merge

2025-04-07 14:02:44 +02:00 · 2025-04-07 14:02:44 +02:00 · 125ad513d7
commit 125ad513d7
parent a72d432188 fa10334a54
16 changed files with 197 additions and 82 deletions
--- a/config/base.nix
+++ b/config/base.nix
@ -50,8 +50,20 @@
 	liveRestore = false;
  };

+	  hardware.pulseaudio.enable = false;
+	security.rtkit.enable = true;
+	services = {
+		tailscale = {
+			enable = true;
+		};
+		pipewire = {
+			enable = true;
+			alsa.enable = true;
+			alsa.support32Bit = true;
+			pulse.enable = true;
+		};
+	};
  hardware = {
-    pulseaudio.enable = true;
    bluetooth = {
      enable = true;
      powerOnBoot = true;
@ -64,12 +76,10 @@
  };

  networking.networkmanager.enable = true;
-  networking.nameservers = [ "8.8.8.8"];
-  networking.resolvconf.enable = pkgs.lib.mkForce false;
-networking.dhcpcd.extraConfig = "nohook resolv.conf";
-networking.networkmanager.dns = "none";
-services.resolved.enable = false;
-
+  networking.nameservers = [ "8.8.8.8" ];
+  # networking.resolvconf.enable = pkgs.lib.mkForce false;
+# networking.dhcpcd.extraConfig = "nohook resolv.conf";
+# networking.networkmanager.dns = "none";

  environment.sessionVariables = {
    EDITOR  = "nvim";
@ -118,6 +128,7 @@ services.resolved.enable = false;
 		neovim
 		git
 		openssh
+		rofi
 	];


--- a/config/home.nix
+++ b/config/home.nix
@ -11,8 +11,9 @@
  imports = [
    ../shared/dwm.nix
    ../shared/vscode.nix
-    ../shared/dmenu.nix
-	../shared/rofi.nix
+    # ../shared/dmenu.nix
+	# ../shared/rofi.nix
+	# ../shared/mpv.nix
    ../shared/kitty.nix
    ../shared/alacritty.nix
    ../shared/tmux.nix
@ -59,8 +60,8 @@
 	bluez
 	bluez-tools
 	unstable.betterlockscreen
-	tmux
-	unstable.fzf
+	# tmux
+	fzf
 	eza
 	btop
 	thttpd
@ -68,21 +69,30 @@
 	openssl
 	dig
 	jq
+	wireguard-tools
+	acpi
+	light

 	# Dev
+	unstable.fluxcd
+	argocd
+	gh
 	unstable.deno
 	unstable.hugo
 	unstable.logstash
 	ngrok
 	tailwindcss
-	nodejs_22
-	gh-f
-	gh
+	nodejs_23
 	yarn
 	plantuml
 	go
-	dotnetCorePackages.sdk_8_0_3xx
+	# dotnetCorePackages.sdk_8_0_3xx
+	dotnetCorePackages.sdk_9_0_1xx
 	templ
+	goa
+	azuredatastudio
+	mdbtools
+	prettierd

 	#Tools
 	qrencode
@ -93,26 +103,27 @@
 	kubectl

 	#LSP
-	roslyn
+	# roslyn
 	roslyn-ls
+	dockerfile-language-server-nodejs
+	docker-compose-language-service
+	bash-language-server
 	python312Packages.python-lsp-server
 	yaml-language-server
+	lua-language-server
+	typescript
    nil
 	jdt-language-server
 	texlab
 	marksman
-	nodePackages_latest.bash-language-server
-	typescript
-	nodePackages_latest.typescript-language-server
-	nodePackages_latest.vls
-	nodePackages_latest.volar
-	lua-language-server
 	tree-sitter
+	vue-language-server
+	typescript-language-server
 	gopls
 	rust-analyzer

 	# UI
-	rofi-bluetooth
+	# rofi-bluetooth
 	pastel
 	imagemagick

@ -121,6 +132,7 @@
    networkmanagerapplet
    networkmanager-l2tp
    strongswan
+	networkmanager_strongswan

 	# Display
    scrot
@ -137,8 +149,8 @@
 	poppler_utils

 	#Desktop
+	fluent-reader
 	unstable.feishin
-    firefox
 	libreoffice
 	unstable.signal-desktop
 	pinta
@ -146,7 +158,7 @@
 	vial
    thunderbird
 	alacritty
-    unstable.neovim
+    neovim
    fastfetch
    lazygit
 	byzanz
--- a/config/lill-home.nix
+++ b/config/lill-home.nix
@ -128,7 +128,7 @@
    zathura
    thunderbird
 	alacritty
-    unstable.neovim
+    neovim
    fastfetch
    lazygit
 	byzanz
--- a/flake.nix
+++ b/flake.nix
@ -3,12 +3,12 @@

  inputs = {
    # Nixpkgs
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
 	nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 	fw-pkgs.url = "github:fwastring/fwpkgs/main";

