
git
@@ -11,9 +10,7 @@ lib.mkIf (user != "tv")
# List of directories to check
directories=(
"$HOME/nix-dots"
"$HOME/shared/nx-obsidian-vault"
"$HOME/shared/HSMW/Praxis/BCAM/bolt-llmserver"
"$HOME/shared/HSMW/Praxis/BCAM/bcam-tools"
"$HOME/obsidian-vault"
"$HOME/Pictures/wallpapers"
)
echo ""

2
home-modules/gpg.nix
View File

@@ -21,7 +21,7 @@
enableFishIntegration = true;
defaultCacheTtlSsh = min2sec 60;
defaultCacheTtl = min2sec 30;
# pinentryPackage = pkgs.pinentry-gtk2;
# pinentryPackage = pkgs.pinentry-curses;
};
home.file.".gnupg/gpg.conf".text = ''

7
home-modules/gtk.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, rice, user, ... }:
let
{ config, pkgs, lib, rice, user, ... }: let
# theme-name = "Colloid-Pink-Dark-Compact";
# theme-package = pkgs.colloid-gtk-theme.override {
# themeVariants = [ "pink" ];
@@ -14,9 +13,7 @@ let
tweaks = [ "rimless" "black" ];
variant = "macchiato";
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = with pkgs; [
# gnome.gnome-themes-extra
# gnome.adwaita-icon-theme

180
home-modules/hyprland-autoname-workspaces.nix
View File

@@ -1,109 +1,107 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.hyprland-autoname-workspaces
];
home.file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
home = {
packages = with pkgs; [ hyprland-autoname-workspaces ];
file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class_active]
"(?i)ExampleOneTerm" = "icon"
[class_active]
"(?i)ExampleOneTerm" = "icon"
[initial_class]
[initial_class]
[initial_class_active]
[initial_class_active]
[workspaces_name]
[workspaces_name]
[title_in_class]
[title_in_class]
[title_in_class_active]
[title_in_class_active]
[title_in_initial_class]
[title_in_initial_class]
[title_in_initial_class_active]
[title_in_initial_class_active]
[initial_title_in_class]
[initial_title_in_class]
[initial_title]
"Spotify Premium" = ""
[initial_title]
"Spotify Premium" = ""
[initial_title_in_class_active]
[initial_title_in_class_active]
[initial_title_in_initial_class]
[initial_title_in_initial_class]
[initial_title_in_initial_class_active]
[initial_title_in_initial_class_active]
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
};
}

4
home-modules/hyprland.nix
View File

@@ -46,9 +46,7 @@ let
};
};
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = (with pkgs; [
# hyprland itself is a system package
hyprland-protocols

49
home-modules/kitty.nix
View File

@@ -1,37 +1,32 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ rice, ... }:
{
home.packages = with pkgs; [
kitty
];
programs.kitty = {
enable = true;
font = {
name = rice.font.code.name2;
package = rice.font.code.package;
};
settings = {
background = rice.color.background;
foreground = rice.color.foreground;
cursor = rice.color.foreground;
color0 = rice.color.black.base;
color8 = rice.color.black.bright;
color1 = rice.color.red.base;
color9 = rice.color.red.bright;
color2 = rice.color.green.base;
color10 = rice.color.green.bright;
color3 = rice.color.yellow.base;
color11 = rice.color.yellow.bright;
color4 = rice.color.blue.base;
color12 = rice.color.blue.bright;
color5 = rice.color.magenta.base;
color13 = rice.color.magenta.bright;
color6 = rice.color.cyan.base;
color14 = rice.color.cyan.bright;
color7 = rice.color.white.base;
color15 = rice.color.white.bright;
background_opacity = builtins.toString rice.transparency;
settings = with rice.color; {
background = background;
foreground = foreground;
cursor = foreground;
color0 = black.base;
color8 = black.bright;
color1 = red.base;
color9 = red.bright;
color2 = green.base;
color10 = green.bright;
color3 = yellow.base;
color11 = yellow.bright;
color4 = blue.base;
color12 = blue.bright;
color5 = magenta.base;
color13 = magenta.bright;
color6 = cyan.base;
color14 = cyan.bright;
color7 = white.base;
color15 = white.bright;
background_opacity = builtins.toString rice.transparency;
window_padding_width = 5;
remember_window_size = false;
};

