kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Refactor, mumble domain change, sway changes

Browse source
This commit is contained in:
kat witch 2021-03-24 16:51:48 +00:00
parent 22cf8ab600
commit 1de1018c02
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
113 changed files with 53 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config/home.nix
View file

@ -1,12 +0,0 @@
{ pkgs, config, lib, witch, ... }:
let
homeModules = witch.modList {
modulesDir = ./profiles;
defaultFile = "home.nix";
};
in {
imports = lib.attrValues homeModules
++ [ ../modules/home ./private/profile/home ];
}

51
config/hosts/athame/configuration.nix
View file

@ -1,51 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./hardware.nix
# host-specific services
./postgres.nix
./virtualhosts.nix
./fail2ban.nix
# services
../../services/nginx.nix
../../services/mail.nix
../../services/asterisk.nix
../../services/gitea.nix
../../services/syncplay.nix
../../services/bitwarden.nix
../../services/taskserver.nix
../../services/murmur.nix
../../services/znc.nix
../../services/matrix.nix
];
deploy.profiles = [ "kat" ];
deploy.ssh.host = "athame.kittywit.ch";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking = {
hostName = "athame";
domain = "kittywit.ch";
hostId = "7b0ac74e";
useDHCP = false;
interfaces.enp1s0.useDHCP = true;
};
networking.firewall.allowedTCPPorts =
[ 80 443 5160 5060 8999 64738 1935 53589 5001 ];
networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ];
networking.firewall.allowedTCPPortRanges = [{
from = 10000;
to = 20000;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 10000;
to = 20000;
}];
system.stateVersion = "20.09";
}

84
config/hosts/athame/fail2ban.nix
View file

@ -1,84 +0,0 @@
{ config, pkgs, ... }:
{
services.fail2ban = {
enable = true;
jails = {
DEFAULT = ''
bantime = 1d
blocktype = DROP
logpath = /var/log/auth.log
'';
asterisk = ''
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
logpath = /var/log/asterisk/messages
maxretry = 4
'';
ssh = ''
enabled = true
filter = sshd
maxretry = 4
action = iptables[name=SSH, port=ssh, protocol=tcp]
'';
sshd-ddos = ''
enabled = true
filter = sshd-ddos
maxretry = 4
action = iptables[name=ssh, port=ssh, protocol=tcp]
'';
postfix = ''
enabled = true
filter = postfix
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
'';
postfix-sasl = ''
enabled = true
filter = postfix-sasl
port = postfix,imap3,imaps,pop3,pop3s
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
'';
postfix-ddos = ''
enabled = true
filter = postfix-ddos
maxretry = 3
action = iptables[name=postfix, port=submission, protocol=tcp]
bantime = 7200
'';
};
};
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = true;
text = ''
# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
'';
};
environment.etc."fail2ban/filter.d/postfix-ddos.conf" = {
enable = true;
text = ''
[Definition]
failregex = lost connection after EHLO from \S+\[<HOST>\]
'';
};
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = true;
text = ''
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
ignoreregex =
'';
};
systemd.services.fail2ban.serviceConfig.LimitSTACK = 128 * 1024;
}

21
config/hosts/athame/hardware.nix
View file

@ -1,21 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules =
[ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/126049c0-34bd-4d96-a8db-276c5d172abe";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/1f19daed-1c51-4b14-bfe8-bd7ea075ed96"; }];
nix.maxJobs = lib.mkDefault 3;
}

17
config/hosts/athame/postgres.nix
View file

@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}];
}

13
config/hosts/athame/virtualhosts.nix
View file

@ -1,13 +0,0 @@
{ config, pkgs, witch, ... }:
let
common = {
enableACME = true;
forceSSL = true;
};
in {
services.nginx.virtualHosts = {
"kittywit.ch" = { root = "/var/www/kittywitch"; } // common;
"athame.kittywit.ch" = { root = "/var/www/athame"; } // common;
} // witch.secrets.virtualHosts.athame;
}

29
config/hosts/boline/configuration.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware.nix ../../services/nginx.nix ];
deploy.profiles = [ "kat" ];
deploy.ssh.host = "boline.kittywit.ch";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking = {
hostName = "boline";
domain = "kittywit.ch";
hostId = "0417b551";
useDHCP = false;
interfaces.ens3.ipv4.addresses = [{
address = "104.244.73.10";
prefixLength = 24;
}];
defaultGateway = "104.244.73.1";
nameservers = [ "1.1.1.1" ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "20.09";
}

20
config/hosts/boline/hardware.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e0a9f76a-5eed-4dd3-a5a6-a93006f7d526";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/cf122d6d-eca9-44f5-b655-85aaf5b2e6af"; }];
}

41
config/hosts/samhain/configuration.nix
View file

@ -1,41 +0,0 @@
{ config, pkgs, lib, sources, witch, ... }:
{
imports = [
./hardware.nix
../../services/zfs.nix
../../services/nginx.nix
./thermal
./vm
./torrenting.nix
];
deploy.profiles = [ "gui" "sway" "kat" "private" ];
deploy.groups = [ "gui" ];
deploy.ssh.host = "192.168.1.135";
# graphics tablet
services.xserver.wacom.enable = true;
# other stuffs
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" "xfs" ];
networking.hostName = "samhain";
networking.hostId = "617050fc";
networking.useDHCP = false;
networking.interfaces.enp34s0.useDHCP = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts =
[ 80 445 139 9091 5000 32101 ]; # smb transmission mkchromecast
networking.firewall.allowedUDPPorts = [ 137 138 4010 ]; # smb scream
networking.firewall.allowedUDPPortRanges = [{
from = 32768;
to = 60999;
} # dnla
];
services.avahi.enable = true;
system.stateVersion = "20.09";
}

56
config/hosts/samhain/hardware.nix
View file

@ -1,56 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AED6-D0D1";
fsType = "vfat";
};
fileSystems."/disks/excess" = {
device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
fsType = "xfs";
};
fileSystems."/disks/pool-raw" = {
device = "zstore/raw";
fsType = "zfs";
};
fileSystems."/disks/pool-compress" = {
device = "zstore/compress";
fsType = "zfs";
};
fileSystems."/disks/pool-protect" = {
device = "zstore/protect";
fsType = "zfs";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; }
{ device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; }
];
}

39
config/hosts/samhain/thermal/default.nix
View file

@ -1,39 +0,0 @@
{ config, pkgs, ... }:
{
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
powerManagement = {
enable = true;
cpuFreqGovernor = "conservative";
};
systemd = {
services = {
kaede-thermals = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.coreutils-full pkgs.gawk ];
serviceConfig = {
RemainAfterExit = "no";
Type = "simple";
ExecStart = "${pkgs.runtimeShell} ${./kaede-thermals.sh} start";
ExecStop = "${pkgs.runtimeShell} ${./kaede-thermals.sh} stop";
User = "root";
};
};
kaede-power = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.linuxPackages.cpupower ];
serviceConfig = {
RemainAfterExit = "yes";
Type = "oneshot";
ExecStart = "${pkgs.runtimeShell} ${./kaede-power.sh} start";
ExecStop = "${pkgs.runtimeShell} ${./kaede-power.sh} stop";
User = "root";
};
};
};
};
services.thermald = {
enable = true;
configFile = "${./kaede-thermald.xml}";
};
}

65
config/hosts/samhain/thermal/kaede-power.sh
View file

@ -1,65 +0,0 @@
#!/usr/bin/env bash
################################################################################
# Written by Kaede Fox <kaede@boxedfox.org>
##########
# Default governor, currently required to be "conservative".
METHOD=conservative
# Configuration parameters.
SCALE_UP=40
SCALE_DOWN=30
SCALE_STEP=1
SAMPLING_RATE=10000
SAMPLING_FACTOR=10
NO_NICE=1
##########
script_name=`basename $0`
case "$1" in
"start")
modprobe cpufreq_conservative
modprobe cpufreq_ondemand
# This also needs to be loaded, in case the service is stopped later
# we can fall back to it.
modprobe cpufreq_performance
# The governor must be selected for its relevant configuration entries
# to appear in sysfs.
cpupower frequency-set -g $METHOD
sleep .5s
CONFIG=/sys/devices/system/cpu/cpufreq/$METHOD
chmod $CONFIG 644
echo $SCALE_UP > $CONFIG/up_threshold
echo $SCALE_DOWN > $CONFIG/down_threshold
echo $SCALE_STEP > $CONFIG/freq_step
echo $SAMPLING_RATE > $CONFIG/sampling_rate
echo $SAMPLING_FACTOR > $CONFIG/sampling_down_factor
echo $NO_NICE > $CONFIG/ignore_nice_load
sleep .5s
# Force reload all configuration.
cpupower frequency-set -g $METHOD
echo "enabled cpupower"
echo "loaded ${script_name}"
;;
"stop")
cpupower frequency-set -g performance &&
echo "disabled cpupower" &
wait
sleep .5s
modprobe -r cpufreq_conservative
modprobe -r cpufreq_ondemand
echo "unloaded ${script_name}"
;;
*)
echo "Usage: ${script_name} (start | stop)"
exit 1
;;
esac

308
config/hosts/samhain/thermal/kaede-thermald.xml
View file

@ -1,308 +0,0 @@
<?xml version="1.0"?>
<!--
use "man thermal-conf.xml" for details
-->
<!-- BEGIN -->
<ThermalConfiguration>
<Platform>
<Name>AMD Ryzen 5 3600 6-Core Processor</Name>
<ProductName>*</ProductName>
<UUID>*</UUID>
<Preference>quiet</Preference>
<ThermalSensors>
<ThermalSensor>
<!--CPU sensor on die -->
<Type>CPU_TEMP_CORE</Type>
<Path>/var/cache/kaede-thermals/cpu_core_temp</Path>
<AsyncCapable>1</AsyncCapable>
</ThermalSensor>
<ThermalSensor>
<!-- GPU sensor -->
<Type>GPU_TEMP</Type>
<Path>/var/cache/kaede-thermals/gpu_temp</Path>
<AsyncCapable>1</AsyncCapable>
</ThermalSensor>
</ThermalSensors>
<ThermalZones>
<ThermalZone>
<Type>CPU_CTRL</Type>
<TripPoints>
<!-- CPU PASSIVE CONTROL -->
<!-- Ideal temp: 70-75*C, Max temp: 95*C -->
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>65000</Temperature>
<Type>passive</Type>
<ControlType>parallel</ControlType>
<CoolingDevice>
<index>1</index>
<type>CPU_FREQ0</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>2</index>
<type>CPU_FREQ1</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>3</index>
<type>CPU_FREQ2</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>4</index>
<type>CPU_FREQ3</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>5</index>
<type>CPU_FREQ4</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>6</index>
<type>CPU_FREQ5</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>7</index>
<type>CPU_FREQ6</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>8</index>
<type>CPU_FREQ7</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>9</index>
<type>CPU_FREQ8</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>10</index>
<type>CPU_FREQ9</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>11</index>
<type>CPU_FREQ10</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>12</index>
<type>CPU_FREQ11</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
</TripPoint>
<!-- EMERGENCY THROTTLING. -->
<!-- HOT means suspend the system. -->
<!-- CRITICAL means turn off the system. -->
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>85000</Temperature>
<Type>hot</Type>
</TripPoint>
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>90000</Temperature>
<Type>critical</Type>
</TripPoint>
</TripPoints>
</ThermalZone>
<ThermalZone>
<Type>GPU_CTRL</Type>
<TripPoints>
<!-- GPU PASSIVE CONTROL -->
<!-- Ideal temp: 70-75*C, Max temp: 90*C -->
<TripPoint>
<SensorType>GPU_TEMP</SensorType>
<Temperature>70000</Temperature>
<Type>passive</Type>
<ControlType>parallel</ControlType>
<CoolingDevice>
<index>1</index>
<type>GPU_FREQ_CORE</type>
<influence>50</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>2</index>
<type>GPU_FREQ_MEM</type>
<influence>50</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
</TripPoint>
</TripPoints>
</ThermalZone>
</ThermalZones>
<CoolingDevices>
<!-- CPU frequency scaling. -->
<!-- This allows finer control of the CPU scaling in comparison to -->
<!-- thermald's built in 'cpufreq' driver. -->
<CoolingDevice>
<Type>CPU_FREQ0</Type>
<Path>/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ1</Type>
<Path>/sys/devices/system/cpu/cpu1/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ2</Type>
<Path>/sys/devices/system/cpu/cpu2/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ3</Type>
<Path>/sys/devices/system/cpu/cpu3/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ4</Type>
<Path>/sys/devices/system/cpu/cpu4/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ5</Type>
<Path>/sys/devices/system/cpu/cpu5/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ6</Type>
<Path>/sys/devices/system/cpu/cpu6/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ7</Type>
<Path>/sys/devices/system/cpu/cpu7/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ8</Type>
<Path>/sys/devices/system/cpu/cpu8/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ9</Type>
<Path>/sys/devices/system/cpu/cpu9/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ10</Type>
<Path>/sys/devices/system/cpu/cpu10/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ11</Type>
<Path>/sys/devices/system/cpu/cpu7/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<!-- GPU frequency scaling. -->
<!-- This is read by a custom service and translated into the format
expected by the video driver. -->
<CoolingDevice>
<Type>GPU_FREQ_CORE</Type>
<Path>/var/cache/kaede-thermals/gpu_power_core</Path>
<MinState>255</MinState>
<MaxState>0</MaxState>
<IncDecStep>-5</IncDecStep>
<!-- Make sure ReadBack is disabled as our servive needs to
reset the value periodically. -->
<ReadBack>0</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
<!-- As negative values are possible and have special meaning,
leave room for the sign. -->
<WritePrefix> </WritePrefix>
</CoolingDevice>
<CoolingDevice>
<Type>GPU_FREQ_MEM</Type>
<Path>/var/cache/kaede-thermals/gpu_power_mem</Path>
<MinState>255</MinState>
<MaxState>0</MaxState>
<IncDecStep>-5</IncDecStep>
<ReadBack>0</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
<WritePrefix> </WritePrefix>
</CoolingDevice>
</CoolingDevices>
</Platform>
</ThermalConfiguration>

