Compare commits

..

52 commits

Author SHA1 Message Date
Bruno BELANYI 0a8b2b8e55 fixup! fixup! WIP: even more directories? Maybe?
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-12-04 19:59:09 +00:00
Bruno BELANYI 3ebd6f47a3 fixup! fixup! WIP: even more directories? Maybe? 2024-12-04 19:59:09 +00:00
Bruno BELANYI d31e8a35b7 fixup! WIP: nixos: system: add persist 2024-11-30 13:31:01 +00:00
Bruno BELANYI b23cd9e891 fixup! WIP: nixos: system: add persist 2024-11-30 13:31:01 +00:00
Bruno BELANYI d5337709c6 fixup! WIP: even more directories? Maybe? 2024-11-30 13:31:01 +00:00
Bruno BELANYI 5abcc66191 WIP: add note about 'iwd'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-29 22:27:15 +00:00
Bruno BELANYI c7fc4c2c67 WIP: even more directories? Maybe? 2024-11-29 22:27:15 +00:00
Bruno BELANYI 489802efbe WIP: add notes for missing persistence/backup
TODO:
* Do home-manager
* Look at for more inspiration github.com:nix-community/impermanence/pull/108
* Common files github.com:nix-community/impermanence/issues/10
* Useful config: github.com:chayleaf/dotfiles/blob/f77271b249e0c08368573c22a5c34f0737d3a766/system/modules/impermanence.nix
2024-11-29 22:27:15 +00:00
Bruno BELANYI ac9eeea26d nixos: services: vikunja: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI a0b91a5d18 nixos: services: transmission: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 6b78d89065 nixos: services: tandoor-recipes: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 4c12fc0094 nixos: services: sabnzbd: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 217c69cc9f nixos: services: rss-bridge: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 31c20c5b1b nixos: services: quassel: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 795026e918 nixos: services: pyload: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI b376366d7b nixos: services: postgresql-backup: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 1f6c40c3eb nixos: services: postgresql: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI aa6baa82e8 nixos: services: podgrab: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI f860452c1c nixos: services: servarr: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI a1bc64cf48 nixos: services: pdf-edit: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI b8325e8ea7 nixos: services: paperless: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 0dccde9edf nixos: services: nextcloud: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 260f1e9b5c nixos: services: nginx: persist SSL certificates 2024-11-29 22:27:15 +00:00
Bruno BELANYI 178f6825c0 nixos: services: navidrome: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 629e5d99f5 nixos: services: monitoring: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 370c8354da nixos: services: matrix: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI c7cc887322 nixos: services: lohr: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 6f27b15781 nixos: services: komga: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI e4916ddb88 nixos: services: jellyfin: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 4569fe8a29 nixos: services: indexers: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI b8f4dd33ee nixos: services: grocy: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI fc98fe2b3e nixos: services: gitea: persist repositories 2024-11-29 22:27:15 +00:00
Bruno BELANYI 82e56bf80c nixos: services: forgejo: persist repositories 2024-11-29 22:27:15 +00:00
Bruno BELANYI bdc008d0fc nixos: services: flood: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 5f607efee8 nixos: services: fail2ban: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 5c5738e1d8 nixos: services: calibre-web: persist library 2024-11-29 22:27:15 +00:00
Bruno BELANYI 7d8a18c968 nixos: services: blog: persist website data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 4fb2447648 nixos: services: audiobookshelf: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI ef88c7561b nixos: services: aria: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 4e2055da7f nixos: services: ssh-server: persist host keys 2024-11-29 22:27:15 +00:00
Bruno BELANYI 2f3b9950e1 nixos: hardware: networking persist connections 2024-11-29 22:27:15 +00:00
Bruno BELANYI 8607b3c577 nixos: hardware: bluetooth: persist connections 2024-11-29 22:27:15 +00:00
Bruno BELANYI 257c0675e2 nixos: system: podman: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 55fd694c69 nixos: system: docker: persist data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 2a20ecbd1e nixos: system: persist: filter unique entries
To make sure that different modules configuring the same values don't
run into any issues (e.g: download clients sharing a download
directory).
2024-11-29 22:27:15 +00:00
Bruno BELANYI fa732c88e4 WIP: nixos: system: add persist
This is the module that takes care of configuring impermanence at the
system level.

