diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4b6ad01 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +gitignore diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/common/all.nix b/common/all.nix old mode 100644 new mode 100755 index e460e4e..b29fa55 --- a/common/all.nix +++ b/common/all.nix @@ -28,6 +28,7 @@ experimental-features = lib.mkDefault "nix-command flakes"; trusted-users = [ "root" "@wheel" ]; }; + nixpkgs.config.allowUnfree = true; home-manager.backupFileExtension = "backup"; diff --git a/common/building.nix b/common/building.nix old mode 100644 new mode 100755 diff --git a/common/nixos-graphical.nix b/common/nixos-graphical.nix index ca8d917..2588726 100644 --- a/common/nixos-graphical.nix +++ b/common/nixos-graphical.nix @@ -7,37 +7,43 @@ modules.battery_monitor.enable = true; # Enable the X11 windowing system. - services.xserver = { - enable = true; - displayManager = { - defaultSession = "none+xmonad"; - sessionCommands = '' - xmobar ${self}/misc/xmobar.hs & + services.xserver = { + enable = true; + displayManager = { + defaultSession = "none+xmonad"; + sessionCommands = '' + xmobar ${self}/misc/xmobar.hs & - # aparently needed, so that xmonad works - sleep 2 && \ - ${pkgs.xorg.xmodmap}/bin/xmodmap \ - -e "clear control" \ - -e "clear mod1" \ - -e "keycode 64 = Control_L" \ - -e "keycode 37 = Alt_L" \ - -e "add control = Control_L" \ - -e "add mod1 = Alt_L" \ - & - ''; - }; + # aparently needed, so that xmonad works + sleep 2 && \ + ${pkgs.xorg.xmodmap}/bin/xmodmap \ + -e "clear control" \ + -e "clear mod1" \ + -e "keycode 64 = Control_L" \ + -e "keycode 37 = Alt_L" \ + -e "add control = Control_L" \ + -e "add mod1 = Alt_L" \ + & + ''; + }; + + #displayManager.gdm = { + #enable = true; + #}; - displayManager.lightdm = { - enable = true; - greeters.enso = { - enable = true; - blur = true; - extraConfig = '' - default-wallpaper=/usr/share/streets_of_gruvbox.png - ''; - }; - }; - layout = "at"; + #/* + displayManager.lightdm = { + enable = true; + greeters.enso = { + enable = true; + blur = true; + extraConfig = '' + default-wallpaper=/usr/share/streets_of_gruvbox.png + ''; + }; + }; + # */ + layout = "at"; }; # xdg portals @@ -61,7 +67,7 @@ sound.enable = true; hardware.pulseaudio.enable = true; - services.blueman.enable = true; + services.blueman.enable = true; hardware.bluetooth.enable = true; # Enable touchpad support (enabled default in most desktopManager). diff --git a/common/nixos-headless.nix b/common/nixos-headless.nix old mode 100644 new mode 100755 diff --git a/common/nixos.nix b/common/nixos.nix old mode 100644 new mode 100755 index 605f581..a11a852 --- a/common/nixos.nix +++ b/common/nixos.nix @@ -14,5 +14,11 @@ #keyMap = "at"; useXkbConfig = true; # use xkbOptions in tty. }; + + system.activationScripts.addBinBash = lib.stringAfter [ "var" ] '' + # there is no /bin/bash + # https://discourse.nixos.org/t/add-bin-bash-to-avoid-unnecessary-pain/5673 + ln -nsf /run/current-system/sw/bin/bash /bin/bash + ''; } diff --git a/common/wg-peers.nix b/common/wg-peers.nix old mode 100644 new mode 100755 diff --git a/docs/running-in-vm.png b/docs/running-in-vm.png new file mode 100755 index 0000000..34832fc Binary files /dev/null and b/docs/running-in-vm.png differ diff --git a/flake.lock b/flake.lock index 39fccf7..3a38be0 100644 --- a/flake.lock +++ b/flake.lock @@ -3,8 +3,8 @@ "androidPkgs": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_5" + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1638562808, @@ -207,11 +207,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1698927895, - "narHash": "sha256-7zz7AkRRmKHMRcr6RMSJkhCoZqE6n2vQ9tYb5St0NJw=", + "lastModified": 1702556729, + "narHash": "sha256-dklM/TgTKMem+ee1EFRmu2mefwIwIW6ZJ4pT+dMekiA=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "0ce7df614a5fd38f89a95e78cddd251028f8ad48", + "rev": "2cba3c0f457d795cdb8769419052f12e55ae32d4", "type": "github" }, "original": { @@ -220,6 +220,29 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1703676226, + "narHash": "sha256-4xT4GM1cZSpjqox0g6g33/6ig4RZsk69wzF/sXR9Wcs=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "03285ecbe3217db5469aebca969462ebd6198b9a", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "locked": { "lastModified": 1688025799, @@ -272,11 +295,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -286,6 +309,21 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -303,16 +341,16 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_3" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -321,7 +359,22 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_5": { + "locked": { + "lastModified": 1610051610, + "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -360,16 +413,16 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1702195709, + "narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "6761b8188b860f374b457eddfdb05c82eef9752f", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -380,11 +433,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1698581311, - "narHash": "sha256-27whmW7vBrNruotHJyMuXOWiDdqWyuBhntngpw5bktc=", + "lastModified": 1702210144, + "narHash": "sha256-s0IJiLUxnf9PNl+lARwCBo5UzNgfNjTrlVwJG27VsLA=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "0fa525dd0b4f45cabcd510ab83a4d1df3b30d56c", + "rev": "9237b96c80c556f28d13cfa8e3e6bc4d95e437fa", "type": "github" }, "original": { @@ -409,6 +462,21 @@ "type": "github" } }, + "my-log": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1703959746, + "narHash": "sha256-eLwYN2n7EPL6VgN05OGOjwx6WSEhGn6Xv5gw8mPuCKk=", + "path": "/home/me/work/log/new", + "type": "path" + }, + "original": { + "path": "/home/me/work/log/new", + "type": "path" + } + }, "networkmanager": { "locked": { "lastModified": 1700593965, @@ -436,10 +504,10 @@ "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "format-all": "format-all", "nix-straight": "nix-straight", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nose": "nose", "ob-racket": "ob-racket", "org": "org", @@ -453,11 +521,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1697814738, - "narHash": "sha256-mwQmykamvRuHmO6I2VTm8+TOIhhmgy2g5YrMjoCHawY=", + "lastModified": 1701264882, + "narHash": "sha256-MBXR7x7Ua8qystlGr+lenwjQd7dsFNFpEFmtHhh10zM=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "c1c99cf41694440d76e31126dc394f52faeb691e", + "rev": "f7413022370f24bb53cb450bfb2803233510113e", "type": "github" }, "original": { @@ -476,11 +544,11 @@ "nmt": "nmt" }, "locked": { - "lastModified": 1694984852, - "narHash": "sha256-A1x55uLb2LT9evsTWYc1U9+iki1AmE5ROxOuCKPf3JE=", + "lastModified": 1666720474, + "narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=", "owner": "Gerschtli", "repo": "nix-formatter-pack", - "rev": "23795a4daf29ce784b3edc13b9776c7b445c453b", + "rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5", "type": "github" }, "original": { @@ -496,11 +564,11 @@ ] }, "locked": { - "lastModified": 1698550809, - "narHash": "sha256-Um8+Wi6EAH5dCgfgl7OqaVd4wFJn6FKLafcP5QPr/98=", + "lastModified": 1702291765, + "narHash": "sha256-kfxavgLKPIZdYVPUPcoDZyr5lleymrqbr5G9PVfQ2NY=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "1f0981f5baeb78e3c89a8980ff1a39f06876fa8c", + "rev": "45d82e0a8b9dd6c5dd9da835ac0c072239af7785", "type": "github" }, "original": { @@ -555,15 +623,15 @@ "nix-wsl": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1700096639, - "narHash": "sha256-FVOTqjwjLX4El7n3jErrWWQ4gR5NVcL7B8cvGRGFQSo=", + "lastModified": 1702287306, + "narHash": "sha256-vEb2DAao89M92LjufnRkIRxUsm8KHb94l786r923a7E=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "83ce0dbe362b9b866414bbc31a2dc9f1d41be649", + "rev": "83c419a8c5db581e83cba3726760608e55d11e58", "type": "github" }, "original": { @@ -595,11 +663,11 @@ ] }, "locked": { - "lastModified": 1696058303, - "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", + "lastModified": 1701689616, + "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", + "rev": "246219bc21b943c6f6812bb7744218ba0df08600", "type": "github" }, "original": { @@ -610,11 +678,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1700392353, - "narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=", + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "2b00bc76dc893cd996a3d76a2f059d657a5ef37a", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "type": "github" }, "original": { @@ -625,11 +693,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", "type": "github" }, "original": { @@ -673,11 +741,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1698540503, - "narHash": "sha256-YN6DJQc7SMe6ep9FhD2BGl92bo24NPNRWjADEJE4xeU=", + "lastModified": 1702169224, + "narHash": "sha256-aOrQq0zzEMcaxXoiA7VWWJlwp7F50cOfTj6LkU59RQg=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "ce2acb20a405bf6f910081c2adc988bbc8100e4c", + "rev": "2be0b7c27456d30195f65eafd029074f731f1978", "type": "github" }, "original": { @@ -686,6 +754,22 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgsUnstable": { "locked": { "lastModified": 1638376152, @@ -703,6 +787,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1702830618, + "narHash": "sha256-lvhwIvRwhOLgzbRuYkqHy4M5cQHYs4ktL6/hyuBS6II=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "91a00709aebb3602f172a0bf47ba1ef013e34835", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1695806987, "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", @@ -717,39 +817,53 @@ "type": "indirect" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1697851979, - "narHash": "sha256-lJ8k4qkkwdvi+t/Xc6Fn74kUuobpu9ynPGxNZR6OwoA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5550a85a087c04ddcace7f892b0bdc9d8bb080c8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { - "lastModified": 1699191053, - "narHash": "sha256-S/J3x3CiT09ywrdE17IueZz+BX/qBqMYTjJmOqg8WPY=", + "lastModified": 1701952659, + "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b73e49eb3965eba8b4ffcd9b9a0e8d63bb6f7e2", + "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { + "locked": { + "lastModified": 1703957214, + "narHash": "sha256-VBiQAJaGnksf9na2rtOvxliKuK+Bn8LMyz2gzyNowc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ab3d01706825b1291a77187f2756c8fac3da2ca9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1613434981, + "narHash": "sha256-Q6JRyPs5g2AXov/yEof//jOOiQ/VZVxrSYC7jiCEhSE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "82abb66345f583001009f1be36f81c4082098011", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_7": { "locked": { "lastModified": 1637841632, "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", @@ -765,7 +879,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_8": { "locked": { "lastModified": 1638371214, "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", @@ -800,11 +914,11 @@ "nmd_2": { "flake": false, "locked": { - "lastModified": 1680213367, - "narHash": "sha256-NbSXxpFAK5IMcsQTK0vSGy099HExx3SEagqW4Lpc+X8=", + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", "owner": "rycee", "repo": "nmd", - "rev": "abb15317ebd17e5a0a7dd105e2ce52f2700185a8", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", "type": "gitlab" }, "original": { @@ -925,6 +1039,25 @@ "type": "github" } }, + "podman": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1661906180, + "narHash": "sha256-x5+aOuzlMhlXoEPs2f/jAn9TG4oQ+sfCtdwn+3gDkHY=", + "owner": "ES-Nix", + "repo": "podman-rootless", + "rev": "7b45d94ce78c297dae6d0435f0b2e9dae2e719ce", + "type": "github" + }, + "original": { + "owner": "ES-Nix", + "repo": "podman-rootless", + "type": "github" + } + }, "revealjs": { "flake": false, "locked": { @@ -944,15 +1077,15 @@ "robotnix": { "inputs": { "androidPkgs": "androidPkgs", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_8", "nixpkgsUnstable": "nixpkgsUnstable" }, "locked": { - "lastModified": 1698517646, - "narHash": "sha256-ttKJDUE8wJ6XYfn06eU8Fb3p82IUvNUV2Hj9cgX3MUI=", + "lastModified": 1699510635, + "narHash": "sha256-OpScLedUNJ6xyEyd5PeAMNKaoi8LMI7RT1lzXPp+UaY=", "owner": "nix-community", "repo": "robotnix", - "rev": "73d6b0b142e3f2844e6caaf820e8be3bd8cde2c6", + "rev": "f941a20537384418c22000f6e6487c92441e0a7f", "type": "github" }, "original": { @@ -964,7 +1097,9 @@ "root": { "inputs": { "firefox": "firefox", + "firefox-addons": "firefox-addons", "home-manager": "home-manager", + "my-log": "my-log", "networkmanager": "networkmanager", "nix-doom-emacs": "nix-doom-emacs", "nix-index-database": "nix-index-database", @@ -972,8 +1107,10 @@ "nix-wsl": "nix-wsl", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap_2", + "nixpkgs-unstable": "nixpkgs-unstable", + "podman": "podman", "robotnix": "robotnix" } }, diff --git a/flake.nix b/flake.nix index 2da6a34..1a935a1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,16 +2,24 @@ description = "Sebastian (c2vi)'s NixOS"; inputs = { + # don't forget to also change the hash of the used nixpkgs in programs/bash.nix the export nip + nixpkgs.url = "github:NixOS/nixpkgs/release-23.11"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:NixOS/nixpkgs/release-23.05"; + + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #old-nixpkgs.url = "github:NixOS/nixpkgs/release-22.11"; firefox.url = "github:nix-community/flake-firefox-nightly"; + firefox-addons = { + # ref: https://github.com/Misterio77/nix-config/blob/main/flake.nix#L66 + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { - url = "github:nix-community/home-manager/release-23.05"; + url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -51,20 +59,27 @@ nix-wsl.url = "github:nix-community/NixOS-WSL"; + my-log.url = "path:/home/me/work/log/new"; + #my-log.inputs.nixpkgs.follows = "nixpkgs"; + + podman.url = "github:ES-Nix/podman-rootless"; + }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-generators, ... }@inputs: let confDir = "/home/me/work/config"; workDir = "/home/me/work"; - secretsDir = "/home/me/.mysecrets"; + secretsDir = "/home/me/work/here/secrets"; persistentDir = "/home/me/work/app-data"; specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; + system = "x86_64-linux"; pkgs = import nixpkgs { system = "x86_64-linux"; config = { allowUnfree = true; permittedInsecurePackages = [ "electron-24.8.6" + "electron-25.9.0" ]; }; }; }; @@ -89,10 +104,47 @@ ]; }; + "gui" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + nixos-generators.nixosModules.all-formats + ({ ... }: { + boot.kernelParams = [ "console=tty0" ]; + boot.loader.grub.device = "nodev"; + virtualisation.libvirtd.enable = true; + fileSystems = { + "/" = { + label = "nixos"; + fsType = "ext4"; + }; + }; + }) + #"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-x86_64.nix" + ./common/all.nix + ./common/nixos.nix + ./common/nixos-graphical.nix + ./common/building.nix + + inputs.home-manager.nixosModules.home-manager + ./users/me/gui.nix + ./users/root/default.nix + ]; + }; + + "fusu" = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./hosts/fusu.nix + ./hardware/fusu.nix + ]; + }; + # my server at home - "rpi" = nixpkgs.lib.nixosSystem { + "rpi" = nixpkgs.lib.nixosSystem rec { #inherit specialArgs; - specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; }; + specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; system = "aarch64-linux"; modules = [ ./hosts/rpi.nix @@ -100,11 +152,12 @@ }; # my raspberry to try out stuff with - "lush" = nixpkgs.lib.nixosSystem { + "lush" = nixpkgs.lib.nixosSystem rec { system = "aarch64-linux"; - specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; }; + specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; modules = [ ./hosts/lush.nix + ]; }; @@ -135,15 +188,37 @@ ]; }; - "the-most-default" = nixpkgs.lib.nixosSystem { + "the-most-default" = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; }; + specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; modules = [ - ./hosts/the-most-default.nix + #./hosts/the-most-default.nix + ./users/root/default.nix + ./users/me/headless.nix + ({ ... }: { + fileSystems."/" = { + device = "/dev/disk/by-uuid/6518e61e-7120-48ef-81a3-5eae0f67297e"; + fsType = "btrfs"; + }; + + system.stateVersion = "23.05"; # Did you read the comment? + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + extraConfig = '' + set timeout=2 + ''; + }; + }) + #./users/me/headless.nix + inputs.home-manager.nixosModules.home-manager + ./common/all.nix ]; }; - "test" = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self; }; + + "test" = nixpkgs.lib.nixosSystem rec { + specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; system = "aarch64-linux"; #inherit specialArgs; modules = [ @@ -195,33 +270,23 @@ ]; }; - test = inputs.nix-on-droid.lib.nixOnDroidConfiguration { - modules = [ ./hosts/nix-on-phone.nix ]; - - # list of extra special args for Nix-on-Droid modules - extraSpecialArgs = { - # rootPath = ./.; - }; - - # set nixpkgs instance, it is recommended to apply `nix-on-droid.overlays.default` - pkgs = import nixpkgs { - system = "aarch64-linux"; - - overlays = [ - inputs.nix-on-droid.overlays.default - # add other overlays - ]; - }; - - # set path to home-manager flake - home-manager-path = inputs.home-manager.outPath; - }; }; + homeModules = { + #me-headless = import ./users/me/headless.nix; + me-headless = import ./users/common/home.nix; + }; packages.x86_64-linux = { - #test = self.nixosConfigurations.test.config.system.build.sdImage; - testing = nixpkgs.legacyPackages.x86_64-linux; + hi = self.nixosConfigurations.the-most-default.config.system.build.toplevel; + #testing = nixpkgs.legacyPackages.x86_64-linux; + testing = (nixpkgs.legacyPackages.x86_64-linux.writeShellApplication { + name = "log"; + #runtimeInputs = [ inputs.my-log.packages.${system}.pythonForLog ]; + #text = "cd /home/me/work/log/new; nix develop -c 'python ${workDir}/log/new/client.py'"; + text = ''${inputs.my-log.packages.x86_64-linux.pythonForLog}/bin/python ${workDir}/log/new/client.py "$@"''; + }); + test = nixpkgs.legacyPackages.x86_64-linux.firefox-devedition-unwrapped.overrideAttrs (old: { NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ [ "-O3" "-march=native" "-fPIC" ]; #hi = builtins.trace ("hello world: " + old.passthru.unwrapped.name) 4; @@ -235,19 +300,19 @@ #}); cbm = nixpkgs.legacyPackages.x86_64-linux.callPackage ./mods/cbm.nix { }; - supabase = nixpkgs.legacyPackages.x86_64-linux.callPackage ./mods/supabase.nix { }; - #default... TODO run-vm = specialArgs.pkgs.writeScriptBin "run-vm" '' ${self.nixosConfigurations.hpm.config.system.build.vm}/bin/run-hpm-vm -m 4G -cpu host -smp 4 ''; - acern = self.nixosConfigurations.acern.config.system.build.tarballBuilder; #luna = (self.nixosConfigurations.luna.extendModules { #modules = [ "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-no-zfs-installer.nix" ]; #}).config.system.build.sdImage; + + acern = self.nixosConfigurations.acern.config.system.build.tarballBuilder; lush = self.nixosConfigurations.lush.config.system.build.sdImage; rpi = self.nixosConfigurations.rpi.config.system.build.sdImage; - prootTermux = inputs.nix-on-droid.outputs.packages.x86_64-linux.prootTermux; + + prootTermux = inputs.nix-on-droid.outputs.packages.x86_64-linux.prootTermux; docker = let pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; in pkgs.dockerTools.buildImage { name = "hello"; tag = "0.1.0"; @@ -264,7 +329,7 @@ wsl = { type = "app"; - program = "${self.nixosConfigurations.wsl.config.system.build.tarballBuilder}/bin/nixos-wsl-tarball-builder"; + program = "${self.nixosConfigurations.acern.config.system.build.tarballBuilder}/bin/nixos-wsl-tarball-builder"; }; default = { type = "app"; diff --git a/hardware/fusu.nix b/hardware/fusu.nix new file mode 100755 index 0000000..f2f78b4 --- /dev/null +++ b/hardware/fusu.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/old" = + { device = "/dev/disk/by-uuid/adbb1f76-7661-4c36-a603-ff510112114d"; + fsType = "ext4"; + }; + + fileSystems."/" = + { device = "/dev/disk/by-label/fusu-root"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hardware/my-hp-laptop.nix b/hardware/my-hp-laptop.nix index 1705507..9b77133 100644 --- a/hardware/my-hp-laptop.nix +++ b/hardware/my-hp-laptop.nix @@ -4,21 +4,57 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - # Setup keyfile - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; + # Setup keyfile + #boot.initrd.secrets = { + #"/crypto_keyfile.bin" = null; + #}; - fileSystems."/home/me/work" = { - #label = "work"; - device = "/dev/disk/by-uuid/fd3c6393-b6fd-4065-baf9-5690eb6ebbed"; - fsType = "btrfs"; - neededForBoot = false; - }; + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + ######################## filesystems ######################### + + fileSystems = { + "/" = { + label = "main"; + fsType = "btrfs"; + options = [ "compress=zstd" "subvol=root" ]; + }; + + "/home" = { + label = "main"; + fsType = "btrfs"; + options = [ "compress=zstd" "subvol=home" ]; + }; + "/nix" = { + label = "main"; + fsType = "btrfs"; + options = [ "compress=zstd" "noatime" "subvol=nix" ]; + }; + + "/home/me/work" = { + fsType = "btrfs"; + neededForBoot = false; + label = "main"; + options = [ "compress=zstd" "noatime" "subvol=work" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/2588-2509"; + fsType = "vfat"; + }; + }; + + + +##################### bootloader ################################# # Use the GRUB 2 boot loader. boot.loader.grub = { @@ -33,10 +69,12 @@ boot.loader.efi.canTouchEfiVariables = true; +##################### misc ################################# + boot.initrd.luks.devices = { root = { #name = "root"; - device = "/dev/disk/by-uuid/142d2d21-2998-4eb7-9853-ab6554ba061f"; + device = "/dev/disk/by-label/crypt"; preLVM = true; allowDiscards = true; }; @@ -47,27 +85,4 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/d4ca1ea3-4b73-45e8-8575-560ade53cade"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2588-2509"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/acern.nix b/hosts/acern.nix index a6fc174..e2a1952 100644 --- a/hosts/acern.nix +++ b/hosts/acern.nix @@ -20,7 +20,7 @@ settings.KbdInteractiveAuthentication = false; }; - programs.bash.loginShellInit = "nixos-wsl-welcome"; + programs.bash.loginShellInit = ""; # to build rpi images boot.binfmt.emulatedSystems = [ @@ -30,6 +30,7 @@ ######################### networking ##################################### + networking.hostName = "acern"; networking.firewall.allowPing = true; networking.firewall.enable = true; networking.firewall.allowedUDPPorts = [ diff --git a/hosts/fusu.nix b/hosts/fusu.nix new file mode 100644 index 0000000..76fb5ed --- /dev/null +++ b/hosts/fusu.nix @@ -0,0 +1,107 @@ + +{ inputs, pkgs, ... }: +{ + imports = [ + ../common/all.nix + ../common/nixos.nix + ../common/building.nix + + inputs.home-manager.nixosModules.home-manager + ../users/me/headless.nix + ../users/root/default.nix + ../users/server/headles.nix + ]; + + # mac address for wakeonlan: 00:19:99:fd:28:23 + + # allow acern to ssh into server + users.users.server.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTV1VoNAjMha5IP+qb8XABDo02pW3iN0yPBIbSqZA27 me@acern" + ]; + + # allow server user to shutdown fusu + security.sudo.extraRules = [ + { + users = [ "server" ]; + commands = [ { command = "/run/current-system/sw/bin/shutdown"; options = [ "SETENV" "NOPASSWD" ]; } ]; + } + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + efiSupport = false; + extraConfig = '' + set timeout=2 + ''; + }; + + #fileSystems."/boot" = { + # device = "/dev/disk/by-label/fusu-boot"; + # fsType = "fat32"; + #}; + + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "yes"; + + #settings.X11UseLocalhost = "no"; + settings.X11Forwarding = true; + #settings.AddressFamily = "inet"; + }; + + networking.firewall.allowPing = true; + networking.firewall.enable = true; + + services.samba.openFirewall = true; + + networking.firewall.allowedTCPPorts = [ + 8888 # for general usage + 9999 # for general usage + 8080 # for mitm proxy + + 25565 # mc server + 25566 # mc server + ]; + + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # to build rpi images + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + + environment.systemPackages = with pkgs; [ + ntfs3g + ]; + + nix.settings = { + trusted-public-keys = [ + "sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo=" + ]; + trusted-users = [ "me" ]; + }; + + networking = { + #usePredictableInterfaceNames = false; + defaultGateway = { + address = "192.168.1.1"; + interface = "eth0"; + }; + hostName = "fusu"; + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + interfaces = { + "enp0s25" = { + name = "eth0"; + ipv4.addresses = [ + { address = "192.168.1.3"; prefixLength = 24;} + ]; + }; + }; + }; + +} diff --git a/hosts/hpm.nix b/hosts/hpm.nix old mode 100644 new mode 100755 index 556d2f1..522365f --- a/hosts/hpm.nix +++ b/hosts/hpm.nix @@ -53,5 +53,12 @@ }; }; }; + + services.logind = { + lidSwitch = "ignore"; + lidSwitchExternalPower = "ignore"; + lidSwitchDocked = "ignore"; + }; + } diff --git a/hosts/lush.nix b/hosts/lush.nix old mode 100644 new mode 100755 index 6c78d41..2e139a8 --- a/hosts/lush.nix +++ b/hosts/lush.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, inputs, secretsDir, ... }: +{ lib, pkgs, inputs, secretsDir, workDir, ... }: { #system.stateVersion = "23.05"; # Did you read the comment? @@ -11,7 +11,15 @@ ../common/all.nix inputs.home-manager.nixosModules.home-manager - ../users/me/headless.nix + #../users/me/headless.nix + + ##### project modules + + # the module for the zwave setup + #"${workDir}/htl/labor/hackl/zwave.nix" + + # labor nas project + "${workDir}/htl/labor/nas/nixos/lush-module.nix" ]; # home-manager.users.me = import ../users/me/home-headless.nix; @@ -36,13 +44,19 @@ ]; */ + services.blueman.enable = true; + hardware.bluetooth.enable = true; hardware.enableRedistributableFirmware = true; # This causes an overlay which causes a lot of rebuilding environment.noXlibs = lib.mkForce false; - environment.systemPackages = with pkgs; [ vim git ]; + environment.systemPackages = with pkgs; [ + vim + bluez + git + ]; # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a # disk with this label on first boot. Therefore, we need to keep it. It is the @@ -124,7 +138,7 @@ id = "pt"; uuid = "f028117e-9eef-47c1-8483-574f7ee798a4"; type = "bluetooth"; - autoconnect = "false"; + autoconnect = "true"; }; bluetooth = { @@ -133,7 +147,7 @@ }; ipv4 = { - address1 = "192.168.20.21/24"; + address1 = "192.168.44.22/24"; method = "auto"; }; }; diff --git a/hosts/main.nix b/hosts/main.nix index 9214003..87748d3 100644 --- a/hosts/main.nix +++ b/hosts/main.nix @@ -10,6 +10,9 @@ # ??????????? TODO # fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + services.nscd.enable = lib.mkForce false; + system.nssModules = lib.mkForce []; + imports = [ ../common/all.nix @@ -23,11 +26,22 @@ ../users/root/default.nix ]; + + + + environment.systemPackages = with pkgs; [ cifs-utils ntfs3g + dhcpcd + looking-glass-client ]; + # enable ntp + #services.ntp.enable = true; + # if i hibernate and ren unhibernate in the school network ... the time will be off, because 0.nixos.pool.ntp.org can't be reached + services.timesyncd.enable = true; + ################################### optimisations #################################### #boot.kernelPackages = pkgs.linuxPackages; # .overrideAttrs (old: { #NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ [ "-O3" "-march=native" ]; @@ -37,15 +51,16 @@ NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ [ "-O3" "-march=native" ]; }))); */ - boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_1.override { - argsOverride = rec { - NIX_CFLAGS_COMPILE = [ "-O3" "-march=native" ]; - }; - }); + #boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_1.override { + #argsOverride = rec { + #NIX_CFLAGS_COMPILE = [ "-O3" "-march=native" ]; + #}; + #}); #*/ #(old: { #})); + /* nixpkgs.overlays = [ (final: prev: { optimizeWithFlags = pkg: flags: @@ -59,6 +74,7 @@ firefox = final.optimizeForThisHost prev.firefox; }) ]; + */ hardware.bluetooth.settings = { @@ -77,6 +93,7 @@ ]; # some bind mounts + /* fileSystems."${workDir}/priv-share/things" = { device = "${workDir}/things"; options = [ "bind" ]; @@ -89,6 +106,7 @@ device = "${workDir}/diplomarbeit"; options = [ "bind" ]; }; + # */ ################################ my youtube blocking service ############################# environment.etc."host.conf" = { @@ -109,8 +127,19 @@ if [ -f "/etc/hosts-youtube-block" ]; then timeout=$(cat /etc/hosts-youtube-block) + + # check our daily limit + if [ -f "/etc/hosts-youtube-daily" ]; + then + echo hi + #today=$(cat /etc/hosts-youtube-daily) + + # set timeout to 0 when dayli limit is over 90m + # and also write + fi + echo "read timeout $timeout" - if [[ "$timeout" == "1" ]] || [[ "$timeout" == "1\n" ]] + if [[ "$timeout" == "1" ]] || [[ "$timeout" == "1\n" ]] || [[ "$timeout" == "-1" ]] || [[ "$timeout" == "0" ]] then rm -rf /etc/hosts-youtube-block else @@ -153,9 +182,15 @@ services.avahi.enable = true; networking.networkmanager.enable = true; + #networking.networkmanager.extraConfig = '' + #[main] + #dhcp=dhcpcd + #''; + #networking.useDHCP = lib.mkForce true; networking.firewall.allowPing = true; networking.firewall.enable = true; + services.samba.openFirewall = true; networking.firewall.allowedTCPPorts = [ @@ -215,6 +250,7 @@ }; wifi-security = { key-mgmt = "wpa-eap"; + auth-alg = "open"; }; "802-1x" = { eap = "peap"; @@ -288,6 +324,24 @@ }; }; + dhcp = { + connection = { + id = "dhcp"; + uuid = "c006389a-1697-4f77-91c3-95b466f85f13"; + type = "ethernet"; + autoconnect = "false"; + interface-name = "enp1s0"; + }; + + ethernet = { + mac-address = "F4:39:09:4A:DF:0E"; + }; + + ipv4 = { + method = "auto"; + }; + }; + /* me = { connection = { @@ -309,6 +363,7 @@ */ }; + /* networking.wireguard.interfaces = { me1 = { ips = [ "10.1.1.11/24" ]; @@ -319,6 +374,7 @@ peers = import ../common/wg-peers.nix { inherit secretsDir; }; }; }; + # */ @@ -363,19 +419,34 @@ virtualisation.libvirtd.enable = true; virtualisation.podman.enable = true; - system.activationScripts.setupLibvirt = lib.stringAfter [ "var" ] '' - mkdir -p /var/lib/libvirt/storage - ln -nsf ${workDir}/vm/libvirt/my-image-pool.xml /var/lib/libvirt/storage/my-image-pool.xml - rm -rf /var/lib/libvirt/qemu/networks - ls ${workDir}/vm/qemu | while read path - do - ln -nsf ${workDir}/vm/qemu/$path /var/lib/libvirt/qemu/$path - done + virtualisation.kvmgt.enable = true; + boot.extraModprobeConfig = "options i915 enable_guc=2"; + boot.kernelParams = [ "intel_iommu=on" ]; + virtualisation.kvmgt.vgpus = { + "i915-GVTg_V5_8" = { + uuid = [ "1382e8c5-b033-481b-99b8-e553ef6a0056" ]; + }; + }; + + # /* + system.activationScripts.setupLibvirt = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/libvirt/storage + ln -nsf ${workDir}/vm/libvirt/my-image-pool.xml /var/lib/libvirt/storage/my-image-pool.xml + rm -rf /var/lib/libvirt/qemu/networks + ls ${workDir}/vm/qemu | while read path + do + ln -nsf ${workDir}/vm/qemu/$path /var/lib/libvirt/qemu/$path + done + ''; + + # */ + system.activationScripts.makeBinBash = lib.stringAfter [ "var" ] '' # there is no /bin/bash # https://discourse.nixos.org/t/add-bin-bash-to-avoid-unnecessary-pain/5673 ln -nsf /run/current-system/sw/bin/bash /bin/bash ''; + # */ ############################## swap and hibernate ################################### diff --git a/hosts/nix-on-phone.nix b/hosts/nix-on-phone.nix old mode 100644 new mode 100755 diff --git a/hosts/phone/default.nix b/hosts/phone/default.nix old mode 100644 new mode 100755 diff --git a/hosts/phone/nix-on-droid.nix b/hosts/phone/nix-on-droid.nix old mode 100644 new mode 100755 diff --git a/hosts/phone/stuff.md b/hosts/phone/stuff.md old mode 100644 new mode 100755 diff --git a/hosts/privision-main.nix b/hosts/privision-main.nix old mode 100644 new mode 100755 diff --git a/hosts/rpi.md b/hosts/rpi.md deleted file mode 100644 index 149d209..0000000 --- a/hosts/rpi.md +++ /dev/null @@ -1,70 +0,0 @@ - - -# get pi to boot from usb-source -echo program_usb_boot_mode=1 | sudo tee -a /boot/config.txt -https://www.elektronik-kompendium.de/sites/raspberry-pi/2404241.htm - -# setup -## set static ip (192.168.1.2) -used /etc/network/interfaces (seems to be debian only) - - -## enable ssh (touch ssh file in the boot partition) - -## set root pwd (copy hash from local /etc/shadow) - -CMD: apt update -CMD: apt install nodejs npm -CMD: npm i -g @bitwarden/cli - -## set hostname - -## setup bcache -- if "sudo make-bcache -C /dev/sda3 -B /dev/md0" then no need for registering (i think) -PKG: bcache-tools git build-essential uuid-dev mdadm -CMD: sudo make-bcache -C /dev/sda3 -CMD: sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc -CMD: sudo make-bcache -B /dev/md0 - -## other bcache things -- you can echo 1 > /sys/fs/bcache//unregister -- but there also is: echo 1 > /sys/block/bcache0/bcache/stop - - if seccond is not done, volumes used by this bcache device will show as " is apparently in use by the system; will not make a filesystem here!", when mkfs.ext5 - -## mdadm things -- do a check: https://www.thomas-krenn.com/de/wiki/Mdadm_checkarray - -## add swap file maybe -CMD: sudo vim /etc/dphys-swapfile -CMD: sudo dphys-swapfile setup -CMD: sudo dphys-swapfile swapon - -# things -- mdadm -- bcache -- mount /home/files/storage - - so that other users can't read it - -- podman containers - -- me-net (wireguard) - -- rclone mount onedrive backups -- borgmatic - -## things done -- smb shares -- swap -- users - admin - sudo without password and access to bitwarden - files - for managing files (old: dateimanager) - server - for deployed servers (podman) - mamafiles - for the mamafiles share -- ssh acces - - ssh config: PermitRootAccess and PasswordAuthentication -- dyndns -- wstunnel for wireguard - - - - diff --git a/hosts/rpi.nix b/hosts/rpi.nix index 99ffd55..aba1b22 100644 --- a/hosts/rpi.nix +++ b/hosts/rpi.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, inputs, secretsDir, ... }: +{ lib, pkgs, inputs, secretsDir, system, ... }: { imports = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" @@ -7,6 +7,7 @@ ../common/all.nix ../common/nixos-headless.nix + ../common/nixos.nix inputs.home-manager.nixosModules.home-manager ../users/me/headless.nix @@ -15,8 +16,6 @@ ../users/files/headless.nix ]; - system.stateVersion = "23.05"; - # to cross compile #nixpkgs.hostPlatform.system = "aarch64-linux"; #nixpkgs.buildPlatform.system = "x86_64-linux"; @@ -31,6 +30,8 @@ environment.systemPackages = with pkgs; [ bcache-tools + su + fuse3 ]; fileSystems."/" = @@ -38,6 +39,16 @@ fsType = "ext4"; }; + fileSystems."/home/files/storage" = + { device = "/dev/bcache0p1"; + fsType = "ext4"; + }; + + fileSystems."/svn" = { + device = "/home/files/storage/files/stuff/svn"; + options = [ "bind" ]; + }; + swapDevices = [ { device = "/swapfile"; size = 10*1024; @@ -98,7 +109,7 @@ uuid = "a02273d9-ad12-395e-8372-f61129635b6f"; type = "ethernet"; autoconnect-priority = "-999"; - interface-name = "eth0"; + interface-name = "end0"; }; ipv4 = { address1 = "192.168.1.2/24,192.168.1.1"; @@ -107,6 +118,7 @@ }; }; + /* me = { connection = { id = "me"; @@ -124,6 +136,7 @@ method = "manual"; }; } // (import ../common/wg-peers.nix { inherit secretsDir; }) ; + */ }; ######################################### wstunnel ####################################### @@ -155,13 +168,14 @@ ip=$(curl my.ip.fi) curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}" curl "https://dynamicdns.park-your-domain.com/update?host=@&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip" + # https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-to-dynamically-update-the-hosts-ip-with-an-https-request/ ''; }; in { enable = true; - description = "block Youtube"; + description = "dyndns ip updates"; unitConfig = { Type = "simple"; }; @@ -249,4 +263,164 @@ }; }; }; + + ############################## files backup ################################## + # needs that + programs.fuse.userAllowOther = true; + systemd.services.rclone-mount-backup = { + enable = true; + description = "Mount rclone backup folder"; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + ExecStart = "${pkgs.bash}/bin/bash -c 'export PATH=/run/wrappers/bin:$PATH; id; ${pkgs.rclone}/bin/rclone mount --allow-non-empty --allow-other --vfs-cache-max-size 2G --vfs-cache-mode full backup: /home/files/backup'"; + User = "files"; + Group = "files"; + }; + wantedBy = [ "multi-user.target" ]; + }; + + services.borgbackup.jobs.files = { + #user = "files"; + extraCreateArgs = "--verbose --list --filter=AMECbchfsx --stats --checkpoint-interval 600"; + extraArgs = "--progress"; + paths = "/home/files/storage"; + doInit = false; + repo = "/home/files/backup/dateien-backup-borg-repo"; + compression = "lzma,9"; + startAt = "weekly"; + user = "files"; + group = "files"; + postCreate = '' + echo create done!!!!! + ''; + extraPruneArgs = "--stats --list --save-space"; + patterns = [ + "- /home/files/storage/files/no-backup" + ]; + + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat /home/files/secrets/borg-passphrase"; + + environment.BORG_KEY_FILE = "/home/files/secrets/borg-key"; + + prune.keep = { + #within = "1w"; # Keep all archives from the last day + daily = 7; + weekly = 7; + monthly = -1; # Keep at least one archive for each month + }; + + }; + + + ################################ server ###################################### + /* + systemd.services.nginx-pod = { + enable = true; + description = "pod for nginx proxy manager"; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + ExecStart = let prg = pkgs.writeShellApplication { + name = "nginx-pod"; + runtimeInputs = with pkgs; [ su shadow ]; + text = lib.strings.concatStringsSep " " [ + "${inputs.podman.packages.${system}.podman}/bin/podman" "pod" "create" + "--name=nginx" + "--share net" + "-p 81:81" + "-p 80:80" + "-p 443:443" + ]; + }; in "${prg}/bin/nginx-pod"; + User = "server"; + Group = "server"; + }; + wantedBy = [ "multi-user.target" ]; + }; + + systemd.services.nginx-db = { + enable = true; + description = "bar"; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + ExecStart = let prg = pkgs.writeShellApplication { + name = "nginx-db"; + runtimeInputs = with pkgs; [ su shadow ]; + text = lib.strings.concatStringsSep " " [ + # make data dir if non existent + "${pkgs.coreutils}/bin/mkdir -p /home/server/here/nginx/data;" + + "${inputs.podman.packages.${system}.podman}/bin/podman" "container" "run" + "--name=nginx_db" + "--pod=nginx" + "-e MYSQL_ROOT_PASSWORD=HAg!HZiZQ9ydGlFK7KP4" + "-e MYSQL_DATABASE=nginx-proxy-manager" + "-e MYSQL_USER=webserver" + ''"-e MYSQL_PASSWORD=n1jK69EQEBOiJ&YPmbeW"'' + "-v /home/server/here/nginx/data/mysql:/var/lib/mysql:Z" + "--add-host app:127.0.0.1" + "--add-host nginx_app:127.0.0.1" + "--add-host db:127.0.0.1" + "--add-host nginx_db:127.0.0.1" + "--restart unless-stopped" + + # last image name + "nginx-proxy-manager" + ]; + }; in "${prg}/bin/nginx-db"; + User = "server"; + Group = "server"; + }; + wantedBy = [ "multi-user.target" ]; + }; + + systemd.services.nginx = { + enable = true; + description = "bar"; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + ExecStart = let prg = pkgs.writeShellApplication { + name = "nginx"; + runtimeInputs = with pkgs; [ su shadow ]; + text = lib.strings.concatStringsSep " " [ + # make data dir if non existent + "${pkgs.coreutils}/bin/mkdir -p /home/server/here/nginx/data;" + + "${inputs.podman.packages.${system}.podman}/bin/podman" "container" "run" + "--name=nginx_app" + "--pod=nginx" + + "-e DB_MYSQL_HOST=db" + "-e DB_MYSQL_PORT=3306" + "-e DB_MYSQL_USER=webserver" + ''"e DB_MYSQL_PASSWORD=n1jK69EQEBOiJ&YPmbeW"'' + "-e DB_MYSQL_NAME=nginx-proxy-manager" + "-v /home/server/here/nginx/data:/data" + "-v /home/server/here/nginx/data/letsencrypt:/etc/letsencrypt" + "--add-host app:127.0.0.1" + "--add-host nginx_app:127.0.0.1" + "--add-host db:127.0.0.1" + "--add-host nginx_db:127.0.0.1" + + "--restart unless-stopped" + + # last image name + "mariadb-aria" + ]; + }; in "${prg}/bin/nginx"; + User = "server"; + Group = "users"; + }; + wantedBy = [ "multi-user.target" ]; + }; + +*/ } diff --git a/hosts/tab/nix-on-droid.nix b/hosts/tab/nix-on-droid.nix old mode 100644 new mode 100755 diff --git a/hosts/the-most-default.nix b/hosts/the-most-default.nix index 75c9970..4ae487c 100755 --- a/hosts/the-most-default.nix +++ b/hosts/the-most-default.nix @@ -11,8 +11,8 @@ ]; # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + #boot.loader.systemd-boot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; # networking.hostName = "nixos"; # Define your hostname. # Pick only one of the below networking options. @@ -35,12 +35,12 @@ # }; # Enable the X11 windowing system. - services.xserver.enable = true; + #services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + #services.xserver.displayManager.gdm.enable = true; + #services.xserver.desktopManager.gnome.enable = true; # Configure keymap in X11 diff --git a/misc/my-hosts b/misc/my-hosts old mode 100644 new mode 100755 diff --git a/misc/my-hosts-h b/misc/my-hosts-h old mode 100644 new mode 100755 index 7dee14c..0149f18 --- a/misc/my-hosts-h +++ b/misc/my-hosts-h @@ -1,5 +1,9 @@ 192.168.1.6 hpm -192.168.1.3 server +192.168.1.3 fusu 192.168.1.2 rpi +192.168.1.2 files +192.168.1.2 rpis 192.168.1.5 acern -192.168.1.122 lush +192.168.1.22 lush +192.168.1.1 rou +192.168.1.1 router diff --git a/misc/my-hosts-me b/misc/my-hosts-me old mode 100644 new mode 100755 diff --git a/misc/my-hosts-pt b/misc/my-hosts-pt old mode 100644 new mode 100755 index 99cf627..8544be8 --- a/misc/my-hosts-pt +++ b/misc/my-hosts-pt @@ -1,3 +1,4 @@ 192.168.44.1 phone 192.168.44.11 main +192.168.44.22 lush diff --git a/misc/my-hosts-pw b/misc/my-hosts-pw old mode 100644 new mode 100755 diff --git a/misc/my-hosts-r b/misc/my-hosts-r old mode 100644 new mode 100755 index fe5334d..da9b2e2 --- a/misc/my-hosts-r +++ b/misc/my-hosts-r @@ -1 +1,3 @@ c2vi.dev rpi +c2vi.dev rpis +c2vi.dev files diff --git a/misc/xmobar.hs b/misc/xmobar.hs old mode 100644 new mode 100755 diff --git a/misc/xmonad.hs b/misc/xmonad.hs old mode 100644 new mode 100755 diff --git a/mods/battery_monitor.nix b/mods/battery_monitor.nix old mode 100644 new mode 100755 diff --git a/mods/cbm.nix b/mods/cbm.nix old mode 100644 new mode 100755 index 157d60a..2ed207e --- a/mods/cbm.nix +++ b/mods/cbm.nix @@ -1,6 +1,7 @@ { stdenv , fetchFromGitHub , ncurses +, autoreconfHook }: stdenv.mkDerivation rec { @@ -16,5 +17,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ ncurses + autoreconfHook ]; } diff --git a/mods/my-nixpkgs-overlay.nix b/mods/my-nixpkgs-overlay.nix old mode 100644 new mode 100755 diff --git a/mods/supabase.nix b/mods/supabase.nix old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/default.nix b/mods/xdg-desktop-portal-termfilechooser/default.nix old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/flake.nix b/mods/xdg-desktop-portal-termfilechooser/flake.nix old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/lf-wrapper.patch b/mods/xdg-desktop-portal-termfilechooser/lf-wrapper.patch old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/meson-build.patch b/mods/xdg-desktop-portal-termfilechooser/meson-build.patch old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/test.patch b/mods/xdg-desktop-portal-termfilechooser/test.patch old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/test2.patch b/mods/xdg-desktop-portal-termfilechooser/test2.patch old mode 100644 new mode 100755 diff --git a/mods/xdg-desktop-portal-termfilechooser/xdg-desktop-portal-termfilechooser-add-x11.patch b/mods/xdg-desktop-portal-termfilechooser/xdg-desktop-portal-termfilechooser-add-x11.patch old mode 100644 new mode 100755 diff --git a/mybin/nixre b/mybin/nixre index 18ebf5d..abd7841 100755 --- a/mybin/nixre +++ b/mybin/nixre @@ -5,7 +5,8 @@ build_from_github(){ - export out_path=$(nix build --refresh "github:c2vi/nixos#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths $args_to_pass) + export NIXPKGS_ALLOW_UNFREE=1 + export out_path=$(nix build --refresh "github:c2vi/nixos#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths "${args_to_pass[@]}") if [[ "$out_path" == "" ]] then @@ -21,7 +22,8 @@ build_from_github(){ } build_from_local(){ - export out_path=$(sudo nix build "$HOME/work/config#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths $args_to_pass) + export NIXPKGS_ALLOW_UNFREE=1 + export out_path=$(nix build "$HOME/work/config#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths "${args_to_pass[@]}") if [[ "$out_path" == "" ]] then @@ -42,13 +44,20 @@ do_switch(){ [[ "$boot" == "false" ]] && sudo $out_path/bin/switch-to-configuration switch [[ "$boot" == "true" ]] && sudo $out_path/bin/switch-to-configuration boot else - nix path-info $out_path -r | xargs sudo nix store sign -k ~/.mysecrets/nix-private-key + nix path-info $out_path -r | xargs sudo nix store sign -k ~/work/here/secrets/nix-private nix copy --no-check-sigs --no-require-sigs --to ssh-ng://$host $out_path [[ "$boot" == "false" ]] && ssh $host "sudo $out_path/bin/switch-to-configuration switch" [[ "$boot" == "true" ]] && ssh $host "sudo $out_path/bin/switch-to-configuration boot" fi } +function test(){ + for arg in "$@"; + do + echo got: $arg + done +} + # main @@ -63,10 +72,18 @@ while getopts ':gbh:' flag; do h) host="${OPTARG}";; b) boot=true;; g) use_github=true;; - *) break;; # makes it so, that at the first unknown option we start passing the rest of the arguments to the nix build command.... + *) export args_to_pass=( "${@:OPTIND}" ); break;; # makes it so, that at the first unknown option we start passing the rest of the arguments to the nix build command.... esac done +# mahem with correctly passing args to the nix build command +#args_to_pass=$(for arg in "${args_to_pass[@]}"; do echo -en " \\\"$arg\\\""; done) +#for arg in "${args_to_pass[@]}"; do echo loop: "$arg"; done +#echo hiii: $args_to_pass +#test "${args_to_pass[@]}" +#exit + + if [[ "$use_github" == "true" ]] then echo rebuild from github diff --git a/mybin/ru b/mybin/ru index a6c351f..f94d7e3 100755 --- a/mybin/ru +++ b/mybin/ru @@ -2,7 +2,19 @@ if [ "$1" == "sync-school" ] then -~/work/config/rclone/sync-school.sh +~/work/config/scripts/sync-school.sh + +elif [ "$1" == "rm-last-char" ] +then +truncate -s-1 $2 + +# total rubish +# cat $1 | xxd -ps | sed '$ s/.$//' $2 | xxd -r -ps > /tmp/1234; mv /tmp/1234 $2 + + +elif [ "$1" == "rm-tab-cur" ] +then +ssh tab "rm /sdcard/note/CUR/*" elif [ "$1" == "mnt-wechner" ] @@ -29,7 +41,7 @@ ping orf.at elif [ "$1" == "mnt-files-local" ] then -sudo mount -t cifs //192.168.1.2/files /home/me/files -o x-gvfs-hide,rw,defaults,nofail,credentials=/home/me/.mysecrets/rpi-share-files,uid=1000,iocharset=utf8,gid=1000 +sudo mount -t cifs //192.168.1.2/files /home/me/files -o x-gvfs-hide,rw,defaults,nofail,credentials=/home/me/work/here/secrets/rpi-share-files,uid=1000,iocharset=utf8,gid=1000 diff --git a/mybin/win b/mybin/win index b1a1146..d102d21 100755 --- a/mybin/win +++ b/mybin/win @@ -1,3 +1,3 @@ #!/bin/bash -~/work/config/scripts/win -o main-win 192.168.122.5 sebastian $@ +~/work/config/scripts/win -o main-win 192.168.122.190 sebastian $@ diff --git a/programs/alacritty.nix b/programs/alacritty.nix old mode 100644 new mode 100755 diff --git a/programs/bash.nix b/programs/bash.nix index 2972d53..de7a7db 100644 --- a/programs/bash.nix +++ b/programs/bash.nix @@ -1,4 +1,4 @@ -{ persistentDir, confDir, hostname, self, pkgs, config, ... }: +{ persistentDir, confDir, hostname, self, pkgs, config, system, inputs, workDir, ... }: { programs.bash = { @@ -30,6 +30,7 @@ ]; sessionVariables = { + inherit system; # this does not work aparently.... # is needed to that ssh works @@ -39,9 +40,20 @@ PS1 = ''\[\033[01;34m\]\W\[\033[00m\]\[\033[01;32m\]\[\033[00m\] ❯❯❯ ''; TEST = "hiiiiiiiiiiiiiiiiiiiiiiiiiii"; + }; shellAliases = { + losetup = "${pkgs.util-linux}/bin/losetup"; + log = let + log = pkgs.writeShellApplication { + name = "log"; + #runtimeInputs = [ inputs.my-log.packages.${system}.pythonForLog ]; + #text = "cd /home/me/work/log/new; nix develop -c 'python ${workDir}/log/new/client.py'"; + text = if system == "x86_64-linux" then ''${inputs.my-log.packages.${system}.pythonForLog}/bin/python ${workDir}/log/new/client.py "$@"'' else "echo system not x86_84-linux"; + }; + in "${log}/bin/log"; + mi = "${workDir}/mize/run"; cdd = "/sdcard"; n = "${pkgs.python3} ${self}/scripts/nav/main.py"; shutdown = "echo try harder.... xD"; @@ -75,6 +87,18 @@ bashrcExtra = '' export PATH=${self}/mybin:$PATH export TERM="xterm-color" + export system=${system} + + # the commit hash of nixpkgs 23.11 + export nip="nixpkgs/71db8c7a02f3be7cb49b495786050ce1913246d3" + + # needed to make ssh -X work + # see: https://unix.stackexchange.com/questions/412065/ssh-connection-x11-connection-rejected-because-of-wrong-authentication + export XAUTHORITY=$HOME/.Xauthority + + export nl="--log-format bar-with-logs" + export acern="ssh://acern x86_64-linux,aarch64-linux - 20 10 big-parallel - -" + export hpm="ssh://hpm x86_64-linux,aarch64-linux - 8 5 big-parallel - -" # my prompt if [[ "${hostname}" == "main" ]] @@ -115,10 +139,10 @@ tta(){ if [[ "$1" == "" ]] then - rsync ~/work/priv-share/fast tab:/sdcard/fast + rsync -rv --delete ~/work/priv-share/fast/* tab:/sdcard/fast elif [[ "$1" == "p" ]] then - rsync tab:/sdcard/fast ~/work/priv-share/fast + rsync -rv tab:/sdcard/fast/* ~/work/priv-share/fast elif [[ "$1" == "k" ]] then scp -O "$1" tab:/sdcard/keep @@ -130,10 +154,10 @@ tph(){ if [[ "$1" == "" ]] then - rsync ~/work/priv-share/fast phone:/sdcard/fast + rsync -rv --delete ~/work/priv-share/fast/* phone:/sdcard/fast elif [[ "$1" == "p" ]] then - rsync phone:/sdcard/fast ~/work/priv-share/fast + rsync -rv phone:/sdcard/fast/* ~/work/priv-share/fast elif [[ "$1" == "k" ]] then scp -O "$1" tab:/sdcard/keep @@ -281,7 +305,7 @@ complete -W "start stop restart status daemon-reload" stl # run - complete -W "mnt-wechner sync-school wstunnel hibernate p speed-test-nixos-iso bat bstat mnt-files-local mnt-lan-local mnt-files-remote mnt-lan-remote suspend" ru + complete -W "mnt-wechner sync-school wstunnel hibernate p speed-test-nixos-iso bat bstat mnt-files-local mnt-lan-local mnt-files-remote mnt-lan-remote suspend rm-tab-cur rm-last-char" ru ''; diff --git a/programs/emacs/config.el b/programs/emacs/config.el old mode 100644 new mode 100755 diff --git a/programs/emacs/default.nix b/programs/emacs/default.nix old mode 100644 new mode 100755 diff --git a/programs/emacs/init.el b/programs/emacs/init.el old mode 100644 new mode 100755 diff --git a/programs/emacs/packages.el b/programs/emacs/packages.el old mode 100644 new mode 100755 diff --git a/programs/firefox/default.nix b/programs/firefox/default.nix new file mode 100644 index 0000000..f1a102f --- /dev/null +++ b/programs/firefox/default.nix @@ -0,0 +1,76 @@ +{ pkgs, inputs, system, lib, persistentDir, config, secretsDir, ... }: +{ + nixpkgs.config.allowUnfree = true; + programs.firefox = { + enable = true; + package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.overrideAttrs (old: { + NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ [ "-O3" "-march=native" "-fPIC" ]; + }); + profiles.me = { + isDefault = true; + id = 0; + extensions = + with inputs.firefox-addons.packages.${system}; + with (import ./my-extensions.nix { + inherit fetchurl lib stdenv; + buildFirefoxXpiAddon = inputs.firefox-addons.lib.${system}.buildFirefoxXpiAddon; + }); + [ + # from extra-firefox-extensions.nix + adguard-adblocker + grepper + visionary-bold-fixed + + + # to search: https://gitlab.com/rycee/nur-expressions/-/blob/master/pkgs/firefox-addons/generated-firefox-addons.nix?ref_type=heads + # ref: https://github.com/Misterio77/nix-config/blob/main/home/misterio/features/desktop/common/firefox.nix#L5 + # ref: https://github.com/Misterio77/nix-config/blob/main/flake.nix#L66 + onetab + bitwarden + + ]; + settings = import ./user-settings.nix {}; + extraConfig = '' + lockPref("browser.theme.content-theme", 0) + ''; + }; + /* + profiles.old = { + isDefault = false; + id = 1; + path = "../../old/app-data/firefox/me"; + }; + # */ + profiles.testing = { + id = 2; + isDefault = false; + }; + + }; + + ############ persistent folders of my profile ################## + home.file = { + ".mozilla/firefox/me/places.sqlite" = { + force = true; + source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox-data/places.sqlite"; + # ref: https://github.com/nix-community/home-manager/issues/676 + # - link goes into the store, and then out again.... xD + }; + ".mozilla/firefox/me/places.sqlite-wal" = { + force = true; + source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox-data/places.sqlite-wal"; + }; + + # one tab storage path + ".mozilla/firefox/me/storage/default/moz-extension+++e2297551-90b4-4da0-92c8-1d00cda2d080^userContextId=4294967295" = { + force = true; + source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox-data/onetab-folder"; + }; + + # bitwareden storage path + ".mozilla/firefox/me/storage/default/moz-extension+++e563a533-4e66-4b75-bbec-176bb803d96c^userContextId=4294967295" = { + force = true; + source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/firefox-bitwarden-folder"; + }; + }; +} diff --git a/programs/firefox/my-extensions.nix b/programs/firefox/my-extensions.nix new file mode 100755 index 0000000..e9055ce --- /dev/null +++ b/programs/firefox/my-extensions.nix @@ -0,0 +1,184 @@ +{ buildFirefoxXpiAddon, fetchurl, lib, stdenv }@args: +let + buildFirefoxXpiAddonFromFile = lib.makeOverridable ({ stdenv ? args.stdenv + , fetchurl ? args.fetchurl, pname, version, addonId, path, meta, ... + }: + stdenv.mkDerivation { + name = "${pname}-${version}"; + + inherit meta; + + preferLocalBuild = true; + allowSubstitutes = true; + + buildCommand = '' + dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" + mkdir -p "$dst" + install -v -m644 "$path" "$dst/${addonId}.xpi" + ''; + }); + + packages = import ./generated-firefox-addons.nix { + inherit buildFirefoxXpiAddon fetchurl lib stdenv; + }; +in + { + /* + "onetab" = buildFirefoxXpiAddonFromFile { + pname = "onetab"; + version = "4.2.240"; + }; + */ + + + + "visionary-bold-fixed" = buildFirefoxXpiAddon { + pname = "visionary-bold-fixed"; + version = "1.0"; + addonId = "{8d38d24a-dd1b-4142-8873-bbaa32e4e44f}"; + url = "https://addons.mozilla.org/firefox/downloads/file/4122855/visionary_bold_fixed-1.0.xpi"; + sha256 = "c4aed779329b980c7e59cf2353e54108713d60b515b918bf7a535f9944c01ae8"; + meta = with lib; + { + description = "As you could notice almost all new mozilla's dark themes (colorways bold) are little broken (dark tabs on dark background). I decided to fix this moment in Visionary Bold theme."; + license = licenses.cc-by-30; + mozPermissions = []; + platforms = platforms.all; + }; + }; + "visionary-bold" = buildFirefoxXpiAddon { + pname = "visionary-bold"; + version = "2.1"; + addonId = "visionary-bold-colorway@mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4066246/visionary_bold-2.1.xpi"; + sha256 = "73b6a25f41877f2c199c0b07ef28d25f69b067ab56bc08cf238e9fb89dfa92d9"; + meta = with lib; + { + description = "You question the status quo and move others to imagine a better future."; + license = licenses.cc-by-30; + mozPermissions = []; + platforms = platforms.all; + }; + }; + "atom-one-dark-theme2" = buildFirefoxXpiAddon { + pname = "atom-one-dark-theme2"; + version = "2.0"; + addonId = "{53de5a1e-f54c-45f7-b86e-09f0161b85f3}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3369239/atom_one_dark_theme2-2.0.xpi"; + sha256 = "3168163ab8bf2da4a64d10f266c50fd0a03226c6260b60cbcbb4e8779db53b02"; + meta = with lib; + { + description = "the atom dark theme extrack for the oponime software"; + mozPermissions = []; + platforms = platforms.all; + }; + }; + "simple-style-fox" = buildFirefoxXpiAddon { + pname = "simple-style-fox"; + version = "4.0"; + addonId = "{05914925-648e-42bc-9024-3b4ea9ec379e}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3890846/simple_style_fox-4.0.xpi"; + sha256 = "2d8369ca5215030db03dcce61c3bf4c358fe0c97b6a3e89a64a146063195c038"; + meta = with lib; + { + description = "Simple style fox"; + license = licenses.cc-by-30; + mozPermissions = []; + platforms = platforms.all; + }; + }; + "adguard-adblocker" = buildFirefoxXpiAddon { + pname = "adguard-adblocker"; + version = "4.2.240"; + addonId = "adguardadblocker@adguard.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/4209021/adguard_adblocker-4.2.240.xpi"; + sha256 = "30790a6d58a2ccc31dc703544f25ef193a8a60074bf2f5775097739db4bcc2e0"; + meta = with lib; + { + homepage = "https://adguard.com/"; + description = "Unmatched adblock extension against advertising and pop-ups. Blocks ads on Facebook, Youtube and all other websites."; + license = licenses.lgpl3; + mozPermissions = [ + "tabs" + "" + "webRequest" + "webRequestBlocking" + "webNavigation" + "storage" + "contextMenus" + "cookies" + "privacy" + "http://*/*" + "https://*/*" + "*://*.adguard.com/*/thankyou.html*" + "*://*.adguard.info/*/thankyou.html*" + "*://*.adguard.app/*/thankyou.html*" + ]; + platforms = platforms.all; + }; + }; + "grepper" = buildFirefoxXpiAddon { + pname = "grepper"; + version = "0.0.8.9"; + addonId = "grepper@codegrepper.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/4069054/grepper-0.0.8.9.xpi"; + sha256 = "17db8b2f138f442882f7db5ba40e6d2af591c45e322cf3262628705c76af1b04"; + meta = with lib; + { + description = "The Query & Answer System for the Coder Community"; + mozPermissions = [ + "storage" + "webRequest" + "activeTab" + "" + "alarms" + "https://www.google.com/*" + "https://www.google.co.uk/*" + "https://www.google.co.za/*" + "https://www.google.co.th/*" + "https://www.google.co.jp/*" + "https://www.google.co.il/*" + "https://www.google.es/*" + "https://www.google.ca/*" + "https://www.google.de/*" + "https://www.google.it/*" + "https://www.google.fr/*" + "https://www.google.com.au/*" + "https://www.google.com.ph/*" + "https://www.google.com.tw/*" + "https://www.google.com.br/*" + "https://www.google.com.ua/*" + "https://www.google.com.my/*" + "https://www.google.com.hk/*" + "https://www.google.ru/*" + "https://www.google.com.tr/*" + "https://www.google.be/*" + "https://www.google.com.gr/*" + "https://www.google.co.in/*" + "https://www.google.com.mx/*" + "https://www.google.dk/*" + "https://www.google.com.ar/*" + "https://www.google.ch/*" + "https://www.google.cl/*" + "https://www.google.co.kr/*" + "https://www.google.com.co/*" + "https://www.google.pl/*" + "https://www.google.pt/*" + "https://www.google.com.pk/*" + "https://www.google.co.id/*" + "https://www.google.com.vn/*" + "https://www.google.nl/*" + "https://www.google.se/*" + "https://www.google.com.sg/*" + "http://*/*" + "https://*/*" + "http://localhost:8888/grepper_app/*" + "https://www.codegrepper.com/*" + "https://www.grepper.com/*" + "https://staging.codegrepper.com/*" + "https://www.grepper.com/app/notifications.php" + ]; + platforms = platforms.all; + }; + }; + } diff --git a/programs/firefox/user-settings.nix b/programs/firefox/user-settings.nix new file mode 100644 index 0000000..90ce4f7 --- /dev/null +++ b/programs/firefox/user-settings.nix @@ -0,0 +1,156 @@ +{ ... }: { + + # general + "extensions.autoDisableScopes" = 0; + "extensions.enabledScopes" = 15; + "browser.search.region" = "AT"; + "browser.aboutConfig.showWarning" = false; + "javascript.options.mem.gc_parallel_marking" = true; + "browser.download.dir" = "/home/me/work/downloads"; + "browser.startup.couldRestoreSession.count" = 5; + "browser.toolbars.bookmarks.visibility" = "never"; + "devtools.everOpened" = true; + "middlemouse.paste" = false; + "browser.download.folderList" = 1; + "extensions.langpacks.signatures.required" = false; + "browser.shell.checkDefaultBrowser" = false; + + # better widnow settings for tiling vm + "browser.tabs.inTitlebar" = 0; + + # so that firefox reacts fast to changes in /etc/hosts + "network.dnsCacheExpiration" = 0; + + # dont sync theme + # so that "browser.theme.content-theme" is not always set to 2 + "services.sync.prefs.sync.extensions.activeThemeID" = false; + + # allow to install my own addons + "xpinstall.signatures.required" = false; + "xpinstall.whitelist.required" = true; + + # set theme + #"extensions.activeThemeID" = "visionary-bold-colorway@mozilla.org"; + # - this one does not work + "extensions.activeThemeID" = "{8d38d24a-dd1b-4142-8873-bbaa32e4e44f}"; + "browser.theme.content-theme" = 0; # content dark theme + "browser.theme.toolbar-theme" = 0; # toolbar dark theme + + + # have acces to browser console + "devtools.chrome.enabled" = true; + + #always show downloads button + "browser.download.autohideButton" = false; + + # better cache + "browser.cache.disk.capacity" = 4560000; + "browser.cache.disk.smart_size.enabled" = false; + "browser.cache.check_doc_frequency" = 2; + # http://kb.mozillazine.org/Browser.cache.check_doc_frequency + + + # the header customisation + "browser.uiCustomization.state" = ''{"placements":{"widget-overflow-fixed-list":["sync-button"],"unified-extensions-area":["jid1-93cwpmrbvpjrqa_jetpack-browser-action","_react-devtools-browser-action","grepper_codegrepper_com-browser-action","simple-translate_sienori-browser-action","_d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0_-browser-action","_b0721213-dc0b-4ae0-8436-8c14f0022a37_-browser-action"],"nav-bar":["back-button","forward-button","stop-reload-button","home-button","customizableui-special-spring1","urlbar-container","zoom-controls","customizableui-special-spring7","screenshot-button","fullscreen-button","developer-button","bookmarks-menu-button","downloads-button","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","adguardadblocker_adguard_com-browser-action","extension_one-tab_com-browser-action","side-view_mozilla_org-browser-action","unified-extensions-button","reset-pbm-toolbar-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["preferences-button","personal-bookmarks"]},"seen":["developer-button","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","extension_one-tab_com-browser-action","_d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0_-browser-action","grepper_codegrepper_com-browser-action","save-to-pocket-button","_react-devtools-browser-action","jid1-93cwpmrbvpjrqa_jetpack-browser-action","adguardadblocker_adguard_com-browser-action","side-view_mozilla_org-browser-action","simple-translate_sienori-browser-action","profiler-button","reset-pbm-toolbar-button","_b0721213-dc0b-4ae0-8436-8c14f0022a37_-browser-action"],"dirtyAreaCache":["nav-bar","PersonalToolbar","toolbar-menubar","TabsToolbar","widget-overflow-fixed-list","unified-extensions-area"],"currentVersion":20,"newElementCount":26}''; + + + # keep extension uuids the same ... so that the bitwaredne pass-store and onetab stores stay the same + + "extensions.webextensions.uuids" = builtins.toJSON { + "extension@one-tab.com" = "e2297551-90b4-4da0-92c8-1d00cda2d080"; + "adguardadblocker@adguard.com" = "b73239bf-cb93-4985-8f3b-71b32a3b3527"; + "grepper@codegrepper.com" = "7cfa9e68-fba7-4eb9-8f3b-d4562a31b476"; + + # bitwarden + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = "e563a533-4e66-4b75-bbec-176bb803d96c"; + }; + + "extensions.webextensions.ExtensionStorageIDB.migrated.adguardadblocker@adguard.com" = true; + "extensions.webextensions.ExtensionStorageIDB.migrated.extension@one-tab.com" = true; + "extensions.webextensions.ExtensionStorageIDB.migrated.grepper@codegrepper.com" = true; + "extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org" = true; + "extensions.webextensions.ExtensionStorageIDB.migrated.{446900e4-71c2-419f-a6a7-df9c091e268b}" = true; + + + # to not show startup dialogs + "browser.eme.ui.firstContentShown" = true; + "browser.engagement.ctrlTab.has-used" = true; + "browser.engagement.downloads-button.has-used" = true; + "browser.engagement.fxa-toolbar-menu-button.has-used" = true; + "browser.engagement.home-button.has-used" = true; + "browser.engagement.library-button.has-used" = true; + "browser.engagement.sidebar-button.has-used" = true; + "distribution.archlinux.bookmarksProcessed" = true; + "distribution.canonical.bookmarksProcessed" = true; + "distribution.iniFile.exists.appversion" = "122.0a1"; + "distribution.iniFile.exists.value" = false; + "distribution.nixos.bookmarksProcessed" = true; + "browser.firefox-view.feature-tour" = ''{"message":"FIREFOX_VIEW_FEATURE_TOUR","screen":"","complete":true}''; + "trailhead.firstrun.didSeeAboutWelcome" = true; + + + # disable autofill + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "offered"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + + + # interesting + # browser.bookmarks.defaultLocation toolbar_____ + # browser.migration.version 142 + # browser.fixup.dns_first_for_single_words true + # browser.fixup.domainwhitelist.router true + # browser.startup.homepage about:blank + # extensions.activeThemeID visionary-bold-colorway@mozilla.org + # network.dns.offline-localhost false + # network.dnsCacheExpiration 0 + # pref.privacy.disable_button.cookie_exceptions false + # pref.privacy.disable_button.tracking_protection_exceptions false + # pref.privacy.disable_button.view_passwords false + + + ################### devtools not used ########################## + #devtools.aboutdebugging.collapsibilities.processes false + + #devtools.debugger.end-panel-size 57 + #devtools.debugger.event-listeners-visible true + #devtools.debugger.pause-on-caught-exceptions false + + #devtools.debugger.prefs-schema-version 11 + #devtools.debugger.remote-enabled true + #devtools.debugger.start-panel-size 155 + + + #devtools.netmonitor.msg.visibleColumns ["data","time"] + #devtools.netmonitor.panes-network-details-height 403 + #devtools.netmonitor.panes-network-details-width 549 + #devtools.netmonitor.panes-search-height 237 + #devtools.netmonitor.panes-search-width 250 + #devtools.performance.new-panel-onboarding false + #devtools.performance.recording.entries 134217728 + #devtools.performance.recording.features ["screenshots","js","stackwalk","cpu","processcpu"] + #devtools.performance.recording.threads ["GeckoMain","Compositor","Renderer","SwComposite","DOM Worker"] + #devtools.responsive.reloadNotification.enabled false + #devtools.responsive.viewport.height 732 + #devtools.responsive.viewport.width 680 + #devtools.theme auto + #devtools.theme.show-auto-theme-info false + #devtools.toolbox.footer.height 633 + #devtools.toolbox.host right + #devtools.toolbox.previousHost bottom + #devtools.toolbox.sidebar.width 431 + #devtools.toolbox.splitconsoleHeight 98 + #devtools.toolbox.tabsOrder inspector,webconsole,netmonitor,jsdebugger,styleeditor,performance,memory,storage,accessibility,application + #devtools.toolbox.zoomValue 1.2 + #devtools.toolsidebar-height.inspector 345 + #devtools.toolsidebar-width.inspector 383 + #devtools.toolsidebar-width.inspector.splitsidebar 225 + #devtools.webconsole.filter.debug false + #devtools.webconsole.filter.info false + #devtools.webconsole.input.editorOnboarding false + #devtools.webconsole.input.editorWidth 393 + #devtools.webextensions.@react-devtools.enabled true + +} diff --git a/programs/git.nix b/programs/git.nix old mode 100644 new mode 100755 index 6fc2f3b..b16536a --- a/programs/git.nix +++ b/programs/git.nix @@ -3,7 +3,7 @@ programs.git = { enable = true; userName = "Sebastian Moser"; - userEmail = "me@c2vi.dev"; + userEmail = "sebastian@c2vi.dev"; extraConfig = { core.editor = "nvim"; diff --git a/programs/lf/colors b/programs/lf/colors old mode 100644 new mode 100755 diff --git a/programs/lf/default.nix b/programs/lf/default.nix old mode 100644 new mode 100755 index 6f5eab2..3ddfb60 --- a/programs/lf/default.nix +++ b/programs/lf/default.nix @@ -113,6 +113,10 @@ keybindings = { + # sort by time + mt = ":set sortby time; set info time; set reverse"; + # sort normally + ms = ":set sortby natural; set info; set reverse!"; F = "setfilter"; P = "%pwd"; W = "nav-work"; diff --git a/programs/lf/icons b/programs/lf/icons old mode 100644 new mode 100755 diff --git a/programs/lf/lf-config b/programs/lf/lf-config deleted file mode 160000 index 1c295ce..0000000 --- a/programs/lf/lf-config +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 1c295ce7bc09c418dc9e101a0add033d74ce48b7 diff --git a/programs/lf/lf-filter.patch b/programs/lf/lf-filter.patch old mode 100644 new mode 100755 diff --git a/programs/lf/opener b/programs/lf/opener old mode 100644 new mode 100755 diff --git a/programs/neovim.nix b/programs/neovim.nix index 824259b..3ed6079 100644 --- a/programs/neovim.nix +++ b/programs/neovim.nix @@ -10,11 +10,12 @@ # typst ... TODO rust-vim dracula-vim - lf-vim + lf-vim ]; coc.enable = true; coc.settings = { + "rust-analyzer.cargo.sysroot" = "discover"; "rust-analyzer.server.path" = "/etc/profiles/per-user/me/bin/rust-analyzer"; "coc.preferences.extensionUpdateCheck" = "never"; "cSpellExt.enableDictionaries" = [ "german" ]; @@ -442,15 +443,26 @@ function Cargo_jump() local line,c = unpack(vim.api.nvim_win_get_cursor(0)) local lines = vim.api.nvim_buf_get_lines(0, 0, -1, false) + print("hiiiiiiiiiii") + print("hiiiiiiiiiii") + print("hiiiiiiiiiii") + print("hiiiiiiiiiii") + print("hiiiiiiiiiii") + print("lines", lines) + print("line", line) local line_iter = line local line_to_jump = nil local file_to_jump = nil + if line == 1 then + line_iter = 2 + end while true do - if (lines[line_iter]:sub(1,6) == "error[") then + if (lines[line_iter]:sub(1,5) == "error") then local split_line = mysplit(lines[line_iter +1], ":") line_to_jump = split_line[2] - file_to_jump = split_line[1]:sub(6, -1) + file_to_jump = split_line[1]:sub(7, -1) + file_to_jump = file_to_jump:gsub("%s+", "") break end line_iter = line_iter - 1 @@ -460,26 +472,50 @@ local abs_file_to_jump = vim.fn.getcwd() .. "/" .. file_to_jump for i,buf in pairs(buffers) do - local name = vim.api.nvim_buf_get_name(buf) - if name == abs_file_to_jump then + -- local status, name = pcall(function () vim.api.nvim_buf_get_name(buf) end) + -- if status then print("error getting buf name"); goto continue else print("got name: " .. name) end + + local name = vim.fn["bufname"](buf) + if name == "" then + -- print("buf name empty") + goto continue + end + + -- print("name: " .. name .. " file_to_jump: " .. file_to_jump) + if name == file_to_jump then local tab_num = get_tab(name) - --vim.cmd("tabn 2") + print("jumping to" .. tostring(tab_num)) + -- vim.cmd(tab_num .. "gt") + -- local keys = vim.api.nvim_replace_termcodes(""..tab_num.."gt", false, false, false) + -- vim.api.nvim_feedkeys("", "m", true) + vim.cmd("q") + vim.api.nvim_feedkeys(tab_num .. "gt", "m", false) + vim.api.nvim_feedkeys(line_to_jump .. "G", "m", false) return else end + + ::continue:: end - vim.cmd(":tabnew" .. abs_file_to_jump) + -- vim.cmd(":tabnew" .. abs_file_to_jump) end function get_tab(name) - print("there") + print("the messssssssssssssssss") local listing = vim.api.nvim_command_output("tabs") + local tab + local file for i,line in pairs(mysplit(listing, "\n")) do + print("line: " .. line) if line:sub(1,8) == "Tab page" then - local tab = line:sub(-1) + tab = line:sub(-1) print("tab:", tab) else - local file = line:sub(5,-1) + file = line:sub(5,-1) + print("file: " .. file .. " on tab: " .. tostring(tab)) + if file == name then + return tab + end end end end @@ -521,6 +557,7 @@ return buffers end + ''; }; } diff --git a/programs/rofi/default.nix b/programs/rofi/default.nix old mode 100644 new mode 100755 diff --git a/programs/ssh.nix b/programs/ssh.nix index 7bea60c..4d60991 100644 --- a/programs/ssh.nix +++ b/programs/ssh.nix @@ -8,12 +8,20 @@ }; "github.com" = { hostname = "github.com"; - identityFile = "${secretsDir}/private-key-main"; }; rpi = { port = 49388; user = "me"; }; + files = { + port = 49388; + user = "files"; + }; + rpis = { + hostname = "rpi"; + port = 49388; + user = "server"; + }; phone = { user = "u0_a345"; port = 8022; @@ -33,26 +41,26 @@ user = "me"; }; - servers = { - hostname = "server"; + fusus = { + hostname = "fusu"; user = "server"; }; - server = { - hostname = "server"; - user = "admin"; + fusu = { + hostname = "fusu"; + user = "me"; }; ocia = { hostname = "140.238.212.229"; user = "root"; - identityFile = "${secretsDir}/private-key-ocia"; + #identityFile = "${secretsDir}/private-key-ocia"; }; ocib = { hostname = "140.238.211.43"; user = "root"; - identityFile = "${secretsDir}/private-key-ocib"; + #identityFile = "${secretsDir}/private-key-ocib"; }; }; }; @@ -63,112 +71,15 @@ lush ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFevbQp0XTZOVFZTDMKzgsZn4NNEIN+SFMqUhSbF5WFo github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl rpi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOX+6B6Axx7AqgCm1H1rrou/3yOLeOLcTd8s0In0mOIY + files ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOX+6B6Axx7AqgCm1H1rrou/3yOLeOLcTd8s0In0mOIY phone ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHxg0HKtGAkwymll8r17d9cXdt40dJgRkSAzB699pWke+edne4Ildcnbde2yle01nEL7GOg92vh5t1sh6vkCzJQ= uwu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6H4kcLXH5hvXN8Ablcfo4q2MwdvVBiAdYWlc4qUiCj + [phone]:8022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN30DqIE7AMYBoKnmbDw+U01LAEC25JZjIXB+T76LBp9 + [phone]:8022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSWFzU8GrAJD/CKJby8IbUzLtbXxwYBF+QQzSRIlbx5kCS2MQjjNtLjAMdt2c8z0O2+qX9abEZXmtYfYlHCo2nCFOhhkjuzT7t6lb14wjAK2HBBWOsh2Y1WSK35FzKtWJvmYcu1uWdDZrvu44PoFITJhCAoZG6QaGlhXVGk1lpasP1qA1/guX/LJYVUGww7oSjQeeAxjKFxrLK01iD1aS60IxIHZIT4yKe//YhppC8LkJc0OnRIzmCMdNIHNXIsg0dL/8to5vA85hqJlTJAZ9qhw542Ul5C34F2z69h4hf3eslIqvVL/tci86jgX4eYiVsUZ81jFtGN3As2RpcOLz8mrC1qZgHTLqix6PaNRrQeRcfvMIH0VOiyzAFEzBI/v0wj1zthRHOg+xKfAq1hKhXarJRYw0c0wmgPUoAOUQGwoF2JGIss7D7ulKTUd7ALn8fdS8+CboFSQ709OA44pSEsAl6IfXT/gh4zHwubfT3mRbla8iQAXYD/nKF5xPQ+Jc= + [phone]:8022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEN+gaX1uwr5oY98hJYGWwBQEEDpmbJsKLY7vIfWRQo02IH36ZC0p14GOnfPLtXuHz8AoNUp7UYyNu8oXxuU/fE= + [tab]:8022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCWnKy5TnPukGMkxYGLjs4Tpu/v3x8JfxaU7dcaAcp3KhxtUDPjdSQLGEIS08L781nGpIJZRdy+jNqKiolQRRTuy7eQaZnCO+ddYQldW2OpqVGbOjS/7T7cHy+aHFJdPiltdgagfPIPColYCGCCoMi3wN7VkR49MAYOr1a0YIlfh1y0PgCbGqkYCPKO90woXPYxI+v5trYHaqNDz9O5ug7k93AHQuTQroqfyzM9vhcg8z42EpDzTs+ypdgXJYOuc4ZbH1mWkou+1SPEZxMSoNUipmwkjQ5GCEwPIpSgRoRHh2WnXU8TmLLDVteJ7zUJlLR8p93rgmp2Uo1gePCsQNiqd4XrmdgdNypUifUE5M7V5LOcuCtZJfX0XZHoo+cvVKgQqpz8MIJAFOJzCXt39/gxcytDwSbN+B4oh9CR4kGGCST/griKpR3rl+PKDap1rpGZYBlPv0ss6RNZTVnIKuv6MaFXLmmrkpaKiFX3Bmze6820BO/LXz5qoLbL8dIf0s= + [tab]:8022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKY8+fJoEuAh0KlB9/g40ImJVcFEuksckgCA5BNK1gdhGsRBkN9LE16Wu07bzVbtBhdYoGDdflI9Hr6l1Y6gu0I= + [tab]:8022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPVAyWNCCzQSOzeYibuXNPExD7YKcNczvJfc44a3zeo + [tab]:8022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdwFZf3IRa4YZyrNseofTRIDbkmdMiIXa3Gxs7wFzZN+ICwXeipfqV1Lh9C1sI4YnRIqfZlCSU+SE2dqVoQB6Uj64cdLrdslHYvgsR9PY3vVtrYypGfE1XTkLvD516x4mFofo22A9j8fK95fcMwpWLtNnv9SVBIT3V+4fUlbRCngdJ1V2cOd41JIwBrIxmRJ6X5v/SEqajmnVneqEmsqGgGA7JBJBCMSz5wwmZzWrTpzwj4SAD5b1z/R12DZfFHmgJCZYcMbjDgUiD5khsOwCCflH8DtO41PkOZRqDlpPPT9al7qhhESwxE6w5gIvaVh6HJljSCNw9OCQWONotv3gF9tVs6sZXsWxRZ2R0oIeA3rnM+mZxEtxElc2MKLVlsQ9SM2Xcr3J4Y43cWm7m03cDOz+iZecxs2qKAgn5Au72fudapDAtiCuYjKlMGEgbWX3CmxL0n/Uo32yfTRXnEHWMzXezmdGsuHUzk/sHTL8z5RVyzIBNl2HGlhldFbATuwRxXyBW9JIuEll+rW9Jm0MvpT3KoD/Q5aXDVH+21l6SSNBcjvZu00WNiYDD+gFR4BlewobtacGNOR4ErjxVZ10d8p6S5smadmo/RmbjhrVJK8EzigJPsVxEEjtuVq+jAQCvLTZCpEyDF/cBv60vIu4CyZkoAq1UaL64m7nIhR/8Yw== ''; - - home.file.".ssh/rpi/local".text = '' - Host config - HostName 192.168.1.2 - User config - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - #RemoteCommand cd /svn/config; bash - - Host rpi - HostName 192.168.1.2 - User admin - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host files - HostName 192.168.1.2 - User files - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host rpis - HostName 192.168.1.2 - User server - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - ''; - - home.file.".ssh/rpi/remote".text = '' - Host config - HostName sebastian.dns.army - User config - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - #RemoteCommand cd /svn/config; bash - - Host rpi - HostName sebastian.dns.army - User admin - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host files - HostName sebastian.dns.army - User files - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host rpis - HostName sebastian.dns.army - User server - Port 49388 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - ''; - - home.file.".ssh/rpi/wstunnel".text = '' - Host config - HostName localhost - User config - Port 55555 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - #RemoteCommand cd /svn/config; bash - - Host rpi - HostName localhost - User admin - Port 55555 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host files - HostName localhost - User files - Port 55555 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - - Host rpis - HostName localhost - User server - Port 55555 - AddKeysToAgent yes - #UseKeychain yes - IdentityFile ${secretsDir}/private-key-main - ''; } diff --git a/programs/zathura.nix b/programs/zathura.nix old mode 100644 new mode 100755 diff --git a/scripts/nav/.nav_db b/scripts/nav/.nav_db old mode 100644 new mode 100755 diff --git a/scripts/nav/db b/scripts/nav/db old mode 100644 new mode 100755 diff --git a/scripts/nav/lf-raw-mode-shell-pipe/main.py b/scripts/nav/lf-raw-mode-shell-pipe/main.py old mode 100644 new mode 100755 diff --git a/scripts/nav/lf-raw-mode-shell-pipe/test.py b/scripts/nav/lf-raw-mode-shell-pipe/test.py old mode 100644 new mode 100755 diff --git a/scripts/nav/main.py b/scripts/nav/main.py old mode 100644 new mode 100755 diff --git a/scripts/size.py b/scripts/size.py old mode 100644 new mode 100755 diff --git a/scripts/sync-school.sh b/scripts/sync-school.sh new file mode 100755 index 0000000..9996613 --- /dev/null +++ b/scripts/sync-school.sh @@ -0,0 +1,34 @@ + +filter=--exclude="./Forms" + +# Geschichte +#echo "###################### Geschichte ######################" +#rclone copy -vv --exclude share-geschichte:Kursmaterialien/Forms share-geschichte:Kursmaterialien ~/work/htl/geschichte/class-materials/ 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/class-materials: /' + +# DE +echo "########################## DE ##########################" +rclone copy -vv $filter share-de-class-materials: ~/work/htl/de/class-materials/ 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/class-materials: /' + + +# HWE +#echo "########################## HWE #########################" +#rclone copy -vv $fliter share-hwe:Freigegebene\ Dokumente/General ~/work/htl/projekt/teams-documents/ 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/teams-documents: /' + + +#rclone copy -vv $filter share-hwe:Class\ Files/Assignments ~/work/htl/projekt/assignments-teams 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/assignments-teams: /' + +# DIC +echo "########################## DIC #########################" +rclone copy -vv $filter share-dic-teams-documents:General ~/work/htl/dic/teams-documents 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/teams-documents: /' + +rclone copy -vv $filter share-dic-class-materials: ~/work/htl/dic/class-materials 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/class-materials: /' + + +# KSN +echo "########################## KSN #########################" +rclone copy -vv --exclude share-ksn-class-materials:Kursmaterialien/Forms $filter share-ksn-class-materials: ~/work/htl/ksn/class-materials 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/class-materials: /' + +# M +echo "########################### M ##########################" +rclone copy -vv $filter share-math-teams-documents:General ~/work/htl/math/teams-documents 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/teams-documents: /' +rclone copy -vv $filter share-math-class-materials: ~/work/htl/math/class-materials 2>&1 >/dev/null | grep Copied --color=never | awk -F':' '{print $4}' | cut -c 2- | sed 's/^/class-materials: /' diff --git a/scripts/win b/scripts/win index 8ad6d16..77d33aa 100755 --- a/scripts/win +++ b/scripts/win @@ -9,7 +9,7 @@ default_vm_uuid=win #default_vm_uuid=6a412143-871f-4838-bacd-5dcfa5fa95c3 username=me -password=$(cat ~/.mysecrets/win-vm-pwd) +password=$(cat ~/work/here/secrets/win-vm-pwd) if [ "$1" == "-o" ];then cmd=$5 diff --git a/users/common/home.nix b/users/common/home.nix index 6678ccf..960f119 100644 --- a/users/common/home.nix +++ b/users/common/home.nix @@ -1,7 +1,8 @@ -{ config, pkgs, self, secretsDir, inputs, persistentDir, ... }: +{ config, pkgs, self, secretsDir, inputs, hostname, ... }: { # The home.stateVersion option does not have a default and must be set home.stateVersion = "23.05"; + nixpkgs.config.allowUnfree = true; imports = [ inputs.nix-index-database.hmModules.nix-index @@ -24,15 +25,21 @@ home.sessionPath = [ "${self}/mybin" ]; home.file = { - ".rclone.conf".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/rclone-conf"; + ".subversion/config".text = '' [miscellany] global-ignores = node_modules target ''; # documentation for this config file: https://svnbook.red-bean.com/en/1.7/svn.advanced.confarea.html - }; + + # rclone.conf only on main + } // (if hostname == "main" then { ".rclone.conf".source = config.lib.file.mkOutOfStoreSymlink "${secretsDir}/rclone-conf"; } else {}); home.packages = with pkgs; [ - hostname + borgbackup + rclone + archivemount + nmon + pkgs.hostname vim tree htop @@ -52,6 +59,9 @@ wget tmux wireguard-tools + xorg.xauth + wakeonlan + # python.... (python310.withPackages (p: with p; [ pandas @@ -75,6 +85,10 @@ ''; })) # */ + + # self packaged colored bandwith meter + (pkgs.callPackage ../../mods/cbm.nix {}) + ]; # */ diff --git a/users/files/headless.nix b/users/files/headless.nix index d2473ed..863653a 100644 --- a/users/files/headless.nix +++ b/users/files/headless.nix @@ -3,7 +3,9 @@ users.users.files = { isNormalUser = true; password = "changeme"; + group = "files"; }; + users.groups.files = {}; home-manager.extraSpecialArgs = { inherit self; @@ -13,9 +15,9 @@ home-manager.users.files = import ../common/home.nix; users.users.files.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWsqiz0gEepvPONYxqhKKq4Vxfe1h+jo11k88QozUch me@bitwarden" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAioUu4ow6k+OMjjLdzogiQM4ZEM3TNekGNasaSDzQQE me@phone" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAgNB1nsKZ5KXnmR6KWjQLfwhFKDispw24o8M7g/nbR me@bitwarden" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/mCDzCBE2J1jGnEhhtttIRMKkXMi1pKCAEkxu+FAim me@main" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmwi4ovyqhX/5YwGUZqntVD+i44qL+Nxf9Ubj4XxV9n me@acern" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIh7LDjwojcjJM8puPqFibx9zPn/k1cYgWXNQf0ZbC4 me@hpm" diff --git a/users/me/default.nix b/users/me/default.nix deleted file mode 100644 index 2446b00..0000000 --- a/users/me/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, secretsDir, inputs, ... }: -{ - users.users.me = { - isNormalUser = true; - #passwordFile = "${secretsDir}/me-pwd"; - password = "changeme"; - extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; # Enable ‘sudo’ for the user. - }; - - #home-manager._module.args = { inherit inputs; }; - home-manager.users.me = import ./home.nix; - - fonts.fonts = with pkgs; [ - hack-font - ]; -} diff --git a/users/me/home.nix b/users/me/gui-home.nix old mode 100644 new mode 100755 similarity index 59% rename from users/me/home.nix rename to users/me/gui-home.nix index fd76b61..568ada5 --- a/users/me/home.nix +++ b/users/me/gui-home.nix @@ -1,5 +1,5 @@ -{ config, pkgs, self, secretsDir, inputs, persistentDir, ... }: +{ config, pkgs, self, workDir, inputs, persistentDir, system, ... }: { imports = [ @@ -7,9 +7,11 @@ # my gui programs ../../programs/alacritty.nix - ../../programs/emacs/default.nix + # stalls the build + #../../programs/emacs/default.nix ../../programs/rofi/default.nix ../../programs/zathura.nix + ../../programs/firefox/default.nix ]; gtk.cursorTheme = { @@ -23,19 +25,24 @@ }; }; + home.sessionVariables = { + inherit system; + }; + services.dunst.enable = true; home.file = { - ".mysecrets/root-pwd".text = "changeme"; + ".mysecrets/root-pwd".text = "changemehiiii"; ".mysecrets/me-pwd".text = "changeme"; - ".mozilla/firefox".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox"; + #".mozilla/firefox".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/firefox"; ".cache/rofi-3.runcache".source = config.lib.file.mkOutOfStoreSymlink "${persistentDir}/rofi-run-cache"; }; home.packages = with pkgs; [ + btrfs-progs # packages that i might not need everywhere?? wstunnel @@ -77,20 +84,18 @@ gparted xorg.xkill xorg.xmodmap + inkscape # my own packages supabase-cli - (inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.overrideAttrs (old: { - NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ [ "-O3" "-march=native" "-fPIC" ]; - })) - # base-devel gcc # rust cargo rust-analyzer + rustc #localPacketTracer8 @@ -101,26 +106,52 @@ libvirt virt-manager freerdp + (pkgs.writeShellApplication { + name = "log"; + #runtimeInputs = [ inputs.my-log.packages.${system}.pythonForLog ]; + #text = "cd /home/me/work/log/new; nix develop -c 'python ${workDir}/log/new/client.py'"; + text = ''${inputs.my-log.packages.${system}.pythonForLog}/bin/python ${workDir}/log/new/client.py "$@"''; + }) (pkgs.writeShellApplication { name = "rpi"; text = let - myPythonRpi = pkgs.writers.writePython3Bin "myPythonRpi" { libraries = [pkgs.python310Packages.dnspython]; } '' + myPythonRpi = pkgs.writers.writePython3Bin "myPythonRpi" { libraries = [pkgs.python311Packages.dnspython]; } '' # flake8: noqa import os + import re import sys import subprocess import dns.resolver + import socket, struct + + def get_default_gateway_linux(): + """Read the default gateway directly from /proc.""" + with open("/proc/net/route") as fh: + for line in fh: + fields = line.strip().split() + if fields[1] != '00000000' or not int(fields[3], 16) & 2: + # If not default route or not RTF_GATEWAY, skip it + continue + if fields[0] != "wlp2s0": + # only check on wlan interface + continue + + return socket.inet_ntoa(struct.pack("