nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:1651f7debf6054f0947350ae16af49e40807c485
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
..
compare: nx2:master
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

71 Commits
1651f7debf ... master

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
60fab5ff9a Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-26 19:20:24 +02:00
Lennart J. Kurzweg (Nx2)
1a662d9acf xps colors 2026-05-26 19:20:23 +02:00
Lennart J. Kurzweg (Nx2)
6b7f4459fc no headphone jack static 2026-05-26 19:19:58 +02:00
Lennart J. Kurzweg (Nx2)
7f1e43699b spotifi-cli rice fix 2026-05-26 19:19:41 +02:00
Lennart J. Kurzweg (Nx2)
1acf1773d9 xps hyprland shenanigans 2026-05-26 19:19:27 +02:00
Lennart J. Kurzweg (Nx2)
e97e9b62b0 chatterino channel update 2026-05-26 19:18:40 +02:00
Lennart J. Kurzweg (Nx2)
5211c953a3 gemini rice 2026-05-26 19:18:33 +02:00
Lennart J. Kurzweg (Nx2)
e054ee5be4 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-26 16:22:13 +02:00
Lennart J. Kurzweg (Nx2)
aefa5a48bb chatterino token 2026-05-26 16:21:14 +02:00
Lennart J. Kurzweg (Nx2)
be40aca44b Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-26 14:32:30 +02:00
Lennart J. Kurzweg (Nx2)
8228bd1f72 no simple sign up nextcloud (working?) 2026-05-26 14:32:15 +02:00
Lennart J. Kurzweg (Nx2)
63af2c4f4e stay up wifi daemon 2026-05-26 14:31:55 +02:00
Lennart J. Kurzweg (Nx2)
6a5863ee52 flake bump 2026-05-26 14:31:28 +02:00
Lennart J. Kurzweg (Nx2)
c28c40c972 rename emails 2026-05-26 14:31:22 +02:00
Lennart J. Kurzweg (Nx2)
e0bd80722c Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-26 12:46:24 +02:00
Lennart J. Kurzweg (Nx2)
6157666be9 spicetify 2026-05-26 12:46:05 +02:00
Lennart J. Kurzweg (Nx2)
07782f60d1 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-13 23:58:58 +02:00
Lennart J. Kurzweg (Nx2)
2fbf06da7a nextcloud mail 2026-05-13 23:58:51 +02:00
Lennart J. Kurzweg (Nx2)
47cc5c881c nmap 2026-05-13 23:57:45 +02:00
Lennart J. Kurzweg (Nx2)
f757727858 tuda vpn 2026-05-13 23:57:32 +02:00
Lennart J. Kurzweg (Nx2)
bf074967e5 tuda-vpn (not working?) 2026-05-13 16:08:13 +02:00
Lennart J. Kurzweg (Nx2)
674c83d3ae syntax fix 2026-05-13 16:08:02 +02:00
Lennart J. Kurzweg (Nx2)
ee46aca691 split email, contact, thunderbird 2026-05-12 18:22:42 +02:00
Lennart J. Kurzweg (Nx2)
fa89fe57b0 remove bcrypt 2026-05-10 19:37:00 +02:00
Lennart J. Kurzweg (Nx2)
f7306130ed fix firefox transparency 2026-05-04 14:57:50 +02:00
Lennart J. Kurzweg (Nx2)
dc3f30d94c Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-04 13:45:12 +02:00
Lennart J. Kurzweg (Nx2)
f7fb8121fd maddy conf 2026-05-04 13:45:11 +02:00
Lennart J. Kurzweg (Nx2)
f4ae5eae27 flake bump 2026-05-04 12:23:08 +02:00
Lennart J. Kurzweg (Nx2)
5fe9578d72 nx2s-email-relay hostname fix 2026-05-04 12:23:03 +02:00
Lennart J. Kurzweg (Nx2)
fc9122be42 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-04 03:30:45 +02:00
Lennart J. Kurzweg (Nx2)
6ab89d09b7 email smtp2go&google relay 2 2026-05-04 03:30:43 +02:00
Lennart J. Kurzweg (Nx2)
b32a79bdac email smtp2go&google relay 1 2026-05-04 03:30:01 +02:00
Lennart J. Kurzweg (Nx2)
fd5e639b17 fix yazi search 2026-05-03 22:13:34 +02:00
Lennart J. Kurzweg (Nx2)
419bd8fc12 enable nixos-cuda again 2026-05-03 15:20:33 +02:00
Lennart J. Kurzweg (Nx2)
1b18252813 caldav_event to nextcloud 2026-05-03 15:19:56 +02:00
Lennart J. Kurzweg (Nx2)
245fdbb60f Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-05-03 00:00:08 +02:00
Lennart J. Kurzweg (Nx2)
6ab13007de nextcloud 2026-05-03 00:00:07 +02:00
Lennart J. Kurzweg (Nx2)
789ed570cf update to nextcloud calendar 2026-05-02 23:59:30 +02:00
Lennart J. Kurzweg (Nx2)
901839dcd1 unstable streamlink 2026-05-02 23:58:40 +02:00
Lennart J. Kurzweg (Nx2)
ae9ae15f3a davfs 2026-05-02 23:58:31 +02:00
Lennart J. Kurzweg (Nx2)
b17f7d95b6 nixos-cuda 502 2026-05-02 23:58:21 +02:00
Lennart J. Kurzweg (Nx2)
b3a0e2914b dm matrix 2026-05-02 23:58:05 +02:00
Lennart J. Kurzweg (Nx2)
9ab9034a02 fix calendar username 2026-04-29 11:44:54 +02:00
Lennart J. Kurzweg (Nx2)
b2a322b269 yazi typo fix 2026-04-24 20:25:32 +02:00
Lennart J. Kurzweg (Nx2)
27d47179ef calendar fix 2026-04-24 20:23:12 +02:00
Lennart J. Kurzweg (Nx2)
ea1fd6a81f flake bump 2026-04-24 20:00:39 +02:00
Lennart J. Kurzweg (Nx2)
2ae3ec3b9b Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-04-24 19:58:47 +02:00
Lennart J. Kurzweg (Nx2)
9ccabedbb2 nxcaldav 2026-04-24 19:58:21 +02:00
Lennart J. Kurzweg (Nx2)
5cc13c9b9a shell only gemini-cli 2026-04-24 19:57:45 +02:00
Lennart J. Kurzweg (Nx2)
ea608bd665 gemini chrome 2026-04-24 19:56:37 +02:00
Lennart J. Kurzweg (Nx2)
e6fc668413 calendar to nxc 2026-04-24 19:56:23 +02:00
Lennart J. Kurzweg (Nx2)
12714021b6 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-04-22 08:38:34 +00:00
Lennart J. Kurzweg (Nx2)
23b1e6f8cc gemini in shell-only 2026-04-22 08:38:22 +00:00
Lennart J. Kurzweg (Nx2)
375d42d0ed Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-04-18 20:42:39 +02:00
Lennart J. Kurzweg (Nx2)
8e5da6e966 chatterino verison 2026-04-18 20:42:27 +02:00
Lennart J. Kurzweg (Nx2)
62d7d91dc0 sort fonts 2026-04-18 20:42:21 +02:00
Lennart J. Kurzweg (Nx2)
4a977f7076 flake bump 2026-04-18 20:42:06 +02:00
Lennart J. Kurzweg (Nx2)
3f7877d5b8 flake bump 2026-04-14 00:47:00 +02:00
Lennart J. Kurzweg (Nx2)
d7a1f55a34 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-04-13 22:44:57 +02:00
Lennart J. Kurzweg (Nx2)
a2f5e9828c no zoom 2026-04-13 22:44:33 +02:00
Lennart J. Kurzweg (Nx2)
fa98f9eb2e fixed now (tm) 2026-03-30 21:49:55 +02:00
Lennart J. Kurzweg (Nx2)
2ba41d37fb email fix 2026-03-30 18:02:24 +02:00
Lennart J. Kurzweg (Nx2)
ba1a5a5c10 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-03-30 15:00:18 +02:00
Lennart J. Kurzweg (Nx2)
ba1bce57c5 nx2site email 2026-03-30 14:56:45 +02:00
Lennart J. Kurzweg (Nx2)
4951ee898d xps displays 2026-03-30 14:56:38 +02:00
Lennart J. Kurzweg (Nx2)
2e02069629 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2026-03-23 14:29:31 +01:00
Lennart J. Kurzweg (Nx2)
9108c8689a flake bump 2026-03-23 14:29:27 +01:00
Lennart J. Kurzweg (Nx2)
b6853648d6 nxace no dm 2026-03-23 14:29:20 +01:00
Lennart J. Kurzweg (Nx2)
f77d0d2301 nxcaldav (manual for now) 2026-03-23 14:29:08 +01:00
Lennart J. Kurzweg (Nx2)
bfa820a82a gitea push create (still doesnt work) 2026-03-23 14:27:16 +01:00
Lennart J. Kurzweg (Nx2)
113931d088 o7 lr 2026-03-23 14:26:56 +01:00
41 changed files with 1250 additions and 332 deletions
Expand all files Collapse all files

13
configuration.nix
View File

@@ -9,6 +9,7 @@
./system-modules/cache.nix ./system-modules/cache.nix
./system-modules/calendar.nix ./system-modules/calendar.nix
./system-modules/dm.nix ./system-modules/dm.nix
./system-modules/davfs.nix
./system-modules/docker.nix ./system-modules/docker.nix
./system-modules/fcitx5.nix ./system-modules/fcitx5.nix
./system-modules/fonts.nix ./system-modules/fonts.nix
@@ -45,12 +46,21 @@
./system-modules/simple-postgres.nix ./system-modules/simple-postgres.nix
] ++ (if hyper.isServer then [ ] ++ (if hyper.isServer then [
./system-modules/stay-up.nix
./system-modules/nx2site.nix ./system-modules/nx2site.nix
./system-modules/hugo.nix ./system-modules/hugo.nix
./system-modules/postgres.nix ./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix ./system-modules/nx2site/proxy.nix
# ./system-modules/nx2site/smtp.nix
# ./system-modules/nx2site/imap.nix
# ./system-modules/nx2site/vmail.nix
./system-modules/nx2site/maddy.nix
./system-modules/nx2site/audiobookshelf.nix ./system-modules/nx2site/audiobookshelf.nix
# ./system-modules/nx2site/baikal.nix # ./system-modules/nx2site/baikal.nix
./system-modules/nx2site/nextcloud.nix
./system-modules/nx2site/nxcaldav.nix
./system-modules/nx2site/copyparty.nix ./system-modules/nx2site/copyparty.nix
./system-modules/nx2site/gitea.nix ./system-modules/nx2site/gitea.nix
./system-modules/nx2site/open-web-calendar.nix ./system-modules/nx2site/open-web-calendar.nix
@@ -59,8 +69,7 @@
./system-modules/nx2site/paperless.nix ./system-modules/nx2site/paperless.nix
./system-modules/calendar/publish.nix ./system-modules/calendar/publish.nix
./system-modules/calendar/lec.nix ./system-modules/calendar/lec.nix
./system-modules/calendar/lr.nix # ./system-modules/calendar/lr.nix
./system-modules/calendar/dicos.nix
] else [ ]); ] else [ ]);
environment.systemPackages = import ./system-modules/base-packages.nix pkgs; environment.systemPackages = import ./system-modules/base-packages.nix pkgs;

