diff --git a/flake.nix b/flake.nix index ff3bd1f..a7d0976 100644 --- a/flake.nix +++ b/flake.nix @@ -148,7 +148,8 @@ buildInputs = [ inputs.agenix.packages.${system}.agenix inputs.deploy-rs.packages.${system}.deploy-rs - ] ++ self.checks.${system}.pre-commit-check.enabledPackages; + ] + ++ self.checks.${system}.pre-commit-check.enabledPackages; }; }); diff --git a/hosts/library/nginx.nix b/hosts/library/nginx.nix index db70511..14125b7 100644 --- a/hosts/library/nginx.nix +++ b/hosts/library/nginx.nix @@ -42,16 +42,14 @@ ]; locations."/" = { proxyPass = "http://localhost:8081"; - extraConfig = - proxyConfig - + '' - # Disable proxy buffering for better streaming response from models - proxy_buffering off; + extraConfig = proxyConfig + '' + # Disable proxy buffering for better streaming response from models + proxy_buffering off; - # Increase max request size for large attachments and long audio messages - client_max_body_size 20M; - proxy_read_timeout 10m; - ''; + # Increase max request size for large attachments and long audio messages + client_max_body_size 20M; + proxy_read_timeout 10m; + ''; }; }; "jellyfin.vimium.com" = { @@ -63,21 +61,20 @@ } ]; locations."/" = { - extraConfig = - '' - # Proxy JellySearch first - if ($arg_searchTerm) { - proxy_pass http://localhost:5000; - break; - } + extraConfig = '' + # Proxy JellySearch first + if ($arg_searchTerm) { + proxy_pass http://localhost:5000; + break; + } - proxy_pass http://localhost:8096; - '' - + proxyConfig - + '' - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - ''; + proxy_pass http://localhost:8096; + '' + + proxyConfig + + '' + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + ''; }; locations."/metrics" = { return = "404"; diff --git a/hosts/vps1/coturn.nix b/hosts/vps1/coturn.nix index 053f44c..a72c438 100644 --- a/hosts/vps1/coturn.nix +++ b/hosts/vps1/coturn.nix @@ -40,26 +40,25 @@ in }; }; - age.secrets = - { - "passwords/services/coturn/static-auth-secret" = { - file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; - owner = "turnserver"; - group = "turnserver"; - }; - } - // ( - if matrixIntegration then - { - "passwords/services/coturn/matrix-turn-config.yml" = { - file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - } - else - { } - ); + age.secrets = { + "passwords/services/coturn/static-auth-secret" = { + file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; + owner = "turnserver"; + group = "turnserver"; + }; + } + // ( + if matrixIntegration then + { + "passwords/services/coturn/matrix-turn-config.yml" = { + file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + } + else + { } + ); services.coturn = { enable = true; diff --git a/hosts/vps1/matrix.nix b/hosts/vps1/matrix.nix index 67036b5..92c0585 100644 --- a/hosts/vps1/matrix.nix +++ b/hosts/vps1/matrix.nix @@ -63,96 +63,95 @@ in }; }; - services.nginx.virtualHosts = - { - "${matrixSubdomain}" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::1]"; - port = 443; - ssl = true; - } - { - addr = "[::1]"; - port = 80; - } - { - addr = "[::1]"; - port = 8448; - ssl = true; - } - ]; - locations = { - "/" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - "/_matrix" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - client_max_body_size 50M; - ''; - }; - "/_synapse/client".proxyPass = "http://localhost:8008"; - }; - }; - "${serverName}" = - let - mkWellKnown = data: '' - more_set_headers 'Content-Type: application/json'; - return 200 '${builtins.toJSON data}'; + services.nginx.virtualHosts = { + "${matrixSubdomain}" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::1]"; + port = 443; + ssl = true; + } + { + addr = "[::1]"; + port = 80; + } + { + addr = "[::1]"; + port = 8448; + ssl = true; + } + ]; + locations = { + "/" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; ''; - in - { - locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); - locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); }; - } - // ( - if useElement then - { - "${elementSubdomain}" = { - forceSSL = true; - enableACME = true; - root = pkgs.unstable.element-web.override { - conf = { - default_server_config = matrixClientConfig; - brand = "Vimium Chat"; - branding = { - auth_header_logo_url = "https://vimium.com/images/logo.svg"; - auth_footer_links = [ - { - "text" = "Vimium.com"; - "url" = "https://vimium.com"; - } - ]; - }; + "/_matrix" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + client_max_body_size 50M; + ''; + }; + "/_synapse/client".proxyPass = "http://localhost:8008"; + }; + }; + "${serverName}" = + let + mkWellKnown = data: '' + more_set_headers 'Content-Type: application/json'; + return 200 '${builtins.toJSON data}'; + ''; + in + { + locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); + locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); + }; + } + // ( + if useElement then + { + "${elementSubdomain}" = { + forceSSL = true; + enableACME = true; + root = pkgs.unstable.element-web.override { + conf = { + default_server_config = matrixClientConfig; + brand = "Vimium Chat"; + branding = { + auth_header_logo_url = "https://vimium.com/images/logo.svg"; + auth_footer_links = [ + { + "text" = "Vimium.com"; + "url" = "https://vimium.com"; + } + ]; }; }; }; - } - else - { } - ); + }; + } + else + { } + ); nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" @@ -176,27 +175,25 @@ in ); services.postgresql = lib.mkIf usePostgresql { - ensureUsers = - [ - { - name = "matrix-synapse"; - ensureDBOwnership = true; - } - ] - ++ (lib.optional bridges.signal { - name = "mautrix-signal"; + ensureUsers = [ + { + name = "matrix-synapse"; ensureDBOwnership = true; - }) - ++ (lib.optional bridges.whatsapp { - name = "mautrix-whatsapp"; - ensureDBOwnership = true; - }); - ensureDatabases = - [ - "matrix-synapse" - ] - ++ (lib.optional bridges.signal "mautrix-signal") - ++ (lib.optional bridges.whatsapp "mautrix-whatsapp"); + } + ] + ++ (lib.optional bridges.signal { + name = "mautrix-signal"; + ensureDBOwnership = true; + }) + ++ (lib.optional bridges.whatsapp { + name = "mautrix-whatsapp"; + ensureDBOwnership = true; + }); + ensureDatabases = [ + "matrix-synapse" + ] + ++ (lib.optional bridges.signal "mautrix-signal") + ++ (lib.optional bridges.whatsapp "mautrix-whatsapp"); }; services.mautrix-signal = lib.mkIf bridges.signal { @@ -216,6 +213,7 @@ in }; mute_bridging = true; }; - } // commonBridgeSettings "mautrix-whatsapp"; + } + // commonBridgeSettings "mautrix-whatsapp"; }; } diff --git a/hosts/vps1/nginx.nix b/hosts/vps1/nginx.nix index 360c244..1a1a4f6 100644 --- a/hosts/vps1/nginx.nix +++ b/hosts/vps1/nginx.nix @@ -82,126 +82,125 @@ in maxSize = "100m"; }; }; - virtualHosts = - { - ## Static sites - "chat.ai.vimium.com" = { - forceSSL = true; - enableACME = true; - extraConfig = nginxErrorPages + nginxEdgeHeaders; - locations."/" = { - proxyPass = "http://localhost:8001"; - extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Disable proxy buffering for better streaming response from models - proxy_buffering off; - - # Increase max request size for large attachments and long audio messages - client_max_body_size 20M; - proxy_read_timeout 10m; - ''; - }; - }; - "jellyfin.vimium.com" = { - forceSSL = true; - enableACME = true; - extraConfig = nginxErrorPages + nginxEdgeHeaders; - locations."