Compare commits

..

22 commits

Author SHA1 Message Date
Bruno BELANYI 9c50691ede nixos: services: nginx: sso: use upstream module
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's finally been merged, so let's get rid of this module.
2024-12-28 13:28:03 -05:00
Bruno BELANYI 2996481327 flake: bump inputs 2024-12-28 13:24:21 -05:00
Bruno BELANYI e65b3ed1fc home: vim: ftplugin: add query
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-23 22:42:42 -05:00
Bruno BELANYI 5cae5632d3 flake: bump inputs
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-21 17:06:37 -05:00
Bruno BELANYI b7b6705391 home: wm: i3: make 'arandr' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Another work-around due to a wrapper in nixpkgs.
2024-12-18 20:48:09 -05:00
Bruno BELANYI ead8101b8d home: wm: i3: match 'blueman' float explicitly
This is more of a work-around due to the wrapper in nixpkgs' packaging
of that application, so might as well make that explicit and narrow.
2024-12-18 20:48:09 -05:00
Bruno BELANYI c75a307c58 home: wm: i3: fix 'pavucontrol' float
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-18 20:39:15 -05:00
Bruno BELANYI f4f1aad1c0 pkgs: fix shell formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance
with my editor settings.
2024-12-18 20:35:34 -05:00
Bruno BELANYI 322fbc970b home: vim: lsp: rely on 'bashls' formatting
All checks were successful
ci/woodpecker/push/check Pipeline was successful
I finally figured out why I was getting the wrong indentation, turns out
it was an issue in `lsp-format.nvim`. With that fixed/worked around, I
can now rely completely on `bash-language-server` for formatting.

I'll also rely on `shfmt` automatically detecting the type of file, as
(Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and
`ft=sh` for POSIX shell.

Finally, I removed spaces after redirections, I've now come around to
liking the default (no spaces) better.
2024-12-18 20:20:28 -05:00
Bruno BELANYI 92e5fbe7df overlays: add 'lsp-format-nvim-indentation'
To fix the issue I reported upstream [1].

[1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94
2024-12-18 20:13:03 -05:00
Bruno BELANYI 747b344b76 pkgs: remove 'cgt-calc'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
It's been merged upstream.
2024-12-15 18:39:27 -05:00
Bruno BELANYI dec5dabf02 modules: services: postgres: upgrade version
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-16 00:20:18 +01:00
Bruno BELANYI b2d2ff1798 nixos: services: postgres: fix renamed option 2024-12-16 00:19:31 +01:00
Bruno BELANYI c5a375d165 nixos: services: paperless: use automatic DB setup
That way I don't have to worry about the `postgresql.service` dependency
anymore :-).
2024-12-11 01:40:14 +01:00
Bruno BELANYI cb5eb68d35 flake: bump inputs
And fix deprecated NUR overlay attribute.
2024-12-11 01:40:10 +01:00
Bruno BELANYI 19120bca29 nixos: hardware: graphics: use 'initrd' option
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-08 16:08:48 -05:00
Bruno BELANYI 35c547a090 home: tmux: enable focus events
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Since `tmux-sensible` was disabled by default, we should enable this
explicitly now.
2024-12-08 10:44:26 -05:00
Bruno BELANYI ad1cfbd6f0 flake: bump inputs
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: https://github.com/NixOS/nixpkgs/issues/360592
2024-12-08 10:44:26 -05:00
Bruno BELANYI baa853477d nixos: hardware: sound: remove ALSA
`sound.enable` was removed from the latest release, and is unnecessary
with PulseAudio.
2024-12-08 10:44:26 -05:00
Bruno BELANYI 3ac85b8762 home: packages: add 'tree' 2024-12-08 10:44:26 -05:00
Bruno BELANYI c74acda957 nixos: system: packages: remove 'wget' 2024-12-08 10:44:26 -05:00
Bruno BELANYI 98c90d77c5 home: tmux: add sloppy window switching bindings
Another set of bindings which were setup by `tmux-sensible`, that I want
to enable explicitly to avoid issues when it is disabled by default.
2024-12-08 10:44:26 -05:00
69 changed files with 120 additions and 557 deletions

