jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'option_refactor' (#4) from option_refactor into master

Browse source 
Reviewed-on: #4
This commit is contained in:
Jurn Wubben 2025-09-17 09:11:37 +00:00
commit 3e07bd2b22
34 changed files with 477 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

114
flake.lock generated
View file

@ -28,11 +28,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1746562888, "lastModified": 1755819240,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -131,11 +131,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748383148, "lastModified": 1756083905,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -195,11 +195,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1754487366, "lastModified": 1756770412,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,11 +234,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753121425, "lastModified": 1756770412,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -255,11 +255,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751413152, "lastModified": 1756770412,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -329,11 +329,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754416808, "lastModified": 1757588530,
"narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -407,11 +407,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754593726, "lastModified": 1757920978,
"narHash": "sha256-bo6aSfDS/GGfM/6LXCKLH/246fDSKjFnBsaRMNE+Wmc=", "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5de16c704b0fc8f519b2c19ed3f683a9e68f3884", "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -444,11 +444,11 @@
}, },
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1748710831, "lastModified": 1756659871,
"narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", "narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", "rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -500,11 +500,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754800038, "lastModified": 1757822619,
"narHash": "sha256-UbLO8/0pVBXLJuyRizYOJigtzQAj8Z2bTnbKSec/wN0=", "narHash": "sha256-3HIpe3P2h1AUPYcAH9cjuX0tZOqJpX01c0iDwoUYNZ8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "b65f8d80656f9fcbd1fecc4b7f0730f468333142", "rev": "050a5feb5d1bb5b6e5fc04a7d3d816923a87c9ea",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -520,11 +520,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1754583575, "lastModified": 1757726013,
"narHash": "sha256-GLCNsMGuQQLq3B3+C+jEybyQCtV0xJytGjibNU3tg70=", "narHash": "sha256-7RPKqqlc5xawEbASZh18b6HX9FogiVTPIw0KdMEjpn8=",
"owner": "kaylorben", "owner": "kaylorben",
"repo": "nixcord", "repo": "nixcord",
"rev": "e049d77a74b3360791800a1d50cbe9518d96b764", "rev": "2133f2ab5af34dab65f5aa17f1f343777bc71070",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -551,11 +551,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1753579242, "lastModified": 1754788789,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -629,11 +629,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1754498491, "lastModified": 1757745802,
"narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -674,11 +674,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1751792365, "lastModified": 1756819007,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -700,11 +700,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751906969, "lastModified": 1756961635,
"narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -724,11 +724,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1754552918, "lastModified": 1757773905,
"narHash": "sha256-vbT+nGdMLNAeYZ1S5WBBLJTVWosGne2VRt46rqPfB2A=", "narHash": "sha256-lM1K3cJsPQyiSGI3rE/F7u02fA/JYBsinMN49IQCY1s=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "d61de135ce174f4e04b4e509de02e1afe040a834", "rev": "7e74ee604a7c18dda21e6a809720ad37ab5bae43",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -793,11 +793,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1754597531, "lastModified": 1757360005,
"narHash": "sha256-OpC9/PBIuL2WEJUkcuD/wVxI8r+3o6f5RylSIefjHo4=", "narHash": "sha256-VwzdFEQCpYMU9mc7BSQGQe5wA1MuTYPJnRc9TQCTMcM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "63bb34a66ad7d1af2e95ee20dd675896b2074c32", "rev": "834a743c11d66ea18e8c54872fbcc72ce48bc57f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -917,11 +917,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1750770351, "lastModified": 1754779259,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -933,11 +933,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751159871, "lastModified": 1754788770,
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", "rev": "fb2175accef8935f6955503ec9dd3c973eec385c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -949,11 +949,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751158968, "lastModified": 1755613540,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384", "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
home/programs/neovim.nix
View file

@ -53,13 +53,17 @@
ts = { ts = {
enable = true; enable = true;
lsp.server = "ts_ls"; lsp.server = "denols";
extensions.ts-error-translator.enable = true; extensions.ts-error-translator.enable = true;
}; };
clang = { clang = {
enable = true; enable = true;
lsp.enable = true; lsp.enable = true;
}; };
typst = {
enable = true;
format.type = "typstyle";
};
bash.enable = true; bash.enable = true;
css.enable = true; css.enable = true;
@ -67,7 +71,6 @@
markdown.enable = true; markdown.enable = true;
nix.enable = true; nix.enable = true;
svelte.enable = true; svelte.enable = true;
typst.enable = true;
rust.enable = true; rust.enable = true;
python.enable = true; python.enable = true;
}; };

2
home/programs/nixcord.nix
View file

@ -23,7 +23,7 @@
"callTimer" "callTimer"
"clearURLs" "clearURLs"
"copyFileContents" "copyFileContents"
"emoteCloner" # "emoteCloner"
"fakeNitro" "fakeNitro"
"fixYoutubeEmbeds" "fixYoutubeEmbeds"
"friendsSince" "friendsSince"

1
home/programs/other.nix
View file

@ -13,7 +13,6 @@
pkgs.gimp pkgs.gimp
pkgs.inkscape pkgs.inkscape
pkgs.thunderbird pkgs.thunderbird
pkgs.stremio
] ]
++ lib.optional osConfig.niksos.hardware.portable.enable self.packages.${pkgs.system}.visicut; ++ lib.optional osConfig.niksos.hardware.portable.enable self.packages.${pkgs.system}.visicut;
} }

