c2vi/dotfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

screen capture no longer working

Browse Source
This commit is contained in:
Sebastian Moser
2026-04-14 19:10:25 +02:00
parent 8e5316761c
commit 4a62c235f1
19 changed files with 358 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/fasu.nix
View File

@@ -10,7 +10,7 @@
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
../users/root/default.nix
../users/server/headles.nix
../users/server/headless.nix
];
# allow acern to ssh into server
@@ -26,9 +26,6 @@
}
];
services.tailscale.enable = true;
#fileSystems."/boot" = {
# device = "/dev/disk/by-label/fusu-boot";
# fsType = "fat32";

8
hosts/fe.nix
View File

@@ -25,8 +25,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix"
];
services.tailscale.enable = true;
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
@@ -74,12 +72,6 @@
networking.firewall.allowPing = true;
networking.firewall.enable = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
443 # couchdb for obsidian live sync https
44444 # resilio sync
9000 # resilio webui
];
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [

26
hosts/fusu.nix
View File

@@ -51,9 +51,6 @@ in {
services.tailscale.enable = true;
services.resilio = {
enable = true;
enableWebUI = true;
@@ -61,19 +58,17 @@ in {
checkForUpdates = false;
listeningPort = 44444;
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPortRanges = [
{from = 8000; to = 10000;}
];
@@ -86,6 +81,10 @@ in {
device = "storage";
fsType = "zfs";
};
fileSystems."/data" = {
device = "storage";
fsType = "zfs";
};
# Use the GRUB 2 boot loader.
boot.loader.grub = {
@@ -124,6 +123,7 @@ in {
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [
22
8888 # for general usage
9999 # for general usage
8080 # for mitm proxy
@@ -163,6 +163,7 @@ in {
];
environment.systemPackages = with pkgs; [
tcpdump
sshfs
ntfs3g
virtiofsd
@@ -223,8 +224,9 @@ in {
text = ''
ip=$(curl -4 my.ip.fi)
curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}"
curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip"
#curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}"
curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-mati"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-mati-token"}"
# curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip"
# https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-to-dynamically-update-the-hosts-ip-with-an-https-request/
'';

61
hosts/lush.nix
View File

@@ -9,6 +9,7 @@
inputs.networkmanager.nixosModules.networkmanager
../common/all.nix
../common/nixos.nix
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
@@ -31,6 +32,7 @@
powerOnBoot = true;
};
};
swapDevices = [ { device = "/swapfile"; } ];
# get usbip working
boot.extraModulePackages = [
@@ -68,8 +70,6 @@
services.blueman.enable = true;
hardware.enableRedistributableFirmware = true;
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [
linuxPackages.usbip
vim
@@ -107,6 +107,63 @@
X11UseLocalhost no
'';
};
########################### kiosk ############################
boot.plymouth.enable = true;
services.dbus.enable = true;
fonts.enableDefaultPackages = true;
xdg.icons.enable = true;
gtk.iconCache.enable = true;
services.udisks2.enable = false;
hardware.opengl.enable = true;
systemd.services."cage@" = {
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
wantedBy = [ "graphical.target" ];
conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service"
restartIfChanged = false;
serviceConfig = {
ExecStart = "${pkgs.cage}/bin/cage -d -- /home/me/here/mize/target/debug/ppc c2vi-dash";
User = "root";
# ConditionPathExists = "/dev/tty0";
IgnoreSIGPIPE = "no";
# Log this user with utmp, letting it show up with commands 'w' and
# 'who'. This is needed since we replace (a)getty.
UtmpIdentifier = "%I";
UtmpMode = "user";
# A virtual terminal is needed.
TTYPath = "/dev/%I";
TTYReset = "yes";
TTYVHangup = "yes";
TTYVTDisallocate = "yes";
# Fail to start if not controlling the virtual terminal.
StandardInput = "tty-fail";
#StandardOutput = "syslog";
#StandardError = "syslog";
# Set up a full (custom) user session for the user, required by Cage.
PAMName = "cage";
};
};
security.pam.services.cage.text = ''
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
session required ${pkgs.systemd}/lib/security/pam_systemd.so
'';
systemd.targets.graphical.wants = [ "cage@tty1.service" ];
systemd.defaultUnit = "graphical.target";
####################################### networking ##########################

22
hosts/mac.nix
View File

@@ -22,7 +22,6 @@ in {
../users/root/default.nix
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
#services.pid-fan-controller.enable = true;
@@ -62,19 +61,6 @@ in {
4410 # lan-mouse
];
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ];
@@ -95,6 +81,9 @@ in {
firewall_backend = "nftables"
'';
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
@@ -189,7 +178,7 @@ in {
position = "left";
hostname = "main";
activate_on_startup = true;
ips = [ "192.168.4.2" "100.71.47.106" ];
ips = [ "192.168.4.2" "100.88.218.34" ];
port = 4410;
}
];
@@ -451,7 +440,8 @@ in {
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
interface-name = "wlp3s0";
autoconnect-priority = "100";
#autoconnect-priority = "100";
autoconnect = false;
};
wifi = {
mode = "ap";

105
hosts/main.nix
View File

@@ -44,6 +44,15 @@
obs-teleport
];
};
documentation.enable = true;
documentation.man.enable = true;
fileSystems."/home/me/nico" = {
device = "100.88.28.123:/data/incus/default-pool/containers/nico/rootfs/root/work/";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
# virtual display
/*
@@ -85,18 +94,6 @@
};
*/
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
programs.fuse.userAllowOther = true;
@@ -189,7 +186,7 @@
position = "right";
hostname = "mac";
activate_on_startup = true;
ips = [ "192.168.4.3" "100.100.55.117" ];
ips = [ "192.168.4.3" "100.88.112.181" ];
port = 4410;
}
];
@@ -202,23 +199,6 @@
virtualisation.vmVariant.services.timesyncd.enable = lib.mkForce false;
services.tailscale.enable = true;
services.resilio = {
enable = false;
enableWebUI = true;
httpListenAddr = "100.71.47.106";
checkForUpdates = false;
listeningPort = 44444;
};
users.users.me.homeMode = "770"; # important for resilio
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
];
virtualisation.waydroid.enable = true;
@@ -563,7 +543,6 @@
8080 # for mitm proxy
51820 # wireguard
6000 # Xserver
10000 # tailscale tcp funnel
4405 # clipboard sync with imac
];
@@ -574,7 +553,6 @@
53 # allow dns
48899 # GoodWe inverter discovery
4410 # lan-mouse
41641 # tailscale
];
#networking.search = [ "c2vi.local" ];
@@ -590,11 +568,11 @@
uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet";
autoconnect-priority = "-999";
interface-name = "enp0s13f0u1u4u3";
interface-name = "enp0s20f0u4u4u3";
};
ipv4 = {
address2 = "192.168.4.2/24";
dns = "1.1.1.1;";
dns = "100.88.218.34;";
method = "manual";
};
};
@@ -666,7 +644,7 @@
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
dns = "100.88.218.34;";
method = "auto";
};
};
@@ -693,7 +671,7 @@
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
dns = "100.88.218.34;";
method = "auto";
};
};
@@ -918,6 +896,61 @@
'';
# */
############################## suspend and hibernate http server ###################################
networking.firewall.interfaces.nb-ppc.allowedTCPPorts = [ 46733 ];
systemd.services.power-http-control =
let
powerHttpServer = pkgs.writeTextFile {
name = "power-http-server";
destination = "/bin/power-http-server.py";
executable = true;
text = ''
#!${pkgs.python3}/bin/python3
from http.server import BaseHTTPRequestHandler, HTTPServer
import subprocess
HOST = "0.0.0.0"
PORT = 46733
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path == "/suspend":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Suspending")
subprocess.Popen(["systemctl", "suspend"])
elif self.path == "/shutdown":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Shutting down")
subprocess.Popen(["systemctl", "hibernate"])
else:
self.send_response(404)
self.end_headers()
self.wfile.write(b"Not found")
def log_message(self, format, *args):
pass
HTTPServer((HOST, PORT), Handler).serve_forever()
'';
};
in
{
description = "Simple HTTP server for suspend/shutdown";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${powerHttpServer}/bin/power-http-server.py";
Restart = "always";
RestartSec = 5;
Type = "simple";
};
};
############################## swap and hibernate ###################################

8
hosts/te.nix
View File

@@ -18,7 +18,6 @@ in {
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
networking.hostName = "te";
@@ -308,7 +307,10 @@ in {
############### disk config
# the flash drive in use for te
#disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0";
disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
#disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
# the 500G ssd previously in fusu
disko.devices.disk.root.device = "/dev/disk/by-id/ata-WDC_PC_SN520_SDAPNUW-256G-1006_190399802515";
disko.devices = {
disk = {
root = {
@@ -334,7 +336,7 @@ in {
};
root = {
size = "240G";
size = "100G";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";