Compare commits

...

6 commits

16 changed files with 95 additions and 54 deletions

View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703787578, "lastModified": 1704311514,
"narHash": "sha256-YanYMRry0uvExeCZYbM7yEp3H0gct9SocfFWvsYtyfs=", "narHash": "sha256-j6JsfCv31bW7LzV06q2L/27QZ4k1Zq7lEq2AR9R150A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f8a4a5c18f4fee53ac3016a52a97df2aaeede65b", "rev": "fcbc70a7ee064f2b65dc1fac1717ca2a9813bbe6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +200,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702553482, "lastModified": 1703800710,
"narHash": "sha256-kWU543mm3ai7fZhYNqlLfozsrcAZsmDsp7iCzO1Utng=", "narHash": "sha256-BlTnkNW50xEMojxDd+M4W1WUX4t33vkxJhsW/eeSCco=",
"owner": "therealr5", "owner": "therealr5",
"repo": "TruckSimulatorBot-images", "repo": "TruckSimulatorBot-images",
"rev": "0bbd6647c6479312305623f1bc5699cf6874b323", "rev": "ead83b4ce653e293b9459b0495f0a3f1baac0aa3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -281,11 +281,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703387252, "lastModified": 1703992163,
"narHash": "sha256-XKJqGj0BaEn/zyctEnkgVIh6Ba1rgTRc+UBi9EU8Y54=", "narHash": "sha256-709CGmwU34dxv8DjSpRBZ+HibVJIVaFcA4JH+GFnhyM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "f4340c1a42c38d79293ba69bfd839fbd6268a538", "rev": "d6510ce144f5da7dd9bac667ba3d5a4946c00d11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -296,11 +296,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703438236, "lastModified": 1703961334,
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -398,11 +398,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702553371, "lastModified": 1704138480,
"narHash": "sha256-6jdDRktu7NaWifzhV+/IgRg8aBqELv4L51Ijurqt2a8=", "narHash": "sha256-KSWmE3C/nnU6gJ2KIYaTPB4Yk58BhqFdOhaIuhCCFfg=",
"owner": "therealr5", "owner": "therealr5",
"repo": "purge", "repo": "purge",
"rev": "0f12b011b86571435e37e69e91a464513ecdd24e", "rev": "3ae163c8fa9a64ecf1d06f390c6072948a57905f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -488,11 +488,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702553577, "lastModified": 1704138497,
"narHash": "sha256-RTNBEoapC+HYU2jev6jc9XiffL1Zf6w51GZ96zoA3zE=", "narHash": "sha256-+bDxq8eeLpPO/4fZm4ikAbW064T4+n8CIY4kv+sd41U=",
"owner": "therealr5", "owner": "therealr5",
"repo": "TruckSimulatorBot", "repo": "TruckSimulatorBot",
"rev": "bb08a872dbcb4e386835c581c0ecfccf936b4012", "rev": "1053bcb5419c18fb7f700e7b2a0cde9c0467f79c",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -61,6 +61,7 @@
}@attrs: { }@attrs: {
packages.x86_64-linux = { packages.x86_64-linux = {
iso = self.nixosConfigurations.iso.config.system.build.isoImage; iso = self.nixosConfigurations.iso.config.system.build.isoImage;
thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel;
jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { }; jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { };
adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { }; adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { };
pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { }; pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { };

View file

@ -35,13 +35,10 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
wget
htop-vim htop-vim
helix helix
lsof lsof
python3 python3
php
phpPackages.composer
]; ];
programs.git = { programs.git = {
enable = true; enable = true;
@ -60,10 +57,6 @@
}; };
services.journald.enableHttpGateway = true; services.journald.enableHttpGateway = true;
programs.mosh.enable = true; programs.mosh.enable = true;
security = {
audit.enable = true;
auditd.enable = true;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../keys/ssh/rouven-thinkpad ../../keys/ssh/rouven-thinkpad
../../keys/ssh/rouven-pixel ../../keys/ssh/rouven-pixel

View file

@ -6,7 +6,9 @@
./hardware-configuration.nix ./hardware-configuration.nix
./modules/networks ./modules/networks
./modules/backup ./modules/backup
./modules/cache
./modules/grafana ./modules/grafana
./modules/hydra
./modules/prometheus ./modules/prometheus
./modules/matrix ./modules/matrix
./modules/seafile ./modules/seafile
@ -15,6 +17,7 @@
./modules/nginx ./modules/nginx
]; ];
nix.settings.system-features = [ "gccarch-tigerlake" ];
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
@ -46,7 +49,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
wget
htop-vim htop-vim
helix helix
lsof lsof
@ -64,10 +66,6 @@
services.openssh.enable = true; services.openssh.enable = true;
services.journald.enableHttpGateway = true; services.journald.enableHttpGateway = true;
programs.mosh.enable = true; programs.mosh.enable = true;
security = {
audit.enable = true;
auditd.enable = true;
};
# firmware updates # firmware updates

20
hosts/nuc/modules/cache/default.nix vendored Normal file
View file

@ -0,0 +1,20 @@
{ config, ... }:
let
domain = "cache.rfive.de";
in
{
age.secrets.cache = {
file = ../../../../secrets/nuc/cache.age;
};
services.nix-serve = {
enable = true;
secretKeyFile = config.age.secrets.cache.path;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
};
};
}

