+AZPILOGISTIK01

flake.nix

@@ -125,7 +125,16 @@
         ];
       };
     };
-
+    homeConfigurations = {
+      "logistik@AZPILOGISTIK01" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages."aarch64-linux";
+        extraSpecialArgs = {
+          inherit inputs outputs;
+          hostname = "AZPILOGISTIK01";
+        };
+        modules = [./home/logistik/AZPILOGISTIK01.nix];
+      };
+    };
     deploy.nodes = {
       AZ-CLD-1 = {
         hostname = "AZ-CLD-1";

home/common/default.nix

@@ -6,6 +6,9 @@
   inputs,
   ...
 }: {
+  imports = [
+    inputs.m3ta-nixpkgs.homeManagerModules.default
+  ];
   nixpkgs = {
     # You can add overlays here
     overlays = [
@@ -16,6 +19,7 @@
 
       inputs.nur.overlays.default
       inputs.m3ta-nixpkgs.overlays.default
+      inputs.m3ta-nixpkgs.overlays.modifications
       # Add stable as an overlay for home-manager
       (final: _prev: {
         stable = import inputs.nixpkgs {

home/logistik/AZPILOGISTIK01.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+  imports = [
+    ../common
+    ./home.nix
+  ];
+  wayland.windowManager.hyprland.settings = {
+    env = [
+      "WEBAPP_URL,http://192.168.152.98:4711/login/bde-logistik"
+      "HYPRCURSOR_THEME,rose-pine-hyprcursor"
+      "HYPRCURSOR_SIZE,32"
+      "WLR_NO_HARDWARE_CURSORS,1"
+    ];
+  };
+}

home/logistik/home.nix

@@ -0,0 +1,259 @@
+# This is a default home.nix generated by the follwing hone-manager command
+#
+# home-manager init ./
+{
+  config,
+  lib,
+  pkgs,
+  hostname ? "AZPILOGISTIK01",
+  ...
+}: {
+  # Home Manager needs a bit of information about you and the paths it should
+  # manage.
+  home.username = "pi";
+  home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
+
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "25.05"; # Please read the comment before changing.
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  home.packages = with pkgs; [
+    rose-pine-hyprcursor
+    nitch
+    # # Adds the 'hello' command to your environment. It prints a friendly
+    # # "Hello, world!" when run.
+    # pkgs.hello
+
+    # # It is sometimes useful to fine-tune packages, for example, by applying
+    # # overrides. You can do that directly here, just don't forget the
+    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
+    # # fonts?
+    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    # (pkgs.writeShellScriptBin "my-hello" ''
+    #   echo "Hello, ${config.home.username}!"
+    # '')
+  ];
+  home.pointerCursor = {
+    gtk.enable = true;
+    package = pkgs.bibata-cursors;
+    name = "Bibata-Modern-Ice";
+    size = 32;
+  };
+
+  programs.git = {
+    enable = true;
+    aliases = {
+      st = "status";
+      logd = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
+    };
+  };
+
+  programs.kitty.enable = true;
+
+  programs.chromium = {
+    enable = true;
+    commandLineArgs = [
+      "--password-store=basic"
+      "--start-fullscreen"
+      "--ozone-platform=x11"
+    ];
+  };
+
+  wayland.windowManager.hyprland = {
+    enable = true;
+    settings = {
+      xwayland = {
+        force_zero_scaling = true;
+      };
+
+      exec-once = [
+        "chromium $WEBAPP_URL"
+      ];
+      monitor = [
+      ];
+      workspace = [
+        "1, monitor:eDP-1, default:true"
+        "2, monitor:eDP-1"
+      ];
+
+      input = {
+        touchdevice = {
+          enabled = true;
+        };
+        kb_layout = "de,us";
+        kb_variant = "";
+        kb_model = "";
+        kb_rules = "";
+        kb_options = "ctrl:nocaps";
+        follow_mouse = 1;
+      };
+
+      general = {
+        gaps_in = 5;
+        gaps_out = 5;
+        border_size = 1;
+        "col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
+        "col.inactive_border" = "rgba(44475aaa)";
+        "col.nogroup_border" = "rgba(282a36dd)";
+        "col.nogroup_border_active" = "rgb(bd93f9) rgb(44475a) 90deg";
+        no_border_on_floating = false;
+        layout = "dwindle";
+      };
+
+      decoration = {
+        shadow = {
+          enabled = false;
+        };
+        rounding = 8;
+        blur = {
+          enabled = false;
+        };
+      };
+
+      animations = {
+        enabled = false;
+      };
+
+      dwindle = {
+        pseudotile = true;
+        preserve_split = true;
+      };
+
+      master = {
+        new_status = "master";
+      };
+
+      device = [
+        {
+          name = "epic-mouse-v1";
+          sensitivity = -0.5;
+        }
+      ];
+      windowrule = [
+        "float, class:file_progress"
+        "float, class:confirm"
+        "float, class:dialog"
+        "float, class:download"
+        "float, class:notification"
+        "float, class:error"
+        "float, class:splash"
+        "float, class:confirmreset"
+        "float, title:Open File"
+        "float, title:branchdialog"
+        "float, class:pavucontrol-qt"
+        "float, class:pavucontrol"
+        "fullscreen, class:wlogout"
+        "float, title:wlogout"
+        "fullscreen, title:wlogout"
+        "bordercolor rgb(ffffff),xwayland:1"
+        "workspace 1,class:(chromium-browser)"
+        "fullscreen,class:(chromium-browser)"
+      ];
+
+      "$mainMod" = "SUPER";
+      "$terminal" = "kitty";
+
+      bind = [
+        "$mainMod, t, exec, $terminal -e bash -c 'nitch; exec bash'"
+        "$mainMod, B, exec, chromium"
+        "$mainMod, q, killactive"
+        "$mainMod, M, exec, $terminal -e btop"
+        "$mainMod, N, exec, $terminal -e nvim"
+        "$mainMod, F, fullscreen"
+        "$mainMod, 1, workspace, 1"
+        "$mainMod, 2, workspace, 2"
+        "$mainMod, 3, workspace, 3"
+        "$mainMod, 4, workspace, 4"
+        "$mainMod, 5, workspace, 50"
+        "$mainMod SHIFT, 1, movetoworkspace, 1"
+        "$mainMod SHIFT, 2, movetoworkspace, 2"
+        "$mainMod SHIFT, 3, movetoworkspace, 3"
+        "$mainMod SHIFT, 4, movetoworkspace, 4"
+        "$mainMod, mouse_down, workspace, e+1"
+        "$mainMod, mouse_up, workspace, e-1"
+      ];
+
+      bindm = [
+        "$mainMod, mouse:272, movewindow"
+        "$mainMod, mouse:273, resizewindow"
+      ];
+    };
+  };
+
+  coding.editors.neovim.enable = true;
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. If you don't want to manage your shell through Home
+  # Manager then you have to manually source 'hm-session-vars.sh' located at
+  # either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
+  #
+  home.sessionVariables = {
+    # EDITOR = "emacs";
+  };
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+
+  # Systemd Timer für nächtliches home-manager update
+  systemd.user.services.home-manager-update = {
+    Unit = {
+      Description = "Update home-manager configuration from git";
+    };
+    Service = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.writeShellScript "home-manager-update" ''
+        set -e
+        cd /home/${config.home.username}/AZ-NIX
+        ${pkgs.git}/bin/git pull
+        ${config.programs.home-manager.package}/bin/home-manager switch --flake .#logistik@${hostname}
+      ''}";
+    };
+  };
+
+  systemd.user.timers.home-manager-update = {
+    Unit = {
+      Description = "Timer for nightly home-manager update";
+    };
+    Timer = {
+      OnCalendar = "03:00:00";
+      Persistent = true;
+    };
+    Install = {
+      WantedBy = ["timers.target"];
+    };
+  };
+}

