kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-18 11:01:07 +01:00
Code Releases Activity

Compare commits

base: kfm:wayland
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail
..
compare: kfm:e3f4c34ac388370ab84a7519d06a42c845303903
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail

62 Commits
wayland ... e3f4c34ac3

Author SHA1 Message Date
Kierán Meinhardt
e3f4c34ac3 ical-ephemeris: remove 2025-12-13 22:41:55 +01:00
Kierán Meinhardt
3a9bfab5fd ful: remove openapi joke 2025-12-13 22:40:20 +01:00
Kierán Meinhardt
fc238008c8 update 2025-12-13 22:37:47 +01:00
Kierán Meinhardt
f1a6b1f4f6 flake: do not use flake-utils 2025-12-13 22:37:47 +01:00
Kierán Meinhardt
16398282ed flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/e1680d594a9281651cbf7d126941a8c8e2396183?narHash=sha256-d%2B5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA%3D' (2025-12-03)
  → 'github:nix-community/home-manager/20561be440a11ec57a89715480717baf19fe6343?narHash=sha256-O8VTGey1xxiRW%2BFpb%2BPs9zU7ShmxUA1a7cMTcENCVNg%3D' (2025-12-08)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1aab89277eb2d87823d5b69bae631a2496cff57a?narHash=sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0%3D' (2025-12-02)
  → 'github:NixOS/nixpkgs/d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454?narHash=sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o%3D' (2025-12-06)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/152586a6a98226db20aab6e6e1c9a37c535acfbc?narHash=sha256-p7ihpz21BB%2BNhuT3qVL3clzWz%2BUyZlt7S3RRXxZGPls%3D' (2025-12-04)
  → 'github:NixOS/nixpkgs/aaa6c85f51f9333738c170ccc55b5fe5f55938f4?narHash=sha256-VPyShT4DyGtXH2wsD8yAVvvvi9OILUHTqNxWQd/6yZA%3D' (2025-12-10)
• Updated input 'nur':
    'github:nix-community/NUR/5e8ec1167d3a375e2857fbe915b3d8658d3e6472?narHash=sha256-bp7B5alQk7nDLtFLKaOHhSPBNVCcwIxMXjcc/VzY0hg%3D' (2025-12-04)
  → 'github:nix-community/NUR/6af054d2762ef52fad9943d490708f937008cca4?narHash=sha256-JyVUlh5wINjw29Ops7ZjRrzw%2B55r5GpCHjO0TCsoowc%3D' (2025-12-10)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/418468ac9527e799809c900eda37cbff999199b6?narHash=sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y%3D' (2025-12-02)
  → 'github:nixos/nixpkgs/addf7cf5f383a3101ecfba091b98d0a1263dc9b8?narHash=sha256-hM20uyap1a0M9d344I692r%2Bik4gTMyj60cQWO%2BhAYP8%3D' (2025-12-08)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/74d9abb7c5c030469f90d97a67d127cc5d76c238?narHash=sha256-F0IQSmSj4t2ThkbWZooAhkCTO%2BYpZSd2Pqiv2uoYEHo%3D' (2025-12-04)
  → 'github:oxalica/rust-overlay/db61f666aea93b28f644861fbddd37f235cc5983?narHash=sha256-jTof2%2Bir9UPmv4lWksYO6WbaXCC0nsDExrB9KZj7Dz4%3D' (2025-12-10)
• Updated input 'stylix':
    'github:danth/stylix/6f3b50c8fa9c468fc787e211b700e46592bf9d56?narHash=sha256-J2jgYyXiXctr91MSuBQ6dwB1YaC7DpzKp%2BRkj6pqS8o%3D' (2025-12-04)
  → 'github:danth/stylix/84d9d55885d463d461234f3aac07b2389a2577d8?narHash=sha256-abrrONk8vzRtY6fHEkjZOyRJpKHjPlFqMBE0%2B/DxfAU%3D' (2025-12-06)
 2025-12-10 13:26:01 +01:00
Kierán Meinhardt
315ccf102d vm host setup 2025-12-09 12:54:50 +01:00
Kierán Meinhardt
7d8feb0876 stw-berlin: disable 2025-12-09 12:54:35 +01:00
Kierán Meinhardt
44f7a9d4fa fritzbox: remove 2025-12-08 14:00:30 +01:00
Kierán Meinhardt
b070207bd5 flameshot: remove buttons 2025-12-05 11:31:07 +01:00
Kierán Meinhardt
614f7e0f8c remove flix config 2025-12-05 11:30:59 +01:00
Kierán Meinhardt
a1af05ff48 pls: begin download feature 2025-12-04 16:51:03 +01:00
Kierán Meinhardt
83536372f0 stylix: remove home-manager override 2025-12-04 16:50:53 +01:00
Kierán Meinhardt
3357121044 vim: fix lsp config 2025-12-04 16:50:32 +01:00
Kierán Meinhardt
2a7e972256 onomap: disable 2025-12-04 16:19:46 +01:00
Kierán Meinhardt
0d75ab146e secrets: update 2025-12-04 16:19:34 +01:00
Kierán Meinhardt
385ae53c7e weechat-declarative: fix 2025-12-04 16:19:13 +01:00
Kierán Meinhardt
a08c41d3db autorenkalender: get from flake 2025-12-04 16:19:02 +01:00
Kierán Meinhardt
bd84c35138 vim: add elixir plugin 2025-12-04 15:15:46 +01:00
Kierán Meinhardt
04722684aa update 2025-12-04 15:15:45 +01:00
Kierán Meinhardt
025b725551 upgrade to 25.11 2025-12-02 21:37:02 +01:00
Kierán Meinhardt
6411d8a03d update secrets 2025-12-02 19:20:11 +01:00
Kierán Meinhardt
edce4538d8 fonts: montserrat 2025-11-01 20:38:27 +01:00
Kierán Meinhardt
d1dd41bc6b vim: disable copilot by default or else it reads my passwords 2025-11-01 20:38:13 +01:00
Kierán Meinhardt
5d80f6ec0f alertmanager: alert when mastodon is down 2025-10-28 19:08:54 +01:00
Kierán Meinhardt
c8ad9d4433 gpodder 2025-10-24 10:30:04 +02:00
Kierán Meinhardt
0f05e0467a streams: add pakistani radio and dlf nova 2025-10-21 20:30:01 +02:00
Kierán Meinhardt
3c2abbb3b9 fix smyth bot 2025-10-21 20:00:25 +02:00
Kierán Meinhardt
61b5e4bd6e update secrets 2025-10-21 15:42:22 +02:00
Kierán Meinhardt
d4aca5b6f1 reinstate hu vpn, remove fu signature 2025-10-21 15:34:43 +02:00
Kierán Meinhardt
551462f1dd dark colours for the dark half of the year 2025-10-09 07:20:34 +02:00
Kierán Meinhardt
5d954684e1 host ical ephemeris MVP 2025-10-07 11:40:38 +02:00
Kierán Meinhardt
b12373eb1b stag i3 tag editor 2025-10-06 12:54:43 +02:00
Kierán Meinhardt
31e6b28b72 yta: download opus 2025-10-06 12:29:29 +02:00
Kierán Meinhardt
4a77a20c9e aerc: add new email account 2025-10-06 10:28:49 +02:00
Kierán Meinhardt
fe5bbbc647 update menstruation-backend 2025-10-02 23:16:57 +02:00
Kierán Meinhardt
8699f09307 go-webring: fix module 2025-10-02 19:33:46 +02:00
Kierán Meinhardt
d458fb333f fix nixinate call 2025-10-02 19:33:46 +02:00
Kierán Meinhardt
e7264641a2 www.kmein.de fix backup and CORS 2025-10-02 18:34:23 +02:00
Kierán Meinhardt
8afc04f266 scanned: fix PATH 2025-10-02 18:34:10 +02:00
Kierán Meinhardt
427df80396 0ad: add config 2025-10-02 18:33:54 +02:00
Kierán Meinhardt
ff3ba9047f install go tooling 2025-10-02 18:32:40 +02:00
Kierán Meinhardt
1d14174ad5 go-webring 2025-10-02 18:32:23 +02:00
Kierán Meinhardt
a307e2c186 remove old mpd scripts 2025-09-06 19:36:05 +02:00
Kierán Meinhardt
1cc3a7c6e3 install amfora-wrapper (wrapped to work with overall light theme) 2025-09-06 11:57:24 +02:00
Kierán Meinhardt
db33374dc0 host gemini 2025-09-05 08:05:02 +02:00
Kierán Meinhardt
2c75c0d608 obsidian-vim: fix lua syntax 2025-09-04 13:48:39 +02:00
Kierán Meinhardt
f84cd44db5 update local network 2025-09-04 13:48:01 +02:00
Kierán Meinhardt
84cec2eb24 neovim: disable ernest 2025-08-30 17:49:58 +02:00
Kierán Meinhardt
031b934c99 change wifi name 2025-08-30 17:49:58 +02:00
github-actions[bot]
7491396645 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17)
  → 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05)
• Updated input 'home-manager':
    'github:nix-community/home-manager/501cfec8277f931a9c9af9f23d3105c537faeafe?narHash=sha256-tWosziZTT039x6PgEZUhzGlV8oLvdDmIgKTE8ESMaEA%3D' (2025-07-02)
  → 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7a732ed41ca0dd64b4b71b563ab9805a80a7d693?narHash=sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA%3D' (2025-07-03)
  → 'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545?narHash=sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A%3D' (2025-08-20)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/07c3e0e2be593551abdccacabe29cc57206b396f?narHash=sha256-30JXBxkJD3pxBBGQwl/DDwxxJDGQ1nvkvWwEtTsmhA8%3D' (2025-07-05)
  → 'github:NixOS/nixpkgs/42e1afa45385017e72b59ad15c3f786d09a704be?narHash=sha256-hG2eV%2B5tMHSE3XFmJTgx87GrTAD3RJz2Lj%2BzM0TShg4%3D' (2025-08-24)
• Updated input 'nur':
    'github:nix-community/NUR/a26411970baba3604e425f23e5293da492069e4a?narHash=sha256-iDjz1tBd/ibtmZZse4k1NBxfPR8g9K5W4sRgCyOnrj0%3D' (2025-07-05)
  → 'github:nix-community/NUR/20caa31dbef80914895e41b56be4cabc740b2126?narHash=sha256-/W53HyLk4qSrPJjYWdD5SK%2B3p0Ns9Bg6MKHoeqLVqi0%3D' (2025-08-23)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/3016b4b15d13f3089db8a41ef937b13a9e33a8df?narHash=sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU%2Btt4YY%3D' (2025-06-30)
  → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
• Removed input 'nur/treefmt-nix'
• Removed input 'nur/treefmt-nix/nixpkgs'
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/9e5e62a33a929a67a5427fb7324a6f583dced0b2?narHash=sha256-dYO5X5jK8bpQOeRAo8R5aUt6M/%2BJi1cZgstZI7SQ2IA%3D' (2025-07-05)
  → 'github:oxalica/rust-overlay/897ecf2b25be05e6ccb7661703f9f2fdec155f42?narHash=sha256-r0WnHKwA8DQNSHDmN3LNaqu41GbWDYqLS7IQAGR%2B6Wg%3D' (2025-08-23)
• Updated input 'scripts':
    'github:kmein/scripts/f44c7a4a6caa1ef5d6b7bf7e93acea0d96f30c21?narHash=sha256-mDDxMwKFURX1K1Z8X/kmt%2BjYjswofDf0br%2BMkw2tmSE%3D' (2025-06-02)
  → 'github:kmein/scripts/cc37fa4aec70f53731b9131bb8830b4445b75b3d?narHash=sha256-TnfXFloY4Ntq%2B0hp%2Bq9GGmuhtB1oueFiB%2BpcBUNYzFs%3D' (2025-07-20)
• Updated input 'stockholm':
    'github:krebs/stockholm/d4abc837cc7b87b4f23fe48cc306df26e3de7aab?narHash=sha256-i2s6jU%2B8GLKVjhWDyvFYxmXI7A44c9p6apPPyKt0ETk%3D' (2025-05-13)
  → 'github:krebs/stockholm/fc32e4609140fffa1312a4ca1aeea550b7467448?narHash=sha256-Mo2BkJXIz6HKM8cX2S7bRdX6Q3E1UOcyVL4v10QEUzk%3D' (2025-08-09)
• Updated input 'stockholm/buildbot-nix':
    'github:Mic92/buildbot-nix/7ad9b4886eccb5eecc0686a16266ddabf6cbefe9?narHash=sha256-mRnIdJLP%2B0NSim9ao30ue0Z3ttSuxzXwQG7UN1KuKfU%3D' (2025-05-07)
  → 'github:Mic92/buildbot-nix/47ad4c7afb169df6f9d48d0df3d7e2f71d9ddd8f?narHash=sha256-vCYcc/b8WizF6vnjuRVxSiU8hy9L3vOTWDVKpWM7xRE%3D' (2025-07-03)
• Updated input 'stockholm/buildbot-nix/flake-parts':
    'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01)
  → 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01)
• Updated input 'stockholm/buildbot-nix/hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e?narHash=sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY%3D' (2025-04-15)
  → 'github:hercules-ci/hercules-ci-effects/231726642197817d20310b9d39dd4afb9e899489?narHash=sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk%3D' (2025-05-23)
• Updated input 'stockholm/buildbot-nix/treefmt-nix':
    'github:numtide/treefmt-nix/29ec5026372e0dec56f890e50dbe4f45930320fd?narHash=sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4%3D' (2025-05-02)
  → 'github:numtide/treefmt-nix/ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1?narHash=sha256-0IEdQB1nS%2BuViQw4k3VGUXntjkDp7aAlqcxdewb/hAc%3D' (2025-06-26)
• Updated input 'stockholm/nixpkgs':
    'github:NixOS/nixpkgs/d89fc19e405cb2d55ce7cc114356846a0ee5e956?narHash=sha256-3e%2BAVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ%3D' (2025-05-10)
  → 'github:NixOS/nixpkgs/1fd8bada0b6117e6c7eb54aad5813023eed37ccb?narHash=sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo%3D' (2025-07-06)
• Updated input 'stylix':
    'github:danth/stylix/5dd301b72207d4fd8d8b929abd88ba1c486d1744?narHash=sha256-jqRbWjB8aH2qzq6nMQpwkzVBR4o9lNxAHFmRgGwnJ94%3D' (2025-07-04)
  → 'github:danth/stylix/79be65b20d7b8fb7e8f39ba8121cfe41b7f46808?narHash=sha256-VmheUy4UzWDy/u0TvCCHptgF30peL7wRxkHy7EVpDrQ%3D' (2025-08-20)
• Removed input 'stylix/flake-compat'
• Removed input 'stylix/git-hooks'
• Removed input 'stylix/git-hooks/flake-compat'
• Removed input 'stylix/git-hooks/gitignore'
• Removed input 'stylix/git-hooks/gitignore/nixpkgs'
• Removed input 'stylix/git-hooks/nixpkgs'
• Removed input 'stylix/home-manager'
 2025-08-24 01:09:28 +00:00
Kierán Meinhardt
1c299cafef blake quote 2025-08-09 13:15:39 +02:00
Kierán Meinhardt
cbce724ade reformat 2025-08-07 10:14:07 +02:00
Kierán Meinhardt
00dfe27738 prometheus: decrease log size 2025-08-07 10:13:54 +02:00
Kierán Meinhardt
6e0026ed5c alertmanager: alert lassulus for mastodon outtime 2025-08-07 10:13:01 +02:00
Kierán Meinhardt
d92f382b9a wallpaper: fix for X 2025-08-07 10:12:21 +02:00
Kierán Meinhardt
630ec3d052 stylix: autoenable for homemanager and make apply to tmux 2025-07-25 08:59:31 +02:00
Kierán Meinhardt
bfd7195543 vim: newfangled distraction-free writing plugins 2025-07-25 08:59:00 +02:00
Kierán Meinhardt
0d2481bd78 vim: enable copilot 2025-07-21 18:54:30 +02:00
Kierán Meinhardt
28cd462bc6 sway: remove 2025-07-21 14:49:39 +02:00
Kierán Meinhardt
67358560b8 update 2025-07-11 11:31:09 +02:00
Kierán Meinhardt
675c453599 gammastep 2025-07-11 11:31:00 +02:00
Kierán Meinhardt
e4543eeb0b sway 2025-07-08 20:56:40 +02:00
78 changed files with 1198 additions and 2002 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,5 +1,7 @@
# niveum
> I must Create a System, or be enslav'd by another Man's. —William Blake
> [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.)
>
> 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.—

