Compare commits
	
		
			87 Commits
		
	
	
		
			816c40ac68
			...
			zitadel
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| ec51278987 | |||
| 1250683996 | |||
| bbb7548659 | |||
| 8216088c46 | |||
| d05d353ee7 | |||
| b74bfc9683 | |||
| 19dbe4c226 | |||
| a0bb510d8d | |||
| fdfacc0f97 | |||
| 6eed6303f2 | |||
| 1cb6482106 | |||
| 3323f930d3 | |||
| 37d56b613e | |||
| 6205824c0d | |||
| b613c266ed | |||
| c9fa49b24d | |||
| 064f180528 | |||
| 3f36be6cb7 | |||
| ab23bb3b76 | |||
| 533397fc21 | |||
| 7943e063c2 | |||
| 91d66003aa | |||
| ecf34dbc89 | |||
| 08c9a6ae19 | |||
| 0c564903ab | |||
| ad9f4e52ef | |||
| ccc8ae2a4a | |||
| a96d5a9aeb | |||
| d57d70bbbf | |||
| 9af880b03c | |||
| c6222c90f4 | |||
| e74656a175 | |||
| 21feab0889 | |||
| be105b8565 | |||
| 5903eb650a | |||
| c5f796f1ba | |||
| 127ef6353c | |||
| 6dcd2b0139 | |||
| f42442dd0e | |||
| c589766673 | |||
| 24f943410a | |||
| 721b6e0ab8 | |||
| eb76d8a6e2 | |||
| a8d7b6f335 | |||
| 1b4363af87 | |||
| c7b5684065 | |||
| 0eca54ea4a | |||
| ef3b98bbd6 | |||
| bdf6e21b7d | |||
| ba769a2df8 | |||
| 4e07ca25aa | |||
| 4efc433766 | |||
| 10e55f4ee4 | |||
| 314129496d | |||
| 41b40d7b6a | |||
| c25405ccbf | |||
| 296da660c0 | |||
| 9d57be94c6 | |||
| abfb24ca21 | |||
| 2f8f03faf8 | |||
| ddaa465004 | |||
| 7ae65a4f88 | |||
| c17ee693dc | |||
| 151d60f329 | |||
| 430ada2e9e | |||
| 232799c308 | |||
| 24a8937c67 | |||
| 8a62d11409 | |||
| e82d1cac63 | |||
| 734359da5b | |||
| 10b6622997 | |||
| 48a3ec34db | |||
| 0658b89565 | |||
| 6e76c71c1f | |||
| f508b33f8d | |||
| c779c51caf | |||
| 7f7f133bbf | |||
| 832c1bbd08 | |||
| 31c747812e | |||
| 162e7bc114 | |||
| 8504c06610 | |||
| 8505cd07a9 | |||
| 5f4ca804f4 | |||
| 8e9bdc60f1 | |||
| 7cb6beeaf1 | |||
| 39e424edd1 | |||
| 5013b46ef1 | 
							
								
								
									
										126
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										126
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -8,11 +8,11 @@ | ||||
|         "systems": "systems" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1718371084, | ||||
|         "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", | ||||
|         "lastModified": 1723293904, | ||||
|         "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", | ||||
|         "owner": "ryantm", | ||||
|         "repo": "agenix", | ||||
|         "rev": "3a56735779db467538fb2e577eda28a9daacaca6", | ||||
|         "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -81,18 +81,17 @@ | ||||
|     }, | ||||
|     "devshell": { | ||||
|       "inputs": { | ||||
|         "flake-utils": "flake-utils", | ||||
|         "nixpkgs": [ | ||||
|           "nixvim", | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1717408969, | ||||
|         "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", | ||||
|         "lastModified": 1722113426, | ||||
|         "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "devshell", | ||||
|         "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", | ||||
|         "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -108,11 +107,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1720056646, | ||||
|         "narHash": "sha256-BymcV4HWtx2VFuabDCM4/nEJcfivCx0S02wUCz11mAY=", | ||||
|         "lastModified": 1723080788, | ||||
|         "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "disko", | ||||
|         "rev": "64679cd7f318c9b6595902b47d4585b1d51d5f9e", | ||||
|         "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -124,11 +123,11 @@ | ||||
|     "firefox-gnome-theme": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1719758591, | ||||
|         "narHash": "sha256-3DE/UnxJxRWjtWPZuuiT3TIG7HrHf+srpmiCTFkrAQs=", | ||||
|         "lastModified": 1723137499, | ||||
|         "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=", | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "firefox-gnome-theme", | ||||
|         "rev": "8fb5267c5b3434f76983e29749aba7cd636e03ca", | ||||
|         "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -207,11 +206,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1719994518, | ||||
|         "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", | ||||
|         "lastModified": 1722555600, | ||||
|         "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", | ||||
|         "owner": "hercules-ci", | ||||
|         "repo": "flake-parts", | ||||
|         "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", | ||||
|         "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -220,24 +219,6 @@ | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "flake-utils": { | ||||
|       "inputs": { | ||||
|         "systems": "systems_4" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1701680307, | ||||
|         "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "numtide", | ||||
|         "repo": "flake-utils", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "git-hooks": { | ||||
|       "inputs": { | ||||
|         "flake-compat": "flake-compat_4", | ||||
| @@ -252,11 +233,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1719259945, | ||||
|         "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", | ||||
|         "lastModified": 1722857853, | ||||
|         "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", | ||||
|         "owner": "cachix", | ||||
|         "repo": "git-hooks.nix", | ||||
|         "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", | ||||
|         "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -392,11 +373,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1719845423, | ||||
|         "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", | ||||
|         "lastModified": 1722924007, | ||||
|         "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=", | ||||
|         "owner": "lnl7", | ||||
|         "repo": "nix-darwin", | ||||
|         "rev": "ec12b88104d6c117871fad55e931addac4626756", | ||||
|         "rev": "91010a5613ffd7ee23ee9263213157a1c422b705", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -407,11 +388,11 @@ | ||||
|     }, | ||||
|     "nixos-hardware": { | ||||
|       "locked": { | ||||
|         "lastModified": 1719895800, | ||||
|         "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", | ||||
|         "lastModified": 1723310128, | ||||
|         "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixos-hardware", | ||||
|         "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", | ||||
|         "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -478,11 +459,11 @@ | ||||
|     }, | ||||
|     "nixpkgs-unstable": { | ||||
|       "locked": { | ||||
|         "lastModified": 1720031269, | ||||
|         "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", | ||||
|         "lastModified": 1723175592, | ||||
|         "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", | ||||
|         "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -509,11 +490,11 @@ | ||||
|     }, | ||||
|     "nixpkgs_3": { | ||||
|       "locked": { | ||||
|         "lastModified": 1720244366, | ||||
|         "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", | ||||
|         "lastModified": 1723282977, | ||||
|         "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", | ||||
|         "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -536,11 +517,11 @@ | ||||
|         "treefmt-nix": "treefmt-nix" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1720296628, | ||||
|         "narHash": "sha256-v42XPTrP7oJSAFhn9zJVvPc1DbPVW/Id6J8/eKCY9oo=", | ||||
|         "lastModified": 1722925293, | ||||
|         "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "nixvim", | ||||
|         "rev": "a53fa82a0564d3fe94a89c1dd53b703c3c67d1cd", | ||||
|         "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -560,11 +541,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1720351283, | ||||
|         "narHash": "sha256-6fJQuujPiYwgfTckITfnqKMFRCEE3j+ERLr1M+vvt/M=", | ||||
|         "lastModified": 1723232379, | ||||
|         "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "plasma-manager", | ||||
|         "rev": "14a12e744c9a6f420598c306869ebad8071e99d1", | ||||
|         "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -595,11 +576,11 @@ | ||||
|     "secrets": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1717248946, | ||||
|         "narHash": "sha256-8dFjsjkTbKClYK5Bg1KKdMx5wrp5AOTLsu3Jv9otoVw=", | ||||
|         "lastModified": 1723385164, | ||||
|         "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=", | ||||
|         "ref": "refs/heads/master", | ||||
|         "rev": "bff76a71201dda856c91dc5b5bdc3859f53c29f2", | ||||
|         "revCount": 20, | ||||
|         "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c", | ||||
|         "revCount": 24, | ||||
|         "type": "git", | ||||
|         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" | ||||
|       }, | ||||
| @@ -653,29 +634,14 @@ | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "systems_4": { | ||||
|       "locked": { | ||||
|         "lastModified": 1681028828, | ||||
|         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-systems", | ||||
|         "repo": "default", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "thunderbird-gnome-theme": { | ||||
|       "flake": false, | ||||
|       "locked": { | ||||
|         "lastModified": 1710774977, | ||||
|         "narHash": "sha256-nQBz2PW3YF3+RTflPzDoAcs6vH1PTozESIYUGAwvSdA=", | ||||
|         "lastModified": 1721874544, | ||||
|         "narHash": "sha256-BHW9jlx92CsHY84FT0ce5Vxl0KFheLhNn2vndcIf7no=", | ||||
|         "owner": "rafaelmardojai", | ||||
|         "repo": "thunderbird-gnome-theme", | ||||
|         "rev": "65d5c03fc9172d549a3ea72fd366d544981a002b", | ||||
|         "rev": "628fcccb7788e3e0ad34f67114f563c87ac8c1dc", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -692,11 +658,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1719887753, | ||||
|         "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", | ||||
|         "lastModified": 1722330636, | ||||
|         "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", | ||||
|         "owner": "numtide", | ||||
|         "repo": "treefmt-nix", | ||||
|         "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", | ||||
|         "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|   | ||||
							
