c2vi/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Sebastian Moser
2025-06-19 10:32:25 +02:00
parent 618f678235
commit 919673e994
14 changed files with 530 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
hosts/fusu.nix
View File

@@ -146,6 +146,7 @@
];
environment.systemPackages = with pkgs; [
sshfs
ntfs3g
virtiofsd
bcache-tools
@@ -390,5 +391,108 @@
};
############################## backups to fusu ##################################
users.users.borgs = {
uid = 2000;
isNormalUser = true;
group = "borgs";
};
users.groups.borgs = {
gid = 2000;
};
home-manager.users.borgs = { secretsDir, ... }: {
imports = [
../users/common/home.nix
];
home.file.".ssh/known_hosts".text = ''
195.201.148.94 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuxoYAjNYi3q2SFlzoVQTePcsnmT+qFHuaiiclC+S5I
195.201.148.94 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtDgdBTd8apRMBTweK9ZMRTdFqkU1mbKQDmyXSXbhSQAYwlgkmh1ee4TBE4nt/2b28QT5AqWOazVraqlAoSp+n7GwdsPH26lhbuF+ZVHq05X3RuJLmbhOsa6QlPzjSHiyj+Onkmj9DyXwKhhMErGcT1n2nhC4Oi007qsqcYQIB/YJ7hmMDABMzm9Bwd5Rk6xsDfz+9umvSMpwtfctpKixoVq90Fe3X6wloo5sgXpqfdP1IDFxfiaDp6nOQuOhvcA1Z67oGpW3T8CbZ5aDqA8e1vtpkl7oT3YolR+5153B/e0zOSAk8AabfkLdvrReECg2AHloH7hf9TOBVH0RVZluK+GRVJoaO2b3EspwIlThdQthiZH5/6vwDLsY6zNw6bUlKNntcNbJ5ZHc7zVv03Zlbpp6aWye0O3HR1PkaOo7pragEX9VAGj8Af2fNinSZVtd30gZlRFhLXQRAad+gC9R/5Q9X7V9BZBbWZ3J9DCP5zFoM9Y2R2YySjHX8Dmy7Jps=
195.201.148.94 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFh44c1Efqv/g8lvjDSY6uBYevByf1fg4BhLVcfYudqrSSSwbeaPrv6B+M5psrHo6/zthciDzp4oYUG8ANVRWs=
[localhost]:49388 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFr1jHueUdsh4Bc9meR1Var4hbZKLCnZGfCSpsP0oOeS
[localhost]:49388 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHr9ZzEzC+2s1YNfPsFqDMbZv+o4XG2tEWlAF3DzzgdDawwxSj963qR46OqefPO+yiPBR/x3tFjXtSQ96qDcum9fzuiSzB+z5+/Zhs7VWEPi9ugGTDLFpX823EQrgcVKFE4jWnGsx6Ek8C9YojKgKf5afHG+ww2jNhTPHgVTrQkqo0JzUEnfjhJ/1/WluzpiGHfIy9re5MU10f2z9Vja7M0oDZ/Je+zavA4tlQpZ3URQnCEKC2vf7DhtwYBAOuyXKMdUSaTNdeTytmDjxdhJ38q8bwTHtfLUBzyYjW012Q5d1+/g1dqInu99uN/+UjTJc/GFiqLCE0tmco1GafptnKHJLgDC93vE832G5qvxhykfUAJdNW58kbWugeQm6Rb0i1UL5ckVHurMZT9BL6E9LKV0SewozyBtnA21RKu1vsheN86N0uBLwn3v1r0H3xPL4+S1WbmpXpIoCAoyTLc2janw2Gt22W1p08tv+a+lntFVqBn5ZSpcaUxQ6wRQQAfokqDh5YUzb+Tu9Fxi483qb6bd18io3kMLDre3G4xXqlvAB386Uj8iAYivmZIPBEFDCWBVki9LzWPfQGumgYN0CqSM6Gpqk0RnyU1CNPACEGaRpE1ph4Dgl9NQzRCiw/fEUiMZy1CTkly1YCiqSpp2iMmsJw+QJjfAbehEP+Tl8NIQ==
'';
programs.ssh = {
enable = true;
matchBlocks = {
"*" = {
identityFile = "/home/borgs/backups/borgs-private";
};
ouranos = {
hostname = "195.201.148.94";
user = "root";
};
fusus = {
hostname = "localhost";
user = "server";
port = 49388;
};
};
};
};
# automatically creates the mountpoint as well!!
fileSystems."/home/borgs/backups" = {
device = "/home/files/storage/backups/servers";
options = [ "bind" ];
};
# ouranus
systemd.services.backup-ouranos-minecraft = {
enable = true;
description = "backup the /var/minecraft folder on ouranus to fusu";
unitConfig = {
Type = "simple";
};
path = with pkgs; [ socat borgbackup openssh ];
serviceConfig = {
ExecStart = "/home/borgs/backups/ouranos-minecraft.sh";
User = "borgs";
Group = "borgs";
WorkingDirectory = "/home/borgs/backups";
};
wants = [ "home-files-storage.mount" ];
};
systemd.timers.backup-ouranos-minecraft = {
wantedBy = [ "timers.target" ];
timerConfig = {
#OnBootSec = "5m";
#nUnitActiveSec = "1d";
OnCalendar = "*-*-* 04:00:00";
Persistent = "True";
Unit = "backup-ouranos-minecraft.service";
};
};
# ouranus
systemd.services.backup-fusu-server = {
enable = true;
description = "backup the ~/server folder on fusus";
unitConfig = {
Type = "simple";
};
path = with pkgs; [ socat borgbackup openssh ];
serviceConfig = {
ExecStart = "/home/borgs/backups/fusu-server.sh";
User = "borgs";
Group = "borgs";
WorkingDirectory = "/home/borgs/backups";
};
wants = [ "home-files-storage.mount" ];
};
systemd.timers.backup-fusu-server = {
wantedBy = [ "timers.target" ];
timerConfig = {
#OnBootSec = "5m";
#OnUnitActiveSec = "1d";
OnCalendar = "*-*-* 04:00:00";
Persistent = "True";
Unit = "backup-fusu-server.service";
};
};
}