WIP:
    * address FIXMEs
    * activate home-manager persistence?
        * set `programs.fuse.userAllowOther = true;` ?
    * point `age` to persisted paths [1] ?
    * make sure all services and modules are persisted correctly...

[1]: b1d18d25b8
2024-11-29 22:27:15 +00:00
Bruno BELANYI 99a3bd2587 flake: add 'impermanence' 2024-11-29 22:27:15 +00:00
Bruno BELANYI e40247ed81 nixos: services: tandoor-recipes: backup data 2024-11-29 22:27:15 +00:00
Bruno BELANYI 1dcf5a1f1c nixos: services: mealie: backup data 2024-11-29 21:38:08 +00:00
Bruno BELANYI 7b21943693 nixos: services: grocy: backup data 2024-11-29 19:21:14 +00:00
Bruno BELANYI e03db8642a nixos: system: packages: remove 'wget'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
2024-11-28 19:59:41 +00:00
Bruno BELANYI 9fc7d32481 home: tmux: add sloppy window switching bindings
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Another set of bindings which were setup by `tmux-sensible`, that I want
to enable explicitly to avoid issues when it is disabled by default.
2024-11-28 18:39:10 +00:00
69 changed files with 557 additions and 120 deletions

View file

@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1730504689,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735381016, "lastModified": 1732482255,
"narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,13 +150,29 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1697303681,
"narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735291276, "lastModified": 1732521221,
"narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -167,21 +183,12 @@
} }
}, },
"nur": { "nur": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1735408823, "lastModified": 1732704680,
"narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -203,11 +210,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734797603, "lastModified": 1732021966,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -223,6 +230,7 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"futils": "futils", "futils": "futils",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
@ -244,27 +252,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -43,6 +43,13 @@
}; };
}; };
impermanence = {
type = "github";
owner = "nix-community";
repo = "impermanence";
ref = "master";
};
nixpkgs = { nixpkgs = {
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
@ -55,10 +62,6 @@
owner = "nix-community"; owner = "nix-community";
repo = "NUR"; repo = "NUR";
ref = "master"; ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";
};
}; };
pre-commit-hooks = { pre-commit-hooks = {

View file

@ -25,7 +25,7 @@ let
inherit system; inherit system;
overlays = (lib.attrValues self.overlays) ++ [ overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default inputs.nur.overlay
]; ];
}; };

View file

@ -7,7 +7,7 @@ let
} }
{ {
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default inputs.nur.overlay
]; ];
} }
# Include generic settings # Include generic settings

View file

@ -26,7 +26,6 @@ in
fd fd
file file
ripgrep ripgrep
tree
] ++ cfg.additionalPackages); ] ++ cfg.additionalPackages);
nixpkgs.config = { nixpkgs.config = {

View file

@ -48,7 +48,6 @@ in
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
@ -87,7 +86,7 @@ in
# Accept sloppy Ctrl key when switching windows, on top of default mapping # Accept sloppy Ctrl key when switching windows, on top of default mapping
bind-key -N "Select the previous window" C-p previous-window bind-key -N "Select the previous window" C-p previous-window
bind-key -N "Select the next window" C-n next-window bind-key -N "Select the next window" C-n next -window
# Better vim mode # Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection bind-key -T copy-mode-vi 'v' send -X begin-selection

View file

@ -1,6 +0,0 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Use a small indentation value on query files
setlocal shiftwidth=2
let b:undo_ftplugin.='|setlocal shiftwidth<'

View file

@ -74,16 +74,6 @@ if utils.is_executable("bash-language-server") then
filetypes = { "bash", "sh", "zsh" }, filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities, capabilities = capabilities,
on_attach = lsp.on_attach, on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
-- Simplify the code
simplifyCode = true,
-- Indent switch cases
caseIndent = true,
},
},
},
}) })
end end

View file

@ -46,3 +46,29 @@ null_ls.register({
condition = utils.is_executable_condition("isort"), condition = utils.is_executable_condition("isort"),
}), }),
}) })
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})

View file

@ -127,10 +127,9 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^pavucontrol.*$"; } { class = "^Pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = "^\\.blueman-manager-wrapped$"; } { class = ".?blueman-manager.*$"; }
{ class = "^\\.arandr-wrapped$"; }
]; ];
}; };