View file

@ -43,13 +43,13 @@ in
}]; }];
}]; }];
}; };
sliding-sync = { };
enable = true; matrix-sliding-sync = {
settings = { enable = true;
SYNCV3_SERVER = "https://${domain}"; settings = {
}; SYNCV3_SERVER = "https://${domain}";
environmentFile = config.age.secrets."matrix/sync".path;
}; };
environmentFile = config.age.secrets."matrix/sync".path;
}; };

View file

@ -14,6 +14,14 @@
./modules/virtualisation ./modules/virtualisation
]; ];
nixpkgs.hostPlatform = {
gcc.arch = "tigerlake";
gcc.tune = "tigerlake";
system = "x86_64-linux";
};
nix.settings.system-features = [ "gccarch-tigerlake" ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot = { boot = {
kernelModules = [ "v4l2loopback" ]; kernelModules = [ "v4l2loopback" ];

View file

@ -21,8 +21,8 @@
whois whois
inetutils inetutils
openssl openssl
wget
dnsutils dnsutils
nmap
]; ];
services.resolved = { services.resolved = {
fallbackDns = [ fallbackDns = [
@ -40,9 +40,6 @@
hostName = "thinkpad"; hostName = "thinkpad";
hostId = "d8d34032"; hostId = "d8d34032";
enableIPv6 = true; enableIPv6 = true;
firewall = {
logRefusedConnections = false;
};
wireless = { wireless = {
enable = true; enable = true;
userControlled.enable = true; userControlled.enable = true;
@ -163,7 +160,7 @@
linkConfig.RequiredForOnline = "carrier"; linkConfig.RequiredForOnline = "carrier";
networkConfig = { networkConfig = {
Address = "192.168.43.3/32"; Address = "192.168.43.3/32";
DNS = "192.168.42.1"; DNS = "192.168.43.1";
DNSSEC = true; DNSSEC = true;
BindCarrier = [ "wlp9s0" "enp0s31f6" ]; BindCarrier = [ "wlp9s0" "enp0s31f6" ];
}; };

View file

@ -31,7 +31,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
wget
htop-vim htop-vim
]; ];
programs.git = { programs.git = {

View file

@ -19,6 +19,7 @@ in
"secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ];
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

7
secrets/nuc/cache.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ pLKYxDwT0w0iVvg+Ppu66RaQ+6b9Mw935ol8X5+wWgU
VL90qNwa1IWO8GdIuI9JGjP62qVF5kJbWmuciq6Kbos
-> ssh-ed25519 2TRdXg T9oZyBSqwUTBMws7tykM8xqyOChp1/E80aOlYvzz0CE
lY4VA7dwfkHsRQyrSuAJC5CS9/h6x2vlBEEHFwfeb3s
--- USkk3hxaZmHIwdd5Y62i9VeIlBzGJQCnCBeGvO/3NzQ
lÒßû34n vú¢¢õiº©ûîð(rH;0Ôö!Ebø-hè2 òÖAZD¤·EÿÖƒš1ü¾¨ûöÑ…ÞÌíMVBnæhóæú·Ü{”±DJc§þ³?ißi2b0d ÆÒMHQÉÓÅÇ-=<3D>4»ØÇØñС4 r4EÑŸú6¤×§.

View file

@ -10,6 +10,12 @@
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" ]; experimental-features = [ "nix-command" "flakes" "repl-flake" ];
substituters = [
"https://cache.rfive.de"
];
trusted-public-keys = [
"cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
];
}; };
}; };
} }

View file

@ -11,7 +11,7 @@
enable = true; enable = true;
enableSystemSlice = true; enableSystemSlice = true;
enableRootSlice = true; enableRootSlice = true;
enableUserServices = true; enableUserSlices = true;
}; };
}; };

View file

@ -33,6 +33,7 @@
gajim gajim
gomuks gomuks
fractal fractal
tuba # mastodon client
# games # games
prismlauncher prismlauncher

View file

@ -1,16 +1,14 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
systemd.user = { systemd.user.services.ianny = {
services.ianny = { Unit = {
Unit = { Description = "Ianny break timer";
Description = "Ianny break timer"; After = [ "graphical-session-pre.target" ];
After = [ "graphical-session-pre.target" ]; PartOf = [ "graphical-session.target" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.ianny}/bin/ianny";
};
Install = { WantedBy = [ "graphical-session.target" ]; };
}; };
Service = {
ExecStart = "${pkgs.ianny}/bin/ianny";
};
Install = { WantedBy = [ "graphical-session.target" ]; };
}; };
} }

View file

@ -34,6 +34,18 @@
systemdTarget = "graphical-session.target"; systemdTarget = "graphical-session.target";
}; };
systemd.user.services.swayidle-inhibit = {
Unit = {
Description = "Service preventing swayidle from sleeping while any application is outputting or receiving audio";
After = [ "graphical-session-pre.target" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${lib.getExe pkgs.sway-audio-idle-inhibit}";
};
Install = { WantedBy = [ "graphical-session.target" ]; };
};
systemd.user.services.swaync = { systemd.user.services.swaync = {
Install.WantedBy = [ "graphical-session.target" ]; Install.WantedBy = [ "graphical-session.target" ];
Service = { Service = {