8
configs/0ad.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.zeroad ];
networking.firewall = {
allowedTCPPorts = [ 20595 ];
allowedUDPPorts = [ 20595 ];
};
}

25
configs/aerc.nix
View File

@@ -8,14 +8,14 @@
inherit (import ../lib/email.nix) defaults thunderbirdProfile;
in {
age.secrets = {
email-password-cock = {
file = ../secrets/email-password-cock.age;
email-password-ical-ephemeris = {
file = ../secrets/email-password-ical-ephemeris.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
email-password-letos = {
file = ../secrets/email-password-letos.age;
email-password-cock = {
file = ../secrets/email-password-cock.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
@@ -92,16 +92,17 @@ in {
smtp.port = 25;
smtp.tls.useStartTls = true;
};
letos =
ical-ephemeris =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
rec {
userName = "ical.ephemeris@web.de";
realName = "Kieran from iCal Ephemeris";
address = userName;
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-ical-ephemeris.path}";
imap.host = "imap.web.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.host = "smtp.web.de";
smtp.port = 587;
smtp.tls.useStartTls = true;
};
posteo =

2
configs/bash.nix
View File

@@ -5,6 +5,6 @@
interactiveShellInit = ''
set -o vi
'';
enableCompletion = true;
completion.enable = true;
};
}

12
configs/bots/autorenkalender.nix
View File

@@ -1,17 +1,9 @@
{
pkgs,
lib,
config,
inputs,
...
}: let
autorenkalender-package = pkgs.fetchFromGitHub {
owner = "kmein";
repo = "autorenkalender";
rev = "cf49a7b057301332d980eb47042a626add93db66";
sha256 = "1pa7sjg33vdnjianrqldv445jdzzv3mn231ljk1j58hs0cd505gs";
};
autorenkalender =
pkgs.python3Packages.callPackage autorenkalender-package {};
autorenkalender = inputs.autorenkalender.packages.x86_64-linux.default;
in {
niveum.bots.autorenkalender = {
enable = true;

20
configs/bots/smyth.nix
View File

@@ -20,15 +20,31 @@
command = toString (pkgs.writers.writeDash "random-smyth" ''
set -efu
good_curl() {
${pkgs.curl}/bin/curl "$@" \
--compressed \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.5' \
-H 'DNT: 1' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Priority: u=0, i' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache'
}
RANDOM_SECTION=$(
${pkgs.curl}/bin/curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
| ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
| ${pkgs.coreutils}/bin/shuf -n1 \
| ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
)
url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
${pkgs.curl}/bin/curl -sSL "$url"\
good_curl -sSL "$url"\
| ${pkgs.htmlq}/bin/htmlq '#text_main' \
| ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
| ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none

6
configs/browser.nix
View File

@@ -6,7 +6,7 @@
}: {
environment.systemPackages = [
niveumPackages.cro
pkgs.tor-browser-bundle-bin
pkgs.tor-browser
pkgs.firefox
pkgs.brave
];
@@ -82,5 +82,9 @@
};
};
home-manager.users.me = {
stylix.targets.firefox.profileNames = ["default"];
};
environment.variables.BROWSER = "firefox";
}

19
configs/default.nix
View File

@@ -3,7 +3,6 @@
lib,
config,
niveumPackages,
unstablePackages,
inputs,
...
}:
@@ -24,12 +23,9 @@ in
config = {
allowUnfree = true;
packageOverrides = pkgs: {
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi -dmenu "$@"'';
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
};
permittedInsecurePackages = [
"qtwebkit-5.212.0-alpha4"
"zotero-6.0.26"
"electron-25.9.0"
];
};
};
@@ -99,14 +95,14 @@ in
{
o = "${pkgs.xdg-utils}/bin/xdg-open";
ns = "nix-shell --run zsh";
pbcopy = "${pkgs.wl-clipboard}/bin/wl-copy";
pbpaste = "${pkgs.wl-clipboard}/bin/wl-paste";
pbcopy = "${pkgs.xclip}/bin/xclip -selection clipboard -in";
pbpaste = "${pkgs.xclip}/bin/xclip -selection clipboard -out";
tmux = "${pkgs.tmux}/bin/tmux -2";
sxiv = swallow "${pkgs.nsxiv}/bin/nsxiv";
zathura = swallow "${pkgs.zathura}/bin/zathura";
im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format opus --audio-quality 0 -xic"; # Download with audio
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic"; # Download with audio
};
}
{
@@ -215,15 +211,13 @@ in
./direnv.nix
./docker.nix
./dunst.nix
./flix.nix
./fonts.nix
./fzf.nix
./git.nix
./hledger.nix
./htop.nix
./fu-berlin.nix
./uni.nix
./i3.nix
./niri.nix
./i3status-rust.nix
./keyboard.nix
./mycelium.nix
@@ -237,8 +231,8 @@ in
./nix.nix
./newsboat.nix
./flameshot.nix
./fritzbox.nix
./packages.nix
./virtualization.nix
./picom.nix
./stardict.nix
./polkit.nix
@@ -263,7 +257,6 @@ in
'';
}
./tor.nix
./stw-berlin.nix
./mastodon-bot.nix
{
fileSystems."${remoteDir}/fritz" = {

3
configs/flameshot.nix
View File

@@ -5,7 +5,6 @@
}: {
home-manager.users.me = {
services.flameshot = {
package = pkgs.flameshot.override { enableWlrSupport = true; };
enable = true;
settings.General = {
autoCloseIdleDaemon = true;
@@ -16,7 +15,7 @@
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
# buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
};
};
};

98
configs/flix.nix
View File

@@ -1,98 +0,0 @@
{
config,
pkgs,
...
}: let
flixLocation = "/media/flix";
flixLocationNew = "/media/flix-new";
cacheLocation = "/var/cache/flix";
indexFilename = "index";
indexFilenameNew = "index-new";
flixUser = "flix";
flixGroup = "users";
inherit (import ../lib) tmpfilesConfig;
in {
fileSystems.${flixLocation} = {
device = "prism.r:/export/download";
fsType = "nfs";
options = [
"noauto"
"noatime"
"nodiratime"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
"x-systemd.requires=tinc.retiolum.service"
"user"
"_netdev"
];
};
fileSystems.${flixLocationNew} = {
device = "//yellow.r/public";
fsType = "cifs";
options = [
"guest"
"nofail"
"noauto"
"ro"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
];
};
systemd.tmpfiles.rules = [
(tmpfilesConfig {
type = "d";
path = cacheLocation;
mode = "0750";
user = flixUser;
group = flixGroup;
})
];
systemd.services.flix-index = {
description = "Flix indexing service";
wants = ["network-online.target"];
script = ''
cp ${flixLocation}/index ./${indexFilename}
cp ${flixLocationNew}/index ./${indexFilenameNew}
'';
startAt = "hourly";
serviceConfig = {
Type = "oneshot";
User = flixUser;
Group = flixGroup;
WorkingDirectory = cacheLocation;
};
};
users.extraUsers.${flixUser} = {
isSystemUser = true;
createHome = true;
home = cacheLocation;
group = flixGroup;
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "mpv-simpsons" ''
set -efu
cd "${flixLocation}/download"
[ -f "${cacheLocation}/${indexFilename}" ] || exit 1
cat "${cacheLocation}/${indexFilename}" \
| ${pkgs.gnugrep}/bin/grep -i 'simpsons.*mkv' \
| shuf \
| ${pkgs.findutils}/bin/xargs -d '\n' ${pkgs.mpv}/bin/mpv
'')
(pkgs.writers.writeDashBin "flixmenu" ''
set -efu
(
${pkgs.gnused}/bin/sed 's#^\.#${flixLocation}#' ${cacheLocation}/${indexFilename}
${pkgs.gnused}/bin/sed 's#^\.#${flixLocationNew}#' ${cacheLocation}/${indexFilenameNew}
) | ${pkgs.dmenu}/bin/dmenu -i -p flix -l 5 "$@" \
| ${pkgs.findutils}/bin/xargs -I '{}' ${pkgs.util-linux}/bin/setsid ${pkgs.xdg-utils}/bin/xdg-open '{}'
'')
];
}

15
configs/fonts.nix
View File

@@ -1,6 +1,5 @@
{
pkgs,
config,
niveumPackages,
...
}: let
@@ -103,12 +102,12 @@ in {
lmodern
merriweather
ocr-a
montserrat
roboto
roboto-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
nerd-fonts.blex-mono
noto-fonts-color-emoji
roboto-slab
scheherazade-new
source-code-pro
@@ -116,15 +115,15 @@ in {
source-serif-pro
theano
niveumPackages.tocharian-font
vistafonts
vista-fonts
vollkorn
zilla-slab
]; # google-fonts league-of-moveable-type
fontconfig.defaultFonts = rec {
monospace = [config.stylix.fonts.monospace.name] ++ emoji;
serif = [config.stylix.fonts.serif.name "Scheherazade New" "Ezra SIL" "Antinoou" "Noto Serif Devanagari"];
sansSerif = [config.stylix.fonts.sansSerif.name "Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
emoji = [config.stylix.fonts.emoji.name];
monospace = ["Noto Sans Mono"] ++ emoji;
serif = ["Noto Serif" "Noto Naskh Arabic" "Noto Serif Devanagari"];
sansSerif = ["Noto Sans Display" "Noto Naskh Arabic" "Noto Sans Hebrew" "Noto Sans Devanagari" "Noto Sans CJK JP" "Noto Sans Coptic" "Noto Sans Syriac Western"];
emoji = ["Noto Color Emoji"];
};
# xelatex fails with woff files
# ref https://tex.stackexchange.com/questions/392144/xelatex-and-fontspec-crash-trying-to-find-woff-file-for-some-fonts-but-not-other

