ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:main
Branches Tags
ambroisie:main
ambroisie:add-impermanence
ambroisie:add-nixgl
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-matrix-bridges
..
compare: ambroisie:add-nixgl
Branches Tags
ambroisie:main
ambroisie:add-impermanence
ambroisie:add-nixgl
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-matrix-bridges

4 commits
main ... add-nixgl

Author SHA1 Message Date
Bruno BELANYI f5a1181267 home: add 'nixgl'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2024-11-04 11:02:45 +00:00
Bruno BELANYI 05b0a450be flake: add 'nixgl' 
There's now a home-manager module for it, let's try it out.
 2024-11-04 11:02:45 +00:00
Bruno BELANYI 4201bb7169 flake: bump inputs 2024-11-04 11:02:45 +00:00
Bruno BELANYI 93a50c598b home: vim: do not italicize comments 2024-11-04 11:02:45 +00:00
38 changed files with 281 additions and 260 deletions
Show stats Expand all files Collapse all files

91
flake.lock
View file

@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
@ -94,11 +94,11 @@
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@ -136,11 +136,11 @@
]
},
"locked": {
"lastModified": 1734808199,
"narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=",
"lastModified": 1730016908,
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f342df3ad938f205a913973b832f52c12546aac6",
"rev": "e83414058edd339148dc142a8437edb9450574c8",
"type": "github"
},
"original": {
@ -150,13 +150,37 @@
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": [
"futils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1734424634,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github"
},
"original": {
@ -167,21 +191,12 @@
}
},
"nur": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1734810357,
"narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=",
"lastModified": 1730380055,
"narHash": "sha256-tHnHNY8dfBg+jYTs4HFQTCVHIRYDgK97tNCdOaaZ19A=",
"owner": "nix-community",
"repo": "NUR",
"rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e",
"rev": "2b1b211bd54496cc8ac20d4b6acda59ada5539c8",
"type": "github"
},
"original": {
@ -203,11 +218,11 @@
]
},
"locked": {
"lastModified": 1734797603,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"lastModified": 1730302582,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"type": "github"
},
"original": {
@ -223,6 +238,7 @@
"flake-parts": "flake-parts",
"futils": "futils",
"home-manager": "home-manager",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs",
"nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
@ -244,27 +260,6 @@
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

15
flake.nix
View file

@ -43,6 +43,17 @@
};
};
nixgl = {
type = "github";
owner = "nix-community";
repo = "nixGL";
ref = "main";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
nixpkgs = {
type = "github";
owner = "NixOS";
@ -55,10 +66,6 @@
owner = "nix-community";
repo = "NUR";
ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";
};
};
pre-commit-hooks = {

2
flake/home-manager.nix
View file

@ -25,7 +25,7 @@ let
inherit system;
overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
inputs.nur.overlay
];
};

2
flake/nixos.nix
View file

@ -7,7 +7,7 @@ let
}
{
nixpkgs.overlays = (lib.attrValues self.overlays) ++ [
inputs.nur.overlays.default
inputs.nur.overlay
];
}
# Include generic settings

15
hosts/nixos/porthos/secrets/acme/dns-key.age
View file

@ -1,9 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m” ÁÅ¡ìg•ß0¦¢–¤`X<16>G>\>¹8rŽz+ŠY ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®I<C2AE>ôÔ]¹Ïå I
ĵ<18>¿oÒÛ°…g„®„ÒêÁ³Â¿Ÿt©nƒºãcz[»{
jçå&ÁõõNæ°Nÿo{õš½‚ -eP¾=L‰™ 6¦.SP:»e¶
-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
¾r ú&…¥‹{~v?¨}=Ä
}+ ¿SQM[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€

