kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 18:21:07 +01:00
Code Releases Activity

Compare commits

base: kfm:f7fe1fe8a880d8635d9553ce6c8ef5d74c43fefe
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail
..
compare: kfm:wayland
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail

10 Commits
f7fe1fe8a8 ... wayland

Author SHA1 Message Date
Kierán Meinhardt
b274a59a50 niri: add shortcut to float windows 2025-08-26 08:29:09 +02:00
Kierán Meinhardt
b4de03bb3c replace more instances of rofi by wofi 2025-08-26 08:28:56 +02:00
Kierán Meinhardt
b0062abbfe passmenu: fix 2025-08-26 07:50:31 +02:00
Kierán Meinhardt
0e9a046c5f obsidian-vim: add fugitive 2025-08-26 07:50:24 +02:00
Kierán Meinhardt
72ab319e65 niri: set window rules 2025-08-26 07:50:06 +02:00
Kierán Meinhardt
f08e43067b configure niri 2025-08-26 07:19:54 +02:00
Kierán Meinhardt
d0ac0af7c3 use wl-clipboard 2025-08-26 07:19:17 +02:00
Kierán Meinhardt
5febabb7fa use wofi 2025-07-11 11:37:23 +02:00
Kierán Meinhardt
44d29f90e9 working niri config 2025-07-10 06:51:51 +02:00
Kierán Meinhardt
1aaf0fe5ae configure wayland for kabsa 2025-07-09 09:23:41 +02:00
75 changed files with 1670 additions and 1223 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,7 +1,5 @@
# niveum
> I must Create a System, or be enslav'd by another Man's. —William Blake
> [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.)
>
> 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.—

8
configs/0ad.nix
View File

@@ -1,8 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.zeroad ];
networking.firewall = {
allowedTCPPorts = [ 20595 ];
allowedUDPPorts = [ 20595 ];
};
}

25
configs/aerc.nix
View File

@@ -8,14 +8,14 @@
inherit (import ../lib/email.nix) defaults thunderbirdProfile;
in {
age.secrets = {
email-password-ical-ephemeris = {
file = ../secrets/email-password-ical-ephemeris.age;
email-password-cock = {
file = ../secrets/email-password-cock.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
email-password-cock = {
file = ../secrets/email-password-cock.age;
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
@@ -92,17 +92,16 @@ in {
smtp.port = 25;
smtp.tls.useStartTls = true;
};
ical-ephemeris =
letos =
lib.recursiveUpdate defaults
rec {
userName = "ical.ephemeris@web.de";
realName = "Kieran from iCal Ephemeris";
address = userName;
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-ical-ephemeris.path}";
imap.host = "imap.web.de";
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "smtp.web.de";
smtp.port = 587;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
posteo =

2
configs/bash.nix
View File

@@ -5,6 +5,6 @@
interactiveShellInit = ''
set -o vi
'';
completion.enable = true;
enableCompletion = true;
};
}

12
configs/bots/autorenkalender.nix
View File

@@ -1,9 +1,17 @@
{
pkgs,
lib,
config,
inputs,
...
}: let
autorenkalender = inputs.autorenkalender.packages.x86_64-linux.default;
autorenkalender-package = pkgs.fetchFromGitHub {
owner = "kmein";
repo = "autorenkalender";
rev = "cf49a7b057301332d980eb47042a626add93db66";
sha256 = "1pa7sjg33vdnjianrqldv445jdzzv3mn231ljk1j58hs0cd505gs";
};
autorenkalender =
pkgs.python3Packages.callPackage autorenkalender-package {};
in {
niveum.bots.autorenkalender = {
enable = true;

20
configs/bots/smyth.nix
View File

@@ -20,31 +20,15 @@
command = toString (pkgs.writers.writeDash "random-smyth" ''
set -efu
good_curl() {
${pkgs.curl}/bin/curl "$@" \
--compressed \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.5' \
-H 'DNT: 1' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Priority: u=0, i' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache'
}
RANDOM_SECTION=$(
good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
${pkgs.curl}/bin/curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
| ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
| ${pkgs.coreutils}/bin/shuf -n1 \
| ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
)
url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
good_curl -sSL "$url"\
${pkgs.curl}/bin/curl -sSL "$url"\
| ${pkgs.htmlq}/bin/htmlq '#text_main' \
| ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
| ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none

6
configs/browser.nix
View File

@@ -6,7 +6,7 @@
}: {
environment.systemPackages = [
niveumPackages.cro
pkgs.tor-browser
pkgs.tor-browser-bundle-bin
pkgs.firefox
pkgs.brave
];
@@ -82,9 +82,5 @@
};
};
home-manager.users.me = {
stylix.targets.firefox.profileNames = ["default"];
};
environment.variables.BROWSER = "firefox";
}

19
configs/default.nix
View File

@@ -3,6 +3,7 @@
lib,
config,
niveumPackages,
unstablePackages,
inputs,
...
}:
@@ -23,9 +24,12 @@ in
config = {
allowUnfree = true;
packageOverrides = pkgs: {
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi -dmenu "$@"'';
};
permittedInsecurePackages = [
"qtwebkit-5.212.0-alpha4"
"zotero-6.0.26"
"electron-25.9.0"
];
};
};
@@ -95,14 +99,14 @@ in
{
o = "${pkgs.xdg-utils}/bin/xdg-open";
ns = "nix-shell --run zsh";
pbcopy = "${pkgs.xclip}/bin/xclip -selection clipboard -in";
pbpaste = "${pkgs.xclip}/bin/xclip -selection clipboard -out";
pbcopy = "${pkgs.wl-clipboard}/bin/wl-copy";
pbpaste = "${pkgs.wl-clipboard}/bin/wl-paste";
tmux = "${pkgs.tmux}/bin/tmux -2";
sxiv = swallow "${pkgs.nsxiv}/bin/nsxiv";
zathura = swallow "${pkgs.zathura}/bin/zathura";
im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic"; # Download with audio
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format opus --audio-quality 0 -xic"; # Download with audio
};
}
{
@@ -211,13 +215,15 @@ in
./direnv.nix
./docker.nix
./dunst.nix
./flix.nix
./fonts.nix
./fzf.nix
./git.nix
./hledger.nix
./htop.nix
./uni.nix
./fu-berlin.nix
./i3.nix
./niri.nix
./i3status-rust.nix
./keyboard.nix
./mycelium.nix
@@ -231,8 +237,8 @@ in
./nix.nix
./newsboat.nix
./flameshot.nix
./fritzbox.nix
./packages.nix
./virtualization.nix
./picom.nix
./stardict.nix
./polkit.nix
@@ -257,6 +263,7 @@ in
'';
}
./tor.nix
./stw-berlin.nix
./mastodon-bot.nix
{
fileSystems."${remoteDir}/fritz" = {

3
configs/flameshot.nix
View File

@@ -5,6 +5,7 @@
}: {
home-manager.users.me = {
services.flameshot = {
package = pkgs.flameshot.override { enableWlrSupport = true; };
enable = true;
settings.General = {
autoCloseIdleDaemon = true;
@@ -15,7 +16,7 @@
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
# buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
};
};
};

98
configs/flix.nix Normal file
View File

@@ -0,0 +1,98 @@
{
config,
pkgs,
...
}: let
flixLocation = "/media/flix";
flixLocationNew = "/media/flix-new";
cacheLocation = "/var/cache/flix";
indexFilename = "index";
indexFilenameNew = "index-new";
flixUser = "flix";
flixGroup = "users";
inherit (import ../lib) tmpfilesConfig;
in {
fileSystems.${flixLocation} = {
device = "prism.r:/export/download";
fsType = "nfs";
options = [
"noauto"
"noatime"
"nodiratime"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
"x-systemd.requires=tinc.retiolum.service"
"user"
"_netdev"
];
};
fileSystems.${flixLocationNew} = {
device = "//yellow.r/public";
fsType = "cifs";
options = [
"guest"
"nofail"
"noauto"
"ro"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
];
};
systemd.tmpfiles.rules = [
(tmpfilesConfig {
type = "d";
path = cacheLocation;
mode = "0750";
user = flixUser;
group = flixGroup;
})
];
systemd.services.flix-index = {
description = "Flix indexing service";
wants = ["network-online.target"];
script = ''
cp ${flixLocation}/index ./${indexFilename}
cp ${flixLocationNew}/index ./${indexFilenameNew}
'';
startAt = "hourly";
serviceConfig = {
Type = "oneshot";
User = flixUser;
Group = flixGroup;
WorkingDirectory = cacheLocation;
};
};
users.extraUsers.${flixUser} = {
isSystemUser = true;
createHome = true;
home = cacheLocation;
group = flixGroup;
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "mpv-simpsons" ''
set -efu
cd "${flixLocation}/download"
[ -f "${cacheLocation}/${indexFilename}" ] || exit 1
cat "${cacheLocation}/${indexFilename}" \
| ${pkgs.gnugrep}/bin/grep -i 'simpsons.*mkv' \
| shuf \
| ${pkgs.findutils}/bin/xargs -d '\n' ${pkgs.mpv}/bin/mpv
'')
(pkgs.writers.writeDashBin "flixmenu" ''
set -efu
(
${pkgs.gnused}/bin/sed 's#^\.#${flixLocation}#' ${cacheLocation}/${indexFilename}
${pkgs.gnused}/bin/sed 's#^\.#${flixLocationNew}#' ${cacheLocation}/${indexFilenameNew}
) | ${pkgs.dmenu}/bin/dmenu -i -p flix -l 5 "$@" \
| ${pkgs.findutils}/bin/xargs -I '{}' ${pkgs.util-linux}/bin/setsid ${pkgs.xdg-utils}/bin/xdg-open '{}'
'')
];
}

