Format code

flake.nix

@@ -32,21 +32,22 @@
 
   outputs = inputs@{ nixpkgs, home-manager, ... }: {
     nixosConfigurations = let
-      mkSystem = entrypoint: nixpkgs.lib.nixosSystem {
+      mkSystem = entrypoint:
-        system = "x86_64-linux";
+        nixpkgs.lib.nixosSystem {
-        specialArgs = { inherit inputs; };
+          system = "x86_64-linux";
-        modules = [
+          specialArgs = { inherit inputs; };
-          entrypoint
+          modules = [
-          { nix.registry.nixpkgs.flake = nixpkgs; }
+            entrypoint
-          home-manager.nixosModules.home-manager
+            { nix.registry.nixpkgs.flake = nixpkgs; }
-          {
+            home-manager.nixosModules.home-manager
-            home-manager = {
+            {
-              useGlobalPkgs = true;
+              home-manager = {
-              useUserPackages = true;
+                useGlobalPkgs = true;
-            };
+                useUserPackages = true;
-          }
+              };
-        ];
+            }
-      };
+          ];
+        };
     in {
       pc = mkSystem ./nixos-configurations/pc;
       laptop = mkSystem ./nixos-configurations/laptop;

nixos-configurations/laptop/default.nix

@@ -23,9 +23,10 @@
   home-manager.users.thiloho = { pkgs, ... }: {
     programs.git.signing.key = "1142F33FFA8ADAAC";
     home = {
-      packages = with pkgs; [
+      packages = with pkgs;
-        # ciscoPacketTracer8
+        [
-      ];
+          # ciscoPacketTracer8
+        ];
       stateVersion = "23.05";
     };
   };

nixos-configurations/laptop/hardware-configuration.nix

@@ -4,28 +4,26 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/58cf62a5-3ab2-411d-86ef-c6c4d5877bb8";
+    device = "/dev/disk/by-uuid/58cf62a5-3ab2-411d-86ef-c6c4d5877bb8";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/C2DA-F1B0";
+    device = "/dev/disk/by-uuid/C2DA-F1B0";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/4d298153-87ea-4a12-a244-a64b2075bd40"; }
+    [{ device = "/dev/disk/by-uuid/4d298153-87ea-4a12-a244-a64b2075bd40"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -37,5 +35,6 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

nixos-configurations/pc/default.nix

@@ -12,19 +12,21 @@
   networking = {
     hostName = "pc";
     firewall = {
-      allowedTCPPorts = [ 5173 ];
+      allowedTCPPorts = [ 5173 8081 ];
-      allowedUDPPorts = [ 5173 ];
+      allowedUDPPorts = [ 5173 8081 ];
     };
   };
 
-  services.postgresql = {
+  services = {
-    enable = true;
+    postgresql = {
-    package = pkgs.postgresql_15;
+      enable = true;
-    ensureDatabases = [ "dcbot" "todos" ];
+      package = pkgs.postgresql_15;
-    authentication = pkgs.lib.mkOverride 10 ''
+      ensureDatabases = [ "dcbot" "todos" ];
-      #type database DBuser auth-method
+      authentication = pkgs.lib.mkOverride 10 ''
-      local all      all    trust
+        #type database DBuser auth-method
-    '';
+        local all      all    trust
+      '';
+    };
   };
 
   programs.adb.enable = true;
@@ -33,10 +35,7 @@
   home-manager.users.thiloho = { pkgs, lib, ... }: {
     programs.git.signing.key = "5ECD00BDC15A987E";
     home = {
-      packages = with pkgs; [
+      packages = with pkgs; [ blender inkscape ];
-        blender
-        inkscape
-      ];
       stateVersion = "23.05";
     };
   };

