jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

treewide: nix fmt
Some checks failed
Check flake / build-amd64-linux (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-07-26 15:42:30 +01:00
parent f54a947855
commit 0815780b1f
8 changed files with 288 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -148,7 +148,8 @@
buildInputs = [ buildInputs = [
inputs.agenix.packages.${system}.agenix inputs.agenix.packages.${system}.agenix
inputs.deploy-rs.packages.${system}.deploy-rs inputs.deploy-rs.packages.${system}.deploy-rs
] ++ self.checks.${system}.pre-commit-check.enabledPackages; ]
++ self.checks.${system}.pre-commit-check.enabledPackages;
}; };
}); });

43
hosts/library/nginx.nix
View File

@@ -42,16 +42,14 @@
]; ];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:8081"; proxyPass = "http://localhost:8081";
extraConfig = extraConfig = proxyConfig + ''
proxyConfig # Disable proxy buffering for better streaming response from models
+ '' proxy_buffering off;
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages # Increase max request size for large attachments and long audio messages
client_max_body_size 20M; client_max_body_size 20M;
proxy_read_timeout 10m; proxy_read_timeout 10m;
''; '';
}; };
}; };
"jellyfin.vimium.com" = { "jellyfin.vimium.com" = {
@@ -63,21 +61,20 @@
} }
]; ];
locations."/" = { locations."/" = {
extraConfig = extraConfig = ''
'' # Proxy JellySearch first
# Proxy JellySearch first if ($arg_searchTerm) {
if ($arg_searchTerm) { proxy_pass http://localhost:5000;
proxy_pass http://localhost:5000; break;
break; }
}
proxy_pass http://localhost:8096; proxy_pass http://localhost:8096;
'' ''
+ proxyConfig + proxyConfig
+ '' + ''
proxy_set_header Range $http_range; proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range; proxy_set_header If-Range $http_if_range;
''; '';
}; };
locations."/metrics" = { locations."/metrics" = {
return = "404"; return = "404";

39
hosts/vps1/coturn.nix
View File

@@ -40,26 +40,25 @@ in
}; };
}; };
age.secrets = age.secrets = {
{ "passwords/services/coturn/static-auth-secret" = {
"passwords/services/coturn/static-auth-secret" = { file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; owner = "turnserver";
owner = "turnserver"; group = "turnserver";
group = "turnserver"; };
}; }
} // (
// ( if matrixIntegration then
if matrixIntegration then {
{ "passwords/services/coturn/matrix-turn-config.yml" = {
"passwords/services/coturn/matrix-turn-config.yml" = { file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; owner = "matrix-synapse";
owner = "matrix-synapse"; group = "matrix-synapse";
group = "matrix-synapse"; };
}; }
} else
else { }
{ } );
);
services.coturn = { services.coturn = {
enable = true; enable = true;

210
hosts/vps1/matrix.nix
View File

@@ -63,96 +63,95 @@ in
}; };
}; };
services.nginx.virtualHosts = services.nginx.virtualHosts = {
{ "${matrixSubdomain}" = {
"${matrixSubdomain}" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; listen = [
listen = [ {
{ addr = "0.0.0.0";
addr = "0.0.0.0"; port = 443;
port = 443; ssl = true;
ssl = true; }
} {
{ addr = "0.0.0.0";
addr = "0.0.0.0"; port = 80;
port = 80; }
} {
{ addr = "0.0.0.0";
addr = "0.0.0.0"; port = 8448;
port = 8448; ssl = true;
ssl = true; }
} {
{ addr = "[::1]";
addr = "[::1]"; port = 443;
port = 443; ssl = true;
ssl = true; }
} {
{ addr = "[::1]";
addr = "[::1]"; port = 80;
port = 80; }
} {
{ addr = "[::1]";
addr = "[::1]"; port = 8448;
port = 8448; ssl = true;
ssl = true; }
} ];
]; locations = {
locations = { "/" = {
"/" = { proxyPass = "http://localhost:8008";
proxyPass = "http://localhost:8008"; extraConfig = ''
extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${serverName}" =
let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
''; '';
in
{
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
}; };
} "/_matrix" = {
// ( proxyPass = "http://localhost:8008";
if useElement then extraConfig = ''
{ proxy_set_header X-Forwarded-For $remote_addr;
"${elementSubdomain}" = { client_max_body_size 50M;
forceSSL = true; '';
enableACME = true; };
root = pkgs.unstable.element-web.override { "/_synapse/client".proxyPass = "http://localhost:8008";
conf = { };
default_server_config = matrixClientConfig; };
brand = "Vimium Chat"; "${serverName}" =
branding = { let
auth_header_logo_url = "https://vimium.com/images/logo.svg"; mkWellKnown = data: ''
auth_footer_links = [ more_set_headers 'Content-Type: application/json';
{ return 200 '${builtins.toJSON data}';
"text" = "Vimium.com"; '';
"url" = "https://vimium.com"; in
} {
]; locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
}; locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
}
// (
if useElement then
{
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{
"text" = "Vimium.com";
"url" = "https://vimium.com";
}
];
}; };
}; };
}; };
} };
else }
{ } else
); { }
);
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043" "jitsi-meet-1.0.8043"
@@ -176,27 +175,25 @@ in
); );
services.postgresql = lib.mkIf usePostgresql { services.postgresql = lib.mkIf usePostgresql {
ensureUsers = ensureUsers = [
[ {
{ name = "matrix-synapse";
name = "matrix-synapse";
ensureDBOwnership = true;
}
]
++ (lib.optional bridges.signal {
name = "mautrix-signal";
ensureDBOwnership = true; ensureDBOwnership = true;
}) }
++ (lib.optional bridges.whatsapp { ]
name = "mautrix-whatsapp"; ++ (lib.optional bridges.signal {
ensureDBOwnership = true; name = "mautrix-signal";
}); ensureDBOwnership = true;
ensureDatabases = })
[ ++ (lib.optional bridges.whatsapp {
"matrix-synapse" name = "mautrix-whatsapp";
] ensureDBOwnership = true;
++ (lib.optional bridges.signal "mautrix-signal") });
++ (lib.optional bridges.whatsapp "mautrix-whatsapp"); ensureDatabases = [
"matrix-synapse"
]
++ (lib.optional bridges.signal "mautrix-signal")
++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
}; };
services.mautrix-signal = lib.mkIf bridges.signal { services.mautrix-signal = lib.mkIf bridges.signal {
@@ -216,6 +213,7 @@ in
}; };
mute_bridging = true; mute_bridging = true;
}; };
} // commonBridgeSettings "mautrix-whatsapp"; }
// commonBridgeSettings "mautrix-whatsapp";
}; };
} }

231
hosts/vps1/nginx.nix
View File

@@ -82,126 +82,125 @@ in
maxSize = "100m"; maxSize = "100m";
}; };
}; };
virtualHosts = virtualHosts = {
{ ## Static sites
## Static sites "chat.ai.vimium.com" = {
"chat.ai.vimium.com" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; extraConfig = nginxErrorPages + nginxEdgeHeaders;
extraConfig = nginxErrorPages + nginxEdgeHeaders; locations."/" = {
locations."/" = { proxyPass = "http://localhost:8001";
proxyPass = "http://localhost:8001";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
};
};
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam" = {
root = "/var/www/jdholt.com";
};
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:1984";
resolver 100.100.100.100;
proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = '' extraConfig = ''
${nginxErrorPages} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
more_set_headers 'Server: Vimium'; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
''; '';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
}; };
"suhailhussain.com" = { };
forceSSL = true; "jellyfin.vimium.com" = {
enableACME = true; forceSSL = true;
serverAliases = [ "www.suhailhussain.com" ]; enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = { locations."/" = {
root = "/var/www/suhailhussain.com"; proxyPass = "http://localhost:8000";
}; extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
}; };
"vimium.com" = { };
default = true; "jdholt.com" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
serverAliases = [ "www.vimium.com" ]; serverAliases = [ "www.jdholt.com" ];
extraConfig = extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
nginxErrorPages locations."/skycam" = {
+ nginxEdgeHeaders root = "/var/www/jdholt.com";
+ nginxStrictHeaders
+ ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
}; };
} locations."/skycam/snapshot.jpg" = {
## Redirects extraConfig = ''
// (mkRedirect "h0lt.com" "jdholt.com") set $backend "skycam.mesh.vimium.net:1984";
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com") resolver 100.100.100.100;
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com") proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
// (mkRedirect "vimium.co" "vimium.com") proxy_cache skycam_cache;
// (mkRedirect "vimium.co.uk" "vimium.com") proxy_cache_valid any 10s;
// (mkRedirect "vimium.info" "vimium.com") proxy_ignore_headers Cache-Control Expires Set-Cookie;
// (mkRedirect "vimium.net" "vimium.com") '';
// (mkRedirect "vimium.org" "vimium.com") };
// (mkRedirect "vimium.xyz" "vimium.com"); locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig =
nginxErrorPages
+ nginxEdgeHeaders
+ nginxStrictHeaders
+ ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
}; };
} }

8
pkgs/libcamera-rpi/package.nix
View File

@@ -24,11 +24,9 @@ libcamera.overrideAttrs (old: {
./patches/libcamera-no-timeout.patch ./patches/libcamera-no-timeout.patch
]; ];
postPatch = postPatch = old.postPatch + ''
old.postPatch patchShebangs src/py/libcamera
+ '' '';
patchShebangs src/py/libcamera
'';
preBuild = '' preBuild = ''
ninja src/ipa-priv-key.pem ninja src/ipa-priv-key.pem

47
users/jordan/common/optional/graphical/hyprland/default.nix
View File

@@ -20,30 +20,29 @@ let
concatMapAttrsStringSep = concatMapAttrsStringSep =
sep: f: attrs: sep: f: attrs:
concatStringsSep sep (attrValues (mapAttrs f attrs)); concatStringsSep sep (attrValues (mapAttrs f attrs));
globalVariables = globalVariables = {
{ _JAVA_AWT_WM_NONREPARENTING = "1";
_JAVA_AWT_WM_NONREPARENTING = "1"; GDK_BACKEND = "wayland";
GDK_BACKEND = "wayland"; MOZ_ENABLE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1"; NIXOS_OZONE_WL = "1";
NIXOS_OZONE_WL = "1"; QT_QPA_PLATFORM = "wayland";
QT_QPA_PLATFORM = "wayland"; QT_STYLE_OVERRIDE = "kvantum";
QT_STYLE_OVERRIDE = "kvantum"; QT_WAYLAND_DECORATION = "adwaita";
QT_WAYLAND_DECORATION = "adwaita"; QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; SDL_VIDEODRIVER = "wayland";
SDL_VIDEODRIVER = "wayland"; XDG_SESSION_TYPE = "wayland";
XDG_SESSION_TYPE = "wayland"; }
} // (
// ( if elem "nvidia" osConfig.services.xserver.videoDrivers then
if elem "nvidia" osConfig.services.xserver.videoDrivers then {
{ GBM_BACKEND = "nvidia-drm";
GBM_BACKEND = "nvidia-drm"; GSK_RENDERER =
GSK_RENDERER = if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan";
if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan"; LIBVA_DRIVER_NAME = "nvidia";
LIBVA_DRIVER_NAME = "nvidia"; }
} else
else { }
{ } );
);
hyprVariables = { hyprVariables = {
AQ_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1"; AQ_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1";
}; };

3
users/jordan/default.nix
View File

@@ -42,7 +42,8 @@ in
./common/pass.nix ./common/pass.nix
./common/shell.nix ./common/shell.nix
./common/ssh.nix ./common/ssh.nix
] ++ optional (builtins.pathExists hostFile) hostFile; ]
++ optional (builtins.pathExists hostFile) hostFile;
home = { home = {
username = name; username = name;