View file

@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730504689, "lastModified": 1733312601,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90", "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732482255, "lastModified": 1735381016,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,29 +150,13 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1697303681,
"narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1732521221, "lastModified": 1735291276,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -183,12 +167,21 @@
} }
}, },
"nur": { "nur": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1732704680, "lastModified": 1735408823,
"narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -210,11 +203,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732021966, "lastModified": 1734797603,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -230,7 +223,6 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"futils": "futils", "futils": "futils",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
@ -252,6 +244,27 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -43,13 +43,6 @@
}; };
}; };
impermanence = {
type = "github";
owner = "nix-community";
repo = "impermanence";
ref = "master";
};
nixpkgs = { nixpkgs = {
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
@ -62,6 +55,10 @@
owner = "nix-community"; owner = "nix-community";
repo = "NUR"; repo = "NUR";
ref = "master"; ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";
};
}; };
pre-commit-hooks = { pre-commit-hooks = {

View file

@ -25,7 +25,7 @@ let
inherit system; inherit system;
overlays = (lib.attrValues self.overlays) ++ [ overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay inputs.nur.overlays.default
]; ];
}; };

View file

@ -7,7 +7,7 @@ let
} }
{ {
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlay inputs.nur.overlays.default
]; ];
} }
# Include generic settings # Include generic settings

View file

@ -26,6 +26,7 @@ in
fd fd
file file
ripgrep ripgrep
tree
] ++ cfg.additionalPackages); ] ++ cfg.additionalPackages);
nixpkgs.config = { nixpkgs.config = {

View file

@ -48,6 +48,7 @@ in
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
@ -86,7 +87,7 @@ in
# Accept sloppy Ctrl key when switching windows, on top of default mapping # Accept sloppy Ctrl key when switching windows, on top of default mapping
bind-key -N "Select the previous window" C-p previous-window bind-key -N "Select the previous window" C-p previous-window
bind-key -N "Select the next window" C-n next -window bind-key -N "Select the next window" C-n next-window
# Better vim mode # Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection bind-key -T copy-mode-vi 'v' send -X begin-selection

View file

@ -0,0 +1,6 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on query files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

View file

@ -74,6 +74,16 @@ if utils.is_executable("bash-language-server") then
filetypes = { "bash", "sh", "zsh" }, filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities, capabilities = capabilities,
on_attach = lsp.on_attach, on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
-- Simplify the code
simplifyCode = true,
-- Indent switch cases
caseIndent = true,
},
},
},
}) })
end end

View file

@ -46,29 +46,3 @@ null_ls.register({
condition = utils.is_executable_condition("isort"), condition = utils.is_executable_condition("isort"),
}), }),
}) })
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})

View file

@ -127,9 +127,10 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^Pavucontrol.*$"; } { class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = ".?blueman-manager.*$"; } { class = "^\\.blueman-manager-wrapped$"; }
{ class = "^\\.arandr-wrapped$"; }
]; ];
}; };

View file

@ -18,13 +18,6 @@ in
services.blueman.enable = true; services.blueman.enable = true;
} }
# Persist bluetooth files
{
my.system.persist.directories = [
"/var/lib/bluetooth"
];
}
# Support for additional bluetooth codecs # Support for additional bluetooth codecs
(lib.mkIf cfg.loadExtraCodecs { (lib.mkIf cfg.loadExtraCodecs {
hardware.pulseaudio = { hardware.pulseaudio = {

View file

@ -33,9 +33,8 @@ in
# AMD GPU # AMD GPU
(lib.mkIf (cfg.gpuFlavor == "amd") { (lib.mkIf (cfg.gpuFlavor == "amd") {
boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
hardware.amdgpu = { hardware.amdgpu = {
initrd.enable = cfg.amd.enableKernelModule;
# Vulkan # Vulkan
amdvlk = lib.mkIf cfg.amd.amdvlk { amdvlk = lib.mkIf cfg.amd.amdvlk {
enable = true; enable = true;

