diff --git a/darwin-common.nix b/darwin-common.nix index 0cae3e79..48dcf27d 100644 --- a/darwin-common.nix +++ b/darwin-common.nix @@ -1,5 +1,4 @@ { config, pkgs, inputs, ... }: { - programs.gnupg.agent.enable = true; programs.zsh.enable = true; environment.pathsToLink = [ "/share/zsh" ]; services.nix-daemon.enable = true; @@ -24,16 +23,6 @@ sshKey = "/Users/xyno/.ssh/id_ed25519"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUorQkJYdWZYQUpoeVVIVmZocWxrOFk0ekVLSmJLWGdKUXZzZEU0ODJscFYgcm9vdEBpc28K"; } - #{ - # systems = [ "aarch64-linux" "x86_64-linux" ]; - # speedFactor = 2; - # supportedFeatures = [ "kvm" "big-parallel" ]; - # sshUser = "ragon"; - # maxJobs = 8; - # hostName = "192.168.65.7"; - # sshKey = "/Users/ragon/.ssh/id_ed25519"; - # publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUM4aG9teFlQZlk4bS9JQ2c2NVNWNU9Temp3eW1sNmxEMXhGNi9zWUxPQkY="; - #} ]; nix.extraOptions = '' builders-use-substitutes = true diff --git a/flake.lock b/flake.lock index 97344aed..18296db5 100644 --- a/flake.lock +++ b/flake.lock @@ -83,101 +83,7 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1710169806, - "narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=", - "owner": "nix-community", - "repo": "disko", - "rev": "fe064a639319ed61cdf12b8f6eded9523abcc498", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -213,64 +119,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1708547820, - "narHash": "sha256-xU/KC1PWqq5zL9dQ9wYhcdgxAwdeF/dJCLPH3PNZEBg=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "0ca27bd58e4d5be3135a4bef66b582e57abe8f4a", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -365,74 +213,9 @@ "type": "github" } }, - "neovim-flake": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "dir": "contrib", - "lastModified": 1681563256, - "narHash": "sha256-efqY64VXxpcBCBouHwl0d0fJ6Aol3gzQB7/eXFO4gI0=", - "owner": "neovim", - "repo": "neovim", - "rev": "eb151a9730f0000ff46e0b3467e29bb9f02ae362", - "type": "github" - }, - "original": { - "dir": "contrib", - "owner": "neovim", - "repo": "neovim", - "type": "github" - } - }, - "neovim-nightly-overlay": { - "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "hercules-ci-effects": "hercules-ci-effects", - "neovim-flake": "neovim-flake", - "nixpkgs": [ - "nixpkgs-master" - ] - }, - "locked": { - "lastModified": 1710201806, - "narHash": "sha256-ySFpQv1cVsm1uGr/cbtfvWht6Kszfy/aP3TjiLQ8h0w=", - "owner": "nix-community", - "repo": "neovim-nightly-overlay", - "rev": "a6185e08ac09b6528b7120cd2886610eaffd68de", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "neovim-nightly-overlay", - "type": "github" - } - }, - "nix-vscode-extensions": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1710206084, - "narHash": "sha256-W6jg8xtOohOM0Mxqx/5K03y4CNOAYw7hvc5ORccMVlI=", - "owner": "nix-community", - "repo": "nix-vscode-extensions", - "rev": "cfbb96201a78804e92794d6fe57466f777da74aa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-vscode-extensions", - "type": "github" - } - }, "nixd": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ] @@ -469,16 +252,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", - "owner": "nixos", + "lastModified": 1710162809, + "narHash": "sha256-i2R2bcnQp+85de67yjgZVvJhd6rRnJbSYNpGmB6Leb8=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "ddcd7598b2184008c97e6c9c6a21c5f37590b8d2", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -533,38 +316,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1684570954, - "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1710162809, - "narHash": "sha256-i2R2bcnQp+85de67yjgZVvJhd6rRnJbSYNpGmB6Leb8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ddcd7598b2184008c97e6c9c6a21c5f37590b8d2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nnn-nvim": { "flake": false, "locked": { @@ -613,38 +364,6 @@ "type": "github" } }, - "octoprint-spoolmanager": { - "flake": false, - "locked": { - "lastModified": 1647619589, - "narHash": "sha256-JKPegbnv7nxyhAi8AqF/TDQVaj67JTlcWYHhetX5AGQ=", - "owner": "OllisGit", - "repo": "OctoPrint-SpoolManager", - "rev": "dea8d64c1849c970f3616e158260c4c6fef5a4b7", - "type": "github" - }, - "original": { - "owner": "OllisGit", - "repo": "OctoPrint-SpoolManager", - "type": "github" - } - }, - "octoprint-telegram": { - "flake": false, - "locked": { - "lastModified": 1646577349, - "narHash": "sha256-z/Nhixz83pikM616OEn+bK1889DTdC8F1E7WiBy8gsY=", - "owner": "fabianonline", - "repo": "OctoPrint-Telegram", - "rev": "d8fa9ac4a65600a25deacad9bc0d3e9cc0167751", - "type": "github" - }, - "original": { - "owner": "fabianonline", - "repo": "OctoPrint-Telegram", - "type": "github" - } - }, "pandoc-latex-template": { "flake": false, "locked": { @@ -688,23 +407,18 @@ "agenix": "agenix", "agkozak-zsh-prompt": "agkozak-zsh-prompt", "darwin": "darwin_2", - "disko": "disko", "home-manager": "home-manager_2", "impermanence": "impermanence", "lolpizza": "lolpizza", "miro": "miro", - "neovim-nightly-overlay": "neovim-nightly-overlay", - "nix-vscode-extensions": "nix-vscode-extensions", "nixd": "nixd", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-master": "nixpkgs-master", "nnn-nvim": "nnn-nvim", "noice-nvim": "noice-nvim", "notify-nvim": "notify-nvim", - "octoprint-spoolmanager": "octoprint-spoolmanager", - "octoprint-telegram": "octoprint-telegram", "pandoc-latex-template": "pandoc-latex-template", "spoons": "spoons", "utils": "utils", @@ -778,39 +492,9 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, diff --git a/flake.nix b/flake.nix index 586c0558..40d7603c 100644 --- a/flake.nix +++ b/flake.nix @@ -16,13 +16,6 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; darwin.url = "github:lnl7/nix-darwin/master"; darwin.inputs.nixpkgs.follows = "nixpkgs"; - disko.url = "github:nix-community/disko"; - disko.inputs.nixpkgs.follows = "nixpkgs"; - neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; - neovim-nightly-overlay.inputs.nixpkgs.follows = "nixpkgs-master"; - neovim-nightly-overlay.inputs.neovim-flake.url = "github:neovim/neovim?dir=contrib&rev=eb151a9730f0000ff46e0b3467e29bb9f02ae362"; - neovim-nightly-overlay.inputs.neovim-flake.inputs.nixpkgs.follows = "nixpkgs-master"; - # programs xynoblog.url = "github:thexyno/blog"; @@ -45,9 +38,6 @@ noice-nvim.url = "github:folke/noice.nvim"; noice-nvim.flake = false; - ## vscode - nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; - ## zsh zsh-completions.url = "github:zsh-users/zsh-completions"; zsh-completions.flake = false; @@ -76,19 +66,12 @@ pandoc-latex-template.url = "github:Wandmalfarbe/pandoc-latex-template"; pandoc-latex-template.flake = false; - ## octoprint - octoprint-telegram.url = "github:fabianonline/OctoPrint-Telegram"; - octoprint-telegram.flake = false; - octoprint-spoolmanager.url = "github:OllisGit/OctoPrint-SpoolManager"; - octoprint-spoolmanager.flake = false; - }; outputs = inputs @ { self , nixpkgs , nixpkgs-darwin - , neovim-nightly-overlay , nixpkgs-master , agenix , home-manager @@ -107,13 +90,8 @@ my = import ./lib { inherit inputs; lib = self; }; }); - genPkgs = system: import nixpkgs { - inherit system; - config.allowUnfree = true; - }; overlays = [ self.overlays.default - neovim-nightly-overlay.overlay nixd.overlays.default ]; genPkgsWithOverlays = system: import nixpkgs { @@ -126,15 +104,11 @@ }; - hmConfig = { hm, pkgs, inputs, config, ... }: { - imports = (lib.my.mapModulesRec' ./hm-imports (x: x)) ++ [ "${impermanence}/home-manager.nix" ]; - }; - rev = if (lib.hasAttrByPath [ "rev" ] self.sourceInfo) then self.sourceInfo.rev else "Dirty Build"; nixosSystem = system: extraModules: hostName: let - pkgs = genPkgs system; + pkgs = genPkgsWithOverlays system; in nixpkgs.lib.nixosSystem rec { @@ -159,12 +133,9 @@ home-manager.extraSpecialArgs = { inherit inputs; }; } - (lib.mkIf config.ragon.user.enable { - # import hm stuff if enabled - home-manager.users.ragon = hmConfig; - })]) + ]) ./nixos-common.nix - ] ++ (lib.my.mapModulesRec' (toString ./nixos-modules) import) ++ extraModules; + ] ++ extraModules; }; darwinSystem = system: extraModules: hostName: let @@ -178,15 +149,13 @@ home-manager.darwinModules.home-manager { nixpkgs.overlays = overlays; - #system.darwinLabel = "${config.system.darwinLabel}@${rev}"; networking.hostName = hostName; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.extraSpecialArgs = { inherit inputs pkgs; }; - home-manager.users.xyno = hmConfig; } ./darwin-common.nix - ] ++ (lib.my.mapModulesRec' (toString ./darwin-modules) import) ++ extraModules; + ] ++ extraModules; }; processConfigurations = lib.mapAttrs (n: v: v n); @@ -202,38 +171,17 @@ }; my = self.packages."