View file

@ -18,6 +18,13 @@ in
services.blueman.enable = true; services.blueman.enable = true;
} }
# Persist bluetooth files
{
my.system.persist.directories = [
"/var/lib/bluetooth"
];
}
# Support for additional bluetooth codecs # Support for additional bluetooth codecs
(lib.mkIf cfg.loadExtraCodecs { (lib.mkIf cfg.loadExtraCodecs {
hardware.pulseaudio = { hardware.pulseaudio = {

View file

@ -33,8 +33,9 @@ in
# AMD GPU # AMD GPU
(lib.mkIf (cfg.gpuFlavor == "amd") { (lib.mkIf (cfg.gpuFlavor == "amd") {
boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
hardware.amdgpu = { hardware.amdgpu = {
initrd.enable = cfg.amd.enableKernelModule;
# Vulkan # Vulkan
amdvlk = lib.mkIf cfg.amd.amdvlk { amdvlk = lib.mkIf cfg.amd.amdvlk {
enable = true; enable = true;

View file

@ -22,6 +22,18 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf cfg.wireless.enable { (lib.mkIf cfg.wireless.enable {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# IWD needs persistence if enabled
# Persist NetworkManager files
my.system.persist.files = [
"/var/lib/NetworkManager/secret_key"
"/var/lib/NetworkManager/seen-bssids"
"/var/lib/NetworkManager/timestamps"
];
my.system.persist.directories = [
"/etc/NetworkManager/system-connections"
];
}) })
]; ];
} }

View file

@ -54,6 +54,9 @@ in
# Pulseaudio setup # Pulseaudio setup
(lib.mkIf cfg.pulse.enable { (lib.mkIf cfg.pulse.enable {
# ALSA
sound.enable = true;
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;
}) })
]); ]);

View file

@ -69,6 +69,11 @@ in
}; };
}; };
my.system.persist.directories = [
cfg.downloadDir
"/var/lib/aria2"
];
# NOTE: unfortunately aria2 does not log connection failures for fail2ban # NOTE: unfortunately aria2 does not log connection failures for fail2ban
}; };
} }

View file

@ -34,6 +34,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/${config.services.audiobookshelf.dataDir}"
];
services.fail2ban.jails = { services.fail2ban.jails = {
audiobookshelf = '' audiobookshelf = ''
enabled = true enabled = true

View file

@ -41,5 +41,12 @@ in
# Those are all subdomains, no problem # Those are all subdomains, no problem
my.services.nginx.virtualHosts = hostsInfo; my.services.nginx.virtualHosts = hostsInfo;
my.system.persist.directories = [
"/var/www/blog"
"/var/www/cv"
"/var/www/dev"
"/var/www/key"
];
}; };
} }

View file

@ -53,6 +53,11 @@ in
]; ];
}; };
my.system.persist.directories = [
"/var/lib/${config.services.calibre-web.dataDir}"
cfg.libraryPath
];
services.fail2ban.jails = { services.fail2ban.jails = {
calibre-web = '' calibre-web = ''
enabled = true enabled = true

View file

@ -39,5 +39,7 @@ in
extraGroups = [ "docker" ]; # Give access to the daemon extraGroups = [ "docker" ]; # Give access to the daemon
}; };
users.groups.drone-runner-docker = { }; users.groups.drone-runner-docker = { };
# FIXME: persistence?
}; };
} }

View file

@ -63,5 +63,7 @@ in
group = "drone-runner-exec"; group = "drone-runner-exec";
}; };
users.groups.drone-runner-exec = { }; users.groups.drone-runner-exec = { };
# FIXME: persistence?
}; };
} }

View file

@ -50,5 +50,7 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -33,5 +33,9 @@ in
bantime = "10m"; bantime = "10m";
}; };
}; };
my.system.persist.directories = [
"/var/lib/fail2ban"
];
}; };
} }

View file

@ -28,6 +28,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/flood"
];
# NOTE: unfortunately flood does not log connection failures for fail2ban # NOTE: unfortunately flood does not log connection failures for fail2ban
}; };
} }

View file

@ -147,6 +147,11 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.forgejo.lfs.contentDir
config.services.forgejo.repositoryRoot
];
services.fail2ban.jails = { services.fail2ban.jails = {
forgejo = '' forgejo = ''
enabled = true enabled = true

View file

@ -131,6 +131,11 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.gitea.lfs.contentDir
config.services.gitea.repositoryRoot
];
services.fail2ban.jails = { services.fail2ban.jails = {
gitea = '' gitea = ''
enabled = true enabled = true