8
hosts/nixos/porthos/services.nix
View file

@ -95,9 +95,6 @@ in
nextcloud = {
enable = true;
passwordFile = secrets."nextcloud/password".path;
collabora = {
enable = true;
};
};
nix-cache = {
enable = true;
@ -152,6 +149,11 @@ in
};
# Because I still need to play sysadmin
ssh-server.enable = true;
# Recipe manager
tandoor-recipes = {
enable = true;
secretKeyFile = secrets."tandoor-recipes/secret-key".path;
};
# Torrent client and webui
transmission = {
enable = true;

1
modules/home/default.nix
View file

@ -28,6 +28,7 @@
./mpv
./nix
./nix-index
./nixgl
./nixpkgs
./nm-applet
./packages

1
modules/home/direnv/lib/python.sh
View file

@ -53,5 +53,4 @@ layout_uv() {
PATH_add "$VIRTUAL_ENV/bin"
watch_file pyproject.toml
watch_file uv.lock
watch_file .python-version
}

17
modules/home/nixgl/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, inputs, lib, ... }:
let
cfg = config.my.home.nixgl;
in
{
options.my.home.nixgl = with lib; {
enable = mkEnableOption "nixGL configuration";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
nixGL = {
inherit (inputs.nixgl) packages;
};
}
]);
}

1
modules/home/packages/default.nix
View file

@ -26,7 +26,6 @@ in
fd
file
ripgrep
tree
] ++ cfg.additionalPackages);
nixpkgs.config = {

9
modules/home/tmux/default.nix
View file

@ -47,8 +47,6 @@ in
clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [
@ -82,13 +80,6 @@ in
];
extraConfig = ''
# Refresh configuration
bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
# Accept sloppy Ctrl key when switching windows, on top of default mapping
bind-key -N "Select the previous window" C-p previous-window
bind-key -N "Select the next window" C-n next-window
# Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection
${

1
modules/home/vim/init.vim
View file

@ -103,6 +103,7 @@ gruvbox.setup({
-- Directories "pop" better in blue
Directory = { link = "GruvboxBlueBold" },
},
-- Comments should not be italic, for e.g: box drawing
italic = {
-- Comments should not be italic, for e.g: box drawing
comments = false,

10
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -74,16 +74,6 @@ if utils.is_executable("bash-language-server") then
filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities,
on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
-- Simplify the code
simplifyCode = true,
-- Indent switch cases
caseIndent = true,
},
},
},
})
end

26
modules/home/vim/plugin/settings/null-ls.lua
View file

@ -46,3 +46,29 @@ null_ls.register({
condition = utils.is_executable_condition("isort"),
}),
})
-- Shell (non-POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use bash dialect
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" },
-- Restrict to bash and zsh
filetypes = { "bash", "zsh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})
-- Shell (POSIX)
null_ls.register({
null_ls.builtins.formatting.shfmt.with({
-- Indent with 4 spaces, simplify the code, indent switch cases,
-- add space after redirection, use POSIX
extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" },
-- Restrict to POSIX sh
filetypes = { "sh" },
-- Only used if available
condition = utils.is_executable_condition("shfmt"),
}),
})

5
modules/home/wm/i3/default.nix
View file

@ -127,10 +127,9 @@ in
{ class = "^Blueman-.*$"; }
{ title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^pavucontrol.*$"; }
{ class = "^Pavucontrol.*$"; }
{ class = "^Arandr$"; }
{ class = "^\\.blueman-manager-wrapped$"; }
{ class = "^\\.arandr-wrapped$"; }
{ class = ".?blueman-manager.*$"; }
];
};

5
modules/home/xdg/default.nix
View file

@ -30,10 +30,11 @@ in
};
# A tidy home is a tidy mind
dataFile = {
"tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically...
"bash/.keep".text = "";
"gdb/.keep".text = "";
"tig/.keep".text = "";
};
stateFile = {
"bash/.keep".text = "";
"python/.keep".text = "";
};
};

3
modules/nixos/hardware/graphics/default.nix
View file

@ -33,8 +33,9 @@ in
# AMD GPU
(lib.mkIf (cfg.gpuFlavor == "amd") {
boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ];
hardware.amdgpu = {
initrd.enable = cfg.amd.enableKernelModule;
# Vulkan
amdvlk = lib.mkIf cfg.amd.amdvlk {
enable = true;

3
modules/nixos/hardware/sound/default.nix
View file

@ -54,6 +54,9 @@ in
# Pulseaudio setup
(lib.mkIf cfg.pulse.enable {
# ALSA
sound.enable = true;
hardware.pulseaudio.enable = true;
})
]);

4
modules/nixos/services/aria/default.nix
View file

@ -65,7 +65,9 @@ in
aria-rpc = {
port = cfg.rpcPort;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
extraConfig = {
locations."/".proxyWebsockets = true;
};
};
};

4
modules/nixos/services/audiobookshelf/default.nix
View file

@ -30,7 +30,9 @@ in
audiobookshelf = {
inherit (cfg) port;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
extraConfig = {
locations."/".proxyWebsockets = true;
};
};
};

6
modules/nixos/services/jellyfin/default.nix
View file

@ -27,13 +27,17 @@ in
my.services.nginx.virtualHosts = {
jellyfin = {
port = 8096;
websocketsLocations = [ "/socket" ];
extraConfig = {
locations."/" = {
extraConfig = ''
proxy_buffering off;
'';
};
# Too bad for the repetition...
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
};
};
};

50
modules/nixos/services/nextcloud/collabora.nix
View file

@ -1,50 +0,0 @@
# Document editor with Nextcloud
{ config, lib, ... }:
let
cfg = config.my.services.nextcloud.collabora;
in
{
options.my.services.nextcloud.collabora = with lib; {
enable = mkEnableOption "Collabora integration";
port = mkOption {
type = types.port;
default = 9980;
example = 8080;
description = "Internal port for API";
};
};
config = lib.mkIf cfg.enable {
services.collabora-online = {
enable = true;
inherit (cfg) port;
aliasGroups = [
{
host = "https://collabora.${config.networking.domain}";
# Allow using from nextcloud
aliases = [ "https://${config.services.nextcloud.hostName}" ];
}
];
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
};
};
my.services.nginx.virtualHosts = {
collabora = {
inherit (cfg) port;
websocketsLocations = [
"~ ^/cool/(.*)/ws$"
"^~ /cool/adminws"
];
};
};
};
}

4
modules/nixos/services/nextcloud/default.nix
View file

@ -4,10 +4,6 @@ let
cfg = config.my.services.nextcloud;
in
{
imports = [
./collabora.nix
];
options.my.services.nextcloud = with lib; {
enable = mkEnableOption "Nextcloud";
maxSize = mkOption {

61
modules/nixos/services/nginx/default.nix
View file

@ -17,16 +17,6 @@ let
'';
};
websocketsLocations = mkOption {
type = with types; listOf str;
default = [ ];
example = [ "/socket" ];
description = ''
Which locations on this virtual host should be configured for
websockets.
'';
};
port = mkOption {
type = with types; nullOr port;
default = null;
@ -70,13 +60,10 @@ let
extraConfig = mkOption {
type = types.attrs; # FIXME: forward type of virtualHosts
example = {
extraConfig = ''
add_header X-Clacks-Overhead "GNU Terry Pratchett";
'';
locations."/".extraConfig = ''
client_max_body_size 1G;
'';
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
};
default = { };
description = ''
@ -99,7 +86,7 @@ in
type = types.str;
example = "/var/lib/acme/creds.env";
description = ''
OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
'';
};
};
@ -121,7 +108,12 @@ in
};
jellyfin = {
port = 8096;
websocketsLocations = [ "/socket" ];
extraConfig = {
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096/";
proxyWebsockets = true;
};
};
};
};
description = ''
@ -203,19 +195,6 @@ in
} configured.
'';
}))
++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
let
proxyPass = [ "port" "socket" ];
proxyPassUsed = lib.any (v: args.${v} != null) proxyPass;
in
{
assertion = args.websocketsLocations != [ ] -> proxyPassUsed;
message = ''
Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass)
}.
'';
}))
++ (
let
ports = lib.my.mapFilter
@ -262,14 +241,6 @@ in
virtualHosts =
let
domain = config.networking.domain;
mkProxyPass = { websocketsLocations, ... }: proxyPass:
let
websockets = lib.genAttrs websocketsLocations (_: {
inherit proxyPass;
proxyWebsockets = true;
});
in
{ "/" = { inherit proxyPass; }; } // websockets;
mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
"${subdomain}.${domain}"
(lib.my.recursiveMerge [
@ -280,7 +251,8 @@ in
}
# Proxy to port
(lib.optionalAttrs (args.port != null) {
locations = mkProxyPass args "http://127.0.0.1:${toString args.port}";
locations."/".proxyPass =
"http://127.0.0.1:${toString args.port}";
})
# Serve filesystem content
(lib.optionalAttrs (args.root != null) {
@ -288,7 +260,8 @@ in
})
# Serve to UNIX socket
(lib.optionalAttrs (args.socket != null) {
locations = mkProxyPass args "http://unix:${args.socket}";
locations."/".proxyPass =
"http://unix:${args.socket}";
})
# Redirect to a different domain
(lib.optionalAttrs (args.redirect != null) {
@ -308,7 +281,6 @@ in
locations."/" = {
extraConfig =
# FIXME: check that X-User is dropped otherwise
(args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO
auth_request /sso-auth;
@ -442,8 +414,7 @@ in
{
"${domain}" = {
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "ovh";
dnsPropagationCheck = false; # OVH is slow
dnsProvider = "gandiv5";
inherit (cfg.acme) credentialsFile;
};
};

68
modules/nixos/services/paperless/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.my.services.paperless;
in
@ -61,6 +61,11 @@ in
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -75,18 +80,63 @@ in
# Misc
PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username;
# Fix classifier hangs
LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
};
# Admin password
passwordFile = cfg.passwordFile;
};
# Secret key
environmentFile = cfg.secretKeyFile;
systemd.services = {
paperless-scheduler = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensureDBOwnership = true;
}
];
};
# Set-up media group
@ -102,7 +152,11 @@ in
sso = {
enable = true;
};
websocketsLocations = [ "/" ];
# Enable websockets on root
extraConfig = {
locations."/".proxyWebsockets = true;
};
};
};

8
modules/nixos/services/postgresql/default.nix
View file

@ -14,7 +14,7 @@ in
# Let other services enable postgres when they need it
(lib.mkIf cfg.enable {
services.postgresql = {
package = pkgs.postgresql_17;
package = pkgs.postgresql_13;
};
})
@ -23,15 +23,15 @@ in
environment.systemPackages =
let
pgCfg = config.services.postgresql;
newPackage' = pkgs.postgresql_17;
newPackage' = pkgs.postgresql_13;
oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
oldData = pgCfg.dataDir;
oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin";
oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin";
newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
in
[
(pkgs.writeScriptBin "upgrade-pg-cluster" ''

16
modules/nixos/services/pyload/default.nix
View file

@ -53,20 +53,6 @@ in
};
};
services.fail2ban.jails = {
pyload = ''
enabled = true
filter = pyload
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/pyload.conf".text = ''
[Definition]
failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
journalmatch = _SYSTEMD_UNIT=pyload.service
'';
};
# FIXME: fail2ban
};
}

10
modules/nixos/services/servarr/default.nix
View file

@ -96,15 +96,5 @@ in
# Sonarr for shows
(mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
# HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved
(lib.mkIf cfg.sonarr.enable {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
})
]);
}

6
modules/nixos/system/packages/default.nix
View file

@ -1,5 +1,5 @@
# Common packages
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.my.system.packages;
in
@ -13,6 +13,10 @@ in
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
wget
];
programs = {
vim = {
enable = true;

4
overlays/lsp-format-nvim-indentation/default.nix
View file

@ -1,4 +0,0 @@
self: prev:
{
vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
}

