nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Compare commits

merge into: nki:build-farm
Branches Tags
nki:master
nki:kakoune-package
nki:move-s3
nki:build-farm
nki:remove-macbook
nki:24.05
nki:peertube
nki:invi
nki:local-net
nki:test
...
pull from: nki:master
Branches Tags
nki:master
nki:kakoune-package
nki:move-s3
nki:build-farm
nki:remove-macbook
nki:24.05
nki:peertube
nki:invi
nki:local-net
nki:test

38 commits
build-farm ... master

Author SHA1 Message Date
Natsu Kagami baa3d1cd0d
Update youmubot 2024-11-10 23:13:35 +01:00
Natsu Kagami cd4a9807cb
Update nixpkgs 2024-11-04 18:23:59 +01:00
Natsu Kagami f98b48a5e3
Update nixpkgs 2024-11-01 16:27:41 +01:00
Natsu Kagami fc57e77340
Update zotero and add zoom 2024-11-01 16:27:37 +01:00
Natsu Kagami dc49540f8d
Update youmubot 2024-10-31 14:10:47 +01:00
Natsu Kagami c36f5f66b1
Move stuff to various S3 stores instead of local minio (#5) 
Move most things to Cloudflare R2, whilst gotosocial goes to local.

Reviewed-on: #5
Co-authored-by: Natsu Kagami <nki@nkagami.me>
Co-committed-by: Natsu Kagami <nki@nkagami.me>
 2024-10-31 13:04:58 +00:00
Natsu Kagami 8702656b24
Update gotosocial to 0.17.0 2024-10-19 20:06:00 +02:00
Natsu Kagami 02ea7e95b7
Update osu 2024-10-17 11:36:39 +02:00
Natsu Kagami 22d1dbebe6
Update youmubot 2024-10-13 22:41:50 +02:00
Natsu Kagami c14aab4a8f
Update phanpy and gts 2024-10-12 17:08:29 +02:00
Natsu Kagami d99d57f53e
Update nixpkgs-unstable, add scala to common 2024-10-10 17:01:14 +02:00
Natsu Kagami 267f135972
Enhance nx and nsh to support unstable and git nixpkgs 2024-10-10 16:59:52 +02:00
Natsu Kagami 600ba660c9
Add compatibility workarounds for 24.05 2024-10-09 11:47:29 +02:00
Natsu Kagami 55397974b4
Update conduit to v0.9 2024-10-07 22:53:57 +02:00
Natsu Kagami 2f7179e7d5
Update youmubot 2024-10-07 22:36:03 +02:00
Natsu Kagami 2c54a0a9a1
sway: only import menu prefix if we have plasma 2024-09-28 15:23:25 +02:00
Natsu Kagami 21947fd510
kitty: use themeFile instead of just theme 2024-09-28 15:05:23 +02:00
Natsu Kagami 097a0efd90
Update nixpkgs-unstable and home-manager 2024-09-28 15:03:51 +02:00
Natsu Kagami 5cc543c9db
Suspend then hibernate on lid switch 2024-09-28 14:25:10 +02:00
Natsu Kagami 6a1deaae36
Export XDG_MENU_PREFIX as plasma- in sway 2024-09-27 11:51:27 +02:00
Natsu Kagami 5af862a4ad
Move pls to fish.functions definition 2024-09-27 11:51:03 +02:00
Natsu Kagami a1bd5600a9
Disable avahi 2024-09-27 10:43:48 +02:00
Natsu Kagami a59fa31628
Update authentik 2024-09-25 09:33:40 +02:00
Natsu Kagami 81b549a670
Update nixpkgs 2024-09-24 14:28:04 +02:00
Natsu Kagami 17e66e339c
Create notifications for pls 2024-09-22 15:46:35 +02:00
Natsu Kagami 63c2616c0f
Update nixpkgs-unstable 2024-09-22 15:07:48 +02:00
Natsu Kagami bc5de8bc77
Update youmubot 2024-09-14 18:16:54 +02:00
Natsu Kagami 177f0f686e
Set timezone to just default 2024-09-14 15:58:13 +03:00
Natsu Kagami 4fe33b7e80
Use new vpn format 2024-09-14 15:58:13 +03:00
Natsu Kagami 5ecad94dcb
Update nixpkgs 2024-09-11 11:57:52 +02:00
Natsu Kagami 84fa06937c
Update youmubot 2024-08-24 23:50:19 +02:00
Natsu Kagami 08d0c7aea3
Enable gamemode 2024-08-24 23:22:08 +02:00
Natsu Kagami 5b85a94be7
Update crane 2024-08-19 17:53:03 +02:00
Natsu Kagami 40d325218f
Update nix-gaming 2024-08-19 17:36:28 +02:00
Natsu Kagami db7e115863
Update home manager 2024-08-19 17:34:33 +02:00
Natsu Kagami 59f9ae8d5b
Remove NUR 2024-08-19 17:28:08 +02:00
Natsu Kagami fbe19bac34
Update nixpkgs 2024-08-19 17:25:24 +02:00
Natsu Kagami bc4cfe7c69
Set up build farm (#3) 
Reviewed-on: #3
Co-authored-by: Natsu Kagami <nki@nkagami.me>
Co-committed-by: Natsu Kagami <nki@nkagami.me>
 2024-08-19 14:04:52 +00:00
37 changed files with 818 additions and 648 deletions
Show stats Expand all files Collapse all files

1
common.nix
View file

@ -14,6 +14,7 @@ with lib; {
imports = [ imports = [
# defaultShell # defaultShell
./modules/services/nix-cache ./modules/services/nix-cache
./modules/services/nix-build-farm
]; ];
## Packages ## Packages