8
home-modules/mako.nix
View File

@@ -1,10 +1,6 @@
{ pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = [
pkgs.mako
pkgs.libnotify
];
home.packages = with pkgs; [ libnotify ];
services.mako = with rice; {
enable = true;
defaultTimeout = 5000; # in ms

11
home-modules/nx-gcal-event.nix
View File

@@ -1,9 +1,6 @@
{ config, pkgs, secrets, lib, user, ... }:
let
sep = " ";
in
lib.mkIf (user != "tv")
{
{ config, pkgs, secrets, ... }: let
sep = " ";
in {
home = {
file."${config.xdg.dataHome}/nx-gcal-event-credentials.json".text = ''
{
@@ -26,7 +23,7 @@ lib.mkIf (user != "tv")
# (pkgs.python311.withPackages (python-pkgs: [
# python-pkgs.google
# ]))
(writeScriptBin "nx_gcal_event" ''
(writeScriptBin "nx_gcal_event" /* python */ ''
#!${pkgs.python3}/bin/python3
import datetime
import os

99
home-modules/nx2site.nix Normal file
View File

@@ -0,0 +1,99 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellApplication {
name = "nxmd";
text = let
ascii_size = (pkgs.writers.writePython3Bin "ascii_size" {
# libraries = with pkgs.python311Packages; [ ];
flakeIgnore = [];
} /* python */ ''
from sys import argv
with open(argv[1], "r", encoding='utf-8') as f:
raw = f.read()
sraw = raw.split("\n")
linestart = 0
lineend = 0
started = False
for linenum in range(len(sraw)):
if sraw[linenum].strip() == "```ascii":
linestart = linenum
started = True
if started and sraw[linenum].strip() == "```":
lineend = linenum
break
maxwidth = 0
for linenum in range(linestart, lineend):
linewidth = len(sraw[linenum])
if linewidth > maxwidth:
maxwidth = linewidth
print(f"Maximum length of the `ascii` code clock is {maxwidth} characters.")
px = (1 / maxwidth) * 1500
vw = (1 / maxwidth) * 150
snew = sraw
snew[3] = "aaw: " + str(round(vw, 2))
snew[4] = "aawm: " + str(round(px, 2))
new = "\n".join(snew)
with open(argv[1], "w", encoding='utf-8') as f:
f.write(new)
print(f"The resulting font sizes are {px}px (aawm) and {vw}vw (aam).")
print(f"You can now use the push operation on {argv[1]}.")
''
);
in /* bash */ ''
ord=$(date +"%e" | awk '{printf("%d%s\n", $1, ($1==11||$1==12||$1==13)?"th":((($1%10)==1)?"st":((($1%10)==2)?"nd":((($1%10)==3)?"rd":"th"))))}')
nxdate="$(date +'%A the ')"
nxdate="$nxdate""$ord"
nxdate="$nxdate""$(date +' of %B %Y')"
if [[ $# -eq 0 ]]; then
echo "Error: No arguments provided."
echo "Usage: $0 push <markdown-file>"
exit 1
fi
if [[ "$1" == "push" ]]; then
if [[ ! "$2" =~ \.md$ ]]; then
echo "Error: Second argument must be a markdown (.md) file"
echo "Usage: $0 push <markdown-file>"
exit 1
fi
pandoc \
"$2" \
--highlight-style=breezeDark \
--standalone \
--mathjax \
--ascii \
--template /var/nginx/assets/template.html \
--metadata pdate="$nxdate" \
--verbose --from markdown-markdown_in_html_blocks+raw_html \
-o /var/nginx/webroot/"$(basename "$2" .md )".html
echo pushed "$2"
elif [[ "$1" == "ascii-size" ]]; then
if [[ ! "$2" =~ \.md$ ]]; then
echo "Error: Second argument must be a markdown (.md) file"
echo "Usage: $0 ascii-size <markdown-file>"
exit 1
fi
${ascii_size}/bin/ascii_size "$2"
else
echo "Error: First argument must be 'push'"
echo "Usage: $0 push <markdown-file>"
exit 1
fi
'';
})
];
}

