AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:7f4851a1f5be10704dc6e54561166c79edccdfcb
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master
..
compare: AtaraxiaDev:299e863e6be04e7d1937058fa88f45408b3da163
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master

No commits in common. "7f4851a1f5be10704dc6e54561166c79edccdfcb" and "299e863e6be04e7d1937058fa88f45408b3da163" have entirely different histories.
7f4851a1f5 ... 299e863e6b

13 changed files with 388 additions and 676 deletions
Show Stats Expand all files Collapse all files

833
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

3
flake.nix
View File

@ -23,7 +23,6 @@
url = "github:arkenfox/user.js";
flake = false;
};
# ataraxiasjel-nur.url = "/home/ataraxia/projects/nur";
ataraxiasjel-nur.url = "github:AtaraxiaSjel/nur";
attic.url = "github:zhaofengli/attic";
base16.url = "github:AtaraxiaSjel/base16-nix";
@ -124,7 +123,7 @@
# permittedInsecurePackages = [ "electron-25.9.0" ];
};
channels.unstable.input = nixpkgs;
channels.unstable.patches = patchesPath [ "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
channels.unstable.patches = patchesPath [ "297158.patch" "zen-kernels.patch" "ydotoold.patch" ] ++ sharedPatches;
channels.stable.input = inputs.nixpkgs-stable;
channels.stable.patches = sharedPatches;

2
machines/AMD-Workstation/default.nix
View File

@ -108,7 +108,6 @@
pkgs.distrobox
pkgs.nix-fast-build
pkgs.mitmproxy
pkgs.exercism
];
xdg.configFile."distrobox/distrobox.conf".text = ''
container_always_pull="1"
@ -122,7 +121,6 @@
".local/share/PrismLauncher"
".local/share/distrobox"
".mitmproxy"
".config/exercism"
];
system.stateVersion = "23.05";

3
machines/NixOS-VPS/services/xtls.nix
View File

@ -29,7 +29,7 @@ in {
virtualisation.oci-containers.containers = {
marzban = {
autoStart = true;
image = "ghcr.io/gozargah/marzban:v0.4.9";
image = "ghcr.io/gozargah/marzban:v0.4.6";
environmentFiles = [ marzban-env ];
extraOptions = [ "--network=host" ];
volumes = [
@ -44,6 +44,7 @@ in {
"${cert-key}:/etc/ssl/certs/cert.key:ro"
"${cert-pem}:/etc/ssl/certs/cert.pem:ro"
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
"/var/lib/acme:/var/lib/acme"
];
};
};

46
patches/297158.patch Normal file
View File

@ -0,0 +1,46 @@
From 49f83b701e7939079c529f378c79fa8544f4db72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Silva?= <andrerfosilva@gmail.com>
Date: Tue, 19 Mar 2024 11:31:45 +0000
Subject: [PATCH] waybar: build against wireplumber-0.4
---
pkgs/applications/misc/waybar/default.nix | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/pkgs/applications/misc/waybar/default.nix b/pkgs/applications/misc/waybar/default.nix
index 47071c60f29424..fd24f6605e4e08 100644
--- a/pkgs/applications/misc/waybar/default.nix
+++ b/pkgs/applications/misc/waybar/default.nix
@@ -2,6 +2,7 @@
, stdenv
, bash
, fetchFromGitHub
+, fetchFromGitLab
, SDL2
, alsa-lib
, catch2_3
@@ -72,6 +73,17 @@ let
rev = "0.10.1";
hash = "sha256-iIYKvpOWafPJB5XhDOSIW9Mb4I3A4pcgIIPQdQYEqUw=";
};
+
+ wireplumber_0_4 = wireplumber.overrideAttrs (attrs: rec {
+ version = "0.4.17";
+ src = fetchFromGitLab {
+ domain = "gitlab.freedesktop.org";
+ owner = "pipewire";
+ repo = "wireplumber";
+ rev = version;
+ hash = "sha256-vhpQT67+849WV1SFthQdUeFnYe/okudTQJoL3y+wXwI=";
+ };
+ });
in
stdenv.mkDerivation (finalAttrs: {
pname = "waybar";
@@ -138,7 +150,7 @@ stdenv.mkDerivation (finalAttrs: {
++ lib.optional traySupport libdbusmenu-gtk3
++ lib.optional udevSupport udev
++ lib.optional upowerSupport upower
- ++ lib.optional wireplumberSupport wireplumber
+ ++ lib.optional wireplumberSupport wireplumber_0_4
++ lib.optional (!stdenv.isLinux) libinotify-kqueue;

