jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:0316e1c845bd0099e92d955c9b31f1e7f2e48b2d
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:zitadel
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

5 Commits
0316e1c845 ... zitadel

Author SHA1 Message Date
Jordan Holt
ec51278987 Fix zitadel config 2024-08-11 22:27:14 +01:00
Jordan Holt
1250683996 Add zitadel config 2024-08-11 17:06:17 +01:00
Jordan Holt
bbb7548659 flake.lock: Update 
Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=b47efe67031e12a2d5560b94fdb4de7dca3df80c' (2024-08-11)
 2024-08-11 15:07:10 +01:00
Jordan Holt
8216088c46 Split overlays into directories 2024-08-11 14:30:55 +01:00
Jordan Holt
d05d353ee7 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/3f1dae074a12feb7327b4bf43cbac0d124488bb7' (2024-07-30)
  → 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/107bb46eef1f05e86fc485ee8af9b637e5157988' (2024-08-08)
  → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/21cc704b5e918c5fbf4f9fff22b4ac2681706d90' (2024-08-06)
  → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
  → 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09)
• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=dfe0e95be5ef539bf28602ff47beeea26cc4d1b8' (2024-08-03)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
 2024-08-11 13:10:27 +01:00
18 changed files with 146 additions and 193 deletions
Expand all files Collapse all files

98
flake.lock generated
View File

@@ -66,11 +66,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1727447169, "lastModified": 1718194053,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -87,11 +87,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728330715, "lastModified": 1722113426,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -107,11 +107,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730675461, "lastModified": 1723080788,
"narHash": "sha256-Mhqz3p/HEiI/zxBJWO57LYQf6gGlJB0tci6fiVXLjd8=", "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "380847d94ff0fedee8b50ee4baddb162c06678df", "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -123,11 +123,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1730674701, "lastModified": 1723137499,
"narHash": "sha256-lf9MQs8+NUvQd8b5t+7c4kLqUQixGO9WwWcLa1XYuiQ=", "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "823756d8ddd21cfd3a24a87dad402e490e0eb5ee", "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -206,11 +206,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730504689, "lastModified": 1722555600,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90", "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -233,11 +233,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730302582, "lastModified": 1722857853,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -313,11 +313,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1720042825,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -335,11 +335,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1720042825,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -373,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730448474, "lastModified": 1722924007,
"narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=", "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e", "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -388,11 +388,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1730537918, "lastModified": 1723310128,
"narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -459,11 +459,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1723175592,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -490,11 +490,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1730327045, "lastModified": 1723282977,
"narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "080166c15633801df010977d9d7474b4a6c549d7", "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -517,11 +517,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1730550779, "lastModified": 1722925293,
"narHash": "sha256-2stntmqw/GBOVEoPV4oCLHZljpeSBfZn8wkcJpei+ng=", "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "91c06026075f08a3c865fdc46cc6db8e2af35a1e", "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -541,11 +541,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730635861, "lastModified": 1723232379,
"narHash": "sha256-Npp3pl9aeAiq+wZPDbw2ZxybNuZWyuN7AY6fik56DCo=", "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "293668587937daae1df085ee36d2b2d0792b7a0f", "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -576,11 +576,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1730732927, "lastModified": 1723385164,
"narHash": "sha256-t3MTEgi6O7DMxMjdi3xcTAztLDQmEtqQ+oU+ZbWz2AI=", "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "4ae2ac777c38f60a29384b70c456f41847cdf1b5", "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c",
"revCount": 28, "revCount": 24,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },
@@ -658,11 +658,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730321837, "lastModified": 1722330636,
"narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
flake.nix
View File

@@ -112,12 +112,7 @@
magicRollback = true; magicRollback = true;
autoRollback = true; autoRollback = true;
sshUser = "root"; sshUser = "root";
nodes = lib.genAttrs [ nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
"mail"
# "pi"
# "skycam"
"vps1"
] mkDeployNode;
}; };
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