17
home/wayland/hyprland/binds.nix
View file

@ -64,6 +64,9 @@
] ]
) )
10); 10);
volumeUp = "${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%+";
volumeDown = "${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%-";
in { in {
wayland.windowManager.hyprland.settings = { wayland.windowManager.hyprland.settings = {
"$m" = "ALT"; "$m" = "ALT";
@ -138,10 +141,20 @@ in {
bindle = [ bindle = [
# volume # volume
", XF86AudioRaiseVolume, exec, ${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%+" ", XF86AudioRaiseVolume, exec, ${volumeUp}"
", XF86AudioLowerVolume, exec, ${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%-" ", XF86AudioLowerVolume, exec, ${volumeDown}"
",XF86MonBrightnessUp, exec, ${brightnessctl} s 10%+" ",XF86MonBrightnessUp, exec, ${brightnessctl} s 10%+"
",XF86MonBrightnessDown, exec, ${brightnessctl} s 10%-" ",XF86MonBrightnessDown, exec, ${brightnessctl} s 10%-"
]; ];
gesture = [
"3, down, close"
"3, up, fullscreen"
"3, horizontal, workspace"
"4, left, dispatcher, exec, ${playerctl} previous"
"4, right, dispatcher, exec, ${playerctl} next"
"4, up, dispatcher, exec, ${volumeUp}"
"4, down, dispatcher, exec, ${volumeDown}"
];
}; };
} }

7
home/wayland/hyprland/settings.nix
View file

@ -74,12 +74,6 @@
}; };
}; };
gestures = {
workspace_swipe = true;
workspace_swipe_forever = true;
workspace_swipe_direction_lock = false;
};
dwindle = { dwindle = {
pseudotile = true; pseudotile = true;
preserve_split = true; preserve_split = true;
@ -97,6 +91,7 @@
"float, class:foot-somcli" "float, class:foot-somcli"
"size >30% >30%, class:foot-somcli" "size >30% >30%, class:foot-somcli"
]; ];
#NOTE: Also check home/wayland/hyprland/binds + system/hardware/fingerprint #NOTE: Also check home/wayland/hyprland/binds + system/hardware/fingerprint
}; };
} }

36
hosts/lapserv/default.nix
View file

@ -6,7 +6,39 @@
networking.interfaces.enp2s0.wakeOnLan.enable = true; networking.interfaces.enp2s0.wakeOnLan.enable = true;
niksos = { niksos = {
server = true; # server = true;
server = {
baseDomain = "jsw.tf";
derek-bot.enable = true;
forgejo = {
enable = true;
subDomain = "git";
};
immich = {
enable = true;
subDomain = "photos";
};
jsw-bot = {
enable = true;
subDomain = "dc";
};
nextcloud = {
enable = true;
subDomain = "cloud";
};
stalwart = {
enable = true;
subDomain = "mail";
};
zitadel = {
enable = true;
subDomain = "z";
};
site = {
enable = true;
subDomain = "";
};
};
hardware.graphics = { hardware.graphics = {
nvidia = false; #FIXME: Compile error nvidia = false; #FIXME: Compile error
intel = true; intel = true;
@ -27,5 +59,5 @@
AllowHybridSleep=no AllowHybridSleep=no
AllowSuspendThenHibernate=no AllowSuspendThenHibernate=no
''; '';
services.logind.lidSwitchExternalPower = "ignore"; # INFO: Above apparantly wasn't enough. logind is flooding my logs. services.logind.settings.Login.lidSwitchExternalPower = "ignore"; # INFO: Above apparantly wasn't enough. logind is flooding my logs.
} }

53
hosts/lapserv/hardware-configuration.nix
View file

@ -1,39 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs, ];
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = { boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"]; boot.initrd.kernelModules = [ ];
initrd.kernelModules = []; boot.kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"]; boot.extraModulePackages = [ ];
extraModulePackages = [];
};
fileSystems = { # fileSystems."/" =
"/" = { # { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e"; # fsType = "ext4";
# };
#
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/0BEA-7525";
# fsType = "vfat";
# options = [ "fmask=0022" "dmask=0022" ];
# };
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/0BEA-7525"; { device = "/dev/disk/by-uuid/AE71-FD70";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = [ "fmask=0022" "dmask=0022" ];
}; };
};
swapDevices = [];
networking.useDHCP = lib.mkDefault true; swapDevices =
[ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

27
hosts/laptop/default.nix
View file

@ -1,13 +1,16 @@
{ {
pkgs,
lib,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
# ./virt.nix ./virt.nix
]; ];
# programs.appimage.enable = true; # programs.appimage.enable = true;
# programs.evolution.enable = true; # TODO: move to appropiate place. # programs.evolution.enable = true; # TODO: move to appropiate place.
# ! HII
niksos = { niksos = {
hardware = { hardware = {
joycond = false; #NOTE: enable when game night lol joycond = false; #NOTE: enable when game night lol
@ -39,6 +42,26 @@
}; };
home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"]; home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"];
#FIXME: unity
nixpkgs.config.permittedInsecurePackages = ["libxml2-2.13.8"];
environment = {
etc.vscode.source = lib.getExe pkgs.vscodium;
systemPackages = let
unityhub = pkgs.unityhub.overrideAttrs (prevAttrs: {
nativeBuildInputs = (prevAttrs.nativeBuildInputs or []) ++ [pkgs.makeBinaryWrapper];
postInstall =
(prevAttrs.postInstall or "")
+ ''
wrapProgram $out/bin/unityhub --set GDK_SCALE 2 --set GDK_DPI_SCALE 0.5
'';
});
in [
unityhub
];
};
#ENDFIXME
services.udev.extraRules = '' services.udev.extraRules = ''
# Ethernet expansion card support # Ethernet expansion card support
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20" ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"

2
hosts/minimal/default.nix
View file

@ -34,7 +34,7 @@
}; };
}; };
neovim = false; neovim = false;
server = false; # server = false;
}; };
#NOTE: Old info #NOTE: Old info

BIN
secrets/bread-dcbot.age
View file

Binary file not shown.