View file

@ -22,18 +22,6 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf cfg.wireless.enable { (lib.mkIf cfg.wireless.enable {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# IWD needs persistence if enabled
# Persist NetworkManager files
my.system.persist.files = [
"/var/lib/NetworkManager/secret_key"
"/var/lib/NetworkManager/seen-bssids"
"/var/lib/NetworkManager/timestamps"
];
my.system.persist.directories = [
"/etc/NetworkManager/system-connections"
];
}) })
]; ];
} }

View file

@ -54,9 +54,6 @@ in
# Pulseaudio setup # Pulseaudio setup
(lib.mkIf cfg.pulse.enable { (lib.mkIf cfg.pulse.enable {
# ALSA
sound.enable = true;
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;
}) })
]); ]);

View file

@ -69,11 +69,6 @@ in
}; };
}; };
my.system.persist.directories = [
cfg.downloadDir
"/var/lib/aria2"
];
# NOTE: unfortunately aria2 does not log connection failures for fail2ban # NOTE: unfortunately aria2 does not log connection failures for fail2ban
}; };
} }

View file

@ -34,10 +34,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/${config.services.audiobookshelf.dataDir}"
];
services.fail2ban.jails = { services.fail2ban.jails = {
audiobookshelf = '' audiobookshelf = ''
enabled = true enabled = true

View file

@ -41,12 +41,5 @@ in
# Those are all subdomains, no problem # Those are all subdomains, no problem
my.services.nginx.virtualHosts = hostsInfo; my.services.nginx.virtualHosts = hostsInfo;
my.system.persist.directories = [
"/var/www/blog"
"/var/www/cv"
"/var/www/dev"
"/var/www/key"
];
}; };
} }

View file

@ -53,11 +53,6 @@ in
]; ];
}; };
my.system.persist.directories = [
"/var/lib/${config.services.calibre-web.dataDir}"
cfg.libraryPath
];
services.fail2ban.jails = { services.fail2ban.jails = {
calibre-web = '' calibre-web = ''
enabled = true enabled = true

View file

@ -39,7 +39,5 @@ in
extraGroups = [ "docker" ]; # Give access to the daemon extraGroups = [ "docker" ]; # Give access to the daemon
}; };
users.groups.drone-runner-docker = { }; users.groups.drone-runner-docker = { };
# FIXME: persistence?
}; };
} }

View file

@ -63,7 +63,5 @@ in
group = "drone-runner-exec"; group = "drone-runner-exec";
}; };
users.groups.drone-runner-exec = { }; users.groups.drone-runner-exec = { };
# FIXME: persistence?
}; };
} }

View file

@ -50,7 +50,5 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -33,9 +33,5 @@ in
bantime = "10m"; bantime = "10m";
}; };
}; };
my.system.persist.directories = [
"/var/lib/fail2ban"
];
}; };
} }

View file

@ -28,10 +28,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/flood"
];
# NOTE: unfortunately flood does not log connection failures for fail2ban # NOTE: unfortunately flood does not log connection failures for fail2ban
}; };
} }

View file

@ -147,11 +147,6 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.forgejo.lfs.contentDir
config.services.forgejo.repositoryRoot
];
services.fail2ban.jails = { services.fail2ban.jails = {
forgejo = '' forgejo = ''
enabled = true enabled = true

View file

@ -131,11 +131,6 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.gitea.lfs.contentDir
config.services.gitea.repositoryRoot
];
services.fail2ban.jails = { services.fail2ban.jails = {
gitea = '' gitea = ''
enabled = true enabled = true

View file

@ -37,16 +37,6 @@ in
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;
}; };
my.services.backup = {
paths = [
config.services.grocy.dataDir
];
};
my.system.persist.directories = [
config.services.grocy.dataDir
];
# NOTE: unfortunately grocy does not log connection failures for fail2ban # NOTE: unfortunately grocy does not log connection failures for fail2ban
}; };
} }

