Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-12-21 13:47:00 +01:00
parent c96c24f864
commit 44b47ce18c
24 changed files with 91 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.chatgpt_config.yaml Normal file
View File

@@ -0,0 +1,10 @@
project_name: "cloonar-nixos"
default_prompt_blocks:
- "basic-prompt"
- "secure-coding"
initial_prompt: |
You are a NixOS expert.
You are tasked with maintaining the configuration for the infrastructure of a company.
Keep best practices in mind and make sure the configuration is secure.
directories:
- "hosts/nb"

2
buchhaltung.md Normal file
View File

@@ -0,0 +1,2 @@
Bei EU Rechnungen das Hakerl machen bei "Nicht im Inland steuerbare Leistung (außerhalb EU, z.B. Schweiz)"
VXEhGveIHdSj7JKq6zof48vLhKaCo0RJea6DhVqopA8=

1
hosts/fw/modules/unbound.nix
View File

@@ -110,6 +110,7 @@ let
"\"conf.wrwks.at IN A 10.254.240.105\"" "\"conf.wrwks.at IN A 10.254.240.105\""
"\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
"\"web.lenaschilling.at IN A 159.69.3.18\""
# gaming # gaming
"\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\""

2
hosts/mail/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05 https://channels.nixos.org/nixos-24.11

2
hosts/nb/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05 https://channels.nixos.org/nixos-24.11

1
hosts/nb/configuration.nix
View File

@@ -11,6 +11,7 @@ let
impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
in { in {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowBroken = true;
security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ]; security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ];

2
hosts/nb/hardware-configuration.nix
View File

@@ -56,7 +56,7 @@
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
vaapiVdpau vaapiVdpau

4
hosts/nb/modules/nvim/chatgpt.nix
View File

@@ -5,8 +5,8 @@ self: super: {
version = "1.0.0"; version = "1.0.0";
src = super.fetchgit { src = super.fetchgit {
url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git"; url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git";
rev = "9a9868c991d2c9d0d2f5bc4c065a839f79c8daa1"; rev = "d6dc98cd586272741eaacf2cd6e94c6a6a1b7da2";
sha256 = "sha256-ip+VFMJJWNaoSOyY2nLNVLEb3h37akUdk0du5u81dvc="; sha256 = "sha256-t9toNPBTGti2ufGYHBVZbEV3DpBX8RK4ayhBlpHgygk=";
}; };
}; };
}; };

2
hosts/nb/modules/nvim/config/lspconfig.lua
View File

@@ -25,7 +25,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities.textDocument.completion.completionItem.snippetSupport = true
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
local servers = { 'tsserver', 'lua', 'cssls', 'yamlls', 'intelephense' } local servers = { 'ts_ls', 'lua', 'cssls', 'yamlls', 'intelephense' }
for _, lsp in pairs(servers) do for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup { require('lspconfig')[lsp].setup {
-- on_attach = on_attach, -- on_attach = on_attach,

5
hosts/nb/modules/nvim/default.nix
View File

@@ -9,7 +9,7 @@
nodePackages.typescript-language-server nodePackages.typescript-language-server
sumneko-lua-language-server sumneko-lua-language-server
nodePackages.intelephense nodePackages.intelephense
nodePackages.vscode-css-languageserver-bin nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server nodePackages.yaml-language-server
gopls gopls
lazygit lazygit
@@ -41,6 +41,7 @@
gitsigns-nvim gitsigns-nvim
lightline-vim lightline-vim
lspkind-nvim lspkind-nvim
mini-icons
neogit neogit
null-ls-nvim null-ls-nvim
nvim-autopairs nvim-autopairs
@@ -48,6 +49,7 @@
nvim-colorizer-lua nvim-colorizer-lua
nvim-lspconfig nvim-lspconfig
nvim-tree-lua nvim-tree-lua
nvim-web-devicons
pkgs.vimPlugins.nvim-treesitter.withAllGrammars pkgs.vimPlugins.nvim-treesitter.withAllGrammars
# (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars)) # (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars))
plenary-nvim plenary-nvim
@@ -61,6 +63,7 @@
vim-sneak vim-sneak
vim-vsnip vim-vsnip
which-key-nvim which-key-nvim
rest-nvim
]; ];
opt = []; opt = [];
}; };

8
hosts/nb/modules/steam.nix
View File

@@ -21,13 +21,9 @@
libdecor libdecor
]; ];
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
## radv: an open-source Vulkan driver from freedesktop enable32Bit = true;
driSupport = true;
driSupport32Bit = true;
## amdvlk: an open-source Vulkan driver from AMD
extraPackages = [ pkgs.amdvlk ]; extraPackages = [ pkgs.amdvlk ];
extraPackages32 = [ pkgs.driversi686Linux.amdvlk ]; extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
}; };

4
hosts/nb/modules/sway/rustdesk.nix
View File

@@ -13,7 +13,7 @@ let
in in
{ {
environment.systemPackages = [ environment.systemPackages = [
pkgs.rustdesk pkgs.rustdesk-flutter
rustDeskDesktopItem # rustDeskDesktopItem
]; ];
} }

28
hosts/nb/modules/sway/sway.nix
View File

@@ -25,27 +25,24 @@ let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; }; config = { allowUnfree = true; };
}; };
orca-slicer-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz";
}) {};
apache-ds-pin = import (builtins.fetchTarball { apache-ds-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
}) {}; }) {};
ddev-pin = import (builtins.fetchTarball { # ddev-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz"; # url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz";
}) {}; # }) {};
in { in {
imports = [ imports = [
./social.nix ./social.nix
./signal-work.nix ./signal-work.nix
# ./parsec.nix # ./parsec.nix
./rustdesk.nix # ./rustdesk.nix
./thunderbird.nix ./thunderbird.nix
]; ];
environment.variables.XCURSOR_SIZE = "24"; environment.variables.XCURSOR_SIZE = "24";
hardware.opengl.extraPackages = [ pkgs.amdvlk ]; hardware.graphics.extraPackages = [ pkgs.amdvlk ];
environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
hardware.pulseaudio.support32Bit = true; hardware.pulseaudio.support32Bit = true;
@@ -78,13 +75,16 @@ in {
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alsaUtils alsa-utils
audacity audacity
apache-ds-pin.apache-directory-studio apache-ds-pin.apache-directory-studio
bitwarden bitwarden
bitwarden-cli bitwarden-cli
rofi-rbw-wayland rofi-rbw-wayland
cryptomator # cryptomator
fontforge
code-cursor
quickemu quickemu
@@ -111,7 +111,7 @@ in {
}) })
dbus-sway-environment dbus-sway-environment
ddev-pin.ddev ddev
dracula-theme dracula-theme
foot foot
fractal fractal
@@ -119,8 +119,8 @@ in {
git git
glib glib
gimp gimp
gnome.seahorse seahorse
gnome3.adwaita-icon-theme adwaita-icon-theme
go go
grim grim
hunspell hunspell
@@ -169,7 +169,7 @@ in {
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk-sans
noto-fonts-emoji noto-fonts-emoji
nerdfonts nerdfonts
]; ];

1
hosts/nb/users/configs/project_history
View File

@@ -27,3 +27,4 @@
/home/dominik/projects/epicenter.works/dearmep-website /home/dominik/projects/epicenter.works/dearmep-website
/home/dominik/projects/epicenter.works/padexporter /home/dominik/projects/epicenter.works/padexporter
/home/dominik/projects/cloonar/lena-schilling-website /home/dominik/projects/cloonar/lena-schilling-website
/home/dominik/projects/cloonar/yaapi

2
hosts/nb/users/default.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz";
in in

18
hosts/nb/users/dominik.nix
View File

@@ -152,6 +152,9 @@ in
home.sessionVariables = { home.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";
}; };
home.packages = [
pkgs.rustdesk-flutter
];
programs.bash = { programs.bash = {
enable = true; enable = true;
@@ -536,8 +539,12 @@ in
set +eu set +eu
ssh-keygen -R git.cloonar.com ssh-keygen -R git.cloonar.com
ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts
git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null
git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null
git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null
git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null
@@ -554,10 +561,9 @@ in
git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null
git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null
git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null
git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null
ssh-keygen -R gitlab.epicenter.works ssh-keygen -R gitlab.epicenter.works
@@ -632,6 +638,12 @@ in
TERM = "xterm-256color"; TERM = "xterm-256color";
}; };
}; };
"*.lenaschilling.at" = {
user = "root";
setEnv = {
TERM = "xterm-256color";
};
};
"amz-websrv-01.amz.at" = { "amz-websrv-01.amz.at" = {
user = "ebs"; user = "ebs";
setEnv = { setEnv = {

2
hosts/web-arm/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05 https://channels.nixos.org/nixos-24.11