16
secrets/dcbot.age
View file

@ -1,16 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA a0CqbXhMIeFmKsMSnQzPWJcdi0hH8caayThGHtKNdjc
ZfRN0ukqXH8L1E1pWBU+tw0LmPxsb6/4FoeERCKEYCk
-> ssh-ed25519 MfR7VA WO0CmKh4CQY1ZLtgDbGIhxfbC8C/C9Vw4p4UGkZTzSs
0oQbzzz8A6WJRbFqEPR6WStMRRGtFy2eEXIJ1WCqvIg
-> ssh-ed25519 +cvRTg ZYBJwTDV8zwZIpqY7sZIszS3saww0OV4RwVREVNxWHg
PW9gzG2odI4G2I5zz+Gr2vaouPB6796RWDJzYZNFREQ
-> ssh-ed25519 WCPLrA p8I1d6YXg5pN6Ljeq/wsY5jj4rPaSvD+/au+vEUsgh4
U0aiqeildEqF8SNh0L4hGIq3rQxY4HcSnDvluwldDpQ
-> ssh-ed25519 7/ziYw 7DGE8Zr0qMGh3P5lUSRYT+AdgRges037cLjHbbPPnTc
daC7dau5IHSZr/HmjszbWrQNsVJOQILqNS/Yn1YE/zM
-> ssh-ed25519 VQy60Q cAuS4VLmDC9iCZ+7e+/5WVIxrvBa7ZChCz2pPSSY/TY
ut6SAJSZMm9/YElx7SShyMufrBYAlb/IyQp0g4ADMa4
--- DQrDZ/cXaadnKTDN8MrGuTokHttdMbOzs2IPYTIOPw4
Ôú9è çEJG($Ç'_±z·3õ<33>§!;\Ûkç<6B><C3A7>IâEæ3„%”!zŒíÄþO£ôŠú«*’®ÂÂãÝ.,ó à•…`û+',À*ÝÞÄÑml%g?â¥0°'ñ-<MíwYŒj]SR‡aÕ©V£Í(çk”—yü6Â@`j9jÈ~¨[úò_º½Dz±¨Ìd^¨"\Ú7ÍóéÔîlóÂþO ƒÏcW=ôa~K],0![ßG¨~4ª™!XÅÊ|ÿó·(CÌ4)g^-¢5D”n¶lI·m C§,ê-9ƒš4¢åÓbI: 1áõÝUx»ôe¡ôMÄêã¡X(¯ÿʼ5²mí‚Œ[ÖBXH ãâ f_äJ{Ôuóf<C3B3>OT”D^¸*Y3³-<2D>ƒ•³ƒŠ¹e-OB¤t Á‘.Qˆ²{m ¼ð$W7ÝL>r¿Â•'‰>€b6º¹D©;w*.uYž‡µ°÷ÃXß`A**Œ2¨$T<>ïtÔŒM<C592>Â_1NÜÆ
<06>@cJsÎåtÄ,Ð…hÏïaº¯Ç<4A>pØå§j:æ¼sG@P/¼¾LœÜ4˜¥ö>XRÞ{f¶íJB>ƒÃzï&÷ÖÀ;|û«vœÎçΚJ<C5A1>ÙS•¥Úì±Î¶AÄ,7ÉE{MEõwí<77>PªÉ:ÿG‰òcœŠYžR¯ ç³³ z£@³Xô„æÕ<C3A6>*½j%­MM•ÄµšB¦´`HzŸéÝSëKUWy+xûGÇDåÈ“¯Ém÷ï~›¬Ö›êóÉû¹‰·>ó%Î]RƒŸ;9”¶¿8åœV…¾ÉLc (<28>XäRùrŽl˜!eSAʧG3jhw¼œ•˜ƒ»£ªÒ,ã2b1

