diff --git a/config/services/kanidm.nix b/config/services/kanidm.nix index 229b860..0ba0fa4 100644 --- a/config/services/kanidm.nix +++ b/config/services/kanidm.nix @@ -124,8 +124,9 @@ in { groups."rss.access" = {}; groups."firefly.access" = {}; groups."ollama.access" = {}; - groups."adguardhome.access" = { - }; + groups."adguardhome.access" = {}; + groups."octoprint.access" = {}; + systems.oauth2.oauth2-proxy = { displayName = "Oauth2-Proxy"; originUrl = "https://oauth2.${config.secrets.secrets.global.domains.web}/"; @@ -134,6 +135,7 @@ in { scopeMaps."rss.access" = ["openid" "email" "profile"]; scopeMaps."firefly.access" = ["openid" "email" "profile"]; scopeMaps."ollama.access" = ["openid" "email" "profile"]; + scopeMaps."octoprint.access" = ["openid" "email" "profile"]; preferShortUsername = true; claimMaps.groups = { joinType = "array"; @@ -141,6 +143,7 @@ in { valuesByGroup."rss.access" = ["ttrss_access"]; valuesByGroup."firefly.access" = ["firefly_access"]; valuesByGroup."ollama.access" = ["ollama_access"]; + valuesByGroup."octoprint.access" = ["octoprint_access"]; }; }; diff --git a/config/services/octoprint.nix b/config/services/octoprint.nix new file mode 100644 index 0000000..b075681 --- /dev/null +++ b/config/services/octoprint.nix @@ -0,0 +1,17 @@ +{config, ...}: { + wireguard.elisabeth = { + client.via = "elisabeth"; + firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.octoprint.port]; + }; + networking.firewall.allowedTCPPorts = [3000]; + services.octoprint = { + port = 3000; + enable = true; + extraConfig = { + accessControl = { + addRemoteUser = true; + trustRemoteUser = true; + }; + }; + }; +} diff --git a/config/services/ollama.nix b/config/services/ollama.nix index 86e886a..cc7f7c7 100644 --- a/config/services/ollama.nix +++ b/config/services/ollama.nix @@ -3,7 +3,6 @@ client.via = "elisabeth"; firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.open-webui.port]; }; - networking.firewall.allowedTCPPorts = [config.services.open-webui.port]; services.ollama = { host = "localhost"; port = 3001; diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index a279ce1..1f2204f 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -25,10 +25,14 @@ actual = "actual"; firefly = "money"; homebox = "homebox"; + octoprint = "print"; }; in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}"; # TODO hard coded elisabeth nicht so schön - ipOf = hostName: nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4; + ipOf = hostName: + if nodes ? hostName + then nodes.${hostName}.config.wireguard.elisabeth.ipv4 + else nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4; in { services.nginx = let blockOf = hostName: { @@ -164,6 +168,7 @@ in { (blockOf "yourspotify" {port = 80;}) #(blockOf "homebox" {}) (proxyProtect "ollama" {} true) + (proxyProtect "octoprint" {} true) (proxyProtect "firefly" {port = 80;} true) (blockOf "apispotify" { port = 3000; diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age index e65f8d2..bba5498 100644 Binary files a/hosts/elisabeth/secrets/kanidm/secrets.nix.age and b/hosts/elisabeth/secrets/kanidm/secrets.nix.age differ diff --git