ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:main
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
..
compare: ambroisie:add-nixgl
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

3 commits
main ... add-nixgl

Author SHA1 Message Date
Bruno BELANYI
22efa99f5f WIP: nixgl wrappers
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-07-22 13:44:32 +00:00
Bruno BELANYI
84c49405b6 home: add 'nix-gl' 2025-07-22 13:44:32 +00:00
Bruno BELANYI
b4f9db9a67 flake: add 'nixgl' 
There's now a home-manager module for it, let's try it out.
 2025-07-22 13:44:31 +00:00
34 changed files with 410 additions and 483 deletions
Download patch file Download diff file Expand all files Collapse all files

93
flake.lock generated
View file

@ -14,11 +14,11 @@
]
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -53,11 +53,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1763759067,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
@ -117,11 +117,11 @@
]
},
"locked": {
"lastModified": 1763988335,
"narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
@ -159,11 +159,11 @@
]
},
"locked": {
"lastModified": 1764361670,
"narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=",
"lastModified": 1752467539,
"narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6",
"rev": "1e54837569e0b80797c47be4720fab19e0db1616",
"type": "github"
},
"original": {
@ -173,13 +173,37 @@
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": [
"futils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752054764,
"narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1764242076,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"lastModified": 1752644555,
"narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6",
"type": "github"
},
"original": {
@ -196,19 +220,20 @@
],
"nixpkgs": [
"nixpkgs"
]
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1764449851,
"narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=",
"lastModified": 1741294988,
"narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363",
"rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"ref": "master",
"repo": "NUR",
"type": "github"
}
@ -220,6 +245,7 @@
"futils": "futils",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs",
"nur": "nur",
"systems": "systems"
@ -240,6 +266,27 @@
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

13
flake.nix
View file

@ -43,6 +43,17 @@
};
};
nixgl = {
type = "github";
owner = "nix-community";
repo = "nixGL";
ref = "main";
inputs = {
flake-utils.follows = "futils";
nixpkgs.follows = "nixpkgs";
};
};
nixpkgs = {
type = "github";
owner = "NixOS";
@ -54,7 +65,7 @@
type = "github";
owner = "nix-community";
repo = "NUR";
ref = "main";
ref = "master";
inputs = {
flake-parts.follows = "flake-parts";
nixpkgs.follows = "nixpkgs";

4
flake/overlays.nix
View file

@ -1,4 +1,4 @@
{ self, lib, ... }:
{ self, ... }:
let
default-overlays = import "${self}/overlays";
@ -8,7 +8,7 @@ let
# Expose my custom packages
pkgs = _final: prev: {
ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; });
};
};
in

4
hosts/nixos/aramis/home.nix
View file

@ -18,7 +18,9 @@
# Machine specific packages
packages.additionalPackages = with pkgs; [
element-desktop # Matrix client
jellyfin-media-player # Wraps the webui and mpv together
pavucontrol # Audio mixer GUI
trgui-ng # Transmission remote
];
# Minimal video player
mpv.enable = true;
@ -26,8 +28,6 @@
nm-applet.enable = true;
# Terminal
terminal.program = "alacritty";
# Transmission remote
trgui.enable = true;
# Zathura document viewer
zathura.enable = true;
};

15
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -83,9 +83,18 @@ in
"servarr/autobrr/session-secret.age".publicKeys = all;
"servarr/cross-seed/configuration.json.age".publicKeys = all;
"sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age".publicKeys = all;
"sso/ambroisie/totp-secret.age".publicKeys = all;
"sso/auth-key.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/ambroisie/password-hash.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/ambroisie/totp-secret.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"tandoor-recipes/secret-key.age".publicKeys = all;

BIN
hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
View file

Binary file not shown.