								
								
									
										130
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										130
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -51,65 +51,60 @@ | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, ... }: | ||||
|   outputs = inputs @ { self, nixpkgs, ... }: | ||||
|     let | ||||
|       mkPkgsForSystem = system: inputs.nixpkgs; | ||||
|       overlays = [ | ||||
|         agenix.overlays.default | ||||
|         (import ./overlays/gnome.nix) | ||||
|         ( | ||||
|           final: prev: { | ||||
|             unstable = import inputs.nixpkgs-unstable { system = final.system; }; | ||||
|             custom = self.packages { system = final.system; }; | ||||
|       inherit (nixpkgs) lib; | ||||
|  | ||||
|       domain = "mesh.vimium.net"; | ||||
|       forEverySystem = lib.getAttrs lib.systems.flakeExposed; | ||||
|       forEachSystem = lib.genAttrs [ | ||||
|         "x86_64-linux" | ||||
|         "aarch64-linux" | ||||
|       ]; | ||||
|       mkDeployNode = hostName: { | ||||
|         hostname = "${hostName}.${domain}"; | ||||
|  | ||||
|         profiles.system = { | ||||
|           user = "root"; | ||||
|           path = inputs.deploy-rs.lib.${self.nixosConfigurations.${hostName}.config.system.build.toplevel.system}.activate.nixos self.nixosConfigurations.${hostName}; | ||||
|         }; | ||||
|       }; | ||||
|     in | ||||
|     { | ||||
|       overlays = lib.packagesFromDirectoryRecursive { | ||||
|         callPackage = path: overrides: import path; | ||||
|         directory = ./overlays; | ||||
|       }; | ||||
|  | ||||
|       legacyPackages = forEachSystem (system: | ||||
|         lib.packagesFromDirectoryRecursive { | ||||
|           callPackage = nixpkgs.legacyPackages.${system}.callPackage; | ||||
|           directory = ./pkgs; | ||||
|         }); | ||||
|  | ||||
|       nixosConfigurations = lib.pipe ./hosts [ | ||||
|         builtins.readDir | ||||
|         (lib.filterAttrs (name: value: value == "directory")) | ||||
|         (lib.mapAttrs (name: value: | ||||
|           lib.nixosSystem { | ||||
|             specialArgs = { inherit self; }; | ||||
|  | ||||
|             modules = [ | ||||
|               { | ||||
|                 networking = { | ||||
|                   inherit domain; | ||||
|                   hostName = name; | ||||
|                 }; | ||||
|               } | ||||
|         ) | ||||
|       ]; | ||||
|       commonModules = [ | ||||
|         agenix.nixosModules.age | ||||
|         disko.nixosModules.disko | ||||
|         nixos-mailserver.nixosModule | ||||
|         home-manager.nixosModule | ||||
|         ./modules | ||||
|       ]; | ||||
|       mkNixosSystem = { system, name, extraModules ? [] }: | ||||
|         let | ||||
|           nixpkgs = mkPkgsForSystem system; | ||||
|           lib = (import nixpkgs { inherit overlays system; }).lib; | ||||
|         in | ||||
|         inputs.nixpkgs.lib.nixosSystem { | ||||
|           inherit lib system; | ||||
|           specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; }; | ||||
|           baseModules = import (nixpkgs + "/nixos/modules/module-list.nix"); | ||||
|           modules = commonModules ++ [ | ||||
|             ({ config, ... }: | ||||
|               { | ||||
|                 nixpkgs.pkgs = import nixpkgs { | ||||
|                   inherit overlays system; | ||||
|                   config.allowUnfree = true; | ||||
|                   config.nvidia.acceptLicense = true; | ||||
|                 }; | ||||
|                 networking.hostName = name; | ||||
|               }) | ||||
|               ./hosts/${name} | ||||
|           ] ++ extraModules; | ||||
|         }; | ||||
|     in | ||||
|     { | ||||
|       nixosConfigurations = { | ||||
|         atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; }; | ||||
|         eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; }; | ||||
|         helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; | ||||
|         hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; | ||||
|         library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; | ||||
|         mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; }; | ||||
|         odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; | ||||
|         pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; | ||||
|         vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; | ||||
|       }; | ||||
|             ]; | ||||
|           })) | ||||
|       ]; | ||||
|  | ||||
|       devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell { | ||||
|         buildInputs = [ | ||||
|           deploy-rs.packages.x86_64-linux.deploy-rs | ||||
|           inputs.agenix.packages.x86_64-linux.agenix | ||||
|           inputs.deploy-rs.packages.x86_64-linux.deploy-rs | ||||
|         ]; | ||||
|       }; | ||||
|  | ||||
| @@ -117,35 +112,10 @@ | ||||
|         magicRollback = true; | ||||
|         autoRollback = true; | ||||
|         sshUser = "root"; | ||||
|         nodes = { | ||||
|           mail = { | ||||
|             hostname = "mail.mesh.vimium.net"; | ||||
|  | ||||
|             profiles.system = { | ||||
|               user = "root"; | ||||
|               path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail; | ||||
|             }; | ||||
|           }; | ||||
|           vps1 = { | ||||
|             hostname = "vps1.mesh.vimium.net"; | ||||
|  | ||||
|             profiles.system = { | ||||
|               user = "root"; | ||||
|               path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1; | ||||
|             }; | ||||
|           }; | ||||
|           # pi = { | ||||
|           #   hostname = "10.0.1.191"; | ||||
|           # | ||||
|           #   profiles.system = { | ||||
|           #     user = "root"; | ||||
|           #     path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi; | ||||
|           #   }; | ||||
|           # }; | ||||
|         }; | ||||
|         nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode; | ||||
|       }; | ||||
|  | ||||
|       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; | ||||
|       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; | ||||
|     }; | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, ... }: | ||||
| { config, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
| @@ -6,6 +6,8 @@ | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   | ||||
| @@ -1,6 +1,22 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, pkgs, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     self.inputs.agenix.nixosModules.age | ||||
|     self.inputs.home-manager.nixosModule | ||||
|     ../modules | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.overlays = [ | ||||
|     self.inputs.agenix.overlays.default | ||||
|     (import ../overlays/default.nix) | ||||
|     ( | ||||
|       final: prev: { | ||||
|         unstable = import self.inputs.nixpkgs-unstable { system = final.system; }; | ||||
|       } | ||||
|     ) | ||||
|   ]; | ||||
|  | ||||
|   time.timeZone = "Europe/London"; | ||||
|  | ||||
|   i18n.defaultLocale = "en_GB.UTF-8"; | ||||
| @@ -42,6 +58,17 @@ | ||||
|     extraOptions = '' | ||||
|       experimental-features = nix-command flakes | ||||
|     ''; | ||||
|     buildMachines = [ | ||||
|       { | ||||
|         hostName = "10.0.1.79"; | ||||
|         sshUser = "root"; | ||||
|         system = "aarch64-linux"; | ||||
|         maxJobs = 6; | ||||
|         speedFactor = 1; | ||||
|         supportedFeatures = [ "big-parallel" "benchmark" ]; | ||||
|       } | ||||
|     ]; | ||||
|     distributedBuilds = true; | ||||
|     settings = { | ||||
|       connect-timeout = 5; | ||||
|       log-lines = 25; | ||||
|   | ||||
| @@ -1,10 +1,14 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, pkgs, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     ./common.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.overlays = [ | ||||
|     (import ../overlays/gnome) | ||||
|   ]; | ||||
|  | ||||
|   services.printing.enable = true; | ||||
|   services.openssh.startWhenNeeded = true; | ||||
|  | ||||
| @@ -59,7 +63,7 @@ | ||||
|     fd | ||||
|     ffmpeg | ||||
|     iotop | ||||
|     unstable.nix-du | ||||
|     # unstable.nix-du | ||||
|     # unstable.nix-melt | ||||
|     unstable.nix-tree | ||||
|     unstable.nix-visualize | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
| @@ -6,6 +6,8 @@ | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
| @@ -6,6 +6,8 @@ | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   boot = { | ||||
|     loader.grub = { | ||||
|       enable = true; | ||||
|   | ||||
| @@ -1,12 +1,21 @@ | ||||
| { config, lib, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     self.inputs.disko.nixosModules.disko | ||||
|     ./hardware-configuration.nix | ||||
|     ./disko-config.nix | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs = { | ||||
|     hostPlatform = "x86_64-linux"; | ||||
|     config = { | ||||
|       allowUnfree = true; | ||||
|       nvidia.acceptLicense = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   boot.loader = { | ||||
|     systemd-boot.enable = true; | ||||
|     efi.canTouchEfiVariables = true; | ||||
|   | ||||
| @@ -6,6 +6,8 @@ | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   boot = { | ||||
|     loader.systemd-boot.enable = true; | ||||
|     loader.efi.canTouchEfiVariables = true; | ||||
| @@ -13,7 +15,6 @@ | ||||
|   }; | ||||
|  | ||||
|   networking = { | ||||
|     domain = "mesh.vimium.net"; | ||||
|     hostId = "d24ae953"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|   | ||||
| @@ -1,15 +1,17 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     self.inputs.disko.nixosModules.disko | ||||
|     ./hardware-configuration.nix | ||||
|     ./disko-config.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   networking = { | ||||
|     hostId = "08ac2f14"; | ||||
|     domain = "mesh.vimium.net"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
| @@ -6,6 +6,14 @@ | ||||
|     ../desktop.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs = { | ||||
|     hostPlatform = "x86_64-linux"; | ||||
|     config = { | ||||
|       allowUnfree = true; | ||||
|       nvidia.acceptLicense = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   boot.loader = { | ||||
|     systemd-boot = { | ||||
|       enable = true; | ||||
|   | ||||
| @@ -1,12 +1,13 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     self.inputs.nixos-hardware.nixosModules.raspberry-pi-4 | ||||
|     ./hardware-configuration.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   networking.hostId = "731d1660"; | ||||
|   nixpkgs.hostPlatform = "aarch64-linux"; | ||||
|  | ||||
|   hardware = { | ||||
|     raspberry-pi."4" = { | ||||
| @@ -97,6 +98,8 @@ | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   networking.hostId = "731d1660"; | ||||
|  | ||||
|   sound.enable = true; | ||||
|  | ||||
|   security.rtkit.enable = true; | ||||
| @@ -108,7 +111,7 @@ | ||||
|   }; | ||||
|  | ||||
|   age.secrets."files/services/home-assistant/secrets.yaml" = { | ||||
|     file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age"; | ||||
|     file = "${self.inputs.secrets}/files/services/home-assistant/secrets.yaml.age"; | ||||
|     path = "${config.services.home-assistant.configDir}/secrets.yaml"; | ||||
|     owner = "hass"; | ||||
|     group = "hass"; | ||||
| @@ -173,7 +176,7 @@ | ||||
|   }; | ||||
|  | ||||
|   age.secrets."files/services/zigbee2mqtt/secret.yaml" = { | ||||
|     file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age"; | ||||
|     file = "${self.inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age"; | ||||
|     path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml"; | ||||
|     owner = "zigbee2mqtt"; | ||||
|     group = "zigbee2mqtt"; | ||||
|   | ||||
| @@ -18,13 +18,13 @@ | ||||
|         webroot = "/var/lib/acme/acme-challenge"; | ||||
|       }; | ||||
|     }; | ||||
|     auditd.enable = true; | ||||
|     audit = { | ||||
|       enable = true; | ||||
|       rules = [ | ||||
|         "-a exit,always -F arch=b64 -S execve" | ||||
|       ]; | ||||
|     }; | ||||
|     # auditd.enable = true; | ||||
|     # audit = { | ||||
|     #   enable = true; | ||||
|     #   rules = [ | ||||
|     #     "-a exit,always -F arch=b64 -S execve" | ||||
|     #   ]; | ||||
|     # }; | ||||
|   }; | ||||
|  | ||||
|   systemd = { | ||||
|   | ||||
							
