Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

delete unused code

Browse source
This commit is contained in:
Julien Malka 2024-03-30 20:08:03 +01:00
parent 3272efc40a
commit 8c1f06fda1
Signed by: Luj
GPG key ID: 6FC74C847011FD83
14 changed files with 0 additions and 1266 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

265
home-manager-modules/i3/config
View file

@ -1,265 +0,0 @@
# This file has been auto-generated by i3-config-wizard(1).
# It will not be overwritten, so edit it as you like.
#
# Should you change your keyboard layout some time, delete
# this file and re-run i3-config-wizard(1).
#
# i3 config file (v4)
#
# Please see http://i3wm.org/docs/userguide.html for a complete reference!
#Execs
exec_always xrandr --output $leftm --primary --mode 1920x1080 --pos 0x0 --rotate normal --output $rightm --mode 1920x1080 --pos 1920x0 --rotate normal
#exec_always xrandr --output $leftm --primary --mode 1920x1080 --pos 0x0 --rotate normal
exec_always feh --bg-scale ~/df/bg.jpg
# Variables {{{
set $sup Mod1
set $terminal tabbed -c urxvt -embed
set $leftm HDMI-1
set $rightm eDP-1
set $workspace1 ""
set $workspace2 ""
set $workspace3 ""
set $workspace4 "4"
set $workspace5 "5"
set $workspace6 "6"
set $workspace7 "7"
set $workspace8 "8"
set $workspace9 "9"
set $workspace10 ""
# }}}
workspace "" output $leftm
workspace "" output $rightm
workspace "" output $rightm
#Set Mod
set $mod Mod4
set $bg-color #172A47
set $text-color #5A9857
set $urgent-bg-color #E53935
set $inactive-bg-color #435E75
##########################################
#Scrolling - doesn't work
#exec --no-startup-id synclient HorizEdgeScroll=1 VertEdgeScroll=1 VertScrollDelta=-111
#WORKSPACE STARTUP
#Gaps and Window
for_window [class="^.*"] border pixel 2
#new_window pixel 4
#new_float pixel 4
#gaps inner 20
gaps inner 10
#border_radius 5
#new_window pixel 3
#new_float pixel 3
#gaps top 35
hide_edge_borders vertical
# Color variables
set $unfocused_border #72afff
set $focused_border #b21c0e
# class border backgr. text indicator
client.focused #698AB2 #698AB2 #698AB2 #698AB2 #698AB2
#client.focused_inactive $base03 $base03 $base05 $base03
#client.unfocused $base03 $base03 $base05 $base00
#client.urgent $base01 $base01 $base05 $base00
#Check .Xresources for font
# start a terminal
bindsym $mod+Return workspace 
bindsym $mod+Shift+Return exec urxvt
# kill focused window
bindsym $mod+q kill
# start rofi
bindsym $mod+space exec rofi -show run
# change focus
# alternatively, you can use the cursor keys:
bindsym $mod+h focus left
bindsym $mod+j focus down
bindsym $mod+k focus up
bindsym $mod+l focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+h move left
bindsym $mod+Shift+j move down
bindsym $mod+Shift+k move up
bindsym $mod+Shift+l move right
# split in horizontal orientation
bindsym $mod+o split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
#bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# focus the child container
#bindsym $mod+d focus child
bindsym $mod+Ctrl+Left move workspace to output $leftm
bindsym $mod+Ctrl+Right move workspace to output $rightm
# switch to workspace
bindsym $mod+1 workspace 
bindsym $mod+2 workspace 
bindsym $mod+3 workspace 
bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9
bindsym $mod+0 workspace 
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace 
bindsym $mod+Shift+2 move container to workspace 
bindsym $mod+Shift+3 move container to workspace 
bindsym $mod+Shift+4 move container to workspace 4
bindsym $mod+Shift+5 move container to workspace 5
bindsym $mod+Shift+6 move container to workspace 6
bindsym $mod+Shift+7 move container to workspace 7
bindsym $mod+Shift+8 move container to workspace 8
bindsym $mod+Shift+9 move container to workspace 9
bindsym $mod+Shift+0 move container to workspace 
#assign apps to workspaces
#assign [class = "URxvt"] 
assign [class = "Firefox"] 
assign [class = "discord"] 
assign[class="Atomic TweetDeck"] 
assign [class="Slack"] 
assign[class="Atom"]
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
# also destroy anything in startup workspace
bindsym $mod+Shift+r restart [workspace=] kill
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'"
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym h resize shrink width 10 px or 10 ppt
bindsym j resize shrink height 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape
bindsym $mod+R mode "default"
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
bindsym $mod+p exec i3lock-fancy
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available)
#bar {
# font pango:DejaVu Sans Mono, Awesome 8
# status_command i3blocks
# colors {
# background #23313D
# separator #757575
# # border background text
# focused_workspace $inactive-bg-color $bg-color $text-color
# inactive_workspace $bg-color $bg-color $text-color
# urgent_workspace $urgent-bg-color $urgent-bg-color $text-color
# }
#}
#SCROT
bindsym --release Print exec "scrot ~/Pictures/Screenshots/%b%d:%H%M%S.png"
# Alsa controls
bindsym XF86AudioMute exec amixer set Master toggle; exec pkill -RTMIN+10 i3blocks
bindsym XF86AudioRaiseVolume exec amixer set Master 5%+; exec pkill -RTMIN+10 i3blocks
bindsym XF86AudioLowerVolume exec amixer set Master 5%-; exec pkill -RTMIN+10 i3blocks
#Pulse Audio controls
#bindsym XF86AudioRaiseVolume exec amixer -q -D pulse sset Master 2%+;
#exec pkill -RTMIN+10 i3blocks
#bindsym XF86AudioLowerVolume exec amixer -q -D pulse sset Master 2%-;
#exec pkill -RTMIN+10 i3blocks
#bindsym XF86AudioMute exec amixer -q -D pulse sset Master toggle;
#exec pkill -RTMIN+10 i3blocks
# Sreen brightness controls
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness
# Touchpad controls
bindsym XF86TouchpadToggle exec /some/path/toggletouchpad.sh # toggle touchpad
# Media player controls
bindsym XF86AudioPlay exec playerctl play
bindsym XF86AudioPause exec playerctl pause
#bindsym XF86AudioNext exec playerctl next
#bindsym XF86AudioPrev exec playerctl previous
exec systemctl --user restart polybar
exec xrdb /home/julien/.Xressources
#exec --no-startup-id i3-msg 'workspace ; exec urxvt;exec urxvt;exec urxvt;exec urxvt; workspace '