28
flake-modules/colors.json
View File

@@ -1,15 +1,15 @@
{ {
"NxXPS": { "NxXPS": {
"base": { "base": {
"foreground": "#fecccc", "foreground": "#fccee9",
"background": "#190000" "background": "#18010e"
}, },
"to_alter": { "to_alter": {
"accent": "#ff3232", "accent": "#f43da7",
"secondary": "#6632ff", "secondary": "#3269ff",
"tertiary": "#dd32dd", "tertiary": "#d744ed",
"special": "#31feff", "special": "#3cf48a",
"weird": "#baff31" "weird": "#f4c63c"
} }
}, },
"NxACE": { "NxACE": {
@@ -27,15 +27,15 @@
}, },
"NxNORTH": { "NxNORTH": {
"base": { "base": {
"foreground": "#d2cefc", "foreground": "#dbe7ef",
"background": "#030118" "background": "#070d11"
}, },
"to_alter": { "to_alter": {
"accent": "#4b3cf5", "accent": "#72a2bf",
"secondary": "#ff3632", "secondary": "#fc3535",
"tertiary": "#fffc32", "tertiary": "#83ae8a",
"special": "#e6f53b", "special": "#bf8f71",
"weird": "#f53ba8" "weird": "#a871bf"
} }
}, },
"NxDCS": { "NxDCS": {

152
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772292445, "lastModified": 1778857089,
"narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=", "narHash": "sha256-TclWRW2SdFeETLaiTG4BA8C8C4m/LppQEldncqyTzAQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f", "rev": "ab2b0af63fbc9fb779d684f19149b790978be8a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -39,11 +39,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1773005383, "lastModified": 1779740183,
"narHash": "sha256-Nlln9sKJa1q5lYX4xXS34Lt1oREwgQbT59Aa37nBGkU=", "narHash": "sha256-WgZFCa8mutaHzVVdS9QedtDWpVKsOGtqou8LNqHwvn4=",
"owner": "9001", "owner": "9001",
"repo": "copyparty", "repo": "copyparty",
"rev": "266d6e0ae6a6eecac7bc863bd8f746d16686e61a", "rev": "e32718303cd7560f60d3e0ddd473a8a69d7dfa81",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -220,11 +220,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985280, "lastModified": 1779506708,
"narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "narHash": "sha256-QOD/CNm196nCJRheux/URi4/HE66fthdOMqCJoPP1Y0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "rev": "3ee51fbdac8c8bdfe1e7e1fcaba6520a563f394f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -271,11 +271,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753964049, "lastModified": 1776511930,
"narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", "narHash": "sha256-fCpwFiTW0rT7oKJqr3cqHMnkwypSwQKpbtUEtxdkgrM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", "rev": "39435900785d0c560c6ae8777d29f28617d031ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -300,11 +300,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770511807, "lastModified": 1776426399,
"narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=", "narHash": "sha256-RUESLKNikIeEq9ymGJ6nmcDXiSFQpUW1IhJ245nL3xM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "7c75487edd43a71b61adb01cae8326d277aab683", "rev": "68d064434787cf1ed4a2fe257c03c5f52f33cf84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -330,11 +330,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1773082851, "lastModified": 1779729308,
"narHash": "sha256-4zkUP+gZF6zveHFN0W3oX750mpVgxfiShL+ZcvcH244=", "narHash": "sha256-tMt7oeAahwHGDgSIf5XKZoUXenOvlxjI0KBPku97tzM=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e32eeb1d454b029a24ca71f410896bf52839085d", "rev": "bb3353f864be97e9236cfafca68ce71d7cf590dc",
"revCount": 7010, "revCount": 7364,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -378,11 +378,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767023960, "lastModified": 1776426575,
"narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=", "narHash": "sha256-KI6nIfVihn/DPaeB5Et46Xg3dkNHrrEtUd5LBBVomB0=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-guiutils", "repo": "hyprland-guiutils",
"rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660", "rev": "a968d211048e3ed538e47b84cb3649299578f19d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -403,11 +403,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765214753, "lastModified": 1772460177,
"narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -432,11 +432,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771866172, "lastModified": 1777320127,
"narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=", "narHash": "sha256-Qu+Wf2Bp5qUjyn2YpZNq8a7JyzTGowhT1knrwE38a9U=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41", "rev": "090117506ddc3d7f26e650ff344d378c2ec329cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -484,11 +484,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764592794, "lastModified": 1772462885,
"narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=", "narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprtoolkit", "repo": "hyprtoolkit",
"rev": "5cfe0743f0e608e1462972303778d8a0859ee63e", "rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -509,11 +509,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771271487, "lastModified": 1779475241,
"narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=", "narHash": "sha256-Nw4DN0A5krWNcPBvuWe5Gz2yuxsUUPiDgtu6SVPJQeU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d", "rev": "3cd3972b2ee658a14d2610d8494e09259e530124",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -534,11 +534,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770501770, "lastModified": 1777159683,
"narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=", "narHash": "sha256-Jxixw6wZphUp+nHYxOKUYSckL17QMBx2d5Zp0rJHr1g=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40", "rev": "b8632713a6beaf28b56f2a7b0ab2fb7088dbb404",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -563,11 +563,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771606233, "lastModified": 1778410714,
"narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=", "narHash": "sha256-o6RzFj4nJXaPRY7EM01siuCQeT41RfwwmcmFQqwFJJg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwire", "repo": "hyprwire",
"rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a", "rev": "85148a8e612808cf5ddb25d0b3c5840f3498a7dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -657,11 +657,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1772386632, "lastModified": 1777732699,
"narHash": "sha256-sm6OpWZuoDwR53KNlsY482YOoHFWlWYwt0wHmqLkRGE=", "narHash": "sha256-2uX/XtOWZ/oy2rerRynVhqVA//ZXZ3Fo60PikLHEPQc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "be894604b2aa2184c0b3d3b44995acd0da14dc0c", "rev": "5482f113fd31ebac131d1ebeb2ae90bf0d5e41f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -720,11 +720,11 @@
}, },
"nixpkgs-latest": { "nixpkgs-latest": {
"locked": { "locked": {
"lastModified": 1773098859, "lastModified": 1779791687,
"narHash": "sha256-ShEH4g8sw83iV+JDd2MYQv+Q7Lka2NgBjtPUQFsoZco=", "narHash": "sha256-ynEmhfOI9cWkI8AUiFimNWutJ+RNibt1Ge4azZVbTQ8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1d74c186d4e7b3237c236eaeac6bc88c2904b560", "rev": "8d10ccfc5381d4129e7730b5bfbe67709f06777e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -752,11 +752,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1772963539, "lastModified": 1779560665,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -783,11 +783,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1772198003, "lastModified": 1779357205,
"narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "narHash": "sha256-cCO8aTqss5x9Ky8GWkpY0Hy5fyTZEbtifSUV8QjSzic=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "rev": "f83fc3c307e74bc5fd5adb7eb6b8b13ffd2a36e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -815,11 +815,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1770019141, "lastModified": 1776169885,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -831,11 +831,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1772822230, "lastModified": 1779467186,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", "narHash": "sha256-nOesoDCiXcUftqbRBMz9tt4blI5PvljMWbm3kuCA+0s=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "rev": "b77b3de8775677f84492abe84635f87b0e153f0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -846,11 +846,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1772419343, "lastModified": 1776329215,
"narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=", "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9", "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -924,11 +924,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772024342, "lastModified": 1778507602,
"narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1010,11 +1010,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772420823, "lastModified": 1776741231,
"narHash": "sha256-q3oVwz1Rx41D1D+F6vg41kpOkk3Zi3KwnkHEZp7DCGs=", "narHash": "sha256-k9G98qzn+7npROUaks8VqCFm7cFtEG8ulQLBBo5lItg=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "458eea8d905c609e9d889423e6b8a1c7bc2f792c", "rev": "02061303f7c4c964f7b4584dabd9e985b4cd442b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1046,11 +1046,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773096132, "lastModified": 1777944972,
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1117,11 +1117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1761431178, "lastModified": 1778265244,
"narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "narHash": "sha256-8jlPtGSsv/CQY6tVVyLF4Jjd0gnS+Zbn9yk/V13A9nM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "rev": "813ea5ca9a1702a9a2d1f5836bc00172ef698968",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1137,11 +1137,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1772869527, "lastModified": 1779676204,
"narHash": "sha256-U0E3U2Iu3JeQFbTQ+vclG2jZMoJl+rJdEa68I8qk4Eg=", "narHash": "sha256-/DLVKPqrU3WuY99jrHjYuIR0yGl98mGS6izK5rC1gZM=",
"owner": "sxyazi", "owner": "sxyazi",
"repo": "yazi", "repo": "yazi",
"rev": "741f84e22b2c360366c685724d45cbec6d90b480", "rev": "cf8b54179ea0de392629d93081afca9e5587225e",
"type": "github" "type": "github"
}, },
"original": { "original": {

BIN
git-crypt/secrets.nix
View File

Binary file not shown.