1
hosts/lush.nix
View File

@@ -70,6 +70,7 @@
environment.systemPackages = with pkgs; [
linuxPackages.usbip
vim
bluez
git

102
hosts/mac.nix
View File

@@ -1,4 +1,4 @@
{ secretsDir, pkgs, inputs, ... }: let
{ lib, secretsDir, pkgs, inputs, ... }: let
myobs = pkgs.wrapOBS {
plugins = with pkgs.obs-studio-plugins; [
@@ -17,8 +17,9 @@ in {
inputs.home-manager.nixosModules.home-manager
inputs.networkmanager.nixosModules.networkmanager
../users/me/headless.nix
../users/me/gui.nix
../users/root/default.nix
../common/nixos-wayland.nix
];
networking.hostName = "mac";
@@ -39,12 +40,25 @@ in {
8888 # for general usage
9999 # for general usage
6000 # Xserver
6666 # vnc sway
5900 # vnc for win VM
5901 # vnc
5902 # vnc
4400 # rdp win VM
4401 # ssh for mandroid
4402 # random
4403 # random
4404 # random
4405 # clipboard sync
];
networking.firewall.allowedUDPPorts = [
48899 # GoodWe inverter discovery
4410 # lan-mouse
];
swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ];
boot.extraModprobeConfig = "options kvm_intel nested=1";
@@ -72,6 +86,8 @@ in {
};
environment.systemPackages = with pkgs; [
linuxPackages.usbip
helvum
passt
mount
pkgs.hicolor-icon-theme
@@ -121,6 +137,64 @@ in {
'';
};
home-manager.users.me.home.file.".config/sway/config".text = ''
exec ${pkgs.wayvnc}/bin/wayvnc 0.0.0.0 6666
#exec 'wl-paste -w ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405'
#exec 'sh -c "while true; do ${pkgs.netcat-openbsd}/bin/nc -l 4405 | wl-copy; done"'
#exec 'sh -c "while true; do cat ~/clipboard | wl-paste; done"'
'';
home-manager.users.me.programs.lan-mouse = {
enable = true;
systemd = true;
settings = {
authorized_fingerprints."f1:f2:c8:38:fd:e9:34:2f:a0:79:49:b4:ca:d6:4e:c6:31:10:42:1b:9f:ba:61:6f:41:9a:b7:ce:1a:32:47:a1" = "main";
port = 4410;
clients = [
{
position = "left";
hostname = "main";
activate_on_startup = true;
ips = [ "192.168.1.11" ];
port = 4410;
#enter_hook = "${pkgs.wl-clipboard}/bin/wl-paste | ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405";
enter_hook = "/run/current-system/sw/bin/cat /home/me/.cache/clipboard | ${pkgs.netcat-openbsd}/bin/nc 192.168.1.11 4405 -N";
}
];
};
};
home-manager.users.me.systemd.user.services.lan-mouse.Service.Environment = "PATH=/bin";
users.users.me.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgKLRF9iYRH3Y8hPjLX1ZY6GyavruqcQ0Q0Y8bnmpv9 me@tab"
];
#services.greetd.enable = lib.mkForce false;
services.greetd = lib.mkForce {
enable = true;
settings = rec {
terminal.vt = 2;
initial_session = {
command = "${pkgs.writeScriptBin "run-sway" ''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export SDL_VIDEODRIVER=wayland
export _JAVA_AWT_WM_NONREPARENTING=1
export QT_QPA_PLATFORM=wayland
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_DESKTOP=sway
exec sway > /tmp/sway-log 2>&1
''}/bin/run-sway";
user = "me";
};
default_session = initial_session;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
###################################################### the kiosk stuff
boot.plymouth.enable = true;
@@ -184,21 +258,6 @@ in {
networking.networkmanager.enable = true;
networking.networkmanager.profiles = {
home = {
connection = {
id = "home";
uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet";
autoconnect-priority = "-999";
interface-name = "enp2s0";
};
ipv4 = {
address1 = "192.168.1.33/24,192.168.1.1";
dns = "1.1.1.1;";
method = "manual";
};
};
pw = {
connection = {
id = "pw";
@@ -234,11 +293,15 @@ in {
interface-name = "wlp3s0";
};
wifi = {
mac-address = "0C:96:E6:E3:64:03";
mode = "ap";
ssid = "c2vi-mac";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = builtins.readFile "${secretsDir}/wifi-password";
};
ipv4 = {
method = "shared";
};
@@ -273,7 +336,7 @@ in {
id = "dhcp";
uuid = "c006389a-1697-4f77-91c3-95b466f85f13";
type = "ethernet";
autoconnect = "false";
autoconnect = true;
interface-name = "enp2s0";
};
@@ -283,6 +346,7 @@ in {
ipv4 = {
method = "auto";
address1 = "192.168.1.33/24,192.168.1.1";
};
};

