diff --git a/flake.lock b/flake.lock index 6f734ef..39c4744 100644 --- a/flake.lock +++ b/flake.lock @@ -261,6 +261,26 @@ "type": "github" } }, + "nixunits": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734191902, + "narHash": "sha256-eVPDf1vcCor/21qOuJQkKuzZWK5+sZTaf+lW90uMuEI=", + "ref": "refs/heads/main", + "rev": "7600a67b82d13d013bc67a3a66b4a65effdb7fb1", + "revCount": 13, + "type": "git", + "url": "https://git.aevoo.com/aevoo/os/nixunits.git" + }, + "original": { + "type": "git", + "url": "https://git.aevoo.com/aevoo/os/nixunits.git" + } + }, "nur": { "locked": { "lastModified": 1732445289, @@ -283,6 +303,7 @@ "home-manager": "home-manager", "impermanence": "impermanence", "nixpkgs": "nixpkgs", + "nixunits": "nixunits", "nur": "nur", "sops-nix": "sops-nix", "stylix": "stylix" diff --git a/flake.nix b/flake.nix index fc41b67..627fcb8 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,16 @@ # Color scheme stylix.url = "github:danth/stylix"; + + crowdsec = { + url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixunits = { + url = "git+https://git.aevoo.com/aevoo/os/nixunits.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -201,9 +211,57 @@ modules = [ inputs.sops-nix.nixosModules.sops ./hosts/rpi40 ]; }; - srvhoma = nixpkgs.lib.nixosSystem { + hype16 = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; - modules = [ inputs.sops-nix.nixosModules.sops ./hosts/srvhoma ]; + modules = [ + inputs.sops-nix.nixosModules.sops + inputs.crowdsec.nixosModules.crowdsec + inputs.crowdsec.nixosModules.crowdsec-firewall-bouncer + inputs.nixunits.nixosModules.default + ./hosts/hype16 + + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + verbose = true; + extraSpecialArgs = { inputs = self.inputs; }; + users = { + root = import ./users/root/hype16.nix; + badele = { + imports = [ + nur.nixosModules.nur + stylix.homeManagerModules.stylix + ./users/badele/hype16.nix + ]; + }; + }; + }; + } + ]; + }; + + ####################################################################### + # Hypervised applications + ####################################################################### + + gw-dmz = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" + inputs.sops-nix.nixosModules.sops + ./hosts/hypervised/gw-dmz + ]; + }; + + trilium = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" + inputs.sops-nix.nixosModules.sops + ./hosts/hypervised/trilium + ]; }; }; diff --git a/hosts/badxps/default.nix b/hosts/badxps/default.nix index 06a0aee..0577d72 100644 --- a/hosts/badxps/default.nix +++ b/hosts/badxps/default.nix @@ -1,13 +1,7 @@ -########################################################## +# ######################################################### # NIXOS (hosts) ########################################################## -{ inputs -, config -, pkgs -, lib -, ... -}: -{ +{ inputs, config, pkgs, lib, ... }: { imports = [ inputs.hardware.nixosModules.dell-xps-15-9570-intel ./hardware-configuration.nix @@ -24,14 +18,13 @@ ../../nix/nixos/features/homelab ../../nix/nixos/features/system/containers.nix - # Virtualisation ../../nix/nixos/features/virtualisation/incus.nix ../../nix/nixos/features/virtualisation/libvirt.nix # Desktop ../../nix/nixos/features/system/bluetooth.nix ../../nix/nixos/features/desktop/wm/xorg/lightdm.nix - # + # # Roles ../../nix/nixos/roles # Automatically load service from sectionn from `homelab.json` file ]; @@ -40,6 +33,9 @@ # Boot #################################### + # Docker + virtualisation.docker.storageDriver = "zfs"; + nixpkgs.config = { # allowBroken = true; # nvidia.acceptLicense = true; @@ -51,7 +47,7 @@ "i915.force_probe=3e9b" "mem_sleep_default=deep" "acpi_osi=!" - "acpi_osi=\"Windows 2015\"" + ''acpi_osi="Windows 2015"'' "acpi_backlight=vendor" ]; @@ -72,7 +68,15 @@ }; initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "sd_mod" + "sr_mod" + "rtsx_pci_sdmmc" + ]; kernelModules = [ ]; }; }; @@ -85,7 +89,6 @@ #hardware.nvidia.package = boot.kernelPackages.nvidiaPackages.stable; #hardware.nvidia.modesetting.enable = true; - #################################### # host profile #################################### @@ -101,16 +104,16 @@ # Hardware #################################### - # Enable OpenGL acceleration hardware.graphics.enable = true; # intel hardware.opengl = { enable = true; - extraPackages = with pkgs; [ - vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable - ]; + extraPackages = with pkgs; + [ + vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable + ]; }; # Nvidia @@ -141,7 +144,8 @@ services.pipewire.enable = false; hardware.pulseaudio = { enable = true; - support32Bit = true; ## If compatibility with 32-bit applications is desired + support32Bit = + true; # # If compatibility with 32-bit applications is desired #extraConfig = "load-module module-combine-sink"; }; @@ -152,9 +156,7 @@ # Programs #################################### powerManagement.powertop.enable = true; - programs = { - dconf.enable = true; - }; + programs = { dconf.enable = true; }; #################################### # Secrets diff --git a/hosts/bootstore/default.nix b/hosts/bootstore/default.nix index 