a/hosts/octoprint/default.nix b/hosts/octoprint/default.nix new file mode 100644 index 0000000..1241577 --- /dev/null +++ b/hosts/octoprint/default.nix @@ -0,0 +1,18 @@ +{ + inputs, + lib, + ... +}: { + imports = [ + ../../config/basic + ../../config/services/octoprint.nix + + inputs.nixos-hardware.nixosModules.raspberry-pi-3 + ./fs.nix + ./net.nix + ]; + nixpkgs.hostPlatform = "aarch64-linux"; + boot.loader.generic-extlinux-compatible.enable = true; + boot.loader.systemd-boot.enable = lib.mkForce false; + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/octoprint/fs.nix b/hosts/octoprint/fs.nix new file mode 100644 index 0000000..ad6f92c --- /dev/null +++ b/hosts/octoprint/fs.nix @@ -0,0 +1,9 @@ +{lib, ...}: { + fileSystems = lib.mkForce { + "/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + }; + environment.persistence = lib.mkForce {}; +} diff --git a/hosts/octoprint/net.nix b/hosts/octoprint/net.nix new file mode 100644 index 0000000..cae42c1 --- /dev/null +++ b/hosts/octoprint/net.nix @@ -0,0 +1,30 @@ +{config, ...}: { + networking = { + inherit (config.secrets.secrets.local.networking) hostId; + wireless.iwd = { + enable = true; + }; + }; + systemd.network.networks = { + "01-lan1" = { + DHCP = "yes"; + matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac; + networkConfig = { + IPv6PrivacyExtensions = "yes"; + MulticastDNS = true; + }; + dhcpV4Config.RouteMetric = 10; + dhcpV6Config.RouteMetric = 10; + }; + "01-wlan1" = { + DHCP = "yes"; + matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan01.mac; + networkConfig = { + IPv6PrivacyExtensions = "yes"; + MulticastDNS = true; + }; + dhcpV4Config.RouteMetric = 40; + dhcpV6Config.RouteMetric = 40; + }; + }; +} diff --git a/hosts/octoprint/secrets/host.pub b/hosts/octoprint/secrets/host.pub new file mode 100644 index 0000000..3128d72 --- /dev/null +++ b/hosts/octoprint/secrets/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG diff --git a/hosts/octoprint/secrets/secrets.nix.age b/hosts/octoprint/secrets/secrets.nix.age new file mode 100644 index 0000000..4f72fb2 Binary files /dev/null and b/hosts/octoprint/secrets/secrets.nix.age differ diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index 297a09f..f821b48 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -3,10 +3,6 @@ rekeyFile = ./secrets/iwd/eduroam.8021x.age; path = "/var/lib/iwd/eduroam.8021x"; }; - age.secrets.simonWlan = { - rekeyFile = ./. + "/secrets/iwd/=467269747a21426f78373539302048616e7373656e.psk.age"; - path = "/var/lib/=467269747a21426f78373539302048616e7373656e.psk"; - }; age.secrets = { devoloog-psk.rekeyFile = ./secrets/iwd/devoloog-psk.age; devoloog-pass.rekeyFile = ./secrets/iwd/devoloog-pass.age; diff --git a/secrets/wireguard/elisabeth/keys/octoprint.age b/secrets/wireguard/elisabeth/keys/octoprint.age new file mode 100644 index 0000000..1cd9d64 Binary files /dev/null and b/secrets/wireguard/elisabeth/keys/octoprint.age differ diff --git a/secrets/wireguard/elisabeth/keys/octoprint.pub b/secrets/wireguard/elisabeth/keys/octoprint.pub new file mode 100644 index 0000000..0da9cb1 --- /dev/null +++ b/secrets/wireguard/elisabeth/keys/octoprint.pub @@ -0,0 +1 @@ +eIq8a4zS+xAcuilz8dw2znMm8xzMmYm3jg7wvAX5UV8= diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age b/secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age new file mode 100644 index 0000000..829947a --- /dev/null +++ b/secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 LHMw7uAZNnxG7jj5XxSQX1rXpE6K8umKuO4teduKwBA +7K/2tt6RgkbkquSy8oxLIeMkhCSRFGojUdrJcE7Jgn0 +-> piv-p256 ZFgiIw A6mFDXKTy3k1hjJCAcoCSYAVu8qFSnsnhdsoRs2y6EGG +WyIUhPA99Wn9dMWTx5dIHPqeJgcM9FjMQdG0GVmOAmk +-> piv-p256 XTQkUA AwCrp3H70gkHpOZOgviAgwZyESnKJRbebXRgIMlbHKQ+ +zdhbhHRedkfRWFmeKeL8E+7peUFEwvw31W88qZg0Cl0 +-> piv-p256 ZFgiIw AuHsVWNjUqNCqRVmVSs209G9xdjt+xuOlaKrdvgXP1yp +X3jZJRJju/MoU33m7Xkzph8skN6KGnv2Dm7Oij3fmJw +-> piv-p256 5vmPtQ AkgsFDihJBZlsJsupaxJK/gThLaKY+50w6QfKQlF4a8n +I8eqZzDxr5Vvsjc6Kd3lBA09NriQMro2OQizix49m+U +-> n EQ`+g%xS }uX +I7fOzBFLdnAquybVNl1PL24+eOamYBZVi98wIqh8s0PnYmDLv0E/cqWfhQXM +--- RDGXtDT+IfBc58+hX5Ohy83AF2FRIDEs/wUGWaRCyc4 +0³Q‰¨0ãë õÖþ+.^»‡P=´Þö¿¯¹#jjãÖP¢—<íÜ8…B3ˆ ld‰Æ›ºäÛá–Gü»hpïVEìˆAXúËœÎirÛ \ No newline at end of file diff --git a/users/common/graphical/wayland/hyprland.nix b/users/common/graphical/wayland/hyprland.nix index ad7ac14..e30d2c3 100644 --- a/users/common/graphical/wayland/hyprland.nix +++ b/users/common/graphical/wayland/hyprland.nix @@ -136,8 +136,10 @@ in { ",Menu,exec,fuzzel" "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}" - "CTRL,F7,pass,discord" - "CTRL,F8,pass,discord" + "CTRL,F7,pass,class:^(discord)$" + "CTRL,F8,pass,class:^(discord)$" + "CTRL,F7,pass,class:^(TeamSpeak 3)$" + "CTRL,F8,pass,class:^(TeamSpeak 3)$" "CTRL,F9,exec,systemctl --user start swww-update-wallpaper" "SUPER + SHIFT,q,exit" @@ -151,24 +153,16 @@ in { cursor.no_warps = true; debug.disable_logs = false; - env = - optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [ - # See https://wiki.hyprland.org/Nvidia/ - "LIBVA_DRIVER_NAME,nvidia" - "XDG_SESSION_TYPE,wayland" - "GBM_BACKEND,nvidia-drm" - "__GLX_VENDOR_LIBRARY_NAME,nvidia" - ] - ++ [ - "NIXOS_OZONE_WL,1" - "MOZ_ENABLE_WAYLAND,1" - "_JAVA_AWT_WM_NONREPARENTING,1" - "QT_WAYLAND_DISABLE_WINDOWDECORATION,1" - "QT_QPA_PLATFORM,wayland" - "SDL_VIDEODRIVER,wayland" - "GDK_BACKEND,wayland" - "WLR_DRM_NO_ATOMIC,1" #retest on newest nvidia driver - ]; + env = [ + "NIXOS_OZONE_WL,1" + "MOZ_ENABLE_WAYLAND,1" + "_JAVA_AWT_WM_NONREPARENTING,1" + "QT_WAYLAND_DISABLE_WINDOWDECORATION,1" + "QT_QPA_PLATFORM,wayland" + "SDL_VIDEODRIVER,wayland" + "GDK_BACKEND,wayland" + "WLR_DRM_NO_ATOMIC,1" #retest on newest nvidia driver + ]; bindm = [ # mouse movements "SUPER, mouse:272, movewindow" @@ -214,7 +208,13 @@ in { # doesn't exist and crashes yoru session sometimes when moving a window to it. "Unknown-1, disable" ]; - + env = optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [ + # See https://wiki.hyprland.org/Nvidia/ + "LIBVA_DRIVER_NAME,nvidia" + "XDG_SESSION_TYPE,wayland" + "GBM_BACKEND,nvidia-drm" + "__GLX_VENDOR_LIBRARY_NAME,nvidia" + ]; windowrulev2 = [ "workspace 2,class:^(firefox)$" "workspace 3,class:^(thunderbird)$" @@ -223,7 +223,8 @@ in { "workspace 4,class:^(prismlauncher)$" "workspace 6,class:^(discord)$" "workspace 