add json2nix script

flake.nix

@@ -23,6 +23,7 @@
       url = "github:arkenfox/user.js";
       flake = false;
     };
+    # ataraxiasjel-nur.url = "/home/ataraxia/projects/nur";
     ataraxiasjel-nur.url = "github:AtaraxiaSjel/nur";
     attic.url = "github:zhaofengli/attic";
     base16.url = "github:AtaraxiaSjel/base16-nix";
@@ -123,7 +124,7 @@
       # permittedInsecurePackages = [ "electron-25.9.0" ];
     };
     channels.unstable.input = nixpkgs;
-    channels.unstable.patches = patchesPath [ "297158.patch" "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
+    channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
     channels.stable.input = inputs.nixpkgs-stable;
     channels.stable.patches = sharedPatches;
 

machines/AMD-Workstation/default.nix

@@ -108,6 +108,7 @@
       pkgs.distrobox
       pkgs.nix-fast-build
       pkgs.mitmproxy
+      pkgs.exercism
     ];
     xdg.configFile."distrobox/distrobox.conf".text = ''
       container_always_pull="1"
@@ -121,6 +122,7 @@
     ".local/share/PrismLauncher"
     ".local/share/distrobox"
     ".mitmproxy"
+    ".config/exercism"
   ];
 
   system.stateVersion = "23.05";

machines/NixOS-VPS/services/xtls.nix

@@ -29,7 +29,7 @@ in {
   virtualisation.oci-containers.containers = {
     marzban = {
       autoStart = true;
-      image = "ghcr.io/gozargah/marzban:v0.4.6";
+      image = "ghcr.io/gozargah/marzban:v0.4.9";
       environmentFiles = [ marzban-env ];
       extraOptions = [ "--network=host" ];
       volumes = [
@@ -44,7 +44,6 @@ in {
         "${cert-key}:/etc/ssl/certs/cert.key:ro"
         "${cert-pem}:/etc/ssl/certs/cert.pem:ro"
         "${nginx-conf}:/etc/nginx/nginx.conf:ro"
-        "/var/lib/acme:/var/lib/acme"
       ];
     };
   };

patches/297158.patch

@@ -1,46 +0,0 @@
-From 49f83b701e7939079c529f378c79fa8544f4db72 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andr=C3=A9=20Silva?= <andrerfosilva@gmail.com>
-Date: Tue, 19 Mar 2024 11:31:45 +0000
-Subject: [PATCH] waybar: build against wireplumber-0.4
-
----
- pkgs/applications/misc/waybar/default.nix | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/pkgs/applications/misc/waybar/default.nix b/pkgs/applications/misc/waybar/default.nix
-index 47071c60f29424..fd24f6605e4e08 100644
---- a/pkgs/applications/misc/waybar/default.nix
-+++ b/pkgs/applications/misc/waybar/default.nix
-@@ -2,6 +2,7 @@
- , stdenv
- , bash
- , fetchFromGitHub
-+, fetchFromGitLab
- , SDL2
- , alsa-lib
- , catch2_3
-@@ -72,6 +73,17 @@ let
-     rev = "0.10.1";
-     hash = "sha256-iIYKvpOWafPJB5XhDOSIW9Mb4I3A4pcgIIPQdQYEqUw=";
-   };
-+
-+  wireplumber_0_4 = wireplumber.overrideAttrs (attrs: rec {
-+    version = "0.4.17";
-+    src = fetchFromGitLab {
-+      domain = "gitlab.freedesktop.org";
-+      owner = "pipewire";
-+      repo = "wireplumber";
-+      rev = version;
-+      hash = "sha256-vhpQT67+849WV1SFthQdUeFnYe/okudTQJoL3y+wXwI=";
-+    };
-+  });
- in
- stdenv.mkDerivation (finalAttrs: {
-   pname = "waybar";
-@@ -138,7 +150,7 @@ stdenv.mkDerivation (finalAttrs: {
-   ++ lib.optional traySupport libdbusmenu-gtk3
-   ++ lib.optional udevSupport udev
-   ++ lib.optional upowerSupport upower
--  ++ lib.optional wireplumberSupport wireplumber
-+  ++ lib.optional wireplumberSupport wireplumber_0_4
-   ++ lib.optional (!stdenv.isLinux) libinotify-kqueue;

patches/vaultwarden.patch

@@ -1,22 +1,23 @@
 diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
-index aaa3f5507f7..d6a72f74370 100644
+index b2920931f..443b8421b 100644
 --- a/nixos/modules/services/security/vaultwarden/default.nix
 +++ b/nixos/modules/services/security/vaultwarden/default.nix
-@@ -25,7 +25,7 @@ let
+@@ -23,7 +23,7 @@ let
-       configEnv = concatMapAttrs (name: value: optionalAttrs (value != null) {
+       configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) {
-         ${nameToEnvVar name} = if isBool value then boolToString value else toString value;
+         ${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value;
        }) cfg.config;
--    in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+-    in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
-+    in { DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
++    in { DATA_FOLDER = cfg.dataDir; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
        WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
      } // configEnv;
 