7e236ea..17851e4 100644 --- a/hosts/bootstore/default.nix +++ b/hosts/bootstore/default.nix @@ -1,8 +1,4 @@ -{ lib -, pkgs -, ... -}: -{ +{ lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix diff --git a/hosts/demovm/default.nix b/hosts/demovm/default.nix index 2d9e857..34363c6 100644 --- a/hosts/demovm/default.nix +++ b/hosts/demovm/default.nix @@ -1,13 +1,7 @@ -########################################################## +# ######################################################### # NIXOS (hosts) ########################################################## -{ inputs -, config -, pkgs -, lib -, ... -}: -{ +{ inputs, config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ./disks.nix @@ -17,6 +11,7 @@ # /home/badele/ghq/github.com/badele/nix-homelab/nix/nixos/features/commons/sops.nix # Secret loaded from hosts/${config.networking.hostName}/secrets.yml"; + # Users ../root.nix ../demo.nix @@ -35,11 +30,8 @@ # Boot #################################### - boot = { - kernelParams = [ - "mem_sleep_default=deep" - ]; + kernelParams = [ "mem_sleep_default=deep" ]; blacklistedKernelModules = [ ]; kernelModules = [ "kvm-intel" ]; supportedFilesystems = [ "btrfs" ]; @@ -57,15 +49,22 @@ # Qemu support initrd = { - availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; + availableKernelModules = [ + "virtio_net" + "virtio_pci" + "virtio_mmio" + "virtio_blk" + "virtio_scsi" + "9p" + "9pnet_virtio" + ]; kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; - postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) - '' - # Set the system time from the hardware clock to work around a - # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised - # to the *boot time* of the host). - hwclock -s - ''; + postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' + # Set the system time from the hardware clock to work around a + # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised + # to the *boot time* of the host). + hwclock -s + ''; }; }; @@ -91,7 +90,8 @@ services.pipewire.enable = false; hardware.pulseaudio = { enable = true; - support32Bit = true; ## If compatibility with 32-bit applications is desired + support32Bit = + true; # # If compatibility with 32-bit applications is desired #extraConfig = "load-module module-combine-sink"; }; @@ -102,9 +102,7 @@ # Programs #################################### powerManagement.powertop.enable = true; - programs = { - dconf.enable = true; - }; + programs = { dconf.enable = true; }; nixpkgs.hostPlatform.system = "x86_64-linux"; system.stateVersion = "24.05"; diff --git a/hosts/hype16/default.nix b/hosts/hype16/default.nix index aae6140..033a178 100644 --- a/hosts/hype16/default.nix +++ b/hosts/hype16/default.nix @@ -1,7 +1,18 @@ # ######################################################### # NIXOS (hosts) ########################################################## -{ inputs, config, pkgs, lib, ... }: { +{ lib, config, ... }: +let + netlan = "254"; + netadm = "240"; + netdmz = "32"; + + lan_address = "192.168.${netlan}.16"; + adm_address = "192.168.${netadm}.16"; + dmz_address = "192.168.${netdmz}.16"; + +in +{ imports = [ # Host and hardware configuration ./hardware-configuration.nix @@ -15,10 +26,25 @@ # Commons ../../nix/nixos/features/commons ../../nix/nixos/features/homelab - ../../nix/nixos/features/system/containers.nix + # ../../nix/nixos/features/system/containers.nix + + # Virtualisation + # ../../nix/nixos/features/virtualisation/podman.nix + # ../../nix/nixos/features/virtualisation/docker.nix + + # Services + # ../../nix/nixos/services/crowdsec.nix + ../../nix/nixos/services/fail2ban.nix + (import ../../nix/nixos/services/traefik.nix { + inherit lib config lan_address adm_address dmz_address; + }) + + # Containers + ../../nix/nixos/containers/adguard.nix + ../../nix/nixos/containers/homepage.nix # Roles - ../../nix/nixos/roles # Automatically load service from sectionn from `homelab.json` file + ../../nix/nixos/roles # Automatically load service from sectionn from `homelab.json` file ]; #################################### @@ -41,14 +67,6 @@ useOSProber = true; }; }; - - # Network - kernel = { - sysctl = { - # Forward on all ipv4 interfaces. - "net.ipv4.conf.all.forwarding" = true; - }; - }; }; # xorg @@ -73,154 +91,229 @@ #extraConfig = "load-module module-combine-sink"; }; - #################################### - # Networking - #################################### + # Allow forward + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + + # virtualisation.vswitch = { + # enable = false; + # # don't reset the Open vSwitch database on reboot + # resetOnStart = false; + # }; networking = { - enableIPv6 = false; hostName = "hype16"; + + # Disable some features + wireless.enable = false; + enableIPv6 = false; + nat.enable = false; useDHCP = false; + # See ../../nix/nixos/features/commons/networking.nix + # Define VLANs vlans = { - vlandmz = { + vlan-dmz = { id = 32; interface = "enp1s0"; # tagged }; - vlanadm = { + vlan-adm = { id = 240; interface = "enp1s0"; # tagged }; }; + # vswitches = { + # br-lan = { interfaces = { enp1s0 = { }; }; }; + # br-adm = { + # interfaces = { + # vlan-adm = { }; + # ve-adguard = { }; + # ve-homepage = { }; + # }; + # }; + # br-dmz = { interfaces = { vlan-dmz = { }; }; }; + # }; + + # bridges = { + # br-lan = { interfaces = [ "enp1s0" ]; }; + # br-adm = { interfaces = [ "vlan-adm" ]; }; + # br-dmz = { interfaces = [ "vlan-dmz" ]; }; + # }; + # Create interfaces interfaces = { - brlan = { - ipv4.addresses = [{ - address = "192.168.254.16"; - prefixLength = 24; - }]; + enp1s0 = { + ipv4 = { + addresses = [{ + address = "192.168.