1
modules/home/atuin/default.nix
View file

@ -6,6 +6,7 @@ in
options.my.home.atuin = with lib; {
enable = my.mkDisableOption "atuin configuration";
# I want the full experience by default
package = mkPackageOption pkgs "atuin" { };
daemon = {

2
modules/home/default.nix
View file

@ -28,6 +28,7 @@
./mail
./mpv
./nix
./nix-gl
./nix-index
./nixpkgs
./nm-applet
@ -38,7 +39,6 @@
./ssh
./terminal
./tmux
./trgui
./udiskie
./vim
./wget

61
modules/home/delta/default.nix
View file

@ -14,34 +14,53 @@ in
};
config = lib.mkIf cfg.enable {
programs.delta = {
enable = true;
assertions = [
{
# For its configuration
assertion = cfg.enable -> cfg.git.enable;
message = ''
`config.my.home.delta` must enable `config.my.home.delta.git` to be
properly configured.
'';
}
{
assertion = cfg.enable -> config.programs.git.enable;
message = ''
`config.my.home.delta` relies on `config.programs.git` to be
enabled.
'';
}
];
inherit (cfg) package;
home.packages = [ cfg.package ];
enableGitIntegration = cfg.git.enable;
programs.git = lib.mkIf cfg.git.enable {
delta = {
enable = true;
inherit (cfg) package;
options = {
features = "diff-highlight decorations";
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
};

13
modules/home/discord/default.nix
View file

@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.discord;
jsonFormat = pkgs.formats.json { };
in
{
options.my.home.discord = with lib; {
@ -10,15 +12,14 @@ in
};
config = lib.mkIf cfg.enable {
programs.discord = {
enable = true;
home.packages = with pkgs; [
cfg.package
];
inherit (cfg) package;
settings = {
xdg.configFile."discord/settings.json".source =
jsonFormat.generate "discord.json" {
# Do not keep me from using the app just to force an update
SKIP_HOST_UPDATE = true;
};
};
};
}

38
modules/home/git/default.nix
View file

@ -21,31 +21,29 @@ in
config.programs.git = lib.mkIf cfg.enable {
enable = true;
# Who am I?
userEmail = mkMailAddress "bruno" "belanyi.fr";
userName = "Bruno BELANYI";
inherit (cfg) package;
aliases = {
git = "!git";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
lola = "lol --all";
assume = "update-index --assume-unchanged";
unassume = "update-index --no-assume-unchanged";
assumed = "!git ls-files -v | grep ^h | cut -c 3-";
pick = "log -p -G";
push-new = "!git push -u origin "
+ ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
root = "git rev-parse --show-toplevel";
};
lfs.enable = true;
# There's more
settings = {
# Who am I?
user = {
email = mkMailAddress "bruno" "belanyi.fr";
name = "Bruno BELANYI";
};
alias = {
git = "!git";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order";
lola = "lol --all";
assume = "update-index --assume-unchanged";
unassume = "update-index --no-assume-unchanged";
assumed = "!git ls-files -v | grep ^h | cut -c 3-";
pick = "log -p -G";
push-new = "!git push -u origin "
+ ''"$(git branch | grep '^* ' | cut -f2- -d' ')"'';
root = "git rev-parse --show-toplevel";
};
extraConfig = {
# Makes it a bit more readable
blame = {
coloring = "repeatedLines";

21
modules/home/nix-gl/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, inputs, lib, ... }:
let
cfg = config.my.home.nix-gl;
in
{
options.my.home.nix-gl = with lib; {
enable = mkEnableOption "nixGL configuration";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
nixGL = {
inherit (inputs.nixgl) packages;
defaultWrapper = "mesa";
installScripts = [ "mesa" ];
};
}
]);
}

2
modules/home/nix/default.nix
View file

@ -69,7 +69,7 @@ in
automatic = true;
# Every week, with some wiggle room
dates = "weekly";
frequency = "weekly";
randomizedDelaySec = "10min";
# Use a persistent timer for e.g: laptops

10
modules/home/ssh/default.nix
View file

@ -17,7 +17,6 @@ in
{
programs.ssh = {
enable = true;
enableDefaultConfig = false;
includes = [
# Local configuration, not-versioned
@ -54,12 +53,11 @@ in
identityFile = "~/.ssh/shared_rsa";
user = "ambroisie";
};
# `*` is automatically made the last match block by the module
"*" = {
addKeysToAgent = "yes";
};
};
extraConfig = ''
AddKeysToAgent yes
'';
};
}

