ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Redesign/flake (#4)

Browse Source 
Redesign flake and update to 22.05
This commit is contained in:
Stefan Ellmauthaler 2022-06-10 21:32:48 +02:00 committed by GitHub
parent e3b96f921d
commit 54327482e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
85 changed files with 2043 additions and 1187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.sops.yaml Normal file
View File

@ -0,0 +1,17 @@
keys:
- &stefan_ellmauthaler 3B398B086C410264A14FB353B1E6F03030A4AEAA
- &stel-xps e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca
- &nucturne 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
creation_rules:
- path_regex: secrets/secrets\.yaml
key_groups:
- pgp:
- *stefan_ellmauthaler
- *stel-xps
- *nucturne
- path_regec: secrets/server\.yaml
key_groups:
- pgp:
- *stefan_ellmauthaler
- *nucturne

21
README.md
View File

@ -4,11 +4,18 @@
* setup the filesystem as you see fit
* check out repository to `/mnt/etc/nixos`
* run `nixos-generate-config --root /mnt` in `/mnt/etc/nixos`
* create `machine/<machine-name>/default.nix` and add machine specific configuration to it
* move `hardware-configuration.nix` to `machine/<machine-name>/hardware-configuration.nix`
* add your machine to `/mnt/etc/nixos/default.nix`
* stage the machine-folder to the git-repository
* create `machines/<machine-name>/default.nix` and configure the machine
* move `hardware-configuration.nix` to `machines/<machine-name>/hardware-configuration.nix`
* stage the machine-folder
* run
* `nix-shell -p nixFlakes`
* `sudo _NIXOS_REBUILD_REEXEC=1 nixos-install --no-root-passwd --flake .#hostname`
* ~~`nixos-install --no-root-passwd --flake .#hostname`~~
* `nix-install --no-root-passwd --flake .#hostname --option experimental-features "nix-command flakes"`
## nix-sops
* generate on your (sshd-enabled) machine a pgp key:
* `nix shell nixpkgs#ssh-to-pgp`
* `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/keys/hosts/<hostname>.asc`
* add the fingerprint of the new key to the `/etc/nixos/.sops.yaml` file
* Rekey the secrets with either
* a master key
* or after a git push on another machine with enough permissions to rekey
* the flakes dev-shell (`nix devshell`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system

151
baseconfiguration.nix
View File

@ -1,151 +0,0 @@
{ pkgs, extraOverlays, name, flakes, flakeOutputs, ...}:
{ config, pkgs, lib, ...}:
{
imports =
[ # hardware-configuration result
((./machine + "/${name}") + /hardware-configuration.nix)
# machine-specific configuration
(./machine + "/${name}")
# additional programs
./programs
# home-manager entry-point
./users
# layers
./layer
# options
./options.nix
];
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_GB.UTF-8";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest;
};
networking = {
useDHCP = false;
hostName = config.variables.hostName;
};
nix = {
autoOptimiseStore = true;
# Enable flakes
# Free up to 50GiB whenever there is less than 10GiB left.
extraOptions = ''
experimental-features = nix-command flakes
min-free = ${toString (10* 1024 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024)}
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
nixpkgs = {
overlays = [ flakes.emacs-overlay.overlay flakeOutputs.overlay ] ++ extraOverlays;
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"skypeforlinux"
"teams"
"zoom"
];
};
services = {
dbus = {
enable = true;
packages = with pkgs; [gnome3.dconf];
};
};
environment = {
shells = [ pkgs.zsh ];
pathsToLink = [ "/share/zsh/" ];
systemPackages = with pkgs; [
emacs-all-the-icons-fonts
wget
git
clang
rnix-lsp
procs
#comma.comma
];
sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
PATH = [
"\${XDG_BIN_HOME}"
];
};
};
programs = {
zsh = {
enable = true;
enableCompletion = true;
enableGlobalCompInit = true;
autosuggestions.enable = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "root" "line" ];
#styles = { cursor = "standout,underline"; };
};
setOptions = [ "auto_pushd" "correct" "extendedglob" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ];
};
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
dconf.enable = true;
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [
hasklig
# corefonts # not free
liberation_ttf
comic-relief
dejavu_fonts
gyre-fonts
open-sans
noto-fonts
noto-fonts-emoji
noto-fonts-extra
roboto
roboto-mono
(nerdfonts.override { fonts = [ "Hasklig" ]; })
material-icons
weather-icons
];
fontconfig = {
enable = true;
# defaultFonts = {
# serif = [ "TeX Gyre Heros" ];
# emoji = [ "Noto Color Emoji" ];
# sansSerif = [ "TeX Gyre Pagella" ];
# monospace = [ "Hasklug Nerd Font Mono" ];
# };
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

20
common/users.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, lib, ... }:
with lib; {
config = {
elss = {
users = {
meta = {
ellmau = {
description = "Stefan Ellmauthaler";
mailAddress = "stefan.ellmauthaler@tu-dresden.de";
hashedPassword = "$6$JZPnaZYG$KL2c3e1it3j2avioovE1WveN/mpmq/tPsSAvHY1XRhtqKaE7TaSQkqRy69farkIR0Xs0.yTjltvKvv28kZtLO1";
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0XgjNGsqo8gbtPTpH8pHCdGQyGNWdKcSAmyhiLBLM3 stefan.ellmauthaler@tu-dresden.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyL/ynqq4pMhALzbLky9b/+Oledo8X21bWOKWUyBUlXp9u35WkU5BnSbHZ79TxuKl+Lw28hXItW/xtyDdVEPAKx6uopA9alMMbRr0ghpkEyc76Pdh3TcXDNj613i2Rwx9nHMJpcuWcl8rKtoorH4z3GzftJoWMQbvmYhy0kctLXsf81Ud9eKOELzftLILDYa7/L9C08x3b/vfK90vK0AdiQU0nZf+XmbPT5wosAjTzFrigSpSaoqdJhEhq9V3dRTPVM6DT7gEVCzgcFDJJKRGx944ivMubtzKffirF/RgDaLkD6WHlV3Ymg1gSpKAswY2QwcnV0mkRofWh8y1/eGckNJ0CJ7vv2GKZUI7AVjUyEZq1GxDMEhLN12SHoOby/hP3BeCTEcZeDqPj28ZlS8e+oF0dTJnwsD6nHPV5xlPdQeyD17QF7HUoNd/wV+SzRGzaVz6AEh2vodSt2t9eaugMK3L/xiOSrguhkyJEI95cJgBOC+i4BF+poOikACzZPIpQ8bx0HKEynDsM4QlNvKmjS6uBQuLaUjaQIHjEt24MiAJdhxHZIsSliMzmRycs9jRMBj4WiSolee6j+YDm7e/l1vSE3mRO23atPOWvIF+1+r1LGFWLQp2j8iQJJ6DyX4+5Nkk0VrM0JCinNWTj+1C4hxvqwzrZ5i5mMYgSTJYx0w== nucturne"
];
};
};
};
};
};
}

0
users/common/wallpaper/nix-wallpaper-nineish-dark-gray.png → common/wallpaper/nix-wallpaper-nineish-dark-gray.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 164 KiB

After

Width:  |  Height:  |  Size: 164 KiB

0
users/common/wallpaper/nix-wallpaper-nineish.png → common/wallpaper/nix-wallpaper-nineish.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 176 KiB

After

Width:  |  Height:  |  Size: 176 KiB

278
flake.lock generated
View File

@ -16,17 +16,66 @@
"type": "gitlab"
}
},
"comma": {
"inputs": {
"flake-compat": "flake-compat",
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"utils": [
"flake-utils-plus",
"flake-utils"
]
},
"locked": {
"lastModified": 1654522640,
"narHash": "sha256-0QTVKFLcEq/2GGt2WG75b/1e7MuGBaoFXROkOWsTxUg=",
"owner": "nix-community",
"repo": "comma",
"rev": "13102d58c26267574982465b5b9b5b0f98ca98cc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "comma",
"type": "github"
}
},
"dwarffs": {
"inputs": {
"nix": "nix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1646560263,
"narHash": "sha256-VYJFoEigK0DASnBiYUhQBe0c0O4mlcoGBlYN8qs2TOo=",
"owner": "edolstra",
"repo": "dwarffs",
"rev": "e768ce3239156de05f7ff3210d86a80762730f30",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "dwarffs",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1653304500,
"narHash": "sha256-3x9Afa3L6rq/5YF7xjSZAynoLrz+nXF4tGen0CPp4Wk=",
"lastModified": 1654859398,
"narHash": "sha256-gw2dGEnIzUYZo27yHxY1SQj3LVA9iiCMSdUwouyKDAM=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "cd6fbfa22bfd96967231515843fbdef3bda7966f",
"rev": "651c417e7fd8d8f1ee67560bc0b2f85aba2c9cab",
"type": "github"
},
"original": {
@ -37,11 +86,59 @@
},
"flake-utils": {
"locked": {
"lastModified": 1652776076,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1652704544,
"narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
@ -57,27 +154,84 @@
]
},
"locked": {
"lastModified": 1651519540,
"narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=",
"lastModified": 1654113405,
"narHash": "sha256-VpK+0QaWG2JRgB00lw77N9TjkE3ec0iMYIX1TzGpxa4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
"rev": "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.11",
"ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
"comma",
"nixpkgs"
]
},
"locked": {
"lastModified": 1653413650,
"narHash": "sha256-wojDHjb+eU80MPH+3HQaK0liUy8EgR95rvmCl24i58Y=",
"owner": "nix-community",
"repo": "naersk",
"rev": "69daaceebe12c070cd5ae69ba38f277bbf033695",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1646337190,
"narHash": "sha256-7rdubErpmKjNlmjR1GfwAyazJeqUnJUw/Xf1uon/BqQ=",
"owner": "NixOS",
"repo": "nix",
"rev": "b09baf690bb00125805a02e0feae9636b2114599",
"type": "github"
},
"original": {
"id": "nix",
"type": "indirect"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1653145312,
"narHash": "sha256-affCuB0Boa8CDFykoJVPZfhHLBok7Sq+QEOJvo3Xf+k=",
"lastModified": 1654057797,
"narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "8b5e1bf2fd62adefff05ae67cd49440be93ea193",
"rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af",
"type": "github"
},
"original": {
@ -89,14 +243,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1652559422,
"narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=",
"path": "/nix/store/fn03py5wi8d94hqg6m9wvs4672dqxzls-source",
"rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1",
"type": "path"
"lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05-small",
"type": "indirect"
}
},
@ -132,11 +288,11 @@
},
"nixpkgs-21_11_2": {
"locked": {
"lastModified": 1653132211,
"narHash": "sha256-5ugEYisGqixwarfn3BJvuWDnO6gT/AoxlsA6jnG8Fv8=",
"lastModified": 1654346688,
"narHash": "sha256-Y7QtZkfdxTvACCvWmDjpN6qOf4OKkZATufHcJP2VMKM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b5991e4971523a5fcc9413b9003b58e5c15aa7d8",
"rev": "2de556c4cd46a59e8ce2f85ee4dd400983213d45",
"type": "github"
},
"original": {
@ -146,13 +302,44 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"nixpkgs-22_05": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"lastModified": 1654373220,
"narHash": "sha256-3vKFnZz2oYHo4YcelaNOhO4XQ2jiIEXrp1s4w+e773c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"rev": "d6cb04299ce8964290ae7fdcb87aa50da0500b5c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"id": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1654682581,
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
"type": "github"
},
"original": {
@ -164,38 +351,26 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1653087707,
"narHash": "sha256-zfno3snrzZTWQ2B7K53QHrGZwrjnJLTRPalymrSsziU=",
"lastModified": 1654758790,
"narHash": "sha256-bXimktlkjL9s8ldMzMBslxEs80cjZDqrof1g8MbhmQI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cbd40c72b2603ab54e7208f99f9b35fc158bc009",
"rev": "e5556c75ac012ee6e03f39a56c1c51b0f7d658c2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1626852498,
"narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"root": {
"inputs": {
"comma": "comma",
"dwarffs": "dwarffs",
"emacs-overlay": "emacs-overlay",
"flake-utils-plus": "flake-utils-plus",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
@ -207,7 +382,9 @@
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"nixpkgs": "nixpkgs_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-21_05": "nixpkgs-21_05",
"nixpkgs-21_11": "nixpkgs-21_11",
"utils": "utils"
@ -232,14 +409,15 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-21_11": "nixpkgs-21_11_2"
"nixpkgs-21_11": "nixpkgs-21_11_2",
"nixpkgs-22_05": "nixpkgs-22_05"
},
"locked": {
"lastModified": 1653237221,
"narHash": "sha256-zMgangC+wDXvdAz/aP5jDg/Paw7icNFhQIZsJVACMc0=",
"lastModified": 1654401128,
"narHash": "sha256-uCdQ2fzIPGakHw2TkvOncUvCl7Fo7z/vagpDWYooO7s=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "13079f98ddfdc9e06e4b688332626ca954c14264",
"rev": "f075361ecbde21535b38e41dfaa28a28f160855c",
"type": "github"
},
"original": {

