chema/nix_config
1
0
Fork 0
forked from fabian/nix_config
Code Pull requests Activity

it's forkin' time config de fabian

Browse source
This commit is contained in:
chem 2025-08-24 12:55:26 -06:00
parent 98a32736d6
commit b77f64cc27
46 changed files with 119 additions and 1326 deletions
Download patch file Download diff file Expand all files Collapse all files

66
ads Normal file
View file

@ -0,0 +1,66 @@
98a3273 (HEAD -> master, origin/master, origin/HEAD) remove tooltip from waybar clock
4807859 add mako config
a715f50 update readme
abb4fe5 update gtlock style
b149e90 update sway config
9dc042f flake.lock: Update
0d7022d add privacy and disk to waybar
158c761 replace wofi with bemenu
6382deb configure sway colors
aa7265e add and configure gtklock
ef8b281 configure tmux
5d14082 configure sway (this is a huge rice)
4316165 remove conduwuit
edeeb5c flake.lock: Update
6c66eb0 switch to sway
52e1424 add trivionomicon input
ef89396 add sway and xdg config
9687235 add i3lock to sys config
0249e29 apply config changes for 25.05
2c2fa2b flake.lock: Update
19f637c update to 25.05
60fa062 flake.lock: Update
d098a49 updated flake.lock
fccdb25 replace deluge with qbittorrent
53c2980 add mapping software
bc55915 apply format
d2eb151 vps: add mealie
1755bf7 add deepState dependencies
8ecb978 update syncthing module
d26ff60 add syncthing
95930bc improve firefox module
86cf517 update firefox module
7854100 apply formatter
d7ea157 vps: enable forgejo actions
48d230a improve firefox module
d7f1c06 modularize gui and browsers modules
5b194ca add readme
62a361c apply formatter and fix typo
ae37ebf vps: add wiki-js
cbda46e modularize steam
9f0e981 home: remove zoom
4acb6e2 split theme into its own module and add xdg configuration
7f69245 add vpn addresses to fail2ban whitelist
4a7bda9 add ipv6 support, net module and wireguard vpn
63a190b vps: change syncthing datadir to vps NAS
09a7464 vps: reduce immich worker concurrency
3fefd5b apply formatter
9636646 vps: add immich
7748c67 vps: add nas exports for immich and syncthing
22eecd6 remove 2011 nas export
a785cce vps: add mosh
dd6a8f9 vps: add calibre
05d397f vps: add shiori
6372c2b update flake.nix
9db5b15 vps: remove unused modues
4e63a64 vps: add syncthing
8c2e1b7 vps: upgrade to trilium-next
86e778f flake.lock: Update
3c2751c flake.lock: Update
9cbd93c add xdg portal
534d3b0 vps: remove templatestyles
dd86290 configure gajim
2e0c03a fix qt, gtk and darkmode settings
97056c6 flake.lock: Update
3e0e6e4 add xdg config
bc73e4b add pv

10
home/modules/accounts.nix
View file

@ -10,12 +10,12 @@ in {
options.local.services.accounts.enable = mkEnableOption "accounts settings";
config = mkIf cfg.enable {
accounts.email.accounts = {
"fabian@posixlycorrect.com" = {
address = "fabian@posixlycorrect.com";
userName = "fabianmontero@fastmail.com";
realName = "fabian";
"josescalante9808@gmail.com" = {
address = "josescalante9808@gmail..com";
userName = "josescalante9808";
realName = "josem";
primary = true;
flavor = "fastmail.com";
flavor = "gmail.com";
};
};
};

4
home/modules/baseline.nix
View file

@ -44,8 +44,8 @@ in {
programs.git = {
enable = true;
userEmail = "fabian@posixlycorrect.com";
userName = "Fabian Montero";
userEmail = "josescalante9808@gmail.com";
userName = "josEscalante";
};
};
}

1
home/modules/default.nix
View file

@ -13,7 +13,6 @@
./firefox.nix
./gui
./zsh
./gpg.nix
./defaultDesktopPack.nix
./accounts.nix
./syncthing.nix

