ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:99cdb697f156fb4f917e87cf24f0424d6bb735d3
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
compare: ambroisie:efb0a1fae672d90f0d3757444b9f82f963f8919e
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

16 commits
99cdb697f1 ... efb0a1fae6

Author SHA1 Message Date
Bruno BELANYI
efb0a1fae6 WIP: WAITING FOR NIXPKS UPDATE
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-12-25 20:24:13 +01:00
Bruno BELANYI
f04829038a hosts: nixos: porthos: services: enable pyload 2023-12-25 20:24:13 +01:00
Bruno BELANYI
ffc49d784f hosts: nixos: porthos: secrets: add pyload creds 2023-12-25 20:24:13 +01:00
Bruno BELANYI
577e3f071c nixos: services: add pyload 2023-12-25 20:24:13 +01:00
Bruno BELANYI
71ee178510 nixos: services: nginx: fix SSO subdomain
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-12-25 20:23:55 +01:00
Bruno BELANYI
6948424b81 nixos: services: remove redundant subdomains 
See previous commit for the defaults.
 2023-12-25 20:23:55 +01:00
Bruno BELANYI
b7a4bc063f nixos: services: nginx: add default subdomain 
In almost all cases, the subdomain should be the same as the attribute
name...
 2023-12-25 20:23:55 +01:00
Bruno BELANYI
faa87743e5 nixos: services: nginx: use attrset for vhosts 
Attribute sets compose better than lists, it was a mistake to use a list
in the first place...
 2023-12-25 20:23:55 +01:00
Bruno BELANYI
26950332c7 home: keyboard: extract from X module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This deserves to be its own standalone module, as I would want to use it
in both X and Wayland, etc...
 2023-12-23 14:56:55 +01:00
Bruno BELANYI
13d85c30f9 pkgs: remove 'wifi-qr'
Some checks are pending
ci/woodpecker/push/check Pipeline is pending
Details 
Now that I added it to upstream, I can get rid of it.
 2023-12-19 19:08:25 +01:00
Bruno BELANYI
a657a7742e home: wm: i3bar: fix 'net' block when disconnected
Some checks are pending
ci/woodpecker/push/check Pipeline is pending
Details 
I still sometimes get the error message about not being able to format
the block, this should fix it.
 2023-12-18 09:41:35 +00:00
Bruno BELANYI
066a33587d home: mpv: add uosc script
Some checks are pending
ci/woodpecker/push/check Pipeline is pending
Details
2023-12-16 20:24:38 +00:00
Bruno BELANYI
864e0a5ae6 home: firefox: tridactyl: fix Google mapping
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-12-16 16:23:18 +00:00
Bruno BELANYI
4aca698ac6 pkgs: remove 'unified-hosts-lists'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Instead make use of the upstream packaged host list.
 2023-12-16 14:31:16 +00:00
Bruno BELANYI
7ccb8ea8b5 pkgs: unbound-zones-adblock: use upstream package
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This is a slight regression, as the current version of
`stevenblack-blocklist` is 3.13.10 and the version I packaged is
3.14.37.

However I am lazy and want to avoid having to bump the version
manually...
 2023-12-16 14:28:46 +00:00
Bruno BELANYI
49f695bf68 pkgs: remove 'drone-scp'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I added it to upstream nixpkgs.
 2023-12-16 12:51:12 +00:00
43 changed files with 460 additions and 311 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/nixos/porthos/secrets/pyload/credentials.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU
/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0
-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ
sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg
--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0
<EFBFBD>ÏÂ<EFBFBD>Ë®UE_í</¯çQ·Ü+U“AГMÄÿ/kï×dAL/”úÕįÍoæ\XïEDÇÑfã\ièĽàpF„`#¬nx1î<31>ûÞèDëàÂË5CéЦ&fòB»q${Gg…Aqˆ³@üVu!Cc…R\ªÖ¨

2
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -62,6 +62,8 @@ in
"podgrab/password.age".publicKeys = all;
"pyload/credentials.age".publicKeys = all;
"sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age".publicKeys = all;
"sso/ambroisie/totp-secret.age".publicKeys = all;