12
home-modules/bar/caldav-event.nix
View File

@@ -1,6 +1,8 @@
{ pkgs, ... }@all: with all; { { pkgs, ... }@all: with all; let
username = "lennart";
in {
sops.secrets = { sops.secrets = {
"nx2site/radicale/password" = { }; "nx2site/nextcloud/lennart_pass" = { };
}; };
home.packages = [ home.packages = [
(pkgs.writers.writePython3Bin "caldav_event" { (pkgs.writers.writePython3Bin "caldav_event" {
@@ -90,10 +92,10 @@ def is_too_old(event_dict: dict) -> bool:
return now - last_checked >= timedelta(minutes=10) return now - last_checked >= timedelta(minutes=10)
if __name__ == "__main__": if __name__ == "__main__":
password_file = "${config.sops.secrets."nx2site/radicale/password".path}" # Path to password file password_file = "${config.sops.secrets."nx2site/nextcloud/lennart_pass".path}" # Path to password file
cache_file = "/tmp/caldav_event_cache.json" # Path to cache file cache_file = "/tmp/caldav_event_cache.json" # Path to cache file
url = "https://dav.${hyper.domain}/" url = "https://n.${hyper.domain}/remote.php/dav/calendars/${username}/"
username = "nx2" username = "${username}"
password = get_password(password_file) password = get_password(password_file)
now = datetime.now(timezone.utc).timestamp() now = datetime.now(timezone.utc).timestamp()

39
home-modules/calendar.nix
View File

@@ -1,31 +1,44 @@
{ pkgs, ... }@all: with all; let { pkgs, ... }@all: with all; let
calendars = with hyper; [ v = "nxc";
user = "lennart";
domain = hyper.domain;
calendars = let
bs = "https://n.${domain}/remote.php/dav/calendars/lennart";
in [
{ {
name = "Preservation"; name = "Preservation";
primary = true; primary = true;
url = "https://dav.${domain}/${user}/preservation/"; url = "${bs}/preservation/";
color = "#dddddd"; color = "#dddddd";
} }
{ {
name = "Effort"; name = "Effort";
url = "https://dav.${domain}/${user}/effort/"; url = "${bs}/effort/";
color = "#dd2222"; color = "#dd2222";
} }
{ {
name = "Experience"; name = "Experience";
url = "https://dav.${domain}/${user}/experience/"; url = "${bs}/experience/";
color = "#2222dd"; color = "#2222dd";
} }
{ {
name = "Exposure"; name = "Leisure";
url = "https://dav.${domain}/${user}/exposure/"; # name = "Exposure";
url = "${bs}/leisure/";
# url = "https://${v}.${domain}/${user}/exposure/";
color = "#22aa22"; color = "#22aa22";
} }
{ # {
name = "Engagement"; # name = "Engagement";
url = "https://dav.${domain}/${user}/engagement/"; # url = "https://${v}.${domain}/${user}/engagement/";
color = "#8800CC"; # color = "#8800CC";
} # }
# {
# {
# name = "Family";
# url = "${bs}/family/";
# color = "#dddd22";
# }
{ {
name = "Sleep as Android"; name = "Sleep as Android";
url = secrets.calendar.sleep-as-android-url; url = secrets.calendar.sleep-as-android-url;
@@ -68,7 +81,7 @@ in {
inherit primary; inherit primary;
remote = { remote = {
inherit url name; inherit url name;
userName = hyper.user; # my globally set username userName = user;
}; };
}; };
in lib.attrsets.mergeAttrsList ( in lib.attrsets.mergeAttrsList (
@@ -88,7 +101,7 @@ in {
"calendar.registry.${to_safe_name calendar.name}.name" = name; "calendar.registry.${to_safe_name calendar.name}.name" = name;
"calendar.registry.${to_safe_name calendar.name}.type" = type; "calendar.registry.${to_safe_name calendar.name}.type" = type;
"calendar.registry.${to_safe_name calendar.name}.uri" = url; "calendar.registry.${to_safe_name calendar.name}.uri" = url;
"calendar.registry.${to_safe_name calendar.name}.username" = hyper.user; "calendar.registry.${to_safe_name calendar.name}.username" = user;
"calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only; "calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only;
}) calendars }) calendars
) // { ) // {

29
home-modules/chatterino.nix
View File

@@ -2,33 +2,34 @@
let let
channels = [ channels = [
"Caedrel" "Caedrel"
"Caedrel247"
# "agurin" # "agurin"
# "asmongold" # "asmongold"
# "Caedrel" # "Caedrel"
# "EintrachtSpandau" # "EintrachtSpandau"
# "GamesDoneQuick" # "GamesDoneQuick"
# "Odoamne" # "Odoamne"
"iwdominate" # "iwdominate"
# "imls" # "imls"
"gdolphn" # "gdolphn"
"GRONKH" "GRONKH"
"handofblood" # "handofblood"
"HisWattson" # "HisWattson"
# "Jankos" # "Jankos"
# "KuruHS" # "KuruHS"
"LEC" "LEC"
"lol_nemesis" "lol_nemesis"
# "NASA" # "NASA"
"nattynattlol" # "nattynattlol"
"NoWay4u_Sir" # "NoWay4u_Sir"
# "OfficialMikeShinoda" # "OfficialMikeShinoda"
"Rekkles" # "Rekkles"
"riotgames" "riotgames"
"thebausffs" # "thebausffs"
"ThePrimeagen" # "ThePrimeagen"
"Tolkin" # "Tolkin"
"imperialhal__" # "imperialhal__"
"velja_lol" # "velja_lol"
# "Xisuma" # "Xisuma"
"zackrawrr" "zackrawrr"
]; ];
@@ -52,7 +53,7 @@ in {
home = { home = {
packages = with pkgs; [ packages = with pkgs; [
unstable.chatterino2 unstable.chatterino2
streamlink unstable.streamlink
# mpv # mpv
]; ];
file = { file = {
@@ -192,7 +193,7 @@ in {
}, },
"misc": { "misc": {
"askOnTabVisibilityToggle": false, "askOnTabVisibilityToggle": false,
"currentVersion": "2.5.4", "currentVersion": "2.5.5",
"lockNotebookLayout": false "lockNotebookLayout": false
}, },
"similarity": { "similarity": {

28
home-modules/contact.nix Normal file
View File

@@ -0,0 +1,28 @@
{ pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
# sops.secrets."nx2site/nextcloud/lennart_pass".path = "nx2site/nextcloud/lennart_pass";
# accounts.contact = {
# basePath = "~/.local/share/contacts";
# accounts = let
# nc = name: { "${name}" = let
# un = "lennart";
# in {
# inherit name;
# remote = {
# url = "https://n.${hyper.domain}/remote.php/dav/addressbooks/users/${un}/${name}/";
# type = "carddav";
# username = un;
# passwordCommand = "cat /run/user/1000/secrets/nx2site/nextcloud/lennart_pass";
# thunderbird = {
# enable = builtins.trace config.programs.thunderbird.enable config.programs.thunderbird.enable;
# prifiles = [ hyper.user ];
# };
# };
# local = {
# type = "filesystem";
# path = "${name}";
# };
# };};
# in (pkgs.lib.mergeAttrsList (builtins.map nc [ "TUDa" "CWG" "HSMW" "DICOS" "Accounts" "Familie & Freunde" "Friedrich Schiller Grundschule" "Handball" "Phönix" "Util & Miscellaneous" ]));
# };
# };
}

128
home-modules/email.nix
View File

@@ -1,100 +1,12 @@
{ pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) { { pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
home.packages = with pkgs; [
thunderbird
];
programs.thunderbird = let
inherit (lib.generators) toJSON;
extensions = toJSON {} {
"addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d";
};
in {
enable = true;
profiles = {
"${hyper.user}" = {
isDefault = true;
settings = with rice.color; {
"calendar.alarms.showmissed" = false;
"calendar.alarms.playsound" = false;
"calendar.alarms.show" = false;
"extensions.webextensions.uuids" = extensions;
"mail.startup.enabledMailCheckOnce" = true;
"mailnews.mark_message_read.delay" = true;
"mailnews.mark_message_read.delay.interval" = 3;
"mailnews.tags.$label1.color" = red.base;
"mailnews.tags.$label1.tag" = "Important";
"mailnews.tags.$label2.color" = yellow.base;
"mailnews.tags.$label2.tag" = "Work";
"mailnews.tags.$label3.color" = green.base;
"mailnews.tags.$label3.tag" = "Personal";
"mailnews.tags.$label4.color" = cyan.base;
"mailnews.tags.$label4.tag" = "To Do";
"mailnews.tags.$label5.color" = blue.base;
"mailnews.tags.$label5.tag" = "Later";
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showSender" = true;
"mailnews.headers.showUserAgent" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
userChrome = with rice.color; /* css */ ''
body,
#navigation-toolbox,
#calendarContent,
#calSidebar,
#tabpanelcontainer,
#spacesToolbar,
#tabs-toolbar,
#calMinimonth,
#primaryButtonSidePanel *,
.minimonth-week,
.multiday-header-corner, .day-column-heading, calendar-header-container, calendar-event-column, .multiday-hour-box,
#view-box,
#tabs-toolbar,
#status-bar,
.calview-toggle,
#calview-toggle-item,
#folderPaneHeaderBar,
#folderPane,
#threadPaneHeaderBar,
#threadTree,
#tabs-toolbar {
color: ${foreground} !important;
font-family: ${rice.font.base.name} !important;
background-color: transparent !important;
background-image: none !important;
border: none !important;
-moz-appearance: none !important;
}
.minimonth-nav-section {
background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
border: ${builtins.toString rice.border-width}px solid ${border};
}
.button,
.button-primary,
.tab-content[selected] {
background-color: ${accent.base};
color: ${background};
background-image: none;
}
html {
background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
}
'';
};
};
};
accounts.email.accounts = let accounts.email.accounts = let
OAuth2Settings = id: { OAuth2Settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10; "mail.smtpserver.smtp_${id}.authMethod" = 10;
"mail.server.server_${id}.authMethod" = 10; "mail.server.server_${id}.authMethod" = 10;
}; };
in { in {
gmail-online = { gmail-online-accounts = {
address = secrets.email.gmail-online.mail; address = secrets.email.gmail-online-accounts.mail;
realName = "Lennart J. Kurzweg"; realName = "Lennart J. Kurzweg";
flavor = "gmail.com"; flavor = "gmail.com";
primary = true; primary = true;
@@ -115,8 +27,8 @@
}; };
}; };
gmail-business = { gmail-ljk = {
address = secrets.email.gmail-business.mail; address = secrets.email.gmail-ljk.mail;
realName = "Lennart J. Kurzweg"; realName = "Lennart J. Kurzweg";
flavor = "gmail.com"; flavor = "gmail.com";
signature = { signature = {
@@ -179,10 +91,38 @@
thunderbird = { thunderbird = {
enable = true; enable = true;
profiles = [ "nx2" ]; profiles = [ "nx2" ];
settings = id: { settings = id: { };
"mail.server.server_${id}.fcc_folder" = "imap://${un}%40hs-mittweida.de@xc.hs-mittweida.de/Sent";
}; };
}; };
nx2site = {
address = "lennart@${hyper.domain}";
userName = "lennart@${hyper.domain}";
realName = "Lennart J. Kurzweg";
imap = {
port = 993;
host = "ssh.${hyper.domain}";
tls.enable = true;
};
smtp = {
port = 465;
host = "mail-eu.smtp2go.com";
tls.enable = true;
# port = 587;
# host = "mail.${hyper.domain}";
# tls.useStartTls = true;
};
signature = {
text = ''
About Me: https://nx2.site/about-me
Contact: https://nx2.site/contact
GPG: https://nx2.site/gpg
'';
showSignature = "append";
};
thunderbird = {
enable = true;
profiles = [ "nx2" ];
};
}; };
}; };
} }