2
home/modules/zsh/zshrc.nix
View file

@ -18,7 +18,7 @@
zstyle ':completion:*' original true
zstyle ':completion:*' preserve-prefix '//[^/]##/'
zstyle ':completion:*' verbose true
zstyle :compinstall filename '/home/fabian/.zshrc'
zstyle :compinstall filename '/home/chem/.zshrc'
autoload -Uz compinit
compinit

10
home/platforms/fabian@posixlycorrect/default.nix → home/platforms/chem@yuki/default.nix
View file

@ -13,7 +13,7 @@
nix.registry = {
"system".to = {
type = "path";
path = "/home/fabian/nix";
path = "/home/chem/nix";
};
"nixpkgs".flake = flakes.nixpkgs;
@ -30,10 +30,6 @@
};
accounts.enable = true;
deepState.enable = true;
gpg = {
enable = true;
defaultKey = "7AA277E604A4173916BBB4E91FFAC35E1798174F";
};
syncthing.enable = true;
};
@ -82,8 +78,8 @@
virt-manager
];
username = "fabian";
homeDirectory = "/home/fabian";
username = "chem";
homeDirectory = "/home/chem";
};
programs.home-manager.enable = true;

0
home/platforms/fabian@posixlycorrect/isolation.nix → home/platforms/chem@yuki/isolation.nix
View file

0
home/platforms/fabian@posixlycorrect/shenvs/c.nix → home/platforms/chem@yuki/shenvs/c.nix
View file

0
home/platforms/fabian@posixlycorrect/shenvs/python.nix → home/platforms/chem@yuki/shenvs/python.nix
View file

2
home/platforms/fabian@posixlycorrect/systemd/default.nix → home/platforms/chem@yuki/systemd/default.nix
View file

@ -5,6 +5,6 @@
}:
with lib; {
systemd.user.tmpfiles.rules = [
"d %t/tmp 0700 fabian fabian 24h"
"d %t/tmp 0700 chem chem 24h"
];
}

68
home/platforms/fabian@t14/default.nix
View file

@ -1,68 +0,0 @@
{
flakes,
config,
pkgs,
lib,
...
}: {
imports = [
./systemd
./isolation.nix
];
nix.registry = {
"system".to = {
type = "path";
path = "/home/fabian/nix";
};
"nixpkgs".flake = flakes.nixpkgs;
"unstable".flake = flakes.unstable;
};
local = {
baseline.enable = true;
services = {
zsh = {
enable = true;
prompt = "%B[%~] \${vcs_info_msg_0_}%b";
};
accounts.enable = true;
gpg = {
enable = true;
defaultKey = "7206D8EE2474F3DF18EA876F0EC1691FF8C1A81F";
};
};
apps = {
terminal.enable = true;
neovim.enable = true;
gaming.enable = true;
yubikey.enable = true;
browsers.enable = true;
defaultDesktopPack.enable = true;
};
gui = {
enable = true;
monitors = {
eDP-1 = {
width = "1920";
height = "1080";
rate = "60.00";
};
};
};
};
home = {
packages = with pkgs; [
];
username = "fabian";
homeDirectory = "/home/fabian";
};
programs.home-manager.enable = true;
}

22
home/platforms/fabian@t14/isolation.nix
View file

@ -1,22 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib; {
home.isolation = {
enable = true;
btrfsSupport = true;
defaults = {
static = true;
bindHome = "home/";
persist = {
base = "shenvs";
btrfs = true;
};
};
modulesUnder = ./shenvs;
};
}

13
home/platforms/fabian@t14/shenvs/c.nix
View file

@ -1,13 +0,0 @@
{pkgs, ...}: {
static = true;
packages = with pkgs; [
binutils
cmake
curl
gdb
gnumake
rustup
valgrind
];
}

11
home/platforms/fabian@t14/shenvs/python.nix
View file

@ -1,11 +0,0 @@
{pkgs, ...}: {
static = true;
packages = with pkgs; [
pipenv
(python310.withPackages (packages:
with packages; [
setuptools
]))
];
}

10
home/platforms/fabian@t14/systemd/default.nix
View file

@ -1,10 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
systemd.user.tmpfiles.rules = [
"d %t/tmp 0700 fabian fabian 24h"
];
}