4
modules/home/tmux/default.nix
View file

@ -61,8 +61,8 @@ in
pain-control
# Better session management
sessionist
# X clipboard integration
{
# X clipboard integration
plugin = yank;
extraConfig = ''
# Use 'clipboard' because of misbehaving apps (e.g: firefox)
@ -71,8 +71,8 @@ in
set -g @yank_action 'copy-pipe'
'';
}
# Show when prefix has been pressed
{
# Show when prefix has been pressed
plugin = prefix-highlight;
extraConfig = ''
# Also show when I'm in copy or sync mode

17
modules/home/trgui/default.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.trgui;
in
{
options.my.home.trgui = with lib; {
enable = mkEnableOption "Transmission GUI onfiguration";
package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; };
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
cfg.package
];
};
}

7
modules/home/vim/ftdetect/glsl.lua Normal file
View file

@ -0,0 +1,7 @@
-- Use GLSL filetype for common shader file extensions
vim.filetype.add({
extension = {
frag = "glsl",
vert = "glsl",
},
})

3
modules/home/vim/init.vim
View file

@ -81,6 +81,9 @@ set updatetime=250
" Disable all mouse integrations
set mouse=
" Set dark mode by default
set background=dark
" Setup some overrides for gruvbox
lua << EOF
local gruvbox = require("gruvbox")

108
modules/home/vim/plugin/settings/lspconfig.lua
View file

@ -1,3 +1,4 @@
local lspconfig = require("lspconfig")
local lsp = require("ambroisie.lsp")
local utils = require("ambroisie.utils")
@ -24,27 +25,59 @@ vim.diagnostic.config({
-- Inform servers we are able to do completion, snippets, etc...
local capabilities = require("cmp_nvim_lsp").default_capabilities()
-- Shared configuration
vim.lsp.config("*", {
capabilities = capabilities,
on_attach = lsp.on_attach,
})
-- C/C++
if utils.is_executable("clangd") then
lspconfig.clangd.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
local servers = {
-- C/C++
clangd = {},
-- Haskell
hls = {},
-- Nix
nil_ls = {},
-- Python
pyright = {},
ruff = {},
-- Rust
rust_analyzer = {},
-- Shell
bashls = {
-- Haskell
if utils.is_executable("haskell-language-server-wrapper") then
lspconfig.hls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Nix
if utils.is_executable("nil") then
lspconfig.nil_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Python
if utils.is_executable("pyright") then
lspconfig.pyright.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("ruff") then
lspconfig.ruff.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Rust
if utils.is_executable("rust-analyzer") then
lspconfig.rust_analyzer.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Shell
if utils.is_executable("bash-language-server") then
lspconfig.bashls.setup({
filetypes = { "bash", "sh", "zsh" },
capabilities = capabilities,
on_attach = lsp.on_attach,
settings = {
bashIde = {
shfmt = {
@ -55,17 +88,28 @@ local servers = {
},
},
},
},
-- Starlark
starpls = {},
-- Generic
harper_ls = {},
typos_lsp = {},
}
for server, config in pairs(servers) do
if not vim.tbl_isempty(config) then
vim.lsp.config(server, config)
end
vim.lsp.enable(server)
})
end
-- Starlark
if utils.is_executable("starpls") then
lspconfig.starpls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
-- Generic
if utils.is_executable("harper-ls") then
lspconfig.harper_ls.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end
if utils.is_executable("typos-lsp") then
lspconfig.typos_lsp.setup({
capabilities = capabilities,
on_attach = lsp.on_attach,
})
end

3
modules/home/xdg/default.nix
View file

@ -56,7 +56,4 @@ in
XCOMPOSECACHE = "${dataHome}/X11/xcompose";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
};
# Some modules *optionally* use `XDG_*_HOME` when told to
config.home.preferXdgDirectories = lib.mkIf cfg.enable true;
}

