diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 157f3fc..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "C_Cpp.intelliSenseEngineFallback": "Disabled" -} diff --git a/backup/gui.nix b/backup/gui.nix index e9283c3..7747df4 100644 --- a/backup/gui.nix +++ b/backup/gui.nix @@ -3,20 +3,21 @@ let unstable = import { config = { allowUnfree = true; - chromium.commandLineArgs = - "--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache"; }; }; -in { +in +{ nixpkgs.config.allowUnfree = true; networking = { firewall.enable = false; - networkmanager = { enable = true; }; + networkmanager = { + enable = true; + }; }; environment.systemPackages = with unstable.pkgs; [ - chromium + brave fswebcam glxinfo gparted @@ -30,45 +31,14 @@ in { programs = { dconf.enable = true; adb.enable = true; - ssh = { startAgent = true; }; + ssh = { + startAgent = true; + }; gnupg.agent = { enable = true; pinentryFlavor = "curses"; # enableSSHSupport = true; }; - chromium = { - enable = true; - extensions = [ - # "cbnipbdpgcncaghphljjicfgmkonflee" # Axel Springer Blocker - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin - "mnjggcdmjocbbbhaepdhchncahnbgone" # SponsorBlock for YouTube - "oboonakemofpalcgghocfoadofidjkkk" # KeePassXC-Browser - "fploionmjgeclbkemipmkogoaohcdbig" # Page load time - "egnjhciaieeiiohknchakcodbpgjnchh" # Tab Wrangler - "fnaicdffflnofjppbagibeoednhnbjhg" # Floccus bookmarks - "mmpokgfcmbkfdeibafoafkiijdbfblfg" # Merge Windows - "gppongmhjkpfnbhagpmjfkannfbllamg" # Wappalyzer - "nljkibfhlpcnanjgbnlnbjecgicbjkge" # DownThemAll! - "lckanjgmijmafbedllaakclkaicjfmnk" # Clearurls - "njdfdhgcmkocbgbhcioffdbicglldapd" # LocalCDN - "jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey - ]; - extraOpts = { - "BrowserSignin" = 0; - "SyncDisabled" = true; - "PasswordManagerEnabled" = false; - "AutofillAddressEnabled" = true; - "AutofillCreditCardEnabled" = false; - "BuiltInDnsClientEnabled" = false; - "MetricsReportingEnabled" = true; - "SearchSuggestEnabled" = false; - "AlternateErrorPagesEnabled" = false; - "UrlKeyedAnonymizedDataCollectionEnabled" = false; - "SpellcheckEnabled" = true; - "SpellcheckLanguage" = [ "de" "en-US" ]; - "CloudPrintSubmitEnabled" = false; - }; - }; }; fonts = { diff --git a/backup/user-gui.nix b/backup/user-gui.nix index 8eefd20..678b28a 100644 --- a/backup/user-gui.nix +++ b/backup/user-gui.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: -with builtins; let +with builtins; +let unstable = import { config.allowUnfree = true; }; rofiPin = import (pkgs.fetchFromGitHub { @@ -27,7 +28,7 @@ in baobab barrier keepassxc - ponymix #rofi-default + ponymix mullvad-vpn dracula-theme deadbeef @@ -43,11 +44,7 @@ in }; }; - services = { - syncthing = { - enable = true; - }; - }; + services = { syncthing = { enable = true; }; }; programs = { vscode = { diff --git a/configs/common-server.nix b/configs/common-server.nix index 8023a9a..ff52f8f 100644 --- a/configs/common-server.nix +++ b/configs/common-server.nix @@ -3,7 +3,8 @@ let secrets = import ../configs/secrets.nix; be = import ../configs/borg-exclude.nix; unstable = import { config.allowUnfree = true; }; -in { +in +{ imports = [ ../configs/common.nix ../configs/docker.nix ../configs/user.nix ]; fileSystems."