44
home/platforms/fabian@vps/default.nix
View file

@ -1,44 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
];
nix.registry = {
"system".to = {
type = "path";
path = "/home/fabian/nix";
};
"nixpkgs".flake = flakes.nixpkgs;
"unstable".flake = flakes.unstable;
};
local = {
baseline.enable = true;
services = {
zsh = {
enable = true;
prompt = "%B<%~> \${vcs_info_msg_0_}%b";
};
};
apps = {
neovim.enable = true;
};
};
home = {
packages = with pkgs; [
];
username = "fabian";
homeDirectory = "/home/fabian";
};
}

14
sys/modules/users.nix
View file

@ -31,22 +31,10 @@ in {
config = {
local.sys.users = {
fabian = {
chem = {
unixId = mkDefault 1000;
admin = true;
};
vanessa = {
unixId = mkDefault 1001;
admin = false;
};
soto = {
unixId = mkDefault 1010;
admin = false;
};
diaz = {
unixId = mkDefault 1011;
admin = false;
};
};
users = let

44
sys/platforms/posixlycorrect/hardware-configuration.nix
View file

@ -1,44 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: let
subvol = subvol: {
device = "/dev/disk/by-uuid/645fdba0-5c03-4285-926b-facded1ee259";
fsType = "btrfs";
options = ["subvol=${subvol}" "compress=zstd" "noatime" "ssd"];
};
in {
imports = [
flakes.nixpkgs.nixosModules.notDetected
];
boot.initrd = {
availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
luks.devices."toplevel" = {
device = "/dev/disk/by-uuid/58277baa-90d4-4a5e-a658-1b918b89130a";
preLVM = false;
};
};
fileSystems = {
"/" = subvol "root";
"/toplevel" = subvol "/";
"/boot" = {
device = "/dev/disk/by-uuid/B007-B007";
fsType = "vfat";
options = ["umask=027"];
};
"/extern" = {
device = "/dev/disk/by-uuid/7d8d3ec9-b456-4e2a-9396-551dcaf7705b";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

67
sys/platforms/t14/default.nix
View file

@ -1,67 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}: {
imports = [
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
];
local.sys = {
baseline.enable = true;
yubikey.enable = true;
audio.enable = true;
graphics.enable = true;
androidSupport.enable = true;
bluetooth.enable = true;
users = {
fabian = {
enable = true;
unixId = 1002;
};
vanessa.enable = true;
};
};
networking = {
hostName = "t14";
networkmanager.enable = true;
useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here.
interfaces.enp7s0.useDHCP = true; # Per-interface useDHCP will be mandatory in the future, so this generated config
interfaces.wlp6s0.useDHCP = true; # replicates the default behaviour.
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_latest;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; #todo: move to baseline?
time.timeZone = "America/Costa_Rica"; #todo: move to baseline?
###### MODULARIZE AFTER THIS
services = {
fwupd.enable = true;
thinkfan.enable = true;
tlp.enable = true;
pcscd.enable = true;
};
hardware.acpilight.enable = true;
services.fprintd.enable = true;
}

62
sys/platforms/t14/hardware-configuration.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
services.xserver.videoDrivers = ["i915" "modesetting" "fbdev"];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "sdhci_pci"];
kernelModules = ["dm-snapshot"];
luks.devices."tomb" = {
device = "/dev/disk/by-uuid/0b2b9aec-c239-4cce-948d-4411d9300c1d";
preLVM = true;
};
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=root"];
};
"/boot" = {
device = "/dev/disk/by-uuid/A7E5-EEAB";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=nix"];
};
"/home" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
options = ["subvol=home"];
};
"/toplevel" = {
device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38";
fsType = "btrfs";
};
};
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