View file

@ -37,6 +37,16 @@ in
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;
}; };
my.services.backup = {
paths = [
config.services.grocy.dataDir
];
};
my.system.persist.directories = [
config.services.grocy.dataDir
];
# NOTE: unfortunately grocy does not log connection failures for fail2ban # NOTE: unfortunately grocy does not log connection failures for fail2ban
}; };
} }

View file

@ -33,6 +33,10 @@ in
port = jackettPort; port = jackettPort;
}; };
}; };
my.system.persist.directories = [
config.services.jackett.dataDir
];
}) })
(lib.mkIf cfg.nzbhydra.enable { (lib.mkIf cfg.nzbhydra.enable {
@ -45,6 +49,10 @@ in
port = nzbhydraPort; port = nzbhydraPort;
}; };
}; };
my.system.persist.directories = [
config.services.nzbhydra2.dataDir
];
}) })
(lib.mkIf cfg.prowlarr.enable { (lib.mkIf cfg.prowlarr.enable {
@ -58,6 +66,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/prowlarr"
];
services.fail2ban.jails = { services.fail2ban.jails = {
prowlarr = '' prowlarr = ''
enabled = true enabled = true

View file

@ -38,6 +38,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/jellyfin"
];
services.fail2ban.jails = { services.fail2ban.jails = {
jellyfin = '' jellyfin = ''
enabled = true enabled = true

View file

@ -36,6 +36,10 @@ in
}; };
}; };
my.system.persist.directories = [
config.services.komga.stateDir
];
services.fail2ban.jails = { services.fail2ban.jails = {
komga = '' komga = ''
enabled = true enabled = true

View file

@ -107,5 +107,9 @@ in
}; };
}; };
}; };
my.system.persist.directories = [
"/var/lib/lohr"
];
}; };
} }

View file

@ -214,5 +214,9 @@ in
config.services.matrix-synapse.dataDir config.services.matrix-synapse.dataDir
]; ];
}; };
my.system.persist.directories = [
config.services.matrix-synapse.dataDir
];
}; };
} }

View file

@ -72,6 +72,12 @@ in
}; };
}; };
my.services.backup = {
paths = [
"/var/lib/mealie"
];
};
services.fail2ban.jails = { services.fail2ban.jails = {
mealie = '' mealie = ''
enabled = true enabled = true

View file

@ -130,5 +130,10 @@ in
inherit (cfg.grafana) port; inherit (cfg.grafana) port;
}; };
}; };
my.system.persist.directories = [
config.services.grafana.dataDir
"/var/lib/${config.services.prometheus.stateDir}"
];
}; };
} }

View file

@ -53,6 +53,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/navidrome"
];
services.fail2ban.jails = { services.fail2ban.jails = {
navidrome = '' navidrome = ''
enabled = true enabled = true

View file

@ -46,5 +46,7 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -92,6 +92,10 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.nextcloud.home
];
services.fail2ban.jails = { services.fail2ban.jails = {
nextcloud = '' nextcloud = ''
enabled = true enabled = true

View file

@ -87,6 +87,10 @@ let
}); });
in in
{ {
imports = [
./sso
];
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
@ -482,5 +486,9 @@ in
} }
]; ];
}; };
my.system.persist.directories = [
"/var/lib/acme"
];
}; };
} }

View file

@ -0,0 +1,84 @@
# I must override the module to allow having runtime secrets
{ config, lib, pkgs, utils, ... }:
let
cfg = config.services.nginx.sso;
pkg = lib.getBin cfg.package;
confPath = "/var/lib/nginx-sso/config.json";
in
{
disabledModules = [ "services/security/nginx-sso.nix" ];
options.services.nginx.sso = with lib; {
enable = mkEnableOption "nginx-sso service";
package = mkOption {
type = types.package;
default = pkgs.nginx-sso;
defaultText = "pkgs.nginx-sso";
description = ''
The nginx-sso package that should be used.
'';
};
configuration = mkOption {
type = types.attrsOf types.unspecified;
default = { };
example = literalExample ''
{
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
}
'';
description = ''
nginx-sso configuration
(<link xlink:href="https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration">documentation</link>)
as a Nix attribute set.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.nginx-sso = {
description = "Nginx SSO Backend";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
StateDirectory = "nginx-sso";
WorkingDirectory = "/var/lib/nginx-sso";
# The files to be merged might not have the correct permissions
ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
rm -f '${confPath}'
${utils.genJqSecretsReplacementSnippet cfg.configuration confPath}
'';
ExecStart = lib.mkForce ''
${lib.getExe pkg} \
--config ${confPath} \
--frontend-dir ${pkg}/share/frontend
'';
Restart = "always";
User = "nginx-sso";
Group = "nginx-sso";
};
};
users.users.nginx-sso = {
isSystemUser = true;
group = "nginx-sso";
};
users.groups.nginx-sso = { };
};
}