1
home-modules/office.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
libreoffice

35
home-modules/programming/python.nix
View File

@@ -1,21 +1,20 @@
{ config, pkgs, lib, user, ... }:
let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
python-with-packages
];
home.sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
home = let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in {
packages = [
python-with-packages
];
sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
};
};
}

1
home-modules/qt.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
qt = {
platformTheme = "gtk";

201
home-modules/rofi.nix
View File

@@ -1,114 +1,113 @@
{ pkgs, rice, lib, user, ... }:
let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in
lib.mkIf (user != "tv")
{
{ pkgs, rice, ... }: {
home.packages = with pkgs; [
rofi-wayland
];
home.file.".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
home.file = let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in with rice.color; {
".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${rice.color.foreground};
background-color: ${rice.color.background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${foreground};
background-color: ${background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
#window {
background-color: ${rice.color.background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${rice.color.border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${rice.color.foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#window {
background-color: ${background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element.normal.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.accent.base}; }
#element.selected.normal { background-color: ${rice.color.tertiary.base}${trdr}; text-color: ${rice.color.background}; }
#element.alternate.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.secondary.base}; }
#element.normal.normal { background-color: ${background}${trdr}; text-color: ${accent.base}; }
#element.selected.normal { background-color: ${tertiary.base}${trdr}; text-color: ${background}; }
#element.alternate.normal { background-color: ${background}${trdr}; text-color: ${secondary.base}; }
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${rice.color.foreground};
}
#inputbar {
spacing: 0;
text-color: ${rice.color.background};
background-color: ${rice.color.accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${rice.color.foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${rice.color.background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${rice.color.foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${rice.color.background};
background-color: transparent;
placeholder: "";
}
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${foreground};
}
#inputbar {
spacing: 0;
text-color: ${background};
background-color: ${accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${background};
background-color: transparent;
placeholder: "";
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
};
}

50
home-modules/ssh.nix
View File

@@ -1,31 +1,27 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, domain, ... }:
{
home = {
packages = with pkgs; [ sshfs ];
file.".ssh/config".text = ''
HOST nxace
HostName ssh.${domain}
User nx2
Port 50022
home.packages = with pkgs; [
sshfs
];
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
home.file.".ssh/config".text = ''
HOST nxace
HostName ssh.nx2.site
User nx2
Port 50022
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
HOST nxrpil
HostName 192.168.178.31
User nx2
Port 22
HOST nxgit
HostName ssh.nx2.site
User git
Port 20022
'';
HOST nxrpil
HostName 192.168.178.31
User nx2
Port 22
HOST nxgit
HostName ssh.${domain}
User git
Port 20022
'';
};
}

7
home-modules/starship.nix
View File

@@ -1,10 +1,5 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ lib, rice, ... }:
{
home.packages = [
pkgs.starship
];
programs.starship = {
enable = true;
# enableBashIntegration = true;

7
home-modules/vale.nix
View File

@@ -1,9 +1,6 @@
{ pkgs, lib, user, ... }:
let
{ pkgs, ... }: let
vws = pkgs.vale.withStyles (s: [ s.alex s.google ]);
in
lib.mkIf (user != "tv")
{
in {
home = {
packages = [
vws

16
home-modules/waybar.nix
View File

@@ -1,9 +1,6 @@
{ lib, pkgs, user, rice, ... }:
let
{ lib, pkgs, user, rice, ... }: let
sep = " ";
in
lib.mkIf (user != "tv")
{
in {
home.packages =
let
waybar_mode_script = /*bash*/ ''
@@ -100,10 +97,10 @@ lib.mkIf (user != "tv")
exec = "cclock";
restart-interval = 60;
};
"custom/ctimeremaining" = {
exec = "nx_gcal_event lookup";
restart-interval = 60;
};
# "custom/ctimeremaining" = {
# exec = "nx_gcal_event lookup";
# restart-interval = 60;
# };
"custom/mode" = {
exec = "cat /tmp/waybar-mode";
interval = "once";
@@ -184,7 +181,6 @@ lib.mkIf (user != "tv")
#clock,
#custom-cclock,
#custom-ctimeremaining,
#custom-mode,
#battery,
#cpu,