16
home-modules/firefox/userChrome.nix
View File

@@ -63,8 +63,22 @@ in /* css */ ''
--newtab-background-card : ${accent.dark} !important; --newtab-background-card : ${accent.dark} !important;
--tabpanel-background-color : transparent !important; --tabpanel-background-color : transparent !important;
background : linear-gradient(180deg,rgba(${f secondary.dark}, ${builtins.toString rice.transparency}) 0%, rgba(${f accent.dark}, ${builtins.toString rice.transparency}) 100%) !important; background : transparent !important;
} }
body {
background-color: unset !important;
background-color: transparent !important;
background-image: linear-gradient(0deg,rgba(${f accent.dark}, ${builtins.toString rice.transparency}) 0%, rgba(${f secondary.dark}, ${builtins.toString rice.transparency}) 100%) !important;
background-size: 100% 150% !important;
background-position: 0% 0% !important;
will-change: background-position;
transition: background-position 300ms !important;
&:-moz-window-inactive {
background-position: 0% 50% !important;
background-color: transparent !important;
}
}
.tabbrowser-tab[selected="true"], .tab-text[selected=""], .tabbrowser-tab[selected="true"], .tab-text[selected=""],
.tab-close-button[selected=""] { .tab-close-button[selected=""] {
color: ${background} !important; color: ${background} !important;

32
home-modules/firefox/userContent.nix
View File

@@ -31,6 +31,29 @@ in /* css */ ''
} }
} }
@-moz-document url-prefix("https://n.nx2.site/") {
:root, [data-theme-dark] {
--color-main-background: #00000055;
--color-main-background-rgb: 0,0,0;
--color-primary-element-light: #550000;
}
.app-navigation, .app-content {
background: rgba(0,0,0,0.8) !important;
backdrop-filter: blur(5px) !important;
}
.files-list__row-head, .files-list__tfoot {
background: rgba(0,0,0,0.5) !important;
}
.fc-day-today {
background: #ff000055 !important;
}
.files-list__thead {
background: transparent !important;
}
}
@-moz-document domain(reddit.com) { @-moz-document domain(reddit.com) {
header { header {
background-color: rgba(${f background},${builtins.toString rice.transparency}) !important; background-color: rgba(${f background},${builtins.toString rice.transparency}) !important;
@@ -80,6 +103,14 @@ in /* css */ ''
} }
} }
@-moz-document domain(gemini.google.com) {
input-container, input-container::before {
background: transparent !important;
}
bard-sidenav {
background: rgba(${rice.lib.hex-to-rgb-comma-string background},0.5) !important;
}
}
@media (prefers-color-scheme: dark) { @media (prefers-color-scheme: dark) {
:root .theme-system { :root .theme-system {
@@ -226,6 +257,7 @@ in /* css */ ''
border: ${toString rice.border-width}px solid ${border} !important; border: ${toString rice.border-width}px solid ${border} !important;
} }
} }
'' ''
# @-moz-document domain(chatgpt.com) { # @-moz-document domain(chatgpt.com) {
# body, html , .bg-token-sidebar-surface-primary { # body, html , .bg-token-sidebar-surface-primary {

96
home-modules/hyprland.nix
View File

@@ -5,10 +5,27 @@
terminal-exec = "ghostty --command="; terminal-exec = "ghostty --command=";
monitors = { monitors = {
xps = { xps = {
main = { name = "eDP-1"; resolution = "1920x1200"; position = "1920x1080"; scale = "1.0"; }; # def
# main = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; };
# second = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; };
# third = { name = "eDP-1"; resolution = "preferred"; position = "0x0"; scale = "1.0"; };
# Home
main = { name = "eDP-1"; resolution = "1920x1200"; position = "0x1080"; scale = "1.0"; };
second = { name = "desc:Sony SONY TV 0x01010101"; resolution = "1920x1080"; position = "0x0"; scale = "1.0"; };
third = { name = ""; resolution = "preferred"; position = "auto"; scale ="1, mirror, eDP-1"; };
# Presentation
# main = { name = "eDP-1"; resolution = "1920x1080"; position = "1920x1080"; scale = "1.0"; }; # main = { name = "eDP-1"; resolution = "1920x1080"; position = "1920x1080"; scale = "1.0"; };
second = { name = "desc:Sony SONY TV 0x01010101"; resolution = "1920x1080"; position = "1920x0"; scale = "1.0"; }; # second = { name = ""; resolution = "preferred"; position = "auto"; scale ="1, mirror, eDP-1"; };
third = { name = "DP-6"; resolution = "1920x1080"; position = "0x0"; scale = "1.0"; }; # third = { name = ""; resolution = "preferred"; position = "auto"; scale ="1, mirror, eDP-1"; };
# thunderbolt docking
# main = { name = "eDP-1"; resolution = "1920x1200"; position = "1920x1200"; scale = "1.0"; };
# second = { name = "DP-5"; resolution = "1920x1200"; position = "1920x0"; scale = "1.0"; };
# third = { name = "DP-4"; resolution = "1920x1200"; position = "0x0"; scale = "1.0"; };
# second = { name = "DP-6"; resolution = "1920x1200"; position = "0x0"; scale = "1.0"; };
# third = { name = "DP-7"; resolution = "1920x1200"; position = "1920x0"; scale = "1.0"; };
}; };
north = { north = {
main = { name = "desc:Iiyama North America PL3270Q na"; resolution = "2560x1440"; position = "1920x0"; scale = "1.0"; }; main = { name = "desc:Iiyama North America PL3270Q na"; resolution = "2560x1440"; position = "1920x0"; scale = "1.0"; };
@@ -34,17 +51,18 @@ in {
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
# package = pkgs-unstable.hyprland;
# package = pkgs.hyprland; # package = pkgs.hyprland;
package = inputs.hyprland.packages.${hyper.system}.hyprland; package = inputs.hyprland.packages.${hyper.system}.hyprland;
# package = config.programs.hyprland.package;
xwayland.enable = true; xwayland.enable = true;
systemd.enable = true; systemd.enable = true;
plugins = [ plugins = let s = pkgs.stdenv.hostPlatform.system; in [
# inputs.hyprland-plugins.packages.${pkgs.system}.hyprexpo # inputs.hyprland-plugins.packages.${s}.hyprexpo
# inputs.hyprfocus.packages.${pkgs.system}.hyprfocus # inputs.hyprfocus.packages.${s}.hyprfocus
# inputs.hycov.packages.${pkgs.system}.hycov # inputs.hycov.packages.${s}.hycov
# pkgs.hyprlandPlugins.hyprspace # inputs.hyprspace.packages.${s}.Hyprspace
# inputs.hyprspace.packages.${pkgs.system}.Hyprspace # inputs.hyprtasking.packages.${s}.hyprtasking
# inputs.hyprland-easymotion.packages.${s}.hyprland-easymotion
]; ];
settings = { settings = {
@@ -53,7 +71,6 @@ in {
"${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
"${second.name}, ${second.resolution}, ${second.position}, ${second.scale}" "${second.name}, ${second.resolution}, ${second.position}, ${second.scale}"
"${third.name}, ${third.resolution}, ${third.position}, ${third.scale}" "${third.name}, ${third.resolution}, ${third.position}, ${third.scale}"
" ,preferred, auto, 1, mirror, eDP-1"
]) else (if hyper.host == "NxNORTH" then (with monitors.north; [ ]) else (if hyper.host == "NxNORTH" then (with monitors.north; [
"${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
"${left.name}, ${left.resolution}, ${left.position}, ${left.scale}" "${left.name}, ${left.resolution}, ${left.position}, ${left.scale}"
@@ -371,6 +388,8 @@ in {
# "SUPER, TAB, hycov:toggleoverview" # "SUPER, TAB, hycov:toggleoverview"
# "SUPER, TAB, overview:toggle" # "SUPER, TAB, overview:toggle"
# "SUPER, TAB, hyprexpo:expo, toggle" # "SUPER, TAB, hyprexpo:expo, toggle"
# "SUPER, TAB, hyprtasking:killhovered"
# ", Escape, hyprtasking:if_active, hyprtasking:toggle cursor"
"ALT, TAB, focuscurrentorlast" "ALT, TAB, focuscurrentorlast"
# "SUPER, TAB, exec, hyprswitch --daemon" # "SUPER, TAB, exec, hyprswitch --daemon"
"SUPER, Q, killactive" "SUPER, Q, killactive"
@@ -404,7 +423,7 @@ in {
"SUPER, D, exec, vesktop" "SUPER, D, exec, vesktop"
# "SUPER, D, exec, discord" # "SUPER, D, exec, discord"
"SUPER, F, fullscreen" "SUPER, F, fullscreen"
# "SUPER, G," # "SUPER, G, action:hyprctl dispatch focuswindow address:{}"
"SUPER, H, movefocus, l" "SUPER, H, movefocus, l"
"SUPER, J, movefocus, d" "SUPER, J, movefocus, d"
"SUPER, K, movefocus, u" "SUPER, K, movefocus, u"
@@ -533,6 +552,59 @@ in {
reverseSwipe = true; # reverses the direction of swipe gesture, for macOS peeps? reverseSwipe = true; # reverses the direction of swipe gesture, for macOS peeps?
exitKey = true; exitKey = true;
}; };
hypertasking = {
layout = "grid";
gap_size = 20;
bg_color = "0xff${rice.color.background}";
border_size = 4;
exit_on_hovered = false;
warp_on_move_window = 1;
close_overview_on_reload = true;
drag_button = "0x110"; # left mouse button
select_button = "0x111"; # right mouse button
# for other mouse buttons see <linux/input-event-codes.h>
gestures = {
enabled = true;
move_fingers = 3;
move_distance = 300;
open_fingers = 4;
open_distance = 300;
open_positive = true;
};
grid = {
rows = 3;
cols = 3;
loop = false;
layers = 2;
loop_layers = true;
gaps_use_aspect_ratio = false;
};
linear ={
top = false;
height = 400;
scroll_speed = 1.0;
blur = false;
};
};
easymotion = {
textsize = 15;
textcolor = "rgba(ffffffff)";
bgcolor = "rgba(000000ff)";
blur = 0;
blurA = 1.0;
xray = 0;
textfont = "Sans";
textpadding = 0;
bordersize = 0;
bordercolor = "rgba(ffffffff)";
rounding = 0;
fullscreen_action = "none";
motionkeys = "abcdefghijklmnopqrstuvwxyz1234567890";
motionlabels = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
only_special = "true";
};
}; };
}; };