157
config/hosts/samhain/thermal/kaede-thermals.sh
View file

@ -1,157 +0,0 @@
#!/usr/bin/env bash
################################################################################
# Written by Kaede Fox <kaede@boxedfox.org>
##########
# thermald can't handle hwmon* moving around, so we use symlinks to resolve
# dynamic paths to static paths.
THERMAL_PATH="/var/cache/kaede-thermals"
# CPU sensor paths.
CPU_SENSOR_CORE="/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon*/temp1_input"
#CPU_SENSOR_SOCKET="/sys/devices/platform/nct6775.656/hwmon/hwmon*/temp2_input"
# GPU control and sensor paths (using amdgpu).
GPU_CONTROL="/sys/class/drm/card0/device/"
GPU_SENSOR="/sys/class/drm/card0/device/hwmon/hwmon*/temp1_input"
# WARNING: MAKE ABSOLUTELY SURE THESE ARE THE PERFORMANCE STATES AND NOT THE
# ACTUAL CORE/MEM CLOCKS OR WE COULD DAMAGE THE HARDWARE.
GPUCTRL_CORECLK="${GPU_CONTROL}/pp_dpm_sclk"
GPUCTRL_MEMCLK="${GPU_CONTROL}/pp_dpm_mclk"
# How often to resolve paths (in seconds). Changes are extremely rare, but they
# can occur even while the system is booted.
INTERVAL='300'
# How often to update GPU power settings from thermald.
TIMESLICE='1'
# Formatter used to round floats to integers via printf.
float_to_int='%'\''.0f'
##########
script_name=`basename $0`
# Our simple path resolver subroutine, which uses ls to replace hwmon* with
# whichever hwmon is currently active.
sub_resolve_paths() {
ln -s -f "`ls $CPU_SENSOR_CORE`" "./cpu_core_temp"
# ln -s -f "`ls $CPU_SENSOR_SOCKET`" "./cpu_socket_temp"
ln -s -f "`ls $GPU_SENSOR`" "./gpu_temp"
}
case "$1" in
"start")
echo "loaded ${script_name}"
mkdir -p "$THERMAL_PATH" 2>/dev/null
cd "$THERMAL_PATH"
# Switch the video driver into manual control mode for
# performance levels.
echo "manual" >${GPU_CONTROL}/power_dpm_force_performance_level
echo "enabled gpupower"
# Immediately resolve paths at startup.
sub_resolve_paths
# Followed by starting thermald in case the paths didn't
# exist, which would've made it fail to start.
sleep .5s
systemctl start thermald
# thermald will create these files with the wrong permissions.
rm "./gpu_power_core"; printf "%d\n" '-1'>./gpu_power_core
rm "./gpu_power_mem"; printf "%d\n" '-1'>./gpu_power_mem
# Enter service mode.
slice_counter='0'
while true; do
# Execute a timeslice. Paths are updated every time the
# counter wraps around.
slice_counter=$((slice_counter + TIMESLICE))
if [ "$slice_counter" -ge "$INTERVAL" ]; then
#printf "DEBUG: *** Updating paths after %d seconds ***\n" "$slice_counter"
slice_counter=$((slice_counter - INTERVAL))
# Resolve paths.
sub_resolve_paths
fi
# Read GPU thermal settings from thermald and apply
# them to the driver via sysfs.
#
# The core and memory clock lists are highly specific
# to the hardware, and need updating if the video card
# is ever changed.
#
gpu_power_core="`cat ./gpu_power_core`"
gpu_power_mem="`cat ./gpu_power_mem`"
if [ -z "$gpu_power_core" ]; then gpu_power_core='-1'; fi
if [ -z "$gpu_power_mem" ]; then gpu_power_mem='-1'; fi
# Check if we need to update the core clock.
if [ "$gpu_power_core" -ge '0' ]; then
#printf "DEBUG: *** Updating GPU core clock ***\n"
printf "%d\n" '-1'>./gpu_power_core
printf "$gpu_power_core\n">./gpu_power_core_cached
core_count_f="$(echo "$gpu_power_core" | awk '{ x=(($1/255.0)*(7-1))+1; printf("%f",x) }')"
core_count="$(printf "$float_to_int" "$core_count_f")"
if [ "$core_count" -lt '1' ]; then core_count='1'; fi
if [ "$core_count" -gt '7' ]; then core_count='7'; fi
gpu_list_core="1"
for ((i=2; i<=core_count; i++)); do
gpu_list_core="$gpu_list_core $i"; done
echo "$gpu_list_core" >${GPUCTRL_CORECLK}
#echo "dbg: gpu_power_core: $gpu_power_core"
#echo "dbg: core_count_f: $core_count_f, core_count: $core_count"
#echo "dbg: gpu_list_core: $gpu_list_core"
fi
# Check if we need to update the memory clock.
if [ "$gpu_power_mem" -ge '0' ]; then
#printf "DEBUG: *** Updating GPU memory clock ***\n"
printf "%d\n" '-1'>./gpu_power_mem
printf "$gpu_power_mem\n">./gpu_power_mem_cached
mem_count_f="$(echo "$gpu_power_mem" | awk '{ x=(($1/255.0)*(3-1))+1; printf("%f",x) }')"
mem_count="$(printf "$float_to_int" "$mem_count_f")"
if [ "$mem_count" -lt '1' ]; then mem_count='1'; fi
if [ "$mem_count" -gt '3' ]; then mem_count='3'; fi
gpu_list_mem="1"
for ((i=2; i<=mem_count; i++)); do
gpu_list_mem="$gpu_list_mem $i"; done
echo "$gpu_list_mem" >${GPUCTRL_MEMCLK}
#echo "dbg: gpu_power_mem: $gpu_power_mem"
#echo "dbg: mem_count_f: $mem_count_f, mem_count: $mem_count"
#echo "dbg: gpu_list_mem: $gpu_list_mem"
fi
# Sleep until the next cycle.
sleep "${TIMESLICE}s"
done
;;
"stop")
# Reset all performance level tunings.
echo "1 2 3 4 5 6 7" >${GPUCTRL_CORECLK}
echo "1 2 3" >${GPUCTRL_MEMCLK}
# Switch the video driver into automatic control mode for
# performance levels.
echo "auto" >${GPU_CONTROL}/power_dpm_force_performance_level
echo "disabled gpupower"
sleep .5s
echo "unloaded ${script_name}"
;;
*)
echo "Usage: ${script_name} (start | stop)"
exit 1
;;
esac

86
config/hosts/samhain/torrenting.nix
View file

@ -1,86 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.transmission = let
transmission-done-script = pkgs.writeScriptBin "script" ''
#!${pkgs.bash}/bin/bash
set -e
if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
if [ ! -z "*.rar" ]; then
${pkgs.unrar}/bin/unrar x "*.rar"
fi
chmod ugo=rwX .
fi'';
in {
enable = true;
home = "/disks/pool-raw/transmission";
downloadDirPermissions = "777";
settings = {
download-dir = "/disks/pool-raw/media/unsorted";
incomplete-dir = "/disks/pool-raw/media/.incomplete";
incomplete-dir-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.1.*,192.168.122.*";
script-torrent-done-enabled = true;
dht-enabled = true;
pex-enabled = true;
script-torrent-done-filename = "${transmission-done-script}/bin/script";
umask = 0;
};
};
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = samhain
netbios name = samhain
security = user
#use sendfile = yes
#max protocol = smb2
hosts allow = 192.168.1. 192.168.122. localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
shared = {
path = "/home/kat/shared";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "kat";
"force group" = "users";
};
media = {
path = "/disks/pool-raw/media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "transmission";
"force group" = "transmission";
};
};
};
services.nginx.virtualHosts = {
"192.168.1.135" = {
locations."/share/" = {
alias = "/disks/pool-raw/media/";
extraConfig = "autoindex on;";
};
};
"100.103.111.44" = {
locations."/share/" = {
alias = "/disks/pool-raw/media/";
extraConfig = "autoindex on;";
};
};
};
}

118
config/hosts/samhain/vm/default.nix
View file

@ -1,118 +0,0 @@
{ config, pkgs, lib, sources, witch, ... }:
{
# libvirtd is used for our virtual machine
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuRunAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
# required for guest reboots with the 580
boot.extraModulePackages = [
(pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset
]; # required groups for various intentions
users.users.kat.extraGroups = [ "libvirtd" "input" "qemu-libvirtd" ];
# video=efifb:off allows the 580 to be passed through regardless of being the boot display and allows the 560 to act as a console device
# pci=noats means that it doesn't kernel panic on my specific configuration
boot.kernelParams = [
"amd_iommu=on"
"pci=noats"
"video=efifb:off"
]; # eventually switch to vfio-pci.ids to replace the boot.initrd.preDeviceCommands block
boot.initrd.availableKernelModules =
[ "amdgpu" "vfio-pci" ]; # vfio-pci is required for pci passthrough
boot.kernelModules =
[ "i2c-dev" "kvm-amd" ]; # i2c-dev is required for DDC/CI for screenstub
# this section makes vfio-pci be injected as the driver for the 580 and its audio thingy
# it should be replaced as mentioned with vfio-pci.ids
# the script provided: https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html can be used to find iommu groups
boot.initrd.preDeviceCommands = ''
DEVS="0000:26:00.0 0000:26:00.1"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
'';
# rules are for:
# * monitor ddc/ci
# * input for qemu
# * rule for event-mouse (i hope?)
# * uinput rule
services.udev.extraRules = ''
SUBSYSTEM=="i2c-dev", GROUP="users", MODE="0660"
SUBSYSTEM=="usb", ATTRS{idVendor}=="05ac", ATTRS{idProduct}=="12a8", GROUP="qemu-libvirtd"
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
SUBSYSTEM=="input", ACTION=="add", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd", RUN+="${
pkgs.writeShellScript "mewdev"
"${pkgs.coreutils}/bin/echo 'c 13:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-qemu*/devices.allow"
}"
'';
environment.systemPackages = [
# pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding (currently disabled due to using changed source)
pkgs.arc.pkgs.scream-arc # for audio forwarding
pkgs.screenstub # for input handling
pkgs.ddcutil # for diagnostics on DDC/CI
pkgs.virt-manager # hmm
];
systemd.services.libvirtd-guest-win10 = {
after = [ "libvirtd.service" ];
requires = [ "libvirtd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = "yes";
};
script = let
xml =
pkgs.writeText "libvirt-guest-win10.xml" (import ./win10.xml.nix { });
in ''
uuid="$(${pkgs.libvirt}/bin/virsh domuuid 'win10' || true)"
${pkgs.libvirt}/bin/virsh define <(sed "s/UUID/$uuid/" '${xml}')
${pkgs.libvirt}/bin/virsh start 'win10';
'';
preStop = ''
${pkgs.libvirt}/bin/virsh shutdown 'win10'
let "timeout = $(date +%s) + 120"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^win10$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy 'win10'
else
# the machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
'';
};
home-manager.users.kat = {
# audio for vm on startup
systemd.user.services = {
scream = {
Unit = { Description = "Scream - Audio forwarding from the VM."; };
Service = {
ExecStart =
"${pkgs.arc.pkgs.scream-arc}/bin/scream -i virbr0 -o pulse";
Restart = "always";
};
Install = { WantedBy = [ "default.target" ]; };
};
};
};
# BusId is used to specify the graphics card used for X / lightdm / wayland
# BusId must be decimal conversion of the equivalent but matching the format, this was 0000:25:00.0
services.xserver.deviceSection = lib.mkDefault ''
Option "TearFree" "true"
BusID "PCI:37:0:0"
'';
}

85
config/hosts/samhain/vm/screenstub.yml
View file

@ -1,85 +0,0 @@
screens:
- monitor: # fill in with info from `screenstub detect`
manufacturer: BNQ
model: BenQ GW2270
#serial: "..."
guest_source: # Could be automatically detected, but best to fill in if monitor has more than two inputs
name: HDMI-1
#value: 0x0f # can also specify raw VCP value
host_source: # Usually automatically detected
name: HDMI-2
#value: 0x11
ddc:
#minimal_delay: 100ms # minimum time to wait between switching inputs again
#guest: [] # disable input switching
#host: [] # disable input switching
guest: # configure how to switch to the guest
#- guest_wait # wait until guest agent responds, otherwise might get stranded on other input
- ddc # (default) Use ddc-rs
#exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- exec: [ddccontrol, -r, "0x60", -w, "{}", /dev/i2c-5]
host: # configure how to switch back from the guest
- ddc # (default) Controls DDC from the host GPU - requires no guest agent but many monitors won't support this
#- exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- guest_exec: ["C:/ddcset.exe", "setvcp", "60", "{:x}"] # or "0x{:x}" for hex input value
#- guest_exec: ["C:/ScreenBright.exe", "-set", "0x60", "{}"] # "{}" is for decimal input value
#- exec: ["ssh", "user@vm", "ddcutil", "setvcp", "0x60", "{}"] # system commands can also be used
qemu:
#routing: qmp # (default) does not require extra configuration or dependencies
#routing: spice # no external requirements # CURRENTLY UNIMPLEMENTED
#routing: input-linux # requires uinput
routing: virtio-host # requires uinput, recommended for performance, requires vioinput drivers in guest
#driver: ps2 # use PS/2 in the guest for all input devices (absolute mouse mode unsupported)
#driver: usb # use USB keyboard/mouse/tablet in the guest
#driver: virtio # Recommended but vioinput drivers must be installed in guest
#keyboard_driver: ps2 # (default) can also be set separately per input type, this should rarely be necessary
#relative_driver: usb # (default)
#absolute_driver: usb # (default)
#driver: virtio
#relative_driver: virtio
qmp_socket: /tmp/vfio-qmp # path to QMP socket
ga_socket: /tmp/vfio-qga # path to Guest Agent socket
key_remap: # Arbitrary keys can be remapped in the guest
# See https://docs.rs/input-linux/*/input_linux/enum.Key.html for a list of key names available (mouse buttons can also be used)
LeftMeta: Reserved # disable the windows key
RightAlt: LeftMeta # remap right alt to trigger the windows key
hotkeys: # Trigger various events on key combinations
#- toggle_grab:y
# xdevice: # CURRENTLY UNIMPLEMENTED
# devices: # Only grab specific devices from Xorg
# - "..."
#- exec: [echo, hi] # Execute an arbitrary system command
#- show_host # switch to the host display
#- show_guest # switch to the guest display
#- toggle_show # switch the current display
#- unstick_guest # causes all held keys to be released in the guest
#- shutdown # safely shuts the guest system down
#- reboot # reboots the guest
#- exit # quits screenstub
- triggers: [G]
modifiers: [LeftMeta]
events:
- toggle_grab:
x:
mouse: false # Confine input/mouse to window
- toggle_grab:
evdev: # evdev grab is useful for playing games that don't work with absolute mouse events
exclusive: false # grab exclusive access from the device(s)
#new_device_name: "unique-grab-name" # create a new uinput device for this grab
xcore_ignore: [absolute] # which events to ignore from the window (key, button, absolute)
evdev_ignore: [button] # which events to ignore from the evdev device
devices: # List of devices to forward to guest
- /dev/input/by-id/usb-04d9_USB_Laser_Game_Mouse-event-mouse
- unstick_host # force-depress all Xorg keys (prevents keys getting stuck)
- triggers: [T]
modifiers: [LeftMeta]
on_release: false
events:
- toggle_show
exit_events: # Events to trigger on window close / exit
- show_host
#- shutdown

BIN
config/hosts/samhain/vm/vbios.rom
View file

Binary file not shown.