30
modules/home/zsh/default.nix
View file

@ -1,6 +1,14 @@
{ config, pkgs, lib, ... }:
let
cfg = config.my.home.zsh;
# Have a nice relative path for XDG_CONFIG_HOME, without leading `/`
relativeXdgConfig =
let
noHome = lib.removePrefix config.home.homeDirectory;
noSlash = lib.removePrefix "/";
in
noSlash (noHome config.xdg.configHome);
in
{
options.my.home.zsh = with lib; {
@ -8,22 +16,16 @@ in
launchTmux = mkEnableOption "auto launch tmux at shell start";
completionSync = {
enable = mkEnableOption "zsh-completion-sync plugin";
};
notify = {
enable = mkEnableOption "zsh-done notification";
exclude = mkOption {
type = with types; listOf str;
default = [
"bat"
"delta"
"direnv reload"
"fg"
"git (?!push|pull|fetch)"
"home-manager (?!switch|build)"
"htop"
"less"
"man"
@ -55,7 +57,7 @@ in
programs.zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME
dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
enableCompletion = true;
history = {
@ -72,7 +74,7 @@ in
plugins = [
{
name = "fast-syntax-highlighting";
file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh";
file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh";
src = pkgs.zsh-fast-syntax-highlighting;
}
{
@ -122,18 +124,6 @@ in
};
}
(lib.mkIf cfg.completionSync.enable {
programs.zsh = {
plugins = [
{
name = "zsh-completion-sync";
file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh";
src = pkgs.zsh-completion-sync;
}
];
};
})
(lib.mkIf cfg.notify.enable {
programs.zsh = {
plugins = [

2
modules/nixos/profiles/x/default.nix
View file

@ -13,7 +13,7 @@ in
# Nice wallpaper
services.xserver.displayManager.lightdm.background =
let
wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers";
wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers";
in
"${wallpapers}/summer_1am/contents/images/2560x1600.jpg";

1
modules/nixos/services/default.nix
View file

@ -38,7 +38,6 @@
./servarr
./ssh-server
./tandoor-recipes
./thelounge
./tlp
./transmission
./vikunja

2
modules/nixos/services/homebox/default.nix
View file

@ -39,7 +39,7 @@ in
my.services.backup = {
paths = [
(lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING)
config.services.homebox.settings.HBOX_STORAGE_DATA
];
};

143
modules/nixos/services/matrix/bridges.nix
View file

@ -1,143 +0,0 @@
# Matrix bridges for some services I use
{ config, lib, ... }:
let
cfg = config.my.services.matrix.bridges;
synapseCfg = config.services.matrix-synapse;
domain = config.networking.domain;
serverName = synapseCfg.settings.server_name;
mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; };
mkPortOption = n: default: lib.mkOption {
type = lib.types.port;
inherit default;
example = 8080;
description = "${n} bridge port";
};
mkEnvironmentFileOption = n: lib.mkOption {
type = lib.types.str;
example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env";
description = ''
Path to a file which should contain the secret values for ${n} bridge.
Using through the following format:
```
MATRIX_APPSERVICE_AS_TOKEN=<the_as_value>
MATRIX_APPSERVICE_HS_TOKEN=<the_hs_value>
```
Each bridge should use a different set of secrets, as they each register
their own independent double-puppetting appservice.
'';
};
in
{
options.my.services.matrix.bridges = with lib; {
enable = mkEnableOption "bridges configuration";
admin = mkOption {
type = types.str;
default = "ambroisie";
example = "admin";
description = "Local username for the admin";
};
facebook = {
enable = mkBridgeOption "Facebook";
port = mkPortOption "Facebook" 29321;
environmentFile = mkEnvironmentFileOption "Facebook";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.facebook.enable {
services.mautrix-meta.instances.facebook = {
enable = true;
# Automatically register the bridge with synapse
registerToSynapse = true;
# Provide `AS_TOKEN`, `HS_TOKEN`
inherit (cfg.facebook) environmentFile;
settings = {
homeserver = {
domain = serverName;
address = "http://localhost:${toString config.my.services.matrix.port}";
};
appservice = {
hostname = "localhost";
inherit (cfg.facebook) port;
address = "http://localhost:${toString cfg.facebook.port}";
public_address = "https://facebook-bridge.${domain}";
as_token = "$MATRIX_APPSERVICE_AS_TOKEN";
hs_token = "$MATRIX_APPSERVICE_HS_TOKEN";
bot = {
username = "fbbot";
};
};
backfill = {
enabled = true;
};
bridge = {
delivery_receipts = true;
permissions = {
"*" = "relay";
${serverName} = "user";
"@${cfg.admin}:${serverName}" = "admin";
};
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/";
};
double_puppet = {
secrets = {
${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN";
};
};
network = {
# Don't be picky on Facebook/Messenger
allow_messenger_com_on_fb = true;
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)'';
};
provisioning = {
shared_secret = "disable";
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix-meta-facebook" ];
ensureUsers = [{
name = "mautrix-meta-facebook";
ensureDBOwnership = true;
}];
};
systemd.services.mautrix-meta-facebook = {
wants = [ "postgres.service" ];
after = [ "postgres.service" ];
};
my.services.nginx.virtualHosts = {
# Proxy to the bridge
"facebook-bridge" = {
inherit (cfg.facebook) port;
};
};
})
];
}

199
modules/nixos/services/matrix/default.nix
View file

@ -1,49 +1,24 @@
# Matrix homeserver setup.
# Matrix homeserver setup, using different endpoints for federation and client
# traffic. The main trick for this is defining two nginx servers endpoints for
# matrix.domain.com, each listening on different ports.
#
# Configuration shamelessly stolen from [1]
#
# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix
{ config, lib, pkgs, ... }:
let
cfg = config.my.services.matrix;
adminPkg = pkgs.synapse-admin-etkecc;
federationPort = { public = 8448; private = 11338; };
clientPort = { public = 443; private = 11339; };
domain = config.networking.domain;
matrixDomain = "matrix.${domain}";
serverConfig = {
"m.server" = "${matrixDomain}:443";
};
clientConfig = {
"m.homeserver" = {
"base_url" = "https://${matrixDomain}";
"server_name" = domain;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
# ACAO required to allow element-web on any URL to request this json file
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
imports = [
./bridges.nix
];
options.my.services.matrix = with lib; {
enable = mkEnableOption "Matrix Synapse";
port = mkOption {
type = types.port;
default = 8448;
example = 8008;
description = "Internal port for listeners";
};
secretFile = mkOption {
type = with types; nullOr str;
default = null;
@ -83,22 +58,22 @@ in
enable_registration = false;
listeners = [
# Federation
{
inherit (cfg) port;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
port = federationPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [
{
names = [ "client" ];
compress = true;
}
{
names = [ "federation" ];
compress = false;
}
];
resources = [{ names = [ "federation" ]; compress = false; }];
}
# Client
{
bind_addresses = [ "::1" ];
port = clientPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [{ names = [ "client" ]; compress = false; }];
}
];
@ -121,12 +96,19 @@ in
chat = {
root = pkgs.element-web.override {
conf = {
default_server_config = clientConfig;
show_labs_settings = true;
default_country_code = "FR"; # cocorico
room_directory = {
default_server_config = {
"m.homeserver" = {
"base_url" = "https://${matrixDomain}";
"server_name" = domain;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
showLabsSettings = true;
defaultCountryCode = "FR"; # cocorico
roomDirectory = {
"servers" = [
domain
"matrix.org"
"mozilla.org"
];
@ -134,54 +116,99 @@ in
};
};
};
matrix = {
# Somewhat unused, but necessary for port collision detection
inherit (cfg) port;
extraConfig = {
locations = {
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section above.
"/".return = "404";
"/_matrix".proxyPass = "http://[::1]:${toString cfg.port}";
"/_synapse".proxyPass = "http://[::1]:${toString cfg.port}";
"= /admin".return = "307 /admin/";
"/admin/" = {
alias = "${adminPkg}/";
priority = 500;
tryFiles = "$uri $uri/ /index.html";
};
"~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = {
priority = 400;
root = adminPkg;
extraConfig = ''
rewrite ^/admin/(.*)$ /$1 break;
expires 30d;
more_set_headers "Cache-Control: public";
'';
};
};
};
# Dummy VHosts for port collision detection
matrix-federation = {
port = federationPort.private;
};
matrix-client = {
port = clientPort.private;
};
};
# Setup well-known locations
# Those are too complicated to use my wrapper...
services.nginx.virtualHosts = {
${matrixDomain} = {
onlySSL = true;
useACMEHost = domain;
locations =
let
proxyToClientPort = {
proxyPass = "http://[::1]:${toString clientPort.private}";
};
in
{
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort;
};
listen = [
{ addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
{ addr = "[::]"; port = clientPort.public; ssl = true; }
];
};
# same as above, but listening on the federation port
"${matrixDomain}_federation" = {
onlySSL = true;
serverName = matrixDomain;
useACMEHost = domain;
locations."/".return = "404";
locations."/_matrix" = {
proxyPass = "http://[::1]:${toString federationPort.private}";
};
listen = [
{ addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
{ addr = "[::]"; port = federationPort.public; ssl = true; }
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; };
in
''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
};
# For administration tools.
environment.systemPackages = [ pkgs.matrix-synapse ];
networking.firewall.allowedTCPPorts = [
clientPort.public
federationPort.public
];
my.services.backup = {
paths = [
config.services.matrix-synapse.dataDir