382
flake.lock
View file

@ -55,16 +55,16 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1718214198, "lastModified": 1728224242,
"narHash": "sha256-/qKPeE2Ptweaf+rHOvdW0TUDLwN9D93MMgDoU4fTzEA=", "narHash": "sha256-mQLfRAun2G/LDnw3jyFGJbOqpxh2PL8IGzFELRfAgAI=",
"owner": "famedly", "owner": "famedly",
"repo": "conduit", "repo": "conduit",
"rev": "7a5b8930134cf7ea5ff9880e6fa468b2b3e05c98", "rev": "f8d7ef04e664580e882bac852877b68e7bd3ab1e",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "famedly", "owner": "famedly",
"ref": "v0.8.0", "ref": "v0.9.0",
"repo": "conduit", "repo": "conduit",
"type": "gitlab" "type": "gitlab"
} }
@ -115,17 +115,14 @@
}, },
"crane_3": { "crane_3": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "nixpkgs": "nixpkgs_5"
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1697334144, "lastModified": 1724006180,
"narHash": "sha256-gcOxnHEgBcn8mGXgNkTvZ1BLAANZZj+IZzb9QnQt7bc=", "narHash": "sha256-PVxPj0Ga2fMYMtcT9ARCthF+4U71YkOT7ZjgD/vf1Aw=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "4dcf584de14beff8dd0c030ac54e185fd3b72023", "rev": "7ce92819802bc583b7e82ebc08013a530f22209f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -175,11 +172,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718730147, "lastModified": 1724377159,
"narHash": "sha256-QmD6B6FYpuoCqu6ZuPJH896ItNquDkn0ulQlOn4ykN8=", "narHash": "sha256-ixjje1JO8ucKT41hs6n2NCde1Vc0+Zc2p2gUbJpCsMw=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "32c21c29b034d0a93fdb2379d6fabc40fc3d0e6c", "rev": "3e47b7a86c19142bd3675da49d6acef488b4dac1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,7 +208,7 @@
}, },
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"utils": "utils" "utils": "utils"
}, },
@ -231,15 +228,15 @@
}, },
"dtth-phanpy": { "dtth-phanpy": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1723470164, "lastModified": 1728598146,
"narHash": "sha256-ZWcDD4HTmFtEJgEA2Ydg2mA+yu0FVcfEHbCGVXDatfw=", "narHash": "sha256-8zAvVSR3chBSJ7YKW+MYC1mrDxtZDFBPVobfO4KPXzg=",
"ref": "dtth-fork", "ref": "dtth-fork",
"rev": "c72bd47bbd18523b951b3fa73c789629504d0eb3", "rev": "fc6bd96aef92d7796d9c7663ac23e3fa837f8ddb",
"revCount": 2721, "revCount": 3218,
"type": "git", "type": "git",
"url": "ssh://gitea@git.dtth.ch/nki/phanpy" "url": "ssh://gitea@git.dtth.ch/nki/phanpy"
}, },
@ -304,22 +301,6 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696267196,
"narHash": "sha256-AAQ/2sD+0D18bb8hKuEEVpHUYD1GmO2Uh/taFamn6XQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "4f910c9827911b1ec2bf26b5a062cd09f8d89f85",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -335,7 +316,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -351,7 +332,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_6": { "flake-compat_5": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -453,11 +434,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1706830856, "lastModified": 1722555600,
"narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -481,24 +462,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_10": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -519,14 +482,14 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1726560853,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -539,24 +502,6 @@
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@ -571,9 +516,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -589,6 +534,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": { "flake-utils_7": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_7"
@ -608,15 +571,12 @@
} }
}, },
"flake-utils_8": { "flake-utils_8": {
"inputs": {
"systems": "systems_8"
},
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1659877975,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -626,12 +586,15 @@
} }
}, },
"flake-utils_9": { "flake-utils_9": {
"inputs": {
"systems": "systems_8"
},
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1710146030,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -779,11 +742,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722462338, "lastModified": 1728337164,
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "rev": "038630363e7de57c36c417fd2f5d7c14773403e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -827,14 +790,14 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_4", "crane": "crane_4",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1682802423, "lastModified": 1682802423,
@ -854,20 +817,20 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723503926, "lastModified": 1729298361,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_6",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -875,20 +838,20 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723510904, "lastModified": 1729360442,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", "rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
} }
}, },
"mpd-mpris": { "mpd-mpris": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_7",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -925,14 +888,15 @@
"nix-gaming": { "nix-gaming": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8",
"umu": "umu"
}, },
"locked": { "locked": {
"lastModified": 1716686274, "lastModified": 1723945279,
"narHash": "sha256-4JiRUWtoEMrfq38jG4O+NP6rcQIhKxEclnSkHvywnf0=", "narHash": "sha256-3W+/u3v/e0dTOxht6wW6pL+kr44e8Amb8A1Z3Bx8BUE=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "83a47c12d3493f7eb876250d0298d1566a965ce4", "rev": "bcf8116981cc332c2734d4c82a034f115780853d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -958,11 +922,11 @@
}, },
"nixos-m1": { "nixos-m1": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1700436815, "lastModified": 1700436815,
@ -1014,20 +978,14 @@
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": { "locked": {
"dir": "lib", "lastModified": 1722555339,
"lastModified": 1706550542, "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
"repo": "nixpkgs",
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
"type": "github"
}, },
"original": { "original": {
"dir": "lib", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
@ -1064,11 +1022,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1723703277, "lastModified": 1730272153,
"narHash": "sha256-nk0RaUB5f68BwtXAYy3WAjqFhVKqIl9Z89RGycTa2vk=", "narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8b908192e64224420e2d59dfd9b2e4309e154c5d", "rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1080,11 +1038,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1718530797, "lastModified": 1724224976,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=", "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9", "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1144,11 +1102,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1696261572, "lastModified": 1722640603,
"narHash": "sha256-s8TtSYJ1LBpuITXjbPLUPyxzAKw35LhETcajJjCS5f0=", "narHash": "sha256-TcXjLVNd3VeH1qKPH335Tc4RbFDbZQX+d7rqnDUoRaY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0c7ffbc66e6d78c50c38e717ec91a2a14e0622fb", "rev": "81610abc161d4021b29199aa464d6a1a521e0cc9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1176,11 +1134,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1723175592, "lastModified": 1728492678,
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixOS", "owner": "nixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1192,11 +1150,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1708751719, "lastModified": 1723856861,
"narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=", "narHash": "sha256-OTDg91+Zzs2SpU3csK4xVdSQFoG8cK1lNUwKmTqERyE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f63ce824cd2f036216eb5f637dfef31e1a03ee89", "rev": "cd7b95ee3725af7113bacbce91dd6549cee58ca5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1208,11 +1166,11 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1723556749, "lastModified": 1730137625,
"narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=", "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a92571f9207810b559c9eac203d1f4d79830073", "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1222,21 +1180,6 @@
"type": "github" "type": "github"
} }
}, },
"nur": {
"locked": {
"lastModified": 1697363080,
"narHash": "sha256-/49Rh5mohp0ZD6HaNbDn9oIsLt+d7Tzbc/BGkb/7o+g=",
"owner": "nix-community",
"repo": "NUR",
"rev": "5771ba6f22db037b037a8bdd82acc5467c965c7e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -1276,7 +1219,7 @@
"darwin": "darwin", "darwin": "darwin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"dtth-phanpy": "dtth-phanpy", "dtth-phanpy": "dtth-phanpy",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_4",
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"kak-lsp": "kak-lsp", "kak-lsp": "kak-lsp",
@ -1289,7 +1232,7 @@
"nixos-m1": "nixos-m1", "nixos-m1": "nixos-m1",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_9",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur", "rust-overlay": "rust-overlay_3",
"secrets": "secrets", "secrets": "secrets",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"youmubot": "youmubot" "youmubot": "youmubot"
@ -1313,31 +1256,6 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"flake-utils": [
"crane",
"flake-utils"
],
"nixpkgs": [
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1696299134,
"narHash": "sha256-RS77cAa0N+Sfj5EmKbm5IdncNXaBCE1BSSQvUE8exvo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "611ccdceed92b4d94ae75328148d84ee4a5b462d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
"lanzaboote", "lanzaboote",
@ -1362,7 +1280,7 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": { "rust-overlay_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1686795910, "lastModified": 1686795910,
@ -1378,9 +1296,50 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724466314,
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"youmubot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724466314,
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"secrets": { "secrets": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_9" "flake-utils": "flake-utils_8"
}, },
"locked": { "locked": {
"lastModified": 1693981285, "lastModified": 1693981285,
@ -1539,24 +1498,34 @@
"type": "github" "type": "github"
} }
}, },
"systems_9": { "umu": {
"inputs": {
"nixpkgs": [
"nix-gaming",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1681028828, "dir": "packaging/nix",
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "lastModified": 1723697867,
"owner": "nix-systems", "narHash": "sha256-LTfbJXR8x35oZ8Mo3R0WTVEp9toWpVfzD21xCSr64IM=",
"repo": "default", "ref": "refs/heads/main",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "c71a45ad53036f4c668bcbe1be7a49f9d3460151",
"type": "github" "revCount": 699,
"submodules": true,
"type": "git",
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
}, },
"original": { "original": {
"owner": "nix-systems", "dir": "packaging/nix",
"repo": "default", "submodules": true,
"type": "github" "type": "git",
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
} }
}, },
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@ -1575,15 +1544,16 @@
"youmubot": { "youmubot": {
"inputs": { "inputs": {
"crane": "crane_5", "crane": "crane_5",
"flake-utils": "flake-utils_10", "flake-utils": "flake-utils_9",
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10",
"rust-overlay": "rust-overlay_4"
}, },
"locked": { "locked": {
"lastModified": 1722866694, "lastModified": 1730740980,
"narHash": "sha256-yDNqFvkBauxOvecASnAUYohui0mQslcppNKMhWHvECk=", "narHash": "sha256-Z/RLbhlBxdNPZt/DeROPBV7bLQgpmamjcB0rdQrQoNw=",
"owner": "natsukagami", "owner": "natsukagami",
"repo": "youmubot", "repo": "youmubot",
"rev": "7565a6e5c572063c73c0dfa7627c0a517d52fe5c", "rev": "803d718c7ad34d3780ae6c2911ca0682b2417cc4",
"type": "github" "type": "github"
}, },
"original": { "original": {

25
flake.nix
View file

@ -15,7 +15,6 @@
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
deploy-rs.url = "github:Serokell/deploy-rs"; deploy-rs.url = "github:Serokell/deploy-rs";
nur.url = "github:nix-community/NUR";
# --- Secure boot # --- Secure boot
lanzaboote = { lanzaboote = {
@ -26,9 +25,13 @@
# --- Build tools # --- Build tools
flake-utils.url = github:numtide/flake-utils; flake-utils.url = github:numtide/flake-utils;
crane.url = github:ipetkov/crane; crane.url = github:ipetkov/crane;
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
arion.url = github:hercules-ci/arion; arion.url = github:hercules-ci/arion;
lix-module = { lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -44,7 +47,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?ref=dtth-fork"; dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?ref=dtth-fork";
conduit.url = "gitlab:famedly/conduit/v0.8.0"; conduit.url = "gitlab:famedly/conduit/v0.9.0";
nix-gaming.url = github:fufexan/nix-gaming; nix-gaming.url = github:fufexan/nix-gaming;
# --- Sources # --- Sources
@ -60,7 +63,7 @@
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets"; secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
}; };
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, nur, ... }@inputs: outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, ... }@inputs:
let let
overlays = import ./overlay.nix inputs; overlays = import ./overlay.nix inputs;
lib = nixpkgs.lib; lib = nixpkgs.lib;
@ -85,6 +88,20 @@
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ]; trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
}; };
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ]; environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
}; };
# Common Nix modules # Common Nix modules

1
home/common.nix
View file

@ -28,6 +28,7 @@
fx # JSON viewer fx # JSON viewer
glow # Markdown viewer glow # Markdown viewer
nix-output-monitor # Nice nix output formatting nix-output-monitor # Nice nix output formatting
unstable.scala-next
## PDF Processors ## PDF Processors
poppler_utils poppler_utils
## htop replacement ## htop replacement