19
configs/fritzbox.nix
View File

@@ -1,19 +0,0 @@
{ config, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wg-quick.interfaces.aether = {
autostart = false;
dns = ["192.168.178.1" "fritz.box"];
listenPort = 51820;
privateKeyFile = config.age.secrets.wireguard-aether-key.path;
peers = [
{
allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
persistentKeepalive = 25;
presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
}
];
};
}

23
configs/git.nix
View File

@@ -29,9 +29,7 @@ in {
programs.git = {
enable = true;
package = pkgs.gitFull;
userName = kieran.name;
userEmail = kieran.email;
aliases = {
settings.alias = {
br = "branch";
co = "checkout";
ci = "commit";
@@ -45,19 +43,12 @@ in {
graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
};
ignores = ignorePaths;
extraConfig = {
pull.ff = "only";
rebase.autoStash = true;
merge.autoStash = true;
push.autoSetupRemote = true;
# # ref https://github.com/dandavison/delta
# core.pager = "${pkgs.delta}/bin/delta";
# interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
# delta.navigate = true;
# merge.conflictStyle = "diff3";
# diff.colorMoved = "default";
};
settings.user.name = kieran.name;
settings.user.email = kieran.email;
settings.pull.ff = "only";
settings.rebase.autoStash = true;
settings.merge.autoStash = true;
settings.push.autoSetupRemove = true;
};
};
}

51
configs/i3.nix
View File

@@ -94,7 +94,7 @@ in {
services.xserver = {
windowManager.i3 = {
enable = true;
package = pkgs.i3-gaps;
package = pkgs.i3;
};
};
@@ -113,6 +113,7 @@ in {
'';
};
home-manager.users.me = let
modifier = "Mod4";
infoWorkspace = "";
@@ -131,7 +132,7 @@ in {
border = 1;
};
bars = [
(config.home-manager.users.me.lib.stylix.i3.bar
(config.home-manager.users.me.stylix.targets.i3.exportedBarConfig
// rec {
workspaceButtons = true;
mode = "hide"; # "dock";
@@ -269,32 +270,7 @@ in {
# XF86Launch1 (thinkvantage)
};
in {
wayland.windowManager.sway = {
enable = true;
config = {
menu = "rofi -modi run,ssh,window -show run";
inherit modifier modes gaps bars floating window colors keybindings;
input = {
"*" = {
xkb_layout = "de";
xkb_variant = "T3";
};
};
terminal = (defaultApplications pkgs).terminal;
up = "k";
down = "j";
left = "h";
right = "l";
seat = {
"*" = {
hide_cursor = "when-typing enable";
};
};
startup = [
{command = "echo hello";}
];
};
};
stylix.targets.i3.enable = true;
xsession.windowManager.i3 = {
enable = true;
@@ -311,19 +287,9 @@ in {
assign [class="dashboard"] ${infoWorkspace}
exec ${dashboard}/bin/dashboard
'';
config = lib.mkMerge [
{
inherit modifier gaps modes bars floating window colors keybindings;
}
{
keybindings = let
new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
move-to-new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
in {
config = {
inherit modifier gaps modes bars floating window colors;
keybindings = keybindings // {
"${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
"${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
"${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
@@ -334,8 +300,7 @@ in {
# "${modifier}+x" = "exec ${new-workspace}";
"XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
};
}
];
};
};
};
}

144
configs/keyboard.nix
View File

@@ -2,91 +2,129 @@
pkgs,
lib,
...
}: let
}:
let
commaSep = builtins.concatStringsSep ",";
xkbOptions = ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
xkbOptions = [
"compose:caps"
"terminate:ctrl_alt_bksp"
"grp:ctrls_toggle"
];
languages = {
arabic = { code = "ara"; variant = "buckwalter"; }; # ../lib/keyboards/arabic;
avestan = ../lib/keyboards/avestan;
deutsch = {
code = "de";
variant = "T3";
};
greek = {
code = "gr";
variant = "polytonic";
};
russian = {
code = "ru";
variant = "phonetic";
};
arabic = {
code = "ara";
variant = "buckwalter";
}; # ../lib/keyboards/arabic;
coptic = ../lib/keyboards/coptic;
deutsch = { code = "de"; variant = "T3"; };
farsi = { code = "ir"; variant = "qwerty"; };
avestan = ../lib/keyboards/avestan;
gothic = ../lib/keyboards/gothic;
greek = { code = "gr"; variant = "polytonic"; };
gujarati = {code = "in"; variant = "guj-kagapa"; };
hebrew = {code = "il"; variant = "phonetic";};
russian = { code = "ru"; variant = "phonetic"; };
sanskrit = { code = "in"; variant = "san-kagapa"; };
syriac = { code = "sy"; variant = "syc_phonetic"; };
urdu = {code = "in"; variant = "urd-phonetic"; };
farsi = {
code = "ir";
variant = "qwerty";
};
syriac = {
code = "sy";
variant = "syc_phonetic";
};
sanskrit = {
code = "in";
variant = "san-kagapa";
};
gujarati = {
code = "in";
variant = "guj-kagapa";
};
urdu = {
code = "in";
variant = "urd-phonetic";
};
hebrew = {
code = "il";
variant = "phonetic";
};
};
defaultLanguage = languages.deutsch;
in {
in
{
services.libinput.enable = true;
# man 7 xkeyboard-config
services.xserver = {
# exportConfiguration = true; # link /usr/share/X11 properly
exportConfiguration = true; # link /usr/share/X11 properly
xkb.layout = defaultLanguage.code;
# T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
# buckwalter: http://www.qamus.org/transliteration.htm
xkb.variant = defaultLanguage.variant;
xkb.options = commaSep xkbOptions;
xkb.extraLayouts = {
"coptic" = {
languages = ["cop"];
description = "Coptic";
symbolsFile = ../lib/keyboards/coptic;
};
"gothic" = {
languages = ["got"];
description = "Gothic";
symbolsFile = ../lib/keyboards/gothic;
};
"avestan" = {
languages = ["ave"];
description = "Avestan";
symbolsFile = ../lib/keyboards/avestan;
};
"farsi-good" = {
languages = ["fas"];
description = "Farsi, but good";
symbolsFile = ../lib/keyboards/farsi;
};
xkb.dir = pkgs.symlinkJoin {
name = "x-keyboard-directory";
paths = [
"${pkgs.xkeyboard_config}/etc/X11/xkb"
(pkgs.linkFarm "custom-x-keyboards" (
lib.mapAttrsToList (name: value: {
name = "symbols/${name}";
path = value;
}) (lib.filterAttrs (_: value: !(value ? "code")) languages)
++ [
{
name = "symbols/ir";
path = ../lib/keyboards/farsi;
}
]
))
];
};
};
environment.etc."x11-locale".source = toString pkgs.xorg.libX11 + "share/X11/locale";
home-manager.users.me = {
home.file =
lib.mapAttrs' (name: path: lib.nameValuePair ".xkb/symbols/${name}" { source = path; })
(lib.filterAttrs (_: value: !(value ? "code")) languages) // {
".xkb/symbols/ir".source = ../lib/keyboards/farsi;
};
};
console.keyMap = "de";
environment.systemPackages =
lib.mapAttrsToList
(language: settings:
environment.systemPackages = lib.mapAttrsToList (
language: settings:
let
code = if settings ? "code" then settings.code else language;
variant = if settings ? "variant" then settings.variant else "";
in
pkgs.writers.writeDashBin "kb-${language}" ''
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${toString (map (option: "-option ${option}") xkbOptions)}
'')
languages ++
lib.mapAttrsToList
(language: settings:
let
code = if settings ? "code" then settings.code else language;
variant = if settings ? "variant" then settings.variant else "";
in
pkgs.writers.writeDashBin "kb-niri-${language}" ''
${pkgs.gnused}/bin/sed -i 's/^\(\s*layout\) ".*"$/\1 "${defaultLanguage.code},${code}"/;s/^\(\s*variant\) ".*"$/\1 "${defaultLanguage.variant},${variant}"/' ~/.config/niri/config.kdl
'') languages;
pkgs.writers.writeDashBin "kb-${language}" ''
if [ -z $SWAYSOCK ]; then
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${
toString (map (option: "-option ${option}") xkbOptions)
}
else
swaymsg -s $SWAYSOCK 'input * xkb_layout "${defaultLanguage.code},${code}"'
swaymsg -s $SWAYSOCK 'input * xkb_variant "${defaultLanguage.variant},${variant}"'
swaymsg -s $SWAYSOCK 'input * xkb_options "${lib.concatStringsSep "," xkbOptions}"'
fi
''
) languages;
# improve held key rate
services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";
systemd.user.services.gxkb = {
wantedBy = ["graphical-session.target"];
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
SyslogIdentifier = "gxkb";
ExecStart = "${pkgs.gxkb}/bin/gxkb";

4
configs/mpv.nix
View File

@@ -36,8 +36,8 @@ in {
"Alt+j" = "add video-pan-y -0.05";
};
scripts = [
# pkgs.mpvScripts.quality-menu
niveumPackages.mpv-visualizer
pkgs.mpvScripts.quality-menu
pkgs.mpvScripts.visualizer
];
};
};

5
configs/neovim.nix
View File

@@ -37,8 +37,8 @@
environment.systemPackages = [
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(niveumPackages.vim.override {
stylixColors = config.lib.stylix.colors;
# colorscheme = "base16-gruvbox-light-medium";
# stylixColors = config.lib.stylix.colors;
colorscheme = "base16-gruvbox-dark-medium";
})
# language servers
@@ -46,6 +46,7 @@
pkgs.haskellPackages.haskell-language-server
pkgs.texlab
pkgs.nil
pkgs.gopls
pkgs.nixfmt-rfc-style
pkgs.rust-analyzer
pkgs.nodePackages.typescript-language-server