hosts/AZ-PRM-1/configuration.nix

@@ -98,7 +98,7 @@
   };
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 587 ];
+  networking.firewall.allowedTCPPorts = [587];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;

hosts/AZ-PRM-1/services/containers/kestra.nix

@@ -1,9 +1,9 @@
-{ config, ... }: {
+{config, ...}: {
   virtualisation.oci-containers.containers."kestra" = {
     image = "docker.io/kestra/kestra:latest";
-    environmentFiles = [ config.age.secrets.kestra-env.path ];
+    environmentFiles = [config.age.secrets.kestra-env.path];
-    cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
+    cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
-    ports = [ "127.0.0.1:3031:8080" ];
+    ports = ["127.0.0.1:3031:8080"];
     user = "root";
     volumes = [
       "/var/run/docker.sock:/var/run/docker.sock"
@@ -11,8 +11,7 @@
       "kestra_data:/app/storage"
       "/tmp/kestra-wd:/tmp/kestra-wd"
     ];
-    extraOptions =
+    extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web"];
-      [ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web" ];
   };
 
   systemd.tmpfiles.rules = [
@@ -21,12 +20,11 @@
 
   # Traefik configuration specific to littlelink
   services.traefik.dynamicConfigOptions.http = {
-    services.kestra.loadBalancer.servers =
+    services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}];
-      [{ url = "http://localhost:3031/"; }];
 
     routers.kestra = {
       rule = "Host(`k.i.az-intec.com`)";
-      tls = { certResolver = "ionos"; };
+      tls = {certResolver = "ionos";};
       service = "kestra";
       entrypoints = "websecure";
     };

hosts/AZ-PRM-1/services/postgres.nix

@@ -1,12 +1,16 @@
-{config, pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   services.postgresql = {
     enable = true;
     enableTCPIP = true;
     package = pkgs.postgresql_17;
     settings = {
-        ssl = true;
+      ssl = true;
-        ssl_cert_file = config.age.secrets.pg-cert.path;
+      ssl_cert_file = config.age.secrets.pg-cert.path;
-        ssl_key_file  = config.age.secrets.pg-key.path;
+      ssl_key_file = config.age.secrets.pg-key.path;
     };
     extensions = with pkgs.postgresql17Packages; [
       pgvector

hosts/AZ-PRM-1/services/vaultwarden.nix

@@ -27,4 +27,3 @@
     };
   };
 }
-