From bb66bcc2c5102a6353dc462de8bbc327ae040525 Mon Sep 17 00:00:00 2001 From: "sascha.koenig" Date: Tue, 11 Nov 2025 10:53:19 +0100 Subject: [PATCH] +AZPILOGISTIK01 --- flake.nix | 11 +- home/common/default.nix | 4 + home/logistik/AZPILOGISTIK01.nix | 19 ++ home/logistik/home.nix | 259 ++++++++++++++++++ hosts/AZ-PRM-1/configuration.nix | 2 +- hosts/AZ-PRM-1/services/containers/kestra.nix | 16 +- hosts/AZ-PRM-1/services/postgres.nix | 14 +- hosts/AZ-PRM-1/services/vaultwarden.nix | 1 - 8 files changed, 309 insertions(+), 17 deletions(-) create mode 100644 home/logistik/AZPILOGISTIK01.nix create mode 100644 home/logistik/home.nix diff --git a/flake.nix b/flake.nix index 4aa13bb..289c40b 100644 --- a/flake.nix +++ b/flake.nix @@ -125,7 +125,16 @@ ]; }; }; - + homeConfigurations = { + "logistik@AZPILOGISTIK01" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages."aarch64-linux"; + extraSpecialArgs = { + inherit inputs outputs; + hostname = "AZPILOGISTIK01"; + }; + modules = [./home/logistik/AZPILOGISTIK01.nix]; + }; + }; deploy.nodes = { AZ-CLD-1 = { hostname = "AZ-CLD-1"; diff --git a/home/common/default.nix b/home/common/default.nix index 00c8126..371dd0f 100644 --- a/home/common/default.nix +++ b/home/common/default.nix @@ -6,6 +6,9 @@ inputs, ... }: { + imports = [ + inputs.m3ta-nixpkgs.homeManagerModules.default + ]; nixpkgs = { # You can add overlays here overlays = [ @@ -16,6 +19,7 @@ inputs.nur.overlays.default inputs.m3ta-nixpkgs.overlays.default + inputs.m3ta-nixpkgs.overlays.modifications # Add stable as an overlay for home-manager (final: _prev: { stable = import inputs.nixpkgs { diff --git a/home/logistik/AZPILOGISTIK01.nix b/home/logistik/AZPILOGISTIK01.nix new file mode 100644 index 0000000..39336d5 --- /dev/null +++ b/home/logistik/AZPILOGISTIK01.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + inputs, + ... +}: { + imports = [ + ../common + ./home.nix + ]; + wayland.windowManager.hyprland.settings = { + env = [ + "WEBAPP_URL,http://192.168.152.98:4711/login/bde-logistik" + "HYPRCURSOR_THEME,rose-pine-hyprcursor" + "HYPRCURSOR_SIZE,32" + "WLR_NO_HARDWARE_CURSORS,1" + ]; + }; +} diff --git a/home/logistik/home.nix b/home/logistik/home.nix new file mode 100644 index 0000000..b56573c --- /dev/null +++ b/home/logistik/home.nix @@ -0,0 +1,259 @@ +# This is a default home.nix generated by the follwing hone-manager command +# +# home-manager init ./ +{ + config, + lib, + pkgs, + hostname ? "AZPILOGISTIK01", + ... +}: { + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "pi"; + home.homeDirectory = lib.mkDefault "/home/${config.home.username}"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "25.05"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = with pkgs; [ + rose-pine-hyprcursor + nitch + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + home.pointerCursor = { + gtk.enable = true; + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Ice"; + size = 32; + }; + + programs.git = { + enable = true; + aliases = { + st = "status"; + logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; + }; + }; + + programs.kitty.enable = true; + + programs.chromium = { + enable = true; + commandLineArgs = [ + "--password-store=basic" + "--start-fullscreen" + "--ozone-platform=x11" + ]; + }; + + wayland.windowManager.hyprland = { + enable = true; + settings = { + xwayland = { + force_zero_scaling = true; + }; + + exec-once = [ + "chromium $WEBAPP_URL" + ]; + monitor = [ + ]; + workspace = [ + "1, monitor:eDP-1, default:true" + "2, monitor:eDP-1" + ]; + + input = { + touchdevice = { + enabled = true; + }; + kb_layout = "de,us"; + kb_variant = ""; + kb_model = ""; + kb_rules = ""; + kb_options = "ctrl:nocaps"; + follow_mouse = 1; + }; + + general = { + gaps_in = 5; + gaps_out = 5; + border_size = 1; + "col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg"; + "col.inactive_border" = "rgba(44475aaa)"; + "col.nogroup_border" = "rgba(282a36dd)"; + "col.nogroup_border_active" = "rgb(bd93f9) rgb(44475a) 90deg"; + no_border_on_floating = false; + layout = "dwindle"; + }; + + decoration = { + shadow = { + enabled = false; + }; + rounding = 8; + blur = { + enabled = false; + }; + }; + + animations = { + enabled = false; + }; + + dwindle = { + pseudotile = true; + preserve_split = true; + }; + + master = { + new_status = "master"; + }; + + device = [ + { + name = "epic-mouse-v1"; + sensitivity = -0.5; + } + ]; + windowrule = [ + "float, class:file_progress" + "float, class:confirm" + "float, class:dialog" + "float, class:download" + "float, class:notification" + "float, class:error" + "float, class:splash" + "float, class:confirmreset" + "float, title:Open File" + "float, title:branchdialog" + "float, class:pavucontrol-qt" + "float, class:pavucontrol" + "fullscreen, class:wlogout" + "float, title:wlogout" + "fullscreen, title:wlogout" + "bordercolor rgb(ffffff),xwayland:1" + "workspace 1,class:(chromium-browser)" + "fullscreen,class:(chromium-browser)" + ]; + + "$mainMod" = "SUPER"; + "$terminal" = "kitty"; + + bind = [ + "$mainMod, t, exec, $terminal -e bash -c 'nitch; exec bash'" + "$mainMod, B, exec, chromium" + "$mainMod, q, killactive" + "$mainMod, M, exec, $terminal -e btop" + "$mainMod, N, exec, $terminal -e nvim" + "$mainMod, F, fullscreen" + "$mainMod, 1, workspace, 1" + "$mainMod, 2, workspace, 2" + "$mainMod, 3, workspace, 3" + "$mainMod, 4, workspace, 4" + "$mainMod, 5, workspace, 50" + "$mainMod SHIFT, 1, movetoworkspace, 1" + "$mainMod SHIFT, 2, movetoworkspace, 2" + "$mainMod SHIFT, 3, movetoworkspace, 3" + "$mainMod SHIFT, 4, movetoworkspace, 4" + "$mainMod, mouse_down, workspace, e+1" + "$mainMod, mouse_up, workspace, e-1" + ]; + + bindm = [ + "$mainMod, mouse:272, movewindow" + "$mainMod, mouse:273, resizewindow" + ]; + }; + }; + + coding.editors.neovim.enable = true; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + # Systemd Timer für nächtliches home-manager update + systemd.user.services.home-manager-update = { + Unit = { + Description = "Update home-manager configuration from git"; + }; + Service = { + Type = "oneshot"; + ExecStart = "${pkgs.writeShellScript "home-manager-update" '' + set -e + cd /home/${config.home.username}/AZ-NIX + ${pkgs.git}/bin/git pull + ${config.programs.home-manager.package}/bin/home-manager switch --flake .#logistik@${hostname} + ''}"; + }; + }; + + systemd.user.timers.home-manager-update = { + Unit = { + Description = "Timer for nightly home-manager update"; + }; + Timer = { + OnCalendar = "03:00:00"; + Persistent = true; + }; + Install = { + WantedBy = ["timers.target"]; + }; + }; +} diff --git a/hosts/AZ-PRM-1/configuration.nix b/hosts/AZ-PRM-1/configuration.nix index 2f94b7f..786cb2e 100644 --- a/hosts/AZ-PRM-1/configuration.nix +++ b/hosts/AZ-PRM-1/configuration.nix @@ -98,7 +98,7 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 587 ]; + networking.firewall.allowedTCPPorts = [587]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/hosts/AZ-PRM-1/services/containers/kestra.nix b/hosts/AZ-PRM-1/services/containers/kestra.nix index 8eeee01..82490e6 100644 --- a/hosts/AZ-PRM-1/services/containers/kestra.nix +++ b/hosts/AZ-PRM-1/services/containers/kestra.nix @@ -1,9 +1,9 @@ -{ config, ... }: { +{config, ...}: { virtualisation.oci-containers.containers."kestra" = { image = "docker.io/kestra/kestra:latest"; - environmentFiles = [ config.age.secrets.kestra-env.path ]; - cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"]; - ports = [ "127.0.0.1:3031:8080" ]; + environmentFiles = [config.age.secrets.kestra-env.path]; + cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"]; + ports = ["127.0.0.1:3031:8080"]; user = "root"; volumes = [ "/var/run/docker.sock:/var/run/docker.sock" @@ -11,8 +11,7 @@ "kestra_data:/app/storage" "/tmp/kestra-wd:/tmp/kestra-wd" ]; - extraOptions = - [ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web" ]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web"]; }; systemd.tmpfiles.rules = [ @@ -21,12 +20,11 @@ # Traefik configuration specific to littlelink services.traefik.dynamicConfigOptions.http = { - services.kestra.loadBalancer.servers = - [{ url = "http://localhost:3031/"; }]; + services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}]; routers.kestra = { rule = "Host(`k.i.az-intec.com`)"; - tls = { certResolver = "ionos"; }; + tls = {certResolver = "ionos";}; service = "kestra"; entrypoints = "websecure"; }; diff --git a/hosts/AZ-PRM-1/services/postgres.nix b/hosts/AZ-PRM-1/services/postgres.nix index 5668bab..56b6565 100644 --- a/hosts/AZ-PRM-1/services/postgres.nix +++ b/hosts/AZ-PRM-1/services/postgres.nix @@ -1,12 +1,16 @@ -{config, pkgs, ...}: { +{ + config, + pkgs, + ... +}: { services.postgresql = { enable = true; enableTCPIP = true; package = pkgs.postgresql_17; settings = { - ssl = true; - ssl_cert_file = config.age.secrets.pg-cert.path; - ssl_key_file = config.age.secrets.pg-key.path; + ssl = true; + ssl_cert_file = config.age.secrets.pg-cert.path; + ssl_key_file = config.age.secrets.pg-key.path; }; extensions = with pkgs.postgresql17Packages; [ pgvector @@ -37,7 +41,7 @@ # Localhost connections (IPv4 and IPv6) host all postgres 127.0.0.1/32 scram-sha-256 host all postgres ::1/128 scram-sha-256 - + host n8n n8n 127.0.0.1/32 scram-sha-256 host n8n n8n ::1/128 scram-sha-256 diff --git a/hosts/AZ-PRM-1/services/vaultwarden.nix b/hosts/AZ-PRM-1/services/vaultwarden.nix index d1feaaa..36576c0 100644 --- a/hosts/AZ-PRM-1/services/vaultwarden.nix +++ b/hosts/AZ-PRM-1/services/vaultwarden.nix @@ -27,4 +27,3 @@ }; }; } -