4
hosts/desktop.nix
View File

@@ -6,10 +6,10 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ../overlays/gnome.nix) (import ../overlays/gnome)
]; ];
services.printing.enable = false; services.printing.enable = true;
services.openssh.startWhenNeeded = true; services.openssh.startWhenNeeded = true;
sound.enable = true; sound.enable = true;

7
hosts/eos/hardware-configuration.nix
View File

@@ -7,12 +7,11 @@
boot = { boot = {
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ]; initrd.supportedFilesystems = [ "zfs" ];
kernel.sysctl = { kernelModules = [ ];
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelParams = [ "elevator=none" ]; kernelParams = [ "elevator=none" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
}; };

4
hosts/hypnos/hardware-configuration.nix
View File

@@ -7,10 +7,6 @@
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernel.sysctl = {
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelModules = [ "applesmc" "kvm-intel" "wl" ]; kernelModules = [ "applesmc" "kvm-intel" "wl" ];
extraModulePackages = [ extraModulePackages = [
config.boot.kernelPackages.broadcom_sta config.boot.kernelPackages.broadcom_sta

2
hosts/skycam/default.nix
View File

@@ -55,7 +55,7 @@
''; '';
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ./../../overlays/libcamera.nix) (import ./../../overlays/libcamera)
]; ];
networking = { networking = {

102
hosts/vps1/default.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, lib, self, ... }:
{ {
imports = [ imports = [
@@ -37,44 +37,91 @@
groups = { groups = {
jellyfin = { }; jellyfin = { };
}; };
extraGroups.acme.members = [ "kanidm" "nginx" ];
}; };
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.certs."auth.vimium.com" = { services.postgresql = {
postRun = "systemctl restart kanidm.service"; ensureUsers = [
group = "acme"; {
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
};
}
];
ensureDatabases = [ "zitadel" ];
}; };
services.kanidm = let age.secrets."files/services/zitadel/masterkey" = {
baseDomain = "vimium.com"; file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
domain = "auth.${baseDomain}"; owner = "zitadel";
uri = "https://${domain}"; group = "zitadel";
in {
package = pkgs.unstable.kanidm;
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
}; };
serverSettings = {
bindaddress = "[::1]:3013"; systemd.services.zitadel = {
ldapbindaddress = "[::1]:636"; requires = [ "postgresql.service" ];
domain = baseDomain; after = [ "postgresql.service" ];
origin = uri; };
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem"; services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
settings = {
Database.postgres = {
Host = "/run/postgresql";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
ExistingDatabase = "zitadel";
Username = "zitadel";
SSL.Mode = "disable";
};
};
ExternalDomain = "id.vimium.com";
ExternalPort = 443;
ExternalSecure = true;
Machine = {
Identification = {
Hostname.Enabled = true;
PrivateIp.Enabled = false;
Webhook.Enabled = false;
};
};
Port = 8081;
WebAuthNName = "Vimium";
};
steps.FirstInstance = {
InstanceName = "Vimium";
Org.Name = "Vimium";
Org.Human = {
UserName = "jordan@vimium.com";
FirstName = "Jordan";
LastName = "Holt";
Email = {
Address = "jordan@vimium.com";
Verified = true;
};
Password = "Password1!";
PasswordChangeRequired = true;
};
LoginPolicy.AllowRegister = false;
}; };
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts."id.vimium.com" = {
"auth.vimium.com" = { enableACME = true;
useACMEHost = "auth.vimium.com";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "https://[::1]:3013"; extraConfig = ''
}; grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
grpc_set_header Host $host:$server_port;
'';
}; };
}; };
@@ -104,7 +151,6 @@
whatsapp = true; whatsapp = true;
}; };
usePostgresql = databases.postgresql.enable; usePostgresql = databases.postgresql.enable;
slidingSync.enable = true;
}; };
nginx.enable = true; nginx.enable = true;
photoprism.enable = true; photoprism.enable = true;

1
modules/databases/postgresql.nix
View File

@@ -17,6 +17,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableJIT = true;
initdbArgs = [ initdbArgs = [
"--allow-group-access" "--allow-group-access"
"--encoding=UTF8" "--encoding=UTF8"