nixos-configurations/pc/hardware-configuration.nix

@@ -4,28 +4,26 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/ff159d0e-c92c-4329-8aaf-b71e48aba39c";
+    device = "/dev/disk/by-uuid/ff159d0e-c92c-4329-8aaf-b71e48aba39c";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/B975-C979";
+    device = "/dev/disk/by-uuid/B975-C979";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/253466d8-15b0-412c-8860-ffff0572fece"; }
+    [{ device = "/dev/disk/by-uuid/253466d8-15b0-412c-8860-ffff0572fece"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -35,5 +33,6 @@
   # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

nixos-configurations/server/default.nix

@@ -10,26 +10,35 @@
   nix.settings.trusted-users = [ "thiloho" ];
 
   age.secrets = {
-    hedgedoc-environment-file.file = ../../secrets/hedgedoc-environment-file.age;
+    hedgedoc-environment-file.file =
+      ../../secrets/hedgedoc-environment-file.age;
     discord-bot-token.file = ../../secrets/discord-bot-token.age;
     todos-environment-file.file = ../../secrets/todos-environment-file.age;
-    "restic/minecraft-environment-file".file = ../../secrets/restic/minecraft-environment-file.age;
+    "restic/minecraft-environment-file".file =
-    "restic/minecraft-repository".file = ../../secrets/restic/minecraft-repository.age;
+      ../../secrets/restic/minecraft-environment-file.age;
-    "restic/minecraft-password".file = ../../secrets/restic/minecraft-password.age;
+    "restic/minecraft-repository".file =
-    "restic/hedgedoc-environment-file".file = ../../secrets/restic/hedgedoc-environment-file.age;
+      ../../secrets/restic/minecraft-repository.age;
-    "restic/hedgedoc-repository".file = ../../secrets/restic/hedgedoc-repository.age;
+    "restic/minecraft-password".file =
-    "restic/hedgedoc-password".file = ../../secrets/restic/hedgedoc-password.age;
+      ../../secrets/restic/minecraft-password.age;
-    "restic/todos-environment-file".file = ../../secrets/restic/todos-environment-file.age;
+    "restic/hedgedoc-environment-file".file =
+      ../../secrets/restic/hedgedoc-environment-file.age;
+    "restic/hedgedoc-repository".file =
+      ../../secrets/restic/hedgedoc-repository.age;
+    "restic/hedgedoc-password".file =
+      ../../secrets/restic/hedgedoc-password.age;
+    "restic/todos-environment-file".file =
+      ../../secrets/restic/todos-environment-file.age;
     "restic/todos-repository".file = ../../secrets/restic/todos-repository.age;
     "restic/todos-password".file = ../../secrets/restic/todos-password.age;
-    "restic/discord-bot-environment-file".file = ../../secrets/restic/discord-bot-environment-file.age;
+    "restic/discord-bot-environment-file".file =
-    "restic/discord-bot-repository".file = ../../secrets/restic/discord-bot-repository.age;
+      ../../secrets/restic/discord-bot-environment-file.age;
-    "restic/discord-bot-password".file = ../../secrets/restic/discord-bot-password.age;
+    "restic/discord-bot-repository".file =
+      ../../secrets/restic/discord-bot-repository.age;
+    "restic/discord-bot-password".file =
+      ../../secrets/restic/discord-bot-password.age;
   };
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ nodejs_20 ];
-    nodejs_20
-  ];
 
   networking = {
     hostName = "server";
@@ -153,43 +162,37 @@
       minecraft-backup = {
         initialize = true;
 
-        environmentFile = config.age.secrets."restic/minecraft-environment-file".path;
+        environmentFile =
+          config.age.secrets."restic/minecraft-environment-file".path;
         repositoryFile = config.age.secrets."restic/minecraft-repository".path;
         passwordFile = config.age.secrets."restic/minecraft-password".path;
 
-        paths = [
+        paths = [ "/var/lib/minecraft/world" ];
-          "/var/lib/minecraft/world"
-        ];
 
-        pruneOpts = [
+        pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
-          "--keep-daily 7"
-          "--keep-weekly 5"
-          "--keep-monthly 12"
-        ];
       };
       hedgedoc-database-backup = {
         initialize = true;
 