2
home-modules/pkgs-list/programs.nix
View File

@@ -15,10 +15,8 @@
element-desktop element-desktop
obsidian obsidian
fontforge-gtk fontforge-gtk
zoom-us
inkscape inkscape
audacity audacity
unstable.gemini-cli
libreoffice libreoffice
]) else []); ]) else []);
} }

7
home-modules/pkgs-list/shell.nix
View File

@@ -19,10 +19,12 @@
htop htop
imagemagick imagemagick
jq jq
libxml2
lolcat lolcat
lynx lynx
mediainfo mediainfo
neofetch neofetch
nmap
pastel pastel
pdfgrep pdfgrep
pdftk pdftk
@@ -35,8 +37,11 @@
sssnake sssnake
systemctl-tui systemctl-tui
tldr tldr
unstable.gemini-cli
unstable.gemini-cli
unstable.yt-dlp
unstable.yt-dlp
w3m w3m
which which
unstable.yt-dlp
]; ];
} }

3
home-modules/spotify.nix
View File

@@ -2,6 +2,7 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.spotify unstable.spotify
unstable.spicetify-cli
]; ];
services.librespot = { services.librespot = {
enable = true; enable = true;
@@ -46,7 +47,7 @@
playback_progress_bar = { fg = accent.brighter; bg = accent.dark; modifiers = ["Bold"]; }; playback_progress_bar = { fg = accent.brighter; bg = accent.dark; modifiers = ["Bold"]; };
playback_status = { fg = accent.bright; }; playback_status = { fg = accent.bright; };
playback_track = { fg = accent.bright; modifiers = ["Bold"]; }; playback_track = { fg = accent.bright; modifiers = ["Bold"]; };
secondary_row = { fg = secondary.base; }; secondary_row = { fg = accent.brighter; };
selection = { bg = accent.dark; }; selection = { bg = accent.dark; };
table_header = { fg = tertiary.bright; }; table_header = { fg = tertiary.bright; };
# playback_progress_bar_unfilled (Specific to progress_bar_type as Line) = ""; # playback_progress_bar_unfilled (Specific to progress_bar_type as Line) = "";

6
home-modules/ssh.nix
View File

@@ -36,6 +36,12 @@
"nxace" = (nxace "nxace" ); "nxace" = (nxace "nxace" );
"nxacel" = (nxace "nxacel") // { hostname = "10.0.1.1"; }; "nxacel" = (nxace "nxacel") // { hostname = "10.0.1.1"; };
"nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; }; "nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
"nx2s-email-relay" = default // {
identityFile = "${hyper.home}/vault/ssh/nx2s-email-relay";
hostname = "35.243.218.208";
port = 22;
user = secrets.ssh.nx2s-email-relay-user;
};
}; };
}; };
services.ssh-agent = { services.ssh-agent = {

84
home-modules/thunderbird.nix Normal file
View File

@@ -0,0 +1,84 @@
{ pkgs, ... }@all: with all; lib.mkIf (hyper.isPersonal) {
programs.thunderbird = let
inherit (lib.generators) toJSON;
extensions = toJSON {} {
"addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d";
};
in {
enable = true;
profiles = {
"${hyper.user}" = {
isDefault = true;
settings = with rice.color; {
"calendar.alarms.showmissed" = false;
"calendar.alarms.playsound" = false;
"calendar.alarms.show" = false;
"extensions.webextensions.uuids" = extensions;
"mail.startup.enabledMailCheckOnce" = true;
"mailnews.mark_message_read.delay" = true;
"mailnews.mark_message_read.delay.interval" = 3;
"mailnews.tags.$label1.color" = red.base;
"mailnews.tags.$label1.tag" = "Important";
"mailnews.tags.$label2.color" = yellow.base;
"mailnews.tags.$label2.tag" = "Work";
"mailnews.tags.$label3.color" = green.base;
"mailnews.tags.$label3.tag" = "Personal";
"mailnews.tags.$label4.color" = cyan.base;
"mailnews.tags.$label4.tag" = "To Do";
"mailnews.tags.$label5.color" = blue.base;
"mailnews.tags.$label5.tag" = "Later";
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showSender" = true;
"mailnews.headers.showUserAgent" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
userChrome = with rice.color; /* css */ ''
body,
#navigation-toolbox,
#calendarContent,
#calSidebar,
#tabpanelcontainer,
#spacesToolbar,
#tabs-toolbar,
#calMinimonth,
#primaryButtonSidePanel *,
.minimonth-week,
.multiday-header-corner, .day-column-heading, calendar-header-container, calendar-event-column, .multiday-hour-box,
#view-box,
#tabs-toolbar,
#status-bar,
.calview-toggle,
#calview-toggle-item,
#folderPaneHeaderBar,
#folderPane,
#threadPaneHeaderBar,
#threadTree,
#tabs-toolbar {
color: ${foreground} !important;
font-family: ${rice.font.base.name} !important;
background-color: transparent !important;
background-image: none !important;
border: none !important;
-moz-appearance: none !important;
}
.minimonth-nav-section {
background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
border: ${builtins.toString rice.border-width}px solid ${border};
}
.button,
.button-primary,
.tab-content[selected] {
background-color: ${accent.base};
color: ${background};
background-image: none;
}
html {
background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
}
'';
};
};
};
}

8
home-modules/yazi.nix
View File

@@ -88,8 +88,8 @@ in {
{ on = ";"; run = "shell --interactive"; desc = "Run a shell command"; } { on = ";"; run = "shell --interactive"; desc = "Run a shell command"; }
{ on = ":"; run = "shell --block --interactive"; desc = "Run a shell command (block until finishes)"; } { on = ":"; run = "shell --block --interactive"; desc = "Run a shell command (block until finishes)"; }
{ on = "."; run = "hidden toggle"; desc = "Toggle the visibility of hidden files"; } { on = "."; run = "hidden toggle"; desc = "Toggle the visibility of hidden files"; }
{ on = "s"; run = "search fd"; desc = "Search files by name using fd"; } { on = "s"; run = "search --via=fd"; desc = "Search files by name using fd"; }
{ on = "S"; run = "search rg"; desc = "Search files by content using ripgrep"; } { on = "S"; run = "search --via=rg"; desc = "Search files by content using ripgrep"; }
{ on = "<C-s>"; run = "escape --search"; desc = "Cancel the ongoing search"; } { on = "<C-s>"; run = "escape --search"; desc = "Cancel the ongoing search"; }
{ on = "z"; run = "plugin zoxide"; desc = "Jump to a directory using zoxide"; } { on = "z"; run = "plugin zoxide"; desc = "Jump to a directory using zoxide"; }
{ on = "Z"; run = "plugin fzf"; desc = "Jump to a directory or reveal a file using fzf"; } { on = "Z"; run = "plugin fzf"; desc = "Jump to a directory or reveal a file using fzf"; }
@@ -277,8 +277,8 @@ in {
{ mime = "text/*"; use = "edit"; } { mime = "text/*"; use = "edit"; }
{ mime = "text"; use = "edit"; } { mime = "text"; use = "edit"; }
{ mine = "inode/x-empty"; use = "directory"; } { mime = "inode/x-empty"; use = "directory"; }
{ mine = "inode/directory"; use = "directory"; } { mime = "inode/directory"; use = "directory"; }
{ mime = "image/*"; use = "image"; } { mime = "image/*"; use = "image"; }
{ mime = "image/svg"; use = [ "image" "edit" ]; } { mime = "image/svg"; use = [ "image" "edit" ]; }

4
home.nix
View File

@@ -8,6 +8,7 @@
./home-modules/chatterino.nix ./home-modules/chatterino.nix
./home-modules/clipboard.nix ./home-modules/clipboard.nix
./home-modules/color-pallete.nix ./home-modules/color-pallete.nix
./home-modules/contact.nix
./home-modules/direnv.nix ./home-modules/direnv.nix
./home-modules/discord.nix ./home-modules/discord.nix
./home-modules/email.nix ./home-modules/email.nix
@@ -42,7 +43,7 @@
./home-modules/pkgs-list/desktop.nix ./home-modules/pkgs-list/desktop.nix
./home-modules/pkgs-list/programs.nix ./home-modules/pkgs-list/programs.nix
./home-modules/pkgs-list/shell.nix ./home-modules/pkgs-list/shell.nix
./home-modules/pnx.nix # ./home-modules/pnx.nix
./home-modules/programming.nix ./home-modules/programming.nix
./home-modules/qt.nix ./home-modules/qt.nix
./home-modules/rclone.nix ./home-modules/rclone.nix
@@ -53,6 +54,7 @@
./home-modules/spotify.nix ./home-modules/spotify.nix
./home-modules/ssh.nix ./home-modules/ssh.nix
./home-modules/starship.nix ./home-modules/starship.nix
./home-modules/thunderbird.nix
./home-modules/tts.nix ./home-modules/tts.nix
./home-modules/typst.nix ./home-modules/typst.nix
./home-modules/vale.nix ./home-modules/vale.nix

32
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

6
system-modules/boot.nix
View File

@@ -27,7 +27,11 @@
kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages;
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = [ "v4l2loopback" ]; kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1''; extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1
options snd_hda_intel power_save=0
options snd_ac97_codec power_save=0
'';
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
grub = { grub = {

5
system-modules/calendar/lr.nix
View File

@@ -23,7 +23,8 @@ from ics import Calendar
import requests import requests
def filter_events(events): def filter_events(events):
return [event for event in events if ("LR" in event.name)] return [event for event in events if ("WT" in event.name)]
# return [event for event in events if ("LR" in event.name)]
# return [event for event in events if ("LR" in event.name) or ("TBD" in event.name)] # return [event for event in events if ("LR" in event.name) or ("TBD" in event.name)]
def fetch_and_save_ical_events(ical_urls, save_path): def fetch_and_save_ical_events(ical_urls, save_path):
@@ -62,7 +63,7 @@ def fetch_and_save_ical_events(ical_urls, save_path):
if __name__ == "__main__": if __name__ == "__main__":
# Replace with your iCal URL and target file path # Replace with your iCal URL and target file path
ICAL_URLS = [ ICAL_URLS = [
"https://zlypher.github.io/lol-events/cal/league-of-legends-nlc.ical", # "https://zlypher.github.io/lol-events/cal/league-of-legends-nlc.ical",
"https://zlypher.github.io/lol-events/cal/league-of-legends-emea-masters.ical" "https://zlypher.github.io/lol-events/cal/league-of-legends-emea-masters.ical"
] ]
SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lr.ics" SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lr.ics"