								
								
									
										29
									
								
								hosts/skycam/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								hosts/skycam/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| # Skycam | ||||
|  | ||||
| ## Overview | ||||
| Raspberry Pi 4-based webcam | ||||
|  | ||||
| ## Specs | ||||
| * SoC - Broadcom BCM2711 | ||||
| * CPU - ARM Cortex-A72 @ 1.8 GHz | ||||
| * Memory - 8 GB LPDDR4 | ||||
|  | ||||
| ### Disks | ||||
| Device | Partitions _(filesystem, usage)_ | ||||
| --- | --- | ||||
| SD card | `/dev/mmcblk0` (ext4, NixOS Root) | ||||
|  | ||||
| ### Networks | ||||
| - DHCP on `10.0.1.0/24` subnet. | ||||
| - Tailscale on `100.64.0.0/10` subnet. FQDN: `skycam.mesh.vimium.net`. | ||||
|  | ||||
| ## Devices and connections | ||||
| - Camera Module 3 with wide-angle lens | ||||
|  | ||||
| ## Building | ||||
| To generate a compressed SD card image for Skycam, run: | ||||
| `nix build '.#nixosConfigurations.skycam.config.system.build.sdImage'` | ||||
|  | ||||
| Once a card is imaged, the existing SSH host keys should be copied to | ||||
| `/etc/ssh` manually to enable secret decryption. | ||||
|  | ||||
							
								
								
									
										111
									
								
								hosts/skycam/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										111
									
								
								hosts/skycam/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,111 @@ | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     self.inputs.nixos-hardware.nixosModules.raspberry-pi-4 | ||||
|     ./hardware-configuration.nix | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "aarch64-linux"; | ||||
|  | ||||
|   hardware = { | ||||
|     raspberry-pi."4" = { | ||||
|       apply-overlays-dtmerge.enable = true; | ||||
|       audio.enable = false; | ||||
|       xhci.enable = false; | ||||
|     }; | ||||
|     deviceTree = { | ||||
|       enable = true; | ||||
|       filter = "*rpi-4-*.dtb"; | ||||
|       # From https://github.com/Electrostasy/dots/blob/3b81723feece67610a252ce754912f6769f0cd34/hosts/phobos/klipper.nix#L43-L65 | ||||
|       overlays = | ||||
|         let | ||||
|           mkCompatibleDtsFile = dtbo: | ||||
|             let | ||||
|               drv = pkgs.runCommand "fix-dts" { nativeBuildInputs = with pkgs; [ dtc gnused ]; } '' | ||||
|                 mkdir "$out" | ||||
|                 dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts | ||||
|               ''; | ||||
|             in | ||||
|               "${drv}/overlay.dts"; | ||||
|  | ||||
|           inherit (config.boot.kernelPackages) kernel; | ||||
|         in | ||||
|           [ | ||||
|             { | ||||
|               name = "imx708.dtbo"; | ||||
|               dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo"; | ||||
|             } | ||||
|             { | ||||
|               name = "vc4-kms-v3d-pi4.dtbo"; | ||||
|               dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo"; | ||||
|             } | ||||
|           ]; | ||||
|     }; | ||||
|     firmware = with pkgs; [ | ||||
|       firmwareLinuxNonfree | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   services.udev.extraRules = '' | ||||
|     SUBSYSTEM=="rpivid-*", GROUP="video", MODE="0660" | ||||
|     KERNEL=="vcsm-cma", GROUP="video", MODE="0660" | ||||
|     SUBSYSTEM=="dma_heap", GROUP="video", MODE="0660" | ||||
|   ''; | ||||
|  | ||||
|   nixpkgs.overlays = [ | ||||
|     (import ./../../overlays/libcamera) | ||||
|   ]; | ||||
|  | ||||
|   networking = { | ||||
|     hostId = "731d1660"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ 8080 ]; | ||||
|       allowedUDPPorts = [ 8080 ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   users.users.root = { | ||||
|     openssh.authorizedKeys.keys = [ | ||||
|       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com" | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; | ||||
|  | ||||
|   systemd.services.ustreamer = { | ||||
|     enable = true; | ||||
|     description = "uStreamer service"; | ||||
|     unitConfig = { | ||||
|       Type = "simple"; | ||||
|       ConditionPathExists = "/sys/bus/i2c/drivers/imx708/10-001a/video4linux"; | ||||
|     }; | ||||
|     serviceConfig = { | ||||
|       ExecStart = ''${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \ | ||||
|         --host=0.0.0.0 \ | ||||
|         --resolution=4608x2592 | ||||
|       ''; | ||||
|       DynamicUser = "yes"; | ||||
|       SupplementaryGroups = [ "video" ]; | ||||
|       Restart = "always"; | ||||
|       RestartSec = 10; | ||||
|     }; | ||||
|     wantedBy = [ "network-online.target" ]; | ||||
|     confinement.mode = "chroot-only"; | ||||
|   }; | ||||
|  | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|     camera-streamer | ||||
|     git | ||||
|     neovim | ||||
|     libcamera | ||||
|     libraspberrypi | ||||
|     raspberrypi-eeprom | ||||
|     v4l-utils | ||||
|     unstable.ustreamer | ||||
|   ]; | ||||
|  | ||||
|   system.stateVersion = "24.05"; | ||||
| } | ||||
							
								
								