/" = { - proxyPass = "http://localhost:8000"; - extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - }; - "jdholt.com" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "www.jdholt.com" ]; - extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; - locations."/skycam" = { - root = "/var/www/jdholt.com"; - }; - locations."/skycam/snapshot.jpg" = { - extraConfig = '' - set $backend "skycam.mesh.vimium.net:1984"; - - resolver 100.100.100.100; - - proxy_pass http://$backend/api/frame.jpeg?src=rpicam; - proxy_cache skycam_cache; - proxy_cache_valid any 10s; - proxy_ignore_headers Cache-Control Expires Set-Cookie; - ''; - }; - locations."/".return = "301 https://vimium.com$request_uri"; - }; - "pki.vimium.com" = { - addSSL = true; - forceSSL = false; - enableACME = true; + virtualHosts = { + ## Static sites + "chat.ai.vimium.com" = { + forceSSL = true; + enableACME = true; + extraConfig = nginxErrorPages + nginxEdgeHeaders; + locations."/" = { + proxyPass = "http://localhost:8001"; extraConfig = '' - ${nginxErrorPages} - more_set_headers 'Server: Vimium'; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Disable proxy buffering for better streaming response from models + proxy_buffering off; + + # Increase max request size for large attachments and long audio messages + client_max_body_size 20M; + proxy_read_timeout 10m; ''; - locations."/" = { - root = "/var/www/pki.vimium.com"; - }; }; - "suhailhussain.com" = { - forceSSL = true; - enableACME = true; - serverAliases = [ "www.suhailhussain.com" ]; - extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; - locations."/" = { - root = "/var/www/suhailhussain.com"; - }; + }; + "jellyfin.vimium.com" = { + forceSSL = true; + enableACME = true; + extraConfig = nginxErrorPages + nginxEdgeHeaders; + locations."/" = { + proxyPass = "http://localhost:8000"; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; }; - "vimium.com" = { - default = true; - forceSSL = true; - enableACME = true; - serverAliases = [ "www.vimium.com" ]; - extraConfig = - nginxErrorPages - + nginxEdgeHeaders - + nginxStrictHeaders - + '' - add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always; - ''; - locations."/" = { - root = "/var/www/vimium.com"; - }; + }; + "jdholt.com" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "www.jdholt.com" ]; + extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; + locations."/skycam" = { + root = "/var/www/jdholt.com"; }; - } - ## Redirects - // (mkRedirect "h0lt.com" "jdholt.com") - // (mkRedirect "jordanholt.xyz" "jdholt.com") - // (mkRedirect "omnimagic.com" "vimium.com") - // (mkRedirect "omnimagic.net" "vimium.com") - // (mkRedirect "thelostlegend.com" "suhailhussain.com") - // (mkRedirect "vimium.co" "vimium.com") - // (mkRedirect "vimium.co.uk" "vimium.com") - // (mkRedirect "vimium.info" "vimium.com") - // (mkRedirect "vimium.net" "vimium.com") - // (mkRedirect "vimium.org" "vimium.com") - // (mkRedirect "vimium.xyz" "vimium.com"); + locations."/skycam/snapshot.jpg" = { + extraConfig = '' + set $backend "skycam.mesh.vimium.net:1984"; + + resolver 100.100.100.100; + + proxy_pass http://$backend/api/frame.jpeg?src=rpicam; + proxy_cache skycam_cache; + proxy_cache_valid any 10s; + proxy_ignore_headers Cache-Control Expires Set-Cookie; + ''; + }; + locations."/".return = "301 https://vimium.com$request_uri"; + }; + "pki.vimium.com" = { + addSSL = true; + forceSSL = false; + enableACME = true; + extraConfig = '' + ${nginxErrorPages} + more_set_headers 'Server: Vimium'; + ''; + locations."/" = { + root = "/var/www/pki.vimium.com"; + }; + }; + "suhailhussain.com" = { + forceSSL = true; + enableACME = true; + serverAliases = [ "www.suhailhussain.com" ]; + extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; + locations."/" = { + root = "/var/www/suhailhussain.com"; + }; + }; + "vimium.com" = { + default = true; + forceSSL = true; + enableACME = true; + serverAliases = [ "www.vimium.com" ]; + extraConfig = + nginxErrorPages + + nginxEdgeHeaders + + nginxStrictHeaders + + '' + add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always; + ''; + locations."/" = { + root = "/var/www/vimium.com"; + }; + }; + } + ## Redirects + // (mkRedirect "h0lt.com" "jdholt.com") + // (mkRedirect "jordanholt.xyz" "jdholt.com") + // (mkRedirect "omnimagic.com" "vimium.com") + // (mkRedirect "omnimagic.net" "vimium.com") + // (mkRedirect "thelostlegend.com" "suhailhussain.com") + // (mkRedirect "vimium.co" "vimium.com") + // (mkRedirect "vimium.co.uk" "vimium.com") + // (mkRedirect "vimium.info" "vimium.com") + // (mkRedirect "vimium.net" "vimium.com") + // (mkRedirect "vimium.org" "vimium.com") + // (mkRedirect "vimium.xyz" "vimium.com"); }; } diff --git a/pkgs/libcamera-rpi/package.nix b/pkgs/libcamera-rpi/package.nix index 8a89f8d..fe5c0c6 100644 --- a/pkgs/libcamera-rpi/package.nix +++ b/pkgs/libcamera-rpi/package.nix @@ -24,11 +24,9 @@ libcamera.overrideAttrs (old: { ./patches/libcamera-no-timeout.patch ]; - postPatch = - old.postPatch - + '' - patchShebangs src/py/libcamera - ''; + postPatch = old.postPatch + '' + patchShebangs src/py/libcamera + ''; preBuild = '' ninja src/ipa-priv-key.pem diff --git a/users/jordan/common/optional/graphical/hyprland/default.nix b/users/jordan/common/optional/graphical/hyprland/default.nix index 26734ff..0dc93fc 100644 --- a/users/jordan/common/optional/graphical/hyprland/default.nix +++ b/users/jordan/common/optional/graphical/hyprland/default.nix @@ -20,30 +20,29 @@ let concatMapAttrsStringSep = sep: f: attrs: concatStringsSep sep (attrValues (mapAttrs f attrs)); - globalVariables = - { - _JAVA_AWT_WM_NONREPARENTING = "1"; - GDK_BACKEND = "wayland"; - MOZ_ENABLE_WAYLAND = "1"; - NIXOS_OZONE_WL = "1"; - QT_QPA_PLATFORM = "wayland"; - QT_STYLE_OVERRIDE = "kvantum"; - QT_WAYLAND_DECORATION = "adwaita"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; - SDL_VIDEODRIVER = "wayland"; - XDG_SESSION_TYPE = "wayland"; - } - // ( - if elem "nvidia" osConfig.services.xserver.videoDrivers then - { - GBM_BACKEND = "nvidia-drm"; - GSK_RENDERER = - if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan"; - LIBVA_DRIVER_NAME = "nvidia"; - } - else - { } - ); + globalVariables = { + _JAVA_AWT_WM_NONREPARENTING = "1"; + GDK_BACKEND = "wayland"; + MOZ_ENABLE_WAYLAND = "1"; + NIXOS_OZONE_WL = "1"; + QT_QPA_PLATFORM = "wayland"; + QT_STYLE_OVERRIDE = "kvantum"; + QT_WAYLAND_DECORATION = "adwaita"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + SDL_VIDEODRIVER = "wayland"; + XDG_SESSION_TYPE = "wayland"; + } + // ( + if elem "nvidia" osConfig.services.xserver.videoDrivers then + { + GBM_BACKEND = "nvidia-drm"; + GSK_RENDERER = + if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan"; + LIBVA_DRIVER_NAME = "nvidia"; + } + else + { } + ); hyprVariables = { AQ_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1"; }; diff --git a/users/jordan/default.nix b/users/jordan/default.nix index 56a20c9..bb67882 100644 --- a/users/jordan/default.nix +++ b/users/jordan/default.nix @@ -42,7 +42,8 @@ in ./common/pass.nix ./common/shell.nix ./common/ssh.nix - ] ++ optional (builtins.pathExists hostFile) hostFile; + ] + ++ optional (builtins.pathExists hostFile) hostFile; home = { username = name;