7
modules/nixos/services/mealie/default.nix
View file

@ -32,7 +32,6 @@ in
BASE_URL = "https://mealie.${config.networking.domain}";
TZ = config.time.timeZone;
ALLOw_SIGNUP = "false";
TOKEN_TIME = 24 * 180; # 180 days
};
# Automatic PostgreSQL provisioning
@ -54,12 +53,6 @@ in
};
};
my.services.backup = {
paths = [
"/var/lib/mealie"
];
};
services.fail2ban.jails = {
mealie = ''
enabled = true

6
modules/nixos/services/nextcloud/collabora.nix
View file

@ -16,12 +16,6 @@ in
};
config = lib.mkIf cfg.enable {
services.nextcloud = {
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) richdocuments;
};
};
services.collabora-online = {
enable = true;
inherit (cfg) port;

12
modules/nixos/services/nextcloud/default.nix
View file

@ -35,7 +35,7 @@ in
config = lib.mkIf cfg.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
package = pkgs.nextcloud31;
hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize;
@ -62,16 +62,6 @@ in
# Allow using the push service without hard-coding my IP in the configuration
bendDomainToLocalhost = true;
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
calendar
contacts
deck
tasks
;
# notify_push is automatically installed by the module
};
};
# The service above configures the domain, no need for my wrapper

2
modules/nixos/services/nginx/default.nix
View file

@ -444,7 +444,7 @@ in
};
};
systemd.services."acme-order-renew-${domain}" = {
systemd.services."acme-${domain}" = {
serviceConfig = {
Environment = [
# Since I do a "weird" setup with a wildcard CNAME

59
modules/nixos/services/thelounge/default.nix
View file

@ -1,59 +0,0 @@
# Web IRC client
{ config, lib, ... }:
let
cfg = config.my.services.thelounge;
in
{
options.my.services.thelounge = with lib; {
enable = mkEnableOption "The Lounge, a self-hosted web IRC client";
port = mkOption {
type = types.port;
default = 9050;
example = 4242;
description = "The port on which The Lounge will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
services.thelounge = {
enable = true;
inherit (cfg) port;
extraConfig = {
reverseProxy = true;
};
};
my.services.nginx.virtualHosts = {
irc = {
inherit (cfg) port;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
extraConfig = {
locations."/".extraConfig = ''
proxy_read_timeout 1d;
'';
};
};
};
services.fail2ban.jails = {
thelounge = ''
enabled = true
filter = thelounge
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/thelounge.conf".text = ''
[Definition]
failregex = Authentication failed for user .* from <HOST>$
Authentication for non existing user attempted from <HOST>$
journalmatch = _SYSTEMD_UNIT=thelounge.service
'';
};
};
}

6
modules/nixos/services/transmission/default.nix
View file

@ -71,14 +71,10 @@ in
};
};
# Transmission wants to eat *all* my RAM if left to its own devices
systemd.services.transmission = {
serviceConfig = {
# Transmission wants to eat *all* my RAM if left to its own devices
MemoryMax = "33%";
# Avoid errors due to high number of open files.
LimitNOFILE = 1048576;
# Longer stop timeout to finish all torrents
TimeoutStopSec = "5m";
};
};

4
pkgs/comma/comma
View file

@ -12,9 +12,9 @@ usage() {
find_program() {
local CANDIDATE
CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")"
CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")"
if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then
CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")"
CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)"
fi
printf '%s' "$CANDIDATE"
}

1
pkgs/lohr/default.nix
View file

@ -10,6 +10,7 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";
meta = with lib; {