117
sys/platforms/vps/default.nix
View file

@ -1,117 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}:
with lib; {
imports = [
flakes.vpsadminos.nixosConfigurations.container
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
./srv
./networkMap.nix
];
local.sys = {
baseline.enable = true;
users.fabian = {
enable = true;
sshKeyPublicFile = [public_files/pki/fabian.ssh];
};
};
networking = {
hostName = "vps";
domain = "posixlycorrect.com";
};
services.openssh = {
settings.PasswordAuthentication = false;
};
programs.mosh.enable = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit flakes;};
users.fabian = {
imports = [
flakes.impermanence.nixosModules.home-manager.impermanence
"${flakes.self}/home/platforms/fabian@vps"
"${flakes.self}/home"
];
};
};
networking.firewall.allowedUDPPorts = [51820]; #TODO
systemd = {
extraConfig = ''
DefaultTimeoutStartSec=900s
'';
network = let
inherit (config.local.sys) nets;
in {
enable = true;
netdevs = {
wg-vpn = {
netdevConfig = {
Name = "wg-vpn";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
ListenPort = "51820";
};
wireguardPeers = [
{
PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
}
{
PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
}
];
};
};
networks = {
wg-vpn = {
name = "wg-vpn";
networkConfig = {
Address = [
nets.vpn-vps.hosts.vps.v6.cidr
];
};
routes = [
{
Destination = nets.vpn.v6.cidr;
}
{
Source = nets.vpn.v6.cidr;
}
];
};
};
};
};
time.timeZone = "Europe/Amsterdam";
}

29
sys/platforms/vps/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}: let
in {
fileSystems = {
"/mnt/export2008" = {
device = "172.16.129.19:/nas/5876";
fsType = "nfs";
options = ["nofail" "noatime"];
};
"/mnt/export2178" = {
device = "172.16.129.151:/nas/5876/immich";
fsType = "nfs";
options = ["nofail" "noatime"];
};
"/mnt/export2179" = {
device = "172.16.131.31:/nas/5876/syncthing";
fsType = "nfs";
options = ["nofail"];
};
};
}

78
sys/platforms/vps/networkMap.nix
View file

@ -1,78 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
local.sys.nets = {
default = {
v4 = {
bits = 32;
prefix = "37.205.12.34";
};
v6 = {
bits = 64;
prefix = "2a03:3b40:fe:102";
};
hosts = {
vps.v6.suffix = "1";
vps.v4.suffix = "";
};
};
vpn = {
v6 = {
bits = 48;
prefix = "2a03:3b40:2b";
};
};
vpn-vps = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1000";
};
hosts = {
vps.v6.suffix = "1";
};
};
vpn-posixlycorrect = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1001";
};
hosts = {
posixlycorrect.v6.suffix = "1";
};
};
vpn-pixel8 = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1002";
};
hosts = {
pixel8.v6.suffix = "1";
};
};
vpn-t14 = {
v6 = {
bits = 64;
prefix = "2a03:3b40:2b:1003";
};
hosts = {
t14.v6.suffix = "1";
};
};
};
}

1
sys/platforms/vps/public_files/factorio_blueprints/nauvis_science.txt
View file

File diff suppressed because one or more lines are too long

1
sys/platforms/vps/public_files/factorio_blueprints/red_circuits.txt
View file

File diff suppressed because one or more lines are too long

BIN
sys/platforms/vps/public_files/memorias_de_seda.pdf
View file

Binary file not shown.

1
sys/platforms/vps/public_files/pki/fabian.ssh
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkK2Cg3dozG78AEA2OTzydezcKVnNTTj0MUJZcP/mrN fabian@posixlycorrect.com