4
hosts/nixos/porthos/services.nix
View file

@ -134,6 +134,10 @@ in
};
# Regular backups
postgresql-backup.enable = true;
pyload = {
enable = true;
credentialsFile = secrets."pyload/credentials".path;
};
# RSS provider for websites that do not provide any feeds
rss-bridge.enable = true;
# Usenet client

1
modules/home/default.nix
View file

@ -23,6 +23,7 @@
./gtk
./htop
./jq
./keyboard
./mail
./mpv
./nix

4
modules/home/firefox/tridactyl/tridactylrc
View file

@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
bindurl reddit.com gu urlparent 3
" Only hint search results on Google
bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
bindurl www.google.com f hint -Jc #search a
bindurl www.google.com F hint -Jbc #search a
" Only hint search results on DuckDuckGo
bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]

6
modules/home/x/keyboard/default.nix → modules/home/keyboard/default.nix
View file

@ -1,8 +1,12 @@
{ config, lib, ... }:
let
cfg = config.my.home.x;
cfg = config.my.home.keyboard;
in
{
options.my.home.keyboard = with lib; {
enable = my.mkDisableOption "keyboard configuration";
};
config = lib.mkIf cfg.enable {
home.keyboard = {
layout = "fr";

1
modules/home/mpv/default.nix
View file

@ -13,6 +13,7 @@ in
scripts = [
pkgs.mpvScripts.mpris # Allow controlling using media keys
pkgs.mpvScripts.uosc # Nicer UI
];
};
};

2
modules/home/wm/i3bar/default.nix
View file

@ -74,7 +74,7 @@ in
)
{
block = "net";
format = " $icon{| $ssid|} $ip{| $signal_strength|} ";
format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} ";
}
{
block = "backlight";

4
modules/home/x/default.nix
View file

@ -3,10 +3,6 @@ let
cfg = config.my.home.x;
in
{
imports = [
./keyboard
];
options.my.home.x = with lib; {
enable = mkEnableOption "X server configuration";
};

3
modules/nixos/services/blog/default.nix
View file

@ -5,11 +5,10 @@ let
domain = config.networking.domain;
makeHostInfo = subdomain: {
inherit subdomain;
root = "/var/www/${subdomain}";
};
hostsInfo = map makeHostInfo [ "cv" "dev" "key" ];
hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ];
in
{
options.my.services.blog = {

9
modules/nixos/services/calibre-web/default.nix
View file

@ -40,12 +40,11 @@ in
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = [
{
subdomain = "library";
my.services.nginx.virtualHosts = {
library = {
inherit (cfg) port;
}
];
};
};
my.services.backup = {
paths = [

1
modules/nixos/services/default.nix
View file

@ -26,6 +26,7 @@
./podgrab
./postgresql
./postgresql-backup
./pyload
./quassel
./rss-bridge
./sabnzbd

9
modules/nixos/services/drone/server/default.nix
View file

@ -45,11 +45,10 @@ in
}];
};
my.services.nginx.virtualHosts = [
{
subdomain = "drone";
my.services.nginx.virtualHosts = {
drone = {
inherit (cfg) port;
}
];
};
};
};
}

9
modules/nixos/services/flood/default.nix
View file

@ -40,11 +40,10 @@ in
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "flood";
my.services.nginx.virtualHosts = {
flood = {
inherit (cfg) port;
}
];
};
};
};
}

14
modules/nixos/services/gitea/default.nix
View file

@ -116,18 +116,16 @@ in
};
users.groups.git = { };
my.services.nginx.virtualHosts = [
my.services.nginx.virtualHosts = {
# Proxy to Gitea
{
subdomain = "git";
git = {
inherit (cfg) port;
}
};
# Redirect `gitea.` to actual forge subdomain
{
subdomain = "gitea";
gitea = {
redirect = config.services.gitea.settings.server.ROOT_URL;
}
];
};
};
my.services.backup = {
paths = [

27
modules/nixos/services/indexers/default.nix
View file

@ -28,12 +28,11 @@ in
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "jackett";
my.services.nginx.virtualHosts = {
jackett = {
port = jackettPort;
}
];
};
};
})
(lib.mkIf cfg.nzbhydra.enable {
@ -41,12 +40,11 @@ in
enable = true;
};
my.services.nginx.virtualHosts = [
{
subdomain = "nzbhydra";
my.services.nginx.virtualHosts = {
nzbhydra = {
port = nzbhydraPort;
}
];
};
};
})
(lib.mkIf cfg.prowlarr.enable {
@ -54,12 +52,11 @@ in
enable = true;
};
my.services.nginx.virtualHosts = [
{
subdomain = "prowlarr";
my.services.nginx.virtualHosts = {
prowlarr = {
port = prowlarrPort;
}
];
};
};
services.fail2ban.jails = {
prowlarr = ''

9
modules/nixos/services/jellyfin/default.nix
View file

@ -17,9 +17,8 @@ in
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = [
{
subdomain = "jellyfin";
my.services.nginx.virtualHosts = {
jellyfin = {
port = 8096;
extraConfig = {
locations."/" = {
@ -33,7 +32,7 @@ in
proxyWebsockets = true;
};
};
}
];
};
};
};
}

9
modules/nixos/services/lohr/default.nix
View file

@ -98,11 +98,10 @@ in
};
users.groups.lohr = { };
my.services.nginx.virtualHosts = [
{
subdomain = "lohr";
my.services.nginx.virtualHosts = {
lohr = {
inherit (cfg) port;
}
];
};
};
};
}

24
modules/nixos/services/matrix/default.nix
View file

@ -117,10 +117,9 @@ in
};
};
my.services.nginx.virtualHosts = [
my.services.nginx.virtualHosts = {
# Element Web app deployment
{
subdomain = "chat";
chat = {
root = pkgs.element-web.override {
conf = {
default_server_config = {
@ -145,22 +144,19 @@ in
};
};
};
}
};
# Dummy VHosts for port collision detection
{
subdomain = "matrix-federation";
matrix-federation = {
port = federationPort.private;
}
{
subdomain = "matrix-client";
};
matrix-client = {
port = clientPort.private;
}
};
# Sliding sync
{
subdomain = "matrix-sync";
matrix-sync = {
inherit (cfg.slidingSync) port;
}
];
};
};
# Those are too complicated to use my wrapper...
services.nginx.virtualHosts = {

9
modules/nixos/services/miniflux/default.nix
View file

@ -43,11 +43,10 @@ in
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "reader";
my.services.nginx.virtualHosts = {
reader = {
inherit (cfg) port;
}
];
};
};
};
}

9
modules/nixos/services/monitoring/default.nix
View file

@ -125,11 +125,10 @@ in
];
};
my.services.nginx.virtualHosts = [
{
subdomain = "monitoring";
my.services.nginx.virtualHosts = {
monitoring = {
inherit (cfg.grafana) port;
}
];
};
};
};
}

9
modules/nixos/services/navidrome/default.nix
View file

@ -47,11 +47,10 @@ in
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "music";
my.services.nginx.virtualHosts = {
music = {
inherit (cfg) port;
}
];
};
};
};
}

46
modules/nixos/services/nginx/default.nix
View file

@ -5,10 +5,11 @@ let
domain = config.networking.domain;
virtualHostOption = with lib; types.submodule {
virtualHostOption = with lib; types.submodule ({ name, ... }: {
options = {
subdomain = mkOption {
type = types.str;
default = name;
example = "dev";
description = ''
Which subdomain, under config.networking.domain, to use
@ -72,7 +73,7 @@ let
'';
};
};
};
});
in
{
imports = [
@ -97,20 +98,18 @@ in
};
virtualHosts = mkOption {
type = types.listOf virtualHostOption;
default = [ ];
type = types.attrsOf virtualHostOption;
default = { };
example = litteralExample ''
[
{
subdomain = "gitea";
{
gitea = {
subdomain = "git";
port = 8080;
}
{
subdomain = "dev";
};
dev = {
root = "/var/www/dev";
}
{
subdomain = "jellyfin";
};
jellyfin = {
port = 8096;
extraConfig = {
locations."/socket" = {
@ -118,8 +117,8 @@ in
proxyWebsockets = true;
};
};
}
]
};
}
'';
description = ''
List of virtual hosts to set-up using default settings.
@ -190,7 +189,7 @@ in
config = lib.mkIf cfg.enable {
assertions = [ ]
++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
let
conflicts = [ "port" "root" "socket" "redirect" ];
optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
@ -209,7 +208,7 @@ in
ports = lib.my.mapFilter
(v: v != null)
({ port, ... }: port)
cfg.virtualHosts;
(lib.attrValues cfg.virtualHosts);
portCounts = lib.my.countValues ports;
nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts;
nonUniques = builtins.attrNames nonUniquesCounts;
@ -221,7 +220,7 @@ in
map mkAssertion nonUniques
) ++ (
let
subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts;
subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts;
subsCounts = lib.my.countValues subs;
nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts;
nonUniques = builtins.attrNames nonUniquesCounts;
@ -325,7 +324,7 @@ in
])
);
in
lib.my.genAttrs' cfg.virtualHosts mkVHost;
lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost;
sso = {
enable = true;
@ -403,12 +402,11 @@ in
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "login";
my.services.nginx.virtualHosts = {
${cfg.sso.subdomain} = {
inherit (cfg.sso) port;
}
];
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];

9
modules/nixos/services/nix-cache/default.nix
View file

@ -43,11 +43,10 @@ in
signKeyPath = cfg.secretKeyFile;
};
my.services.nginx.virtualHosts = [
{
subdomain = "cache";
my.services.nginx.virtualHosts = {
cache = {
inherit (cfg) port;
}
];
};
};
};
}

9
modules/nixos/services/paperless/default.nix
View file

@ -143,9 +143,8 @@ in
extraGroups = [ "media" ];
};
my.services.nginx.virtualHosts = [
{
subdomain = "paperless";
my.services.nginx.virtualHosts = {
paperless = {
inherit (cfg) port;
sso = {
enable = true;
@ -155,8 +154,8 @@ in
extraConfig = {
locations."/".proxyWebsockets = true;
};
}
];
};
};
my.services.backup = {
paths = [

9
modules/nixos/services/pirate/default.nix
View file

@ -21,12 +21,11 @@ let
};
mkRedirection = service: {
my.services.nginx.virtualHosts = [
{
subdomain = service;
my.services.nginx.virtualHosts = {
${service} = {
port = ports.${service};
}
];
};
};
};
mkFail2Ban = service: lib.mkIf cfg.${service}.enable {

9
modules/nixos/services/podgrab/default.nix
View file

@ -31,11 +31,10 @@ in
inherit (cfg) passwordFile port;
};
my.services.nginx.virtualHosts = [
{
subdomain = "podgrab";
my.services.nginx.virtualHosts = {
podgrab = {
inherit (cfg) port;
}
];
};
};
};
}

66
modules/nixos/services/pyload/default.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, lib, ... }:
let
cfg = config.my.services.pyload;
in
{
imports = [
./nixos.nix
];
options.my.services.pyload = with lib; {
enable = mkEnableOption "pyload download manager";
credentialsFile = mkOption {
type = types.path;
example = "/run/secrets/pyload-credentials.env";
description = "pyload credentials";
};
downloadDirectory = mkOption {
type = types.str;
default = "/data/downloads";
example = "/var/lib/pyload/download";
description = "Download directory";
};
port = mkOption {
type = types.port;
default = 9093;
example = 8080;
description = "Internal port for webui";
};
};
config = lib.mkIf cfg.enable {
services.pyload = {
enable = true;
# Listening on `localhost` leads to 502 with the reverse proxy...
listenAddress = "127.0.0.1";
inherit (cfg)
credentialsFile
downloadDirectory
port
;
};
# User media group when downloading files
systemd. services. pyload = {
serviceConfig = {
Group = lib.mkForce "media";
};
};
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
pyload = {
inherit (cfg) port;
};
};
# FIXME: fail2ban
};
}

144
modules/nixos/services/pyload/nixos.nix Normal file
View file

@ -0,0 +1,144 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.pyload;
stateDir = "/var/lib/pyload";
userDir = "${stateDir}/config";
in
{
options = with lib; {
services.pyload = {
enable = mkEnableOption "pyload download manager";
package = mkPackageOption pkgs "pyload-ng" { };
listenAddress = mkOption {
type = types.str;
default = "localhost";
example = "0.0.0.0";
description = "Address to listen on for the web UI.";
};
port = mkOption {
type = types.port;
default = 8000;
example = 9876;
description = "Port to listen on for the web UI.";
};
downloadDirectory = mkOption {
type = types.path;
default = "${stateDir}/downloads";
example = "/mnt/downloads";
description = "Directory to store downloads";
};
credentialsFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/run/secrets/pyload-credentials.env";
description = ''
File containing PYLOAD_DEFAULT_USERNAME and PYLOAD_DEFAULT_PASSWORD
in the format of an EnvironmentFile=, as described by systemd.exec(5).
If not given, they default to the username/password combo of
pyload/pyload.
'';
};
};
};
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d ${cfg.downloadDirectory}"
];
systemd.services.pyload = {
description = "pyload service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
# NOTE: unlike what the documentation says, it looks like `HOME` is not
# defined with this service definition...
# Since pyload tries to do the equivalent of `cd ~`, it needs to be able
# to resolve $HOME, which fails when `RootDirectory` is set.
# FIXME: check if `SetLoginEnvironment` fixes this issue in version 255
environment = {
HOME = stateDir;
PYLOAD__WEBUI__HOST = cfg.listenAddress;
PYLOAD__WEBUI__PORT = builtins.toString cfg.port;
};
serviceConfig = {
# FIXME: use getExe
ExecStart = "${lib.getExe' cfg.package "pyload"} ${lib.escapeShellArgs [
"--userdir" userDir
"--storagedir" cfg.downloadDirectory
]}";
User = "pyload";
Group = "pyload";
DynamicUser = true;
EnvironmentFile = lib.optional (cfg.credentialsFile != null) cfg.credentialsFile;
StateDirectory = "pyload";
WorkingDirectory = stateDir;
RuntimeDirectory = "pyload";
RuntimeDirectoryMode = "0700";
RootDirectory = "/run/pyload";
BindReadOnlyPaths = [
builtins.storeDir # Needed to run the python interpreter
];
BindPaths = [
cfg.downloadDirectory
];
# Hardening options
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
UMask = "0002";
CapabilityBoundingSet = [
"~CAP_BLOCK_SUSPEND"
"~CAP_BPF"
"~CAP_CHOWN"
"~CAP_IPC_LOCK"
"~CAP_KILL"
"~CAP_LEASE"
"~CAP_LINUX_IMMUTABLE"
"~CAP_NET_ADMIN"
"~CAP_SYS_ADMIN"
"~CAP_SYS_BOOT"
"~CAP_SYS_CHROOT"
"~CAP_SYS_NICE"
"~CAP_SYS_PACCT"
"~CAP_SYS_PTRACE"
"~CAP_SYS_RESOURCE"
"~CAP_SYS_TTY_CONFIG"
];
};
};
};
}

9
modules/nixos/services/sabnzbd/default.nix
View file

@ -18,12 +18,11 @@ in
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = [
{
subdomain = "sabnzbd";
my.services.nginx.virtualHosts = {
sabnzbd = {
inherit port;
}
];
};
};
services.fail2ban.jails = {
sabnzbd = ''

9
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -70,11 +70,10 @@ in
];
};
my.services.nginx.virtualHosts = [
{
subdomain = "recipes";
my.services.nginx.virtualHosts = {
recipes = {
inherit (cfg) port;
}
];
};
};
};
}

9
modules/nixos/services/transmission/default.nix
View file

@ -80,12 +80,11 @@ in
# Default transmission webui, I prefer combustion but its development
# seems to have stalled
my.services.nginx.virtualHosts = [
{
subdomain = "transmission";
my.services.nginx.virtualHosts = {
transmission = {
inherit (cfg) port;
}
];
};
};
networking.firewall = {
allowedTCPPorts = [ cfg.peerPort ];

9
modules/nixos/services/vikunja/default.nix
View file

@ -59,9 +59,8 @@ in
};
# This is a weird setup
my.services.nginx.virtualHosts = [
{
inherit subdomain;
my.services.nginx.virtualHosts = {
${subdomain} = {
# Serve the root for the web-ui
root = config.services.vikunja.package-frontend;
@ -80,8 +79,8 @@ in
};
};
};
}
];
};
};
systemd.services.vikunja-api = {
serviceConfig = {