5
home/config.nix
View file

@ -1,8 +1,3 @@
{ {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
} }

90
home/fish/fish.nix
View file

@ -53,8 +53,7 @@ in
functions = { functions = {
rebuild = { rebuild = {
body = '' body = ''
command sudo -v && \ pls nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
command sudo nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
&| ${pkgs.nix-output-monitor}/bin/nom --json &| ${pkgs.nix-output-monitor}/bin/nom --json
''; '';
wraps = "nixos-rebuild"; wraps = "nixos-rebuild";
@ -62,19 +61,18 @@ in
# Simplify nix usage! # Simplify nix usage!
nx = { nx = {
body = '' body = ''
set impure argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv
if test $argv[1] = "--impure" if set -q _flag_help || test (count $argv) -eq 0
set impure "--impure" echo "nx [--impure] [-u/--unstable/-g/--git] {package} [args...]"
set argv $argv[2..]
end
if test (count $argv) -gt 0
nix run $impure nixpkgs#$argv[1] -- $argv[2..]
else
echo "nx [--impure] {package} [args...]"
return 1 return 1
else
set -q _flag_impure && set impure "--impure"
set nixpkgs "nixpkgs"
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix run $impure $nixpkgs"#"$argv[1] -- $argv[2..]
end end
''; '';
wraps = "nix run";
description = "Runs an app from the nixpkgs store."; description = "Runs an app from the nixpkgs store.";
}; };
@ -82,25 +80,35 @@ in
description = "Spawns a shell from the given nixpkgs packages"; description = "Spawns a shell from the given nixpkgs packages";
wraps = "nix shell"; wraps = "nix shell";
body = '' body = ''
set impure function help
if test $argv[1] = "--impure" echo "nsh [--impure] [--impure] [-u/--unstable/-g/--git] {package}* [-c command args...]"
set impure "--impure"
set argv $argv[2..]
end end
if test (count $argv) -gt 0 argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv
if set -q _flag_help || test (count $argv) -eq 0
help
return 0
end
set packages $argv
set minusc (contains -i -- "-c" $argv) set minusc (contains -i -- "-c" $argv)
if test -z $minusc if test -n "$minusc"
nix shell $impure nixpkgs#$argv -c fish if test $minusc -eq 1
else if test $minusc -eq (count $argv) help
echo "nsh [--impure] {packages} [-c command args...]"
return 1
else
nix shell $impure nixpkgs#$argv[..(math $minusc - 1)] $argv[$minusc..]
end
else
echo "nsh [--impure] {packages} [-c command args...]"
return 1 return 1
end end
set packages $argv[..(math $minusc - 1)]
set argv $argv[(math $minusc + 1)..]
else
set argv "fish" "-i"
end
if test (count $packages) -eq 0
help
return 1
end
set -q _flag_impure && set impure "--impure"
set nixpkgs "nixpkgs"
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix shell $impure $nixpkgs"#"$packages --command $argv
''; '';
}; };
# Grep stuff # Grep stuff
@ -118,6 +126,30 @@ in
}; };
echo-today = "date +%F"; echo-today = "date +%F";
newfile = "mkdir -p (dirname $argv[-1]) && touch $argv"; newfile = "mkdir -p (dirname $argv[-1]) && touch $argv";
# pls
pls = {
wraps = "sudo";
body = ''
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
set notif_id (kitten notify -P \
-p ${./haruka.png} \
-a "pls" \
-u critical \
"A-a command requires your p-password" \
(printf "I-I need your p-password to r-run the following c-command:\n\n%s" $cmd))
command sudo -v -p "P-password please: "
kitten notify -i $notif_id ""
end
command sudo $argv
'';
};
}; };
@ -253,8 +285,8 @@ in
target = ".config/fish/conf.d/change_cmd.fish"; target = ".config/fish/conf.d/change_cmd.fish";
}; };
"fish/pls.fish" = { "fish/pls.fish" = {
source = ./. + "/pls.fish"; source = ./pls_extra.fish;
target = ".config/fish/conf.d/pls.fish"; target = ".config/fish/conf.d/pls_extra.fish";
}; };
}; };
} }

BIN
home/fish/haruka.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 30 KiB

155
home/fish/pls.fish
View file

@ -1,155 +0,0 @@
alias sue="pls -e"
function pls
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
# notify-send -t 3000 -u critical -i ~/Downloads/harukablush.jpg -h "STRING:command:"$cmd "A-a command requires your p-password" (printf "I-I need your p-password to r-run the following c-command: %s" $cmd)
end
command sudo $argv
end
function sudo
echo "Not polite enough."
end
function __fish_prepend_pls -d "Prepend 'pls ' to the beginning of the current commandline"
# If there is no commandline, insert the last item from history
# and *then* toggle
if not commandline | string length -q
commandline -r "$history[1]"
end
set -l cmd (commandline -po)
set -l cursor (commandline -C)
if test "$cmd[1]" = e
commandline -C 0
commandline -i "su"
commandline -C (math $cursor + 2)
else if test "$cmd[1]" = sue
commandline -r (string sub --start=3 (commandline -p))
commandline -C -- (math $cursor - 2)
else if test "$cmd[1]" != pls
commandline -C 0
commandline -i "pls "
commandline -C (math $cursor + 4)
else
commandline -r (string sub --start=5 (commandline -p))
commandline -C -- (math $cursor - 4)
end
end
bind --preset -e -M insert \es
bind -M insert \es __fish_prepend_pls
function __fish_man_page
# Get all commandline tokens not starting with "-"
set -l args (commandline -po | string match -rv '^-')
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
#Skip `pls` and display then manpage of following command
while set -q args[2]
and string match -qr -- '^(pls|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (basename $args[1])
if set -q args[2]
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end
#
# Completion for pls
#
function __fish_pls_print_remaining_args
set -l tokens (commandline -opc) (commandline -ct)
set -e tokens[1]
# These are all the options mentioned in the man page for Todd Miller's "pls.ws" pls (in that order).
# If any other implementation has different options, this should be harmless, since they shouldn't be used anyway.
set -l opts A/askpass b/background C/close-from= E/preserve-env='?'
# Note that "-h" is both "--host" (which takes an option) and "--help" (which doesn't).
# But `-h` as `--help` only counts when it's the only argument (`pls -h`),
# so any argument completion after that should take it as "--host".
set -a opts e/edit g/group= H/set-home h/host= 1-help
set -a opts i/login K/remove-timestamp k/reset-timestamp l/list n/non-interactive
set -a opts P/preserve-groups p/prompt= S/stdin s/shell U/other-user=
set -a opts u/user= T/command-timeout= V/version v/validate
argparse -s $opts -- $tokens 2>/dev/null
# The remaining argv is the subcommand with all its options, which is what
# we want.
if test -n "$argv"
and not string match -qr '^-' $argv[1]
string join0 -- $argv
return 0
else
return 1
end
end
function __fish_pls_no_subcommand
not __fish_pls_print_remaining_args >/dev/null
end
function __fish_complete_pls_subcommand
set -l args (__fish_pls_print_remaining_args | string split0)
set -lx -a PATH /usr/local/sbin /sbin /usr/sbin
__fish_complete_subcommand --commandline $args
end
# All these options should be valid for GNU and OSX pls
complete -c pls -n __fish_no_arguments -s h -d "Display help and exit"
complete -c pls -n __fish_no_arguments -s V -d "Display version information and exit"
complete -c pls -n __fish_pls_no_subcommand -s A -d "Ask for password via the askpass or \$SSH_ASKPASS program"
complete -c pls -n __fish_pls_no_subcommand -s C -d "Close all file descriptors greater or equal to the given number" -xa "0 1 2 255"
complete -c pls -n __fish_pls_no_subcommand -s E -d "Preserve environment"
complete -c pls -n __fish_pls_no_subcommand -s H -d "Set home"
complete -c pls -n __fish_pls_no_subcommand -s K -d "Remove the credential timestamp entirely"
complete -c pls -n __fish_pls_no_subcommand -s P -d "Preserve group vector"
complete -c pls -n __fish_pls_no_subcommand -s S -d "Read password from stdin"
complete -c pls -n __fish_pls_no_subcommand -s b -d "Run command in the background"
complete -c pls -n __fish_pls_no_subcommand -s e -rF -d Edit
complete -c pls -n __fish_pls_no_subcommand -s g -a "(__fish_complete_groups)" -x -d "Run command as group"
complete -c pls -n __fish_pls_no_subcommand -s i -d "Run a login shell"
complete -c pls -n __fish_pls_no_subcommand -s k -d "Reset or ignore the credential timestamp"
complete -c pls -n __fish_pls_no_subcommand -s l -d "List the allowed and forbidden commands for the given user"
complete -c pls -n __fish_pls_no_subcommand -s n -d "Do not prompt for a password - if one is needed, fail"
complete -c pls -n __fish_pls_no_subcommand -s p -d "Specify a custom password prompt"
complete -c pls -n __fish_pls_no_subcommand -s s -d "Run the given command in a shell"
complete -c pls -n __fish_pls_no_subcommand -s u -a "(__fish_complete_users)" -x -d "Run command as user"
complete -c pls -n __fish_pls_no_subcommand -s v -n __fish_no_arguments -d "Validate the credentials, extending timeout"
# Complete the command we are executed under pls
complete -c pls -x -n 'not __fish_seen_argument -s e' -a "(__fish_complete_pls_subcommand)"