-@@ -57,6 +57,16 @@ in {
+@@ -163,6 +163,16 @@ in {
-       '';
+       defaultText = lib.literalExpression "pkgs.vaultwarden.webvault";
+       description = "Web vault package to use.";
      };
-
++
-+    dataDir = mkOption {
++    dataDir = lib.mkOption {
-+      type = str;
++      type = lib.types.str;
 +      default = "/var/lib/bitwarden_rs";
 +      description = ''
 +        The directury in which vaultwarden will keep its state. If left as the default value
@@ -24,18 +25,17 @@ index aaa3f5507f7..d6a72f74370 100644
 +        the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
 +      '';
 +    };
-+
+   };
-     config = mkOption {
+
-       type = attrsOf (nullOr (oneOf [ bool int str ]));
+   config = lib.mkIf cfg.enable {
-       default = {};
+@@ -180,28 +190,32 @@ in {
-@@ -184,21 +194,25 @@ in {
+     systemd.services.vaultwarden = {
-       aliases = [ "bitwarden_rs.service" ];
        after = [ "network.target" ];
        path = with pkgs; [ openssl ];
 -      serviceConfig = {
 -        User = user;
 -        Group = group;
--        EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
+-        EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile;
 -        ExecStart = "${vaultwarden}/bin/vaultwarden";
 -        LimitNOFILE = "1048576";
 -        PrivateTmp = "true";
@@ -47,15 +47,15 @@ index aaa3f5507f7..d6a72f74370 100644
 -        StateDirectoryMode = "0700";
 -        Restart = "always";
 -      };
-+      serviceConfig = mkMerge [
++      serviceConfig = lib.mkMerge [
-+        (mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") {
++        (lib.mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") {
 +          StateDirectory = "bitwarden_rs";
 +          StateDirectoryMode = "0700";
 +        })
 +        {
 +          User = user;
 +          Group = group;
-+          EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
++          EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile;
 +          ExecStart = "${vaultwarden}/bin/vaultwarden";
 +          LimitNOFILE = "1048576";
 +          PrivateTmp = "true";
@@ -69,8 +69,7 @@ index aaa3f5507f7..d6a72f74370 100644
        wantedBy = [ "multi-user.target" ];
      };
 
-@@ -206,7 +220,7 @@ in {
+     systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) {
-       aliases = [ "backup-bitwarden_rs.service" ];
        description = "Backup vaultwarden";
        environment = {
 -        DATA_FOLDER = "/var/lib/bitwarden_rs";

patches/zen-kernels.patch

@@ -0,0 +1,17 @@
+diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix
+index 1f36e36..0e4e1ae 100644
+--- a/pkgs/os-specific/linux/kernel/zen-kernels.nix
++++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix
+@@ -11,9 +11,9 @@ let
+   };
+   # ./update-zen.py lqx
+   lqxVariant = {
+-    version = "6.8.6"; #lqx
+-    suffix = "lqx2"; #lqx
+-    sha256 = "0mxbl0h8s021m0ab12yy778qyhdlb5789qjbn66l8qxsw0dv4ags"; #lqx
++    version = "6.7.12"; #lqx
++    suffix = "lqx1"; #lqx
++    sha256 = "1kcw2jmqmwb1mfqgiwms8i30sqdqzs8qvjfslyc9bcidpyg6qrqf"; #lqx
+     isLqx = true;
+   };
+   zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {

profiles/servers/ocis.nix

@@ -1,4 +1,5 @@
-{ config, pkgs, lib, inputs, ... }: {
+{ config, pkgs, lib, inputs, modulesPath, ... }: {
+  disabledModules = [ "${modulesPath}/services/web-apps/ocis.nix" ];
   imports = with inputs.ataraxiasjel-nur.nixosModules; [ ocis wopiserver ];
 