14
modules/nixos/services/woodpecker/server/default.nix
View file

@ -52,16 +52,14 @@ in
}];
};
my.services.nginx.virtualHosts = [
{
subdomain = "woodpecker";
my.services.nginx.virtualHosts = {
woodpecker = {
inherit (cfg) port;
}
};
# I might want to be able to RPC from other hosts in the future
{
subdomain = "woodpecker-rpc";
woodpecker-rpc = {
port = cfg.rpcPort;
}
];
};
};
};
}

18
overlays/pyload-declarative-user-management/declarative-config.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/src/pyload/core/__init__.py b/src/pyload/core/__init__.py
index 4324fc700..5d915a85e 100644
--- a/src/pyload/core/__init__.py
+++ b/src/pyload/core/__init__.py
@@ -128,6 +128,13 @@ class Core:
else:
self._debug = max(0, int(debug))
+ # Allow setting any option declaratively, for the NixOS module
+ for env, value in os.environ.items():
+ if not env.startswith("PYLOAD__"):
+ continue
+ section, opt = env.removeprefix("PYLOAD__").lower().split("__")
+ self.config.set(section, opt, value)
+
# If no argument set, read storage dir from config file,
# otherwise save setting to config dir
if storagedir is None:

15
overlays/pyload-declarative-user-management/declarative-default-user.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/src/pyload/core/__init__.py b/src/pyload/core/__init__.py
index 4324fc700..f7fcd66ec 100644
--- a/src/pyload/core/__init__.py
+++ b/src/pyload/core/__init__.py
@@ -46,8 +46,8 @@ class Exit(Exception):
# improve external scripts
class Core:
LOCALE_DOMAIN = APPID
- DEFAULT_USERNAME = APPID
- DEFAULT_PASSWORD = APPID
+ DEFAULT_USERNAME = os.getenv("PYLOAD_DEFAULT_USERNAME", APPID)
+ DEFAULT_PASSWORD = os.getenv("PYLOAD_DEFAULT_PASSWORD", APPID)
DEFAULT_DATADIR = os.path.join(
os.getenv("APPDATA") or USERHOMEDIR, "pyLoad" if os.name == "nt" else ".pyload"
)

4
overlays/pyload-declarative-user-management/default.nix Normal file
View file

@ -0,0 +1,4 @@
self: _super:
{
pyload-ng = self.callPackage ./package.nix { };
}

60
overlays/pyload-declarative-user-management/package.nix Normal file
View file

@ -0,0 +1,60 @@
{ lib, fetchPypi, python3 }:
python3.pkgs.buildPythonApplication rec {
version = "0.5.0b3.dev75";
pname = "pyload-ng";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-1lPIKkZESonDaVCnac0iUu/gCqXVDBhNZrk5S0eC6F0=";
};
patches = [
# Makes it possible to change the default username/password in the module
./declarative-default-user.patch
./declarative-config.patch
];
postPatch = ''
# relax version bounds
sed -i 's/\([A-z0-9]*\)~=.*$/\1/' setup.cfg
# not sure what Flask-Session2 is but flask-session works just fine
sed -i '/Flask-Session2/d' setup.cfg
'';
propagatedBuildInputs = with python3.pkgs; [
bitmath
certifi
cheroot
cryptography
filetype
flask
flask-babel
flask-caching
flask-compress
flask-session
flask-themes2
js2py
pycurl
semver
setuptools
];
passthru.optional-dependencies = {
plugins = with python3.pkgs; [
beautifulsoup4 # for some plugins
colorlog # colorful console logging
pillow # for some CAPTCHA plugin
send2trash # send some files to trash instead of deleting them
slixmpp # XMPP plugin
];
};
meta = with lib; {
description = "Free and open-source download manager with support for 1-click-hosting sites";
homepage = "https://github.com/pyload/pyload";
license = licenses.agpl3Plus;
maintainers = with maintainers; [ ruby0b ];
};
}

6
pkgs/default.nix
View file

@ -14,8 +14,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
drone-rsync = pkgs.callPackage ./drone-rsync { };
drone-scp = pkgs.callPackage ./drone-scp { };
i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { };
lohr = pkgs.callPackage ./lohr { };
@ -30,9 +28,5 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { };
wifi-qr = pkgs.callPackage ./wifi-qr { };
zsh-done = pkgs.callPackage ./zsh-done { };
})

25
pkgs/drone-scp/default.nix
View file

@ -1,25 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "drone-scp";
version = "1.6.3";
src = fetchFromGitHub {
owner = "appleboy";
repo = "drone-scp";
rev = "v${version}";
hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0=";
};
vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI=";
doCheck = false; # Needs a specific user...
meta = with lib; {
description = ''
Copy files and artifacts via SSH using a binary, docker or Drone CI
'';
homepage = "https://github.com/appleboy/drone-scp";
license = licenses.mit;
mainProgram = "drone-scp";
};
}

14
pkgs/unbound-zones-adblock/default.nix
View file

@ -1,9 +1,9 @@
{ lib, gawk, stdenvNoCC, unified-hosts-lists }:
{ lib, gawk, stdenvNoCC, stevenblack-blocklist }:
stdenvNoCC.mkDerivation {
name = "unbound-zones-adblock";
version = unified-hosts-lists.version;
version = stevenblack-blocklist.rev;
src = unified-hosts-lists;
src = stevenblack-blocklist;
dontUnpack = true;
@ -18,9 +18,11 @@ stdenvNoCC.mkDerivation {
];
in
''
mkdir -p $out
for file in $src/*; do
${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file)
shopt -s globstar
for file in $src/**/hosts; do
outFile="$out/''${file#$src}"
mkdir -p "$(dirname "$outFile")"
${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile"
done
'';

34
pkgs/unified-hosts-lists/default.nix
View file

@ -1,34 +0,0 @@
{ lib, fetchFromGitHub, stdenvNoCC }:
stdenvNoCC.mkDerivation rec {
pname = "unified-hosts-lists";
version = "3.14.37";
src = fetchFromGitHub {
owner = "StevenBlack";
repo = "hosts";
rev = version;
hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE=";
};
dontUnpack = true;
installPhase = ''
mkdir -p $out
cp -r $src/hosts $out
for file in $src/alternates/*/hosts; do
cp $file $out/$(basename $(dirname $file))
done
'';
meta = with lib; {
description = "Unified host lists";
longDescription = ''
Consolidating and extending hosts files from several well-curated sources.
Optionally pick extensions for porn, social media, and other categories.
'';
homepage = "https://github.com/StevenBlack/hosts";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.all;
};
}

81
pkgs/wifi-qr/default.nix
View file

@ -1,81 +0,0 @@
{ lib
, fetchFromGitHub
, gnome
, installShellFiles
, makeWrapper
, networkmanager
, qrencode
, stdenvNoCC
, xdg-utils
, zbar
}:
stdenvNoCC.mkDerivation rec {
pname = "wifi-qr";
version = "unstable-2023-04-19";
outputs = [ "out" "man" ];
src = fetchFromGitHub {
owner = "kokoye2007";
repo = "wifi-qr";
rev = "b81d4a44257252f07e745464879aa5618ae3d434";
hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0=";
};
nativeBuildInputs = [
installShellFiles
makeWrapper
];
dontBuild = true;
dontConfigure = true;
postPatch = ''
substituteInPlace wifi-qr.desktop \
--replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \
--replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \
--replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \
--replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \
--replace "Icon=wifi-qr.svg" "Icon=wifi-qr"
'';
installPhase = ''
runHook preInstall
install -Dm755 wifi-qr $out/bin/wifi-qr
install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop
install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg
installManPage wifi-qr.1
runHook postInstall
'';
wrapperPath = lib.makeBinPath [
gnome.zenity
networkmanager
qrencode
xdg-utils
zbar
];
fixupPhase = ''
runHook preFixup
patchShebangs $out/bin/wifi-qr
wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}"
runHook postFixup
'';
meta = with lib; {
description = "WiFi password sharing via QR codes";
homepage = "https://github.com/kokoye2007/wifi-qr";
license = with licenses; [ gpl3Plus ];
mainProgram = "wifi-qr";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.linux;
};
}