									
										33
									
								
								hosts/skycam/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								hosts/skycam/hardware-configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
| { config, lib, modulesPath, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
|     (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") | ||||
|   ]; | ||||
|  | ||||
|   boot = { | ||||
|     kernelModules = [ "bcm2835-v4l2" ]; | ||||
|     kernelParams = [ | ||||
|       "cma=512M" | ||||
|       "panic=0" | ||||
|     ]; | ||||
|     supportedFilesystems = lib.mkForce [ "f2fs" "vfat" "xfs" ]; | ||||
|     tmp.cleanOnBoot = false; | ||||
|   }; | ||||
|  | ||||
|   nixpkgs.overlays = [ | ||||
|     (final: super: { | ||||
|       makeModulesClosure = x: | ||||
|         super.makeModulesClosure (x // { allowMissing = true; }); | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   fileSystems = { | ||||
|     "/" = { | ||||
|       device = "/dev/disk/by-label/NIXOS_SD"; | ||||
|       fsType = "ext4"; | ||||
|       options = [ "noatime" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| { | ||||
|   imports = [ | ||||
| @@ -6,9 +6,10 @@ | ||||
|     ../server.nix | ||||
|   ]; | ||||
|  | ||||
|   nixpkgs.hostPlatform = "x86_64-linux"; | ||||
|  | ||||
|   networking = { | ||||
|     hostId = "08bf6db3"; | ||||
|     domain = "mesh.vimium.net"; | ||||
|     firewall = { | ||||
|       enable = true; | ||||
|       allowedTCPPorts = [ | ||||
| @@ -40,7 +41,92 @@ | ||||
|  | ||||
|   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; | ||||
|  | ||||
|   modules = { | ||||
|   services.postgresql = { | ||||
|     ensureUsers = [ | ||||
|       { | ||||
|         name = "zitadel"; | ||||
|         ensureDBOwnership = true; | ||||
|         ensureClauses = { | ||||
|           superuser = true; | ||||
|         }; | ||||
|       } | ||||
|     ]; | ||||
|     ensureDatabases = [ "zitadel" ]; | ||||
|   }; | ||||
|  | ||||
|   age.secrets."files/services/zitadel/masterkey" = { | ||||
|     file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age"; | ||||
|     owner = "zitadel"; | ||||
|     group = "zitadel"; | ||||
|   }; | ||||
|  | ||||
|   systemd.services.zitadel = { | ||||
|     requires = [ "postgresql.service" ]; | ||||
|     after = [ "postgresql.service" ]; | ||||
|   }; | ||||
|  | ||||
|   services.zitadel = { | ||||
|     enable = true; | ||||
|     masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path; | ||||
|     settings = { | ||||
|       Database.postgres = { | ||||
|         Host = "/run/postgresql"; | ||||
|         Port = 5432; | ||||
|         Database = "zitadel"; | ||||
|         User = { | ||||
|           Username = "zitadel"; | ||||
|           SSL.Mode = "disable"; | ||||
|         }; | ||||
|         Admin = { | ||||
|           ExistingDatabase = "zitadel"; | ||||
|           Username = "zitadel"; | ||||
|           SSL.Mode = "disable"; | ||||
|         }; | ||||
|       }; | ||||
|       ExternalDomain = "id.vimium.com"; | ||||
|       ExternalPort = 443; | ||||
|       ExternalSecure = true; | ||||
|       Machine = { | ||||
|         Identification = { | ||||
|           Hostname.Enabled = true; | ||||
|           PrivateIp.Enabled = false; | ||||
|           Webhook.Enabled = false; | ||||
|         }; | ||||
|       }; | ||||
|       Port = 8081; | ||||
|       WebAuthNName = "Vimium"; | ||||
|     }; | ||||
|     steps.FirstInstance = { | ||||
|       InstanceName = "Vimium"; | ||||
|       Org.Name = "Vimium"; | ||||
|       Org.Human = { | ||||
|         UserName = "jordan@vimium.com"; | ||||
|         FirstName = "Jordan"; | ||||
|         LastName = "Holt"; | ||||
|         Email = { | ||||
|           Address = "jordan@vimium.com"; | ||||
|           Verified = true; | ||||
|         }; | ||||
|         Password = "Password1!"; | ||||
|         PasswordChangeRequired = true; | ||||
|       }; | ||||
|       LoginPolicy.AllowRegister = false; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   services.nginx.virtualHosts."id.vimium.com" = { | ||||
|     enableACME = true; | ||||
|     forceSSL = true; | ||||
|     locations."/" = { | ||||
|       extraConfig = '' | ||||
|         grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port}; | ||||
|         grpc_set_header Host $host:$server_port; | ||||
|       ''; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   modules = rec { | ||||
|     databases.postgresql.enable = true; | ||||
|     services = { | ||||
|       borgmatic = { | ||||
|         enable = true; | ||||
| @@ -51,10 +137,21 @@ | ||||
|         ]; | ||||
|         repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo"; | ||||
|       }; | ||||
|       coturn.enable = true; | ||||
|       coturn = { | ||||
|         enable = true; | ||||
|         realm = "turn.vimium.com"; | ||||
|         matrixIntegration = true; | ||||
|       }; | ||||
|       gitea.enable = true; | ||||
|       headscale.enable = true; | ||||
|       matrix-synapse.enable = true; | ||||
|       matrix = { | ||||
|         enable = true; | ||||
|         bridges = { | ||||
|           signal = true; | ||||
|           whatsapp = true; | ||||
|         }; | ||||
|         usePostgresql = databases.postgresql.enable; | ||||
|       }; | ||||
|       nginx.enable = true; | ||||
|       photoprism.enable = true; | ||||
|     }; | ||||
|   | ||||
							
								
								
									
										41
									
								
								modules/databases/postgresql.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								modules/databases/postgresql.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   ... | ||||
| }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.databases.postgresql; | ||||
| in { | ||||
|   options.modules.databases.postgresql = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     services.postgresql = { | ||||
|       enable = true; | ||||
|       enableJIT = true; | ||||
|       initdbArgs = [ | ||||
|         "--allow-group-access" | ||||
|         "--encoding=UTF8" | ||||
|         "--locale=C" | ||||
|       ]; | ||||
|       settings = { | ||||
|         log_connections = true; | ||||
|         log_disconnections = true; | ||||
|         log_destination = lib.mkForce "syslog"; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.borgmatic.settings = { | ||||
|       postgresql_databases = [ | ||||
|         { | ||||
|           name = "all"; | ||||
|         } | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -2,7 +2,9 @@ | ||||
|   imports = [ | ||||
|     ./options.nix | ||||
|     ./podman.nix | ||||
|     ./databases/postgresql.nix | ||||
|     ./desktop/gnome.nix | ||||
|     ./desktop/forensics.nix | ||||
|     ./desktop/hyprland.nix | ||||
|     ./desktop/kde.nix | ||||
|     ./desktop/mimeapps.nix | ||||
| @@ -41,7 +43,7 @@ | ||||
|     ./services/gitea-runner | ||||
|     ./services/headscale | ||||
|     ./services/mail | ||||
|     ./services/matrix-synapse | ||||
|     ./services/matrix | ||||
|     ./services/nginx | ||||
|     ./services/photoprism | ||||
|     ./shell/git | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.apps.thunderbird; | ||||
| in { | ||||
| @@ -10,7 +10,7 @@ in { | ||||
|   }; | ||||
|    | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme; | ||||
|     home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme; | ||||
|  | ||||
|     home.programs.thunderbird = { | ||||
|       enable = true; | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.browsers.brave; | ||||
| in { | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.browsers.firefox; | ||||
| in { | ||||
| @@ -10,7 +10,7 @@ in { | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme; | ||||
|     home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme; | ||||
|  | ||||
|     home.programs.firefox = { | ||||
|       enable = true; | ||||
| @@ -36,6 +36,8 @@ in { | ||||
|           ## Preferences | ||||
|           "browser.ctrlTab.sortByRecentlyUsed" = true; | ||||
|           "browser.discovery.enabled" = false; | ||||
|           "browser.download.open_pdf_attachments_inline" = true; | ||||
|           "browser.menu.showViewImageInfo" = true; | ||||
|           "browser.newtabpage.enabled" = false; | ||||
|           "browser.newtabpage.activity-stream.showSponsored" = false; | ||||
|           "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; | ||||
| @@ -46,14 +48,44 @@ in { | ||||
|           "browser.startup.homepage" = "https://www.vimium.com"; | ||||
|           "browser.toolbars.bookmarks.visibility" = "never"; | ||||
|           "browser.uitour.enabled" = false; | ||||
|           "media.memory_cache_max_size" = 65536; | ||||
|           "browser.urlbar.suggest.engines" = false; | ||||
|           "browser.urlbar.suggest.calculator" = true; | ||||
|           "browser.urlbar.trending.featureGate" = false; | ||||
|           "browser.urlbar.unitConversion.enabled" = true; | ||||
|           "cookiebanners.service.mode" = 1; | ||||
|           "cookiebanners.service.mode.privateBrowsing" = 1; | ||||
|           "network.IDN_show_punycode" = true; | ||||
|  | ||||
|           ## Performance | ||||
|           "browser.cache.jsbc_compression_level" = 3; | ||||
|           "content.notify.interval" = 100000; | ||||
|           "dom.enable_web_task_scheduling" = true; | ||||
|           "dom.security.sanitizer.enabled" = true; | ||||
|           "gfx.canvas.accelerated.cache-items" = 4096; | ||||
|           "gfx.canvas.accelerated.cache-size" = 512; | ||||
|           "gfx.content.skia-font-cache-size" = 20; | ||||
|           "gfx.webrender.all" = true; | ||||
|           "gfx.webrender.compositor" = true; | ||||
|           "gfx.webrender.enable" = true; | ||||
|           "image.mem.decode_bytes_at_a_time" = 32768; | ||||
|           "layers.acceleration.force-enabled" = true; | ||||
|           "layout.css.grid-template-masonry-value.enabled" = true; | ||||
|           "media.ffmpeg.vaapi.enabled" = true; | ||||
|           "media.memory_cache_max_size" = 65536; | ||||
|           "media.cache_readahead_limit" = 7200; | ||||
|           "media.cache_resume_threshold" = 3600; | ||||
|           "network.dns.disablePrefetch" = true; | ||||
|           "network.dns.disablePrefetchFromHTTPS" = true; | ||||
|           "network.dnsCacheExpiration" = 3600; | ||||
|           "network.http.max-connections" = 1800; | ||||
|           "network.http.max-persistent-connections-per-server" = 10; | ||||
|           "network.http.max-urgent-start-excessive-connections-per-host" = 5; | ||||
|           "network.http.pacing.requests.enabled" = false; | ||||
|           "network.predictor.enabled" = false; | ||||
|           "network.prefetch-next" = false; | ||||
|           "network.ssl_tokens_cache_capacity" = 10240; | ||||
|           "pdfjs.enableScripting" = false; | ||||
|           "security.mixed_content.block_display_content" = true; | ||||
|  | ||||
|           ## Experiments | ||||
|           "app.normandy.enabled" = false; | ||||
| @@ -70,6 +102,7 @@ in { | ||||
|           "network.allow-experiments" = false; | ||||
|  | ||||
|           ## Privacy | ||||
|           "dom.private-attribution.submission.enabled" = false; | ||||
|           # "privacy.resistFingerprinting" = true; | ||||
|           "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false; | ||||
|           "privacy.trackingprotection.enabled" = true; | ||||
| @@ -121,7 +154,7 @@ in { | ||||
|           "dom.battery.enabled" = false; | ||||
|           "dom.vr.enabled" = false; | ||||
|           "media.navigator.enabled" = false; | ||||
|           "dom.webaudio.enabled" = false; | ||||
|           # "dom.webaudio.enabled" = false; | ||||
|  | ||||
|           ## Isolation | ||||
|           "privacy.firstparty.isolate" = true; | ||||
|   | ||||
							
