diff --git a/.chatgpt_config.yaml b/.chatgpt_config.yaml new file mode 100644 index 0000000..6aeec39 --- /dev/null +++ b/.chatgpt_config.yaml @@ -0,0 +1,10 @@ +project_name: "cloonar-nixos" +default_prompt_blocks: + - "basic-prompt" + - "secure-coding" +initial_prompt: | + You are a NixOS expert. + You are tasked with maintaining the configuration for the infrastructure of a company. + Keep best practices in mind and make sure the configuration is secure. +directories: + - "hosts/nb" diff --git a/buchhaltung.md b/buchhaltung.md new file mode 100644 index 0000000..9989401 --- /dev/null +++ b/buchhaltung.md @@ -0,0 +1,2 @@ +Bei EU Rechnungen das Hakerl machen bei "Nicht im Inland steuerbare Leistung (außerhalb EU, z.B. Schweiz)" +VXEhGveIHdSj7JKq6zof48vLhKaCo0RJea6DhVqopA8= diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix index 41cc3f6..783d429 100644 --- a/hosts/fw/modules/unbound.nix +++ b/hosts/fw/modules/unbound.nix @@ -110,6 +110,7 @@ let "\"conf.wrwks.at IN A 10.254.240.105\"" "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" + "\"web.lenaschilling.at IN A 159.69.3.18\"" # gaming "\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\"" diff --git a/hosts/mail/channel b/hosts/mail/channel index 425c774..ced117e 100644 --- a/hosts/mail/channel +++ b/hosts/mail/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-24.05 +https://channels.nixos.org/nixos-24.11 diff --git a/hosts/nb/channel b/hosts/nb/channel index 425c774..ced117e 100644 --- a/hosts/nb/channel +++ b/hosts/nb/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-24.05 +https://channels.nixos.org/nixos-24.11 diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 1b1e87e..91b909e 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -11,6 +11,7 @@ let impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; in { nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowBroken = true; security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ]; diff --git a/hosts/nb/hardware-configuration.nix b/hosts/nb/hardware-configuration.nix index d6e69a2..c4160d0 100644 --- a/hosts/nb/hardware-configuration.nix +++ b/hosts/nb/hardware-configuration.nix @@ -56,7 +56,7 @@ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.opengl = { + hardware.graphics = { enable = true; extraPackages = with pkgs; [ vaapiVdpau diff --git a/hosts/nb/modules/nvim/chatgpt.nix b/hosts/nb/modules/nvim/chatgpt.nix index 115a435..2fc1797 100644 --- a/hosts/nb/modules/nvim/chatgpt.nix +++ b/hosts/nb/modules/nvim/chatgpt.nix @@ -5,8 +5,8 @@ self: super: { version = "1.0.0"; src = super.fetchgit { url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git"; - rev = "9a9868c991d2c9d0d2f5bc4c065a839f79c8daa1"; - sha256 = "sha256-ip+VFMJJWNaoSOyY2nLNVLEb3h37akUdk0du5u81dvc="; + rev = "d6dc98cd586272741eaacf2cd6e94c6a6a1b7da2"; + sha256 = "sha256-t9toNPBTGti2ufGYHBVZbEV3DpBX8RK4ayhBlpHgygk="; }; }; }; diff --git a/hosts/nb/modules/nvim/config/lspconfig.lua b/hosts/nb/modules/nvim/config/lspconfig.lua index ba32f57..8c499b2 100644 --- a/hosts/nb/modules/nvim/config/lspconfig.lua +++ b/hosts/nb/modules/nvim/config/lspconfig.lua @@ -25,7 +25,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'tsserver', 'lua', 'cssls', 'yamlls', 'intelephense' } +local servers = { 'ts_ls', 'lua', 'cssls', 'yamlls', 'intelephense' } for _, lsp in pairs(servers) do require('lspconfig')[lsp].setup { -- on_attach = on_attach, diff --git a/hosts/nb/modules/nvim/default.nix b/hosts/nb/modules/nvim/default.nix index 6d5ce65..f0e252c 100644 --- a/hosts/nb/modules/nvim/default.nix +++ b/hosts/nb/modules/nvim/default.nix @@ -9,7 +9,7 @@ nodePackages.typescript-language-server sumneko-lua-language-server nodePackages.intelephense - nodePackages.vscode-css-languageserver-bin + nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server gopls lazygit @@ -41,6 +41,7 @@ gitsigns-nvim lightline-vim lspkind-nvim + mini-icons neogit null-ls-nvim nvim-autopairs @@ -48,6 +49,7 @@ nvim-colorizer-lua nvim-lspconfig nvim-tree-lua + nvim-web-devicons pkgs.vimPlugins.nvim-treesitter.withAllGrammars # (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars)) plenary-nvim @@ -61,7 +63,8 @@ vim-sneak vim-vsnip which-key-nvim - ]; + rest-nvim + ]; opt = []; }; customRC = let diff --git a/hosts/nb/modules/steam.nix b/hosts/nb/modules/steam.nix