6,class:^(WebCord)$" - "workspace 7,class:^(Signal)$" + "workspace 6,class:^(TeamSpeak 3)$" + "workspace 7,class:^(signal)$" "workspace 7,class:^(TelegramDesktop)$" ]; @@ -241,6 +242,10 @@ in { }) (mkIf (nixosConfig.node.name == "patricknix") { monitor = [ + "eDP-1,preferred,0x0,2" + # Thank you NVIDIA for this generous, free-of-charge, extra monitor that + # doesn't exist and crashes yoru session sometimes when moving a window to it. + "Unknown-1, disable" ]; workspace = [ ]; diff --git a/users/common/graphical/wayland/waybar/default.nix b/users/common/graphical/wayland/waybar/default.nix index 7f1e6f0..f6d97f7 100644 --- a/users/common/graphical/wayland/waybar/default.nix +++ b/users/common/graphical/wayland/waybar/default.nix @@ -1,29 +1,66 @@ { pkgs, lib, + nixosConfig, ... }: { programs.waybar = { enable = true; systemd.enable = false; - style = ./waybar.css; + style = + ({ + desktopnix = '' + * { + /* `otf-font-awesome` is required to be installed for icons */ + font-family: "Symbols Nerd Font Mono", "JetBrains Mono"; + font-size: 13px; + transition-duration: .1s; + } + ''; + patricknix = '' + * { + /* `otf-font-awesome` is required to be installed for icons */ + font-family: "Symbols Nerd Font Mono", "JetBrains Mono"; + font-size: 10px; + transition-duration: .1s; + } + ''; + } + .${nixosConfig.node.name} + or "") + + builtins.readFile ./waybar.css; settings.main = { layer = "top"; position = "bottom"; modules-left = ["privacy" "hyprland/submap" "hyprland/window"]; modules-center = ["hyprland/workspaces"]; - modules-right = [ - "cpu" - "memory" - "wireplumber" - "network" - #"bluetooth" - "backlight" - "battery" - "clock" - "custom/notification" - "tray" - ]; + modules-right = + { + desktopnix = [ + "cpu" + "memory" + "wireplumber" + "network" + "battery" + "clock" + "custom/notification" + "tray" + ]; + patricknix = [ + "cpu" + "memory" + "wireplumber" + "network" + "bluetooth" + "backlight" + "battery" + "clock" + "custom/notification" + "tray" + ]; + } + .${nixosConfig.node.name} + or []; battery = { format = "{icon} {capacity}%"; diff --git a/users/common/graphical/wayland/waybar/waybar.css b/users/common/graphical/wayland/waybar/waybar.css index ccb7c33..e3c3fa0 100644 --- a/users/common/graphical/wayland/waybar/waybar.css +++ b/users/common/graphical/wayland/waybar/waybar.css @@ -1,9 +1,3 @@ -* { - /* `otf-font-awesome` is required to be installed for icons */ - font-family: "Symbols Nerd Font Mono", "JetBrains Mono"; - font-size: 13px; - transition-duration: .1s; -} window#waybar { background-color: #000000; diff --git a/users/patrick/impermanence.nix b/users/patrick/impermanence.nix index 6ad579c..76652e3 100644 --- a/users/patrick/impermanence.nix +++ b/users/patrick/impermanence.nix @@ -16,6 +16,8 @@ ".config/xournalpp" ".cache/xournalpp" + ".config/OrcaSlicer" + # For nextcloud client install "Nextcloud" ".config/Nextcloud" diff --git a/users/patrick/patrick.nix b/users/patrick/patrick.nix index 1e2e27a..4892012 100644 --- a/users/patrick/patrick.nix +++ b/users/patrick/patrick.nix @@ -21,6 +21,7 @@ teamspeak_client zotero timer + orca-slicer ocaml dune_3