32
secrets/default.nix
View file

@ -3,9 +3,9 @@
lib, lib,
... ...
}: let }: let
inherit (lib) mkIf;
inherit (config.niksos) server; inherit (config.niksos) server;
isEnabled = x: lib.mkIf server.${x}.enable;
serviceUser = x: config.systemd.services.${x}.serviceConfig.User; serviceUser = x: config.systemd.services.${x}.serviceConfig.User;
abstrServiceUser = x: config.services.${x}.user; abstrServiceUser = x: config.services.${x}.user;
abstrServiceGroup = x: config.services.${x}.group; abstrServiceGroup = x: config.services.${x}.group;
@ -14,35 +14,35 @@ in {
password.file = ./password.age; password.file = ./password.age;
# NOTE: server things # NOTE: server things
dcbot = mkIf server { jsw-bot = isEnabled "jsw-bot" {
file = ./dcbot.age; file = ./jsw-bot.age;
owner = serviceUser "dcbot"; # owner = serviceUser "jsw-bot"; #
}; };
bread-dcbot = mkIf server { derek-bot = isEnabled "derek-bot" {
file = ./bread-dcbot.age; file = ./derek-bot.age;
owner = "bread-dcbot"; owner = "derek-bot";
}; };
matrix-registration = mkIf server { # matrix-registration = isEnabled "matrix" {
file = ./matrix-registration.age; # file = ./matrix-registration.age;
owner = abstrServiceUser "matrix-continuwuity"; # owner = abstrServiceUser "matrix-continuwuity";
}; # };
mail-admin = mkIf server { mail-admin = isEnabled "stalwart" {
# owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart. # owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart.
file = ./mail-admin.age; file = ./mail-admin.age;
}; };
zitadel-key = mkIf server { zitadel-key = isEnabled "zitadel" {
file = ./zitadel-key.age; file = ./zitadel-key.age;
owner = abstrServiceUser "zitadel"; owner = abstrServiceUser "zitadel";
}; };
forgejo-mailpass = mkIf server { forgejo-mailpass = isEnabled "forgejo" {
file = ./forgejo-mailpass.age; file = ./forgejo-mailpass.age;
owner = abstrServiceUser "forgejo"; owner = abstrServiceUser "forgejo";
}; };
immich-oidc = mkIf server { immich-oidc = isEnabled "immich" {
file = ./immich-oidc.age; file = ./immich-oidc.age;
owner = abstrServiceUser "immich"; owner = abstrServiceUser "immich";
}; };
nextcloud-admin-pass = mkIf server { nextcloud-admin-pass = isEnabled "nextcloud" {
file = ./nextcloud-admin-pass.age; file = ./nextcloud-admin-pass.age;
owner = "nextcloud"; #NOTE: not a clear 'nextcloud.service' or 'services.nextcloud.user'. owner = "nextcloud"; #NOTE: not a clear 'nextcloud.service' or 'services.nextcloud.user'.
}; };

BIN
secrets/derek-bot.age Normal file
View file

Binary file not shown.

BIN
secrets/jsw-bot.age Normal file
View file

Binary file not shown.

4
secrets/secrets.nix
View file

@ -14,8 +14,8 @@ let
keys = users ++ devices; keys = users ++ devices;
in { in {
"password.age".publicKeys = keys; "password.age".publicKeys = keys;
"dcbot.age".publicKeys = keys; "jsw-bot.age".publicKeys = keys;
"bread-dcbot.age".publicKeys = keys; "derek-bot.age".publicKeys = keys;
"matrix-registration.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys;
"mail-admin.age".publicKeys = keys; "mail-admin.age".publicKeys = keys;
"zitadel-key.age".publicKeys = keys; "zitadel-key.age".publicKeys = keys;

2
switch.sh
View file

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
NH_FLAKE=$(mktemp -d) NH_FLAKE=$(mktemp -d)
git clone . "$NH_FLAKE" #TODO: replace . with valid bash for script dir. cp -r . "$NH_FLAKE" #TODO: replace . with valid bash for script dir.
cd "$NH_FLAKE" || exit cd "$NH_FLAKE" || exit
git lfs install git lfs install

6
system/hardware/fingerprint.nix
View file

@ -13,10 +13,10 @@ in {
config = mkIf hardware.fingerprint { config = mkIf hardware.fingerprint {
services = { services = {
fprintd.enable = true; fprintd.enable = true;
logind.extraConfig = mkIf hypr '' logind.settings.Login = mkIf hypr {
# dont shutdown when power button is short-pressed # dont shutdown when power button is short-pressed
HandlePowerKey=ignore HandlePowerKey = "ignore";
''; };
}; };
home-manager.users.jsw.wayland.windowManager.hyprland.settings = mkIf hypr { home-manager.users.jsw.wayland.windowManager.hyprland.settings = mkIf hypr {

2
system/hardware/power.nix
View file

@ -9,7 +9,7 @@
in { in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
logind = { logind.settings.Login = {
powerKey = "suspend-then-hibernate"; powerKey = "suspend-then-hibernate";
powerKeyLongPress = "poweroff"; powerKeyLongPress = "poweroff";
}; };

4
system/nix/default.nix
View file

@ -20,7 +20,7 @@
nix = let nix = let
flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs; flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs;
in { in {
package = pkgs.lix; # package = pkgs.lix;
# pin the registry to avoid downloading and evaling a new nixpkgs version every time # pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: {flake = v;}) flakeInputs; registry = lib.mapAttrs (_: v: {flake = v;}) flakeInputs;
@ -31,7 +31,7 @@
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
builders-use-substitutes = true; builders-use-substitutes = true;
experimental-features = ["nix-command" "flakes" "repl-flake"]; experimental-features = ["nix-command" "flakes"];
flake-registry = "/etc/nix/registry.json"; flake-registry = "/etc/nix/registry.json";
# for direnv GC roots # for direnv GC roots

16
system/server/caddy.nix
View file

@ -3,13 +3,15 @@
lib, lib,
... ...
}: let }: let
cfg = config.niksos.server; inherit (config.services.caddy) enable;
inherit (lib) mkIf;
in { in {
services.caddy = { config = mkIf enable {
enable = cfg; services.caddy = {
email = "jurnwubben@gmail.com"; email = "jurnwubben@gmail.com";
enableReload = false; enableReload = false;
}; };
networking.firewall.allowedTCPPorts = lib.mkIf cfg [80 443]; networking.firewall.allowedTCPPorts = [80 443];
};
} }