View file

@ -61,6 +61,11 @@ in
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings # Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -82,11 +87,40 @@ in
# Secret key # Secret key
environmentFile = cfg.secretKeyFile; environmentFile = cfg.secretKeyFile;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
}; };
systemd.services = {
paperless-scheduler = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensureDBOwnership = true;
}
];
}; };
# Set-up media group # Set-up media group
@ -112,5 +146,10 @@ in
config.services.paperless.mediaDir config.services.paperless.mediaDir
]; ];
}; };
my.system.persist.directories = [
config.services.paperless.dataDir
config.services.paperless.mediaDir
];
}; };
} }

View file

@ -54,6 +54,10 @@ in
}; };
}; };
my.system.persist.directories = [
"/var/lib/stirling-pdf"
];
services.fail2ban.jails = { services.fail2ban.jails = {
stirling-pdf = '' stirling-pdf = ''
enabled = true enabled = true

View file

@ -51,5 +51,10 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
my.system.persist.directories = [
config.systemd.services.podgrab.environment.CONFIG
config.systemd.services.podgrab.environment.DATA
];
}; };
} }

View file

@ -24,5 +24,9 @@ in
(config.services.postgresqlBackup.location + "/*.prev.sql.gz") (config.services.postgresqlBackup.location + "/*.prev.sql.gz")
]; ];
}; };
my.system.persist.directories = [
config.services.postgresqlBackup.location
];
}; };
} }

View file

@ -14,24 +14,31 @@ in
# Let other services enable postgres when they need it # Let other services enable postgres when they need it
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_17; package = pkgs.postgresql_13;
}; };
}) })
# Only persist directory if the actual service is enabled
(lib.mkIf config.services.postgresql.enable {
my.system.persist.directories = [
config.services.postgresql.dataDir
];
})
# Taken from the manual # Taken from the manual
(lib.mkIf cfg.upgradeScript { (lib.mkIf cfg.upgradeScript {
environment.systemPackages = environment.systemPackages =
let let
pgCfg = config.services.postgresql; pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_17; newPackage' = pkgs.postgresql_13;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir; oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin"; oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin"; newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
in in
[ [
(pkgs.writeScriptBin "upgrade-pg-cluster" '' (pkgs.writeScriptBin "upgrade-pg-cluster" ''

View file

@ -53,6 +53,11 @@ in
}; };
}; };
my.system.persist.directories = [
cfg.downloadDirectory
"/var/lib/pyload"
];
services.fail2ban.jails = { services.fail2ban.jails = {
pyload = '' pyload = ''
enabled = true enabled = true

View file

@ -46,5 +46,9 @@ in
# Because Quassel does not use the socket, I simply trust its connection # Because Quassel does not use the socket, I simply trust its connection
authentication = "host quassel quassel localhost trust"; authentication = "host quassel quassel localhost trust";
}; };
my.system.persist.directories = [
config.services.quassel.dataDir
];
}; };
} }

View file

@ -22,5 +22,9 @@ in
forceSSL = true; forceSSL = true;
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;
}; };
my.system.persist.directories = [
config.services.rss-bridge.dataDir
];
}; };
} }

View file

@ -24,6 +24,10 @@ in
}; };
}; };
my.system.persist.files = [
config.services.sabnzbd.configFile
];
services.fail2ban.jails = { services.fail2ban.jails = {
sabnzbd = '' sabnzbd = ''
enabled = true enabled = true

View file

@ -19,6 +19,16 @@ let
enable = true; enable = true;
group = "media"; group = "media";
}; };
my.system.persist.directories =
let
# Bazarr breaks the mold unfortunately
dataDir =
if service != "bazarr"
then config.services.${service}.dataDir
else "/var/lib/bazarr";
in
[ dataDir ];
}; };
mkRedirection = service: { mkRedirection = service: {
@ -96,15 +106,5 @@ in
# Sonarr for shows # Sonarr for shows
(mkFullConfig "sonarr") (mkFullConfig "sonarr")
(mkFail2Ban "sonarr") (mkFail2Ban "sonarr")
# HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
(lib.mkIf cfg.sonarr.enable {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
})
]); ]);
} }

View file

@ -20,6 +20,13 @@ in
}; };
}; };
# Persist SSH keys
my.system.persist.files =
let
pubAndPrivKey = key: [ key.path "${key.path}.pub" ];
in
lib.concatMap pubAndPrivKey config.services.openssh.hostKeys;
# Opens the relevant UDP ports. # Opens the relevant UDP ports.
programs.mosh.enable = true; programs.mosh.enable = true;
}; };

View file

@ -83,6 +83,16 @@ in
}; };
}; };
my.services.backup = {
paths = [
"/var/lib/tandoor-recipes"
];
};
my.system.persist.directories = [
"/var/lib/tandoor-recipes"
];
# NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban
}; };
} }

View file

@ -91,6 +91,11 @@ in
allowedUDPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ];
}; };
my.system.persist.directories = [
cfg.downloadBase
config.services.transmission.home
];
# NOTE: unfortunately transmission does not log connection failures for fail2ban # NOTE: unfortunately transmission does not log connection failures for fail2ban
}; };
} }

View file

@ -100,6 +100,10 @@ in
]; ];
}; };
my.system.persist.directories = [
config.services.vikunja.settings.files.basepath
];
# NOTE: unfortunately vikunja does not log connection failures for fail2ban # NOTE: unfortunately vikunja does not log connection failures for fail2ban
}; };
} }

View file

@ -38,5 +38,7 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -62,5 +62,7 @@ in
]; ];
}; };
}; };
# FIXME: persistence?
}; };
} }

View file

@ -61,5 +61,7 @@ in
port = cfg.rpcPort; port = cfg.rpcPort;
}; };
}; };
# FIXME: persistence
}; };
} }

View file

@ -9,6 +9,7 @@
./language ./language
./nix ./nix
./packages ./packages
./persist
./podman ./podman
./polkit ./polkit
./printing ./printing

View file

@ -23,5 +23,9 @@ in
]; ];
}; };
}; };
my.system.persist.directories = [
"/var/lib/docker"
];
}; };
} }

View file

@ -0,0 +1,71 @@
# Ephemeral root configuration
{ config, inputs, lib, ... }:
let
cfg = config.my.system.persist;
in
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
options.my.system.persist = with lib; {
enable = mkEnableOption "stateless system configuration";
mountPoint = lib.mkOption {
type = types.str;
default = "/persistent";
example = "/etc/nix/persist";
description = ''
Which mount point should be used to persist this system's files and
directories.
'';
};
files = lib.mkOption {
type = with types; listOf str;
default = [ ];
example = [
"/etc/nix/id_rsa"
];
description = ''
Additional files in the root to link to persistent storage.
'';
};
directories = lib.mkOption {
type = with types; listOf str;
default = [ ];
example = [
"/var/lib/libvirt"
];
description = ''
Additional directories in the root to link to persistent storage.
'';
};
};
config = lib.mkIf cfg.enable {
environment.persistence."${cfg.mountPoint}" = {
files = [
"/etc/machine-id"
"/etc/adjtime"
"/var/lib/systemd/timesync/clock"
]
++ lib.unique cfg.files
;
directories = [
"/etc/nixos" # In case it's storage directory of our configuration
"/var/log"
"/var/lib/nixos" # UID/GID maps
"/var/lib/systemd/coredump"
"/var/lib/systemd" # FIXME: needed?
"/var/spool" # FIXME: needed?
"/var/tmp" # FIXME: needed?
]
++ lib.unique cfg.directories
;
};
};
}

View file

@ -44,5 +44,9 @@ in
]; ];
}; };
}; };
my.system.persist.directories = [
"/var/lib/containers"
];
}; };
} }

View file

@ -65,5 +65,7 @@ in
# Allow resolution of '.local' addresses # Allow resolution of '.local' addresses
nssmdns4 = true; nssmdns4 = true;
}; };
# FIXME: persistence?
}; };
} }

View file

@ -1,4 +0,0 @@
self: prev:
{
vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
}