25
sys/platforms/vps/public_files/pki/fabian_primary.gpg
View file

@ -1,25 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZHlROBYJKwYBBAHaRw8BAQdAhzA1JCghQ6KoHOuf6JPQhEmchHLVXFVye4I2
pRUOUMO0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t
PoiUBBMWCgA8FiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwMFCQlmAYAE
CwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEB/6w14XmBdPP2EA/i9ugFxpIFF6oOQs
clMfr+sNj6Il0OUTJK0dqpp4mGorAP0awa6nfhU8T1Ju7UWr6cfSmnL4bM6M/4Z3
D+AF/L5PBokCMwQQAQoAHRYhBOd6gIv5qVXWaO7qZHP6nJy18CSbBQJkeVKDAAoJ
EHP6nJy18CSbzTkP/Reio0ObRrRW+QSw62ZXrUG0mFcNeeoM9amldCToFRyGnSDu
wtZ9nqwLiTJ01VPBOsEZLsl4VonO3rdadqnMTZ3XqKK9VHBl6UNot3DQ8INDAcko
GW1zvEdxNkpMxhtAja0JkcBdG7+zxc2aEGeKfEna2qDXA+xtYw5+pssOWYMip7hm
jQ2NzYMYav2KYRBC7eXTkAIIIJi/l9pR1IwHtY3a0gfbkQymgCyt5wVG6LneYFIR
+ycNVCObwyP8gFASdId0bWnA23rkilc9ZBOCps/cGfDLM+KQ+sLAWBFBQyQeEjcv
tU+pLXncAEvWy/SFmprVSLDQMMooFaEJMZChojGcCkwAPG1twsihqIA3E44Q3/+G
K0gZN57jGMnfvuQiuLuttOMdu27KwEu++t3YUt0P6S4kARpx51zZJ7A2Yj2u22aM
7EL8qq6KTNdNoS7FgwQkrWbokdDZIl0HV+5TeMQfylPqOPhuFK/1A9qztqknBPVY
QUx2t6FZUgH9sT7uD+5gXxyeqmEIFo2i6D8G/4TEPbKtWivJfeOqDEBn4QEY2nvE
zgJLLU5XCv9xPz5rizRCa+h+kg+i4mH6fLCBCCAPXsbAAo0gUlGJvX4slPh7uPOa
T2r7A/7uezResBzP/L/vostlmjO5c8cOl9Wc6D1kRZq17/AjMUgy6+KR3iVnuDgE
ZHlROBIKKwYBBAGXVQEFAQEHQPRbCS2p8xpt3fRxfyRnDOdH9pULY4NtGmZUS0ve
ZGkTAwEIB4h+BBgWCgAmFiEEeqJ35gSkFzkWu7TpH/rDXheYF08FAmR5UTgCGwwF
CQlmAYAACgkQH/rDXheYF0/65AD+LtDeedCYv9zs+1Ia3DvejVZM256WEH+dRH5h
Pm3RzQ8A/2+bXRnfsgGqacj/kKEL3spuos95ngRNRkrQ39nc1koP
=PAxr
-----END PGP PUBLIC KEY BLOCK-----

19
sys/platforms/vps/public_files/pki/fabian_yubikey.gpg
View file

@ -1,19 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZukhMBYJKwYBBAHaRw8BAQdAC/Gy2p7RPFw3k+ROFnKpJvCVqQb+BUYboE2u
CP1kz/C0KkZhYmlhbiBNb250ZXJvIDxmYWJpYW5AcG9zaXhseWNvcnJlY3QuY29t
PoiTBBMWCgA7FiEEcgbY7iR0898Y6odvDsFpH/jBqB8FAmbpITACGwMFCwkIBwIC
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQDsFpH/jBqB+oGwEAhmegCZJAt8Opv/9+
HBbL51f2035qymHPgkV/SyFM1GEBAOVQY6A5U+NrLNiaQTN5Z7jcfQuBobzk4ksn
RzROhTcAiHUEEBYKAB0WIQR6onfmBKQXORa7tOkf+sNeF5gXTwUCZutnFQAKCRAf
+sNeF5gXT1juAQDsH/lDorfMdWxuP87eV9OP8jQvibuTuZ9n2jUllXsLcQEA5gDJ
05NW5Tw2g9mvlrocWr7N2/PC5UvFct4akwDXtA+4MwRm6SEwFgkrBgEEAdpHDwEB
B0AHSmncE+krtL9ZGe4eq865vjaLiUAVnZQaVObKm11CBYh4BBgWCgAgFiEEcgbY
7iR0898Y6odvDsFpH/jBqB8FAmbpITACGyAACgkQDsFpH/jBqB+hBwD/Y9vAcbPG
CTmZvtgYlZW5Oey5T3hHoANv1THOZwv9G58BALEBZRvDztmYPjRaMyAMonrpc2P0
GPHYLcqCPVbjkaAKuDgEZukhMBIKKwYBBAGXVQEFAQEHQC2+QJcHEJjdZikBYeMj
ks53MjfeawAXU31KtAU60KACAwEIB4h4BBgWCgAgFiEEcgbY7iR0898Y6odvDsFp
H/jBqB8FAmbpITACGwwACgkQDsFpH/jBqB+0TwD+K4IcFstNGLrijlgH2zuQaI+p
8QT8AInjSpGfC4zcMlEBAIVYvdTYw4IXPSQOs0qPyR0nhfGIeoBMeWrAAfoxQ0oB
=wpc0
-----END PGP PUBLIC KEY BLOCK-----

BIN
sys/platforms/vps/public_files/sfd_ClientesLinux_DEB64_Rev26.zip
View file

Binary file not shown.