130
flake.nix
View File

@ -1,46 +1,142 @@
{
description = "Flake to generate NixOS configurations";
description = "Flake to define configurations of 'elss' - ellmauthaler stefan's systems";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
#nix = {
# url = "github:NixOS/nix?ref=latest-release";
# url = "github:NixOS/nix";
# inputs.nixpkgs.follows = "nixpkgs";
#};
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# comma = {
# url = "github:nix-community/comma";
# inputs.nixpkgs.follows = "nixpkgs";
# };
home-manager = {
url = "github:nix-community/home-manager/release-21.11";
url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils-plus = {
url = "github:gytis-ivaskevicius/flake-utils-plus";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix/master";
inputs.nixpkgs.follows = "nixpkgs";
};
dwarffs = {
url = "github:edolstra/dwarffs";
inputs = {
#nix.follows = "nix";
nixpkgs.follows = "nixpkgs";
};
};
outputs = {self, ...}@inputs:
let outputs = rec {
overlay = import ./local-overlay;
nixosConfigurations = import self {
flakes = inputs;
flakeOutputs = outputs;
comma = {
url = "github:nix-community/comma";
inputs = {
nixpkgs.follows = "nixpkgs";
utils.follows = "flake-utils-plus/flake-utils";
};
};
};
outputs = { self, nixpkgs, flake-utils-plus, ... }@inputs:
let
extended-lib = nixpkgs.lib.extend
(final: prev: {
elss = (import ./lib { lib = final; }) prev;
});
inherit (extended-lib.elss) discoverModules moduleNames;
in
flake-utils-plus.lib.mkFlake rec{
inherit self inputs;
supportedSystems = [ "x86_64-linux" ];
lib = extended-lib;
channelsConfig = {
allowUnfreePredicate = pkg: builtins.elem (extended-lib.getName pkg) [
"steam"
"steam-original"
"steam-runtime"
"skypeforlinux"
"teams"
"zoom"
];
};
channels.nixpkgs.overlaysBuilder = channels: [
(final: prev: {
unstable = channels.nixpkgs-unstable;
})
(flake-utils-plus.lib.genPkgOverlay inputs.comma "comma")
#inputs.nix.overlay
inputs.emacs-overlay.overlay
];
hostDefaults = {
system = "x86_64-linux";
channelName = "nixpkgs";
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
inputs.dwarffs.nixosModules.dwarffs
inputs.simple-nixos-mailserver.nixosModules.mailserver
] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
specialArgs = {
nixos-hardware = inputs.nixos-hardware.nixosModules;
inherit inputs;
};
extraArgs = {
homeConfigurations = discoverModules ./users
(name:
import (./users + "/${name}")
);
};
};
hosts = discoverModules ./machines (name: {
modules = [ (./machines + "/${name}") ];
specialArgs = { lib = extended-lib; };
});
homeConfigurations = discoverModules ./users
(name:
let
username = extended-lib.removeSuffix ".nix" name;
in
inputs.home-manager.lib.homeManagerConfiguration {
configuration = import (./users + "/${name}");
inherit username;
system = "x86_64-linux";
homeDirectory = "/home/${username}";
stateVersion = "21.05";
});
outputsBuilder = channels: {
devShell = import ./secrets/shell.nix {
pkgs = channels.nixpkgs;
sops-nix = inputs.sops-nix.packages."${channels.nixpkgs.system}";
};
};
nixosModules = {};
};
in outputs;
}

4
layer/default.nix
View File

@ -1,4 +0,0 @@
{ config, pkgs, lib, ...}:
{
imports = [ ./graphical.nix ];
}

64
layer/graphical.nix
View File

@ -1,64 +0,0 @@
{ config, pkgs, lib, ... }:
let
isgraphical = config.variables.graphical;
cursorsize = if config.variables.hostName == "nucturne" then 14 else 16;
xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null;
in
{
networking.networkmanager.enable = isgraphical;
services = {
xserver = {
enable = isgraphical;
# dpi = xserverDPI;
displayManager.lightdm = {
enable = isgraphical;
greeters.gtk.cursorTheme.size = cursorsize;
};
# displayManager.sessionCommands = ''
# ${pkgs.xorg.xrdb}/bin/xrdb -merge <<EOF
# Xcursor.size: 14
# EOF
# '';
windowManager.i3 = {
enable = isgraphical;
extraPackages = with pkgs; [
rofi # launcher
polybarFull # bar
i3lock # lock screen
xss-lock
autorandr
];
extraSessionCommands = ''
${pkgs.autorandr}/bin/autorandr -c
'';
};
layout = "us";
xkbOptions = "eurosign:e";
};
gnome.gnome-keyring.enable = true;
printing.enable = true;
};
sound.enable = isgraphical;
hardware = {
pulseaudio.enable = isgraphical;
bluetooth.enable = isgraphical;
};
services.blueman.enable = isgraphical;
environment.systemPackages = if isgraphical then with pkgs; [
firefox
#alacritty
thunderbird
okular
texlive.combined.scheme-full
usbutils
keepassxc
gnome.libsecret
arandr
] else [ ];
}

10
layer/server.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, lib, ...}:
{
config = lib.mkIf config.variables.server {
services.sshd.enable = true;
imports = [
../services
../secrets
];
};
}

6
lib/default.nix Normal file
View File

@ -0,0 +1,6 @@
{ lib }:
(lib.composeManyExtensions [
(import ./users.nix)
(import ./files.nix)
]) lib

14
lib/files.nix Normal file
View File

@ -0,0 +1,14 @@
final: prev:
with prev; rec {
moduleNames = dir: pipe dir [
builtins.readDir
(filterAttrs (name: type: !hasPrefix "." name && (hasSuffix ".nix" name || type == "directory")))
attrNames
];
discoverModules = dir: f:
listToAttrs (map
(filename:
nameValuePair (removeSuffix ".nix" filename) (f filename))
(moduleNames dir));
}

19
lib/users.nix Normal file
View File

@ -0,0 +1,19 @@
final: prev:
{
withConfig = config:
let
cfg = config.elss.users;
mapAccount = f: login: prev.nameValuePair login (f login);
mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst);
in
rec {
mapUsers = f: mapList f cfg.users;
mapAdmins = f: mapList f cfg.admins;
mapAllUsers = f: (mapUsers f) // (mapAdmins f);
mapAllUsersAndRoot = f: (mapAllUsers f) // {
root = f "root";
};
};
}

4
local-overlay/default.nix
View File

@ -1,4 +0,0 @@
final: prev:
{
tray-calendar = final.callPackage ./pkgs/tray-calendar {};
}

29
local-overlay/pkgs/tray-calendar/default.nix
View File

@ -1,29 +0,0 @@
{ stdenv
, python3
, gtk3
, gobject-introspection
, wrapGAppsHook
, lib
}:
stdenv.mkDerivation rec {
pname = "tray-calendar";
version = "0.9";
src = ./traycalendar.py;
buildInputs = [
(python3.withPackages (pyPkgs: with pyPkgs; [
pygobject3
]))
gtk3
gobject-introspection
];
nativeBuildInputs = [ wrapGAppsHook ];
dontUnpack = true;
installPhase = "install -m755 -D $src $out/bin/traycalendar";
meta = {
license = lib.licenses.gpl3Only;
homepage = "https://github.com/vifon/TrayCalendar";
};
}

215
local-overlay/pkgs/tray-calendar/traycalendar.py
View File

@ -1,215 +0,0 @@
#!/usr/bin/env python3
########################################################################
# Copyright (C) 2015-2018 Wojciech Siewierski #
# #
# This program is free software; you can redistribute it and/or #
# modify it under the terms of the GNU General Public License #
# as published by the Free Software Foundation; either version 3 #
# of the License, or (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
########################################################################
import functools
import glob
import os.path
import re
from collections import defaultdict
from os import getenv
import gi
gi.require_version('Gtk', '3.0')
from gi.repository import Gtk, Gdk
DEFAULT_ORG_DIRECTORY = os.path.join(getenv('HOME'), "org")
ORG_GLOB = '*.org'
ORG_ARCHIVE_SUFFIX = '_archive.org'
def org_agenda_files(directory):
org_abs = functools.partial(os.path.join, directory)
agenda_files_path = org_abs('.agenda-files')
try:
with open(agenda_files_path) as agenda_files:
yield from (org_abs(f.rstrip('\n')) for f in agenda_files)
except FileNotFoundError:
for filename in glob.iglob(os.path.join(directory, ORG_GLOB)):
if not filename.endswith(ORG_ARCHIVE_SUFFIX):
yield filename
def scan_org_for_events(org_directories):
"""Search the org files for the calendar events.
Scans the passed directories for the .org files and saves the events
found there into a multilevel dict of lists: events[year][month][day]
The returned dict uses defaultdict so *do not* rely on the
KeyError exception etc.! Check if the element exists with
.get(key) before accessing it!
"""
def year_dict():
return defaultdict(month_dict)
def month_dict():
return defaultdict(day_dict)
def day_dict():
return defaultdict(event_list)
def event_list():
return list()
events = year_dict()
for org_directory in org_directories:
for filename in org_agenda_files(org_directory):
with open(filename, "r") as filehandle:
last_heading = None
for line in filehandle:
heading_match = re.search(r'^\*+\s+(.*)', line)
if heading_match:
last_heading = heading_match.group(1)
# strip the tags
last_heading = re.sub(r'\s*\S*$', last_heading, '')
match = re.search(r'<(\d{4})-(\d{2})-(\d{2}).*?>', line)
if match:
year, month, day = [ int(field) for field in match.group(1,2,3) ]
month -= 1 # months are indexed from 0 in Gtk.Calendar
events[year][month][day].append(last_heading)
return events
class CalendarWindow(object):
def __init__(self, org_directories):
self.window = Gtk.Window()
self.window.set_wmclass("traycalendar", "TrayCalendar")
self.window.set_resizable(False)
self.window.set_decorated(False)
self.window.set_gravity(Gdk.Gravity.STATIC)
window_width = 300
# Set the window geometry.
geometry = Gdk.Geometry()
geometry.min_width = window_width
geometry.max_width = window_width
geometry.base_width = window_width
self.window.set_geometry_hints(
None, geometry,
Gdk.WindowHints.MIN_SIZE |
Gdk.WindowHints.MAX_SIZE |
Gdk.WindowHints.BASE_SIZE)
# Create the listview for the calendar events.
list_model = Gtk.ListStore(str)
list_view = Gtk.TreeView(list_model)
list_column = Gtk.TreeViewColumn("Events", Gtk.CellRendererText(), text=0)
list_column.set_fixed_width(window_width)
list_view.append_column(list_column)
# Create the calendar widget.
calendar = Gtk.Calendar()
self.calendar_events = scan_org_for_events(org_directories)
calendar.connect('month-changed', self.mark_calendar_events)
calendar.connect('day-selected', self.display_event_list, list_model)
self.mark_calendar_events(calendar)
self.display_event_list(calendar, list_model)
close_button = Gtk.Button("Close")
close_button.connect('clicked', lambda event: self.window.destroy())
vbox = Gtk.VBox()
vbox.add(close_button)
vbox.add(calendar)
vbox.add(list_view)
self.window.add(vbox)
rootwin = self.window.get_screen().get_root_window()
# get_pointer is deprecated but using Gdk.Device.get_position
# is not viable here: we have no access to the pointing device.
screen, x, y, mask = rootwin.get_pointer()
x -= window_width
# Show the window right beside the cursor.
self.window.move(x,y)
self.window.show_all()
def mark_calendar_events(self, calendar):
"""Update the days with calendar events list for the selected month."""
year, month, day = calendar.get_date()
calendar.freeze_notify()
calendar.clear_marks()
for day in self.calendar_events[year][month]:
calendar.mark_day(day)
calendar.thaw_notify()
def display_event_list(self, calendar, event_list):
"""Update the calendar event list for the selected day."""
year, month, day = calendar.get_date()
event_list.clear()
# get(day) used instead of [day] because we use defaultdict
# and it would create a new element.
events = self.calendar_events[year][month].get(day)
if events:
for event in events:
event_list.append([event])
def tray_mode(org_directories):
def on_left_click(event):
window = CalendarWindow(org_directories)
def on_right_click(button, time, data):
Gtk.main_quit()
statusicon = Gtk.StatusIcon()
statusicon.set_from_icon_name('x-office-calendar')
statusicon.connect('activate', on_left_click)
statusicon.connect('popup-menu', on_right_click)
Gtk.main()
def window_mode(org_directories):
window = CalendarWindow(org_directories)
window.window.connect('destroy', Gtk.main_quit)
Gtk.main()
def main(argv=None):
import argparse
parser = argparse.ArgumentParser()
parser.add_argument(
"--no-tray",
help="Show the calendar windows immediately and quit after it's closed.",
action='store_true',
)
parser.add_argument(
"--org-directory", "-d",
help="Directories to search for *.org; default: ~/org/.",
action='append',
dest='org_directories',
)
args = parser.parse_args()
if not args.org_directories:
args.org_directories = [DEFAULT_ORG_DIRECTORY]
if args.no_tray:
window_mode(args.org_directories)
else:
tray_mode(args.org_directories)
if __name__ == "__main__":
from sys import argv
# workaround for a pygobject bug
import signal
signal.signal(signal.SIGINT, signal.SIG_DFL)
main(argv)