View file

@ -33,10 +33,6 @@ in
port = jackettPort; port = jackettPort;
}; };
}; };
my.system.persist.directories = [
config.services.jackett.dataDir
];
}) })
(lib.mkIf cfg.nzbhydra.enable { (lib.mkIf cfg.nzbhydra.enable {
@ -49,10 +45,6 @@ in
port = nzbhydraPort; port = nzbhydraPort;
}; };
}; };
my.system.persist.directories = [
config.services.nzbhydra2.dataDir
];
}) })
(lib.mkIf cfg.prowlarr.enable { (lib.mkIf cfg.prowlarr.enable {
@ -66,10 +58,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/prowlarr"
];
services.fail2ban.jails = { services.fail2ban.jails = {
prowlarr = '' prowlarr = ''
enabled = true enabled = true

View file

@ -38,10 +38,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/jellyfin"
];
services.fail2ban.jails = { services.fail2ban.jails = {
jellyfin = '' jellyfin = ''
enabled = true enabled = true

View file

@ -36,10 +36,6 @@ in
}; };
}; };
my.system.persist.directories = [
config.services.komga.stateDir
];
services.fail2ban.jails = { services.fail2ban.jails = {
komga = '' komga = ''
enabled = true enabled = true

View file

@ -107,9 +107,5 @@ in
}; };
}; };
}; };
my.system.persist.directories = [
"/var/lib/lohr"
];
}; };
} }

View file

@ -214,9 +214,5 @@ in
config.services.matrix-synapse.dataDir config.services.matrix-synapse.dataDir
]; ];
}; };
my.system.persist.directories = [
config.services.matrix-synapse.dataDir
];
}; };
} }

View file

@ -72,12 +72,6 @@ in
}; };
}; };
my.services.backup = {
paths = [
"/var/lib/mealie"
];
};
services.fail2ban.jails = { services.fail2ban.jails = {
mealie = '' mealie = ''
enabled = true enabled = true

View file

@ -130,10 +130,5 @@ in
inherit (cfg.grafana) port; inherit (cfg.grafana) port;
}; };
}; };
my.system.persist.directories = [
config.services.grafana.dataDir
"/var/lib/${config.services.prometheus.stateDir}"
];
}; };
} }

View file

@ -53,10 +53,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/navidrome"
];
services.fail2ban.jails = { services.fail2ban.jails = {
navidrome = '' navidrome = ''
enabled = true enabled = true

View file

@ -46,7 +46,5 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -92,10 +92,6 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.nextcloud.home
];
services.fail2ban.jails = { services.fail2ban.jails = {
nextcloud = '' nextcloud = ''
enabled = true enabled = true

View file

@ -87,10 +87,6 @@ let
}); });
in in
{ {
imports = [
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
@ -486,9 +482,5 @@ in
} }
]; ];
}; };
my.system.persist.directories = [
"/var/lib/acme"
];
}; };
} }

View file

@ -1,84 +0,0 @@
# I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }:
let
cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package;
confPath = "/var/lib/nginx-sso/config.json";
in
{
disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service";
package = mkOption {
type = types.package;
default = pkgs.nginx-sso;
defaultText = "pkgs.nginx-sso";
description = ''
The nginx-sso package that should be used.
'';
};
configuration = mkOption {
type = types.attrsOf types.unspecified;
default = { };
example = literalExample ''
{
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
}
'';
description = ''
nginx-sso configuration
(<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
as a Nix attribute set.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.nginx-sso = {
description = "Nginx SSO Backend";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "nginx-sso";
WorkingDirectory = "/var/lib/nginx-sso";
# The files to be merged might not have the correct permissions
ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
rm -f '${confPath}'
${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
'';
ExecStart = lib.mkForce ''
${lib.getExe pkg} \
--config ${confPath} \
--frontend-dir ${pkg}/share/frontend
'';
Restart = "always";
User = "nginx-sso";
Group = "nginx-sso";
};
};
users.users.nginx-sso = {
isSystemUser = true;
group = "nginx-sso";
};
users.groups.nginx-sso = { };
};
}