260
config/hosts/samhain/vm/win10.xml.nix
View file

@ -1,260 +0,0 @@
{ ... }:
''
<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
<name>win10</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">12582912</memory>
<currentMemory unit="KiB">12582912</currentMemory>
<vcpu placement="static">6</vcpu>
<iothreads>1</iothreads>
<cputune>
<vcpupin vcpu="0" cpuset="0"/>
<vcpupin vcpu="1" cpuset="1"/>
<vcpupin vcpu="2" cpuset="2"/>
<vcpupin vcpu="3" cpuset="6"/>
<vcpupin vcpu="4" cpuset="7"/>
<vcpupin vcpu="5" cpuset="8"/>
<emulatorpin cpuset="3,9"/>
<iothreadpin iothread="1" cpuset="3,9"/>
</cputune>
<os>
<type arch="x86_64" machine="pc-q35-5.1">hvm</type>
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="partial">
<topology sockets="1" dies="1" cores="3" threads="2"/>
<cache mode="passthrough"/>
<feature policy="require" name="topoext"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="raw" discard="unmap"/>
<source file="/dev/disk/by-id/ata-HFS256G32TNF-N3A0A_MJ8BN15091150BM1Z"/>
<target dev="sda" bus="scsi"/>
<boot order="2"/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x8"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x9"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0xa"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x2"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0xb"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x3"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0xc"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x4"/>
</controller>
<controller type="pci" index="15" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="15" port="0xd"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x5"/>
</controller>
<controller type="pci" index="16" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="16" port="0xe"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x6"/>
</controller>
<controller type="pci" index="17" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="17" port="0xf"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x7"/>
</controller>
<controller type="pci" index="18" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="18" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="19" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="19" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="20" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="20" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="21" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="21" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="22" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="22" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="23" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="23" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5" multifunction="on"/>
</controller>
<controller type="pci" index="24" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x0a" slot="0x00" function="0x0"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<controller type="scsi" index="0" model="virtio-scsi">
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<interface type="network">
<mac address="52:54:00:61:87:37"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x0"/>
</source>
<rom file="${./vbios.rom}"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</hostdev>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x1"/>
</source>
<address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
</hostdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
</devices>
<qemu:commandline>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qmp,server,nowait,id=qmp0"/>
<qemu:arg value="-mon"/>
<qemu:arg value="chardev=qmp0,id=qmp,mode=control"/>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qga,server,nowait,id=qga0"/>
<qemu:arg value="-device"/>
<qemu:arg value="virtserialport,chardev=qga0,name=org.qemu.guest_agent.0"/>
<qemu:arg value="-set"/>
<qemu:arg value="device.scsi0-0-0-0.rotation_rate=1"/>
<qemu:arg value="-cpu"/>
<qemu:arg value="host,hv_time,kvm=off,hv_vendor_id=null,-hypervisor"/>
</qemu:commandline>
</domain>
''

23
config/hosts/yule/configuration.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware.nix ../../services/zfs.nix ];
deploy.profiles = [ "gui" "sway" "kat" "laptop" "private" ];
deploy.groups = [ "gui" ];
deploy.ssh.host = "192.168.1.92";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "dddbb888";
networking.hostName = "yule";
networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
system.stateVersion = "20.09";
}

35
config/hosts/yule/hardware.nix
View file

@ -1,35 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D680-ED0E";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }];
}

40
config/nixos.nix
View file

@ -1,40 +0,0 @@
{ pkgs, config, lib, sources, witch, options, ... }:
let
nixosModules = witch.modList {
modulesDir = ./profiles;
defaultFile = "nixos.nix";
};
in {
imports = lib.attrValues nixosModules ++ [ ./private/profile/nixos ];
options.home-manager.users = lib.mkOption {
type = lib.types.attrsOf (lib.types.submoduleWith {
modules = [ ];
specialArgs = {
inherit sources witch;
superConfig = config;
modulesPath = sources.home-manager + "/modules";
};
});
};
config = {
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users = {
kat = {
imports = [ ./home.nix ];
deploy.profile = lib.mkMerge (map (prof: {
${if options ? deploy.profile.${prof} then prof else null} = true;
}) config.deploy.profiles);
};
};
};
};
}

1
config/private

@ -1 +0,0 @@
Subproject commit f416f5da9e7b4dbf24730baf2a582c374532c6f2

3
config/profiles/common/home.nix
View file

@ -1,3 +0,0 @@
{ ... }:
{ }

5
config/profiles/common/nixos.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
imports = [ ./nixos ];
}

14
config/profiles/common/nixos/access.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
security.sudo.wheelNeedsPassword = lib.mkForce false;
users.users.root = {
openssh.authorizedKeys.keys = with pkgs.lib;
concatLists (mapAttrsToList (name: user:
if elem "wheel" user.extraGroups then
user.openssh.authorizedKeys.keys
else
[ ]) config.users.users);
};
}

14
config/profiles/common/nixos/default.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
imports = [
./system.nix
./net.nix
./access.nix
./locale.nix
./nix.nix
./ssh.nix
./packages.nix
./secrets.nix
];
}

10
config/profiles/common/nixos/locale.nix
View file

@ -1,10 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Europe/London";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
};
}

5
config/profiles/common/nixos/net.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
services.tailscale.enable = true;
}

24
config/profiles/common/nixos/nix.nix
View file

@ -1,24 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
boot.loader.grub.configurationLimit = 8;
boot.loader.systemd-boot.configurationLimit = 8;
nixpkgs.config = { allowUnfree = true; };
nix = {
nixPath = [
"nixpkgs=${sources.nixpkgs}"
"nixpkgs-unstable=${sources.nixpkgs-unstable}"
"nixpkgs-mozilla=${sources.nixpkgs-mozilla}"
"NUR=${sources.NUR}"
"arc=${sources.arc-nixexprs}"
];
binaryCaches = [ "https://arc.cachix.org" ];
binaryCachePublicKeys =
[ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" ];
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 1w";
trustedUsers = [ "root" "@wheel" ];
};
}

30
config/profiles/common/nixos/packages.nix
View file

@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
smartmontools
hddtemp
lm_sensors
htop
cachix
borgbackup
ripgrep
git
nixfmt
mprime
wget
rsync
pv
pinentry-curses
progress
bc
zstd
file
whois
fd
exa
socat
tmux
gnupg
];
}

9
config/profiles/common/nixos/secrets.nix
View file

@ -1,9 +0,0 @@
{ config, lib, pkgs, ... }:
{
secrets = {
root = "/var/lib/kat/secrets";
persistentRoot = "/var/lib/kat/secrets";
external = true;
};
}

16
config/profiles/common/nixos/ssh.nix
View file

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
challengeResponseAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
extraConfig = ''
StreamLocalBindUnlink yes
LogLevel VERBOSE
'';
};
}

8
config/profiles/common/nixos/system.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
#imports = [ (sources.home-manager + "/nixos") ];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
services.journald.extraConfig = "SystemMaxUse=512M";
}

7
config/profiles/gui/home.nix
View file

@ -1,7 +0,0 @@
{ lib, ... }:
{
imports = [ ./home ];
options = { deploy.profile.gui = lib.mkEnableOption "graphical system"; };
}

15
config/profiles/gui/home/default.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
imports = [
./firefox
./kitty.nix
./packages.nix
./email.nix
./gpg.nix
./weechat.nix
./gtk.nix
./music.nix
./mpv.nix
];
}

36
config/profiles/gui/home/email.nix
View file

@ -1,36 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
programs.notmuch = {
enable = true;
hooks = { preNew = "mbsync --all"; };
};
programs.mbsync.enable = true;
programs.msmtp.enable = true;
accounts.email = {
maildirBasePath = "${config.home.homeDirectory}/mail";
accounts.kat = {
address = "kat@kittywit.ch";
primary = true;
realName = "kat witch";
userName = "kat@kittywit.ch";
passwordCommand = ''
${pkgs.arc.pkgs.rbw-bitw}/bin/bitw -p gpg://${
../../../private/files/bitw/master.gpg
} get "kittywitch email"'';
msmtp.enable = true;
mbsync.enable = true;
mbsync.create = "maildir";
notmuch.enable = true;
imap.host = "kittywit.ch";
smtp.host = "kittywit.ch";
gpg = {
signByDefault = true;
key = "01F50A29D4AA91175A11BDB17248991EFA8EFBEE";
};
};
};
programs.vim.plugins = [ pkgs.arc.pkgs.vimPlugins.notmuch-vim ];
};
}

72
config/profiles/gui/home/firefox/default.nix
View file

@ -1,72 +0,0 @@
{ config, lib, pkgs, sources, superConfig, ... }:
let
commonSettings = {
"app.update.auto" = false;
"identity.fxaccounts.account.device.name" = superConfig.networking.hostName;
"signon.rememberSignons" = false;
"browser.download.lastDir" = "/home/kat/downloads";
"browser.urlbar.placeholderName" = "DuckDuckGo";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"identity.sync.tokenserver.uri" =
"https://sync.kittywit.ch/token/1.0/sync/1.5";
};
in {
config = lib.mkIf config.deploy.profile.gui {
programs.zsh.shellAliases = {
ff-pm = "firefox --ProfileManager";
ff-main = "firefox -P main";
ff-work = "firefox -P work";
ff-lewd = "firefox -P lewd";
};
programs.firefox = {
enable = true;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
auto-tab-discard
bitwarden
darkreader
decentraleyes
foxyproxy-standard
google-search-link-fix
https-everywhere
#old-reddit-redirect # made unnecessary due to tridactylrc
privacy-badger
reddit-enhancement-suite
refined-github
stylus
terms-of-service-didnt-read
tabcenter-reborn
tridactyl
ublock-origin
violentmonkey
];
profiles = {
main = {
id = 0;
isDefault = true;
settings = commonSettings // {
};
userChrome = import ./userChrome.css.nix { profile = "main"; };
};
work = {
id = 1;
settings = commonSettings // {
};
userChrome = import ./userChrome.css.nix { profile = "work"; };
};
lewd = {
id = 2;
settings = commonSettings // {
};
userChrome = import ./userChrome.css.nix { profile = "lewd"; };
};
};
};
home.file.".config/tridactyl/tridactylrc".source = ./tridactylrc;
};
}