${prev.system}"; }; - nixosModules = lib.my.mapModulesRec ./nixos-modules import; - #darwinModules = [ ]; - darwinModules = lib.my.mapModulesRec ./darwin-modules import; + # nixosModules = lib.my.mapModulesRec ./nixos-modules import; + # darwinModules = lib.my.mapModulesRec ./darwin-modules import; + nixosConfigurations = processConfigurations { picard = nixosSystem "x86_64-linux" [ ./hosts/picard/default.nix ]; ds9 = nixosSystem "x86_64-linux" [ ./hosts/ds9/default.nix ]; - daedalusvm = nixosSystem "aarch64-linux" [ ./hosts/daedalusvm/default.nix ]; - octopi = nixosSystem "aarch64-linux" [ ./hosts/octopi/default.nix ]; - icarus = nixosSystem "x86_64-linux" [ ./hosts/icarus/default.nix ]; - beliskner = nixosSystem "x86_64-linux" [ ./hosts/beliskner/default.nix ]; }; darwinConfigurations = processConfigurations { daedalus = darwinSystem "aarch64-darwin" [ ./hosts/daedalus/default.nix ]; }; - homeConfigurations."fedora-vm" = - let pkgs = genPkgsWithOverlays "aarch64-linux"; in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - hmConfig - { - ragon.vscode.enable = true; - home.username = "ragon"; - home.packages = [ pkgs.openvscode-server ]; - home.homeDirectory = "/home/ragon.linux"; - } - ]; - - }; - } // utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; in { diff --git a/hm-imports/zsh/zshrc b/hm-imports/zsh/zshrc deleted file mode 100644 index 24a25d4d..00000000 --- a/hm-imports/zsh/zshrc +++ /dev/null @@ -1,56 +0,0 @@ -# AGKOZAK_MULTILINE=0 -# AGKOZAK_PROMPT_CHAR=( ❯ ❯ "%F{red}N%f") -autoload -Uz history-search-end - -zle -N history-beginning-search-backward-end history-search-end -zle -N history-beginning-search-forward-end history-search-end - -bindkey -M vicmd '^[[A' history-beginning-search-backward-end \ - '^[OA' history-beginning-search-backward-end \ - '^[[B' history-beginning-search-forward-end \ - '^[OB' history-beginning-search-forward-end -bindkey -M viins '^[[A' history-beginning-search-backward-end \ - '^[OA' history-beginning-search-backward-end \ - '^[[B' history-beginning-search-forward-end \ - '^[OB' history-beginning-search-forward-end - -hash go 2>/dev/null && export PATH=$PATH:$(go env GOPATH)/bin -hash yarn 2>/dev/null && export PATH=$PATH:$HOME/.yarn/bin -hash dotnet 2>/dev/null && export PATH=$PATH:$HOME/.dotnet/tools -hash direnv 2>/dev/null && eval "$(direnv hook zsh)" # needed for lorri -export PATH=$PATH:$HOME/.local/bin -export PATH=$PATH:$HOME/flutter/flutter/bin -hash kitty 2>/dev/null && alias ssh="kitty kitten ssh" -hash helm 2>/dev/null && . <(helm completion zsh) -hash kubectl 2>/dev/null && . <(kubectl completion zsh) -export NNN_ARCHIVE="\\.(7z|a|ace|alz|arc|arj|bz|bz2|cab|cpio|deb|gz|jar|lha|lz|lzh|lzma|lzo|rar|rpm|rz|t7z|tar|tbz|tbz2|tgz|tlz|txz|tZ|tzo|war|xpi|xz|Z|zip)$" -if [[ -d "$HOME/miniconda3" ]]; then - export PATH=$PATH:$HOME/miniconda3/bin - . <(~/miniconda3/bin/conda shell.zsh hook) -fi - -n () -{ - # Block nesting of nnn in subshells - if [ -n $NNNLVL ] && [ "${NNNLVL:-0}" -ge 1 ]; then - echo "nnn is already running" - return - fi - - export NNN_TMPFILE="$HOME/.config/nnn/.lastd" - - # Unmask ^Q (, ^V etc.) (if required, see `stty -a`) to Quit nnn - # stty start undef - # stty stop undef - # stty lwrap undef - # stty lnext undef - - nnn -d "$@" - - if [ -f "$NNN_TMPFILE" ]; then - . "$NNN_TMPFILE" - rm -f "$NNN_TMPFILE" > /dev/null - fi -} - - diff --git a/hm-imports/cli.nix b/hm-modules/cli.nix similarity index 56% rename from hm-imports/cli.nix rename to hm-modules/cli.nix index 257894c8..c942c18d 100644 --- a/hm-imports/cli.nix +++ b/hm-modules/cli.nix @@ -3,7 +3,6 @@ home.stateVersion = lib.mkDefault "22.05"; home.packages = with pkgs; [ - my.scripts jq nnn @@ -13,8 +12,6 @@ curl fd file - lorri - fzf git neofetch ripgrep @@ -22,16 +19,16 @@ unzip pv killall - lefthook yt-dlp aria2 - libqalculate ]; home.shellAliases = { v = "nvim"; + c = "code"; vim = "nvim"; gpl = "git pull"; gp = "git push"; + gd = "git diff"; lg = "lazygit"; gc = "git commit -v"; kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\""; @@ -48,48 +45,10 @@ }; programs = { - # gpg = { - # enable = true; - # settings = { - # cert-digest-algo = "SHA512"; - # charset = "utf-8"; - # default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; - # auto-key-retrieve = true; - # fixed-list-mode = true; - # keyserver = "hkps://keyserver.ubuntu.com:443"; - # list-options = [ "show-uid-validity" "show-unusable-subkeys" ]; - # no-comments = true; - # no-emit-version = true; - # no-greeting = true; - # no-symkey-cache = true; - # personal-cipher-preferences = "AES256 AES192 AES"; - # personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed"; - # personal-digest-preferences = "SHA512 SHA384 SHA256"; - # require-cross-certification = true; - # s2k-cipher-algo = "AES256"; - # s2k-digest-algo = "SHA512"; - # throw-keyids = true; - # use-agent = true; - # verbose = true; - # verify-options = "show-uid-validity"; - # with-fingerprint = true; - # with-key-origin = true; - # }; - # }; bat = { enable = true; config.theme = "gruvbox-dark"; }; - fzf = { - enable = true; - enableZshIntegration = true; - defaultOptions = [ - "--height 40%" - "--layout=reverse" - "--border" - "--inline-info" - ]; - }; git = { enable = true; lfs.enable = true; @@ -120,7 +79,6 @@ }; }; - }; } diff --git a/hm-imports/files.nix b/hm-modules/files.nix similarity index 85% rename from hm-imports/files.nix rename to hm-modules/files.nix index 4df62c69..f66f4e99 100644 --- a/hm-imports/files.nix +++ b/hm-modules/files.nix @@ -1,5 +1,8 @@ { inputs, config, lib, pkgs, ... }: { + imports = [ + "${inputs.impermanence}/home-manager.nix" + ]; home.file = { # Home nix config. ".config/nixpkgs/config.nix".text = "{ allowUnfree = true; }"; diff --git a/hm-imports/nvim/config/lua/.luarc.json b/hm-modules/nvim/config/lua/.luarc.json similarity index 100% rename from hm-imports/nvim/config/lua/.luarc.json rename to hm-modules/nvim/config/lua/.luarc.json diff --git a/hm-imports/nvim/config/lua/dark_notify.lua b/hm-modules/nvim/config/lua/dark_notify.lua similarity index 100% rename from hm-imports/nvim/config/lua/dark_notify.lua rename to hm-modules/nvim/config/lua/dark_notify.lua diff --git a/hm-imports/nvim/config/lua/filetypes.lua b/hm-modules/nvim/config/lua/filetypes.lua similarity index 100% rename from hm-imports/nvim/config/lua/filetypes.lua rename to hm-modules/nvim/config/lua/filetypes.lua diff --git a/hm-imports/nvim/config/lua/keybindings.lua b/hm-modules/nvim/config/lua/keybindings.lua similarity index 100% rename from hm-imports/nvim/config/lua/keybindings.lua rename to hm-modules/nvim/config/lua/keybindings.lua diff --git a/hm-imports/nvim/config/lua/plugin/cmp.lua b/hm-modules/nvim/config/lua/plugin/cmp.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/cmp.lua rename to hm-modules/nvim/config/lua/plugin/cmp.lua diff --git a/hm-imports/nvim/config/lua/plugin/dap.lua b/hm-modules/nvim/config/lua/plugin/dap.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/dap.lua rename to hm-modules/nvim/config/lua/plugin/dap.lua diff --git a/hm-imports/nvim/config/lua/plugin/gitsigns.lua b/hm-modules/nvim/config/lua/plugin/gitsigns.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/gitsigns.lua rename to hm-modules/nvim/config/lua/plugin/gitsigns.lua diff --git a/hm-imports/nvim/config/lua/plugin/lsp.lua b/hm-modules/nvim/config/lua/plugin/lsp.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/lsp.lua rename to hm-modules/nvim/config/lua/plugin/lsp.lua diff --git a/hm-imports/nvim/config/lua/plugin/lualine.lua b/hm-modules/nvim/config/lua/plugin/lualine.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/lualine.lua rename to hm-modules/nvim/config/lua/plugin/lualine.lua diff --git a/hm-imports/nvim/config/lua/plugin/nnn.lua b/hm-modules/nvim/config/lua/plugin/nnn.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/nnn.lua rename to hm-modules/nvim/config/lua/plugin/nnn.lua diff --git a/hm-imports/nvim/config/lua/plugin/noice.lua b/hm-modules/nvim/config/lua/plugin/noice.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/noice.lua rename to hm-modules/nvim/config/lua/plugin/noice.lua diff --git a/hm-imports/nvim/config/lua/plugin/telescope.lua b/hm-modules/nvim/config/lua/plugin/telescope.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/telescope.lua rename to hm-modules/nvim/config/lua/plugin/telescope.lua diff --git a/hm-imports/nvim/config/lua/plugin/terminal.lua b/hm-modules/nvim/config/lua/plugin/terminal.