171
home-modules/wlogout.nix
View File

@@ -1,98 +1,85 @@
{ config, pkgs, lib, user, rice,... }:
lib.mkIf (user != "tv")
{ pkgs, rice,... }:
{
home.packages = with pkgs; [
wlogout
];
home = {
packages = with pkgs; [ wlogout ];
file = {
".config/wlogout/style.css".text = /* css */ ''
* { all: unset; }
home.file.".config/wlogout/style.css".text = ''
* { all: unset; }
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button:hover {
color: ${rice.color.blue.base};
}
button:hover {
color: ${rice.color.blue.base} ;
}
button:focus {
color: ${rice.color.blue.base} ;
}
'';
home.file.".config/wlogout/layout".text = ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
# lock { background-image: image(url("./lock.png")); }
# lock:focus { background-image: image(url("./lock-hover.png")); }
# logout { background-image: image(url("./logout.png")); }
# logout:focus { background-image: image(url("./logout-hover.png")); }
# suspend { background-image: image(url("./suspend.png")); }
# suspend:focus { background-image: image(url("./suspend-hover.png")); }
# shutdown { background-image: image(url("./power.png")); }
# shutdown:focus { background-image: image(url("./power-hover.png")); }
# reboot { background-image: image(url("./restart.png")); }
# reboot:focus { background-image: image(url("./restart-hover.png")); }
# hibernate { background-image: image(url("./hibernate.png")); }
# hibernate:hover { background-image: image(url("./hibernate-hover.png"));}
button:focus {
color: ${rice.color.blue.base};
}
'';
".config/wlogout/layout".text = /* json */ ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
};
};
}

3
home-modules/yazi.nix
View File

@@ -1,6 +1,5 @@
{ pkgs, lib, system, user, rice, inputs, ... }:
lib.mkIf (user != "tv")
{ pkgs, system, rice, inputs, ... }:
{
home.packages = with pkgs; [
# yazi

3
home-modules/zoxide.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.zoxide

3
home.nix
View File

@@ -28,7 +28,8 @@
./home-modules/nh.nix
./home-modules/nixd.nix
./home-modules/nvidia.nix
./home-modules/nx-gcal-event.nix
./home-modules/nx2site.nix
# ./home-modules/nx-gcal-event.nix
./home-modules/obs.nix
./home-modules/office.nix
./home-modules/ollama.nix

16
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

4
system-modules/boot.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, pkgs-unstable, lib, host, inputs, ... }:
{ config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }:
let
grub-theme-ascii-diana = (pkgs.fetchFromGitea {
domain = "git.nx2.site";
domain = "git.${domain}";
owner = "nx2";
repo = "grub-theme-ascii-diana";
rev = "0.5.0";

30
system-modules/dm.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, user, host, lib, ... }:
if (host != "NxACE") then
{ pkgs, user, ... }:
{
services.greetd = {
enable = true;
@@ -22,31 +21,4 @@ if (host != "NxACE") then
TTYVHangup = true;
TTYVTDisallocate = true;
};
}
else
{
environment.systemPackages = with pkgs; [
sddm
# where-is-my-sddm-theme
];
services.xserver = {
displayManager = {
defaultSession = "hyprland";
sddm = {
enable = true;
# theme = "where_is_my_sddm_theme";
settings = {
theme = {
# background = /home/nx2/Pictures/
passwordFontSize = 12;
passwordInputCursorVisible = true;
};
};
};
autoLogin = lib.mkIf (host == "NxACE") {
enable = true;
user = "tv";
};
};
};
}

5
system-modules/docker.nix
View File

@@ -13,4 +13,9 @@
# };
};
users.users."${user}".extraGroups = [ "docker" ];
networking.firewall.allowedTCPPorts = [
80
443
8384
];
}

6
system-modules/gitea.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }:
{
services.gitea = {
enable = true;
};
}

