nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:6abff56bbd3b52ec20215172ca2edc31d577a507
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
..
compare: nx2:gitea
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

12 Commits
6abff56bbd ... gitea

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
e26ac7cbe2 Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles into gitea 2024-11-11 14:02:59 +01:00
Lennart J. Kurzweg (Nx2)
66221229ca gitea, crashes 2024-11-11 14:02:21 +01:00
Lennart J. Kurzweg (Nx2)
9b36c29009 i accedentally deleted my tuda eduroam 2024-11-11 10:33:33 +01:00
Lennart J. Kurzweg (Nx2)
55587f35f6 merge fixups 2024-11-09 23:57:48 +01:00
Lennart J. Kurzweg (Nx2)
966f9d67fc Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles 2024-11-09 23:56:05 +01:00
Lennart J. Kurzweg (Nx2)
2e1c0f495b better nxsent 2024-11-09 23:56:00 +01:00
Lennart J. Kurzweg (Nx2)
ab4c26c178 Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles 2024-11-09 20:24:22 +01:00
Lennart J. Kurzweg (Nx2)
91a5a6def8 manual sops merge before merge 2024-11-09 20:06:45 +01:00
Lennart J. Kurzweg (Nx2)
104d1334df huge cleanup 2024-11-09 19:48:52 +01:00
Lennart J. Kurzweg (Nx2)
c19c270775 newer curl 2024-11-08 13:48:37 +01:00
Lennart J. Kurzweg (Nx2)
c5c41087b5 dm new style 2024-11-08 13:48:27 +01:00
Lennart J. Kurzweg (Nx2)
924f48b15a nx2site001 2024-11-08 13:48:02 +01:00
41 changed files with 1604 additions and 2386 deletions
Expand all files Collapse all files

13
configuration.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, inputs, ... }:
{ pkgs, inputs, lib, host, ... }:
{
imports = [
imports = ([
inputs.sops-nix.nixosModules.sops
./system-modules/adb.nix
./system-modules/auto-mount.nix
@@ -28,7 +28,6 @@
./system-modules/networking.nix
./system-modules/nixd.nix
./system-modules/nvidia.nix
./system-modules/nx2site.nix
./system-modules/ollama.nix
./system-modules/qmk.nix
./system-modules/sops.nix
@@ -38,7 +37,13 @@
./system-modules/users.nix
./system-modules/virtualisation.nix
./system-modules/ydotool.nix
];
]) ++ (if (host == "NxACE") then [
./system-modules/nx2site.nix
./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix
# ./system-modules/nx2site/gitea.nix
# ./system-modules/nx2site/vaultwarden.nix
] else []);
# Set your time zone.
time.timeZone = "Europe/Berlin";

6
flake.nix
View File

@@ -22,6 +22,7 @@
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-latest, home-manager, ... }@inputs: let
system = "x86_64-linux";
user = "nx2";
domain = "nx2.site";
config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
@@ -42,7 +43,7 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs user host pkgs-unstable pkgs-latest secrets rice nvidia; };
in { inherit inputs user host domain pkgs-unstable pkgs-latest secrets rice nvidia; };
};
in {
NxXPS = make-nixos-system "NxXPS";
@@ -59,13 +60,12 @@
enable = if (host == "NxXPS" || host == "NxNORTH") then true else false;
prime = if (host == "NxXPS") then true else false;
};
in { inherit inputs system user host pkgs-unstable pkgs-latest rice secrets nvidia; };
in { inherit inputs system user host domain pkgs-unstable pkgs-latest rice secrets nvidia; };
};
in {
"${user}@NxXPS" = make-home-configuration "NxXPS" user;
"${user}@NxNORTH" = make-home-configuration "NxNORTH" user;
"${user}@NxACE" = make-home-configuration "NxACE" user;
"tv@NxACE" = make-home-configuration "NxACE" "tv";
};
};
}

12
home-modules/bash.nix
View File

@@ -1,9 +1,5 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ ... }:
{
home.packages = with pkgs; [
bash
];
programs.bash = {
enable = true;
shellAliases = {
@@ -19,11 +15,5 @@ lib.mkIf (user != "tv")
"checkjobs"
];
enableCompletion = false;
# initExtra = ''
# if [[ $- == *i* ]] # if interactive
# then
# eval "$(${pkgs.starship}/bin/starship init bash)"
# fi
# '';
};
}

2055
home-modules/chatterino.nix
View File

File diff suppressed because it is too large Load Diff

1
home-modules/direnv.nix
View File

@@ -1,5 +1,4 @@
{ lib, user, ... }:
lib.mkIf (user != "tv")
{
programs = {
direnv = {

3
home-modules/fish.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, rice, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
fish
@@ -81,7 +80,7 @@ lib.mkIf (user != "tv")
lzd = "lazydocker";
d = "docker";
dcmp = "docker compose";
nxsent = ''sent -c \${rice.color.foreground} -b \${rice.color.background}'';
# nxsent = ''sent -c \${rice.color.foreground} -b \${rice.color.background}'';
# ya = "yazi"; # function
# nxfiglet = "figlet";

270
home-modules/foot.nix
View File

@@ -1,270 +0,0 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
foot
];
programs.foot = {
enable = true;
# background = rice.color.background;
# foreground = rice.color.foreground;
# cursor = rice.color.foreground;
# color0 = rice.color.black.base;
# color8 = rice.color.black.bright;
# color1 = rice.color.red.base;
# color9 = rice.color.red.bright;
# color2 = rice.color.green.base;
# color10 = rice.color.green.bright;
# color3 = rice.color.yellow.base;
# color11 = rice.color.yellow.bright;
# color4 = rice.color.blue.base;
# color12 = rice.color.blue.bright;
# color5 = rice.color.magenta.base;
# color13 = rice.color.magenta.bright;
# color6 = rice.color.cyan.base;
# color14 = rice.color.cyan.bright;
# color7 = rice.color.white.base;
# color15 = rice.color.white.bright;
# background_opacity = builtins.toString rice.transparency;
# window_padding_width = 5;
# remember_window_size = false;
# settings = {
# main = {
# shell = ''$SHELL (if set, otherwise user's default shell from /etc/passwd)'';
# term = ''foot (or xterm-256color if built with -Dterminfo=disabled)'';
# login-shell = ''no'';
# # app-id = ''foot'';
# title = ''foot'';
# locked-title = ''no'';
# font = ''${rice.font.code.name}:size=8'';
# font-size-adjustment = ''0.5'';
# line-height = "<font metrics>";
# letter-spacing = ''0'';
# horizontal-letter-offset = ''0'';
# vertical-letter-offset = ''0'';
# underline-offset = "<font metrics>";
# underline-thickness = "<font underline thickness>";
# # box-drawings-uses-font-glyphs = "no";
# # dpi-aware = ''no'';
# # initial-window-size-pixels = ''700x500'';
# # initial-window-size-chars = "<COLSxROWS>";
# # initial-window-mode = ''windowed'';
# pad = ''5x5'';
# resize-by-cells = ''yes'';
# resize-keep-grid = ''yes'';
# resize-delay-ms = ''100'';
# # bold-text-in-bright = false;
# word-delimiters = '',│`|:"'()[]{}<>'';
# selection-target = ''primary'';
# workers = "<number of logical CPUs>";
# utmp-helper = ''/usr/lib/utempter/utempter'';
# # environment = {
# # name = ''value'';
# # };
# };
# bell = {
# urgent = ''no'';
# notify = ''no'';
# visual = ''no'';
# command = '''';
# command-focused = ''no'';
# };
# desktop-notifications = {
# command = ''notify-send --wait --app-name ''${app-id} --icon ''${app-id} --category ''${category} --urgency ''${urgency} --expire-time ''${expire-time} --hint STRING:image-path:''${icon} --hint BOOLEAN:suppress-sound:''${muted} --hint STRING:sound-name:''${sound-name} --replace-id ''${replace-id} ''${action-argument} --print-id -- ''${title} ''${body}'';
# command-action-argument = ''--action ''${action-name}=''${action-label}'';
# close = ''""'';
# inhibit-when-focused = ''yes'';
# };
# scrollback = {
# lines = ''1000'';
# multiplier = ''3.0'';
# indicator-position = ''relative'';
# indicator-format = ''""'';
# };
# url = {
# launch = ''xdg-open ''${url}'';
# label-letters = ''sadfjklewcmpgh'';
# osc8-underline = ''url-mode'';
# protocols = ''http, https, ftp, ftps, file, gemini, gopher'';
# uri-characters = ''abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.,~:;/?#@!$&%*+="'()[]'';
# };
# cursor = {
# style = ''block'';
# color = "<inverse foreground/background>";
# blink = ''no'';
# blink-rate = ''500'';
# beam-thickness = ''1.5'';
# underline-thickness = "<font underline thickness>";
# };
# mouse = {
# hide-when-typing = ''no'';
# alternate-scroll-mode = ''yes'';
# };
# touch = {
# long-press-delay = ''400'';
# };
# colors = {
# alpha = ''1.0'';
# background = ''242424'';
# foreground = ''ffffff'';
# flash = ''7f7f00'';
# flash-alpha = ''0.5'';
# # Normal/regular colors (color palette 0-7)
# regular0 = ''242424'';
# regular1 = ''f62b5a'';
# regular2 = ''47b413'';
# regular3 = ''e3c401'';
# regular4 = ''24acd4'';
# regular5 = ''f2affd'';
# regular6 = ''13c299'';
# regular7 = ''e6e6e6'';
# # Bright colors (color palette 8-15)
# bright0 = ''616161'';
# bright1 = ''ff4d51'';
# bright2 = ''35d450'';
# bright3 = ''e9e836'';
# bright4 = ''5dc5f8'';
# bright5 = ''feabf2'';
# bright6 = ''24dfc4'';
# bright7 = ''ffffff'';
# # dimmed colors (see foot.ini(5) man page)
# # dim0 = "<not set>";
# # ...
# # dim7 = "<not-set>";
# # The remaining 256-color palette
# # 16 = <256-color palette #16>
# # ...
# # 255 = <256-color palette #255>
# # Misc colors
# selection-foreground = "<inverse foreground/background>";
# selection-background = "<inverse foreground/background>";
# jump-labels = "<regular0> <regular3>";
# scrollback-indicator = "<regular0> <bright4>";
# search-box-no-match = "<regular0> <regular1>";
# search-box-match = "<regular0> <regular3>";
# urls = "<regular3>";
# };
# csd = {
# preferred = ''server'';
# size = ''26'';
# font = "<primary font>";
# color = "<foreground color>";
# hide-when-maximized = ''no'';
# double-click-to-maximize = ''yes'';
# border-width = ''0'';
# border-color = "<csd.color>";
# button-width = ''26'';
# button-color = "<background color>";
# button-minimize-color = "<regular4>";
# button-maximize-color = "<regular2>";
# button-close-color = "<regular1>";
# };
# key-bindings = {
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# clipboard-copy = ''Control+Shift+c XF86Copy'';
# clipboard-paste = ''Control+Shift+v XF86Paste'';
# primary-paste = ''Shift+Insert'';
# search-start = ''Control+Shift+r'';
# font-increase = ''Control+plus Control+equal Control+KP_Add'';
# font-decrease = ''Control+minus Control+KP_Subtract'';
# font-reset = ''Control+0 Control+KP_0'';
# spawn-terminal = ''Control+Shift+n'';
# minimize = ''none'';
# maximize = ''none'';
# fullscreen = ''none'';
# pipe-visible = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-scrollback = ''[sh -c "xurls | fuzzel | xargs -r firefox"] none'';
# pipe-selected = ''[xargs -r firefox] none'';
# pipe-command-output = ''[wl-copy] none'';
# show-urls-launch = ''Control+Shift+o'';
# show-urls-copy = ''none'';
# show-urls-persistent = ''none'';
# prompt-prev = ''Control+Shift+z'';
# prompt-next = ''Control+Shift+x'';
# unicode-input = ''Control+Shift+u'';
# noop = ''none'';
# };
# search-bindings = {
# cancel = ''Control+g Control+c Escape'';
# commit = ''Return'';
# find-prev = ''Control+r'';
# find-next = ''Control+s'';
# cursor-left = ''Left Control+b'';
# cursor-left-word = ''Control+Left Mod1+b'';
# cursor-right = ''Right Control+f'';
# cursor-right-word = ''Control+Right Mod1+f'';
# cursor-home = ''Home Control+a'';
# cursor-end = ''End Control+e'';
# delete-prev = ''BackSpace'';
# delete-prev-word = ''Mod1+BackSpace Control+BackSpace'';
# delete-next = ''Delete'';
# delete-next-word = ''Mod1+d Control+Delete'';
# extend-char = ''Shift+Right'';
# extend-to-word-boundary = ''Control+w Control+Shift+Right'';
# extend-to-next-whitespace = ''Control+Shift+w'';
# extend-line-down = ''Shift+Down'';
# extend-backward-char = ''Shift+Left'';
# extend-backward-to-word-boundary = ''Control+Shift+Left'';
# extend-backward-to-next-whitespace = ''none'';
# extend-line-up = ''Shift+Up'';
# clipboard-paste = ''Control+v Control+Shift+v Control+y XF86Paste'';
# primary-paste = ''Shift+Insert'';
# unicode-input = ''none'';
# quit = ''none'';
# scrollback-up-page = ''Shift+Page_Up'';
# scrollback-up-half-page = ''none'';
# scrollback-up-line = ''none'';
# scrollback-down-page = ''Shift+Page_Down'';
# scrollback-down-half-page = ''none'';
# scrollback-down-line = ''none'';
# scrollback-home = ''none'';
# scrollback-end = ''none'';
# };
# url-bindings = {
# cancel = ''Control+g Control+c Control+d Escape'';
# toggle-url-visible = ''t'';
# };
# text-bindings = {
# "\x03" = ''Mod4+c'';
# };
# mouse-bindings = {
# scrollback-up-mouse = ''BTN_WHEEL_BACK'';
# scrollback-down-mouse = ''BTN_WHEEL_FORWARD'';
# font-increase = ''Control+BTN_WHEEL_BACK'';
# font-decrease = ''Control+BTN_WHEEL_FORWARD'';
# selection-override-modifiers = ''Shift'';
# primary-paste = ''BTN_MIDDLE'';
# select-begin = ''BTN_LEFT'';
# select-begin-block = ''Control+BTN_LEFT'';
# select-extend = ''BTN_RIGHT'';
# select-extend-character-wise = ''Control+BTN_RIGHT'';
# select-word = ''BTN_LEFT-2'';
# select-word-whitespace = ''Control+BTN_LEFT-2'';
# select-quote = ''BTN_LEFT-3'';
# select-row = ''BTN_LEFT-4'';
# # vim: ft = ''dosini'';
# };
# };
};
}

7
home-modules/git.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = with pkgs; [
git
@@ -11,9 +10,7 @@ lib.mkIf (user != "tv")
# List of directories to check
directories=(
"$HOME/nix-dots"
"$HOME/shared/nx-obsidian-vault"
"$HOME/shared/HSMW/Praxis/BCAM/bolt-llmserver"
"$HOME/shared/HSMW/Praxis/BCAM/bcam-tools"
"$HOME/obsidian-vault"
"$HOME/Pictures/wallpapers"
)
echo ""

2
home-modules/gpg.nix
View File

@@ -21,7 +21,7 @@
enableFishIntegration = true;
defaultCacheTtlSsh = min2sec 60;
defaultCacheTtl = min2sec 30;
# pinentryPackage = pkgs.pinentry-gtk2;
# pinentryPackage = pkgs.pinentry-curses;
};
home.file.".gnupg/gpg.conf".text = ''

7
home-modules/gtk.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, rice, user, ... }:
let
{ config, pkgs, lib, rice, user, ... }: let
# theme-name = "Colloid-Pink-Dark-Compact";
# theme-package = pkgs.colloid-gtk-theme.override {
# themeVariants = [ "pink" ];
@@ -14,9 +13,7 @@ let
tweaks = [ "rimless" "black" ];
variant = "macchiato";
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = with pkgs; [
# gnome.gnome-themes-extra
# gnome.adwaita-icon-theme

180
home-modules/hyprland-autoname-workspaces.nix
View File

@@ -1,109 +1,107 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.hyprland-autoname-workspaces
];
home.file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
home = {
packages = with pkgs; [ hyprland-autoname-workspaces ];
file.".config/hyprland-autoname-workspaces/config.toml".text = ''
version = "1.1.14"
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class]
VirtualBox = ""
steam = "󰓓"
"VirtualBox Manager" = ""
"com.obsproject.Studio" = ""
"[Ff]irefox" = "󰈹"
"[Tt]hunderbird" = ""
pcbnew = ""
".*.exe" = ""
Element = "󰘨"
Signal = "󱅵"
Gimp = ""
VSCodium = "󰨞"
"[sS]potify" = ""
virt-manager = ""
lutris = "󰊗"
DEFAULT = "{class}"
"epicgameslauncher.exe" = "󰯷"
"[Cc]ode" = "󰨞"
"galaxyclient.exe" = "󰮡"
pavucontrol = "󰕾"
"Tor Browser" = "󰾔"
mpv = ""
chatterino = ""
libreoffice-writer = ""
kitty = ""
"cyberpunk2077.exe" = "󰾲"
KiCad = ""
"[tT]hunar" = ""
"riotclientux.exe" = "󰰌"
libreoffice-calc = ""
"org.remmina.Remmina" = "󰢹"
"org.inkscape.Inkscape" = "󰕙"
"VirtualBox Machine" = ""
Bitwarden = ""
"[gG]imp-.*" = ""
Chromium = ""
obsidian = "󰠮"
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"
Alacritty = ""
zoom = "󰬡"
spotify = ""
[class_active]
"(?i)ExampleOneTerm" = "icon"
[class_active]
"(?i)ExampleOneTerm" = "icon"
[initial_class]
[initial_class]
[initial_class_active]
[initial_class_active]
[workspaces_name]
[workspaces_name]
[title_in_class]
[title_in_class]
[title_in_class_active]
[title_in_class_active]
[title_in_initial_class]
[title_in_initial_class]
[title_in_initial_class_active]
[title_in_initial_class_active]
[initial_title_in_class]
[initial_title_in_class]
[initial_title]
"Spotify Premium" = ""
[initial_title]
"Spotify Premium" = ""
[initial_title_in_class_active]
[initial_title_in_class_active]
[initial_title_in_initial_class]
[initial_title_in_initial_class]
[initial_title_in_initial_class_active]
[initial_title_in_initial_class_active]
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[exclude]
aProgram = "^$"
"" = "^$"
"(?i)fcitx" = ".*"
"[Ss]team" = "^(Friends List.*)?$"
"explorer.exe" = ".*"
"(?i)TestApp" = ""
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
[format]
dedup = false
dedup_inactive_fullscreen = false
delim = " "
workspace = "{id}:{clients}"
workspace_empty = "{id}"
client = "{icon}"
client_fullscreen = "{icon}"
client_active = "{icon}"
client_dup = "{icon}{counter_sup}"
client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
'';
};
}

7
home-modules/hyprland.nix
View File

@@ -46,9 +46,7 @@ let
};
};
};
in
lib.mkIf (user != "tv")
{
in {
home.packages = (with pkgs; [
# hyprland itself is a system package
hyprland-protocols
@@ -267,7 +265,7 @@ lib.mkIf (user != "tv")
"opacity ${transparency}, code-oss"
"opacity ${transparency}, VSCodium"
"opacity ${transparency}, Code"
"opacity ${transparency}, sent"
# "opacity ${transparency}, sent"
"opacity ${transparency}, neovide"
"opacity ${transparency}, obsidian"
# "opacity ${transparency}, zathura"
@@ -297,6 +295,7 @@ lib.mkIf (user != "tv")
"float, title:^(Compact folders)$"
"tile, sent"
"fullscreen, wlogout"
"fullscreen, sent"
"workspace 14, lutris"
"workspace 100, title:^(Apex Legends)$"
"workspace 100, ^(cyberpunk2077.exe)$"

49
home-modules/kitty.nix
View File

@@ -1,37 +1,32 @@
{ config, pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ rice, ... }:
{
home.packages = with pkgs; [
kitty
];
programs.kitty = {
enable = true;
font = {
name = rice.font.code.name2;
package = rice.font.code.package;
};
settings = {
background = rice.color.background;
foreground = rice.color.foreground;
cursor = rice.color.foreground;
color0 = rice.color.black.base;
color8 = rice.color.black.bright;
color1 = rice.color.red.base;
color9 = rice.color.red.bright;
color2 = rice.color.green.base;
color10 = rice.color.green.bright;
color3 = rice.color.yellow.base;
color11 = rice.color.yellow.bright;
color4 = rice.color.blue.base;
color12 = rice.color.blue.bright;
color5 = rice.color.magenta.base;
color13 = rice.color.magenta.bright;
color6 = rice.color.cyan.base;
color14 = rice.color.cyan.bright;
color7 = rice.color.white.base;
color15 = rice.color.white.bright;
background_opacity = builtins.toString rice.transparency;
settings = with rice.color; {
background = background;
foreground = foreground;
cursor = foreground;
color0 = black.base;
color8 = black.bright;
color1 = red.base;
color9 = red.bright;
color2 = green.base;
color10 = green.bright;
color3 = yellow.base;
color11 = yellow.bright;
color4 = blue.base;
color12 = blue.bright;
color5 = magenta.base;
color13 = magenta.bright;
color6 = cyan.base;
color14 = cyan.bright;
color7 = white.base;
color15 = white.bright;
background_opacity = builtins.toString rice.transparency;
window_padding_width = 5;
remember_window_size = false;
};

8
home-modules/mako.nix
View File

@@ -1,10 +1,6 @@
{ pkgs, rice, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, rice, ... }:
{
home.packages = [
pkgs.mako
pkgs.libnotify
];
home.packages = with pkgs; [ libnotify ];
services.mako = with rice; {
enable = true;
defaultTimeout = 5000; # in ms

11
home-modules/nx-gcal-event.nix
View File

@@ -1,9 +1,6 @@
{ config, pkgs, secrets, lib, user, ... }:
let
sep = " ";
in
lib.mkIf (user != "tv")
{
{ config, pkgs, secrets, ... }: let
sep = " ";
in {
home = {
file."${config.xdg.dataHome}/nx-gcal-event-credentials.json".text = ''
{
@@ -26,7 +23,7 @@ lib.mkIf (user != "tv")
# (pkgs.python311.withPackages (python-pkgs: [
# python-pkgs.google
# ]))
(writeScriptBin "nx_gcal_event" ''
(writeScriptBin "nx_gcal_event" /* python */ ''
#!${pkgs.python3}/bin/python3
import datetime
import os

99
home-modules/nx2site.nix Normal file
View File

@@ -0,0 +1,99 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellApplication {
name = "nxmd";
text = let
ascii_size = (pkgs.writers.writePython3Bin "ascii_size" {
# libraries = with pkgs.python311Packages; [ ];
flakeIgnore = [];
} /* python */ ''
from sys import argv
with open(argv[1], "r", encoding='utf-8') as f:
raw = f.read()
sraw = raw.split("\n")
linestart = 0
lineend = 0
started = False
for linenum in range(len(sraw)):
if sraw[linenum].strip() == "```ascii":
linestart = linenum
started = True
if started and sraw[linenum].strip() == "```":
lineend = linenum
break
maxwidth = 0
for linenum in range(linestart, lineend):
linewidth = len(sraw[linenum])
if linewidth > maxwidth:
maxwidth = linewidth
print(f"Maximum length of the `ascii` code clock is {maxwidth} characters.")
px = (1 / maxwidth) * 1500
vw = (1 / maxwidth) * 150
snew = sraw
snew[3] = "aaw: " + str(round(vw, 2))
snew[4] = "aawm: " + str(round(px, 2))
new = "\n".join(snew)
with open(argv[1], "w", encoding='utf-8') as f:
f.write(new)
print(f"The resulting font sizes are {px}px (aawm) and {vw}vw (aam).")
print(f"You can now use the push operation on {argv[1]}.")
''
);
in /* bash */ ''
ord=$(date +"%e" | awk '{printf("%d%s\n", $1, ($1==11||$1==12||$1==13)?"th":((($1%10)==1)?"st":((($1%10)==2)?"nd":((($1%10)==3)?"rd":"th"))))}')
nxdate="$(date +'%A the ')"
nxdate="$nxdate""$ord"
nxdate="$nxdate""$(date +' of %B %Y')"
if [[ $# -eq 0 ]]; then
echo "Error: No arguments provided."
echo "Usage: $0 push <markdown-file>"
exit 1
fi
if [[ "$1" == "push" ]]; then
if [[ ! "$2" =~ \.md$ ]]; then
echo "Error: Second argument must be a markdown (.md) file"
echo "Usage: $0 push <markdown-file>"
exit 1
fi
pandoc \
"$2" \
--highlight-style=breezeDark \
--standalone \
--mathjax \
--ascii \
--template /var/nginx/assets/template.html \
--metadata pdate="$nxdate" \
--verbose --from markdown-markdown_in_html_blocks+raw_html \
-o /var/nginx/webroot/"$(basename "$2" .md )".html
echo pushed "$2"
elif [[ "$1" == "ascii-size" ]]; then
if [[ ! "$2" =~ \.md$ ]]; then
echo "Error: Second argument must be a markdown (.md) file"
echo "Usage: $0 ascii-size <markdown-file>"
exit 1
fi
${ascii_size}/bin/ascii_size "$2"
else
echo "Error: First argument must be 'push'"
echo "Usage: $0 push <markdown-file>"
exit 1
fi
'';
})
];
}

1
home-modules/office.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
libreoffice

35
home-modules/programming/python.nix
View File

@@ -1,21 +1,20 @@
{ config, pkgs, lib, user, ... }:
let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
python-with-packages
];
home.sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
home = let
python-with-packages = pkgs.python3.withPackages (pp: with pp; [
ipython
pipdeptree
requests
google google-api-python-client google-auth-httplib2 google-auth-oauthlib
debugpy
black
]);
in {
packages = [
python-with-packages
];
sessionVariables = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
};
};
}

1
home-modules/qt.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
qt = {
platformTheme = "gtk";

201
home-modules/rofi.nix
View File

@@ -1,114 +1,113 @@
{ pkgs, rice, lib, user, ... }:
let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in
lib.mkIf (user != "tv")
{
{ pkgs, rice, ... }: {
home.packages = with pkgs; [
rofi-wayland
];
home.file.".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
home.file = let
trdr = "${rice.lib.float-to-drune rice.transparency}";
in with rice.color; {
".config/rofi/config.rasi".text = ''
configuration {
show-icons: false;
display-drun: "";
disable-history: false;
drun-display-format: "{name} [<span weight='light' size='small'><i>({generic})</i></span>] [<span weight='light' size='small'><i>({exec})</i></span>]";
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${rice.color.foreground};
background-color: ${rice.color.background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
* {
font: "${rice.font.code.name2} 12";
foreground: ${foreground};
background-color: ${background}${trdr};
padding: 0px;
margin: 0px;
spacing: 0px;
border-width: 0px;
}
#window {
background-color: ${rice.color.background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${rice.color.border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${rice.color.foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#window {
background-color: ${background}${trdr};
border: ${builtins.toString rice.border-width}px;
border-radius: ${builtins.toString rice.rounding};
border-color: ${border};
}
#mainbox {
border: 0;
padding: 0;
}
#message {
border: 0px;
}
#textbox {
text-color: ${foreground};
}
#listview {
fixed-height: 0;
border: 0px;
spacing: 0px ;
scrollbar: false;
padding: 0px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element {
border: 0;
padding: 0px;
border-radius: ${if rice.rounding > 0 then "2" else "0"}px;
}
#element.normal.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.accent.base}; }
#element.selected.normal { background-color: ${rice.color.tertiary.base}${trdr}; text-color: ${rice.color.background}; }
#element.alternate.normal { background-color: ${rice.color.background}${trdr}; text-color: ${rice.color.secondary.base}; }
#element.normal.normal { background-color: ${background}${trdr}; text-color: ${accent.base}; }
#element.selected.normal { background-color: ${tertiary.base}${trdr}; text-color: ${background}; }
#element.alternate.normal { background-color: ${background}${trdr}; text-color: ${secondary.base}; }
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${rice.color.foreground};
}
#inputbar {
spacing: 0;
text-color: ${rice.color.background};
background-color: ${rice.color.accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${rice.color.foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${rice.color.background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${rice.color.foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${rice.color.background};
background-color: transparent;
placeholder: "";
}
#scrollbar {
width: ${builtins.toString rice.border-width}px ;
border: 0;
handle-width: 8px ;
padding: 0;
}
#sidebar {
border: ${builtins.toString rice.border-width}px dash;
}
#button.selected {
text-color: ${foreground};
}
#inputbar {
spacing: 0;
text-color: ${background};
background-color: ${accent.base}${trdr};
padding: 0;
margine-bottom: 2px;
children: [ prompt,textbox-prompt-colon,entry,case-indicator ];
}
#prompt {
spacing: 0;
background-color: transparent;
text-color: ${foreground};
}
#textbox-prompt-colon {
expand: false;
str: ">";
margin: 0px 0.3em 0em 0em ;
text-color: ${background};
background-color: transparent;
}
#case-indicator {
spacing: 0;
text-color: ${foreground};
background-color: transparent;
}
#entry {
spacing: 0;
text-color: ${background};
background-color: transparent;
placeholder: "";
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}
'';
};
}

27
home-modules/sent.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, rice, user, ... }:
{ pkgs, rice, ... }:
let
my-sent = pkgs.sent.override {
patches = [
@@ -11,25 +11,14 @@ in
{
home = {
packages = [
# pkgs.sent
my-sent
(pkgs.writeShellApplication {
name = "nxsent";
text = with rice.color; let
in /* bash */ ''
echo "$@" | sent -c "${accent.base}" -b "${background}"
'';
})
];
file.".local/share/sent.patch".text = ''
diff --git a/config.def.h b/config.def.h
index 60eb376..64e7f05 100644
--- a/config.def.h
+++ b/config.def.h
@@ -9,8 +9,8 @@ static char *fontfallbacks[] = {
#define FONTSZ(x) ((int)(10.0 * powf(1.1288, (x)))) /* x in [0, NUMFONTSCALES-1] */
static const char *colors[] = {
- "#000000", /* foreground color */
- "#FFFFFF", /* background color */
+ "${rice.color.foreground}", /* foreground color */
+ "${rice.color.background}", /* background color */
};
static const float linespacing = 1.4;
'';
};
}

50
home-modules/ssh.nix
View File

@@ -1,31 +1,27 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, domain, ... }:
{
home = {
packages = with pkgs; [ sshfs ];
file.".ssh/config".text = ''
HOST nxace
HostName ssh.${domain}
User nx2
Port 50022
home.packages = with pkgs; [
sshfs
];
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
home.file.".ssh/config".text = ''
HOST nxace
HostName ssh.nx2.site
User nx2
Port 50022
HOST nxacel
HostName 192.168.178.32
User nx2
Port 50022
HOST nxrpil
HostName 192.168.178.31
User nx2
Port 22
HOST nxgit
HostName ssh.nx2.site
User git
Port 20022
'';
HOST nxrpil
HostName 192.168.178.31
User nx2
Port 22
HOST nxgit
HostName ssh.${domain}
User git
Port 20022
'';
};
}

7
home-modules/starship.nix
View File

@@ -1,10 +1,5 @@
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{ lib, rice, ... }:
{
home.packages = [
pkgs.starship
];
programs.starship = {
enable = true;
# enableBashIntegration = true;

7
home-modules/vale.nix
View File

@@ -1,9 +1,6 @@
{ pkgs, lib, user, ... }:
let
{ pkgs, ... }: let
vws = pkgs.vale.withStyles (s: [ s.alex s.google ]);
in
lib.mkIf (user != "tv")
{
in {
home = {
packages = [
vws

16
home-modules/waybar.nix
View File

@@ -1,9 +1,6 @@
{ lib, pkgs, user, rice, ... }:
let
{ lib, pkgs, user, rice, ... }: let
sep = " ";
in
lib.mkIf (user != "tv")
{
in {
home.packages =
let
waybar_mode_script = /*bash*/ ''
@@ -100,10 +97,10 @@ lib.mkIf (user != "tv")
exec = "cclock";
restart-interval = 60;
};
"custom/ctimeremaining" = {
exec = "nx_gcal_event lookup";
restart-interval = 60;
};
# "custom/ctimeremaining" = {
# exec = "nx_gcal_event lookup";
# restart-interval = 60;
# };
"custom/mode" = {
exec = "cat /tmp/waybar-mode";
interval = "once";
@@ -184,7 +181,6 @@ lib.mkIf (user != "tv")
#clock,
#custom-cclock,
#custom-ctimeremaining,
#custom-mode,
#battery,
#cpu,

171
home-modules/wlogout.nix
View File

@@ -1,98 +1,85 @@
{ config, pkgs, lib, user, rice,... }:
lib.mkIf (user != "tv")
{ pkgs, rice,... }:
{
home.packages = with pkgs; [
wlogout
];
home = {
packages = with pkgs; [ wlogout ];
file = {
".config/wlogout/style.css".text = /* css */ ''
* { all: unset; }
home.file.".config/wlogout/style.css".text = ''
* { all: unset; }
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
window {
font-family: ${rice.font.code.name}, monospace;
font-size: 12pt;
color: ${rice.color.foreground};
background-color: rgba(0, 0, 0, ${builtins.toString rice.transparency});
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button {
transition: box-shadow 0.2s ease-in-out, background-color 0.2s ease-in-out;
text-shadow: none;
border: none;
color: ${rice.color.foreground};
background-color: ${rice.color.background};
margin: 5px;
}
button:hover {
color: ${rice.color.blue.base};
}
button:hover {
color: ${rice.color.blue.base} ;
}
button:focus {
color: ${rice.color.blue.base} ;
}
'';
home.file.".config/wlogout/layout".text = ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
# lock { background-image: image(url("./lock.png")); }
# lock:focus { background-image: image(url("./lock-hover.png")); }
# logout { background-image: image(url("./logout.png")); }
# logout:focus { background-image: image(url("./logout-hover.png")); }
# suspend { background-image: image(url("./suspend.png")); }
# suspend:focus { background-image: image(url("./suspend-hover.png")); }
# shutdown { background-image: image(url("./power.png")); }
# shutdown:focus { background-image: image(url("./power-hover.png")); }
# reboot { background-image: image(url("./restart.png")); }
# reboot:focus { background-image: image(url("./restart-hover.png")); }
# hibernate { background-image: image(url("./hibernate.png")); }
# hibernate:hover { background-image: image(url("./hibernate-hover.png"));}
button:focus {
color: ${rice.color.blue.base};
}
'';
".config/wlogout/layout".text = /* json */ ''
{
"label": "lock",
"action": "hyprlock",
"text": "[L]ock",
"height": 0,
"width": 0,
"keybind": "l"
}
{
"label": "reboot",
"action": "systemctl reboot",
"text": "[R]eboot",
"height": 0,
"width": 0,
"keybind": "r"
}
{
"label": "shutdown",
"action": "systemctl poweroff",
"text": "[S]hutdown",
"height": 0,
"width": 0,
"keybind": "s"
}
{
"label": "logout",
"action": "hyprctl dispatch exit 0",
"text": "Lo[g]out",
"height": 0,
"width": 0,
"keybind": "g"
}
{
"label": "suspend",
"action": "systemctl suspend",
"text": "S[u]spend",
"height": 0,
"width": 0,
"keybind": "u"
}
{
"label": "hibernate",
"action": "systemctl hibernate",
"text": "[H]ibernate",
"height": 0,
"width": 0,
"keybind": "h"
}
'';
};
};
}

3
home-modules/yazi.nix
View File

@@ -1,6 +1,5 @@
{ pkgs, lib, system, user, rice, inputs, ... }:
lib.mkIf (user != "tv")
{ pkgs, system, rice, inputs, ... }:
{
home.packages = with pkgs; [
# yazi

3
home-modules/zoxide.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{ pkgs, ... }:
{
home.packages = [
pkgs.zoxide

3
home.nix
View File

@@ -28,7 +28,8 @@
./home-modules/nh.nix
./home-modules/nixd.nix
./home-modules/nvidia.nix
./home-modules/nx-gcal-event.nix
./home-modules/nx2site.nix
# ./home-modules/nx-gcal-event.nix
./home-modules/obs.nix
./home-modules/office.nix
./home-modules/ollama.nix

17
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

4
system-modules/boot.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, pkgs-unstable, lib, host, inputs, ... }:
{ config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }:
let
grub-theme-ascii-diana = (pkgs.fetchFromGitea {
domain = "git.nx2.site";
domain = "git.${domain}";
owner = "nx2";
repo = "grub-theme-ascii-diana";
rev = "0.5.0";

30
system-modules/dm.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, user, host, lib, ... }:
if (host != "NxACE") then
{ pkgs, user, ... }:
{
services.greetd = {
enable = true;
@@ -22,31 +21,4 @@ if (host != "NxACE") then
TTYVHangup = true;
TTYVTDisallocate = true;
};
}
else
{
environment.systemPackages = with pkgs; [
sddm
# where-is-my-sddm-theme
];
services.xserver = {
displayManager = {
defaultSession = "hyprland";
sddm = {
enable = true;
# theme = "where_is_my_sddm_theme";
settings = {
theme = {
# background = /home/nx2/Pictures/
passwordFontSize = 12;
passwordInputCursorVisible = true;
};
};
};
autoLogin = lib.mkIf (host == "NxACE") {
enable = true;
user = "tv";
};
};
};
}

5
system-modules/docker.nix
View File

@@ -13,4 +13,9 @@
# };
};
users.users."${user}".extraGroups = [ "docker" ];
networking.firewall.allowedTCPPorts = [
80
443
8384
];
}

50
system-modules/networking.nix
View File

@@ -13,63 +13,15 @@
networkmanager = {
enable = true;
};
enableIPv6 = false;
enableIPv6 = true;
firewall.allowedTCPPorts = [
80
443
];
};
# Eduroam
environment.etc = {
"ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
# this comment blow is just for people reading my config
# I use sops-nix to place the actual file there (read below).
# identity and password have been replaced with "<...>" in the comment
# There the "email" and the password from the IDM portal of the HRZ should go
# Notice the toda-eduroam-root.crt that I am using (specified above)
# The method im using means that the password for the network is accessable locally as root user
# an even more secure way is for example using something like this https://wiki.archlinux.org/title/NetworkManager#Encrypted_Wi-Fi_passwords
# "NetworkManager/system-connections/eduroam.nmconnection" = {
# text = ''
# [connection]
# id=eduroam
# uuid=09ce7f02-0c1d-4e11-9f69-e91031176d9d
# type=wifi
# permissions=user:nx2:;
# [wifi]
# mode=infrastructure
# ssid=eduroam
# [wifi-security]
# key-mgmt=wpa-eap
# [802-1x]
# anonymous-identity=eduroam@tu-darmstadt.de
# ca-cert=/etc/ssl/certs/tuda-eduroam-root.crt
# domain=radius.hrz.tu-darmstadt.de
# eap=peap;
# identity=<...>@tu-darmstadt.de
# password=<...>
# phase2-auth=mschapv2
# [ipv4]
# method=auto
# [ipv6]
# addr-gen-mode=stable-privacy
# ip6-privacy=2
# method=auto
# '';
# mode = "0600";
# };
};
sops.secrets = {
"eduroam/tuda_nmconnection" = {
mode = "0600";

207
system-modules/nx2site.nix
View File

@@ -1,45 +1,47 @@
{ config, pkgs, lib, user, host, ... }:
# lib.mkIf false
lib.mkIf (host == "NxACE")
# ((import ./nx2site/proxy.nix { inherit config pkgs lib user; }) //
(
{ config, pkgs, domain, secrets, ... }:
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
};
systemd = {
timers."namecheap-dynamic-dns" = {
timers."dynamic-dns" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "10m";
Unit = "namecheap-dynamic-dns.service";
Unit = "dynamic-dns.service";
};
};
services."namecheap-dynamic-dns" = let
services."dynamic-dns" = let
u = let
domain = "nx2.site";
passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
# passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
log-file-path = "/var/log/update_namecheap.log";
count-file-path = "/var/log/update_namecheap-count.txt";
in pkgs.writers.writePython3Bin "update_namecheap" {
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
} ''
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
} /* python */ ''
import requests
import argparse
import socket
import subprocess
from datetime import datetime
def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
def main(force_update):
def main():
my_ip = get_public_ip()
dns_ip = get_dns_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
@@ -49,73 +51,136 @@ lib.mkIf (host == "NxACE")
with open("${count-file-path}", "w") as f:
f.write(str(count))
if not (force_update or my_ip != dns_ip):
print(f"Host IP and DNS response are both {my_ip} --> No Action")
exit(0)
else:
with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
# 4
with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip()
# Perform DNS updates
resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
# Reset the count file
with open("${count-file-path}", 'w') as f: f.write('0')
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--force', action='store_true', help='Force update')
args = parser.parse_args()
main(args.force)
main()
'';
in {
script = ''
set -eu
${u}/bin/update_namecheap
${u}/bin/dyn_dns
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
# I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have
# security.acme = {
# acceptTerms = true;
# certs."nx2site" = { };
# };
environment.systemPackages = with pkgs; [
certbot
(writeShellApplication {
name = "refresh_ssl_certificate";
runtimeInputs = [ certbot ];
# https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431
text = let
webroot = /home/nx2/nx2site/staticweb/content;
in /*bash*/ ''
cartbot
ls ${webroot}
'';
})
];
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
"172.1.2.1" = [ "staticweb.docker" ];
"172.1.3.1" = [ "matrix.docker" ];
# "172.1.2.1" = [ "staticweb.docker" ];
# "172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ];
"172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
"172.1.7.1" = [ "nn.docker" ];
"172.1.8.1" = [ "llm.docker" ];
# "172.1.7.1" = [ "nn.docker" ];
# "172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ];
"172.1.10.1" = [ "share.docker" ];
"172.1.11.1" = [ "odq.docker" ];
# "172.1.10.1" = [ "share.docker" ];
# "172.1.11.1" = [ "odq.docker" ];
};
})
}

71
system-modules/nx2site/gitea.nix Normal file
View File

@@ -0,0 +1,71 @@
{ config, pkgs-unstable, domain, ... }:
{
sops.secrets = {
"postgres-pw" = { owner = "gitea"; };
};
services.gitea = {
enable = true;
package = pkgs-unstable.gitea;
group = "gitea"; # default
user = "gitea"; # default
appName = "NxGit";
stateDir = "/var/lib/gitea"; # default
useWizard = false; # default
# camoHmacKeyFile = ;
customDir = "${config.services.gitea.stateDir}/custom"; # default
database = {
createDatabase = false; # default
host = "127.0.0.1"; # default
port = 5432;
passwordFile = config.sops.secrets."postgres-pw".path;
# path = "${config.services.gitea.stateDir}/data/gitea.db"; # default
# socket = "/run/postgresql";
socket = null;
type = "postgres";
name = "gitea"; # default
user = "gitea"; # default
};
dump = {
enable = true;
backupDir = "${config.services.gitea.stateDir}/dump"; # default
file = null; # default
interval = "daily";
type = "zip"; # default
};
extraConfig = null; # default
lfs = {
enable = false; # default
contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
};
mailerPasswordFile = null; # default
metricsTokenFile = null; # default
repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
settings = {
log = {
LEVEL = "Info";
# LEVEL = "Error";
ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default
};
i18n = {
LANGS = "en-US";
};
server = {
DISABLE_SSH = false; # default
SSH_PORT = 20022;
DOMAIN = "pw2.${domain}";
HTTP_ADDR = "http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
HTTP_PORT = 3000; # default
PROTOCOL = "http"; # default
ROOT_URL = "https:pw2.${domain}/"; # default
STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static";
};
session = {
COOKIE_SECURE = true;
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

228
system-modules/nx2site/proxy.nix
View File

@@ -1,35 +1,56 @@
{ config, pkgs, lib, user }:
lib.mkIf false
{ config, pkgs, lib, domain, ... }:
{
sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
"nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; };
"nx2site/dhparams.pem" = { owner = config.services.nginx.user; };
};
services.nginx = {
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@${domain}";
webroot = "/var/nginx/webroot";
group = "nginx";
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "git2" "pw" "pw2" "sync" ];
};
};
};
users.users."nginx" = {
extraGroups = [ "nginx" "acme" ];
useDefaultShell = false;
linger = true;
home = "/var/nginx/";
homeMode = "770";
createHome = true;
isSystemUser = true;
isNormalUser = false;
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx = let
dl = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::0]"; port = 443; ssl = true; }
{ addr = "[::0]"; port = 80; ssl = false; }
];
in {
enable = true;
user = "nginx";
group = "nginx";
additionalModules = [];
# appendConfig = '''';
clientMaxBodySize = "20m";
defaultHTTPListenPort = 80;
defaultListenAddresses = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]";
defaultListen = [ {
addr = "0.0.0.0";
ssl = true;
port = 443;
proxyProtocol = true;
}];
defaultListen = dl;
defaultMimeTypes = "${pkgs.mailcap}/etc/nginx/mime.types";
defaultSSLListenPort = 443;
enableQuicBPF = true;
enableReload = true;
# eventsConfig = '''';
# logError = ;
# mapHashBucketSize = ;
# mapHashMaxSize = ;
package = pkgs.nginxQuic;
# preStart = true;
proxyResolveWhileRunning = false;
proxyTimeout = "20s";
recommendedBrotliSettings = true;
@@ -39,142 +60,81 @@ lib.mkIf false
recommendedTlsSettings = true;
recommendedZstdSettings = true;
serverTokens = false;
# sslCiphers = true;
sslDhparam = config.sops.secrets."nx2site/dhparams.pem".path;
sslProtocols = "TLSv1.2 TLSv1.3";
statusPage = false;
streamConfig = ""; # udp config
validateConfigFile = true;
upstreams = {
"staticweb".servers = { "staticweb.docker:80" = {}; };
"matrix".servers = { "matrix.docker:80" = {}; };
"matrix-ss".servers = { "matrix-ss.docker:80" = {}; };
"pw".servers = { "pw.docker:80" = {}; };
"git".servers = { "git.docker:80" = {}; };
"nn".servers = { "nn.docker:80" = {}; };
"llm".servers = { "llm.docker:80" = {}; };
"share".servers = { "share.docker:80" = {}; };
"sync".servers = { "localhost:8384" = {}; };
};
virtualHosts = let
sslCertificate = config.sops.secrets."nx2site/sslCertificate.pem".path;
sslCertificateKey = config.sops.secrets."nx2site/sslCertificateKey.pem".path;
kTLS = true; http2 = true; http3 = true; http3_hq = true; quic = true;
in
{
"nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
vh = {
kTLS = true;
http2 = true;
http3 = true;
http3_hq = true;
quic = true;
addSSL = true;
enableACME = true;
};
in {
"${domain}" = vh // {
root = "/var/nginx/webroot";
default = true;
listen = dl;
locations = {
"/" = {
proxyPass = "http://staticweb";
# extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf;
};
"/.well-known/matrix/client" = {
return = ''200 '{"m.homeserver": {"base_url": "https://matrix.nx2.site"}, "org.matrix.msc3575.proxy": {"url": "https://matrix-ss.nx2.site"}}' '';
extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
"/.well-known/matrix/server" = {
return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ];
};
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://matrix-ss";
# extraConfig = [ ''proxy_set_header X-Forwarded-For $remote_addr;'' ''proxy_set_header X-Forwarded-Proto $scheme;'' ''proxy_set_header Host $host;'' ];
};
"~ ^(\/_matrix|\/_synapse\/client)" = {
return = ''200 '{"m.server":"matrix.nx2.site:443"}' '';
# extraConfig = [];
extraConfig = ''
index index.html;
if ($request_uri ~ ^/(.*)\.html(\?|$)) {
return 301 /$1;
}
try_files $uri $uri.html $uri/ /404.html =404;
'';
};
"~^(/ba)$" = { return = "301 /BA.pdf"; };
"/.well-known/matrix/client" = { return = "502"; };
"/.well-known/matrix/server" = { return = "502"; };
};
};
"matrix.${domain}" = {
listen = dl;
locations = { "~.*" = { return = "502"; }; };
};
"pw.${domain}" = vh // {
listen = dl;
locations = let d = "pw.docker:80"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"matrix.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
listen = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
];
locations = {
"/" = {
proxyPass = "http://matrix";
# extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf;
};
"pw2.${domain}" = vh // {
listen = dl;
locations = let d = "127.0.0.1:3000"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"matrix-ss.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# "resolver 1.1.1.1;"
# "client_max_body_size 500M;"
# ];
locations = {
"/" = { proxyPass = "http://pw"; };
};
"sync.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; };
};
# "dev.nx2.site" = {
# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
# locations = {
# "/" = {
# proxyPass = "http://dev";
# };
# };
# };
"pw.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://pw"; };
"/admin" = { proxyPass = "http://pw"; };
"/notifications/hub" = { proxyPass = "http://pw"; };
"/notifications/hub/negotiate" = { proxyPass = "http://pw"; };
};
"git.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
};
"share.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://share"; # ''proxy_hide_header Content-Disposition;''
# ''proxy_set_header Content-Disposition $upstream_http_content_disposition;''
# ''proxy_set_header X-Real-IP $remote_addr;''
# ''proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;''
# ''proxy_set_header Host $http_host;''
# ];
};
"/socket.io" = {
proxyPass = "http://share/socket.io";
proxyWebsockets = true;
# extraConfig = [
# ''proxy_http_version 1.1;''
# ''proxy_set_header Upgrade $http_upgrade;''
# ''proxy_set_header Connection "upgrade";''
# ];
};
};
"git2.${domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; };
};
"sync.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://sync"; };
};
};
"git.nx2.site" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
locations = {
"/" = { proxyPass = "http://git"; };
};
};
"~^(.*)\.nx2\.site$" = {
inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic;
# listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ];
root = "/home/nx2/nx2site/staticweb/xcontent/";
locations = {
"~.*" = { return = "502 /502.html"; };
};
"~^(.*).${domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
};
};
};
}

0
system-modules/nx2site/vaultwarden.nix Normal file
View File

83
system-modules/postgres.nix Normal file
View File

@@ -0,0 +1,83 @@
{ config, pkgs, lib, user, ... }:
{
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_12;
dataDir = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; # default
# identMap = ''
# ${user} ${user} ${user}
# '';
enableJIT = false; # default
initdbArgs = []; # default
checkConfig = true; # default
enableTCPIP = false;
# # extraPlugins =
initialScript = null; # default
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust #scram-sha-256
host all all ::1/128 trust #scram-sha-256
'';
# recoveryConfig = null;
ensureDatabases = [
"gitea"
# "vaultwarden"
];
settings = {
port = 5432; # default
listen_addresses = "localhost";
log_line_prefix = "[%p] "; # default
shared_preload_libraries = [ ]; # default
};
ensureUsers = [
# {
# name = "${user}";
# ensureDBOwnership = false;
# ensureClauses = {
# login = true;
# # inherit
# createdb = true;
# bypassrls = true;
# superuser = true;
# createrole = true;
# replication = true;
# };
# }
{
# as liong as there is no declarative user management you gotta set a pw by hand
# sudo -u postgres psql -c "ALTER USER gitea PASSWORD 'new-passwd';"
name = "gitea";
ensureDBOwnership = true;
}
];
};
# postgresqlBackup = {
# enable
# startAt
# location
# databases
# backupAll
# compression
# }
# postgresqlWalReceiver.receivers."main" = {
# postgresqlPackage = pkgs.postgresql_15;
# directory = /mnt/pg_wal/main/;
# slot = "main_wal_receiver";
# connection = "postgresql://user@somehost";
# compress
# extraArgs
# synchronous
# environment
# statusInterval
# };
# }
};
}

15
system-modules/syncthing.nix
View File

@@ -1,5 +1,10 @@
{ config, lib, user, host, secrets, ...}:
let
{
config,
lib,
user,
host,
secrets,
... }: let
# helper funcitons
conv = _: device: with device; { "${name}" = {id = id;};};
justname = devices: (builtins.map (device: device.name)) devices;
@@ -24,15 +29,11 @@ let
daniel-dcim = { name = "daniel-dcim"; path = "/vault/Pictures/Daniel"; };
tessa-dcim = { name = "tessa-dcim"; path = "/vault/Pictures/Tessa"; };
};
in
lib.mkIf (user != "tv")
{
in {
sops.secrets = {
"syncthing/${host}/cert.pem" = { owner = user; };
"syncthing/${host}/key.pem" = { owner = user; };
};
services.syncthing = with (builtins.mapAttrs conv devices); {
enable = true;
user = "${user}";

25
system-modules/users.nix
View File

@@ -1,22 +1,31 @@
{ pkgs, lib, host, user, ... }:
{ pkgs, user, ... }:
{
users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
users.users."${user}" = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" "adbusers" ];
extraGroups = [
"networkmanager"
"wheel"
"audio"
"video"
"docker"
"libvirtd"
"uinput"
"input"
"ydotool"
"acme"
"nginx"
"adbusers"
"gitea"
"postgres"
];
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
];
};
users.users.tv = lib.mkIf (host == "NxACE") {
isNormalUser = true;
extraGroups = [ "networkmanager" "audio" "video" "uinput" ];
useDefaultShell = true;
};
programs = {
bash = {