   sops.secrets.wopiserver-secret.sopsFile = inputs.self.secretsDir + /home-hypervisor/ocis.yaml;

profiles/servers/synapse/default.nix

@@ -106,12 +106,10 @@ in {
 
   services.nginx.virtualHosts = let
     proxySettings = ''
+      client_max_body_size 50M;
       proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header X-Forwarded-Host $host;
-      proxy_set_header X-Forwarded-Server $host;
     '';
     default = {
       useACMEHost = cert-fqdn;
@@ -128,11 +126,15 @@ in {
         addr = "0.0.0.0";
         port = 443;
         ssl = true;
+      } {
+        addr = "[::]";
+        port = 443;
+        ssl = true;
       }];
       locations."/" = {
         proxyPass = "http://192.168.122.11:8081";
         extraConfig = ''
-          client_max_body_size 50M;
+          proxy_set_header X-Real-IP $remote_addr;
         '' + proxySettings;
       };
     } // default;
@@ -142,12 +144,14 @@ in {
         addr = "0.0.0.0";
         port = 8448;
         ssl = true;
+      } {
+        addr = "[::]";
+        port = 8448;
+        ssl = true;
       }];
       locations."/" = {
         proxyPass = "http://192.168.122.11:8448";
-        extraConfig = ''
+        extraConfig = proxySettings;
-          client_max_body_size 50M;
-        '' + proxySettings;
       };
     } // default;
   };

profiles/workspace/git.nix

@@ -21,6 +21,7 @@ in {
           defaultBranch = "dev";
         };
         pull.rebase = true;
+        safe.directory = "*";
       };
     };
   };

profiles/workspace/hyprland/default.nix

@@ -55,7 +55,6 @@ in with config.deviceSpecific; with lib; {
     '';
     wayland.windowManager.hyprland = {
       enable = true;
-      enableNvidiaPatches = false;
       systemd.enable = true;
       xwayland.enable = true;
       extraConfig = let

scripts/json2nix.py

@@ -0,0 +1,84 @@
+"""Converts JSON objects into nix (hackishly)."""
+
+import sys
+import json
+
+
+INDENT = " " * 2
+
+
+def strip_comments(t):
+    # fixme: doesn't work if JSON strings contain //
+    return "\n".join(l.partition("//")[0] for l in t.split("\n"))
+
+
+def indent(s):
+    return "\n".join(INDENT + i for i in s.split("\n"))
+
+
+def nix_stringify(s):
+    # fixme: this doesn't handle string interpolation and possibly has more bugs
+    return json.dumps(s)
+
+
+def sanitize_key(s):
+    if s and s.isalnum() and not s[0].isdigit():
+        return s
+    return nix_stringify(s)
+
+
+def flatten_obj_item(k, v):
+    keys = [k]
+    val = v
+    while isinstance(val, dict) and len(val) == 1:
+        k = next(iter(val.keys()))
+        keys.append(k)
+        val = val[k]
+    return keys, val
+
+
+def fmt_object(obj, flatten):
+    fields = []
+    for k, v in obj.items():
+        if flatten:
+            keys, val = flatten_obj_item(k, v)
+            formatted_key = ".".join(sanitize_key(i) for i in keys)
+        else:
+            formatted_key = sanitize_key(k)
+            val = v
+        fields.append(f"{formatted_key} = {fmt_any(val, flatten)};")
+
+    return "{\n" + indent("\n".join(fields)) + "\n}"
+
+
+def fmt_array(o, flatten):
+    body = indent("\n".join(fmt_any(i, flatten) for i in o))
+    return f"[\n{body}\n]"
+
+
+def fmt_any(o, flatten):
+    if isinstance(o, str) or isinstance(o, bool) or isinstance(o, int):
+        return json.dumps(o)
+    if isinstance(o, list):
+        return fmt_array(o, flatten)
+    if isinstance(o, dict):
+        return fmt_object(o, flatten)
+    raise TypeError(f"Unknown type {type(o)!r}")
+
+
+def main():
+    flatten = "--flatten" in sys.argv
+    args = [a for a in sys.argv[1:] if not a.startswith("--")]
+
+    if len(args) < 1:
+        print(f"Usage: {sys.argv[0]} [--flatten] <file.json>", file=sys.stderr)
+        sys.exit(1)
+
+    with open(args[0], "r") as f:
+        data = json.loads(strip_comments(f.read()))
+
+    print(fmt_any(data, flatten=flatten))
+
+
+if __name__ == "__main__":
+    main()