index 933b6b7..1cacf79 100644 --- a/hosts/nb/modules/steam.nix +++ b/hosts/nb/modules/steam.nix @@ -21,13 +21,9 @@ libdecor ]; - hardware.opengl = { + hardware.graphics = { enable = true; - ## radv: an open-source Vulkan driver from freedesktop - driSupport = true; - driSupport32Bit = true; - - ## amdvlk: an open-source Vulkan driver from AMD + enable32Bit = true; extraPackages = [ pkgs.amdvlk ]; extraPackages32 = [ pkgs.driversi686Linux.amdvlk ]; }; diff --git a/hosts/nb/modules/sway/rustdesk.nix b/hosts/nb/modules/sway/rustdesk.nix index 2109d84..4c52a9e 100644 --- a/hosts/nb/modules/sway/rustdesk.nix +++ b/hosts/nb/modules/sway/rustdesk.nix @@ -13,7 +13,7 @@ let in { environment.systemPackages = [ - pkgs.rustdesk - rustDeskDesktopItem + pkgs.rustdesk-flutter + # rustDeskDesktopItem ]; } diff --git a/hosts/nb/modules/sway/sway.nix b/hosts/nb/modules/sway/sway.nix index cbcd2bf..1df2d13 100644 --- a/hosts/nb/modules/sway/sway.nix +++ b/hosts/nb/modules/sway/sway.nix @@ -25,27 +25,24 @@ let unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { config = { allowUnfree = true; }; }; - orca-slicer-pin = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz"; - }) {}; apache-ds-pin = import (builtins.fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; }) {}; - ddev-pin = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz"; - }) {}; + # ddev-pin = import (builtins.fetchTarball { + # url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz"; + # }) {}; in { imports = [ ./social.nix ./signal-work.nix # ./parsec.nix - ./rustdesk.nix + # ./rustdesk.nix ./thunderbird.nix ]; environment.variables.XCURSOR_SIZE = "24"; - hardware.opengl.extraPackages = [ pkgs.amdvlk ]; + hardware.graphics.extraPackages = [ pkgs.amdvlk ]; environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; hardware.pulseaudio.support32Bit = true; @@ -78,13 +75,16 @@ in { }; environment.systemPackages = with pkgs; [ - alsaUtils + alsa-utils audacity apache-ds-pin.apache-directory-studio bitwarden bitwarden-cli rofi-rbw-wayland - cryptomator + # cryptomator + fontforge + + code-cursor quickemu @@ -111,7 +111,7 @@ in { }) dbus-sway-environment - ddev-pin.ddev + ddev dracula-theme foot fractal @@ -119,8 +119,8 @@ in { git glib gimp - gnome.seahorse - gnome3.adwaita-icon-theme + seahorse + adwaita-icon-theme go grim hunspell @@ -169,7 +169,7 @@ in { fonts.packages = with pkgs; [ noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji nerdfonts ]; diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index 3d6c157..1a614fc 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -27,3 +27,4 @@ /home/dominik/projects/epicenter.works/dearmep-website /home/dominik/projects/epicenter.works/padexporter /home/dominik/projects/cloonar/lena-schilling-website +/home/dominik/projects/cloonar/yaapi diff --git a/hosts/nb/users/default.nix b/hosts/nb/users/default.nix index 96def77..8b0d8cb 100644 --- a/hosts/nb/users/default.nix +++ b/hosts/nb/users/default.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: let - home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; + home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz"; in diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 3725576..360aad1 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -152,6 +152,9 @@ in home.sessionVariables = { MOZ_ENABLE_WAYLAND = "1"; }; + home.packages = [ + pkgs.rustdesk-flutter + ]; programs.bash = { enable = true; @@ -536,8 +539,12 @@ in set +eu ssh-keygen -R git.cloonar.com ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts - git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null + git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null + + git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null @@ -554,10 +561,9 @@ in git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null - git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null + git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null ssh-keygen -R gitlab.epicenter.works @@ -632,6 +638,12 @@ in TERM = "xterm-256color"; }; }; + "*.lenaschilling.at" = { + user = "root"; + setEnv = { + TERM = "xterm-256color"; + }; + }; "amz-websrv-01.amz.at" = { user = "ebs"; setEnv = { diff --git a/hosts/web-arm/channel b/hosts/web-arm/channel index 425c774..ced117e 100644 --- a/hosts/web-arm/channel +++ b/hosts/web-arm/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-24.05 +https://channels.nixos.org/nixos-24.11 diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 7f83dc1..db34b39 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -45,6 +45,7 @@ ./sites/stage.myhidden.life.nix ./sites/stage.korean-skin.care.nix ./sites/feeds.jordanrannells.com.nix + ./sites/lena-schilling.at.nix ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/hosts/web-arm/modules/authelia/default.nix b/hosts/web-arm/modules/authelia/default.nix index e2fb0c4..bea241a 100644 --- a/hosts/web-arm/modules/authelia/default.nix +++ b/hosts/web-arm/modules/authelia/default.nix @@ -40,11 +40,6 @@ theme = "dark"; default_redirection_url = "https://cloonar.com"; - server = { - host = "127.0.0.1"; - port = 9091; - }; - # log = { # level = "debug"; # format = "text"; @@ -227,6 +222,7 @@ authorization_policy = "one_factor"; redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ]; pre_configured_consent_duration = "1y"; + token_endpoint_auth_method = "client_secret_post"; scopes = [ "openid" "profile" diff --git a/hosts/web-arm/modules/nextcloud/default.nix b/hosts/web-arm/modules/nextcloud/default.nix index a3f3b64..28e2489 100644 --- a/hosts/web-arm/modules/nextcloud/default.nix +++ b/hosts/web-arm/modules/nextcloud/default.nix @@ -23,7 +23,7 @@ in inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks; oidc_login = pkgs.fetchNextcloudApp rec { url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz"; - sha256 = "sha256-EVHDDFtz92lZviuTqr+St7agfBWok83HpfuL6DFCoTE="; + sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4="; license = "gpl3"; }; }; diff --git a/hosts/web-arm/modules/web/typo3.nix b/hosts/web-arm/modules/web/typo3.nix index 2dad7ce..8091b86 100644 --- a/hosts/web-arm/modules/web/typo3.nix +++ b/hosts/web-arm/modules/web/typo3.nix @@ -50,6 +50,14 @@ let Authorized keys for the typo3 instance ssh user. ''; }; + + acmeRoot = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme. + ''; + }; }; }; in @@ -183,7 +191,7 @@ in nameValuePair domain { forceSSL = true; enableACME = true; - acmeRoot = null; + acmeRoot = instanceOpts.acmeRoot; root = cfg.dataDir + "/" + domain + "/current/public"; serverAliases = instanceOpts.domainAliases; @@ -337,13 +345,6 @@ in # access_log logs/static.log; # I don't usually include a static log ''; - # Cache Media: images, icons, video, audio, HTC - locations."~* \\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = '' - expires 1y; - access_log off; - add_header Cache-Control "public"; - ''; - # Feed locations."~* \\.(?:rss|atom)$".extraConfig = '' expires 1h; @@ -351,7 +352,7 @@ in ''; # Cache CSS, Javascript, Images, Icons, Video, Audio, HTC, Fonts - locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = '' + locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc|woff2)$".extraConfig = '' expires 1y; access_log off; add_header Cache-Control "public"; diff --git a/hosts/web-arm/sites/lena-schilling.at.nix b/hosts/web-arm/sites/lena-schilling.at.nix new file mode 100644 index 0000000..47d8edb --- /dev/null +++ b/hosts/web-arm/sites/lena-schilling.at.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, ... }: +{ + services.typo3.instances."lena-schilling.at" = { + acmeRoot = "/var/lib/acme/acme-challenge"; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1l7DmXwheeQT6F7rf1IgUnHyOaz/NIt4BFyEIwtvOX" + ]; + phpPackage = pkgs.php83; + }; +} diff --git a/hosts/web-arm/sites/lena-schilling.cloonar.dev.nix b/hosts/web-arm/sites/lena-schilling.cloonar.dev.nix index 0144ee5..8c608cf 100644 --- a/hosts/web-arm/sites/lena-schilling.cloonar.dev.nix +++ b/hosts/web-arm/sites/lena-schilling.cloonar.dev.nix @@ -1,6 +1,7 @@ { pkgs, lib, config, ... }: { services.typo3.instances."lena-schilling.cloonar.dev" = { + acmeRoot = "/var/lib/acme/acme-challenge"; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfSWcNj+7jv9IYlsTcSqTJImuy0db6e1wGWiFKW4M4Y" ]; diff --git a/utils/modules/nginx.nix b/utils/modules/nginx.nix index 8ba3167..b58a602 100644 --- a/utils/modules/nginx.nix +++ b/utils/modules/nginx.nix @@ -1,6 +1,12 @@ { config, pkgs, ... }: { + nixpkgs.config.packageOverrides = pkgs: { + imagemagick = pkgs.imagemagick.override { + libwebp = pkgs.libwebp; + }; + }; + environment.systemPackages = with pkgs; [ imagemagick ghostscript