1
modules/default.nix
View File

@@ -32,7 +32,6 @@
./editors/neovim ./editors/neovim
./editors/vscode.nix ./editors/vscode.nix
./hardware/presonus-studio.nix ./hardware/presonus-studio.nix
./networking/netbird.nix
./networking/tailscale.nix ./networking/tailscale.nix
./networking/wireless.nix ./networking/wireless.nix
./security/gpg.nix ./security/gpg.nix

6
modules/desktop/gnome.nix
View File

@@ -77,6 +77,7 @@ in {
"appindicatorsupport@rgcjonas.gmail.com" "appindicatorsupport@rgcjonas.gmail.com"
# "arcmenu@arcmenu.com" # "arcmenu@arcmenu.com"
"blur-my-shell@aunetx" "blur-my-shell@aunetx"
# "browser-tabs@com.github.harshadgavali"
"burn-my-windows@schneegans.github.com" "burn-my-windows@schneegans.github.com"
"clipboard-indicator@tudmotu.com" "clipboard-indicator@tudmotu.com"
"CoverflowAltTab@palatis.blogspot.com" "CoverflowAltTab@palatis.blogspot.com"
@@ -88,13 +89,14 @@ in {
# "forge@jmmaranan.com" # "forge@jmmaranan.com"
"gsconnect@andyholmes.github.io" "gsconnect@andyholmes.github.io"
# "gSnap@micahosborne" # "gSnap@micahosborne"
"hidetopbar@mathieu.bidon.ca" # "hidetopbar@mathieu.bidon.ca"
"just-perfection-desktop@just-perfection" "just-perfection-desktop@just-perfection"
# "mediacontrols@cliffniff.github.com" # "mediacontrols@cliffniff.github.com"
# "mousefollowsfocus@matthes.biz" # "mousefollowsfocus@matthes.biz"
# "pano@elhan.io" # "pano@elhan.io"
# "paperwm@hedning:matrix.org" # "paperwm@hedning:matrix.org"
"pip-on-top@rafostar.github.com" "pip-on-top@rafostar.github.com"
# "rounded-window-corners@yilozt"
# "search-light@icedman.github.com" # "search-light@icedman.github.com"
# "smart-auto-move@khimaros.com" # "smart-auto-move@khimaros.com"
"space-bar@luchrioh" "space-bar@luchrioh"
@@ -248,6 +250,7 @@ in {
gnomeExtensions.appindicator gnomeExtensions.appindicator
gnomeExtensions.arcmenu gnomeExtensions.arcmenu
gnomeExtensions.blur-my-shell gnomeExtensions.blur-my-shell
gnomeExtensions.browser-tabs
gnomeExtensions.burn-my-windows gnomeExtensions.burn-my-windows
gnomeExtensions.clipboard-indicator gnomeExtensions.clipboard-indicator
gnomeExtensions.coverflow-alt-tab gnomeExtensions.coverflow-alt-tab
@@ -266,6 +269,7 @@ in {
gnomeExtensions.pano gnomeExtensions.pano
gnomeExtensions.paperwm gnomeExtensions.paperwm
gnomeExtensions.pip-on-top gnomeExtensions.pip-on-top
gnomeExtensions.rounded-window-corners
gnomeExtensions.search-light gnomeExtensions.search-light
gnomeExtensions.smart-auto-move gnomeExtensions.smart-auto-move
gnomeExtensions.space-bar gnomeExtensions.space-bar