445
configs/niri.nix
View File

@@ -1,445 +0,0 @@
{
pkgs,
config,
niveumPackages,
lib,
...
}:
let
inherit (import ../lib) defaultApplications;
niriConfig =
let
klem = niveumPackages.klem.override {
config.dmenu = "${pkgs.dmenu}/bin/dmenu -i -p klem";
config.scripts = {
"p.r paste" = pkgs.writers.writeDash "p.r" ''
${pkgs.curl}/bin/curl -fSs http://p.r --data-binary @- \
| ${pkgs.coreutils}/bin/tail --lines=1 \
| ${pkgs.gnused}/bin/sed 's/\\<r\\>/krebsco.de/'
'';
"envs.sh paste" = pkgs.writers.writeDash "envs-host" ''
${pkgs.curl}/bin/curl -F "file=@-" https://envs.sh
'';
"envs.sh shorten" = pkgs.writers.writeDash "envs-shorten" ''
${pkgs.curl}/bin/curl -F "shorten=$(${pkgs.coreutils}/bin/cat)" https://envs.sh
'';
"go.r shorten" = pkgs.writers.writeDash "go.r" ''
${pkgs.curl}/bin/curl -fSs http://go.r -F "uri=$(${pkgs.coreutils}/bin/cat)"
'';
"4d2.org paste" = pkgs.writers.writeDash "4d2-paste" ''
${pkgs.curl}/bin/curl -F "file=@-" https://depot.4d2.org/
'';
"0x0.st shorten" = pkgs.writers.writeDash "0x0.st" ''
${pkgs.curl}/bin/curl -fSs https://0x0.st -F "shorten=$(${pkgs.coreutils}/bin/cat)"
'';
"rot13" = pkgs.writers.writeDash "rot13" ''
${pkgs.coreutils}/bin/tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
'';
"ipa" = pkgs.writers.writeDash "ipa" ''
${niveumPackages.ipa}/bin/ipa
'';
"betacode" = pkgs.writers.writeDash "betacode" ''
${niveumPackages.betacode}/bin/betacode
'';
"curl" = pkgs.writers.writeDash "curl" ''
${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
'';
ocr = pkgs.writers.writeDash "ocr" ''
${pkgs.tesseract4}/bin/tesseract -l eng+deu - stdout
'';
emojai = pkgs.writers.writeDash "emojai" ''
${pkgs.curl}/bin/curl https://www.emojai.app/api/generate -X POST -H 'Content-Type: application/json' --data-raw "$(${pkgs.jq}/bin/jq -sR '{emoji:.}')" | ${pkgs.jq}/bin/jq -r .result
'';
"gpt-3.5" = pkgs.writers.writeDash "gpt" ''
${niveumPackages.gpt35}/bin/gpt
'';
gpt-4 = pkgs.writers.writeDash "gpt" ''
${niveumPackages.gpt4}/bin/gpt
'';
};
};
in
''
spawn-at-startup "${pkgs.ironbar}/bin/ironbar"
spawn-at-startup "${pkgs.xwayland-satellite}/bin/xwayland-satellite"
environment {
DISPLAY ":0"
ANKI_WAYLAND "1"
}
input {
warp-mouse-to-focus
focus-follows-mouse max-scroll-amount="0%"
keyboard {
repeat-rate 35
repeat-delay 350
track-layout "global"
xkb {
layout "de"
variant "T3"
options "ctrl:nocaps,compose:caps,grp:ctrls_toggle"
}
}
touchpad {
click-method "clickfinger"
tap
dwt
dwtp
}
}
prefer-no-csd
hotkey-overlay {
skip-at-startup
}
layout {
gaps 5
default-column-width {
proportion 0.5
}
preset-column-widths {
proportion 0.33333
proportion 0.5
proportion 0.66667
}
focus-ring {
width 2
}
shadow {
// on
softness 30
spread 5
offset x=0 y=5
draw-behind-window true
color "#00000070"
// inactive-color "#00000054"
}
tab-indicator {
// off
hide-when-single-tab
place-within-column
gap 5
width 4
length total-proportion=1.0
position "right"
gaps-between-tabs 2
corner-radius 8
active-color "red"
inactive-color "gray"
urgent-color "blue"
// active-gradient from="#80c8ff" to="#bbddff" angle=45
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
// urgent-gradient from="#800" to="#a33" angle=45
}
border {
off
}
}
animations {
// off
workspace-switch {
spring damping-ratio=1.0 stiffness=1000 epsilon=0.0001
}
window-open {
duration-ms 150
curve "ease-out-expo"
}
window-close {
duration-ms 150
curve "ease-out-quad"
}
horizontal-view-movement {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
window-movement {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
window-resize {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
config-notification-open-close {
spring damping-ratio=0.6 stiffness=1000 epsilon=0.001
}
screenshot-ui-open {
duration-ms 200
curve "ease-out-quad"
}
overview-open-close {
spring damping-ratio=1.0 stiffness=800 epsilon=0.0001
}
}
window-rule {
geometry-corner-radius 0
clip-to-geometry true
}
window-rule {
match app-id="mpv"
open-floating true
}
window-rule {
match app-id="rofi"
open-floating true
}
window-rule {
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
open-floating true
default-floating-position x=32 y=32 relative-to="bottom-left"
}
window-rule {
match is-window-cast-target=true
border {
on
width 3
active-color "#f38ba8"
inactive-color "#7d0d2d"
}
}
binds {
Mod+Shift+Slash { show-hotkey-overlay; }
Mod+Return { spawn "${(defaultApplications pkgs).terminal}"; }
Mod+D { spawn "${pkgs.wofi}/bin/wofi" "--show" "run"; }
Mod+Shift+D { spawn "${niveumPackages.notemenu}/bin/notemenu"; }
Mod+T { spawn "${(defaultApplications pkgs).fileManager}"; }
Mod+Y { spawn "${(defaultApplications pkgs).browser}"; }
Mod+P { spawn "${niveumPackages.passmenu}/bin/passmenu"; }
Mod+U { spawn "${niveumPackages.unicodmenu}/bin/unicodmenu"; }
Mod+Shift+Z { toggle-window-floating; }
Mod+B { spawn "${pkgs.ironbar}/bin/ironbar" "bar" "bar-1337" "toggle-visible"; }
Mod+F12 { spawn "${klem}/bin/klem"; }
Mod+Shift+Q { close-window; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -i 5"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -d 5"; }
XF86AudioMute allow-when-locked=true { spawn "${pkgs.pamixer}/bin/pamixer -t"; }
XF86AudioPause allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
XF86AudioPlay allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl play-pause"; }
XF86AudioNext allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl next"; }
XF86AudioPrev allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl previous"; }
XF86AudioStop allow-when-locked=true { spawn "${pkgs.playerctl}/bin/playerctl stop"; }
Print { spawn "flameshot gui"; }
Mod+Shift+W { spawn "swaylock"; }
Mod+Comma { consume-or-expel-window-left; }
Mod+Period { consume-or-expel-window-right; }
Mod+W { toggle-column-tabbed-display; }
Mod+A repeat=false { toggle-overview; }
Mod+F { maximize-column; }
Mod+C { center-column; }
Mod+Minus { set-column-width "-25%"; }
Mod+Plus { set-column-width "+25%"; }
Mod+Ctrl+0 { spawn "niri" "msg" "action" "switch-layout" "0"; }
Mod+Ctrl+1 { spawn "niri" "msg" "action" "switch-layout" "1"; }
Mod+Ctrl+2 { spawn "niri" "msg" "action" "switch-layout" "2"; }
Mod+Ctrl+3 { spawn "niri" "msg" "action" "switch-layout" "3"; }
Mod+Ctrl+4 { spawn "niri" "msg" "action" "switch-layout" "4"; }
Mod+Ctrl+5 { spawn "niri" "msg" "action" "switch-layout" "5"; }
Mod+Ctrl+6 { spawn "niri" "msg" "action" "switch-layout" "6"; }
Mod+Ctrl+7 { spawn "niri" "msg" "action" "switch-layout" "7"; }
Mod+Ctrl+8 { spawn "niri" "msg" "action" "switch-layout" "8"; }
Mod+Ctrl+9 { spawn "niri" "msg" "action" "switch-layout" "9"; }
Mod+H { focus-column-or-monitor-left; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+L { focus-column-or-monitor-right; }
Mod+Shift+H { move-column-left-or-to-monitor-left; }
Mod+Shift+J { move-window-down-or-to-workspace-down; }
Mod+Shift+K { move-window-up-or-to-workspace-up; }
Mod+Shift+L { move-column-right-or-to-monitor-right; }
Mod+Ctrl+H { focus-monitor-left; }
Mod+Ctrl+J { focus-monitor-down; }
Mod+Ctrl+K { focus-monitor-up; }
Mod+Ctrl+L { focus-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-workspace-down; }
Mod+Shift+Ctrl+K { move-column-to-workspace-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
Mod+Shift+Alt+Ctrl+H { move-workspace-to-monitor-left; }
Mod+Shift+Alt+Ctrl+J { move-workspace-down; }
Mod+Shift+Alt+Ctrl+K { move-workspace-up; }
Mod+Shift+Alt+Ctrl+L { move-workspace-to-monitor-right; }
Mod+1 { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+3 { focus-workspace 3; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+0 { focus-workspace 10; }
Mod+Shift+1 { move-window-to-workspace "1"; }
Mod+Shift+2 { move-window-to-workspace "2"; }
Mod+Shift+3 { move-window-to-workspace "3"; }
Mod+Shift+4 { move-window-to-workspace "4"; }
Mod+Shift+5 { move-window-to-workspace "5"; }
Mod+Shift+6 { move-window-to-workspace "6"; }
Mod+Shift+7 { move-window-to-workspace "7"; }
Mod+Shift+8 { move-window-to-workspace "8"; }
Mod+Shift+9 { move-window-to-workspace "9"; }
Mod+Shift+0 { move-window-to-workspace "0"; }
}
'';
in
{
system.activationScripts.niriConfig = {
text = ''
cp ${pkgs.writeText "config.kdl" niriConfig} ${config.users.users.me.home}/.config/niri/config.kdl
chown ${config.users.users.me.name}:${config.users.users.me.group} ${config.users.users.me.home}/.config/niri/config.kdl
'';
};
programs.niri.enable = true;
services.displayManager.defaultSession = lib.mkForce "niri";
home-manager.users.me = {
xdg.configFile."ironbar/style.css".text = ''
* {
font-size: 8pt;
font-family: "Gentium Plus", "BlexMono Nerd Font";
}
box, menubar, button {
background-color: unset;
box-shadow: none;
background-image: none;
}
.clock, .upower, .volume {
font-weight: unset;
}
tooltip * {
font-family: "BlexMono Nerd Font";
font-size: 7pt;
}
'';
xdg.configFile."ironbar/config.json".source = (pkgs.formats.json { }).generate "ironbar.json" {
name = "bar-1337";
height = 12;
layer = "top";
position = "bottom";
start = [ ];
center = [
{
type = "tray";
icon_size = 8;
}
{ type = "clipboard"; }
{ type = "notifications"; }
];
end = [
{
type = "upower";
icon_size = 8;
format = "{percentage}%";
}
{
type = "label";
tooltip = "{{df -h --output=size,used,avail,pcent,target}}";
label = "\t{{5000:df -h / --output=avail | tail +2}}";
}
{
type = "label";
tooltip = "{{free -Lh --si | awk '{for(i=1;i<=NF;i++){printf \"%s%s\", $i, (i%2? OFS: ORS)} if(NF%2) printf ORS}'}}";
label = "󰍛\t{{500:free -h --si | awk 'NR==2{printf $3 \"\\n\"}'}}";
}
{
type = "label";
tooltip = "{{}}";
on_click_left = "pamixer -t";
on_scroll_up = "pamixer -i 1";
on_scroll_down = "pamixer -d 1";
label = "{{500:if $(pamixer --get-mute) = true; then echo ; else echo ; fi}}\t{{500:pamixer --get-volume}}%";
}
{
type = "label";
tooltip = "{{uptime}}";
label = "\t{{500:uptime | sed 's/.*load average: \\([^ ]*\\);.*/\\1/' | tr ' ' '\n'}}";
}
{
type = "label";
tooltip = "{{khal list today today -d astro-test-3 }}";
label = "";
}
{
type = "label";
tooltip = "{{curl wttr.in/?0 | ${pkgs.ansifilter}/bin/ansifilter}}";
label = "󰔏";
}
{
type = "label";
name = "cal";
tooltip = "{{cal}}";
label = "{{500:date +'<U+F017>\t%Y-%m-%d (%W %a) %H:%M'}}";
}
];
};
programs.alacritty.enable = true; # Super+T in the default setting (terminal)
programs.swaylock.enable = true; # Super+Alt+L in the default setting (screen locker)
services.swaync = {
enable = true;
settings = {
notification-window-width = 300;
control-center-width = 300;
widgets = [
"volume"
"mpris"
"title"
"dnd"
"notifications"
];
widget-config = {
title = {
text = "ϥ̄";
"clear-all-button" = true;
"button-text" = "";
};
dnd.text = "̄̄ϣ̄̄";
label.text = "";
};
};
};
services.swayidle.enable = true; # idle management daemon
home.packages = with pkgs; [
xdg-desktop-portal-gnome
swaybg
];
};
services.gnome.gnome-keyring.enable = true; # secret service
security.pam.services.swaylock = { };
}

30
configs/packages.nix
View File

@@ -4,7 +4,6 @@
lib,
inputs,
niveumPackages,
unstablePackages,
...
}: let
worldradio = pkgs.callPackage ../packages/worldradio.nix {};
@@ -63,9 +62,15 @@ in {
};
environment.systemPackages = with pkgs; [
(pkgs.writers.writeDashBin "amfora" ''
${pkgs.st}/bin/st -e ${pkgs.amfora}/bin/amfora
'')
(pkgs.writers.writeDashBin "gpodder" ''
GPODDER_DOWNLOAD_DIR=${config.users.users.me.home}/mobile/audio/Text/podcasts exec ${pkgs.gpodder}/bin/gpodder "$@"
'')
# INTERNET
aria2
tdesktop
telegram-desktop
whois
dnsutils
# FILE MANAGERS
@@ -94,9 +99,10 @@ in {
# HARDWARE TOOLS
gnome-disk-utility
arandr # xrandr for noobs
wdisplays
libnotify # for notify-send
wl-clipboard # clipboard CLI
xdragon # drag and drop
xclip # clipboard CLI
dragon-drop # drag and drop
xorg.xkill # kill by clicking
portfolio # personal finance overview
audacity
@@ -114,22 +120,23 @@ in {
zoom-us # video conferencing
(pkgs.writers.writeDashBin "im" ''
weechat_password=$(${pkgs.pass}/bin/pass weechat)
exec ${unstablePackages.weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
'')
alejandra # nix formatter
pdfgrep # search in pdf
pdftk # pdf toolkit
mupdf
poppler_utils # pdf toolkit
poppler-utils # pdf toolkit
kdePackages.okular # the word is nucular
xournalpp # for annotating pdfs
pdfpc # presenter console for pdf slides
# niveumPackages.hc # print files as qr codes
niveumPackages.hc # print files as qr codes
yt-dlp
espeak
rink # unit converter
niveumPackages.auc
niveumPackages.noise-waves
niveumPackages.stag
niveumPackages.cheat-sh
niveumPackages.polyglot
niveumPackages.qrpaste
@@ -144,7 +151,6 @@ in {
niveumPackages.pls
niveumPackages.mpv-tv
niveumPackages.mpv-iptv
# jellyfin-media-player
niveumPackages.devanagari
niveumPackages.betacode # ancient greek betacode to unicode converter
niveumPackages.meteo
@@ -197,9 +203,6 @@ in {
${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
'')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
inputs.scripts.packages.x86_64-linux.alarm
spotify
@@ -237,10 +240,9 @@ in {
dhall
html-tidy
nodePackages.csslint
nodePackages.jsonlint
deno # better node.js
# texlive.combined.scheme-full
go
texlive.combined.scheme-full
latexrun
(aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))
# haskellPackages.pandoc-citeproc

1
configs/spacetime.nix
View File

@@ -3,5 +3,6 @@
location = {
latitude = 52.517;
longitude = 13.3872;
provider = "geoclue2";
};
}

2
configs/ssh.nix
View File

@@ -4,6 +4,7 @@
in {
users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
programs.ssh.startAgent = true;
services.gnome.gcr-ssh-agent.enable = false;
home-manager.users.me = {
# https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
@@ -40,6 +41,7 @@ in {
home-manager.users.me.programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";