157
config/profiles/gui/home/firefox/tridactylrc
View file

@ -1,157 +0,0 @@
" bovine3dom's dogfood
" WARNING: This file defines and runs a command called fixamo_quiet. If you
" also have a malicious addon that operates on `<all_urls>` installed this
" will allow it to steal your firefox account credentials!
"
" With those credentials, an attacker can read anything in your sync account,
" publish addons to the AMO, etc, etc.
"
" Without this command a malicious addon can steal credentials from any site
" that you visit that is not in the restrictedDomains list.
"
" You should comment out the fixamo lines unless you are entirely sure that
" they are what you want.
"
" The advantage of running the command is that you can use the tridactyl
" interface on addons.mozilla.org and other restricted sites.
" Provided only as an example.
" Do not install/run without reading through as you may be surprised by some
" of the settings.
" May require the latest beta builds.
" Move this to $XDG_CONFIG_DIR/tridactyl/tridactylrc (that's
" ~/.config/tridactyl/tridactylrc to mere mortals) or ~/.tridactylrc and
" install the native messenger (:installnative in Tridactyl). Run :source to
" get it in the browser, or just restart.
"
" Binds
"
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
bind ,<Space> nohlsearc
" Comment toggler for Reddit, Hacker News and Lobste.rs
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
" GitHub pull request checkout command to clipboard (only works if you're a collaborator or above)
bind yp composite js document.getElementById("clone-help-step-1").textContent.replace("git checkout -b", "git checkout -B").replace("git pull ", "git fetch ") + "git reset --hard " + document.getElementById("clone-help-step-1").textContent.split(" ")[3].replace("-","/") | yank
" Git{Hub,Lab} git clone via SSH yank
bind yg composite js "git clone " + document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git") | clipboard yank
" As above but execute it and open terminal in folder
bind ,g js let uri = document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git"); tri.native.run("cd ~/projects; git clone " + uri + "; cd \"$(basename \"" + uri + "\" .git)\"; st")
" make d take you to the tab you were just on (I find it much less confusing)
bind d composite tab #; tabclose #
bind D tabclose
" I like wikiwand but I don't like the way it changes URLs
bindurl wikiwand.com yy composite js document.location.href.replace("wikiwand.com/en","wikipedia.org/wiki") | clipboard yank
" Make gu take you back to subreddit from comments
bindurl reddit.com gu urlparent 4
" Only hint search results on Google and DDG
bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
bindurl ^https://duckduckgo.com f hint -Jc [class=result__a]
bindurl ^https://duckduckgo.com F hint -Jbc [class=result__a]
" Allow Ctrl-a to select all in the commandline
unbind --mode=ex <C-a>
" Allow Ctrl-c to copy in the commandline
unbind --mode=ex <C-c>
" Handy multiwindow/multitasking binds
bind gd tabdetach
bind gD composite tabduplicate; tabdetach
" Make yy use canonical / short links on the 5 websites that support them
bind yy clipboard yankcanon
" Stupid workaround to let hint -; be used with composite which steals semi-colons
command hint_focus hint -;
" Open right click menu on links
bind ;C composite hint_focus; !s xdotool key Menu
"
" Misc settings
"
" set editorcmd to suckless terminal, or use the defaults on other platforms
js tri.browserBg.runtime.getPlatformInfo().then(os=>{const editorcmd = os.os=="linux" ? "st vim" : "auto"; tri.config.set("editorcmd", editorcmd)})
" set profile dir on Windows
jsb browser.runtime.getPlatformInfo().then(os=>{const profiledir = os.os=="win" ? "C:\\Users\\olie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gwm76nmk.default" : "auto"; tri.config.set("profiledir", profiledir)})
" Sane hinting mode
set hintfiltermode vimperator-reflow
set hintnames numeric
" Defaults to 300ms but I'm a 'move fast and close the wrong tabs' kinda chap
set hintdelay 100
" Add helper commands that Mozillians think make Firefox irredeemably
" insecure. For details, read the comment at the top of this file.
command fixamo_quiet jsb tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""'))
command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""').then(tri.excmds.fillcmdline_tmp(3000, "Permissions added to user.js. Please restart Firefox to make them take affect.")))
" Make Tridactyl work on more sites at the expense of some security. For
" details, read the comment at the top of this file.
fixamo_quiet
" Equivalent to `set csp clobber` before it was removed. This weakens your
" defences against cross-site-scripting attacks and other types of
" code-injection by reducing the strictness of Content Security Policy on
" every site in a couple of ways.
"
" You may not wish to run this. Mozilla strongly feels that you shouldn't.
"
" It allows Tridactyl to function on more pages, e.g. raw GitHub pages.
"
" We remove the sandbox directive
" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
" which allows our iframe to run (and anyone else's) on any website.
"
" We weaken the style-src directive
" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
" to allow us to theme our elements. This exposes you to 'cross site styling'
" attacks.
"
" Read https://wiki.mozilla.org/Security/CSP#Goals for more information.
jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:["<all_urls>"],types:["main_frame"]},["blocking","responseHeaders"])
" Make quickmarks for the sane Tridactyl issue view
quickmark t https://github.com/tridactyl/tridactyl/issues?utf8=%E2%9C%93&q=sort%3Aupdated-desc+
" Inject Google Translate
" This (clearly) is remotely hosted code. Google will be sent the whole
" contents of the page you are on if you run `:translate`
" From https://github.com/jeremiahlee/page-translator
command translate js let googleTranslateCallback = document.createElement('script'); googleTranslateCallback.innerHTML = "function googleTranslateElementInit(){ new google.translate.TranslateElement(); }"; document.body.insertBefore(googleTranslateCallback, document.body.firstChild); let googleTranslateScript = document.createElement('script'); googleTranslateScript.charset="UTF-8"; googleTranslateScript.src = "https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&tl=&sl=&hl="; document.body.insertBefore(googleTranslateScript, document.body.firstChild);
"
" URL redirects
"
" New reddit is bad
autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Mosquito nets won't make themselves
autocmd DocStart ^http(s?)://www.amazon.co.uk js tri.excmds.urlmodify("-t", "www", "smile")
" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl
" vim: set filetype=tridactyl

15
config/profiles/gui/home/firefox/userChrome.css.nix
View file

@ -1,15 +0,0 @@
{ profile }:
''
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar > .toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
#sidebar-box[sidebarcommand="tabcenter-reborn_ariasuni-sidebar-action"] #sidebar-header {
visibility: collapse;
}
''

23
config/profiles/gui/home/gpg.nix
View file

@ -1,23 +0,0 @@
{ config, lib, pkgs, sources, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
home.sessionVariables = {
SSH_AUTH_SOCK =
"\${SSH_AUTH_SOCK:-$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)}";
};
services.gpg-agent = {
enable = true;
enableExtraSocket = true;
enableSshSupport = false;
pinentryFlavor = "gtk2";
extraConfig = lib.mkMerge [
"auto-expand-secmem 0x30000" # otherwise "gpg: public key decryption failed: Cannot allocate memory"
"pinentry-timeout 30"
"allow-loopback-pinentry"
"enable-ssh-support"
"no-allow-external-cache"
];
};
};
}

17
config/profiles/gui/home/gtk.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
gtk = {
enable = true;
iconTheme = {
name = "Numix-Square";
package = pkgs.numix-icon-theme-square;
};
theme = {
name = "Arc-Dark";
package = pkgs.arc-theme;
};
};
};
}

25
config/profiles/gui/home/kitty.nix
View file

@ -1,25 +0,0 @@
{ config, lib, pkgs, witch, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
programs.kitty = {
enable = true;
font.name = witch.style.font.name;
settings = {
font_size = witch.style.font.size;
# background = witch.style.base16.color0;
background_opacity = "0.95";
# foreground = witch.style.base16.color7;
# selection_background = witch.style.base16.color7;
# selection_foreground = witch.style.base16.color0;
# url_color = witch.style.base16.color3;
# cursor = witch.style.base16.color7;
# active_border_color = "#75715e";
# active_tab_background = "#9900ff";
# active_tab_foreground = witch.style.base16.color7;
# inactive_tab_background = "#3a3a3a";
# inactive_tab_foreground = "#665577";
}; # // witch.style.base16;
};
};
}

15
config/profiles/gui/home/mpv.nix
View file

@ -1,15 +0,0 @@
{ config, lib, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
programs.mpv = {
enable = true;
config = {
profile = "gpu-hq";
gpu-context = "wayland";
vo = "gpu";
hwdec = "auto";
};
};
};
}

102
config/profiles/gui/home/music.nix
View file

@ -1,102 +0,0 @@
{ config, lib, pkgs, witch, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
programs.ncmpcpp = {
enable = true;
mpdMusicDir = "/home/kat/media-share/music";
settings = {
visualizer_data_source = "/tmp/mpd.fifo";
visualizer_output_name = "my_fifo";
visualizer_in_stereo = "yes";
visualizer_type = "spectrum";
visualizer_look = "+|";
user_interface = "alternative";
colors_enabled = "yes";
discard_colors_if_item_is_selected = "no";
header_window_color = "250";
volume_color = "250";
state_line_color = "cyan";
state_flags_color = "cyan";
alternative_ui_separator_color = "yellow";
statusbar_color = "yellow";
progressbar_color = "black";
progressbar_elapsed_color = "blue";
window_border_color = "yellow";
playlist_display_mode = "classic";
song_columns_list_format =
"(3f)[cyan]{n} (40)[default]{t|f} (25)[red]{a} (30)[blue]{b} (4f)[cyan]{l}";
now_playing_prefix = "$b";
song_list_format =
" $7%n$9 $8-$9 $6%a$9 $8-$9 $5%b$9 $R $8%t$9 ($4%l$9) ";
song_library_format = "{%n > }{%t}|{%f}";
song_status_format = "{%a - }{%t - }{%b}";
titles_visibility = "no";
header_visibility = "no";
statusbar_visibility = "no";
now_playing_suffix = "$/b";
progressbar_look = " ";
media_library_primary_tag = "album_artist";
search_engine_display_mode = "columns";
};
bindings = [
{
key = "+";
command = "add";
}
{
key = "-";
command = "load";
}
];
};
programs.beets = {
enable = true;
package = pkgs.unstable.beets;
settings = {
directory = "~/media-share/music";
library = "~/.local/share/beets.db";
plugins = lib.concatStringsSep " " [
"mpdstats"
"mpdupdate"
"duplicates"
"chroma"
];
};
};
services.mpd = {
enable = true;
package = pkgs.mpd-youtube-dl;
network.startWhenNeeded = true;
musicDirectory = "/home/kat/media-share/music";
extraConfig = ''
max_output_buffer_size "32768"
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
audio_output {
type "pulse"
name "speaker"
}
audio_output {
type "httpd"
name "httpd-high"
encoder "opus"
bitrate "96000"
port "32101"
max_clients "4"
format "48000:16:2"
always_on "yes"
tags "yes"
}
'';
};
};
}

58
config/profiles/gui/home/packages.nix
View file

@ -1,58 +0,0 @@
{ config, lib, pkgs, ... }:
let
bitw = pkgs.writeShellScriptBin "bitw" ''
${pkgs.arc.pkgs.rbw-bitw}/bin/bitw -p gpg://${
../../../private/files/bitw/master.gpg
} "$@"'';
in {
config = lib.mkIf config.deploy.profile.gui {
home.packages = with pkgs; [
_1password
bitwarden
bitw
mpv
element-desktop
mumble
obs-studio
niv
feh
duc
exiftool
audacity
avidemux
vlc
ffmpeg-full
thunderbird
unstable.syncplay
unstable.youtube-dl
unstable.mkchromecast
unstable.google-chrome
v4l-utils
transmission-gtk
lm_sensors
p7zip
baresip
psmisc
discord
tdesktop
yubikey-manager
pinentry.gtk2
dino
libnotify
nextcloud-client
vegur
nitrogen
terminator
pavucontrol
gparted
scrot
gimp-with-plugins
vscode
cryptsetup
vifm
neofetch
htop
];
};
}

93
config/profiles/gui/home/weechat.nix
View file

@ -1,93 +0,0 @@
{ config, pkgs, lib, superConfig, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
home.file = {
".local/share/weechat/sec.conf" = lib.mkIf config.deploy.profile.private {
source = "${../../../private/files/weechat/sec.conf}";
};
};
programs.weechat = {
enable = true;
init = lib.mkBefore ''
/server add freenode athame.kittywit.ch/5001 -ssl -autoconnect
/server add espernet athame.kittywit.ch/5001 -ssl -autoconnect
/matrix server add kat kittywit.ch
'';
packageUnwrapped = pkgs.unstable.weechat-unwrapped;
homeDirectory = "${config.xdg.dataHome}/weechat";
plugins.python = {
enable = true;
packages = [ "weechat-matrix" ];
};
scripts = with pkgs.weechatScripts; [
go
auto_away
autosort
colorize_nicks
unread_buffer
urlgrab
vimode-git
weechat-matrix
weechat-notify-send
];
config = {
weechat = {
look = { mouse = true; };
bar = {
buflist = { size_max = 24; };
nicklist = { size_max = 18; };
};
};
urlgrab.default.copycmd = "${pkgs.wl-clipboard}/bin/wl-copy";
plugins.var.python.vimode.copy_clipboard_cmd = "wl-copy";
plugins.var.python.vimode.paste_clipboard_cmd = "wl-paste --no-newline";
plugins.var.python.notify_send.icon = "";
sec = {
crypt = {
passphrase_command = ''
${pkgs.rbw-bitw}/bin/bitw -p gpg://${
../../../private/files/bitw/master.gpg
} get "weechat"'';
hash_algo = "sha512";
};
};
irc = {
look = { server_buffer = "independent"; };
server = {
freenode = {
address = "athame.kittywit.ch/5001";
password = "kat/freenode:\${sec.data.znc}";
ssl = true;
ssl_verify = false;
autoconnect = true;
};
espernet = {
address = "athame.kittywit.ch/5001";
password = "kat/espernet:\${sec.data.znc}";
ssl = true;
ssl_verify = false;
autoconnect = true;
};
};
};
matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = { server_buffer = "independent"; };
server.kat = {
address = "kittywit.ch";
device_name = "${superConfig.networking.hostName}/weechat";
username = "kat";
password = "\${sec.data.matrix}";
autoconnect = true;
};
};
};
};
};
}

7
config/profiles/gui/nixos.nix
View file

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./nixos ];
options = { deploy.profile.gui = lib.mkEnableOption "graphical system"; };
}

6
config/profiles/gui/nixos/adb.nix
View file

@ -1,6 +0,0 @@
{ config, ... }:
{
programs.adb.enable = true;
users.users.kat.extraGroups = [ "adbusers" ];
}

14
config/profiles/gui/nixos/default.nix
View file

@ -1,14 +0,0 @@
{ ... }:
{
imports = [
./adb.nix
./fonts.nix
./gpg.nix
./firefox.nix
./dns.nix
./nixpkgs.nix
./mingetty.nix
./sound.nix
];
}

43
config/profiles/gui/nixos/dns.nix
View file

@ -1,43 +0,0 @@
{ config, lib, pkgs, ... }: {
config = lib.mkIf config.deploy.profile.gui {
networking = {
networkmanager.enable = true;
resolvconf.useLocalResolver = true;
networkmanager.dns = "none";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key =
"RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
server_names = [
"acsacsar-ams-ipv4"
"acsacsar-ams-ipv6"
"dnscrypt.eu-dk"
"dnscrypt.eu-dk-ipv6"
"dnscrypt.eu-nl"
"dnscrypt.eu-nl-ipv6"
"meganerd"
"meganerd-ipv6"
];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy2";
};
};
}

16
config/profiles/gui/nixos/firefox.nix
View file

@ -1,16 +0,0 @@
{ config, pkgs, lib, witch, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true;
};
};
};
}

13
config/profiles/gui/nixos/fonts.nix
View file

@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
fonts.fontconfig.enable = true;
fonts.fonts = with pkgs; [
font-awesome
nerdfonts
iosevka
emacs-all-the-icons-fonts
];
};
}

14
config/profiles/gui/nixos/gpg.nix
View file

@ -1,14 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "gtk2";
};
};
}

37
config/profiles/gui/nixos/mingetty.nix
View file

@ -1,37 +0,0 @@
{ config, lib, pkgs, ... }:
let
c1 = "\\e[22;34m";
c2 = "\\e[1;35m";
nixos_logo = [
" ${c1} ::::. ${c2}'::::: ::::' "
" ${c1} '::::: ${c2}':::::. ::::' "
" ${c1} ::::: ${c2}'::::.::::: "
" ${c1} .......:::::..... ${c2}:::::::: "
" ${c1} ::::::::::::::::::. ${c2}:::::: ${c1}::::. "
" ${c1} ::::::::::::::::::::: ${c2}:::::. ${c1}.::::' "
" ${c2} ..... ::::' ${c1}:::::' "
" ${c2} ::::: '::' ${c1}:::::' "
" ${c2} ........::::: ' ${c1}:::::::::::. "
" ${c2}::::::::::::: ${c1}::::::::::::: "
" ${c2} ::::::::::: ${c1}.. ${c1}::::: "
" ${c2} .::::: ${c1}.::: ${c1}::::: "
" ${c2} .::::: ${c1}::::: ${c1}''''' ${c2}..... "
" ${c2} ::::: ${c1}':::::. ${c2}......:::::::::::::' "
" ${c2} ::: ${c1}::::::. ${c2}':::::::::::::::::' "
" ${c1} .:::::::: ${c2}':::::::::: "
" ${c1} .::::''::::. ${c2}'::::. "
" ${c1} .::::' ::::. ${c2}'::::. "
" ${c1} .:::: :::: ${c2}'::::. "
];
in {
config = lib.mkIf config.deploy.profile.gui {
services.mingetty = {
greetingLine = ''
\e[H\e[2J
\e[9;10]'' + lib.concatStringsSep "\n" nixos_logo + "\n\n"
+ "\\e[1;32m>>> NixOS ${config.system.nixos.label} (Linux \\r) - \\l\\e[0m";
helpLine = lib.mkForce "";
};
};
}

8
config/profiles/gui/nixos/nixpkgs.nix
View file

@ -1,8 +0,0 @@
{ pkgs, config, lib, ... }:
{
nixpkgs.config = {
allowUnfree = true;
pulseaudio = true;
};
}

25
config/profiles/gui/nixos/sound.nix
View file

@ -1,25 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.gui {
sound = {
enable = true;
extraConfig = ''
defaults.pcm.rate_converter "speexrate_best"
'';
};
hardware.pulseaudio = {
enable = true;
daemon.config = {
exit-idle-time = 5;
resample-method = "speex-float-5";
avoid-resampling = "true";
flat-volumes = "no";
default-sample-format = "s32le";
default-sample-rate = 48000;
alternate-sample-rate = 44100;
default-sample-channels = 2;
};
};
};
}

12
config/profiles/kat/home.nix
View file

@ -1,12 +0,0 @@
{ lib, ... }:
{
imports = [ ./home ];
#home-manager.useGlobalPkgs = true;
#home-manager.users.kat = {
# imports = [ ../../../modules/home ];
#};
options = { deploy.profile.kat = lib.mkEnableOption "uhh meow"; };
}

14
config/profiles/kat/home/base16.nix
View file

@ -1,14 +0,0 @@
{ config, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
base16 = {
shell.enable = true;
schemes = [ "rebecca.rebecca" ];
};
# home.base16-shell = {
# enable = true;
# defaultTheme = "rebecca.rebecca";
# };
};
}

16
config/profiles/kat/home/default.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
imports = [
./zsh
./vim
./git.nix
./kitty.nix
./tmux.nix
./secrets.nix
#./base16.nix
./xdg.nix
./ssh.nix
./packages.nix
];
}

32
config/profiles/kat/home/git.nix
View file

@ -1,32 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
home.packages = with pkgs; [
git-crypt
gitAndTools.gitRemoteGcrypt
unstable.gitAndTools.gitAnnex
git-revise
arc.pkgs.gitAndTools.git-annex-remote-b2
];
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "kat witch";
userEmail = "kat@kittywit.ch";
extraConfig = {
protocol.gcrypt.allow = "always";
annex = {
autocommit = false;
backend = "BLAKE2B512";
synccontent = true;
};
};
signing = {
key = "01F50A29D4AA91175A11BDB17248991EFA8EFBEE";
signByDefault = true;
};
};
};
}

6
config/profiles/kat/home/kitty.nix
View file

@ -1,6 +0,0 @@
{ config, pkgs, ... }:
{
home.sessionVariables.TERMINFO_DIRS =
"${pkgs.kitty.terminfo.outPath}/share/terminfo";
}

7
config/profiles/kat/home/packages.nix
View file

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
home.packages = with pkgs; [ kitty.terminfo ];
};
}

27
config/profiles/kat/home/ssh.nix
View file

@ -1,27 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
programs.ssh = {
enable = true;
controlMaster = "auto";
controlPersist = "10m";
hashKnownHosts = true;
matchBlocks = let
common = {
forwardAgent = true;
extraOptions = {
RemoteForward =
"/run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
};
port = 62954;
};
in {
"athame" = { hostname = "athame.kittywit.ch"; } // common;
"samhain" = { hostname = "192.168.1.135"; } // common;
"yule" = { hostname = "192.168.1.92"; } // common;
"boline" = { hostname = "boline.kittywit.ch"; } // common;
};
};
};
}

57
config/profiles/kat/home/tmux.nix
View file

@ -1,57 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
programs.zsh.shellAliases = {
tne = "tmux new -s";
tat = "tmux attach -t";
tren = "tmux new -AD -s";
};
programs.tmux = {
enable = true;
extraConfig = ''
# start from 1
set -g base-index 1
setw -g pane-base-index 1
# proper title handling
set -g set-titles on
set -g set-titles-string "#T"
# 256 color
set -g default-terminal "screen-256color"
# modes
setw -g clock-mode-colour colour5
setw -g mode-style 'fg=colour1 bg=colour18 bold'
# panes
set -g pane-border-style 'fg=colour19 bg=colour0'
set -g pane-active-border-style 'bg=colour0 fg=colour9'
# statusbar
set -g status-position bottom
set -g status-justify left
set -g status-style 'bg=colour18 fg=colour137 dim'
set -g status-left '''
set -g status-right '#[fg=colour233,bg=colour19] %F #[fg=colour233,bg=colour8] %H:%M:%S %Z'
set -g status-right-length 50
set -g status-left-length 20
setw -g window-status-current-style 'fg=colour1 bg=colour19 bold'
setw -g window-status-current-format ' #I#[fg=colour249]:#[fg=colour255]#W#[fg=colour249]#F '
setw -g window-status-style 'fg=colour9 bg=colour18'
setw -g window-status-format ' #I#[fg=colour237]:#[fg=colour250]#W#[fg=colour244]#F '
setw -g window-status-bell-style 'fg=colour255 bg=colour1 bold'
# messages
set -g message-style 'fg=colour232 bg=colour16 bold'
# mouse
set -g mouse on
'';
};
};
}

7
config/profiles/kat/home/vim/coc-settings.json
View file

@ -1,7 +0,0 @@
{
"python.formatting.provider": "black",
"python.jediEnabled": true,
"python.linting.flake8Enabled": true,
"python.linting.enabled": true,
"python.pythonPath": "nvim-python3"
}

37
config/profiles/kat/home/vim/default.nix
View file

@ -1,37 +0,0 @@
{ config, lib, pkgs, witch, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
home.sessionVariables.EDITOR = "vim";
programs.vim = {
enable = true;
package = pkgs.arc.pkgs.vim_configurable-pynvim;
#withPython3 = true;
plugins = with pkgs.vimPlugins; [
nerdtree
vim-nix
coc-nvim
coc-yank
coc-python
coc-json
coc-yaml
coc-git
vim-fugitive
vim-startify
base16-vim
];
#extraPackages = with pkgs;
# [ (python3.withPackages (ps: with ps; [ black flake8 ])) ];
#extraPython3Packages = (ps: with ps; [ jedi pylint ]);
extraConfig = import ./vimrc.nix { inherit pkgs config; };
};
xdg.dataFile = {
"vim/undo/.keep".text = "";
"vim/swap/.keep".text = "";
"vim/backup/.keep".text = "";
};
xdg.configFile = {
"vim/coc-settings.json".text = builtins.readFile ./coc-settings.json;
};
};
}

208
config/profiles/kat/home/vim/vimrc.nix
View file

@ -1,208 +0,0 @@
{ config, pkgs }:
''
" Enable mouse
set mouse=a
" colors
let base16colorspace=256
"colorscheme base16-rebecca
colorscheme default
" notmuch!
let g:notmuch_config_file='${config.xdg.configHome}/notmuch/notmuchrc'
let g:notmuch_folders_count_threads=0
let g:notmuch_date_format='%y-%m-%d %H:%M'
let g:notmuch_datetime_format='%y-%m-%d %H:%M'
let g:notmuch_show_date_format='%Y/%m/%d %H:%M'
let g:notmuch_search_date_format='%Y/%m/%d %H:%M'
let g:notmuch_html_converter='${pkgs.elinks}/bin/elinks --dump'
" Line numbers!
set number
" Open NERDTree at start
autocmd VimEnter * NERDTree | wincmd p
autocmd BufEnter * if tabpagenr('$') == 1 && winnr('$') == 1 && exists('b:NERDTree') && b:NERDTree.isTabTree() |
\ quit | endif
autocmd BufEnter * if bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
nnoremap <leader>n :NERDTreeFocus<CR>
nnoremap <C-n> :NERDTree<CR>
nnoremap <C-t> :NERDTreeToggle<CR>
nnoremap <C-f> :NERDTreeFind<CR>
let g:coc_node_path='${pkgs.nodejs}/bin/node'
" idk but this means .swp isn't everywhere
set undodir=$XDG_DATA_HOME/vim/undo
set directory=$XDG_DATA_HOME/vim/swap//
set backupdir=$XDG_DATA_HOME/vim/backup
" TextEdit might fail if hidden is not set.
set hidden
" Some servers have issues with backup files, see #649.
set nobackup
set nowritebackup
" Give more space for displaying messages.
set cmdheight=2
" Having longer updatetime (default is 4000 ms = 4 s) leads to noticeable
" delays and poor user experience.
set updatetime=300
" Don't pass messages to |ins-completion-menu|.
set shortmess+=c
" Always show the signcolumn, otherwise it would shift the text each time
" diagnostics appear/become resolved.
if has("patch-8.1.1564")
" Recently vim can merge signcolumn and number column into one
set signcolumn=number
else
set signcolumn=yes
endif
" Use tab for trigger completion with characters ahead and navigate.
" NOTE: Use command ':verbose imap <tab>' to make sure tab is not mapped by
" other plugin before putting this into your config.
inoremap <silent><expr> <TAB>
\ pumvisible() ? "\<C-n>" :
\ <SID>check_back_space() ? "\<TAB>" :
\ coc#refresh()
inoremap <expr><S-TAB> pumvisible() ? "\<C-p>" : "\<C-h>"
function! s:check_back_space() abort
let col = col('.') - 1
return !col || getline('.')[col - 1] =~# '\s'
endfunction
" Use <c-space> to trigger completion.
if has('nvim')
inoremap <silent><expr> <c-space> coc#refresh()
else
inoremap <silent><expr> <c-@> coc#refresh()
endif
" Make <CR> auto-select the first completion item and notify coc.nvim to
" format on enter, <cr> could be remapped by other vim plugin
inoremap <silent><expr> <cr> pumvisible() ? coc#_select_confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Use `[g` and `]g` to navigate diagnostics
" Use `:CocDiagnostics` to get all diagnostics of current buffer in location list.
nmap <silent> [g <Plug>(coc-diagnostic-prev)
nmap <silent> ]g <Plug>(coc-diagnostic-next)
" GoTo code navigation.
nmap <silent> gd <Plug>(coc-definition)
nmap <silent> gy <Plug>(coc-type-definition)
nmap <silent> gi <Plug>(coc-implementation)
nmap <silent> gr <Plug>(coc-references)
" Use K to show documentation in preview window.
nnoremap <silent> K :call <SID>show_documentation()<CR>
function! s:show_documentation()
if (index(['vim','help'], &filetype) >= 0)
execute 'h '.expand('<cword>')
elseif (coc#rpc#ready())
call CocActionAsync('doHover')
else
execute '!' . &keywordprg . " " . expand('<cword>')
endif
endfunction
" Highlight the symbol and its references when holding the cursor.
autocmd CursorHold * silent call CocActionAsync('highlight')
" Symbol renaming.
nmap <leader>rn <Plug>(coc-rename)
" Formatting selected code.
xmap <leader>f <Plug>(coc-format-selected)
nmap <leader>f <Plug>(coc-format-selected)
augroup mygroup
autocmd!
" Setup formatexpr specified filetype(s).
autocmd FileType typescript,json setl formatexpr=CocAction('formatSelected')
" Update signature help on jump placeholder.
autocmd User CocJumpPlaceholder call CocActionAsync('showSignatureHelp')
augroup end
" Applying codeAction to the selected region.
" Example: `<leader>aap` for current paragraph
xmap <leader>a <Plug>(coc-codeaction-selected)
nmap <leader>a <Plug>(coc-codeaction-selected)
" Remap keys for applying codeAction to the current buffer.
nmap <leader>ac <Plug>(coc-codeaction)
" Apply AutoFix to problem on the current line.
nmap <leader>qf <Plug>(coc-fix-current)
" Map function and class text objects
" NOTE: Requires 'textDocument.documentSymbol' support from the language server.
xmap if <Plug>(coc-funcobj-i)
omap if <Plug>(coc-funcobj-i)
xmap af <Plug>(coc-funcobj-a)
omap af <Plug>(coc-funcobj-a)
xmap ic <Plug>(coc-classobj-i)
omap ic <Plug>(coc-classobj-i)
xmap ac <Plug>(coc-classobj-a)
omap ac <Plug>(coc-classobj-a)
" Remap <C-f> and <C-b> for scroll float windows/popups.
if has('nvim-0.4.0') || has('patch-8.2.0750')
nnoremap <silent><nowait><expr> <C-f> coc#float#has_scroll() ? coc#float#scroll(1) : "\<C-f>"
nnoremap <silent><nowait><expr> <C-b> coc#float#has_scroll() ? coc#float#scroll(0) : "\<C-b>"
inoremap <silent><nowait><expr> <C-f> coc#float#has_scroll() ? "\<c-r>=coc#float#scroll(1)\<cr>" : "\<Right>"
inoremap <silent><nowait><expr> <C-b> coc#float#has_scroll() ? "\<c-r>=coc#float#scroll(0)\<cr>" : "\<Left>"
vnoremap <silent><nowait><expr> <C-f> coc#float#has_scroll() ? coc#float#scroll(1) : "\<C-f>"
vnoremap <silent><nowait><expr> <C-b> coc#float#has_scroll() ? coc#float#scroll(0) : "\<C-b>"
endif
" Use CTRL-S for selections ranges.
" Requires 'textDocument/selectionRange' support of language server.
nmap <silent> <C-s> <Plug>(coc-range-select)
xmap <silent> <C-s> <Plug>(coc-range-select)
" Add `:Format` command to format current buffer.
command! -nargs=0 Format :call CocAction('format')
" Add `:Fold` command to fold current buffer.
command! -nargs=? Fold :call CocAction('fold', <f-args>)
" Add `:OR` command for organize imports of the current buffer.
command! -nargs=0 OR :call CocAction('runCommand', 'editor.action.organizeImport')
" Add (Neo)Vim's native statusline support.
" NOTE: Please see `:h coc-status` for integrations with external plugins that
" provide custom statusline: lightline.vim, vim-airline.
set statusline^=%{coc#status()}%{get(b:,'coc_current_function',''')}
" Mappings for CoCList
" Show all diagnostics.
nnoremap <silent><nowait> <space>a :<C-u>CocList diagnostics<cr>
" Manage extensions.
nnoremap <silent><nowait> <space>e :<C-u>CocList extensions<cr>
" Show commands.
nnoremap <silent><nowait> <space>c :<C-u>CocList commands<cr>
" Find symbol of current document.
nnoremap <silent><nowait> <space>o :<C-u>CocList outline<cr>
" Search workspace symbols.
nnoremap <silent><nowait> <space>s :<C-u>CocList -I symbols<cr>
" Do default action for next item.
nnoremap <silent><nowait> <space>j :<C-u>CocNext<CR>
" Do default action for previous item.
nnoremap <silent><nowait> <space>k :<C-u>CocPrev<CR>
" Resume latest coc list.
nnoremap <silent><nowait> <space>p :<C-u>CocListResume<CR>
'' + (if config.deploy.profile.sway then ''
noremap "+y y:call system("wl-copy", @")<CR>
nnoremap "+p :let @"=substitute(system("wl-paste --no-newline"), '<C-v><C-m>', ''', 'g')<CR>p
nnoremap "*p :let @"=substitute(system("wl-paste --no-newline --primary"), '<C-v><C-m>', ''', 'g')<CR>p
'' else
"")

20
config/profiles/kat/home/xdg.nix
View file

@ -1,20 +0,0 @@
{ config, lib, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
xdg = {
enable = true;
userDirs = {
enable = true;
pictures = "$HOME/media";
videos = "$HOME/media/videos";
documents = "$HOME/docs";
download = "$HOME/downloads";
desktop = "$HOME/tmp";
templates = "$HOME/tmp";
publicShare = "$HOME/shared";
music = "$HOME/media-share/music";
};
};
};
}

42
config/profiles/kat/home/zsh/default.nix
View file

@ -1,42 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
programs.zsh = {
enable = true;
shellAliases = {
nixdirfmt = "fd --color=never .nix | xargs nixfmt";
exa = "exa --time-style long-iso";
ls = "exa -G";
la = "exa -Ga";
ll = "exa -l";
lla = "exa -lga";
};
initExtra = ''
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="fg=3,bold"
'';
plugins = [{
name = "zsh-autosuggestions";
src = pkgs.fetchFromGitHub {
owner = "zsh-users";
repo = "zsh-autosuggestions";
rev = "v0.6.4";
sha256 = "0h52p2waggzfshvy1wvhj4hf06fmzd44bv6j18k3l9rcx6aixzn6";
};
}];
oh-my-zsh = {
enable = true;
plugins = [ "git" "sudo" "adb" "cargo" "emoji" ];
};
};
programs.starship = {
enable = true;
enableZshIntegration = true;
};
programs.direnv = {
enable = true;
enableZshIntegration = true;
enableNixDirenvIntegration = true;
};
};
}

142
config/profiles/kat/home/zsh/zshrc-title
View file

@ -1,142 +0,0 @@
function term_title {
emulate -L zsh
unsetopt prompt_subst
[[ -t 1 ]] || return
local TITLE="$1"
local TAB="${2-$1}"
case "$TERM" in
cygwin|xterm*|putty*|rxvt*|ansi)
print -Pn "\e]2;$TITLE:q\a"
print -Pn "\e]1;$TAB:q\a"
;;
screen*)
print -Pn "\ek$TITLE:q\e\\"
;;
*)
if [[ "$TERM_PROGRAM" == "iTerm.app" ]]; then
print -Pn "\e]2;$TITLE:q\a"
print -Pn "\e]1;$TAB:q\a"
else
if [[ -n "$terminfo[fsl]" ]] && [[ -n "$terminfo[tsl]" ]]; then
echoti tsl
print -Pn "$TITLE"
echoti fsl
fi
fi
;;
esac
}
function term_dir {
emulate -L zsh
[[ -t 1 ]] || return
local DIR="${1-$PWD}"
if [[ "${TERM_PROGRAM-}" == "Apple_Terminal" ]]; then
local URL_PATH="$(__omz_urlencode -P "$DIR")"
[[ $? != 0 ]] && return 1
printf '\e]7;%s\a' "file://$HOST$URL_PATH"
fi
}
function __arc_update_precmd {
local TERM_TITLE="%~"
local TERM_TAB="%~"
if [[ "${TERM_PROGRAM-}" == "Apple_Terminal" ]]; then
TERM_TAB="$USER@%m"
TERM_TITLE="$TERM_TAB"
elif [[ "$USER" != "$DEFAULT_USER" || -n "${SSH_CLIENT-}" ]]; then
TERM_TAB="$USER@%m"
TERM_TITLE="$TERM_TAB - $TERM_TITLE"
fi
term_title "$TERM_TITLE" "$TERM_TAB"
}
function __arc_update_preexec {
emulate -L zsh
setopt extended_glob
local TERM_TAB=${1[(wr)^(*=*|sudo|ssh|mosh|rake|-*)]:gs/%/%%}
local TERM_TITLE="${2:gs/%/%%}"
if [[ "$USER" != "$DEFAULT_USER" || -n "${SSH_CLIENT-}" ]]; then
TERM_TAB="$USER@%m - $TERM_TAB"
TERM_TITLE="$USER@%m - $TERM_TITLE"
fi
term_title "$TERM_TITLE" "$TERM_TAB"
}
zmodload zsh/langinfo
function __omz_urlencode() {
emulate -L zsh
zparseopts -D -E -a opts r m P
local in_str=$1
local url_str=""
local spaces_as_plus
if [[ -z $opts[(r)-P] ]]; then spaces_as_plus=1; fi
local str="$in_str"
# URLs must use UTF-8 encoding; convert str to UTF-8 if required
local encoding=$langinfo[CODESET]
local safe_encodings
safe_encodings=(UTF-8 utf8 US-ASCII)
if [[ -z ${safe_encodings[(r)$encoding]} ]]; then
str=$(echo -E "$str" | iconv -f $encoding -t UTF-8)
if [[ $? != 0 ]]; then
echo "Error converting string from $encoding to UTF-8" >&2
return 1
fi
fi
# Use LC_CTYPE=C to process text byte-by-byte
local i byte ord LC_ALL=C
export LC_ALL
local reserved=';/?:@&=+$,'
local mark='_.!~*''()-'
local dont_escape="[A-Za-z0-9"
if [[ -z $opts[(r)-r] ]]; then
dont_escape+=$reserved
fi
# $mark must be last because of the "-"
if [[ -z $opts[(r)-m] ]]; then
dont_escape+=$mark
fi
dont_escape+="]"
# Implemented to use a single printf call and avoid subshells in the loop,
# for performance (primarily on Windows).
local url_str=""
for (( i = 1; i <= ${#str}; ++i )); do
byte="$str[i]"
if [[ "$byte" =~ "$dont_escape" ]]; then
url_str+="$byte"
else
if [[ "$byte" == " " && -n $spaces_as_plus ]]; then
url_str+="+"
else
ord=$(( [##16] #byte ))
url_str+="%$ord"
fi
fi
done
echo -E "$url_str"
}
if [[ -z "${ARC_PROMPT_RUN-}" ]]; then
chpwd_functions+=(term_dir)
precmd_functions+=(__arc_update_precmd)
preexec_functions+=(__arc_update_preexec)
term_dir
fi

19
config/profiles/kat/nixos.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.kat {
users.users.kat = {
uid = 1000;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== cardno:000612078454"
];
shell = pkgs.zsh;
extraGroups = [ "wheel" "video" ];
hashedPassword =
"$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
};
};
options = { deploy.profile.kat = lib.mkEnableOption "uhh meow"; };
}

5
config/profiles/laptop/home.nix
View file

@ -1,5 +0,0 @@
{ lib, ... }:
{
options = { deploy.profile.laptop = lib.mkEnableOption "lappytop"; };
}

7
config/profiles/laptop/nixos.nix
View file

@ -1,7 +0,0 @@
{ lib, ... }:
{
imports = [ ./nixos ];
options = { deploy.profile.laptop = lib.mkEnableOption "lappytop"; };
}

5
config/profiles/laptop/nixos/default.nix
View file

@ -1,5 +0,0 @@
{ ... }:
{
imports = [ ./light.nix ./wifi.nix ];
}

6
config/profiles/laptop/nixos/light.nix
View file

@ -1,6 +0,0 @@
{ config, lib, pkgs, ... }:
{
config =
lib.mkIf config.deploy.profile.laptop { programs.light.enable = true; };
}

5
config/profiles/laptop/nixos/wifi.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.deploy.profile.laptop { };
}

7
config/profiles/sway/home.nix
View file

@ -1,7 +0,0 @@
{ lib, ... }:
{
imports = [ ./home ];
options = { deploy.profile.sway = lib.mkEnableOption "sway wm"; };
}

5
config/profiles/sway/home/default.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, sources, ... }:
{
imports = [ ./waybar ./mako.nix ./sway.nix ./swayidle.nix ./gammastep.nix ];
}

11
config/profiles/sway/home/gammastep.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
services.gammastep = {
enable = true;
latitude = "51.5074";
longitude = "0.1278";
};
};
}

151
config/profiles/sway/home/grimshot.sh
View file

@ -1,151 +0,0 @@
#!/bin/sh
## Grimshot: a helper for screenshots within sway
## Requirements:
## - `grim`: screenshot utility for wayland
## - `slurp`: to select an area
## - `swaymsg`: to read properties of current window
## - `wl-copy`: clipboard utility
## - `jq`: json utility to parse swaymsg output
## - `notify-send`: to show notifications
## Those are needed to be installed, if unsure, run `grimshot check`
##
## See `man 1 grimshot` or `grimshot usage` for further details.
getTargetDirectory() {
echo "/home/kat/media/scrots"
}
if [ "$1" = "--notify" ]; then
NOTIFY=yes
shift 1
else
NOTIFY=no
fi
ACTION=${1:-usage}
SUBJECT=${2:-screen}
FILE=${3:-$(getTargetDirectory)/$(date -Ins).png}
if [ "$ACTION" != "save" ] && [ "$ACTION" != "copy" ] && [ "$ACTION" != "check" ]; then
echo "Usage:"
echo " grimshot [--notify] (copy|save) [active|screen|output|area|window] [FILE]"
echo " grimshot check"
echo " grimshot usage"
echo ""
echo "Commands:"
echo " copy: Copy the screenshot data into the clipboard."
echo " save: Save the screenshot to a regular file."
echo " check: Verify if required tools are installed and exit."
echo " usage: Show this message and exit."
echo ""
echo "Targets:"
echo " active: Currently active window."
echo " screen: All visible outputs."
echo " output: Currently active output."
echo " area: Manually select a region."
echo " window: Manually select a window."
exit
fi
notify() {
notify-send -t 3000 -a grimshot "$@"
}
notifyOk() {
[ "$NOTIFY" = "no" ] && return
TITLE=${2:-"Screenshot"}
MESSAGE=${1:-"OK"}
notify "$TITLE" "$MESSAGE"
}
notifyError() {
if [ $NOTIFY = "yes" ]; then
TITLE=${2:-"Screenshot"}
MESSAGE=${1:-"Error taking screenshot with grim"}
notify -u critical "$TITLE" "$MESSAGE"
else
echo $1
fi
}
die() {
MSG=${1:-Bye}
notifyError "Error: $MSG"
exit 2
}
check() {
COMMAND=$1
if command -v "$COMMAND" > /dev/null 2>&1; then
RESULT="OK"
else
RESULT="NOT FOUND"
fi
echo " $COMMAND: $RESULT"
}
takeScreenshot() {
FILE=$1
GEOM=$2
OUTPUT=$3
if [ ! -z "$OUTPUT" ]; then
grim -o "$OUTPUT" "$FILE" || die "Unable to invoke grim"
elif [ -z "$GEOM" ]; then
grim "$FILE" || die "Unable to invoke grim"
else
grim -g "$GEOM" "$FILE" || die "Unable to invoke grim"
fi
}
if [ "$ACTION" = "check" ] ; then
echo "Checking if required tools are installed. If something is missing, install it to your system and make it available in PATH..."
check grim
check slurp
check swaymsg
check wl-copy
check jq
check notify-send
exit
elif [ "$SUBJECT" = "area" ] ; then
GEOM=$(slurp -d)
# Check if user exited slurp without selecting the area
if [ -z "$GEOM" ]; then
exit
fi
WHAT="Area"
elif [ "$SUBJECT" = "active" ] ; then
FOCUSED=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]?, .floating_nodes[]?) | select(.focused)')
GEOM=$(echo "$FOCUSED" | jq -r '.rect | "\(.x),\(.y) \(.width)x\(.height)"')
APP_ID=$(echo "$FOCUSED" | jq -r '.app_id')
WHAT="$APP_ID window"
elif [ "$SUBJECT" = "screen" ] ; then
GEOM=""
WHAT="Screen"
elif [ "$SUBJECT" = "output" ] ; then
GEOM=""
OUTPUT=$(swaymsg -t get_outputs | jq -r '.[] | select(.focused)' | jq -r '.name')
WHAT="$OUTPUT"
elif [ "$SUBJECT" = "window" ] ; then
GEOM=$(swaymsg -t get_tree | jq -r '.. | select(.pid? and .visible?) | .rect | "\(.x),\(.y) \(.width)x\(.height)"' | slurp)
# Check if user exited slurp without selecting the area
if [ -z "$GEOM" ]; then
exit
fi
WHAT="Window"
else
die "Unknown subject to take a screen shot from" "$SUBJECT"
fi
if [ "$ACTION" = "copy" ] ; then
takeScreenshot - "$GEOM" "$OUTPUT" | wl-copy --type image/png || die "Clipboard error"
notifyOk "$WHAT copied to buffer"
else
if takeScreenshot "$FILE" "$GEOM" "$OUTPUT"; then
TITLE="Screenshot of $SUBJECT"
MESSAGE=$(basename "$FILE")
notifyOk "$MESSAGE" "$TITLE"
echo $FILE
else
notifyError "Error taking screenshot with grim"
fi
fi

28
config/profiles/sway/home/mako.nix
View file

@ -1,28 +0,0 @@
{ config, pkgs, lib, witch, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
systemd.user.services = {
mako = {
Unit = {
Description = "mako";
X-Restart-Triggers =
[ (toString config.xdg.configFile."mako/config".source) ];
};
Service = {
ExecStart = "${pkgs.mako}/bin/mako";
Restart = "always";
};
Install = { WantedBy = [ "graphical-session.target" ]; };
};
};
programs.mako = {
enable = true;
defaultTimeout = 3000;
borderColor = witch.style.base16.color7;
backgroundColor = "${witch.style.base16.color0}70";
textColor = witch.style.base16.color7;
};
};
}

230
config/profiles/sway/home/sway.nix
View file

@ -1,230 +0,0 @@
{ config, pkgs, lib, witch, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
home.sessionVariables = {
MOZ_ENABLE_WAYLAND = 1;
XDG_CURRENT_DESKTOP = "sway";
XDG_SESSION_TYPE = "wayland";
};
home.packages = with pkgs; [ grim slurp wl-clipboard jq ];
programs.zsh.profileExtra = ''
# If running from tty1 start sway
if [ "$(tty)" = "/dev/tty1" ]; then
systemctl --user unset-environment \
SWAYSOCK \
I3SOCK \
WAYLAND_DISPLAY \
DISPLAY \
IN_NIX_SHELL \
__HM_SESS_VARS_SOURCED \
GPG_TTY \
NIX_PATH \
SHLVL
exec env --unset=SHLVL systemd-cat -t sway -- sway
fi
'';
wayland.windowManager.sway = {
enable = true;
config = let
dmenu =
"${pkgs.bemenu}/bin/bemenu --fn '${witch.style.font.name} ${witch.style.font.size}' --nb '${witch.style.base16.color0}' --nf '${witch.style.base16.color7}' --sb '${witch.style.base16.color1}' --sf '${witch.style.base16.color7}' -l 5 -m -1 -i";
lockCommand = "swaylock -i ${./wallpapers/main.png} -s fill";
cfg = config.wayland.windowManager.sway.config;
in {
bars = [{ command = "${pkgs.waybar}/bin/waybar"; }];
output = let
left = {
res = "1920x1080";
pos = "0 0";
bg = "${./wallpapers/left.jpg} fill";
};
middle = {
res = "1920x1080";
pos = "1920 0";
bg = "${./wallpapers/main.png} fill";
};
right = {
res = "1920x1080";
pos = "3840 0";
bg = "${./wallpapers/right.jpg} fill";
};
laptop = {
res = "1920x1080";
pos = "0 0";
bg = "${./wallpapers/main.png} fill";
};
in {
"DP-1" = left;
"DVI-D-1" = right;
"HDMI-A-1" = middle;
"eDP-1" = laptop;
};
input = {
"1739:33362:Synaptics_TM3336-002" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
click_method = "clickfinger";
};
"*" = {
xkb_layout = "gb";
# xkb_variant = "nodeadkeys";
# xkb_options = "ctrl:nocaps";
};
};
fonts = [ "${witch.style.font.name} ${witch.style.font.size}" ];
terminal = "${pkgs.kitty}/bin/kitty";
# TODO: replace with wofi
menu =
"${pkgs.j4-dmenu-desktop}/bin/j4-dmenu-desktop --dmenu=\"${dmenu}\" --term='${cfg.terminal}'";
modifier = "Mod4";
startup = [
{
command = "systemctl --user restart mako";
always = true;
}
{ command = "mkchromecast -t"; }
];
window = {
border = 1;
titlebar = true;
};
keybindings = {
"${cfg.modifier}+Return" = "exec ${cfg.terminal}";
"${cfg.modifier}+Left" = "focus left";
"${cfg.modifier}+Down" = "focus down";
"${cfg.modifier}+Up" = "focus up";
"${cfg.modifier}+Right" = "focus right";
"${cfg.modifier}+Shift+Left" = "move left";
"${cfg.modifier}+Shift+Down" = "move down";
"${cfg.modifier}+Shift+Up" = "move up";
"${cfg.modifier}+Shift+Right" = "move right";
"${cfg.modifier}+Shift+space" = "floating toggle";
"${cfg.modifier}+space" = "focus mode_toggle";
"${cfg.modifier}+1" = "workspace 1";
"${cfg.modifier}+2" = "workspace 2";
"${cfg.modifier}+3" = "workspace 3";
"${cfg.modifier}+4" = "workspace 4";
"${cfg.modifier}+5" = "workspace 5";
"${cfg.modifier}+6" = "workspace 6";
"${cfg.modifier}+7" = "workspace 7";
"${cfg.modifier}+8" = "workspace 8";
"${cfg.modifier}+9" = "workspace 9";
"${cfg.modifier}+0" = "workspace 10";
"${cfg.modifier}+Shift+1" = "move container to workspace 1";
"${cfg.modifier}+Shift+2" = "move container to workspace 2";
"${cfg.modifier}+Shift+3" = "move container to workspace 3";
"${cfg.modifier}+Shift+4" = "move container to workspace 4";
"${cfg.modifier}+Shift+5" = "move container to workspace 5";
"${cfg.modifier}+Shift+6" = "move container to workspace 6";
"${cfg.modifier}+Shift+7" = "move container to workspace 7";
"${cfg.modifier}+Shift+8" = "move container to workspace 8";
"${cfg.modifier}+Shift+9" = "move container to workspace 9";
"${cfg.modifier}+Shift+0" = "move container to workspace 10";
"XF86AudioRaiseVolume" =
"exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
"XF86AudioLowerVolume" =
"exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
"XF86AudioMute" =
"exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
"XF86AudioMicMute" =
"exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
"XF86MonBrightnessDown" = "exec ${pkgs.light}/bin/light -U 5";
"XF86MonBrightnessUp" = "exec ${pkgs.light}/bin/light -A 5";
"${cfg.modifier}+d" = "exec ${cfg.menu}";
"${cfg.modifier}+x" = "exec ${lockCommand}";
"${cfg.modifier}+Print" =
"exec ${./grimshot.sh} --notify save screen";
"${cfg.modifier}+Shift+Print" =
"exec ${./grimshot.sh} --notify save area";
"${cfg.modifier}+Mod1+Print" =
"exec ${./grimshot.sh} --notify save window";
"${cfg.modifier}+i" = "move workspace to output left";
"${cfg.modifier}+o" = "move workspace to output left";
"${cfg.modifier}+b" = "splith";
"${cfg.modifier}+v" = "splitv";
"${cfg.modifier}+s" = "layout stacking";
"${cfg.modifier}+w" = "layout tabbed";
"${cfg.modifier}+e" = "layout toggle split";
"${cfg.modifier}+f" = "fullscreen";
"${cfg.modifier}+Shift+q" = "kill";
"${cfg.modifier}+Shift+c" = "reload";
"${cfg.modifier}+r" = "mode resize";
"${cfg.modifier}+Delete" = ''
mode "System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown"'';
};
modes = {
"System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown" =
{
"l" = "exec ${lockCommand}, mode default";
"e" = "exec swaymsg exit, mode default";
"s" = "exec systemctl suspend, mode default";
"h" = "exec systemctl hibernate, mode default";
"r" = "exec systemctl reboot, mode default";
"Shift+s" = "exec systemctl shutdown, mode default";
"Return" = "mode default";
"Escape" = "mode default";
};
};
colors = {
focused = {
border = witch.style.base16.color8;
background = witch.style.base16.color3;
text = witch.style.base16.color0;
indicator = witch.style.base16.color2;
childBorder = witch.style.base16.color8;
};
focusedInactive = {
border = witch.style.base16.color0;
background = witch.style.base16.color15;
text = witch.style.base16.color13;
indicator = witch.style.base16.color2;
childBorder = witch.style.base16.color8;
};
unfocused = {
border = witch.style.base16.color0;
background = witch.style.base16.color8;
text = witch.style.base16.color7;
indicator = witch.style.base16.color8;
childBorder = witch.style.base16.color8;
};
urgent = {
border = witch.style.base16.color0;
background = witch.style.base16.color9;
text = witch.style.base16.color0;
indicator = witch.style.base16.color1;
childBorder = witch.style.base16.color8;
};
};
};
wrapperFeatures.gtk = true;
extraConfig = ''
seat seat0 xcursor_theme breeze_cursors 20
'';
};
};
}

26
config/profiles/sway/home/swayidle.nix
View file

@ -1,26 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
systemd.user.services.swayidle = {
Unit = {
Description = "swayidle";
Documentation = [ "man:swayidle(1)" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = ''
${pkgs.swayidle}/bin/swayidle -w \
timeout 300 '${pkgs.swaylock}/bin/swaylock' \
timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep '${pkgs.swaylock}/bin/swaylock'
'';
RestartSec = 3;
Restart = "always";
};
Install = { WantedBy = [ "sway-session.target" ]; };
};
};
}

BIN
config/profiles/sway/home/wallpapers/left.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 451 KiB

BIN
config/profiles/sway/home/wallpapers/main.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 5.1 MiB

BIN
config/profiles/sway/home/wallpapers/right.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.3 MiB

96
config/profiles/sway/home/waybar/default.nix
View file

@ -1,96 +0,0 @@
{ config, lib, pkgs, witch, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
programs.waybar = {
enable = true;
style = import ./waybar.css.nix {
style = witch.style;
hextorgba = witch.colorhelpers.hextorgba;
};
settings = [{
modules-left = [ "sway/workspaces" "sway/mode" "sway/window" ];
modules-center = [ ]; # "clock" "custom/weather"
modules-right = [
"pulseaudio"
"cpu"
"memory"
"temperature"
"backlight"
"battery"
"idle_inhibitor"
#"mpd"
"network"
"custom/weather"
"clock"
"tray"
];
modules = {
#"custom/weather" = {
# format = "{}";
# interval = 3600;
# on-click = "xdg-open 'https://google.com/search?q=weather'";
# exec = "nix-shell --command 'python ${../../../../../scripts/weather/weather.py} ${witch.secrets.profiles.sway.city} ${witch.secrets.profiles.sway.api_key}' ${../../../../../scripts/weather}";
#};
"custom/weather" = {
format = "{}";
interval = 3600;
on-click = "xdg-open 'https://google.com/search?q=weather'";
exec =
"${pkgs.kat-weather}/bin/kat-weather ${witch.secrets.profiles.sway.city} ${witch.secrets.profiles.sway.api_key}";
};
cpu = { format = " {usage}%"; };
#mpd = {
# format = " {albumArtist} - {title}";
# format-stopped = "ﱙ";
# format-paused = " Paused";
# title-len = 16;
#};
memory = { format = " {percentage}%"; };
temperature = { format = " {temperatureC}°C"; };
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
backlight = {
format = "{icon} {percent}%";
format-icons = [ "" "" ];
on-scroll-up = "${pkgs.light}/bin/light -A 1";
on-scroll-down = "${pkgs.light}/bin/light -U 1";
};
battery = {
states = {
good = 90;
warning = 30;
critical = 15;
};
format = "{icon} {capacity}%";
format-charging = " {capacity}%";
format-plugged = " {capacity}%";
format-alt = "{icon} {time}";
format-icons = [ "" "" "" "" "" ];
};
pulseaudio = {
format = " {volume}%";
on-click = "pavucontrol";
};
network = {
format-wifi = " {essid} ({signalStrength}%)";
format-ethernet = " {ifname}: {ipaddr}/{cidr}";
format-linked = " {ifname} (No IP)";
format-disconnected = " Disconnected ";
format-alt = " {ifname}: {ipaddr}/{cidr}";
};
clock = {
format = " {:%A, %F %T %Z}";
interval = 1;
};
};
}];
};
};
}

68
config/profiles/sway/home/waybar/waybar.css.nix
View file

@ -1,68 +0,0 @@
{ hextorgba, style }:
''
* {
border: none;
border-radius: 0;
font-family: "${style.font.name}";
font-size: ${style.font.size_css};
min-height: 14px
}
#clock, #memory, #cpu, #temperature, #pulseaudio, #network, #mpd, #backlight, #battery, #custom-weather, #idle_inhibitor {
margin-left: 8px;
margin-right: 8px;
padding-left: 8px;
padding-right: 8px;
transition: none;
border-bottom: 2px solid ${style.base16.color7};
color: ${style.base16.color7}
}
window#waybar { background: ${hextorgba style.base16.color0} }
#window {
color: ${style.base16.color7};
padding-left: 16px;
padding-right: 16px
}
#workspaces { padding: 0px 4px 0px 4px }
#workspaces button {
color: ${style.base16.color7};
background: ${hextorgba style.base16.color8};
font-size: 16px;
margin: 0px 4px 0px 4px;
border-bottom: 2px solid transparent;
border-left: 1px solid ${style.base16.color7};
border-right: 1px solid ${style.base16.color7}
}
#workspaces button:last-child { margin-right: 0px }
#workspaces button.focused {
color: ${style.base16.color5};
border-bottom-color: ${style.base16.color5}
}
#workspaces button:hover {
transition: none;
box-shadow: inherit;
text-shadow: inherit;
color: ${style.base16.color2};
border-bottom-color: ${style.base16.color2}
}
#mpd, #idle_inhibitor { border-color: #5af78e }
#mpd.disconnected, #mpd.stopped { border-color: #282a36 }
#network { border-color: ${style.base16.color3} }
#custom-weather { border-color: ${style.base16.color14} }
#pulseaudio { border-color: ${style.base16.color2} }
#temperature { border-color: ${style.base16.color4} }
#battery { border-color: ${style.base16.color6} }
#backlight { border-color: ${style.base16.color9} }
#cpu { border-color: ${style.base16.color5} }
#memory { border-color: ${style.base16.color17} }
#clock { border-color: ${style.base16.color7} }
''

7
config/profiles/sway/nixos.nix
View file

@ -1,7 +0,0 @@
{ lib, ... }:
{
imports = [ ./nixos ];
options = { deploy.profile.sway = lib.mkEnableOption "sway wm"; };
}

5
config/profiles/sway/nixos/default.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, sources, ... }:
{
imports = [ ./sway.nix ];
}

10
config/profiles/sway/nixos/sway.nix
View file

@ -1,10 +0,0 @@
{ config, pkgs, lib, sources, ... }:
{
config = lib.mkIf config.deploy.profile.sway {
programs.sway = {
enable = true;
extraPackages = with pkgs; lib.mkForce [ xwayland swaylock swayidle ];
};
};
}

201
config/services/asterisk.nix
View file

@ -1,201 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.asterisk = {
enable = true;
confFiles = {
"rtp.conf" = ''
[general]
rtpstart=10000
rtpend=20000
'';
"extensions.conf" = ''
[from-twilio]
exten => _.,1,Dial(SIP/1337,20)
[from-signalwire]
exten => s,1,Set(numb=''${CUT(CUT(PJSIP_HEADER(read,To),@,1),:,2)})
same => n,Dial(SIP/1337,20)
[from-internal]
exten => _1X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.us}>)
same => n,Dial(PJSIP/''${EXTEN:1}@signalwire)
same => n(end),Hangup()
exten => _2X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.canada}>)
same => n,Dial(PJSIP/''${EXTEN:1}@signalwire)
same => n(end),Hangup()
exten => _3X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.uk}>)
same => n,Dial(PJSIP/+''${EXTEN:1}@twilio-ie)
same => n(end),Hangup()
'';
"pjproject.conf" = ''
; Common pjproject options
;
;========================LOG_MAPPINGS SECTION OPTIONS===============================
;[log_mappings]
; SYNOPSIS: Provides pjproject to Asterisk log level mappings.
; NOTES: The name of this section in the pjproject.conf configuration file must
; remain log_mappings or the configuration will not be applied.
; The defaults mentioned below only apply if this file or the 'log_mappings'
; object can'tbe found. If the object is found, there are no defaults. If
; you don't specify an entry, nothing will be logged for that level.
;
;asterisk_error = ; A comma separated list of pjproject log levels to map to
; Asterisk errors.
; (default: "0,1")
;asterisk_warning = ; A comma separated list of pjproject log levels to map to
; Asterisk warnings.
; (default: "2")
;asterisk_notice = ; A comma separated list of pjproject log levels to map to
; Asterisk notices.
; (default: "")
;asterisk_verbose = ; A comma separated list of pjproject log levels to map to
; Asterisk verbose.
; (default: "")
;asterisk_debug = ; A comma separated list of pjproject log levels to map to
; Asterisk debug
; (default: "3,4,5")
;type= ; Must be of type log_mappings (default: "")
'';
"sip.conf" = ''
[general]
;; Only uncomment this if you want to connect to a different SIP server and receive calls from it
context=public
allowguest=no
udpbindaddr=0.0.0.0:5160
tcpbindaddr=0.0.0.0:5160
tcpenable=yes
transport=udp,tcp
disallow=all
allow=speex32
allow=g722
allow=ulaw
allow=alaw
allow=gsm
allow=g726
[1337]
type=friend
context=from-internal
host=dynamic
secret=${witch.secrets.hosts.athame.phone.password}
nat=force_rport,comedia
'';
"pjsip_wizard.conf" = ''
[user_defaults](!)
type = wizard
accepts_registrations = yes
sends_registrations = no
accepts_auth = yes
sends_auth = no
endpoint/context = from-internal
endpoint/tos_audio=ef
endpoint/tos_video=af41
endpoint/cos_audio=5
endpoint/cos_video=4
endpoint/allow = !all,ulaw
endpoint/dtmf_mode= rfc4733
endpoint/aggregate_mwi = yes
endpoint/use_avpf = no
endpoint/rtcp_mux = no
endpoint/bundle = no
endpoint/ice_support = no
endpoint/media_use_received_transport = no
endpoint/trust_id_inbound = yes
endpoint/media_encryption = no
endpoint/timers = yes
endpoint/media_encryption_optimistic = no
endpoint/send_pai = yes
endpoint/rtp_symmetric = yes
endpoint/rewrite_contact = yes
endpoint/force_rport = yes
endpoint/language = en
[trunk_defaults](!)
type = wizard
endpoint/transport=0.0.0.0-udp
endpoint/allow = !all,ulaw
endpoint/t38_udptl=no
endpoint/t38_udptl_ec=none
endpoint/fax_detect=no
endpoint/trust_id_inbound=no
endpoint/t38_udptl_nat=no
endpoint/direct_media=no
endpoint/rewrite_contact=yes
endpoint/rtp_symmetric=yes
endpoint/dtmf_mode=rfc4733
endpoint/allow_subscribe = no
aor/qualify_frequency = 60
[twilio-ie](trunk_defaults)
sends_auth = yes
sends_registrations = no
remote_hosts = kat-asterisk.pstn.dublin.twilio.com
outbound_auth/username = asterisk
outbound_auth/password = ${witch.secrets.hosts.athame.phone.endpoint.password.twilio}
endpoint/context = from-twilio
aor/qualify_frequency = 60
'';
"pjsip.conf" = ''
[global]
type=global
[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
allow_reload=no
tos=cs3
cos=3
[signalwire]
type=auth
auth_type=userpass
username=asterisk ; Your username
password=${witch.secrets.hosts.athame.phone.endpoint.password.signalwire}
[signalwire]
type=aor
contact=sip:${witch.secrets.hosts.athame.phone.endpoint.url}
[signalwire]
type=endpoint
transport=transport-udp
outbound_auth=signalwire ; Note that there is only an outbound_auth, as we do not challenge when a call arrives inbound
aors=signalwire
disallow=all
allow=speex32
allow=g722
allow=ulaw
allow=alaw
allow=gsm
allow=g726
from_user=asterisk
from_domain=${witch.secrets.hosts.athame.phone.endpoint.url}
media_encryption=sdes ; Note that we are using encryption
context=from-signalwire
[signalwire]
type=registration
server_uri=sip:${witch.secrets.hosts.athame.phone.endpoint.url}
client_uri=sip:asterisk@${witch.secrets.hosts.athame.phone.endpoint.url}; Your full SIP URI
outbound_auth=signalwire
[signalwire]
type=identify
endpoint=signalwire
match=${witch.secrets.hosts.athame.phone.endpoint.url}
'';
"logger.conf" = ''
[general]
dateformat=%F %T
[logfiles]
; Add debug output to log
messages => security, notice,warning,error
syslog.local0 => notice,warning,error,debug
'';
};
};
}

24
config/services/bitwarden.nix
View file

@ -1,24 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.bitwarden_rs = {
enable = true;
config = {
rocketPort = 4000;
websocketEnabled = true;
signupsAllowed = false;
adminToken = witch.secrets.hosts.athame.bitwarden_secret;
domain = "https://vault.kittywit.ch";
};
};
services.nginx.virtualHosts."vault.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/".proxyPass = "http://127.0.0.1:4000";
"/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
};
};
}

17
config/services/gitea.nix
View file

@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
services.gitea = {
enable = true;
disableRegistration = true;
domain = "git.kittywit.ch";
rootUrl = "https://git.kittywit.ch";
httpAddress = "127.0.0.1";
};
services.nginx.virtualHosts."git.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
};
}

49
config/services/mail.nix
View file

@ -1,49 +0,0 @@
{ config, pkgs, witch, sources, ... }:
{
imports = [ sources.nixos-mailserver.outPath ];
mailserver = {
enable = true;
fqdn = "kittywit.ch";
domains = [ "kittywit.ch" ];
# A list of all login accounts. To create the password hashes, use
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
loginAccounts = {
"kat@kittywit.ch" = {
hashedPasswordFile = config.secrets.files.kat_mail_hash.path;
aliases = [ "postmaster@kittywit.ch" ];
# Make this user the catchAll address for domains kittywit.ch and
# example2.com
catchAll = [ "kittywit.ch" ];
};
};
# Extra virtual aliases. These are email addresses that are forwarded to
# loginAccounts addresses.
extraVirtualAliases = {
# address = forward address;
"abuse@kittywit.ch" = "kat@kittywit.ch";
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
# Enable IMAP and POP3
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
# Enable the ManageSieve protocol
enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
};
}

119
config/services/matrix.nix
View file

@ -1,119 +0,0 @@
{ config, pkgs, witch, ... }:
{
environment.systemPackages =
[ pkgs.arc.pkgs.mx-puppet-discord pkgs.mautrix-whatsapp ];
services.matrix-synapse = {
enable = true;
registration_shared_secret = witch.secrets.hosts.athame.matrix_secret;
max_upload_size = "512M";
server_name = "kittywit.ch";
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
];
listeners = [{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
};
services.mautrix-telegram = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kittywit.ch";
};
appservice = {
provisioning.enabled = false;
id = "telegram";
public = {
enabled = false;
prefix = "/public";
external = "https://kittywit.ch/public";
};
};
bridge = {
relaybot.authless_portals = false;
permissions = { "@kat:kittywit.ch" = "admin"; };
};
};
environmentFile = "/etc/secrets/mautrix-telegram.env";
};
systemd.services.mx-puppet-discord = {
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart =
"${pkgs.arc.pkgs.mx-puppet-discord}/bin/mx-puppet-discord -c /var/lib/mx-puppet-discord/config.yaml -f /var/lib/mx-puppet-discord/discord-registration.yaml";
WorkingDirectory = "/var/lib/mx-puppet-discord";
DynamicUser = true;
StateDirectory = "mx-puppet-discord";
UMask = 27;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
requisite = [ "matrix-synapse.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
systemd.services.mautrix-whatsapp = {
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart =
"${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp -c /var/lib/mautrix-whatsapp/config.yaml -r /var/lib/mautrix-whatsapp/registration.yaml";
WorkingDirectory = "/var/lib/mautrix-whatsapp";
DynamicUser = true;
StateDirectory = "mautrix-whatsapp";
UMask = 27;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
requisite = [ "matrix-synapse.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
services.nginx.virtualHosts."kittywit.ch" = {
locations = {
"/_matrix" = { proxyPass = "http://[::1]:8008"; };
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "kittywit.ch:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://kittywit.ch"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
};
}

18
config/services/murmur.nix
View file

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
{
security.acme = { certs."kittywit.ch" = { group = "kittywit-ch"; }; };
users.groups."kittywit-ch".members = [ "murmur" "nginx" "syncplay" ];
services.murmur = {
enable = true;
hostName = "kittywit.ch";
extraConfig = ''
sslCert=/var/lib/acme/kittywit.ch/fullchain.pem
sslKey=/var/lib/acme/kittywit.ch/key.pem
'';
};
}

29
config/services/nginx.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
clientMaxBodySize = "512m";
};
security.acme = {
email = witch.secrets.unscoped.acme.email;
acceptTerms = true;
};
}

12
config/services/syncplay.nix
View file

@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
users.users.syncplay = { isSystemUser = true; };
services.syncplay = {
enable = true;
user = "syncplay";
group = "kittywit-ch";
certDir = "/var/lib/acme/kittywit.ch/";
};
}

Some files were not shown because too many files have changed in this diff Show more