47
home/fish/pls_extra.fish Normal file
View file

@ -0,0 +1,47 @@
alias sue="pls -e"
function sudo
echo "Not polite enough."
end
bind --preset -M visual \es 'fish_commandline_prepend pls'
bind -M insert \es 'fish_commandline_prepend pls'
function __fish_man_page
# Get all commandline tokens not starting with "-", up to and including the cursor's
set -l args (string match -rv '^-|^$' -- (commandline -cpx && commandline -t))
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
# Skip leading commands and display the manpage of following command
while set -q args[2]
and string match -qr -- '^(and|begin|builtin|caffeinate|command|doas|entr|env|exec|if|mosh|nice|not|or|pipenv|prime-run|setsid|sudo|pls|systemd-nspawn|time|watch|while|xargs|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (path basename $args[1])
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if set -q args[2]
and not string match -q -- '*/*' $args[2]
and man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end

3
home/modules/linux/graphical/default.nix
View file

@ -66,7 +66,7 @@ in
# Audio # Audio
qpwgraph # Pipewire graph qpwgraph # Pipewire graph
zotero_7 unstable.zotero
libreoffice libreoffice
mpv # for anki mpv # for anki
@ -76,6 +76,7 @@ in
tdesktop tdesktop
whatsapp-for-linux whatsapp-for-linux
slack slack
zoom-us
librewolf librewolf

15
home/modules/programs/my-kitty/default.nix
View file

@ -2,11 +2,20 @@
let let
cfg = config.nki.programs.kitty; cfg = config.nki.programs.kitty;
cmd = if pkgs.stdenv.isDarwin then "cmd" else "ctrl";
theme = { lib, options, config, ... }: {
programs.kitty = lib.mkIf config.nki.programs.kitty.enable (
if builtins.hasAttr "themeFile" options.programs.kitty then {
themeFile = "ayu_light";
} else {
theme = "Ayu Light";
}
);
};
in in
with lib; with lib;
{ {
imports = [ ./darwin.nix ./linux.nix ./tabs.nix ]; imports = [ theme ./darwin.nix ./linux.nix ./tabs.nix ];
options.nki.programs.kitty = { options.nki.programs.kitty = {
enable = mkEnableOption "Enable kitty"; enable = mkEnableOption "Enable kitty";
@ -51,8 +60,6 @@ with lib;
font.name = "Fantasque Sans Mono"; font.name = "Fantasque Sans Mono";
font.size = cfg.fontSize; font.size = cfg.fontSize;
theme = "Ayu Light";
settings = settings =
let let
# Background color and transparency # Background color and transparency

11
home/modules/programs/my-sway/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, options, config, ... }: { pkgs, lib, options, config, osConfig, ... }:
with lib; with lib;
let let
cfg = config.programs.my-sway; cfg = config.programs.my-sway;
@ -129,8 +129,11 @@ in
"PATH" # for portals "PATH" # for portals
"XDG_DATA_DIRS" # For extra icons "XDG_DATA_DIRS" # For extra icons
"XDG_DATA_HOME" # For extra icons "XDG_DATA_HOME" # For extra icons
] ++ lib.optionals osConfig.services.desktopManager.plasma6.enable [
"XDG_MENU_PREFIX"
]; ];
systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default ++ [ systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default
++ [
"systemctl --user restart xdg-desktop-portal.service" "systemctl --user restart xdg-desktop-portal.service"
]; ];
@ -358,7 +361,9 @@ in
eval `gnome-keyring-daemon` eval `gnome-keyring-daemon`
export SSH_AUTH_SOCK export SSH_AUTH_SOCK
fi fi
'' else ""); '' else "") + lib.optionalString osConfig.services.desktopManager.plasma6.enable ''
export XDG_MENU_PREFIX=plasma-
'';
# Extra # Extra
wrapperFeatures.base = true; wrapperFeatures.base = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;

10
home/modules/programs/openconnect-epfl.nix
View file

@ -4,12 +4,14 @@ let
name = "openconnect-epfl"; name = "openconnect-epfl";
runtimeInputs = with pkgs; [ openconnect rbw ]; runtimeInputs = with pkgs; [ openconnect rbw ];
text = '' text = ''
GASPAR_PASSWORD=$(rbw get gaspar) METHOD="Microsoft Entra ID"
GASPAR_TOKEN=$(rbw code gaspar) RBW_ENTRY="EPFL Microsoft Auth"
GASPAR_PASSWORD=$(rbw get "$RBW_ENTRY")
GASPAR_TOKEN=$(rbw code "$RBW_ENTRY")
printf "%s\n%s\n" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | sudo openconnect \ printf "\n%s\n%s\n%s\n" "$METHOD" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | command sudo openconnect \
--passwd-on-stdin \ --passwd-on-stdin \
-u pham \ -u "pham" \
--useragent='AnyConnect' \ --useragent='AnyConnect' \
"https://vpn.epfl.ch" "https://vpn.epfl.ch"
''; '';

4
home/osu.nix
View file

@ -5,10 +5,10 @@ let
osu-pkg = with pkgs; with lib; osu-pkg = with pkgs; with lib;
appimageTools.wrapType2 rec { appimageTools.wrapType2 rec {
pname = "osu-lazer-bin"; pname = "osu-lazer-bin";
version = "2024.817.0"; version = "2024.1009.1";
src = fetchurl { src = fetchurl {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage"; url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
sha256 = "1qzyfyciyv38flkac6v3ym5vpgr9m9h1z5hg5pz6s9h9gb8q7fq2"; sha256 = "sha256-2H2SPcUm/H/0D9BqBiTFvaCwd0c14/r+oWhyeZdNpoU=";
}; };
extraPkgs = pkgs: with pkgs; [ icu ]; extraPkgs = pkgs: with pkgs; [ icu ];

13
modules/cloud/authentik/default.nix
View file

@ -22,8 +22,8 @@ let
}; };
authentik = mkImage { authentik = mkImage {
imageName = "ghcr.io/goauthentik/server"; imageName = "ghcr.io/goauthentik/server";
finalImageTag = "2024.6.3"; finalImageTag = "2024.8.2";
imageDigest = "sha256:31bbe9c91ef7f95f0ed5f051bd268465d79b20eeb127066f39af22991ccfc85d"; imageDigest = "sha256:71984fdbb7a9414f5172bb446104d3fe4ab1ab412c8b3343bb97b04449dd53eb";
}; };
}; };
authentikEnv = pkgs.writeText "authentik.env" '' authentikEnv = pkgs.writeText "authentik.env" ''
@ -48,7 +48,14 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.arion-authentik.serviceConfig.EnvironmentFile = cfg.envFile; systemd.services.arion-authentik = {
serviceConfig.EnvironmentFile = cfg.envFile;
serviceConfig.Type = "notify";
serviceConfig.NotifyAccess = "all";
script = lib.mkBefore ''
${lib.getExe pkgs.wait4x} http http://127.0.0.1:${toString cfg.port} --expect-status-code 200 -t 0 -q -- systemd-notify --ready &
'';
};
virtualisation.arion.projects.authentik.settings = { virtualisation.arion.projects.authentik.settings = {
services.postgresql.service = { services.postgresql.service = {
image = images.postgresql; image = images.postgresql;

51
modules/cloud/conduit/default.nix
View file

@ -74,6 +74,8 @@ with lib;
global.port = instance.port; global.port = instance.port;
global.allow_registration = instance.allow_registration; global.allow_registration = instance.allow_registration;
global.database_path = "/mnt/data/${srvName}/"; global.database_path = "/mnt/data/${srvName}/";
global.well_known_client = "https://${instance.host}";
global.well_known_server = "${instance.host}:443";
}); });
in in
{ {
@ -114,61 +116,12 @@ with lib;
)) ))
cfg.instances); cfg.instances);
# Serving .well-known files
# This is a single .well-known/matrix/server file that points to the server,
# which is NOT on port 8448 since Cloudflare doesn't allow us to route HTTPS
# through that port.
config.services.nginx = mkIf cfg.enable
{
enable = true;
virtualHosts = lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" {
listen = [{ addr = "127.0.0.1"; port = instance.well-known_port; }];
# Check https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md
# for the file structure.
root = pkgs.symlinkJoin
{
name = "well-known-files-for-conduit-${name}";
paths = [
(pkgs.writeTextDir ".well-known/matrix/client" (builtins.toJSON {
"m.homeserver".base_url = "https://${instance.host}";
"org.matrix.msc3575.proxy".url = "https://${instance.host}";
}))
(pkgs.writeTextDir ".well-known/matrix/server" (builtins.toJSON {
"m.server" = "${instance.host}:443";
}))
];
};
extraConfig =
# Enable CORS from anywhere since we want all clients to find us out
''
add_header 'Access-Control-Allow-Origin' "*";
'' +
# Force returning values to be JSON data
''
default_type application/json;
'';
})
cfg.instances;
};
config.cloud.traefik.hosts = mkIf cfg.enable ( config.cloud.traefik.hosts = mkIf cfg.enable (
(lib.attrsets.mapAttrs' (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({ (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
inherit (instance) host port noCloudflare; inherit (instance) host port noCloudflare;
})) }))
cfg.instances) cfg.instances)
// (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" (
let
server_name = if instance.server_name == "" then instance.host else instance.server_name;
in
{
port = instance.well-known_port;
filter = "Host(`${server_name}`) && PathPrefix(`/.well-known`)";
}
))
cfg.instances)
); );
} }