View file

@ -61,11 +61,6 @@ in
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings # Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -87,40 +82,11 @@ in
# Secret key # Secret key
environmentFile = cfg.secretKeyFile; environmentFile = cfg.secretKeyFile;
};
systemd.services = { # Automatic PostgreSQL provisioning
paperless-scheduler = { database = {
requires = [ "postgresql.service" ]; createLocally = true;
after = [ "postgresql.service" ];
}; };
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensureDBOwnership = true;
}
];
}; };
# Set-up media group # Set-up media group
@ -146,10 +112,5 @@ in
config.services.paperless.mediaDir config.services.paperless.mediaDir
]; ];
}; };
my.system.persist.directories = [
config.services.paperless.dataDir
config.services.paperless.mediaDir
];
}; };
} }

View file

@ -54,10 +54,6 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/stirling-pdf"
];
services.fail2ban.jails = { services.fail2ban.jails = {
stirling-pdf = '' stirling-pdf = ''
enabled = true enabled = true

View file

@ -51,10 +51,5 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
my.system.persist.directories = [
config.systemd.services.podgrab.environment.CONFIG
config.systemd.services.podgrab.environment.DATA
];
}; };
} }

View file

@ -24,9 +24,5 @@ in
(config.services.postgresqlBackup.location + "/*.prev.sql.gz") (config.services.postgresqlBackup.location + "/*.prev.sql.gz")
]; ];
}; };
my.system.persist.directories = [
config.services.postgresqlBackup.location
];
}; };
} }

View file

@ -14,31 +14,24 @@ in
# Let other services enable postgres when they need it # Let other services enable postgres when they need it
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_13; package = pkgs.postgresql_17;
}; };
}) })
# Only persist directory if the actual service is enabled
(lib.mkIf config.services.postgresql.enable {
my.system.persist.directories = [
config.services.postgresql.dataDir
];
})
# Taken from the manual # Taken from the manual
(lib.mkIf cfg.upgradeScript { (lib.mkIf cfg.upgradeScript {
environment.systemPackages = environment.systemPackages =
let let
pgCfg = config.services.postgresql; pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_13; newPackage' = pkgs.postgresql_17;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir; oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin";
in in
[ [
(pkgs.writeScriptBin "upgrade-pg-cluster" '' (pkgs.writeScriptBin "upgrade-pg-cluster" ''

View file

@ -53,11 +53,6 @@ in
}; };
}; };
my.system.persist.directories = [
cfg.downloadDirectory
"/var/lib/pyload"
];
services.fail2ban.jails = { services.fail2ban.jails = {
pyload = '' pyload = ''
enabled = true enabled = true

View file

@ -46,9 +46,5 @@ in
# Because Quassel does not use the socket, I simply trust its connection # Because Quassel does not use the socket, I simply trust its connection
authentication = "host quassel quassel localhost trust"; authentication = "host quassel quassel localhost trust";
}; };
my.system.persist.directories = [
config.services.quassel.dataDir
];
}; };
} }

View file

@ -22,9 +22,5 @@ in
forceSSL = true; forceSSL = true;
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;
}; };
my.system.persist.directories = [
config.services.rss-bridge.dataDir
];
}; };
} }

View file

@ -24,10 +24,6 @@ in
}; };
}; };
my.system.persist.files = [
config.services.sabnzbd.configFile
];
services.fail2ban.jails = { services.fail2ban.jails = {
sabnzbd = '' sabnzbd = ''
enabled = true enabled = true

View file

@ -19,16 +19,6 @@ let
enable = true; enable = true;
group = "media"; group = "media";
}; };
my.system.persist.directories =
let
# Bazarr breaks the mold unfortunately
dataDir =
if service != "bazarr"
then config.services.${service}.dataDir
else "/var/lib/bazarr";
in
[ dataDir ];
}; };
mkRedirection = service: { mkRedirection = service: {
@ -106,5 +96,15 @@ in
# Sonarr for shows # Sonarr for shows
(mkFullConfig "sonarr") (mkFullConfig "sonarr")
(mkFail2Ban "sonarr") (mkFail2Ban "sonarr")
# HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
(lib.mkIf cfg.sonarr.enable {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
})
]); ]);
} }