/export/docker" = { diff --git a/configs/common.nix b/configs/common.nix index 2ab8712..d65e7f8 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -50,6 +50,9 @@ in { borgbackup btrfs-progs cargo + dog + du-dust + duf gnupg gocryptfs graphviz @@ -63,13 +66,14 @@ in { man-pages mlocate nethogs + nil nix-du nix-tree + nixpkgs-fmt nmap nodejs parallel pciutils - # plocate ruby unixtools.xxd unzip diff --git a/configs/user.nix b/configs/user.nix index eebe654..04a151d 100644 --- a/configs/user.nix +++ b/configs/user.nix @@ -2,7 +2,8 @@ let unstable = import { config.allowUnfree = true; }; secrets = import ./secrets.nix; -in { +in +{ imports = [ ]; # Define a user account. Don't forget to set a password with ‘passwd’. @@ -46,7 +47,7 @@ in { ]; home = { - stateVersion = "22.05"; + stateVersion = "23.05"; packages = with unstable.pkgs; [ atop btop diff --git a/machine/vps.nix b/machine/vps.nix index 64cb569..3c32f0d 100644 --- a/machine/vps.nix +++ b/machine/vps.nix @@ -3,13 +3,13 @@ let secrets = import ../configs/secrets.nix; be = import ../configs/borg-exclude.nix; unstable = import { config.allowUnfree = true; }; -in { +in +{ imports = [ /etc/nixos/hardware-configuration.nix ../configs/common-server.nix ]; boot.loader.grub = { enable = true; - version = 2; device = "/dev/sda"; # or "nodev" for efi only }; @@ -120,7 +120,7 @@ in { }; }; - environment.systemPackages = with pkgs; [ goaccess xd nyx ]; + environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ]; programs = { mtr.enable = true; @@ -152,8 +152,12 @@ in { "szczepan.ski" = { forceSSL = true; enableACME = true; - globalRedirect = "www.linkedin.com/in/alexander-szczepanski-0254967b"; - #root = "/var/www/myhost.org"; + globalRedirect = "alexander.szczepan.ski"; + }; + "alexander.szczepan.ski" = { + forceSSL = true; + enableACME = true; + root = "/var/www/alexander.szczepan.ski"; }; "nextcloud.szczepan.ski" = { forceSSL = true; @@ -198,26 +202,11 @@ in { enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:8083/"; }; }; }; - # "mail.szczepan.ski" = { - # forceSSL = true; - # enableACME = true; - # locations = { "/" = { proxyPass = "http://127.0.0.1:8084/"; }; }; - # }; - # "git.szczepan.ski" = { - # forceSSL = true; - # enableACME = true; - # locations = { "/" = { proxyPass = "http://127.0.0.1:49154/"; }; }; - # }; "jellyfin.szczepan.ski" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:8085/"; }; }; }; - # "file-manager.szczepan.ski" = { - # forceSSL = true; - # enableACME = true; - # locations = { "/" = { proxyPass = "http://127.0.0.1:8088/"; }; }; - # }; "webdav.szczepan.ski" = { forceSSL = true; enableACME = true; @@ -233,11 +222,6 @@ in { enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:9091/"; }; }; }; - "photoprism.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:2342/"; }; }; - }; "syncthing.szczepan.ski" = { forceSSL = true; enableACME = true; @@ -308,7 +292,7 @@ in { settings = { address = "127.0.0.1"; port = 8090; - scope = "/home/alex/docker/transmission-wireguard/downloads"; + scope = "/home/alex/docker/"; modify = true; auth = true; users = [{ @@ -326,45 +310,20 @@ in { ''; }; - # vaultwarden = { - # enable = true; - # config = { - # domain = "https://vaultwarden.szczepan.ski"; - # signupsAllowed = false; - # rocketPort = 8092; - # rocketAddress = "127.0.0.1"; - # # adminToken = - # # "jCehRECvxqWmXKMZx3dgtVEdJuqUxXoODEagItTPptBizG9SGQLCpTqjZoBM4ZDa"; - # websocketEnabled = true; - # websocketAddress = "127.0.0.1"; - # websocketPort = 3012; - # }; - # }; - - # bitcoind.main = { enable = false; }; - # monero = { - # enable = true; - # # limits = { threads = 4; }; - # rpc = { - # user = "alex"; - # password = secrets.moneroUserPassword; - # #address = "10.100.0.1"; - # }; - # limits = { - # download = 1048576; - # upload = 1048576; - # }; - # extraConfig = '' - # enforce-dns-checkpointing=true - # enable-dns-blocklist=true # Block known-malicious nodes - # no-igd=true # Disable UPnP port mapping - # no-zmq=true # ZMQ configuration - - # # bandwidth settings - # out-peers=32 # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays - # in-peers=32 # The default is unlimited; we prefer to put a cap on this - # ''; - # }; + vaultwarden = { + enable = true; + config = { + domain = "https://vaultwarden.szczepan.ski"; + signupsAllowed = false; + rocketPort = 8092; + rocketAddress = "127.0.0.1"; + # adminToken = + # "jCehRECvxqWmXKMZx3dgtVEdJuqUxXoODEagItTPptBizG9SGQLCpTqjZoBM4ZDa"; + websocketEnabled = true; + websocketAddress = "127.0.0.1"; + websocketPort = 3012; + }; + }; i2pd = { enable = true; @@ -372,17 +331,7 @@ in { address = "207.180.220.97"; # TCP & UDP port = 9898; - # myEep = { - # enable = true; - # keys = "myEep-keys.dat"; - # inPort = 80; - # address = "::1"; - # destination = "::1"; - # port = 8081; - # # inbound.length = 1; - # # outbound.length = 1; - # }; - # }; + ntcp2.port = 9899; # websocket = { # enable = true; # address = "10.100.0.1"; @@ -411,19 +360,80 @@ in { sam = { enable = true; }; }; + inTunnels = { + foo = { + enable = true; + # keys = "foo-keys.dat"; + inPort = 80; + address = "127.0.0.1"; + destination = "127.0.0.1"; + port = 8008; + }; + foo2 = { + enable = true; + # keys = "foo-keys.dat"; + inPort = 80; + address = "127.0.0.1"; + destination = "127.0.0.1"; + port = 8009; + }; + }; + enableIPv4 = true; enableIPv6 = true; }; + icecast = { + enable = true; + hostname = "254ryojirydttsaealusydhwyjfe2rpschdaduok4czhg45of6ua.b32.i2p"; + listen = { + port = 13337; + address = "127.0.0.1"; + }; + admin = { + user = "alex"; + password = "AaOnwDoZnspv8MszCpZZ1KuR9xXJWIE5"; + }; + }; + tor = { enable = true; # relay = { # enable = true; # role = "private-bridge"; # }; + # settings = { + # ORPort = 9001; + # ControlPort = 9051; + # }; + openFirewall = true; + enableGeoIP = false; + relay.onionServices = { + foo = { + version = 3; + map = [{ + port = 80; + target = { + addr = "127.0.0.1"; + port = 8008; + }; + }]; + }; + foo2 = { + version = 3; + map = [{ + port = 80; + target = { + addr = "127.0.0.1"; + port = 8009; + }; + }]; + }; + }; settings = { - ORPort = 9001; - ControlPort = 9051; + ClientUseIPv4 = true; + ClientUseIPv6 = false; + ClientPreferIPv6ORPort = false; }; }; @@ -467,7 +477,7 @@ in { prune.keep = { daily = 7; weekly = 4; - monthly = 6; + monthly = 3; }; extraPruneArgs = "--save-space --stats"; exclude = [ @@ -481,5 +491,5 @@ in { # Limit stack size to reduce memory usage systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - system.stateVersion = "22.11"; + system.stateVersion = "23.05"; }