2
modules/cloud/conduit/heisenbridge.nix
View file

@ -33,7 +33,7 @@ with lib; {
{ {
systemd.services.heisenbridge = { systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge"; description = "Matrix<->IRC bridge";
requires = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = rec { serviceConfig = rec {

20
modules/cloud/gotosocial/default.nix
View file

@ -4,6 +4,7 @@ let
cfg = config.cloud.gotosocial; cfg = config.cloud.gotosocial;
dbUser = "gotosocial"; dbUser = "gotosocial";
storageLocation = "/mnt/data/gotosocial";
in in
{ {
options.cloud.gotosocial = { options.cloud.gotosocial = {
@ -74,6 +75,9 @@ in
# Media # Media
media-emoji-remote-max-size = 256 * 1024 /* bytes */; media-emoji-remote-max-size = 256 * 1024 /* bytes */;
media-emoji-local-max-size = 256 * 1024 /* bytes */; media-emoji-local-max-size = 256 * 1024 /* bytes */;
media-remote-cache-days = 7;
media-cleanup-from = "00:00";
media-cleanup-every = "24h";
# OIDC # OIDC
oidc-enabled = true; oidc-enabled = true;
oidc-idp-name = "DTTH"; oidc-idp-name = "DTTH";
@ -82,10 +86,22 @@ in
http-client.block-ips = [ "11.0.0.0/24" ]; http-client.block-ips = [ "11.0.0.0/24" ];
# Advanced # Advanced
advanced-rate-limit-requests = 0; advanced-rate-limit-requests = 0;
# Storage
storage-backend = "local";
storage-local-base-path = "${storageLocation}/storage";
# instance-inject-mastodon-version = true; # instance-inject-mastodon-version = true;
}; };
}; };
systemd.services.gotosocial.requires = mkAfter [ "minio.service" "postgresql.service" ]; systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.after = mkAfter [ "minio.service" "postgresql.service" ]; systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.unitConfig = {
RequiresMountsFor = [ storageLocation ];
ReadWritePaths = [ storageLocation ];
};
systemd.tmpfiles.settings."10-gotosocial".${storageLocation}.d = {
user = dbUser;
group = dbUser;
mode = "0700";
};
}; };
} }

183
modules/cloud/outline/r2.patch Normal file
View file

@ -0,0 +1,183 @@
commit 8c7f8c28fabc174a71499a4737579b24b5c4b244
Author: Natsu Kagami <nki@nkagami.me>
Date: Mon Oct 21 02:17:36 2024 +0200
Support R2
diff --git a/.env.sample b/.env.sample
index eb57ad85c..94ffcee07 100644
--- a/.env.sample
+++ b/.env.sample
@@ -66,6 +66,8 @@ AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
AWS_S3_FORCE_PATH_STYLE=true
AWS_S3_ACL=private
+AWS_S3_R2=true
+AWS_S3_R2_PUBLIC_URL=http://s3:4569
# AUTHENTICATION
diff --git a/app/utils/files.ts b/app/utils/files.ts
index 6607a6b12..5138f68ad 100644
--- a/app/utils/files.ts
+++ b/app/utils/files.ts
@@ -63,8 +63,13 @@ export const uploadFile = async (
xhr.addEventListener("loadend", () => {
resolve(xhr.readyState === 4 && xhr.status >= 200 && xhr.status < 400);
});
- xhr.open("POST", data.uploadUrl, true);
- xhr.send(formData);
+ xhr.open(data.method, data.uploadUrl, true);
+ xhr.setRequestHeader("Content-Type", file.type);
+ if (data.method === "POST") {
+ xhr.send(formData);
+ } else {
+ xhr.send(file);
+ }
});
if (!success) {
diff --git a/server/env.ts b/server/env.ts
index 5b420f2e1..4ea1e8d3c 100644
--- a/server/env.ts
+++ b/server/env.ts
@@ -519,6 +519,14 @@ export class Environment {
environment.AWS_S3_UPLOAD_BUCKET_NAME
);
+ @IsOptional()
+ public AWS_S3_R2 = this.toBoolean(environment.AWS_S3_R2 ?? "false");
+
+ @IsOptional()
+ public AWS_S3_R2_PUBLIC_URL = this.toOptionalString(
+ environment.AWS_S3_R2_PUBLIC_URL
+ );
+
/**
* Whether to force path style URLs for S3 objects, this is required for some
* S3-compatible storage providers.
diff --git a/server/routes/api/attachments/attachments.ts b/server/routes/api/attachments/attachments.ts
index 5e6c27594..b7620f440 100644
--- a/server/routes/api/attachments/attachments.ts
+++ b/server/routes/api/attachments/attachments.ts
@@ -3,6 +3,7 @@ import { v4 as uuidv4 } from "uuid";
import { AttachmentPreset } from "@shared/types";
import { bytesToHumanReadable } from "@shared/utils/files";
import { AttachmentValidation } from "@shared/validations";
+import env from "@server/env";
import { AuthorizationError, ValidationError } from "@server/errors";
import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter";
@@ -90,16 +91,30 @@ router.post(
{ transaction }
);
- const presignedPost = await FileStorage.getPresignedPost(
- key,
- acl,
- maxUploadSize,
- contentType
- );
+ let uploadUrl;
+ let method;
+ let presignedPost = {
+ fields: {},
+ };
+ if (env.AWS_S3_R2) {
+ uploadUrl = await FileStorage.getPresignedPut(key);
+ method = "PUT";
+ } else {
+ uploadUrl = FileStorage.getUploadUrl();
+ method = "POST";
+
+ presignedPost = await FileStorage.getPresignedPost(
+ key,
+ acl,
+ maxUploadSize,
+ contentType
+ );
+ }
ctx.body = {
data: {
- uploadUrl: FileStorage.getUploadUrl(),
+ uploadUrl,
+ method,
form: {
"Cache-Control": "max-age=31557600",
"Content-Type": contentType,
diff --git a/server/storage/files/BaseStorage.ts b/server/storage/files/BaseStorage.ts
index ce0287ebc..a1931c83d 100644
--- a/server/storage/files/BaseStorage.ts
+++ b/server/storage/files/BaseStorage.ts
@@ -26,6 +26,8 @@ export default abstract class BaseStorage {
contentType: string
): Promise<Partial<PresignedPost>>;
+ public abstract getPresignedPut(key: string): Promise<string>;
+
/**
* Returns a promise that resolves with a stream for reading a file from the storage provider.
*
diff --git a/server/storage/files/LocalStorage.ts b/server/storage/files/LocalStorage.ts
index 83cf98c50..324e60dd9 100644
--- a/server/storage/files/LocalStorage.ts
+++ b/server/storage/files/LocalStorage.ts
@@ -30,6 +30,10 @@ export default class LocalStorage extends BaseStorage {
});
}
+ public async getPresignedPut(key: string) {
+ return this.getUrlForKey(key);
+ }
+
public getUploadUrl() {
return "/api/files.create";
}
diff --git a/server/storage/files/S3Storage.ts b/server/storage/files/S3Storage.ts
index a42442e0c..d55ef5472 100644
--- a/server/storage/files/S3Storage.ts
+++ b/server/storage/files/S3Storage.ts
@@ -4,6 +4,7 @@ import {
S3Client,
DeleteObjectCommand,
GetObjectCommand,
+ PutObjectCommand,
ObjectCannedACL,
} from "@aws-sdk/client-s3";
import { Upload } from "@aws-sdk/lib-storage";
@@ -58,6 +59,16 @@ export default class S3Storage extends BaseStorage {
return createPresignedPost(this.client, params);
}
+ public async getPresignedPut(key: string) {
+ const params = {
+ Bucket: env.AWS_S3_UPLOAD_BUCKET_NAME,
+ Key: key,
+ };
+
+ const command = new PutObjectCommand(params);
+ return await getSignedUrl(this.client, command, { expiresIn: 3600 });
+ }
+
private getPublicEndpoint(isServerUpload?: boolean) {
if (env.AWS_S3_ACCELERATE_URL) {
return env.AWS_S3_ACCELERATE_URL;
@@ -137,10 +148,17 @@ export default class S3Storage extends BaseStorage {
);
}
+ public getR2ObjectUrl = async (key: string) =>
+ env.AWS_S3_R2_PUBLIC_URL + "/" + key;
+
public getSignedUrl = async (
key: string,
expiresIn = S3Storage.defaultSignedUrlExpires
) => {
+ if (env.AWS_S3_R2) {
+ return this.getR2ObjectUrl(key);
+ }
+
const isDocker = env.AWS_S3_UPLOAD_BUCKET_URL.match(/http:\/\/s3:/);
const params = {
Bucket: this.getBucket(),