15
configs/fonts.nix
View File

@@ -1,5 +1,6 @@
{
pkgs,
config,
niveumPackages,
...
}: let
@@ -102,12 +103,12 @@ in {
lmodern
merriweather
ocr-a
montserrat
roboto
roboto-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-emoji
nerd-fonts.blex-mono
roboto-slab
scheherazade-new
source-code-pro
@@ -115,15 +116,15 @@ in {
source-serif-pro
theano
niveumPackages.tocharian-font
vista-fonts
vistafonts
vollkorn
zilla-slab
]; # google-fonts league-of-moveable-type
fontconfig.defaultFonts = rec {
monospace = ["Noto Sans Mono"] ++ emoji;
serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
emoji = ["Noto Color Emoji"];
monospace = [config.stylix.fonts.monospace.name] ++ emoji;
serif = [config.stylix.fonts.serif.name "Scheherazade New" "Ezra SIL" "Antinoou" "Noto Serif Devanagari"];
sansSerif = [config.stylix.fonts.sansSerif.name "Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
emoji = [config.stylix.fonts.emoji.name];
};
# xelatex fails with woff files
# ref https://tex.stackexchange.com/questions/392144/xelatex-and-fontspec-crash-trying-to-find-woff-file-for-some-fonts-but-not-other

19
configs/fritzbox.nix Normal file
View File

@@ -0,0 +1,19 @@
{ config, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wg-quick.interfaces.aether = {
autostart = false;
dns = ["192.168.178.1" "fritz.box"];
listenPort = 51820;
privateKeyFile = config.age.secrets.wireguard-aether-key.path;
peers = [
{
allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
persistentKeepalive = 25;
presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
}
];
};
}

86
configs/uni.nix → configs/fu-berlin.nix
View File

@@ -30,19 +30,7 @@ in {
};
};
accounts.email.accounts = {
letos =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
fu =
fu-student =
lib.recursiveUpdate defaults
(lib.recursiveUpdate fu-defaults
rec {
@@ -50,6 +38,21 @@ in {
address = "kieran.meinhardt@fu-berlin.de";
aliases = ["${userName}@fu-berlin.de"];
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = {
showSignature = "append";
text = ''
${defaults.realName}
${pronouns}
---
Studentische Hilfskraft / ZODIAC
Freie Universität Berlin
Telefon: +49 30 838 58118
Arnimallee 10, Raum 106, 14195 Berlin
'';
};
himalaya = {
enable = true;
settings.backend = "imap";
@@ -65,12 +68,6 @@ in {
group = config.users.users.me.group;
mode = "400";
};
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
fu-sftp-key = {
file = ../secrets/fu-sftp-key.age;
owner = "root";
@@ -113,31 +110,24 @@ in {
];
};
};
in home-directory-mount "meinhak99";
in {
"${remoteDir}/fu/zodiac" = {
device = "//trove.storage.fu-berlin.de/GESCHKULT";
fsType = "cifs";
options =
fu-berlin-cifs-options
++ [
"credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
];
};
} // home-directory-mount "meinhak99"
// home-directory-mount "xm7234fu";
age.secrets = {
cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "hu-vpn-split" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-split.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@split_tunnel
''
}
'')
(pkgs.writers.writeDashBin "hu-vpn-full" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-full.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@tunnel_all
''
}
'')
(pkgs.writers.writeDashBin "fu-vpn" ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
@@ -148,4 +138,16 @@ in {
fi
'')
];
systemd.services.fu-vpn = {
enable = false;
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
script = ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
fi
'';
};
}

23
configs/git.nix
View File

@@ -29,7 +29,9 @@ in {
programs.git = {
enable = true;
package = pkgs.gitFull;
settings.alias = {
userName = kieran.name;
userEmail = kieran.email;
aliases = {
br = "branch";
co = "checkout";
ci = "commit";
@@ -43,12 +45,19 @@ in {
graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
};
ignores = ignorePaths;
settings.user.name = kieran.name;
settings.user.email = kieran.email;
settings.pull.ff = "only";
settings.rebase.autoStash = true;
settings.merge.autoStash = true;
settings.push.autoSetupRemove = true;
extraConfig = {
pull.ff = "only";
rebase.autoStash = true;
merge.autoStash = true;
push.autoSetupRemote = true;
# # ref https://github.com/dandavison/delta
# core.pager = "${pkgs.delta}/bin/delta";
# interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
# delta.navigate = true;
# merge.conflictStyle = "diff3";
# diff.colorMoved = "default";
};
};
};
}

51
configs/i3.nix
View File

@@ -94,7 +94,7 @@ in {
services.xserver = {
windowManager.i3 = {
enable = true;
package = pkgs.i3;
package = pkgs.i3-gaps;
};
};
@@ -113,7 +113,6 @@ in {
'';
};
home-manager.users.me = let
modifier = "Mod4";
infoWorkspace = "";
@@ -132,7 +131,7 @@ in {
border = 1;
};
bars = [
(config.home-manager.users.me.stylix.targets.i3.exportedBarConfig
(config.home-manager.users.me.lib.stylix.i3.bar
// rec {
workspaceButtons = true;
mode = "hide"; # "dock";
@@ -270,7 +269,32 @@ in {
# XF86Launch1 (thinkvantage)
};
in {
stylix.targets.i3.enable = true;
wayland.windowManager.sway = {
enable = true;
config = {
menu = "rofi -modi run,ssh,window -show run";
inherit modifier modes gaps bars floating window colors keybindings;
input = {
"*" = {
xkb_layout = "de";
xkb_variant = "T3";
};
};
terminal = (defaultApplications pkgs).terminal;
up = "k";
down = "j";
left = "h";
right = "l";
seat = {
"*" = {
hide_cursor = "when-typing enable";
};
};
startup = [
{command = "echo hello";}
];
};
};
xsession.windowManager.i3 = {
enable = true;
@@ -287,9 +311,19 @@ in {
assign [class="dashboard"] ${infoWorkspace}
exec ${dashboard}/bin/dashboard
'';
config = {
inherit modifier gaps modes bars floating window colors;
keybindings = keybindings // {
config = lib.mkMerge [
{
inherit modifier gaps modes bars floating window colors keybindings;
}
{
keybindings = let
new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
move-to-new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
in {
"${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
"${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
"${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
@@ -300,7 +334,8 @@ in {
# "${modifier}+x" = "exec ${new-workspace}";
"XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
};
};
}
];
};
};
}

144
configs/keyboard.nix
View File

@@ -2,129 +2,91 @@
pkgs,
lib,
...
}:
let
}: let
commaSep = builtins.concatStringsSep ",";
xkbOptions = [
"compose:caps"
"terminate:ctrl_alt_bksp"
"grp:ctrls_toggle"
];
xkbOptions = ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
languages = {
deutsch = {
code = "de";
variant = "T3";
};
greek = {
code = "gr";
variant = "polytonic";
};
russian = {
code = "ru";
variant = "phonetic";
};
arabic = {
code = "ara";
variant = "buckwalter";
}; # ../lib/keyboards/arabic;
coptic = ../lib/keyboards/coptic;
arabic = { code = "ara"; variant = "buckwalter"; }; # ../lib/keyboards/arabic;
avestan = ../lib/keyboards/avestan;
coptic = ../lib/keyboards/coptic;
deutsch = { code = "de"; variant = "T3"; };
farsi = { code = "ir"; variant = "qwerty"; };
gothic = ../lib/keyboards/gothic;
farsi = {
code = "ir";
variant = "qwerty";
};
syriac = {
code = "sy";
variant = "syc_phonetic";
};
sanskrit = {
code = "in";
variant = "san-kagapa";
};
gujarati = {
code = "in";
variant = "guj-kagapa";
};
urdu = {
code = "in";
variant = "urd-phonetic";
};
hebrew = {
code = "il";
variant = "phonetic";
};
greek = { code = "gr"; variant = "polytonic"; };
gujarati = {code = "in"; variant = "guj-kagapa"; };
hebrew = {code = "il"; variant = "phonetic";};
russian = { code = "ru"; variant = "phonetic"; };
sanskrit = { code = "in"; variant = "san-kagapa"; };
syriac = { code = "sy"; variant = "syc_phonetic"; };
urdu = {code = "in"; variant = "urd-phonetic"; };
};
defaultLanguage = languages.deutsch;
in
{
in {
services.libinput.enable = true;
# man 7 xkeyboard-config
services.xserver = {
exportConfiguration = true; # link /usr/share/X11 properly
# exportConfiguration = true; # link /usr/share/X11 properly
xkb.layout = defaultLanguage.code;
# T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
# buckwalter: http://www.qamus.org/transliteration.htm
xkb.variant = defaultLanguage.variant;
xkb.options = commaSep xkbOptions;
xkb.dir = pkgs.symlinkJoin {
name = "x-keyboard-directory";
paths = [
"${pkgs.xkeyboard_config}/etc/X11/xkb"
(pkgs.linkFarm "custom-x-keyboards" (
lib.mapAttrsToList (name: value: {
name = "symbols/${name}";
path = value;
}) (lib.filterAttrs (_: value: !(value ? "code")) languages)
++ [
{
name = "symbols/ir";
path = ../lib/keyboards/farsi;
}
]
))
];
xkb.extraLayouts = {
"coptic" = {
languages = ["cop"];
description = "Coptic";
symbolsFile = ../lib/keyboards/coptic;
};
"gothic" = {
languages = ["got"];
description = "Gothic";
symbolsFile = ../lib/keyboards/gothic;
};
"avestan" = {
languages = ["ave"];
description = "Avestan";
symbolsFile = ../lib/keyboards/avestan;
};
"farsi-good" = {
languages = ["fas"];
description = "Farsi, but good";
symbolsFile = ../lib/keyboards/farsi;
};
};
};
environment.etc."x11-locale".source = toString pkgs.xorg.libX11 + "share/X11/locale";
home-manager.users.me = {
home.file =
lib.mapAttrs' (name: path: lib.nameValuePair ".xkb/symbols/${name}" { source = path; })
(lib.filterAttrs (_: value: !(value ? "code")) languages) // {
".xkb/symbols/ir".source = ../lib/keyboards/farsi;
};
};
console.keyMap = "de";
environment.systemPackages = lib.mapAttrsToList (
language: settings:
environment.systemPackages =
lib.mapAttrsToList
(language: settings:
let
code = if settings ? "code" then settings.code else language;
variant = if settings ? "variant" then settings.variant else "";
in
pkgs.writers.writeDashBin "kb-${language}" ''
if [ -z $SWAYSOCK ]; then
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${
toString (map (option: "-option ${option}") xkbOptions)
}
else
swaymsg -s $SWAYSOCK 'input * xkb_layout "${defaultLanguage.code},${code}"'
swaymsg -s $SWAYSOCK 'input * xkb_variant "${defaultLanguage.variant},${variant}"'
swaymsg -s $SWAYSOCK 'input * xkb_options "${lib.concatStringsSep "," xkbOptions}"'
fi
''
) languages;
pkgs.writers.writeDashBin "kb-${language}" ''
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${toString (map (option: "-option ${option}") xkbOptions)}
'')
languages ++
lib.mapAttrsToList
(language: settings:
let
code = if settings ? "code" then settings.code else language;
variant = if settings ? "variant" then settings.variant else "";
in
pkgs.writers.writeDashBin "kb-niri-${language}" ''
${pkgs.gnused}/bin/sed -i 's/^\(\s*layout\) ".*"$/\1 "${defaultLanguage.code},${code}"/;s/^\(\s*variant\) ".*"$/\1 "${defaultLanguage.variant},${variant}"/' ~/.config/niri/config.kdl
'') languages;
# improve held key rate
services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";
systemd.user.services.gxkb = {
wantedBy = [ "graphical-session.target" ];
wantedBy = ["graphical-session.target"];
serviceConfig = {
SyslogIdentifier = "gxkb";
ExecStart = "${pkgs.gxkb}/bin/gxkb";

