jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jsw:e8e216e25f39886bf05247111684d243302d17d9
Branches Tags
jsw:master
jsw:derek-site
...
compare: jsw:6700e426619e13136f29fc2a0a8c7889141c5197
Branches Tags
jsw:derek-site
jsw:master

8 commits
e8e216e25f ... 6700e42661

Author SHA1 Message Date
Jurn Wubben
6700e42661 Nextcloud: enable oidc login 2025-07-29 11:09:38 +02:00
Jurn Wubben
d2f7055762 Nextcloud: fix phpfm permissions 2025-07-29 11:09:38 +02:00
Jurn Wubben
ade92871e4 Nextcloud: added caddy to nextcloud group so that it can read socket. 2025-07-29 11:09:38 +02:00
Jurn Wubben
f47eb458ee Added base nexcloud 2025-07-29 11:09:38 +02:00
Jurn Wubben
aff6ae1ab3 DerekBot: breadbot update 2025-07-29 11:06:53 +02:00
Jurn Wubben
0ece7c4a29 Fixed mako; added visicut 2025-07-27 23:12:03 +02:00
Jurn Wubben
f79aa0d5d6 WLUMA: was peaking out cpu usgage via dbus?!? 2025-07-27 23:11:24 +02:00
Jurn Wubben
df6139c3bc Mako: fixed defaulttimeout 2025-07-26 23:42:08 +02:00
14 changed files with 215 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -7,6 +7,7 @@
imports = [ imports = [
inputs.git-hooks-nix.flakeModule inputs.git-hooks-nix.flakeModule
./hosts ./hosts
./pkgs
]; ];
perSystem = { perSystem = {

19
home/programs/other.nix
View file

@ -2,14 +2,17 @@
pkgs, pkgs,
lib, lib,
osConfig, osConfig,
self,
... ...
}: { }: {
home.packages = lib.mkIf osConfig.niksos.desktop.apps [ home.packages =
pkgs.spotify lib.optionals osConfig.niksos.desktop.apps [
pkgs.signal-desktop pkgs.spotify
pkgs.bambu-studio pkgs.signal-desktop
pkgs.gimp pkgs.bambu-studio
pkgs.inkscape pkgs.gimp
pkgs.thunderbird pkgs.inkscape
]; pkgs.thunderbird
]
++ lib.optional osConfig.niksos.hardware.portable.enable self.packages.${pkgs.system}.visicut;
} }

2
home/wayland/mako.nix
View file

@ -3,6 +3,6 @@
in { in {
services.mako = { services.mako = {
inherit (osConfig.programs.hyprland) enable; inherit (osConfig.programs.hyprland) enable;
settings.defaultTimeout = 5000; settings.default-timeout = 5000;
}; };
} }

1
hosts/laptop/default.nix
View file

@ -2,7 +2,6 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./virt.nix ./virt.nix
./wluma.nix
]; ];
programs.appimage.enable = true; programs.appimage.enable = true;

31
hosts/laptop/wluma.nix
View file

@ -1,31 +0,0 @@
{
hardware.sensor.iio.enable = true; # brightness sensor
home-manager.users.jsw.services.wluma = {
enable = true;
settings = {
als.iio = {
path = "/sys/bus/iio/devices";
thresholds = {
"0" = "night";
"10" = "dark";
"100" = "normal";
"20" = "dim";
"200" = "bright";
"500" = "outdoors";
};
};
output.backlight = [
{
capturer = "none";
name = "eDP-1";
path = "/sys/class/backlight/amdgpu_bl1";
}
{
capturer = "none";
name = "keyboard";
path = "/sys/bus/platform/devices/cros-keyboard-leds.5.auto/leds/chromeos::kbd_backlight";
}
];
};
};
}

8
pkgs/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
systems = ["x86_64-linux"];
perSystem = {pkgs, ...}: {
packages = {
visicut = pkgs.callPackage ./visicut {};
};
};
}

43
pkgs/visicut/default.nix Normal file
View file

@ -0,0 +1,43 @@
{
appimageTools,
fetchurl,
lib,
}: let
pname = "VisiCut";
version = "2.1";
src = fetchurl {
url = "https://github.com/t-oster/VisiCut/releases/download/${version}/VisiCut-${version}+devel-x86_64.AppImage";
hash = "sha256-Mq6Rjozshwk8asY+5egScQ5TkoxzRnWlZ9p0WeEOoiE=";
};
appimageContents = appimageTools.extract {
inherit pname version src;
postExtract = ''
substituteInPlace $out/${desktopFile} --replace-fail 'Exec=visicut' 'Exec=${pname}'
'';
};
desktopFile = "VisiCut.desktop";
iconFile = "visicut.png";
in
appimageTools.wrapType2 {
inherit pname version src;
extraInstallCommands = ''
install -m 444 -D ${appimageContents}/${desktopFile} $out/share/applications/${desktopFile}
install -m 444 -D ${appimageContents}/usr/share/icons/hicolor/128x128/apps/${iconFile} \
$out/share/icons/hicolor/128x128/apps/${iconFile}
'';
meta = {
description = "A userfriendly tool to prepare, save and send Jobs to Lasercutters.";
homepage = "https://visicut.org/";
downloadPage = "https://github.com/t-oster/VisiCut/releases/";
license = lib.licenses.lgpl3;
sourceProvenance = with lib.sourceTypes; [binaryNativeCode];
# maintainers = with lib.maintainers; [onny];
mainProgram = "VisiCut";
platforms = ["x86_64-linux"];
};
}

BIN
secrets/bread-dcbot.age
View file

Binary file not shown.