5
modules/common/linux/default.nix
View file

@ -12,7 +12,6 @@ let
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ]; users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
}; };
ios = { config, pkgs, ... }: mkIf config.common.linux.enable { ios = { config, pkgs, ... }: mkIf config.common.linux.enable {
services.avahi.enable = true;
services.usbmuxd.enable = true; services.usbmuxd.enable = true;
services.usbmuxd.package = pkgs.usbmuxd2; services.usbmuxd.package = pkgs.usbmuxd2;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -39,7 +38,7 @@ let
}; };
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) { accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
environment.systemPackages = with pkgs.gnome; [ pkgs.glib gnome-control-center ]; environment.systemPackages = [ pkgs.glib (pkgs.gnome-control-center or pkgs.gnome.gnome-control-center) ];
services.accounts-daemon.enable = true; services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true; services.gnome.gnome-online-accounts.enable = true;
# programs.evolution.enable = true; # programs.evolution.enable = true;
@ -273,7 +272,7 @@ in
services.tailscale.enable = true; services.tailscale.enable = true;
## Time and Region ## Time and Region
time.timeZone = "Europe/Zurich"; time.timeZone = lib.mkDefault "Europe/Zurich";
# Select internationalisation properties. # Select internationalisation properties.
console.keyMap = "jp106"; # Console key layout console.keyMap = "jp106"; # Console key layout
i18n.defaultLocale = "ja_JP.UTF-8"; i18n.defaultLocale = "ja_JP.UTF-8";

2
modules/personal/fonts/default.nix
View file

@ -10,7 +10,7 @@ with lib;
ibm-plex ibm-plex
(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
noto-fonts noto-fonts
noto-fonts-cjk (pkgs.noto-fonts-cjk-sans or pkgs.noto-fonts-cjk)
merriweather merriweather
corefonts corefonts
font-awesome font-awesome

66
modules/services/nix-build-farm/default.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, lib, ... }:
with { inherit (lib) mkOption types mkIf; };
let
cfg = config.services.nix-build-farm;
hosts = import ./hosts.nix;
build-user = "nix-builder";
isBuilder = host: host ? "builder";
allBuilders = lib.filterAttrs (_: isBuilder) hosts;
in
{
options.services.nix-build-farm = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable nix-build-farm as a client";
};
hostname = mkOption {
type = types.enum (builtins.attrNames hosts);
description = "The hostname as listed in ./hosts.nix file";
};
privateKeyFile = mkOption {
type = types.path;
description = "The path to the private SSH key file";
};
ipAddrs = mkOption {
type = types.str;
description = "The ip addresses to limit access to";
default = "11.0.0.*";
};
};
config = mkIf cfg.enable (
let
host = hosts.${cfg.hostname};
otherHosts = lib.filterAttrs (name: _: name != cfg.hostname) hosts;
otherBuilders = lib.filterAttrs (name: _: name != cfg.hostname) allBuilders;
in
{
nix.distributedBuilds = true;
nix.buildMachines = lib.mapAttrsToList
(name: host: {
hostName = host.host;
sshUser = build-user;
sshKey = cfg.privateKeyFile;
} // host.builder)
otherBuilders;
users = mkIf (isBuilder host) {
users.${build-user} = {
description = "Nix build farm user";
group = build-user;
isNormalUser = true;
openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
};
groups.${build-user} = { };
};
nix.settings.trusted-users = mkIf (isBuilder host) [ build-user ];
}
);
}

37
modules/services/nix-build-farm/hosts.nix Normal file
View file

@ -0,0 +1,37 @@
{
cloud = {
host = "cloud.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE87ddj0fTH0NuvJz0dT5ln7v7zbafXqDVdM2A4ddOb0 root@nki-personal-do";
};
home = {
host = "home.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
yoga = {
host = "yoga.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6ZrO/xIdmwBCUx80cscBSpJBBTp55OHGrXYBGRXKAw nki@nki-yoga-g8";
};
framework = {
host = "framework.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/g472MaT7YySUhBjxClfmMjpn98qYnKXDKlzWHYwuO nki@nki-framework";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg==";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 3;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
}

17
modules/services/nix-cache/default.nix
View file

@ -3,6 +3,8 @@
with { inherit (lib) mkEnableOption mkOption types mkIf; }; with { inherit (lib) mkEnableOption mkOption types mkIf; };
let let
cfg = config.nki.services.nix-cache; cfg = config.nki.services.nix-cache;
bindAddr = "127.0.0.1:5000";
in in
{ {
options.nki.services.nix-cache = { options.nki.services.nix-cache = {
@ -31,18 +33,17 @@ in
config = { config = {
nix.settings = mkIf cfg.enableClient { nix.settings = mkIf cfg.enableClient {
substituters = [ "http://${cfg.host}" ]; substituters = lib.mkAfter [ "http://${cfg.host}" ];
trusted-public-keys = [ cfg.publicKey ]; trusted-public-keys = [ cfg.publicKey ];
}; };
services.nix-serve = mkIf cfg.enableServer { services.harmonia = mkIf cfg.enableServer {
enable = true; enable = true;
secretKeyFile = cfg.privateKeyFile; signKeyPath = cfg.privateKeyFile;
settings = {
bind = bindAddr;
priority = 45;
}; };
users = mkIf cfg.enableServer {
users.nix-serve = { group = "nix-serve"; isSystemUser = true; };
groups.nix-serve = { };
}; };
services.nginx = mkIf cfg.enableServer { services.nginx = mkIf cfg.enableServer {
@ -51,7 +52,7 @@ in
virtualHosts = { virtualHosts = {
# ... existing hosts config etc. ... # ... existing hosts config etc. ...
"${cfg.host}" = { "${cfg.host}" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; locations."/".proxyPass = "http://${bindAddr}";
}; };
}; };
}; };

6
nki-framework/configuration.nix
View file

@ -21,6 +21,10 @@
common.linux.sops.enable = true; common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml; common.linux.sops.file = ./secrets.yaml;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "framework";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# services.xserver.enable = true; # services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
# services.xserver.displayManager.sddm.wayland.enable = true; # services.xserver.displayManager.sddm.wayland.enable = true;
@ -38,7 +42,7 @@
services.power-profiles-daemon.enable = true; services.power-profiles-daemon.enable = true;
# powerManagement.enable = true; # powerManagement.enable = true;
# powerManagement.powertop.enable = true; # powerManagement.powertop.enable = true;
services.logind.lidSwitch = "suspend"; services.logind.lidSwitch = "suspend-then-hibernate";
# Printing # Printing
services.printing.drivers = with pkgs; [ epfl-cups-drivers ]; services.printing.drivers = with pkgs; [ epfl-cups-drivers ];

6
nki-framework/secrets.yaml
View file

@ -1,4 +1,6 @@
tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str] tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:w56sobHrhvVcKbuK15Yj20EqgFrR/5pNy/rcQjlZCiFEfgPC6ZrbsxziIdMTOX+Q4DyllKCKo+g/MIKm5S+s+nIff509ODlILhTtXlZvZlnT9+wvm5oN3WQCdkkqOr1gNnErPupfMxA6V35tNvNBCeomYuM8Xb7TuH4I1fXa5GFeT0Tnp5A2WqWoS1MzXz34CxlKXvoL6i4w7nUngt5zaGr9oMZbSa0pHxEzIhXk6h/lE864QlJid7q/mDok9gh2R80WvArGtNNj9PrT6cNKYIFuXo7vITkSkT3vo9BLflg5sgRxy4+7rBaRla0ziihQvZLtworwo6aNDvEqPqYfiX0TMYPpEWvJpp/HGDJy+Po7b0ZZkwSza+tB0J79vFH2h11Px1XSwXdq757Bn9G4OTb5oKWS5ycBU4xTnnHQBjYTSooFxYyTAvfKNEsB8AHKSuQRZgtVhWoOSPpJ6YL94ClUIT+DTaNmQjwouqNatf/nif+N/FCar8JWZDE+FX1TBu0yLmJie/f0LCdCQx+6IVdyXg7oVCoNiGg0,iv:TeSxlVc0WlOMMUtv/uq3f7JvW/kNCM7LjguhZxL51a4=,tag:m1iuk4pAX/yugM0ObzkJHQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +25,8 @@ sops:
TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1 TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1
rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w== rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-15T16:27:40Z" lastmodified: "2024-08-17T14:58:10Z"
mac: ENC[AES256_GCM,data:T1dTmWEY1c5QFzROnzFc1/dnfXN96B/OisPObZiwXQLHeh29AWjfqpd6eoYdAZW1Iipih7Nn1VUMxkf5xDuWziDrJhun2PaU3UOg/U6VrRIScnySV/VTQGyaJLJZuJmvgvyAV+G8KqxC4Biv7k0PBSZn6uvTg36D4f+IfItReE8=,iv:dgiDux8AxbWFtTd2jzd+XJ0eBMALcI8moDUDlgdnBiE=,tag:cYzL71xT8DBMn9j4pPUBpA==,type:str] mac: ENC[AES256_GCM,data:ZCrzXDttLxYUvdLiqM5I17Ys6O3zoOVKq8xP78VaLb3AAoV4RGGQxixKVQ6K9h84e8bFymh512BR7xKa9fqebxTyL1XCqPkRaSZy0aWjbc6QCaK+JD4yqivgO/x5x2xgMpX/ZhPFzKNLpMga61bnm6plvF8ocG+wOqYvj3vL0Ss=,iv:QZ8YJD7h2QD2jqVKo4bg0rwpZSTyyNw6zZDcBfClKPo=,tag:PH2XnTqxV2irymg2+Z+Egg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