19
home-manager-modules/i3/default.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.luj.i3;
in with lib;
{
options.luj.i3 = {
enable = mkEnableOption "activate i3";
};
config = mkIf cfg.enable {
xsession.windowManager.i3 = {
enable = true;
package = pkgs.i3-gaps;
};
xdg.configFile."i3/config".source = lib.mkForce ./config;
};
}

434
home-manager-modules/polybar/config
View file

@ -1,434 +0,0 @@
;-------------------------------------------------
; ;
; Polybar config for Cranium ;
; ;
;-------------------------------------------------
[colors]
;background = ${xrdb:color0:#222}
;background = #212E36
background = #cf172a47
;it's ARGB so "cfl" is for transparency
;background-alt = #cf3C5A46
background-unf = #2D4058
;background-unf = #cf2E463E
background-alt = #405C7D
background-mod0 = #cf3C5A46
background-mod1 = #cf546E53
background-mod2 = #cf708963
background-alrt = #cfA1BB76
;foreground = ${xrdb:color7:#222}
foreground = #F3F3BA
foreground-alt = #F3F3BA
primary = #F3F3BA
secondary = #F3F3BA
[bar/PolybarTony]
;monitor = ${env:MONITOR:HDMI-1}
;monitor = ${env:MONITOR:}
width = 100%
height = 30
offset-x = 0%
;offset-y = 10%
radius = 0.0
fixed-center = true
background = ${colors.background}
foreground = ${colors.foreground}
line-size = 0
line-color = #f00
border-size = 0
border-color = #00000000
padding-left = 0
padding-right = 0
module-margin-left = 0
module-margin-right = 0
font-0 = Misc Termsyn:size=8;1
;font-0 = Ubuntu:size=10;1
font-1 = FontAwesome:fontformat=truetype:size=12;1
font-3 = Font Awesome 5 Free:style=Regular:pixelsize=8;1
font-4 = Font Awesome 5 Free:style=Solid:pixelsize=8;1
font-5 = Font Awesome 5 Brands:pixelsize=8;1
font-2 = sm4tik:pixelsize=10;1
modules-left = i3
modules-center = date
modules-right = wireless-network memory cpu battery powermenu
tray-position = right
tray-padding = 11
tray-transparent = false
tray-offset-y = 0
tray-offset-x = 0
tray-maxsize = 18
tray-detached = false
tray-background = colors.background
;wm-restack = bspwm
wm-restack = i3
override-redirect = false
;scroll-up = bspwm-desknext
;scroll-down = bspwm-deskprev
;scroll-up = i3wm-wsnext
;scroll-down = i3wm-wsprev
[module/weather]
type = custom/script
interval = 60
;format-background = ${colors.background-alt}
format = <label>
format-prefix = "  "
format-suffix = " "
format-prefix-foreground = ${colors.foreground-alt}
exec = python ~/.config/polybar/weather.py
[module/music]
type = custom/script
interval = 1
bar-width = 50%
;format-background = ${colors.background-alt}
;format-foreground = ${colors.foreground-alt}
label = " %output% "
exec = ~/.config/polybar/mpris.sh
[module/i3]
pin-workspaces = true
type = internal/i3
;
;strip-wsnumbers = true
;
;label-focused-padding = 3
;label-unfocused-padding = 3
;
;label-focused-background = ${colors.background-alt}
label-unfocused-background = ${colors.background-unf}
;
;label-mode-padding = 0
;label-mode-background = ${colors.background-unf}
;
;label-visible-underline = #555555
;label-visible-padding = 4
; Available tokens:
; %mode%
; Default: %mode%
label-mode = %mode%
label-mode-padding = 2
label-mode-background = #e60053
; Available tokens:
; %name%
; %icon%
; %index%
; %output%
; Default: %icon% %name%
label-focused = %name%
label-focused-foreground = #ffffff
label-focused-background = ${colors.background-alt}
label-focused-underline = #fba922
label-focused-padding = 4
