added radicale

flake.nix

@@ -30,13 +30,10 @@
 
   outputs = { self, nixpkgs, nixpkgs-unstable, ... }@attrs: 
   let
-    supportedSystems = [ "x86_64-linux" ];
+      system = "x86_64-linux";
-    forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+      lib = nixpkgs.lib;
-    forAllSystemsUnstable = nixpkgs-unstable.lib.genAttrs supportedSystems;
+      pkgs = nixpkgs.legacyPackages.${system};
-
+      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
-    pkgs = forAllSystems (system: import nixpkgs { inherit system; });
-    pkgs-unstable = forAllSystemsUnstable (system: import nixpkgs-unstable { inherit system; });
-
   in
   {
     nixosConfigurations = {
@@ -44,11 +41,12 @@
       Lenni = let
         system = "x86_64-linux";
       in
-      nixpkgs.lib.nixosSystem {
+      lib.nixosSystem {
 
         specialArgs = {
           hostname = "Lenni";
           type = "desktop";
+          inherit pkgs-unstable;
           inherit system;
         };
 
@@ -69,11 +67,12 @@
       Puenktchen = let
         system = "x86_64-linux";
       in
-      nixpkgs.lib.nixosSystem {
+      lib.nixosSystem {
 
         specialArgs = {
           hostname = "Puenktchen";
           type = "desktop";
+          inherit pkgs-unstable;
           inherit system;
         };
 
@@ -97,11 +96,12 @@
       Anton = let
         system = "x86_64-linux";
       in
-      nixpkgs.lib.nixosSystem {
+      lib.nixosSystem {
 
         specialArgs = {
           hostname = "Anton";
           type = "server";
+          inherit pkgs-unstable;
           inherit system;
         };
 

hosts/Anton/caddy.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+
+  services.caddy = {
+    enable = true;
+    configFile = pkgs.writeText "Caddyfile" ''
+https://git.huwe.mooo.com {
+    reverse_proxy localhost:3000
+}
+
+https://files.huwe.mooo.com {
+    reverse_proxy localhost:444    
+}
+
+https://cal.huwe.mooo.com {
+    reverse_proxy localhost:5232
+}
+'';
+  };
+}

hosts/Anton/data.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+
+#  environment.systemPackages = with pkgs; [
+#    mergerfs
+#  ];
+
+  fileSystems."/mnt/data" = {
+    device = "/dev/disk/by-id/wwn-0x500a0751e6b6c60f-part1";
+    fsType = "btrfs";
+    options = [" noatime=true compress=zstd:12 "];
+  };
+
+}

hosts/Anton/default.nix

@@ -3,8 +3,13 @@
 
   imports = [
 
+    ./caddy.nix
     ./disko.nix
+    ./data.nix
+    ./firewall.nix
+    ./gitea.nix
     ./hardware-configuration.nix
+    ./radicale.nix
 
   ];
 

hosts/Anton/disko.nix

@@ -3,7 +3,7 @@
     disk = {
       root-drive = {
         type = "disk";
-        device = "/dev/disk/by-id/wwn-0x5001b44ebc0b613a";
+        device = "/dev/disk/by-id/nvme-Patriot_M.2_P300_128GB_P300HHBB240118004095";
         content = {
           type = "gpt";
           partitions = {

hosts/Anton/firewall.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 3000 ];
+    allowedUDPPorts = [ 22 80 443 ];
+  };
+}

hosts/Anton/gitea.nix

@@ -0,0 +1,19 @@
+{ pkgs, pkgs-unstable, ... }:
+{
+  
+  services.gitea = {
+    enable = true;
+    package = pkgs-unstable.gitea;
+    stateDir = "/mnt/data/services/gitea";
+
+    appName = "My low quality unfinished Projects";
+
+    settings = {
+      server = {
+        DOMAIN = "git.huwe.mooo.com";
+        HTTP_PORT = 3000;
+      };
+    };
+  };
+
+}

hosts/Anton/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/Anton/radicale.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [ "0.0.0.0:5232" "[::]:5232" ];
+      };
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "/etc/radicale/users";
+        htpasswd_encryption = "bcrypt";
+      };
+      storage = {
+        filesystem_folder = "/mnt/data/services/radicale/collections";
+      };
+    };
+  };
+
+}

hosts/common/default.nix

@@ -5,5 +5,10 @@
     ./garbage-collect.nix
     ./optimise.nix
   ];
+
+  networking.networkmanager.enable = true;
+  console.keyMap = "de";
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
   system.stateVersion = "23.11";
 }

hosts/desktop/default.nix

@@ -10,8 +10,4 @@
   hardware.bluetooth.enable = true;
   services.hardware.bolt.enable = true;
 
-  networking.networkmanager.enable = true;
-  console.keyMap = "de";
-  nixpkgs.config.allowUnfree = true;
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 }

hosts/server/Anton/data.nix

@@ -1,19 +0,0 @@
-{ pkgs, ... }:
-{
-
-  environment.systemPackages = with pkgs; [
-    mergerfs
-  ];
-
-  fileSystems."/storage" = {
-    fsType = "fuse.mergerfs";
-    device = "/mnt/disks/*";
-    options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"];
-  };
-
-  services.snapraid = {
-    enable = true;
-
-  };
-
-}

hosts/server/boot.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
+  };
+}

hosts/server/default.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+
+  imports = [
+    ./boot.nix
+    ./ssh-server.nix
+  ];
+}

hosts/server/ssh-server.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+
+  users.users.willifan.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me"
+  ];
+
+}

users/willifan/default.nix

@@ -2,7 +2,7 @@
 {
   imports = [
     ./common
-    ./${type}
+#    ./${type}
-    ./${hostname}
+#    ./${hostname}
   ];
 }

users/willifan/desktop/web/thunderbird.nix

@@ -17,22 +17,6 @@
             "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.type" = "caldav";
             "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.uri" = "https://cal.huwe.mooo.com/willifan/4381be3e-3453-cf20-ec8a-f9e1dc17dfc4/";
             "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.username" = "willifan";
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.cache.enabled" = true;
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.calendar-main-in-composite" = true;
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.color" = "#a8c2e1";
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.name" = "Abgelehnt";
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.readOnly" = false;
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.type" = "caldav";
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.uri" = "https://cal.huwe.mooo.com/willifan/3ef93cc0-40f5-2b0e-a27c-e41d19bf22ab/";
-            "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.username" = "willifan";
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.cache.enabled" = true;
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.calendar-main-in-composite" = true;
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.color" = "#8855a8";
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.name" = "Roberta";
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.readOnly" = false;
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.type" = "caldav";
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.uri" = "https://cal.huwe.mooo.com/willifan/39af6f18-99b4-547a-906c-836f26a5cfa6/";
-            "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.username" = "willifan";
             "calendar.timezone.local" = "Europe/Berlin";
             "calendar.timezone.useSystemTimezone" = true;