19
system-modules/davfs.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }@all: with all; let
# user = "lennart";
in {
services.davfs2 = {
enable = true;
settings = {
globalSection = {
use_locks = true;
};
sections = {
"${hyper.home}/webdav" = {
gui_optimize = true;
};
};
};
};
users.users."${hyper.user}".extraGroups = [ "davfs2" ];
}

7
system-modules/dm.nix
View File

@@ -11,14 +11,15 @@
# }; # };
# # useTextGreeter = true; # # useTextGreeter = true;
# }; # };
services.displayManager.ly = { services.xserver.displayManager.lightdm.enable = false;
services.displayManager.ly = pkgs.lib.mkIf (!hyper.isServer) {
# info and docs at https://codeberg.org/fairyglade/ly/src/branch/master/res/config.ini # info and docs at https://codeberg.org/fairyglade/ly/src/branch/master/res/config.ini
enable = true; enable = true;
package = pkgs.ly; package = pkgs.ly;
settings = with rice.color; let h = rice.lib.nohash; in { settings = with rice.color; let h = rice.lib.nohash; in {
allow_empty_password = false; allow_empty_password = false;
# animation = "matrix"; animation = "matrix";
animation = "gameoflife"; # animation = "gameoflife";
animation_timeout_sec = 0; # forever animation_timeout_sec = 0; # forever
asterisk = "*"; asterisk = "*";
auth_fails = 10; auth_fails = 10;

16
system-modules/fonts.nix
View File

@@ -1,18 +1,18 @@
{ pkgs, ... }@all: with all; { pkgs, ... }@all: with all;
{ {
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
atkinson-hyperlegible
nerd-fonts._3270
nerd-fonts.heavy-data
nerd-fonts.jetbrains-mono
nerd-fonts.profont
nerd-fonts.proggy-clean-tt
nerd-fonts.zed-mono
newcomputermodern
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-color-emoji noto-fonts-color-emoji
newcomputermodern
atkinson-hyperlegible
nerd-fonts.jetbrains-mono
nerd-fonts.zed-mono
nerd-fonts.profont
nerd-fonts.proggy-clean-tt
nerd-fonts.heavy-data
nerd-fonts._3270
] ++ (with rice.font; [ ] ++ (with rice.font; [
base.package base.package
code.package code.package

10
system-modules/networking.nix
View File

@@ -10,11 +10,15 @@
}; };
enableIPv6 = true; enableIPv6 = true;
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
(pkgs.lib.mkIf config.services.ollama.enable 11434)
80
443
8000 8000
8080 8080
(pkgs.lib.mkIf config.services.nginx.enable 80)
(pkgs.lib.mkIf config.services.nginx.enable 443)
(pkgs.lib.mkIf config.services.ollama.enable 11434)
(pkgs.lib.mkIf config.services.maddy.enable 587)
(pkgs.lib.mkIf config.services.maddy.enable 465)
(pkgs.lib.mkIf config.services.maddy.enable 993)
(pkgs.lib.mkIf config.services.maddy.enable 25025)
]; ];
}; };
} }

24
system-modules/nx2site.nix
View File

@@ -40,13 +40,15 @@ let dns-user = "cloudflare"; in
sub = "fc861353142bc05d5dbad1799178e6a1"; sub = "fc861353142bc05d5dbad1799178e6a1";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
ssh = "c0f14f17f32d6595c202f041dd836eb3"; ssh = "c0f14f17f32d6595c202f041dd836eb3";
ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; ssh6 = "0067f396b3efb21e12f63e0c50643161";
dev = "80e76834acc9243696d9763759b22147"; dev = "80e76834acc9243696d9763759b22147";
mail = "d62a0dc01614b9f8f2b469219788fe0f";
mail6 = "f1ecb2d9d0522d4eec06437688ca76da";
}; };
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
in pkgs.writers.writePython3Bin "dyn_dns" { in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python3Packages; [ requests ]; libraries = with pkgs.python3Packages; [ requests ];
flakeIgnore = [ "E302" "E305" "E226" "E501" "E261" ]; flakeIgnore = [ "E302" "E305" "E226" "E501" "E261" "E241" ];
} /* python */ '' } /* python */ ''
import requests import requests
import subprocess import subprocess
@@ -55,7 +57,7 @@ from time import sleep
def get_public_ip(ipv6: bool = False) -> str: def get_public_ip(ipv6: bool = False) -> str:
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def update_record(record_id: str, record_name: str, ip: str, type: str, proxied: bool, pw: str) -> None: def update_record(record_id: str, record_name: str, ip: str, type: str, proxied: bool, pw: str) -> requests.Response:
sleep(5) sleep(5)
return requests.patch( return requests.patch(
f'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/{record_id}', f'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/{record_id}',
@@ -85,14 +87,16 @@ def main():
# Perform DNS updates # Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
print(f"${hyper.domain}: {update_record(record_id="${record_id.base}", record_name="${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}", end=", ") print(f"${hyper.domain}: {update_record(record_id="${record_id.base}", record_name="${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}", end=", ") print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}", end=", ") print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
print(f"dev.${hyper.domain}: {update_record(record_id="${record_id.dev}", record_name="dev.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}", end=", ") print(f"dev.${hyper.domain}: {update_record(record_id="${record_id.dev}", record_name="dev.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
# print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail}", record_name="mail.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}", end=", ") print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}", end=", ") print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}", end="") print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
# print(f"mail.${hyper.domain}: {update_record(record_id="${record_id.mail6}", record_name="mail.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
if __name__ == "__main__": if __name__ == "__main__":
main() main()

6
system-modules/nx2site/dyn_dns.nix
View File

@@ -1,5 +1,5 @@
{ pkgs, ... }@all: with all; # THIS IS NOT USED
{ { pkgs, ... }@all: with all; {
sops.secrets = { sops.secrets = {
# "nx2site/namecheap.pw" = { }; # "nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { }; # "nx2site/cloudflare/api-token-dns-edit" = { };
@@ -16,6 +16,8 @@
"${hyper.domain}" "${hyper.domain}"
"*.${hyper.domain}" "*.${hyper.domain}"
"ssh.${hyper.domain}" "ssh.${hyper.domain}"
"mail.${hyper.domain}"
"dev.${hyper.domain}"
]; ];
proxied = true; proxied = true;
apiTokenFile = config.sops.secrets."nx2site/cloudflare/global-api-key-env".path; apiTokenFile = config.sops.secrets."nx2site/cloudflare/global-api-key-env".path;

2
system-modules/nx2site/gitea.nix
View File

@@ -65,6 +65,8 @@ let git-user = "git"; in
SSH_PORT = secrets.ssh.port; SSH_PORT = secrets.ssh.port;
DOMAIN = "git.${hyper.domain}"; DOMAIN = "git.${hyper.domain}";
SSH_DOMAIN = "ssh.${hyper.domain}"; SSH_DOMAIN = "ssh.${hyper.domain}";
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
# HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}"; # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}";
# HTTP_PORT = 3000; # default # HTTP_PORT = 3000; # default
# PROTOCOL = "http"; # default # PROTOCOL = "http"; # default

68
system-modules/nx2site/imap.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, pkgs, ... }@all: with all; {
sops.secrets = {
"nx2site/dovecot" = {
owner = "dovecot2";
group = "dovecot2";
mode = "600";
};
};
services.dovecot2 = {
enable = true;
enablePAM = false; # independen from linux users
enableImap = true;
enableLmtp = true;
extraConfig = ''
# force to use full user name plus domain name
# for disambiguation
auth_username_format = %Lu
# Authentication configuration:
auth_mechanisms = plain
passdb {
driver = passwd-file
args = ${config.sops.secrets."nx2site/dovecot".path}
}
# for vitual users:
userdb {
driver = static
# the full e-mail address inside passwd-file is the username (%u)
# user@example.com
# %d for domain_name %n for user_name
args = uid=vmail gid=vmail username_format=%u home=/var/spool/mail/vmail/%d/%n
}
# for connecting with postfix
service lmtp {
unix_listener /var/spool/postfix/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/auth {
mode = 0600
user = postfix
group = postfix
}
}
'';
createMailUser = true;
mailUser = "vmail";
mailGroup = "vmail";
mailLocation = "maildir:~/Maildir";
mailboxes = { # RFC standart
All = { auto = "create"; autoexpunge = null; specialUse = "All"; };
Archive = { auto = "create"; autoexpunge = null; specialUse = "Archive"; };
Drafts = { auto = "create"; autoexpunge = null; specialUse = "Drafts"; };
Flagged = { auto = "create"; autoexpunge = null; specialUse = "Flagged"; };
Junk = { auto = "create"; autoexpunge = "60d"; specialUse = "Junk"; };
Sent = { auto = "create"; autoexpunge = null; specialUse = "Sent"; };
Trash = { auto = "create"; autoexpunge = "60d"; specialUse = "Trash"; };
};
sslServerCert = "/var/lib/acme/${hyper.domain}/fullchain.pem";
sslServerKey = "/var/lib/acme/${hyper.domain}/key.pem";
sslCACert = "/var/lib/acme/${hyper.domain}/chain.pem";
};
}