14
overlays/lsp-format-nvim-indentation/generated.nix
View file

@ -1,14 +0,0 @@
{ fetchpatch, ... }:
_final: prev: {
lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
# https://github.com/lukas-reineke/lsp-format.nvim/issues/94
(fetchpatch {
name = "use-effective-indentation";
url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch";
hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk=";
})
];
});
}

2
pkgs/bw-pass/bw-pass
View file

@ -66,7 +66,7 @@ query_password() {
printf '%s\n' "$PASSWORD"
}
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
usage
exit 1
fi

47
pkgs/cgt-calc/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib
, fetchFromGitHub
, python3Packages
, withTeXLive ? true
, texliveSmall
}:
python3Packages.buildPythonApplication rec {
pname = "cgt-calc";
version = "1.13.0";
pyproject = true;
src = fetchFromGitHub {
owner = "KapJI";
repo = "capital-gains-calculator";
rev = "v${version}";
hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw=";
};
build-system = with python3Packages; [
poetry-core
];
dependencies = with python3Packages; [
defusedxml
jinja2
pandas
requests
types-requests
yfinance
];
makeWrapperArgs = lib.optionals withTeXLive [
"--prefix"
"PATH"
":"
"${lib.getBin texliveSmall}/bin"
];
meta = with lib; {
description = "UK capital gains tax calculator";
homepage = "https://github.com/KapJI/capital-gains-calculator";
license = with licenses; [ mit ];
mainProgram = "cgt-calc";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.unix;
};
}

2
pkgs/change-audio/change-audio
View file

@ -62,7 +62,7 @@ do_toggle() {
}
case "$1" in
up | down)
up|down)
do_change_volume "$@"
;;
toggle)

2
pkgs/default.nix
View file

@ -2,6 +2,8 @@
pkgs.lib.makeScope pkgs.newScope (pkgs: {
bw-pass = pkgs.callPackage ./bw-pass { };
cgt-calc = pkgs.callPackage ./cgt-calc { };
change-audio = pkgs.callPackage ./change-audio { };
change-backlight = pkgs.callPackage ./change-backlight { };

14
pkgs/diff-flake/diff-flake
View file

@ -81,23 +81,23 @@ parse_args() {
shift
case "$opt" in
-h | --help)
-h|--help)
usage
exit
;;
-f | --flake-output)
-f|--flake-output)
FLAKE_OUTPUTS+=("$1")
shift
;;
-o | --output)
-o|--output)
OUTPUT_FILE="$1"
shift
;;
-n | --new-rev)
-n|--new-rev)
NEW_REV="$(git rev-parse "$1")"
shift
;;
-p | --previous-rev)
-p|--previous-rev)
PREVIOUS_REV="$(git rev-parse "$1")"
shift
;;
@ -157,7 +157,7 @@ list_dev_shells() {
}
diff_output() {
local PREV NEW
local PREV NEW;
PREV="$(mktemp --dry-run)"
NEW="$(mktemp --dry-run)"
@ -169,7 +169,7 @@ diff_output() {
printf 'Closure diff for `%s`:\n```\n' "$1"
nix store diff-closures "$PREV" "$NEW" | sanitize_output
printf '```\n\n'
} >>"$OUTPUT_FILE"
} >> "$OUTPUT_FILE"
}
parse_args "$@"

2
pkgs/osc52/osc52
View file

@ -15,7 +15,7 @@ usage() {
exec 1>&2
fi
cat <<EOF
cat << EOF
Usage: $0 [options] [string]
Send an arbitrary string to the terminal clipboard using the OSC 52 escape
sequence as specified in xterm:

2
pkgs/osc777/osc777
View file

@ -13,7 +13,7 @@ usage() {
exec 1>&2
fi
cat <<EOF
cat << EOF
Usage: $0 [options] <title> <message>
Send a notification (title and message) to the host system using the OSC 777
escape sequence: