Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-12-21 13:47:00 +01:00
parent c96c24f864
commit 44b47ce18c
24 changed files with 91 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.chatgpt_config.yaml Normal file
View File

@@ -0,0 +1,10 @@
project_name: "cloonar-nixos"
default_prompt_blocks:
- "basic-prompt"
- "secure-coding"
initial_prompt: |
You are a NixOS expert.
You are tasked with maintaining the configuration for the infrastructure of a company.
Keep best practices in mind and make sure the configuration is secure.
directories:
- "hosts/nb"

2
buchhaltung.md Normal file
View File

@@ -0,0 +1,2 @@
Bei EU Rechnungen das Hakerl machen bei "Nicht im Inland steuerbare Leistung (außerhalb EU, z.B. Schweiz)"
VXEhGveIHdSj7JKq6zof48vLhKaCo0RJea6DhVqopA8=

1
hosts/fw/modules/unbound.nix
View File

@@ -110,6 +110,7 @@ let
"\"conf.wrwks.at IN A 10.254.240.105\""
"\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
"\"web.lenaschilling.at IN A 159.69.3.18\""
# gaming
"\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\""

2
hosts/mail/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05
https://channels.nixos.org/nixos-24.11

2
hosts/nb/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05
https://channels.nixos.org/nixos-24.11

1
hosts/nb/configuration.nix
View File

@@ -11,6 +11,7 @@ let
impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
in {
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowBroken = true;
security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ];

2
hosts/nb/hardware-configuration.nix
View File

@@ -56,7 +56,7 @@
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau

4
hosts/nb/modules/nvim/chatgpt.nix
View File

@@ -5,8 +5,8 @@ self: super: {
version = "1.0.0";
src = super.fetchgit {
url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git";
rev = "9a9868c991d2c9d0d2f5bc4c065a839f79c8daa1";
sha256 = "sha256-ip+VFMJJWNaoSOyY2nLNVLEb3h37akUdk0du5u81dvc=";
rev = "d6dc98cd586272741eaacf2cd6e94c6a6a1b7da2";
sha256 = "sha256-t9toNPBTGti2ufGYHBVZbEV3DpBX8RK4ayhBlpHgygk=";
};
};
};

2
hosts/nb/modules/nvim/config/lspconfig.lua
View File

@@ -25,7 +25,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities.textDocument.completion.completionItem.snippetSupport = true
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
local servers = { 'tsserver', 'lua', 'cssls', 'yamlls', 'intelephense' }
local servers = { 'ts_ls', 'lua', 'cssls', 'yamlls', 'intelephense' }
for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup {
-- on_attach = on_attach,

7
hosts/nb/modules/nvim/default.nix
View File

@@ -9,7 +9,7 @@
nodePackages.typescript-language-server
sumneko-lua-language-server
nodePackages.intelephense
nodePackages.vscode-css-languageserver-bin
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
gopls
lazygit
@@ -41,6 +41,7 @@
gitsigns-nvim
lightline-vim
lspkind-nvim
mini-icons
neogit
null-ls-nvim
nvim-autopairs
@@ -48,6 +49,7 @@
nvim-colorizer-lua
nvim-lspconfig
nvim-tree-lua
nvim-web-devicons
pkgs.vimPlugins.nvim-treesitter.withAllGrammars
# (nvim-treesitter.withPlugins (_: pkgs.tree-sitter.allGrammars))
plenary-nvim
@@ -61,7 +63,8 @@
vim-sneak
vim-vsnip
which-key-nvim
];
rest-nvim
];
opt = [];
};
customRC = let

8
hosts/nb/modules/steam.nix
View File

@@ -21,13 +21,9 @@
libdecor
];
hardware.opengl = {
hardware.graphics = {
enable = true;
## radv: an open-source Vulkan driver from freedesktop
driSupport = true;
driSupport32Bit = true;
## amdvlk: an open-source Vulkan driver from AMD
enable32Bit = true;
extraPackages = [ pkgs.amdvlk ];
extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
};

4
hosts/nb/modules/sway/rustdesk.nix
View File

@@ -13,7 +13,7 @@ let
in
{
environment.systemPackages = [
pkgs.rustdesk
rustDeskDesktopItem
pkgs.rustdesk-flutter
# rustDeskDesktopItem
];
}

28
hosts/nb/modules/sway/sway.nix
View File

@@ -25,27 +25,24 @@ let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
orca-slicer-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz";
}) {};
apache-ds-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
}) {};
ddev-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz";
}) {};
# ddev-pin = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz";
# }) {};
in {
imports = [
./social.nix
./signal-work.nix
# ./parsec.nix
./rustdesk.nix
# ./rustdesk.nix
./thunderbird.nix
];
environment.variables.XCURSOR_SIZE = "24";
hardware.opengl.extraPackages = [ pkgs.amdvlk ];
hardware.graphics.extraPackages = [ pkgs.amdvlk ];
environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
hardware.pulseaudio.support32Bit = true;
@@ -78,13 +75,16 @@ in {
};
environment.systemPackages = with pkgs; [
alsaUtils
alsa-utils
audacity
apache-ds-pin.apache-directory-studio
bitwarden
bitwarden-cli
rofi-rbw-wayland
cryptomator
# cryptomator
fontforge
code-cursor
quickemu
@@ -111,7 +111,7 @@ in {
})
dbus-sway-environment
ddev-pin.ddev
ddev
dracula-theme
foot
fractal
@@ -119,8 +119,8 @@ in {
git
glib
gimp
gnome.seahorse
gnome3.adwaita-icon-theme
seahorse
adwaita-icon-theme
go
grim
hunspell
@@ -169,7 +169,7 @@ in {
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-cjk-sans
noto-fonts-emoji
nerdfonts
];