12
machine/ellmauthaler/default.nix
View File

@ -1,12 +0,0 @@
{ config, pkgs, ...}:
{
variables = {
hostName = "ellmauthaler";
server = true;
};
networking = {
domain = "net";
};
}

58
machine/nucturne/default.nix
View File

@ -1,58 +0,0 @@
{ config, pkgs, ...}:
{
variables= {
hostName = "nucturne";
graphical = true;
git.signDefault = true;
};
boot.extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
boot.kernelModules = [
"v4l2loopback"
];
#networking.hostName = "nucturne"; # define the hostname
# users = {
# users.hpprinter = {
# description = "HP printer access to share";
# shell = pkgs.shadow;
# createHome = false;
# hashedPassword = "$6$qiIL8hOSK1FE7I6H$nAMW86l8O7/oJroOoaqG4WexGRQOOWBV8ooXy3/P7KE8ihQn9x0ScV2/BmvIxeMknGNPQhjD/mjmYn9VcNjAl1";
# isSystemUser = true;
# group = "hpprinter";
# };
# groups.hpprinter = {};
# };
# services.samba = {
# enable = true;
# securityType = "user";
# extraConfig = ''
# workgroup = WORKGROUP
# server string = nucturne
# netbios name = nucturne
# security = user
# #use sendfile = yes
# #max protocol = smb2
# hosts allow = 192.168.178.222 localhost
# hosts deny = 0.0.0.0/0
# guest account = nobody
# map to guest = bad user
# '';
# shares = {
# scans = {
# path = "/home/ellmau/scratch/scans";
# browseable = "yes";
# "read only" = "no";
# "guest ok" = "no";
# "create mask" = "0644";
# "directory mask" = "0755";
# "force user" = "ellmau";
# "force group" = "users";
# };
# };
# };
}

30
machine/stel-xps/default.nix
View File

@ -1,30 +0,0 @@
{ config, pkgs, ...}:
{
imports = [ ./printer.nix ];
variables = {
hostName = "stel-xps";
graphical = true;
git = {
key = "0x4998BEEE";
gpgsm = true;
signDefault = true;
};
};
#networking.hostName = "stel-xps"; # define the hostname
environment.systemPackages = with pkgs; [
brightnessctl
];
boot.extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
boot.kernelModules = [
"v4l2loopback"
];
services.autorandr.enable = true;
services.xserver.desktopManager.wallpaper.mode = "fill";
}

55
machines/metis/default.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, inputs, nixos-hardware, ...}:
{
imports = [
../../common/users.nix
./hardware-configuration.nix
];
elss = {
# base system
base.enable = true;
# setup locale and font settings
locale.enable = true;
# setup sshd
sshd.enable = true;
# configure zsh
zsh.enable = true;
# enable X11 with lightdm and i3
graphical = {
enable = false;
# set dpi if used in mobile applications
# dpi = 180;
};
# enable deamon to generate nix-index-db
nix-index-db-update.enable = false;
# add TUD vpn
openvpn.enable = false;
# enable sops
sops = {
enable = true;
};
# enable server services
server = {
enable = false;
nextcloud.enable = false;
};
# user setup
users = {
enable = true;
admins = [ "ellmau" ];
users = [ ];
meta = {
ellmau.git = {
signDefault = true;
};
};
};
};
}

0
machine/ellmauthaler/hardware-configuration.nix → machines/metis/hardware-configuration.nix
View File

58
machines/nucturne/default.nix Normal file
View File

@ -0,0 +1,58 @@
{ config, pkgs, inputs, nixos-hardware, ...}:
{
imports = [
../../common/users.nix
./hardware-configuration.nix
./software.nix
];
elss = {
# base system
base.enable = true;
# setup locale and font settings
locale.enable = true;
# setup sshd
sshd.enable = true;
# configure zsh
zsh.enable = true;
# enable X11 with lightdm and i3
graphical = {
enable = true;
# set dpi if used in mobile applications
# dpi = 180;
};
# enable deamon to generate nix-index-db
nix-index-db-update.enable = true;
# add TUD vpn
openvpn.enable = true;
# enable sops
sops = {
enable = true;
};
# user setup
users = {
enable = true;
admins = [ "ellmau" ];
users = [ ];
meta = {
ellmau.git = {
signDefault = true;
};
};
};
};
boot.extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
boot.kernelModules = [
"v4l2loopback"
];
}

0
machine/nucturne/hardware-configuration.nix → machines/nucturne/hardware-configuration.nix
View File

28
machines/nucturne/software.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
libreoffice-fresh
];
programs = {
java.enable = true;
};
services = {
autorandr.enable = false;
};
elss = {
programs = {
aspell.enable = true;
# Enable communication programs
communication.enable = true;
emacs.enable = true;
obsstudio.enable = true;
python.enable = true;
};
texlive.enable = true;
steam-run.enable = true;
};
}

63
machines/stel-xps/default.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, pkgs, inputs, nixos-hardware, ...}:
{
imports = [
../../common/users.nix
./printer.nix
./hardware-configuration.nix
./software.nix
nixos-hardware.dell-xps-13-7390
];
elss = {
# base system
base.enable = true;
# setup locale and font settings
locale.enable = true;
# setup sshd
sshd.enable = true;
# configure zsh
zsh.enable = true;
# enable X11 with lightdm and i3
graphical = {
enable = true;
# set dpi if used in mobile applications
# dpi = 180;
};
# enable deamon to generate nix-index-db
nix-index-db-update.enable = true;
# add TUD vpn
openvpn.enable = true;
# enable sops
sops = {
enable = true;
};
# user setup
users = {
enable = true;
admins = [ "ellmau" ];
users = [ ];
meta = {
ellmau.git = {
key = "0x4998BEEE";
gpgsm = true;
signDefault = true;
};
};
};
};
boot.extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
boot.kernelModules = [
"v4l2loopback"
];
services.xserver.desktopManager.wallpaper.mode = "fill";
}

2
machine/stel-xps/hardware-configuration.nix → machines/stel-xps/hardware-configuration.nix
View File

@ -21,7 +21,7 @@
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4824-2CFD";
{ device = "/dev/disk/by-uuid/39E0-047B";
fsType = "vfat";
};

0
machine/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd → machines/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd
View File

0
machine/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd → machines/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd
View File

0
machine/stel-xps/printer.nix → machines/stel-xps/printer.nix
View File

29
machines/stel-xps/software.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
brightnessctl
libreoffice-fresh
];
programs = {
java.enable = true;
};
services = {
autorandr.enable = true;
};
elss = {
programs = {
aspell.enable = true;
# Enable communication programs
communication.enable = true;
emacs.enable = true;
obsstudio.enable = true;
python.enable = true;
};
texlive.enable = true;
steam-run.enable = true;
};
}

19
modules/aspell.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
let
aspellConf = ''
data-dir /run/current-system/sw/lib/aspell
dict-dir /run/current-system/sw/lib/aspell
master en_GB-ise
extra-dicts en-computers.rws
add-extra-dicts en_GB-science.rws
'';
in
{
options.elss.programs.aspell.enable = lib.mkEnableOption "setup aspell";
config = lib.mkIf config.elss.programs.aspell.enable {
environment.systemPackages = [ pkgs.aspell ]
++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]);
};
}

62
modules/base.nix Normal file
View File

@ -0,0 +1,62 @@
{ config, lib, pkgs, ...} :
with lib; {
options.elss.base.enable = mkEnableOption "Set the base configuration for the system";
config = mkIf config.elss.base.enable {
services = {
dbus = {
enable = true;
packages = with pkgs; [ dconf ];
};
};
programs = {
mtr.enable = true;
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
documentation = {
enable = true;
man.enable = true;
dev.enable = true;
};
environment.systemPackages = with pkgs; [
alacritty.terminfo
bintools
clang
elfutils
emacs-all-the-icons-fonts
gdb
git
htop
neofetch
nix-prefetch-github
nixfmt
nixpkgs-fmt
procs
ripgrep
rnix-lsp
sysstat
tcpdump
unzip
wget
];
elss = {
locale.enable = mkDefault true;
zsh.enable = mkDefault true;
};
boot = {
loader = {
systemd-boot.enable = mkDefault true;
efi.canTouchEfiVariables = mkDefault true;
};
kernelPackages = mkDefault pkgs.linuxPackages_latest;
};
};
}

20
modules/communication.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
with lib; {
options.elss.programs.communication.enable = mkEnableOption "enable the basic graphical communication tools";
config =
let
cfg = config.elss.programs.communication;
in
mkIf cfg.enable {
elss.graphical.enable = true;
environment.systemPackages = with pkgs; [
element-desktop
jitsi-meet-electron
signal-desktop
skypeforlinux
teams
zoom-us
];
};
}