-        environmentFile = config.age.secrets."restic/hedgedoc-environment-file".path;
+        environmentFile =
+          config.age.secrets."restic/hedgedoc-environment-file".path;
         repositoryFile = config.age.secrets."restic/hedgedoc-repository".path;
         passwordFile = config.age.secrets."restic/hedgedoc-password".path;
 
-        paths = [ "/var/lib/hedgedoc/uploads" "/var/lib/hedgedoc/hedgedoc.dump" ];
+        paths =
+          [ "/var/lib/hedgedoc/uploads" "/var/lib/hedgedoc/hedgedoc.dump" ];
 
         backupPrepareCommand = ''
           ${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc hedgedoc > /var/lib/hedgedoc/hedgedoc.dump 
         '';
 
-        pruneOpts = [
+        pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
-          "--keep-daily 7"
-          "--keep-weekly 5"
-          "--keep-monthly 12"
-        ];
       };
       todos-database-backup = {
         initialize = true;
 
-        environmentFile = config.age.secrets."restic/todos-environment-file".path;
+        environmentFile =
+          config.age.secrets."restic/todos-environment-file".path;
         repositoryFile = config.age.secrets."restic/todos-repository".path;
         passwordFile = config.age.secrets."restic/todos-password".path;
 
@@ -199,17 +202,15 @@
           ${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc todos  > /var/lib/todos.dump
         '';
 
-        pruneOpts = [
+        pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
-          "--keep-daily 7"
-          "--keep-weekly 5"
-          "--keep-monthly 12"
-        ];
       };
       discord-bot-database-backup = {
         initialize = true;
 
-        environmentFile = config.age.secrets."restic/discord-bot-environment-file".path;
+        environmentFile =
-        repositoryFile = config.age.secrets."restic/discord-bot-repository".path;
+          config.age.secrets."restic/discord-bot-environment-file".path;
+        repositoryFile =
+          config.age.secrets."restic/discord-bot-repository".path;
         passwordFile = config.age.secrets."restic/discord-bot-password".path;
 
         paths = [ "/var/lib/dcbot.dump" ];
@@ -218,11 +219,7 @@
           ${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc dcbot  > /var/lib/dcbot.dump
         '';
 
-        pruneOpts = [
+        pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
-          "--keep-daily 7"
-          "--keep-weekly 5"
-          "--keep-monthly 12"
-        ];
       };
     };
   };
@@ -240,40 +237,39 @@
   systemd.services = {
     todoapp = {
       description = "Todo application to plan your daily tasks effectively";
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         Type = "simple";
-        Environment = "PORT=5173 DOTENV_CONFIG_PATH=${config.age.secrets.todos-environment-file.path}";
+        Environment =
+          "PORT=5173 DOTENV_CONFIG_PATH=${config.age.secrets.todos-environment-file.path}";
         ExecStart = "${pkgs.nodejs_20}/bin/node -r dotenv/config .";
         WorkingDirectory = inputs.todos.packages.${pkgs.system}.default;
         Restart = "always";
       };
     };
     todoapp-check-due-dates = {
-      description = "Set is_overdue for todo in database to true if todo is overdue";
+      description =
-      wantedBy = ["timers.target"];
+        "Set is_overdue for todo in database to true if todo is overdue";
-      path = [
+      wantedBy = [ "timers.target" ];
-        pkgs.postgresql_15
+      path = [ pkgs.postgresql_15 ];
-      ];
       script = ''
         psql -d todos -c "UPDATE user_todo SET is_overdue = true WHERE NOW() AT TIME ZONE 'CET' >= due_date AND is_completed = false AND is_overdue = false"
       '';
-      serviceConfig = {
+      serviceConfig = { User = "postgres"; };
-        User = "postgres";
-      };
       partOf = [ "todoapp.service" ];
       startAt = "daily";
     };
     denbot = {
       description = "Thilo's Den discord bot";
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         Type = "simple";
         ExecStartPre = [
           "${pkgs.nodejs_20}/bin/node dbInit.js"
           "${pkgs.nodejs_20}/bin/node deploy-commands.js --token=${config.age.secrets.discord-bot-token.path} --clientId=1142441791459704912"
         ];
-        ExecStart = "${pkgs.nodejs_20}/bin/node index.js --token=${config.age.secrets.discord-bot-token.path}";
+        ExecStart =
+          "${pkgs.nodejs_20}/bin/node index.js --token=${config.age.secrets.discord-bot-token.path}";
         WorkingDirectory = inputs.denbot.packages.${pkgs.system}.default;
         Restart = "always";
       };
@@ -286,9 +282,7 @@
   ];
 