70
modules/networking/netbird.nix
View File

@@ -1,70 +0,0 @@
{ config, lib, self, ... }:
let
cfg = config.modules.networking.netbird;
hostname = config.networking.hostName;
in {
options.modules.networking.netbird = {
enable = lib.mkEnableOption "netbird";
coordinatorDomain = lib.mkOption {
type = lib.types.str;
default = "netbird.vimium.net";
};
meshDomain = lib.mkOption {
type = lib.types.str;
default = "mesh.vimium.net";
};
};
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/netbird/data-store-encryption-key" = {
file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
};
services.netbird = {
enable = true;
};
services.netbird.server = {
domain = cfg.coordinatorDomain;
enable = true;
enableNginx = true;
dashboard.settings = {
AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
};
management = rec {
disableAnonymousMetrics = true;
dnsDomain = cfg.meshDomain;
oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
DataStoreEncryptionKey = {
_secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
};
HttpConfig = {
AuthAudience = "netbird";
};
StoreConfig = { Engine = "sqlite"; };
TURNConfig = {
Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
TimeBasedCredentials = true;
};
PKCEAuthorizationFlow.ProviderConfig = {
AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
TokenEndpoint = "https://auth.vimium.com/oauth2/token";
};
};
singleAccountModeDomain = dnsDomain;
turnDomain = config.services.coturn.realm;
turnPort = config.services.coturn.listening-port;
};
};
systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
systemd.services.netbird-management.serviceConfig.RestartSec = "60";
services.nginx.virtualHosts."netbird.vimium.net" = {
enableACME = true;
forceSSL = true;
};
};
}

16
modules/services/headscale/default.nix
View File

@@ -1,17 +1,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.modules.services.headscale; cfg = config.modules.services.headscale;
fqdn = "headscale.vimium.net"; fqdn = "headscale.vimium.net";
in { in {
options.modules.services.headscale = { options.modules.services.headscale = {
enable = lib.mkOption { enable = mkOption {
default = false; default = false;
example = true; example = true;
}; };
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.headscale ]; environment.systemPackages = [ pkgs.headscale ];
services.headscale = { services.headscale = {
@@ -20,16 +22,10 @@ in {
port = 8080; port = 8080;
settings = { settings = {
acl_policy_path = null;
ip_prefixes = [ ip_prefixes = [
"100.64.0.0/10" "100.64.0.0/10"
]; ];
server_url = "https://${fqdn}"; server_url = "https://${fqdn}";
derp = {
auto_update_enable = false;
update_frequency = "24h";
urls = [];
};
dns_config = { dns_config = {
base_domain = "vimium.net"; base_domain = "vimium.net";
extra_records = [ extra_records = [
@@ -44,10 +40,6 @@ in {
value = "100.64.0.7"; value = "100.64.0.7";
} }
]; ];
magic_dns = true;
nameservers = [
"9.9.9.9"
];
}; };
logtail.enabled = false; logtail.enabled = false;
}; };

7
modules/services/matrix/default.nix
View File

@@ -136,7 +136,7 @@ in {
"/_synapse/client".proxyPass = "http://localhost:8008"; "/_synapse/client".proxyPass = "http://localhost:8008";
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable { "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable {
priority = 100; priority = 100;
proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; proxyPass = "http://localhost:8009";
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
''; '';
@@ -171,11 +171,6 @@ in {
}; };
} else {}); } else {});
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
enableRegistrationScript = true; enableRegistrationScript = true;

6
modules/services/nginx/default.nix
View File

@@ -118,12 +118,8 @@ in {
serverAliases = [ "www.jdholt.com" ]; serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = { locations."/skycam/snapshot.jpg" = {
proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
extraConfig = '' extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
resolver 100.100.100.100;
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache; proxy_cache skycam_cache;
proxy_cache_valid any 10s; proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_ignore_headers Cache-Control Expires Set-Cookie;

2
overlays/gnome.nix → overlays/gnome/default.nix
View File

@@ -4,7 +4,7 @@ final: prev:
mutter = gsuper.mutter.overrideAttrs (oldAttrs: { mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
src = prev.fetchurl { src = prev.fetchurl {
url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz"; url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
sha256 = "9MVb53tcOTkcXJ025bF2kX1+fGSfffliA43q00x2c/Y="; sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
}; };
}); });
}); });

0
overlays/0001-Ignore-IPA-signing.patch → overlays/libcamera/0001-Ignore-IPA-signing.patch
View File

0
overlays/0001-Remove-relative-config-lookups.patch → overlays/libcamera/0001-Remove-relative-config-lookups.patch
View File

0
overlays/libcamera.nix → overlays/libcamera/default.nix
View File