payas/nixos
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Enterprise: Goodbye, old friend..

Browse source 
Gone, but not forgotten (thanks, Git), Enterprise will live on in our
memories (and git log).

With this commit, we have finally let go of:
- sound
- networking
- hw
- nvidia

And some more stuff from home.nix and configuration.nix for Enterprise.

I'll probably come back to this commit to refer to it in future, so ite better
to leave as many clues here as possible.
This commit is contained in:
Payas Relekar 2022-06-04 01:35:42 +05:30
parent 19590f6695
commit d6bf7ac375
20 changed files with 0 additions and 905 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
flake.nix
View file

@ -47,38 +47,6 @@
nixosConfigurations = {
# The Workhorse
enterprise = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = common-modules ++ [
# Overlays
{ nixpkgs.overlays = [ emacs-overlay.overlay ]; }
# Modules and module config
./modules/fish.nix
./modules/plasma-desktop.nix
./modules/fonts.nix
./modules/users.nix
# Host-specific config
./hosts/enterprise/hw.nix
./hosts/enterprise/networking.nix
./hosts/enterprise/sound.nix
./hosts/enterprise/nvidia.nix
./hosts/enterprise/configuration.nix
# User-specific config : Home-manager
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.payas = import ./hosts/enterprise/home.nix;
}
];
};
# The (new) Workhorse
hermes = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = common-modules ++ [