31
sys/platforms/vps/srv/calibre-web.nix
View file

@ -1,31 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."calibre.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://[::1]:8083";
};
};
};
calibre-web = {
enable = true;
openFirewall = true;
options = {
enableBookUploading = true;
calibreLibrary = "/var/lib/calibre-web/calibre_library";
};
};
};
}

24
sys/platforms/vps/srv/default.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
lib,
flakes,
...
}:
with lib; {
imports = [
./net.nix
./mediawiki.nix
./forgejo.nix
./vaultwarden.nix
./msmtp.nix
./paperless.nix
./trilium.nix
./syncthing.nix
./shiori.nix
./calibre-web.nix
./immich.nix
./wiki-js.nix
./mealie.nix
];
}

62
sys/platforms/vps/srv/forgejo.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
...
}:
with lib; {
config = {
environment.etc."fail2ban/filter.d/gitea.local".text = ''
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
'';
services = {
nginx = {
virtualHosts."git.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".proxyPass = "http://localhost:9170";
};
};
fail2ban.jails.gitea.settings = {
filter = "gitea";
logpath = "${config.services.gitea.stateDir}/log/gitea.log";
maxretry = "10";
findtime = "3600";
bantime = "900";
action = "iptables-allports";
};
forgejo = {
enable = true;
lfs.enable = true;
useWizard = false;
settings = {
general.APP_NAME = "posixlycorrect";
ui.DEFAULT_THEME = "forgejo-dark";
server = {
DOMAIN = "git.posixlycorrect.com";
ROOT_URL = "https://git.posixlycorrect.com";
HTTP_PORT = 9170;
LANDING_PAGE = "explore";
};
service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
};
mailer = {
ENABLED = false;
};
};
};
};
};
}

73
sys/platforms/vps/srv/immich.nix
View file

@ -1,73 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."photos.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://localhost:2283";
};
};
};
immich = {
enable = true;
secretsFile = "/var/trust/immich/secrets.txt";
openFirewall = true;
mediaLocation = "/mnt/export2178/immich/media";
machine-learning.enable = false;
environment = {
IMMICH_TELEMETRY_EXCLUDE = "host,api,io,repo,job";
};
settings = {
machineLearning = {
enabled = false;
};
job = {
backgroundTask = {
concurrency = 1;
};
smartSearch = {
concurrency = 1;
};
metadataExtraction = {
concurrency = 1;
};
faceDetection = {
concurrency = 1;
};
search = {
concurrency = 1;
};
sidecar = {
concurrency = 1;
};
library = {
concurrency = 1;
};
migration = {
concurrency = 1;
};
thumbnailGeneration = {
concurrency = 1;
};
videoConversion = {
concurrency = 1;
};
notifications = {
concurrency = 1;
};
};
};
};
};
}

37
sys/platforms/vps/srv/mealie.nix
View file

@ -1,37 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
systemd.services.wiki-js = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services = {
nginx = {
virtualHosts."food.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:9000";
};
};
};
mealie = {
enable = true;
listenAddress = "127.0.0.1";
port = 9000;
credentialsFile = "/var/trust/mealie/credentials.env";
settings = {
ALLOW_SIGNUP = "false";
};
};
};
}