58
system-modules/networking.nix
View File

@@ -20,61 +20,5 @@
];
};
# Eduroam
environment.etc = {
"ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
# this comment blow is just for people reading my config
# I use sops-nix to place the actual file there (read below).
# identity and password have been replaced with "<...>" in the comment
# There the "email" and the password from the IDM portal of the HRZ should go
# Notice the toda-eduroam-root.crt that I am using (specified above)
# The method im using means that the password for the network is accessable locally as root user
# an even more secure way is for example using something like this https://wiki.archlinux.org/title/NetworkManager#Encrypted_Wi-Fi_passwords
# "NetworkManager/system-connections/eduroam.nmconnection" = {
# text = ''
# [connection]
# id=eduroam
# uuid=09ce7f02-0c1d-4e11-9f69-e91031176d9d
# type=wifi
# permissions=user:nx2:;
# [wifi]
# mode=infrastructure
# ssid=eduroam
# [wifi-security]
# key-mgmt=wpa-eap
# [802-1x]
# anonymous-identity=eduroam@tu-darmstadt.de
# ca-cert=/etc/ssl/certs/tuda-eduroam-root.crt
# domain=radius.hrz.tu-darmstadt.de
# eap=peap;
# identity=<...>@tu-darmstadt.de
# password=<...>
# phase2-auth=mschapv2
# [ipv4]
# method=auto
# [ipv6]
# addr-gen-mode=stable-privacy
# ip6-privacy=2
# method=auto
# '';
# mode = "0600";
# };
};
sops.secrets = {
"eduroam/tuda_nmconnection" = {
mode = "0600";
owner = "root";
path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
};
};
networking.enableIPv6 = true;
}

207
system-modules/nx2site.nix
View File

@@ -1,45 +1,47 @@
{ config, pkgs, lib, user, host, ... }:
# lib.mkIf false
lib.mkIf (host == "NxACE")
# ((import ./nx2site/proxy.nix { inherit config pkgs lib user; }) //
(
{ config, pkgs, domain, secrets, ... }:
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
};
systemd = {
timers."namecheap-dynamic-dns" = {
timers."dynamic-dns" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "10m";
Unit = "namecheap-dynamic-dns.service";
Unit = "dynamic-dns.service";
};
};
services."namecheap-dynamic-dns" = let
services."dynamic-dns" = let
u = let
domain = "nx2.site";
passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
# passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
log-file-path = "/var/log/update_namecheap.log";
count-file-path = "/var/log/update_namecheap-count.txt";
in pkgs.writers.writePython3Bin "update_namecheap" {
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
} ''
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
} /* python */ ''
import requests
import argparse
import socket
import subprocess
from datetime import datetime
def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
def main(force_update):
def main():
my_ip = get_public_ip()
dns_ip = get_dns_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
@@ -49,73 +51,136 @@ lib.mkIf (host == "NxACE")
with open("${count-file-path}", "w") as f:
f.write(str(count))
if not (force_update or my_ip != dns_ip):
print(f"Host IP and DNS response are both {my_ip} --> No Action")
exit(0)
else:
with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
# 4
with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip()
# Perform DNS updates
resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
# Reset the count file
with open("${count-file-path}", 'w') as f: f.write('0')
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--force', action='store_true', help='Force update')
args = parser.parse_args()
main(args.force)
main()
'';
in {
script = ''
set -eu
${u}/bin/update_namecheap
${u}/bin/dyn_dns
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
# I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have
# security.acme = {
# acceptTerms = true;
# certs."nx2site" = { };
# };
environment.systemPackages = with pkgs; [
certbot
(writeShellApplication {
name = "refresh_ssl_certificate";
runtimeInputs = [ certbot ];
# https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431
text = let
webroot = /home/nx2/nx2site/staticweb/content;
in /*bash*/ ''
cartbot
ls ${webroot}
'';
})
];
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
"172.1.2.1" = [ "staticweb.docker" ];
"172.1.3.1" = [ "matrix.docker" ];
# "172.1.2.1" = [ "staticweb.docker" ];
# "172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ];
"172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
"172.1.7.1" = [ "nn.docker" ];
"172.1.8.1" = [ "llm.docker" ];
# "172.1.7.1" = [ "nn.docker" ];
# "172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ];
"172.1.10.1" = [ "share.docker" ];
"172.1.11.1" = [ "odq.docker" ];
# "172.1.10.1" = [ "share.docker" ];
# "172.1.11.1" = [ "odq.docker" ];
};
})
}