${netlan}.16"; + prefixLength = 24; + }]; + # routes = [{ + # address = "0.0.0.0"; + # prefixLength = 0; + # via = "192.168.${netlan}.254"; + # options = { metric = "100"; }; + # }]; + }; }; - bradm = { - ipv4.addresses = [{ - address = "192.168.240.16"; - prefixLength = 24; - }]; + vlan-adm = { + ipv4 = { + addresses = [{ + address = "192.168.${netadm}.16"; + prefixLength = 24; + }]; + # routes = [{ + # address = "0.0.0.0"; + # prefixLength = 0; + # via = "192.168.${netadm}.254"; + # options = { metric = "100"; }; + # }]; + }; }; - brdmz = { - ipv4.addresses = [{ - address = "192.168.32.16"; - prefixLength = 24; - }]; + vlan-dmz = { + ipv4 = { + addresses = [{ + address = "192.168.${netdmz}.16"; + prefixLength = 24; + }]; + # routes = [{ + # address = "0.0.0.0"; + # prefixLength = 0; + # via = "192.168.${netdmz}.254"; + # options = { metric = "100"; }; + # }]; + }; }; }; - # Create bridges - bridges = { - # untagged - "brlan" = { interfaces = [ "enp1s0" ]; }; - "bradm" = { interfaces = [ "vlanadm" ]; }; - "brdmz" = { interfaces = [ "vlandmz" ]; }; + # Define default gateway and nameservers + defaultGateway = "192.168.32.254"; + # nameservers = [ "89.2.0.1" "89.2.0.2" ]; + nameservers = [ "192.168.${netlan}.254" ]; + + # Firewall + firewall = { + # Allow configure firewall with allowedTCPPorts & allowedUDPPorts values + enable = false; + # filterForward = true; + # checkReversePath = "loose"; + + # Logs + # logReversePathDrops = true; + # logRefusedPackets = true; + # logRefusedConnections = true; + # logRefusedUnicastsOnly = true; + + # extraInputRules = '' + # # LAN to traefik (on hypervisor) + # iifname enp1s0 ip saddr 192.168.254.0/24 ip daddr ${lan_address}/24 tcp dport {80, 443} accept comment "lan to traefik" + # iifname vlan-adm ip saddr 192.168.254.0/24 ip daddr ${adm_address}/24 tcp dport {80, 443} accept comment "adm to traefik" + # iifname vlan-dmz ip saddr 192.168.254.0/24 ip daddr ${dmz_address}/24 tcp dport {80, 443} accept comment "dmz to traefik" + # ''; }; - # Define default gateway and nameservers - defaultGateway = "192.168.254.254"; - nameservers = [ "89.2.0.1" "89.2.0.2" ]; - }; + # https://wiki.nftables.org/wiki-nftables/index.php/Main_Page + nftables = { + enable = true; + ruleset = '' + table inet router { - #################################### - # Incus hypervisor - #################################### + set temp-ports { + type inet_proto . inet_service + flags interval + auto-merge + comment "Temporarily opened ports" + } - networking.nftables.enable = true; + # Reverse path filter + chain rpfilter { + type filter hook prerouting priority mangle + 10; policy drop; + meta nfproto ipv4 udp sport . udp dport { 68 . 67, 67 . 68 } accept comment "DHCPv4 client/server" + fib saddr . mark oif exists accept + jump rpfilter-allow + } - networking.firewall = { - # logReversePathDrops = true; - # logRefusedPackets = true; - # logRefusedConnections = true; - # logRefusedUnicastsOnly = true; + chain rpfilter-allow { + } - interfaces = { - brdmz = { - allowedTCPPorts = [ 53 67 ]; - allowedUDPPorts = [ 53 67 ]; - }; + # Input + chain input { + type filter hook input priority filter; policy drop; + iifname "lo" log prefix "ALLOW LO INPUT" accept comment "trusted interfaces" + ct state vmap { invalid : drop, established : accept, related : accept, new : jump input-allow, untracked : jump input-allow } + tcp flags & (fin | syn | rst | ack) == syn log prefix "refused connection: " level info + } - }; + chain input-allow { + tcp dport 22 accept - # Forward - # filterForward = true; - # extraForwardRules = "iifname brdmz oifname brdmz accept"; - extraInputRules = "iifname brdmz accept"; - # "iifname brdmz ip saddr 192.168.254.0/24 ip daddr 192.168.253.0/24 accept"; - }; + meta l4proto . th dport @temp-ports accept - virtualisation.incus = { - enable = true; - ui.enable = true; - preseed = { - profiles = [ - { - name = "default"; - description = "Default profile"; - devices = { - eth0 = { - name = "eth0"; - type = "nic"; - nictype = "bridged"; - parent = "brlan"; - }; - root = { - path = "/"; - pool = "default"; - size = "35GiB"; - type = "disk"; - }; - }; - } - { - name = "lan"; - description = "LAN profile"; - devices = { - eth0 = { - name = "eth0"; - type = "nic"; - nictype = "bridged"; - parent = "brlan"; - }; - }; - } - { - name = "dmz"; - description = "DMZ profile"; - devices = { - eth1 = { - name = "eth1"; - type = "nic"; - nictype = "bridged"; - parent = "brdmz"; - }; - }; + icmp type echo-request accept comment "allow ping" + + # Mikrotik Neighbors discovery + udp dport 5678 accept comment "Mikrotik Neighbors discovery" + + # Internet to DMZ + iifname vlan-dmz ip daddr 192.168.32.16 tcp dport {80, 443} accept comment "internet to DMZ traefik" + + # LAN To traefik service + iifname enp1s0 ip saddr 192.168.