4
secrets/default.nix
View file

@ -42,5 +42,9 @@ in {
file = ./immich-oidc.age; file = ./immich-oidc.age;
owner = abstrServiceUser "immich"; owner = abstrServiceUser "immich";
}; };
nextcloud-admin-pass = mkIf server {
file = ./nextcloud-admin-pass.age;
owner = "nextcloud";
};
}; };
} }

17
secrets/nextcloud-admin-pass.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA Njcl+VZAFcfupb9luHQjSAzzPar8k0G0WVU8EtS37EY
8IPsa1mz7qpxOmzXRNCwcp2KsBH45nM6M4D5vm1BgE8
-> ssh-ed25519 MfR7VA WjSU/1VNHqylcPlaB+5FIyY879kQy/c+AyfdHrt6Xyo
KIDdbbNcy+DQ9q+Eo8dzxDMlq8vR8XeKvRps+/ghe+E
-> ssh-ed25519 +cvRTg eEExK1tU/S//HUL4x0SsJw8taRdOgLnOntUlpqVvMwk
7pB4ROtshkMGw/D4mkVdi7a3vYGoIyCodSCsKcplTws
-> ssh-ed25519 WCPLrA dNpd63ZB4ZlsgMlvdPeiW8VguhPkgRjCBor66cTAq1Q
IFSbLiZs8QBAqruyV3Zuoe6iE5ctW4Aw+8ipQ/5rUGM
-> ssh-ed25519 7/ziYw asgAI0TYuK4irNyoq/WFVCBrWC7NIJU5S4HQEfqEWTA
YoCVz1GzZ+swKb/qT+hhnTy3/mcBDFkaHAomzyApY6I
-> ssh-ed25519 VQy60Q 3XY6OcWrf3ZmXJNMo0tPrXofyjNtvt9VQaewkDZymTs
+JLpflAACxg6Esvq43FedOs56BuGa/6usymtfZl96nI
--- 4dcH0MunNPsvsrUmFGYIgSMsgS2BNluJOa9ZmgZro6k
Ød+
Tðß
B}¢GÊkKÐ9Èšžqû$(q`†u$¶ù“»êÿ“Hˆ¦gC!÷

1
secrets/secrets.nix
View file

@ -22,4 +22,5 @@ in {
"zitadel-key.age".publicKeys = keys; "zitadel-key.age".publicKeys = keys;
"forgejo-mailpass.age".publicKeys = keys; "forgejo-mailpass.age".publicKeys = keys;
"immich-oidc.age".publicKeys = keys; "immich-oidc.age".publicKeys = keys;
"nextcloud-admin-pass.age".publicKeys = keys;
} }

1
system/server/default.nix
View file

@ -10,6 +10,7 @@
./matrix.nix ./matrix.nix
./temp.nix ./temp.nix
./zitadel.nix ./zitadel.nix
./nextcloud.nix
]; ];
options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
} }

2
system/server/derekBot.nix
View file

@ -53,7 +53,7 @@ in {
cd "${programDir}" cd "${programDir}"
git fetch git fetch
git reset --hard HEAD git reset --hard origin/HEAD
DENO_DIR=${denoDir} deno i DENO_DIR=${denoDir} deno i
''; '';

127
system/server/nextcloud.nix Normal file
View file

@ -0,0 +1,127 @@
{
config,
pkgs,
lib,
...
}: let
inherit (config.niksos) server;
host = "cloud.jsw.tf";
nginxRoot = config.services.nginx.virtualHosts.${host}.root;
fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
in {
config = lib.mkIf server {
users.groups.nextcloud.members = ["nextcloud" "caddy"];
services = {
nextcloud = {
enable = true;
hostName = host;
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud31;
database.createLocally = true;
configureRedis = true;
maxUploadSize = "16G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = {
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit
(config.services.nextcloud.package.packages.apps)
calendar
contacts
mail
notes
tasks
user_oidc
;
};
settings = {
default_phone_region = "NL";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
config = {
adminuser = "jsw-admin";
adminpassFile = "${config.age.secrets.nextcloud-admin-pass.path}";
dbtype = "pgsql";
};
};
nginx.enable = lib.mkForce false;
phpfpm.pools.nextcloud.settings = let
inherit (config.services.caddy) user group;
in {
"listen.owner" = user;
"listen.group" = group;
};
caddy.virtualHosts."${host}".extraConfig = ''
encode zstd gzip
root * ${nginxRoot}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/* /index.php{uri} 301
redir /remote/* /remote.php{uri} 301
header {
Strict-Transport-Security max-age=31536000
Permissions-Policy interest-cohort=()
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer
X-XSS-Protection "1; mode=block"
X-Permitted-Cross-Domain-Policies none
X-Robots-Tag "noindex, nofollow"
-X-Powered-By
}
php_fastcgi unix/${fpmSocket} {
root ${nginxRoot}
env front_controller_active true
env modHeadersAvailable true
}
@forbidden {
path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
path /.* /autotest* /occ* /issue* /indie* /db_* /console*
not path /.well-known/*
}
error @forbidden 404
@immutable {
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
query v=*
}
header @immutable Cache-Control "max-age=15778463, immutable"
@static {
path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
not query v=*
}
header @static Cache-Control "max-age=15778463"
@woff2 path *.woff2
header @woff2 Cache-Control "max-age=604800"
file_server
'';
};
};
}