6
nki-home/configuration.nix
View file

@ -32,12 +32,16 @@ with lib;
common.linux.sops.file = ./secrets.yaml; common.linux.sops.file = ./secrets.yaml;
# Nix cache server # Nix cache server
sops.secrets."nix-cache/private-key" = { owner = "nix-serve"; group = "nix-serve"; mode = "0600"; }; sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
nki.services.nix-cache = { nki.services.nix-cache = {
enableServer = true; enableServer = true;
privateKeyFile = config.sops.secrets."nix-cache/private-key".path; privateKeyFile = config.sops.secrets."nix-cache/private-key".path;
}; };
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Networking # Networking
common.linux.networking = common.linux.networking =
{ {

6
nki-home/secrets.yaml
View file

@ -15,6 +15,8 @@ peertube:
dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str] dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str]
nix-cache: nix-cache:
private-key: ENC[AES256_GCM,data:4sbfIQb10Y50CrZbgjN+1iXEbXTpDqMbIB/yA3WlaAqhLtb8HKib5aZX3DLoxFbVihJcztQsvBBgEAhT9iMijoksaT9qzBQ5yIn4NGCfFem1DK8DQdjhTLMCVTyMFCT7hQHu/2Sd7w==,iv:zTSxuKOtOLekOBKBvl9MScD/Bo1Hviqq/n8Saa+1Cgo=,tag:fx73fCDPY9d07V3KKMw3DA==,type:str] private-key: ENC[AES256_GCM,data:4sbfIQb10Y50CrZbgjN+1iXEbXTpDqMbIB/yA3WlaAqhLtb8HKib5aZX3DLoxFbVihJcztQsvBBgEAhT9iMijoksaT9qzBQ5yIn4NGCfFem1DK8DQdjhTLMCVTyMFCT7hQHu/2Sd7w==,iv:zTSxuKOtOLekOBKBvl9MScD/Bo1Hviqq/n8Saa+1Cgo=,tag:fx73fCDPY9d07V3KKMw3DA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:m5neeWCEdaZ1MRhNwTptfDIgv3ABNlYyNil3oTD81Jbe/6WxWaS5Q++CRlHCjc2hOoHsWsZixw8iGZVTA+QXgH6B9C6A4oOAhgR9m92EGTEfFw0qxQbdzs7U98Yonx/N8SApUycZZB/EU81+MrDNY4GGzCiO6s00/vZLkDTYnqRFgbo+8KTG0BQTl4q+VYP2q3l0wy+Ivz5CWPmbz42Xdin/sBnjeFHKDuof4iZZnN3i8gUJ/mMw3lbdiHd6A8DL0G5Ut46ljzMC2aMsZOATCID3mPOPgI0xIetDofPJLDqVsNqptRHo8WB+KwDidvl222f5F7JqdSqgAMOJYPscrX0odufApiJfg5bbXBygvrDfAlPSruW7GsWGoKAhw0qC4NC/j+qYCwhS0qdorCLnIy3zzMtA6HkHtE675hy7/7oLj7k9Y8MhE4PxztjXTmDazaVCtKhnA/DpaxP2mH84gfCkJFD1YF9jtPm+P3e+46FwkW+WnHaA2L+H7Evava30DLEBhh5y9Gd1A3JN4isn,iv:7KUWg7+GWgmGJkbIvsy9gtccZBb+1Y5uDWhXQFk0obk=,tag:qJdM684XPHxecLVxVb5pgw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -48,8 +50,8 @@ sops:
bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA== hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T12:16:41Z" lastmodified: "2024-08-16T13:59:20Z"
mac: ENC[AES256_GCM,data:x3zeCDljzyRpro4sem2pC33rFfm5jAjFhhX9JNlzLB6aNZ1TUv0qz4g7NhkWY23XNjJFmYqIW+pib97OVDd15kRojknM/UYCThW5oZDIWKn+TA9+bF9NGBjxP60t3n3dlU5VmgD8bgiApUS+XzHnJXuxhfiIHclvfxdLC33R7S4=,iv:str4fZX58mzFlD4rYaLmiCAeZmHIernG3636Tt+Rwgg=,tag:qS47OGc/o4/0Cj/V4e8dBg==,type:str] mac: ENC[AES256_GCM,data:ncT8fbtEb9ZcLcftXwgAKJRPPSG4TRHFMArtVgWNmIjDRcCNNT7ICa+9Dl8DAYKRJ+8pgelV9StIg2f7rvypHYlckontEP5nwSFzEApLItG3AZXewTC8VPoDYb4T8/OWKDoa5kBMvGrDr1bFP/CZz7H8No+k5TV7fVExsw0PHpg=,iv:vxbkeJtHkOAq7NcaZEIOMV3qGEqBUg/vpJYumBBfY70=,tag:T0yw2x1O5Tp0UllLpcFryg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

82
nki-personal-do/configuration.nix
View file

@ -12,6 +12,9 @@
../modules/cloud/conduit ../modules/cloud/conduit
../modules/cloud/gotosocial ../modules/cloud/gotosocial
# Encrypted DNS
../modules/services/edns
./headscale.nix ./headscale.nix
./gitea.nix ./gitea.nix
./miniflux.nix ./miniflux.nix
@ -21,8 +24,11 @@
./invidious.nix ./invidious.nix
./owncast.nix ./owncast.nix
./peertube.nix ./peertube.nix
./outline.nix
]; ];
system.stateVersion = "21.11";
common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine. common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
# Personal user # Personal user
@ -57,18 +63,15 @@
services.do-agent.enable = true; services.do-agent.enable = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
flake = "github:natsukagami/nix-home#nki-personal-do";
};
nix = { nix = {
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
# Secret management # Secret management
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -81,6 +84,10 @@
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path; services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path; services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Set up traefik # Set up traefik
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; }; sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; }; sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
@ -185,74 +192,13 @@
protocol = "udp"; protocol = "udp";
}; };
# Outline
sops.secrets.minio-secret-key = { owner = "root"; mode = "0444"; };
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = if builtins.hasAttr "patches" attrs then attrs.patches else [ ] ++ [ ../modules/cloud/outline/dtth-wiki.patch ];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "minio";
secretKeyFile = config.sops.secrets.minio-secret-key.path;
region = config.services.minio.region;
uploadBucketUrl = "https://s3.dtth.ch";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
# GoToSocial # GoToSocial
sops.secrets.gts-env = { }; sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; };
cloud.gotosocial = { cloud.gotosocial = {
enable = true; enable = true;
envFile = config.sops.secrets.gts-env.path; envFile = config.sops.secrets.gts-env.path;
}; };
# Minio
sops.secrets.minio-credentials = { };
services.minio = {
enable = true;
listenAddress = ":61929";
consoleAddress = ":62929";
rootCredentialsFile = config.sops.secrets.minio-credentials.path;
dataDir = lib.mkForce [ "/mnt/data/minio" ];
};
cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
system.stateVersion = "21.11";
# ntfy # ntfy
cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; }; cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
services.ntfy-sh = { services.ntfy-sh = {

26
nki-personal-do/gitea.nix
View file

@ -98,6 +98,7 @@ in
}; };
users.groups.${user} = { }; users.groups.${user} = { };
sops.secrets."gitea/signing-key".owner = user; sops.secrets."gitea/signing-key".owner = user;
sops.secrets."gitea/minio-secret-key".owner = user;
sops.secrets."gitea/mailer-password".owner = user; sops.secrets."gitea/mailer-password".owner = user;
# database # database
cloud.postgresql.databases = [ user ]; cloud.postgresql.databases = [ user ];
@ -174,6 +175,17 @@ in
PATH = "${pkgs.git}/bin/git"; PATH = "${pkgs.git}/bin/git";
}; };
storage = {
STORAGE_TYPE = "minio";
MINIO_USE_SSL = "true";
MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
MINIO_BUCKET = "dtth-gitea";
MINIO_LOCATION = "auto";
MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
};
federation.ENABLED = true; federation.ENABLED = true;
DEFAULT.APP_NAME = "DTTHGit"; DEFAULT.APP_NAME = "DTTHGit";
}; };
@ -203,15 +215,23 @@ in
environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg"; environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7 # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
preStart = '' preStart =
let
configFile = "${config.services.forgejo.customDir}/conf/app.ini";
in
''
# Update minio secret key
chmod u+w ${configFile} && \
${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \
chmod u-w ${configFile}
# Import the signing subkey # Import the signing subkey
if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
echo "Keys already imported" echo "Keys already imported"
# imported # imported
else else
echo "Import your keys!" echo "Import your keys!"
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path} ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf
exit 1 exit 1
fi fi
''; '';