274
hosts/enterprise/backup.nix
View file

@ -1,274 +0,0 @@
{ config, pkgs, options, ... }:
# Automated Backup and backup notification configuration for NixOS
# Using:
# 1. Restic : encryption, snapshots, dedeuplication
# 2. Rclone : access to free storages (Google Drive, OneDrive etc)
# 3. Systemd/NixOS : automation, notifications etc
# 4. (DBus) : desktop notifications, provided by Plasma desktop
let
payas = "payas";
in
{
environment.systemPackages = with pkgs; [
restic # It is included in system by restic service, but its useful to have the package in PATH to remove occasional locks
rsync
rclone
];
# Le Backups!! Test them every month or so, just to be sure
services.restic.backups =
let
defaultPruneOpts = [
"--keep-last 10"
"--keep-hourly 3"
"--keep-daily 4"
"--keep-weekly 3"
"--keep-monthly 3"
];
defaultBackupFrequency = "hourly";
in
{
# maildir (for one email account, on a shared folder curtosy of family member)
maildir_relekarpayas_onedrive_shared = {
user = payas;
repository = "rclone:relekarpayas_onedrive_shared:/payas_backup/maildir_rpg";
initialize = false; # for now, I want to control repo intialization myself
passwordFile = config.age.secrets.maildir_relekarpayas_onedrive.path;
paths = [ "/home/payas/.mail/" ];
# Run our nice little service every hour. If this proves too taxing, increase duration or give out fixed time.
timerConfig.OnCalendar = defaultBackupFrequency;
pruneOpts = defaultPruneOpts;
};
# Syncthing dir
syncthing_googledrive = {
user = payas;
repository = "rclone:relekarpayas_googledrive:/syncthing";
initialize = false; # for now, I want to control repo intialization myself
passwordFile = config.age.secrets.syncthing_relekarpayas_googledrive.path;
paths = [ "/home/payas/Syncthing/" ];
# Ignore Media dir because it contains non-essential and heavy media files
extraBackupArgs = [ "--exclude=/home/payas/Syncthing/Media" ];
# Run our nice little service every hour. If this proves too taxing, increase duration or give out fixed time.
timerConfig.OnCalendar = defaultBackupFrequency;
pruneOpts = defaultPruneOpts;
};
syncthing_onedrive_shared = {
user = payas;
repository = "rclone:relekarpayas_onedrive_shared:/payas_backup/Syncthing";
initialize = false; # for now, I want to control repo intialization myself
passwordFile = config.age.secrets.syncthing_relekarpayas_onedrive.path;
paths = [ "/home/payas/Syncthing/" ];
# Ignore Media dir because it contains non-essential and heavy media files
extraBackupArgs = [ "--exclude=/home/payas/Syncthing/Media" ];
# Run our nice little service every hour. If this proves too taxing, increase duration or give out fixed time.
timerConfig.OnCalendar = defaultBackupFrequency;
pruneOpts = defaultPruneOpts;
};
# Org-mode notes
org_googledrive = {
user = payas;
repository = "rclone:relekarpayas_googledrive:/org";
initialize = false; # for now, I want to control repo intialization myself
passwordFile = config.age.secrets.org_relekarpayas_googledrive.path;
paths = [ "/home/payas/org/" ];
# Run our nice little service every hour. If this proves too taxing, increase duration or give out fixed time.
timerConfig.OnCalendar = defaultBackupFrequency;
pruneOpts = defaultPruneOpts;
};
org_onedrive_shared = {
user = payas;
repository = "rclone:relekarpayas_onedrive_shared:/payas_backup/org";
initialize = false; # for now, I want to control repo intialization myself
passwordFile = config.age.secrets.org_relekarpayas_onedrive.path;
paths = [ "/home/payas/org/" ];
# Run our nice little service every hour. If this proves too taxing, increase duration or give out fixed time.
timerConfig.OnCalendar = defaultBackupFrequency;
pruneOpts = defaultPruneOpts;
};
};
# Le Backup notifications : So I find out about success/failure of backups without having to check logs every now and then
# This generates actual desktop notifications, and integrates nicely (as long as DBus is accessible to service)
#
# Backup notification idea (for now) is this:
# 1. Detect service failure: handled by systemd
# 2. Invoke alert service: handled by systemd
# 3. touch a BACKUP_Failure file in ~: probably unnecessary, but I intent to delete these files after
# investigating/fixing failures so as to have greater visibility and
# don't want file-not-exist conflicts
# 4. Show desktop notification for exactly which backup failed
systemd.services =
let
defaultBackupServiceEnv = {
DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/1000/bus";
};
defaultDescr = "Backup notification";
failureDescr = ": Failure: ";
orgDescr = "Org";