; Available tokens:
; %name%
; %icon%
; %index%
; Default: %icon% %name%
label-unfocused = %name%
label-unfocused-padding = 4
; Available tokens:
; %name%
; %icon%
; %index%
; Default: %icon% %name%
label-visible = %name%
label-visible-underline = #555555
label-visible-padding = 4
; Available tokens:
; %name%
; %icon%
; %index%
; Default: %icon% %name%
label-urgent = %name%
label-urgent-foreground = #000000
label-urgent-background = ${colors.background-alrt}
label-urgent-padding = 4
[module/wireless-network]
type = internal/network
interface = wlp3s0
interval = 3.0
format-connected-prefix = " "
format-connected-background = ${colors.background-alt}
format-connected = " <ramp-signal> <label-connected> "
format-connected-underline = #9f78e1
label-connected =
format-disconnected = " no wifi :( "
format-disconnected-background = ${colors.background-alt}
;format-disconnected-underline = ${self.format-connected-underline}
;label-disconnected = %ifname% disconnected
label-disconnected-foreground = ${colors.foreground-alt}
ramp-signal-0 = "  0%"
ramp-signal-1 = "  25%"
ramp-signal-2 = "  50%"
ramp-signal-3 = "  75%"
ramp-signal-4 = "  100%"
ramp-signal-foreground = ${colors.foreground-alt}
[module/wired-network]
type = internal/network
interface = enp0s25
interval = 3.0
format-connected-underline = #55aa55
format-connected-prefix = ""
format-connected-prefix-foreground = ${colors.foreground-alt}
label-connected = %local_ip%
format-disconnected =
;format-disconnected = <label-disconnected>
;format-disconnected-underline = ${self.format-connected-underline}
;label-disconnected = %ifname% disconnected
;label-disconnected-foreground = ${colors.foreground-alt}
[module/date]
type = internal/date
interval = 5
date =
date-alt = " %d/%m"
time = "  %a %b %d  %I:%M %p "
time-alt = %H:%M:%S
format-prefix-foreground = ${colors.foreground-alt}
format-underline = #0a6cf5
label = %date% %time%
;lable = %time%
[module/volume]
type = internal/pulseaudio
;type = internal/alsa
sink = alsa_output.pci-0000_00_1f.3.analog-stereo
; Soundcard to be used
; Usually in the format hw:#
master-soundcard = hw:1
speaker-soundcard = hw:1
headphone-soundcard = hw:1
; Name of the master mixer
; Default: Master
master-mixer = Master
; Optionally define speaker and headphone mixers
; Use the following command to list available mixer controls:
; $ amixer scontrols | sed -nr "s/.*'([[:alnum:]]+)'.*/\1/p"
; Default: none
speaker-mixer = Speaker
; Default: none
headphone-mixer = Headphone
; NOTE: This is required if headphone_mixer is defined
; Use the following command to list available device controls
; $ amixer controls | sed -r "/CARD/\!d; s/.*=([0-9]+).*name='([^']+)'.*/printf '%3.0f: %s\n' '\1' '\2'/e" | sort
; Default: none
headphone-id = 9
; Use volume mapping (similar to amixer -M and alsamixer), where the increase in volume is linear to the ear
; Default: false
mapped = true
format-muted-background = ${colors.background-unf}
format-volume-background = ${colors.background-alt}
format-volume = " <ramp-volume> <label-volume> "
format-volume-prefix = " "
label-muted = " mute "
;label-muted = "   "
; Only applies if <ramp-volume> is used
ramp-volume-0 = 
ramp-volume-1 = 
[module/battery]
type = internal/battery
battery = BAT0
adapter = AC
full-at = 97
format-full-background = ${colors.background-mod2}
format-charging-background = ${colors.background-alt}
