BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

foo

Browse Source
This commit is contained in:
Alexander Szczepanski
2023-06-06 06:50:17 +02:00
parent 190943674a
commit 98677def9f
7 changed files with 113 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored
View File

@ -1,3 +0,0 @@
{
"C_Cpp.intelliSenseEngineFallback": "Disabled"
}

48
backup/gui.nix
View File

@ -3,20 +3,21 @@ let
unstable = import <nixos-unstable> { unstable = import <nixos-unstable> {
config = { config = {
allowUnfree = true; allowUnfree = true;
chromium.commandLineArgs =
"--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache";
}; };
}; };
in { in
{
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking = { networking = {
firewall.enable = false; firewall.enable = false;
networkmanager = { enable = true; }; networkmanager = {
enable = true;
};
}; };
environment.systemPackages = with unstable.pkgs; [ environment.systemPackages = with unstable.pkgs; [
chromium brave
fswebcam fswebcam
glxinfo glxinfo
gparted gparted
@ -30,45 +31,14 @@ in {
programs = { programs = {
dconf.enable = true; dconf.enable = true;
adb.enable = true; adb.enable = true;
ssh = { startAgent = true; }; ssh = {
startAgent = true;
};
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
pinentryFlavor = "curses"; pinentryFlavor = "curses";
# enableSSHSupport = true; # enableSSHSupport = true;
}; };
chromium = {
enable = true;
extensions = [
# "cbnipbdpgcncaghphljjicfgmkonflee" # Axel Springer Blocker
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
"mnjggcdmjocbbbhaepdhchncahnbgone" # SponsorBlock for YouTube
"oboonakemofpalcgghocfoadofidjkkk" # KeePassXC-Browser
"fploionmjgeclbkemipmkogoaohcdbig" # Page load time
"egnjhciaieeiiohknchakcodbpgjnchh" # Tab Wrangler
"fnaicdffflnofjppbagibeoednhnbjhg" # Floccus bookmarks
"mmpokgfcmbkfdeibafoafkiijdbfblfg" # Merge Windows
"gppongmhjkpfnbhagpmjfkannfbllamg" # Wappalyzer
"nljkibfhlpcnanjgbnlnbjecgicbjkge" # DownThemAll!
"lckanjgmijmafbedllaakclkaicjfmnk" # Clearurls
"njdfdhgcmkocbgbhcioffdbicglldapd" # LocalCDN
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
];
extraOpts = {
"BrowserSignin" = 0;
"SyncDisabled" = true;
"PasswordManagerEnabled" = false;
"AutofillAddressEnabled" = true;
"AutofillCreditCardEnabled" = false;
"BuiltInDnsClientEnabled" = false;
"MetricsReportingEnabled" = true;
"SearchSuggestEnabled" = false;
"AlternateErrorPagesEnabled" = false;
"UrlKeyedAnonymizedDataCollectionEnabled" = false;
"SpellcheckEnabled" = true;
"SpellcheckLanguage" = [ "de" "en-US" ];
"CloudPrintSubmitEnabled" = false;
};
};
}; };
fonts = { fonts = {

11
backup/user-gui.nix
View File

@ -1,6 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with builtins; let with builtins;
let
unstable = import <nixos-unstable> { config.allowUnfree = true; }; unstable = import <nixos-unstable> { config.allowUnfree = true; };
rofiPin = import rofiPin = import
(pkgs.fetchFromGitHub { (pkgs.fetchFromGitHub {
@ -27,7 +28,7 @@ in
baobab baobab
barrier barrier
keepassxc keepassxc
ponymix #rofi-default ponymix
mullvad-vpn mullvad-vpn
dracula-theme dracula-theme
deadbeef deadbeef
@ -43,11 +44,7 @@ in
}; };
}; };
services = { services = { syncthing = { enable = true; }; };
syncthing = {
enable = true;
};
};
programs = { programs = {
vscode = { vscode = {

3
configs/common-server.nix
View File

@ -3,7 +3,8 @@ let
secrets = import ../configs/secrets.nix; secrets = import ../configs/secrets.nix;
be = import ../configs/borg-exclude.nix; be = import ../configs/borg-exclude.nix;
unstable = import <nixos-unstable> { config.allowUnfree = true; }; unstable = import <nixos-unstable> { config.allowUnfree = true; };
in { in
{
imports = [ ../configs/common.nix ../configs/docker.nix ../configs/user.nix ]; imports = [ ../configs/common.nix ../configs/docker.nix ../configs/user.nix ];
fileSystems."/export/docker" = { fileSystems."/export/docker" = {