1
hosts/nb/users/configs/project_history
View File

@@ -27,3 +27,4 @@
/home/dominik/projects/epicenter.works/dearmep-website
/home/dominik/projects/epicenter.works/padexporter
/home/dominik/projects/cloonar/lena-schilling-website
/home/dominik/projects/cloonar/yaapi

2
hosts/nb/users/default.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz";
in

18
hosts/nb/users/dominik.nix
View File

@@ -152,6 +152,9 @@ in
home.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1";
};
home.packages = [
pkgs.rustdesk-flutter
];
programs.bash = {
enable = true;
@@ -536,8 +539,12 @@ in
set +eu
ssh-keygen -R git.cloonar.com
ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts
git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null
git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null
git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null
git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null
@@ -554,10 +561,9 @@ in
git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null
git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null
git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null
git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null
ssh-keygen -R gitlab.epicenter.works
@@ -632,6 +638,12 @@ in
TERM = "xterm-256color";
};
};
"*.lenaschilling.at" = {
user = "root";
setEnv = {
TERM = "xterm-256color";
};
};
"amz-websrv-01.amz.at" = {
user = "ebs";
setEnv = {

2
hosts/web-arm/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05
https://channels.nixos.org/nixos-24.11

1
hosts/web-arm/configuration.nix
View File

@@ -45,6 +45,7 @@
./sites/stage.myhidden.life.nix
./sites/stage.korean-skin.care.nix
./sites/feeds.jordanrannells.com.nix
./sites/lena-schilling.at.nix
];
nixpkgs.config.permittedInsecurePackages = [

6
hosts/web-arm/modules/authelia/default.nix
View File

@@ -40,11 +40,6 @@
theme = "dark";
default_redirection_url = "https://cloonar.com";
server = {
host = "127.0.0.1";
port = 9091;
};
# log = {
# level = "debug";
# format = "text";
@@ -227,6 +222,7 @@
authorization_policy = "one_factor";
redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
pre_configured_consent_duration = "1y";
token_endpoint_auth_method = "client_secret_post";
scopes = [
"openid"
"profile"

2
hosts/web-arm/modules/nextcloud/default.nix
View File

@@ -23,7 +23,7 @@ in
inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks;
oidc_login = pkgs.fetchNextcloudApp rec {
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz";
sha256 = "sha256-EVHDDFtz92lZviuTqr+St7agfBWok83HpfuL6DFCoTE=";
sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4=";
license = "gpl3";
};
};

19
hosts/web-arm/modules/web/typo3.nix
View File

@@ -50,6 +50,14 @@ let
Authorized keys for the typo3 instance ssh user.
'';
};
acmeRoot = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Directory for the ACME challenge, which is public. Dont put certs or keys in here. Set to null to inherit from config.security.acme.
'';
};
};
};
in
@@ -183,7 +191,7 @@ in
nameValuePair domain {
forceSSL = true;
enableACME = true;
acmeRoot = null;
acmeRoot = instanceOpts.acmeRoot;
root = cfg.dataDir + "/" + domain + "/current/public";
serverAliases = instanceOpts.domainAliases;
@@ -337,13 +345,6 @@ in
# access_log logs/static.log; # I don't usually include a static log
'';
# Cache Media: images, icons, video, audio, HTC
locations."~* \\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = ''
expires 1y;
access_log off;
add_header Cache-Control "public";
'';
# Feed
locations."~* \\.(?:rss|atom)$".extraConfig = ''
expires 1h;
@@ -351,7 +352,7 @@ in
'';
# Cache CSS, Javascript, Images, Icons, Video, Audio, HTC, Fonts
locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = ''
locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc|woff2)$".extraConfig = ''
expires 1y;
access_log off;
add_header Cache-Control "public";

10
hosts/web-arm/sites/lena-schilling.at.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."lena-schilling.at" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1l7DmXwheeQT6F7rf1IgUnHyOaz/NIt4BFyEIwtvOX"
];
phpPackage = pkgs.php83;
};
}

1
hosts/web-arm/sites/lena-schilling.cloonar.dev.nix
View File

@@ -1,6 +1,7 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."lena-schilling.cloonar.dev" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfSWcNj+7jv9IYlsTcSqTJImuy0db6e1wGWiFKW4M4Y"
];

6
utils/modules/nginx.nix
View File

@@ -1,6 +1,12 @@
{ config, pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: {
imagemagick = pkgs.imagemagick.override {
libwebp = pkgs.libwebp;
};
};
environment.systemPackages = with pkgs; [
imagemagick
ghostscript