2
configs/mpv.nix
View File

@@ -36,7 +36,7 @@ in {
"Alt+j" = "add video-pan-y -0.05";
};
scripts = [
pkgs.mpvScripts.quality-menu
# pkgs.mpvScripts.quality-menu
niveumPackages.mpv-visualizer
];
};

5
configs/neovim.nix
View File

@@ -37,8 +37,8 @@
environment.systemPackages = [
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(niveumPackages.vim.override {
# stylixColors = config.lib.stylix.colors;
colorscheme = "base16-gruvbox-dark-medium";
stylixColors = config.lib.stylix.colors;
# colorscheme = "base16-gruvbox-light-medium";
})
# language servers
@@ -46,7 +46,6 @@
pkgs.haskellPackages.haskell-language-server
pkgs.texlab
pkgs.nil
pkgs.gopls
pkgs.nixfmt-rfc-style
pkgs.rust-analyzer
pkgs.nodePackages.typescript-language-server

445
configs/niri.nix Normal file
View File

@@ -0,0 +1,445 @@
{
pkgs,
config,
niveumPackages,
lib,
...
}:
let
inherit (import ../lib) defaultApplications;
niriConfig =
let
klem = niveumPackages.klem.override {
config.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
config.scripts = {
"p.r paste" = pkgs.writers.writeDash "p.r" ''
${pkgs.curl}/bin/curl -fSs http://p.r --data-binary @- \
| ${pkgs.coreutils}/bin/tail --lines=1 \
| ${pkgs.gnused}/bin/sed 's/\\<r\\>/krebsco.de/'
'';
"envs.sh paste" = pkgs.writers.writeDash "envs-host" ''
${pkgs.curl}/bin/curl -F "file=@-" https://envs.sh
'';
"envs.sh shorten" = pkgs.writers.writeDash "envs-shorten" ''
${pkgs.curl}/bin/curl -F "shorten=$(${pkgs.coreutils}/bin/cat)" https://envs.sh
'';
"go.r shorten" = pkgs.writers.writeDash "go.r" ''
${pkgs.curl}/bin/curl -fSs http://go.r -F "uri=$(${pkgs.coreutils}/bin/cat)"
'';
"4d2.org paste" = pkgs.writers.writeDash "4d2-paste" ''
${pkgs.curl}/bin/curl -F "file=@-" https://depot.4d2.org/
'';
"0x0.st shorten" = pkgs.writers.writeDash "0x0.st" ''
${pkgs.curl}/bin/curl -fSs https://0x0.st -F "shorten=$(${pkgs.coreutils}/bin/cat)"
'';
"rot13" = pkgs.writers.writeDash "rot13" ''
${pkgs.coreutils}/bin/tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
'';
"ipa" = pkgs.writers.writeDash "ipa" ''
${niveumPackages.ipa}/bin/ipa
'';
"betacode" = pkgs.writers.writeDash "betacode" ''
${niveumPackages.betacode}/bin/betacode
'';
"curl" = pkgs.writers.writeDash "curl" ''
${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
'';
ocr = pkgs.writers.writeDash "ocr" ''
${pkgs.tesseract4}/bin/tesseract -l eng+deu - stdout
'';
emojai = pkgs.writers.writeDash "emojai" ''
${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
'';
"gpt-3.5" = pkgs.writers.writeDash "gpt" ''
${niveumPackages.gpt35}/bin/gpt
'';
gpt-4 = pkgs.writers.writeDash "gpt" ''
${niveumPackages.gpt4}/bin/gpt
'';
};
};
in
''
spawn-at-startup "${pkgs.ironbar}/bin/ironbar"
spawn-at-startup "${pkgs.xwayland-satellite}/bin/xwayland-satellite"
environment {
DISPLAY ":0"
ANKI_WAYLAND "1"
}
input {
warp-mouse-to-focus
focus-follows-mouse max-scroll-amount="0%"
keyboard {
repeat-rate 35
repeat-delay 350
track-layout "global"
xkb {
layout "de"
variant "T3"
options "ctrl:nocaps,compose:caps,grp:ctrls_toggle"
}
}
touchpad {
click-method "clickfinger"
tap
dwt
dwtp
}
}
prefer-no-csd
hotkey-overlay {
skip-at-startup
}
layout {
gaps 5
default-column-width {
proportion 0.5
}
preset-column-widths {
proportion 0.33333
proportion 0.5
proportion 0.66667
}
focus-ring {
width 2
}
shadow {
// on
softness 30
spread 5
offset x=0 y=5
draw-behind-window true
color "#00000070"
// inactive-color "#00000054"
}
tab-indicator {
// off
hide-when-single-tab
place-within-column
gap 5
width 4
length total-proportion=1.0
position "right"
gaps-between-tabs 2
corner-radius 8
active-color "red"
inactive-color "gray"
urgent-color "blue"
// active-gradient from="#80c8ff" to="#bbddff" angle=45
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
// urgent-gradient from="#800" to="#a33" angle=45
}
border {
off
}
}
animations {
// off
workspace-switch {
spring damping-ratio=1.0 stiffness=1000 epsilon=0.0001
}
window-open {
duration-ms 150
curve "ease-out-expo"
}
window-close {
duration-ms 150
curve "ease-out-quad"
}
horizontal-view-movement {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
window-movement {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
window-resize {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
config-notification-open-close {
spring damping-ratio=0.6 stiffness=1000 epsilon=0.001
}
screenshot-ui-open {
duration-ms 200
curve "ease-out-quad"
}
overview-open-close {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
}
window-rule {
geometry-corner-radius 0
clip-to-geometry true
}
window-rule {
match app-id="mpv"
open-floating true
}
window-rule {
match app-id="rofi"
open-floating true
}
window-rule {
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
open-floating true
default-floating-position x=32 y=32 relative-to="bottom-left"
}
window-rule {
match is-window-cast-target=true
border {
on
width 3
active-color "#f38ba8"
inactive-color "#7d0d2d"
}
}
binds {
Mod+Shift+Slash { show-hotkey-overlay; }
Mod+Return { spawn "${(defaultApplications pkgs).terminal}"; }
Mod+D { spawn "${pkgs.wofi}/bin/wofi" "--show" "run"; }
Mod+Shift+D { spawn "${niveumPackages.notemenu}/bin/notemenu"; }
Mod+T { spawn "${(defaultApplications pkgs).fileManager}"; }
Mod+Y { spawn "${(defaultApplications pkgs).browser}"; }
Mod+P { spawn "${niveumPackages.passmenu}/bin/passmenu"; }
Mod+U { spawn "${niveumPackages.unicodmenu}/bin/unicodmenu"; }
Mod+Shift+Z { toggle-window-floating; }
Mod+B { spawn "${pkgs.ironbar}/bin/ironbar" "bar" "bar-1337" "toggle-visible"; }
Mod+F12 { spawn "${klem}/bin/klem"; }
Mod+Shift+Q { close-window; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -i 5"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -d 5"; }
XF86AudioMute allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -t"; }
XF86AudioPause allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
XF86AudioPlay allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
XF86AudioNext allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl next"; }
XF86AudioPrev allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl previous"; }
XF86AudioStop allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl stop"; }
Print { spawn "flameshot gui"; }
Mod+Shift+W { spawn "swaylock"; }
Mod+Comma { consume-or-expel-window-left; }
Mod+Period { consume-or-expel-window-right; }
Mod+W { toggle-column-tabbed-display; }
Mod+A repeat=false { toggle-overview; }
Mod+F { maximize-column; }
Mod+C { center-column; }
Mod+Minus { set-column-width "-25%"; }
Mod+Plus { set-column-width "+25%"; }
Mod+Ctrl+0 { spawn "niri" "msg" "action" "switch-layout" "0"; }
Mod+Ctrl+1 { spawn "niri" "msg" "action" "switch-layout" "1"; }
Mod+Ctrl+2 { spawn "niri" "msg" "action" "switch-layout" "2"; }
Mod+Ctrl+3 { spawn "niri" "msg" "action" "switch-layout" "3"; }
Mod+Ctrl+4 { spawn "niri" "msg" "action" "switch-layout" "4"; }
Mod+Ctrl+5 { spawn "niri" "msg" "action" "switch-layout" "5"; }
Mod+Ctrl+6 { spawn "niri" "msg" "action" "switch-layout" "6"; }
Mod+Ctrl+7 { spawn "niri" "msg" "action" "switch-layout" "7"; }
Mod+Ctrl+8 { spawn "niri" "msg" "action" "switch-layout" "8"; }
Mod+Ctrl+9 { spawn "niri" "msg" "action" "switch-layout" "9"; }
Mod+H { focus-column-or-monitor-left; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+L { focus-column-or-monitor-right; }
Mod+Shift+H { move-column-left-or-to-monitor-left; }
Mod+Shift+J { move-window-down-or-to-workspace-down; }
Mod+Shift+K { move-window-up-or-to-workspace-up; }
Mod+Shift+L { move-column-right-or-to-monitor-right; }
Mod+Ctrl+H { focus-monitor-left; }
Mod+Ctrl+J { focus-monitor-down; }
Mod+Ctrl+K { focus-monitor-up; }
Mod+Ctrl+L { focus-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-workspace-down; }
Mod+Shift+Ctrl+K { move-column-to-workspace-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
Mod+Shift+Alt+Ctrl+H { move-workspace-to-monitor-left; }
Mod+Shift+Alt+Ctrl+J { move-workspace-down; }
Mod+Shift+Alt+Ctrl+K { move-workspace-up; }
Mod+Shift+Alt+Ctrl+L { move-workspace-to-monitor-right; }
Mod+1 { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+3 { focus-workspace 3; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+0 { focus-workspace 10; }
Mod+Shift+1 { move-window-to-workspace "1"; }
Mod+Shift+2 { move-window-to-workspace "2"; }
Mod+Shift+3 { move-window-to-workspace "3"; }
Mod+Shift+4 { move-window-to-workspace "4"; }
Mod+Shift+5 { move-window-to-workspace "5"; }
Mod+Shift+6 { move-window-to-workspace "6"; }
Mod+Shift+7 { move-window-to-workspace "7"; }
Mod+Shift+8 { move-window-to-workspace "8"; }
Mod+Shift+9 { move-window-to-workspace "9"; }
Mod+Shift+0 { move-window-to-workspace "0"; }
}
'';
in
{
system.activationScripts.niriConfig = {
text = ''
cp ${pkgs.writeText "config.kdl" niriConfig} ${config.users.users.me.home}/.config/niri/config.kdl
chown ${config.users.users.me.name}:${config.users.users.me.group} ${config.users.users.me.home}/.config/niri/config.kdl
'';
};
programs.niri.enable = true;
services.displayManager.defaultSession = lib.mkForce "niri";
home-manager.users.me = {
xdg.configFile."ironbar/style.css".text = ''
* {
font-size: 8pt;
font-family: "Gentium Plus", "BlexMono Nerd Font";
}
box, menubar, button {
background-color: unset;
box-shadow: none;
background-image: none;
}
.clock, .upower, .volume {
font-weight: unset;
}
tooltip * {
font-family: "BlexMono Nerd Font";
font-size: 7pt;
}
'';
xdg.configFile."ironbar/config.json".source = (pkgs.formats.json { }).generate "ironbar.json" {
name = "bar-1337";
height = 12;
layer = "top";
position = "bottom";
start = [ ];
center = [
{
type = "tray";
icon_size = 8;
}
{ type = "clipboard"; }
{ type = "notifications"; }
];
end = [
{
type = "upower";
icon_size = 8;
format = "{percentage}%";
}
{
type = "label";
tooltip = "{{df -h --output=size,used,avail,pcent,target}}";
label = "\t{{5000:df -h / --output=avail | tail +2}}";
}
{
type = "label";
tooltip = "{{free -Lh --si | awk '{for(i=1;i<=NF;i++){printf \"%s%s\", $i, (i%2? OFS: ORS)} if(NF%2) printf ORS}'}}";
label = "󰍛\t{{500:free -h --si | awk 'NR==2{printf $3 \"\\n\"}'}}";
}
{
type = "label";
tooltip = "{{}}";
on_click_left = "pamixer -t";
on_scroll_up = "pamixer -i 1";
on_scroll_down = "pamixer -d 1";
label = "{{500:if $(pamixer --get-mute) = true; then echo ; else echo ; fi}}\t{{500:pamixer --get-volume}}%";
}
{
type = "label";
tooltip = "{{uptime}}";
label = "\t{{500:uptime | sed 's/.*load average: \\([^ ]*\\);.*/\\1/' | tr ' ' '\n'}}";
}
{
type = "label";
tooltip = "{{khal list today today -d astro-test-3 }}";
label = "";
}
{
type = "label";
tooltip = "{{curl wttr.in/?0 | ${pkgs.ansifilter}/bin/ansifilter}}";
label = "󰔏";
}
{
type = "label";
name = "cal";
tooltip = "{{cal}}";
label = "{{500:date +'<U+F017>\t%Y-%m-%d (%W %a) %H:%M'}}";
}
];
};
programs.alacritty.enable = true; # Super+T in the default setting (terminal)
programs.swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
services.swaync = {
enable = true;
settings = {
notification-window-width = 300;
control-center-width = 300;
widgets = [
"volume"
"mpris"
"title"
"dnd"
"notifications"
];
widget-config = {
title = {
text = "ϥ̄";
"clear-all-button" = true;
"button-text" = "";
};
dnd.text = "̄̄ϣ̄̄";
label.text = "";
};
};
};
services.swayidle.enable = true; # idle management daemon
home.packages = with pkgs; [
xdg-desktop-portal-gnome
swaybg
];
};
services.gnome.gnome-keyring.enable = true; # secret service
security.pam.services.swaylock = { };
}