71
sys/platforms/vps/srv/mediawiki.nix
View file

@ -1,71 +0,0 @@
{
lib,
pkgs,
flakes,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."wiki.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
mediawiki = {
enable = true;
name = "posixlycorrect wiki";
webserver = "nginx";
nginx.hostName = "wiki.posixlycorrect.com";
database.type = "postgres";
passwordFile = "/run/keys/mediawiki-password";
skins = {
citizen = "${flakes.mediawikiSkinCitizen}";
};
extraConfig = ''
# Disable anonymous editing and account creation
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgDefaultSkin = 'citizen';
$wgDefaultMobileSkin = 'citizen';
$wgCitizenThemeDefault = 'dark';
$wgCitizenShowPageTools = 'login';
$wgLogos = [
'icon' => "https://posixlycorrect.com/favicon.png",
'1x' => "https://posixlycorrect.com/favicon.png",
'2x' => "https://posixlycorrect.com/favicon.png",
];
$wgEnableEmail = false; #TODO: arreglar esto
$wgNoReplyAddress = 'mediawiki@posixlycorrect.com';
$wgEmergencyContact = 'mediawiki@posixlycorrect.com';
$wgPasswordSender = 'mediawiki@posixlycorrect.com';
'';
extensions = {
# some extensions are included and can enabled by passing null
VisualEditor = null;
CategoryTree = null;
CiteThisPage = null;
Scribunto = null;
Cite = null;
CodeEditor = null;
Math = null;
MultimediaViewer = null;
PdfHandler = null;
Poem = null;
SecureLinkFixer = null;
WikiEditor = null;
ParserFunctions = null;
};
};
};
}

35
sys/platforms/vps/srv/msmtp.nix
View file

@ -1,35 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
users.groups = {
mailsenders = {
members = ["fabian" "mediawiki"];
};
};
# esto sirve para que PHP pueda accesar la clave smtp de fastmail
#systemd.services.phpfpm-mediawiki = {
# path = [ "/run/wrappers" ];
# serviceConfig.ReadWritePaths = [ "/run/wrappers" "/var/trust/fastmail" ];
#};
programs = {
msmtp = {
enable = true;
accounts = {
default = {
auth = true;
host = "smtp.fastmail.com";
port = 587;
passwordeval = "cat /var/trust/fastmail/smtp_key";
user = "fabianmontero@fastmail.com";
tls = true;
tls_starttls = true;
};
};
};
};
}

89
sys/platforms/vps/srv/net.nix
View file

@ -1,89 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
inherit (config.local.sys) nets;
in {
networking = {
nftables.enable = false; # learn how to use this later
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
domain = "posixlycorrect.com";
};
# ver https://nixos.org/manual/nixos/stable/index.html#module-security-acme-nginx
security.acme = {
acceptTerms = true;
defaults.email = "fabian@posixlycorrect.com";
};
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
logError = "/var/log/nginx/error.log";
clientMaxBodySize = "99M";
virtualHosts = {
"posixlycorrect.com" = {
forceSSL = true;
enableACME = true;
locations = {
"/".root = "${pkgs.local.homepage}";
"~ ^/public(?:/(.*))?$" = {
# https://serverfault.com/a/476368
alias = "${../public_files}/$1";
extraConfig = ''
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
autoindex_format html;
'';
};
};
};
};
};
fail2ban = {
enable = true;
bantime = "10m";
ignoreIP = [
nets.default.hosts.vps.v6.cidr
nets.default.hosts.vps.v4.address
nets.vpn.v6.cidr
];
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
maxtime = "48h"; # Do not ban for more than 48h
rndtime = "10m";
overalljails = true; # Calculate the bantime based on all the violations
};
jails = {
# https://discourse.nixos.org/t/fail2ban-with-nginx-and-authelia/31419
nginx-botsearch.settings = {
# Usar log en vez de journalctl
# TODO: Pasar todo a systemd?
backend = "pyinotify";
logpath = "/var/log/nginx/*.log";
journalmatch = "";
};
nginx-bad-request.settings = {
backend = "pyinotify";
logpath = "/var/log/nginx/*.log";
journalmatch = "";
maxretry = 10;
};
};
};
};
}

39
sys/platforms/vps/srv/paperless.nix
View file

@ -1,39 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."docs.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};
};
};
paperless = {
enable = true;
user = "paperless";
passwordFile = "/var/trust/paperless/passwordFile";
openMPThreadingWorkaround = true; # see https://github.com/NixOS/nixpkgs/issues/240591
address = "127.0.0.1";
port = 28981;
settings = {
PAPERLESS_URL = "docs.posixlycorrect.com";
PAPERLESS_OCR_LANGUAGE = "eng+spa";
PAPERLESS_APP_TITLE = "posixlycorrect";
PAPERLESS_OCR_USER_ARGS = {
"invalidate_digital_signatures" = true;
};
};
};
};
}

29
sys/platforms/vps/srv/shiori.nix
View file

@ -1,29 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."bookmarks.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8089";
};
};
};
shiori = {
enable = true;
address = "127.0.0.1";
port = 8089;
environmentFile = "/var/trust/shiori/env";
};
};
}

42
sys/platforms/vps/srv/syncthing.nix
View file

@ -1,42 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
syncthing = {
enable = true;
systemService = true;
overrideFolders = false;
overrideDevices = false;
openDefaultPorts = true;
guiAddress = "127.0.0.1:8384";
settings.options.urAccepted = -1;
dataDir = "/mnt/export2179/syncthing";
relay = {
enable = true;
pools = [];
providedBy = "vps.posixlycorrect.com";
};
};
};
# calibre web stuff. make this better someday, this is pure duct-tape
users.groups."calybresync".members = ["syncthing" "calibre-web"];
systemd = {
services."calybreown" = {
script = ''
chgrp -R calybresync /var/lib/calibre-web/calibre_library
chmod -R g+w /var/lib/calibre-web/calibre_library
'';
serviceConfig.Type = "oneshot";
};
timers."calybreown" = {
wantedBy = [
"timers.target"
];
timerConfig.OnCalendar = "*-*-* *:00/30:00";
};
};
}

33
sys/platforms/vps/srv/trilium.nix
View file

@ -1,33 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."notes.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
trilium-server = {
enable = true;
package = pkgs.trilium-next-server;
host = "127.0.0.1";
port = 8458;
noAuthentication = false;
instanceName = "posixlycorrect";
dataDir = "/var/lib/trilium";
nginx = {
enable = true;
hostName = "notes.posixlycorrect.com";
};
};
};
}

63
sys/platforms/vps/srv/vaultwarden.nix
View file

@ -1,63 +0,0 @@
{
config,
lib,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."vault.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
#fail2ban.jails.gitea.settings = { };
postgresql = {
ensureDatabases = ["vaultwarden"];
ensureUsers = [
{
name = "vaultwarden";
ensureDBOwnership = true;
}
];
};
vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = "/var/trust/vaultwarden/smtp_key";
config = {
DOMAIN = "https://vault.posixlycorrect.com";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# Using FASTMAIL mail server
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "smtp.fastmail.com";
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_FROM = "vault@posixlycorrect.com";
SMTP_FROM_NAME = "posixlycorrect vaultwarden server";
SMTP_AUTH_MECHANISM = "PLAIN";
DATABASE_URL = "postgresql:///vaultwarden";
};
};
bitwarden-directory-connector-cli.domain = "https://vault.posixlycorrect.com";
};
}

53
sys/platforms/vps/srv/wiki-js.nix
View file

@ -1,53 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
systemd.services.wiki-js = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services = {
nginx = {
virtualHosts."wjs.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
};
};
wiki-js = {
enable = true;
environmentFile = "/var/trust/wiki-js/env.txt";
settings = {
bindIP = "127.0.0.1";
port = 3000;
db = {
db = "wiki-js";
user = "wiki-js";
type = "postgres";
host = "/run/postgresql";
};
};
};
postgresql = {
enable = true;
ensureDatabases = ["wiki-js"];
ensureUsers = [
{
name = "wiki-js";
ensureDBOwnership = true;
}
];
};
};
}

5
sys/platforms/posixlycorrect/default.nix → sys/platforms/yuki/default.nix
View file

@ -23,18 +23,17 @@
gtklock.enable = true;
users = {
fabian = {
chem = {
enable = true;
unixId = 1002;
};
vanessa.enable = true;
};
};
trivium.sway.enable = true;
networking = {
hostName = "posixlycorrect";
hostName = "yuki";
networkmanager.enable = true;
useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here.

38
sys/platforms/yuki/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b925ebc0-f717-4f0d-83ca-a9a29990b8e2";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EC62-0FDF";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}