Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Modularize teams sops yazi

Browse source
This commit is contained in:
DashieTM 2024-08-24 13:25:08 +02:00
parent 7730cbef59
commit c73cb37278
75 changed files with 3023 additions and 3573 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hardware/marmo/configuration.nix
View file

@ -1,7 +1,5 @@
{ config, ... }: {
imports = [
../../modules
];
imports = [ ../../modules ];
# variables for system
conf = {
monitor = "DP-1";
@ -22,17 +20,13 @@
amdgpu.enable = true;
kde_connect.enable = true;
xone.enable = true;
greetd = {
resolution = "3440x1440@180";
};
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [
{
name = "pw_sync";
remote = "/PWs";
local = "/home/${config.conf.username}/Music";
}
];
synclist = [{
name = "pw_sync";
remote = "/PWs";
local = "/home/${config.conf.username}/Music";
}];
};
};
}

15
hardware/overheating/configuration.nix
View file

@ -1,15 +1,14 @@
{ config, ... }: {
imports = [
../../modules
];
imports = [ ../../modules ];
conf = {
monitor = "eDP-1";
scale = "2.0";
hostname = "overheating";
boot_params = [ "rtc_cmos.use_acpi_alarm=1" ];
ironbar.modules = [
{ type = "upower"; class = "memory-usage"; }
];
ironbar.modules = [{
type = "upower";
class = "memory-usage";
}];
};
mods = {
stylix.colorscheme = "catppuccin-mocha";
@ -27,9 +26,7 @@
kde_connect.enable = true;
bluetooth.enable = true;
acpid.enable = true;
greetd = {
resolution = "3440x1440@180";
};
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [
{

3
hardware/overheating/dsdt.nix
View file

@ -12,9 +12,8 @@ let
echo kernel/firmware/acpi/ssdt6.aml | bsdcpio -v -o -H newc -R 0:0 > $out/lenotrolli-ssdt.img
'';
};
in
{
in {
boot.kernelParams = [ "mem_sleep_default=deep" ];
boot.initrd.prepend = [ "${patched_ssdt}/lenotrolli-ssdt.img" ];
}

6
hardware/overheating/firmware.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
hardware.firmware = [
(
# lenovo is such a good manufacturer!!1!11!
@ -12,7 +11,6 @@
cp ${./firmware/TAS2XXX38BB.bin} $out/lib/firmware/TAS2XXX38BB.bin
cp ${./firmware/TIAS2781RCA4.bin} $out/lib/firmware/TIAS2781RCA4.bin
'';
}
)
})
];
}

6
hardware/overheating/overheating.nix
View file

@ -1,9 +1,5 @@
{
# special hardware modules
# mostly to fix firmare and dsts
imports =
[
./dsdt.nix
./firmware.nix
];
imports = [ ./dsdt.nix ./firmware.nix ];
}

88
hardware/server/configuration.nix
View file

@ -16,8 +16,7 @@ let
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
in {
networking.hostName = "server";
networking.domain = "dashie.org";
imports = [
@ -45,9 +44,7 @@ in
pkgs.ntfs3g
pkgs.rsync
];
openssh.authorizedKeys.keyFiles = [
/home/dashie/server.pub
];
openssh.authorizedKeys.keyFiles = [ /home/dashie/server.pub ];
};
services.openssh = {
@ -68,28 +65,25 @@ in
enable_registration_without_verification = true;
suppress_key_server_warning = true;
max_upload_size = "1G";
listeners = [
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
listeners = [{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = true;
}];
}];
};
services.mautrix-whatsapp-dashie.settings = {
appservice = {
id = "whatsapp";
database = {
type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}";
uri =
"postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}";
};
};
bridge = {
@ -98,7 +92,8 @@ in
default = true;
required = true;
};
displayname_template = "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}}";
displayname_template =
"{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}}";
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
@ -110,7 +105,8 @@ in
id = "signal";
database = {
type = "postgres";
uri = "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}";
uri =
"postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}";
};
};
bridge = {
@ -119,7 +115,8 @@ in
default = true;
required = true;
};
displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
@ -131,11 +128,13 @@ in
id = "discord";
database = {
type = "postgres";
uri = "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}";
uri =
"postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}";
};
};
bridge = {
displayname_template = "{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}";
displayname_template =
"{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}";
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
@ -154,7 +153,12 @@ in
enableACME = true;
root = "/var/www/dashie.org/";
};
security.acme.certs."dashie.org".extraDomainNames = [ "cloud.dashie.org" "matrix.dashie.org" "git.dashie.org" "navi.dashie.org" ];
security.acme.certs."dashie.org".extraDomainNames = [
"cloud.dashie.org"
"matrix.dashie.org"
"git.dashie.org"
"navi.dashie.org"
];
services.nginx.virtualHosts."cloud.dashie.org" = {
addSSL = true;
enableACME = true;
@ -172,12 +176,10 @@ in
};
services.nginx.virtualHosts."localhost" = {
listen = [
{
addr = "0.0.0.0";
port = 8448;
}
];
listen = [{
addr = "0.0.0.0";
port = 8448;
}];
locations."/".proxyPass = "http://[::1]:8008";
};
@ -185,21 +187,19 @@ in
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
return 404;
return 404;
'';
locations."/_matrix" = {
proxyPass = "http://[::1]:8008";
};
locations."/_matrix" = { proxyPass = "http://[::1]:8008"; };
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/server".extraConfig =
mkWellKnown serverConfig;
# This is usually needed for homeserver discovery (from e.g. other Matrix clients).
# Further reference can be found in the upstream docs at
# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
extraConfig =
"client_max_body_size 2G;"
;
locations."= /.well-known/matrix/client".extraConfig =
mkWellKnown clientConfig;
extraConfig = "client_max_body_size 2G;";
};
services.nextcloud.enable = true;
@ -325,9 +325,7 @@ in
system.stateVersion = "24.05";
nix = {
settings = {
experimental-features = "nix-command flakes";
};
settings = { experimental-features = "nix-command flakes"; };
extraOptions = ''
!include ${config.sops.secrets.access.path}
'';

70
hardware/server/hardware-configuration.nix
View file

@ -1,51 +1,44 @@
{ config, lib, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/678ecbd1-a5ce-4530-a959-ffb48f76aa43";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/678ecbd1-a5ce-4530-a959-ffb48f76aa43";
fsType = "btrfs";
};
fileSystems."/var/lib/nextcloud" =
{
device = "/dev/disk/by-label/nextcloud";
fsType = "ext4";
};
fileSystems."/var/lib/nextcloud" = {
device = "/dev/disk/by-label/nextcloud";
fsType = "ext4";
};
fileSystems."/mnt/dump3" =
{
device = "/dev/disk/by-label/backup";
fsType = "ext4";
};
fileSystems."/mnt/dump3" = {
device = "/dev/disk/by-label/backup";
fsType = "ext4";
};
fileSystems."/mnt/dump1" =
{
device = "/dev/disk/by-uuid/CC60532860531912";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/mnt/dump1" = {
device = "/dev/disk/by-uuid/CC60532860531912";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/mnt/dump2" =
{
device = "/dev/disk/by-uuid/F46896AE68966EDC";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/mnt/dump2" = {
device = "/dev/disk/by-uuid/F46896AE68966EDC";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/B7BE-AB1C";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B7BE-AB1C";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/832dce11-b4c4-476c-ab28-bd98275a542c"; }];
@ -58,5 +51,6 @@
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

58
hardware/server/mautrix-discord.nix
View file

@ -1,15 +1,13 @@
# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
let
cfg = config.services.mautrix-discord-dashie;
dataDir = "/var/lib/mautrix-discord";
registrationFile = "${dataDir}/discord-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-discord-config-unsubstituted.json" cfg.settings;
settingsFileUnsubstituted =
settingsFormat.generate "mautrix-discord-config-unsubstituted.json"
cfg.settings;
settingsFormat = pkgs.formats.json { };
appservicePort = 29334;
@ -33,7 +31,8 @@ let
};
bridge = {
username_template = "discord_{{.}}";
displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
double_puppet_server_map = { };
login_shared_secret_map = { };
command_prefix = "!discord";
@ -50,10 +49,10 @@ let
};
};
in
{
in {
options.services.mautrix-discord-dashie = {
enable = lib.mkEnableOption "mautrix-discord, a Matrix-Discord puppeting bridge.";
enable =
lib.mkEnableOption "mautrix-discord, a Matrix-Discord puppeting bridge.";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
@ -76,9 +75,7 @@ in
ephemeral_events = false;
};
bridge = {
history_sync = {
request_full_sync = true;
};
history_sync = { request_full_sync = true; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
@ -86,12 +83,8 @@ in
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = {
"example.com" = "user";
};
provisioning = { shared_secret = "disable"; };
permissions = { "example.com" = "user"; };
};
};
};
@ -112,8 +105,10 @@ in
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
default = (lib.optional config.services.matrix-synapse.enable
config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable
"conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
@ -155,15 +150,16 @@ in
};
# Note: this is defined here to avoid the docs depending on `config`
services.mautrix-discord-dashie.settings.homeserver = optOneOf (with config.services; [
(lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name;
}))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address = "http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
services.mautrix-discord-dashie.settings.homeserver = optOneOf
(with config.services; [
(lib.mkIf matrix-synapse.enable
(mkDefaults { domain = matrix-synapse.settings.server_name; }))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address =
"http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
systemd.services.mautrix-discord-dashie = {
description = "mautrix-discord, a Matrix-Discord puppeting bridge.";
@ -241,7 +237,7 @@ in
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
Type = "simple";
UMask = 0027;
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
};

58
hardware/server/mautrix-whatsapp.nix
View file

@ -1,15 +1,13 @@
# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
let
cfg = config.services.mautrix-whatsapp-dashie;
dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
settingsFileUnsubstituted =
settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json"
cfg.settings;
settingsFormat = pkgs.formats.json { };
appservicePort = 29318;
@ -33,7 +31,8 @@ let
};
bridge = {
username_template = "whatsapp_{{.}}";
displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
double_puppet_server_map = { };
login_shared_secret_map = { };
command_prefix = "!whatsapp";
@ -50,10 +49,10 @@ let
};
};
in
{
in {
options.services.mautrix-whatsapp-dashie = {
enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
enable = lib.mkEnableOption
"mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
@ -76,9 +75,7 @@ in
ephemeral_events = false;
};
bridge = {
history_sync = {
request_full_sync = true;
};
history_sync = { request_full_sync = true; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
@ -86,12 +83,8 @@ in
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = {
"example.com" = "user";
};
provisioning = { shared_secret = "disable"; };
permissions = { "example.com" = "user"; };
};
};
};
@ -112,8 +105,10 @@ in
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
default = (lib.optional config.services.matrix-synapse.enable
config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable
"conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
@ -155,15 +150,16 @@ in
};
# Note: this is defined here to avoid the docs depending on `config`
services.mautrix-whatsapp-dashie.settings.homeserver = optOneOf (with config.services; [
(lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name;
}))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address = "http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
services.mautrix-whatsapp-dashie.settings.homeserver = optOneOf
(with config.services; [
(lib.mkIf matrix-synapse.enable
(mkDefaults { domain = matrix-synapse.settings.server_name; }))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address =
"http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
systemd.services.mautrix-whatsapp-dashie = {
description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
@ -241,7 +237,7 @@ in
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
Type = "simple";
UMask = 0027;
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
};

43
hardware/spaceship/configuration.nix
View file

@ -1,11 +1,7 @@
{ config, ... }:
let
username = config.conf.username;
in
{
imports = [
../../modules
];
let username = config.conf.username;
in {
imports = [ ../../modules ];
# config variables
conf = {
@ -14,10 +10,10 @@ in
hostname = "spaceship";
};
mods = {
# f to pay respect
teams.enable = true;
coding = { jetbrains = true; };
gaming = {
enable = true;
};
gaming = { enable = true; };
stylix.colorscheme = "catppuccin-mocha";
hyprland = {
monitor = [
@ -63,21 +59,14 @@ in
'';
extra_autostart = [ "flatpak run com.core447.StreamController -b" ];
};
extraDrives = [
{
name = "drive2";
drive =
{
device = "/dev/disk/by-label/DRIVE2";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
}
];
extraDrives = [{
name = "drive2";
drive = {
device = "/dev/disk/by-label/DRIVE2";
fsType = "ext4";
options = [ "noatime" "nodiratime" "discard" ];
};
}];
virtualbox.enable = true;
kde_connect.enable = true;
xone.enable = true;
@ -88,9 +77,7 @@ in
enable = true;
rocm.enable = true;
};
greetd = {
resolution = "3440x1440@180";
};
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [
{