30
configs/packages.nix
View File

@@ -4,6 +4,7 @@
lib,
inputs,
niveumPackages,
unstablePackages,
...
}: let
worldradio = pkgs.callPackage ../packages/worldradio.nix {};
@@ -62,15 +63,9 @@ in {
};
environment.systemPackages = with pkgs; [
(pkgs.writers.writeDashBin "amfora" ''
${pkgs.st}/bin/st -e ${pkgs.amfora}/bin/amfora
'')
(pkgs.writers.writeDashBin "gpodder" ''
GPODDER_DOWNLOAD_DIR=${config.users.users.me.home}/mobile/audio/Text/podcasts exec ${pkgs.gpodder}/bin/gpodder "$@"
'')
# INTERNET
aria2
telegram-desktop
tdesktop
whois
dnsutils
# FILE MANAGERS
@@ -99,10 +94,9 @@ in {
# HARDWARE TOOLS
gnome-disk-utility
arandr # xrandr for noobs
wdisplays
libnotify # for notify-send
xclip # clipboard CLI
dragon-drop # drag and drop
wl-clipboard # clipboard CLI
xdragon # drag and drop
xorg.xkill # kill by clicking
portfolio # personal finance overview
audacity
@@ -120,23 +114,22 @@ in {
zoom-us # video conferencing
(pkgs.writers.writeDashBin "im" ''
weechat_password=$(${pkgs.pass}/bin/pass weechat)
exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
exec ${unstablePackages.weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
'')
alejandra # nix formatter
pdfgrep # search in pdf
pdftk # pdf toolkit
mupdf
poppler-utils # pdf toolkit
poppler_utils # pdf toolkit
kdePackages.okular # the word is nucular
xournalpp # for annotating pdfs
pdfpc # presenter console for pdf slides
niveumPackages.hc # print files as qr codes
# niveumPackages.hc # print files as qr codes
yt-dlp
espeak
rink # unit converter
niveumPackages.auc
niveumPackages.noise-waves
niveumPackages.stag
niveumPackages.cheat-sh
niveumPackages.polyglot
niveumPackages.qrpaste
@@ -151,6 +144,7 @@ in {
niveumPackages.pls
niveumPackages.mpv-tv
niveumPackages.mpv-iptv
# jellyfin-media-player
niveumPackages.devanagari
niveumPackages.betacode # ancient greek betacode to unicode converter
niveumPackages.meteo
@@ -203,6 +197,9 @@ in {
${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
'')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
inputs.scripts.packages.x86_64-linux.alarm
spotify
@@ -240,9 +237,10 @@ in {
dhall
html-tidy
nodePackages.csslint
nodePackages.jsonlint
deno # better node.js
go
texlive.combined.scheme-full
# texlive.combined.scheme-full
latexrun
(aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))
# haskellPackages.pandoc-citeproc

1
configs/spacetime.nix
View File

@@ -3,6 +3,5 @@
location = {
latitude = 52.517;
longitude = 13.3872;
provider = "geoclue2";
};
}

2
configs/ssh.nix
View File

@@ -4,7 +4,6 @@
in {
users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
programs.ssh.startAgent = true;
services.gnome.gcr-ssh-agent.enable = false;
home-manager.users.me = {
# https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
@@ -41,7 +40,6 @@ in {
home-manager.users.me.programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";

52
configs/stw-berlin.nix Normal file
View File

@@ -0,0 +1,52 @@
{
pkgs,
config,
...
}: {
age.secrets.stw-berlin-card-code.file = ../secrets/stw-berlin-card-code.age;
systemd.services.stw-berlin = {
enable = true;
wants = ["network-online.target"];
startAt = "weekly";
serviceConfig = {
User = config.users.users.me.name;
Group = config.users.users.me.group;
WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
LoadCredential = [
"password:${config.age.secrets.stw-berlin-card-code.path}"
];
};
script = ''
KARTEN_ID=8071859
PASSWORT=$(cat "$CREDENTIALS_DIRECTORY"/password)
endpoint=https://ks.stw.berlin:4433/TL1/TLM/KASVC
authorization_header='Authorization: Basic S0FTVkM6ekt2NXlFMUxaVW12VzI5SQ=='
get_auth_token() {
${pkgs.curl}/bin/curl -sSL "$endpoint/LOGIN?karteNr=$KARTEN_ID&format=JSON&datenformat=JSON" \
-X POST \
-H "$authorization_header" \
--data-raw '{"BenutzerID":"'$KARTEN_ID'","Passwort":"'$PASSWORT'"}' \
| ${pkgs.jq}/bin/jq -r '.[0].authToken|@uri'
}
get_transactions() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_items() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANSPOS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_transactions > transactions-$(date -I).json
get_items > items-$(date -I).json
'';
};
}

19
configs/stylix.nix
View File

@@ -18,7 +18,7 @@ in {
stylix.enable = true;
stylix.image = generatedWallpaper;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-light.yaml";
stylix.cursor = {
name = "capitaine-cursors-white";
@@ -26,9 +26,6 @@ in {
size = 12;
};
home-manager.users.me = {
stylix.autoEnable = true;
};
# environment.etc."stylix/wallpaper.png".source = generatedWallpaper;
@@ -55,22 +52,22 @@ in {
stylix.fonts = {
serif = {
package = pkgs.noto-fonts;
name = "Noto Serif";
package = pkgs.gentium;
name = "Gentium Plus";
};
sansSerif = {
package = pkgs.noto-fonts;
name = "Noto Sans";
package = pkgs.gentium;
name = "Gentium Plus";
};
monospace = {
package = pkgs.noto-fonts;
name = "Noto Sans Mono";
package = pkgs.nerd-fonts.blex-mono;
name = "BlexMono Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-color-emoji;
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};

11
configs/tmux.nix
View File

@@ -13,7 +13,7 @@
aggressiveResize = true;
escapeTime = 50;
historyLimit = 7000;
shortcut = "b";
shortcut = "a";
extraConfig = ''
set -g mouse on
@@ -37,6 +37,15 @@
set -g status-left-length 32
set -g status-right-length 150
set -g status-bg colour242
setw -g window-status-format "#[fg=colour12,bg=colour233] #I #[fg=white,bg=colour237] #W "
setw -g window-status-current-format "#[fg=colour12,bg=colour233] * #[fg=white,bg=colour237,bold] #W "
set -g status-left ""
set -g status-right "#[fg=colour255,bg=colour237,bold] #(hostname -I) #[default]#[fg=colour12,bg=colour233] %FT%R "
set -g status-justify left
set -g status-position bottom
'';
};

14
configs/virtualization.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
{
users.users.me.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
# Enable TPM support for VMs
virtualisation.libvirtd.qemu = {
# swtpm.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
];
}

5
configs/wpa_supplicant.nix
View File

@@ -1,9 +1,6 @@
{ config, ... }:
{
networking.wireless = {
enable = true;
secretsFile = config.age.secrets.wifi.path;
# networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
networks.Schilfpalast.pskRaw = "ext:schilfpalast";
networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
};
}

653
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

88
flake.nix
View File

@@ -2,36 +2,32 @@
description = "niveum: packages, modules, systems";
inputs = {
self.submodules = true;
agenix.url = "github:ryantm/agenix";
# alew-web.url = "git+ssh://gitea@code.kmein.de:22022/kfm/alew-web.git?ref=refs/heads/master";
autorenkalender.url = "github:kmein/autorenkalender";
coptic-dictionary.url = "github:kmein/coptic-dictionary";
flake-utils.url = "github:numtide/flake-utils";
home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager.url = "github:nix-community/home-manager/release-25.05";
menstruation-backend.url = "github:kmein/menstruation.rs";
menstruation-telegram.url = "github:kmein/menstruation-telegram";
centerpiece.url = "github:friedow/centerpiece";
nix-on-droid.url = "github:t184256/nix-on-droid/release-23.05";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nur.url = "github:nix-community/NUR";
recht.url = "github:kmein/recht";
retiolum.url = "github:krebs/retiolum";
rust-overlay.url = "github:oxalica/rust-overlay";
scripts.url = "github:kmein/scripts";
stockholm.url = "github:krebs/stockholm";
stylix.url = "github:danth/stylix/release-25.11";
stylix.url = "github:danth/stylix/release-25.05";
telebots.url = "github:kmein/telebots";
tinc-graph.url = "github:kmein/tinc-graph";
voidrice.url = "github:Lukesmithxyz/voidrice";
wallpaper-generator.url = "github:pinpox/wallpaper-generator/v1.1";
wallpapers.url = "github:kmein/wallpapers";
ical-ephemeris.url = "git+ssh://gitea@code.kmein.de:22022/kfm/ical-ephemeris";
autorenkalender.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "home-manager";
agenix.inputs.nixpkgs.follows = "nixpkgs";
coptic-dictionary.inputs.nixpkgs.follows = "nixpkgs";
@@ -50,6 +46,7 @@
scripts.inputs.flake-utils.follows = "flake-utils";
scripts.inputs.nixpkgs.follows = "nixpkgs";
scripts.inputs.rust-overlay.follows = "rust-overlay";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.flake-utils.follows = "flake-utils";
tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
@@ -75,13 +72,11 @@
nixinate,
flake-utils,
nix-on-droid,
centerpiece,
stylix,
...
}:
let
lib = nixpkgs.lib;
eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
in {
{
apps = {
x86_64-darwin = let
pkgs = nixpkgs.legacyPackages.x86_64-darwin;
@@ -127,7 +122,7 @@
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .#${hostname} \
--flake .?submodules=1#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
@@ -136,7 +131,7 @@
deploy-ful = {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
exec ${pkgs.nix}/bin/nix run .?submodules=1#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
@@ -144,9 +139,6 @@
};
};
# TODO overlay for packages
# TODO remove flake-utils dependency from my own repos
nixosModules = {
htgen = import modules/htgen.nix;
moodle-dl = import modules/moodle-dl.nix;
@@ -156,7 +148,6 @@
power-action = import modules/power-action.nix;
system-dependent = import modules/system-dependent.nix;
telegram-bot = import modules/telegram-bot.nix;
go-webring = import modules/go-webring.nix;
};
lib = {
@@ -217,9 +208,7 @@
systems/ful/configuration.nix
agenix.nixosModules.default
inputs.self.nixosModules.passport
inputs.ical-ephemeris.nixosModules.default
inputs.self.nixosModules.panoptikon
inputs.self.nixosModules.go-webring
inputs.self.nixosModules.htgen
inputs.stockholm.nixosModules.reaktor2
retiolum.nixosModules.retiolum
@@ -252,7 +241,6 @@
systems/kibbeh/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
];
};
makanek = nixpkgs.lib.nixosSystem rec {
@@ -324,29 +312,29 @@
];
};
};
packages = eachSupportedSystem (system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
})
];
};
unstablePackages = import nixpkgs-unstable {
inherit system;
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
}
// flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi --dmenu "$@"'';
})
];
};
unstablePackages = import nixpkgs-unstable {
inherit system;
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
packages = rec {
auc = pkgs.callPackage packages/auc.nix {};
betacode = pkgs.callPackage packages/betacode.nix {};
brainmelter = pkgs.callPackage packages/brainmelter.nix {};
@@ -412,7 +400,6 @@
q = pkgs.callPackage packages/q.nix {};
qrpaste = pkgs.callPackage packages/qrpaste.nix {};
random-zeno = pkgs.callPackage packages/random-zeno.nix {};
go-webring = pkgs.callPackage packages/go-webring.nix {};
rfc = pkgs.callPackage packages/rfc.nix {};
gimp = pkgs.callPackage packages/gimp.nix {};
scanned = pkgs.callPackage packages/scanned.nix {};
@@ -420,11 +407,11 @@
text2pdf = pkgs.callPackage packages/text2pdf.nix {};
timer = pkgs.callPackage packages/timer.nix {};
tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
passmenu = pkgs.callPackage packages/passmenu.nix {};
trans = pkgs.callPackage packages/trans.nix {};
ttspaste = pkgs.callPackage packages/ttspaste.nix {};
unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
emailmenu = pkgs.callPackage packages/emailmenu.nix {};
stag = pkgs.callPackage packages/stag.nix {};
untilport = pkgs.callPackage packages/untilport.nix {};
vg = pkgs.callPackage packages/vg.nix {};
vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};
@@ -434,8 +421,6 @@
vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {};
vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {};
vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {};
vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix {};
vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix {};
vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {};
vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {};
vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {};
@@ -447,6 +432,9 @@
weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {};
wttr = pkgs.callPackage packages/wttr.nix {};
itl = pkgs.callPackage packages/itl.nix {};
itools = pkgs.callPackage packages/itools.nix {itl = itl;};
booksplit = wrapScript {
script = inputs.voidrice.outPath + "/.local/bin/booksplit";
name = "booksplit";
@@ -458,6 +446,6 @@
name = "tag";
packages = [pkgs.ffmpeg];
};
});
};
};
});
}

10
lib/local-network.nix
View File

@@ -1,4 +1,10 @@
{
officejet = "192.168.0.251";
router = "192.168.0.1";
toum = "192.168.178.24";
zaatar = "192.168.178.21";
kabsa = "192.168.178.32";
android = "192.168.178.35";
manakish = "192.168.178.29";
officejet = "192.168.178.27";
fritzbox = "192.168.178.1";
}

8
lib/streams.nix
View File

@@ -2029,14 +2029,6 @@ in
stream = "av://lavfi:anoisesrc=color=brown";
station = "Brownian noise";
}
{
stream = "https://st03.sslstream.dlf.de/dlf/03/high/aac/stream.aac";
station = "Deutschlandfunk Nova";
}
{
stream = "https://samaaisb107-itelservices.radioca.st/stream";
station = "Samaa FM 107.4 Pakistan";
}
]
++ map (name: {
stream = "https://${name}.stream.publicradio.org/${name}.aac";

175
lib/style.css Normal file
View File

@@ -0,0 +1,175 @@
* {
font-size: 14px;
border-radius: 5px;
}
window#waybar {
/* `otf-font-awesome` is required to be installed for icons */
font-family: FontAwesome, monospace;
background-color: transparent;
border-bottom: 0px;
color: #ebdbb2;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
window#waybar.empty #window {
background-color: transparent;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
.modules-right {
margin: 10px 10px 0 0;
}
.modules-center {
margin: 10px 0 0 0;
}
.modules-left {
margin: 10px 0 0 10px;
}
button {
/* Use box-shadow instead of border so the text isn't offset */
/* box-shadow: inset 0 -3px transparent; */
border: none;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
/*
button:hover {
background: inherit;
box-shadow: inset 0 -3px #ebdbb2;
} */
#workspaces {
background-color: #282828;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ebdbb2;
border-radius: 0;
}
#workspaces button:first-child {
border-radius: 5px 0 0 5px;
}
#workspaces button:last-child {
border-radius: 0 5px 5px 0;
}
#workspaces button:hover {
color: #d79921;
}
#workspaces button.focused {
background-color: #665c54;
/* box-shadow: inset 0 -3px #ffffff; */
}
#workspaces button.urgent {
background-color: #b16286;
}
#idle_inhibitor,
#cava,
#scratchpad,
#mode,
#window,
#clock,
#battery,
#backlight,
#wireplumber,
#tray,
#mpris,
#load {
padding: 0 10px;
background-color: #282828;
color: #ebdbb2;
}
#mode {
background-color: #689d6a;
color: #282828;
/* box-shadow: inset 0 -3px #ffffff; */
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#cava {
padding: 0 5px;
}
#battery.charging, #battery.plugged {
background-color: #98971a;
color: #282828;
}
@keyframes blink {
to {
background-color: #282828;
color: #ebdbb2;
}
}
/* Using steps() instead of linear as a timing function to limit cpu usage */
#battery.critical:not(.charging) {
background-color: #cc241d;
color: #ebdbb2;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: steps(12);
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#wireplumber.muted {
background-color: #458588;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
}
#mpris.playing {
background-color: #d79921;
color: #282828;
}
#tray menu {
font-family: sans-serif;
}
#scratchpad.empty {
background: transparent;
}

6
lib/vim/init.lua
View File

@@ -91,7 +91,6 @@ local language_servers = {
-- tsserver = {}, -- typescript-language-server
cssls = {},
elmls = {}, -- elm-language-server
gopls = {}, -- gopls
denols = {}, -- deno built in
bashls = {}, -- bash-language-server
lua_ls = {
@@ -155,11 +154,10 @@ local language_servers = {
}
for server, settings in pairs(language_servers) do
vim.lsp.config(server, {
require('lspconfig')[server].setup{
on_attach = on_attach,
flags = lsp_flags,
settings = settings,
capabilities = capabilities
})
vim.lsp.enable(server)
}
end

10
lib/vim/init.vim
View File

@@ -102,7 +102,6 @@ augroup filetypes
autocmd bufnewfile,bufread urls,config set filetype=conf
autocmd bufnewfile,bufread *.elm packadd elm-vim | set filetype=elm shiftwidth=4
autocmd bufnewfile,bufread *.md packadd vim-pandoc | packadd vim-pandoc-syntax | set filetype=pandoc
autocmd bufnewfile,bufread *.ex,*.exs packadd vim-elixir | set filetype=elixir
autocmd filetype haskell packadd haskell-vim | set keywordprg=hoogle\ -i
autocmd filetype javascript packadd vim-javascript
autocmd filetype make setlocal noexpandtab
@@ -125,12 +124,3 @@ set complete+=kspell
let g:pandoc#syntax#conceal#use = 0
let g:pandoc#modules#disabled = []
let g:pandoc#spell#default_langs = ['en', 'de']
autocmd! User GoyoEnter Limelight
autocmd! User GoyoLeave Limelight!
" Disable Copilot by default
let b:copilot_enabled = v:false
" keymap to toggle it enabled
nnoremap <leader>gc :let b:copilot_enabled = !b:copilot_enabled<CR>

140
modules/go-webring.nix
View File

@@ -1,140 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
types
literalExpression
mkIf
;
cfg = config.services.go-webring;
defaultAddress = "127.0.0.1:2857";
in
{
options = {
services.go-webring = {
enable = mkEnableOption "go-webring";
package = mkPackageOption pkgs "go-webring" { };
contactInstructions = mkOption {
type = types.nullOr types.str;
default = null;
description = "Contact instructions for errors";
example = "contact the admin and let them know what's up";
};
host = mkOption {
type = types.str;
description = "Host this webring runs on, primarily used for validation";
example = "my-webri.ng";
};
homePageTemplate = mkOption {
type = types.str;
description = ''
This should be any HTML file with the string "{{ . }}" placed
wherever you want the table of members inserted. This table is
plain HTML so you can style it with CSS.
'';
};
listenAddress = mkOption {
type = types.str;
default = defaultAddress;
description = "Host and port go-webring will listen on";
};
members = mkOption {
type = types.listOf (
types.submodule {
options = {
username = mkOption {
type = types.str;
description = "Member's name";
};
site = mkOption {
type = types.str;
description = "Member's site URL";
};
};
}
);
description = "List of members in the webring";
};
};
};
config = mkIf cfg.enable {
systemd.services.go-webring = {
description = "go-webring service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = ''
${lib.getExe cfg.package} \
${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
--host ${cfg.host} \
--index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
--listen ${cfg.listenAddress} \
--members ${
pkgs.writeText "list.txt" (
lib.concatMapStrings (member: member.username + " " + member.site + "\n") cfg.members
)
}
'';
User = "go-webring";
DynamicUser = true;
RuntimeDirectory = "go-webring";
WorkingDirectory = "/var/lib/go-webring";
StateDirectory = "go-webring";
RuntimeDirectoryMode = "0750";
Restart = "always";
RestartSec = 5;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
};
environment.systemPackages = [ cfg.package ];
};
}

21
packages/go-webring.nix
View File

@@ -1,21 +0,0 @@
{ buildGoModule, fetchgit, lib }:
buildGoModule {
pname = "go-webring";
version = "2024-12-18";
src = fetchgit {
url = "https://git.sr.ht/~amolith/go-webring";
rev = "0b5b1bf21ff91119ea2dd042ee9fe94e9d1cd8d4";
hash = "sha256-az6vBOGiZmzfsMjYUacXMHhDeRDmVI/arCKCpHeTcns=";
};
vendorHash = "sha256-3PnXB8AfZtgmYEPJuh0fwvG38dtngoS/lxyx3H+rvFs=";
meta = {
mainProgram = "go-webring";
description = "Simple webring implementation";
homepage = "https://git.sr.ht/~amolith/go-webring";
license = lib.licenses.bsd2; # cc0 as well
maintainers = [ lib.maintainers.kmein ];
};
}

4
packages/hc.nix
View File

@@ -9,7 +9,7 @@
gnugrep,
qrencode,
texlive,
util-linux,
utillinux,
zbar,
}:
stdenv.mkDerivation rec {
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
gnugrep
qrencode
texlive.combined.scheme-full
util-linux
utillinux
zbar
]}
'';

4
packages/klem.nix
View File

@@ -42,14 +42,14 @@ in
pkgs.writers.writeDashBin "klem" ''
set -efu
${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -out \
${pkgs.wl-clipboard}/bin/wl-paste \
| case $(echo "${
lib.concatStringsSep "\n" (lib.attrNames cfg.scripts)
}" | ${cfg.dmenu}) in
${lib.concatStringsSep "\n" (lib.mapAttrsToList scriptCase cfg.scripts)}
*) ${pkgs.coreutils}/bin/cat ;;
esac \
| ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -in
| ${pkgs.wl-clipboard}/bin/wl-copy
${pkgs.libnotify}/bin/notify-send --app-name="klem" "Result copied to clipboard."
''

6
packages/notemenu.nix
View File

@@ -1,7 +1,7 @@
{
writers,
lib,
rofi,
wofi,
findutils,
coreutils,
noteDirectory ? "~/state/obsidian",
@@ -11,7 +11,7 @@
writers.writeDashBin "notemenu" ''
set -efu
PATH=$PATH:${
lib.makeBinPath [rofi findutils coreutils]
lib.makeBinPath [wofi findutils coreutils]
}
cd ${noteDirectory}
@@ -21,7 +21,7 @@ writers.writeDashBin "notemenu" ''
echo $(date -I -d yesterday).md
''}
find . -not -path '*/.*' -type f -printf "%T@ %p\n" | sort --reverse --numeric-sort | cut --delimiter=" " --fields=2-
} | rofi -dmenu -i -p 'notes')
} | wofi -dmenu -i -p 'notes')
if test "$note_file"
then
alacritty --working-directory ${noteDirectory} -e ${niveumPackages.obsidian-vim}/bin/nvim "$note_file"