   home-manager.users.thiloho = { pkgs, lib, ... }: {
-    home = {
+    home = { stateVersion = "23.05"; };
-      stateVersion = "23.05";
-    };
   };
   system.stateVersion = "23.05";
 }

nixos-configurations/server/hardware-configuration.nix

@@ -4,28 +4,26 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
 
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules =
+    [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/950d0289-1ae9-4c4b-8792-3f369e2d0f05";
+    device = "/dev/disk/by-uuid/950d0289-1ae9-4c4b-8792-3f369e2d0f05";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/08B5-9946";
+    device = "/dev/disk/by-uuid/08B5-9946";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/d3ecc375-0371-4391-ad48-b79168737ec7"; }
+    [{ device = "/dev/disk/by-uuid/d3ecc375-0371-4391-ad48-b79168737ec7"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

nixos-configurations/shared-desktop.nix

@@ -34,11 +34,8 @@
     programs = {
       firefox = {
         enable = true;
-        package = pkgs.firefox.override {
+        package =
-          cfg = {
+          pkgs.firefox.override { cfg = { speechSynthesisSupport = true; }; };
-            speechSynthesisSupport = true;
-          };
-        };
       };
       chromium = {
         enable = true;
@@ -65,16 +62,12 @@
         enable = true;
         userName = "thiloho";
         userEmail = "123883702+thiloho@users.noreply.github.com";
-        signing = {
+        signing = { signByDefault = true; };
-          signByDefault = true;
-        };
       };
       obs-studio.enable = true;
     };
     home = {
-      sessionVariables = {
+      sessionVariables = { NIXOS_OZONE_WL = 1; };
-        NIXOS_OZONE_WL=1;
-      };
       packages = with pkgs; [
         libreoffice
         airshipper
@@ -82,6 +75,7 @@
         prismlauncher
         ventoy-full
         psensor
+        nil
         zoom-us
         teamspeak5_client
         discord

nixos-configurations/shared.nix

@@ -31,8 +31,10 @@
         shellAliases = {
           rbs = "sudo nixos-rebuild switch --flake .";
           off = "sudo systemctl poweroff";
-          cleanup = "nix store optimise && nix-collect-garbage -d && sudo nix store optimise && sudo nix-collect-garbage -d";
+          cleanup =
-          listboots = "nix profile history --profile /nix/var/nix/profiles/system";
+            "nix store optimise && nix-collect-garbage -d && sudo nix store optimise && sudo nix-collect-garbage -d";
+          listboots =
+            "nix profile history --profile /nix/var/nix/profiles/system";
         };
       };
       helix = {

secrets/secrets.nix

@@ -1,8 +1,9 @@
 let
-  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN82ukcaWQZcihgh+n0h+ihwTafm64SO1wngibOA6Vro root@server";
+  server =
-  pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkvr+vT7Ik0fjquxb9xQBfVVWJPgrfC+vJZsyG2V+/G thiloho@pc";
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN82ukcaWQZcihgh+n0h+ihwTafm64SO1wngibOA6Vro root@server";
-in
+  pc =
-{
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkvr+vT7Ik0fjquxb9xQBfVVWJPgrfC+vJZsyG2V+/G thiloho@pc";
+in {
   "hedgedoc-environment-file.age".publicKeys = [ server pc ];
   "discord-bot-token.age".publicKeys = [ server pc ];
   "todos-environment-file.age".publicKeys = [ server pc ];