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/terminal.lua rename to hm-modules/nvim/config/lua/plugin/terminal.lua diff --git a/hm-imports/nvim/config/lua/plugin/treesitter.lua b/hm-modules/nvim/config/lua/plugin/treesitter.lua similarity index 100% rename from hm-imports/nvim/config/lua/plugin/treesitter.lua rename to hm-modules/nvim/config/lua/plugin/treesitter.lua diff --git a/hm-imports/nvim/config/lua/utils.lua b/hm-modules/nvim/config/lua/utils.lua similarity index 100% rename from hm-imports/nvim/config/lua/utils.lua rename to hm-modules/nvim/config/lua/utils.lua diff --git a/hm-imports/nvim/config/nvim.lua b/hm-modules/nvim/config/nvim.lua similarity index 100% rename from hm-imports/nvim/config/nvim.lua rename to hm-modules/nvim/config/nvim.lua diff --git a/hm-imports/nvim/default.nix b/hm-modules/nvim/default.nix similarity index 98% rename from hm-imports/nvim/default.nix rename to hm-modules/nvim/default.nix index 16e133c9..cf59f9bd 100644 --- a/hm-imports/nvim/default.nix +++ b/hm-modules/nvim/default.nix @@ -54,7 +54,6 @@ in programs.neovim = { enable = true; - package = pkgs.neovim-nightly; extraConfig = '' set runtimepath^=~/.config/nvim lua dofile('${./config/nvim.lua}') diff --git a/hm-imports/tmux/default.nix b/hm-modules/tmux/default.nix similarity index 100% rename from hm-imports/tmux/default.nix rename to hm-modules/tmux/default.nix diff --git a/hm-imports/tmux/tmux-switch-colors/dark.tmux b/hm-modules/tmux/tmux-switch-colors/dark.tmux similarity index 100% rename from hm-imports/tmux/tmux-switch-colors/dark.tmux rename to hm-modules/tmux/tmux-switch-colors/dark.tmux diff --git a/hm-imports/tmux/tmux-switch-colors/light.tmux b/hm-modules/tmux/tmux-switch-colors/light.tmux similarity index 100% rename from hm-imports/tmux/tmux-switch-colors/light.tmux rename to hm-modules/tmux/tmux-switch-colors/light.tmux diff --git a/hm-imports/tmux/tmux-switch-colors/start_theme_switcher.sh b/hm-modules/tmux/tmux-switch-colors/start_theme_switcher.sh similarity index 100% rename from hm-imports/tmux/tmux-switch-colors/start_theme_switcher.sh rename to hm-modules/tmux/tmux-switch-colors/start_theme_switcher.sh diff --git a/hm-imports/tmux/tmux-switch-colors/theme_setter.sh b/hm-modules/tmux/tmux-switch-colors/theme_setter.sh similarity index 100% rename from hm-imports/tmux/tmux-switch-colors/theme_setter.sh rename to hm-modules/tmux/tmux-switch-colors/theme_setter.sh diff --git a/hm-imports/tmux/tmux-switch-colors/theme_switcher.sh b/hm-modules/tmux/tmux-switch-colors/theme_switcher.sh similarity index 100% rename from hm-imports/tmux/tmux-switch-colors/theme_switcher.sh rename to hm-modules/tmux/tmux-switch-colors/theme_switcher.sh diff --git a/hm-imports/vscode/PLEASE FORGIVE ME FOR THIS SINFUL ACT b/hm-modules/vscode/PLEASE FORGIVE ME FOR THIS SINFUL ACT similarity index 100% rename from hm-imports/vscode/PLEASE FORGIVE ME FOR THIS SINFUL ACT rename to hm-modules/vscode/PLEASE FORGIVE ME FOR THIS SINFUL ACT diff --git a/hm-imports/vscode/default.nix b/hm-modules/vscode/default.nix similarity index 99% rename from hm-imports/vscode/default.nix rename to hm-modules/vscode/default.nix index cd88689e..cf5cb273 100644 --- a/hm-imports/vscode/default.nix +++ b/hm-modules/vscode/default.nix @@ -3,7 +3,7 @@ let cfg = config.ragon.vscode; #marketplace = inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; #marketplace-release = inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace-release; - marketplace = (import ../../data/vscode-extensions.nix { inherit pkgs lib; }); + marketplace = (import ./vscode-extensions.nix { inherit pkgs lib; }); in { diff --git a/hm-imports/vscode/extensions.toml b/hm-modules/vscode/extensions.toml similarity index 100% rename from hm-imports/vscode/extensions.toml rename to hm-modules/vscode/extensions.toml diff --git a/data/vscode-extensions.nix b/hm-modules/vscode/vscode-extensions.nix similarity index 100% rename from data/vscode-extensions.nix rename to hm-modules/vscode/vscode-extensions.nix diff --git a/hm-imports/xonsh/default.nix b/hm-modules/xonsh/default.nix similarity index 76% rename from hm-imports/xonsh/default.nix rename to hm-modules/xonsh/default.nix index a739f7f9..0cd59f0a 100644 --- a/hm-imports/xonsh/default.nix +++ b/hm-modules/xonsh/default.nix @@ -41,26 +41,6 @@ in $PROMPT_FIELDS['sshhostname'] = lambda: "{user}@{hostname}" if "SSH_TTY" in ''${...} else $PROMPT_FIELDS['rootuser']() $PROMPT = '{gitstatus:{RESET}[{}{RESET}] }{sshhostname:{} }{BOLD_GREEN}{short_cwd}{RED}{last_return_code_if_nonzero: [{BOLD_INTENSE_RED}{}{RED}] }{RESET}{BOLD_BLUE}{RESET}> ' $VI_MODE = True - aliases['v'] = "nvim" - aliases['c'] = "code" - aliases['vim'] = "nvim" - aliases['gpl'] = "git pull" - aliases['gpf'] = "git push --force-with-lease --force-if-includes" - aliases['gp'] = "git push" - aliases['gd'] = "git diff" - aliases['lg'] = "lazygit" - aliases['gc'] = "git commit -v" - # aliases['kb'] = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\"" - aliases['gs'] = "git status -v" - aliases['gfc'] = "git fetch && git checkout" - aliases['gl'] = "git log --graph" - aliases['l'] = "eza -la --git" - aliases['la'] = "eza -la --git" - aliases['ls'] = "eza" - aliases['ll'] = "eza -l --git" - aliases['cat'] = "bat" - aliases['p'] = "cd ~/proj" - aliases['pd'] = "cd ~/proj/devsaur" # https://xon.sh/xonshrc.html?highlight=nix#use-the-nix-package-manager-with-xonsh import os.path diff --git a/hm-imports/zsh/default.nix b/hm-modules/zsh/default.nix similarity index 91% rename from hm-imports/zsh/default.nix rename to hm-modules/zsh/default.nix index 6c794123..2e1d6b54 100644 --- a/hm-imports/zsh/default.nix +++ b/hm-modules/zsh/default.nix @@ -15,7 +15,7 @@ in "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme" # "${inputs.agkozak-zsh-prompt}/agkozak-zsh-prompt.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/git/git.plugin.zsh" - "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/globalias/globalias.plugin.zsh" + #"${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/globalias/globalias.plugin.zsh" "${inputs.zsh-vim-mode}/zsh-vim-mode.plugin.zsh" "${inputs.zsh-syntax-highlighting}/zsh-syntax-highlighting.plugin.zsh" "${inputs.zsh-completions}/zsh-completions.plugin.zsh" diff --git a/hm-imports/zsh/p10k.zsh b/hm-modules/zsh/p10k.zsh similarity index 100% rename from hm-imports/zsh/p10k.zsh rename to hm-modules/zsh/p10k.zsh diff --git a/nixos-modules/cli/zsh/zshrc b/hm-modules/zsh/zshrc similarity index 85% rename from nixos-modules/cli/zsh/zshrc rename to hm-modules/zsh/zshrc index 6195f8a4..af34ea05 100644 --- a/nixos-modules/cli/zsh/zshrc +++ b/hm-modules/zsh/zshrc @@ -1,5 +1,3 @@ -AGKOZAK_MULTILINE=0 -AGKOZAK_PROMPT_CHAR=( ❯ ❯ "%F{red}N%f") autoload -Uz history-search-end zle -N history-beginning-search-backward-end history-search-end @@ -16,9 +14,8 @@ bindkey -M viins '^[[A' history-beginning-search-backward-end \ hash go 2>/dev/null && export PATH=$PATH:$(go env GOPATH)/bin hash yarn 2>/dev/null && export PATH=$PATH:$HOME/.yarn/bin -hash direnv 2>/dev/null && eval "$(direnv hook zsh)" # needed for lorri -hash helm 2>/dev/null && . <(helm completion zsh) -hash kubectl 2>/dev/null && . <(kubectl completion zsh) +hash dotnet 2>/dev/null && export PATH=$PATH:$HOME/.dotnet/tools +hash direnv 2>/dev/null && eval "$(direnv hook zsh)" export NNN_ARCHIVE="\\.(7z|a|ace|alz|arc|arj|bz|bz2|cab|cpio|deb|gz|jar|lha|lz|lzh|lzma|lzo|rar|rpm|rz|t7z|tar|tbz|tbz2|tgz|tlz|txz|tZ|tzo|war|xpi|xz|Z|zip)$" n () @@ -44,3 +41,5 @@ n () rm -f "$NNN_TMPFILE" > /dev/null fi } + + diff --git a/hosts/beliskner/default.nix b/hosts/beliskner/default.nix deleted file mode 100644 index 0087c685..00000000 --- a/hosts/beliskner/default.nix +++ /dev/null @@ -1,155 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, config, pkgs, lib, ... }: - -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - documentation.enable = false; - documentation.nixos.enable = false; - documentation.man.enable = false; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; - boot.loader.systemd-boot.enable = false; - - networking.interfaces."ens3" = { - ipv6 = { - addresses = [ - { - address = "2a00:6800:3:744::1"; - prefixLength = 64; - } - ]; - }; - ipv4 = { - addresses = [ - { - address = "195.90.211.163"; - prefixLength = 22; - } - ]; - }; - }; - networking.defaultGateway6 = { address = "2a00:6800:3::1"; interface = "ens3"; }; - networking.defaultGateway = { address = "195.90.208.1"; interface = "ens3"; }; - networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; - networking.useDHCP = false; - # networking.interfaces.eno1.useDHCP = true; - networking.hostId = "7c28236a"; - - # Immutable users due to tmpfs - users.mutableUsers = false; - - services.postgresql.package = pkgs.postgresql_13; - - services.grafana = { - enable = true; - settings.server = { - domain = "beliskner.kangaroo-galaxy.ts.net"; - root_url = "https://beliskner.kangaroo-galaxy.ts.net/"; - }; - }; - services.grafana.settings = { - analytics.reporting_enabled = false; - users = { - allow_sign_up = false; - }; - #auth.proxy = '' - # enabled = true - # header_name = "X-Webauth-User" - # header_property = "username" - # auto_sign_up = true - # allow_sign_up = true - # whitelist = "127.0.0.1, ::1" - #''; - }; - - - ragon.agenix.secrets."prometheusBlackboxConfig.yaml" = { owner = "prometheus"; }; - services.prometheus.scrapeConfigs = [{ - job_name = "blackbox"; - file_sd_configs = [{ - files = [ - config.age.secrets."prometheusBlackboxConfig.yaml".path - ]; - }]; - }]; - services.prometheus.checkConfig = false; - services.prometheus.exporters.blackbox = { - enable = true; - configFile = pkgs.writeText "blackboxexporter" '' - modules: - dns: - prober: dns - http_2xx: - prober: http - timeout: 5s - http: - method: GET - preferred_ip_protocol: "ip4" # defaults to "ip6" - ''; - }; - - - services.caddy = { - enable = true; - virtualHosts = { - "beliskner.kangaroo-galaxy.ts.net" = { - extraConfig = '' - #forward_auth unix//run/tailscale/tailscaled.sock { - # uri /auth - # header_up Remote-Addr {remote_host} - # header_up Remote-Port {remote_port} - # header_up Original-URI {uri} - # copy_headers { - # Tailscale-User>X-Webauth-User - # Tailscale-Name>X-Webauth-Name - # Tailscale-Login>X-Webauth-Login - # Tailscale-Tailnet>X-Webauth-Tailnet - # Tailscale-Profile-Picture>X-Webauth-Profile-Picture - # } - #} - reverse_proxy { - to http://localhost:${toString config.services.grafana.settings.server.http_port} - flush_interval -1 - transport http { - keepalive 310s - compression off - } - } - ''; - }; - }; - }; - - networking.firewall.trustedInterfaces = [ "lo" "tailscale0" ]; - services.tailscale = { - enable = true; - permitCertUid = "caddy"; - }; - - - age.identityPaths = lib.mkForce [ "/nix/persistent/etc/ssh/ssh_host_ed25519_key" ]; - - ragon = { - cli.enable = false; - user.enable = false; - tailscaleToVpn.enable = true; - persist.enable = true; - persist.baseDir = "/nix/persistent"; - persist.extraDirectories = [ - "/var/lib/tailscale" - "/var/lib/caddy" - "/var/log" - ]; - services = { - ssh.enable = true; - }; - }; -} diff --git a/hosts/beliskner/disk-config.nix b/hosts/beliskner/disk-config.nix deleted file mode 100644 index 416beb38..00000000 --- a/hosts/beliskner/disk-config.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ ... }: { - disko.devices = { - disk = { - vda = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = [ "bios_grub" ]; - } - { - name = "esp"; - start = "1MiB"; - end = "265MiB"; - part-type = "primary"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - } - { - name = "luks"; - start = "265MiB"; - end = "100%"; - part-type = "primary"; - content = { - type = "luks"; - name = "crypted"; - extraOpenArgs = [ "--allow-discards" ]; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /tmp/secret.key` - keyFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - } - - ]; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - nix = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/nix"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - nodev = { - "/" = { - fsType = "tmpfs"; - mountOptions = [ - "size=2G" - "defaults" - "mode=755" - ]; - }; - }; - }; -} diff --git a/hosts/beliskner/hardware-configuration.nix b/hosts/beliskner/hardware-configuration.nix deleted file mode 100644 index 394b75b5..00000000 --- a/hosts/beliskner/hardware-configuration.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, inputs, ... }: -let - pubkeys = import ../../data/pubkeys.nix; -in -{ - imports = [ "${modulesPath}/profiles/qemu-guest.nix" inputs.disko.nixosModules.disko ./disk-config.nix ]; - #boot.initrd.luks.devices."crypted".device = "/dev/vda2"; - - boot.initrd = { - network = { - enable = true; - ssh = { - enable = true; - port = 2222; - hostKeys = [ - "/nix/persistent/etc/nixos/secrets/initrd/ssh_host_rsa_key" - "/nix/persistent/etc/nixos/secrets/initrd/ssh_host_ed25519_key" - ]; - authorizedKeys = pubkeys.ragon.user; - }; - }; - }; - powerManagement.cpuFreqGovernor = "performance"; -} diff --git a/hosts/daedalus/default.nix b/hosts/daedalus/default.nix index 44007548..d7e7319e 100644 --- a/hosts/daedalus/default.nix +++ b/hosts/daedalus/default.nix @@ -63,65 +63,72 @@ with lib.my; environment.pathsToLink = [ "/share/fish" ]; - ragon.services.borgmatic = - let - tmMountPath = "/tmp/timeMachineSnapshotForBorg"; - in - { - enable = false; - configurations."daedalus-ds9" = { - source_directories = [ - # tmMountPath - "/Users/ragon" - ]; - exclude_if_present = [ ".nobackup" ]; - repositories = [ - { path = "ssh://ragon@ds9/backups/daedalus/borgmatic"; label = "ds9"; } - { path = "ssh://root@gatebridge/media/backup/daedalus"; label = "gatebridge"; } - ]; - encryption_passcommand = pkgs.writeShellScript "getBorgmaticPw" ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' ''; - compression = "auto,zstd,10"; - #ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}"; - keep_hourly = 24; - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 12; - keep_yearly = 10; - # before_backup = [ - # (pkgs.writeShellScript - # "apfsSnapshot" - # '' - # tmutil localsnapshot - # SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1) - # mkdir -p "${tmMountPath}" - # mount_apfs -s $SNAPSHOT /System/Volumes/Data "${tmMountPath}" - # '') - # ]; - # after_backup = [ - # (pkgs.writeShellScript - # "apfsSnapshotUnmount" - # '' - # diskutil unmount "${tmMountPath}" - # SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1) - # tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.\(.*\)\.local/\1/g') - # '') - # ]; - # on_error = [ - # - # (pkgs.writeShellScript - # "apfsSnapshotUnmountError" - # '' - # diskutil unmount "${tmMountPath}" - # '') - # ]; - }; + #ragon.services.borgmatic = + # let + # tmMountPath = "/tmp/timeMachineSnapshotForBorg"; + # in + # { + # enable = false; + # configurations."daedalus-ds9" = { + # source_directories = [ + # # tmMountPath + # "/Users/ragon" + # ]; + # exclude_if_present = [ ".nobackup" ]; + # repositories = [ + # { path = "ssh://ragon@ds9/backups/daedalus/borgmatic"; label = "ds9"; } + # { path = "ssh://root@gatebridge/media/backup/daedalus"; label = "gatebridge"; } + # ]; + # encryption_passcommand = pkgs.writeShellScript "getBorgmaticPw" ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' ''; + # compression = "auto,zstd,10"; + # #ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}"; + # keep_hourly = 24; + # keep_daily = 7; + # keep_weekly = 4; + # keep_monthly = 12; + # keep_yearly = 10; + # # before_backup = [ + # # (pkgs.writeShellScript + # # "apfsSnapshot" + # # '' + # # tmutil localsnapshot + # # SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1) + # # mkdir -p "${tmMountPath}" + # # mount_apfs -s $SNAPSHOT /System/Volumes/Data "${tmMountPath}" + # # '') + # # ]; + # # after_backup = [ + # # (pkgs.writeShellScript + # # "apfsSnapshotUnmount" + # # '' + # # diskutil unmount "${tmMountPath}" + # # SNAPSHOT=$(tmutil listlocalsnapshots / | grep TimeMachine | tail -n 1) + # # tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.\(.*\)\.local/\1/g') + # # '') + # # ]; + # # on_error = [ + # # + # # (pkgs.writeShellScript + # # "apfsSnapshotUnmountError" + # # '' + # # diskutil unmount "${tmMountPath}" + # # '') + # # ]; + # }; - }; + # }; - programs.gnupg.agent.enable = lib.mkForce false; home-manager.users.xyno = { pkgs, lib, inputs, config, ... }: { - ragon.nvim.maximal = true; + imports = [ + ../../hm-modules/nvim + ../../hm-modules/tmux + ../../hm-modules/vscode + ../../hm-modules/xonsh + ../../cli.nix + ../../files.nix + ]; + ragon.nvim.maximal = false; home.file.".hammerspoon/init.lua".source = let @@ -134,7 +141,6 @@ with lib.my; src = ./hammerspoon.lua; inherit notmuchMails; }; home.file.".hammerspoon/Spoons/MiroWindowsManager.spoon".source = "${inputs.miro}/MiroWindowsManager.spoon"; - home.file.".finicky.js".source = ./finicky.js; ragon.vscode.enable = true; ragon.xonsh.enable = true; @@ -150,8 +156,6 @@ with lib.my; EDITOR = "nvim"; VISUAL = "nvim"; COLORTERM = "truecolor"; # emacs tty fix - PATH = "$PATH:$HOME/go/bin:$HOME/development/flutter/bin:/Applications/Android Studio.app/Contents/bin/:/Applications/Docker.app/Contents/Resources/bin:/Applications/Android Studio.app/Contents/jre/Contents/Home/bin"; - # JAVA_HOME = "/Applications/Android Studio.app/Contents/jre/Contents/Home/"; }; home.packages = with pkgs; [ mosh @@ -164,38 +168,8 @@ with lib.my; pandoc micromamba - #unstable.qutebrowser - #unstable.python311Packages.adblock - ]; - # home.activation = { - # aliasApplications = - # let - # apps = pkgs.buildEnv { - # name = "home-manager-applications"; - # paths = config.home.packages; - # pathsToLink = "/Applications"; - # }; - # in - # lib.hm.dag.entryAfter [ "writeBoundary" ] '' - # # Install MacOS applications to the user environment. - # HM_APPS="$HOME/Applications/Home Manager Apps" - - # # Reset current state - # [ -e "$HM_APPS" ] && $DRY_RUN_CMD rm -r "$HM_APPS" - # $DRY_RUN_CMD mkdir -p "$HM_APPS" - - # # .app dirs need to be actual directories for Finder to detect them as Apps. - # # The files inside them can be symlinks though. - # $DRY_RUN_CMD cp --recursive --symbolic-link --no-preserve=mode -H ${apps}/Applications/* "$HM_APPS" || true # can fail if no apps exist - # # Modes need to be stripped because otherwise the dirs wouldn't have +w, - # # preventing us from deleting them again - # # In the env of Apps we build, the .apps are symlinks. We pass all of them as - # # arguments to cp and make it dereference those using -H - # ''; - # }; - }; } diff --git a/hosts/daedalus/finicky.js b/hosts/daedalus/finicky.js deleted file mode 100644 index 2a6da9f6..00000000 --- a/hosts/daedalus/finicky.js +++ /dev/null @@ -1,22 +0,0 @@ -module.exports = { - defaultBrowser: "/Applications/Arc.app", - handlers: [ - { - match: /^https?:\/\/gitlab\.com\/.