0
programs/emacs/default.el → modules/emacs/default.el
View File

7
programs/emacs/default.nix → modules/emacs/default.nix
View File

@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
with lib;
let
defaultEl = ./default.el;
environment.systemPackages = [ pkgs.gdb ]; # use gdb for dap-mode
@ -8,7 +8,7 @@ let
mkdir -p $out/share/emacs/site-lisp
cp ${defaultEl} $out/share/emacs/site-lisp/default.el
'';
emacsPackage = (pkgs.emacsPackagesGen pkgs.emacs).emacsWithPackages
emacsPackage = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages
(epkgs:
let
lpkgs = import ./packages.nix {
@ -92,11 +92,14 @@ let
])));
in
{
options.elss.programs.emacs.enable = mkEnableOption "Setup emacs package and install it";
config = mkIf config.elss.programs.emacs.enable {
services.emacs = {
enable = true;
defaultEditor = true;
package = emacsPackage;
};
};
#nixpkgs.overlays = [ (self: super: { emacsOrig = super.emacs; }) (import (builtins.fetchTarball {
# url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz;
#})) ];

0
programs/emacs/packages.nix → modules/emacs/packages.nix
View File

79
modules/graphical.nix Normal file
View File

@ -0,0 +1,79 @@
{ config, pkgs, lib, ... }:
with lib; {
options.elss.graphical = {
enable = mkEnableOption "configure i3-based graphical layer";
greeterCursorsize = mkOption {
type = types.int;
default = 16;
description = ''
Size of the cursortheme in the lightdm greeter
'';
};
dpi = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
DPI setting for the xserver
'';
};
};
config =
let
cfg = config.elss.graphical;
#cursorsize = if config.variables.hostName == "nucturne" then 14 else 16;
#xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null;
in
mkIf cfg.enable {
elss.users.x11.enable = true;
networking.networkmanager.enable = true;
services = {
xserver = {
enable = true;
dpi = cfg.dpi;
displayManager.lightdm = {
enable = true;
greeters.gtk.cursorTheme.size = cfg.greeterCursorsize;
};
windowManager.i3 = {
enable = true;
extraPackages = with pkgs; [
rofi # launcher
polybarFull # bar
i3lock # lock screen
xss-lock
autorandr
];
extraSessionCommands = ''
${pkgs.autorandr}/bin/autorandr -c
'';
};
layout = "us";
xkbOptions = "eurosign:e";
};
gnome.gnome-keyring.enable = true;
printing.enable = true;
};
sound.enable = true;
hardware = {
pulseaudio.enable = true;
bluetooth.enable = true;
};
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
firefox
thunderbird
okular
texlive.combined.scheme-full
usbutils
keepassxc
libsecret
arandr
];
};
}

40
modules/locale.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, lib, ...}:
with lib; {
options.elss.locale.enable = mkEnableOption "setup default locale and font-handling";
config = mkIf config.elss.locale.enable {
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_GB.UTF-8";
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [
hasklig
# corefonts # not free
liberation_ttf
comic-relief
dejavu_fonts
gyre-fonts
open-sans
noto-fonts
noto-fonts-emoji
noto-fonts-extra
roboto
roboto-mono
(nerdfonts.override { fonts = [ "Hasklig" ]; })
material-icons
weather-icons
];
fontconfig = {
enable = true;
# defaultFonts = {
# serif = [ "TeX Gyre Heros" ];
# emoji = [ "Noto Color Emoji" ];
# sansSerif = [ "TeX Gyre Pagella" ];
# monospace = [ "Hasklug Nerd Font Mono" ];
# };
};
};
};
}

57
modules/nix-index-db.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, pkgs, lib, ... }:
with lib; {
options.elss.nix-index-db-update.enable =
mkEnableOption "periodically update the nix-index database";
config =
let
cfg = config.elss.nix-index-db-update;
nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" ''
set -euo pipefail
filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)"
cd /var/db/nix-index/
${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename
${pkgs.coreutils}/bin/ln -f $filename files
'';
inherit (lib.elss.withConfig config) mapAllUsers;
in
mkIf cfg.enable {
systemd = {
services.nix-index-db-update = {
description = "Update nix-index database";
serviceConfig = {
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
ExecStartPre = [
"+${pkgs.coreutils}/bin/mkdir -p /var/db/nix-index/"
"+${pkgs.coreutils}/bin/chown nobody:nobody /var/db/nix-index/"
];
ExecStart = toString nix-index-db-update;
User = "nobody";
Group = "nobody";
};
};
timers.nix-index-db-update = {
description = "nix-index database periodic update";
timerConfig = {
Unit = "nix-index-db-update.service";
OnCalendar = "daily";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
home-manager.users = mapAllUsers (_:
{ config, ... }: {
home.file.".cache/nix-index".source =
config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/";
});
};
}

31
modules/nix.nix Normal file
View File

@ -0,0 +1,31 @@
{ pkgs, config, ... }:
{
config = {
nix = {
useSandbox = true;
package = pkgs.nixFlakes;
generateRegistryFromInputs = true;
generateNixPathFromInputs = true;
linkInputs = true;
autoOptimiseStore = true;
trustedUsers = [ "root" ] ++ config.elss.users.admins;
# Enable flakes
# Free up to 50 GiB whenever there is less than 10 GiB left.
extraOptions = ''
experimental-features = nix-command flakes
min-free = ${toString (10 * 1024 * 1024 * 1024)}
max-free = ${toString (50 * 1024 * 1024 * 1024)}
'';
# Disable automatic (periodic) GC, since it might interfere with benchmarks
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
};
}

10
modules/obs-studio.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, lib, ...}:
with lib;
{
options.elss.programs.obsstudio.enable = mkEnableOption "install obs-studio";
config = mkIf config.elss.programs.obsstudio.enable {
environment.systemPackages = with pkgs; [
obs-studio
];
};
}

60
modules/openvpn/config/TUD.ovpn Normal file
View File

@ -0,0 +1,60 @@
tls-client
pull
remote openvpn.zih.tu-dresden.de
port 1194
dev tun
proto udp
auth-user-pass
nobind
#comp-lzo no
tls-version-min 1.2
<ca>
-----BEGIN CERTIFICATE-----
MIIDJDCCAqqgAwIBAgIIVUfkeTU1KgIwCgYIKoZIzj0EAwQwgcYxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZTYXhvbnkxEDAOBgNVBAcTB0RyZXNkZW4xKDAmBgNVBAoT
H1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0IERyZXNkZW4xQjBABgNVBAsTOVplbnRy
dW0gZnVlciBJbmZvcm1hdGlvbnNkaWVuc3RlIHVuZCBIb2NobGVpc3R1bmdzcmVj
aG5lbjEmMCQGA1UEAxMdT3BlblZQTiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
MjAwMzEzMTcwMjAwWhcNMjMwMzEzMTcwMjAwWjCBxjELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBlNheG9ueTEQMA4GA1UEBxMHRHJlc2RlbjEoMCYGA1UEChMfVGVjaG5p
c2NoZSBVbml2ZXJzaXRhZXQgRHJlc2RlbjFCMEAGA1UECxM5WmVudHJ1bSBmdWVy
IEluZm9ybWF0aW9uc2RpZW5zdGUgdW5kIEhvY2hsZWlzdHVuZ3NyZWNobmVuMSYw
JAYDVQQDEx1PcGVuVlBOIENlcnRpZmljYXRlIEF1dGhvcml0eTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABAFyQ2/XGnQpeqQGR9//A3eSUl/dm5ksuPba4yuF+TonfIMS
SkYrW3KbFexK/7M1F2n6xTCk8YxgF0cl/6AqVW80UsdW9FeQSO2jEOY8xl4Ag95B
5KD1ur3kfn/GxRfJe6NjMGEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU
/IAoHx3yIpN6FV/js71yXvf+POwwHwYDVR0jBBgwFoAU/IAoHx3yIpN6FV/js71y
Xvf+POwwCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMEA2gAMGUCMQDyPDrW8JofQUiG
a1DacXRr3dQUAKIdpgk7VFXU90hRrSTkMBgZNev6rd+TBgk/XeQCMCLq4DQgwTjc
jexcxW/cIHH5bfUy/xykQWjEnlJsPoeA0JaTtBcrrK7h/9dUCUhk+g==
-----END CERTIFICATE-----
</ca>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9b32985687664a47084463da740ff2a2
8976d0f78b2264e7feda8486efe02289
7ff5abc2f1bfe170eb620e63fb0cba01
fb65e4f6668fd3a718e1b3d4d94ac2a5
56a1d53f8f971fb0307034d425758cb3
1aeb8156b05ceb2fe79eaf56777c3bb5
0fa26bc1f3a0b21d3a1a8787f133c626
5776465ab7848443d8b153300853a7c2
167d72baf41b6372db1b801499ac1aa3
3506442dfb204bb037e961c938fd9571
cb62228eb0c482f3db4598f08f8c26fe
1d72031e82f5bd163e961310fe781806
8e546e4957f6eae73585b245ae3a6273
fc4375d385cb2c95646af01ec31a23cc
e7fbbd353a27ec216f6e677fed8a4298
6b0c01f429db0ddb52fd0760788c32d5
-----END OpenVPN Static key V1-----
</tls-crypt>
remote-cert-tls server
cipher AES-256-GCM
auth SHA384
reneg-sec 43200
verb 3

14
modules/openvpn/default.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ...}:
with lib; {
options.elss.openvpn.enable = mkEnableOption "Setup TUD openvpn";
config =
let
cfg = config.elss.openvpn;
in
mkIf cfg.enable {
services.openvpn.servers.TUD = {
config = "config config/TUD.ovpn";
autoStart = false;
};
};
}

5
programs/python.nix → modules/python.nix
View File

@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
with pkgs;
with pkgs; with lib;
let
my-python-packages = python-packages: with python-packages; [
pandas
@ -9,5 +9,8 @@ let
python-with-my-packages = python3.withPackages my-python-packages;
in
{
options.elss.programs.python.enable = mkEnableOption "install python 3";
config = mkIf config.elss.programs.python.enable {
environment.systemPackages = [ python-with-my-packages ];
};
}

16
modules/secrets.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib; {
options.elss.sops.enable = mkEnableOption "Use sops config";
config =
let
cfg = config.elss.sops;
in
mkIf cfg.enable {
sops = {
defaultSopsFile = ../secrets/secrets.yaml;
secrets.example_key.format = "yaml";
};
};
}

27
modules/server/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
with lib; {
options.elss.server.enable = mkEnableOption "Enable Mail, Web, and DB";
options.elss.server.nginx.enable = mkEnableOption "Set up nginx";
options.elss.server.sql.enable = mkEnableOption "Set up sql (mariadb)";
options.elss.server.nextcloud.enable = mkEnableOption "Set up nextcloud";
options.elss.server.smailserver.enable = mkEnableOption "Set up simple mail server";
imports = [
./nginx.nix
./smailserver.nix
./sql.nix
./nextcloud.nix
];
config =
let
cfg = config.elss.server;
in
mkIf cfg.enable {
elss.server = {
nginx.enable = mkDefault true;
sql.enable = mkDefault true;
smailserver.enable = mkDefault false; # TODO fix simple mail server
};
};
}

27
modules/server/nextcloud.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }:
with lib;{
config =
let
cfg = config.elss.server.nextcloud;
in
mkIf cfg.enable {
elss.server.sql.enable = mkDefault;
services.nextcloud = {
enable = true;
hostName = "cloudstore.ellmauthaler.net";
https = true;
config = {
dbtype = "mysql";
dbuser = "cloudstore_user";
dbpassFile = "/run/secrets/cloudstore_user";
adminuser = "storemin";
adminpassFile = "/run/secrets/storemin";
};
};
sops.secrets = {
storemin.sopsFile = ../../secrets/server.yaml;
cloudstore_user.sopsFile = ../../secrets/server.yaml;
};
};
}

15
modules/server/nginx.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
with lib;{
config =
let
cfg = config.elss.server.nginx;
in
mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."localhost" = {
addSSL = false;
enableACME = false;
root = "/var/www/localhost";
};
};
}