${netlan}.0/24 ip daddr ${lan_address}/24 tcp dport {80, 443} accept comment "lan to traefik" + iifname vlan-adm ip saddr 192.168.${netlan}.0/24 ip daddr ${adm_address}/24 tcp dport {80, 443} accept comment "adm to traefik" + iifname vlan-dmz ip saddr 192.168.${netlan}.0/24 ip daddr ${dmz_address}/24 tcp dport {80, 443} accept comment "dmz to traefik" + + log prefix "Blocked INPUT: " flags all drop + } + + chain output { + type filter hook output priority filter ; policy drop; + + ct state vmap { invalid : drop, established : accept, related : accept, new : jump output-allow, untracked : jump output-allow } + } + + chain output-allow { + udp dport 53 accept comment "DNS request" + udp dport 123 accept comment "NTP request" + icmp type echo-request accept comment "allow ping" + + # crowdsec + oifname lo ip daddr 127.0.0.1 tcp dport 8080 accept comment "crowdsec API" + oifname lo ip daddr 127.0.0.1 tcp dport 6060 accept comment "crowdsec API" + + oifname vlan-dmz tcp dport {80, 443} accept comment "hype16 to HTTP/HTTPS" + oifname ve-adguard ip saddr 192.168.240.16 ip daddr 192.168.241.1 tcp dport 3000 accept comment "traefik to adguard" + oifname ve-homepage ip saddr 192.168.240.16 ip daddr 192.168.241.2 tcp dport 8082 accept comment "traefik to homepage" + + log prefix "Blocked OUTPUT: " flags all drop + } + + chain forward { + type filter hook forward priority filter; policy drop; + ct state vmap { invalid : drop, established : accept, related : accept, new : jump forward-allow, untracked : jump forward-allow } + + log prefix "Blocked FORWARD: " flags all drop + } + + chain forward-allow { + ct status dnat accept comment "allow port forward" + + iifname ve-homepage oifname enp1s0 udp dport 53 + } } - ]; - storage_pools = [{ - config = { source = "/var/lib/incus/storage-pools/default"; }; - driver = "dir"; - name = "default"; - }]; + ''; }; }; #################################### # Storage #################################### - systemd.tmpfiles.rules = [ - # trilium app - "d /data/incus/trilium/var_lib_trilium 0750 root root -" - ]; + # systemd.tmpfiles.rules = [ + # # trilium app + # "d /data/incus/trilium/var_lib_trilium 0750 root root -" + # ]; #################################### # Programs diff --git a/hosts/root.nix b/hosts/root.nix index a561fac..a912b44 100644 --- a/hosts/root.nix +++ b/hosts/root.nix @@ -1,17 +1,8 @@ -########################################################## +# ######################################################### # NIXOS ########################################################## -{ pkgs -, config -, lib -, ... -}: -{ - sops.secrets = { - "system/user/root-hash" = { - neededForUsers = true; - }; - }; +{ pkgs, config, lib, ... }: { + sops.secrets = { "system/user/root-hash" = { neededForUsers = true; }; }; users.users = { # Root diff --git a/hosts/rpi40/default.nix b/hosts/rpi40/default.nix index 276cf89..0152c8d 100644 --- a/hosts/rpi40/default.nix +++ b/hosts/rpi40/default.nix @@ -1,12 +1,11 @@ -{ lib -, ... -}: { +{ lib, ... }: { imports = [ ./hardware-configuration.nix # Users ../root.nix ../badele.nix + # Commons ../../nix/nixos/features/commons ../../nix/nixos/features/homelab diff --git a/hosts/sadhome/default.nix b/hosts/sadhome/default.nix index 07d2056..1efe6ef 100644 --- a/hosts/sadhome/default.nix +++ b/hosts/sadhome/default.nix @@ -1,13 +1,7 @@ -########################################################## +# ######################################################### # NIXOS (hosts) ########################################################## -{ inputs -, config -, pkgs -, lib -, ... -}: -{ +{ inputs, config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ../../nix/modules/nixos/host.nix @@ -38,7 +32,7 @@ "mem_sleep_default=deep" "nouveau.blacklist=0" "acpi_osi=!" - "acpi_osi=\"Windows 2015\"" + ''acpi_osi="Windows 2015"'' "acpi_backlight=vendor" ]; @@ -59,7 +53,15 @@ }; initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "sd_mod" + "sr_mod" + "rtsx_pci_sdmmc" + ]; kernelModules = [ ]; }; }; @@ -87,7 +89,8 @@ # Pulseaudio hardware.pulseaudio = { enable = true; - support32Bit = true; ## If compatibility with 32-bit applications is desired + support32Bit = + true; # # If compatibility with 32-bit applications is desired #extraConfig = "load-module module-combine-sink"; }; @@ -98,9 +101,7 @@ # Programs #################################### powerManagement.powertop.enable = true; - programs = { - dconf.enable = true; - }; + programs = { dconf.enable = true; }; nixpkgs.hostPlatform.system = "x86_64-linux"; system.stateVersion = "22.11"; diff --git a/justfile b/justfile index e7f90ca..0ba23b7 100644 --- a/justfile +++ b/justfile @@ -171,12 +171,12 @@ demo-nixos-install hostname targetip port="22": nixos-anywhere --env-password --extra-files /tmp/nix-homelab -p {{port}} --flake .