From c5fc9d6c85e36cb4849c3ce67d6c9222224bc0d0 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:02:29 +0200 Subject: [PATCH 1/6] added modules --- maskiner/desktop/configuration.nix | 47 +++++++++++++++++++++++++++--- moduler/kitchenowl.nix | 7 +++++ moduler/vaultwarden.nix | 8 +++-- uninstall.sh | 23 +++++++++++++++ 4 files changed, 78 insertions(+), 7 deletions(-) create mode 100644 moduler/kitchenowl.nix create mode 100755 uninstall.sh diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 59e4fb4..9de83e0 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -14,6 +14,7 @@ ./hardware-configuration.nix ../../moduler/base.nix ../../moduler/users.nix + ../../moduler/kitchenowl.nix #../../moduler/nginx.nix #../../moduler/k3s.nix ../../moduler/vaultwarden.nix @@ -22,12 +23,50 @@ environment.systemPackages = with pkgs; [ unstable.lego -k9s -neovim + k9s + neovim + git ]; - services.tailscale.enable = true; - services.tailscale.package = pkgs.unstable.tailscale; + services.kitchenowl = { + enable = true; + hostName = "shop.wastring.com"; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "fredrik@wastring.com"; + certs."shop.wastring.com" = { + dnsProvider = "gandiv5"; + webroot = null; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; + }; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + # other Nginx options + virtualHosts."shop.wastring.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = + # required when the target is also TLS server with multiple hosts + "proxy_ssl_server_name on;" + + + # required when the server wants to use HTTP Authentication + "proxy_pass_header Authorization;"; + }; + }; + }; + + + # services.tailscale.enable = true; + # services.tailscale.package = pkgs.unstable.tailscale; networking.hostName = myhostname; diff --git a/moduler/kitchenowl.nix b/moduler/kitchenowl.nix new file mode 100644 index 0000000..508a158 --- /dev/null +++ b/moduler/kitchenowl.nix @@ -0,0 +1,7 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.services.kitchenowl; +in +{ +} + diff --git a/moduler/vaultwarden.nix b/moduler/vaultwarden.nix index 8d21b29..eeeb165 100644 --- a/moduler/vaultwarden.nix +++ b/moduler/vaultwarden.nix @@ -3,14 +3,17 @@ }: { + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + }; security.acme = { acceptTerms = true; defaults.email = "fredrik@wastring.com"; certs."pass.wastring.com" = { dnsProvider = "gandiv5"; webroot = null; - credentialsFile = /run/secrets/gandi_key; - dnsPropagationCheck = true; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; }; }; services.nginx = { @@ -42,7 +45,6 @@ ROCKET_PORT = 8222; DOMAIN = "https://pass.wastring.com"; SIGNUPS_ALLOWED = true; - LOG_FILE = "/var/lib/bitwarden_rs/access.log"; }; }; } diff --git a/uninstall.sh b/uninstall.sh new file mode 100755 index 0000000..acf6b2e --- /dev/null +++ b/uninstall.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -x +systemctl stop k3s +systemctl disable k3s +systemctl daemon-reload +rm -f /etc/systemd/system/k3s.service +rm -f /usr/local/bin/k3s +if [ -L /usr/local/bin/kubectl ]; then + rm -f /usr/local/bin/kubectl +fi +if [ -L /usr/local/bin/crictl ]; then + rm -f /usr/local/bin/crictl +fi +if [ -e /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs ]; then + kill -9 `cat /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs` +fi +umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/run/k3s'` +umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/var/lib/rancher/k3s'` + +rm -rf /var/lib/rancher/k3s +rm -rf /etc/rancher/k3s + +rm -f /usr/local/bin/k3s-uninstall.sh From d079b29b7809606ac0a478a2c723fc3d17a2a918 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:06:06 +0200 Subject: [PATCH 2/6] Added kitchnowl --- maskiner/desktop/configuration.nix | 8 ++++---- moduler/kitchenowl.nix | 26 +++++++++++++++++++++++--- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 9de83e0..9274407 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -28,10 +28,10 @@ git ]; - services.kitchenowl = { - enable = true; - hostName = "shop.wastring.com"; - }; + # services.kitchenowl = { + # enable = true; + # hostName = "shop.wastring.com"; + # }; security.acme = { acceptTerms = true; diff --git a/moduler/kitchenowl.nix b/moduler/kitchenowl.nix index 508a158..1109fbf 100644 --- a/moduler/kitchenowl.nix +++ b/moduler/kitchenowl.nix @@ -1,7 +1,27 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.services.kitchenowl; -in +in { + virtualisation.oci-containers = { + backend = "podman"; + containers = { + kitchenowl = { + image = "tombursch/kitchenowl:latest"; + volumes = [ + "${cfg.datadir}:/data" + ]; + ports = [ "127.0.0.1:8080:8080" ]; + environment = { + JWT_SECRET_KEY = "jkdlaksjdljlkjlq"; + } + ; + }; + }; + }; } - From c777814de4b70dca2c5de683c6e5359794dd7e81 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:07:51 +0200 Subject: [PATCH 3/6] camelCase --- moduler/kitchenowl.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/moduler/kitchenowl.nix b/moduler/kitchenowl.nix index 1109fbf..d439f27 100644 --- a/moduler/kitchenowl.nix +++ b/moduler/kitchenowl.nix @@ -14,7 +14,7 @@ in kitchenowl = { image = "tombursch/kitchenowl:latest"; volumes = [ - "${cfg.datadir}:/data" + "${cfg.dataDir}:/data" ]; ports = [ "127.0.0.1:8080:8080" ]; environment = { From 7f89ce17abcfa9863244558a117fbbdbeac2d398 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:13:13 +0200 Subject: [PATCH 4/6] moved kitchenowl --- maskiner/desktop/configuration.nix | 5 ----- moduler/kitchenowl.nix | 3 +-- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 9274407..f0aa608 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -28,11 +28,6 @@ git ]; - # services.kitchenowl = { - # enable = true; - # hostName = "shop.wastring.com"; - # }; - security.acme = { acceptTerms = true; defaults.email = "fredrik@wastring.com"; diff --git a/moduler/kitchenowl.nix b/moduler/kitchenowl.nix index d439f27..9d351a4 100644 --- a/moduler/kitchenowl.nix +++ b/moduler/kitchenowl.nix @@ -5,7 +5,6 @@ ... }: let - cfg = config.services.kitchenowl; in { virtualisation.oci-containers = { @@ -14,7 +13,7 @@ in kitchenowl = { image = "tombursch/kitchenowl:latest"; volumes = [ - "${cfg.dataDir}:/data" + "/var/kitchenowl:/data" ]; ports = [ "127.0.0.1:8080:8080" ]; environment = { From fbd8f1fc9603f55db06dff1e243ddcb007465e52 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:30:23 +0200 Subject: [PATCH 5/6] Added radicale --- maskiner/desktop/configuration.nix | 19 +++++++++---------- moduler/radicale.nix | 29 +++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 10 deletions(-) create mode 100644 moduler/radicale.nix diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index f0aa608..11cc477 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -15,6 +15,7 @@ ../../moduler/base.nix ../../moduler/users.nix ../../moduler/kitchenowl.nix + ../../moduler/radicale.nix #../../moduler/nginx.nix #../../moduler/k3s.nix ../../moduler/vaultwarden.nix @@ -23,34 +24,33 @@ environment.systemPackages = with pkgs; [ unstable.lego - k9s - neovim - git + k9s + neovim + git ]; - security.acme = { + + security.acme = { acceptTerms = true; defaults.email = "fredrik@wastring.com"; certs."shop.wastring.com" = { dnsProvider = "gandiv5"; webroot = null; - credentialsFile = /run/secrets/gandi_key; - dnsPropagationCheck = true; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; }; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; - # other Nginx options virtualHosts."shop.wastring.com" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8080"; - proxyWebsockets = true; # needed if you need to use WebSocket + proxyWebsockets = true; extraConfig = - # required when the target is also TLS server with multiple hosts "proxy_ssl_server_name on;" + # required when the server wants to use HTTP Authentication @@ -59,7 +59,6 @@ }; }; - # services.tailscale.enable = true; # services.tailscale.package = pkgs.unstable.tailscale; diff --git a/moduler/radicale.nix b/moduler/radicale.nix new file mode 100644 index 0000000..cc55891 --- /dev/null +++ b/moduler/radicale.nix @@ -0,0 +1,29 @@ +{ + ... +}: +{ + + security.acme = { + certs."cal.wastring.com" = { + dnsProvider = "gandiv5"; + webroot = null; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; + }; + }; + services.nginx = { + virtualHosts."cal.wastring.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:5232"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;"; + }; + }; + }; + services.radicale = { + enable = true; + settings.server.hosts = [ "0.0.0.0:5232" ]; + }; +} From f8bfb3cb69bea19e1a0519b0df7c65f670057824 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:32:06 +0200 Subject: [PATCH 6/6] Added laptop --- flake.nix | 2 +- maskiner/laptop/configuration.nix | 71 +++++++++++----------- maskiner/laptop/hardware-configuration.nix | 10 +-- moduler/hyprland.nix | 1 + moduler/radicale.nix | 5 +- 5 files changed, 47 insertions(+), 42 deletions(-) diff --git a/flake.nix b/flake.nix index 6e43330..75b9fac 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,7 @@ ( { nixpkgs, ... }: { - nixpkgs.overlays = [ overlay-unstable ]; + nixpkgs.overlays = [ overlay-unstable overlay-fw-pkgs ]; } ) ./maskiner/laptop/configuration.nix diff --git a/maskiner/laptop/configuration.nix b/maskiner/laptop/configuration.nix index 762036b..936e1d8 100644 --- a/maskiner/laptop/configuration.nix +++ b/maskiner/laptop/configuration.nix @@ -1,59 +1,60 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + { inputs, - lib, config, pkgs, myhostname, ... }: +let +in { - # You can import other NixOS modules here imports = [ ./hardware-configuration.nix + ../../moduler/base.nix + + inputs.home-manager.nixosModules.home-manager ../../moduler/users.nix + ../../moduler/network.nix + ../../moduler/programs.nix + ../../moduler/system.nix + ../../moduler/dev.nix + ../../moduler/lsp.nix + ../../moduler/hyprland.nix + ../../moduler/sound.nix ]; + home-manager.extraSpecialArgs = { inherit inputs pkgs; }; + home-manager.users.fw = { + imports = [ + ./../../moduler/home.nix + ]; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + networking.hostName = myhostname; - services.xserver.dpi = 140; services = { - openssh = { + tailscale = { enable = true; - ports = [ 55504 ]; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - X11Forwarding = true; + package = pkgs.unstable.tailscale; + }; + searx = { + enable = true; + redisCreateLocally = true; + settings.server = { + bind_address = "::1"; + port = 8000; + secret_key = "alsjdioefj.asdi"; }; - extraConfig = '' - AllowUsers fw - ''; }; }; - services.syncthing = { - enable = true; - user = "fw"; - openDefaultPorts = true; # Open ports in the firewall for Syncthing - dataDir = "/home/fw"; # default location for new folders - configDir = "/home/fw/.config/syncthing"; - settings = { - devices = { - "laptop" = { id = "SCW3Z3J-NQHIKXZ-T4MR7JR-YE2VL4S-RDZ7W4F-PMSPWCQ-SGF2XLQ-CDQ3SQT"; }; - "fw-iphone" = { id = "CWKHS4T-PTMW6A7-EBKRQJW-YOLUWIX-CC5IBYD-Z4LDXTO-MMRHXYM-A2FA2AQ"; }; - }; - folders = { - "vaults" = { - path = "/home/fw/vaults"; - devices = [ "laptop" "fw-iphone" ]; - ignorePerms = false; # Enable file permission syncing - }; - }; - }; - }; - system.stateVersion = "23.11"; + system.stateVersion = "25.05"; } diff --git a/maskiner/laptop/hardware-configuration.nix b/maskiner/laptop/hardware-configuration.nix index 6d99d1f..483d941 100644 --- a/maskiner/laptop/hardware-configuration.nix +++ b/maskiner/laptop/hardware-configuration.nix @@ -8,24 +8,24 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a"; + { device = "/dev/disk/by-uuid/9c9b1ed1-a641-4ac5-a468-74a7ee5d33a9"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3340-1019"; + { device = "/dev/disk/by-uuid/C8FB-C0AC"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; } + [ { device = "/dev/disk/by-uuid/8a224134-94e1-4df8-9c17-f60b5881ff1c"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -33,7 +33,7 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/moduler/hyprland.nix b/moduler/hyprland.nix index 194bd8d..27b0868 100644 --- a/moduler/hyprland.nix +++ b/moduler/hyprland.nix @@ -94,6 +94,7 @@ in wallpaper = [ "DP-1,/home/fw/nix/wallpapers/blue.png" + "eDP-1,/home/fw/nix/wallpapers/blue.png" ]; }; }; diff --git a/moduler/radicale.nix b/moduler/radicale.nix index cc55891..7a9d49f 100644 --- a/moduler/radicale.nix +++ b/moduler/radicale.nix @@ -24,6 +24,9 @@ }; services.radicale = { enable = true; - settings.server.hosts = [ "0.0.0.0:5232" ]; + settings = { + auth.type = "none"; + server.hosts = [ "0.0.0.0:5232" ]; + }; }; }