format-charging = " <animation-charging> <label-charging>"
format-charging-underline = #ffb52a
format-charging-suffix = " "
format-discharging-background = ${colors.background-alt}
format-discharging = " <ramp-capacity> <label-discharging> "
format-discharging-underline = ${self.format-charging-underline}
format-full =
format-full-prefix-foreground = ${colors.foreground-alt}
format-full-underline = ${self.format-charging-underline}
ramp-capacity-0 = 
ramp-capacity-1 = 
ramp-capacity-2 = 
ramp-capacity-3 = 
ramp-capacity-4 = 
ramp-capacity-foreground = ${colors.foreground-alt}
animation-charging-0 = 
animation-charging-1 = 
animation-charging-2 = 
animation-charging-3 = 
animation-charging-4 = 
animation-charging-foreground = ${colors.foreground-alt}
animation-charging-framerate = 750
[module/powermenu]
type = custom/menu
format-spacing = 1
label-open = "  "
label-open-background = ${colors.background-unf}
label-open-foreground = ${colors.secondary}
label-close = "  cancel "
label-close-background = ${colors.background-unf}
label-close-foreground = ${colors.secondary}
label-separator = " "
label-separator-foreground = ${colors.foreground-alt}
menu-0-0 = reboot
menu-0-0-exec = menu-open-1
menu-0-1 = "power off "
menu-0-1-exec = menu-open-2
menu-1-0 = cancel
menu-1-0-exec = menu-open-0
menu-1-1 = reboot
menu-1-1-exec = sudo reboot
menu-2-0 = power off
menu-2-0-exec = shutdown now
menu-2-1 = cancel
menu-2-1-exec = menu-open-0
[settings]
screenchange-reload = true
;compositing-background = xor
;compositing-background = screen
;compositing-foreground = source
;compositing-border = over
[global/wm]
margin-top = 5
margin-bottom = 5
;
; [module/xkeyboard]
; type = internal/xkeyboard
; blacklist-0 = num lock
;
; format-prefix = " "
; format-prefix-foreground = ${colors.foreground-alt}
; format-prefix-underline = ${colors.secondary}
;
; label-layout = %layout%
; label-layout-underline = ${colors.secondary}
;
; label-indicator-padding = 2
; label-indicator-margin = 1
; label-indicator-background = ${colors.secondary}
; label-indicator-underline = ${colors.secondary}
;
; [module/filesystem]
; type = internal/fs
; interval = 25
;
; mount-0 = /
;
; label-mounted = %{F#0a81f5}%mountpoint%%{F-}: %percentage_used%%
; label-unmounted = %mountpoint% not mounted
; label-unmounted-foreground = ${colors.foreground-alt}
;
;
;[module/xbacklight]
;type = internal/xbacklight
;
;format = <label> <bar>
;label = BL
;
;bar-width = 10
;bar-indicator = |
;bar-indicator-foreground = #ff
;bar-indicator-font = 2
;bar-fill = -
;bar-fill-font = 2
;bar-fill-foreground = #9f78e1
;bar-empty = -
;bar-empty-font = 2
;bar-empty-foreground = ${colors.foreground-alt}
;bar-empty-background = ${colors.foreground-mod}
;
;[module/backlight-acpi]
;inherit = module/xbacklight
;type = internal/backlight
;card = intel_backlight
;
[module/cpu]
type = internal/cpu
interval = 2
format-prefix = "  "
format-prefix-foreground = ${colors.foreground-alt}
format-prefix-background = ${colors.background-alt}
format-underline = #f90000
label = %percentage%%
format-background = ${colors.background-alt}
[module/memory]
type = internal/memory
interval = 2
format-prefix = " "
format-prefix-foreground = ${colors.foreground-alt}
format-underline = #4bffdc
label = %percentage_used%%
format-background = ${colors.background-alt}
; vim:ft=dosini

