Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Cloonar:e2add63337d6f9b6dbf087f58d65d9f4952d6ac6
Branches Tags
Cloonar:master
...
compare: Cloonar:9a5a28098c3dc80c5843b6fdf38f0a7149263fd8
Branches Tags
Cloonar:master

4 Commits
e2add63337 ... 9a5a28098c

Author SHA1 Message Date
Dominik Polakovics
9a5a28098c changes 2025-04-25 20:35:33 +02:00
Dominik Polakovics
9cfc423a38 add ai mailer 2025-03-02 03:41:42 +01:00
Dominik Polakovics
3b043eaf6d add vscode server microvm and update user configurations 2025-03-01 15:31:17 +01:00
Dominik Polakovics
386b70314d many changes 2025-02-23 16:00:33 +01:00
62 changed files with 2485 additions and 470 deletions
Expand all files Collapse all files

8
.sops.yaml
View File

@@ -13,6 +13,7 @@ keys:
- &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
- &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
- &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
- &gpd-win4 age1ceg548u5ma6rgu3xgvd254y5xefqrdqfqhcjsjp3255q976fgd2qaua53d
creation_rules:
- path_regex: ^[^/]+\.yaml$
@@ -27,6 +28,13 @@ creation_rules:
- *bitwarden
- *dominik
- *dominik2
- path_regex: hosts/gpd-win4/[^/]+\.yaml$
key_groups:
- age:
- *bitwarden
- *dominik
- *dominik2
- *gpd-win4
- path_regex: hosts/fw/[^/]+\.yaml$
key_groups:
- age:

215
esphome/livingroom-bulb-1.yaml
View File

@@ -1,24 +1,38 @@
substitutions:
device_name: "livingroom-bulb-1"
name: "livingroom-bulb-1"
friendly_name: "Living Room Bulb 1"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +46,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +72,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

215
esphome/livingroom-bulb-2.yaml
View File

@@ -1,24 +1,38 @@
substitutions:
device_name: "livingroom-bulb-2"
name: "livingroom-bulb-2"
friendly_name: "Living Room Bulb 2"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +46,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +72,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

226
esphome/livingroom-bulb-3.yaml
View File

@@ -1,24 +1,49 @@
substitutions:
device_name: "livingroom-bulb-3"
name: "livingroom-bulb-3"
friendly_name: "Living Room Bulb 3"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
globals:
- id: fast_boot
type: int
restore_value: yes
initial_value: '0'
- id: restore_mode
type: int
restore_value: yes
initial_value: "1"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +57,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +83,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

226
esphome/livingroom-bulb-4.yaml
View File

@@ -1,24 +1,49 @@
substitutions:
device_name: "livingroom-bulb-4"
name: "livingroom-bulb-4"
friendly_name: "Living Room Bulb 4"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
globals:
- id: fast_boot
type: int
restore_value: yes
initial_value: '0'
- id: restore_mode
type: int
restore_value: yes
initial_value: "1"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +57,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +83,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

226
esphome/livingroom-bulb-5.yaml
View File

@@ -1,24 +1,49 @@
substitutions:
device_name: "livingroom-bulb-5"
name: "livingroom-bulb-5"
friendly_name: "Living Room Bulb 5"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
globals:
- id: fast_boot
type: int
restore_value: yes
initial_value: '0'
- id: restore_mode
type: int
restore_value: yes
initial_value: "1"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +57,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +83,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

226
esphome/livingroom-bulb-6.yaml
View File

@@ -1,24 +1,49 @@
substitutions:
device_name: "livingroom-bulb-6"
name: "livingroom-bulb-6"
friendly_name: "Living Room Bulb 6"
room: "Living Room"
device_description: "athom 7w rgbcw light bulb"
project_name: "Athom Technology.Athom RGBCW Bulb"
dns_domain: ".cloonar.smart"
timezone: ""
sntp_update_interval: 6h
sntp_server_1: "0.pool.ntp.org"
sntp_server_2: "1.pool.ntp.org"
sntp_server_3: "2.pool.ntp.org"
log_level: "WARN"
globals:
- id: fast_boot
type: int
restore_value: yes
initial_value: '0'
- id: restore_mode
type: int
restore_value: yes
initial_value: "1"
esphome:
name: ${device_name}
comment: ${friendly_name}
platform: ESP8266
board: esp01_1m
name: "${name}"
friendly_name: "${friendly_name}"
comment: "${device_description}"
area: "${room}"
name_add_mac_suffix: false
min_version: 2024.6.0
project:
name: "${project_name}"
version: "${project_version}"
on_boot:
priority: 300
then:
- light.turn_on:
id: my_light
id: rgbww_light
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 20%
- delay: 100ms
- light.turn_on:
id: my_light
id: rgbww_light
red: 100%
green: 50%
blue: 0%
@@ -32,16 +57,25 @@ interval:
api.connected: # check if api connected
else:
- light.turn_on:
id: my_light
id: rgbww_light
brightness: 100%
# Enable Home Assistant API
esp8266:
board: esp8285
restore_from_flash: true
preferences:
flash_write_interval: 1min
api:
ota:
- platform: esphome
logger:
ota:
platform: esphome
mdns:
disabled: false
wifi:
ssid: !secret wifi_ssid
@@ -49,32 +83,158 @@ wifi:
fast_connect: True
domain: .cloonar.smart
light:
- platform: rgbw
id: my_light
name: ${friendly_name}
red: pwm_r
green: pwm_g
blue: pwm_b
white: pwm_w
captive_portal:
dashboard_import:
package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml
binary_sensor:
- platform: status
name: "Status"
entity_category: diagnostic
sensor:
- platform: uptime
name: "Uptime Sensor"
id: uptime_sensor
entity_category: diagnostic
internal: true
- platform: wifi_signal
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
button:
- platform: restart
name: "Restart"
entity_category: config
- platform: factory_reset
name: "Factory Reset"
id: Reset
entity_category: config
- platform: safe_mode
name: "Safe Mode"
internal: false
entity_category: config
output:
- platform: esp8266_pwm
pin: GPIO13
frequency: 1000 Hz
id: pwm_r
id: red_output
pin: GPIO4
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: green_output
pin: GPIO12
frequency: 1000 Hz
id: pwm_g
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: blue_output
pin: GPIO14
frequency: 1000 Hz
id: pwm_b
min_power: 0.000499
max_power: 1
- platform: esp8266_pwm
id: warm_white_output
pin: GPIO13
min_power: 0.000499
max_power: 0.9
- platform: esp8266_pwm
id: white_output
pin: GPIO5
frequency: 1000 Hz
id: pwm_w
min_power: 0.000499
max_power: 0.9
light:
- platform: rgbww
id: rgbww_light
name: "RGBCW_Bulb"
red: red_output
green: green_output
blue: blue_output
warm_white: warm_white_output
cold_white: white_output
cold_white_color_temperature: 6000 K
warm_white_color_temperature: 3000 K
color_interlock: true
text_sensor:
- platform: wifi_info
ip_address:
name: "IP Address"
entity_category: diagnostic
ssid:
name: "Connected SSID"
entity_category: diagnostic
mac_address:
name: "Mac Address"
entity_category: diagnostic
# Creates a sensor showing when the device was last restarted
- platform: template
name: 'Last Restart'
id: device_last_restart
icon: mdi:clock
entity_category: diagnostic
# device_class: timestamp
# Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds
- platform: template
name: "Uptime"
entity_category: diagnostic
lambda: |-
int seconds = (id(uptime_sensor).state);
int days = seconds / (24 * 3600);
seconds = seconds % (24 * 3600);
int hours = seconds / 3600;
seconds = seconds % 3600;
int minutes = seconds / 60;
seconds = seconds % 60;
if ( days > 3650 ) {
return { "Starting up" };
} else if ( days ) {
return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( hours ) {
return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else if ( minutes ) {
return { (String(minutes) +"m "+ String(seconds) +"s").c_str() };
} else {
return { (String(seconds) +"s").c_str() };
}
icon: mdi:clock-start
time:
- platform: sntp
id: sntp_time
# Define the timezone of the device
timezone: "${timezone}"
# Change sync interval from default 5min to 6 hours (or as set in substitutions)
update_interval: ${sntp_update_interval}
# Set specific sntp servers to use
servers:
- "${sntp_server_1}"
- "${sntp_server_2}"
- "${sntp_server_3}"
# Publish the time the device was last restarted
on_time_sync:
then:
# Update last restart time, but only once.
- if:
condition:
lambda: 'return id(device_last_restart).state == "";'
then:
- text_sensor.template.publish:
id: device_last_restart
state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");'

57
gpd-win-4.md Normal file
View File

@@ -0,0 +1,57 @@
I want a wall-mounted docking solution for my GPD Win 4, designed in OpenSCAD 2021.1. Here are the requirements and clarifications:
Orientation & Fit
The GPD Win 4 should be inserted upside down (top facing down), with the screen facing the wall.
It slides in from the top and is guided by side rails.
There should be a small clearance so the GPD Win 4 can be easily inserted/removed without excessive friction.
Front Rail (Lip)
Side Rails:
The dock should have two side rails that run from top to bottom, guiding the GPD Win 4.
The front is open for airflow.
However, there should be a small lip (front rail) on each side, running from top to bottom and connected to the side rails. This lip prevents the GPD Win 4 from falling out forward.
Back Plate / Wall Mount
The dock has a solid back plate that mounts to the wall with two countersunk screws.
The default spacing and size of these screws can be parameterized (e.g., an M4 or M3 countersunk hole).
The back plate thickness should be sufficient for strength (e.g., 34 mm).
No special side or back vents are needed.
Cable Brackets
At the bottom, back, inside the dock, there are two brackets, one for a 90° USB-C cable (standard USB-C power) and one for a 90° Oculink flat cable.
The back plate should be open where these two brackets are, so the cables can exit the dock.
Each bracket should have:
An opening on the side facing the wall, to allow the cable to pass behind (i.e., into or through the wall).
A hole for an M3 screw that presses against the cable from the side to lock it in place.
Enough space to seat a 90° connector so it points upwards to plug into the GPD Win 4.
Parametric Design
The design should be fully parameterized in OpenSCAD, including (but not limited to) the following parameters:
device_width, device_thickness, device_length (for the GPD Win 4)
clearance_x, clearance_y, clearance_z (how much extra space around the device)
wall_plate_thickness
rail_thickness
front_rail_lip_width or front_rail_lip_thickness
wall_mount_screw_hole_diameter, wall_mount_screw_spacing (for countersunk screws)
bracket_inner_width_usbC, bracket_inner_height_usbC (for the USB-C connector dimensions)
bracket_inner_width_oculink, bracket_inner_height_oculink (for the Oculink connector dimensions)
m3_side_screw_hole_diameter (the hole that lets an M3 screw clamp the cable from the side)
Any other geometry parameters (openings for cables, bracket thickness, etc.)
Defaults
Please choose default dimensions that accurately reflect:
Approximate GPD Win 4 size (if not exact, then close estimates).
Standard 90° USB-C and 90° Oculink connector sizes.
Typical M3 screws for cable clamps.
Countersunk holes for M3 or M4 wall screws (whichever you prefer).
Version
This must render successfully in OpenSCAD 2021.1.
Summary
The final output should be an OpenSCAD file that, when the parameters are set to their defaults, produces the described wall-mounted docking station for the GPD Win 4 with side rails, minimal front lip, bracket cutouts for cables, and properly sized holes for screws.
If any additional measurements or details are needed, please ask.

2
hosts/fw/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05
https://channels.nixos.org/nixos-24.11

9
hosts/fw/configuration.nix
View File

@@ -26,9 +26,14 @@
./modules/ddclient.nix
# ./modules/wol.nix
# microvm
./modules/microvm.nix
./modules/gitea-vm.nix
# ./modules/vscode-server.nix # Add VS Code Server microvm
./modules/ai-mailer.nix
./modules/wazuh.nix
# web
./modules/web
@@ -37,6 +42,9 @@
./modules/gitea.nix
./modules/fwmetrics.nix
# ha customers
./modules/ha-customers
# ./modules/firefox-sync.nix
# home assistant
@@ -70,6 +78,7 @@
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"mongodb"
"ai-mailer"
];
time.timeZone = "Europe/Vienna";

100
hosts/fw/modules/ai-mailer.nix Normal file
View File

@@ -0,0 +1,100 @@
{ config, pkgs, ... }:
{
users.users.ai-mailer = {
isSystemUser = true;
group = "ai-mailer";
home = "/var/lib/ai-mailer";
createHome = true;
description = "AI Mailer service user";
};
users.groups.ai-mailer = { };
environment.etc."ai-mailer/config.yaml" = {
mode = "0400";
user = "ai-mailer";
group = "ai-mailer";
text = ''
imap:
server: "imap.cloonar.com"
port: 993
username: "paraclub-test@cloonar.com"
password: "file://${config.sops.secrets.ai-mailer-imap-password.path}"
mailbox_in: "INBOX"
draft_box: "Drafts"
processed_box: "INBOX/Done"
use_tls: true
ai:
openrouter_api_key: "file://${config.sops.secrets.ai-mailer-openrouter-key.path}"
model: "deepseek/deepseek-r1-distill-llama-70b"
temperature: 0.3
max_tokens: 100000
context:
urls:
- "https://paraclub.cloonar.dev/de/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/alle-infos/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/kosten-tandemsprung/"
- "https://paraclub.cloonar.dev/de/ueber-uns/anfahrt/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/faq/"
- "https://paraclub.cloonar.dev/de/ausbildung/uebersicht/"
- "https://paraclub.cloonar.dev/de/ausbildung/aff-ablauf/"
- "https://paraclub.cloonar.dev/de/ausbildung/kurstermine/"
- "https://paraclub.cloonar.dev/de/ausbildung/anmeldung/"
- "https://paraclub.cloonar.dev/de/ausbildung/kosten/"
polling:
interval: "30s"
logging:
level: "info"
file_path: "/var/log/ai-mailer/ai-mailer.log"
'';
};
sops.secrets.ai-mailer-imap-password = {
owner = "ai-mailer";
};
sops.secrets.ai-mailer-openrouter-key = {
owner = "ai-mailer";
};
systemd.services.ai-mailer = {
description = "AI Mail Assistant Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "ai-mailer";
Group = "ai-mailer";
WorkingDirectory = "/var/lib/ai-mailer";
ExecStart = "${pkgs.ai-mailer}/bin/ai-mailer -config /etc/ai-mailer/config.yaml";
Restart = "always";
RestartSec = "10s";
StateDirectory = "ai-mailer";
LogsDirectory = "ai-mailer";
RuntimeDirectory = "ai-mailer";
# Security settings
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
};
};
}