52
configs/stw-berlin.nix
View File

@@ -1,52 +0,0 @@
{
pkgs,
config,
...
}: {
age.secrets.stw-berlin-card-code.file = ../secrets/stw-berlin-card-code.age;
systemd.services.stw-berlin = {
enable = true;
wants = ["network-online.target"];
startAt = "weekly";
serviceConfig = {
User = config.users.users.me.name;
Group = config.users.users.me.group;
WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
LoadCredential = [
"password:${config.age.secrets.stw-berlin-card-code.path}"
];
};
script = ''
KARTEN_ID=8071859
PASSWORT=$(cat "$CREDENTIALS_DIRECTORY"/password)
endpoint=https://ks.stw.berlin:4433/TL1/TLM/KASVC
authorization_header='Authorization: Basic S0FTVkM6ekt2NXlFMUxaVW12VzI5SQ=='
get_auth_token() {
${pkgs.curl}/bin/curl -sSL "$endpoint/LOGIN?karteNr=$KARTEN_ID&format=JSON&datenformat=JSON" \
-X POST \
-H "$authorization_header" \
--data-raw '{"BenutzerID":"'$KARTEN_ID'","Passwort":"'$PASSWORT'"}' \
| ${pkgs.jq}/bin/jq -r '.[0].authToken|@uri'
}
get_transactions() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_items() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANSPOS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_transactions > transactions-$(date -I).json
get_items > items-$(date -I).json
'';
};
}

19
configs/stylix.nix
View File

@@ -18,7 +18,7 @@ in {
stylix.enable = true;
stylix.image = generatedWallpaper;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-light.yaml";
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
stylix.cursor = {
name = "capitaine-cursors-white";
@@ -26,6 +26,9 @@ in {
size = 12;
};
home-manager.users.me = {
stylix.autoEnable = true;
};
# environment.etc."stylix/wallpaper.png".source = generatedWallpaper;
@@ -52,22 +55,22 @@ in {
stylix.fonts = {
serif = {
package = pkgs.gentium;
name = "Gentium Plus";
package = pkgs.noto-fonts;
name = "Noto Serif";
};
sansSerif = {
package = pkgs.gentium;
name = "Gentium Plus";
package = pkgs.noto-fonts;
name = "Noto Sans";
};
monospace = {
package = pkgs.nerd-fonts.blex-mono;
name = "BlexMono Nerd Font";
package = pkgs.noto-fonts;
name = "Noto Sans Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
package = pkgs.noto-fonts-color-emoji;
name = "Noto Color Emoji";
};

11
configs/tmux.nix
View File

@@ -13,7 +13,7 @@
aggressiveResize = true;
escapeTime = 50;
historyLimit = 7000;
shortcut = "a";
shortcut = "b";
extraConfig = ''
set -g mouse on
@@ -37,15 +37,6 @@
set -g status-left-length 32
set -g status-right-length 150
set -g status-bg colour242
setw -g window-status-format "#[fg=colour12,bg=colour233] #I #[fg=white,bg=colour237] #W "
setw -g window-status-current-format "#[fg=colour12,bg=colour233] * #[fg=white,bg=colour237,bold] #W "
set -g status-left ""
set -g status-right "#[fg=colour255,bg=colour237,bold] #(hostname -I) #[default]#[fg=colour12,bg=colour233] %FT%R "
set -g status-justify left
set -g status-position bottom
'';
};

86
configs/fu-berlin.nix → configs/uni.nix
View File

@@ -30,7 +30,19 @@ in {
};
};
accounts.email.accounts = {
fu-student =
letos =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
fu =
lib.recursiveUpdate defaults
(lib.recursiveUpdate fu-defaults
rec {
@@ -38,21 +50,6 @@ in {
address = "kieran.meinhardt@fu-berlin.de";
aliases = ["${userName}@fu-berlin.de"];
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = {
showSignature = "append";
text = ''
${defaults.realName}
${pronouns}
---
Studentische Hilfskraft / ZODIAC
Freie Universität Berlin
Telefon: +49 30 838 58118
Arnimallee 10, Raum 106, 14195 Berlin
'';
};
himalaya = {
enable = true;
settings.backend = "imap";
@@ -68,6 +65,12 @@ in {
group = config.users.users.me.group;
mode = "400";
};
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
fu-sftp-key = {
file = ../secrets/fu-sftp-key.age;
owner = "root";
@@ -110,24 +113,31 @@ in {
];
};
};
in {
"${remoteDir}/fu/zodiac" = {
device = "//trove.storage.fu-berlin.de/GESCHKULT";
fsType = "cifs";
options =
fu-berlin-cifs-options
++ [
"credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
];
};
} // home-directory-mount "meinhak99"
// home-directory-mount "xm7234fu";
age.secrets = {
cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
};
in home-directory-mount "meinhak99";
environment.systemPackages = [
(pkgs.writers.writeDashBin "hu-vpn-split" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-split.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@split_tunnel
''
}
'')
(pkgs.writers.writeDashBin "hu-vpn-full" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-full.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@tunnel_all
''
}
'')
(pkgs.writers.writeDashBin "fu-vpn" ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
@@ -138,16 +148,4 @@ in {
fi
'')
];
systemd.services.fu-vpn = {
enable = false;
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
script = ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
fi
'';
};
}

14
configs/virtualization.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
users.users.me.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
# Enable TPM support for VMs
virtualisation.libvirtd.qemu = {
# swtpm.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
];
}

5
configs/wpa_supplicant.nix
View File

@@ -1,6 +1,9 @@
{ config, ... }:
{
networking.wireless = {
enable = true;
networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
secretsFile = config.age.secrets.wifi.path;
# networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
networks.Schilfpalast.pskRaw = "ext:schilfpalast";
};
}

650
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

245
flake.nix
View File

@@ -2,32 +2,33 @@
description = "niveum: packages, modules, systems";
inputs = {
self.submodules = true;
agenix.url = "github:ryantm/agenix";
# alew-web.url = "git+ssh://gitea@code.kmein.de:22022/kfm/alew-web.git?ref=refs/heads/master";
autorenkalender.url = "github:kmein/autorenkalender";
coptic-dictionary.url = "github:kmein/coptic-dictionary";
flake-utils.url = "github:numtide/flake-utils";
home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.url = "github:nix-community/home-manager/release-25.11";
menstruation-backend.url = "github:kmein/menstruation.rs";
menstruation-telegram.url = "github:kmein/menstruation-telegram";
centerpiece.url = "github:friedow/centerpiece";
nix-on-droid.url = "github:t184256/nix-on-droid/release-23.05";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nur.url = "github:nix-community/NUR";
recht.url = "github:kmein/recht";
retiolum.url = "github:krebs/retiolum";
rust-overlay.url = "github:oxalica/rust-overlay";
scripts.url = "github:kmein/scripts";
stockholm.url = "github:krebs/stockholm";
stylix.url = "github:danth/stylix/release-25.05";
stylix.url = "github:danth/stylix/release-25.11";
telebots.url = "github:kmein/telebots";
tinc-graph.url = "github:kmein/tinc-graph";
voidrice.url = "github:Lukesmithxyz/voidrice";
wallpaper-generator.url = "github:pinpox/wallpaper-generator/v1.1";
wallpapers.url = "github:kmein/wallpapers";
autorenkalender.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "home-manager";
agenix.inputs.nixpkgs.follows = "nixpkgs";
coptic-dictionary.inputs.nixpkgs.follows = "nixpkgs";
@@ -35,110 +36,122 @@
# menstruation-backend.inputs.flake-utils.follows = "flake-utils";
# menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
# menstruation-backend.inputs.rust-overlay.follows = "rust-overlay";
menstruation-telegram.inputs.flake-utils.follows = "flake-utils";
menstruation-telegram.inputs.menstruation-backend.follows = "menstruation-backend";
menstruation-telegram.inputs.nixpkgs.follows = "nixpkgs-old";
nix-on-droid.inputs.home-manager.follows = "home-manager";
nix-on-droid.inputs.nixpkgs.follows = "nixpkgs";
recht.inputs.flake-utils.follows = "flake-utils";
recht.inputs.nixpkgs.follows = "nixpkgs";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
scripts.inputs.flake-utils.follows = "flake-utils";
scripts.inputs.nixpkgs.follows = "nixpkgs";
scripts.inputs.rust-overlay.follows = "rust-overlay";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.flake-utils.follows = "flake-utils";
tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.rust-overlay.follows = "rust-overlay";
voidrice.flake = false;
wallpaper-generator.inputs.flake-utils.follows = "flake-utils";
wallpapers.flake = false;
};
nixConfig = {
extra-substituters = [ "https://kmein.cachix.org" ];
extra-trusted-public-keys = [ "kmein.cachix.org-1:rsJ2b6++VQHJ1W6rGuDUYsK/qUkFA3bNpO6PyEyJ9Ls=" ];
};
outputs = inputs @ {
self,
nixpkgs,
nixpkgs-unstable,
nur,
home-manager,
agenix,
retiolum,
nixinate,
flake-utils,
nix-on-droid,
centerpiece,
stylix,
...
}:
outputs =
inputs@{
self,
nixpkgs,
nixpkgs-unstable,
nur,
home-manager,
agenix,
retiolum,
nixinate,
flake-utils,
nix-on-droid,
stylix,
...
}:
let
lib = nixpkgs.lib;
eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
in
{
apps = {
x86_64-darwin = let
pkgs = nixpkgs.legacyPackages.x86_64-darwin;
in {
deploy-maakaron = {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-maakaron" ''
exec $(nix build .#homeConfigurations.maakaron.activationPackage --no-link --print-out-paths)/activate
'');
x86_64-darwin =
let
pkgs = nixpkgs.legacyPackages.x86_64-darwin;
in
{
deploy-maakaron = {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-maakaron" ''
exec $(nix build .#homeConfigurations.maakaron.activationPackage --no-link --print-out-paths)/activate
''
);
};
};
};
x86_64-linux = let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
lib = nixpkgs.lib;
in
x86_64-linux =
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
lib = nixpkgs.lib;
in
nixinate.nixinate.x86_64-linux self
// {
mock-secrets = {
type = "app";
program = toString (pkgs.writers.writeDash "mock-secrets" ''
${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f | ${pkgs.coreutils}/bin/sort > secrets.txt
'');
program = toString (
pkgs.writers.writeDash "mock-secrets" ''
${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f | ${pkgs.coreutils}/bin/sort > secrets.txt
''
);
};
}
# the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
// builtins.listToAttrs (map (hostname: let
externalNetwork = import ./lib/external-network.nix;
targets = {
ful = "root@ful";
zaatar = "root@zaatar";
makanek = "root@makanek";
manakish = "root@manakish";
tahina = "root@tahina";
tabula = "root@tabula";
kabsa = "root@kabsa";
fatteh = "root@fatteh";
kibbeh = "root@kibbeh";
};
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-${hostname}" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .?submodules=1#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
}) (builtins.attrNames self.nixosConfigurations))
// builtins.listToAttrs (
map (
hostname:
let
externalNetwork = import ./lib/external-network.nix;
targets = {
ful = "root@ful";
zaatar = "root@zaatar";
makanek = "root@makanek";
manakish = "root@manakish";
tahina = "root@tahina";
tabula = "root@tabula";
kabsa = "root@kabsa";
fatteh = "root@fatteh";
kibbeh = "root@kibbeh";
};
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-${hostname}" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
}
) (builtins.attrNames self.nixosConfigurations)
)
// {
deploy-ful = {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .?submodules=1#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
program = toString (
pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
};
};
};
# TODO overlay for packages
# TODO remove flake-utils dependency from my own repos
nixosModules = {
htgen = import modules/htgen.nix;
moodle-dl = import modules/moodle-dl.nix;
@@ -148,6 +161,7 @@
power-action = import modules/power-action.nix;
system-dependent = import modules/system-dependent.nix;
telegram-bot = import modules/telegram-bot.nix;
go-webring = import modules/go-webring.nix;
};
lib = {
@@ -156,10 +170,10 @@
nixOnDroidConfigurations = {
moto = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [systems/moto/configuration.nix];
modules = [ systems/moto/configuration.nix ];
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [nix-on-droid.overlays.default];
overlays = [ nix-on-droid.overlays.default ];
};
extraSpecialArgs = {
niveumPackages = inputs.self.packages.aarch64-linux;
@@ -171,13 +185,14 @@
};
homeConfigurations = {
maakaron = let
system = "x86_64-darwin";
pkgs = nixpkgs.legacyPackages.${system};
in
maakaron =
let
system = "x86_64-darwin";
pkgs = nixpkgs.legacyPackages.${system};
in
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [./systems/maakaron/home.nix];
modules = [ ./systems/maakaron/home.nix ];
extraSpecialArgs = {
inherit inputs;
niveumPackages = inputs.self.packages.${system};
@@ -209,6 +224,7 @@
agenix.nixosModules.default
inputs.self.nixosModules.passport
inputs.self.nixosModules.panoptikon
inputs.self.nixosModules.go-webring
inputs.self.nixosModules.htgen
inputs.stockholm.nixosModules.reaktor2
retiolum.nixosModules.retiolum
@@ -241,6 +257,7 @@
systems/kibbeh/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
];
};
makanek = nixpkgs.lib.nixosSystem rec {
@@ -312,29 +329,29 @@
];
};
};
}
// flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.wofi}/bin/wofi --dmenu "$@"'';
})
];
};
unstablePackages = import nixpkgs-unstable {
inherit system;
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
packages = rec {
packages = eachSupportedSystem (system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
})
];
};
unstablePackages = import nixpkgs-unstable {
inherit system;
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
auc = pkgs.callPackage packages/auc.nix {};
betacode = pkgs.callPackage packages/betacode.nix {};
brainmelter = pkgs.callPackage packages/brainmelter.nix {};
@@ -400,6 +417,7 @@
q = pkgs.callPackage packages/q.nix {};
qrpaste = pkgs.callPackage packages/qrpaste.nix {};
random-zeno = pkgs.callPackage packages/random-zeno.nix {};
go-webring = pkgs.callPackage packages/go-webring.nix {};
rfc = pkgs.callPackage packages/rfc.nix {};
gimp = pkgs.callPackage packages/gimp.nix {};
scanned = pkgs.callPackage packages/scanned.nix {};
@@ -407,11 +425,11 @@
text2pdf = pkgs.callPackage packages/text2pdf.nix {};
timer = pkgs.callPackage packages/timer.nix {};
tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
passmenu = pkgs.callPackage packages/passmenu.nix {};
trans = pkgs.callPackage packages/trans.nix {};
ttspaste = pkgs.callPackage packages/ttspaste.nix {};
unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
emailmenu = pkgs.callPackage packages/emailmenu.nix {};
stag = pkgs.callPackage packages/stag.nix {};
untilport = pkgs.callPackage packages/untilport.nix {};
vg = pkgs.callPackage packages/vg.nix {};
vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};
@@ -421,6 +439,8 @@
vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {};
vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {};
vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {};
vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix {};
vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix {};
vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {};
vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {};
vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {};
@@ -432,9 +452,6 @@
weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {};
wttr = pkgs.callPackage packages/wttr.nix {};
itl = pkgs.callPackage packages/itl.nix {};
itools = pkgs.callPackage packages/itools.nix {itl = itl;};
booksplit = wrapScript {
script = inputs.voidrice.outPath + "/.local/bin/booksplit";
name = "booksplit";
@@ -446,6 +463,6 @@
name = "tag";
packages = [pkgs.ffmpeg];
};
};
});
});
};
}