6
nki-personal-do/hardware-configuration.nix
View file

@ -9,9 +9,11 @@
swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }]; swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }];
zramSwap.enable = true; zramSwap.enable = true;
# volumes # volumes
services.btrfs.autoScrub.enable = true;
fileSystems.data = { fileSystems.data = {
device = "/dev/disk/by-id/scsi-0HC_Volume_31812942"; device = "/dev/disk/by-id/scsi-0HC_Volume_101470796";
fsType = "ext4"; fsType = "btrfs";
mountPoint = "/mnt/data"; mountPoint = "/mnt/data";
options = [ "compress=zstd" ];
}; };
} }

67
nki-personal-do/nextcloud.nix
View file

@ -1,67 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
user = "nextcloud";
host = "cloud.dtth.ch";
port = 61155;
secrets = config.sops.secrets;
in
{
sops.secrets."nextcloud/admin-password" = { owner = user; };
sops.secrets."nextcloud/minio-secret-key" = { owner = user; key = "minio-secret-key"; };
# database
cloud.postgresql.databases = [ user ];
# traefik
cloud.traefik.hosts.nextcloud = {
inherit port host;
};
systemd.services.nextcloud.requires = [ "postgresql.service" ];
services.nextcloud = {
enable = true;
hostName = host;
package = pkgs.nextcloud26;
enableBrokenCiphersForSSE = false;
home = "/mnt/data/nextcloud";
https = true;
database.createLocally = false;
extraApps = with pkgs.nextcloud26Packages.apps; {
inherit calendar contacts deck forms groupfolders news tasks;
sociallogin = pkgs.fetchNextcloudApp rec {
url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.4.3/release.tar.gz";
sha256 = "sha256-ZKwtF9j9WFIk3MZgng9DmN00A73S2Rb4qbehL9adaZo=";
};
};
config = {
# Database
dbtype = "pgsql";
dbname = user;
dbuser = user;
dbhost = "/run/postgresql";
# User
adminuser = "nki";
adminpassFile = secrets."nextcloud/admin-password".path;
# General
overwriteProtocol = "https";
defaultPhoneRegion = "VN";
objectstore.s3 = {
enable = true;
bucket = "nextcloud-dtth";
autocreate = true;
key = "minio";
secretFile = config.sops.secrets."nextcloud/minio-secret-key".path;
hostname = "s3.dtth.ch";
port = 443;
useSsl = true;
usePathStyle = true;
region = "us-east-1";
};
};
};
services.nginx.virtualHosts.${host}.listen = [{ inherit port; addr = "127.0.0.1"; }];
}

56
nki-personal-do/outline.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, ... }: {
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
sops.secrets."outline/s3-secret-key" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = attrs.patches or [ ] ++ [
../modules/cloud/outline/dtth-wiki.patch
../modules/cloud/outline/r2.patch
];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "6ef730e13f172d2ed6ed77f0b5b9bad9";
secretKeyFile = config.sops.secrets."outline/s3-secret-key".path;
region = "auto";
uploadBucketUrl = "https://60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
systemd.services.outline.environment = {
AWS_S3_R2 = "true";
AWS_S3_R2_PUBLIC_URL = "https://s3.wiki.dtth.ch";
};
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
}

14
nki-personal-do/secrets/secrets.yaml
View file

File diff suppressed because one or more lines are too long

5
nki-yoga-g8/configuration.nix
View file

@ -19,6 +19,11 @@
common.linux.sops.enable = true; common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml; common.linux.sops.file = ./secrets.yaml;
# Build farm
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "yoga";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
## tinc ## tinc
sops.secrets."tinc-private-key" = { }; sops.secrets."tinc-private-key" = { };
services.my-tinc = { services.my-tinc = {

6
nki-yoga-g8/secrets.yaml
View file

@ -1,4 +1,6 @@
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str] tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:etqFl2T2atN2djxqktFRtrTGqsC61A+ZUd2yS0PLm5KPO2s2/k6XqQGac9rUWP86C1YGpTJhUMzYuOPGW4yNc0YmoeHVslxBR7nX8pubXabZNdB2YMm/yAgsdeeflo4slbxJ6+00eH0iCrtWcHtWbZafHnxojborZABOvCsODdx/ahJ4J9aHqf22cAqe9iJY3L0TgE+iazKS8OO+C/PTaQiV02NZjP8GajRMXzPVoYT7wz3u0t0q0m/t8FkhMIDl9QKL+kFUDeLEGoCBzR57JXLZiW1gJsRxbkP8hVIB3s4TQnhasxqQQlCJuqBSNFl/cGdBm/ADm/yi78VHQG7rUxUrFVDL4Aoidjp6GyoojLIEpdQjtlvC7RCLNpTibV6B71EB3obpjMmmIwfoDLT4jEWhXNx3b8DnMoa0Qh4ba+HBJf+XKA93B0qOJWwJzj4qH9uqBK3xPOGTkqQMmd9M1HYrStTcI/JUX0WvEMwk8xI8MZN/TsLij4w5i6NCwSqa8Dn2lyLK0BGp5C8RT8R4k6U2ieyY6lmxsGIe,iv:703rM/FQz65upd1JWTHNsjAXh2BeoknkALShKuHUsis=,tag:yAB6KJqpm1mOFT5GzKRPBw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +25,8 @@ sops:
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ== VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-23T16:24:43Z" lastmodified: "2024-08-16T14:17:07Z"
mac: ENC[AES256_GCM,data:YTPZCX2Nkws0EJB/+PJVCYlKN0BoWqDRIH5QfhB7ayQ42tkUlz60Bt1ksbEMNtz2RS4sJSp4dlihTBLO4gRHbeMZf40f+j42Td4Dj0etqOkaspR5q5mE1XR8ml7QRzALEq5SHRi13szfO4BHaaFsSHTyFgKxA4uDzZ4JnBoxjAQ=,iv:KuO4rhO9vH+HqcgqTvOYBayitFzLhm4CQRTyzIplKnM=,tag:G/qgcxZoc89etzkUnkw02Q==,type:str] mac: ENC[AES256_GCM,data:qrMyVDLhtK4URqrHFBx+08PMrFyfib4iH0y7iAeVB/oFGazjm3O5MeS9fNYJeONghuelux69nh2FRfSJHG/moEBcWlL68R4xbCb4he528P+n7mQnR54BNFJdT2oOra4bqO9n/4m2UA8jmA0veoqSrZUVjnmjftqOedjnRESY1L8=,iv:jql79ItwPcJg/nnbsUywOzWz/UJy0ZpY04pvEF290c4=,tag:XKrToym2dXdippnivoK1/Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

17
overlay.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs, nixpkgs-unstable, nur, ... }@inputs: { nixpkgs, nixpkgs-unstable, ... }@inputs:
let let
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
stable = import nixpkgs { config.allowUnfree = true; system = prev.system; }; stable = import nixpkgs { config.allowUnfree = true; system = prev.system; };
@ -25,7 +25,7 @@ let
overlay-versioning = final: prev: { overlay-versioning = final: prev: {
gotosocial = prev.gotosocial.overrideAttrs (attrs: rec { gotosocial = prev.gotosocial.overrideAttrs (attrs: rec {
version = "0.16.0"; version = "0.17.1";
ldflags = [ ldflags = [
"-s" "-s"
"-w" "-w"
@ -35,13 +35,13 @@ let
web-assets = final.fetchurl { web-assets = final.fetchurl {
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz"; url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz";
hash = "sha256-aZQpd5KvoZvXEMVzGbWrtGsc+P1JStjZ6U5mX6q7Vb0="; hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY=";
}; };
src = final.fetchFromGitHub { src = final.fetchFromGitHub {
owner = "superseriousbusiness"; owner = "superseriousbusiness";
repo = "gotosocial"; repo = "gotosocial";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-QoG09+jmq5e5vxDVtkhY35098W/9B1HsYTuUnz43LV4="; hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8=";
}; };
postInstall = '' postInstall = ''
tar xf ${web-assets} tar xf ${web-assets}
@ -120,12 +120,20 @@ let
# Use stable delta compiled with old Rust version # Use stable delta compiled with old Rust version
delta = final.stable.delta; delta = final.stable.delta;
deepfilternet = final.stable.deepfilternet; deepfilternet = final.stable.deepfilternet;
harmonia = final.callPackage
(import
(builtins.fetchurl {
url = "https://raw.githubusercontent.com/Mic92/nixpkgs/63f91202f5cd071187ede5e5ffc56003cb442876/pkgs/by-name/ha/harmonia/package.nix";
sha256 = "1mz211c0bxn116ix0j5xx4wlglpbkfg7d3npw1z8hg9gc0vbj2xb";
}))
{ };
}; };
in in
[ [
# inputs.swayfx.inputs.scenefx.overlays.override # inputs.swayfx.inputs.scenefx.overlays.override
# inputs.swayfx.overlays.override # inputs.swayfx.overlays.override
inputs.mpd-mpris.overlays.default inputs.mpd-mpris.overlays.default
inputs.rust-overlay.overlays.default
inputs.youmubot.overlays.default inputs.youmubot.overlays.default
(import ./overlays/openrazer) (import ./overlays/openrazer)
@ -136,7 +144,6 @@ in
overlay-versioning overlay-versioning
overlay-libs overlay-libs
overlay-rust-is-dumb overlay-rust-is-dumb
nur.overlay
(import ./packages/common) (import ./packages/common)