diff --git a/flake.lock b/flake.lock index d4d2798..eef201d 100644 --- a/flake.lock +++ b/flake.lock @@ -28,43 +28,43 @@ ] }, "locked": { - "lastModified": 1745557122, - "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=", + "lastModified": 1757808926, + "narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1", + "rev": "f21d9167782c086a33ad53e2311854a8f13c281e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1745742390, - "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=", + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26245db0cb552047418cfcef9a25da91b222d6c7", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1745794561, - "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -77,15 +77,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2", - "treefmt-nix": "treefmt-nix" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1745913556, - "narHash": "sha256-hKf2z9fw7vwRBa4CCijolsZt+fqSCixSGai2MS0l+Wg=", + "lastModified": 1757946652, + "narHash": "sha256-PpPoePu9UIJdjtuaQ1xLM8PVqekI2s9im7r3SWgpVtU=", "owner": "nix-community", "repo": "nur", - "rev": "670e6a286982af78be5fc0b5109356db2d361119", + "rev": "9c4ccef96fa4d2411b89a3696d3e871047219b93", "type": "github" }, "original": { @@ -100,27 +99,6 @@ "nixpkgs": "nixpkgs", "nur": "nur" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index cb5295b..904e4c1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,8 @@ description = "Complete system and home config"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - home-manager.url = "github:nix-community/home-manager/release-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + home-manager.url = "github:nix-community/home-manager/release-25.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; nur.url = "github:nix-community/nur"; }; @@ -22,7 +22,7 @@ ./system/desktop.nix ./system/hardware/nova.nix ./system/gnome.nix - ./system/sway.nix + ./system/ergodox.nix ./system/steam.nix ./system/btrbk.nix ./system/yubikey.nix @@ -84,6 +84,23 @@ ]; }; + homer = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + networking.hostName = "homer"; + } + ./system + ./system/desktop.nix + ./system/hardware/homer.nix + ./system/gnome.nix + ./system/steam.nix + ./system/media.nix + # ./system/btrbk.nix + ./system/guest.nix + ]; + }; + }; homeConfigurations = { diff --git a/home/alt.nix b/home/alt.nix index 7ee559e..f0179e4 100644 --- a/home/alt.nix +++ b/home/alt.nix @@ -47,6 +47,7 @@ ./firefox.nix ./foot.nix ./fish.nix + ./vifm ./tmux ./nvim ]; diff --git a/home/calendars.nix b/home/calendars.nix index 3051570..bb3b888 100644 --- a/home/calendars.nix +++ b/home/calendars.nix @@ -59,32 +59,38 @@ in accounts.calendar.basePath = "${config.xdg.dataHome}/calendars"; accounts.calendar.accounts = { + till = calDefaults // { khal.enable = true; primary = true; khal.color = "light blue"; remote = myRemote "personal"; }; + mitlisa = calDefaults // { khal.enable = true; khal.color = "light magenta"; remote = myRemote "lisa-und-till"; }; + family = calDefaults // { khal.enable = true; khal.color = "dark magenta"; remote = myRemote "family"; }; + bdays = calDefaults // { khal.enable = true; khal.color = "yellow"; remote = myRemote "geburtstage"; }; + polit = calDefaults // { khal.enable = true; khal.color = "dark gray"; remote = myRemote "polit"; }; + ihg = calDefaults // { khal.enable = true; khal.color = "dark cyan"; @@ -93,6 +99,7 @@ in url = "https://geocom.uni-frankfurt.de/radicale/ihg/5012a739-dbaf-334b-f093-8db1860bc26e/"; }; }; + "eintracht_m" = calDefaults // { khal.enable = true; khal.color = "light red"; @@ -101,6 +108,7 @@ in url = "http://i.cal.to/ical/257/eintrachtfrankfurt/spielplan/28ae0d30.f781380b-e6f28bd4.ics"; }; }; + "eintracht_f" = calDefaults // { khal.enable = true; khal.color = "dark red"; @@ -109,6 +117,16 @@ in url = "http://i.cal.to/ical/5940/eintrachtfrankfurt/spielplan-frauen-profis/28ae0d30.f781380b-1763bff2.ics"; }; }; + + "feiertage" = calDefaults // { + khal.enable = true; + khal.color = "dark green"; + remote = { + type = "http"; + url = "https://ics.tools/Feiertage/hessen.ics"; + }; + }; + "grid" = calDefaults // { khal.enable = true; khal.color = "light green"; diff --git a/home/castget/castget.conf b/home/castget/castget.conf index 0b9d87a..cd4f148 100644 --- a/home/castget/castget.conf +++ b/home/castget/castget.conf @@ -1,27 +1,34 @@ # vim: set ft=conf -[drei90] -url=http://feeds.feedburner.com/Drei90 -id3album=drei90 +[2.5admins] +url=https://2.5admins.com/feed/podcast [50plus2] url=https://50plus2.podigee.io/feed/mp3 -id3album=50+2 +album_tag=50+2 + +[drei90] +url=http://feeds.feedburner.com/Drei90 +album_tag=drei90 + +[efpodcast] +url=https://www.eintracht-podcast.de/feed/mp3 [latenightlinux] url=https://latenightlinux.com/feed/mp3 -[linuxdevtime] -url=https://latenightlinux.com/feed/extra - [linuxafterdark] url=https://linuxafterdark.net/feed/podcast +[linuxdevtime] +url=https://latenightlinux.com/feed/extra + [linuxmatters] url=https://linuxmatters.sh/episode/index.xml -[2.5admins] -url=https://2.5admins.com/feed/podcast +[logbuchnetzpolitik] +url=https://feeds.metaebene.me/lnp/mp3 +album_tag=Logbuch Netzpolitik [schlusskonferenz] url=https://schlusskonferenz.podigee.io/feed/mp3 @@ -31,20 +38,16 @@ url=https://tribuenengespraech.podigee.io/feed/mp3 [wettbrötchen] url=https://www.wett-broetchen.de/feed/mp3 -id3album=Wettbrötchen +album_tag=Wettbrötchen -[efpodcast] -url=https://www.eintracht-podcast.de/feed/mp3 +[edeltalk] +url=https://cdn.julephosting.de/podcasts/573-edeltalk-mit-dominik-kevin/feed.rss +album_tag=Edeltalk -# [edeltalk] -# url=https://cdn.julephosting.de/podcasts/573-edeltalk-mit-dominik-kevin/feed.rss -# id3album=Edeltalk - -[logbuchnetzpolitik] -url=https://feeds.metaebene.me/lnp/mp3 -id3album=Logbuch Netzpolitik +[youredeadtome] +url=https://podcasts.files.bbci.co.uk/p07mdbhg.rss [*] -id3contenttype=Podcast +genre_tag=Podcast spool=/home/till/.local/share/podcasts filename=%(channel_title)_%(date)_%(title).mp3 diff --git a/home/default.nix b/home/default.nix index 0c610dc..721210e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -5,7 +5,6 @@ home.packages = with pkgs; [ # messenger - element-desktop signal-desktop tdesktop @@ -18,6 +17,7 @@ jdk poppler_utils zotero + lorem # graphics gimp @@ -29,14 +29,14 @@ # media bookworm - heroic anki-bin - freetube qbittorrent nicotine-plus # other quickemu + keymapp + gnome-solanum ]; @@ -50,6 +50,6 @@ ]; programs.obs-studio.enable = true; - programs.kitty.enable = true; + programs.freetube.enable = true; } diff --git a/home/firefox.nix b/home/firefox.nix index efb192b..529518a 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, osConfig, ... }: { programs.firefox = { @@ -38,17 +38,19 @@ ${config.home.username} = { name = config.home.username; isDefault = true; - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ + adaptive-tab-bar-colour auto-tab-discard keepassxc-browser tampermonkey ublock-origin vimium + web-archives zotero-connector ]; search = { force = true; - default = "Google"; + default = "ddg"; engines = { "Nix Packages" = { urls = [{ @@ -63,66 +65,67 @@ }; "NixOS Wiki" = { urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@nw" ]; }; "NixOS Options" = { urls = [{ template = "https://search.nixos.org/options?query={searchTerms}"; }]; - iconUpdateURL = "https://nixos.org/favicon.png"; + icon = "https://nixos.org/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@no" ]; }; "Home manager options" = { - urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-24.11"; }]; - iconUpdateURL = "https://mipmip.github.io/home-manager-option-search/images/favicon.png"; + # urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-${osConfig.system.nixos.release}"; }]; + urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-25.05"; }]; + icon = "https://mipmip.github.io/home-manager-option-search/images/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@hm" ]; }; "Google maps" = { urls = [{ template = "http://maps.google.com/?q={searchTerms}"; }]; - iconUpdateURL = "https://www.google.com/images/branding/product/ico/maps15_bnuw3a_32dp.ico"; + icon = "https://www.google.com/images/branding/product/ico/maps15_bnuw3a_32dp.ico"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@gm" ]; }; "Google scholar" = { urls = [{ template = "https://scholar.google.com/scholar?q={searchTerms}"; }]; - iconUpdateURL = "https://scholar.google.com/favicon.ico"; + icon = "https://scholar.google.com/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@gs" ]; }; "UB" = { urls = [{ template = "https://ubffm.hds.hebis.de/Search/Results?lookfor={searchTerms}"; }]; - iconUpdateURL = "https://ubffm.hds.hebis.de/themes/ubffm/images/favicon.ico"; + icon = "https://ubffm.hds.hebis.de/themes/ubffm/images/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@ub" ]; }; "SciHub" = { urls = [{ template = "https://libgen.is/search.php?req={searchTerms}"; }]; - iconUpdateURL = "https://libgen.is/favicon.ico"; + icon = "https://libgen.is/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@lg" ]; }; "Libgen" = { urls = [{ template = "https://libgen.is/search.php?req={searchTerms}"; }]; - iconUpdateURL = "https://libgen.is/favicon.ico"; + icon = "https://libgen.is/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@lg" ]; }; "Urban Dictionary" = { urls = [{ template = "https://www.urbandictionary.com/define.php?term={searchTerms}"; }]; - iconUpdateURL = "https://www.urbandictionary.com/favicon-32x32.png"; + icon = "https://www.urbandictionary.com/favicon-32x32.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@ud" ]; }; "Leo" = { urls = [{ template = "https://dict.leo.org/englisch-deutsch/{searchTerms}"; }]; - iconUpdateURL = "https://dict.leo.org/img/favicons/ende-32.png"; + icon = "https://dict.leo.org/img/favicons/ende-32.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@leo" ]; }; "Wikipedia".metaData.alias = "@wiki"; - "Bing".metaData.hidden = true; + "bing".metaData.hidden = true; "Amazon.de".metaData.hidden = true; }; }; @@ -138,11 +141,11 @@ user_pref("browser.warnOnQuitShortcut", false); user_pref("dom.security.https_only_mode", true); user_pref("extensions.formautofill.creditCards.enabled", false); - user_pref("extensions.pocket.enabled", true); + user_pref("extensions.pocket.enabled", false); user_pref("intl.accept_languages", "de-de,en-us,en"); user_pref("intl.regional_prefs.use_os_locales", true); user_pref("media.eme.enabled", true); - user_pref("network.trr.custom_uri", "https://dns.quad9.net/dns-query "); + user_pref("network.trr.custom_uri", "https://dns.quad9.net/dns-query"); user_pref("network.trr.mode", 2); user_pref("network.trr.uri", "https://dns.quad9.net/dns-query"); user_pref("permissions.default.desktop-notification", 2); diff --git a/home/fish.nix b/home/fish.nix index a811b6f..ea5c2a4 100644 --- a/home/fish.nix +++ b/home/fish.nix @@ -2,28 +2,12 @@ { home.shellAliases = { top = "btm --battery"; - linkbox = "ln -s (pwd) ~/box/"; - rloft = "tmux source-file ~/.config/tmux/rloft.conf"; - liftbox = "ssh tstraube@login.server.uni-frankfurt.de \"rm -r box/*\" && scp -vr ~/box/ tstraube@login.server.uni-frankfurt.de:box/"; - ktiubox = "rsync -vaL --delete ~/box/ root@ktiu.net:/var/www/html/box/"; ymd = "date +'%Y-%m-%d'"; - pulluni = "ssh tstraube@login.server.uni-frankfurt.de \"cd uni-tstraube && git pull\""; - pullstat = "tar czf - -C ~/teach/2025_statistik/skript/public/ . | ssh tstraube@login.server.uni-frankfurt.de 'tar xzf - -C ~/public_html/c/stat25'"; - pullgrid = "ssh till@geocom.uni-frankfurt.de \"cd /var/www/grid && git pull\""; - buildfk = "curl -X POST -d '{}' https://api.netlify.com/build_hooks/65dc8705b91d7cbaf0a1e1b5"; - showbox = "chromium-browser -app=https://user.uni-frankfurt.de/~tstraube/box"; - showc = "chromium-browser -app=https://user.uni-frankfurt.de/~tstraube/c/"; - castget = "castget -prvC ~/.config/castget/castget.conf"; - castsync = "rsync -va --remove-source-files --progress --stats ~/.local/share/podcasts/ /run/media/till/CLIP\\ JAM/Podcasts/"; - musicsync = "rsync -va --ignore-existing --progress --stats ~/media/music/sync/ /run/media/till/CLIP\\ JAM/Music/"; - cb = "cd $(sed 's|^file://||' /home/till/.config/gtk-3.0/bookmarks | fzf --height 10% --reverse)"; - univpn = "secret-tool lookup server uni-frankfurt.de account tstraube | sudo openconnect --config=/home/till/.config/openconnect/config --passwd-on-stdin"; + dmy = "date +'%-d.-%-m.%Y'"; v = "nvim"; r = "R --no-save --no-restore"; R = "R --no-save --no-restore"; cdg = "cd \$(git rev-parse --show-toplevel)"; - map = "telnet mapscii.me"; - weather = "curl wttr.in/frankfurt"; }; programs.fish = { enable = true; @@ -37,14 +21,6 @@ function fish_greeting; end - function pod --description 'Full service podcast refresh' - castget - udisksctl mount -b /dev/disk/by-label/CLIP\\x20JAM - musicsync - castsync - udisksctl unmount -b /dev/disk/by-label/CLIP\\x20JAM - end - function startrloft --description 'Starts R with custom environment' set -lx R_ENVIRON_USER "~/.config/rloft/RLoft_environ" R -q @@ -62,10 +38,6 @@ end end - function lipsum --description 'Create placeholder text' - nix-shell -p perl536Packages.TextLorem --run 'lorem '(echo $argv) - end - set -U fish_prompt_pwd_dir_length 0 function fish_prompt --description "Write out the prompt" @@ -93,7 +65,7 @@ set __fish_git_prompt_char_upstream_ahead '+' set __fish_git_prompt_char_upstream_behind '-' - test -f '/home/till/.config/netlify/helper/path.fish.inc' && source '/home/till/.config/netlify/helper/path.fish.inc' + test -f ${config.xdg.configHome}/alias.fish && source ${config.xdg.configHome}/alias.fish ''; }; } diff --git a/home/foot.nix b/home/foot.nix index 6b67031..8083e47 100644 --- a/home/foot.nix +++ b/home/foot.nix @@ -8,6 +8,7 @@ shell = "${pkgs.fish}/bin/fish -c 'tmux attach'"; pad = "17x17"; font = "JetBrains Mono:size=14"; + # font = "Adwaita Mono:size=14"; initial-window-mode = "maximized"; line-height = "19"; }; diff --git a/home/gnome/default.nix b/home/gnome/default.nix index 19c77f1..d51ab82 100644 --- a/home/gnome/default.nix +++ b/home/gnome/default.nix @@ -7,8 +7,10 @@ size = 32; }; - home.packages = with pkgs; [ - gnomeExtensions.run-or-raise + home.packages = with pkgs.gnomeExtensions; [ + run-or-raise + removable-drive-menu + system-monitor ]; dconf.settings = { diff --git a/home/guest.nix b/home/guest.nix index c7f43a7..b03555d 100644 --- a/home/guest.nix +++ b/home/guest.nix @@ -33,9 +33,11 @@ wl-clipboard qbittorrent vlc + mpv # mullvad-vpn ffmpeg libnotify + # freetube ]; imports = [ @@ -45,6 +47,7 @@ ./fish.nix ./tmux ./nvim + ./fonts.nix ]; programs.nix-index = { diff --git a/home/minimal.nix b/home/minimal.nix index 11d51ec..a2db679 100644 --- a/home/minimal.nix +++ b/home/minimal.nix @@ -31,6 +31,7 @@ fzf jq progress + rename silver-searcher tldr tmux diff --git a/home/nvim/default.nix b/home/nvim/default.nix index 02b1b71..79f5e71 100644 --- a/home/nvim/default.nix +++ b/home/nvim/default.nix @@ -1,25 +1,29 @@ { config, pkgs, ... }: { - home.packages = with pkgs.nodePackages; [ - typescript-language-server + imports = [ ./khard-dump.nix ]; + home.packages = with pkgs; [ + nodePackages.typescript-language-server + marksman ]; - programs.neovim = { extraConfig = builtins.readFile ./config.vim; enable = true; defaultEditor = true; plugins = with pkgs.vimPlugins; + let woof = pkgs.vimUtils.buildVimPlugin { name = "woof.vim"; src = builtins.fetchGit { - url = "ssh://git@ktiu.net/home/git/woof.vim/"; + url = "ssh://git@shorbut.ktiu.net/home/git/woof.vim/"; ref = "main"; - rev = "ea2ed3afb7c00a6b1672351e22195c0f8dd5d696"; + rev = "4425fa50137a71ba4c48c3a09c3db1aad06705dc"; }; }; - in [ + in + + [ { plugin = woof; config = '' @@ -56,7 +60,6 @@ \) ''; } - { plugin = goyo; config = '' @@ -65,7 +68,6 @@ nnoremap ]og :Goyo! ''; } - { plugin = limelight-vim; config = '' @@ -76,12 +78,10 @@ nnoremap ]of :Limelight! ''; } - { plugin = nvim-colorizer-lua; config = "lua require 'colorizer'.setup()"; } - { plugin = papercolor-theme; config = '' @@ -89,7 +89,6 @@ colorscheme PaperColor ''; } - typescript-vim { plugin = ultisnips; diff --git a/home/nvim/khard-dump.nix b/home/nvim/khard-dump.nix new file mode 100644 index 0000000..cc13376 --- /dev/null +++ b/home/nvim/khard-dump.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + systemd.user.timers = { + khard-dump = { + Unit = { + Description = "Timer to run khard-dump service"; + }; + Timer = { + OnCalendar = "*:00/10"; + Unit = "khard-dump.service"; + }; + }; + }; + + systemd.user.services = { + khard-dump = { + Unit = { + Description = "Dumps contact info to custom cache file"; + }; + Service = { + ExecStart = "${pkgs.writeScript "khard-dump" '' + #! ${pkgs.stdenv.shell} + ${pkgs.khard.outPath}/bin/khard email --parsable --remove-first-line | awk 'BEGIN{FS=OFS="\t"}{print $2, $1}\' > ${config.xdg.cacheHome}/khard-dump + ''}"; + }; + }; + }; +} diff --git a/home/nvim/lsp.vim b/home/nvim/lsp.vim index 0adf222..976e7dc 100644 --- a/home/nvim/lsp.vim +++ b/home/nvim/lsp.vim @@ -69,7 +69,7 @@ lua <.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/system/media.nix b/system/media.nix new file mode 100644 index 0000000..bcccd09 --- /dev/null +++ b/system/media.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + services.sonarr = { + enable = true; + group = "media"; + }; + services.radarr = { + enable = true; + group = "media"; + }; + + services.flaresolverr.enable = true; + services.prowlarr.enable = true; + services.bazarr.enable = true; + + users.groups.media = {}; + + users.users.guest.extraGroups = [ "media" "wheel" ]; + users.users.sonarr.extraGroups = [ "media" ]; +} diff --git a/system/web-server/dex.nix b/system/web-server/dex.nix new file mode 100644 index 0000000..1708e36 --- /dev/null +++ b/system/web-server/dex.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: + +let + + dex = { + hostname = "dex.${config.networking.domain}"; + }; + +in { + + services.dex = { + enable = true; + environmentFile = "/var/custom-access/dex-environemnt"; + settings = { + issuer = "https://${dex.hostname}"; + storage.type = "sqlite3"; + web.http = "127.0.0.1:5556"; + staticClients = [ + { + id = "outline"; + name = "Outline Client"; + redirectURIs = [ "https://${outline.hostname}/auth/oidc.callback" ]; + secretFile = "/var/custom-access/outline-oidc-secret.txt"; + } + ]; + enablePasswordDB = true; + # staticPasswords = [ + # { + # email = "till@ktiu.net"; + # # gen hash with $ htpasswd -nBC 10 "" | tr -d ':\n' + # hash = ""; + # username = "bootstrap-admin"; + # # $ uuidgen + # userID = ""; + # } + # ]; + }; + }; + + security.acme.certs."${config.networking.domain}".extraDomainNames = [ + "dex.${config.networking.domain}" + ]; + + services.nginx.virtualHosts = { + "dex.${config.networking.domain}" = { + onlySSL = true; + useACMEHost = config.networking.domain; + locations."/" = { + proxyPass = "http://${config.services.dex.settings.web.http}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/system/web-server/ksh-map.nix b/system/web-server/ksh-map.nix index 1377262..a0b9e73 100644 --- a/system/web-server/ksh-map.nix +++ b/system/web-server/ksh-map.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - services.nginx.virtualHosts."karte.nichtzudritt.de" = { + services.nginx.virtualHosts."kshmap.ktiu.net" = { forceSSL = true; enableACME = true; root = "/var/www/ksh-map/dist"; diff --git a/system/web-server/mail/postfix.nix b/system/web-server/mail/postfix.nix index a00fba8..e5a1130 100644 --- a/system/web-server/mail/postfix.nix +++ b/system/web-server/mail/postfix.nix @@ -2,13 +2,13 @@ let - submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' - /^Received:/ IGNORE - /^X-Originating-IP:/ IGNORE - /^X-Mailer:/ IGNORE - /^User-Agent:/ IGNORE - /^X-Enigmail:/ IGNORE - /^Message-ID:\s+<(.*?)@.*?>/ REPLACE Message-ID: <$1@ktiu.net> + submissionheadercleanuprules = pkgs.writetext "submission_header_cleanup_rules" '' + /^received:/ ignore + /^x-originating-ip:/ ignore + /^x-mailer:/ ignore + /^user-agent:/ ignore + /^x-enigmail:/ ignore + /^message-id:\s+<(.*?)@.*?>/ replace message-id: <$1@ktiu.net> ''; in { diff --git a/system/web-server/outline.nix b/system/web-server/outline.nix index 7a2b699..e2f5cee 100644 --- a/system/web-server/outline.nix +++ b/system/web-server/outline.nix @@ -7,11 +7,6 @@ let mail = "outline@${config.networking.domain}"; }; - # bootstrapping only - # dex = { - # hostname = "dex.${config.networking.domain}"; - # }; - in { services.outline = { @@ -42,38 +37,8 @@ in { # }; }; - # services.dex = { - # enable = true; - # environmentFile = "/var/custom-access/dex-environemnt"; - # settings = { - # issuer = "https://${dex.hostname}"; - # storage.type = "sqlite3"; - # web.http = "127.0.0.1:5556"; - # staticClients = [ - # { - # id = "outline"; - # name = "Outline Client"; - # redirectURIs = [ "https://${outline.hostname}/auth/oidc.callback" ]; - # secretFile = "/var/custom-access/outline-oidc-secret.txt"; - # } - # ]; - # enablePasswordDB = true; - # staticPasswords = [ - # { - # email = "till@ktiu.net"; - # # gen hash with $ htpasswd -nBC 10 "" | tr -d ':\n' - # hash = ""; - # username = "bootstrap-admin"; - # # $ uuidgen - # userID = ""; - # } - # ]; - # }; - # }; - security.acme.certs."${config.networking.domain}".extraDomainNames = [ "outline.${config.networking.domain}" - # "dex.${config.networking.domain}" ]; services.nginx.virtualHosts = { @@ -89,13 +54,5 @@ in { }; }; - # "dex.${config.networking.domain}" = { - # onlySSL = true; - # useACMEHost = config.networking.domain; - # locations."/" = { - # proxyPass = "http://${config.services.dex.settings.web.http}"; - # proxyWebsockets = true; - # }; - # }; }; } diff --git a/system/yubikey.nix b/system/yubikey.nix index f9a4406..1856e2f 100644 --- a/system/yubikey.nix +++ b/system/yubikey.nix @@ -3,14 +3,14 @@ { services.udev = { packages = [ pkgs.yubikey-personalization ]; - extraRules = '' - ACTION=="remove",\ - ENV{ID_BUS}=="usb",\ - ENV{ID_MODEL_ID}=="0407",\ - ENV{ID_VENDOR_ID}=="1050",\ - ENV{ID_VENDOR}=="Yubico",\ - RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; + # extraRules = '' + # ACTION=="remove",\ + # ENV{ID_BUS}=="usb",\ + # ENV{ID_MODEL_ID}=="0407",\ + # ENV{ID_VENDOR_ID}=="1050",\ + # ENV{ID_VENDOR}=="Yubico",\ + # RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + # ''; }; security.pam.services = { login.u2fAuth = true;