45
patches/vaultwarden.patch
View File

@ -1,23 +1,22 @@
diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
index b2920931f..443b8421b 100644
index aaa3f5507f7..d6a72f74370 100644
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -23,7 +23,7 @@ let
configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) {
${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value;
@@ -25,7 +25,7 @@ let
configEnv = concatMapAttrs (name: value: optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value;
}) cfg.config;
- in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+ in { DATA_FOLDER = cfg.dataDir; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
- in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+ in { DATA_FOLDER = cfg.dataDir; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv;
@@ -163,6 +163,16 @@ in {
defaultText = lib.literalExpression "pkgs.vaultwarden.webvault";
description = "Web vault package to use.";
@@ -57,6 +57,16 @@ in {
'';
};
+
+ dataDir = lib.mkOption {
+ type = lib.types.str;
+ dataDir = mkOption {
+ type = str;
+ default = "/var/lib/bitwarden_rs";
+ description = ''
+ The directury in which vaultwarden will keep its state. If left as the default value
@ -25,17 +24,18 @@ index b2920931f..443b8421b 100644
+ the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
+ '';
+ };
};
config = lib.mkIf cfg.enable {
@@ -180,28 +190,32 @@ in {
systemd.services.vaultwarden = {
+
config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ]));
default = {};
@@ -184,21 +194,25 @@ in {
aliases = [ "bitwarden_rs.service" ];
after = [ "network.target" ];
path = with pkgs; [ openssl ];
- serviceConfig = {
- User = user;
- Group = group;
- EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile;
- EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
- ExecStart = "${vaultwarden}/bin/vaultwarden";
- LimitNOFILE = "1048576";
- PrivateTmp = "true";
@ -47,15 +47,15 @@ index b2920931f..443b8421b 100644
- StateDirectoryMode = "0700";
- Restart = "always";
- };
+ serviceConfig = lib.mkMerge [
+ (lib.mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") {
+ serviceConfig = mkMerge [
+ (mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") {
+ StateDirectory = "bitwarden_rs";
+ StateDirectoryMode = "0700";
+ })
+ {
+ User = user;
+ Group = group;
+ EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile;
+ EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
+ ExecStart = "${vaultwarden}/bin/vaultwarden";
+ LimitNOFILE = "1048576";
+ PrivateTmp = "true";
@ -69,7 +69,8 @@ index b2920931f..443b8421b 100644
wantedBy = [ "multi-user.target" ];
};
systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) {
@@ -206,7 +220,7 @@ in {
aliases = [ "backup-bitwarden_rs.service" ];
description = "Backup vaultwarden";
environment = {
- DATA_FOLDER = "/var/lib/bitwarden_rs";

17
patches/zen-kernels.patch
View File

@ -1,17 +0,0 @@
diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix
index 1f36e36..0e4e1ae 100644
--- a/pkgs/os-specific/linux/kernel/zen-kernels.nix
+++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix
@@ -11,9 +11,9 @@ let
};
# ./update-zen.py lqx
lqxVariant = {
- version = "6.8.6"; #lqx
- suffix = "lqx2"; #lqx
- sha256 = "0mxbl0h8s021m0ab12yy778qyhdlb5789qjbn66l8qxsw0dv4ags"; #lqx
+ version = "6.7.12"; #lqx
+ suffix = "lqx1"; #lqx
+ sha256 = "1kcw2jmqmwb1mfqgiwms8i30sqdqzs8qvjfslyc9bcidpyg6qrqf"; #lqx
isLqx = true;
};
zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {

3
profiles/servers/ocis.nix
View File

@ -1,5 +1,4 @@
{ config, pkgs, lib, inputs, modulesPath, ... }: {
disabledModules = [ "${modulesPath}/services/web-apps/ocis.nix" ];
{ config, pkgs, lib, inputs, ... }: {
imports = with inputs.ataraxiasjel-nur.nixosModules; [ ocis wopiserver ];
sops.secrets.wopiserver-secret.sopsFile = inputs.self.secretsDir + /home-hypervisor/ocis.yaml;

20
profiles/servers/synapse/default.nix
View File

@ -106,10 +106,12 @@ in {
services.nginx.virtualHosts = let
proxySettings = ''
client_max_body_size 50M;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
default = {
useACMEHost = cert-fqdn;
@ -126,15 +128,11 @@ in {
addr = "0.0.0.0";
port = 443;
ssl = true;
} {
addr = "[::]";
port = 443;
ssl = true;
}];
locations."/" = {
proxyPass = "http://192.168.122.11:8081";
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 50M;
'' + proxySettings;
};
} // default;
@ -144,14 +142,12 @@ in {
addr = "0.0.0.0";
port = 8448;
ssl = true;
} {
addr = "[::]";
port = 8448;
ssl = true;
}];
locations."/" = {
proxyPass = "http://192.168.122.11:8448";
extraConfig = proxySettings;
extraConfig = ''
client_max_body_size 50M;
'' + proxySettings;
};
} // default;
};

1
profiles/workspace/git.nix
View File

@ -21,7 +21,6 @@ in {
defaultBranch = "dev";
};
pull.rebase = true;
safe.directory = "*";
};
};
};

1
profiles/workspace/hyprland/default.nix
View File

@ -55,6 +55,7 @@ in with config.deviceSpecific; with lib; {
'';
wayland.windowManager.hyprland = {
enable = true;
enableNvidiaPatches = false;
systemd.enable = true;
xwayland.enable = true;
extraConfig = let

84
scripts/json2nix.py
View File

@ -1,84 +0,0 @@
"""Converts JSON objects into nix (hackishly)."""
import sys
import json
INDENT = " " * 2
def strip_comments(t):
# fixme: doesn't work if JSON strings contain //
return "\n".join(l.partition("//")[0] for l in t.split("\n"))
def indent(s):
return "\n".join(INDENT + i for i in s.split("\n"))
def nix_stringify(s):
# fixme: this doesn't handle string interpolation and possibly has more bugs
return json.dumps(s)
def sanitize_key(s):
if s and s.isalnum() and not s[0].isdigit():
return s
return nix_stringify(s)
def flatten_obj_item(k, v):
keys = [k]
val = v
while isinstance(val, dict) and len(val) == 1:
k = next(iter(val.keys()))
keys.append(k)
val = val[k]
return keys, val
def fmt_object(obj, flatten):
fields = []
for k, v in obj.items():
if flatten:
keys, val = flatten_obj_item(k, v)
formatted_key = ".".join(sanitize_key(i) for i in keys)
else:
formatted_key = sanitize_key(k)
val = v
fields.append(f"{formatted_key} = {fmt_any(val, flatten)};")
return "{\n" + indent("\n".join(fields)) + "\n}"
def fmt_array(o, flatten):
body = indent("\n".join(fmt_any(i, flatten) for i in o))
return f"[\n{body}\n]"
def fmt_any(o, flatten):
if isinstance(o, str) or isinstance(o, bool) or isinstance(o, int):
return json.dumps(o)
if isinstance(o, list):
return fmt_array(o, flatten)
if isinstance(o, dict):
return fmt_object(o, flatten)
raise TypeError(f"Unknown type {type(o)!r}")
def main():
flatten = "--flatten" in sys.argv
args = [a for a in sys.argv[1:] if not a.startswith("--")]
if len(args) < 1:
print(f"Usage: {sys.argv[0]} [--flatten] <file.json>", file=sys.stderr)
sys.exit(1)
with open(args[0], "r") as f:
data = json.loads(strip_comments(f.read()))
print(fmt_any(data, flatten=flatten))
if __name__ == "__main__":
main()

6
secrets/nixos-vps/nginx.yaml
View File

File diff suppressed because one or more lines are too long