18
system/server/default.nix
View file

@ -1,16 +1,24 @@
{lib, ...}: { {lib, ...}: let
inherit (lib) mkOption types;
in {
imports = [ imports = [
# ./matrix.nix # ./matrix.nix
./bot.nix # ./temp.nix
./jsw-bot.nix
./caddy.nix ./caddy.nix
./derekBot.nix ./derek-bot.nix
./forgejo.nix ./forgejo.nix
./immich.nix ./immich.nix
./index ./index
./mail.nix ./mail.nix
./nextcloud.nix ./nextcloud.nix
./temp.nix
./zitadel.nix ./zitadel.nix
]; ];
options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. options.niksos.server = {
baseDomain = mkOption {
type = types.lines;
description = "Set's the apex domain for the webservices. Do not include 'https' or a slash at the end. Just 'example.com'.";
example = "example.com";
};
};
} }

41
system/server/derekBot.nix → system/server/derek-bot.nix
View file

@ -4,26 +4,26 @@
lib, lib,
... ...
}: let }: let
cfg = config.niksos.server; name = "derek-bot";
userGroup = "bread-dcbot"; cfg = config.niksos.server.${name}.enable;
userGroup = name;
gitRepo = "https://github.com/The-Breadening/Breadener"; gitRepo = "https://github.com/The-Breadening/Breadener";
bash = lib.getExe pkgs.bash; inherit (lib) getExe mkEnableOption mkIf;
bash = getExe pkgs.bash;
varLib = "/var/lib/"; varLib = "/var/lib/";
mainDir = mainDir = "${varLib}${userGroup}";
varLib programDir = "${mainDir}/program";
+ ( denoDir = "${mainDir}/deno";
if !cfg tokenDir = "${mainDir}/Breadener-token";
then ""
else userGroup
)
+ "/";
programDir = mainDir + "program";
denoDir = mainDir + "deno";
tokenDir = mainDir + "Breadener-token";
path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]); path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
in { in {
config = lib.mkIf config.niksos.server { options.niksos.server.${name}.enable = mkEnableOption name;
config = mkIf cfg {
systemd.services.${userGroup} = { systemd.services.${userGroup} = {
enable = true; enable = true;
after = ["network.target"]; after = ["network.target"];
@ -39,7 +39,7 @@ in {
export PATH=${path} export PATH=${path}
cd "${mainDir}" cd "${mainDir}"
chown -R ${userGroup}:${userGroup} ${mainDir}* || echo chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
rm -rf "${tokenDir}" || echo rm -rf "${tokenDir}" || echo
mkdir -p "${denoDir}" "${tokenDir}" mkdir -p "${denoDir}" "${tokenDir}"
@ -48,13 +48,18 @@ in {
if [ ! -d "${programDir}" ]; then if [ ! -d "${programDir}" ]; then
git clone "${gitRepo}" "${programDir}" git clone "${gitRepo}" "${programDir}"
fi fi
chmod -R 750 ${mainDir}* || echo chmod -R 750 ${mainDir}/* || echo
cd "${programDir}" cd "${programDir}"
git fetch git fetch
git reset --hard origin/HEAD git reset --hard origin/HEAD
cat > .env <<EOF
DATABASE_PATH='../daataabaasaa.db'
SECRETS_PATH='../Breadener-token/prodBot.json'
EOF
DENO_DIR=${denoDir} deno i DENO_DIR=${denoDir} deno i
''; '';
@ -64,7 +69,7 @@ in {
User = userGroup; User = userGroup;
Group = userGroup; Group = userGroup;
Restart = "always"; Restart = "always";
RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s
}; };
}; };

28
system/server/forgejo.nix
View file

@ -3,17 +3,24 @@
lib, lib,
... ...
}: let }: let
DOMAIN = "git.jsw.tf"; name = "forgejo";
cfg = import ./lib/extractWebOptions.nix {inherit config name;};
DOMAIN = cfg.domain;
in { in {
options = import ./lib/webOptions.nix {inherit config lib name;};
config = config =
lib.mkIf config.niksos.server lib.mkIf cfg.enable
{ {
services.caddy.virtualHosts.${DOMAIN}.extraConfig = '' services.caddy = {
request_body { enable = true;
max_size 512M virtualHosts.${DOMAIN}.extraConfig = ''
} request_body {
reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR} max_size 512M
''; }
reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
'';
};
services.forgejo = { services.forgejo = {
enable = true; enable = true;
@ -52,12 +59,13 @@ in {
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
mailer = { mailer = {
#FIXME: Only enable if stalwart is enabled by default.
ENABLED = true; ENABLED = true;
SUBJECT_PREFIX = "JSWGit"; SUBJECT_PREFIX = "JSWGit";
PROTOCOL = "smtps"; PROTOCOL = "smtps";
SMTP_ADDR = "mail.jsw.tf"; #FIXME: replace with config... to stalwart setting once using stalwart nixos module. SMTP_ADDR = "mail.${cfg.baseDomain}"; #FIXME: replace with config... to stalwart setting once using stalwart nixos module.
SMTP_PORT = 465; SMTP_PORT = 465;
FROM = "git@jsw.tf"; FROM = "git@${cfg.baseDomain}";
USER = "git"; USER = "git";
PASSWD_URI = "file:${config.age.secrets.forgejo-mailpass.path}"; PASSWD_URI = "file:${config.age.secrets.forgejo-mailpass.path}";
}; };

28
system/server/immich.nix
View file

@ -4,23 +4,29 @@
pkgs, pkgs,
... ...
}: let }: let
name = "immich";
inherit (lib) mkIf mkForce mkDefault; inherit (lib) mkIf mkForce mkDefault;
cfg = config.niksos.server; cfg = import ./lib/extractWebOptions.nix {inherit config name;};
oidcSubstitute = "*@#OPENIDCLIENTSECRET#@*"; oidcSubstitute = "*@#OPENIDCLIENTSECRET#@*";
config-dir = "/run/immich-conf"; config-dir = "/run/immich-conf";
url = "photos.jsw.tf"; httpsUrl = "https://" + cfg.domain;
httpsUrl = "https://" + url;
in { in {
config = options = import ./lib/webOptions.nix {inherit config lib name;};
mkIf cfg
{
users.users.${config.services.immich.user}.extraGroups = ["video" "render"];
services.caddy.virtualHosts.${url}.extraConfig = ''
reverse_proxy localhost:9002
'';
services.immich = mkIf cfg { config =
mkIf cfg.enable
{
services.caddy = {
enable = true;
virtualHosts.${cfg.domain}.extraConfig = ''
reverse_proxy localhost:9002
'';
};
users.users.${config.services.immich.user}.extraGroups = ["video" "render"];
services.immich = {
enable = true; enable = true;
port = 9002; port = 9002;

22
system/server/index/default.nix
View file

@ -2,13 +2,19 @@
config, config,
lib, lib,
... ...
}: { }: let
services.caddy.virtualHosts."jsw.tf" = lib.mkIf config.niksos.server { name = "site";
extraConfig = '' cfg = import ../lib/extractWebOptions.nix {inherit config name;};
header Content-Type text/html in {
respond <<HTML options = import ../lib/webOptions.nix {inherit config lib name;};
${builtins.readFile ./index.html} config = lib.mkIf cfg.enable {
HTML 200 services.caddy.virtualHosts.${cfg.domain} = {
''; extraConfig = ''
header Content-Type text/html
respond <<HTML
${builtins.readFile ./index.html}
HTML 200
'';
};
}; };
} }

51
system/server/bot.nix → system/server/jsw-bot.nix
View file

@ -5,20 +5,29 @@
inputs, inputs,
... ...
}: let }: let
deno = lib.getExe pkgs.deno; name = "jsw-bot";
bash = lib.getExe pkgs.bash; cfg = import ./lib/extractWebOptions.nix {inherit config name;};
mainDir = "/var/lib/dcbot/"; inherit (lib) getExe mkIf optional;
inherit (config.niksos.server) nextcloud;
bash = getExe pkgs.bash;
mainDir = "/var/lib/${name}/";
programDir = mainDir + "program"; programDir = mainDir + "program";
dataDir = mainDir + "data"; dataDir = mainDir + "data";
denoDir = mainDir + "deno"; denoDir = mainDir + "deno";
path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]); path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]);
in { in {
config = lib.mkIf config.niksos.server { options = import ./lib/webOptions.nix {
systemd.services.dcbot = { inherit config lib name;
};
config = mkIf cfg.enable {
systemd.services.${name} = {
enable = true; enable = true;
after = ["network.target"]; after = ["network.target"]; #FIXME: doesn't start after network.
wantedBy = ["default.target"]; wantedBy = ["default.target"];
description = "Jsw's slaafje, discord bot."; description = "Jsw's slaafje, discord bot.";
@ -33,39 +42,41 @@ in {
cd "${mainDir}" cd "${mainDir}"
mkdir -p "${programDir}" "${dataDir}" "${denoDir}" mkdir -p "${programDir}" "${dataDir}" "${denoDir}"
chown -R dcbot:dcbot ${mainDir}* || echo chown -R ${name}:${name} ${mainDir}* || echo
chmod -R 750 ${mainDir}* || echo chmod -R 750 ${mainDir}* || echo
cp --no-preserve=mode,ownership -r ${inputs.dcbot}/* "${programDir}/" cp --no-preserve=mode,ownership -r ${inputs.dcbot}/* "${programDir}/"
rm "${dataDir}/.env" || echo rm "${dataDir}/.env" || echo
ln -s "${config.age.secrets.dcbot.path}" "${dataDir}/.env" ln -s "${config.age.secrets.jsw-bot.path}" "${dataDir}/.env"
cd "${programDir}" cd "${programDir}"
DENO_DIR=${denoDir} deno i DENO_DIR=${denoDir} deno i
''; '';
serviceConfig = { serviceConfig = {
StateDirectory = "dcbot"; StateDirectory = name;
ExecStart = "${bash} -c 'cd ${dataDir} && deno run -A ${programDir}/src/main.ts'"; ExecStart = "${bash} -c 'cd ${dataDir} && deno run -A ${programDir}/src/main.ts'";
User = "dcbot"; User = name;
Group = "dcbot"; Group = name;
Restart = "always"; Restart = "always";
}; };
}; };
services.caddy.virtualHosts."dc.jsw.tf" = { services.caddy = {
serverAliases = ["www.dc.jsw.tf"]; enable = true;
extraConfig = '' virtualHosts.${cfg.domain} = {
reverse_proxy :9001 extraConfig = ''
''; reverse_proxy :9001
'';
};
}; };
users.groups."dcbot" = { users.groups.${name} = {
members = ["nextcloud"]; #TODO: if config.niksos.server.nextcloud members = optional nextcloud.enable "nextcloud"; #TODO: if config.niksos.server.nextcloud
#NOTE: for nextcloud mounted folder #NOTE: for nextcloud mounted folder
}; };
users.users."dcbot" = { users.users.${name} = {
group = "dcbot"; group = name;
isSystemUser = true; isSystemUser = true;
}; };
}; };