View file

@ -1,14 +0,0 @@
{ fetchpatch, ... }:
_final: prev: {
lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# https://github.com/lukas-reineke/lsp-format.nvim/issues/94
(fetchpatch {
name = "use-effective-indentation";
url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
})
];
});
}

47
pkgs/cgt-calc/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib
, fetchFromGitHub
, python3Packages
, withTeXLive ? true
, texliveSmall
}:
python3Packages.buildPythonApplication rec {
pname = "cgt-calc";
version = "1.13.0";
pyproject = true;
src = fetchFromGitHub {
owner = "KapJI";
repo = "capital-gains-calculator";
rev = "v${version}";
hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
};
build-system = with python3Packages; [
poetry-core
];
dependencies = with python3Packages; [
defusedxml
jinja2
pandas
requests
types-requests
yfinance
];
makeWrapperArgs = lib.optionals withTeXLive [
"--prefix"
"PATH"
":"
"${lib.getBin texliveSmall}/bin"
];
meta = with lib; {
description = "UK capital gains tax calculator";
homepage = "https://github.com/KapJI/capital-gains-calculator";
license = with licenses; [ mit ];
mainProgram = "cgt-calc";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;
};
}

View file

@ -62,7 +62,7 @@ do_toggle() {
} }
case "$1" in case "$1" in
up | down) up|down)
do_change_volume "$@" do_change_volume "$@"
;; ;;
toggle) toggle)

View file

@ -2,6 +2,8 @@
pkgs.lib.makeScope pkgs.newScope (pkgs: { pkgs.lib.makeScope pkgs.newScope (pkgs: {
bw-pass = pkgs.callPackage ./bw-pass { }; bw-pass = pkgs.callPackage ./bw-pass { };
cgt-calc = pkgs.callPackage ./cgt-calc { };
change-audio = pkgs.callPackage ./change-audio { }; change-audio = pkgs.callPackage ./change-audio { };
change-backlight = pkgs.callPackage ./change-backlight { }; change-backlight = pkgs.callPackage ./change-backlight { };

View file

@ -81,23 +81,23 @@ parse_args() {
shift shift
case "$opt" in case "$opt" in
-h | --help) -h|--help)
usage usage
exit exit
;; ;;
-f | --flake-output) -f|--flake-output)
FLAKE_OUTPUTS+=("$1") FLAKE_OUTPUTS+=("$1")
shift shift
;; ;;
-o | --output) -o|--output)
OUTPUT_FILE="$1" OUTPUT_FILE="$1"
shift shift
;; ;;
-n | --new-rev) -n|--new-rev)
NEW_REV="$(git rev-parse "$1")" NEW_REV="$(git rev-parse "$1")"
shift shift
;; ;;
-p | --previous-rev) -p|--previous-rev)
PREVIOUS_REV="$(git rev-parse "$1")" PREVIOUS_REV="$(git rev-parse "$1")"
shift shift
;; ;;
@ -157,7 +157,7 @@ list_dev_shells() {
} }
diff_output() { diff_output() {
local PREV NEW local PREV NEW;
PREV="$(mktemp --dry-run)" PREV="$(mktemp --dry-run)"
NEW="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)"
@ -169,7 +169,7 @@ diff_output() {
printf 'Closure diff for `%s`:\n```\n' "$1" printf 'Closure diff for `%s`:\n```\n' "$1"
nix store diff-closures "$PREV" "$NEW" | sanitize_output nix store diff-closures "$PREV" "$NEW" | sanitize_output
printf '```\n\n' printf '```\n\n'
} >>"$OUTPUT_FILE" } >> "$OUTPUT_FILE"
} }
parse_args "$@" parse_args "$@"

View file

@ -15,7 +15,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat <<EOF cat << EOF
Usage: $0 [options] [string] Usage: $0 [options] [string]
Send an arbitrary string to the terminal clipboard using the OSC 52 escape Send an arbitrary string to the terminal clipboard using the OSC 52 escape
sequence as specified in xterm: sequence as specified in xterm:

View file

@ -13,7 +13,7 @@ usage() {
exec 1>&2 exec 1>&2
fi fi
cat <<EOF cat << EOF
Usage: $0 [options] <title> <message> Usage: $0 [options] <title> <message>
Send a notification (title and message) to the host system using the OSC 777 Send a notification (title and message) to the host system using the OSC 777
escape sequence: escape sequence: