jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

treewide: nix fmt
Some checks failed
Check flake / build-amd64-linux (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-07-26 15:42:30 +01:00
parent f54a947855
commit 0815780b1f
8 changed files with 288 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -148,7 +148,8 @@
buildInputs = [
inputs.agenix.packages.${system}.agenix
inputs.deploy-rs.packages.${system}.deploy-rs
] ++ self.checks.${system}.pre-commit-check.enabledPackages;
]
++ self.checks.${system}.pre-commit-check.enabledPackages;
};
});

43
hosts/library/nginx.nix
View File

@@ -42,16 +42,14 @@
];
locations."/" = {
proxyPass = "http://localhost:8081";
extraConfig =
proxyConfig
+ ''
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
extraConfig = proxyConfig + ''
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
};
};
"jellyfin.vimium.com" = {
@@ -63,21 +61,20 @@
}
];
locations."/" = {
extraConfig =
''
# Proxy JellySearch first
if ($arg_searchTerm) {
proxy_pass http://localhost:5000;
break;
}
extraConfig = ''
# Proxy JellySearch first
if ($arg_searchTerm) {
proxy_pass http://localhost:5000;
break;
}
proxy_pass http://localhost:8096;
''
+ proxyConfig
+ ''
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
'';
proxy_pass http://localhost:8096;
''
+ proxyConfig
+ ''
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
'';
};
locations."/metrics" = {
return = "404";

39
hosts/vps1/coturn.nix
View File

@@ -40,26 +40,25 @@ in
};
};
age.secrets =
{
"passwords/services/coturn/static-auth-secret" = {
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver";
group = "turnserver";
};
}
// (
if matrixIntegration then
{
"passwords/services/coturn/matrix-turn-config.yml" = {
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse";
group = "matrix-synapse";
};
}
else
{ }
);
age.secrets = {
"passwords/services/coturn/static-auth-secret" = {
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver";
group = "turnserver";
};
}
// (
if matrixIntegration then
{
"passwords/services/coturn/matrix-turn-config.yml" = {
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse";
group = "matrix-synapse";
};
}
else
{ }
);
services.coturn = {
enable = true;

210
hosts/vps1/matrix.nix
View File

@@ -63,96 +63,95 @@ in
};
};
services.nginx.virtualHosts =
{
"${matrixSubdomain}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::1]";
port = 443;
ssl = true;
}
{
addr = "[::1]";
port = 80;
}
{
addr = "[::1]";
port = 8448;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${serverName}" =
let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
services.nginx.virtualHosts = {
"${matrixSubdomain}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::1]";
port = 443;
ssl = true;
}
{
addr = "[::1]";
port = 80;
}
{
addr = "[::1]";
port = 8448;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
in
{
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
}
// (
if useElement then
{
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{
"text" = "Vimium.com";
"url" = "https://vimium.com";
}
];
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${serverName}" =
let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in
{
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
}
// (
if useElement then
{
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{
"text" = "Vimium.com";
"url" = "https://vimium.com";
}
];
};
};
};
}
else
{ }
);
};
}
else
{ }
);
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
@@ -176,27 +175,25 @@ in
);
services.postgresql = lib.mkIf usePostgresql {
ensureUsers =
[
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
]
++ (lib.optional bridges.signal {
name = "mautrix-signal";
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
})
++ (lib.optional bridges.whatsapp {
name = "mautrix-whatsapp";
ensureDBOwnership = true;
});
ensureDatabases =
[
"matrix-synapse"
]
++ (lib.optional bridges.signal "mautrix-signal")
++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
}
]
++ (lib.optional bridges.signal {
name = "mautrix-signal";
ensureDBOwnership = true;
})
++ (lib.optional bridges.whatsapp {
name = "mautrix-whatsapp";
ensureDBOwnership = true;
});
ensureDatabases = [
"matrix-synapse"
]
++ (lib.optional bridges.signal "mautrix-signal")
++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
};
services.mautrix-signal = lib.mkIf bridges.signal {
@@ -216,6 +213,7 @@ in
};
mute_bridging = true;
};
} // commonBridgeSettings "mautrix-whatsapp";
}
// commonBridgeSettings "mautrix-whatsapp";
};
}

231
hosts/vps1/nginx.nix
View File

@@ -82,126 +82,125 @@ in
maxSize = "100m";
};
};
virtualHosts =
{
## Static sites
"chat.ai.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8001";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
};
};
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam" = {
root = "/var/www/jdholt.com";
};
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:1984";
resolver 100.100.100.100;
proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
virtualHosts = {
## Static sites
"chat.ai.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8001";
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig =
nginxErrorPages
+ nginxEdgeHeaders
+ nginxStrictHeaders
+ ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam" = {
root = "/var/www/jdholt.com";
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:1984";
resolver 100.100.100.100;
proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig =
nginxErrorPages
+ nginxEdgeHeaders
+ nginxStrictHeaders
+ ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
};
}

8
pkgs/libcamera-rpi/package.nix
View File

@@ -24,11 +24,9 @@ libcamera.overrideAttrs (old: {
./patches/libcamera-no-timeout.patch
];
postPatch =
old.postPatch
+ ''
patchShebangs src/py/libcamera
'';
postPatch = old.postPatch + ''
patchShebangs src/py/libcamera
'';
preBuild = ''
ninja src/ipa-priv-key.pem

47
users/jordan/common/optional/graphical/hyprland/default.nix
View File

@@ -20,30 +20,29 @@ let
concatMapAttrsStringSep =
sep: f: attrs:
concatStringsSep sep (attrValues (mapAttrs f attrs));
globalVariables =
{
_JAVA_AWT_WM_NONREPARENTING = "1";
GDK_BACKEND = "wayland";
MOZ_ENABLE_WAYLAND = "1";
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
QT_STYLE_OVERRIDE = "kvantum";
QT_WAYLAND_DECORATION = "adwaita";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
XDG_SESSION_TYPE = "wayland";
}
// (
if elem "nvidia" osConfig.services.xserver.videoDrivers then
{
GBM_BACKEND = "nvidia-drm";
GSK_RENDERER =
if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan";
LIBVA_DRIVER_NAME = "nvidia";
}
else
{ }
);
globalVariables = {
_JAVA_AWT_WM_NONREPARENTING = "1";
GDK_BACKEND = "wayland";
MOZ_ENABLE_WAYLAND = "1";
NIXOS_OZONE_WL = "1";
QT_QPA_PLATFORM = "wayland";
QT_STYLE_OVERRIDE = "kvantum";
QT_WAYLAND_DECORATION = "adwaita";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
XDG_SESSION_TYPE = "wayland";
}
// (
if elem "nvidia" osConfig.services.xserver.videoDrivers then
{
GBM_BACKEND = "nvidia-drm";
GSK_RENDERER =
if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan";
LIBVA_DRIVER_NAME = "nvidia";
}
else
{ }
);
hyprVariables = {
AQ_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1";
};

3
users/jordan/default.nix
View File

@@ -42,7 +42,8 @@ in
./common/pass.nix
./common/shell.nix
./common/ssh.nix
] ++ optional (builtins.pathExists hostFile) hostFile;
]
++ optional (builtins.pathExists hostFile) hostFile;
home = {
username = name;