6
configs/common.nix
View File

@ -50,6 +50,9 @@ in {
borgbackup borgbackup
btrfs-progs btrfs-progs
cargo cargo
dog
du-dust
duf
gnupg gnupg
gocryptfs gocryptfs
graphviz graphviz
@ -63,13 +66,14 @@ in {
man-pages man-pages
mlocate mlocate
nethogs nethogs
nil
nix-du nix-du
nix-tree nix-tree
nixpkgs-fmt
nmap nmap
nodejs nodejs
parallel parallel
pciutils pciutils
# plocate
ruby ruby
unixtools.xxd unixtools.xxd
unzip unzip

5
configs/user.nix
View File

@ -2,7 +2,8 @@
let let
unstable = import <nixos-unstable> { config.allowUnfree = true; }; unstable = import <nixos-unstable> { config.allowUnfree = true; };
secrets = import ./secrets.nix; secrets = import ./secrets.nix;
in { in
{
imports = [ <home-manager/nixos> ]; imports = [ <home-manager/nixos> ];
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
@ -46,7 +47,7 @@ in {
]; ];
home = { home = {
stateVersion = "22.05"; stateVersion = "23.05";
packages = with unstable.pkgs; [ packages = with unstable.pkgs; [
atop atop
btop btop

170
machine/vps.nix
View File

@ -3,13 +3,13 @@ let
secrets = import ../configs/secrets.nix; secrets = import ../configs/secrets.nix;
be = import ../configs/borg-exclude.nix; be = import ../configs/borg-exclude.nix;
unstable = import <nixos-unstable> { config.allowUnfree = true; }; unstable = import <nixos-unstable> { config.allowUnfree = true; };
in { in
{
imports = imports =
[ /etc/nixos/hardware-configuration.nix ../configs/common-server.nix ]; [ /etc/nixos/hardware-configuration.nix ../configs/common-server.nix ];
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
version = 2;
device = "/dev/sda"; # or "nodev" for efi only device = "/dev/sda"; # or "nodev" for efi only
}; };
@ -120,7 +120,7 @@ in {
}; };
}; };
environment.systemPackages = with pkgs; [ goaccess xd nyx ]; environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ];
programs = { programs = {
mtr.enable = true; mtr.enable = true;
@ -152,8 +152,12 @@ in {
"szczepan.ski" = { "szczepan.ski" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
globalRedirect = "www.linkedin.com/in/alexander-szczepanski-0254967b"; globalRedirect = "alexander.szczepan.ski";
#root = "/var/www/myhost.org"; };
"alexander.szczepan.ski" = {
forceSSL = true;
enableACME = true;
root = "/var/www/alexander.szczepan.ski";
}; };
"nextcloud.szczepan.ski" = { "nextcloud.szczepan.ski" = {
forceSSL = true; forceSSL = true;
@ -198,26 +202,11 @@ in {
enableACME = true; enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:8083/"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:8083/"; }; };
}; };
# "mail.szczepan.ski" = {
# forceSSL = true;
# enableACME = true;
# locations = { "/" = { proxyPass = "http://127.0.0.1:8084/"; }; };
# };
# "git.szczepan.ski" = {
# forceSSL = true;
# enableACME = true;
# locations = { "/" = { proxyPass = "http://127.0.0.1:49154/"; }; };
# };
"jellyfin.szczepan.ski" = { "jellyfin.szczepan.ski" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:8085/"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:8085/"; }; };
}; };
# "file-manager.szczepan.ski" = {
# forceSSL = true;
# enableACME = true;
# locations = { "/" = { proxyPass = "http://127.0.0.1:8088/"; }; };
# };
"webdav.szczepan.ski" = { "webdav.szczepan.ski" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -233,11 +222,6 @@ in {
enableACME = true; enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:9091/"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:9091/"; }; };
}; };
"photoprism.szczepan.ski" = {
forceSSL = true;
enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:2342/"; }; };
};
"syncthing.szczepan.ski" = { "syncthing.szczepan.ski" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -308,7 +292,7 @@ in {
settings = { settings = {
address = "127.0.0.1"; address = "127.0.0.1";
port = 8090; port = 8090;
scope = "/home/alex/docker/transmission-wireguard/downloads"; scope = "/home/alex/docker/";
modify = true; modify = true;
auth = true; auth = true;
users = [{ users = [{
@ -326,45 +310,20 @@ in {
''; '';
}; };
# vaultwarden = { vaultwarden = {
# enable = true; enable = true;
# config = { config = {
# domain = "https://vaultwarden.szczepan.ski"; domain = "https://vaultwarden.szczepan.ski";
# signupsAllowed = false; signupsAllowed = false;
# rocketPort = 8092; rocketPort = 8092;
# rocketAddress = "127.0.0.1"; rocketAddress = "127.0.0.1";
# # adminToken = # adminToken =
# # "jCehRECvxqWmXKMZx3dgtVEdJuqUxXoODEagItTPptBizG9SGQLCpTqjZoBM4ZDa"; # "jCehRECvxqWmXKMZx3dgtVEdJuqUxXoODEagItTPptBizG9SGQLCpTqjZoBM4ZDa";
# websocketEnabled = true; websocketEnabled = true;
# websocketAddress = "127.0.0.1"; websocketAddress = "127.0.0.1";
# websocketPort = 3012; websocketPort = 3012;
# }; };
# }; };
# bitcoind.main = { enable = false; };
# monero = {
# enable = true;
# # limits = { threads = 4; };
# rpc = {
# user = "alex";
# password = secrets.moneroUserPassword;
# #address = "10.100.0.1";
# };
# limits = {
# download = 1048576;
# upload = 1048576;
# };
# extraConfig = ''
# enforce-dns-checkpointing=true
# enable-dns-blocklist=true # Block known-malicious nodes
# no-igd=true # Disable UPnP port mapping
# no-zmq=true # ZMQ configuration
# # bandwidth settings
# out-peers=32 # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays
# in-peers=32 # The default is unlimited; we prefer to put a cap on this
# '';
# };
i2pd = { i2pd = {
enable = true; enable = true;
@ -372,17 +331,7 @@ in {
address = "207.180.220.97"; address = "207.180.220.97";
# TCP & UDP # TCP & UDP
port = 9898; port = 9898;
# myEep = { ntcp2.port = 9899;
# enable = true;
# keys = "myEep-keys.dat";
# inPort = 80;
# address = "::1";
# destination = "::1";
# port = 8081;
# # inbound.length = 1;
# # outbound.length = 1;
# };
# };
# websocket = { # websocket = {
# enable = true; # enable = true;
# address = "10.100.0.1"; # address = "10.100.0.1";
@ -411,19 +360,80 @@ in {
sam = { enable = true; }; sam = { enable = true; };
}; };
inTunnels = {
foo = {
enable = true;
# keys = "foo-keys.dat";
inPort = 80;
address = "127.0.0.1";
destination = "127.0.0.1";
port = 8008;
};
foo2 = {
enable = true;
# keys = "foo-keys.dat";
inPort = 80;
address = "127.0.0.1";
destination = "127.0.0.1";
port = 8009;
};
};
enableIPv4 = true; enableIPv4 = true;
enableIPv6 = true; enableIPv6 = true;
}; };
icecast = {
enable = true;
hostname = "254ryojirydttsaealusydhwyjfe2rpschdaduok4czhg45of6ua.b32.i2p";
listen = {
port = 13337;
address = "127.0.0.1";
};
admin = {
user = "alex";
password = "AaOnwDoZnspv8MszCpZZ1KuR9xXJWIE5";
};
};
tor = { tor = {
enable = true; enable = true;
# relay = { # relay = {
# enable = true; # enable = true;
# role = "private-bridge"; # role = "private-bridge";
# }; # };
# settings = {
# ORPort = 9001;
# ControlPort = 9051;
# };
openFirewall = true;
enableGeoIP = false;
relay.onionServices = {
foo = {
version = 3;
map = [{
port = 80;
target = {
addr = "127.0.0.1";
port = 8008;
};
}];
};
foo2 = {
version = 3;
map = [{
port = 80;
target = {
addr = "127.0.0.1";
port = 8009;
};
}];
};
};
settings = { settings = {
ORPort = 9001; ClientUseIPv4 = true;
ControlPort = 9051; ClientUseIPv6 = false;
ClientPreferIPv6ORPort = false;
}; };
}; };
@ -467,7 +477,7 @@ in {
prune.keep = { prune.keep = {
daily = 7; daily = 7;
weekly = 4; weekly = 4;
monthly = 6; monthly = 3;
}; };
extraPruneArgs = "--save-space --stats"; extraPruneArgs = "--save-space --stats";
exclude = [ exclude = [
@ -481,5 +491,5 @@ in {
# Limit stack size to reduce memory usage # Limit stack size to reduce memory usage
systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024;
system.stateVersion = "22.11"; system.stateVersion = "23.05";
} }