234
system-modules/nx2site/maddy.nix Normal file
View File

@@ -0,0 +1,234 @@
{ config, pkgs, ... }@all: with all; let
users = [ "nxcaldav" "nextcloud" "lennart" "daniel" "diane" "georg" "tessa" ];
in {
sops.secrets = {
"nx2site/maddy/nxcaldav_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/nextcloud_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/lennart_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/daniel_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/diane_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/georg_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
"nx2site/maddy/tessa_password" = { owner = "maddy"; group = "maddy"; mode = "600"; };
};
users.users."maddy" = {
extraGroups = [ "acme" "nginx" ];
};
services.maddy = {
enable = true;
primaryDomain = hyper.domain;
user = "maddy";
group = "maddy";
hostname = "ssh.${hyper.domain}";
ensureAccounts = [
"nxcaldav@${hyper.domain}"
"nextcloud@${hyper.domain}"
"lennart@${hyper.domain}"
"daniel@${hyper.domain}"
"diane@${hyper.domain}"
"georg@${hyper.domain}"
"tessa@${hyper.domain}"
];
ensureCredentials = {
"nxcaldav@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/nxcaldav_password".path;
"nextcloud@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
"lennart@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/lennart_password".path;
"daniel@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/daniel_password".path;
"diane@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/diane_password".path;
"georg@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/georg_password".path;
"tessa@${hyper.domain}".passwordFile = config.sops.secrets."nx2site/maddy/tessa_password".path;
};
openFirewall = true;
tls = {
loader = "file";
certificates = [{
keyPath = "/var/lib/acme/nx2.site/key.pem";
certPath = "/var/lib/acme/nx2.site/cert.pem";
}];
};
# Enable TLS listeners. Configuring this via the module is not yet
# implemented, see https://github.com/NixOS/nixpkgs/pull/153372
config = let
admin = "lennart@${hyper.domain}";
domains = hyper.domain; # could be more
inherit (hyper) domain;
# nix adds 3 variables, hostname, and tls info before the file (see /etc/maddy/maddy.conf)
in /* ini */''
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
table.chain local_rewrites {
# tagging with - or +
# alice-something@${domain} or alice+something@${domain} lands in inbox alice@${domain}
optional_step regexp "(.+)[\+-](.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster ${admin}
entry admin ${admin}
}
}
msgpipeline local_routing {
destination ${domains} {
modify {
replace_rcpt &local_rewrites
}
reroute {
destination_in &local_mailboxes {
deliver_to &local_mailboxes
}
default_destination {
modify {
replace_rcpt regexp ".*" "${admin}"
}
deliver_to &local_mailboxes
}
}
}
# should never happen
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source ${domains} {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster ${domains} {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits {
all rate 50 1s
}
auth &local_authdb
source ${domains} {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}
destination postmaster ${domains} {
deliver_to &local_routing
}
default_destination {
modify {
dkim ${domain} ${domains} default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain ${domain}
bounce {
destination postmaster ${domains} {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
auth &local_authdb
storage &local_mailboxes
}
# localhost only - test purposes only (->spam!)
smtp tcp://127.0.0.1:2525 {
tls off
destination postmaster ${domains} {
deliver_to &local_routing
}
default_destination {
modify {
dkim ${domain} ${domains} default
}
deliver_to &remote_queue
}
}
# nx2s-email-relay backdor
smtp tcp://0.0.0.0:25025 {
# 1. Allow incoming mail from the VM for your domains
destination postmaster ${domains} {
deliver_to &local_routing
}
# 2. Prevent the world from using you as an open relay
default_destination {
reject 521 5.0.0 "User not local"
}
}
'';
};
}
# --- Receive
# 1. mx to mail.nx2.site
# 2. mail.nx2.site to nx2s-email-relay (google e2-micro)
# 3. nx2s-email-relay uses emaul-relay.service to socat 25 to 25025 home
# 4. home gets 25025 and handles it
# -- Send
# 1. Via Smtp2go (mail-eu.smtp2go.com)
# SPF is coverd by CNAME (return) (somehow)

115
system-modules/nx2site/nextcloud.nix
View File

@@ -1,27 +1,108 @@
{ pkgs, ...}@all: with all; { config, pkgs, ... }@all: with all; let
{ user = "nextcloud";
sops.secrets = { in {
"nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; }; sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in {
"nx2site/nextcloud/db-pass" = { owner = "nextcloud"; }; "nx2site/nextcloud/admin_pass" = ss;
# "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; }; "nx2site/nextcloud/db_pass" = ss;
"nx2site/nextcloud/lennart_pass" = ss;
"nx2site/nextcloud/daniel_pass" = ss;
"nx2site/nextcloud/diane_pass" = ss;
"nx2site/nextcloud/georg_pass" = ss;
"nx2site/nextcloud/tessa_pass" = ss;
"nx2site/smtp2go/nextcloud_api_key" = ss;
}; };
users.users."${user}" = {
services = { isSystemUser = true;
nextcloud = { isNormalUser = false;
group = user;
};
# users.groups."${user}" = {};
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud; hostName = "n.${hyper.domain}";
hostName = "nc.${hyper.domain}"; # Need to manually increment with every major upgrade.
https = true; package = pkgs.nextcloud33;
# Let NixOS install and configure the database automatically.
# database.createLocally = false;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true; configureRedis = true;
config = { # Increase the maximum file upload size.
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path; maxUploadSize = "16G";
adminuser = "nx2"; https = true;
# autoUpdateApps.enable = true;
appstoreEnable = false;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts mail notes tasks;
};
settings = {
overwriteProtocol = "https";
default_phone_region = "DE";
# # local
# "mail_smtpmode" = "smtp";
# "mail_smtphost" = "127.0.0.1";
# "mail_smtpport" = 2525;
# "mail_from_address" = "nextcloud";
# "mail_domain" = hyper.domain;
# "mail_smtpsecure" = ""; # = STARTTLS
"mail_smtpmode" = "smtp";
"mail_smtphost" = "mail-eu.smtp2go.com";
"mail_smtpport" = 2525;
"mail_from_address" = "nextcloud";
"mail_domain" = hyper.domain;
"mail_smtpsecure" = ""; # = STARTTLS
"mail_smtpauth" = true;
"mail_smtpauthtype" = "LOGIN";
"mail_smtpname" = "nextcloud@${hyper.domain}";
"simpleSignUpLink.shown" = false;
};
secrets."mail_smtppassword" = config.sops.secrets."nx2site/smtp2go/nextcloud_api_key".path;
# secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
config = {
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path;
dbtype = "pgsql"; dbtype = "pgsql";
# dbhost = config.services.postgresql.settings.port; # using usix socket adminuser = "nextcloud";
# dbhost = "localhost:5432";
dbhost = "/run/postgresql";
dbname = "nextcloud"; dbname = "nextcloud";
dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path; dbuser = "nextcloud";
dbpassFile = config.sops.secrets."nx2site/nextcloud/db_pass".path;
};
phpOptions = {
"memory_limit" = pkgs.lib.mkForce "2G";
"opcache.interned_strings_buffer" = "16";
}; };
}; };
systemd.services.nextcloud-ensure-users = let
users = pkgs.lib.mergeAttrsList (pkgs.lib.map (name: {
"${name}" = {
email = "${name}@nx2.site";
passwordFile = config.sops.secrets."nx2site/nextcloud/${name}_pass".path;
};
}) [ "lennart" "daniel" "diane" "georg" "tessa" ]);
in {
enable = true;
script = let occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; in /* bash */ ''
${pkgs.lib.optionalString (users != {}) ''
${pkgs.lib.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (name: cfg: ''
if ${occ} user:info "${name}" | grep "user not found"; then
export OC_PASS="$(cat ${pkgs.lib.escapeShellArg cfg.passwordFile})"
${occ} user:add --password-from-env "${name}"
fi
${pkgs.lib.optionalString (cfg.email != null) ''
${occ} user:setting "${name}" settings email "${cfg.email}"
''}
'') users)}
''}
'';
wantedBy = [ "multi-user.target" ];
after = [ "nextcloud-setup.service" ];
};
services.phpfpm.pools.nextcloud.settings = pkgs.lib.mkIf config.services.nextcloud.enable {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
}; };
} }

121
system-modules/nx2site/nxcaldav.nix Normal file
View File

@@ -0,0 +1,121 @@
{ pkgs, ... }@all: with all; let
x = rec { version = "0.0.11";
user = "nxcaldav";
nxcsrc = pkgs.fetchFromGitea {
domain = "git.${hyper.domain}";
owner = "nx2";
repo = "NxCalDav";
rev = version;
hash = "sha256-Hk27BQCBtdRQ1aSHVEQ1EVjPrsC2jOUPDT4yuU9OCXQ=";
};
nxc = pkgs.buildGoModule {
pname = "NxCalDav";
inherit version;
src = nxcsrc;
vendorHash = "sha256-prstYDJuwS5E5uRwUkX0M+QdnIaQ0QewKe8HaoZ0Db4=";
};
nxc_helpers = pkgs.python3Packages.buildPythonApplication {
inherit version;
format = "other";
pname = "nxc_helpers";
src = nxcsrc;
propagatedBuildInputs = with pkgs.python313Packages; [ pyyaml psycopg2 ];
installPhase = ''
sed -i "15s|.*| parser.add_argument('--config', default='${cfg}', help='Path to config.yaml')|" ./export_events.py
sed -i "17s|.*| parser.add_argument('--config', default='${cfg}', help='Path to config.yaml')|" ./import_events.py
install -Dm755 "./export_events.py" "$out/bin/nxc_export"
install -Dm755 "./import_events.py" "$out/bin/nxc_import"
'';
};
cfg = (pkgs.formats.yaml { }).generate "nxcaldav-config.yaml" {
server = {
bind_address = "0.0.0.0:14243";
public_url = "http://nxc.${hyper.domain}/";
redaction_text = "[-]";
default_class = "CONFIDENTIAL";
};
database.url = "postgres://nxcaldav@localhost:5432/nxcaldav?sslmode=disable";
users = let dfu = name: {
name = name;
password_cmd = ''cat ${config.sops.secrets."nx2site/nxcaldav/${name}_password".path}'';
groups = [ "family" ];
}; in [
(dfu "lennart")
(dfu "daniel")
(dfu "diane")
(dfu "georg")
(dfu "tessa")
(dfu "shared")
];
calendars = [
{ owner = "lennart"; color = "#dddddd"; id = "preservation"; }
{ owner = "lennart"; color = "#dd2222"; id = "effort"; }
{ owner = "lennart"; color = "#2222dd"; id = "experience"; }
{ owner = "lennart"; color = "#22aa22"; id = "leisure"; }
{ id = "family";
owner = "shared";
color = "#dddd22";
access = [
{ group = "family"; mode = "read-write"; }
];
}
];
address_books = [
{ owner = "lennart"; id = "Others"; }
{ owner = "lennart"; id = "TUDa"; }
{ owner = "lennart"; id = "HSMW"; }
{ owner = "lennart"; id = "CWG"; }
{ owner = "lennart"; id = "Handball"; }
{ id = "Family & Freinds";
owner = "shared";
access = [
{ group = "family"; mode = "read-write"; }
];
}
];
aggregates = [
{ id = "lennart-aggregate";
owner = "shared";
sources = [ "preservation" "effort" "experience" "leisure" ];
access = [
{ group = "family" ; mode = "read-only"; }
{ ics = "future-only"; }
];
}
];
};
}; in with x; {
sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in {
"nx2site/nxcaldav/lennart_password" = ss;
"nx2site/nxcaldav/daniel_password" = ss;
"nx2site/nxcaldav/diane_password" = ss;
"nx2site/nxcaldav/georg_password" = ss;
"nx2site/nxcaldav/tessa_password" = ss;
"nx2site/nxcaldav/shared_password" = ss;
};
users = {
groups."${user}" = {};
users = {
"${hyper.user}".extraGroups = [ user ];
"${user}" = {
isSystemUser = true;
isNormalUser = false;
group = user;
};
};
};
environment.systemPackages = [ nxc_helpers ];
systemd.services."nxcaldav" = {
enable = true;
path = [ pkgs.bash pkgs.coreutils ];
serviceConfig = {
User = user;
Group = user;
ExecStart = ''${nxc}/bin/nxcaldav -c ${cfg}'';
Restart = "on-failure";
RestartSec = 5;
StartLimitBurst = 5;
StartLimitIntervalSec = 60;
};
};
}