#{{hostname}} root@{{targetip}} # Update NixOS on local host -@nixos-update hostname="" options="": - just nixos-command switch {{ hostname }} {{ options }} +@nixos-update options="": + just nixos-command switch "" {{ options }} -# Deploy NixOS on remote host -@nixos-remote-deploy hostname targetip: - just nixos-command switch {{ hostname }} "--target-host root@{ targetip }}" +# Install on remote host +@nixos-remote-update hostname targetip options="": + just nixos-command switch {{hostname}} "--target-host root@{{ targetip }}" {{ options }} [private] home-command action: diff --git a/nix/home-manager/apps/bluetooth.nix b/nix/home-manager/apps/bluetooth.nix new file mode 100644 index 0000000..d1e91d9 --- /dev/null +++ b/nix/home-manager/apps/bluetooth.nix @@ -0,0 +1,7 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; + [ + bluetuith # Bluetooth manager + ]; +} diff --git a/nix/home-manager/apps/cad.nix b/nix/home-manager/apps/cad.nix new file mode 100644 index 0000000..626eaf5 --- /dev/null +++ b/nix/home-manager/apps/cad.nix @@ -0,0 +1,8 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + openscad # The Programmers Solid 3D CAD Modeller + librecad # 2D CAD drawing tool based on the community edition of QCad + solvespace # Parametric 2D/3D CAD + ]; +} diff --git a/nix/home-manager/apps/development/commons.nix b/nix/home-manager/apps/development/commons.nix new file mode 100644 index 0000000..57c78d0 --- /dev/null +++ b/nix/home-manager/apps/development/commons.nix @@ -0,0 +1,10 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + git # Distributed version control system + jq # JSON pretty printer and manipulator + just # justfile (Makefile like) + lazygit # Terminal UI for git commands + meld # Visual diff and merge tool + ]; +} diff --git a/nix/home-manager/apps/development/internet.nix b/nix/home-manager/apps/development/internet.nix new file mode 100644 index 0000000..2d97a4c --- /dev/null +++ b/nix/home-manager/apps/development/internet.nix @@ -0,0 +1,8 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + curl # HTTP client + httpie # Curl alternative + wget # HTTP client + ]; +} diff --git a/nix/home-manager/apps/development/nix.nix b/nix/home-manager/apps/development/nix.nix new file mode 100644 index 0000000..7206a5e --- /dev/null +++ b/nix/home-manager/apps/development/nix.nix @@ -0,0 +1,10 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + haskellPackages.nix-derivation # Analyse derivation with pretty-derivation < packagename.drv + nix-prefetch-github # Compute SHA256 github repository + nixpkgs-fmt # Nix formatter + nix-diff # Check derivation differences + nvd # Show diff nix packages + ]; +} diff --git a/nix/home-manager/apps/graphics.nix b/nix/home-manager/apps/graphics.nix new file mode 100644 index 0000000..d1b5b96 --- /dev/null +++ b/nix/home-manager/apps/graphics.nix @@ -0,0 +1,11 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + geeqie # graphics file viewer + gifsicle # create, edit, and inspect GIFs + gimp # GNU Image Manipulation Program + imagemagick # Image manipulation tools + inkscape # Vector graphics editor + pastel # A command-line tool to generate, analyze, convert and manipulate colors + ]; +} diff --git a/nix/home-manager/apps/networking.nix b/nix/home-manager/apps/networking.nix index 2eae2f2..4151f15 100644 --- a/nix/home-manager/apps/networking.nix +++ b/nix/home-manager/apps/networking.nix @@ -1,6 +1,11 @@ { pkgs, ... }: { home.packages = with pkgs; [ + # Tools + ipcalc # IP subnetcalculator + # Networking + # [conflit] pietrasanta-traceroute # Traceroute utility + # [conflit] tshark # Network protocol analyzer conntrack-tools # Connection tracking userspace tools iperf # Tool to measure IP bandwidth using UDP or TCP iputils # arping, clockdif, ping, tracepath @@ -8,10 +13,9 @@ netcat-gnu # Utility which reads and writes data across network nmap # Network exploration tool and security scanner omping # multicast ping - # pietrasanta-traceroute # Traceroute utility tcpdump # Network packet analyzer termshark # Terminal UI for tshark - # tshark # Network protocol analyzer + trippy # mtr traceroute alternative wireshark # Network protocol analyzer # Proxy diff --git a/nix/home-manager/apps/system/file.nix b/nix/home-manager/apps/system/file.nix new file mode 100644 index 0000000..e8014ac --- /dev/null +++ b/nix/home-manager/apps/system/file.nix @@ -0,0 +1,14 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + du-dust # Disk usage in rust + duf # Disk usage in Go + eza # ls alternative + fd # find alternative + ripgrep # Better grep + unzip # Unzip files + + # Floating apps (used in i3) + bashmount # Terminal mount helper + ]; +} diff --git a/nix/home-manager/apps/system/performance.nix b/nix/home-manager/apps/system/performance.nix new file mode 100644 index 0000000..dc08c1b --- /dev/null +++ b/nix/home-manager/apps/system/performance.nix @@ -0,0 +1,9 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + atop # Top alternative + btop # Top alternative + htop # Top alternative + procs # Top alternative + ]; +} diff --git a/nix/home-manager/apps/tools.nix b/nix/home-manager/apps/tools.nix new file mode 100644 index 0000000..6d1245f --- /dev/null +++ b/nix/home-manager/apps/tools.nix @@ -0,0 +1,11 @@ +# Graphics +{ pkgs, ... }: { + home.packages = with pkgs; [ + dconf # Dconf editor + + bat # cat alternative + eva # Calculator + tmux # Terminal multiplexer + up # UI interactively pipe + ]; +} diff --git a/nix/home-manager/features/term/base.nix b/nix/home-manager/features/term/base.nix index 1b0e3d9..e2cbab6 100644 --- a/nix/home-manager/features/term/base.nix +++ b/nix/home-manager/features/term/base.nix @@ -27,8 +27,8 @@ nix = { # Add all flake inputs to registry / CMD: nix registry list registry = lib.mapAttrs (_: value: { flake = value; }) inputs; - # Add all flake inputs to legacy / CMD: echo $NIX_PATH | tr ":" "\n" + #Add all flake inputs to legacy / CMD: echo $NIX_PATH | tr ":" "\n" nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; diff --git a/nix/home-manager/features/term/security/ssh.nix b/nix/home-manager/features/term/security/ssh.nix index c2902f1..01de8e2 100644 --- a/nix/home-manager/features/term/security/ssh.nix +++ b/nix/home-manager/features/term/security/ssh.nix @@ -1,7 +1,7 @@ -{ lib, config, ... }: -{ +{ lib, config, ... }: { programs.ssh = { enable = true; + includes = [ "/home/badele/.ssh/devpod" ]; }; # home.persistence = { diff --git a/nix/home-manager/features/term/tools/zsh.nix b/nix/home-manager/features/term/tools/zsh.nix index 1d27686..66c247a 100644 --- a/nix/home-manager/features/term/tools/zsh.nix +++ b/nix/home-manager/features/term/tools/zsh.nix @@ -309,6 +309,11 @@ in PRJ_DEVTOOLS_DEFAULT_ROLE = "admin"; AWS_CONFIG_FILE = "${prj_devtools}/aws/aws_profiles.conf"; + # GPG keys + # https://github.com/badele/dotfiles/blob/main/.local/bin/gpg-backup-keys + GPG_BACKUP_DIR = "/run/media/badele/usb-black-disk/freefilesync/famille/bruno/home/security/gpg/"; + GPG_USERID = "0x6B95E13DE469CC5D"; + # TODO # GNUPGHOME="${config.xdg.configHome}/gnupg"; diff --git a/nix/nixos/features/commons/networking.nix b/nix/nixos/features/commons/networking.nix index a1c9108..bdc5155 100644 --- a/nix/nixos/features/commons/networking.nix +++ b/nix/nixos/features/commons/networking.nix @@ -1,24 +1,18 @@ { lib, config, ... }: let domain = config.homelab.domain; - aliasIps = lib.flatten - ( + aliasIps = lib.flatten ( - lib.mapAttrsToList - ( - name: host: - let - alias = lib.optionals (host.dnsalias != null) host.dnsalias; - in - map - (entry: { - name = entry; - ip = host.ipv4; - }) - alias - ) - config.homelab.hosts - ); + lib.mapAttrsToList + (name: host: + let alias = lib.optionals (host.dnsalias != null) host.dnsalias; + in map + (entry: { + name = entry; + ip = host.ipv4; + }) + alias) + config.homelab.hosts); in { networking = { @@ -31,17 +25,17 @@ in extraHosts = '' 127.0.0.1 cert.adele.im + # ADM + 192.168.240.16 traefik.adele.im home.adele.im adguard.adele.im + # Hosts - ${lib.concatStringsSep "\n" - (lib.mapAttrsToList - (hostname: hostinfo: - ''${hostinfo.ipv4} ${hostname}.${domain} ${hostname}'') - config.homelab.hosts)} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (hostname: hostinfo: + "${hostinfo.ipv4} ${hostname}.${domain} ${hostname}") + config.homelab.hosts)} # Alias - ${lib.concatMapStringsSep "\n" (host: - "${host.ip} ${host.name}.${domain} ${host.name}" ) - aliasIps} + ${lib.concatMapStringsSep "\n" + (host: "${host.ip} ${host.name}.${domain} ${host.name}") aliasIps} ''; # For ZFS diff --git a/nix/nixos/features/system/containers.nix b/nix/nixos/features/system/containers.nix index 32bf600..6b29dde 100644 --- a/nix/nixos/features/system/containers.nix +++ b/nix/nixos/features/system/containers.nix @@ -9,7 +9,6 @@ virtualisation.docker = { enable = true; enableOnBoot = true; - storageDriver = "zfs"; rootless = { enable = false; diff --git a/nix/nixos/features/virtualisation/incus.nix b/nix/nixos/features/virtualisation/incus.nix index ff98713..46c355f 100644 --- a/nix/nixos/features/virtualisation/incus.nix +++ b/nix/nixos/features/virtualisation/incus.nix @@ -19,44 +19,44 @@ virtualisation.incus = { enable = true; ui.enable = true; - # preseed = { - # networks = [ - # { - # config = { - # "ipv4.address" = "10.0.100.1/24"; - # "ipv4.nat" = "true"; - # }; - # name = "incusbr0"; - # type = "bridge"; - # } - # ]; - # profiles = [ - # { - # devices = { - # eth0 = { - # name = "eth0"; - # network = "incusbr0"; - # type = "nic"; - # }; - # root = { - # path = "/"; - # pool = "default"; - # size = "35GiB"; - # type = "disk"; - # }; - # }; - # name = "default"; - # } - # ]; - # storage_pools = [ - # { - # config = { - # source = "/var/lib/incus/storage-pools/default"; - # }; - # driver = "dir"; - # name = "default"; - # } - # ]; - # }; + preseed = { + networks = [ + { + config = { + "ipv4.address" = "10.0.100.1/24"; + "ipv4.nat" = "true"; + }; + name = "incusbr0"; + type = "bridge"; + } + ]; + profiles = [ + { + devices = { + eth0 = { + name = "eth0"; + network = "incusbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + size = "35GiB"; + type = "disk"; + }; + }; + name = "default"; + } + ]; + storage_pools = [ + { + config = { + source = "/var/lib/incus/storage-pools/default"; + }; + driver = "dir"; + name = "default"; + } + ]; + }; }; } diff --git a/shell.nix b/shell.nix index 102249f..c0df79a 100644 --- a/shell.nix +++ b/shell.nix @@ -2,57 +2,57 @@ # You can enter it through 'nix develop' or (legacy) 'nix-shell' { pkgs ? (import ./nixpkgs.nix) { }, system }: -let - uefi_file = "${pkgs.OVMF.fd}/FV/OVMF.fd"; -in -{ +let uefi_file = "${pkgs.OVMF.fd}/FV/OVMF.fd"; +in { default = pkgs.mkShell { # Enable experimental features without having to specify the argument NIX_CONFIG = "experimental-features = nix-command flakes"; - nativeBuildInputs = with pkgs; [ - - # Required by nix-homelab project - borgbackup - deno - git - home-manager - just - nix - plantuml - pre-commit - - # Testing nix-homelab - qemu - qemu_kvm - OVMF - - # Nix unentended installation - nixos-anywhere - - # Credentials - age - gnupg - pass - pwgen - sops - ssh-to-age - - # Required by invoke - wireguard-tools - openssl_3_0.bin - - # diagrams - graphviz - - # Wireguard - wireguard-tools - openssl_3_0.bin - - # Wireguard - openssl_3_0.bin - wireguard-tools - - ] ++ lib.optional (stdenv.isLinux) mkpasswd; + nativeBuildInputs = with pkgs; + [ + + # Required by nix-homelab project + borgbackup + deno + git + home-manager + just + nix + plantuml + pre-commit + + # Testing nix-homelab + qemu + qemu_kvm + OVMF + + # Nix unentended installation + nixos-anywhere + + # Credentials + age + gnupg + pass + pwgen + sops + ssh-to-age + + # Required by invoke + wireguard-tools + openssl_3_0.bin + + # diagrams + graphviz + d2 + + # Wireguard + wireguard-tools + openssl_3_0.bin + + # Wireguard + openssl_3_0.bin + wireguard-tools + + ] ++ lib.optional (stdenv.isLinux) mkpasswd; shellHook = '' export UEFI_FILE=${uefi_file}; diff --git a/users/badele/b4d14.nix b/users/badele/b4d14.nix index 913d9e4..2588a93 100644 --- a/users/badele/b4d14.nix +++ b/users/badele/b4d14.nix @@ -18,7 +18,7 @@ in ../../nix/modules/home-manager/userconf.nix # Common tools and packages for all badele user hosts - ./commons.nix + ../badele/commons.nix # Editor # INFO: I use my independant neovim configuration => https://github.com/badele/vides diff --git a/users/badele/badxps.nix b/users/badele/badxps.nix index a1a40ac..6b745fb 100644 --- a/users/badele/badxps.nix +++ b/users/badele/badxps.nix @@ -18,13 +18,16 @@ in ../../nix/modules/home-manager/userconf.nix # Common tools and packages for all badele user hosts - ./commons.nix + ../badele/commons.nix # Editor # INFO: I use my independant neovim configuration => https://github.com/badele/vides # ../../nix/home-manager/features/term/editor/lazyvim.nix # Apps + ../../nix/home-manager/apps/bluetooth.nix + ../../nix/home-manager/apps/cad.nix + ../../nix/home-manager/apps/graphics.nix ../../nix/home-manager/apps/networking.nix # Term @@ -59,11 +62,6 @@ in # Packages ############################################################################### home.packages = with pkgs; [ - # DAO/CAO - openscad - librecad - solvespace - # MQTT mosquitto mqttui @@ -79,27 +77,6 @@ in # Go # go - ##################################" - # Cloud & co - ##################################" - awscli2 # AWS CLI - kubectl # Kubernetes CLI - kubectx # Kubernetes CLI - k9s # Kubernetes CLI - kubernetes-helm # Helm - argocd # ArgoCD CLI - - # Network - ipcalc # IP subnetcalculator - trippy # mtr traceroute alternative - - # Graphics - geeqie - gifsicle - gimp - imagemagick - inkscape - # Office discord libreoffice diff --git a/users/badele/commons.nix b/users/badele/commons.nix index 37a5d64..350a2cc 100644 --- a/users/badele/commons.nix +++ b/users/badele/commons.nix @@ -2,6 +2,17 @@ ############################################################################## # Common user conf ############################################################################## + + imports = [ + # Apps + ../../nix/home-manager/apps/tools.nix + ../../nix/home-manager/apps/development/commons.nix + ../../nix/home-manager/apps/development/internet.nix + ../../nix/home-manager/apps/development/nix.nix + ../../nix/home-manager/apps/system/performance.nix + ../../nix/home-manager/apps/system/file.nix + ]; + home = { username = lib.mkDefault "badele"; homeDirectory = lib.mkDefault "/home/${config.home.username}"; @@ -43,51 +54,6 @@ # User packages ############################################################################## home.packages = with pkgs; [ - ##################################" - # Tool - ##################################" - - atop # Top alternative - bat # cat alternative - curl # HTTP client - du-dust # du rust version - duf # df go version - eva # Calculator - eza # ls alternative - fd # find alternative - httpie # curl alternative - jq # JSON pretty printer and manipulator - pastel # Colors generator - ripgrep # Better grep - tmux # Terminal multiplexer - unzip # Unzip files - up # UI interactively pipe - wget # HTTP client - - # Floating apps (used in i3) - bashmount # Terminal mount helper - bluetuith # Bluetooth manager - btop # Top alternative - procs # Top alternative - - ##################################" - # Development - ##################################" - - # Makefile like - just # justfile (Makefile like) - - # Git - meld # Visual diff and merge tool - lazygit # git terminal UI - - # Nix - haskellPackages.nix-derivation # Analyse derivation with pretty-derivation < packagename.drv - nix-prefetch-github # Compute SHA256 github repository - nixpkgs-fmt # Nix formatter - nix-diff # Check derivation differences - nvd # Show diff nix packages - ##################################" # Container / Virtualization ##################################" diff --git a/users/badele/hype16.nix b/users/badele/hype16.nix index c55f715..28c469f 100644 --- a/users/badele/hype16.nix +++ b/users/badele/hype16.nix @@ -1,12 +1,7 @@ -########################################################## +# ######################################################### # HOME-MANAGER (user) ########################################################## -{ config -, inputs -, pkgs -, lib -, ... -}: +{ config, inputs, pkgs, lib, ... }: let feh = "${pkgs.feh}/bin/feh"; theme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml"; @@ -23,7 +18,7 @@ in ../../nix/modules/home-manager/userconf.nix # Common tools and packages for all badele user hosts - ./commons.nix + ./badele-commons.nix # Editor # INFO: I use my independant neovim configuration => https://github.com/badele/vides @@ -34,13 +29,10 @@ in ../../nix/home-manager/features/term/security ]; - ############################################################################### # Packages ############################################################################### - home.packages = with pkgs; [ - ]; - + home.packages = with pkgs; [ ]; programs = { #################################### @@ -54,8 +46,10 @@ in profiles = { "home-up" = { fingerprint = { - eDP1 = "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; - DP3 = "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; + eDP1 = + "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; + DP3 = + "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; }; config = { eDP1 = { @@ -87,7 +81,8 @@ in stylix.enable = true; stylix.autoEnable = true; - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; + stylix.base16Scheme = + "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; stylix.image = pkgs.fetchurl { url = "https://w.wallhaven.cc/full/0w/wallhaven-0w3pdr.jpg"; sha256 = "sha256-xrLfcRkr6TjTW464GYf9XNFHRe5HlLtjpB0LQAh/l6M="; diff --git a/users/badele/sadhome.nix b/users/badele/sadhome.nix index 40230ba..1582d2a 100644 --- a/users/badele/sadhome.nix +++ b/users/badele/sadhome.nix @@ -1,20 +1,12 @@ -########################################################## +# ######################################################### # HOME-MANAGER (user) ########################################################## -{ config -, inputs -, outputs -, pkgs -, lib -, ... -}: -let - feh = "${pkgs.feh}/bin/feh"; -in -{ +{ config, inputs, outputs, pkgs, lib, ... }: +let feh = "${pkgs.feh}/bin/feh"; +in { imports = [ # User - ./commons.nix + ../badele/commons.nix # Commons packages ../../nix/home-manager/commons/packages.nix @@ -57,8 +49,10 @@ in profiles = { "home-up" = { fingerprint = { - eDP1 = "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; - DP3 = "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; + eDP1 = + "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; + DP3 = + "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; }; config = { eDP1 = { diff --git a/users/badele/vm-test.nix b/users/badele/vm-test.nix index e2f52b8..de4fe95 100644 --- a/users/badele/vm-test.nix +++ b/users/badele/vm-test.nix @@ -1,20 +1,12 @@ -########################################################## +# ######################################################### # HOME-MANAGER (user) ########################################################## -{ config -, inputs -, outputs -, pkgs -, lib -, ... -}: -let - feh = "${pkgs.feh}/bin/feh"; -in -{ +{ config, inputs, outputs, pkgs, lib, ... }: +let feh = "${pkgs.feh}/bin/feh"; +in { imports = [ # User - ./commons.nix + ../badele/commons.nix # Commons packages ../../nix/home-manager/commons/packages.nix @@ -55,7 +47,6 @@ in ] ++ (builtins.attrValues outputs.homeManagerModules); - ############################################################################### # Packages ############################################################################### @@ -66,7 +57,6 @@ in solvespace ]; - programs = { #################################### # Monitors configuration @@ -79,8 +69,10 @@ in profiles = { "home-up" = { fingerprint = { - eDP1 = "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; - DP3 = "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; + eDP1 = + "00ffffffffffff004d109a1400000000041c0104a52213780ede50a3544c99260f505400000001010101010101010101010101010101ac3780a070383e403020350058c210000018000000000000000000000000000000000000000000fe00544b365237804c513135364d31000000000002410328001200000a010a2020002b"; + DP3 = + "00ffffffffffff0009d107779c0200000b110103802f1e78eecf75a455499927135054bdef80454f614f01018180818f714f0101010121399030621a274068b03600b10f1100001cd50980a0205e631010605208782d1100001a000000fd00384c1e5411000a202020202020000000fc0042656e51204650323232570a0a01d002031b71230907078301000067030c002000802d43100403e2000f8c0ad08a20e02d10103e9600a05a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"; }; config = { eDP1 = {