25
home-manager-modules/polybar/default.nix
View file

@ -1,25 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.luj.polybar;
in
with lib; {
options.luj.polybar = {
enable = mkEnableOption "Enable polybar";
};
config = mkIf cfg.enable {
services.polybar = {
enable = true;
package = pkgs.polybar.override {
i3GapsSupport = true;
};
script = "polybar -q PolybarTony &";
};
xdg.configFile."polybar/config".source = lib.mkForce ./config;
};
}

57
modules/authelia/authelia-config.nix
View file

@ -1,57 +0,0 @@
# Taken from 'config.template.yml' for Authelia v4.32.2.
# Update along with 'pkgs/authelia.nix'.
{ cfg }:
''
server:
host: 0.0.0.0
port: 9091
read_buffer_size: 4096
write_buffer_size: 4096
path: "authelia"
log.level: debug
jwt_secret: somethingsomethingrandomrecret
default_redirection_url: https://autheliafailed.julienmalka.me
authentication_backend:
disable_reset_password: false
file:
path: ${./config/users.yml}
password:
algorithm: argon2id
iterations: 1
key_length: 32
salt_length: 16
memory: 512
parallelism: 8
access_control:
default_policy: deny
rules:
- domain:
- "auth.julienmalka.me"
policy: bypass
- domain:
- "series.julienmalka.me"
policy: one_factor
session:
name: authelia_session
secret: somerandomsecret
expiration: 1h
inactivity: 5m
remember_me_duration: 1M
domain: julienmalka.me
regulation:
max_retries: 3
find_time: 2m
ban_time: 5m
storage:
encryption_key: a_very_important_secret
local:
path: /var/lib/authelia/storage.db
notifier:
disable_startup_check: false
filesystem:
filename: /var/lib/authelia/notification.txt
''

38
modules/authelia/authelia.conf
View file

@ -1,38 +0,0 @@
# Virtual endpoint created by nginx to forward auth requests.
location /authelia {
internal;
set $upstream_authelia http://127.0.0.1:9091/api/verify;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

7
modules/authelia/config/users.yml
View file

@ -1,7 +0,0 @@
users:
julien:
displayname: "Julien Malka"
email: julien@malka.sh
groups:
- admins
- dev

96
modules/authelia/default.nix
View file

@ -1,96 +0,0 @@
{ pkgs, lib, config, ... }:
with lib; let
cfg = config.luj.authelia;
autheliaConfig = pkgs.writeText "authelia-config.yml"
(import ./authelia-config.nix { inherit cfg; });
in
{
options.luj.authelia = {
enable = mkEnableOption "enable authelia";
};
config = mkIf cfg.enable {
systemd = {
services.authelia = {
serviceConfig = {
User = "authelia";
StateDirectory = "authelia";
RuntimeDirectory = "authelia";
StateDirectoryMode = "0700";
RuntimeDirectoryMode = "0700";
};
script = ''
exec ${pkgs.authelia}/bin/authelia --config ${autheliaConfig}
'';
};
};
users = {
users.authelia = {
group = "authelia";
isSystemUser = true;
};
groups.authelia = {
members = [ "nginx" ];
};
};
services.nginx.virtualHosts."auth.julienmalka.me" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
set $upstream_authelia http://127.0.0.1:9091;
proxy_pass $upstream_authelia;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.0.0.0/8;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
'';
};
};
};
}

23
modules/authelia/secure.conf
View file

@ -1,23 +0,0 @@
# Basic Authelia Config
# Send a subsequent request to Authelia to verify if the user is authenticated
# and has the right permissions to access the resource.
auth_request /authelia;
# Set the `target_url` variable based on the request. It will be used to build the portal
# URL with the correct redirection parameter.
auth_request_set $target_url $scheme://$http_host$request_uri;
# Set the X-Forwarded-User and X-Forwarded-Groups with the headers
# returned by Authelia for the backends which can consume them.
# This is not safe, as the backend must make sure that they come from the
# proxy. In the future, it's gonna be safe to just use OAuth.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
# If Authelia returns 401, then nginx redirects the user to the login portal.
# If it returns 200, then the request pass through to the backend.
# For other type of errors, nginx will handle them as usual.
error_page 401 =302 https://auth.julienmalka.me/?rd=$target_url;

37
modules/bincache/default.nix
View file

@ -1,37 +0,0 @@
{ pkgs, config, lib, inputs, ... }:
let
cfg = config.luj.bincache;
port = 5000;
in
with lib;
{
options.luj.bincache = {
enable = mkEnableOption "Enable nix bincache";
subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (recursiveUpdate
{
users.users.nix-serve = {
isSystemUser = true;
};
nix.settings.allowed-users = [ "nix-serve" ];
users.users.nix-serve.group = "nix-serve";
users.groups.nix-serve = { };
sops.secrets.bin-cache-priv-key = {
owner = "nix-serve";
};
services.nix-serve = {
enable = true;
secretKeyFile = "/run/secrets/bin-cache-priv-key";
port = port;
};
}
(mkSubdomain cfg.subdomain port));
}

101
modules/drone/default.nix
View file

@ -1,101 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.drone;
drone = config.users.users.drone.name;
port = 3030;
in
{
options.luj.drone = {
enable = mkEnableOption "activate drone CI";
subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (recursiveUpdate
{
users.users.drone = {
isNormalUser = true;
createHome = true;
home = "/home/drone";
extraGroups = [ drone config.users.groups.keys.name ];
hashedPasswordFile = config.sops.secrets.user-julien-password.path;
};
users.groups.drone = { };
luj.hmgr.drone.luj.programs.git.enable = true;
nix.settings.allowed-users = [ drone ];
sops.secrets.drone = { };
sops.secrets.ssh-drone-pub = {
owner = drone;
path = "/home/drone/.ssh/id_ed25519.pub";
mode = "0644";
format = "binary";
sopsFile = ../../secrets/ssh-drone-pub;
};
sops.secrets.ssh-drone-priv = {
owner = drone;
path = "/home/drone/.ssh/id_ed25519";
mode = "0600";
format = "binary";
sopsFile = ../../secrets/ssh-drone-priv;
};
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [
"DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
"DRONE_SERVER_PROTO=https"
"DRONE_DATABASE_DATASOURCE=postgres:///drone?host=/run/postgresql"
"DRONE_DATABASE_DRIVER=postgres"
"DRONE_SERVER_PORT=:3030"
"DRONE_USER_CREATE=username:JulienMalka,admin:true"
"DRONE_USER_CREATE=username:camillemndn, admin:true"
"DRONE_REGISTRATION_CLOSED=true"
];
ExecStart = "${pkgs.drone}/bin/drone-server";
User = drone;
Group = drone;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ drone ];
ensureUsers = [{
name = drone;
ensurePermissions = {
"DATABASE ${drone}" = "ALL PRIVILEGES";
};
}];
};
systemd.services.drone-runner-exec = {
description = "Drone Exec Runner";
startLimitIntervalSec = 5;
serviceConfig = {
User = drone;
Group = drone;
EnvironmentFile = [ config.sops.secrets.drone.path ];
Environment = [
"DRONE_SERVER_HOST=${cfg.subdomain}.julienmalka.me"
"DRONE_SERVER_PROTO=https"
"CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
];
ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec service run";
};
wantedBy = [ "multi-user.target" ];
path = [ pkgs.nixUnstable pkgs.git pkgs.openssh ];
};
}
(recursiveUpdate (mkSubdomain cfg.subdomain port) (mkVPNSubdomain cfg.subdomain port)));
}

100
modules/filerun/default.nix
View file

@ -1,100 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.filerun;
mysql_root_pw = [ (builtins.readFile /run/secrets/filerun-root-passwd) ];
mysql_pw = [ (builtins.readFile /run/secrets/filerun-passwd) ];
port = 2000;
in
{
options.luj.filerun = {
enable = mkEnableOption "enable filerun service";
subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (recursiveUpdate {
sops.secrets.filerun = {};
virtualisation.docker.enable = true;
virtualisation.oci-containers.containers."filerun-mariadb" = {
image = "mariadb:10.1";
environment = {
"MYSQL_USER" = "filerun";
"MYSQL_DATABASE" = "filerundb";
"TZ" = "Europe/Paris";
};
environmentFiles = [
/run/secrets/filerun
];
volumes = [ "/home/delegator/filerun/db:/var/lib/mysql" ];
extraOptions = [ "--network=filerun-br" ];
};
systemd.services.init-filerun-network-and-files = {
description = "Create the network bridge filerun-br for filerun.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =
let dockercli = "${config.virtualisation.docker.package}/bin/docker";
in
''
# Put a true at the end to prevent getting non-zero return code, which will
# crash the whole service.
check=$(${dockercli} network ls | grep "filerun-br" || true)
if [ -z "$check" ]; then
${dockercli} network create filerun-br
else
echo "filerun-br already exists in docker"
fi
'';
};
users.users.filerun = {
isSystemUser = true;
uid = 250;
name = "filerun";
};
users.groups.filerun = {
gid = 350;
name = "filerun";
};
users.users.filerun.group = config.users.groups.filerun.name;
virtualisation.oci-containers.containers."filerun" = {
image = "filerun/filerun";
environment = {
"FR_DB_HOST" = "filerun-mariadb";
"FR_DB_PORT" = "3306";
"FR_DB_NAME" = "filerundb";
"FR_DB_USER" = "filerun";
"APACHE_RUN_USER" = config.users.users.filerun.name;
"APACHE_RUN_USER_ID" = "250";
"APACHE_RUN_GROUP" = config.users.groups.filerun.name;
"APACHE_RUN_GROUP_ID" = "350";
};
environmentFiles = [
/run/secrets/filerun
];
ports = [ "2000:80" ];
volumes = [
"/home/delegator/filerun/web:/var/www/html"
"/home/julien/cloud:/user-files"
];
extraOptions = [ "--network=filerun-br" ];
};
} (mkSubdomain cfg.subdomain port));
}

12
modules/status/checks.csv
View file

@ -1,12 +0,0 @@
port, 0, Lisa, lisa.julienmalka.me 45
http, 200, Homepage, https://julienmalka.me
http, 200, CI, https://ci.julienmalka.me
http, 200, Binary Cache, https://bin.julienmalka.me/nix-cache-info
http, 200, Jellyfin, https://tv.julienmalka.me
port, 0, Newton, newton.julienmalka.me 45
http, 200, Cloud, cloud.julienmalka.me
port, 0, Mail, mail.julienmalka.me 993
http, 200, Docs, https://docs.julienmalka.me
http, 200, Lambda, https://nixos.org
http, 200, Navidrome, https://music.julienmalka.me
http, 200, Bruit https://bruit.julienmalka.me
Can't render this file because it has a wrong number of fields in line 12.

52
modules/status/default.nix
View file

@ -1,52 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.status;
in
{
options.luj.status = {
enable = mkEnableOption "activate status page";
nginx.enable = mkEnableOption "activate nginx";
nginx.subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (
mkMerge [{
systemd = {
timers.tinystatus = {
wantedBy = [ "timers.target" ];
partOf = [ "tinystatus.service" ];
timerConfig.OnCalendar = "*-*-* *:05,10,15,20,25,30,35,40,45,50,55:00";
timerConfig.Unit = "tinystatus.service";
};
services.tinystatus = {
serviceConfig.Type = "oneshot";
path = [ pkgs.gawk pkgs.gnused pkgs.curl pkgs.netcat pkgs.unixtools.ping ];
script = ''
mkdir -p /var/www/status
${pkgs.tinystatus}/bin/tinystatus ${./checks.csv} > /var/www/status/index.html
${pkgs.gnused}/bin/sed -i 's/tinystatus/Services status/g' /var/www/status/index.html
${pkgs.gnused}/bin/sed -i 's/80%/60%/g' /var/www/status/index.html
'';
};
};
}
(mkIf cfg.nginx.enable {
luj.nginx.enable = true;
services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = {
enableACME = true;
forceSSL = true;
root = "/var/www/status/";
};
})]);
}