diff --git a/README.md b/README.md index f4ab78f..2233f94 100644 --- a/README.md +++ b/README.md @@ -10,3 +10,11 @@ @ Old Computers - laptop (Acer Swift 3) † 2025-08-05 + +``` +nixos-anywhere -- \ + --flake .#kiosk \ + --generate-hardware-config nixos-generate-config ./machines/kiosk/hardware-configuration.nix \ + + --target-host fw@192.168.1.186 +``` diff --git a/maskiner/core/disk-config.nix b/maskiner/core/disk-config.nix new file mode 100644 index 0000000..91f6ebd --- /dev/null +++ b/maskiner/core/disk-config.nix @@ -0,0 +1,41 @@ +{ lib, ... }: + +{ + disko.devices = { + disk = { + main = { + device = lib.mkDefault "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "1G"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + swap = { + size = "101G"; + content = { + type = "swap"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/maskiner/core/hardware-configuration.nix b/maskiner/core/hardware-configuration.nix index eab8768..0a580c3 100644 --- a/maskiner/core/hardware-configuration.nix +++ b/maskiner/core/hardware-configuration.nix @@ -8,24 +8,24 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/751f2210-9f0a-46da-bc62-25ede9a5f8a7"; + { device = "/dev/disk/by-uuid/23905182-cee8-4336-8b2f-803dbd761c84"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/1947-AC4C"; + { device = "/dev/disk/by-uuid/39A0-5A5F"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/0eea714d-1c2f-4981-b25b-920205959594"; } + [ { device = "/dev/disk/by-uuid/d599597d-d111-48a3-98e9-da81075e38f8"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/moduler/base.nix b/moduler/base.nix index 43087ca..3b3ae7e 100644 --- a/moduler/base.nix +++ b/moduler/base.nix @@ -6,9 +6,6 @@ ... }: { - sops.defaultSopsFile = ../secrets/sops.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - nixpkgs = { config = { allowUnfree = true; @@ -96,7 +93,7 @@ garamond-libre ]; - i18n.defaultLocale = "en_US.UTF-8"; + i18n.defaultLocale = "sv_SE.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "sv_SE.UTF-8"; LC_IDENTIFICATION = "sv_SE.UTF-8"; diff --git a/moduler/dev.nix b/moduler/dev.nix index b403cb1..9a099c9 100644 --- a/moduler/dev.nix +++ b/moduler/dev.nix @@ -1,9 +1,6 @@ { inputs, - lib, - config, pkgs, - myhostname, ... }: let @@ -22,24 +19,23 @@ in inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default # Nix - devenv nixfmt-rfc-style # Docker - dive + # dive lazydocker # Jobb - dotnetCorePackages.dotnet_9.sdk gh - awscli - minio-client + # awscli + # minio-client + # dotnetCorePackages.dotnet_9.sdk # opentofu # azure-cli # jira-cli-go # Blogging - zola + # zola # System Design # sqlc @@ -48,10 +44,10 @@ in # Web Dev # tailwindcss - prettierd + # prettierd # Go - go + # go # air # templ # go-migrate-pg @@ -59,13 +55,13 @@ in # Build git gcc - gnumake - cmake + # gnumake + # cmake # System Tools yq jq git - qrencode + # qrencode ]; } diff --git a/moduler/lsp.nix b/moduler/lsp.nix new file mode 100644 index 0000000..218048f --- /dev/null +++ b/moduler/lsp.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + + environment.systemPackages = with pkgs; [ + nixd + dockerfile-language-server + bash-language-server + helm-ls + yaml-language-server + lua-language-server + marksman + + # tofu-ls + # gopls + # omnisharp-roslyn + # nodejs_22 + # vue-language-server + # vtsls + # typescript + # typescript-language-server + # nodePackages.vscode-json-languageserver + # tailwindcss-language-server + ]; +} diff --git a/moduler/network.nix b/moduler/network.nix index 069bd23..81cf4c0 100644 --- a/moduler/network.nix +++ b/moduler/network.nix @@ -15,13 +15,12 @@ }; environment.systemPackages = with pkgs; [ - networkmanagerapplet - networkmanager - iperf3 + # networkmanager dnsutils - aria2 - nmap - ipcalc + # nmap + # ipcalc + # iperf3 + # networkmanagerapplet # (octodns.withProviders (ps: [ # octodns-providers.gandi diff --git a/moduler/programs.nix b/moduler/programs.nix index 5f9d802..4eeb050 100644 --- a/moduler/programs.nix +++ b/moduler/programs.nix @@ -8,17 +8,51 @@ { services.udev = { extraRules = '' - KERNEL=="ttyACM0", MODE:="666" - ACTION=="add", KERNEL=="sd[a-e][0-9]", ENV{ID_FS_UUID}=="3039-3932", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/sdcard" - ACTION=="add", KERNEL=="sd[a-e]", ENV{ID_FS_UUID}=="66BA-4EBA", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/kobo" - KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput" - ''; + KERNEL=="ttyACM0", MODE:="666" + ACTION=="add", KERNEL=="sd[a-e][0-9]", ENV{ID_FS_UUID}=="3039-3932", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/sdcard" + ACTION=="add", KERNEL=="sd[a-e]", ENV{ID_FS_UUID}=="66BA-4EBA", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/kobo" + KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput" + ''; packages = with pkgs; [ vial via ]; }; - + home-manager.users.fw = { + xdg.mimeApps = { + enable = true; + defaultApplications = { + "text/html" = "librewolf.desktop"; + "x-scheme-handler/http" = "librewolf.desktop"; + "x-scheme-handler/https" = "librewolf.desktop"; + "x-scheme-handler/about" = "librewolf.desktop"; + "x-scheme-handler/unknown" = "librewolf.desktop"; + "text/plain" = "nvim.desktop"; + "text/markdown" = "nvim.desktop"; + "text/x-markdown" = "nvim.desktop"; + "application/json" = "nvim.desktop"; + "application/x-ndjson" = "nvim.desktop"; + "application/x-yaml" = "nvim.desktop"; + "text/yaml" = "nvim.desktop"; + "text/x-shellscript" = "nvim.desktop"; + "text/x-python" = "nvim.desktop"; + "text/x-csrc" = "nvim.desktop"; + "text/x-c++src" = "nvim.desktop"; + "application/x-sql" = "nvim.desktop"; + "text/xml" = "nvim.desktop"; + "application/xml" = "nvim.desktop"; + "application/pdf" = "org.gnome.Evince.desktop"; + "image/jpeg" = "feh.desktop"; + "image/png" = "feh.desktop"; + "image/gif" = "feh.desktop"; + "image/webp" = "feh.desktop"; + "image/tiff" = "feh.desktop"; + "image/bmp" = "feh.desktop"; + "image/svg+xml" = "feh.desktop"; + }; + }; + }; + environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.librewolf}/bin/librewolf"; environment.systemPackages = with pkgs; [ # GUI @@ -29,10 +63,10 @@ slack drawio evince - spotify - firefox + spotify + firefox - # ansible + # ansible # freecad-wayland # TUI diff --git a/moduler/programs/waybar/waybar-latte.css b/moduler/programs/waybar/waybar-latte.css index 2c691a1..8c11c19 100644 --- a/moduler/programs/waybar/waybar-latte.css +++ b/moduler/programs/waybar/waybar-latte.css @@ -60,14 +60,14 @@ button { /* hover */ button:hover { background: rgba(255,255,255,0.08); - box-shadow: inset 0 -3px @green; + box-shadow: inset 0 -3px @peach; } /* active (no CSS transform in GTK; simulate press with padding + shadow) */ button:active { padding-top: 1px; /* nudge down visually */ padding-bottom: 1px; /* keep height stable */ - box-shadow: inset 0 -2px @green; + box-shadow: inset 0 -2px @peach; color: @base; } @@ -88,9 +88,9 @@ button:active { } #workspaces button.active, #workspaces button.focused { - background: @green; + background: @peach; color: @base; - box-shadow: inset 0 -3px @green; + box-shadow: inset 0 -3px @peach; } #workspaces button.urgent { @@ -101,7 +101,7 @@ button:active { /* -------- Clock -------- */ #clock { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -109,7 +109,7 @@ button:active { /* -------- Mpris -------- */ #mpris { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -117,7 +117,7 @@ button:active { /* -------- Pavu -------- */ #pulseaudio { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -125,7 +125,7 @@ button:active { /* -------- Bluetooth -------- */ #bluetooth { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -133,7 +133,7 @@ button:active { /* -------- Upower -------- */ #upower { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -141,7 +141,7 @@ button:active { /* -------- Network -------- */ #network { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -149,5 +149,5 @@ button:active { /* -------- Helpers -------- */ @keyframes blink { - to { background-color: @green; color: @base; } + to { background-color: @peach; color: @base; } } diff --git a/moduler/programs/waybar/waybar-mocha.css b/moduler/programs/waybar/waybar-mocha.css index 220f27b..71edc44 100644 --- a/moduler/programs/waybar/waybar-mocha.css +++ b/moduler/programs/waybar/waybar-mocha.css @@ -60,14 +60,14 @@ button { /* hover */ button:hover { background: rgba(255,255,255,0.08); - box-shadow: inset 0 -3px @green; + box-shadow: inset 0 -3px @peach; } /* active (no CSS transform in GTK; simulate press with padding + shadow) */ button:active { padding-top: 1px; /* nudge down visually */ padding-bottom: 1px; /* keep height stable */ - box-shadow: inset 0 -2px @green; + box-shadow: inset 0 -2px @peach; color: @base; } @@ -88,9 +88,9 @@ button:active { } #workspaces button.active, #workspaces button.focused { - background: @green; + background: @peach; color: @base; - box-shadow: inset 0 -3px @green; + box-shadow: inset 0 -3px @peach; } #workspaces button.urgent { @@ -101,7 +101,7 @@ button:active { /* -------- Clock -------- */ #clock { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -109,7 +109,7 @@ button:active { /* -------- Mpris -------- */ #mpris { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -117,7 +117,7 @@ button:active { /* -------- Pavu -------- */ #pulseaudio { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -125,7 +125,7 @@ button:active { /* -------- Bluetooth -------- */ #bluetooth { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -133,7 +133,7 @@ button:active { /* -------- Upower -------- */ #upower { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -141,7 +141,7 @@ button:active { /* -------- Network -------- */ #network { - background: @green; + background: @peach; color: @base; font-weight: 600; letter-spacing: 0.2px; @@ -149,5 +149,5 @@ button:active { /* -------- Helpers -------- */ @keyframes blink { - to { background-color: @green; color: @base; } + to { background-color: @peach; color: @base; } } diff --git a/moduler/services/nextcloud/default.nix b/moduler/services/nextcloud/default.nix new file mode 100644 index 0000000..62a56c9 --- /dev/null +++ b/moduler/services/nextcloud/default.nix @@ -0,0 +1,102 @@ +{ + lib, + pkgs, + config, + myhost, + ... +}: +let + cfg = config.services.nextcloud; + srv = cfg.settings.server; +in +with lib; +{ + options = { + nextcloud = { + enable = mkEnableOption "enables nextcloud"; + port = lib.mkOption { + type = lib.types.int; + default = 8003; + description = "The port that Nextcloud is served on."; + }; + domain = lib.mkOption { + type = lib.types.str; + default = "files.wastring.com"; + description = "The hostname that Nextcloud is served on."; + }; + }; + }; + config = mkMerge [ + (mkIf config.nextloud.enable { + services.nginx = { + virtualHosts.${config.nextcloud.domain} = { + forceSSL = true; + enableACME = true; + }; + }; + + sops.secrets.nextcloud-admin-password = { }; + sops.secrets.nextcloud-fw-password = { }; + sops.secrets.nextcloud-disa-password = { }; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = config.nextcloud.domain; + https = true; + configureRedis = true; + config.adminpassFile = config.sops.secrets.nextcloud-admin-password.path; + config.dbtype = "sqlite"; + ensureUsers = { + fw = { + email = "fredrik@wastring.com"; + passwordFile = config.sops.secrets.nextcloud-fw-password.path; + }; + disa = { + email = "disahorner@hotmail.com"; + passwordFile = config.sops.secrets.nextcloud-disa-password.path; + }; + }; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + contacts + calendar + onlyoffice + ; + }; + extraAppsEnable = true; + settings.enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + }; + + services.fail2ban = { + enable = true; + jails = { + nextcloud.settings = { + backend = "systemd"; + journalmatch = "SYSLOG_IDENTIFIER=Nextcloud"; + enabled = true; + port = 443; + protocol = "tcp"; + filter = "nextcloud"; + maxretry = 3; + bantime = 86400; + findtime = 43200; + }; + }; + }; + }) + ]; + +} diff --git a/moduler/system.nix b/moduler/system.nix index 52f6139..c80b28c 100644 --- a/moduler/system.nix +++ b/moduler/system.nix @@ -21,9 +21,6 @@ poppler-utils - imagemagick - pandoc - alsa-utils sops @@ -33,19 +30,16 @@ wget htop procps - btop - procs - dysk grc vim fastfetch bc - sysstat - lm_sensors - ethtool - pciutils - usbutils + # sysstat + # lm_sensors + # ethtool + # pciutils + # usbutils fzf eza @@ -57,40 +51,37 @@ fortune cowsay - openssl - lazygit hyprpicker typst typstyle tinymist - - ( - let - base = pkgs.appimageTools.defaultFhsEnvArgs; - in - pkgs.buildFHSEnv ( - base - // { - name = "fhs"; - targetPkgs = - pkgs: - # pkgs.buildFHSUserEnv provides only a minimal FHS environment, - # lacking many basic packages needed by most software. - # Therefore, we need to add them manually. - # - # pkgs.appimageTools provides basic packages required by most software. - (base.targetPkgs pkgs) - ++ (with pkgs; [ - pkg-config - ncurses - # Feel free to add more packages here if needed. - ]); - profile = "export FHS=1"; - runScript = "bash"; - extraOutputsToInstall = [ "dev" ]; - } - ) - ) + # ( + # let + # base = pkgs.appimageTools.defaultFhsEnvArgs; + # in + # pkgs.buildFHSEnv ( + # base + # // { + # name = "fhs"; + # targetPkgs = + # pkgs: + # # pkgs.buildFHSUserEnv provides only a minimal FHS environment, + # # lacking many basic packages needed by most software. + # # Therefore, we need to add them manually. + # # + # # pkgs.appimageTools provides basic packages required by most software. + # (base.targetPkgs pkgs) + # ++ (with pkgs; [ + # pkg-config + # ncurses + # # Feel free to add more packages here if needed. + # ]); + # profile = "export FHS=1"; + # runScript = "bash"; + # extraOutputsToInstall = [ "dev" ]; + # } + # ) + # ) ]; } diff --git a/moduler/users.nix b/moduler/users.nix index 9d979d0..369153c 100644 --- a/moduler/users.nix +++ b/moduler/users.nix @@ -4,13 +4,13 @@ ... }: { - sops.secrets.user-password = { }; +# sops.secrets.user-password = { }; users = { defaultUserShell = pkgs.bash; - mutableUsers = false; users = { fw = { - hashedPasswordFile = config.sops.secrets.user-password.path; + # hashedPasswordFile = config.sops.secrets.user-password.path; + initialPassword = "password"; isNormalUser = true; description = "Fredrik Wastring"; extraGroups = [