3
hosts/fw/modules/ddclient.nix
View File

@@ -2,7 +2,7 @@
{
services.ddclient = {
enable = true;
use = "if, if=wan";
usev4 = "if, if=wan";
protocol = "hetzner";
# server = "https://dns.hetzner.com/api/v1/";
username = "dominik.polakovics@cloonar.com";
@@ -15,6 +15,7 @@
"palworld.cloonar.com"
"matrix.cloonar.com"
"element.cloonar.com"
"tinder.cloonar.com"
];
};

6
hosts/fw/modules/dhcp4.nix
View File

@@ -22,6 +22,7 @@
renew-timer = 1000;
subnet4 = [
{
id = 96;
pools = [
{
pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240";
@@ -67,6 +68,7 @@
}
{
id = 97;
pools = [
{
pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240";
@@ -122,6 +124,7 @@
];
}
{
id = 101;
pools = [
{
pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240";
@@ -152,6 +155,7 @@
];
}
{
id = 99;
pools = [
{
pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240";
@@ -212,6 +216,7 @@
];
}
{
id = 254;
pools = [
{
pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254";
@@ -231,6 +236,7 @@
];
}
{
id = 100;
pools = [
{
pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240";

4
hosts/fw/modules/gitea.nix
View File

@@ -84,6 +84,9 @@ in
HTTP_PORT = 3001;
DOMAIN = domain;
};
repository = {
DEFAULT_BRANCH = "main";
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
@@ -94,6 +97,7 @@ in
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
ENABLE_NOTIFY_MAIL = true;
REQUIRE_SIGNIN_VIEW = false;
};
mailer = {
ENABLED = true;

6
hosts/fw/modules/ha-customers/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
imports = [
./ghetto.nix
];
}

29
hosts/fw/modules/ha-customers/ghetto.nix Normal file
View File

@@ -0,0 +1,29 @@
{
lib,
pkgs,
...
}: let
create_users = host: {
users.users."${host.username}.ghetto.at" = {
createHome = true;
home = "/home/customers/ghetto/" + host.username;
isNormalUser = false;
isSystemUser = true;
group = "sftp_users";
openssh.authorizedKeys.keys = [
host.key
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
];
shell = null;
};
};
users = [
{
username = "fw";
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzJRWe8hsqAVnGSjPrcheloteWMzORoQ5Gj4IfhCROF";
}
];
in {
imports = builtins.map create_users users;
}

4
hosts/fw/modules/home-assistant/default.nix
View File

@@ -4,7 +4,7 @@ let
pkgs-with-home-assistant = import (builtins.fetchGit {
name = "new-home-assistant";
url = "https://github.com/nixos/nixpkgs/";
rev = "41dea55321e5a999b17033296ac05fe8a8b5a257";
rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11";
}) {};
networkPrefix = config.networkPrefix;
in
@@ -161,7 +161,7 @@ in
};
script = ''
set -e
HACS_VERSION="2.0.1" # Replace with the latest version
HACS_VERSION="2.0.5" # Replace with the latest version
HACS_DIR="/var/lib/hass/custom_components/hacs"
mkdir -p "$HACS_DIR"

16
hosts/fw/modules/home-assistant/light.nix
View File

@@ -140,8 +140,8 @@
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 20;
rgbw_color = [ 255 126 0 255 ];
brightness_pct = 30;
color_temp = 450;
};
}
];
@@ -372,12 +372,12 @@
all = true;
entities = [
"light.livingroom_switch"
"light.living_room_bulb_1"
"light.living_room_bulb_2"
"light.living_room_bulb_3"
"light.living_room_bulb_4"
"light.living_room_bulb_5"
"light.living_room_bulb_6"
"light.livingroom_bulb_1_rgbcw_bulb"
"light.livingroom_bulb_2_rgbcw_bulb"
"light.livingroom_bulb_3_rgbcw_bulb"
"light.livingroom_bulb_4_rgbcw_bulb"
"light.livingroom_bulb_5_rgbcw_bulb"
"light.livingroom_bulb_6_rgbcw_bulb"
];
}
{

7
hosts/fw/modules/home-assistant/multimedia.nix
View File

@@ -76,7 +76,7 @@
{
service = "automation.turn_off";
target = {
entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID
entity_id = "automation.all_multimedia_off";
};
}
{
@@ -115,7 +115,7 @@
{
service = "automation.turn_on";
target = {
entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID
entity_id = "automation.all_multimedia_off";
};
}
];
@@ -289,6 +289,9 @@
command = "b64:JgDaAAABKZMUERMSExITEhMSExETEhMSExITEhMSExETNxQ2ExITEhMSEzcTNxM3ExITEhM3ExITNxMSEhITEhM3EzcTEhM3EwAFyAABKJQUERMSEhITEhMSExITEhMSEhITEhMSExITNxM3ExITEhMREzcTNxQ3EhITEhM3ExITNxMSExITEhM3EzcTEhM3EwAFyAABKJQUERMSExETEhMSExITEhMSExETEhMSExITNxM3ExITEhMREzcTOBI4ExETEhM3ExITNxMSExITEhM3EzcTEhM3E5IGAA0FAAAAAAAAAAAAAAAAAAA=";
};
}
{
delay = 20;
}
# turn off tv switch
{
service = "switch.turn_off";

1
hosts/fw/modules/setupnetwork.nix
View File

@@ -26,6 +26,7 @@
};
subnet4 = [
{
id = 110;
pools = [
{
pool = "${config.networkPrefix}.110.100 - ${config.networkPrefix}.110.240";

84
hosts/fw/modules/tinder-api.nix Normal file
View File

@@ -0,0 +1,84 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.tinder-api-wrapper;
in {
options.services.tinder-api-wrapper = with lib; {
enable = mkEnableOption "Tinder API wrapper service";
port = mkOption {
type = types.port;
default = 8080;
description = "Port to listen on";
};
apiEndpoint = mkOption {
type = types.str;
default = "https://api.gotinder.com";
description = "Target Tinder API endpoint URL";
};
user = mkOption {
type = types.str;
default = "tinder-api";
description = "User account to run service.";
};
group = mkOption {
type = types.str;
default = "tinder-api";
description = "Group account to run service.";
};
};
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [
(self: super: {
tinder-api-wrapper = self.callPackage ../pkgs/tinder-api.nix {};
})
];
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
description = "Tinder API wrapper service user";
};
users.groups.${cfg.group} = {};
systemd.services.tinder-api-wrapper = {
description = "Tinder API Wrapper Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.tinder-api-wrapper}/bin/server -listen :${toString cfg.port} -target ${cfg.apiEndpoint}";
Restart = "always";
RestartSec = "10";
# Hardening
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
};
};
};
}

4
hosts/fw/modules/unbound.nix
View File

@@ -54,6 +54,9 @@ let
"\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\""
"\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\""
"\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\""
"\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\""
"\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\""
"\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\""
"\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\""
@@ -61,6 +64,7 @@ let
"\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"element.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"support.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"git.cloonar.com IN A ${config.networkPrefix}.97.50\""
"\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\""

40
hosts/fw/modules/vscode-server.nix Normal file
View File

@@ -0,0 +1,40 @@
{config, pkgs, lib, ...}:
let
hostname = "vscode-server";
unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") {
config = config.nixpkgs.config;
system = pkgs.system;
};
in {
microvm.vms.${hostname} = {
autostart = true;
config = { config, pkgs, ... }: {
networking.hostName = hostname;
services.code-server = {
enable = true;
host = "0.0.0.0";
port = 8080;
auth = "none";
extensions = with pkgs.vscode-extensions; [
github.copilot
ms-azuretools.vscode-docker
];
};
environment.systemPackages = [
unstable.ddev
];
# Docker is required for ddev
virtualisation.docker.enable = true;
};
interfaces = [{
type = "tap";
id = "vm-${hostname}";
mac = "02:00:00:00:01:01";
}];
};
}

58
hosts/fw/modules/wazuh.nix Normal file
View File

@@ -0,0 +1,58 @@
{ config, pkgs, ... }:
{
virtualisation.oci-containers.containers = {
# Wazuh Manager Container
wazuh-manager = {
autoStart = false;
image = "docker://wazuh/wazuh-manager:latest";
volumes = [
"/var/lib/wazuh:/var/ossec"
];
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:01"
"--ip=${config.networkPrefix}.97.31"
];
};
# Wazuh Indexer Container (Elasticsearch)
wazuh-indexer = {
autoStart = false;
image = "docker://wazuh/wazuh-indexer:latest";
volumes = [
"/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
];
environment = {
"discovery.type" = "single-node";
};
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:02"
"--ip=${config.networkPrefix}.97.32"
];
};
# Wazuh Dashboard Container (Kibana)
wazuh-dashboard = {
autoStart = false;
image = "docker://wazuh/wazuh-dashboard:latest";
volumes = [
"/var/lib/wazuh-indexer:/usr/share/elasticsearch/data"
];
environment = {
"discovery.type" = "single-node";
};
environment = {
# Optionally, configure to connect to the indexer/manager:
WAZUH_INDEXER_URL = "http://wazuh-indexer.cloonar.com:9200";
WAZUH_MANAGER_URL = "http://wazuh-manager.cloonar.com:55000";
};
extraOptions = [
"--network=server"
"--mac-address=10:10:00:00:00:03"
"--ip=${config.networkPrefix}.97.33"
];
};
};
}

2
hosts/fw/modules/web/default.nix
View File

@@ -52,11 +52,13 @@ in {
../network-prefix.nix
../../utils/modules/sops.nix
../../utils/modules/lego/lego.nix
../../modules/tinder-api.nix
# ../../utils/modules/borgbackup.nix
./zammad.nix
./proxies.nix
./matrix.nix
./tinder-api.nix
];
networkPrefix = config.networkPrefix;

28
hosts/fw/modules/web/tinder-api.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
services.tinder-api-wrapper = {
enable = true;
port = 8080; # default port
apiEndpoint = "https://api.gotinder.com";
};
services.nginx.virtualHosts."tinder.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
extraConfig =
"proxy_set_header X-Forwarded-Proto 'https';" +
"proxy_set_header X-Forwarded-Ssl on;" +
"proxy_connect_timeout 300;" +
"proxy_send_timeout 300;" +
"proxy_read_timeout 300;" +
"send_timeout 300;"
;
};
};
}

21
hosts/fw/pkgs/tinder-api.nix Normal file
View File

@@ -0,0 +1,21 @@
{ lib, buildGoModule, fetchgit }:
buildGoModule rec {
pname = "tinder-api-wrapper";
version = "0.1.0";
src = fetchgit {
url = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper.git";
rev = "e99b56e4346ac4ae5c1e0747e51ff3a0259440d3";
sha256 = "sha256-ZGuoFVaTBJcnGiToNvk+MRD+zW9IUQldbbqFVLEfkeU=";
};
vendorHash = null;
meta = with lib; {
description = "Tinder API Wrapper Service";
homepage = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper";
license = licenses.mit;
maintainers = with maintainers; [ /* add maintainers */ ];
};
}

8
hosts/fw/secrets.yaml
View File

@@ -7,6 +7,8 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc
wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str]
wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str]
gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str]
ai-mailer-imap-password: ENC[AES256_GCM,data:T3V9hS24fwzj1Lx2Za508fYiw8r/GmEDAaX1tGSGQCgcVfxnQ6kfncoGPEU0CGL6Vw==,iv:Z/5LxQpcWwu7U11wtXYlQ/papepm5tzgMhE2heFE7to=,tag:EESXRY7WXpus2q/vd19vbw==,type:str]
ai-mailer-openrouter-key: ENC[AES256_GCM,data:PCe8kt/M+7g087AKzYMY2H5WO4L+NGkHLsh47fMK36kz+Ju5kd/kpmM4GQcDbI3LgWm/P+T0/mv7kGGOL6KLmBFaFmGV/88cGw==,iv:ruVftGvnv+PX1Zd92tfOezpyaMbYrqCrexelyPUYFMc=,tag:z4JVUCfz/frehar6y+fOlQ==,type:str]
gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str]
gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str]
home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str]
@@ -57,8 +59,8 @@ sops:
WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j
eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T21:39:00Z"
mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str]
lastmodified: "2025-03-01T22:14:10Z"
mac: ENC[AES256_GCM,data:UWwjvi8jLNgu4l7ldMYtkAATm3y5+BSxbCuPN/e1OC4/3ULYJndqFLfTOMpqQbj2+uHo3onelK4f0MAJuSH0oUx58CclkNBBLE0RXafxbowa7kJtTNDfTboJNqH7rFmhGhqCtHAOOpKBuowqoOUHP5BtzZfucra0Q/pIJt5lma0=,iv:iJEW/mTbizioPSN8G+WqHSipx8P6VCDrVG/Cmk+MBUc=,tag:L4OkeKec5AZdCrpUrnqcOA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.4