228
system-modules/nx2site/proxy.nix
View File

@@ -1,35 +1,56 @@
{ config, pkgs, lib, user }:
lib.mkIf false
{ config, pkgs, lib, domain, ... }:
{
sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
"nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; };
"nx2site/dhparams.pem" = { owner = config.services.nginx.user; };
};
services.nginx = {
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@${domain}";
webroot = "/var/nginx/webroot";
group = "nginx";
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "git2" "pw" "pw2" "sync" ];
};
};
};
users.users."nginx" = {
extraGroups = [ "nginx" "acme" ];
useDefaultShell = false;
linger = true;
home = "/var/nginx/";
homeMode = "770";
createHome = true;
isSystemUser = true;
isNormalUser = false;
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx = let
dl = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::0]"; port = 443; ssl = true; }
{ addr = "[::0]"; port = 80; ssl = false; }
];
in {
enable = true;
user = "nginx";
group = "nginx";
additionalModules = [];
# appendConfig = '''';
clientMaxBodySize = "20m";
defaultHTTPListenPort = 80;
defaultListenAddresses = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]";
defaultListen = [ {
addr = "0.0.0.0";
ssl = true;
port = 443;
proxyProtocol = true;
}];
defaultListen = dl;
defaultMimeTypes = "${pkgs.mailcap}/etc/nginx/mime.types";
defaultSSLListenPort = 443;
enableQuicBPF = true;
enableReload = true;
# eventsConfig = '''';
# logError = ;
# mapHashBucketSize = ;
# mapHashMaxSize = ;
package = pkgs.nginxQuic;
# preStart = true;
proxyResolveWhileRunning = false;
proxyTimeout = "20s";
recommendedBrotliSettings = true;
@@ -39,142 +60,81 @@ lib.mkIf false
recommendedTlsSettings = true;
recommendedZstdSettings = true;
serverTokens = false;
# sslCiphers = true;
sslDhparam = config.sops.secrets."nx2site/dhparams.pem".path;
sslProtocols = "TLSv1.2 TLSv1.3";
statusPage = false;
streamConfig = ""; # udp config
validateConfigFile = true;
upstreams = {
"staticweb".servers = { "staticweb.docker:80" = {}; };
"matrix".servers = { "matrix.docker:80" = {}; };
"matrix-ss".servers = { "matrix-ss.docker:80" = {}; };
"pw".servers = { "pw.docker:80" = {}; };
"git".servers = { "git.docker:80" = {}; };
"nn".servers = { "nn.docker:80" = {}; };
"llm".servers = { "llm.docker:80" = {}; };
"share".servers = { "share.docker:80" = {}; };
"sync".servers = { "localhost:8384" = {}; };
};
virtualHosts = let
sslCertificate = config.sops.secrets."nx2site/sslCertificate.pem".path;
sslCertificateKey = config.sops.secrets."nx2site/sslCertificateKey.pem".path;
kTLS = true; http2 = true; http3 = true; http3_hq = true; quic = true;
in
{
"nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
vh = {
kTLS = true;
http2 = true;
http3 = true;
http3_hq = true;
quic = true;
addSSL = true;
enableACME = true;
};
in {
"${domain}" = vh // {
root = "/var/nginx/webroot";
default = true;
listen = dl;
locations = {
"/" = {
proxyPass = "http://staticweb";
# extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf;
};
"/.well-known/matrix/client" = {
return = ''200 '{"m.homeserver": {"base_url": "https://matrix.nx2.site"}, "org.matrix.msc3575.proxy": {"url": "https://matrix-ss.nx2.site"}}' '';
extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
"/.well-known/matrix/server" = {
return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://matrix-ss";
# extraConfig = [ ''proxy_set_header X-Forwarded-For $remote_addr;'' ''proxy_set_header X-Forwarded-Proto $scheme;'' ''proxy_set_header Host $host;'' ];
};
"~ ^(\/_matrix|\/_synapse\/client)" = {
return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
# extraConfig = [];
extraConfig = ''
index index.html;
if ($request_uri ~ ^/(.*)\.html(\?|$)) {
return 301 /$1;
}
try_files $uri $uri.html $uri/ /404.html =404;
'';
};
"~^(/ba)$" = { return = "301 /BA.pdf"; };
"/.well-known/matrix/client" = { return = "502"; };
"/.well-known/matrix/server" = { return = "502"; };
};
};
"matrix.${domain}" = {
listen = dl;
locations = { "~.*" = { return = "502"; }; };
};
"pw.${domain}" = vh // {
listen = dl;
locations = let d = "pw.docker:80"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"matrix.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
listen = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
];
locations = {
"/" = {
proxyPass = "http://matrix";
# extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf;
};
"pw2.${domain}" = vh // {
listen = dl;
locations = let d = "127.0.0.1:8222"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"matrix-ss.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# "resolver 1.1.1.1;"
# "client_max_body_size 500M;"
# ];
locations = {
"/" = { proxyPass = "http://pw"; };
};
"sync.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; };
};
# "dev.nx2.site" = {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# locations = {
# "/" = {
# proxyPass = "http://dev";
# };
# };
# };
"pw.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://pw"; };
"/admin" = { proxyPass = "http://pw"; };
"/notifications/hub" = { proxyPass = "http://pw"; };
"/notifications/hub/negotiate" = { proxyPass = "http://pw"; };
};
"git.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
};
"share.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://share"; # ''proxy_hide_header Content-Disposition;''
# ''proxy_set_header Content-Disposition $upstream_http_content_disposition;''
# ''proxy_set_header X-Real-IP $remote_addr;''
# ''proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;''
# ''proxy_set_header Host $http_host;''
# ];
};
"/socket.io" = {
proxyPass = "http://share/socket.io";
proxyWebsockets = true;
# extraConfig = [
# ''proxy_http_version 1.1;''
# ''proxy_set_header Upgrade $http_upgrade;''
# ''proxy_set_header Connection "upgrade";''
# ];
};
};
"git2.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; };
};
"sync.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://sync"; };
};
};
"git.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://git"; };
};
};
"~^(.*)\.nx2\.site$" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
root = "/home/nx2/nx2site/staticweb/xcontent/";
locations = {
"~.*" = { return = "502 /502.html"; };
};
"~^(.*).${domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
};
};
};
}

