fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added lots

Browse source
This commit is contained in:
fwastring 2025-12-10 16:27:41 +01:00
parent f1862988ce
commit 94962ecad2
12 changed files with 94 additions and 383 deletions
Download patch file Download diff file Expand all files Collapse all files

21
flake.lock generated
View file

@ -158,6 +158,26 @@
"url": "https://git.wastring.com/fw/confetti"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764627417,
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"owner": "nix-community",
"repo": "disko",
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@ -968,6 +988,7 @@
"bbk": "bbk",
"catppuccin": "catppuccin",
"confetti": "confetti",
"disko": "disko",
"home-manager": "home-manager",
"hyprland": "hyprland",
"minimal-tmux": "minimal-tmux",

5
flake.nix
View file

@ -31,6 +31,8 @@
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
@ -44,6 +46,7 @@
confetti,
bbk,
nixvim,
disko,
...
}@inputs:
let
@ -58,6 +61,7 @@
};
modules = [
./maskiner/legacy/configuration.nix
./maskiner/legacy/legacy-disk.nix
stylix.nixosModules.stylix
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
@ -65,6 +69,7 @@
confetti.nixosModules.default
bbk.nixosModules.default
nixvim.nixosModules.default
disko.nixosModules.disko
];
};
node = nixpkgs.lib.nixosSystem {

26
maskiner/legacy/configuration.nix
View file

@ -17,20 +17,20 @@ in
imports = [
./hardware-configuration.nix
(modulesDirectory + /moduler/users.nix)
(modulesDirectory + /moduler/git.nix)
(modulesDirectory + /moduler/network.nix)
(modulesDirectory + /moduler/programs.nix)
(modulesDirectory + /moduler/system.nix)
(modulesDirectory + /moduler/dev.nix)
(modulesDirectory + /moduler/hyprland.nix)
(modulesDirectory + /moduler/sound.nix)
(modulesDirectory + /users.nix)
(modulesDirectory + /git.nix)
(modulesDirectory + /network.nix)
(modulesDirectory + /programs.nix)
(modulesDirectory + /system.nix)
(modulesDirectory + /dev.nix)
(modulesDirectory + /sound.nix)
(modulesDirectory + /services/base)
(modulesDirectory + /moduler/programs/kubernetes-tools.nix)
(modulesDirectory + /moduler/programs/confetti)
(modulesDirectory + /moduler/programs/nixvim)
(modulesDirectory + /programs/hyprland)
(modulesDirectory + /programs/kubernetes-tools.nix)
(modulesDirectory + /programs/confetti)
(modulesDirectory + /programs/nixvim)
];
kubernetes-tools.enable = true;
@ -119,10 +119,8 @@ in
security.sudo.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDALsdpwvC0w/Aj+1fWtzJyyWoUrGkdh8o2thVHeQQBNo0D7cmVberYmi4Cv9gWGX6PaElrnOl0KRdGyro2wxOYokSxgk2VgWW67BFITAQAbKyG2NhXXPbhb4jccDo7WH7TtOG8IofuJTPRu1Duda6k4RN0I0CkyAN6LGX+zy49cq0qKf9ijXYhCDYNih3+Fu/ig0aW/SYmsVoUl2VFTWdI5x5/wLvIjTEZhmAtYIeYADaLnom356cFrUysZa++FUujQAz3Ow236BvP95XZdTsqvfWNZFNIpC9VYF72JeIDCs5wDIr0GFmanF2On1nar+jJpoOE8SdHt357p5g/PqXV5TisN2xQRkqVwO9tWtMl4sF84jA4ULnY2gQWv9jErMxymUQ1IwuPUzDDlbRHCtfexAtkBy7wv6xslKAzG1QahvF/btNs5Caj3LN31rgAuxyooCbKGKTeBP3kHPKcz1iupgidfbO/QqVXBRQJTEdGyAKa8hVmLQZZPC/XUhxESAk= fw@fw-nix"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8ku8iCb7tXd/tfxYDW+Tj8K9kpfrYZciYUZ6tBpO80inm4EImtfyEeJTuqDWMKov2BftUKs8brNeTBCXUEvU1P0+cpOP9RtYA5tfBXf3su+iVSswJJStIxNboXHrEGKdJJRNsTv/9agshDSUBy6G5TI1cXhv/updornfA4fwOMqOmtlYEn6XCRnsrO6NBLc/uLckdbF75HOsoLvezRvuqTLjpapjaUKGVPrgNXiclIKHmuOx71kgD4FX3rSz9FgKjnfu3a7DBbrHsf/g+N9PjNF1muN9UOV6nK3WwiO9BMWi7NpAWfzJOeZg9chqzI+U6CcsqYVeESgL41so+dnv3 fw@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP34dnsZSnWdDvd+3BXDwcw7wP0PjPEx2eCdBQJyGD6O fw@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII60tdNsG0z9q2jHmoTKvkeLQE6OF0bmTsDX1bpqpoG7 fw@jobb"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpJBGPIfPB1BwSG7aoKqwfccyZSaU7J3xpJ8behMp9N fw@core"
];
services.upower = {

22
maskiner/legacy/hardware-configuration.nix
View file

@ -13,28 +13,6 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c9b1ed1-a641-4ac5-a468-74a7ee5d33a9";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C8FB-C0AC";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/8a224134-94e1-4df8-9c17-f60b5881ff1c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

35
maskiner/legacy/legacy-disk.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, ... }:
{
disko.devices = {
disk = {
main = {
device = lib.mkDefault "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

3
maskiner/node/configuration.nix
View file

@ -20,7 +20,6 @@ in
(modulesDirectory + /kitchenowl.nix)
(modulesDirectory + /radicale.nix)
(modulesDirectory + /vaultwarden.nix)
(modulesDirectory + /signal.nix)
(modulesDirectory + /uptime-kuma.nix)
(modulesDirectory + /wedding.nix)
@ -58,7 +57,7 @@ in
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.1.1:80";
proxyPass = "https://192.168.1.1";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";

314
moduler/nginx.nix
View file

@ -1,314 +0,0 @@
{ pkgs, lib, ... }:
{
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
};
services.nginx = {
enable = true;
user = "nginx";
group = "nginx";
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"brfmidgard.se" = {
sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem";
sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8005";
proxyWebsockets = true;
};
};
# "pass.brfmidgard.se" = {
# sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem";
# sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem";
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://172.17.0.1:21456";
# proxyWebsockets = true;
# };
# };
# "drive.brfmidgard.se" = {
# sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem";
# sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem";
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://172.16.57.1:13001";
# proxyWebsockets = true;
# };
# };
# "sandbox.brfmidgard.se" = {
# forceSSL = true;
# sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem";
# sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem";
# locations."/" = {
# proxyPass = "http://172.16.57.1:13001";
# proxyWebsockets = true;
# };
# };
# "todo.brfmidgard.se" = {
# forceSSL = true;
# sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem";
# sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem";
# locations."/" = {
# proxyPass = "http://172.17.0.1:13456";
# proxyWebsockets = true;
# };
# };
"wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8003";
proxyWebsockets = true;
};
};
"calibre.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8880";
proxyWebsockets = true;
};
};
"download.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:28000";
proxyWebsockets = true;
};
};
"books.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8083";
proxyWebsockets = true;
};
};
"rss.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.59.1:18080";
proxyWebsockets = true;
};
};
"shop.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8980";
proxyWebsockets = true;
};
};
"todo.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.58.1:3456";
proxyWebsockets = true;
};
};
"secret.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:3004";
proxyWebsockets = true;
};
};
"budget.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8098";
proxyWebsockets = true;
};
};
"bilder.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:2283";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
"git.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.16.1:3000";
proxyWebsockets = true;
};
};
"cal.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:5232";
proxyWebsockets = true;
};
};
"home.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
# proxyPass = "http://172.17.0.1:8081";
proxyPass = "http://172.17.0.1:38080";
proxyWebsockets = true;
};
};
"drive.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:3001";
proxyWebsockets = true;
};
};
"sandbox.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:3001";
proxyWebsockets = true;
};
};
"files.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8380";
proxyWebsockets = true;
};
};
"docs.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8000";
proxyWebsockets = true;
};
};
"search.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:40080";
proxyWebsockets = true;
};
};
"latex.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3080";
proxyWebsockets = true;
};
};
"soulseek.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5030";
proxyWebsockets = true;
};
};
"board.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8038";
proxyWebsockets = true;
};
};
"status.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:3008";
proxyWebsockets = true;
};
};
"music.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:4747";
proxyWebsockets = true;
};
};
"wedding.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:8002";
proxyWebsockets = true;
};
};
"message.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://172.17.0.1:2203";
proxyWebsockets = true;
};
};
"filmer.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.80.1:8096";
proxyWebsockets = true;
};
};
"kube.wastring.com" = {
sslCertificateKey = "/certs/.lego/certificates/wastring.com.key";
sslCertificate = "/certs/.lego/certificates/wastring.com.crt";
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.1.100";
proxyWebsockets = true;
};
};
};
};
}

2
moduler/programs/hyprland/default.nix
View file

@ -142,7 +142,7 @@ with lib;
general = {
gaps_in = 7;
gaps_out = 14;
border_size = 2;
border_size = 1;
layout = "dwindle";
allow_tearing = true;
};

1
moduler/programs/kubernetes-tools.nix
View file

@ -12,6 +12,7 @@
config = lib.mkIf config.kubernetes-tools.enable {
environment.systemPackages = with pkgs; [
kubectl
krew
# buildkit
argocd
# containerd

5
moduler/programs/nixvim/default.nix
View file

@ -268,9 +268,14 @@ with lib;
"<C-e>" = "cmp.mapping.close()";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Up>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Down>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
};
sources = [
{ name = "nvim_lsp"; }
{ name = "luasnip"; }

13
moduler/programs/waybar/waybar.jsonc
View file

@ -12,6 +12,7 @@
"mpris",
"pulseaudio",
"bluetooth",
"network",
"clock"
],
"mpris": {
@ -39,6 +40,18 @@
"tooltip-format-enumerate-connected-battery": "{device_alias}\t{device_address}\t{device_battery_percentage}%",
"on-click": "pgrep .blueman-manage && pkill .blueman-manage || blueman-manager &"
},
"network": {
"interface": "enp196s0",
"format": "{ifname}",
"format-wifi": " {essid} ({signalStrength}%)",
"format-ethernet": " {ifname}",
"format-disconnected": "no signal", //An empty format will hide the module.
"tooltip-format": "{ifname}",
"tooltip-format-wifi": "{essid} ({signalStrength}%) ",
"tooltip-format-ethernet": "{ifname} ",
"tooltip-format-disconnected": "Disconnected",
"max-length": 50
},
"pulseaudio": {
//"scroll-step": 1,
"format": "{icon} {volume}%",

30
moduler/signal.nix
View file

@ -1,30 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
in
{
networking.firewall.allowedTCPPorts = [ 8081 ];
# See this for docs on endpoints and more https://github.com/bbernhard/signal-cli-rest-api
virtualisation.oci-containers = {
backend = "podman";
containers = {
signal-cli = {
image = "bbernhard/signal-cli-rest-api";
volumes = [
"/var/signal:/home/.local/share/signal-cli"
];
ports = [ "192.168.1.227:8081:8080" ];
environment = {
MODE = "native";
PORT = "8080";
}
;
};
};
};
}