168
hosts/gpd-win4/configuration.nix
View File

@@ -1,21 +1,89 @@
{ config, lib, pkgs, ... }:
{
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
in {
imports = [
"${impermanence}/nixos.nix"
./hardware-configuration.nix
./sway/sway.nix
./nvim/default.nix
# (Optional) comment out if you dont want Sway as default:
# ./modules/sway/sway.nix
./modules/nvim/default.nix
./utils/bento.nix
./utils/modules/sops.nix
./utils/modules/nur.nix
./utils/modules/autoupgrade.nix
./users
# Import our new steam-deck-mode module
./modules/steam-deck-mode.nix
];
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
];
services.gvfs.enable = true;
fonts.packages = with pkgs; [
git
git-lfs
open-sans
nix-prefetch
jq
oh-my-zsh
zsh-autosuggestions
zsh-completions
zsh-syntax-highlighting
zsh-history-substring-search
creality-print
];
programs.zsh = {
enable = true;
ohMyZsh = {
enable = true; # Enable Oh My Zsh
theme = "steeef"; # Set theme
plugins = [ "git" ]; # Add plugins
};
};
users.defaultUserShell = pkgs.zsh;
services.fwupd.enable = true;
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/home"
];
};
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/root/.ssh"
"/var/bento"
"/var/log"
"/var/lib/bluetooth"
"/var/lib/docker"
"/var/lib/nixos"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
{ file = "/etc/ssh/ssh_host_ed25519_key"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
{ file = "/etc/ssh/ssh_host_ed25519_key.pub"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.defaultSopsFile = ./secrets.yaml;
networking.hostName = "gpd-win4";
time.timeZone = "Europe/Vienna";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowBroken = true;
console.keyMap = "de";
@@ -26,19 +94,89 @@
users.users.dominik = {
isNormalUser = true;
hashedPassword = ""; # Replace with real hash
extraGroups = [ "wheel" "video" "audio" "input" ];
hashedPassword = "$y$j9T$btz9xel62NjCyLdQRm5ck1$iCm6R7u4wiMeSVfrB6Y.3UwoQJ/rfkXiYSrXI2RTYm/";
extraGroups = [ "wheel" "disk" "video" "audio" "mysql" "docker" "vboxusers" "networkmanager" "onepassword" "onepassword-cli" "dialout" ]; # Enable sudo for the user.
};
powerManagement.cpuFreqGovernor = "powersave";
virtualisation.docker.enable = true;
# In case you want a persistent /home or other directories:
# environment.persistence."/nix/persist" = {
# hideMounts = true;
# directories = [ "/home" ];
# };
sops.secrets.epicenter_vpn_ca = {};
sops.secrets.epicenter_vpn_cert = {};
sops.secrets.epicenter_vpn_key = {};
sops.secrets.wg-cloonar-key = {};
# This system tries to unify the "Steam Deck Mode" and "Sway" approach
# with toggling via systemd user services.
system.stateVersion = "24.05";
environment.systemPackages = with pkgs; [
bento
docker-compose
drone-cli
git-filter-repo
nix-prefetch-git
vim
wget
wireguard-tools
# Fingerprint packages for normal system (enrollment, management)
fprintd
libfprint-2-tod1-goodix
];
environment.variables = {
TERMINAL_COMMAND = "alacritty";
};
services.blueman.enable = true;
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.42.98.203/32" ];
privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
peers = [
{
publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
allowedIPs = [
"10.42.96.0/20"
"10.254.240.0/24"
"10.254.235.0/24"
"10.14.0.0/16"
"10.25.0.0/16"
];
endpoint = "vpn.cloonar.com:51820";
persistentKeepalive = 25;
}
];
postSetup = ''
printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x
'';
};
};
nix = {
settings.auto-optimise-store = true;
settings.experimental-features = [ "nix-command" "flakes" ];
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
extraOptions = ''
min-free = 104857600
max-free = 1073741824
'';
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.displayManager.defaultSession = "gnome";
# Enable fprintd for fingerprint authentication in the OS
services.fprintd.enable = true;
# In some NixOS releases, GDM forcibly sets fprintAuth = false.
# We'll override them with mkForce. Also note that the display managers
# PAM config might be "gdm-password" rather than just "gdm".
security.pam.services."login".fprintAuth = lib.mkForce true;
security.pam.services."gdm-password".fprintAuth = lib.mkForce true;
system.stateVersion = "24.11";
}

57
hosts/gpd-win4/hardware-configuration.nix
View File

@@ -4,40 +4,55 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 5;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = [ "amdgpu" "kvm-amd" ];
# Use systemd in the initrd
boot.initrd.systemd.enable = true;
# Include fingerprint packages in the initrd so you can unlock LUKS with fingerprint
boot.initrd.systemd.packages = [
pkgs.fprintd
pkgs.libfprint-2-tod1-goodix
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [];
boot.kernelModules = [ "amdgpu" "kvm-amd" ];
boot.extraModulePackages = [];
hardware.cpu.amd.updateMicrocode = lib.mkDefault true;
fileSystems."/" =
{
# Ephemeral root on tmpfs
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [ "size=16G" "mode=755" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/856e1ebe-832f-422d-8d91-d43a5d852abb";
fsType = "f2fs";
};
boot.initrd = {
luks.devices."enc" = {
crypttabExtraOpts = [ "fido2-device=auto" ];
device = "/dev/disk/by-uuid/08897ecb-23ce-4352-a1fc-fa442b9e0f72";
};
systemd.enable = true;
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/1521-B173";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8BC1-69F5";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/7530231d-afe3-4571-934b-826d7b1702b2";
fsType = "f2fs";
};
boot.initrd.luks.devices."luks-1506e138-e941-43e1-a133-06ae3299b62b".device =
"/dev/disk/by-uuid/1506e138-e941-43e1-a133-06ae3299b62b";
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [

98
hosts/gpd-win4/modules/steam-deck-mode.nix
View File

@@ -2,77 +2,59 @@
let
cfgUser = "dominik"; # Adjust to your username
in {
#### 1) Provide two scripts:
#### - `steam-deck-mode.sh`: Runs Steam Big Picture with Gamescope (Wayland).
#### - `sway-session.sh`: Starts Sway.
environment.etc."steam-deck-mode.sh".text = ''
#!/usr/bin/env bash
# This script launches Steam in Big Picture mode under Gamescope (Wayland).
# Once Steam (or Gamescope) exits, the systemd user service stops.
# The ExecStopPost hook in the user service will then start Sway automatically.
# For safety, kill any existing Steam instance
# Launches Steam in Big Picture with Gamescope.
# On exit, user service stops, triggering ExecStopPost to start GNOME.
pgrep steam && steam -shutdown || true
sleep 1
# Use Gamescope in fullscreen mode, exit on Steam exit, run Steam in Gamepad UI
exec gamescope -W 1280 -H 800 -f -e -- steam -gamepadui
'';
environment.etc."sway-session.sh".text = ''
environment.etc."gnome-session.sh".text = ''
#!/usr/bin/env bash
# This script starts a Sway session. When Sway exits, the user service stops,
# which triggers ExecStopPost to start Steam Big Picture again.
exec sway
# Start a GNOME session
exec gnome-session
'';
#### Make these scripts executable via a simple systemd service:
systemd.services."make-scripts-executable" = {
description = "Make steam-deck-mode.sh and sway-session.sh executable";
description = "Make steam-deck-mode and gnome-session scripts executable";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = [
"${pkgs.coreutils}/bin/chmod +x /etc/steam-deck-mode.sh"
"${pkgs.coreutils}/bin/chmod +x /etc/sway-session.sh"
"${pkgs.coreutils}/bin/chmod +x /etc/gnome-session.sh"
];
};
#### 2) Create two systemd *user* services:
#### - steam-deck-mode: On stop, automatically start sway
#### - sway: On stop, automatically start steam-deck-mode
# Steam Deck Mode service
systemd.user.services."steam-deck-mode" = {
description = "Steam Deck Mode (Wayland Gamescope + Steam Big Picture)";
wantedBy = [ "default.target" ]; # So we can enable it for the user
description = "Steam Deck Mode (Gamescope + Steam Big Picture)";
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "/etc/steam-deck-mode.sh";
# On exit, automatically trigger Sway
ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start sway";
Restart = "no"; # If Steam crashes, you can change to 'on-failure' if desired
ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start gnome-session";
Restart = "no";
};
};
systemd.user.services."sway" = {
description = "Sway WM Session";
wantedBy = [ ]; # We won't start this on login by default, but from steam or a script
# GNOME Session (Wayland) service
systemd.user.services."gnome-session" = {
description = "GNOME Session (Wayland)";
wantedBy = [ ];
serviceConfig = {
Type = "simple";
ExecStart = "/etc/sway-session.sh";
# On exit, automatically trigger Steam Deck Mode
ExecStart = "/etc/gnome-session.sh";
ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start steam-deck-mode";
Restart = "no";
};
};
#### 3) Provide a script & desktop entry to let you switch from Sway to Game Mode easily
#### (i.e., stop the 'sway' service, which triggers Steam).
# Quick script to switch from GNOME to Steam Big Picture
environment.etc."switch-to-game-mode.sh".text = ''
#!/usr/bin/env bash
# This script stops Sway, causing the user service to exit
# The ExecStopPost of that service will start steam-deck-mode automatically.
${pkgs.systemd}/bin/systemctl --user stop sway
# Stop GNOME => triggers Steam in ExecStopPost
${pkgs.systemd}/bin/systemctl --user stop gnome-session
'';
systemd.services."make-switch-to-game-mode-executable" = {
@@ -86,21 +68,24 @@ in {
environment.etc."xdg/applications/switch-to-game-mode.desktop".text = ''
[Desktop Entry]
Name=Switch to Game Mode
Comment=Stop Sway and start Steam Big Picture (Gamescope)
Comment=Stop GNOME and start Steam (Gamescope)
Exec=/etc/switch-to-game-mode.sh
Terminal=false
Type=Application
Categories=Game;
'';
#### 4) If you want to start directly in Steam Deck Mode on boot (no display manager),
#### enable auto-login on TTY and run the user service for "dominik".
#### For example (uncomment if you want an immediate console login):
# services.getty.autologinUser = cfgUser;
# systemd.user.services."steam-deck-mode".wantedBy = [ "default.target" ]; # already set
# You'd do 'systemctl --user enable steam-deck-mode' as that user to start it on login.
# Update to new hardware.graphics.* options
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
#### 5) Additional recommended gaming packages if not set elsewhere:
# Include AMD Vulkan for 64bit & 32bit
hardware.graphics.extraPackages = [
pkgs.amdvlk
pkgs.driversi686Linux.amdvlk
];
# A recommended set of gaming packages
environment.systemPackages = with pkgs; [
steam
gamemode
@@ -108,22 +93,11 @@ in {
vulkan-tools
vulkan-loader
vulkan-headers
# ...
];
#### 6) Enable 32-bit support for Steam
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages = [
pkgs.amdvlk
pkgs.driversi686Linux.amdvlk
];
#### 7) Optionally handle udev rules for Steam/Controllers if needed
environment.etc."udev/rules.d/99-steamdeck-controller.rules".text = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
'';
# Move the Steam Deck controller rules to services.udev.extraRules
# services.udev.extraRules = ''
# SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
# KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput"
# '';
}