3
packages/obsidian-vim.nix
View File

@@ -22,7 +22,7 @@ neovim.override {
\ 'path': '${obsidiantVaultDirectory}',
\ 'syntax': 'markdown',
\ 'ext': '.md',
\ 'diary_rel_path': '.',
\ 'diary_rel_path' '.',
\}]
let NERDTreeSortOrder = ['[[-timestamp]]']
@@ -35,6 +35,7 @@ neovim.override {
vimPlugins.nerdtree
vimPlugins.fzf-vim
vimPlugins.fzfWrapper
vimPlugins.vim-fugitive
];
};
}

18
packages/passmenu.nix Normal file
View File

@@ -0,0 +1,18 @@
{ writers, wofi, pass, fd, libnotify, ... }:
writers.writeBashBin "passmenu" ''
shopt -s nullglob globstar
IFS=$'\n'
prefix=$(readlink -f ''${PASSWORD_STORE_DIR-~/.password-store})
password_files=( $( ${fd}/bin/fd -L ".gpg\$" "$prefix" ) )
password_files=( "''${password_files[@]#"$prefix"/}" )
password_files=( "''${password_files[@]%.gpg}" )
password=$( printf '%s\n' "''${password_files[@]}" | ${wofi}/bin/wofi -i -k /dev/null -d menu -- "$@" )
[[ -n $password ]] || exit
OUT=$(${pass}/bin/pass show --clip "$password")
${libnotify}/bin/notify-send -t 5000 "$(echo "$OUT" | grep '^login:' | sed 's/^login: //')"
''

5
packages/pls.nix
View File

@@ -1,7 +1,6 @@
{
lib,
writers,
yt-dlp,
miller,
gnused,
curl,
@@ -96,10 +95,6 @@
"ich kann damit leben"
"es ist was es ist"
];
download = writers.writeDash "download" ''
${yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic "$@"
'';
in
writers.writeDashBin "pls" ''
case "$1" in

4
packages/qrpaste.nix
View File

@@ -2,7 +2,7 @@
writers,
mktemp,
qrencode,
xclip,
wl-clipboard,
nsxiv,
}:
writers.writeDashBin "qrpaste" ''
@@ -11,6 +11,6 @@ writers.writeDashBin "qrpaste" ''
clean() {
rm "$file"
}
${qrencode}/bin/qrencode "$(${xclip}/bin/xclip -selection clipboard -out)" -o "$file"
${qrencode}/bin/qrencode "$(${wl-clipboard}/bin/wl-paste)" -o "$file"
${nsxiv}/bin/nsxiv "$file"
''

4
packages/scanned.nix
View File

@@ -2,12 +2,8 @@
{
writers,
imagemagick,
ghostscript,
lib
}:
writers.writeDashBin "scanned" ''
export PATH=${lib.makeBinPath [ imagemagick ghostscript ]}:$PATH
[ $# -eq 1 -a -f "$1" -a -r "$1" ] || exit 1
${imagemagick}/bin/convert \

45
packages/stag.nix
View File

@@ -1,45 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
ncurses,
taglib,
zlib,
}:
stdenv.mkDerivation rec {
pname = "stag";
version = "1.0";
src = fetchFromGitHub {
owner = "smabie";
repo = "stag";
rev = "v${version}";
hash = "sha256-IWb6ZbPlFfEvZogPh8nMqXatrg206BTV2DYg7BMm7R4=";
};
buildInputs = [
ncurses
taglib
zlib
];
buildPhase = ''
make all
'';
installPhase = ''
mkdir -p $out/bin
cp stag $out/bin/
mkdir -p $out/man/man1
mv stag.1 $out/man/man1/
'';
meta = {
description = "public domain utf8 curses based audio file tagger";
homepage = "https://github.com/smabie/stag";
license = lib.licenses.publicDomain;
maintainers = [ lib.maintainers.kmein ];
platforms = lib.platforms.unix;
source = src;
};
}

4
packages/ttspaste.nix
View File

@@ -1,10 +1,10 @@
{
writers,
xclip,
wl-clipboard,
espeak,
}:
writers.writeDashBin "ttspaste" ''
${xclip}/bin/xclip -selection clipboard -out | ${espeak}/bin/espeak
${wl-clipboard}/bin/paste | ${espeak}/bin/espeak
''
# curl, mpv,
# ${curl}/bin/curl -G http://tts.r/api/tts --data-urlencode 'text@-' | ${mpv}/bin/mpv -

6
packages/unicodmenu.nix
View File

@@ -8,7 +8,7 @@
dmenu,
gnused,
libnotify,
xclip,
wl-clipboard,
xdotool,
gawk,
fetchFromGitHub,
@@ -90,7 +90,7 @@ in
writers.writeDashBin "unicodmenu" ''
history_file=$HOME/.cache/unicodmenu
touch "$history_file"
PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify xclip xdotool]}
PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify wl-clipboard xdotool]}
all_characters() {
tac "$history_file"
@@ -101,7 +101,7 @@ in
[ "$chosen" != "" ] || exit
echo "$chosen" | tr -d '\n' | xclip -selection clipboard
echo "$chosen" | tr -d '\n' | wl-copy
if [ -n "$1" ]; then
xdotool key Shift+Insert

8
packages/vim.nix
View File

@@ -40,13 +40,6 @@
editorconfig-vim
copilot-vim
goyo
limelight-vim
niveumPackages.vimPlugins-mdwa-nvim
niveumPackages.vimPlugins-vim-ernest
fzf-vim
fzfWrapper
supertab
@@ -81,7 +74,6 @@
dhall-vim
elm-vim
emmet-vim
vim-elixir
haskell-vim
niveumPackages.vimPlugins-icalendar-vim
niveumPackages.vimPlugins-jq-vim

2
packages/vimPlugins/cheat-sh.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "cheat.sh-vim";
version = "826219d1";
src = fetchFromGitHub {

2
packages/vimPlugins/icalendar-vim.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "icalendar.vim";
version = "542fff45";
src = fetchFromGitHub {

2
packages/vimPlugins/jq-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "jq.vim";
version = "5baf8ed1";
src = fetchFromGitHub {

13
packages/vimPlugins/mdwa-nvim.nix
View File

@@ -1,13 +0,0 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
pname = "mdwa.nvim";
version = "9f37270";
src = fetchFromGitHub {
owner = "tihawk";
repo = "mdwa.nvim";
rev = "9f3727037e0d85fd0930334b91b9687a5a880192";
hash = "sha256-h2jy2E+pN2Ma/5n9Eq2oXr9xHma2OxxVvx9EJ+bIYxA=";
};
})

2
packages/vimPlugins/typst-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "typst.vim";
version = "2882f21";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-256noir.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-256noir";
version = "e8668a18";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-colors-paramount.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-colors-paramount";
version = "a5601d36";
src = fetchFromGitHub {

14
packages/vimPlugins/vim-ernest.nix
View File

@@ -1,14 +0,0 @@
{
vimUtils,
fetchFromGitHub,
lib,
}: (vimUtils.buildVimPlugin {
pname = "vim-ernest";
version = "4b99bc3";
src = fetchFromGitHub {
owner = "lgalke";
repo = "vim-ernest";
rev = "4b99bc3fe3deb7bb958ad2f64cad93569eeb50d7";
hash = "sha256-AUuRnnZU39XUerBxNelEqVyDAalRm3VGNUQb15fjXjM=";
};
})

2
packages/vimPlugins/vim-fetch.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-fetch";
version = "76c08586";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-fsharp.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-fsharp";
version = "627db7d7";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-mail.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-mail";
version = "acdbb5bd";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-reason-plus.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "vim-reason-plus";
version = "c11a2940";
src = fetchFromGitHub {

7
packages/weechat-declarative.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
lib,
unstablePackages,
...
} @ args: let
# config cannot be declared in the input attribute set because that would
@@ -136,7 +137,7 @@
))
);
weechatPkg = pkgs.weechat.override {
weechat = unstablePackages.weechat.override {
configure = _: {
init = "/exec -oc cat ${setFile}";
@@ -162,14 +163,14 @@
cfg.files
)
}
exec ${weechatPkg}/bin/weechat "$@"
exec ${weechat}/bin/weechat "$@"
'';
in
pkgs.symlinkJoin {
name = "weechat-configured";
paths = [
wrapper
weechatPkg
unstablePackages.weechat
];
postBuild = ''
ln -s ${setFile} $out/weechat.set

2
secrets

Submodule secrets updated: 236a3353a7...e14a3170cc

4
secrets.txt
View File

@@ -1,11 +1,8 @@
secrets/alertmanager-token-reporters.age
secrets/brevo-key.age
secrets/cifs-credentials-zodiac.age
secrets/copecart-ipn.age
secrets/di-fm-key.age
secrets/email-password-cock.age
secrets/email-password-fysi.age
secrets/email-password-ical-ephemeris.age
secrets/email-password-letos.age
secrets/email-password-meinhak99.age
secrets/email-password-posteo.age
@@ -79,7 +76,6 @@ secrets/telegram-token-proverb.age
secrets/telegram-token-reverse.age
secrets/telegram-token-streaming-link.age
secrets/weechat-sec.conf.age
secrets/wifi.age
secrets/zaatar-moodle-dl-basicAuth.age
secrets/zaatar-moodle-dl-tokens.json.age
secrets/zaatar-retiolum-privateKey-ed25519.age

3
systems/fatteh/configuration.nix
View File

@@ -9,7 +9,6 @@ in {
./hardware-configuration.nix
../../configs/networkmanager.nix
../../configs/default.nix
../../configs/0ad.nix
# ../../configs/gnome.nix
];
@@ -41,6 +40,8 @@ in {
wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
networking.hostName = "fatteh";
networking.retiolum = retiolumAddresses.fatteh;

6
systems/ful/configuration.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
lib,
inputs,
...
}: let
inherit (import ../../lib) kieran retiolumAddresses restic;
@@ -13,10 +12,8 @@ in {
./radio.nix
./panoptikon.nix
./hledger.nix
./go-webring.nix
./gemini.nix
./ical-ephemeris.nix
./wallabag.nix
./alew.nix
../../configs/monitoring.nix
../../configs/mycelium.nix
../../configs/tor.nix
@@ -72,6 +69,7 @@ in {
];
};
users.users.servant = {
isSystemUser = true;
group = "servant";

15
systems/ful/gemini.nix
View File

@@ -1,15 +0,0 @@
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 1965 ];
services.agate = {
enable = true;
addresses = [ "0.0.0.0:1965" ];
hostnames = [ "kmein.de" ];
language = "de";
};
services.restic.backups.niveum.paths = [
config.services.agate.contentDir
config.services.agate.certificatesDir
];
}

39
systems/ful/go-webring.nix
View File

@@ -1,39 +0,0 @@
{ config, niveumPackages ,... }:
let
port = 2857;
in
{
services.go-webring = {
enable = true;
host = "dichtungsring.kmein.de";
listenAddress = "127.0.0.1:${toString port}";
package = niveumPackages.go-webring;
members = [
{ username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
{ username = "huldra"; site = "huldras-halbtraum.com"; }
];
homePageTemplate = ''
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dichtungsring</title>
</head>
<body>
<h1>Willkommen beim Dichtungs-Ring</h1>
<p>Ein <a href="https://de.wikipedia.org/wiki/Webring">Webring</a> für die Dichtung.</p>
<section id="members">
<table><tbody>{{ . }}</tbody></table>
</section>
</body>
</html>
'';
};
services.nginx.virtualHosts."dichtungsring.kmein.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.go-webring.listenAddress}";
};
}

29
systems/ful/ical-ephemeris.nix
View File

@@ -1,29 +0,0 @@
{ config, ... }:
let
port = 9090;
in
{
services.nginx.virtualHosts."ical-ephemeris.kmein.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}/";
};
};
services.ical-ephemeris = {
enable = true;
inherit port;
brevoApiKeyFile = config.age.secrets.brevo-key.path;
copecartIpnKeyFile = config.age.secrets.copecart-ipn.path;
baseUrl = "https://ical-ephemeris.kmein.de";
};
age.secrets.copecart-ipn = {
file = ../../secrets/copecart-ipn.age;
};
age.secrets.brevo-key = {
file = ../../secrets/brevo-key.age;
};
}

15
systems/kabsa/configuration.nix
View File

@@ -1,11 +1,16 @@
{
config,
niveumPackages,
pkgs,
lib,
inputs,
...
}: let
}:
let
# TODO wrap obsidian: obsidian --no-sandbox --ozone-platform=wayland --ozone-platform-hint=auto --enable-features=UseOzonePlatform,WaylandWindowDecorations %U
inherit (import ../../lib) retiolumAddresses;
in {
in
{
imports = [
../kibbeh/hardware-configuration.nix
../../configs/tlp.nix
@@ -45,11 +50,13 @@ in {
wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
};
environment.systemPackages = [pkgs.zeroad];
networking.wg-quick.interfaces.aether.address = [ "192.168.178.203/24" ];
environment.systemPackages = [ pkgs.zeroad ];
networking = {
hostName = "kabsa";
wireless.interfaces = ["wlp3s0"];
wireless.interfaces = [ "wlp3s0" ];
retiolum = retiolumAddresses.kabsa;
};

21
systems/makanek/configuration.nix
View File

@@ -13,7 +13,7 @@ in {
./menstruation.nix
./moinbot.nix
./monitoring
# ./names.nix
./names.nix
./nextcloud.nix
../../configs/mycelium.nix
./radio-news.nix
@@ -48,7 +48,7 @@ in {
config.services.grafana.dataDir
config.services.gitea.stateDir
config.services.weechat.root
config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
config.services.nginx.virtualHosts."www.kmein.de".root
"/var/lib/weechat"
"/var/lib/codimd"
];
@@ -121,22 +121,7 @@ in {
services.nginx.virtualHosts."www.kmein.de" = {
addSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www/kmein.de";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
return 204; # No Content
}
'';
};
root = "/var/www/kmein.de";
};
environment.systemPackages = [

351
systems/makanek/monitoring/default.nix
View File

@@ -3,13 +3,11 @@
config,
pkgs,
...
}:
let
}: let
lokiConfig = import ./loki.nix;
blackboxConfig = import ./blackbox.nix;
inherit (import ../../../lib) restic;
in
{
in {
services.grafana = {
enable = true;
settings = {
@@ -82,150 +80,143 @@ in
}
];
services.prometheus.rules =
let
diskFreeThreshold = 10;
in
[
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "Mastodon";
expr = ''probe_success{instance="https://social.krebsco.de"} == 0'';
for = "5m";
annotations.description = "Mastodon instance {{$labels.instance}} is down";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
services.prometheus.rules = let
diskFreeThreshold = 10;
in [
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
# ref https://github.com/Mic92/dotfiles/blob/f44bac5dd6970ed3fbb4feb906917331ec3c2be5/machines/eva/modules/prometheus/default.nix
systemd.services.matrix-hook = {
@@ -255,33 +246,6 @@ in
};
};
systemd.services.matrix-hook-lassulus = {
description = "Matrix Hook";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HTTP_ADDRESS = "[::1]";
HTTP_PORT = "9089";
MX_HOMESERVER = "https://matrix.4d2.org";
MX_ID = "@lakai:4d2.org";
MX_ROOMID = "!MJAGqBAOKZGMywzwkI:lassul.us";
MX_MSG_TEMPLATE = "${pkgs.matrix-hook}/message.html.tmpl";
};
serviceConfig = {
EnvironmentFile = [
# format: MX_TOKEN=<token>
config.age.secrets.matrix-token-lakai-env.path
];
Type = "simple";
ExecStart = "${pkgs.matrix-hook}/bin/matrix-hook";
Restart = "always";
RestartSec = "10";
DynamicUser = true;
User = "matrix-hook";
Group = "matrix-hook";
};
};
age.secrets = {
matrix-token-lakai-env.file = ../../../secrets/matrix-token-lakai-env.age;
};
@@ -296,23 +260,8 @@ in
group_wait = "30s";
repeat_interval = "24h";
receiver = "matrix";
routes = [
{
receiver = "lassulus";
matchers = [ "alertname = \"Mastodon\"" ];
}
];
};
receivers = [
{
name = "lassulus";
webhook_configs = [
{
url = "http://localhost:9089/alert";
max_alerts = 5;
}
];
}
{
name = "matrix";
webhook_configs = [
@@ -357,21 +306,13 @@ in
{
scheme = "http";
path_prefix = "/";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.alertmanager.port}" ]; }
];
static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
}
];
# otherwise bearer_token_file will fail
services.prometheus.checkConfig = "syntax-only";
services.prometheus.extraFlags = [
"--storage.tsdb.retention.time=7d"
"--storage.tsdb.retention.size=2GB"
"--storage.tsdb.wal-compression"
];
services.prometheus.scrapeConfigs = [
{
job_name = "makanek";
@@ -387,14 +328,14 @@ in
scrape_interval = "5m";
job_name = "blackbox";
metrics_path = "/probe";
params.module = [ "http_2xx" ];
params.module = ["http_2xx"];
relabel_configs = [
{
source_labels = [ "__address__" ];
source_labels = ["__address__"];
target_label = "__param_target";
}
{
source_labels = [ "__param_target" ];
source_labels = ["__param_target"];
target_label = "instance";
}
{
@@ -452,7 +393,7 @@ in
scrape_interval = "60s";
metrics_path = "/api/prometheus";
scheme = "http";
static_configs = [ { targets = [ "zaatar.r:8123" ]; } ];
static_configs = [{targets = ["zaatar.r:8123"];}];
bearer_token_file = config.age.secrets.home-assistant-token.path;
}
{
@@ -469,7 +410,7 @@ in
services.prometheus.exporters.blackbox = {
enable = true;
configFile = (pkgs.formats.yaml { }).generate "blackbox.yaml" blackboxConfig;
configFile = (pkgs.formats.yaml {}).generate "blackbox.yaml" blackboxConfig;
};
networking.firewall.allowedTCPPorts = [
@@ -478,6 +419,6 @@ in
services.loki = {
enable = true;
configFile = (pkgs.formats.yaml { }).generate "loki.yaml" lokiConfig;
configFile = (pkgs.formats.yaml {}).generate "loki.yaml" lokiConfig;
};
}

6
systems/makanek/weechat.nix
View File

@@ -1,11 +1,15 @@
{
lib,
pkgs,
config,
unstablePackages,
...
}: let
inherit (import ../../lib) kieran;
weechatHome = "/var/lib/weechat";
weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {
inherit unstablePackages;
};
in {
systemd.services.weechat = let
tmux = pkgs.writers.writeDash "tmux" ''

2
systems/manakish/configuration.nix
View File

@@ -36,6 +36,8 @@ in {
wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
niveum = {
batteryName = "BAT0";
wirelessInterface = "wlp3s0";

2
systems/moto/configuration.nix
View File

@@ -26,7 +26,7 @@ in {
procps
tzdata
unzip
util-linux
utillinux
vim
which
xz

3
systems/zaatar/configuration.nix
View File

@@ -28,9 +28,6 @@ in {
services.pipewire.systemWide = true;
age.secrets = {
wifi = {
file = ../../secrets/wifi.age;
};
retiolum-rsa = {
file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
mode = "400";