1
hosts/web-arm/configuration.nix
View File

@@ -45,6 +45,7 @@
./sites/stage.myhidden.life.nix ./sites/stage.myhidden.life.nix
./sites/stage.korean-skin.care.nix ./sites/stage.korean-skin.care.nix
./sites/feeds.jordanrannells.com.nix ./sites/feeds.jordanrannells.com.nix
./sites/lena-schilling.at.nix
]; ];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [

6
hosts/web-arm/modules/authelia/default.nix
View File

@@ -40,11 +40,6 @@
theme = "dark"; theme = "dark";
default_redirection_url = "https://cloonar.com"; default_redirection_url = "https://cloonar.com";
server = {
host = "127.0.0.1";
port = 9091;
};
# log = { # log = {
# level = "debug"; # level = "debug";
# format = "text"; # format = "text";
@@ -227,6 +222,7 @@
authorization_policy = "one_factor"; authorization_policy = "one_factor";
redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ]; redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
pre_configured_consent_duration = "1y"; pre_configured_consent_duration = "1y";
token_endpoint_auth_method = "client_secret_post";
scopes = [ scopes = [
"openid" "openid"
"profile" "profile"

2
hosts/web-arm/modules/nextcloud/default.nix
View File

@@ -23,7 +23,7 @@ in
inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks; inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks;
oidc_login = pkgs.fetchNextcloudApp rec { oidc_login = pkgs.fetchNextcloudApp rec {
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz"; url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz";
sha256 = "sha256-EVHDDFtz92lZviuTqr+St7agfBWok83HpfuL6DFCoTE="; sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4=";
license = "gpl3"; license = "gpl3";
}; };
}; };

19
hosts/web-arm/modules/web/typo3.nix
View File

@@ -50,6 +50,14 @@ let
Authorized keys for the typo3 instance ssh user. Authorized keys for the typo3 instance ssh user.
''; '';
}; };
acmeRoot = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Directory for the ACME challenge, which is public. Dont put certs or keys in here. Set to null to inherit from config.security.acme.
'';
};
}; };
}; };
in in
@@ -183,7 +191,7 @@ in
nameValuePair domain { nameValuePair domain {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = instanceOpts.acmeRoot;
root = cfg.dataDir + "/" + domain + "/current/public"; root = cfg.dataDir + "/" + domain + "/current/public";
serverAliases = instanceOpts.domainAliases; serverAliases = instanceOpts.domainAliases;
@@ -337,13 +345,6 @@ in
# access_log logs/static.log; # I don't usually include a static log # access_log logs/static.log; # I don't usually include a static log
''; '';
# Cache Media: images, icons, video, audio, HTC
locations."~* \\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = ''
expires 1y;
access_log off;
add_header Cache-Control "public";
'';
# Feed # Feed
locations."~* \\.(?:rss|atom)$".extraConfig = '' locations."~* \\.(?:rss|atom)$".extraConfig = ''
expires 1h; expires 1h;
@@ -351,7 +352,7 @@ in
''; '';
# Cache CSS, Javascript, Images, Icons, Video, Audio, HTC, Fonts # Cache CSS, Javascript, Images, Icons, Video, Audio, HTC, Fonts
locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = '' locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc|woff2)$".extraConfig = ''
expires 1y; expires 1y;
access_log off; access_log off;
add_header Cache-Control "public"; add_header Cache-Control "public";

10
hosts/web-arm/sites/lena-schilling.at.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."lena-schilling.at" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1l7DmXwheeQT6F7rf1IgUnHyOaz/NIt4BFyEIwtvOX"
];
phpPackage = pkgs.php83;
};
}

1
hosts/web-arm/sites/lena-schilling.cloonar.dev.nix
View File

@@ -1,6 +1,7 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ {
services.typo3.instances."lena-schilling.cloonar.dev" = { services.typo3.instances."lena-schilling.cloonar.dev" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfSWcNj+7jv9IYlsTcSqTJImuy0db6e1wGWiFKW4M4Y" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfSWcNj+7jv9IYlsTcSqTJImuy0db6e1wGWiFKW4M4Y"
]; ];

6
utils/modules/nginx.nix
View File

@@ -1,6 +1,12 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
nixpkgs.config.packageOverrides = pkgs: {
imagemagick = pkgs.imagemagick.override {
libwebp = pkgs.libwebp;
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
imagemagick imagemagick
ghostscript ghostscript