syncthingDescr = "Syncthing";
maildirDescr = "Maildir";
googDescr = "goog";
msDescr = "ms";
oneshot = "oneshot";
backupFailedPrefix = "/home/payas/BACKUP_FAILED";
in
{
# Syncthing failure notification
backup-failure-alert-syncthing-goog = {
description = defaultDescr + failureDescr + syncthingDescr;
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/touch '${backupFailedPrefix}_${syncthingDescr}_${googDescr}'"
"${pkgs.libnotify}/bin/notify-send --hint='string:desktop-entry:org.kde.konsole' 'Backup failure: Syncthing: Goog'"
];
User = payas;
};
};
# Syncthing success: Remove failure indicator file if present
backup-success-alert-syncthing-goog = {
description = "Syncthing_goog backup success: Remove failure indicator file if present";
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/rm '${backupFailedPrefix}_${syncthingDescr}_${googDescr}'"
];
User = payas;
};
};
# Configure notification services for restic backup service
restic-backups-syncthing_googledrive = {
onFailure = [ "backup-failure-alert-syncthing-goog.service" ];
unitConfig.OnSuccess = [ "backup-success-alert-syncthing-goog.service" ];
};
backup-failure-alert-syncthing-ms = {
description = defaultDescr + failureDescr + syncthingDescr;
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/touch '${backupFailedPrefix}_${syncthingDescr}_${msDescr}'"
"${pkgs.libnotify}/bin/notify-send --hint='string:desktop-entry:org.kde.konsole' 'Backup failure: Syncthing: MS'"
];
User = payas;
};
};
backup-success-alert-syncthing-ms = {
description = "Syncthing_ms backup success: Remove failure indicator file if present";
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/rm '${backupFailedPrefix}_${syncthingDescr}_${msDescr}'"
];
User = payas;
};
};
restic-backups-syncthing_onedrive_shared = {
onFailure = [ "backup-failure-alert-syncthing-ms.service" ];
unitConfig.OnSuccess = [ "backup-success-alert-syncthing-ms.service" ];
};
# Org failure notification
backup-failure-alert-org-goog = {
description = defaultDescr + failureDescr + orgDescr;
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/touch '${backupFailedPrefix}_${orgDescr}_${googDescr}'"
"${pkgs.libnotify}/bin/notify-send --hint='string:desktop-entry:org.kde.konsole' 'Backup failure: Org: Goog'"
];
User = payas;
};
};
# Org success: Remove failure indicator file if present
backup-success-alert-org-goog = {
description = "Org backup success: Remove failure indicator file if present";
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/rm '${backupFailedPrefix}_${orgDescr}_${googDescr}'"
];
User = payas;
};
};
# Configure notification services for restic backup service
restic-backups-org_googledrive = {
onFailure = [ "backup-failure-alert-org-goog.service" ];
unitConfig.OnSuccess = [ "backup-success-alert-org-goog.service" ];
};
backup-failure-alert-org-ms = {
description = defaultDescr + failureDescr + syncthingDescr;
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/touch '${backupFailedPrefix}_${orgDescr}_${msDescr}'"
"${pkgs.libnotify}/bin/notify-send --hint='string:desktop-entry:org.kde.konsole' 'Backup failure: Org: MS'"
];
User = payas;
};
};
backup-success-alert-org-ms = {
description = "${orgDescr}_${msDescr} backup success: Remove failure indicator file if present";
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/rm '${backupFailedPrefix}_${orgDescr}_${msDescr}'"
];
User = payas;
};
};
restic-backups-org_onedrive_shared = {
onFailure = [ "backup-failure-alert-org-ms.service" ];
unitConfig.OnSuccess = [ "backup-success-alert-org-ms.service" ];
};
# Maildir backup failure notification
backup-failure-alert-maildir_onedrive = {
description = defaultDescr + failureDescr + maildirDescr;
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/touch '${backupFailedPrefix}_${maildirDescr}_${msDescr}'"
"${pkgs.libnotify}/bin/notify-send --hint='string:desktop-entry:org.kde.konsole' 'Backup failure: Maildir: MS_shared'"
];
User = payas;
};
};
backup-success-alert-maildir-onedrive = {
description = "Maildir backup success: Remove failure indicator file if present";
environment = defaultBackupServiceEnv;
serviceConfig = {
Type = oneshot;
ExecStart = [
"${pkgs.coreutils}/bin/rm '${backupFailedPrefix}_${maildirDescr}_${msDescr}'"
];
User = payas;
};
};
# Configure notification services for restic backup service
restic-backups-maildir_relekarpayas_onedrive_shared = {
onFailure = [ "backup-failure-alert-maildir_onedrive.service" ];
unitConfig.OnSuccess = [ "backup-success-alert-maildir-onedrive.service" ];
};
};
}

56
hosts/enterprise/configuration.nix
View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Set your time zone.
time.timeZone = "Asia/Kolkata";
# Reduce stupid systemd shutdown timer so it possibly takes less time next time
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.09"; # Did you read the comment?
nixpkgs = {
config = {
# Allow searching and installing proprietory packages
allowUnfree = true;
# Accelerated playback, proprietory codecs etc
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
};
environment = {
variables = {
BROWSER = [ "firefox" ];
EDITOR = [ "kwrite" ];
};
systemPackages = with pkgs; [
glxinfo
inxi
# dev
file
# System
parted
gparted
pciutils
acpi
acpid
lsof
];
};
}

62
hosts/enterprise/emacs.nix
View file

@ -1,62 +0,0 @@
{ config, pkgs, emacs-overlay, ... }:
{
nixpkgs.overlays = [ emacs-overlay.overlay ];
programs = {
# Emacs Git (master branch, currently 29.0) with extra packages (that require native component)
# Built via nix-community/emacs-overlay expressions
emacs = {
enable = true;
package = pkgs.emacsPgtkNativeComp;
extraPackages = epkgs: with epkgs; [
pdf-tools
org-pdftools
emacsql
emacsql-sqlite
emacsql-sqlite-builtin
(tree-sitter-langs.withPlugins (p: [
p.tree-sitter-bash
p.tree-sitter-css
p.tree-sitter-html
p.tree-sitter-java
p.tree-sitter-javascript
p.tree-sitter-json
p.tree-sitter-nix
p.tree-sitter-python
]))
];
};
direnv = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
nix-direnv.enable = true;
};
};
home.packages = with pkgs; [
binutils # native-comp needs 'as', provided by this
sqlite # for org-roam
gcc # also for org-roam
# aspell is used by ispell for spell check
(aspellWithDicts (dicts: with dicts; [
en en-computers en-science mr ]))
beancount
fava
imagemagick
tectonic # munging TeX better than texlive
texlive.combined.scheme-full # because org-babel cannot use tectonic
pandoc # convert doc formats
# ghostscript # mungind pfds
pdftk # munging pdfs in less incantation-y way
# Nix things
nixpkgs-fmt
rnix-lsp
];
}

33
hosts/enterprise/hardware-configuration.nix
View file

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
# added modulesPath here^ so we can purely access modules path instead of using <>
{
imports =
[ "${modulesPath}/installer/scan/not-detected.nix"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/79dd69ba-ea56-4479-a104-14f0ba6776b0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/15A2-FD75";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/fc70026b-8b25-47b1-8190-d6c3d0f12975"; }
];
nix.settings.max-jobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

46
hosts/enterprise/home.nix
View file

@ -1,46 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
../../modules/common-home.nix
home.packages = with pkgs; [
# learn...things?
anki
# security
keepassxc # password management
age # secrets management
# apps
vlc
strawberry
picard # tag music tracks
firefox-wayland
soulseekqt
appimage-run # for soulseek-qt
# communication
element-desktop
nheko
# utilities
youtube-dl
qbittorrent
# digikam
okular
kcalc
ark # munging archives
unrar # So ark can open .rar files
spectacle
gwenview
kate
libreoffice # thoroughly average grown up stuff
scanmem # cheating at games has never been more fun!
# Nix things
niv
];
}

63
hosts/enterprise/hw.nix
View file

@ -1,63 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
loader = {
efi = {
canTouchEfiVariables = true;
# assuming /boot is the mount point of the EFI partition in NixOS (as the installation section recommends).
# efiSysMountPoint = "/boot";
};
grub = {
devices = [ "nodev" ];
efiSupport = true;
enable = true;
version = 2;
# efiInstallAsRemovable = true;
gfxmodeEfi = "1920x1080";
useOSProber = true;
fsIdentifier = "label";
extraEntries = ''
menuentry "Reboot" {
reboot
}
menuentry "Poweroff" {
halt
}
'';
};
};
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; # IPv4 NAT networking
# Compile for aarch64 (Raspberry Pi) from this machine
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
fileSystems."/mnt/Data" = {
device = "/dev/sda4";
fsType = "ntfs";
options = [ "rw" "uid=1000" ];
};
hardware = {
enableRedistributableFirmware = true;
acpilight.enable = true;
opengl = {
enable = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vaapiIntel
libvdpau-va-gl
intel-media-driver
];
};
bluetooth = {
enable = true;
package = pkgs.bluezFull;
hsphfpd.enable = true;
};
};
}

68
hosts/enterprise/mail.nix
View file

@ -1,68 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
name = "Payas Relekar";
maildir = "/home/payas/.mail";
email = "relekarpayas@gmail.com";
in
{
imports = [
../../modules/common-home.nix
];
accounts.email = {
maildirBasePath = maildir;
accounts = {
Gmail = {
address = email;
userName = email;
flavor = "gmail.com";
# passwordCommand = "cat ${config.age.secrets.mu4e_gmail.path}";
passwordCommand = "cat /run/agenix/mu4e_gmail"; # TODO: Make this use agenix path variable instead of hardcoded path
primary = true;
# gpg.encryptByDefault = true;
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = [ "*" "[Gmail]*" ]; # "[Gmail]/Sent Mail" ];
};
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true;
};
imapnotify = {
enable = true;
boxes = [ "INBOX" ];
onNotifyPost = "${pkgs.libnotify}/bin/notify-send -h 'string:desktop-entry:emacs' 'New mail'";
};
realName = name;
msmtp.enable = true;
mu.enable = true;
smtp = {
host = "smtp.gmail.com";
port = 587;
tls.useStartTls = true;
};
};
};
};
services = {
imapnotify.enable = true;
mbsync = {
enable = true;
frequency = "*:2/5";
preExec = "${pkgs.isync}/bin/mbsync -Ha";
postExec = "${pkgs.mu}/bin/mu index -m ${maildir}";
};
};
programs = {
msmtp.enable = true;
mbsync.enable = true;
mu.enable = true;
};
}

35
hosts/enterprise/networking.nix
View file

@ -1,35 +0,0 @@
{ config, pkgs, ... }:
{
networking = {
hostName = "enterprise"; # Define your hostname.;
# use iNet Wireless Daemon (instead of wpa_supplicant) for wireless device management
wireless.iwd = {
enable = true;
# All options: https://iwd.wiki.kernel.org/networkconfigurationsettings
settings = {
Network = {
EnableIPv6 = true;
RoutePriorityOffset = 300;
};
Settings = {
AutoConnect = true;
Hidden = true;
AlwaysRandomizeAddress = false; # for predictable local network
};
};
};
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
interfaces = {
enp3s0.useDHCP = true;
wlo1.useDHCP = true;
};
};
}

58
hosts/enterprise/nvidia.nix
View file

@ -1,58 +0,0 @@
{ config, pkgs, options, ... }:
let
nvidiaEnabled = false;
nvidiaAlwaysOn = true;
# For some reason at least one game needs this to be set,
# even if nvidia GPU is in sync-mode
# Could be Wayland, needs further investigation
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec -a "$0" "$@"
'';
in
{
hardware = {
nvidiaOptimus.disable = !nvidiaEnabled;
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
nvidiaSettings = nvidiaEnabled;
modesetting.enable = nvidiaAlwaysOn; # Same as sync.enable
powerManagement = {
# Only for offload.enable=true
enable = !nvidiaAlwaysOn;
finegrained = !nvidiaAlwaysOn;
};
prime = {
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
sync.enable = nvidiaAlwaysOn; # Complement of offload.enable
offload.enable = !nvidiaAlwaysOn;
};
};
};
services.xserver.videoDrivers = [
(if nvidiaEnabled
then
"nvidia" # Keep only "nvidia" when using sync-mode
else
"intel")
];
environment.systemPackages = with pkgs;
if nvidiaEnabled
then
[
nvidia-offload
primus
]
else
[ ];
}

6
hosts/enterprise/secrets/enterprise-nix-cache-key-sec.age
View file

@ -1,6 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w 7No0DsdBZnT2q+pEyfZWs25tzwCG5pufTlfY7rHnbWk
p96mO5AcA5Heio2zXSxl0G2YmOuU3pzZtwcqJHc1QdE
--- jaEARnhHeBNOSUwjMYYQPyh5f18qRFmMCnW71H6itqU
Ãx³qH1Y©^œSZ: ~äÅk^ Á²˜»t6Oým^Í©ž<Úå€EÂÄDU‰/ϳqhÞ/×ÙE¶¶i/z^7£ªZÂT4ÿ…+Sãeƒ9ƒ¹¥ÃfÍ­
<EFBFBD>z®“{c\m&rͺZÿ©rϾþ¨O·Ð”»z{þn2КÖi<C396>u`

7
hosts/enterprise/secrets/maildir_relekarpayas_onedrive.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w IFzyPbRh5LLzYH6vDy83SyKzZDS+qF2MEOenMsNtOnQ
lAx+ygintMnPCDl4rr+iDnud/5bQ63gbbZS43Vtzr5Y
-> 9M9qX4-grease S`5 jR._GqU {9)a Eub
eBZQB13O+P1m4DsTWCN8k6RWpeKcqsg5yfm/8n/CaVfMFACclQ
--- PtyjC9OVjUAdkGz111hZsDkEFjcwNtO1BvJhpn/5x3g
8p©Ë®ŠÁdÇÜÜŒtL͸ kóúî‘Û/{\><3E>ÍOò&”7Åp`}¸Ñ—°¼?¥kÏ€0Çtò â˜Ï¦re1ÙÃ6>Y*TdÛkÝÕ5ÿ3KpÖ1rœÇ@³« 4ó¶AàÄH7ŒlÛ¥ó´ ͘ŠƒV׫Rbà

5
hosts/enterprise/secrets/mu4e_gmail.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w yhRM5/w1eepD/nEGCoOzqhN2Ed4WCweQxc5nw90OFFE
z9/iOzG+to2rcC60yO7nzI6GgIfvZLjHfJr42SrbxLY
--- tiudW9x74CzCHpASjlnHxN8zKekP/2L4HkqtDwRkm5U
kÊh„ŒA`ŒÑŠ«i¹X±÷´Tmøæ::¨+W:štÅû±û½â‘û&ýÎì

7
hosts/enterprise/secrets/org_relekarpayas_googledrive.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w ccKo6iVUtF/88bxSy1B8xnRYBUkbnbi/heOcS0zYEDY
Rraz/mFj1fR95kJZRCSJ7SRAQUtgHjOZJi0VvzYGmvk
-> ZwkrMG-grease <?G)_dY N !KANB*" -hB+Su(
U5LEeJZOBtIWPWGBEQ
--- yE1a37Lu918LVJumhD9gYvxWb/6OweXzYrOeoC+tnp8
ã_× ñæ<C3B1>â¢6Ñép4äÕ·ÆÞ,«ïÆ}Zf?OZÞ£;Ä5§dCÖ×­_ÄkÂ"dcÓ@ÛC­¹Ê±@Bž<42>BlËižum)±P?¢Ç—²·yÍ0ð(!¢Ëô]â=3‰îæ!I‡{Cúö˜ªêž.kcÛ}»¾<C2BB>ò|í·hàá®

8
hosts/enterprise/secrets/org_relekarpayas_onedrive.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w 5OnF9DkSjroG96Q88oo04Q1EINi3wcN/vfyzKALrMww
kBc2w/X+Od+ouik4AsH7YZlNoZGPfWGt1NXUip9yfwY
-> g(-grease A
zT177g
--- JFz13LrERcGNmpmtjp9IK92FDyAUpxK00Kal7CsYyZ8
ñþºÆÅn_1ÙH"žQ[2Àvh%ê¾E…AînÀԜͥIáÏE@Í¿s†,Ÿ4]\FÂ[”jöÈ`oÓ¼=}…~®g>•ÈPÎHÈÃ
e>'¶FÚø÷ÿÞ™·C¹¯'@ðVÞš¸ÖÛSc$Љ@˜`/E|Uàtì“

11
hosts/enterprise/secrets/secrets.nix
View file

@ -1,11 +0,0 @@
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPziuF0B4Vj/W434rpshcvQu2KieXjGc8HnwymLapyLu nixos@enterprise";
in
{
"maildir_relekarpayas_onedrive.age".publicKeys = [ key ];
"syncthing_relekarpayas_googledrive.age".publicKeys = [ key ];
"syncthing_relekarpayas_onedrive.age".publicKeys = [ key ];
"org_relekarpayas_googledrive.age".publicKeys = [ key ];
"org_relekarpayas_onedrive.age".publicKeys = [ key ];
"mu4e_gmail.age".publicKeys = [ key ];
"enterprise-nix-cache-key-sec.age".publicKeys = [ key ];
}

9
hosts/enterprise/secrets/syncthing_relekarpayas_googledrive.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w O2oC8+mG4ddds/vWrEgoKcH/08Uf+Asb+5IMvHFaC04
zTptkB7UdU0BGm2tOUTjllYHsv3tEkt+k61VgyCnnZw
-> A$-grease 2MWD =a@~f
h1ff7UE4JFUCf2hRMDEBnOrsvbEztceDSaMVTyzzzsf+D9TYLeA7Liv8zJuOu1PV
pTCXhpWqO0Th9ol9fJc3eQ7MxuiGOSGm6H65HPIjgxWJNSLmNg
--- vbumS83Qmuc1aOt0o7Rut1P5kSVix/AKL7SLJBKVD6A
-:VÅøhN¡Õëüû41þž¨N<ÃY´­­ãirò­
€uÏß<EFBFBD>Â'q#P—xJLd‰ë9v:4äŽ7rpÝ&º\<5C>CÒ]=ê 9uWÙÍ÷…r£¹ñÆkdÇ>+ç@·!ÍÞy@W“o$ñ<>þ|(žD¨4G0&ýÔÝ¡

