Merge branch 'main' of github.com:fwastring/nix

maskiner/desktop/configuration.nix

@@ -14,6 +14,8 @@
     ./hardware-configuration.nix
     ../../moduler/base.nix
     ../../moduler/users.nix
+    ../../moduler/kitchenowl.nix
+    ../../moduler/radicale.nix
     #../../moduler/nginx.nix
     #../../moduler/k3s.nix
     ../../moduler/vaultwarden.nix
@@ -24,10 +26,41 @@
     unstable.lego
     k9s
     neovim
+    git
   ];
 
-  services.tailscale.enable = true;
-  services.tailscale.package = pkgs.unstable.tailscale;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "fredrik@wastring.com";
+    certs."shop.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+      credentialsFile = /run/secrets/gandi_key;
+      dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."shop.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+        extraConfig =
+          "proxy_ssl_server_name on;"
+          +
+            # required when the server wants to use HTTP Authentication
+            "proxy_pass_header Authorization;";
+      };
+    };
+  };
+
+  # services.tailscale.enable = true;
+  # services.tailscale.package = pkgs.unstable.tailscale;
 
   networking.hostName = myhostname;
 

maskiner/laptop/configuration.nix

@@ -1,59 +1,60 @@
-# This is your system's configuration file.
-# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
 {
   inputs,
-  lib,
   config,
   pkgs,
   myhostname,
   ...
 }:
+let
+in
 {
-  # You can import other NixOS modules here
   imports = [
     ./hardware-configuration.nix
+
     ../../moduler/base.nix
+
+    inputs.home-manager.nixosModules.home-manager
     ../../moduler/users.nix
+    ../../moduler/network.nix
+    ../../moduler/programs.nix
+    ../../moduler/system.nix
+    ../../moduler/dev.nix
+    ../../moduler/lsp.nix
+    ../../moduler/hyprland.nix
+    ../../moduler/sound.nix
   ];
 
+  home-manager.extraSpecialArgs = { inherit inputs pkgs; };
+  home-manager.users.fw = {
+    imports = [
+      ./../../moduler/home.nix
+    ];
+  };
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
   networking.hostName = myhostname;
 
-  services.xserver.dpi = 140;
 
   services = {
-    openssh = {
+    tailscale = {
       enable = true;
-      ports = [ 55504 ];
-      settings = {
-        PermitRootLogin = "no";
-        PasswordAuthentication = false;
-        X11Forwarding = true;
+      package = pkgs.unstable.tailscale;
     };
-      extraConfig = ''
-        			  AllowUsers fw
-        			'';
-    };
-  };
-  services.syncthing = {
+    searx = {
       enable = true;
-	  user = "fw";
-	  openDefaultPorts = true; # Open ports in the firewall for Syncthing
-	  dataDir = "/home/fw";  # default location for new folders
-		configDir = "/home/fw/.config/syncthing";
-	  settings = {
-		  devices = {
-			  "laptop" = { id = "SCW3Z3J-NQHIKXZ-T4MR7JR-YE2VL4S-RDZ7W4F-PMSPWCQ-SGF2XLQ-CDQ3SQT"; };
-			  "fw-iphone" = { id = "CWKHS4T-PTMW6A7-EBKRQJW-YOLUWIX-CC5IBYD-Z4LDXTO-MMRHXYM-A2FA2AQ"; };
-			};
-		  folders = {
-			  "vaults" = {
-				path = "/home/fw/vaults";
-				devices = [ "laptop" "fw-iphone" ];
-				ignorePerms = false; # Enable file permission syncing
-			  };
+      redisCreateLocally = true;
+      settings.server = {
+        bind_address = "::1";
+        port = 8000;
+        secret_key = "alsjdioefj.asdi";
       };
     };
   };
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "25.05";
 }

maskiner/laptop/hardware-configuration.nix

@@ -8,24 +8,24 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a";
+    { device = "/dev/disk/by-uuid/9c9b1ed1-a641-4ac5-a468-74a7ee5d33a9";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/3340-1019";
+    { device = "/dev/disk/by-uuid/C8FB-C0AC";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; }
+    [ { device = "/dev/disk/by-uuid/8a224134-94e1-4df8-9c17-f60b5881ff1c"; }
     ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -33,7 +33,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

moduler/hyprland.nix

@@ -94,6 +94,7 @@ in
 
             wallpaper = [
               "DP-1,/home/fw/nix/wallpapers/blue.png"
+              "eDP-1,/home/fw/nix/wallpapers/blue.png"
             ];
           };
         };

moduler/kitchenowl.nix

@@ -0,0 +1,26 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+in
+{
+  virtualisation.oci-containers = {
+    backend = "podman";
+	containers = {
+		kitchenowl = {
+			image = "tombursch/kitchenowl:latest";
+			volumes = [
+			  "/var/kitchenowl:/data"
+			];
+			ports = [ "127.0.0.1:8080:8080" ];
+			environment = {
+			  JWT_SECRET_KEY = "jkdlaksjdljlkjlq";
+			}
+			;
+		};
+	};
+  };
+}

moduler/radicale.nix

@@ -0,0 +1,32 @@
+{
+  ...
+}:
+{
+
+  security.acme = {
+    certs."cal.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+      credentialsFile = /run/secrets/gandi_key;
+      dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    virtualHosts."cal.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:5232";
+        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+      };
+    };
+  };
+  services.radicale = {
+    enable = true;
+    settings = {
+		auth.type = "none";
+		server.hosts = [ "0.0.0.0:5232" ];
+	};
+  };
+}

moduler/vaultwarden.nix

@@ -3,6 +3,9 @@
 }:
 {
 
+	networking.firewall = {
+	allowedTCPPorts = [ 80 443 ];
+	};
   security.acme = {
     acceptTerms = true;
     defaults.email = "fredrik@wastring.com";
@@ -42,7 +45,6 @@
       ROCKET_PORT = 8222;
       DOMAIN = "https://pass.wastring.com";
       SIGNUPS_ALLOWED = true;
-      LOG_FILE = "/var/lib/bitwarden_rs/access.log";
     };
   };
 }

uninstall.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -x
+systemctl stop k3s
+systemctl disable k3s
+systemctl daemon-reload
+rm -f /etc/systemd/system/k3s.service
+rm -f /usr/local/bin/k3s
+if [ -L /usr/local/bin/kubectl ]; then
+    rm -f /usr/local/bin/kubectl
+fi
+if [ -L /usr/local/bin/crictl ]; then
+    rm -f /usr/local/bin/crictl
+fi
+if [ -e /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs ]; then
+    kill -9 `cat /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs`
+fi
+umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/run/k3s'`
+umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/var/lib/rancher/k3s'`
+
+rm -rf /var/lib/rancher/k3s
+rm -rf /etc/rancher/k3s
+
+rm -f /usr/local/bin/k3s-uninstall.sh