10
lib/local-network.nix
View File

@@ -1,10 +1,4 @@
{
toum = "192.168.178.24";
zaatar = "192.168.178.21";
kabsa = "192.168.178.32";
android = "192.168.178.35";
manakish = "192.168.178.29";
officejet = "192.168.178.27";
fritzbox = "192.168.178.1";
officejet = "192.168.0.251";
router = "192.168.0.1";
}

8
lib/streams.nix
View File

@@ -2029,6 +2029,14 @@ in
stream = "av://lavfi:anoisesrc=color=brown";
station = "Brownian noise";
}
{
stream = "https://st03.sslstream.dlf.de/dlf/03/high/aac/stream.aac";
station = "Deutschlandfunk Nova";
}
{
stream = "https://samaaisb107-itelservices.radioca.st/stream";
station = "Samaa FM 107.4 Pakistan";
}
]
++ map (name: {
stream = "https://${name}.stream.publicradio.org/${name}.aac";

175
lib/style.css
View File

@@ -1,175 +0,0 @@
* {
font-size: 14px;
border-radius: 5px;
}
window#waybar {
/* `otf-font-awesome` is required to be installed for icons */
font-family: FontAwesome, monospace;
background-color: transparent;
border-bottom: 0px;
color: #ebdbb2;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
window#waybar.empty #window {
background-color: transparent;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
.modules-right {
margin: 10px 10px 0 0;
}
.modules-center {
margin: 10px 0 0 0;
}
.modules-left {
margin: 10px 0 0 10px;
}
button {
/* Use box-shadow instead of border so the text isn't offset */
/* box-shadow: inset 0 -3px transparent; */
border: none;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
/*
button:hover {
background: inherit;
box-shadow: inset 0 -3px #ebdbb2;
} */
#workspaces {
background-color: #282828;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ebdbb2;
border-radius: 0;
}
#workspaces button:first-child {
border-radius: 5px 0 0 5px;
}
#workspaces button:last-child {
border-radius: 0 5px 5px 0;
}
#workspaces button:hover {
color: #d79921;
}
#workspaces button.focused {
background-color: #665c54;
/* box-shadow: inset 0 -3px #ffffff; */
}
#workspaces button.urgent {
background-color: #b16286;
}
#idle_inhibitor,
#cava,
#scratchpad,
#mode,
#window,
#clock,
#battery,
#backlight,
#wireplumber,
#tray,
#mpris,
#load {
padding: 0 10px;
background-color: #282828;
color: #ebdbb2;
}
#mode {
background-color: #689d6a;
color: #282828;
/* box-shadow: inset 0 -3px #ffffff; */
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#cava {
padding: 0 5px;
}
#battery.charging, #battery.plugged {
background-color: #98971a;
color: #282828;
}
@keyframes blink {
to {
background-color: #282828;
color: #ebdbb2;
}
}
/* Using steps() instead of linear as a timing function to limit cpu usage */
#battery.critical:not(.charging) {
background-color: #cc241d;
color: #ebdbb2;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: steps(12);
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#wireplumber.muted {
background-color: #458588;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
}
#mpris.playing {
background-color: #d79921;
color: #282828;
}
#tray menu {
font-family: sans-serif;
}
#scratchpad.empty {
background: transparent;
}

6
lib/vim/init.lua
View File

@@ -91,6 +91,7 @@ local language_servers = {
-- tsserver = {}, -- typescript-language-server
cssls = {},
elmls = {}, -- elm-language-server
gopls = {}, -- gopls
denols = {}, -- deno built in
bashls = {}, -- bash-language-server
lua_ls = {
@@ -154,10 +155,11 @@ local language_servers = {
}
for server, settings in pairs(language_servers) do
require('lspconfig')[server].setup{
vim.lsp.config(server, {
on_attach = on_attach,
flags = lsp_flags,
settings = settings,
capabilities = capabilities
}
})
vim.lsp.enable(server)
end

10
lib/vim/init.vim
View File

@@ -102,6 +102,7 @@ augroup filetypes
autocmd bufnewfile,bufread urls,config set filetype=conf
autocmd bufnewfile,bufread *.elm packadd elm-vim | set filetype=elm shiftwidth=4
autocmd bufnewfile,bufread *.md packadd vim-pandoc | packadd vim-pandoc-syntax | set filetype=pandoc
autocmd bufnewfile,bufread *.ex,*.exs packadd vim-elixir | set filetype=elixir
autocmd filetype haskell packadd haskell-vim | set keywordprg=hoogle\ -i
autocmd filetype javascript packadd vim-javascript
autocmd filetype make setlocal noexpandtab
@@ -124,3 +125,12 @@ set complete+=kspell
let g:pandoc#syntax#conceal#use = 0
let g:pandoc#modules#disabled = []
let g:pandoc#spell#default_langs = ['en', 'de']
autocmd! User GoyoEnter Limelight
autocmd! User GoyoLeave Limelight!
" Disable Copilot by default
let b:copilot_enabled = v:false
" keymap to toggle it enabled
nnoremap <leader>gc :let b:copilot_enabled = !b:copilot_enabled<CR>

140
modules/go-webring.nix Normal file
View File

@@ -0,0 +1,140 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
types
literalExpression
mkIf
;
cfg = config.services.go-webring;
defaultAddress = "127.0.0.1:2857";
in
{
options = {
services.go-webring = {
enable = mkEnableOption "go-webring";
package = mkPackageOption pkgs "go-webring" { };
contactInstructions = mkOption {
type = types.nullOr types.str;
default = null;
description = "Contact instructions for errors";
example = "contact the admin and let them know what's up";
};
host = mkOption {
type = types.str;
description = "Host this webring runs on, primarily used for validation";
example = "my-webri.ng";
};
homePageTemplate = mkOption {
type = types.str;
description = ''
This should be any HTML file with the string "{{ . }}" placed
wherever you want the table of members inserted. This table is
plain HTML so you can style it with CSS.
'';
};
listenAddress = mkOption {
type = types.str;
default = defaultAddress;
description = "Host and port go-webring will listen on";
};
members = mkOption {
type = types.listOf (
types.submodule {
options = {
username = mkOption {
type = types.str;
description = "Member's name";
};
site = mkOption {
type = types.str;
description = "Member's site URL";
};
};
}
);
description = "List of members in the webring";
};
};
};
config = mkIf cfg.enable {
systemd.services.go-webring = {
description = "go-webring service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = ''
${lib.getExe cfg.package} \
${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
--host ${cfg.host} \
--index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
--listen ${cfg.listenAddress} \
--members ${
pkgs.writeText "list.txt" (
lib.concatMapStrings (member: member.username + " " + member.site + "\n") cfg.members
)
}
'';
User = "go-webring";
DynamicUser = true;
RuntimeDirectory = "go-webring";
WorkingDirectory = "/var/lib/go-webring";
StateDirectory = "go-webring";
RuntimeDirectoryMode = "0750";
Restart = "always";
RestartSec = 5;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
};
environment.systemPackages = [ cfg.package ];
};
}

2
modules/panoptikon.nix
View File

@@ -29,7 +29,7 @@
default = "daily";
};
loadCredential = lib.mkOption {
type = lib.types.listOf lib.types.string;
type = lib.types.listOf lib.types.str;
description = ''
This can be used to pass secrets to the systemd service without adding them to the nix store.
'';

21
packages/go-webring.nix Normal file
View File

@@ -0,0 +1,21 @@
{ buildGoModule, fetchgit, lib }:
buildGoModule {
pname = "go-webring";
version = "2024-12-18";
src = fetchgit {
url = "https://git.sr.ht/~amolith/go-webring";
rev = "0b5b1bf21ff91119ea2dd042ee9fe94e9d1cd8d4";
hash = "sha256-az6vBOGiZmzfsMjYUacXMHhDeRDmVI/arCKCpHeTcns=";
};
vendorHash = "sha256-3PnXB8AfZtgmYEPJuh0fwvG38dtngoS/lxyx3H+rvFs=";
meta = {
mainProgram = "go-webring";
description = "Simple webring implementation";
homepage = "https://git.sr.ht/~amolith/go-webring";
license = lib.licenses.bsd2; # cc0 as well
maintainers = [ lib.maintainers.kmein ];
};
}

4
packages/hc.nix
View File

@@ -9,7 +9,7 @@
gnugrep,
qrencode,
texlive,
utillinux,
util-linux,
zbar,
}:
stdenv.mkDerivation rec {
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
gnugrep
qrencode
texlive.combined.scheme-full
utillinux
util-linux
zbar
]}
'';

4
packages/klem.nix
View File

@@ -42,14 +42,14 @@ in
pkgs.writers.writeDashBin "klem" ''
set -efu
${pkgs.wl-clipboard}/bin/wl-paste \
${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -out \
| case $(echo "${
lib.concatStringsSep "\n" (lib.attrNames cfg.scripts)
}" | ${cfg.dmenu}) in
${lib.concatStringsSep "\n" (lib.mapAttrsToList scriptCase cfg.scripts)}
*) ${pkgs.coreutils}/bin/cat ;;
esac \
| ${pkgs.wl-clipboard}/bin/wl-copy
| ${pkgs.xclip}/bin/xclip -selection ${cfg.selection} -in
${pkgs.libnotify}/bin/notify-send --app-name="klem" "Result copied to clipboard."
''

6
packages/notemenu.nix
View File

@@ -1,7 +1,7 @@
{
writers,
lib,
wofi,
rofi,
findutils,
coreutils,
noteDirectory ? "~/state/obsidian",
@@ -11,7 +11,7 @@
writers.writeDashBin "notemenu" ''
set -efu
PATH=$PATH:${
lib.makeBinPath [wofi findutils coreutils]
lib.makeBinPath [rofi findutils coreutils]
}
cd ${noteDirectory}
@@ -21,7 +21,7 @@ writers.writeDashBin "notemenu" ''
echo $(date -I -d yesterday).md
''}
find . -not -path '*/.*' -type f -printf "%T@ %p\n" | sort --reverse --numeric-sort | cut --delimiter=" " --fields=2-
} | wofi -dmenu -i -p 'notes')
} | rofi -dmenu -i -p 'notes')
if test "$note_file"
then
alacritty --working-directory ${noteDirectory} -e ${niveumPackages.obsidian-vim}/bin/nvim "$note_file"

3
packages/obsidian-vim.nix
View File

@@ -22,7 +22,7 @@ neovim.override {
\ 'path': '${obsidiantVaultDirectory}',
\ 'syntax': 'markdown',
\ 'ext': '.md',
\ 'diary_rel_path' '.',
\ 'diary_rel_path': '.',
\}]
let NERDTreeSortOrder = ['[[-timestamp]]']
@@ -35,7 +35,6 @@ neovim.override {
vimPlugins.nerdtree
vimPlugins.fzf-vim
vimPlugins.fzfWrapper
vimPlugins.vim-fugitive
];
};
}