18
system/server/lib/extractWebOptions.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
name,
}: let
inherit (config.niksos) server;
inherit (server) baseDomain;
cfg = server.${name};
subDomain =
if cfg.subDomain == ""
then ""
else "${cfg.subDomain}.";
in
cfg //
{
domain = "${subDomain}${baseDomain}";
inherit baseDomain subDomain;
}

16
system/server/lib/webOptions.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
lib,
name,
}: let
inherit (lib) mkEnableOption mkOption types;
in {
niksos.server.${name} = {
enable = mkEnableOption name;
subDomain = mkOption {
type = types.lines;
description = "What subdomain to use for ${name}";
example = name;
};
};
}

18
system/server/mail.nix
View file

@ -2,10 +2,15 @@
config, config,
lib, lib,
... ...
}: { }: let
name = "stalwart";
cfg = import ./lib/extractWebOptions.nix {inherit config name;};
in {
#FIXME: revert when stopped using docker for stalwart. https://github.com/NixOS/nixpkgs/issues/416091 (look at older commits for previous code.) #FIXME: revert when stopped using docker for stalwart. https://github.com/NixOS/nixpkgs/issues/416091 (look at older commits for previous code.)
config = lib.mkIf config.niksos.server { options = import ./lib/webOptions.nix {inherit lib config name;};
config = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers.stalwart = { virtualisation.oci-containers.containers.stalwart = {
image = "docker.io/stalwartlabs/stalwart:latest"; image = "docker.io/stalwartlabs/stalwart:latest";
labels = { labels = {
@ -22,8 +27,11 @@
465 465
]; ];
services.caddy.virtualHosts."mail.jsw.tf".extraConfig = '' services.caddy = {
reverse_proxy http://127.0.0.1:9003 enable = true;
''; virtualHosts.${cfg.domain}.extraConfig = ''
reverse_proxy http://127.0.0.1:9003
'';
};
}; };
} }

35
system/server/matrix.nix
View file

@ -3,36 +3,37 @@
lib, lib,
... ...
}: let }: let
database = { name = "matrix";
connection_string = "postgres:///dendrite?host=/run/postgresql"; cfg = import ./lib/extractWebOptions.nix {inherit config name;};
max_open_conns = 97;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
host = "matrix.jsw.tf";
in { in {
config = lib.mkIf config.niksos.server { options = import ./lib/webOptions.nix {inherit config lib name;};
config = lib.mkIf cfg.enable {
services = { services = {
matrix-continuwuity = { matrix-continuwuity = {
enable = true; enable = true;
group = "caddy"; # Permissions for socket group = "caddy"; # Permissions for socket
#FIXME: caddy should be part of matrix group, not other way around
settings.global = { settings.global = {
unix_socket_path = "/run/continuwuity/continuwuity.sock"; unix_socket_path = "/run/continuwuity/continuwuity.sock";
server_name = host; server_name = cfg.domain;
allow_registration = true; allow_registration = true;
registration_token_file = config.age.secrets.matrix-registration.path; registration_token_file = config.age.secrets.matrix-registration.path;
new_user_displayname_suffix = ""; new_user_displayname_suffix = "";
}; };
}; };
caddy.virtualHosts = { caddy = {
${host}.extraConfig = '' enable = true;
header /.well-known/matrix/* Content-Type application/json virtualHosts = {
header /.well-known/matrix/* Access-Control-Allow-Origin * ${cfg.domain}.extraConfig = ''
respond /.well-known/matrix/server `{"m.server": "${host}:443"}` header /.well-known/matrix/* Content-Type application/json
respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${host}"}}` header /.well-known/matrix/* Access-Control-Allow-Origin *
reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock respond /.well-known/matrix/server `{"m.server": "${cfg.domain}:443"}`
''; respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${cfg.domain}"}}`
reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock
'';
};
}; };
}; };
}; };