*$/, - browser: "Vivaldi.app" - }, - { - match: /^https?:\/\/.*\.atlassian\.com\/.*$/, - browser: "Vivaldi.app" - }, - { - match: 'localhost:44422', - browser: "Vivaldi.app" - }, - { - match: 'localhost:7104', - browser: "Vivaldi.app" - } - - ] -} diff --git a/hosts/daedalusvm/default.nix b/hosts/daedalusvm/default.nix deleted file mode 100644 index 36a5f1d7..00000000 --- a/hosts/daedalusvm/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, inputs, pkgs, lib, ... }: -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Don't Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Immutable users due to tmpfs - users.mutableUsers = false; - users.users."nzbr" = { - extraGroups = [ "wheel" ]; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkFgHr6OMwsnGhdG4TwKdthlJC/B9ELqZfrmJ9Sf7qk" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkNP8Lo20fw3Ysq3B64Iep9WyVKWxdv5KJOZRLmAaaM" - ]; - }; - services.openssh.forwardX11 = true; - services.rpcbind.enable = true; - boot.supportedFilesystems = [ "nfs" "nfs4" ]; - environment.systemPackages = [ pkgs.nfs-utils pkgs.virt-manager pkgs.firefox pkgs.kitty inputs.nixpkgs.legacyPackages.x86_64-linux.hello ]; - - services.tailscale.enable = true; - - nix.settings.extra-platforms = [ "x86_64-linux" ]; - nix.settings.extra-sandbox-paths = [ "/tmp/rosetta" "/run/binfmt" ]; - boot.binfmt.registrations."rosetta" = { - interpreter = "/tmp/rosetta/rosetta"; - fixBinary = true; - wrapInterpreterInShell = false; - matchCredentials = true; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00''; - mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff''; - }; - - services.qemuGuest.enable = true; - - services.xserver.desktopManager.xfce.enable = true; - services.xserver.desktopManager.xfce.enableScreensaver = false; - services.xserver.enable = true; - services.spice-vdagentd.enable = true; - programs.gnome-terminal.enable = true; - services.gvfs.enable = true; - - - ragon = { - cli.enable = true; - user.enable = true; - system.security.enable = false; - - services = { - docker.enable = true; - ssh.enable = true; - }; - }; -} diff --git a/hosts/daedalusvm/hardware-configuration.nix b/hosts/daedalusvm/hardware-configuration.nix deleted file mode 100644 index 099340bf..00000000 --- a/hosts/daedalusvm/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - fileSystems."/tmp/rosetta" = { - device = "rosetta"; - fsType = "virtiofs"; - }; - imports = [ ]; - - boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usb_storage" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/cd9a98fe-0ba3-401d-a2e0-4332faf279dd"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/7A8E-EF98"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/f322c2e1-2aec-4a21-bf76-f01022d07f10"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/ds9/backup.nix b/hosts/ds9/backup.nix new file mode 100644 index 00000000..054ca9fa --- /dev/null +++ b/hosts/ds9/backup.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, ... }: { + ragon.agenix.secrets."ds9OffsiteBackupSSH" = { }; + ragon.agenix.secrets."ds9SyncoidHealthCheckUrl" = { }; + ragon.agenix.secrets."gatebridgeHostKeys" = { }; + ragon.agenix.secrets."borgmaticEncryptionKey" = { }; + + # Backup Target + users.users.picardbackup = { + createHome = false; + group = "users"; + uid = 993; + home = "/backups/picard"; + shell = "/run/current-system/sw/bin/bash"; + isSystemUser = true; + openssh.authorizedKeys.keys = [ + ''command="${pkgs.borgbackup}/bin/borg serve --restrict-to-path /backups/picard/",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvCF8KGgpF9O8Q7k+JXqZ5eMeEeTaMhCIk/2ZFOzXL0'' + ]; + }; + + services.borgmatic = { + enable = true; + configurations."ds9-offsite" = { + source_directories = [ "/backups" "/data" "/persistent" ]; + repositories = [{ label = "gatebridge"; path = "ssh://root@gatebridge/media/backup/ds9"; }]; + exclude_if_present = [ ".nobackup" ]; + #upload_rate_limit = "4000"; + encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.borgmaticEncryptionKey.path}"; + compression = "auto,zstd,10"; + ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.ds9OffsiteBackupSSH.path}"; + before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})/start" ]; + after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})" ]; + on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})/fail" ]; + retention = { + keep_daily = 7; + keep_weekly = 4; + keep_monthly = 12; + keep_yearly = 10; + }; + }; + }; + +} \ No newline at end of file diff --git a/hosts/ds9/custom-caddy.nix b/hosts/ds9/custom-caddy.nix new file mode 100644 index 00000000..30fb2ad9 --- /dev/null +++ b/hosts/ds9/custom-caddy.nix @@ -0,0 +1,47 @@ +{ pkgs, ... }: + +with pkgs; + +caddy.override { + buildGoModule = args: buildGoModule (args // { + src = stdenv.mkDerivation rec { + pname = "caddy-using-xcaddy-${xcaddy.version}"; + inherit (caddy) version; + + dontUnpack = true; + dontFixup = true; + + nativeBuildInputs = [ + cacert + go + ]; + + plugins = [ + "github.com/caddy-dns/ionos@751e8e24162290ee74bea465ae733a2bf49551a6" + ]; + + configurePhase = '' + export GOCACHE=$TMPDIR/go-cache + export GOPATH="$TMPDIR/go" + export XCADDY_SKIP_BUILD=1 + ''; + + buildPhase = '' + ${xcaddy}/bin/xcaddy build "${caddy.src.rev}" ${lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins} + cd buildenv* + go mod vendor + ''; + + installPhase = '' + cp -r --reflink=auto . $out + ''; + + outputHash = "sha256-QsGrtpBJ9b2Nn3i5mUHYA60481ceTJDeCRl0qL6OWlE="; + outputHashMode = "recursive"; + }; + + subPackages = [ "." ]; + ldflags = [ "-s" "-w" ]; ## don't include version info twice + vendorHash = null; + }); +} \ No newline at end of file diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index 8593eba7..3f339af6 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -1,16 +1,29 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, inputs, pkgs, lib, ... }: let pubkeys = import ../../data/pubkeys.nix; + caddy-with-plugins = import ./custom-caddy.nix { inherit pkgs; }; in { imports = [ # Include the results of the hardware scan. + ./backup.nix + ./plex.nix ./hardware-configuration.nix + + ../../nixos-modules/networking/tailscale.nix + ../../nixos-modules/services/docker.nix + ../../nixos-modules/services/libvirt.nix + ../../nixos-modules/services/msmtp.nix + ../../nixos-modules/services/paperless.nix + ../../nixos-modules/services/photoprism.nix + ../../nixos-modules/services/samba.nix + ../../nixos-modules/services/ssh.nix + ../../nixos-modules/system/agenix.nix + ../../nixos-modules/system/fs.nix + ../../nixos-modules/system/persist.nix + ../../nixos-modules/system/security.nix + ../../nixos-modules/user ]; # Don't Use the systemd-boot EFI boot loader. @@ -25,84 +38,13 @@ in services.syncthing.enable = true; services.syncthing.user = "ragon"; - ragon.agenix.secrets."ds9OffsiteBackupSSH" = { }; - ragon.agenix.secrets."ds9SyncoidHealthCheckUrl" = { }; - ragon.agenix.secrets."gatebridgeHostKeys" = { }; - ragon.agenix.secrets."borgmaticEncryptionKey" = { }; - # services.syncoid = - # let - # datasets = { - # backups = "rpool/content/local/backups"; - # data = "rpool/content/safe/data"; - # ds9persist2 = "spool/safe/persist"; - # hassosvm2 = "spool/safe/vms/hassos"; - # }; - # in - - # lib.mkMerge ( - # [{ - # localSourceAllow = [ - # "hold" - # "send" - # "snapshot" - # "destroy" - # "mount" - # ]; - # enable = true; - # interval = "*-*-* 2:15:00"; - # commonArgs = [ "--sshoption" "GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path}" ]; - # sshKey = lib.mkForce "${config.age.secrets.ds9OffsiteBackupSSH.path}"; - # }] ++ - # (builtins.attrValues - # (builtins.mapAttrs (n: v: { commands.${n} = { target = "root@gatebridge:backup/${n}"; source = v; sendOptions = "w"; }; }) (datasets)) - # ) - # ); - # systemd.services."syncoid-ds9persist2" = { - # # ExecStartPost commands are only run if the ExecStart command succeeded - # # serviceConfig.ExecStartPost = pkgs.writeShellScript "backupSuccessful" '' - # # ${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path}) - # # ''; - # unitConfig.OnFailure = "backupFailure.service"; - # }; - - # systemd.services.backupFailure = { - # enable = true; - # script = "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})/fail"; - # }; - - services.borgmatic = { - enable = true; - configurations."ds9-offsite" = { - source_directories = [ "/backups" "/data" "/persistent" ]; - repositories = [{ label = "gatebridge"; path = "ssh://root@gatebridge/media/backup/ds9"; }]; - exclude_if_present = [ ".nobackup" ]; - #upload_rate_limit = "4000"; - encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.borgmaticEncryptionKey.path}"; - compression = "auto,zstd,10"; - ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.ds9OffsiteBackupSSH.path}"; - before_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})/start" ]; - after_actions = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})" ]; - on_error = [ "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.ds9SyncoidHealthCheckUrl.path})/fail" ]; - # postgresql_databases = [{ name = "all"; pg_dump_command = "${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall"; pg_restore_command = "${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_restore"; }]; - retention = { - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 12; - keep_yearly = 10; - }; - }; - }; - programs.mosh.enable = true; security.sudo.wheelNeedsPassword = false; networking.useDHCP = true; networking.bridges."br0".interfaces = [ ]; networking.hostId = "7b4c2932"; + networking.firewall.allowedTCPPorts = [ 9000 25565 ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ]; - services.nginx.defaultListenAddresses = [ "100.83.96.25" ]; - services.nginx.clientMaxBodySize = lib.mkForce "8g"; - services.nginx.virtualHosts."_". - listenAddresses = [ "0.0.0.0" "[::0]" ]; boot.initrd.network = { enable = true; postCommands = '' @@ -124,25 +66,6 @@ in }; boot.kernel.sysctl."fs.inotify.max_user_instances" = 512; - services.openssh.sftpServerExecutable = "internal-sftp"; - - # Backup Target - users.users.picardbackup = { - createHome = false; - group = "users"; - uid = 993; - home = "/backups/picard"; - shell = "/run/current-system/sw/bin/bash"; - isSystemUser = true; - openssh.authorizedKeys.keys = [ - ''command="${pkgs.borgbackup}/bin/borg serve --restrict-to-path /backups/picard/",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvCF8KGgpF9O8Q7k+JXqZ5eMeEeTaMhCIk/2ZFOzXL0'' - ]; - }; - - - # Enable Scanning - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.sane-airscan ]; services.avahi.enable = true; services.avahi.nssmdns = true; services.avahi.publish.enable = true; @@ -169,70 +92,6 @@ in ''; - # Webhook service to trigger scanning the ADF from HomeAssistant - #systemd.services.scanhook = { - # description = "webhook go server to trigger scanning"; - # documentation = [ "https://github.com/adnanh/webhook" ]; - # wantedBy = [ "multi-user.target" ]; - # path = with pkgs; [ bash ]; - # serviceConfig = { - # TemporaryFileSystem = "/:ro"; - # BindReadOnlyPaths = [ - # "/nix/store" - # "-/etc/resolv.conf" - # "-/etc/nsswitch.conf" - # "-/etc/hosts" - # "-/etc/localtime" - # ]; - # BindPaths = [ - # "/data/applications/paperless-consumption" - # ]; - # LockPersonality = true; - # NoNewPrivileges = true; - # PrivateMounts = true; - # PrivateTmp = true; - # PrivateUsers = true; - # ProcSubset = "pid"; - # ProtectHome = true; - # ProtectControlGroups = true; - # ProtectKernelLogs = true; - # ProtectKernelModules = true; - # ProtectKernelTunables = true; - # ProtectProc = "invisible"; - # RestrictNamespaces = true; - # RestrictRealtime = true; - # RestrictSUIDSGID = true; - # DynamicUser = true; - # ExecStart = - # let - # scanScript = pkgs.writeScript "plscan.sh" '' - # #!/usr/bin/env bash - # export PATH=${lib.makeBinPath [ pkgs.strace pkgs.gnugrep pkgs.coreutils pkgs.sane-backends pkgs.sane-airscan pkgs.imagemagick ]} - # export LD_LIBRARY_PATH=${config.environment.sessionVariables.LD_LIBRARY_PATH} # Adds SANE Libraries to the ld library path of this script - # set -x - # date="''$(date --iso-8601=seconds)" - # filename="Scan ''$date.pdf" - # tmpdir="''$(mktemp -d)" - # pushd "''$tmpdir" - # scanimage --batch=out%d.jpg --format=jpeg --mode Gray -d "airscan:e0:Canon MB5100 series" --source "ADF Duplex" --resolution 300 - # for i in $(ls out*.jpg | grep 'out.*[24680]\.jpg'); do convert $i -rotate 180 $i; done # rotate even stuff - # convert out*.jpg /data/applications/paperless-consumption/"''$filename" - # chmod 666 /data/applications/paperless-consumption/"''$filename" - # popd - # rm -r "''$tmpdir" - # ''; - # hooksFile = pkgs.writeText "webhook.json" (builtins.toJSON [ - # { - # id = "scan-webhook"; - # execute-command = "${scanScript}"; - - # } - # ]); - # in - # "${pkgs.webhook}/bin/webhook -hooks ${hooksFile} -verbose"; - # }; - #}; - networking.firewall.allowedTCPPorts = [ 9000 25565 ]; # Immutable users due to tmpfs users.mutableUsers = false; @@ -272,7 +131,7 @@ in services.smartd = { enable = true; extraOptions = [ "--interval=7200" ]; - #notifications.test = true; + notifications.test = true; }; nixpkgs.overlays = [ (self: super: { @@ -286,54 +145,54 @@ in ZED_EMAIL_OPTS = "@ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 7200; - #ZED_NOTIFY_VERBOSE = true; + ZED_NOTIFY_VERBOSE = true; ZED_USE_ENCLOSURE_LEDS = false; ZED_SCRUB_AFTER_RESILVER = true; }; - services.plex = { + systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.ionos.path; + services.caddy = { enable = true; - openFirewall = true; - user = "ragon"; - group = "users"; + package = caddy-with-plugins; + globalConfig = '' + acme_dns ionos { + api_token "{$IONOS_API_KEY}" + } + ''; + virtualHosts."*.hailsatan.eu".extraConfig = '' + @paperless host paperless.hailsatan.eu + handle @paperless { + reverse_proxy ${config.ragon.services.paperless.location} + } + @photos host photos.hailsatan.eu + handle @photos { + reverse_proxy ${config.ragon.services.photoprism.location} + } + @bzzt-api host bzzt-api.hailsatan.eu + handle @bzzt-api { + reverse_proxy http://127.0.0.1:5001 + } + @bzzt-lcg host bzzt-lcg.hailsatan.eu + handle @bzzt-lcg { + reverse_proxy http://127.0.0.1:5003 + } + @bzzt host bzzt.hailsatan.eu + handle @bzzt { + reverse_proxy http://127.0.0.1:5002 + } + ''; }; - services.nginx.virtualHosts."bzzt-api.hailsatan.eu" = { - useACMEHost = "hailsatan.eu"; - listenAddresses = [ "10.0.0.2" "100.83.96.25" ]; - addSSL = true; - locations = { - "/".proxyPass = "http://127.0.0.1:5001"; - "/".proxyWebsockets = true; - }; - }; - services.nginx.virtualHosts."bzzt-lcg.hailsatan.eu" = { - useACMEHost = "hailsatan.eu"; - addSSL = true; - listenAddresses = [ "10.0.0.2" "100.83.96.25" ]; - locations = { - "/".proxyPass = "http://127.0.0.1:5003"; - "/".proxyWebsockets = true; - }; - }; - services.nginx.virtualHosts."bzzt.hailsatan.eu" = { - useACMEHost = "hailsatan.eu"; - forceSSL = true; - locations = { - "/".proxyPass = "http://127.0.0.1:5002"; - "/".proxyWebsockets = true; - }; - }; - virtualisation.docker.enable = true; - ragon = { + agenix.secrets."ionos" = { }; cli.enable = true; user.enable = true; persist.enable = true; persist.extraDirectories = [ "/var/lib/syncthing" config.services.plex.dataDir "/var/lib/minecraft" "/var/lib/bzzt" ]; services = { + docker.enable = true; samba.enable = true; samba.shares = { TimeMachine = { @@ -356,7 +215,6 @@ in }; docker.enable = true; ssh.enable = true; - nginx.enable = true; msmtp.enable = true; photoprism.enable = true; tailscale.enable = true; diff --git a/hosts/ds9/plex.nix b/hosts/ds9/plex.nix new file mode 100644 index 00000000..d92d4e0f --- /dev/null +++ b/hosts/ds9/plex.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, inputs, ... }: { + ragon.persist.extraDirectories = [ config.services.plex.dataDir ]; + services.plex = { + enable = true; + openFirewall = true; + user = "ragon"; + group = "users"; + }; +} \ No newline at end of file diff --git a/hosts/icarus/default.nix b/hosts/icarus/default.nix deleted file mode 100644 index eb8e80ed..00000000 --- a/hosts/icarus/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, config, pkgs, lib, ... }: - -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - documentation.enable = false; - documentation.nixos.enable = false; - documentation.man.enable = false; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - security.polkit.enable = true; # needed for libvirtd - services.glusterfs.enable = true; - environment.systemPackages = [ pkgs.python3 ]; - virtualisation.libvirtd = { - enable = true; - qemu.swtpm.enable = true; - - }; - - - # Immutable users due to tmpfs - users.mutableUsers = false; - - - programs.mosh.enable = true; - ragon = { - services = { - ssh.enable = true; - }; - }; - -} diff --git a/hosts/icarus/hardware-configuration.nix b/hosts/icarus/hardware-configuration.nix deleted file mode 100644 index 102d6a47..00000000 --- a/hosts/icarus/hardware-configuration.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/1687e097-8b1f-45bb-9b6c-1ccea8ba05e5"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/B52A-633F"; - fsType = "vfat"; - }; - fileSystems."/gluster" = - { - device = "/dev/disk/by-uuid/09b6577c-af50-4fab-abe5-9d89fb85cad7"; - fsType = "xfs"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/e71527bd-1461-46cd-88aa-a168c429d44b"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - #networking.useDHCP = lib.mkDefault true; - networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/octopi/default.nix b/hosts/octopi/default.nix deleted file mode 100644 index 8c158005..00000000 --- a/hosts/octopi/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, inputs, pkgs, lib, ... }: -{ - imports = [ - "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" - "${inputs.nixos-hardware}/raspberry-pi/4/default.nix" - ]; - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - boot.loader.systemd-boot.enable = false; - boot.kernelPackages = pkgs.linuxPackages_rpi4; - # networking.usePredictableInterfaceNames = false; - documentation.enable = false; - documentation.nixos.enable = false; - - nix = { - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - # Free up to 1GiB whenever there is less than 100MiB left. - extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - }; - powerManagement.cpuFreqGovernor = "ondemand"; - - # Assuming this is installed on top of the disk image. - fileSystems = { - "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - options = [ "noatime" ]; - }; - }; - ragon.services.ssh.enable = true; - ragon.services.tailscale.enable = true; - networking.useDHCP = true; - services.mjpg-streamer.enable = true; - services.mjpg-streamer.inputPlugin = "input_uvc.so -d /dev/video0 -r 1280x720 -f 15 -u"; - services.octoprint = { - enable = true; - plugins = plugins: with plugins; [ telegram ]; - }; - security.sudo.wheelNeedsPassword = false; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkFgHr6OMwsnGhdG4TwKdthlJC/B9ELqZfrmJ9Sf7qk" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8RjUQ6DDDDgsVbqq+6zz1q6cBkus/BLUGa9JoWsqB4" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkNP8Lo20fw3Ysq3B64Iep9WyVKWxdv5KJOZRLmAaaM" - ]; - networking.firewall.allowedTCPPorts = [ 5000 5050 ]; - - -} diff --git a/hosts/picard/calcom.nix b/hosts/picard/calcom.nix deleted file mode 100644 index 59b19974..00000000 --- a/hosts/picard/calcom.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - - users.users.calcom = { - group = "calcom"; - shell = "${pkgs.bash}/bin/bash"; - uid = 592; - }; - users.groups.calcom = { - gid = config.users.users.calcom.uid; - }; - virtualisation.oci-containers.containers."calcom" = { - image = "calcom/cal.com:latest"; - ports = [ "127.0.0.1:3469:3000" ]; - user = "${toString config.users.users.calcom.uid}:${toString config.users.groups.calcom.gid}"; - volumes = [ - "/run/postgresql:/run/postgresql" - ]; - environmentFiles = [ config.age.secrets.picardCalCom.path ]; - environment = { - DATABASE_URL = "postgresql://calcom:calcom@/run/postgresql"; - NEXT_PUBLIC_WEBAPP_URL = "https://cal.xyno.systems"; - CALCOM_TELEMETRY_DISABLED = 1; - }; - }; - services.postgresql = { - ensureDatabases = [ "calcom" ]; - ensureUsers = [ - { - name = "calcom"; - ensureDBOwnership = true; - } - ]; - }; -} diff --git a/nixos-modules/cli/default.nix b/nixos-modules/cli/default.nix index e91e359c..be003e05 100644 --- a/nixos-modules/cli/default.nix +++ b/nixos-modules/cli/default.nix @@ -13,50 +13,5 @@ in # root shell users.extraUsers.root.shell = pkgs.zsh; - environment.shellAliases = { - v = "nvim"; - vim = "nvim"; - gpl = "git pull"; - gp = "git push"; - lg = "lazygit"; - gc = "git commit -v"; - kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\""; - gs = "git status -v"; - gfc = "git fetch && git checkout"; - gl = "git log --graph"; - l = "eza -la --git"; - la = "eza -la --git"; - ls = "eza"; - ll = "eza -l --git"; - cat = "bat"; - }; - environment.variables = { - EDITOR = "nvim"; - VISUAL = "nvim"; - }; - - environment.systemPackages = with pkgs; [ - nnn - bat - htop - eza - curl - fd - file - fzf - git - neofetch - tmux - ripgrep - pv - direnv # needed for lorri - unzip - tmux - aria2 - yt-dlp - neovim - ]; - }; - } diff --git a/nixos-modules/cli/zsh/zsh.nix b/nixos-modules/cli/zsh/zsh.nix deleted file mode 100644 index 0db60c41..00000000 --- a/nixos-modules/cli/zsh/zsh.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - cfg = config.ragon.cli; -in -{ - config = lib.mkIf cfg.enable { - ragon.user.persistent = { - extraDirectories = [ - ".config/zsh" - ]; - }; - - programs.zsh = { - enable = true; - histSize = 10000; - histFile = "$HOME/.config/zsh/history"; - # autosuggestions.enable = true; - enableCompletion = true; - setOptions = [ - "HIST_IGNORE_DUPS" - "SHARE_HISTORY" - "HIST_FCNTL_LOCK" - "AUTO_CD" - "AUTO_MENU" - ]; - - # interactiveShellInit broke agkozak-zsh-prompt for some reaaaaaaaason - promptInit = - let - zshrc = builtins.readFile ./zshrc; - - sources = [ - "${inputs.agkozak-zsh-prompt}/agkozak-zsh-prompt.plugin.zsh" - "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/git/git.plugin.zsh" - "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/globalias/globalias.plugin.zsh" - "${inputs.zsh-vim-mode}/zsh-vim-mode.plugin.zsh" - "${inputs.zsh-syntax-highlighting}/zsh-syntax-highlighting.plugin.zsh" - "${inputs.zsh-completions}/zsh-completions.plugin.zsh" - ]; - - source = map (x: "source " + x) sources; - - plugins = builtins.concatStringsSep "\n" (source); - - in - '' - ${zshrc} - ${plugins} - ''; - }; - - }; -} diff --git a/nixos-modules/hardware/bluetooth.nix b/nixos-modules/hardware/bluetooth.nix deleted file mode 100644 index 8dc77204..00000000 --- a/nixos-modules/hardware/bluetooth.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.hardware.bluetooth; -in -{ - options.ragon.hardware.bluetooth.enable = lib.mkEnableOption "Enables bluetooth stuff (tlp,...)"; - config = lib.mkIf cfg.enable { - hardware.bluetooth.enable = true; - services.blueman.enable = true; - hardware.pulseaudio = { - extraModules = [ pkgs.pulseaudio-modules-bt ]; - package = pkgs.pulseaudioFull; - }; - - ragon.persist.extraDirectories = [ - "/var/lib/bluetooth" - ]; - - }; -} diff --git a/nixos-modules/hardware/hifiberry-dac.nix b/nixos-modules/hardware/hifiberry-dac.nix deleted file mode 100644 index 0e1d33d4..00000000 --- a/nixos-modules/hardware/hifiberry-dac.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.hardware.hifiberry-dac; -in -{ - options.ragon.hardware.hifiberry-dac.enable = lib.mkEnableOption "Enables hifiberry dac"; - config = lib.mkIf cfg.enable { - hardware.deviceTree = { - overlays = [ - # Equivalent to: https://github.com/raspberrypi/linux/blob/rpi-5.10.y/arch/arm/boot/dts/overlays/hifiberry-dac-overlay.dts - { - name = "hifiberry-dac-overlay"; - dtsText = '' - // Definitions for HiFiBerry DAC - /dts-v1/; - /plugin/; - - / { - compatible = "brcm,bcm2835"; - - fragment@0 { - target = <&i2s>; - __overlay__ { - status = "okay"; - }; - }; - - fragment@1 { - target-path = "/"; - __overlay__ { - pcm5102a-codec { - #sound-dai-cells = <0>; - compatible = "ti,pcm5102a"; - status = "okay"; - }; - }; - }; - - fragment@2 { - target = <&sound>; - __overlay__ { - compatible = "hifiberry,hifiberry-dac"; - i2s-controller = <&i2s>; - status = "okay"; - }; - }; - }; - ''; - } - ]; - }; - }; -} diff --git a/nixos-modules/hardware/laptop.nix b/nixos-modules/hardware/laptop.nix deleted file mode 100644 index a0d552c2..00000000 --- a/nixos-modules/hardware/laptop.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.hardware.laptop; -in -{ - options.ragon.hardware.laptop.enable = lib.mkEnableOption "Enables laptop stuff (tlp,...)"; - config = lib.mkIf cfg.enable { - services.tlp = { - enable = true; - settings = { - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "poversave"; - }; - }; - services.xserver.libinput = { - enable = true; - }; - hardware.acpilight.enable = true; - services.thermald.enable = true; - ragon.hardware.bluetooth.enable = true; # laptops normally have BT - }; -} diff --git a/nixos-modules/hardware/nvidia.nix b/nixos-modules/hardware/nvidia.nix deleted file mode 100644 index 56d0c599..00000000 --- a/nixos-modules/hardware/nvidia.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.hardware.nvidia; -in -{ - options.ragon.hardware.nvidia.enable = lib.mkEnableOption "Enables nvidia stuff (why didnt i buy amd?)"; - config = lib.mkIf cfg.enable { - # nivea - services.xserver.videoDrivers = [ "nvidia" ]; - - }; -} diff --git a/nixos-modules/services/ddns.nix b/nixos-modules/services/ddns.nix deleted file mode 100644 index c7b44083..00000000 --- a/nixos-modules/services/ddns.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -with lib.my; -let - cfg = config.ragon.services.ddns; - domain = config.ragon.services.nginx.domain; - dataDir = "/var/lib/inadyn"; - cacheDir = "/var/cache/inadyn"; -in -{ - options.ragon.services.ddns.enable = mkEnableOption "Enables CloudFlare DDNS to the domain specified in ragon.services.nginx.domain and all subdomains"; - options.ragon.services.ddns.ipv4 = mkBoolOpt true; - options.ragon.services.ddns.ipv6 = mkBoolOpt true; - config = mkIf cfg.enable { - systemd.services.inadyn = { - description = "inadyn DDNS Client"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = rec { - Type = "simple"; - ExecStart = - pkgs.writeScript "run-inadyn.sh" '' - #!${pkgs.bash}/bin/bash - export PATH=$PATH:${pkgs.bash}/bin/bash # idk if that helps - source ${config.age.secrets.cloudflareAcme.path} - cat >/run/${RuntimeDirectory}/inadyn.cfg <.+) - - \[(?P.+)\] "(?P.+) (?P.+) (HTTP\/(?P\d.\d))" (?P\d{3}) (?P\d+) (["](?P(\-)|(.+))["]) (["](?P.+)["])''; - }; - } - { - labels = { - remote_addr = null; - time_local = null; - method = null; - url = null; - status = null; - body_bytes_sent = null; - http_referer = null; - http_user_agent = null; - }; - } - { - timestamp = { - source = "time_local"; - format = "02/Jan/2006:15:04:05 -0700"; - }; - } - { - drop = { - source = "url"; - expression = ''/(_matrix|.well-known|notifications|api|identity).*''; - }; - } - ]; - } - ]; - }; - }; - - }) - ] ++ - (map - (x: { - services.prometheus.exporters.${x} = { - enable = (builtins.elem hostName cfg.exporters.${x}.hosts); - #openFirewall = (hostName != cfg.master.hostname); - #firewallFilter = if (hostName != cfg.master.hostname) then "-p tcp -s ${cfg.master.ip} -m tcp --dport ${toString config.services.prometheus.exporters.${x}.port}" else null; - }; - }) - (builtins.attrNames cfg.exporters)) - ); - -} - diff --git a/nixos-modules/services/nginx.nix b/nixos-modules/services/nginx.nix deleted file mode 100644 index e034c1ab..00000000 --- a/nixos-modules/services/nginx.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.services.nginx; -in -{ - options.ragon.services.nginx.enable = lib.mkEnableOption "Enables nginx"; - options.ragon.services.nginx.domain = - lib.mkOption { - type = lib.types.str; - default = "hailsatan.eu"; - }; - options.ragon.services.nginx.domains = - lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = lib.mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx = { - enable = true; - clientMaxBodySize = "500m"; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - }; - security.acme.defaults.email = "nixosacme@phochkamp.de"; - security.acme.acceptTerms = true; - security.acme.certs."${cfg.domain}" = { - dnsProvider = "ionos"; - dnsResolver = "1.1.1.1:53"; - group = "nginx"; - extraDomainNames = [ - "*.${cfg.domain}" - ]; - credentialsFile = "${config.age.secrets.cloudflareAcme.path}"; - - }; - services.nginx.virtualHosts."_" = { - useACMEHost = "${cfg.domain}"; - addSSL = true; - locations = { - "/" = { - extraConfig = '' - return 404; - ''; - }; - }; - }; - - ragon.agenix.secrets.cloudflareAcme = { group = "nginx"; mode = "0440"; }; - ragon.persist.extraDirectories = [ - "/var/lib/acme" - ]; - }; -} diff --git a/nixos-modules/services/paperless.nix b/nixos-modules/services/paperless.nix index d70de343..29ded0d3 100644 --- a/nixos-modules/services/paperless.nix +++ b/nixos-modules/services/paperless.nix @@ -7,10 +7,10 @@ let in { options.ragon.services.paperless.enable = mkEnableOption "Enables paperless ng"; - options.ragon.services.paperless.domainPrefix = + options.ragon.services.paperless.location = lib.mkOption { type = lib.types.str; - default = "paperless"; + default = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; }; config = mkIf cfg.enable { services.paperless = { @@ -25,13 +25,6 @@ in }; }; ragon.agenix.secrets.paperlessAdminPW = { group = "${config.services.paperless.user}"; mode = "0440"; }; - services.nginx.clientMaxBodySize = "100m"; - services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = { - useACMEHost = "${domain}"; - addSSL = true; - locations."/".proxyPass = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - locations."/".proxyWebsockets = true; - }; ragon.persist.extraDirectories = [ "${config.services.paperless.dataDir}" ]; diff --git a/nixos-modules/services/photoprism.nix b/nixos-modules/services/photoprism.nix index 614c63fd..340c2c76 100644 --- a/nixos-modules/services/photoprism.nix +++ b/nixos-modules/services/photoprism.nix @@ -7,10 +7,10 @@ let in { options.ragon.services.photoprism.enable = mkEnableOption "Enables the hedgedoc BitWarden Server"; - options.ragon.services.photoprism.domainPrefix = - mkOption { + options.ragon.services.photoprism.location = + lib.mkOption { type = lib.types.str; - default = "photos"; + default = "http://127.0.0.1:${toString config.ragon.services.photoprism.port}"; }; options.ragon.services.photoprism.port = mkOption { @@ -31,12 +31,6 @@ in ]; }; ragon.agenix.secrets.photoprismEnv.owner = "root"; - services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."/".proxyWebsockets = true; - locations."/".proxyPass = "http://127.0.0.1:${cfg.port}"; - }; ragon.persist.extraDirectories = [ "/var/lib/photoprism" ]; diff --git a/nixos-modules/services/tailscale-to-vpn.nix b/nixos-modules/services/tailscale-to-vpn.nix deleted file mode 100644 index 9c0652aa..00000000 --- a/nixos-modules/services/tailscale-to-vpn.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.ragon.tailscaleToVpn; - ovpnConfigPath = cfg.ovpnConfigPath; - stateVer = config.system.stateVersion; -in -{ - - options.ragon.tailscaleToVpn = { - enable = mkEnableOption "tailscale-to-vpn. you need to enable nat to ve-+ able to use this"; - ovpnConfigPath = mkOption { - type = types.str; - default = "/etc/openvpn/client.conf"; - description = "full path to the OpenVPN client configuration file, is expected to be in /run"; - }; - }; - - config = mkIf cfg.enable { - networking.bridges.br-ovpn-ts = { - interfaces = [ ]; - }; - containers.TSTVPN-openvpn = { - ephemeral = true; - enableTun = true; - interfaces = [ "br-ovpn-ts" ]; - localAddress = "192.168.102.11"; - hostAddress = "192.168.102.10"; - - config = { config, pkgs, ... }: { - system.stateVersion = stateVer; - networking.interfaces.br-ovpn-ts = { - ipv4.addresses = [ "192.168.101.1/24" ]; - }; - services.openvpn.servers.bridge = { - config = '' - config /host${ovpnConfigPath} - dev ovpn-bridge - dev-type tun - ''; - }; - networking.nat = { - externalInterface = "ovpn-bridge"; - internalInterfaces = [ "br-ovpn-ts" ]; - }; - }; - privateNetwork = true; - bindMounts = { - "/host/run" = { hostPath = "/run"; isReadOnly = true; }; - "/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; }; - }; - }; - containers.TSTVPN-tailscale = { - enableTun = true; - hostBridge = "br-ovpn-ts"; - localAddress = "192.168.101.2/24"; - privateNetwork = true; - config = { config, pkgs, ... }: { - system.stateVersion = stateVer; - services.tailscale = { - enable = true; - useRoutingFeatures = "both"; - }; - }; - }; - - }; -} diff --git a/nixos-modules/services/unifi.nix b/nixos-modules/services/unifi.nix deleted file mode 100644 index 8c67f7b6..00000000 --- a/nixos-modules/services/unifi.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.ragon.services.unifi; - domain = config.ragon.services.nginx.domain; -in -{ - options.ragon.services.unifi.enable = lib.mkEnableOption "Enables the unifi console"; - options.ragon.services.unifi.domainPrefix = - lib.mkOption { - type = lib.types.str; - default = "unifi"; - }; - config = lib.mkIf cfg.enable { - services.unifi = { - enable = true; - openFirewall = true; - }; - services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."/".proxyPass = "https://127.0.0.1:8443"; - locations."/".proxyWebsockets = true; - }; - ragon.persist.extraDirectories = [ - "/var/lib/unifi" - ]; - }; -} diff --git a/secrets/cloudflareAcme.age b/secrets/ionos.age similarity index 100% rename from secrets/cloudflareAcme.age rename to secrets/ionos.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f28d88dd..816a02ac 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,7 +2,7 @@ let pubkeys = import ../data/pubkeys.nix; in { - "cloudflareAcme.age".publicKeys = pubkeys.ragon.server; + "ionos.age".publicKeys = pubkeys.ragon.server; "nextshot.age".publicKeys = pubkeys.ragon.client; "pulseLaunch.age".publicKeys = pubkeys.ragon.client; "rootPasswd.age".publicKeys = pubkeys.ragon.computers;