14
modules/server/smailserver.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, lib, ... }:
with lib;{
config =
let
cfg = config.elss.server.smailserver;
in
mkIf cfg.enable {
mailserver = {
enable = true;
fqdn = "mail.ellmauthaler.net";
domains = [ "ellmauthaler.net" ];
};
};
}

13
modules/server/sql.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;{
config =
let
cfg = config.elss.server.sql;
in
mkIf cfg.enable {
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
};
}

16
modules/ssh.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
with lib; {
options.elss.sshd.enable = mkEnableOption "Set up sshd";
config =
let
cfg = config.elss.sshd;
in
mkIf cfg.enable {
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
};
};
}

4
modules/stateversion.nix Normal file
View File

@ -0,0 +1,4 @@
{ config, lib, pkgs, ...}:
{
system.stateVersion = "21.05";
}

15
modules/steam-run.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
with lib; {
options.elss.steam-run.enable = mkEnableOption "configure steam-run to support unpatched binaries";
config =
let
cfg = config.elss.steam-run;
in
mkIf cfg.enable {
environment.systemPackages = [
(pkgs.unstable.steam.override { withJava = true; }).run
];
};
}

24
modules/texlive.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib; {
options.elss.texlive = {
enable = mkEnableOption "configure texlife on the system";
package = mkOption {
type = types.package;
default = pkgs.texlive.combined.scheme-full;
description = ''
This option specifies which texlive package shall be installed
'';
};
};
config =
let
cfg = config.elss.texlive;
in
mkIf cfg.enable {
environment.systemPackages = [
cfg.package
];
};
}

183
modules/users.nix Normal file
View File

@ -0,0 +1,183 @@
{ config, pkgs, lib, homeConfigurations, ... }:
with lib; {
options.elss.users = {
enable = mkEnableOption "elss specific user configuration";
x11.enable = mkEnableOption "Activate XSession related options in user-configs";
users = mkOption {
description = "logins of non-admin users to configure";
type = types.listOf types.str;
};
admins = mkOption {
description = "logins of admin users to configure";
type = types.listOf types.str;
};
meta = mkOption {
type = types.attrsOf
(types.submodule {
options = {
description = mkOption {
type = types.str;
description = "full name of the user";
};
hashedPassword = mkOption
{
type = types.str;
default = null;
description = "hashed password, only required for admins";
};
publicKeys = mkOption {
type = types.listOf types.str;
description = "SSH public keys for the user";
};
mailAddress = mkOption {
type = types.str;
description = "Email address of the user";
};
git = mkOption {
type = types.submodule {
options = {
key = mkOption {
type = types.str;
example = "0xBEEE1234";
default = "C804A9C1B7AF8256";
description = "Signkey for git commits";
};
gpgsm = mkOption {
type = types.bool;
default = false;
description = "Whether to use gpgsm for commit signatures";
};
signDefault = mkOption {
type = types.bool;
default = false;
description = "Whether to force signing commits or not";
};
};
};
};
};
});
};
};
config =
let
cfg = config.elss.users;
inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers;
getMeta = login:
builtins.getAttr login cfg.meta;
mkAdmin = login:
mkMerge [
(mkUser login)
{
extraGroups = [ "wheel" ];
inherit (getMeta login) hashedPassword;
}
];
mkUser = login:
let meta = getMeta login;
in
{
inherit (meta) description;
isNormalUser = true;
home = "/home/${login}";
extraGroups = [ ];
openssh.authorizedKeys.keys = meta.publicKeys;
};
mkGitUser = login:
let meta = getMeta login;
in
{
programs.git = {
userEmail = meta.mailAddress;
userName = meta.description;
extraConfig = {
gpg = lib.mkIf meta.git.gpgsm {
format = "x509";
program = "${pkgs.gnupg}/bin/gpgsm";
};
user = {
signingKey = meta.git.key;
};
commit = {
gpgsign = meta.git.signDefault;
};
};
};
};
mkX11User = login:
let meta = getMeta login;
in
mkIf (cfg.x11.enable)
{
xsession = {
numlock.enable = true;
profileExtra = ''
if [ $(hostname) = 'stel-xps' ]; then
brightnessctl s 50%
fi
'';
};
home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png;
services = {
blueman-applet.enable = true;
network-manager-applet.enable = true;
dunst.enable = true;
};
};
in
mkIf (cfg.enable)
{
assertions =
let
cfg = config.elss.users;
in
[
{
assertion = mutuallyExclusive cfg.users cfg.admins;
message = "elss.users.users and elss.users.admins are mutually exclusive";
}
{
assertion = all (hash: hash != "")
(catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta));
message = "No admin without password";
}
{
assertion = length (cfg.admins) > 0;
message = "One admin needed at least";
}
];
users = {
mutableUsers = false;
users =
mkMerge [
(mapAdmins mkAdmin)
(mapUsers mkUser)
];
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users =
mkMerge [
(mapAllUsers mkX11User)
(mapAllUsers mkGitUser)
(mapAllUsersAndRoot (login:
mkMerge [
{ config.home.stateVersion = mkDefault "21.11"; }
(if homeConfigurations ? "${login}" then homeConfigurations."${login}" else { })
]))
];
};
};
}

65
modules/zsh.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, pkgs, lib, ... }:
with lib; {
options.elss.zsh.enable = mkEnableOption "Setup systemwide zsh";
config =
let
inherit (elss.withConfig config) mapAllUsers;
cfg = config.elss.zsh;
in
mkIf cfg.enable {
environment = {
shells = [ pkgs.zsh ];
pathsToLink = [ "/share/zsh/" ];
sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
PATH = [
"\${XDG_BIN_HOME}"
];
};
};
programs = {
zsh = {
enable = true;
enableCompletion = true;
enableGlobalCompInit = true;
autosuggestions.enable = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "root" "line" ];
#styles = { cursor = "standout,underline"; };
};
setOptions = [ "auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ];
shellInit = ''
if [[ $TERM == "dumb" ]]; then
INSIDE_EMACS=1
fi;
'';
interactiveShellInit = ''
source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh
zstyle -e ':completion:*:approximate:*' max-errors 'reply=( $(( ($#PREFIX + $#SUFFIX) / 3 )) )'
zstyle ':completion:*:descriptions' format "- %d -"
zstyle ':completion:*:corrections' format "- %d - (errors %e})"
zstyle ':completion:*:default' list-prompt '%S%M matches%s'
zstyle ':completion:*:manuals' separate-sections true
zstyle ':completion:*:manuals.(^1*)' insert-sections true
zstyle ':completion:*' menu select
zstyle ':completion:*' verbose yes
zstyle ':completion:*' squeeze-slashes true
zstyle ':completion:*:*:kill:*' menu yes select
zstyle ':completion:*:kill:*' force-list always
'';
};
};
users.users = mapAllUsers (_: { shell = pkgs.zsh; }
);
};
}

39
options.nix
View File

@ -1,39 +0,0 @@
{ config, pkgs, lib, ...}:
{
options.variables = with lib; {
hostName = mkOption {
type = types.str;
example = "nucturne";
description = "Hostname of the system";
default = "hostnamenotset";
};
graphical = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the graphical environment";
};
server = mkOption {
type = types.bool;
default = false;
description = "Whether this system is a server";
};
git = {
key = mkOption {
type = types.str;
example = "0xBEEE1234";
default = "C804A9C1B7AF8256";
description = "Signkey for git commits";
};
gpgsm = mkOption {
type = types.bool;
default = false;
description = "Whether to use gpgsm for commit signatures";
};
signDefault = mkOption {
type = types.bool;
default = false;
description = "Whether to force signing commits or not";
};
};
};
}

15
programs/aspell.nix
View File

@ -1,15 +0,0 @@
{ config, pkgs, ... }:
let
aspellConf = ''
data-dir /run/current-system/sw/lib/aspell
dict-dir /run/current-system/sw/lib/aspell
master en_GB-ise
extra-dicts en-computers.rws
add-extra-dicts en_GB-science.rws
'';
in
{
environment.systemPackages = [ pkgs.aspell ]
++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]);
}

9
programs/default.nix
View File

@ -1,9 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./aspell.nix
./emacs
./obs-studio.nix
./python.nix
];
}

6
programs/obs-studio.nix
View File

@ -1,6 +0,0 @@
{ config, pkgs, lib, ...}:
{
environment.systemPackages = if config.variables.graphical then with pkgs; [
obs-studio
] else [ ] ;
}

4
secrets/default.nix
View File

@ -1,4 +0,0 @@
{ config, pkgs, ... }:
{
sops.defaultSopsFile = ./secrets.yaml;
}

28
secrets/keys/hosts/nucturne.asc Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADQdDDX8sxmtbOcTYmB5ctVP686TA8tdjtXH3jotgMEldkmZBEi
jYIgFxrj55uinUhxjsO+t9kIVCZQMt6Vu6PuZQ309as11RtMM6WowdmBAQaxyxOF
GdWUhbXTsfLGGYgrYrIrDif0U/Cb81U+Oy7uUVkrs6BIeLOsAR7Vap+O8fdC3nNd
bPH0ruE07S5ZxpDyqBjSc4AJFy0o04VE4n9jGH1Gg3/agal/RFAFMX2bO3jsGAdJ
W3k13mfUHoUpDLPDpMCkrv2zwOaT/i9HOoK6pfNI6ia7+bEgEXvC7GvX6CWmnNkx
W9S1XI64x8PRQNJa8WGIMkfa0b+pWRtbMwL5EquguSUjSNV6jdJgB2pZ/BQEwr5U
zJh+rLM9QDO5N8XUMCgG3sRqVUcRcCXRdFsTI501/HIukIH2usJ225j8FEqDMBPA
3sY5FMytbTd6B3/MU8RQRGGtzMTW7QSa2RAVAWo67KNbAidykStB2BEONfTjwLcS
jNiGR0vFSZBso18+BSephmW4Db9bZVMCIMLBKTmvt9KfbdjZR3+gyJLD0PNuIiXH
n7JOpDjGxoWKRLKhw0ThgeM+PhFjrnWt3ZRLwu+7bdrW7I+RVZtYEONvg+PjSNW8
i+R+9x4plMfLJ80EKynroul5y9etu9GklA6aaWvr2fkjcOkLdH5/1G7wSQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQwI4yL3v9krECGw8CGQEAAC1oEAAjfd65ObN1SRYispR1WuOc
JF2zvUxmZ3fU/L4VH+/cm1t2xMMD+MfDiSLPrcYAgzBu563oQaa6HKEWj6t+Kfw5
q/aFyt+ry7XP7wlWHM0R8ydbZkfVoJD+JDYLXFkeIK5S+tFbyUJfYIEd8hdKARwL
67C5evvb6VYHuPMP8w/RWCD5tvtgHJoRCdlnza4C5hbmiQxTRtb66oyfKjhsZkji
m3VtaA00y0lJ8rtJD6fsFD0KYcl4voXottn5VvbOhZZw/BsehSr9YfPaQWUUvkxo
VyUQbdSiltSc0VqDaB6v2zceoK3K5EDOhv/TxP9Q3l6oKWl2VGpPZbgcCmuqv00g
sssRh3uVbrdB7LhlhdOZmc40fQKIpfoDF6LuSsgfMUdGO5CS7E7HaKOeUbpY70Zk
hriBXfkpx7j7FHl+EU46N4ZvvQsnCwLyv7xvuAe/i2p15E2tWvHPvCCk1lpRXxSL
caQIImiXfbZGtCHt4jwn+BNZC4buy7t0IIuCZ8Bb4JCEVS1J5aNScQoODbE+RzsZ
ETqRQJxAS3Pu3yQDsm7dsq35qseZQVU6ChigL97yWIgH5SaNdhq+1ExIveKmu/0e
gcOmfadoNlCrT4RPEacG6xkZq69K17FirTWh/3QUOLfn/R3Zv7YXMqsJ2Jg9JuNo
BRtuXqcpUfc3rrMSvGDaSQ==
=ojin
-----END PGP PUBLIC KEY BLOCK-----

28
secrets/keys/hosts/stel-xps.asc Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEAC1eCDHJpjx8tlAVZz3g5/TZVFvCWcHn6WLNof96pwlThTiMitX
jQBAcyXSRBLiNLY1tdQi+Dd+toOESX3Tz2glGYGLhLGRcd77U4Xfock+rxpXr6Kq
X3+z9DQRAP5zp9LBdlDzhPzbUNv+CaQOPfMREGB+U1tQO9BB229VZD0l64yvJe1C
rVIFMXxeExjIE22p4QwYG9XTnvcoGHYonBoqPm9A4cil0IvISOJKVB6dmTKWqso3
zIFcr431I2ce2EZidVz68AbKvf/3pG5LYM4SaKFjyugxVkKXex5ENfwwg/54843X
ATmufpK36eiYpQu0kmTexaQLqEVEVFDiWS4YyRBJJxD3SX1qDmZVdHt0YGWGwe/l
28f/xVGU30itswbl7iraLWuQxBl3Fngrxera3GDEqIVZwSMocIIv7PgP2aGWhEP3
EN37wmaXE6wkefJSwFa2vS4+dcbZ8NFKDfFPYfaXg2SeWdHgd6u35NqFxM0lm1FC
RWAD5/6VD3J6oCOMI21p01Hc5a55uaLdGRN+qZzkKNy269swR/ovd4Aq0VAswKd7
lcA2+XFjokgmZYY68DbJM1/q93hJjd7peyM3ReKHgf4UFDGDmxtc/4K5sdOZSqaP
N18ZUoqQ21wjbXnAZWLMi2ICxIjvHPi9N1GiOAKTsau37B/VlzsjRRzcKQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQU0q2hdiC5MoCGw8CGQEAAO7yEAAiR/ePv5GBXyKYdJW+FezO
DUXAJVpIqZAgJIFrEsh53aNd/dR+kyTZ8uh6UG3pXzlhFCvOBojHVC4Ssb2h4c2X
W20kzRn4vJhDUdXrN+vCnXdBIcM5Thn4AhvvDDTc5Q9x2qishpLHTjcgCvejBltL
kiAqbcV9ILSt/VuBYY+8Oe+8dJwuhzdZwrydy8hn+ktPkQGxeBt4zihOdYTGoTSL
OifOAaLzDye1iDhGOExjb+pvfaxnMS85hQW54UuGIi6tJJV496MFuhWUuQV/mzbH
w2DuQabfpDGZyA5awGTP/SxmL1T4B6iIxQG1vbyyejqMuFjyiVjWXmMiePn/c1Wv
TYyLoFwDaK3PcBl2HcX6GLRRd7w85cQlEHESZc7QhgswrTR0r1SlraPjFJYvdkMr
JVkDWgx7Xe8u+ZApxAB+mtDkDJdvk9nn/hRwn25yXVM+QWELBC4r41k5/pwjrAsM
ovsSawjq1wTBgbUOTHaob91FSHOkvnhpGix5SCzsyraz6VZ0ZJt+ab14IHIPDksn
rsDaW7VqURF7IK777vVnMFrA1UiPbrwJYxJso4cdSCeQLEq/5SghDSbmIB3rXp33
LSDkfB3ZFfxp6ZJUW7YD2w8DlmG80xzGyWPtI6ZVKaJZGFJwNSJONq9yWQSoKQoX
OjF1D1sm47MlQBJ8zirGKQ==
=Spou
-----END PGP PUBLIC KEY BLOCK-----

52
secrets/keys/users/stefan_ellmauthaler.asc Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGClB3EBEADX75a/UKReD9GfpCQwuuBG6vO00W2WutEGC+lA+xt+yQfEFSc7
8A52n9Ypgbn0I/TdCkRl3zSyw/ysR2On0biYb6rsyZG6PVmwq6wSpgPRHh2P0E9r
tg4PLhOkmSTlxT3k3SMvP4lJpRuZBSqRHkxaVMJDVjSlrwifUkSOl0LMewCtGZOG
jV9P8OMFHy/SAE/YVlnjH2IW6yUT5n+suNJ2pf6u/PcdXCpryNPkNLmsoQ0e+ZjG
we3i/7/vJ6wkkg7DZAuCmIjo1Zq1zNRI6ouJpgO58VKO5zrRdnKIkOstcp1smDmt
KngMzzYa7J1ytvNcy3nPoePjI0HwRREDrPZ/vhTFNpdfhLiuP4nhqu/mLVMJScqK
iaX2dLZ8wRTCgpC94pPJ81fXkTtLCTfIn1Tss9sFx37IHNiwd3BZhzFtQrbAMjTz
3vvF74XaVaDFZXGWcgJLBYRRgGSSIZCzOvPyPqENA/ugGvXb3U4YwFEV9H2BR/ei
0r6CLJgr99vD9SOlaF05hqCLAqyXE+o1jCMyOEHCChTf3VS2ZIxacpp5AoTkVOq8
ZmaoASw8uxt4UD8wNJFtJdgzNxYSRWP6UE4Io7AUwoPQmfk9RxOiMQKDgJ9oj7yc
a5DHWS03xhtW4YL1ZZZm9TRg4jo1WB6jXRGbwT0lAtRnwaeWCqaJqm7uUQARAQAB
tDNTdGVmYW4gRWxsbWF1dGhhbGVyIDxzdGVmYW4uZWxsbWF1dGhhbGVyQGdtYWls
LmNvbT6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQ7OYsI
bEECZKFPs1Ox5vAwMKSuqgUCYpYJ2gUJA9ITLwAKCRCx5vAwMKSuqsU8EACYntlq
QFfM7bvviC0VJgvAnDGLeuGOh1Ba6SnmMQCHb1uYCQslmUpoYIWz0MntLoRcfdbz
JeyKP2OXvs6jg8EGPPk30g/hvD7392D45pPYNz9xY/sqR9FrYkBzrytvJRZY00qP
yrC+CmSlC9/pnJobbnGVDPAtDbM/1yxoNQhb/L6RIRcPc/efisi8e2O2J2DF/847
eFEpIf38QlMf4RoWO+xsOT16R4iC4xdffI7xk+gG6pXD6tqI9IY7GPyzUhz/ttrX
GA+gEdfIFH/Ro2JVG2a91V1UV7b/STx+1yWH71Oa8UCSGRFQMdDx62kPfuBzrxg3
ZMYqaRyyqpZDel0Vt05DCYgqmk7GmsvDLZnjfu1JJ8yreAzbJstvEfg9oLoBq3mD
DjaWLl4QJMmGkwQfmZlIWkLMgvdWuaoMAAr23JKCcNUGH0rnjlJHjnbX2+Q1ASH3
1U5UPgVavuvHTs08E09aMfjDucd9u/NhzNsokzJZ5UlwY46hcYnU/ZAopKNTHR28
2d4WBw8P/dsoymsLBqe0rUn9gm1Sm94jJtZwDw2PsJ+QXShJv2zpiGWd7hTBzOCT
bMTxVkASmyfLuLNjJBHzYOtnnqFN6GQoLlJRwlOARCGH+8q/yT9v34TsEeYOeDep
I1CjjraAChCxw53c2TXkp05wJp+zyZaEe80I9LkCDQRgpQdxARAArwHwHId6uhSS
RmdHE0jMnbSXknd62WeX9yy7tI5st8PisxLkUvIhsYEm7820BQtyB5/6Mda3th87
LSmlzWO5Uvr+dpcUX80ozw0MlxY4Afd2b3uN8hDq1B1yreq3p9WdPlr+tZo/1zK3
gxosfd/BDKdn+4FHPTpO3oePpYSUnlHhLac8wjn4C6HVvQHRK0rifzaAf3TlVHjk
/rRpJZ713JahiCVu9PR5dxE8zaI3pI63JV0g7aSQUevlbdfOBtwToX+Opz7s46Ep
sj6gzW1YHYgIuRcZ0fXxjhqB3BifKRvjdKfRTWgC/SPWby/DmYJaYdf81FDhGEqt
hqnI3YbO06Apid41xmmHiSoMjUv0i78edBInxEu/jZ7UZ8jmDmqkGqrJEJqAlaG3
oUM1Xd0csP5gCxN7Ny/u3QloKfC7EAlVNxKub/Yumc4PE7m1zs9bEt4ZH3UomX5o
Ub5D9BOnWuRjBiGewYmGHjQDNPA1NLHUs7eNcFsadNQil+w/n/9mle+qvh/C0irB
bJS/DNDExQmb9IT7SqsMQO2N3M5ZTZrkFoKEJ8mVJ+JFwNpAZG2RXjw9fFU/g4zT
bi35xODgz+WfyP9+gLY33YM44UkDDpVUzlVJ9A8bPbgTKQIuuFqRNHRLq4Nmu2Hn
EXjGDmKsmsDkNOIWrqYTsXXfo7qPbBsAEQEAAYkCPAQYAQgAJhYhBDs5iwhsQQJk
oU+zU7Hm8DAwpK6qBQJgpQdxAhsMBQkB4TOAAAoJELHm8DAwpK6qJgwQAM1btgX0
EOMN1s2hsoZe7pNZ1itj5HI8lxctcwC9zlBSgS3M5IeCOC/zf0yj5pOHRqN595jI
NjoXNTPFunuvd33tgLGSlPPifb8Dn9n1/oEt+Ys0LuownADEdtX3L9JO5l79JK4S
gQKG5Mx7ZmD3E5WdwmvkzjUzY12p3uC78en11OCm+sp2Fk5OhUBSXXJ/BsXoTD5f
g7XbbuRfhs52x6qIgWSuqbOghYq6VCNmR1j53qZsTUZg2gmKT10cSzI2rlsws2L3
qIeo2eXKLxlUNuxK4kse007MxyzEqlWTVTwsL8SC06ouZ/W2VMF+xGZJ8O/Br5LD
pmEX+wZXJL6H2lIRa/aMreaQ8S9d9TSXHRIuc5MpmGnd9/KOm4Sdch5IQLiJLfyw
KkB9R1evg0HZqfOt05i6A1IyJQ9OlUXfbRBow6msNDlOmEviNNeJfLMQ/YvyZ+FM
oaSW5hMYZRMSthuIhQogWH+t1Kt76gHK+WVhyD9XZ8NWu18+ZUKMV2Dg4EyzJBkf
sdiWD4kFnotONtUHouRjMr5xFbDWQ/bSoQ+QGUOmxDx6Wl/DsGiQ+6HB4cD3JAxz
w2Ykcg94PlmESgC6SyLT8pDIbd8z42QR5VNRvMRBJnX/FygNGLj0PCol1piRM1zu
KdqlWuZpbVFm5DF/TQWr9PSFUs8QJ3EL/mXR
=Vjox
-----END PGP PUBLIC KEY BLOCK-----

81
secrets/secrets.yaml
View File

@ -0,0 +1,81 @@
hello: ENC[AES256_GCM,data:MOALCu8iOAyfGkjK9z4NMDo0f6MmG6x5VkfyZcZvYCKnWFBRQAKPDTWBH5rK1g==,iv:jFU+0lkJ0MUv20a7snZEtIx4MauWJcWGz7QBM3+LjEI=,tag:mM2WRwx58uyfHmzhtT0R2g==,type:str]
example_key: ENC[AES256_GCM,data:lAAqf3unmJ0zsg7nlEM=,iv:y1CfpqMkgOw1amloIxLvMR0Y74G0zO+RlBfXvZZIYAs=,tag:SUnHRfpMttYHRuQn8ABXsg==,type:str]
#ENC[AES256_GCM,data:S8HV5uWQ2U1r+3GxJ1Uw9A==,iv:03NBULMd31qtDl1yDhXLdNaTJxsB5IR6ox4K5Ik8vSI=,tag:5tCKgR8Ue66TnOmR8Ya2zg==,type:comment]
example_array:
- ENC[AES256_GCM,data:wyZTcylOGQqGvJCEAtI=,iv:tYMAa5ohpA2QyXITG/S+HV7ZaOd9hZtiQMRlo2IGk6Y=,tag:BNQsl4gOgGK3U4aPBrQGww==,type:str]
- ENC[AES256_GCM,data:eLXzjr7IOWnrAN90F3s=,iv:6uAIFz/uN/td6XD5b+Pe73kjGIpdDl+fbKWo1TiaAxo=,tag:0Q3Afv+W6ddIS+37aFPugQ==,type:str]
example_number: ENC[AES256_GCM,data:gWSzljU0nOeIGA==,iv:B59DTWMum0nILKdxHSCyQoie5by/HNe+qOwN+gfNci4=,tag:cKb781zfp5QhKrwuWK5kiA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:UnJYcQ==,iv:9Mm4d/Sf9VCeF0fq3LmfO15pjUrmbGYhzU/814jHCno=,tag:oZB1J633JyCSf1XACbxSlA==,type:bool]
- ENC[AES256_GCM,data:u0faKdM=,iv:kBl1oIAwuJji34U+ENq1hkz2b4zYZ/7Zo1f2Tgr1GsI=,tag:Fjtt/u4IJ4j5oDafLFQeDw==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-06-09T15:36:38Z"
mac: ENC[AES256_GCM,data:fJcGUyG9ur8qrkm0C318GDzAlYnhEy4QeaxBLNCQU9OsS/1eabJ0/wpw0cmUlfQkfu5IzZbPECWhrzxjN5S5ct1d/bNS+xSUtgZfSPXiXk4A9u9FR8BJaukOHvIa8nY15NludGMhsHxZcU1HFPlBuspt+AZv3SUuZXZHNousAvY=,iv:yxHTP/Lu+8rJ2tSZiq/dSTjNFuru8O5fRo+u0ULkP4Q=,tag:EjQGrlKOJX4Z1VuHUVQyhA==,type:str]
pgp:
- created_at: "2022-06-10T08:18:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzhsLR+kpSPjAQ//X3WbmotfJz/EBnQYDxhjVXwdtRridhGX4hVmUkj6iYqc
CjR0eVXTBCe4cXKPMwII/w6NNVv3hGuRs2NkxSAGALlRNYYcVlUZnerlw2PoyrTr
oUpHxwk8V+dC4XYY7NWmdvqVI5BhWgP2xK4qH5uIqG3Nlwg844X/opOWRt4G4jQU
TGsI5i9ea6OCcedcQhg2IeJQ7VdiLiryV9YvonQUwt+/DFOpj+HiKIDd+vDUCAn4
JRRFXhz+GWRPcMpOLob+IWIVhVJcYtll+7IVQ0gKmKBW3usQLpvMB7sKSRC6iHVW
WYI+GjBy8EzqiYhe4jz6nECExPWM60iD+hCJHVJ/0xyHRr+PjrwypSHu4So8eS7P
zhG3tNT4COPUT15zQJ9cWVKbaDpw12VQzAh/qvmrLqmAHR+cv0SI356G5jS81DtS
DySs+vkodgIf84NhiRzBaJs1k4jHadIgkPER2dthTp3EmZwCoMQAi5tRhGZrdJEF
TXv7q5zRQe55vOoeO6PTr2Yo5WeN19ZIkgUhZKZJ/1yihAzOL27TXB+HKkbRuLXr
0HgttM44CH2RNa3v6qkT9qlAecmbMYsvXhbHWaQBwl0HidVIZCWKOtGRO/MDgGkr
YOHZ9foQR48dYK1aEdwu76iT7o2tPIpkSq8o1buOaoVSrExDyultmmGWpPmQCUfS
XgEEnyPst7D9Hbs/tqVGqn5LDHvNV+cBJg9DBCCwt8gCfhY1FmwXBVlo9gWUHL4w
Xmc0anP0TMXCGbxYVKPlLSnECPsi5aUv1kc9m5Wz0DYwMn5aAu/4gzz8UFHd1VQ=
=vPbk
-----END PGP MESSAGE-----
fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA
- created_at: "2022-06-10T08:18:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA1NKtoXYguTKARAArf9QJcBqa98/tcnJ5w9j1SSEnrOQUK1c0qaTcA4Cy66V
KR3reNR31+ZuRKrDY/mMC4Wvv9V3hsg42/mVGdoitxqy51Aq54ZWLtaG4r55Moks
jUancEpDAEiw5b3LE7vvm0p/AR+j1BoVXR+Z9HLCTyjbmgNZZrOB8aOLS/bRU1tl
AAzAYtHM1ilbj6Q3ThrpAWufA/Z4qUBvLkGveaGg3Wu/ddgHcvaUQKqNvISWdTX0
i6vNmZxUUJ5pxHC751hieINhmB/z6R93iahq8qYd+3MzgipfqTVyEMdgCPbWiSYb
YLyCeEeTzs8TDVmcH7X4w2CWv9ZETS9lZrGZl/d1bgoFfENZPzn5jRjhoRrhhIXd
rR7/vdk9AA4uKwgcNIzISIX7nmPga/bW1/1d42u5v3zgv+WiPj91qH0iOh9WiuMV
htfDJqGrJH09+lptCFXd4sVIKVBxNXI4hHinhrKS41rEtcqacPBy8R2QeBlek8R6
ZYb1EpaiwxtSJNXOz3uu0w0zxsU011VqBVwaoU86OEeHvfT3B8PmSsiKJT/0CuyS
t0kfMjK9VqKH1D9RFLiTBpoILYA2GUZ7fX45MSXHrnj7I4lbGWruuSjLubn6gS3a
QYEDL9C7tiU/5XVzoLaJAeCTmkcxx0Mm7XhoC6FpT8C5qWe1xfFSH5CU/ab16nTS
WAHOKx8d9+XEpsnluWltXFcVGG8jGtNp1Wh5bndFX3ASlDqoNx4Zca+rNLIs8hGd
HHt53gU+N4zF5mwerI5qt5DUStwU8UWsDS2xNeh7K+T+T0V39A1RN4s=
=uW7i
-----END PGP MESSAGE-----
fp: e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca
- created_at: "2022-06-10T08:18:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8COMi97/ZKxAQ//TZOtrC5Fx91OVszeT6t/I4SkJ14P7eUH6KztbYPINqW5
gFFjDPr+4zjp7rc8d+yVyXz87KhQcI+f0wTRasPK2vR9k1D4XrsQQlOIDhfoo2VE
8OL9Txwi5Kd8VcGDjBMsFBPrtPuZieL6FM5AuSoqqdxfTi33kM9wMBChUaz1adDK
lhCxPhItxQMZkfGiu+1mCLNwN+flOIPh3dL8NmYBNlX8I24dUwO0A9MUo1Sz9bhE
eQiCwhXNFr761k36xb8+nhdNOqe5iTjBn1DhR9QpVki+rCYWL4fUDfeQeprwE5Co
cMwGm3At4Vsix73mZ5e3+QgSsjdlIYoZT0nj2sKawo5Zo0GC4zFoTnGW10ubGLYk
u6aJfZScQU2HCZF+WFSYa9demDmTP7SRonx6rxpxSnTVTXgRDasN65dNbixeif8q
ggRnQHO7MExnlKkP0fFsQXTCgNBd6EFh1yQoLS9oCEgNHsf9B6X+yv68tWzZLulk
OfBOWeeN+CIGXp4Uw0424iWtnHH5Cg0256/nRIzmKeBDETNiNrKy5AwS7rLRwGnV
WsQHGQu269joSG4K7l5NB0Nwl4Ka+pUhIdrbrjDqMVPg5YTvwpuvTquywG9/LiX3
5p5bCN74RZf0ZJsuEW0T/xnFPSxNsvWmO1X7+YT5lbA6UVpaa1XnVtyz0rnO9CnS
WAE3/C9Qtiysll8FOHaVLgsXBuRLd/YhwXfA233F+WKZL8uV0dg3qzALUTM3UvML
fNBMqnnyQ8fdQ1wcaak6v60u1vQfPn3lgFRrnxhu4dQzY2LIVGa52+g=
=Gwh/
-----END PGP MESSAGE-----
fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
unencrypted_suffix: _unencrypted
version: 3.7.3

53
secrets/server.yaml Normal file
View File

@ -0,0 +1,53 @@
storemin: ENC[AES256_GCM,data:oCFpGrb+fLkVuHPgUkVi5MFbnCJiJyT4Vac6keNU,iv:5HS/xlS+sHCyRcn8ImpzbRmwpjZicq1U5C3fiuKoclY=,tag:6wbXHzDt9MApTzyIyss+qQ==,type:str]
cloudstore_user: ENC[AES256_GCM,data:Ist58mJGxnvQA8xQ9s4SBC+3cGnQKqAm/g7nbmv5,iv:2DG0iR6trxoDmc2dxAVo0DAauzAaQc4MLmifii4MuXQ=,tag:jkpcZtX7gwr6fG0qd1+Y9w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-06-10T14:46:40Z"
mac: ENC[AES256_GCM,data:8mWlqOJnnipK6MOsaXtI++XGWOLnvgykfuBOqu4KZWRZPMnNjVe6a76RKARt8IcvUNwktb7oazVPBTWrMelJoXPIMLqBq2h9pbh5eZ1BsvSB/m4Y4MAongz2FItw3xVKUi8v58unoqKrtQwRiuURKXVv7AV/dQ03laOuc3c9YeU=,iv:a5H93RHqEL9cCRpqkp9XaNahEYgHvzIh9dCpPMSQoh0=,tag:yY2TodoAsn3GrU7Zc0pDLA==,type:str]
pgp:
- created_at: "2022-06-10T14:41:46Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzhsLR+kpSPjAQ/7BMI5ycEDKMg4Qeiy8vKZd6pkiiMTZkATCbINqtWsHxKY
PG1u1QL38kXEmQ85oEzc8cYLRtawuhkW3gWaiIdw5zbba+n5z3by8GA2hc4Rk+t8
a7DEtYwHIC8wKjYtH66oKgG6NYXUKaIHUhDX7TSDxiC+EMtu8NcgXCgzW1wtAJgA
CbEFJHVH/ReLNY2nCcG7S1juRQFDEL3zkSAhqL+M+uOug8Uo2+t2PA0C57zr38fK
BtYbgF0xYR1YoVfGnu0DznGg32gM8htpNSQhv/P8+NufgrPUK+HzNu0be/tK5G3D
u/ecROr7sgQEmhhKxu+0IySmts74NUCf2O77Qw0tQTulZTZQkta4JOE2w8B0/kvJ
d6FOjG/8DmjhWH6mkVQxvBAmUZwNiQKkK8byU1DRhAZJXPD8quWpCpluy844dI5E
maPPnu0TYOofdmKrlmd75wE1HItg5o/ddHUMWM4ZDpjG+4Do3r2FPMxZWIjtUHSV
7FONQyKmHhhc0Zeyp5fYDJ/2DZXPeLyN+ljXWelH1au4Xy9dCBRVwMaHQTUgtvUe
vnNYmadz/sK869l/nlUvA9l/CxOgrMu4eDne0Fko/I/ng3Ur5gAXncI7pJzL/ysx
ceMpDVUT9BWqNwEFesy6B/VbUi2kBQsOQ9lDIcniKgn2pX3b26dZux92IaTXiyDS
XgG67dqv3yK+qyOD2h7nqudCwFDbYUO96P2u2oRlvXEKFT5h03Ox35UTPy5Q8+Dj
hSrUYmMiAbKMuSg7JgF6mk2BDkAFUhO1cyGwgKFiJMsYEi9mEOgFJDtI3R6dllQ=
=3O8N
-----END PGP MESSAGE-----
fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA
- created_at: "2022-06-10T14:41:46Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8COMi97/ZKxAQ/5AZOF962SIoWwdSY3xNXam/eNocldbf7vPW9MTLdb9KJQ
hmMb557+BR1df5sMB0306/LG4DKan4L66D9Y0omVKJ2f6RyR1NmwO1QaEpGCFMgo
D4EgYiznlOD5VdH+f+McEaW8GWYX84Br6owYqoh7Ay+i2wgpGzOscs6cwbbq4Z0d
widJ69jz9J5ofeRRAT9hyNnhVGx6o93H0pbCl1ge0jpIbIcNHbWVCXxSV+rINRKS
JRFTqYw5g99qHfSZ4NERk1HJORc7whVUkYHj60wSpPgSBUAHaZAwFI9mLXxRjQJu
VFrnvslZBCpP/OXssJDdXkwD2ccC2NxnZBAOrBtVHdkjK1xuZ26uZRuetl9vA+gV
7FEUzRt2uKi0dehx2JvkJplGNPyWJdyWIKW4mDF7g+vf+q374nDHpMf3u5HNHbB2
jMBtgcIG9UABt1CSS9/inJ11P57CowRjNtHzHNYGPehd0QVwsNvIwNG7Xox6WJhu
h64ZFzoGW4yCYp+YBITyYHeVat6GTZz2Val0zBz1VVd0Y3EfDyy5V+54/WsiTpOX
2hO3C+kBF0PYIhd0RR1hYa4y6piypw5Z2u1O4i7fRT+8WwXvfS/qRIKmQkmsxh65
+dyd6bLfU30OpD403y4IZ67SNMKw8BUeNAYIdLX5hH0gRAbYXp043n/nqvSGMPzS
WAGwRTz0j4VWFP2X3+B47tBP/PIdsPGCahpKtk/zbufUy2ctDpWvv2mMWeSOEBGl
VIUxbBMWcZG01TrhAf6ZJdGX9E8g5EZd3OF/fetnoHVRwotGlgQ0/YE=
=Zx0K
-----END PGP MESSAGE-----
fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
unencrypted_suffix: _unencrypted
version: 3.7.3

15
secrets/shell.nix Normal file
View File

@ -0,0 +1,15 @@
{ pkgs ? import <nixpkgs> { }
, sops-nix ? pkgs.callPackage <sops-nix> { }
, ...
}:
let
sops-rekey = pkgs.writeShellScriptBin "sops-rekey" ''
${pkgs.findutils}/bin/find . -wholename '*/secrets/*.yaml' -exec ${pkgs.sops}/bin/sops updatekeys {} \;
'';
in
pkgs.mkShell {
sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ];
nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ];
}

9
services/default.nix
View File

@ -1,9 +0,0 @@
{ config, pkgs, lib, ...}:
{
imports = [
./nginx.nix
./smailserver.nix
./mariadb.nix
./nextcloud.nix
];
}

7
services/mariadb.nix
View File

@ -1,7 +0,0 @@
{ config, pkgs, lib, ...}:
{
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
}

4
services/nextcloud.nix
View File

@ -1,4 +0,0 @@
{ config, pkgs, lib, ...}:
{
mailserver.enable = true;
}

9
services/nginx.nix
View File

@ -1,9 +0,0 @@
{ config, pkgs, lib, ...}:
{
services.nginx.enable = true;
services.nginx.virtualHosts."localhost" = {
addSSL = false;
enableACME = false;
root = "/var/www/localhost";
};
}

4
services/smailserver.nix
View File

@ -1,4 +0,0 @@
{ config, pkgs, lib, ...}:
{
mailserver.enable = true;
}

25
users/default.nix
View File

@ -1,25 +0,0 @@
{ config, pkgs, lib, ... }:
{
#imports = [ <home-manager/nixos> ];
imports = [
./ellmau
];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
};
users = {
mutableUsers = false;
users = {
ellmau = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio"];
description = "Stefan Ellmauthaler";
shell = pkgs.zsh;
home = "/home/ellmau";
hashedPassword = "$6$JZPnaZYG$KL2c3e1it3j2avioovE1WveN/mpmq/tPsSAvHY1XRhtqKaE7TaSQkqRy69farkIR0Xs0.yTjltvKvv28kZtLO1";
};
};
};
}

14
users/ellmau/alacritty.nix
View File

@ -1,14 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.variables.graphical {
home-manager.users.ellmau.programs.alacritty = {
enable = true;
settings = {
window = {
decorations = "full";
};
alt_send_esc = true;
};
};
};
}

4
users/ellmau/autorandr.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, lib, ...}:
{
home-manager.users.ellmau = {
programs.autorandr = {
enable = config.variables.graphical;
enable = true;
profiles = {
"home" = {
fingerprint = {
@ -118,5 +117,4 @@
"polybar" = "systemctl --user restart polybar.service";
};
};
};
}

112
users/ellmau/default.nix
View File

@ -1,18 +1,6 @@
{ config, pkgs, lib, flakes, ...}:
let
withAliases = hostname: aliases: cfg:
lib.recursiveUpdate
{
host = "${hostname} ${aliases}";
hostname = "${hostname}";
extraOptions.hostKeyAlias = "${hostname}";
}
cfg;
in
{ config, lib, pkgs, ... }:
{
imports = [
./alacritty.nix
./autorandr.nix
./dunst.nix
./git.nix
@ -21,79 +9,55 @@ in
./nextcloud.nix
./polybar.nix
./zsh.nix
./go.nix
];
home-manager.users.ellmau = {
home.packages = [
pkgs.htop
pkgs.pavucontrol
pkgs.ripgrep
pkgs.jabref
pkgs.libreoffice-fresh
pkgs.nixfmt
pkgs.nixpkgs-fmt
pkgs.nix-prefetch-github
pkgs.neofetch
pkgs.jitsi-meet-electron
pkgs.skypeforlinux
pkgs.teams
pkgs.unstable.zoom-us
pkgs.element-desktop
pkgs.signal-desktop
];
services = {
gnome-keyring = {
enable = true;
components = [
"pkcs11"
"secrets"
"ssh"
];
};
udiskie = {
enable = true;
automount = true;
notify = true;
tray = "auto";
};
blueman-applet.enable = config.variables.graphical;
network-manager-applet.enable = config.variables.graphical ;
gnome-keyring = {
enable = true;
components = [ "pkcs11" "secrets" "ssh" ];
};
};
xdg = {
enable = true;
};
programs.direnv = {
home.packages = with pkgs; [
comma
];
programs = {
alacritty = {
enable = true;
settings = {
window = {
decorations = "full";
};
alt_send_esc = true;
};
};
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
nix-direnv = {
enable = true;
enableFlakes = true; # TODO(mx): can be removed once updated to 22.05
};
};
xsession = {
numlock.enable = true;
profileExtra = ''
if [ $(hostname) = 'stel-xps' ]; then
brightnessctl s 50%
fi
'';
};
home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png;
programs.home-manager = {
home-manager = {
enable = true;
};
programs.ssh = {
ssh = {
enable = true;
forwardAgent = true;
@ -101,22 +65,8 @@ in
hashKnownHosts = true;
controlMaster = "auto";
controlPersist = "60s";
# matchBlocks = {
# "iccl-share.inf.tu-dresden.de" =
# withAliases "iccl-share.inf.tu-dresden.de" "iccl-share" {
# proxyJump = "tcs.inf.tu-dresden.de";
# };
# "iccl.inf.tu-dresden.de" = withAliases "iccl.inf.tu-dresden.de" "" {
# proxyJump = "tcs.inf.tu-dresden.de";
# };
# "wille.inf.tu-dresden.de" =
# withAliases "wille.inf.tu-dresden.de" "wille wi" {
# proxyJump = "tcs.inf.tu-dresden.de";
# };
# "tcs.inf.tu-dresden.de" =
# withAliases "tcs.inf.tu-dresden.de" "tcs" { };
# };
};
go.enable = true;
};
}

3
users/ellmau/dunst.nix
View File

@ -1,8 +1,6 @@
{ config, pkgs, ...}:
{
home-manager.users.ellmau = {
services.dunst = {
enable = config.variables.graphical;
iconTheme = {
package = pkgs.numix-icon-theme;
name = "Numix";
@ -36,5 +34,4 @@
};
};
};
};
}

16
users/ellmau/git.nix
View File

@ -1,26 +1,11 @@
{ config, pkgs, lib, ...}:
{
home-manager.users.ellmau = {
programs= {
git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Stefan Ellmauthaler";
userEmail = "stefan.ellmauthaler@tu-dresden.de";
extraConfig = {
core = { editor = "emacsclient"; };
gpg = lib.mkIf config.variables.git.gpgsm {
format = "x509";
program = "${pkgs.gnupg}/bin/gpgsm";
};
#gpg = {
# format = "x509";
# program = "gpgsm";
#};
user = {
signingKey = config.variables.git.key;
signByDefault = config.variables.git.signDefault;
};
init = { defaultBranch = "main";};
branch = { autosetuprebase = "always";};
safe.directory = [ "/etc/nixos" ];
@ -37,5 +22,4 @@
};
};
};
};
}

4
users/ellmau/go.nix
View File

@ -1,4 +0,0 @@
{config, pkgs, lib, ...}:
{
home-manager.users.ellmau.programs.go.enable = true;
}

2
users/ellmau/gpg.nix
View File

@ -1,6 +1,5 @@
{ config, pkgs, lib, ...}:
{
home-manager.users.ellmau = {
home.file = {
".gnupg/gpgsm.conf".text = ''
keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE
@ -14,5 +13,4 @@
programs.gpg.enable = true;
};
}

4
users/ellmau/i3.nix
View File

@ -1,13 +1,9 @@
{ config, pkgs, lib, ...}:
{
config = lib.mkIf config.variables.graphical {
home-manager.users.ellmau = {
xdg = {
configFile."i3" = {
source = conf/i3;
recursive = true;
};
};
};
};
}

2
users/ellmau/nextcloud.nix
View File

@ -1,9 +1,7 @@
{ pkgs, ... }:
{
home-manager.users.ellmau = {
services.nextcloud-client = {
enable = true;
startInBackground = true;
};
};
}

6
users/ellmau/polybar.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, ...}:
{
home-manager.users.ellmau = {
services.polybar = {
enable = config.variables.graphical;
enable = true;
package = pkgs.polybarFull;
settings =
let
@ -234,7 +233,7 @@
#format-prefix-foreground = foreground_altcol;
format-underline = "#0a6cf5";
label = "%{A1:${pkgs.tray-calendar}/bin/traycalendar --no-tray:}%{A} %date% %time%";
label = "%{A} %date% %time%";
};
"module/battery" = {
type = "internal/battery";
@ -353,5 +352,4 @@
done;
'';
};
};
}

9
users/ellmau/zsh.nix
View File

@ -1,6 +1,5 @@
{ pkgs, ... }:
{
home-manager.users.ellmau = {
programs = {
zsh = {
enable = true;
@ -33,10 +32,12 @@
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
# v0.5.0
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.4.0";
sha256 = "037wz9fqmx0ngcwl9az55fgkipb745rymznxnssr3rx9irb6apzg";
rev = "4eb69b044ffab5197dfbf0f5d40e7cdb3d75e222";
sha256 = "IT3wpfw8zhiNQsrw59lbSWYh0NQ1CUdUtFzRzHlURH0=";
fetchSubmodules = true;
};
}
];
@ -77,6 +78,4 @@
shell = "${pkgs.zsh}/bin/zsh";
};
};
};
}