    # Home manager
-    home-manager.url = "github:nix-community/home-manager/release-24.05";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
  };

@ -72,12 +72,12 @@
 		};
        modules = [./maskiner/work-desktop/configuration.nix];
      };
-      lillen = nixpkgs.lib.nixosSystem {
+      macmini = nixpkgs.lib.nixosSystem {
        specialArgs = {
 			inherit inputs outputs;
-			myhostname = "lillen";
+			myhostname = "macmini";
 		};
-        modules = [./maskiner/lillen/configuration.nix];
+        modules = [./maskiner/macmini/configuration.nix];
      };
    };

--- a/jobb/users.nix
+++ b/jobb/users.nix
@ -35,6 +35,14 @@
          "docker"
        ];
      };
+      runner = {
+        initialPassword = "password";
+        isNormalUser = true;
+        description = "github runner";
+        extraGroups = [ 
+          "docker"
+        ];
+      };
    };
  };
 }
--- a/maskiner/laptop/hardware-configuration.nix
+++ b/maskiner/laptop/hardware-configuration.nix
@ -14,17 +14,18 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/af77f921-bcba-43c6-8670-a90e1bde1915";
+    { device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a";
      fsType = "ext4";
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/346C-F5FE";
+    { device = "/dev/disk/by-uuid/3340-1019";
      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
-    [ { device = "/dev/disk/by-uuid/3fa47cf3-f18d-4ab7-80e5-39bfaeada0d1"; }
+    [ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; }
    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/maskiner/macmini/configuration.nix
+++ b/maskiner/macmini/configuration.nix
@ -0,0 +1,53 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  myhostname,
+  ...
+}: {
+  # You can import other NixOS modules here
+  imports = [
+    ./hardware-configuration.nix
+	../../config/users.nix
+  ];
+
+	environment.systemPackages = with pkgs; [
+		unstable.lego
+	];
+networking.firewall = {
+  enable = true;
+  allowedTCPPorts = [ 80 443 3000 8384 22000];
+  allowedUDPPortRanges = [
+    { from = 4000; to = 4007; }
+    { from = 8000; to = 8010; }
+  ];
+};
+
+   networking.firewall.allowedUDPPorts = [ 22000 21027 ];
+
+	services = {
+		openssh = {
+			enable = true;
+			ports = [22];
+			settings = {
+				PermitRootLogin = "no";
+				PasswordAuthentication = false;
+				X11Forwarding = true;
+			};
+			extraConfig = ''
+			  AllowUsers fw
+			'';
+		};
+	  };
+
+
+  security.rtkit.enable = true;
+  networking.hostName = myhostname;
+
+  services.xserver.dpi = 100;
+
+  system.stateVersion = "24.11";
+}
--- a/maskiner/macmini/hardware-configuration.nix
+++ b/maskiner/macmini/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" "wl" ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1c7e7116-3486-45a8-90c0-d3deea8e96b0";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B70D-941F";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0b1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/maskiner/server/configuration.nix
+++ b/maskiner/server/configuration.nix
@ -30,7 +30,7 @@
 	];
 	fileSystems."/data" = {
 	  fsType = "fuse.mergerfs";
-	  device = "/mnt/drive*";
+	  device = "/mnt/extern*";
 	  options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"];
 	};

@ -96,7 +96,11 @@
  console.keyMap = "sv-latin1";
  programs.zsh.enable = true;

+	security.auditd.enable = true;
  services = {
+  	fail2ban = {
+		enable = true;
+	};
  xserver = {
 	enable = true;
 	displayManager = {
--- a/maskiner/work-desktop/configuration.nix
+++ b/maskiner/work-desktop/configuration.nix
@ -12,7 +12,8 @@
  imports = [
    ./hardware-configuration.nix
 	../../config/base.nix
-	../../config/users.nix
+	../../shared/openssh.nix
+	../../jobb/users.nix
  ];

  	environment.systemPackages = with pkgs; [
--- a/shared/dwm.nix
+++ b/shared/dwm.nix
@ -3,7 +3,7 @@ let
  dwm = pkgs.dwm.overrideAttrs (old: {
    src = builtins.fetchGit {
      url = "https://github.com/FredzyW/dwm-conf.git";
-      rev = "05276318843d1bfe90a8aae266c9e997bf97e577";
+      rev = "7e10a592cbfd1cea2b6c5e77c3738716a390eb65";
    };
    nativeBuildInputs = with pkgs; [ 
      xorg.libX11.dev
@ -28,3 +28,5 @@ in
  home.packages = [ dwm dwmblocks ];
 }

+
+
--- a/shared/firefox.nix
+++ b/shared/firefox.nix
@ -9,7 +9,7 @@
            builtins.fetchGit {
                url = "https://github.com/rockofox/firefox-minima";
                ref = "main";
-                rev = "c5580fd04e9b198320f79d441c78a641517d7af5"; # <-- Change this
+                rev = "dc40a861b24b378982c265a7769e3228ffccd45a"; # <-- Change this
            }
          }/userChrome.css";
          '';
--- a/shared/fish.nix
+++ b/shared/fish.nix
@ -61,6 +61,8 @@
 		set SYSTEM_DIR "$FLAKE_DIR#jobb"
 		set -Ux FZF_CTRL_R_OPTS "--reverse"
 		set -Ux FZF_TMUX_OPTS "-p"
+		set -e GOROOT
+		set -e GOPATH

 		# Mocha
 		set -Ux FZF_DEFAULT_OPTS "\
--- a/shared/kitty.nix
+++ b/shared/kitty.nix
@ -11,12 +11,12 @@
      # name = "Iosevka Nerd Font Bold";
      # name = "ComicShannsMono Nerd Font Bold";
      name = "Hack Nerd Font Mono Bold";
-      size = 13;
+      size = 12;
    };
    shellIntegration = {
      mode = "no-cursor";
    };
-    theme = "Catppuccin-Mocha";
+    themeFile = "Catppuccin-Mocha";
    settings = {
      confirm_os_window_close = 2;
      cursor_shape = "block";
--- a/shared/ssh.nix
+++ b/shared/ssh.nix
@ -27,42 +27,12 @@
        user = "fw";
        identityFile = "/home/fw/.ssh/fw-ssh-key";
      };
-      "ha1" = {
-        hostname = "192.168.0.180";
-        port = 22;
-        user = "fw";
-        identityFile = "/home/fw/.ssh/fw-ssh-key";
-      };
-      "ha2" = {
-        hostname = "192.168.0.133";
-        port = 22;
-        user = "fw";
-        identityFile = "/home/fw/.ssh/fw-ssh-key";
-      };
-      "ha3" = {
-        hostname = "192.168.0.120";
-        port = 22;
-        user = "fw";
-        identityFile = "/home/fw/.ssh/fw-ssh-key";
-      };
-      "ha4" = {
-        hostname = "192.168.0.52";
-        port = 22;
-        user = "fw";
-        identityFile = "/home/fw/.ssh/fw-ssh-key";
-      };
      "mac" = {
        hostname = "192.168.0.149";
        port = 22;
        user = "ifacts";
        identityFile = "/home/fw/.ssh/ifacts-ssh-key";
      };
-      "backups" = {
-        hostname = "192.168.0.120";
-        port = 22;
-        user = "github";
-        identityFile = "/home/fw/.ssh/github-ssh-key";
-      };
      "malmo" = {
        hostname = "192.168.0.138";
        port = 22;
@ -86,6 +56,30 @@
        user = "fw";
        identityFile = "/home/fw/.ssh/id_rsa";
      };
+      "kube01" = {
+        hostname = "192.168.0.177";
+        port = 22;
+        user = "fw";
+        identityFile = "/home/fw/.ssh/fw-ssh-key";
+      };
+      "runner01" = {
+        hostname = "192.168.0.184";
+        port = 22;
+        user = "fw";
+        identityFile = "/home/fw/.ssh/fw-ssh-key";
+      };
+      "docker03" = {
+        hostname = "192.168.0.118";
+        port = 22;
+        user = "fw";
+        identityFile = "/home/fw/.ssh/fw-ssh-key";
+      };
+      "table" = {
+        hostname = "192.168.0.157";
+        port = 22;
+        user = "fw";
+        identityFile = "/home/fw/.ssh/fw-ssh-key";
+      };
    };
  };
 }
--- a/shared/tmux.nix
+++ b/shared/tmux.nix
@ -7,16 +7,6 @@
 		tmuxPlugins.sensible
 		tmuxPlugins.pain-control
 		tmuxPlugins.sessionist
-		tmuxPlugins.logging
-		{
-			plugin = tmuxPlugins.resurrect;
-			extraConfig = ''
-				resurrect_dir="$HOME/.tmux/resurrect"
-				set -g @resurrect-dir $resurrect_dir
-				set -g @resurrect-hook-post-save-all 'target=$(readlink -f $resurrect_dir/last); sed "s| --cmd .*-vim-pack-dir||g; s|/etc/profiles/per-user/$USER/bin/||g" $target | sponge $target'
-				set -g @resurrect-strategy-nvim 'session'
-			'';
-		}
 		{
 			plugin = tmuxPlugins.continuum;
 			extraConfig = ''
@ -24,8 +14,6 @@
 				set -g @continuum-restore 'on'
 			'';
 		}
-		fw-pkgs.tmuxPlugins.spotify
-		fw-pkgs.tmuxPlugins.tmux-fzf-window
 		{
 			plugin = fw-pkgs.tmuxPlugins.minimal;
 			extraConfig = ''