42
hosts/gpd-win4/secrets.yaml Normal file
View File

@@ -0,0 +1,42 @@
epicenter_vpn_ca: ENC[AES256_GCM,data:DUvpuL92zpQkK0auXGdHDw+f5gzjMARMroBknmgR+eq1LV5aISdA0XOCw7d3VFpMtHY+tPM4pDEWlnGJDoHDJBSFAUdmbLkDq2DvoDR1RBbsidmlXpvu7UnL4OyCgrN9G3I65HQmCh64/453T0Y5MZKUiFZXn9SZJgOU3h0qOnAiIKTQADXmUo6imhLuUdPxjwiLkNp8zHNystbfUuZkF15J+TXV9yndy/E8E4sFs4uysK9E+VM84v0q75zTf48cheE+cBGI9xOP5QMvSND6MloyGYUTPZOiQyz8M9AmJObvQFryysKf5Q1W1GBiTz9FVuSsr1IM7meljdBYwfxQaA5MurdsXVFYfdRgL6NyL5x7WOd367pgtBBwuVyT+cygg5ITIBc6YTuT8thp/q0BsJkq1OdVQrLa4PK12Tg2IOUg2Za/tLJxxiNWqs1gAmTWEIGAeJWmNgCZAjJIISwTGcdbpdWqhjAEgaaLf9ZD0hUXQ5MmSO+KXzP7lIGgqCXoMEc7W7rn3R2VkIrvaVgCBK3psTg6+CxoPQwnYbUKgPLG7ys54eECJyRfc8YPH1957Q67pYkVD166ZP/sDJfplOGH19QyFnaaSLRLoXCAfWuO72NwO/fSljN4+pmB6Ev1cRCe4mXicz7TTqGG740VOam/JW4OJCrnHVs67cs9/MsVSNZOsI+x44TKJjaFph4onaodDh5P7e52IkfRnHnjK6FjEvYPasUr9YDqUR3ucHxhD9UqvINDwhp3L/zyFb2HRuO1KzEQLzmG96xiJpJxBVl8GOTeNrK2owOf6cCuh6o3iPaAFjFok26gI1ujX/mPbBigOxB6S0cLOLoA7oA+E6L22nsoYdIwjU4b6Y/DQvndgsZFnycLsSA4TRYHUH1Q51fGU3S/zAlB66rYchsw3JqODD51axxEdo5uu/2a6K9c8BSDo+stHBPmGvty6IorhM+17IGwSVrnxBFbSICja/Mi9eHmkUuUQWaXe5iWiNGYOIe0Xsbu4PQANhDE0f4U1LboVdI46uVhBV36zLSRJ5hUYARdmaz+aUSfNSE20xwCQiqd4U1cb2W6ZRER5WOfNFa8LCjk1YyhDY1yKCbo5tZrYZtmo4T47EuH/2uyW9vPtDlAhpZWmJJ0LEbZMhl9hIEAgGYmhnxPIVItJWHgq4O+YavYWvu1qgbdBC/FZJ8xx0uSy48oKCbuTUbIBUHQ37/6wp+IC+FAoYc2CDgCKzYvYjGrjMr+l/bhWE6KqI2DE/8yG4sOZIyrKNOYRq/aqDRkaeu96bLSYZECoLpohEKRNLTFQ+J8btjGX+xak0HRNEX9bxx8Zs3ml8mDKfh11uy05zPMVU4jaLrc5VtvmNdCg1EffbtEIRhi88aP5K2flRLxvSsYODd8iisqJ3CEqa8/C/FoHhWqgs7vk9UeRs46CJjGQ2Nx7UeQhAK8ey8FwqqSPQ6hp6jFnAv5ha583GZm3G8CsapajioHOpNcyYRhUW/ekdQ1E7DafOLRRO0hdWws8fsP/96uuWJ1Ir1ec2pepmh8s9zCZl/CKSU6+PUjX03Y9buZDnAYao5nDFsF5hgi2nLCTRbHnCh/S5C4NL/Lss2gi/9HdQUWr3KNONgoGbdRNS4MHtK/t9MtxQT8FOS54fM76XLygYZhQEQuDHUr3vaihOPKXncPNx+M4IGd+tsOoGADfpZk7W4OLd5jl8OiCulKvmRXzGCrmyofifh6XBE/EDa97j4eXt/fZPhUh+kv7i39mLKiccPUqpq9WYA/pqlMc84PAsewRerk3Z7jygFb2oX8LwYX2vDer565q+74n/y+oqz/CQ7jypoGBC8f9a16h2e2ZuvjQZ2sUdBB0xKwmLHC5mXLRkJYZ8Myt0Bzp0iVnC8P,iv:0GfL3sG36nsg/4BPw32kKMB78TmbN+mLq/mqEFp0yas=,tag:x+kxJsS+Fn7VO3MlOmqgwQ==,type:str]
epicenter_vpn_cert: ENC[AES256_GCM,data:y94SNCZISKCGbG3dtMZKPntzHvmvAK9fr0+TASNUPp+RG0o7sWRZHrAk+zs4x6tTJpRMCN3VJUzH0bkSHrsKHsYLwVOT5Sb3l7y0CUjjT463NWj1ZipaMU94NRbtDC6Q4sMkFQPaLEefaOhjQu2a2qMx0FkQ9OA3T4f4u5GVN72/PTftHw3SybhptlF5L1e3Q69J3H0uVGRuXmmrws6HcLb2th9sAYPAi82yEimdzPa154DKIRcBY78QVkRz4X7VVyLFY3X34TMvGTmKP7MsW5lApVd/qoML0MkqvrWdEClMWG7i4jMRjSUSRIVr33DE8ds4aBx565tKQ9rVZT7KPZU7IbFqgKP6TQN8w7g5mY3aImPlRMB/xb7V8a+qBScOgBiwCgdAnz+PKGaCwcaBba80q0m/gONkxgVy+QKLLdALjb3iUpKiGvWFLwsKr/hQ1O0h7MBFDTGqWniiXZbyb39HABZNVtKAC/4qouG/G+hP6fpk/+TMtjRNSh6wWtyiYvTeFOtCWfi6YEC7IZFautr3vcu24soA+Q4vFwYr6lIEPnQYlpBCr/TLVzEvxWEjsR8G2RaBSWGm2E0tre8qVSFkJwz+niL8FQgaQTjnsYmJGHFS8sxseGuAakuSH+gzopc75H6y2pEnZrpQMOMyDq0GMkIW8xGk7x5Ewq1DZ8ji13Y8xtnbLqiJkhPc19JDoXdpls/40K4Ymrz6dOO8zxzvW8SHF47gOYvp+a5d3vqwXFZH2qDUvdScV5eATmK8ltfGod9PbZWgFzhp336dkba5aAspXlyzAlRRqrVhvpff+V8cyHTIz9qA8fhXv+v2pN0E/Es1NTJhtQo09OGnZn82lfVyR93hLtr6AgbDggwhvAOlJr/pAt0YZ5FhehhhnH0+ekUJC0YemUMj0QVbpxIWc4rt5n7nqewSHC8feo6Zfc4NHfE8sWemGGm2sUOdf6C2F9k0h+Snwfyu95XIWccMAC/Ii14ciu/nj0L67bbj8XAECjWCIlhhCJcMXlpxfU3lZX7zEy4WH+IqV1399KmtvUssuObBb9uAMwHjZl0l2GVQPo3clDea2ZP5HDO9B3kWRqpvIrjawh4IM73O43jbIDgjNXMijnH0GJu8FH8igS+7JOhRHrOBQiNc0unx6EgAfXHo3v6o8ktzbtRcUwU8k+wldU1cu9ugpVpG9j8O+zvPYkaH+0xfdAdxDKXz+4e8462O5zr3IVRp63CBBNtnTn6fcwnxgD9ouhgyyLBylzrwCmRAODHyukJovkNARWmhcYCAnYhrYf9KqaCoeRLmFq8sLMeiYGDTJ/+PTyheZMHboaoZbUbnRtrvuXQiCHqDKxSan0OACW+oXgCBgZSshj8lb58A+zjpMVy4Wis8s6K9HFpiPSP4tmHxXvOod2+qL/eZBV4LhLoahO0gg3+DUPTeJVO+4I7YZYLVXBhf0OC7z8jMGf8Q4SjO8p6Vufx2KXIEpcITto0IJFsIAv9UVfsKVyvVeuGaGGi8VQWhexdQxjDtoURRts91EFNpJ86o9HPbQCAWXBx9hlnBH2zZntqPd5eVA57s67i1dWpuudD/oBzGn3fBv3Fck9tpArMNSrOtbtl3sBc6Calo/5+HWSY4tz1Hnrlv0/IxD2EcgzH5dFu6klTn3gaMdgd288/kRPDzfdcVGqlvV8rQJjTD1XN48FK/Zp2ydCede+SKLidqrqz1ISXOwsya0ivfc4Vdk3hhnnkTnqZT3qR88Z69X+9QkYCVNaoojTiBoRCekqNDI3Ev8MKp1eX0E3rXT3AG3E7xEFGulhe2C9RdMwQg0QG/Ws7n/CtTeVwpv+JG73TlDnBzoVHN6fqKBVchbGPtcObM90N2itJ/wf3jXefhrrsQudLch+Mwp72YcvCKqOMsrO3egvNxIiLKrrVOI8buo0NJrPoQE3/+rZQFzx2r0AHkrwEUHGUvr2oHDJyXwSY2/7zCYbewN44Zjo7n5ofOhSUsaGJNySHgC6V74gyU0UCUEBnF8fZK/Y6QgdtT9gApHVtJwXRvLig2P11bIlyWZjISRaAVAUAMKdS8ir8l+P3NL8kBZstfpH2eeYFHIWeZ7VrVTs4CaHDzkyMizui0EBfvf5irWeJvIekCWnetfo047QKJvrKr+6239QxH5ni7wlzWxiZNcewaOfCK2SqOvYz6NIRp+/blZuxL2pXhTInB/XxbP2zHH64dC8AVvViU8bI2DR/HhzbbpEylzD4ttvil7hLt6AMpugFrmAgWd6JU5yM9lXoTSprmXZ7awYTLcQlCQu9cUNXF0JdtELA/oQipEEUz+2lRt3B+0abYGVWb,iv:MVId1jgmyhY/iUxnjca5IpYwlzUAsa6Nwchg52AKgRc=,tag:1RASj3dFAYVNphJ4zjXxtA==,type:str]
epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb91ukUDo716+JaZ2dB6FEjx/z0jaUEiU8u3lZbq4gkhwXe/hwUnr7pIW+V1InJhuGOAENfnusDkSu6P5pVpE5FNBKYF6u77/h5pdWwI/bHo7Hfi7f1xVtPkAeSqDScprUOVIoEYeJ0AXo0L9xCQVPSIAsdrh2jZQPe1S4iCLqQTTYK5CvP4/1wjwA2C4PheXEK5Z74Xkxd3pRI0cogpt711+ujMbh01siQNs9tk5+pk8vbXV6M5duzQlJar6iF47GsaomFkLNsk4QvTVZ7kKIMWEfOzwgwniI8YGtDgjxCvd13H1agaeDjsboFxR3i5aI0ZKC4sP7aTASDQbWwTQxoFdMlHjbkMvVWAT1CxUw/phUfwA8L5xLBxzauvHgE0B/R2rW5FU+qaDZfyUts9RyIJzaF+bESz6YKV27i1ZQNp00YPH9jy05uYDjPldLo2PLzgLQHMsSwZ60KKlHU68gGtVI7qtH9fpy34h0/6IsCRAJF1mRHEHHzC8Ny4Q7dtN3GenMPVT07dwgEYczONjbtrpyKoLDHnAf5JguUydLIKvcxDwNmfXlaAcOzX9seEO0L+Wy2sjG5SCKjPA0wTwIvpWuthTpTaptde0KDBauzJZZvkx3FnABF5Ho2VHCY9MkQxnc61488rQXv15FNM2WaTKcI97b/kc+PXK0XbvKD1OKJ/fyNloaLPAJKB7Q+Nu9sSK91nyM5WOALhkp/5PiKQhSO75X1qsd2S35mWY6upES887He2rdmNjt0YPVzETVXhDk48OHwNNcqKTG0qs354/bF00lQJ7asQaHZ9vnomZTy3F+vWdadmUntu3r0lz/74ZEA1rWe+CIyINkuGcT0q48FMwlzms6XXYe4qnVjG1Yu/PknI6XfIpEAHN3aR/dVkpvwSDKzJD9mUr18IoXf7mcbRmhc0yAz7dmoT+Z5x+/z4G5u5xmMa9lvtHOnaXn0RhbMQP/Gziy9hB7GySGyztnBxOLghO6pnY17Etxcd+RDGkHb+PAZY2tJi3ObTry10dT3Zcx4aHNp69EcOjTQ1+629jFatFB2dhgIt2JdWbpgwppE2QB0g5cFY3e8s3rdriHfXsZNFt1xF7aaBYBUb/Z29EeC3EGUyV1fjhG0ZMDuZAw/7UEOObWS1Mx+z707OWWwGXy+5BYdSC/sYzUF9aMfGXjfttsqr36Cza9aSia6Qin5vMmJtpLYl1WGA3TjcgnglVhgKmg9DvEijm/pa1gy5hMX9SQgV0SuHtWfGIo+uleBr3n38CGJ8BOVJbZ4pHR4JQWrAjxE5MHIzZRF1UmbxWUoqL73IyTGZQovPrLO+z6rl+Djd7bGcQgpsBd8nJaOG5qoSH3Y40+onrlAz4WmKWPaSAclSgSPdHE4OEHIPzzrzLOaJWrI9B04LG9qMfhtpMNse/O4XT76QBfgaeDtKHO4Pv7T9PjIHYC4dPljkvrthEPQeJwo1zywDw2uu+I+WyxWuEGuR9JByJ8s7vaSLcDSP1BRkAq+i+YDDB4/a9iWmF4db/mKjVn6c+NRJjmugoCPeVbzyAfkxBm0nXVjQpOAsYGvGneAN53xHJmZ4kO91wrx+i+lXfRsnU3pgYYfHOePEhCUZoFXSVCFy0ksZKSHQSZb+v4x6CsvtpomUP6u0LIukZgZEgNsrpHXn4oQ0uzrts9LwKECAjGpgRINdJ6XCD8uxcIE+uuS5wyOWg/m1TmC5MThTwe4UfpxD0erMiqgGSSJ+xWuwmnjSS62XmLHnfe+VWEiLOk/7vWQxLy3bdHSfSXCee76isRcFpRKY+x59/Tj02I3F5onVuqAehtLkL4zUgdavmLmKI/81uKRTcMtXdFnYuCR+4xBZYauVtL3t7yhozhZwSZe/02mBahe61dwhZIIbAbAqivbrw210H5cKi9R9i+dR85ISJTrGFlXwT1EX/kD8BWdWPZrg9s5JD2jzrl56dKu+oeNPCZNuD6qlCaFBytJOixj/WkggyMGtOcy2do7MZZfuswbLLdD8ClzUx2D+nrRfae7Mze0s7KhyArmtjRyAfh8xqD+vTR7/yh8mgp2k5XOBw2bdCqH79ctq50drdBnpLuILKuruO/A1isS6YkjD0vxXQZh3yt5D3iqlAAOHdIzaWf8q0zUQsHp0aOgZG0WSlVPg44oHEG40O+laDu62fgcI4JisL6KwdJIPidw==,iv:pB/cNgmHi14ugi6kd+J6poWXX79LMHiiakNa03ibZ0Q=,tag:nLfjOesXDm5/QtwHznJROw==,type:str]
wg-cloonar-key: ENC[AES256_GCM,data:raK+FXMb2EBzLEYQzDQ9TZSz5v1X+CGV9ghZuA/NoVwn4OnTWWhY9x/wTZA=,iv:kq2qdYAgoHogRoOzUaOc64uJF0ji/XuaLaO0HEp0l4A=,tag:1fKSyzv/FqxLl6Uv3DQv7Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO
Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK
TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3
bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH
uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw
c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4
K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi
M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE
ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5
M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC
T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r
L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W
A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-26T17:32:33Z"
mac: ENC[AES256_GCM,data:tYmCofgoeDlb1FI8dWNh9hy9tS/H3X4r2HzboKTRnTQqSz6M+nc4g/Gt7eb2OHcRzLqbg9WxanFeDrlOz5jIxKIDV+7PfNlPSPqXIQg/79u3g/qDiwbnSRa3s+2mVIK5GEN+5M5f11KfwHbtHn+bEUALGHPP1gpW6deKBUIITg4=,iv:xQBmQjsNuaTzUGXFrsqiXcKL79nN8nvaLDrnGYwR7rI=,tag:vmA465d7M19c1lc5X1qTqg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

2
hosts/mail/modules/dovecot.nix
View File

@@ -255,7 +255,7 @@ in
"imap-test.${domain}"
"imap-02.${domain}"
];
postRun = "sleep 2 && systemctl restart dovecot2.service";
postRun = "systemctl --no-block restart dovecot2.service";
};
networking.firewall.allowedTCPPorts = [

40
hosts/nb/configuration.nix
View File

@@ -18,6 +18,7 @@ in {
imports =
[ # Include the results of the hardware scan.
"${impermanence}/nixos.nix"
# (import <nix-snapd>).nixosModules.default
./utils/bento.nix
./utils/modules/sops.nix
@@ -25,19 +26,25 @@ in {
./modules/appimage.nix
./modules/sway/sway.nix
./modules/printer.nix
./modules/cyberghost.nix
./modules/nvim/default.nix
# ./modules/cyberghost.nix
./utils/modules/autoupgrade.nix
./modules/puppeteer.nix
./cachix.nix
./users
# coding
./modules/nvim/default.nix
./modules/coding.nix
# ./modules/steam.nix
./hardware-configuration.nix
];
# services.snap.enable = true;
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
];
@@ -72,24 +79,6 @@ in {
}
];
services.postgresql= {
enable = true;
ensureDatabases = ["dominik" "flowuser"];
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
enableTCPIP = true;
ensureUsers = [
{
name = "dominik"; # Replace with your actual Unix username
ensureClauses.superuser = true;
ensureClauses.login = true;
}
];
};
programs.zsh = {
enable = true;
ohMyZsh = {
@@ -214,12 +203,14 @@ in {
git-filter-repo
nix-prefetch-git
openaudible
openmanus
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
wireguard-tools
wineWowPackages.stable
wineWowPackages.fonts
winetricks
pinentry-curses
# ykfde
];
@@ -281,6 +272,14 @@ in {
};
};
# pgp
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
# networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
# services.avahi.enable = false;
# networking.resolvconf.enable = lib.mkForce false;
@@ -344,4 +343,3 @@ in {
}

10
hosts/nb/modules/coding.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ... }:
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
in {
environment.systemPackages = with pkgs; [
unstable.claude-code
];
}

13
hosts/nb/modules/development/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
in {
imports = [
./mcp.nix
];
}

11
hosts/nb/modules/development/mcp.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }:
let
in {
nixpkgs.overlays = [
(import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/main.tar.gz")).overlays.default
];
environment.systemPackages = with pkgs; [
mcp-server-fetch
];
}

4
hosts/nb/modules/nvim/chatgpt.nix
View File

@@ -5,8 +5,8 @@ self: super: {
version = "1.0.0";
src = super.fetchgit {
url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git";
rev = "aa12bca3abc868b4ebacbd22b6fde83deb656869";
sha256 = "sha256-eK7GQNHR03fQ7j2ExX9QSA+AIW5c1b8fsat3kbS6f9k=";
rev = "7fb8671840181ca5166fcf7b8a8d5f5e10a5efa7";
sha256 = "sha256-g4sEUoZqxlliKHj1TAxwNXN400yLN+QB4wV3drmvf9w=";
};
};
};

9
hosts/nb/modules/nvim/config/lspconfig.lua
View File

@@ -41,5 +41,14 @@ lspc.yamlls.setup({
},
});
-- autoformat json files with jq
vim.api.nvim_create_autocmd("FileType", {
pattern = "json",
callback = function(ev)
vim.bo[ev.buf].formatprg = jq
print("It's a json file")
end,
})
-- lspc.intelephense.setup()

11
hosts/nb/modules/nvim/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, ... }:
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
in
{
environment.variables = { EDITOR = "vim"; };
nixpkgs.overlays = [
@@ -9,6 +14,7 @@
environment.systemPackages = with pkgs; [
nodePackages.typescript-language-server
sumneko-lua-language-server
nest
nodePackages.intelephense
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
@@ -17,6 +23,7 @@
ripgrep
lua
luaPackages.lyaml
unstable.aider-chat
(neovim.override {
vimAlias = true;
configure = {
@@ -41,6 +48,7 @@
dracula-vim
friendly-snippets
gitsigns-nvim
jq
lightline-vim
lspkind-nvim
mini-icons
@@ -67,7 +75,8 @@
vim-sneak
vim-vsnip
which-key-nvim
rest-nvim
unstable.pkgs.vimPlugins.rest-nvim
aider-nvim
];
opt = [];
};

35
hosts/nb/modules/puppeteer.nix Normal file
View File

@@ -0,0 +1,35 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [
chromium
nodejs
# Graphics and font dependencies
freetype
fontconfig
# Additional runtime dependencies
alsa-lib
atk
cairo
cups
dbus
expat
gdk-pixbuf
glib
gtk3
libdrm
libxkbcommon
mesa
nspr
nss
pango
xorg.libX11
xorg.libXcomposite
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXrandr
];
environment.variables = {
PUPPETEER_EXECUTABLE_PATH = "${pkgs.chromium}/bin/chromium";
};
}

26
hosts/nb/modules/sway/sway.nix
View File

@@ -36,6 +36,7 @@ in {
# ./rustdesk.nix
./thunderbird.nix
./bitwarden.nix
# ./vscode.nix
];
environment.variables.XCURSOR_SIZE = "24";
@@ -82,8 +83,11 @@ in {
fontforge
hypnotix
code-cursor
vscode-fhs
unstable.code-cursor
unstable.windsurf
unstable.codex
# vscode-insiders
# unstable.vscode-fhs
quickemu
@@ -132,17 +136,20 @@ in {
mako
mqttui
moonlight-qt
nautilus
netflix
networkmanagerapplet
nextcloud-client
nodejs_22
onlyoffice-bin
obs-studio
pavucontrol
pcmanfm
pinentry
rbw
rofi-rbw
rustdesk
# unstable.rustdesk
rustdesk-flutter
slurp
sway
swaybg
@@ -197,5 +204,18 @@ in {
"xdg/waybar/config".text = builtins.readFile ./waybar.conf;
"xdg/waybar/style.css".text = builtins.readFile ./waybar.css;
"xdg/foot/foot.ini".text = builtins.readFile ./foot.ini;
# dark mode
"xdg/gtk-2.0/gtkrc".text = "gtk-error-bell=0";
"xdg/gtk-3.0/settings.ini".text = ''
[Settings]
gtk-error-bell=false
gtk-application-prefer-dark-theme=1
'';
"xdg/gtk-4.0/settings.ini".text = ''
[Settings]
gtk-error-bell=false
gtk-application-prefer-dark-theme=1
'';
};
}

16
hosts/nb/modules/sway/vscode.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }: let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
vscode-insiders = (unstable.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
src = (builtins.fetchTarball {
url = "https://update.code.visualstudio.com/1.98.2-insider/linux-x64/insider";
sha256 = "sha256-tV0VxDLJJPD4jfNEgVh3wMXg899VJxCS5a3putdetkA=";
});
version = "1.98.0";
});
in {
environment.systemPackages = with pkgs; [
vscode-insiders
];
}

7
hosts/nb/secrets.yaml
View File

@@ -4,10 +4,11 @@ epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb
wg_private_key: ENC[AES256_GCM,data:A80vGf9aMxowC2xME4FIVTmKpSRLNB2tWiUQeP1v8vCRk6Gt8BKYOuXYt04=,iv:vr7qvfr78syrI5pIytjLouPwZcw4xvBTvEUzzv7ibnQ=,tag:qjALlFkd8JocLJqMKFERaw==,type:str]
wg_preshared_key: ENC[AES256_GCM,data:bhXoD95ahDRawoHd5Z35FY0G6Xv0PHwWJf300fHQ5jNsGN1TQKHsIswx8YI=,iv:fBsIWkVZUt8pahuO9daaRBIEEIWsSnFW5Velj9uP2ZY=,tag:RvbCYhnRv0OrjTxjsNFW6g==,type:str]
wg-cloonar-key: ENC[AES256_GCM,data:ZMEeIZApOD0ij3nPMZeQRwJ4MwVx0sHu08F+m/u6IMHBGid5YwMgxZ7qbLk=,iv:OfIZ9TqBLjToIQi7zRUBATrynBtu0bzXeGVI/EAUPhQ=,tag:mJICT/ak5U76JE/IxJsCKw==,type:str]
wireguard_user_pass: ENC[AES256_GCM,data:pGs/Kx/j8bgVQ2MtnpnvPI+dBrUFew==,iv:oLYuxjbe88RqygmVTAVnwLUmpRyQLdWrLX/kMIK0MHE=,tag:CBOK/rpuJplurt6VKux0Kg==,type:str]
cyberghost_user_pass: ENC[AES256_GCM,data:Eaz8iEV9vNZh/bJePmacQ06zU8FfIA==,iv:GcnU10VLVJsoeIU6t6eVjopLsBamvk12DpMbM9BsBv0=,tag:rLYoghkD8O9JepnopJfiuw==,type:str]
cyberghost_ca: ENC[AES256_GCM,data:9PHq2qHLsCvAmJR3S4J2ccNk6ec/LDauR6KoIpvvHX2v7w87m9aoADw9nSbQtuBwJWjSGi/hqUAz4fa/pT6y1TjLiJxUDBmr7axjsc7b9IQMmQCO6zmCK4XR7TkVFWorwdQxJ0HVdXBFAkbzet1EZ4zv9QtwXuXK8MkH50dzI0HVLgX7EtHljnrANJ/EtJ6TsxBvMr7HMhNITUy7iHbiUQvFKanZ3FmwLgCO/K443szXa3+qKQmr4YxKOUqF41QnmpikjksgMw5rfJOhuxe2YTdswt3urWTOtVfRACUjkcivqjWZIz7PCULvJHTwqDDLR+mc1bxxgkyIfElx7Tv7+tjbZxCsWarekPmjg/lETRFxTkg30yyBsgXqFjYbxwBFTjZkkozpnBJbxZDq7VkgEIi3hl1ts1gUsj5Y9v4CDffKwAST18iDgq/Rb831878kujdiMH1qeMOgHVpFtrfjleK2MPjDYcTkXY0sOdOCzkFgFE92/dp2q50er3FTaIq69c8dYR3DkSt/KPVb5Og7j1hKRtGaBpgfEYVqKzB1aMm45ORfmUR9ZPzTZvGzk8jecFL5wxFK69QmP5/cMr29SASdm8repcE002hUJYKp6RALcRpo/e+Cvc5yetvwdFUwnghLgvmyW6CTzn87OsJQJPgl2X/b/iDJrlzaa56QCrH4rmulDf54RS4tQZol2tRAgnSrxhvKOlqSeuVRwczxqOeGNi2Mfel/HIHoc26GONUtHtF0dqCm1ZJvKPr5JOKRguEXcLo4ZSqcMCNg9PcfPBVV7C69K6kmA7+vqRr0I8Qv9Ls8ZDoywZ3L5CsaXYMFaOcTeDaKdmZiQnLPr+NjPuFmHn04EgjgWuk2VHCENB7w7m8nh35xDQaPaZbU0RdNahGJrVdUHKBs43dgCor+SNhnnV0UjjLLpD5off5xdgpxNNXEeNfxq3Y//XoNM4TQzk91em+KScuPW108Rylk0IYavOxIgNettmr7tTEb59UTK92ogEnQKNZOv0S1lEGwzQnD8R6tNUoESWIpyMc2FDlEd7UAuPNXGIebQnleMTNdp0FkJHSKXjhcKXf0WOD36RGw6D6KiX6A/tkO4EvBt0hn3pJ1nfqcZdhrRUivx9quyEWYbiosLduT1jj1q5jy/1nq+sA7bkNrx2af2Hp0h1+8nteWV/4kWCwpX7aEfv7oraoFQM52luF707caKX5hRr3sRK/Kw8ad589EZxDn+R9L9tx+T5ItPBNItNS+1T/dFxDeEEhiIPB5qeubVrwSTo6e+lJ7QErMOfsyIbG8vuIhj3J0nc6Iy6lvdPkCQi3J4/w0WRqLU9X2h0RiQhiwDdogE1bE1oPFUje07uk5FEwyzmfKQxx/4s1hBvFklKtV5LHcXAo+QkirwZYOpyIrNalmIK1CeQ/GGW57AcBNaCLd5W0MXzpai8h2wWtltezqzCz1izGV1SZpgXBqGhi+s7aVgIW4aNiBVhnf2JoIvIuLyZvbAo+45wk2Hh0WXgAxHaZ/mReRyT8BWbjWtIqQKCw4UTbl0kS+xsl2mblRD0nhv7K6d7xuuq+5BnBPhn07aOowwW8qcqzsvcJPMesErpzQy0umg4ODX3J7GEfjjMIoUosRP8gAE+4ReT9y9ApoB3krb5W9WTAfKt1nnMJxiycM0QU2DVaad57N+RNF4MhjyPXDvOM57xDbfzFmoRun+TqGNzmBsblnPkRXqvunRrTW7U+fn8fRBxZAVgrD5LQoUbp9hA1aY0xsM+D8l8xpFH7PRTDqItTkIP7J1IXbVSlc9hkLHVnz9MbdiE+ihjTVXjzkMCVwbMgFza+fSZw0bnnOLNsX5zXl8H5Z6jbkDmoFcaABEQdABY5kgTtE3Hizzzz8rUt9mxku3/Way3mDF5t96qi3rR+CByOz9JIRiAAEXJci2JG9tIgnFM31OA/zmshFVlBO0IYeRvSIF+QYd9ACH2ZUfeUPdQ/Js7fwLFqa9N0yyWIuj/8X8sSLO8b7kk7/2aotdK9RolMRj5pj0+lrr1Gdxk+EdcviHfL8Uig5snIR/tegZIZJLYT9HOIdrFYkTHds7/dQs92EqJNvKZmsA3H8CJoOIST1JyB5AAPn7Ad/qN9f33T6++RUKJTnMDnV/HfEkpIrkjAwQ4mLT+Mc6R1JBaLVPJ1qaH5rzkaZNyI/DX7g0DaMC2FOyAGPLYb2PieOPWXpoRSTvA18UidYu8msk77u/M/S4S4EqAT1dZgmkg9DvetgQ9GGRGQ4t/F2Evr6lGHdZQKC5aAF9GDPAHXbjv9zLllb+dlZR5TLmzrspgBcCzdKhpjKTCEpxLOyFhPzfzzDzOdHI2iQlKkFRmmPC22fKk+OqNFM58dA6qiPEMDcIcKWZ0kCyH0rV4Fpzx8WlBPLD1SoU2HADmz/1CePRK0jywWCd529wvjdEjFYaiWOmqAywxJQG7bvkx+68P4AosqUVvv6mso7L0maQVVFsSPiuR91b7al4luq/QZulZcOG/I8fLDJ3YvQIXHW11NlljHCCKiTh9Q80bJrx/pJxjKz1Ct6AffZshUq5l3TZrC0XWZNg8erO4QnKjSZ3yYivg/77BGj3WQTS6lkhHFNsQe29+seIwbV1zZQNc7l4WNkuiYBDAgXiN4xAthHZZmETWFU/Wqd2gAosTiOstxvN+GMXSjotRxnAMn+Pew5Jly4uh7EvOnGa1k1oq+CzVcTnh1bV6U1br3I55P1saN0QkyC1ua8ATlcEP8tB89IK+SeXOeXk/koSnjoAAuuTFFwsxdBjq+D2SGQ/YXoUkohG4ULvMyPq8CfCKOWWKAS7xAXiVgGrBDIZZ32I9sC+2vJkglKkCX+fr+j9eh8lokqTsfmUB07kTEsl2GmBEEpLwikeEVhM2ZFWzPcBEZS8+pfSe6dm1n6nfUqo1lOi23/FL6AlrfbbjX3iAqBE6vt77RFMqi58RnH8GmR7Zyg3CXfGSPQwqgCiBdymXZaSdi/ybLKhsQ642bb37XceVjtlu4=,iv:8uQbG4ObsDSS0DeKx24lt1vpfeSms2v7KGRQrKoWwds=,tag:2RoiW5VWLXfMgXA4cbnKBg==,type:str]
cyberghost_cert: ENC[AES256_GCM,data:hXplfGZvyQDf6m0YFWgtdHCLy0178BZNbDFxoAvj6J/R2Dv27YZQ+kn7au6Z11xFNA1A0K3pQCfzuSeuNtLm6OqHU/QAsXcYF3DQnfrotod1i8FTT+UqLvFTXGp5smUQzpKzzJQHxfMOsXXMMyHwLiytCbpWHapyVJuG2EDdai4MScHqtepqaWsHAj0TYaED3QJFfn6vC3VqHlfe3WMY/fpy7brpAyccjbTYEdYiUOzYzzgjk00Jw1zByLNld5CeuXsiYto+Ce66CK/i7aN9OlDF7F/hibosk1AAPwqAvboGGcervEO1qtNVoKkprzvyHAQyf4HRpSNbsaEFPrzog3YW4vvu6dQlXujQuYF1ZRqCejgUGYSihC/NaZW2O8F3eJKkXVnRQkcbr2GzLRpawQZ6E5i0X5PgSHaFQsGJ5UsANbWY2tJJomQdtmQEsjJDbwG1RTBW9VvMLAdTj2daasixA13inqxbUK2o23tp9HRscSbho2de0lOH+JT+j0j+Mi4VOoCQMWc0Ln1YDFvjZMfUNtlR7Qd1Q2MySAUcGRf4w8Wf3waIb6x+BhBYghdJGsAiV1jyq+Pp8bOLuoTXYhdDI1H4gemtCSemsojPuvXgKQky75uZBRvuGSwHTCFu3WA42xU/bMNaRg8mRZSxQLMqWkWHVLBBFyiHAHjCXicTfsKhU9YQMEm9sA2Ecc3osM38guXU3/jqh0AbEGt4QOy6WMhV/xDy+eLU63vtR7YSD/DY0Nij7OnTG3GbQuyMu22j0zFW1UbX26m/pxESkPv9zQ8ilz6lNj2yxfIJz71pIjWLRrC/797Bdah+bRTeyfAQXsT3AoBuogNARNamcrdPkKQHQGEMY5UjNn/4VoFClXzeZGGeABjxLIk2hvWU10n2OiDmnj30YTrPQvRIXJQGtBNrrlPKwR1FPt8QCkeoFXwxbHQTf+rBllbAgAlfic3yUoT/foqy4c+lbXByaC0aJmwmgA1mJ9j8sFkX2znNtnbkKxesNRXWqeorUUhEafIF3lJ/tg+lwaUNtmy0Ig9NAS59iNklbNASyKjXzMzflI6H7SRsKkFeO48LMWtGH6Jo4QMvZ5sWvZSVaqWOlh1QAMZMxVzpz1eXv5TAsTpfc4anv+MgrpeHsXs3vQv2ytkale2YdukuGBuqlIQcZrw8yC8u+TvAPqDFZUAiyh8uOAwETOvQvNuttRF2qbjiIA8ZVp2Utf+ggaIPf+vE1mtWit4/rrqBSCT0XuR75duWSIS109B4iZer3rhINqIk1XTAzqO0fmyCZriw1c8T/87N4y9Z2MqIXNaLLk+UbYFd4NWuvuHUGSbsQZ8EtkWzaUPPHx/wzIVWu3ajmjUv6QFgSY9PS4eY8xKqqHxt2i98ePwfivhM6G1eBedAutLWF1m1Omjw9k72z30coa/UcfzF0fo2kQVcw8z1kJBuH1WYfk13D77soxcWLFWZ2ropRzFI52XfvXwxiyyd/sVByWt7ZyNDuUyyuyDeU7Tpzbf4N0ek2qfwBlllfTLCePqWcGAJ3zn1vYajyXFYm35YzWZh3oj0CEN1p1udyxUQ3YIvtUHHk4FPSYjuHSu3Hn8vft2gR3CYa4RvkvcxHbmH4WiSBlAlt6Lcv6TYkZ98K0/Z2bX2FMhItFE8bQoy7C+hUXek55aAwB/UQ4Fjf+2xTsckrCig+eSvM0ZJDnon4K+eUbOF6hSGbRzcX1VfqPStyHhtCUxOckccVLbWFv6sYyzuDZyvo/Nmljx3M0CjDZ5u16aVBxk3ycnlSM7WcSl5h7bjbZkZv8W0sWke/bXakBuelcvfpnzkcT0NmRT0awusSxQk+WH2iiiAT8NTijbQC3F6OPB43M9tad14WXg9cyroEcPgsm4hDwl6wsrZeWlQZ4dDwtLPF8mB5Q3cWsttUJHLrTmZJ1HyXThD8Vp9JO4jF10pE+MsDbu6vqSNOFa/X2tho24NkXElZqUXG4wZYrU964wr+pgxEvFsRx0hqeZ4OUThosJJdFGEW50RBP6UPEw7mWelpi3Q/kbVL4ulZ3And2U5N1faQIFbvWk2Kx4RP3Don78I/LLzqI9q6WAQ8HES6ulieDNu81DBd0u9128j3ZVhEBmnKpRHdGqCjA704zidAl8/+wrpgt7GdOW9AD42jU1F0aDuQujsPRszpFagmdlR6psFDOOBA4e1vTqovIrmWxbFtTr1d9oi6Bv5vDmg9d/RzS6Cu6DoSped+9uCATwRBlqP+QCO5Lz2cBuzVcqf8jAkdUlHBJxcz21xPzOJJOnR/Mx70E9h+BVfwWC9S+8REi+lFNq9nvWaAcOcDL3Pnj/GpYbO+quIGtE1RuJqW2uFd4wXiwbrk4qcVbxds0gH5DDQjOtsF9zRgV/Vmno07jJ8dZmpNq/it3Ou5eErZ/Y9BHerRCUBpWQn2r1XhgLV7Uslhunde387/ohQQeT9GlNLm6wyLLa9thhqLFxlvzRWRg+7HkutPlA2N9c/xvixs45SCfWWWKC7QTCVZR2OIxQFB0prfcmRC80nCxBi3ZdX1Oselgi1iEi3+FnqP7DNCjkXJWIasFhiRNcOw91IGKs5yaiFvCIe7kprf8Ew1xun+39H1W0AWdjaBWFSQU7kelyql4qsxh+skLuT4nss5wXh5InrYALZbvJBpBGmUAPNHGPkvcCSCaMeayqpiKoUUW7Wy8EPWY9kI1we+rpN3KhueQHqtus8nLEABduXpi1w6AGfDsslm6nRysllADNB76p/v0j2q5i/lQxM/Ks7pIA/hJGp6RKKmUZg3VlZ/GI/TXz89Ha6XHI4IOGzx15UhHPq5xuCDk2THIy0ryeHIBteVuU8uj+uoZVYMCfjqUxSe4Kvzk1QBrxntAWFb4ObVt+Mdw84YR9p33EQXPiX5JfsUULdsc2VlR7ccvL57c45GFPNGFjUJfR968GJLw3DGx65jtQWHQgUElB7Oy/UJVhdTSReZTULoh0qD0Ol473SmVx6EOcXQSVjfmBGjVkaurs8TY+OFwUQaBBCBN2T/jT+V+Y+qWf18uwaE/w+Nwe+E0QqK6uMYXvBP86QM/pSvjNJKHZZNJfnUOCx0EFml4bRUQROvucJzQLolui/DR4PP2MBRKi6rjhwMTYYCGLGjgSDsQ==,iv:vYJer+NYyRo/jcpGb66askFA42T+TmSfWTm3DKOIIt4=,tag:RlvqzLfvtJN0HloJZTJb1Q==,type:str]
cyberghost_key: ENC[AES256_GCM,data:qfPwy1DSooR6eo9O7j6h43wILh4PzxE2X0pdbzh3gw1D98rR8GWEj8sukK/L0TzfGYqYWDPy15OeymaGdm6p1WtevBOlkZtQcXmo7jg3+k0TFUnUctNDm2cOjuKck7CGDFtwbMsOHtCxwhwYouCmes9sQ6KSfolVkutVcvEfI1qhjOvJabsZt4O0P5wB4dQUMQfcPwXYKLuW3xlP2MvIn+Q6XZzfLOqoHnAwQhyxfGsOeMkPV2GXzMsqcCuDhfItU7d1GHzMCOLQsWspwNr1jJd0a56YhY+oPHs+yRSEvzFeL08ZyQjPr7YX/p5w84aJrY7THDlBcAK3d35EQOPvAEghrbmas/aKSxDXPL2W3GKKhok9ztpX6QDywkgwUbetXs+oVUF3sHK+UlyiW4RLPsKoQQPtHYBvgIwtT9ym21PJvgFy4dOJF+XW3CfpZcAOONB2L2mxrhB04CV0is3i+SnQE4tVIqGfQBVrDeuGB/+7Pjy2cW0zkEOAHrwGbdlqG0kgdHFOdbDp2fJl5zTRd9hBhYeXT9mbFtlJ+50KyGOAkJZf9a3O0BwgYRR0sdaEWfOLDMsz5L1DlvzidrChGBwFbHAyuFkjE/hkhddAH+1xiCfRCb+mGqs03rDhIpJbEMZLRZFsLWu+hlXKZ4AXamkuOvkk9KvrYL8KVjkVk1GIIeQqVFE1tiSCtlGeODYblA/5HPTCH1wPrLBNCRS6xkxEwHs/qZx6J0qN6j94lWDWa/Q83g7L3OKL8JTlsyr+D9100veMUVhvo8RiJy85Z7tTqXXEckEWKgnC53dZ1ruILNzupytUYa9rYjNcQ1KXy0dwYbMDQ4kvLCpJtO47pXo1i9V9bDFrYCLipCtyg+s2RUzYOnW4GXpn+de9MDEJ5oOp0pMZ25HG3fpnZDvaIyPyytpyj7apx3VDf62Eq5Rodd49uKuDjlbWDezaaU6MjRqhmpv8dbs7c/7pogZmaztxKTbs+EZ/6l66cek24GS7GjQj0e+N32vY1ACcQUCjg9smCGvhKs0H5kL1YOJkopN9ZWVV9p32p0IsbQHsRebSOHablHT8q6tyYfP6ctHH6BNfoUlfZjHtR52VEiY0OstmnjsJxE2hYPX+l4tpUGNGv18nQ4C2ez3baMWHNXzRTXo+g4zjVkW0Ggi0ecd7I5vR5vUNNA74Hv5Mrd+oAYkf/65XGlTJu5VIM0f7IvlSintmmM0pLB1rmCgnZenlhhbY+0862xS2j1YcZIapox8JT/W2IRUYKnJ7j7B3bc/57JWDzaBM/AukhZvERqdm12fhh9jNrNDjK25HmNwdh4Bsf7IyVqXh/nSsH5MtTCASonn/DG+6pGLwOCxKiQdNmlYD8yiZ2RkSfFs14glr0frUYcgCEOFb18IeF/e6srzKSocRVJqKAoCQhnu4qNMy7YDXpmucnzhWuwcFeKC6gaTKBPj6pxM8OSXM7uqe27So4flZIbNU8yvDp0Ub0LYco/EJGUEL9lwitMydSV0F3gjc8zvEbYMs7qlYg9dD1jxJd5vaPkx59DHCpEMOHn1CjVxazZNvexJLG7j4FBkM6PhF131/C7C4cly8ASLQd5E6nZb54GZdKqDp6MVgipeKJ1Z8A/onBC/Glal1bl6ASeAO2Mkfq7PBJ54CKXaxiQ+TFpCfy7DrOArQzaBJ9s/Gy14EoGfb/o0VuXhj4vwChig16x7vu5MnEFdItPjkfRa638KkILeS4OXm0ae+KKxBUchCwXdRyGK+wn7Kz9E9xOjcKMI/kiDnAB/mTkLC+IA5wRuXgtVyFk3BuvrJaYIHsJVZofP5lYz0JLmXXtPyytI3r/IwSL3B0jupo/KHUZx6MBwjBYG/fKJgTQvvbGDePNFHfk5y/At96P7QZIVO+QlmQg1em0pRpYbO30GVhcDko9LvNG5rLPB7a6SNB/pllOgBjbEKWoNPVwFVe17ILzA2Hl/egkW+wxiJM39bG7Ll1bMN5Q32yNZlUAzWBHDSd4DhM14ock9irRGtLqrhHH0QyMr1WlVoMRXTGT7aMLUBc4IEY7kXnx4Sw/RILqOFZsML6Kz5EEroTR/gzDpr1xYxcIRrRmaBS2YMc6wgfIRstsspMT2kUUT5n3MBJlur2CpyNEpqh5o0oRpACQyqdc9P35BVc5NYdAIg6zYKHtiTpl3I/Py+XDSDT/wC1OrKRJjuw0ES/wgDoygbPxieqdUGCqDkEjuM/UZqmIILAHBBvqniMVB5QLO53NO4lhrTbhmBWDXzw9dpJ77O6In8DmQ6cmuBsOAC1JqlGhFHpp1YMKtlQlOpwsORZSdwc/sfMkai/dXjhoh9Ptpk1fUKH+3AHzd+Ulb6Y7daInVgutnO/XFj832l8WwHzyZPLBTpbRbHeeSQevIHM/x/jLDZlUGVktrN04Dj4CJJstyeETIegzILTrXUhIq/W9cEd9vEdlSRRwTn5Z/E8zfET5fxLWSrMRTTQWOh1jIh7FI+P9d3x0K0fk0CR+vclyvVm506zAgF8KCBPjljDZYgeXyPMJ/icU9QhA72++IGo/XoT81fpB34Zt513PQk4WGmUGhAgiQP1EObnQ/YNaTcdUU8fhvq7YcyUlRA+vfaKMS1S18a8RKfYs0yWxCG4CuCb9pWhRK2ALjNeqYS70dFeeiAHI7UKjV+I5CbtLdIt0/oGDFKokH5xRVl6JkLq8iVPCaCyCOc0FCfBVyPBF3Qaisvh3GyIpCPbx0mp8fDRsiXLJShyqaqC6hpD88PnTDE2mvMyB/bH8Quzh5OrLp2CTDeOvWtg1GxYowiL0CC77ogUQhfM1ut8g+tvjgsmuiXU1uEzpHCsIXnSnUvwJW6tV37S0YUePoVAi6hVJTr60M2s4+0J2IxDnb9h2GVZqmusyQU74cKXJrEOC6r5apkhH2GG2jdVQGn2ETY/b/cbFtI38EtT4IbOa/OQDLf9F0UJPuYi5Ne0mII4asEmWdfco9P5oU4Ssr39WmTfmrBLvEQ0IhPSwKmtZlA1x85FSv5+wKauBYw3GTZa/tsp7E2MHhkyRWG1eMMziceCOrTD7NgRRLQIgN+ejm43i+OdMzi9vjzf1vg+barXOOd34yjY6zqpX9hEAJuxYgT2s8fGj59ljZsqp/qSICBIiImOyjxgKou1nh+AJY0Qs4fIGVTstf7aG540IiOGNTy41sVWdtKBeeahez9FB2lxMZ+A/83IRtmlnMcqXKhIgS7c3ajaRrgjesO/fbHnE557Ocz2A6SdoOn9rqVXD6VGvM2fkbj8no0ooCnvNtQ8JEMu6hyVipSqgRxcZlnW05NGOTtWxV3xRI3RK5tNguYgqqLIQvSARDDgm/HtJoJgom8lqSkLXswGjbxpJ1GP9lWpyov+muy9viwLQZQgEma7w2M0gIB84s3FOuYMIz7pKEDntUO7jRUl5+T8gJoJ9ex32InELTLWgksB8mb4ZuSCOmoISEEaBsPYtSG9wo5bWg5uz0/ToudFf+WRA9JT/MesSzVhehqFx1eMGAKHoRd02oMOtwIzQuc0Xp0DuYBTWOk/aHyRDxfluaFSIyAR/KBkO7fc9jKTu1JJifPCXZWInRXvPogmafCyYicC3gc2ITNumezK+oD8fjbWHW0gDIvk9qQjxhQJz99N0XYiRLTl1SssGMKADMzauPWSMDwn1VQ8t9Yc+NvT9i+9TB5YL7E3XhD3aqqwLbLOlIjvlaEhWeMjoaGlaVaz7u2n6g4zAGcVG5/uocZ2QI7byppVE/8rpjBAs1zQr3A/ajvcgCQ3+3g+sy+3w6C1KmYJj3kyF14FhTDLWekAyX1VlEQCB1BUeB7lc3CuPftTDSRKLU/vOygvIdzLMJdsQu/98qjOawsKwEVSXtSrrLXTcyhHRKvkRhUOOD6z1WRl0UTmSrqnzGraEV737vDQrMzMyq06r3mlV6xnho19F4aH2pHgI0uJcFB7efPz7nxOKtlhoc1BiAb88+sDksRJd7/+4+32hSkFQ/2MfC+wwlryo9NXtgSbUnMBYZqQIW0PfoArFTY6La9mrhPpAZ5HLmj3H6xRGhSyLJGBoW+jDltI6pic6G7oBODfUOmUei+CeQ2JKYGfjMcXmndU1qmR2Wj8ytS7yK/J2SxWRGAgmUiGI0gv5nnoe+aHa20yOL54k9XZLSMin5sghcXzTxtLcNz5sfBUIF3sQzhwYUGR9UfNYx3OkeL0HOXQlcICC6cUFan/zIc+8GXHhxLd6NabTiZiTXdYRuAoJeIt1qNUeK0xvLNm08fHiT3eGXbS7NVjtPTw/nYUx6Ca8LaM9eZBfgNowfn47LvoAuliQP2vLAjuatyjlcC/hFfu9Surfcb9LUM/ZsyMFM=,iv:EgSXZvyWmcBxBkAe6asJ2B12FKaLQPy4tRAtCvkys3M=,tag:B0lyX7IRNHX1CqlvBZaSpg==,type:str]
openai_api_key: ENC[AES256_GCM,data:lH5Jf/xvtRRwuGYPM3g39J5DTQJowSKVqLtObgXRo+GOfpY/BKb46/R25rkWrOUv5pYK8PXmSm7obEkVBfoaYG0WufR6SzGH+R7hjrNgCzBA6g5pxmlE7CWPlPy6C6XqVgblL8aP2vD9qxJmIw8FYCLRgFHt5hK4d+Gd23BeBnkmPWIH23xyRFhCcb891CoiEEdXL5p1LNAOAW5ePmAyavc/Dlk=,iv:lWXy8/LlWeRVSect87/qsG2nOkmL5W7jpw/DVSnAbEs=,tag:n3pWUJ5uEMXtgt/kHG8J8w==,type:str]
sops:
kms: []
gcp_kms: []
@@ -41,8 +42,8 @@ sops:
L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W
A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-03T12:21:26Z"
mac: ENC[AES256_GCM,data:VvYYibPesUGh5LpR5dXUbJy0mwN9NkBn9CNx+SmWPR+wsaRMGR0Nkhmjmv+WpRGatL+Ka5cGezFFjdOd6urWpcSmL32zcPumVo/CRsZi4JEiuT3qHJkrKM38IPV5WSv1RxQaYwsN4/e5rMdRqeHCLatHbD28LAZxGz1bENCdYbw=,iv:zntGu7xokETUufEK/63ukM+voCEhyuA+hyhVrTNHvrA=,tag:lg2S+e9QL56A/Jaw1Ha0ug==,type:str]
lastmodified: "2025-02-05T16:19:21Z"
mac: ENC[AES256_GCM,data:ERVdP6Nk+o7DAVsN24EFr23R/9eF98Vq8O9ov9tiUyKdFcE/N5N0rQg1IyESuVujpOKOp4/WF488/Ez3S9dM0gNfqIctLT5Qw4EmNV+gs1SbtXdFE0eU3KbmFHxFsWRftQSpz0xalXBAAUHMUJfMQf1lyV7+TgGccIkvQB12QDM=,iv:Nsn1ohLkh3NSMbaWnl3UHDKG1lhTSUxNB8M7CIYxwvM=,tag:6PQ7VCb+enUnbRVAKYNR2g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