View file

@ -20,13 +20,6 @@ in
}; };
}; };
# Persist SSH keys
my.system.persist.files =
let
pubAndPrivKey = key: [ key.path "${key.path}.pub" ];
in
lib.concatMap pubAndPrivKey config.services.openssh.hostKeys;
# Opens the relevant UDP ports. # Opens the relevant UDP ports.
programs.mosh.enable = true; programs.mosh.enable = true;
}; };

View file

@ -83,16 +83,6 @@ in
}; };
}; };
my.services.backup = {
paths = [
"/var/lib/tandoor-recipes"
];
};
my.system.persist.directories = [
"/var/lib/tandoor-recipes"
];
# NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban
}; };
} }

View file

@ -91,11 +91,6 @@ in
allowedUDPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ];
}; };
my.system.persist.directories = [
cfg.downloadBase
config.services.transmission.home
];
# NOTE: unfortunately transmission does not log connection failures for fail2ban # NOTE: unfortunately transmission does not log connection failures for fail2ban
}; };
} }

View file

@ -100,10 +100,6 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.vikunja.settings.files.basepath
];
# NOTE: unfortunately vikunja does not log connection failures for fail2ban # NOTE: unfortunately vikunja does not log connection failures for fail2ban
}; };
} }

View file

@ -38,7 +38,5 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -62,7 +62,5 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -61,7 +61,5 @@ in
port = cfg.rpcPort; port = cfg.rpcPort;
}; };
}; };
# FIXME: persistence
}; };
} }

View file

@ -9,7 +9,6 @@
./language ./language
./nix ./nix
./packages ./packages
./persist
./podman ./podman
./polkit ./polkit
./printing ./printing

View file

@ -23,9 +23,5 @@ in
]; ];
}; };
}; };
my.system.persist.directories = [
"/var/lib/docker"
];
}; };
} }

View file

@ -1,71 +0,0 @@
# Ephemeral root configuration
{ config, inputs, lib, ... }:
let
cfg = config.my.system.persist;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.my.system.persist = with lib; {
enable = mkEnableOption "stateless system configuration";
mountPoint = lib.mkOption {
type = types.str;
default = "/persistent";
example = "/etc/nix/persist";
description = ''
Which mount point should be used to persist this system's files and
directories.
'';
};
files = lib.mkOption {
type = with types; listOf str;
default = [ ];
example = [
"/etc/nix/id_rsa"
];
description = ''
Additional files in the root to link to persistent storage.
'';
};
directories = lib.mkOption {
type = with types; listOf str;
default = [ ];
example = [
"/var/lib/libvirt"
];
description = ''
Additional directories in the root to link to persistent storage.
'';
};
};
config = lib.mkIf cfg.enable {
environment.persistence."${cfg.mountPoint}" = {
files = [
"/etc/machine-id"
"/etc/adjtime"
"/var/lib/systemd/timesync/clock"
]
++ lib.unique cfg.files
;
directories = [
"/etc/nixos" # In case it's storage directory of our configuration
"/var/log"
"/var/lib/nixos" # UID/GID maps
"/var/lib/systemd/coredump"
"/var/lib/systemd" # FIXME: needed?
"/var/spool" # FIXME: needed?
"/var/tmp" # FIXME: needed?
]
++ lib.unique cfg.directories
;
};
};
}

View file

@ -44,9 +44,5 @@ in
]; ];
}; };
}; };
my.system.persist.directories = [
"/var/lib/containers"
];
}; };
} }

View file

@ -65,7 +65,5 @@ in
# Allow resolution of '.local' addresses # Allow resolution of '.local' addresses
nssmdns4 = true; nssmdns4 = true;
}; };
# FIXME: persistence?
}; };
} }

View file

@ -0,0 +1,4 @@
self: prev:
{
vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
}

View file

@ -0,0 +1,14 @@
{ fetchpatch, ... }:
_final: prev: {
lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# https://github.com/lukas-reineke/lsp-format.nvim/issues/94
(fetchpatch {
name = "use-effective-indentation";
url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
})
];
});
}

View file

@ -1,47 +0,0 @@
{ lib
, fetchFromGitHub
, python3Packages
, withTeXLive ? true
, texliveSmall
}:
python3Packages.buildPythonApplication rec {
pname = "cgt-calc";
version = "1.13.0";
pyproject = true;
src = fetchFromGitHub {
owner = "KapJI";
repo = "capital-gains-calculator";
rev = "v${version}";
hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
};
build-system = with python3Packages; [
poetry-core
];
dependencies = with python3Packages; [
defusedxml
jinja2
pandas
requests
types-requests
yfinance
];
makeWrapperArgs = lib.optionals withTeXLive [
"--prefix"
"PATH"
":"
"${lib.getBin texliveSmall}/bin"
];
meta = with lib; {
description = "UK capital gains tax calculator";
homepage = "https://github.com/KapJI/capital-gains-calculator";
license = with licenses; [ mit ];
mainProgram = "cgt-calc";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;
};
}

View file

@ -62,7 +62,7 @@ do_toggle() {
} }
case "$1" in case "$1" in
up|down) up | down)
do_change_volume "$@" do_change_volume "$@"
;; ;;
toggle) toggle)

View file

@ -2,8 +2,6 @@
pkgs.lib.makeScope pkgs.newScope (pkgs: { pkgs.lib.makeScope pkgs.newScope (pkgs: {
bw-pass = pkgs.callPackage ./bw-pass { }; bw-pass = pkgs.callPackage ./bw-pass { };
cgt-calc = pkgs.callPackage ./cgt-calc { };
change-audio = pkgs.callPackage ./change-audio { }; change-audio = pkgs.callPackage ./change-audio { };
change-backlight = pkgs.callPackage ./change-backlight { }; change-backlight = pkgs.callPackage ./change-backlight { };

View file

@ -81,23 +81,23 @@ parse_args() {
shift shift
case "$opt" in case "$opt" in
-h|--help) -h | --help)
usage usage
exit exit
;; ;;
-f|--flake-output) -f | --flake-output)
FLAKE_OUTPUTS+=("$1") FLAKE_OUTPUTS+=("$1")
shift shift
;; ;;
-o|--output) -o | --output)
OUTPUT_FILE="$1" OUTPUT_FILE="$1"
shift shift
;; ;;
-n|--new-rev) -n | --new-rev)
NEW_REV="$(git rev-parse "$1")" NEW_REV="$(git rev-parse "$1")"
shift shift
;; ;;
-p|--previous-rev) -p | --previous-rev)
PREVIOUS_REV="$(git rev-parse "$1")" PREVIOUS_REV="$(git rev-parse "$1")"
shift shift
;; ;;
@ -157,7 +157,7 @@ list_dev_shells() {
} }
diff_output() { diff_output() {
local PREV NEW; local PREV NEW
PREV="$(mktemp --dry-run)" PREV="$(mktemp --dry-run)"
NEW="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)"
@ -169,7 +169,7 @@ diff_output() {
printf 'Closure diff for `%s`:\n```\n' "$1" printf 'Closure diff for `%s`:\n```\n' "$1"
nix store diff-closures "$PREV" "$NEW" | sanitize_output nix store diff-closures "$PREV" "$NEW" | sanitize_output
printf '```\n\n' printf '```\n\n'
} >> "$OUTPUT_FILE" } >>"$OUTPUT_FILE"
} }
parse_args "$@" parse_args "$@"

View file

@ -15,7 +15,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat << EOF cat <<EOF
Usage: $0 [options] [string] Usage: $0 [options] [string]
Send an arbitrary string to the terminal clipboard using the OSC 52 escape Send an arbitrary string to the terminal clipboard using the OSC 52 escape
sequence as specified in xterm: sequence as specified in xterm:

View file

@ -13,7 +13,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat << EOF cat <<EOF
Usage: $0 [options] <title> <message> Usage: $0 [options] <title> <message>
Send a notification (title and message) to the host system using the OSC 777 Send a notification (title and message) to the host system using the OSC 777
escape sequence: escape sequence: