diff options
| -rw-r--r-- | hosts/sachiel/configuration.nix | 1 | ||||
| -rw-r--r-- | modules/home/editors/neovim/default.nix | 65 | ||||
| -rw-r--r-- | modules/home/editors/zed/default.nix | 70 | ||||
| -rw-r--r-- | modules/home/media/jellyfin-mpv-shim/default.nix | 31 | ||||
| -rw-r--r-- | modules/home/media/nixcord/default.nix | 11 | ||||
| -rw-r--r-- | modules/nixos/server/fail2ban/default.nix | 25 | ||||
| -rw-r--r-- | modules/nixos/server/nextcloud/default.nix | 81 | ||||
| -rw-r--r-- | modules/nixos/server/openssh/default.nix | 21 |
8 files changed, 60 insertions, 245 deletions
diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix index 207447d..e36e91a 100644 --- a/hosts/sachiel/configuration.nix +++ b/hosts/sachiel/configuration.nix @@ -71,7 +71,6 @@ in enable = true; allowedUsers = [ username ]; }; - fail2ban.enable = true; nginx.enable = true; nextcloud = { enable = true; diff --git a/modules/home/editors/neovim/default.nix b/modules/home/editors/neovim/default.nix index c9d30db..cbfd261 100644 --- a/modules/home/editors/neovim/default.nix +++ b/modules/home/editors/neovim/default.nix @@ -6,59 +6,12 @@ }: let - inherit (lib) - mkOption - types - mkIf - optionals - ; + inherit (lib) mkEnableOption mkIf optionals; cfg = config.nx.editors.neovim; in { options.nx.editors.neovim = { - enable = mkOption { - description = "Neovim editor"; - type = types.bool; - default = true; - }; - - langs = { - python = mkOption { - description = "enable the python integration"; - type = types.bool; - default = false; - }; - go = mkOption { - description = "enable go integration"; - type = types.bool; - default = false; - }; - ts = mkOption { - description = "enable the js/ts integration"; - type = types.bool; - default = false; - }; - nix = mkOption { - description = "enable the nix integration"; - type = types.bool; - default = true; - }; - lua = mkOption { - description = "enable the lua integration"; - type = types.bool; - default = true; - }; - latex = mkOption { - description = "enable latex integration"; - type = types.bool; - default = false; - }; - typst = mkOption { - description = "enable typst integration"; - type = types.bool; - default = false; - }; - }; + enable = mkEnableOption "Neovim editor"; }; config = mkIf cfg.enable { @@ -75,16 +28,14 @@ in fd gcc ] - ++ (optionals cfg.langs.ts [ pkgs.nodePackages.typescript-language-server ]) - ++ (optionals cfg.langs.python [ ]) - ++ (optionals cfg.langs.go [ pkgs.gopls ]) - ++ (optionals cfg.langs.nix [ + ++ (optionals true [ pkgs.gopls ]) + ++ (optionals true [ pkgs.nil pkgs.nixfmt ]) - ++ (optionals cfg.langs.lua [ pkgs.lua-language-server ]) - ++ (optionals cfg.langs.latex [ pkgs.texlab ]) - ++ (optionals cfg.langs.typst [ pkgs.tinymist ]); + ++ (optionals true [ pkgs.lua-language-server ]) + ++ (optionals true [ pkgs.texlab ]) + ++ (optionals true [ pkgs.tinymist ]); plugins = with pkgs.vimPlugins; [ gruvbox-nvim @@ -111,4 +62,4 @@ in ''; }; }; -} +}
\ No newline at end of file diff --git a/modules/home/editors/zed/default.nix b/modules/home/editors/zed/default.nix index 58835fb..5fe90ed 100644 --- a/modules/home/editors/zed/default.nix +++ b/modules/home/editors/zed/default.nix @@ -5,82 +5,18 @@ }: let - inherit (lib) - mkEnableOption - mkOption - types - mkIf - optionals - ; + inherit (lib) mkEnableOption mkIf; cfg = config.nx.editors.zed-editor; in { options.nx.editors.zed-editor = { enable = mkEnableOption "zed editor"; - - langs = { - nix = mkOption { - description = "enable nix integration"; - type = types.bool; - default = true; - }; - python = mkOption { - description = "enable python integration"; - type = types.bool; - default = false; - }; - rust = mkOption { - description = "enable rust integration"; - type = types.bool; - default = false; - }; - go = mkOption { - description = "enable go integration"; - type = types.bool; - default = false; - }; - lua = mkOption { - description = "enable lua integration"; - type = types.bool; - default = false; - }; - docker = mkOption { - description = "enable docker integration"; - type = types.bool; - default = false; - }; - java = mkOption { - description = "enable java integration"; - type = types.bool; - default = false; - }; - cmake = mkOption { - description = "enable cmake integration"; - type = types.bool; - default = false; - }; - toml = mkOption { - description = "enable toml integration"; - type = types.bool; - default = false; - }; - }; }; config = mkIf cfg.enable { programs.zed-editor = { enable = true; - extensions = - [ ] - ++ (optionals cfg.langs.nix [ "nix" ]) - ++ (optionals cfg.langs.python [ "python" ]) - ++ (optionals cfg.langs.rust [ "rust" ]) - ++ (optionals cfg.langs.go [ "go" ]) - ++ (optionals cfg.langs.lua [ "lua" ]) - ++ (optionals cfg.langs.docker [ "dockerfile" ]) - ++ (optionals cfg.langs.java [ "java" ]) - ++ (optionals cfg.langs.cmake [ "cmake" ]) - ++ (optionals cfg.langs.toml [ "toml" ]); + extensions = [ "nix" ]; userSettings = { telemetry = { metrics = false; @@ -113,4 +49,4 @@ in }; }; }; -} +}
\ No newline at end of file diff --git a/modules/home/media/jellyfin-mpv-shim/default.nix b/modules/home/media/jellyfin-mpv-shim/default.nix index 53826f6..679a1c6 100644 --- a/modules/home/media/jellyfin-mpv-shim/default.nix +++ b/modules/home/media/jellyfin-mpv-shim/default.nix @@ -1,32 +1,11 @@ { config, lib, ... }: let cfg = config.nx.media.jellyfin-mpv-shim; - # Reference your custom mpv options - mpvOpt = config.nx.media.mpv; - inherit (lib) - mkEnableOption - mkIf - mkOption - types - optionalAttrs - ; + inherit (lib) mkEnableOption mkIf optionalAttrs; in { options.nx.media.jellyfin-mpv-shim = { enable = mkEnableOption "Jellyfin MPV Shim"; - name = mkOption { - description = "Name of player"; - type = types.str; - default = "mpv-shim"; - }; - hdrExpansion = mkOption { - type = types.bool; - default = mpvOpt.hdrExpansion; - }; - targetPeak = mkOption { - type = types.int; - default = mpvOpt.targetPeak; - }; }; config = mkIf cfg.enable { @@ -37,16 +16,16 @@ in services.jellyfin-mpv-shim = { enable = true; settings = { - player_name = cfg.name; + player_name = "mpv-shim"; allow_transcode_to_h256 = true; }; mpvConfig = { vo = "gpu-next"; gpu-api = "vulkan"; target-colorspace-hint = "yes"; - target-peak = cfg.targetPeak; + target-peak = 500; } - // (optionalAttrs cfg.hdrExpansion { + // (optionalAttrs false { target-trc = "pq"; target-prim = "bt.2020"; #target-peak = 406; @@ -56,4 +35,4 @@ in }); }; }; -} +}
\ No newline at end of file diff --git a/modules/home/media/nixcord/default.nix b/modules/home/media/nixcord/default.nix index 8f3b665..c7f2b4b 100644 --- a/modules/home/media/nixcord/default.nix +++ b/modules/home/media/nixcord/default.nix @@ -5,16 +5,11 @@ }: let cfg = config.nx.media.nixcord; - inherit (lib) mkEnableOption mkOption types mkIf; + inherit (lib) mkEnableOption mkIf; in { options.nx.media.nixcord = { enable = mkEnableOption "nixcord and setup"; - frameless = mkOption { - description = "Make discord frameless"; - type = types.bool; - default = true; - }; }; config = mkIf cfg.enable { programs.nixcord = { @@ -23,7 +18,7 @@ in themeLinks = [ "https://refact0r.github.io/system24/theme/system24.theme.css" ]; - frameless = cfg.frameless; + frameless = true; plugins = { alwaysAnimate.enable = false; imageLink.enable = true; @@ -33,4 +28,4 @@ in }; }; }; -} +}
\ No newline at end of file diff --git a/modules/nixos/server/fail2ban/default.nix b/modules/nixos/server/fail2ban/default.nix deleted file mode 100644 index 21020b5..0000000 --- a/modules/nixos/server/fail2ban/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - ... -}: -let - inherit (lib) mkEnableOption mkOption types mkIf; - cfg = config.nx.server.fail2ban; -in -{ - options.nx.server.fail2ban = { - enable = mkEnableOption "fail2ban service"; - bantime = mkOption { - description = "default bantime"; - type = types.str; - default = "1h"; - }; - }; - config = mkIf cfg.enable { - services.fail2ban = { - enable = true; - bantime = cfg.bantime; - }; - }; -} diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix index 7325c92..db665cf 100644 --- a/modules/nixos/server/nextcloud/default.nix +++ b/modules/nixos/server/nextcloud/default.nix @@ -5,89 +5,76 @@ ... }: let - inherit (lib) mkEnableOption mkOption types mkIf; + inherit (lib) mkEnableOption mkIf; cfg = config.nx.server.nextcloud; in { options.nx.server.nextcloud = { enable = mkEnableOption "Nextcloud server"; - user = mkOption { - description = "System user for paths like SSH keys"; - type = types.str; - }; - adminUser = mkOption { - description = "Admin user"; - type = types.str; - default = "schererleander"; - }; - adminPassFile = mkOption { - description = "Admin user key file"; - type = types.str; - default = "/etc/nextcloud-admin-pass"; - }; - hostName = mkOption { - description = "Nextcloud hostname"; - type = types.str; - default = "cloud.schererleander.de"; - }; - backup = mkOption { - description = "enable borgbase backups"; - type = types.bool; - default = true; - }; - backupSshKeyPath = mkOption { - description = "SSH key path for borgbase backup"; - type = types.str; - default = "/home/${cfg.user}/.ssh/borgbase-nextcloud"; - }; - jail = mkOption { - description = "setup fail2ban jail"; - type = types.bool; - default = config.nx.server.fail2ban.enable; - }; }; config = mkIf cfg.enable { services.nextcloud = { enable = true; package = pkgs.nextcloud32; - hostName = cfg.hostName; + hostName = "cloud.schererleander.de"; https = true; database.createLocally = true; maxUploadSize = "16G"; config = { dbtype = "mysql"; - adminuser = cfg.adminUser; - adminpassFile = cfg.adminPassFile; + adminuser = "schererleander"; + adminpassFile = config.sops.secrets."nextcloud-admin-pass".path; }; settings = { maintenance_window_start = 2; # 02:00 default_phone_region = "de"; overwriteProtocol = "https"; - trusted_domains = [ cfg.hostName ]; + trusted_domains = [ "cloud.schererleander.de" ]; logtimezone = config.time.timeZone; log_type = "file"; + enabledPreviewProviders = [ + # Default + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + # Non default + #"OC\\Preview\\Font" + "OC\\Preview\\HEIC" + #"OC\\Preview\\MP3" + #"OC\\Preview\\Movie" + #"OC\\Preview\\PDF" + #"OC\\Preview\\SVG" + ]; }; phpOptions."opcache.interned_strings_buffer" = "64"; }; services.nginx.virtualHosts = mkIf ((config.nx.server.nginx or { }).enable or false) { - "${cfg.hostName}" = { + "cloud.schererleander.de" = { forceSSL = true; sslCertificate = config.nx.server.nginx.sslCertificate; sslCertificateKey = config.nx.server.nginx.sslCertificateKey; }; }; - services.borgbackup.jobs.nextcloud = mkIf cfg.backup { + services.borgbackup.jobs.nextcloud = { paths = [ "/var/lib/nextcloud" "/var/lib/backup/nextcloud/db" ]; - repo = "h8xn8qvo@h8xn8qvo.repo.borgbase.com:repo"; + repo = config.sops.secrets."borg_repo".path; encryption.mode = "none"; environment = { - BORG_RSH = "ssh -i ${cfg.backupSshKeyPath} -o StrictHostKeyChecking=accept-new"; + BORG_RSH = "ssh -i ${ + config.sops.secrets."borgbase_ssh_key".path + } -o StrictHostKeyChecking=accept-new"; TMPDIR = "/var/tmp"; }; compression = "auto,lzma"; @@ -124,7 +111,9 @@ in ''; }; - services.fail2ban = mkIf cfg.jail { + services.fail2ban = { + enable = true; + bantime = "86400"; jails = { nextcloud = { enabled = true; @@ -136,14 +125,13 @@ in protocol = "tcp"; filter = "nextcloud"; maxretry = 3; - bantime = 86400; findtime = 43200; }; }; }; }; - environment.etc = mkIf cfg.jail { + environment.etc = { # Adapted failregex for syslogs "fail2ban/filter.d/nextcloud.local".text = pkgs.lib.mkDefault ( pkgs.lib.mkAfter '' @@ -157,3 +145,4 @@ in }; }; } + diff --git a/modules/nixos/server/openssh/default.nix b/modules/nixos/server/openssh/default.nix index 675ceaf..a56460d 100644 --- a/modules/nixos/server/openssh/default.nix +++ b/modules/nixos/server/openssh/default.nix @@ -5,38 +5,30 @@ }: let - inherit (lib) mkEnableOption mkOption types mkIf; + inherit (lib) mkEnableOption mkIf; cfg = config.nx.server.openssh; in { options.nx.server.openssh = { enable = mkEnableOption "OpenSSH server"; - port = mkOption { - description = "Port for openssh"; - type = types.port; - default = 8693; - }; - allowedUsers = mkOption { - description = "Users allowed to SSH"; - type = types.listOf types.str; - default = [ ]; - }; }; config = mkIf cfg.enable { services.openssh = { enable = true; - ports = [ cfg.port ]; + ports = [ 8693 ]; settings = { PasswordAuthentication = false; - AllowUsers = cfg.allowedUsers; + AllowUsers = [ ]; X11Forwarding = false; PermitRootLogin = "yes"; }; }; - networking.firewall.allowedTCPPorts = [ cfg.port ]; + networking.firewall.allowedTCPPorts = [ 8693 ]; services.fail2ban = { + enable = true; + bantime = "1h"; jails = { sshd = { enabled = true; @@ -45,7 +37,6 @@ in backend = "systemd"; maxretry = 4; findtime = "10m"; - bantime = "1h"; }; }; }; |