6
system-modules/nx2site/open-web-calendar.nix
View File

@@ -1,9 +1,8 @@
{ pkgs, ... }@all: with all; { pkgs, ... }@all: with all; {
{
services = { services = {
open-web-calendar = { open-web-calendar = {
enable = true; enable = true;
domain = "cal.${hyper.domain}"; domain = "owc.${hyper.domain}";
package = pkgs.open-web-calendar; package = pkgs.open-web-calendar;
settings = { settings = {
# PORT = 21342; # PORT = 21342;
@@ -11,4 +10,5 @@
calendarSettings = { }; calendarSettings = { };
}; };
}; };
# proxy endpoint is done is done automatically
} }

53
system-modules/nx2site/proxy.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ...}@all: with all; { pkgs, ...}@all: with all; {
{
sops.secrets = { sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; }; "nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
"nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; }; "nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; };
@@ -14,11 +13,16 @@
}; };
certs = { certs = {
"${hyper.domain}" = { "${hyper.domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" ]; extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [
"sync"
"ssh"
# "mail"
];
}; };
}; };
}; };
users.users."nginx" = { users.users = {
"nginx" = {
extraGroups = [ "nginx" "acme" "copyparty" ]; extraGroups = [ "nginx" "acme" "copyparty" ];
useDefaultShell = false; useDefaultShell = false;
linger = true; linger = true;
@@ -28,6 +32,8 @@
isSystemUser = true; isSystemUser = true;
isNormalUser = false; isNormalUser = false;
}; };
"acme".extraGroups = [ "nginx" "acme" "hugo" ];
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx = let services.nginx = let
dl = [ dl = [
@@ -101,8 +107,23 @@
"~ ^(/gpg)$".return = "301 /cards/gpg"; "~ ^(/gpg)$".return = "301 /cards/gpg";
"~ ^(/contact)$".return = "301 /cards/contact"; "~ ^(/contact)$".return = "301 /cards/contact";
"~ ^(/ba)$".return = "301 /BA.pdf"; "~ ^(/ba)$".return = "301 /BA.pdf";
"~ ^(/schedule)$".return = "301 https://owc.${hyper.domain}/calendar.html?specification_url=https://${hyper.domain}/owc-schedule.json?";
}; };
}; };
"mail.${hyper.domain}" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::0]"; port = 80; }
];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
};
"ssh.${hyper.domain}" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::0]"; port = 80; }
];
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
};
"matrix.${hyper.domain}" = { "matrix.${hyper.domain}" = {
listen = dl; listen = dl;
locations."~.*".return = "502"; locations."~.*".return = "502";
@@ -156,6 +177,18 @@
listen = dl; listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
}); });
"nxc.${hyper.domain}" = (vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:14243"; }; };
});
"n.${hyper.domain}" = {
listen = dl;
forceSSL = true;
enableACME = true;
# rest is done by the nextcloud module
};
# "nc.${hyper.domain}" = vh // { # "nc.${hyper.domain}" = vh // {
# # directly to nc # # directly to nc
# }; # };
@@ -179,23 +212,21 @@
}; };
"dev.${hyper.domain}" = vh // { "dev.${hyper.domain}" = vh // {
listen = dl; listen = dl;
locations."/" = { locations = {
"/" = {
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
};
# is done atomatically # is done atomatically
# "cal.${hyper.domain}" = vh // { # "owc.${hyper.domain}" = vh // {
# listen = dl; # listen = dl;
# locations = { "/" = { # locations = { "/" = {
# proxyPass = "http://unix:///run/open-web-calendar/socket"; # proxyPass = "http://unix:///run/open-web-calendar/socket";
# proxyWebsockets = true; # proxyWebsockets = true;
# }; }; # }; };
# }; # };
# "baikal.${hyper.domain}" = {
# forceSSL = true;
# enableACME = true;
# };
"file.${hyper.domain}" = { # copyparty "file.${hyper.domain}" = { # copyparty
listen = dl; listen = dl;
forceSSL = true; forceSSL = true;
@@ -227,7 +258,7 @@
}; };
}; };
}; };
"~^(.*).${hyper.domain}$" = { "~^(?!n\.)(.*)\.${hyper.domain}$" = {
listen = dl; listen = dl;
root = "/var/nginx/webroot"; root = "/var/nginx/webroot";
locations."~.*".return = "502"; locations."~.*".return = "502";

60
system-modules/nx2site/smtp.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, ... }@all: with all; {
# Postfix: The SMTP server (MTA)
# Handles sending, receiving, and local delivery routing.
services.postfix = {
enable = true;
enableSubmission = true;
enableSubmissions = true;
# main.cf configuration
settings.main = {
hostname = "mail.${hyper.domain}";
domain = hyper.domain;
# Allow local services (like CalDAV) to send mail without authentication
networks = [ "127.0.0.0/8" "[::1]/128" ];
# TLS settings - using ACME certs from proxy.nix
smtpd_tls_security_level = "may";
smtpd_tls_auth_only = "yes";
smtpd_tls_cert_file = "/var/lib/acme/${hyper.domain}/fullchain.pem";
smtpd_tls_key_file = "/var/lib/acme/${hyper.domain}/key.pem";
# Use Dovecot for authentication (SASL)
smtpd_sasl_type = "dovecot";
smtpd_sasl_path = "/var/spool/postfix/auth";
smtpd_sasl_auth_enable = "yes";
smtpd_sasl_security_options = "noanonymous";
# Use Dovecot for delivery (LMTP)
virtual_transport = "lmtp:unix:/var/spool/postfix/dovecot-lmtp";
virtual_mailbox_domains = [ hyper.domain ];
mailbox_transport = "lmtp:unix:/var/spool/postfix/dovecot-lmtp";
# Basic relay restrictions
smtpd_recipient_restrictions = [
"permit_mynetworks"
"permit_sasl_authenticated"
"reject_unauth_destination"
];
# master.cf configuration: Enable submission (port 587) for mail clients
# submission-options = {
# type = "inet";
# private = false;
# command = "smtpd";
# args = [
# "-o smtpd_tls_security_level=encrypt"
# "-o smtpd_sasl_auth_enable=yes"
# "-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
# "-o milter_macro_daemon_name=ORIGINATING"
# ];
# };
};
};
# create socket ala wiki
users.users."postfix" = {
createHome = true;
home = "/var/spool/postfix";
};
}

17
system-modules/nx2site/vmail.nix Normal file
View File

@@ -0,0 +1,17 @@
{ ... }:{
users = {
groups."vmail" = {};
users = {
"vmail" = {
isSystemUser = true;
group = "vmail";
home = "/var/spool/mail/vmail";
createHome = true;
};
# Permissions to allow Postfix and Dovecot to read ACME certificates
"postfix".extraGroups = [ "acme" ];
"dovecot2".extraGroups = [ "acme" ];
};
};
}

9
system-modules/postgres.nix
View File

@@ -27,6 +27,7 @@
"gitea" "gitea"
"vaultwarden" "vaultwarden"
"paperless" "paperless"
"nxcaldav"
"nextcloud" "nextcloud"
]; ];
settings = { settings = {
@@ -47,11 +48,15 @@
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{ {
name = "nextcloud"; name = "paperless";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{ {
name = "paperless"; name = "nxcaldav";
ensureDBOwnership = true;
}
{
name = "nextcloud";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
]; ];

2
system-modules/simple-postgres.nix
View File

@@ -1,5 +1,5 @@
{ pkgs, ... }@all: with all; { { pkgs, ... }@all: with all; {
services.postgresql = { services.postgresql = lib.mkIf (!hyper.isServer) {
enable = false; enable = false;
ensureUsers = [{ ensureUsers = [{
name = "nxcaldav"; name = "nxcaldav";

36
system-modules/stay-up.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, pkgs, ... }@all: with all; let
target = "1.1.1.1";
timeoutMinutes = 5;
logFile = "/var/log/stay-up.log";
in {
systemd.services.wifi-watchdog = {
description = "Wi-Fi Watchdog Service";
after = [ "network.target" "NetworkManager.service" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iputils networkmanager coreutils ];
script = /* bash */ ''
FAIL_COUNT=0
touch "${logFile}"
while true; do
if ping -c 1 -W 5 "${target}" > /dev/null 2>&1; then
FAIL_COUNT=0
else
FAIL_COUNT=$((FAIL_COUNT + 1))
if [ "$FAIL_COUNT" -ge "${toString timeoutMinutes}" ]; then
echo "$(date -Iseconds): Network unreachable for ${toString timeoutMinutes} minutes. Restarting Wi-Fi." >> "${logFile}"
nmcli radio wifi off
sleep 5
nmcli radio wifi on
FAIL_COUNT=0
fi
fi
sleep 60
done
'';
serviceConfig = {
Restart = "always";
RestartSec = "10";
User = "root"; # Root is required to execute nmcli radio commands and write to /var/log/
};
};
}

9
system-modules/tuda.nix
View File

@@ -12,17 +12,16 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
openconnect openconnect
networkmanager-openconnect networkmanager-openconnect
(pkgs.writeShellScriptBin "connect_to_tuda" ''
sudo $(grep ExecStart /etc/systemd/system/openconnect-tuda.service | cut -c 11-)
'')
]; ];
networking.openconnect = { networking.openconnect = {
package = pkgs.openconnect; package = pkgs.openconnect;
interfaces = { interfaces = {
openconnect0 = { tuda = {
autoStart = false; autoStart = false;
certificate = "/home/nx2/tuda-rootcert.crt";
# extraOptions = { compression = "stateless"; no-dtls = true; no-http-keepalive = true; };
gateway = "vpn.hrz.tu-darmstadt.de"; gateway = "vpn.hrz.tu-darmstadt.de";
# passwordFile = "/var/lib/secrets/openconnect-passwd";
# privateKey = "/var/lib/secrets/openconnect_private_key.pem";
protocol = "anyconnect"; protocol = "anyconnect";
user = secrets.email.tuda.tuid; user = secrets.email.tuda.tuid;
}; };