66
hosts/main.nix
View File

@@ -36,8 +36,14 @@
#services.openssh.enable = true;
programs.fuse.userAllowOther = true;
services.sunshine = {
enable = false;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
/*
package = pkgs.sunshine.overrideAttrs {
src = pkgs.fetchFromGitHub {
@@ -73,11 +79,6 @@
fetchSubmodules = true;
};
});
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
};
@@ -88,6 +89,26 @@
home-manager.users.me.programs.lan-mouse = {
enable = true;
settings = {
authorized_fingerprints."0d:4f:2c:8a:46:d5:6a:e2:22:c9:02:89:39:da:75:69:2d:e9:32:39:d7:dc:e6:e2:50:d6:20:22:a5:26:d4:44" = "mac";
port = 4410;
clients = [
{
position = "right";
hostname = "mac";
activate_on_startup = true;
ips = [ "192.168.1.33" ];
port = 4410;
#enter_hook = "${pkgs.wl-clipboard}/bin/wl-paste | ${pkgs.openssh}/bin/ssh mac 'cat > ~/clipboard'";
#enter_hook = "/run/current-system/sw/bin/echo hooooooooooo > /home/me/p1";
enter_hook = "/run/current-system/sw/bin/cat /home/me/.cache/clipboard | /run/current-system/sw/bin/ssh mac 'cat >~/clipboard'";
}
];
};
};
home-manager.users.me.systemd.user.services.lan-mouse.Service.Environment = "PATH=/bin";
@@ -123,9 +144,17 @@
programs.nix-ld.enable = true;
programs.steam.enable = true;
home-manager.users.me.home.file.".config/sway/config".text = ''
exec ${pkgs.wayvnc}/bin/wayvnc 0.0.0.0 6666
#exec wl-paste -w ${pkgs.netcat-openbsd}/bin/nc 192.168.1.33 4405
#exec 'wl-paste -w ssh mac "cat > ~/clipboard"'
#exec 'sh -c "while true; do ${pkgs.netcat-openbsd}/bin/nc -l 4405 | wl-copy; done"'
'';
################# make firefox default browser
environment.sessionVariables.DEFAULT_BROWSER = "firefox"; # for electron apps
xdg.mime.defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
@@ -223,8 +252,27 @@
# shedule nix builds with low priority, so the laptop is still usable while building something
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIONiceLevel = 7;
systemd.services.nix-daemon.serviceConfig.Nice = 9;
nix.daemonIOSchedClass = "idle";
systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = lib.mkForce "idle";
systemd.services.nix-daemon.serviceConfig.IOSchedulingPriority = lib.mkForce "idle";
systemd.services.nix-daemon.serviceConfig.CPUWeight= lib.mkForce "idle";
/*
systemd.services.nix-daemon.serviceConfig.CPUQuota = lib.mkForce "100%";
systemd.services.nix-daemon.environment = {
LD_PRELOAD = "${pkgs.trickle}/lib/trickle/trickle-overload.so";
TRICKLE_WINDOW_SIZE = "200";
TRICKLE_UPLOAD_LIMIT = "10";
TRICKLE_LSMOOTH = "20";
TRICKLE_VERBOSE = "0";
TRICKLE_SOCKNAME = "";
TRICKLE_ARGV = "alacritty";
TRICKLE_TSMOOTH = "3.0";
TRICKLE_DOWNLOAD_LIMIT = "30";
};
nix.extraOptions = ''
download-speed = 30
'';
*/
# enable ntp
#services.ntp.enable = true;
@@ -360,6 +408,7 @@
51820 # wireguard
6000 # Xserver
10000 # tailscale tcp funnel
4405 # clipboard sync with imac
];
networking.firewall.allowedUDPPorts = [
@@ -367,6 +416,8 @@
51820 # wireguard
67 # allow DHCP traffic
53 # allow dns
48899 # GoodWe inverter discovery
4410 # lan-mouse
];
#networking.search = [ "c2vi.local" ];
@@ -544,6 +595,7 @@
};
ipv4 = {
address1 = "192.168.1.11/24,192.168.1.1";
method = "auto";
};
};