18
packages/passmenu.nix
View File

@@ -1,18 +0,0 @@
{ writers, wofi, pass, fd, libnotify, ... }:
writers.writeBashBin "passmenu" ''
shopt -s nullglob globstar
IFS=$'\n'
prefix=$(readlink -f ''${PASSWORD_STORE_DIR-~/.password-store})
password_files=( $( ${fd}/bin/fd -L ".gpg\$" "$prefix" ) )
password_files=( "''${password_files[@]#"$prefix"/}" )
password_files=( "''${password_files[@]%.gpg}" )
password=$( printf '%s\n' "''${password_files[@]}" | ${wofi}/bin/wofi -i -k /dev/null -d menu -- "$@" )
[[ -n $password ]] || exit
OUT=$(${pass}/bin/pass show --clip "$password")
${libnotify}/bin/notify-send -t 5000 "$(echo "$OUT" | grep '^login:' | sed 's/^login: //')"
''

5
packages/pls.nix
View File

@@ -1,6 +1,7 @@
{
lib,
writers,
yt-dlp,
miller,
gnused,
curl,
@@ -95,6 +96,10 @@
"ich kann damit leben"
"es ist was es ist"
];
download = writers.writeDash "download" ''
${yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic "$@"
'';
in
writers.writeDashBin "pls" ''
case "$1" in

4
packages/qrpaste.nix
View File

@@ -2,7 +2,7 @@
writers,
mktemp,
qrencode,
wl-clipboard,
xclip,
nsxiv,
}:
writers.writeDashBin "qrpaste" ''
@@ -11,6 +11,6 @@ writers.writeDashBin "qrpaste" ''
clean() {
rm "$file"
}
${qrencode}/bin/qrencode "$(${wl-clipboard}/bin/wl-paste)" -o "$file"
${qrencode}/bin/qrencode "$(${xclip}/bin/xclip -selection clipboard -out)" -o "$file"
${nsxiv}/bin/nsxiv "$file"
''

4
packages/scanned.nix
View File

@@ -2,8 +2,12 @@
{
writers,
imagemagick,
ghostscript,
lib
}:
writers.writeDashBin "scanned" ''
export PATH=${lib.makeBinPath [ imagemagick ghostscript ]}:$PATH
[ $# -eq 1 -a -f "$1" -a -r "$1" ] || exit 1
${imagemagick}/bin/convert \

45
packages/stag.nix Normal file
View File

@@ -0,0 +1,45 @@
{
lib,
stdenv,
fetchFromGitHub,
ncurses,
taglib,
zlib,
}:
stdenv.mkDerivation rec {
pname = "stag";
version = "1.0";
src = fetchFromGitHub {
owner = "smabie";
repo = "stag";
rev = "v${version}";
hash = "sha256-IWb6ZbPlFfEvZogPh8nMqXatrg206BTV2DYg7BMm7R4=";
};
buildInputs = [
ncurses
taglib
zlib
];
buildPhase = ''
make all
'';
installPhase = ''
mkdir -p $out/bin
cp stag $out/bin/
mkdir -p $out/man/man1
mv stag.1 $out/man/man1/
'';
meta = {
description = "public domain utf8 curses based audio file tagger";
homepage = "https://github.com/smabie/stag";
license = lib.licenses.publicDomain;
maintainers = [ lib.maintainers.kmein ];
platforms = lib.platforms.unix;
source = src;
};
}

4
packages/ttspaste.nix
View File

@@ -1,10 +1,10 @@
{
writers,
wl-clipboard,
xclip,
espeak,
}:
writers.writeDashBin "ttspaste" ''
${wl-clipboard}/bin/paste | ${espeak}/bin/espeak
${xclip}/bin/xclip -selection clipboard -out | ${espeak}/bin/espeak
''
# curl, mpv,
# ${curl}/bin/curl -G http://tts.r/api/tts --data-urlencode 'text@-' | ${mpv}/bin/mpv -

6
packages/unicodmenu.nix
View File

@@ -8,7 +8,7 @@
dmenu,
gnused,
libnotify,
wl-clipboard,
xclip,
xdotool,
gawk,
fetchFromGitHub,
@@ -90,7 +90,7 @@ in
writers.writeDashBin "unicodmenu" ''
history_file=$HOME/.cache/unicodmenu
touch "$history_file"
PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify wl-clipboard xdotool]}
PATH=${lib.makeBinPath [coreutils dmenu gawk gnused libnotify xclip xdotool]}
all_characters() {
tac "$history_file"
@@ -101,7 +101,7 @@ in
[ "$chosen" != "" ] || exit
echo "$chosen" | tr -d '\n' | wl-copy
echo "$chosen" | tr -d '\n' | xclip -selection clipboard
if [ -n "$1" ]; then
xdotool key Shift+Insert

8
packages/vim.nix
View File

@@ -40,6 +40,13 @@
editorconfig-vim
copilot-vim
goyo
limelight-vim
niveumPackages.vimPlugins-mdwa-nvim
niveumPackages.vimPlugins-vim-ernest
fzf-vim
fzfWrapper
supertab
@@ -74,6 +81,7 @@
dhall-vim
elm-vim
emmet-vim
vim-elixir
haskell-vim
niveumPackages.vimPlugins-icalendar-vim
niveumPackages.vimPlugins-jq-vim

2
packages/vimPlugins/cheat-sh.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPluginFrom2Nix {
}: (vimUtils.buildVimPlugin {
pname = "cheat.sh-vim";
version = "826219d1";
src = fetchFromGitHub {

2
packages/vimPlugins/icalendar-vim.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPluginFrom2Nix {
}: (vimUtils.buildVimPlugin {
pname = "icalendar.vim";
version = "542fff45";
src = fetchFromGitHub {

2
packages/vimPlugins/jq-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix {
vimUtils.buildVimPlugin {
pname = "jq.vim";
version = "5baf8ed1";
src = fetchFromGitHub {

13
packages/vimPlugins/mdwa-nvim.nix Normal file
View File

@@ -0,0 +1,13 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
pname = "mdwa.nvim";
version = "9f37270";
src = fetchFromGitHub {
owner = "tihawk";
repo = "mdwa.nvim";
rev = "9f3727037e0d85fd0930334b91b9687a5a880192";
hash = "sha256-h2jy2E+pN2Ma/5n9Eq2oXr9xHma2OxxVvx9EJ+bIYxA=";
};
})

2
packages/vimPlugins/typst-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix {
vimUtils.buildVimPlugin {
pname = "typst.vim";
version = "2882f21";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-256noir.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix {
vimUtils.buildVimPlugin {
pname = "vim-256noir";
version = "e8668a18";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-colors-paramount.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix rec {
vimUtils.buildVimPlugin {
pname = "vim-colors-paramount";
version = "a5601d36";
src = fetchFromGitHub {

14
packages/vimPlugins/vim-ernest.nix Normal file
View File

@@ -0,0 +1,14 @@
{
vimUtils,
fetchFromGitHub,
lib,
}: (vimUtils.buildVimPlugin {
pname = "vim-ernest";
version = "4b99bc3";
src = fetchFromGitHub {
owner = "lgalke";
repo = "vim-ernest";
rev = "4b99bc3fe3deb7bb958ad2f64cad93569eeb50d7";
hash = "sha256-AUuRnnZU39XUerBxNelEqVyDAalRm3VGNUQb15fjXjM=";
};
})

2
packages/vimPlugins/vim-fetch.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPluginFrom2Nix rec {
}: (vimUtils.buildVimPlugin {
pname = "vim-fetch";
version = "76c08586";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-fsharp.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix {
vimUtils.buildVimPlugin {
pname = "vim-fsharp";
version = "627db7d7";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-mail.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPluginFrom2Nix {
vimUtils.buildVimPlugin {
pname = "vim-mail";
version = "acdbb5bd";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-reason-plus.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPluginFrom2Nix {
}: (vimUtils.buildVimPlugin {
pname = "vim-reason-plus";
version = "c11a2940";
src = fetchFromGitHub {

7
packages/weechat-declarative.nix
View File

@@ -1,7 +1,6 @@
{
pkgs,
lib,
unstablePackages,
...
} @ args: let
# config cannot be declared in the input attribute set because that would
@@ -137,7 +136,7 @@
))
);
weechat = unstablePackages.weechat.override {
weechatPkg = pkgs.weechat.override {
configure = _: {
init = "/exec -oc cat ${setFile}";
@@ -163,14 +162,14 @@
cfg.files
)
}
exec ${weechat}/bin/weechat "$@"
exec ${weechatPkg}/bin/weechat "$@"
'';
in
pkgs.symlinkJoin {
name = "weechat-configured";
paths = [
wrapper
unstablePackages.weechat
weechatPkg
];
postBuild = ''
ln -s ${setFile} $out/weechat.set

2
secrets

Submodule secrets updated: e14a3170cc...236a3353a7

4
secrets.txt
View File

@@ -1,8 +1,11 @@
secrets/alertmanager-token-reporters.age
secrets/brevo-key.age
secrets/cifs-credentials-zodiac.age
secrets/copecart-ipn.age
secrets/di-fm-key.age
secrets/email-password-cock.age
secrets/email-password-fysi.age
secrets/email-password-ical-ephemeris.age
secrets/email-password-letos.age
secrets/email-password-meinhak99.age
secrets/email-password-posteo.age
@@ -76,6 +79,7 @@ secrets/telegram-token-proverb.age
secrets/telegram-token-reverse.age
secrets/telegram-token-streaming-link.age
secrets/weechat-sec.conf.age
secrets/wifi.age
secrets/zaatar-moodle-dl-basicAuth.age
secrets/zaatar-moodle-dl-tokens.json.age
secrets/zaatar-retiolum-privateKey-ed25519.age

3
systems/fatteh/configuration.nix
View File

@@ -9,6 +9,7 @@ in {
./hardware-configuration.nix
../../configs/networkmanager.nix
../../configs/default.nix
../../configs/0ad.nix
# ../../configs/gnome.nix
];
@@ -40,8 +41,6 @@ in {
wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
networking.hostName = "fatteh";
networking.retiolum = retiolumAddresses.fatteh;

62
systems/ful/configuration.nix
View File

@@ -12,8 +12,9 @@ in {
./radio.nix
./panoptikon.nix
./hledger.nix
./go-webring.nix
./gemini.nix
./wallabag.nix
./alew.nix
../../configs/monitoring.nix
../../configs/mycelium.nix
../../configs/tor.nix
@@ -69,65 +70,6 @@ in {
];
};
users.users.servant = {
isSystemUser = true;
group = "servant";
};
users.groups.servant = {};
systemd.services.servant = {
enable = true;
environment.PORT = toString 18987;
environment.VIRTUAL_HOST = "https://openapiaiapi.kmein.de";
serviceConfig.ExecStart = pkgs.writers.writeHaskell "server" {
libraries = with pkgs.haskellPackages; [
servant
servant-server
servant-openapi3
servant-swagger-ui
servant-client
aeson
text
warp
uuid
lens
];
ghcArgs = ["-O3" "-threaded"];
} ./servant-openapi.hs;
serviceConfig.User = "servant";
serviceConfig.Group = "servant";
};
services.htgen.openapi-conversion = {
port = 18988;
script = ''. ${pkgs.writers.writeDash "openapi-conversion" ''
case "$Method $Request_URI" in
"GET /openapi-3.1.json")
schema=$(mktemp -d)
trap 'rm -rf $schema' EXIT
${pkgs.wget}/bin/wget http://127.0.0.1:${toString 18987}/openapi.json -O "$schema"/openapi.json
cat "$schema"/openapi.json >&2
PATH=${lib.makeBinPath [pkgs.bashInteractive pkgs.nodejs]} ${pkgs.nodejs}/bin/npx --yes openapi-format "$schema"/openapi.json --convertTo "3.1" -o "$schema"/openapi-new.json
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: %s\r\n' "$(${pkgs.file}/bin/file -ib "$schema"/openapi-new.json)"
printf 'Server: %s\r\n' "$Server"
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(${pkgs.coreutils}/bin/wc -c < "$schema"/openapi-new.json)
printf '\r\n'
cat "$schema"/openapi-new.json
exit
;;
esac
''}'';
};
services.nginx.virtualHosts."openapiaiapi.kmein.de" = {
enableACME = true;
forceSSL = true;
locations."/openapi-3.1.json".proxyPass = "http://127.0.0.1:${toString 18988}";
locations."/".proxyPass = "http://127.0.0.1:${toString 18987}";
};
networking = {
firewall.allowedTCPPorts = [80 443];
hostName = "ful";

15
systems/ful/gemini.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 1965 ];
services.agate = {
enable = true;
addresses = [ "0.0.0.0:1965" ];
hostnames = [ "kmein.de" ];
language = "de";
};
services.restic.backups.niveum.paths = [
config.services.agate.contentDir
config.services.agate.certificatesDir
];
}