9
hosts/enterprise/secrets/syncthing_relekarpayas_onedrive.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 dy7D9w cC14jHh4xEnU4ytYVPvsHFItTP32ejCva6JIfyL7yCg
OynqzGM3787awMhBuUuSq3+LNiw8BQbQzPDH3fx08aU
-> 1}N-grease 63VK8 ' \ S=if
ZACSbwxOec//qcHEPOWoc9lTTcf6eIK2g2Bw4xXjqYD5/F08jXx5By4REgLsvg7h
jzGImN08q5msOunmJNlc5AV2lWvUVU7860sn/5ZLJQ5/F9G5Rl2fK7xs
--- 8m6Tz3ExeYuw/IiMYJu3jGbTqhQNaKXNc7Y6BIDQuxc
Fgî);ÐÍ­Cd<43><64>Ó=gA/"´¥:ë-à ]ºº@XñgOÌ2j…Ÿ=«Ø7,ð”WäãŠ?på d´Dæßÿ_ÙëI†Ÿ<07>qVóóÝ®°nzù¢휗<C593>è!y[ihC¨f³\Ãú@AL_©R+\ÅýNCK<43>?Q÷
íã

58
hosts/enterprise/sound.nix
View file

@ -1,58 +0,0 @@
{ config, pkgs, options, ... }:
# Sound config for PipeWire.
# PipeWire implements interfaces for ALSA and PulseAudio,
# so they need not be configured separately
{
# Disable sound as it can conflict with PipeWire according to NixOS wiki
sound.enable = false;
# High quality BT calls
hardware = {
bluetooth = {
enable = true;
hsphfpd.enable = true;
};
# Disable Pulse, PipeWire implements PulseAudio compatible interface
pulseaudio.enable = false;
};
# PipeWire config
security.rtkit.enable = true;
services.pipewire = {
enable = true;
# Enable ALSA interface
alsa = {
enable = true;
support32Bit = true;
};
# Enable PulseAudio interface
pulse.enable = true;
# High quality BT calls
media-session.config.bluez-monitor.rules = [
{
# Matches all cards
matches = [{ "device.name" = "~bluez_card.*"; }];
actions = {
"update-props" = {
"bluez5.auto-connect" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
};
};
}
{
matches = [
# Matches all sources
{
"node.name" = "~bluez_input.*";
}
# Matches all outputs
{ "node.name" = "~bluez_output.*"; }
];
actions = { "node.pause-on-idle" = false; };
}
];
};
}

58
hosts/enterprise/syncthing.nix
View file

@ -1,58 +0,0 @@
{ config, ... }:
let
payas = "payas";
in
{
imports = [
../../modules/common-syncthing.nix
];
services.syncthing = {
guiAddress = "127.0.0.1:8384";
folders = {
Keepass = {
devices = [ "bebop" "Childish Tycoon" ];
type = "sendreceive";
watch = true;
versioning = {
type = "simple";
params.keep = "5";
};
};
Syncthing = {
devices = [ "bebop" "Childish Tycoon" ];
type = "sendreceive";
watch = true;
versioning = {
type = "staggered";
params = {
cleanInterval = "3600";
maxAge = "31536000";
};
};
};
org = {
devices = [ "bebop" "Childish Tycoon" ];
type = "sendreceive";
watch = true;
};
Music = {
devices = [ "bebop" "Childish Tycoon" ];
type = "sendreceive";
watch = true;
};
Pictures = {
# Kept as future reminder
devices = [ ]; # no pause option in NixOS module, no sharing is as good as paused
type = "sendreceive";
watch = false; # disabled folder, no need to watch
};
};
};
}