15
system-modules/syncthing.nix
View File

@@ -1,5 +1,10 @@
{ config, lib, user, host, secrets, ...}:
let
{
config,
lib,
user,
host,
secrets,
... }: let
# helper funcitons
conv = _: device: with device; { "${name}" = {id = id;};};
justname = devices: (builtins.map (device: device.name)) devices;
@@ -24,15 +29,11 @@ let
daniel-dcim = { name = "daniel-dcim"; path = "/vault/Pictures/Daniel"; };
tessa-dcim = { name = "tessa-dcim"; path = "/vault/Pictures/Tessa"; };
};
in
lib.mkIf (user != "tv")
{
in {
sops.secrets = {
"syncthing/${host}/cert.pem" = { owner = user; };
"syncthing/${host}/key.pem" = { owner = user; };
};
services.syncthing = with (builtins.mapAttrs conv devices); {
enable = true;
user = "${user}";

10
system-modules/users.nix
View File

@@ -1,22 +1,16 @@
{ pkgs, lib, host, user, ... }:
{ pkgs, user, ... }:
{
users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
users.users."${user}" = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" "adbusers" ];
extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" "acme" "nginx" "adbusers" ];
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
];
};
users.users.tv = lib.mkIf (host == "NxACE") {
isNormalUser = true;
extraGroups = [ "networkmanager" "audio" "video" "uinput" ];
useDefaultShell = true;
};
programs = {
bash = {