4
hosts/nb/users/configs/cryptomator.json
View File

@@ -1,7 +1,7 @@
{
"directories" : [ {
"id" : "18g3gg35eC6T",
"path" : "/home/dominik/cloud.cloonar.com/Documents",
"path" : "/home/dominik/nextcloud.cloonar.com/Documents",
"displayName" : "Documents",
"unlockAfterStartup" : true,
"revealAfterMount" : true,
@@ -14,7 +14,7 @@
"port" : 42427
}, {
"id" : "XGtyujeFM_HM",
"path" : "/home/dominik/cloud.cloonar.com/Downloads/Downloads",
"path" : "/home/dominik/nextcloud.cloonar.com/Downloads/Downloads",
"displayName" : "Downloads",
"unlockAfterStartup" : true,
"revealAfterMount" : true,

23
hosts/nb/users/configs/project_history
View File

@@ -5,10 +5,20 @@
/home/dominik/projects/cloonar/phishguard
/home/dominik/projects/cloonar/phishguard-frontend
/home/dominik/projects/cloonar/gitapi
/home/dominik/projects/cloonar/flow
/home/dominik/projects/cloonar/flow-docs
/home/dominik/projects/cloonar/flow-api
/home/dominik/projects/cloonar/flow-frontend
/home/dominik/projects/cloonar/cloonar-assistant
/home/dominik/projects/cloonar/updns
/home/dominik/projects/cloonar/flow/flow-docs
/home/dominik/projects/cloonar/flow/flow-user-service
/home/dominik/projects/cloonar/flow/flow-billing-service
/home/dominik/projects/cloonar/flow/flow-workflow-orchestration-service
/home/dominik/projects/cloonar/flow/flow-module-registry
/home/dominik/projects/cloonar/flow/flow-workflow-definition
/home/dominik/projects/cloonar/flow/flow-api-gateway
/home/dominik/projects/home-automation/lego-hetzner-bridge
/home/dominik/projects/home-automation/ghetto-nixos
/home/dominik/projects/cloonar/typo3-basic
/home/dominik/projects/cloonar/renovate-config
/home/dominik/projects/cloonar/bento
@@ -19,10 +29,14 @@
/home/dominik/projects/cloonar/wohnservice-wien
/home/dominik/projects/cloonar/wohnservice-gdpr
/home/dominik/projects/cloonar/gbv-aktuell
/home/dominik/projects/cloonar/cloonar-technologies-website
/home/dominik/projects/cloonar/paraclub/paraclub-api
/home/dominik/projects/cloonar/paraclub/paraclub-frontend
/home/dominik/projects/cloonar/paraclub/paraclub-website
/home/dominik/projects/cloonar/paraclub/paraclub-module
/home/dominik/projects/cloonar/paraclub/paraclub-ai-mailer
/home/dominik/projects/cloonar/amz/amz-api
/home/dominik/projects/cloonar/amz/amz-frontend
/home/dominik/projects/cloonar/hilgenberg-website
@@ -39,5 +53,6 @@
/home/dominik/projects/epicenter.works/padexporter
/home/dominik/projects/epicenter.works/ansible-pull
/home/dominik/projects/cloonar/lena-schilling-website
/home/dominik/projects/cloonar/dialog-relations-website
/home/dominik/projects/cloonar/imperfect-perfect.com
/home/dominik/projects/cloonar/yaapi

83
hosts/nb/users/dominik.nix
View File

@@ -3,6 +3,10 @@ let
# impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
thunderbirdSettings = {
"extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
"browser.theme.content-theme" = 0;
@@ -143,8 +147,17 @@ let
in
{
sops.secrets.openai_api_key = {
owner = "dominik";
};
programs.fuse.userAllowOther = true;
programs.zsh = {
shellInit = ''
export OPENAI_API_KEY=$(cat ${config.sops.secrets.openai_api_key.path})
'';
};
home-manager.users.dominik = { lib, pkgs, ... }: {
# imports = [ "${impermanence}/home-manager.nix" ];
/* The home.stateVersion option does not have a default and must be set */
@@ -154,6 +167,8 @@ in
MOZ_ENABLE_WAYLAND = "1";
};
nixpkgs.config.allowUnfree = true;
programs.bash = {
enable = true;
@@ -163,6 +178,19 @@ in
'';
};
programs.vscode = {
enable = true;
# package = (unstable.vscode.override { isInsiders = true; });
package = (pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec {
src = builtins.fetchTarball {
url = "https://update.code.visualstudio.com/1.99.0-insider/linux-x64/insider";
sha256 = "0z3x9m9pndzka9gzm2phnks453d2mwbdid9yd7qw3bvv965h71j5";
};
version = "1.99.0";
});
};
/* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
# home.persistence."/nix/persist/user/dominik" = {
# allowOther = true;
@@ -207,6 +235,16 @@ in
};
};
dconf = {
enable = true;
settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
};
systemd.user.services = {
signald = {
Unit = {
@@ -419,7 +457,7 @@ in
<p><font color="#666666">&lt;Signature<br></font>
<font color="#666666">&nbsp; </font><span style="color: inherit; font-size: 1.1em;">firstName="</span><span style="font-size: 1.1em; color: rgb(237, 92, 87);">Dominik</span><span style="color: inherit; font-size: 1.1em;">"<br></span>
<span style="color: inherit; font-size: 1.1em;">&nbsp; lastName="</span><span style="font-size: 1.1em; color: rgb(237, 92, 87);">Polakovics</span><span style="color: inherit; font-size: 1.1em;">"<br></span>
<span style="color: inherit; font-size: 1.1em;">&nbsp; company="</span><span style="font-size: 1.1em; color: rgb(81, 167, 249);">Cloonar e.U.</span><span style="color: inherit; font-size: 1.1em;">"<br></span>
<span style="color: inherit; font-size: 1.1em;">&nbsp; company="</span><span style="font-size: 1.1em; color: rgb(81, 167, 249);">Cloonar Technologies GmbH</span><span style="color: inherit; font-size: 1.1em;">"<br></span>
<span style="color: inherit; font-size: 1.1em;">&nbsp; scope="</span><span style="font-size: 1.1em; color: rgb(81, 167, 249);">IT Solutions</span><span style="color: inherit; font-size: 1.1em;">"<br></span><span style="color: inherit; font-size: 1.1em;">&nbsp; phone="</span><span style="font-size: 1.1em; color: rgb(81, 167, 249);">+436688700600</span><span style="color: inherit; font-size: 1.1em;">"<br></span>
<span style="color: inherit; font-size: 1.1em;">&nbsp; email="</span><span style="font-size: 1.1em; color: rgb(81, 167, 249);">dominik.polakovics@cloonar.com</span><span style="font-size: 1.1em;">"<br></span>
<span style="color: rgb(102, 102, 102); font-size: 1.1em;">/&gt;</span></p>
@@ -451,6 +489,23 @@ in
realName = "Dominik Polakovics";
address = "dominik.polakovics@epicenter.works";
userName = "dominik.polakovics@epicenter.works";
signature = {
showSignature = "append";
text = ''
<div style="font-family: 'Open Sans', Helvetica, Arial, sans-serif;">
<p style="margin-bottom: 0;"><img src="https://epicenter.works/sites/default/files/ew_logo_rgb-xs.png" /><br>
<b>epicenter.works for digital rights</b><br>
Dominik Polakovics, Technical Advisor</p>
<table style="border: none;border-left: 5px solid #ccc;font-size: 80%;">
<tr>
<td style="padding-right:10px;">E-Mail:</td>
<td>dominik.polakovics@epicenter.works</td>
</tr>
</table>
</div>
'';
};
imap = {
host = "mail.epicenter.works";
port = 993;
@@ -528,10 +583,10 @@ in
home.activation.symlinks = lib.hm.dag.entryAfter ["writeBoundary"] ''
PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH"
set +eu
if [ ! -L ~/Documents ]; then
if [ ! -L ~/Documents/Documents ]; then
ln -s /home/dominik/.local/share/Cryptomator/mnt/Documents ~/Documents
fi
if [ ! -L ~/Downloads ]; then
if [ ! -L ~/Downloads/Downloads ]; then
ln -s /home/dominik/.local/share/Cryptomator/mnt/Downloads ~/Downloads
fi
set -eu
@@ -553,10 +608,15 @@ in
git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow.git ${persistHome}/projects/cloonar/flow 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow-docs 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-api.git ${persistHome}/projects/cloonar/flow-api 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-frontend.git ${persistHome}/projects/cloonar/flow-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-billing-service.git ${persistHome}/projects/cloonar/flow/flow-billing-service 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-module-registry.git ${persistHome}/projects/cloonar/flow/flow-module-registry 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/flow-workflow-definition.git ${persistHome}/projects/cloonar/flow/flow-workflow-definition 2>/dev/null
git clone gitea@git.cloonar.com:dominik.polakovics/flow-api-gateway.git ${persistHome}/projects/cloonar/flow/flow-api-gateway 2>/dev/null
git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null
@@ -568,17 +628,26 @@ in
git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null
git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null
git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null

4
hosts/web-arm/configuration.nix
View File

@@ -34,6 +34,7 @@
./sites/gbv-aktuell.at.nix
./sites/matomo.cloonar.com.nix
./sites/support.cloonar.dev.nix
./sites/stage.cloonar-technologies.at.nix
./sites/cloonar.dev.nix
./sites/paraclub.cloonar.dev.nix
@@ -41,10 +42,11 @@
./sites/tandem.paraclub.cloonar.dev.nix
./sites/module.paraclub.cloonar.dev.nix
./sites/gbv-aktuell.cloonar.dev.nix
./sites/lena-schilling.cloonar.dev.nix
./sites/stage.myhidden.life.nix
./sites/stage.korean-skin.care.nix
./sites/feeds.jordanrannells.com.nix
./sites/dialog-relations.cloonar.dev.nix
./sites/lena-schilling.cloonar.dev.nix
./sites/lena-schilling.at.nix
];

11
hosts/web-arm/modules/authelia/default.nix
View File

@@ -1,6 +1,10 @@
{ config, ... }:
{
{ config, pkgs, ... }:
let
unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") {
config = config.nixpkgs.config;
system = pkgs.system;
};
in {
sops.secrets.authelia-jwt-secret = {
owner = "authelia-main";
};
@@ -24,6 +28,7 @@
};
services.authelia.instances.main = {
package = unstable.authelia;
enable = true;
secrets = {
jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path;

4
hosts/web-arm/modules/web/typo3.nix
View File

@@ -134,8 +134,8 @@ in
nameValuePair ("typo3-cron-" + domain) {
script = ''
set -eu
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 scheduler:run
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 ke_search:indexing
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 scheduler:run
${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 ke_search:indexing
'';
serviceConfig = {
Type = "oneshot";

6
hosts/web-arm/sites/api.paraclub.cloonar.dev.nix
View File

@@ -31,5 +31,11 @@
'';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]);
phpOptions = ''
opcache.enable=1
opcache.memory_consumption=128
opcache.validate_timestamps=0
opcache.revalidate_path=0
'';
};
}

39
hosts/web-arm/sites/cloonar.dev.nix
View File

@@ -3,16 +3,11 @@ let
domain = "cloonar.dev";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
services.webstack.instances."${domain}" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6frP875aOnuFALjgP3ZCySCcYSGqtIzIK80S/L/D/w"
];
locations."/".extraConfig = ''
index index.html;
@@ -35,26 +30,22 @@ in {
}
'';
locations."^~ /vcards/".extraConfig = ''
location ~ /\.env {
deny all;
return 404;
}
# Determine if the requested file exists
try_files $uri $uri/ /vcards/index.php$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
phpPackage = pkgs.php;
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
];
};
users.groups.${domain} = {};
}

10
hosts/web-arm/sites/dialog-relations.cloonar.dev.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, lib, config, ... }:
{
services.typo3.instances."dialog-relations.cloonar.dev" = {
acmeRoot = "/var/lib/acme/acme-challenge";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma"
];
phpPackage = pkgs.php83;
};
}

1
hosts/web-arm/sites/dialog-relations.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01

1
hosts/web-arm/sites/paraclub.at.nix
View File

@@ -16,6 +16,7 @@ in {
locations."/".extraConfig = ''
index index.html;
error_page 404 /404.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

1
hosts/web-arm/sites/paraclub.cloonar.dev.nix
View File

@@ -16,6 +16,7 @@ in {
locations."/".extraConfig = ''
index index.html;
error_page 404 /de/404.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''

43
hosts/web-arm/sites/stage.cloonar-technologies.at.nix Normal file
View File

@@ -0,0 +1,43 @@
{ pkgs, lib, config, ... }:
let
domain = "stage.cloonar-technologies.at";
dataDir = "/var/www/${domain}";
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${domain}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/zRVX9TyYcimkC8lxGjfJAoaL2zHDBH3QnRfUvgYHc"
];
};
users.groups.${domain} = {};
}

2
utils/modules/autoupgrade.nix
View File

@@ -3,5 +3,5 @@
{
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = false;
system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05";
system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.11";
}

4
utils/overlays/packages.nix
View File

@@ -3,4 +3,8 @@ self: super: {
ykfde = (super.callPackage ../pkgs/ykfde { });
creality-print = (super.callPackage ../pkgs/creality-print.nix { });
openaudible = (super.callPackage ../pkgs/openaudible.nix { });
openmanus = (super.callPackage ../pkgs/openmanus.nix { });
ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { };
# vscode-insiders = (super.callPackage ../pkgs/vscode-insiders.nix { });
}

32
utils/pkgs/ai-mailer.nix Normal file
View File

@@ -0,0 +1,32 @@
{ lib, buildGoModule, fetchgit }:
buildGoModule rec {
pname = "ai-mailer";
version = "0.1.0";
src = fetchgit {
url = "https://git.cloonar.com/Paraclub/ai-mailer.git";
rev = "8903aa072a482e1e52170c840bf87d8da5d9d9e0";
sha256 = "sha256-+YPB3tcy2+ZiiwYfg6QzPcrg1gf9ivlLaZRzviwWe90=";
};
vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw=";
subPackages = [ "cmd/paraclub-ai-mailer" ];
preBuild = ''
sed -i 's/go 1.23.5/go 1.22/' go.mod
'';
postInstall = ''
mv $out/bin/paraclub-ai-mailer $out/bin/ai-mailer
ln -s $out/bin/ai-mailer $out/bin/paraclub-ai-mailer
'';
meta = with lib; {
description = "AI Mail Assistant Service";
homepage = "https://git.cloonar.com/Paraclub/ai-mailer";
license = licenses.unfree; # Adjust based on your project's license
maintainers = [ ];
};
}

43
utils/pkgs/openmanus.nix Normal file
View File

@@ -0,0 +1,43 @@
{ lib
, fetchFromGitHub
, python312
, python312Packages
}:
python312Packages.buildPythonApplication rec {
pname = "openmanus";
version = "0.1.0";
src = fetchFromGitHub {
owner = "mannaandpoem";
repo = "OpenManus";
rev = "74f438bde38a47da884ba5de2d20960aa9a57990";
sha256 = "sha256-zO2UgMxMvE7yk7ILsYnxjBuXrhqlLK42rZNYrxljcg4="; # Replace with actual hash after first build attempt
};
propagatedBuildInputs = with python312Packages; [
openai
python-dotenv
requests
tomli
pydantic
pydantic-settings
numpy
tqdm
pillow
fastapi
uvicorn
gradio
colorlog
];
doCheck = false;
meta = with lib; {
description = "OpenManus - An open-source framework for building general AI agents";
homepage = "https://github.com/mannaandpoem/OpenManus";
license = licenses.mit;
maintainers = with maintainers; [ ];
mainProgram = "openmanus";
};
}

100
utils/pkgs/vscode-insiders.nix Normal file
View File

@@ -0,0 +1,100 @@
{ lib, stdenv, makeDesktopItem, makeWrapper, fetchurl
, atomEnv, at-spi2-atk, at-spi2-core, autoPatchelfHook, alsa-lib
, mesa, nss, nspr, systemd, libdrm, libxkbcommon, libX11, libXcomposite
, libXdamage, libXext, libXfixes, libXrandr, expat, libxcb
, libXScrnSaver, libXi, libxshmfence, libGL, libglvnd
, gtk3, pango, cairo, gdk-pixbuf, glib, dbus, cups, SDL2
, libav_0_8, openssl, bash, findutils, xdg-utils, coreutils
}:
stdenv.mkDerivation rec {
pname = "vscode-insiders";
# version = "1.98.2-1708777035";
version = "1.98.2";
src = fetchurl {
# url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz";
# url = "https://az764295.vo.msecnd.net/insider/2bdf282f0aa8f3022a0540949724ccf8a909ec45/code-insider-${version}-linux-x64.tar.gz";
url = "https://update.code.visualstudio.com/${version}/linux-x64/stable";
hash = "sha256-Mm34T2/laoqxN8MR+H0rHxxA0WAKgc5d/ZvGGC+ETok=";
};
buildInputs = [
atomEnv.packages
at-spi2-atk
at-spi2-core
alsa-lib
mesa
nss
nspr
systemd
libdrm
libxkbcommon
libX11
libXcomposite
libXdamage
libXext
libXfixes
libXrandr
expat
libxcb
libXScrnSaver
libXi
libxshmfence
libGL
libglvnd
gtk3
pango
cairo
gdk-pixbuf
glib
dbus
cups
SDL2
libav_0_8
openssl
];
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
installPhase = ''
mkdir -p $out/lib/vscode-insiders
cp -r . $out/lib/vscode-insiders
mkdir -p $out/bin
ln -s $out/lib/vscode-insiders/bin/code-insiders $out/bin/code-insiders
mkdir -p $out/share/applications
cp ${makeDesktopItem {
name = "code-insiders";
desktopName = "Visual Studio Code - Insiders";
comment = "Code Editing. Redefined.";
exec = "code-insiders %F";
icon = "code-insiders";
categories = [ "Utility" "TextEditor" "Development" "IDE" ];
mimeTypes = [ "text/plain" "inode/directory" ];
startupNotify = true;
startupWMClass = "Code - Insiders";
}}/share/applications/code-insiders.desktop $out/share/applications/
mkdir -p $out/share/pixmaps
cp $out/lib/vscode-insiders/resources/app/resources/linux/code-insiders.png $out/share/pixmaps/
'';
postFixup = ''
wrapProgram $out/bin/code-insiders \
--prefix PATH : ${lib.makeBinPath [ xdg-utils ]} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath buildInputs}
'';
meta = with lib; {
description = "Visual Studio Code Insiders - Open Source IDE by Microsoft";
longDescription = ''
Visual Studio Code Insiders is a new choice of tool that combines the simplicity of a code editor with what developers need for the core edit-build-debug cycle. This is the insiders version, updated daily with the latest changes.
'';
homepage = "https://code.visualstudio.com/insiders";
license = licenses.unfree;
maintainers = with maintainers; [ ];
platforms = [ "x86_64-linux" ];
};
}