118
system/server/nextcloud.nix
View file

@ -4,18 +4,24 @@
lib, lib,
... ...
}: let }: let
inherit (config.niksos) server; name = "nextcloud";
host = "cloud.jsw.tf"; cfg = import ./lib/extractWebOptions.nix {inherit config name;};
nginxRoot = config.services.nginx.virtualHosts.${host}.root;
inherit (cfg) enable domain;
nginxRoot = config.services.nginx.virtualHosts.${domain}.root;
fpmSocket = config.services.phpfpm.pools.nextcloud.socket; fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
imaginaryPort = 9004; imaginaryPort = 9004;
in { in {
config = lib.mkIf server { options = import ./lib/webOptions.nix {inherit config lib name;};
config = lib.mkIf enable {
users.groups.nextcloud.members = ["nextcloud" "caddy"]; users.groups.nextcloud.members = ["nextcloud" "caddy"];
services = { services = {
nextcloud = { nextcloud = {
enable = true; enable = true;
hostName = host; hostName = domain;
# Need to manually increment with every major upgrade. # Need to manually increment with every major upgrade.
package = pkgs.nextcloud31; package = pkgs.nextcloud31;
@ -77,12 +83,12 @@ in {
dbtype = "pgsql"; dbtype = "pgsql";
}; };
}; };
imaginary = { # imaginary = { #FIXME: doesn't start.
enable = true; # enable = true;
port = imaginaryPort; # port = imaginaryPort;
address = "localhost"; # address = "localhost";
settings.returnSize = true; # settings.returnSize = true;
}; # };
nginx.enable = lib.mkForce false; nginx.enable = lib.mkForce false;
phpfpm.pools.nextcloud.settings = let phpfpm.pools.nextcloud.settings = let
@ -91,58 +97,62 @@ in {
"listen.owner" = user; "listen.owner" = user;
"listen.group" = group; "listen.group" = group;
}; };
caddy.virtualHosts."${host}".extraConfig = ''
encode zstd gzip
root * ${nginxRoot} caddy = {
enable = true;
virtualHosts.${domain}.extraConfig = ''
encode zstd gzip
redir /.well-known/carddav /remote.php/dav 301 root * ${nginxRoot}
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/* /index.php{uri} 301
redir /remote/* /remote.php{uri} 301
header { redir /.well-known/carddav /remote.php/dav 301
Strict-Transport-Security max-age=31536000 redir /.well-known/caldav /remote.php/dav 301
Permissions-Policy interest-cohort=() redir /.well-known/* /index.php{uri} 301
X-Content-Type-Options nosniff redir /remote/* /remote.php{uri} 301
X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer
X-XSS-Protection "1; mode=block"
X-Permitted-Cross-Domain-Policies none
X-Robots-Tag "noindex, nofollow"
-X-Powered-By
}
php_fastcgi unix/${fpmSocket} { header {
root ${nginxRoot} Strict-Transport-Security max-age=31536000
env front_controller_active true Permissions-Policy interest-cohort=()
env modHeadersAvailable true X-Content-Type-Options nosniff
} X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer
X-XSS-Protection "1; mode=block"
X-Permitted-Cross-Domain-Policies none
X-Robots-Tag "noindex, nofollow"
-X-Powered-By
}
@forbidden { php_fastcgi unix/${fpmSocket} {
path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/* root ${nginxRoot}
path /.* /autotest* /occ* /issue* /indie* /db_* /console* env front_controller_active true
not path /.well-known/* env modHeadersAvailable true
} }
error @forbidden 404
@immutable { @forbidden {
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
query v=* path /.* /autotest* /occ* /issue* /indie* /db_* /console*
} not path /.well-known/*
header @immutable Cache-Control "max-age=15778463, immutable" }
error @forbidden 404
@static { @immutable {
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
not query v=* query v=*
} }
header @static Cache-Control "max-age=15778463" header @immutable Cache-Control "max-age=15778463, immutable"
@woff2 path *.woff2 @static {
header @woff2 Cache-Control "max-age=604800" path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
not query v=*
}
header @static Cache-Control "max-age=15778463"
file_server @woff2 path *.woff2
''; header @woff2 Cache-Control "max-age=604800"
file_server
'';
};
}; };
}; };
} }

25
system/server/temp.nix
View file

@ -1,14 +1,15 @@
#WARNING: deprecated
{ {
config, # config,
pkgs, # pkgs,
lib, # lib,
inputs, # inputs,
... # ...
}: { # }: {
config = lib.mkIf config.niksos.server { # config = lib.mkIf config.niksos.server {
# NOTE: allows me to spin up temporarily services. # # NOTE: allows me to spin up temporarily services.
services.caddy.virtualHosts."temp.jsw.tf".extraConfig = '' # services.caddy.virtualHosts."temp.jsw.tf".extraConfig = ''
reverse_proxy :8000 # reverse_proxy :8000
''; # '';
}; # };
} }

25
system/server/zitadel.nix
View file

@ -3,15 +3,22 @@
lib, lib,
... ...
}: let }: let
ExternalDomain = "z.jsw.tf"; name = "zitadel";
cfg = import ./lib/extractWebOptions.nix {inherit config name;};
Port = 9000; Port = 9000;
in { in {
options = import ./lib/webOptions.nix {inherit config lib name;};
config = config =
lib.mkIf config.niksos.server lib.mkIf cfg.enable
{ {
services.caddy.virtualHosts.${ExternalDomain}.extraConfig = '' services.caddy = {
reverse_proxy localhost:${builtins.toString Port} enable = true;
''; virtualHosts.${cfg.domain}.extraConfig = ''
reverse_proxy localhost:${builtins.toString Port}
'';
};
# services.zitadel = { # services.zitadel = {
# enable = true; # enable = true;
@ -32,8 +39,10 @@ in {
enable = true; enable = true;
masterKeyFile = config.age.secrets.zitadel-key.path; masterKeyFile = config.age.secrets.zitadel-key.path;
settings = { settings = {
inherit Port ExternalDomain; inherit Port;
ExternalDomain = cfg.domain;
ExternalPort = 443; ExternalPort = 443;
Database.postgres = { Database.postgres = {
Host = "/var/run/postgresql/"; Host = "/var/run/postgresql/";
Port = 5432; Port = 5432;
@ -53,9 +62,9 @@ in {
steps.FirstInstance = { steps.FirstInstance = {
InstanceName = "jsw"; InstanceName = "jsw";
Org = { Org = {
Name = "jsw"; Name = "jsw-admin";
Human = { Human = {
UserName = "jsw@jsw.tf"; UserName = "jsw-admin@jsw.tf";
FirstName = "Jurn"; FirstName = "Jurn";
LastName = "Wubben"; LastName = "Wubben";
Email.Verified = true; Email.Verified = true;