jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

miniserver init

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-09 12:03:43 -06:00
parent 8ae8963cfe
commit 899928c1ef
26 changed files with 141 additions and 1856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
flake.nix
View File

@ -37,6 +37,17 @@
];
specialArgs = { inherit inputs outputs; };
};
miniserver = lib.nixosSystem {
inherit system;
modules = [
./hosts/miniserver/configuration.nix
({ pkgs, ... }: {
nixpkgs.overlays =
[ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
})
];
specialArgs = { inherit inputs outputs; };
};
};
};
}

569
hosts/miniserver/configuration.nix
View File

@ -1,92 +1,59 @@
{ config, lib, pkgs, ... }:
let
version = "23.11";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
cpuArchitecture = "alderlake";
home-manager = builtins.fetchTarball
# "https://github.com/nix-community/home-manager/archive/master.tar.gz";
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
stream-dl = pkgs.writeScriptBin "stream-dl"
(builtins.readFile ../../scripts/stream-dl.sh);
in {
imports =
[ ./servers.nix ./docker.nix ./hardware-configuration.nix ../../base.nix ];
my = {
emacs.enable = true;
apps.dictionaries.enable = true;
shell.tools.enable = true;
services.network.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
};
jawzManageLibrary = pkgs.writeScriptBin "manage-library"
(builtins.readFile ../scripts/manage-library.sh);
jawzTasks =
pkgs.writeScriptBin "tasks" (builtins.readFile ../scripts/tasks.sh);
jawzSubs =
pkgs.writeScriptBin "sub-sync" (builtins.readFile ../scripts/sub-sync.sh);
jawzStream =
pkgs.writeScriptBin "stream-dl" (builtins.readFile ../scripts/stream-dl.sh);
in { # Remember to close this bracket at the end of the document
imports = [
./fstab.nix
./servers.nix
./docker.nix
# ./mail.nix
# ./openldap.nix
# <agenix/modules/age.nix>
(import "${home-manager}/nixos")
];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
scripts = {
run.enable = true;
split-dir.enable = true;
download.enable = true;
ffmpreg.enable = true;
ffmpeg4discord.enable = true;
manage-library.enable = true;
sync-subs.enable = true;
pika-list.enable = true;
find-dup-episodes.enable = true;
};
};
fonts.fontconfig.enable = true;
networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "miniserver";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 workstation
192.168.1.69 server
'';
firewall = let
open_firewall_ports = [
51413 # torrent sedding
9091 # qbittorrent
2049 # nfs
];
open_firewall_port_ranges = [ ];
in {
enable = true;
allowPing = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
};
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let
featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-${cpuArchitecture}"
"gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
];
in {
gc = {
automatic = true;
dates = "weekly";
};
distributedBuilds = true;
buildMachines = [{
hostName = "workstation";
system = "x86_64-linux";
@ -95,63 +62,26 @@ in { # Remember to close this bracket at the end of the document
speedFactor = 1;
supportedFeatures = featuresList;
}];
distributedBuilds = true;
settings = {
cores = 3;
auto-optimise-store = true;
trusted-users = [ "nixremote" ];
system-features = featuresList;
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = myEmail;
};
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.1.1w" ];
};
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "CaptainJawZ@outlook.com";
};
};
users = {
groups.nixremote = {
name = "nixremote";
gid = 555;
};
groups.nixremote.gid = 555;
users.nixremote = {
isNormalUser = true;
createHome = true;
@ -159,361 +89,17 @@ in { # Remember to close this bracket at the end of the document
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation"
""
];
};
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"scanner"
"lp"
"piracy"
"kavita"
"render"
"video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
];
};
packages = (with pkgs; [
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
symbola
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility, somewhat useful
du-dust # rusty du
trash-cli # oop! didn't meant to delete that
eza # like ls but with colors
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
smartmontools # check hard drie health
jawzManageLibrary
jawzTasks
jawzSubs
jawzStream
(writeScriptBin "ffmpeg4discord"
(builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))
(writeScriptBin "find-dup-episodes"
(builtins.readFile ../scripts/find-dup-episodes.sh))
tldr # man for retards
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
(python3.withPackages (ps:
with ps; [
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
])) # base language
]) ++ (with pkgs.python3Packages; [
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ tqdm ];
})
# (buildPythonApplication rec {
# pname = "qbit_manage";
# version = "4.0.3";
# src = fetchPypi {
# inherit pname version;
# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
# };
# doCheck = true;
# buildInputs = [ setuptools ];
# propagatedBuildInputs =
# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
# })
]) ++ (with pkgs.nodePackages; [
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package manager
]);
}; # <--- end of package list
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }: {
home.stateVersion = "${version}";
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"'';
gallery =
''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"'';
cp = "cp -i";
mv = "mv -i";
mkcd = ''mkdir -pv "$1" && cd "$1" || exit'';
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = ''
cd /mnt/pool/scrapping/JawZ/gallery-dl &&
xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"'';
unique-extensions = ''
fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn'';
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/miniserver/*.nix
sudo unbuffer nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/miniserver/configuration.nix |& nom
}
'';
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source =
../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
"python/pythonrc".source = ../dotfiles/pythonrc;
"unpackerr.conf".source = ../dotfiles/unpackerr.conf;
};
};
programs = {
helix = { enable = true; };
hstr.enable = true;
emacs.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
startWithUserSession = "graphical";
};
};
};
};
environment = {
systemPackages = with pkgs; [
environment.systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
mediainfo
mediainfo # nextcloud
dlib
fd
ripgrep
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
PYTHONSTARTUP = "${XDG_CONFIG_HOME}/python/pythonrc";
STACK_ROOT = "${XDG_DATA_HOME}/stack";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"${XDG_CONFIG_HOME}/emacs/bin"
"${XDG_DATA_HOME}/npm/bin"
"${XDG_DATA_HOME}/pnpm"
];
# needed for tensorflow
# CUDA_PATH = "${pkgs.cudatoolkit}";
# # LD_LIBRARY_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib:${pkgs.ncurses5}/lib";
# EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib";
# EXTRA_CCFLAGS = "-I/usr/include";
};
};
programs = {
starship.enable = true;
tmux.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services = {
btrfs.autoScrub.fileSystems = [ "/mnt/pool" ];
# minidlna = {
# enable = true;
# openFirewall = true;
@ -524,27 +110,7 @@ in { # Remember to close this bracket at the end of the document
# ];
# };
# };
avahi = {
enable = true;
nssmdns = true;
};
fstrim.enable = true;
smartd.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/mnt/pool" ];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
systemd = {
packages = let
pkgs = import (builtins.fetchTarball {
@ -568,11 +134,11 @@ in { # Remember to close this bracket at the end of the document
description = "monitors a stream channel for online streams.";
restartIfChanged = true;
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzStream ];
path = [ pkgs.nix stream-dl ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzStream}/bin/stream-dl %I";
ExecStart = "${stream-dl}/bin/stream-dl %I";
};
};
# unpackerr = {
@ -586,30 +152,6 @@ in { # Remember to close this bracket at the end of the document
# ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
# };
# };
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzManageLibrary ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzTasks ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage";
in {
restartIfChanged = true;
@ -641,19 +183,6 @@ in { # Remember to close this bracket at the end of the document
"stream@tommy9x6" = streamTimer // { };
"stream@brocollirob" = streamTimer // { };
"stream@tomayto\\x20picarto" = streamTimer // { };
tasks = {
enable = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
manage-library = {
enable = true;
description = "Run the manage library bash script";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "00:30"; };
};
qbit_manage = {
enable = true;
description = "Tidy up my torrents";
@ -663,16 +192,4 @@ in { # Remember to close this bracket at the end of the document
};
};
};
fonts.fontconfig.enable = true;
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
}

1017
hosts/miniserver/configuration.org
View File

File diff suppressed because it is too large Load Diff

27
hosts/miniserver/fstab.nix → hosts/miniserver/hardware-configuration.nix
View File

@ -1,6 +1,23 @@
{ config, lib, pkgs, modulesPath, ... }: {
{ lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
boot = {
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
loader = {
efi = {
canTouchEfiVariables = true;
@ -35,13 +52,6 @@
# preLVM = true;
# };
};
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
@ -57,7 +67,6 @@
kernelModules = [ "kvm-intel" ];
};
};
fileSystems = {
"/" = {
device = "/dev/mapper/nvme";

37
hosts/miniserver/mail.nix
View File

@ -1,37 +0,0 @@
{ config, pkgs, ... }:
let
version = "23.05";
domain = "danilo-reyes.com";
in {
imports = [
(builtins.fetchTarball {
# Pick a release version you are interested in and set its hash, e.g.
url =
"https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz";
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
# release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
sha256 = "1ngil2shzkf61qxiqw11awyl81cr7ks2kv3r3k243zz7v2xakm5c";
})
];
mailserver = {
enable = true;
fqdn = "mail.${domain}";
domains = [ domain ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"contact@${domain}" = {
hashedPasswordFile = ../dotfiles/secrets/mailserver;
aliases = [ "jawz@${domain}" ];
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@${domain}";
}

83
hosts/miniserver/openldap.nix
View File

@ -1,83 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let hostname = "servidos.lat";
in {
services.openldap = {
enable = true;
# enable plain and secure connections
urlList = [ "ldap:///" "ldaps:///" ];
settings = {
attrs = {
olcLogLevel = "conns config";
# settings for acme ssl
olcTLSCACertificateFile = "/var/lib/acme/${hostname}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/${hostname}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/${hostname}/key.pem";
olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
olcTLSCRLCheck = "none";
olcTLSVerifyClient = "never";
olcTLSProtocolMin = "3.1";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=example,dc=com";
# your admin account, do not use writeText on a production system
olcRootDN = "cn=admin,dc=example,dc=com";
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcAccess = [
# custom access rules for userPassword attributes
''
{0}to attrs=userPassword
by self write
by anonymous auth
by * none''
# allow read on anything else
''
{1}to *
by * read''
];
};
};
};
};
# ensure openldap is launched after certificates are created
systemd.services.openldap = {
wants = [ "acme-${hostname}.service" ];
after = [ "acme-${hostname}.service" ];
};
# make acme certificates accessible by openldap
security.acme.defaults.group = "certs";
users.groups.certs.members = [ "openldap" ];
# trigger the actual certificate generation for your hostname
security.acme.certs."${hostname}" = { extraDomainNames = [ ]; };
# example using hetzner dns to run letsencrypt verification
security.acme.defaults.dnsProvider = "hetzner";
security.acme.defaults.credentialsFile = pkgs.writeText "credentialsFile" ''
HETZNER_API_KEY=<your-hetzner-dns-api-key>
'';
}

55
hosts/miniserver/scripts/update-dns.sh
View File

@ -1,55 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bash curl jq dig
# Shell script to update namecheap.com dynamic dns
# for a domain to your external IP address
# namecheap
hostnames=(cloud @ 6fxAtnPxEeI8hN)
domain=rotehaare.art
password=60d672be5d9d4828a0f96264babe0ac1
ip=$(curl -s ipecho.net/plain)
for hostname in "${hostnames[@]}"; do
curl "https://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$password&ip=$ip"
done
# cloudflare
zone_id=833996ed25eb09f1a50606e0457790e4
record=servidos.lat
record_id=6b117173e53a7511ba36ceb9637ede63
cloudflare_token=VdKosfThQmOcuywLOUq9DY4-df9EmbHrDWyf_vUb
# get record_id
# curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?type=A&name=${record}" \
# -H "Authorization: Bearer ${cloudflare_token}" \
# -H "Content-Type: application/json" | jq -r '{"result"}[] | .[0] | .id'
curr_ip=$(curl -s -X GET https://checkip.amazonaws.com)
curr_reg=$(dig ${record} +short @1.1.1.1)
if echo "${curr_reg}" | grep "${curr_ip}"; then
echo "$(date --rfc-3339=seconds) - OK - Current record matches current IP (${curr_ip})"
else
curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id}" \
-H "Authorization: Bearer ${cloudflare_token}" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"${record}\",\"content\":\"$curr_ip\",\"ttl\":1,\"proxied\":false}" >/dev/null
echo "$(date --rfc-3339=seconds) - NOK - Record Updated to $curr_ip from ${curr_reg}"
fi
# godaddy
domain=danilo-reyes.com
host=@
APIKey=AEjhf24Sczj_BpoXZmSK1Zha3pvRpRYxnf
APISecret=5pumrt9iMaSxR8U4PjhRCE
WanIP=$(curl -s "https://api.ipify.org")
GDIP=$(curl -s -X GET -H "Authorization: sso-key ${APIKey}:${APISecret}" "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" | cut -d'[' -f 2 | cut -d']' -f 1)
if [ "$WanIP" != "$GDIP" ] && [ "$WanIP" != "" ]; then
echo "Actualizando ip godaddy"
curl -s -X PUT "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" \
-H "Authorization: sso-key ${APIKey}:${APISecret}" \
-H "Content-Type: application/json" \
-d "[{\"data\": \"${WanIP}\"}]"
fi

4
hosts/miniserver/servers.nix
View File

@ -268,7 +268,7 @@ in {
# };
nextcloud-cronjob = let
jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
(builtins.readFile ../scripts/nextcloud-cronjob.sh);
(builtins.readFile ../../scripts/nextcloud-cronjob.sh);
in {
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "multi-user.target" ];
@ -299,7 +299,7 @@ in {
user.services = {
update-dns = let
jawzUpdateDns = pkgs.writeScriptBin "update-dns"
(builtins.readFile ../scripts/update-dns.sh);
(builtins.readFile ../../scripts/update-dns.sh);
in {
restartIfChanged = true;
description = "update DNS of my websites";

1
hosts/workstation/configuration.nix
View File

@ -1,6 +1,5 @@
{ pkgs, ... }: {
imports = [
# <agenix/modules/age.nix>
./hardware-configuration.nix
../../base.nix
../../gnome.nix

1
jawz.nix
View File

@ -17,6 +17,7 @@
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjnNIggZweJ+GJKKvFEPhpLcs+t64xXjBmeuERsLFLL jawz@miniserver"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
];

8
modules/apps/gaming.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
in {
{ config, lib, pkgs, ... }: {
options.my.apps.gaming.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.gaming.enable {
programs = {
@ -12,7 +10,9 @@ in {
dedicatedServer.openFirewall = true;
};
};
users.users.jawz.packages = (with pkgs; [
users.users.jawz.packages =
let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
in (with pkgs; [
mangohud # fps & stats overlay
lutris # games launcher & emulator hub
cartridges # games launcher

8
modules/apps/internet.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
in {
{ config, lib, pkgs, ... }: {
options.my.apps.internet.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.internet.enable {
programs = {
@ -11,7 +9,9 @@ in {
};
};
services.psd.enable = true;
users.users.jawz.packages = (with pkgs; [
users.users.jawz.packages =
let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
in (with pkgs; [
nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent client
protonmail-bridge # bridge for protonmail

15
modules/scripts.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }: {
{ ... }: {
imports = [
./scripts/download.nix
./scripts/ffmpeg4discord.nix
@ -13,17 +13,4 @@
./scripts/tasks.nix
./scripts/update-dns.nix
];
my.scripts = {
download.enable = lib.mkDefault false;
ffmpeg4discord.enable = lib.mkDefault false;
ffmpreg.enable = lib.mkDefault false;
find-dup-episodes.enable = lib.mkDefault false;
manage-library.enable = lib.mkDefault false;
pika-list.enable = lib.mkDefault false;
run.enable = lib.mkDefault false;
split-dir.enable = lib.mkDefault false;
sub-sync.enable = lib.mkDefault false;
tasks.enable = lib.mkDefault false;
update-dns.enable = lib.mkDefault false;
};
}

4
modules/scripts/download.nix
View File

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config = {
home-manager.users.jawz = {
@ -25,7 +25,7 @@
};
users.users.jawz.packages = [ pkgs.gallery-dl ];
my.scripts.download = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "download";

4
modules/scripts/ffmpeg4discord.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.ffmpeg4discord = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "ffmpeg4discord";

4
modules/scripts/ffmpreg.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.ffmpreg = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "ffmpreg";

4
modules/scripts/find-dup-episode.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.find-dup-episodes = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "find-dup-episodes";

4
modules/scripts/manage-library.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.manage-library = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = true;
name = "manage-library";

4
modules/scripts/pika-list.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.pika-list = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "pika-list";

4
modules/scripts/run.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.run = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "run";

4
modules/scripts/split-dir.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.split-dir = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = false;
name = "split-dir";

4
modules/scripts/tasks.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.tasks = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = true;
name = "tasks";

4
modules/scripts/update-dns.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
imports = [ ./base.nix ];
config.my.scripts.update-dns = {
enable = true;
enable = lib.mkDefault false;
install = true;
service = true;
name = "update-dns";

1
modules/shell/tools.nix
View File

@ -70,6 +70,7 @@
tldr # man for retards
trash-cli # oop! did not meant to delete that
jq # linting
smartmontools # check hard drie health
];
environment.variables = {
HISTFILE = "\${XDG_STATE_HOME}/bash/history";

5
overlay.nix
View File

@ -11,7 +11,6 @@ self: super: {
]);
});
});
lutris = super.lutris.override {
extraPkgs = pkgs: [
pkgs.winetricks
@ -19,16 +18,12 @@ self: super: {
pkgs.wineWowPackages.stable
];
};
nerdfonts = super.nerdfonts.override {
fonts = [ "CascadiaCode" "ComicShannsMono" "Iosevka" ];
};
fooyin = pkgsM.fooyin;
planify = pkgsU.planify;
gdtoolkit = pkgsU.gdtoolkit;
gallery-dl = pkgsU.gallery-dl;
ns-usbloader = pkgsU.ns-usbloader;
handbrake = super.handbrake.override { useGtk = true; };
discord = super.discord.override { withOpenASAR = true; };

43
pkgs/fooyin/default.nix
View File

@ -1,43 +0,0 @@
{ stdenv, lib, fetchFromGitHub, cmake, pkg-config, alsa-lib, ffmpeg, kdePackages
, kdsingleapplication, pipewire, taglib }:
stdenv.mkDerivation (finalAttrs: {
pname = "fooyin";
version = "0.4.2";
src = fetchFromGitHub {
owner = "ludouzi";
repo = "fooyin";
rev = "v" + finalAttrs.version;
hash = "sha256-1U7eqXVcp0lO/X92oNQ3mWdozgJ1eroQPojscSWH6+I=";
};
buildInputs = [
alsa-lib
ffmpeg
kdsingleapplication
pipewire
kdePackages.qcoro
kdePackages.qtbase
kdePackages.qtsvg
taglib
];
nativeBuildInputs =
[ cmake pkg-config kdePackages.qttools kdePackages.wrapQtAppsHook ];
cmakeFlags = [
(lib.cmakeBool "BUILD_TESTING" (finalAttrs.doCheck or false))
(lib.cmakeBool "INSTALL_FHS" true)
];
env.LANG = "C.UTF-8";
meta = with lib; {
description = "A customisable music player";
mainProgram = "fooyin";
license = licenses.gpl3Only;
maintainers = with maintainers; [ peterhoeg ];
platforms = platforms.all;
};
})