39
systems/ful/go-webring.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, niveumPackages ,... }:
let
port = 2857;
in
{
services.go-webring = {
enable = true;
host = "dichtungsring.kmein.de";
listenAddress = "127.0.0.1:${toString port}";
package = niveumPackages.go-webring;
members = [
{ username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
{ username = "huldra"; site = "huldras-halbtraum.com"; }
];
homePageTemplate = ''
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dichtungsring</title>
</head>
<body>
<h1>Willkommen beim Dichtungs-Ring</h1>
<p>Ein <a href="https://de.wikipedia.org/wiki/Webring">Webring</a> für die Dichtung.</p>
<section id="members">
<table><tbody>{{ . }}</tbody></table>
</section>
</body>
</html>
'';
};
services.nginx.virtualHosts."dichtungsring.kmein.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.go-webring.listenAddress}";
};
}

2
systems/ful/matomo.nix
View File

@@ -21,7 +21,7 @@ in {
nginx = {
serverName = "matomo.kmein.de";
};
package = pkgs.matomo_5;
package = pkgs.matomo;
};
services.mysql = {

119
systems/ful/servant-openapi.hs
View File

@@ -1,119 +0,0 @@
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE TypeOperators #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE OverloadedStrings #-}
module Main where
import Data.Aeson (ToJSON, FromJSON)
import GHC.Generics (Generic)
import Data.String (IsString(..))
import Network.Wai (Application)
import Network.Wai.Handler.Warp (run)
import Servant
import Servant.Client (HasClient (..))
import Servant.OpenApi (HasOpenApi(..), toOpenApi)
import qualified Data.Version as Version
import Servant.Swagger.UI (SwaggerSchemaUI, swaggerSchemaUIServer)
import Data.OpenApi (ToSchema, servers, license, info, description, version, title)
import qualified Data.OpenApi as OpenApi
import Control.Concurrent.MVar (MVar, newMVar, modifyMVar, readMVar)
import System.Environment (getEnv)
import Control.Monad.IO.Class (liftIO)
import Control.Lens
import qualified Data.Text as T
import GHC.Generics
import GHC.TypeLits
import Data.UUID (UUID)
import Data.UUID.V4 (nextRandom)
import qualified Data.UUID as UUID
-- Define a simple data type
data User = User
{ userId :: UUID
, name :: String
, age :: Int
} deriving (Generic, Show)
instance ToJSON User
instance FromJSON User
instance ToSchema User
-- Define the API type
type API = "users" :> OperationId "getUsers" :> Get '[JSON] [User]
:<|> "users" :> OperationId "insertUser" :> ReqBody '[JSON] User :> Post '[JSON] User
:<|> "users" :> OperationId "updateUser" :> Capture "id" UUID :> ReqBody '[JSON] User :> Put '[JSON] User
:<|> "users" :> OperationId "deleteUser" :> Capture "id" UUID :> Delete '[JSON] NoContent
-- Define the API with Swagger endpoints
type APIWithSwagger = API
:<|> SwaggerSchemaUI "swagger-ui" "openapi.json"
data OperationId (name :: Symbol)
instance HasServer subApi ctx => HasServer (OperationId name :> subApi) ctx where
type ServerT (OperationId name :> subApi) m = ServerT subApi m
route _ = route (Proxy @subApi)
hoistServerWithContext _ = hoistServerWithContext (Proxy @subApi)
instance (HasOpenApi subApi, KnownSymbol name) => HasOpenApi (OperationId name :> subApi) where
toOpenApi _ = toOpenApi (Proxy @subApi) & OpenApi.allOperations . OpenApi.operationId ?~ apiName
where
apiName = T.pack $ symbolVal (Proxy @name)
instance HasClient m api => HasClient m (OperationId name :> api) where
type Client m (OperationId name :> api) = Client m api
clientWithRoute pm Proxy = clientWithRoute pm (Proxy :: Proxy api)
hoistClientMonad pm _ = hoistClientMonad pm (Proxy :: Proxy api)
-- Handlers for the API
getUsers :: MVar [User] -> Handler [User]
getUsers usersVar = liftIO $ readMVar usersVar
addUser :: MVar [User] -> User -> Handler User
addUser usersVar newUser = liftIO $ do
newId <- nextRandom
let userWithId = newUser { userId = newId }
modifyMVar usersVar $ \users -> return (userWithId : users, userWithId)
updateUser :: MVar [User] -> UUID -> User -> Handler User
updateUser usersVar uid updatedUser = liftIO $ do
modifyMVar usersVar $ \users ->
let newUsers = map (\user -> if userId user == uid then updatedUser { userId = uid } else user) users
in return (newUsers, updatedUser { userId = uid })
deleteUser :: MVar [User] -> UUID -> Handler NoContent
deleteUser usersVar uid = liftIO $ do
modifyMVar usersVar $ \users ->
let newUsers = filter (\user -> userId user /= uid) users
in return (newUsers, NoContent)
-- Implement the server
server :: OpenApi.Server -> MVar [User] -> Server APIWithSwagger
server virtualHost usersVar = (getUsers usersVar
:<|> addUser usersVar
:<|> updateUser usersVar
:<|> deleteUser usersVar)
:<|> swaggerSchemaUIServer (toOpenApi (Proxy :: Proxy API)
& info.title .~ "OpenAPI AI API"
& info.version .~ "1.0"
& info.description ?~ "This is an API for AI with OpenAPI"
& info.license ?~ "MIT"
& servers .~ [virtualHost])
-- Create the application
app :: OpenApi.Server -> MVar [User] -> Application
app virtualHost usersVar = serve (Proxy :: Proxy APIWithSwagger) (server virtualHost usersVar)
-- Main entry point
main :: IO ()
main = do
initialUsers <- mapM (\(name, age) -> nextRandom >>= \uid -> return (User uid name age)) [("Alice", 30), ("Bob", 25)]
usersVar <- newMVar initialUsers
virtualHost <- getEnv "VIRTUAL_HOST"
port <- read <$> getEnv "PORT" -- Assuming PORT is a number
run port (app (fromString virtualHost) usersVar)

15
systems/kabsa/configuration.nix
View File

@@ -1,16 +1,11 @@
{
config,
niveumPackages,
pkgs,
lib,
inputs,
...
}:
let
# TODO wrap obsidian: obsidian --no-sandbox --ozone-platform=wayland --ozone-platform-hint=auto --enable-features=UseOzonePlatform,WaylandWindowDecorations %U
}: let
inherit (import ../../lib) retiolumAddresses;
in
{
in {
imports = [
../kibbeh/hardware-configuration.nix
../../configs/tlp.nix
@@ -50,13 +45,11 @@ in
wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = [ "192.168.178.203/24" ];
environment.systemPackages = [ pkgs.zeroad ];
environment.systemPackages = [pkgs.zeroad];
networking = {
hostName = "kabsa";
wireless.interfaces = [ "wlp3s0" ];
wireless.interfaces = ["wlp3s0"];
retiolum = retiolumAddresses.kabsa;
};

1
systems/kibbeh/configuration.nix
View File

@@ -14,7 +14,6 @@
../../configs/sound.nix
../../configs/printing.nix
../../configs/nix.nix
../../configs/flix.nix
../../configs/fonts.nix
../../configs/mycelium.nix
../../configs/retiolum.nix

21
systems/makanek/configuration.nix
View File

@@ -13,7 +13,7 @@ in {
./menstruation.nix
./moinbot.nix
./monitoring
./names.nix
# ./names.nix
./nextcloud.nix
../../configs/mycelium.nix
./radio-news.nix
@@ -48,7 +48,7 @@ in {
config.services.grafana.dataDir
config.services.gitea.stateDir
config.services.weechat.root
config.services.nginx.virtualHosts."www.kmein.de".root
config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
"/var/lib/weechat"
"/var/lib/codimd"
];
@@ -121,7 +121,22 @@ in {
services.nginx.virtualHosts."www.kmein.de" = {
addSSL = true;
enableACME = true;
root = "/var/www/kmein.de";
locations."/" = {
root = "/var/www/kmein.de";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
return 204; # No Content
}
'';
};
};
environment.systemPackages = [

351
systems/makanek/monitoring/default.nix
View File

@@ -3,11 +3,13 @@
config,
pkgs,
...
}: let
}:
let
lokiConfig = import ./loki.nix;
blackboxConfig = import ./blackbox.nix;
inherit (import ../../../lib) restic;
in {
in
{
services.grafana = {
enable = true;
settings = {
@@ -80,143 +82,150 @@ in {
}
];
services.prometheus.rules = let
diskFreeThreshold = 10;
in [
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
services.prometheus.rules =
let
diskFreeThreshold = 10;
in
[
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "Mastodon";
expr = ''probe_success{instance="https://social.krebsco.de"} == 0'';
for = "5m";
annotations.description = "Mastodon instance {{$labels.instance}} is down";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
# ref https://github.com/Mic92/dotfiles/blob/f44bac5dd6970ed3fbb4feb906917331ec3c2be5/machines/eva/modules/prometheus/default.nix
systemd.services.matrix-hook = {
@@ -246,6 +255,33 @@ in {
};
};
systemd.services.matrix-hook-lassulus = {
description = "Matrix Hook";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HTTP_ADDRESS = "[::1]";
HTTP_PORT = "9089";
MX_HOMESERVER = "https://matrix.4d2.org";
MX_ID = "@lakai:4d2.org";
MX_ROOMID = "!MJAGqBAOKZGMywzwkI:lassul.us";
MX_MSG_TEMPLATE = "${pkgs.matrix-hook}/message.html.tmpl";
};
serviceConfig = {
EnvironmentFile = [
# format: MX_TOKEN=<token>
config.age.secrets.matrix-token-lakai-env.path
];
Type = "simple";
ExecStart = "${pkgs.matrix-hook}/bin/matrix-hook";
Restart = "always";
RestartSec = "10";
DynamicUser = true;
User = "matrix-hook";
Group = "matrix-hook";
};
};
age.secrets = {
matrix-token-lakai-env.file = ../../../secrets/matrix-token-lakai-env.age;
};
@@ -260,8 +296,23 @@ in {
group_wait = "30s";
repeat_interval = "24h";
receiver = "matrix";
routes = [
{
receiver = "lassulus";
matchers = [ "alertname = \"Mastodon\"" ];
}
];
};
receivers = [
{
name = "lassulus";
webhook_configs = [
{
url = "http://localhost:9089/alert";
max_alerts = 5;
}
];
}
{
name = "matrix";
webhook_configs = [
@@ -306,13 +357,21 @@ in {
{
scheme = "http";
path_prefix = "/";
static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.alertmanager.port}" ]; }
];
}
];
# otherwise bearer_token_file will fail
services.prometheus.checkConfig = "syntax-only";
services.prometheus.extraFlags = [
"--storage.tsdb.retention.time=7d"
"--storage.tsdb.retention.size=2GB"
"--storage.tsdb.wal-compression"
];
services.prometheus.scrapeConfigs = [
{
job_name = "makanek";
@@ -328,14 +387,14 @@ in {
scrape_interval = "5m";
job_name = "blackbox";
metrics_path = "/probe";
params.module = ["http_2xx"];
params.module = [ "http_2xx" ];
relabel_configs = [
{
source_labels = ["__address__"];
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
source_labels = ["__param_target"];
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
@@ -393,7 +452,7 @@ in {
scrape_interval = "60s";
metrics_path = "/api/prometheus";
scheme = "http";
static_configs = [{targets = ["zaatar.r:8123"];}];
static_configs = [ { targets = [ "zaatar.r:8123" ]; } ];
bearer_token_file = config.age.secrets.home-assistant-token.path;
}
{
@@ -410,7 +469,7 @@ in {
services.prometheus.exporters.blackbox = {
enable = true;
configFile = (pkgs.formats.yaml {}).generate "blackbox.yaml" blackboxConfig;
configFile = (pkgs.formats.yaml { }).generate "blackbox.yaml" blackboxConfig;
};
networking.firewall.allowedTCPPorts = [
@@ -419,6 +478,6 @@ in {
services.loki = {
enable = true;
configFile = (pkgs.formats.yaml {}).generate "loki.yaml" lokiConfig;
configFile = (pkgs.formats.yaml { }).generate "loki.yaml" lokiConfig;
};
}

6
systems/makanek/weechat.nix
View File

@@ -1,15 +1,11 @@
{
lib,
pkgs,
config,
unstablePackages,
...
}: let
inherit (import ../../lib) kieran;
weechatHome = "/var/lib/weechat";
weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {
inherit unstablePackages;
};
weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
in {
systemd.services.weechat = let
tmux = pkgs.writers.writeDash "tmux" ''

2
systems/manakish/configuration.nix
View File

@@ -36,8 +36,6 @@ in {
wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
niveum = {
batteryName = "BAT0";
wirelessInterface = "wlp3s0";

2
systems/moto/configuration.nix
View File

@@ -26,7 +26,7 @@ in {
procps
tzdata
unzip
utillinux
util-linux
vim
which
xz

3
systems/zaatar/configuration.nix
View File

@@ -28,6 +28,9 @@ in {
services.pipewire.systemWide = true;
age.secrets = {
wifi = {
file = ../../secrets/wifi.age;
};
retiolum-rsa = {
file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
mode = "400";