								
								
									
										26
									
								
								modules/desktop/forensics.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								modules/desktop/forensics.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.forensics; | ||||
| in { | ||||
|   options.modules.desktop.forensics = { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     user.packages = with pkgs; [ | ||||
|       acquire | ||||
|       afflib | ||||
|       autopsy | ||||
|       fatcat | ||||
|       foremost | ||||
|       hstsparser | ||||
|       networkminer | ||||
|       sleuthkit | ||||
|       testdisk-qt | ||||
|       tracee | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, inputs, lib, pkgs, ... }: | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| let cfg = config.modules.desktop.gnome; | ||||
| in { | ||||
| @@ -74,26 +74,37 @@ in { | ||||
|       "org/gnome/shell" = { | ||||
|         disable-user-extensions = false; | ||||
|         enabled-extensions = [ | ||||
|           # "another-window-session-manager@gmail.com" | ||||
|           "appindicatorsupport@rgcjonas.gmail.com" | ||||
|           # "arcmenu@arcmenu.com" | ||||
|           "blur-my-shell@aunetx" | ||||
|           # "browser-tabs@com.github.harshadgavali" | ||||
|           "burn-my-windows@schneegans.github.com" | ||||
|           "clipboard-indicator@tudmotu.com" | ||||
|           "CoverflowAltTab@palatis.blogspot.com" | ||||
|           # "dash-to-panel@jderose9.github.com" | ||||
|           # "desktop-cube@schneegans.github.com" | ||||
|           # "desktop-zoom@colin.kinlo.ch" | ||||
|           # "EasyScreenCast@iacopodeenosee.gmail.com" | ||||
|           "espresso@coadmunkee.github.com" | ||||
|           # "flypie@schneegans.github.com" | ||||
|           "flypie@schneegans.github.com" | ||||
|           # "forge@jmmaranan.com" | ||||
|           "hue-lights@chlumskyvaclav@gmail.com" | ||||
|           "gsconnect@andyholmes.github.io" | ||||
|           # "gSnap@micahosborne" | ||||
|           # "hidetopbar@mathieu.bidon.ca" | ||||
|           "just-perfection-desktop@just-perfection" | ||||
|           # "mediacontrols@cliffniff.github.com" | ||||
|           # "mousefollowsfocus@matthes.biz" | ||||
|           # "pano@elhan.io" | ||||
|           # "paperwm@hedning:matrix.org" | ||||
|           "pip-on-top@rafostar.github.com" | ||||
|           # "rounded-window-corners@yilozt" | ||||
|           # "search-light@icedman.github.com" | ||||
|           "space-bar@luchrioh" | ||||
|           # "smart-auto-move@khimaros.com" | ||||
|           # "systemd-manager@hardpixel.eu" | ||||
|           # "tailscale-status@maxgallup.github.com" | ||||
|           "space-bar@luchrioh" | ||||
|           # "tiling-assistant@leleat-on-github" | ||||
|           "tilingshell@ferrarodomenico.com" | ||||
|           "Vitals@CoreCoding.com" | ||||
|           "windowIsReady_Remover@nunofarruca@gmail.com" | ||||
|           # "worksets@blipk.xyz" | ||||
|           # "wsmatrix@martin.zurowietz.de" | ||||
|         ]; | ||||
|         favorite-apps = [ | ||||
| @@ -101,9 +112,6 @@ in { | ||||
|           "org.gnome.Nautilus.desktop" | ||||
|         ]; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/another-window-session-manager" = { | ||||
|         enable-autorestore-sessions = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/blur-my-shell/panel" = { | ||||
|         static-blur = true; | ||||
|       }; | ||||
| @@ -115,8 +123,14 @@ in { | ||||
|         glide-open-effect = true; | ||||
|         glide-close-effect = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/desktop-zoom" = { | ||||
|         mag-factor-delta = 0.07; | ||||
|       "org/gnome/shell/extensions/dash-to-panel" = { | ||||
|         intellihide = true; | ||||
|         panel-positions = '' | ||||
|           {"0":"TOP"} | ||||
|         ''; | ||||
|         trans-panel-opacity = 0.3; | ||||
|         trans-use-custom-opacity = true; | ||||
|         trans-use-dynamic-opacity = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/espresso" = { | ||||
|         enable-fullscreen = true; | ||||
| @@ -126,18 +140,32 @@ in { | ||||
|           "com.obsproject.Studio.desktop" | ||||
|         ]; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/paperwm" = { | ||||
|         use-default-background = true; | ||||
|       "org/gnome/shell/extensions/flypie" = { | ||||
|         preview-on-right-side = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/forge" = { | ||||
|         window-gap-size = 8; | ||||
|         window-gap-hidden-on-single = false; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/hidetopbar" = { | ||||
|         mouse-sensitive = true; | ||||
|         mouse-sensitive-fullscreen-window = true; | ||||
|         enable-active-window = false; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/just-perfection" = { | ||||
|         activities-button = false; | ||||
|         window-demands-attention-focus = true; | ||||
|         workspace-wrap-around = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/paperwm" = { | ||||
|         use-default-background = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/pip-on-top" = { | ||||
|         stick = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/search-light" = { | ||||
|         popup-at-cursor-monitor = true; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/space-bar/behavior" = { | ||||
|         enable-activate-workspace-shortcuts = true; | ||||
|         show-empty-workspaces = true; | ||||
| @@ -150,6 +178,11 @@ in { | ||||
|         screen-left-gap = 8; | ||||
|         window-gap = 8; | ||||
|       }; | ||||
|       "org/gnome/shell/extensions/tilingshell" = { | ||||
|         inner-gaps = 16; | ||||
|         outer-gaps = 8; | ||||
|         enable-blur-snap-assistant = true; | ||||
|       }; | ||||
|       "org/gnome/Console" = { | ||||
|         font-scale = 1.4; | ||||
|         use-system-font = false; | ||||
| @@ -174,7 +207,7 @@ in { | ||||
|       "Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} { | ||||
|         General.theme = "KvLibadwaitaDark"; | ||||
|       }; | ||||
|       "Kvantum/KvLibadwaita".source = "${inputs.kvlibadwaita}/src/KvLibadwaita"; | ||||
|       "Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita"; | ||||
|     }; | ||||
|  | ||||
|     user.packages = with pkgs; [ | ||||
| @@ -185,6 +218,7 @@ in { | ||||
|       # d-spy | ||||
|       # drawing | ||||
|       # fragments | ||||
|       gnome.dconf-editor | ||||
|       gnome.ghex | ||||
|       # gnome-builder | ||||
|       gnome-decoder | ||||
| @@ -199,49 +233,55 @@ in { | ||||
|       # schemes | ||||
|       shortwave | ||||
|       sysprof | ||||
|     ]; | ||||
|  | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       adw-gtk3 | ||||
|       gnomeExtensions.another-window-session-manager | ||||
|       # gnomeExtensions.bifocals | ||||
|       gnomeExtensions.blur-my-shell | ||||
|       gnomeExtensions.browser-tabs | ||||
|       gnomeExtensions.burn-my-windows | ||||
|       gnomeExtensions.desktop-cube | ||||
|       # gnomeExtensions.desktop-zoom | ||||
|       gnome44Extensions."flypie@schneegans.github.com" | ||||
|       # gnomeExtensions.forge | ||||
|       # gnomeExtensions.gsnap | ||||
|       gnomeExtensions.hue-lights | ||||
|       gnomeExtensions.just-perfection | ||||
|       # gnomeExtensions.mutter-primary-gpu | ||||
|       gnomeExtensions.pano | ||||
|       gnomeExtensions.paperwm | ||||
|       # gnomeExtensions.pip-on-top | ||||
|       gnomeExtensions.rounded-window-corners | ||||
|       gnomeExtensions.search-light | ||||
|       gnomeExtensions.smart-auto-move | ||||
|       gnomeExtensions.space-bar | ||||
|       gnomeExtensions.systemd-manager | ||||
|       gnomeExtensions.tailscale-status | ||||
|       gnomeExtensions.tiling-assistant | ||||
|       # gnomeExtensions.todotxt | ||||
|       gnomeExtensions.vitals | ||||
|       # gnomeExtensions.window-is-ready-remover | ||||
|       # gnomeExtensions.worksets | ||||
|       # gnomeExtensions.workspace-matrix | ||||
|       unstable.gnomeExtensions.coverflow-alt-tab | ||||
|       unstable.gnomeExtensions.espresso | ||||
|       unstable.kdePackages.qtstyleplugin-kvantum | ||||
|       unstable.libsForQt5.qtstyleplugin-kvantum | ||||
|       unstable.morewaita-icon-theme | ||||
|       unstable.qadwaitadecorations | ||||
|       unstable.qadwaitadecorations-qt6 | ||||
|     ] ++ (if config.virtualisation.podman.enable then [ | ||||
|       pods | ||||
|     ] else []); | ||||
|  | ||||
|     environment.systemPackages = with pkgs.unstable; [ | ||||
|       adw-gtk3 | ||||
|       kdePackages.qtstyleplugin-kvantum | ||||
|       libsForQt5.qtstyleplugin-kvantum | ||||
|       morewaita-icon-theme | ||||
|       nautilus-python | ||||
|       qadwaitadecorations | ||||
|       qadwaitadecorations-qt6 | ||||
|  | ||||
|       ## Shell extensions | ||||
|       gnomeExtensions.appindicator | ||||
|       gnomeExtensions.arcmenu | ||||
|       gnomeExtensions.blur-my-shell | ||||
|       gnomeExtensions.browser-tabs | ||||
|       gnomeExtensions.burn-my-windows | ||||
|       gnomeExtensions.clipboard-indicator | ||||
|       gnomeExtensions.coverflow-alt-tab | ||||
|       gnomeExtensions.dash-to-panel | ||||
|       gnomeExtensions.desktop-cube | ||||
|       gnomeExtensions.easyScreenCast | ||||
|       gnomeExtensions.espresso | ||||
|       gnomeExtensions.fly-pie | ||||
|       gnomeExtensions.forge | ||||
|       gnomeExtensions.gsconnect | ||||
|       gnomeExtensions.gsnap | ||||
|       gnomeExtensions.hide-top-bar | ||||
|       gnomeExtensions.just-perfection | ||||
|       gnomeExtensions.media-controls | ||||
|       gnomeExtensions.mouse-follows-focus | ||||
|       gnomeExtensions.pano | ||||
|       gnomeExtensions.paperwm | ||||
|       gnomeExtensions.pip-on-top | ||||
|       gnomeExtensions.rounded-window-corners | ||||
|       gnomeExtensions.search-light | ||||
|       gnomeExtensions.smart-auto-move | ||||
|       gnomeExtensions.space-bar | ||||
|       gnomeExtensions.tiling-assistant | ||||
|       gnomeExtensions.tiling-shell | ||||
|       gnomeExtensions.todotxt | ||||
|       gnomeExtensions.vitals | ||||
|       gnomeExtensions.window-is-ready-remover | ||||
|       gnomeExtensions.worksets | ||||
|       gnomeExtensions.workspace-matrix | ||||
|     ]; | ||||
|  | ||||
|     home.services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, inputs, lib, pkgs, ... }: | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.networking.tailscale; | ||||
| @@ -18,7 +18,7 @@ in { | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     age.secrets."passwords/services/tailscale/${hostname}-authkey" = { | ||||
|       file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age"; | ||||
|       file = "${self.inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age"; | ||||
|     }; | ||||
|  | ||||
|     environment.systemPackages = [ pkgs.tailscale ]; | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| @@ -19,7 +19,7 @@ in { | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     age.secrets."passwords/networks" = { | ||||
|       file = "${inputs.secrets}/passwords/networks.age"; | ||||
|       file = "${self.inputs.secrets}/passwords/networks.age"; | ||||
|     }; | ||||
|  | ||||
|     networking = { | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, options, lib, home-manager, inputs, ... }: | ||||
| { config, options, lib, self, ... }: | ||||
|  | ||||
| with lib; | ||||
| { | ||||
| @@ -29,7 +29,7 @@ with lib; | ||||
|   }; | ||||
|  | ||||
|   config = { | ||||
|     age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age"; | ||||
|     age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age"; | ||||
|     user = | ||||
|       let user = builtins.getEnv "USER"; | ||||
|           name = if elem user [ "" "root" ] then "jordan" else user; | ||||
| @@ -68,8 +68,8 @@ with lib; | ||||
|       }; | ||||
|  | ||||
|       sharedModules = [ | ||||
|         inputs.nixvim.homeManagerModules.nixvim | ||||
|         inputs.plasma-manager.homeManagerModules.plasma-manager | ||||
|         self.inputs.nixvim.homeManagerModules.nixvim | ||||
|         self.inputs.plasma-manager.homeManagerModules.plasma-manager | ||||
|       ]; | ||||
|     }; | ||||
|  | ||||
|   | ||||
| @@ -1,35 +1,33 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.borgmatic; | ||||
|   hostname = config.networking.hostName; | ||||
| in { | ||||
|   options.modules.services.borgmatic = { | ||||
|     enable = mkOption { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|       description = mdDoc "Enable backups on this host with `borgmatic`"; | ||||
|       description = lib.mdDoc "Enable backups on this host with `borgmatic`"; | ||||
|     }; | ||||
|     directories = mkOption { | ||||
|       type = types.listOf types.str; | ||||
|     directories = lib.mkOption { | ||||
|       type = lib.types.listOf lib.types.str; | ||||
|       default = []; | ||||
|       example = [ | ||||
|         "/home/jordan/Documents" | ||||
|       ]; | ||||
|       description = mdDoc "List of directories to backup"; | ||||
|       description = lib.mdDoc "List of directories to backup"; | ||||
|     }; | ||||
|     repoPath = mkOption { | ||||
|       type = types.str; | ||||
|     repoPath = lib.mkOption { | ||||
|       type = lib.types.str; | ||||
|       example = "ssh://example@example.repo.borgbase.com/./repo"; | ||||
|       description = mdDoc "Destination borg repository for backup"; | ||||
|       description = lib.mdDoc "Destination borg repository for backup"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     age.secrets."passwords/services/borg/${hostname}-passphrase" = { | ||||
|       file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age"; | ||||
|       file = "${self.inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age"; | ||||
|     }; | ||||
|  | ||||
|     services.borgmatic = { | ||||
| @@ -47,6 +45,16 @@ in { | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.postgresql.ensureUsers = [ | ||||
|       { | ||||
|         name = "root"; | ||||
|         ensureClauses.superuser = true; | ||||
|       } | ||||
|     ]; | ||||
|  | ||||
|     # Add `pg_dumpall` to unit environment | ||||
|     systemd.services.borgmatic.path = [ config.services.postgresql.package ]; | ||||
|  | ||||
|     # Without this override, `cat` is unavailable for `encryption_passcommand` | ||||
|     systemd.services.borgmatic.confinement.fullUnit = true; | ||||
|   }; | ||||
|   | ||||
| @@ -1,60 +1,118 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.coturn; | ||||
| in { | ||||
|   options.modules.services.coturn = { | ||||
|     enable = mkOption { | ||||
|     enable = lib.mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|     realm = lib.mkOption { | ||||
|       type = lib.types.str; | ||||
|       description = "The realm to be used by the TURN server."; | ||||
|       example = "turn.vimium.com"; | ||||
|     }; | ||||
|     matrixIntegration = lib.mkOption { | ||||
|       default = false; | ||||
|       description = "Configure the matrix-synapse module to use this TURN server."; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     networking.firewall = { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     networking.firewall = let | ||||
|       range = with config.services.coturn; lib.singleton { | ||||
|         from = min-port; | ||||
|         to = max-port; | ||||
|       }; | ||||
|     in { | ||||
|       allowedTCPPorts = [ | ||||
|         3478  # TURN listener | ||||
|         5349  # STUN TLS | ||||
|         5350  # STUN TLS alt | ||||
|       ]; | ||||
|       allowedUDPPortRanges = [ | ||||
|         { from = 49152; to = 49999; } # TURN relay | ||||
|       allowedUDPPorts = [ | ||||
|         3478  # TURN listener | ||||
|         5349  # TLS | ||||
|         5350  # TLS alt | ||||
|       ]; | ||||
|       allowedUDPPortRanges = range; # TURN peer relays | ||||
|     }; | ||||
|  | ||||
|     security.acme.certs = { | ||||
|       "turn.vimium.com" = { | ||||
|       "${config.services.coturn.realm}" = { | ||||
|         group = "turnserver"; | ||||
|         reloadServices = [ "coturn" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     age.secrets."passwords/services/coturn/shared-secret" = { | ||||
|       file = "${inputs.secrets}/passwords/services/coturn/shared-secret.age"; | ||||
|     age.secrets = { | ||||
|       "passwords/services/coturn/static-auth-secret" = { | ||||
|         file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; | ||||
|         owner = "turnserver"; | ||||
|         group = "turnserver"; | ||||
|       }; | ||||
|     } // (if cfg.matrixIntegration then { | ||||
|       "passwords/services/coturn/matrix-turn-config.yml" = { | ||||
|         file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; | ||||
|         owner = "matrix-synapse"; | ||||
|         group = "matrix-synapse"; | ||||
|       }; | ||||
|     } else {}); | ||||
|  | ||||
|     services.coturn = { | ||||
|     services.coturn = rec { | ||||
|       enable = true; | ||||
|       lt-cred-mech = true; | ||||
|       realm = cfg.realm; | ||||
|       use-auth-secret = true; | ||||
|       static-auth-secret-file = config.age.secrets."passwords/services/coturn/shared-secret".path; | ||||
|       realm = "turn.vimium.com"; | ||||
|       relay-ips = [ | ||||
|         "198.244.190.160" | ||||
|       ]; | ||||
|       static-auth-secret-file = config.age.secrets."passwords/services/coturn/static-auth-secret".path; | ||||
|       cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; | ||||
|       pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; | ||||
|       min-port = 49000; | ||||
|       max-port = 50000; | ||||
|       no-cli = true; | ||||
|       no-tcp-relay = true; | ||||
|       extraConfig = '' | ||||
|         cipher-list="HIGH" | ||||
|         no-loopback-peers | ||||
|         no-multicast-peers | ||||
|  | ||||
|         # Ban private CIDR blocks | ||||
|         denied-peer-ip=0.0.0.0-0.255.255.255 | ||||
|         denied-peer-ip=10.0.0.0-10.255.255.255 | ||||
|         denied-peer-ip=100.64.0.0-100.127.255.255 | ||||
|         denied-peer-ip=127.0.0.0-127.255.255.255 | ||||
|         denied-peer-ip=169.254.0.0-169.254.255.255 | ||||
|         denied-peer-ip=172.16.0.0-172.31.255.255 | ||||
|         denied-peer-ip=192.0.0.0-192.0.0.255 | ||||
|         denied-peer-ip=192.0.2.0-192.0.2.255 | ||||
|         denied-peer-ip=192.88.99.0-192.88.99.255 | ||||
|         denied-peer-ip=192.168.0.0-192.168.255.255 | ||||
|         denied-peer-ip=198.18.0.0-198.19.255.255 | ||||
|         denied-peer-ip=198.51.100.0-198.51.100.255 | ||||
|         denied-peer-ip=203.0.113.0-203.0.113.255 | ||||
|         denied-peer-ip=240.0.0.0-255.255.255.255 | ||||
|         denied-peer-ip=::1 | ||||
|         denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff | ||||
|         denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 | ||||
|         denied-peer-ip=100::-100::ffff:ffff:ffff:ffff | ||||
|         denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff | ||||
|         denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff | ||||
|         denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | ||||
|         denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff | ||||
|       ''; | ||||
|       secure-stun = true; | ||||
|       cert = "/var/lib/acme/turn.vimium.com/fullchain.pem"; | ||||
|       pkey = "/var/lib/acme/turn.vimium.com/key.pem"; | ||||
|       min-port = 49152; | ||||
|       max-port = 49999; | ||||
|     }; | ||||
|  | ||||
|     services.matrix-synapse = lib.mkIf cfg.matrixIntegration { | ||||
|       settings = with config.services.coturn; { | ||||
|         turn_uris = [ | ||||
|           "turn:${realm}:3478?transport=udp" | ||||
|           "turn:${realm}:3478?transport=tcp" | ||||
|         ]; | ||||
|         turn_user_lifetime = "1h"; | ||||
|       }; | ||||
|       extraConfigFiles = [ | ||||
|         config.age.secrets."passwords/services/coturn/matrix-turn-config.yml".path | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { pkgs, config, lib, inputs, ... }: | ||||
| { pkgs, config, lib, self, ... }: | ||||
|  | ||||
| # Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix | ||||
|  | ||||
| @@ -176,7 +176,7 @@ in | ||||
|     users.groups.nix-ci-user = { }; | ||||
|  | ||||
|     age.secrets."files/services/gitea-runner/${hostname}-token" = { | ||||
|       file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age"; | ||||
|       file = "${self.inputs.secrets}/files/services/gitea-runner/${hostname}-token.age"; | ||||
|       group = "podman"; | ||||
|     }; | ||||
|  | ||||
|   | ||||
| @@ -1,18 +1,17 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.gitea; | ||||
| in { | ||||
|   options.modules.services.gitea = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     enable = lib.mkEnableOption "gitea"; | ||||
|     domain = lib.mkOption { | ||||
|       type = lib.types.string; | ||||
|       default = "git.vimium.com"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     users = { | ||||
|       users.git = { | ||||
|         isSystemUser = true; | ||||
| @@ -31,7 +30,7 @@ in { | ||||
|         }; | ||||
|       }; | ||||
|       virtualHosts = { | ||||
|         "git.vimium.com" = { | ||||
|         "${cfg.domain}" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           locations."/".proxyPass = "http://gitea"; | ||||
| @@ -41,9 +40,9 @@ in { | ||||
|  | ||||
|     systemd.tmpfiles.rules = [ | ||||
|       "d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${self.inputs.gitea-github-theme}/theme-github.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-auto.css" | ||||
|       "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-dark.css" | ||||
|     ]; | ||||
|  | ||||
|     services.gitea = rec { | ||||
| @@ -69,15 +68,15 @@ in { | ||||
|           OFFLINE_MODE = true; | ||||
|           PROTOCOL = "http+unix"; | ||||
|           SSH_USER = "git"; | ||||
|           SSH_DOMAIN = "git.vimium.com"; | ||||
|           SSH_DOMAIN = "${cfg.domain}"; | ||||
|           SSH_PORT = lib.head config.services.openssh.ports; | ||||
|           ROOT_URL = "https://git.vimium.com/"; | ||||
|           ROOT_URL = "https://${cfg.domain}/"; | ||||
|         }; | ||||
|         service.DISABLE_REGISTRATION = true; | ||||
|         session.COOKIE_SECURE = true; | ||||
|         log = { | ||||
|           ROOT_PATH = "${stateDir}/log"; | ||||
|           DISABLE_ROUTER_LOG = true; | ||||
|           "logger.router.MODE" = ""; | ||||
|         }; | ||||
|         ui = { | ||||
|           THEMES = "gitea,arc-green,github,github-auto,github-dark"; | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| { config, lib, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.mail; | ||||
| @@ -22,6 +22,10 @@ in { | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   imports = [ | ||||
|     self.inputs.nixos-mailserver.nixosModule | ||||
|   ]; | ||||
|  | ||||
|   config = lib.mkIf cfg.enable { | ||||
|     services.roundcube = { | ||||
|       enable = true; | ||||
|   | ||||
| @@ -1,127 +0,0 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.matrix-synapse; | ||||
|   matrixClientConfig = { | ||||
|     "m.homeserver" = { | ||||
|       base_url = "https://matrix.vimium.com"; | ||||
|       server_name = "vimium.com"; | ||||
|     }; | ||||
|     "m.identity_server" = {}; | ||||
|   }; | ||||
|   matrixServerConfig."m.server" = "matrix.vimium.com:443"; | ||||
|   mkWellKnown = data: '' | ||||
|     more_set_headers 'Content-Type: application/json'; | ||||
|     return 200 '${builtins.toJSON data}'; | ||||
|   ''; | ||||
| in { | ||||
|   options.modules.services.matrix-synapse = { | ||||
|     enable = mkOption { | ||||
|       default = false; | ||||
|       example = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     networking.firewall.allowedTCPPorts = [ | ||||
|       8448 # Matrix federation | ||||
|     ]; | ||||
|  | ||||
|     security.acme.certs = { | ||||
|       "matrix.vimium.com" = { | ||||
|         reloadServices = [ "matrix-synapse" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.nginx.virtualHosts = { | ||||
|       "chat.vimium.com" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         root = pkgs.unstable.element-web.override { | ||||
|           conf = { | ||||
|             default_server_config = matrixClientConfig; | ||||
|             brand = "Vimium Chat"; | ||||
|             branding = { | ||||
|               auth_header_logo_url = "https://vimium.com/images/logo.svg"; | ||||
|               auth_footer_links = [ | ||||
|                 { "text" = "Vimium.com"; "url" = "https://vimium.com"; } | ||||
|               ]; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|       "matrix.vimium.com" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         listen = [ | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|         ]; | ||||
|         locations = { | ||||
|           "/" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_matrix" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|               client_max_body_size 50M; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_synapse/client".proxyPass = "http://localhost:8008"; | ||||
|         }; | ||||
|       }; | ||||
|       "vimium.com" = { | ||||
|         locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); | ||||
|         locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.matrix-synapse = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         database.name = "sqlite3"; | ||||
|         enable_registration = false; | ||||
|         server_name = "vimium.com"; | ||||
|         # turn_shared_secret = "???"; | ||||
|         # turn_uris = [ | ||||
|         #   "turn:turn.vimium.com:5349?transport=udp" | ||||
|         #   "turn:turn.vimium.com:5350?transport=udp" | ||||
|         #   "turn:turn.vimium.com:5349?transport=tcp" | ||||
|         #   "turn:turn.vimium.com:5350?transport=tcp" | ||||
|         # ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										248
									
								
								modules/services/matrix/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										248
									
								
								modules/services/matrix/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,248 @@ | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| let | ||||
|   cfg = config.modules.services.matrix; | ||||
| in { | ||||
|   options.modules.services.matrix = { | ||||
|     enable = lib.mkEnableOption "matrix"; | ||||
|     element = { | ||||
|       enable = lib.mkOption { | ||||
|         type = lib.types.bool; | ||||
|         default = true; | ||||
|       }; | ||||
|     }; | ||||
|     bridges = { | ||||
|       signal = lib.mkOption { | ||||
|         type = lib.types.bool; | ||||
|         default = false; | ||||
|         description = "Enable Signal bridge."; | ||||
|       }; | ||||
|       whatsapp = lib.mkOption { | ||||
|         type = lib.types.bool; | ||||
|         default = false; | ||||
|         description = "Enable WhatsApp bridge."; | ||||
|       }; | ||||
|     }; | ||||
|     serverName = lib.mkOption { | ||||
|       type = lib.types.str; | ||||
|       default = "vimium.com"; | ||||
|       example = "vimium.com"; | ||||
|     }; | ||||
|     slidingSync = { | ||||
|       enable = lib.mkEnableOption "sliding-sync"; | ||||
|     }; | ||||
|     usePostgresql = lib.mkEnableOption "postgresql"; | ||||
|   }; | ||||
|  | ||||
|   config = let | ||||
|     matrixSubdomain = "matrix.${cfg.serverName}"; | ||||
|     elementSubdomain = "chat.${cfg.serverName}"; | ||||
|     matrixClientConfig = { | ||||
|       "m.homeserver" = { | ||||
|         base_url = "https://${matrixSubdomain}"; | ||||
|         server_name = cfg.serverName; | ||||
|       }; | ||||
|       "m.identity_server" = {}; | ||||
|       "org.matrix.msc3575.proxy" = if cfg.slidingSync.enable then { | ||||
|         "url" = "https://${matrixSubdomain}"; | ||||
|       } else { }; | ||||
|     }; | ||||
|     matrixServerConfig."m.server" = "${matrixSubdomain}:443"; | ||||
|     commonBridgeSettings = bridge: { | ||||
|       appservice = { | ||||
|         database = lib.mkIf cfg.usePostgresql { | ||||
|           type = "postgres"; | ||||
|           uri = "postgresql:///${bridge}?host=/run/postgresql"; | ||||
|         }; | ||||
|       }; | ||||
|       bridge = { | ||||
|         encryption = { | ||||
|           allow = true; | ||||
|           default = true; | ||||
|           require = true; | ||||
|         }; | ||||
|         permissions = { | ||||
|           "${cfg.serverName}" = "user"; | ||||
|           "@jordan:${cfg.serverName}" = "admin"; | ||||
|         }; | ||||
|         provisioning = { | ||||
|           shared_secret = "disable"; | ||||
|         }; | ||||
|       }; | ||||
|       homeserver = { | ||||
|         address = "https://${matrixSubdomain}"; | ||||
|         domain = cfg.serverName; | ||||
|       }; | ||||
|     }; | ||||
|   in lib.mkIf cfg.enable { | ||||
|     networking.firewall.allowedTCPPorts = [ | ||||
|       8448 # Matrix federation | ||||
|     ]; | ||||
|  | ||||
|     security.acme.certs = { | ||||
|       "${matrixSubdomain}" = { | ||||
|         reloadServices = [ "matrix-synapse" ]; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     services.nginx.virtualHosts = { | ||||
|       "${matrixSubdomain}" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         listen = [ | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "0.0.0.0"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 80; | ||||
|           } | ||||
|           { | ||||
|             addr = "[::1]"; | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|           } | ||||
|         ]; | ||||
|         locations = { | ||||
|           "/" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_matrix" = { | ||||
|             proxyPass = "http://localhost:8008"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|               client_max_body_size 50M; | ||||
|             ''; | ||||
|           }; | ||||
|           "/_synapse/client".proxyPass = "http://localhost:8008"; | ||||
|           "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable { | ||||
|             priority = 100; | ||||
|             proxyPass = "http://localhost:8009"; | ||||
|             extraConfig = '' | ||||
|               proxy_set_header X-Forwarded-For $remote_addr; | ||||
|             ''; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|       "${cfg.serverName}" = let | ||||
|         mkWellKnown = data: '' | ||||
|           more_set_headers 'Content-Type: application/json'; | ||||
|           return 200 '${builtins.toJSON data}'; | ||||
|         ''; | ||||
|       in { | ||||
|         locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); | ||||
|         locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); | ||||
|       }; | ||||
|     } // (if cfg.element.enable then { | ||||
|       "${elementSubdomain}" = { | ||||
|         forceSSL = true; | ||||
|         enableACME = true; | ||||
|         root = pkgs.unstable.element-web.override { | ||||
|           conf = { | ||||
|             default_server_config = matrixClientConfig; | ||||
|             brand = "Vimium Chat"; | ||||
|             branding = { | ||||
|               auth_header_logo_url = "https://vimium.com/images/logo.svg"; | ||||
|               auth_footer_links = [ | ||||
|                 { "text" = "Vimium.com"; "url" = "https://vimium.com"; } | ||||
|               ]; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|     } else {}); | ||||
|  | ||||
|     services.matrix-synapse = { | ||||
|       enable = true; | ||||
|       enableRegistrationScript = true; | ||||
|       settings = { | ||||
|         database.name = (if cfg.usePostgresql then "psycopg2" else "sqlite3"); | ||||
|         enable_metrics = false; | ||||
|         enable_registration = false; | ||||
|         max_upload_size = "100M"; | ||||
|         report_stats = false; | ||||
|         server_name = cfg.serverName; | ||||
|         app_service_config_files = (lib.optional cfg.bridges.whatsapp | ||||
|           "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"); | ||||
|       }; | ||||
|     }; | ||||
|     systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = | ||||
|       (lib.optional cfg.bridges.whatsapp | ||||
|         config.systemd.services.mautrix-whatsapp.serviceConfig.Group); | ||||
|  | ||||
|     age.secrets = if cfg.slidingSync.enable then { | ||||
|       "files/services/matrix/sliding-sync" = { | ||||
|         file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age"; | ||||
|       }; | ||||
|     } else {}; | ||||
|  | ||||
|     services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable { | ||||
|       enable = true; | ||||
|       environmentFile = config.age.secrets."files/services/matrix/sliding-sync".path; | ||||
|       settings = { SYNCV3_SERVER = "https://${matrixSubdomain}"; }; | ||||
|     }; | ||||
|  | ||||
|     services.postgresql = lib.mkIf cfg.usePostgresql { | ||||
|       ensureUsers = [ | ||||
|         { | ||||
|           name = "matrix-synapse"; | ||||
|           ensureDBOwnership = true; | ||||
|         } | ||||
|       ] ++ (lib.optional cfg.bridges.signal | ||||
|         { | ||||
|           name = "mautrix-signal"; | ||||
|           ensureDBOwnership = true; | ||||
|         }) | ||||
|         ++ (lib.optional cfg.bridges.whatsapp | ||||
|         { | ||||
|           name = "mautrix-whatsapp"; | ||||
|           ensureDBOwnership = true; | ||||
|         }); | ||||
|       ensureDatabases = [ | ||||
|         "matrix-synapse" | ||||
|       ] ++ (lib.optional cfg.bridges.signal | ||||
|         "mautrix-signal") | ||||
|         ++ (lib.optional cfg.bridges.whatsapp | ||||
|         "mautrix-whatsapp"); | ||||
|     }; | ||||
|  | ||||
|     services.mautrix-signal = lib.mkIf cfg.bridges.signal { | ||||
|       enable = true; | ||||
|       settings = commonBridgeSettings "mautrix-signal"; | ||||
|     }; | ||||
|  | ||||
|     services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         bridge = { | ||||
|           history_sync = { | ||||
|             backfill = true; | ||||
|             max_initial_conversations = -1; | ||||
|             message_count = 50; | ||||
|             request_full_sync = true; | ||||
|           }; | ||||
|           mute_bridging = true; | ||||
|         }; | ||||
|       } // commonBridgeSettings "mautrix-whatsapp"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| @@ -82,6 +82,13 @@ in { | ||||
|         worker_connections 20000; | ||||
|         multi_accept off; | ||||
|       ''; | ||||
|       proxyCachePath = { | ||||
|         "skycam" = { | ||||
|           enable = true; | ||||
|           keysZoneName = "skycam_cache"; | ||||
|           maxSize = "100m"; | ||||
|         }; | ||||
|       }; | ||||
|       virtualHosts = { | ||||
|         ## Static sites | ||||
|         "jellyfin.vimium.com" = { | ||||
| @@ -105,6 +112,21 @@ in { | ||||
|             ''; | ||||
|           }; | ||||
|         }; | ||||
|         "jdholt.com" = { | ||||
|           forceSSL = true; | ||||
|           enableACME = true; | ||||
|           serverAliases = [ "www.jdholt.com" ]; | ||||
|           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders; | ||||
|           locations."/skycam/snapshot.jpg" = { | ||||
|             proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot"; | ||||
|             extraConfig = '' | ||||
|               proxy_cache skycam_cache; | ||||
|               proxy_cache_valid any 10s; | ||||
|               proxy_ignore_headers Cache-Control Expires Set-Cookie; | ||||
|             ''; | ||||
|           }; | ||||
|           locations."/".return = "301 https://vimium.com$request_uri"; | ||||
|         }; | ||||
|         "pki.vimium.com" = { | ||||
|           addSSL = true; | ||||
|           forceSSL = false; | ||||
| @@ -142,7 +164,6 @@ in { | ||||
|       ## Redirects | ||||
|       // (mkRedirect "h0lt.com" "jdholt.com") | ||||
|       // (mkRedirect "jordanholt.xyz" "jdholt.com") | ||||
|       // (mkRedirect "jdholt.com" "vimium.com") | ||||
|       // (mkRedirect "omnimagic.com" "vimium.com") | ||||
|       // (mkRedirect "omnimagic.net" "vimium.com") | ||||
|       // (mkRedirect "thelostlegend.com" "suhailhussain.com") | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, lib, pkgs, inputs, ... }: | ||||
| { config, lib, pkgs, self, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| @@ -36,7 +36,7 @@ in { | ||||
|     }; | ||||
|  | ||||
|     age.secrets."passwords/services/photoprism/admin" = { | ||||
|       file = "${inputs.secrets}/passwords/services/photoprism/admin.age"; | ||||
|       file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age"; | ||||
|     }; | ||||
|  | ||||
|     services.photoprism = { | ||||
|   | ||||
| @@ -21,7 +21,7 @@ in { | ||||
|  | ||||
|     user.packages = with pkgs; [ | ||||
|       fd | ||||
|       fzf | ||||
|       unstable.fzf | ||||
|       jq | ||||
|       nix-zsh-completions | ||||
|       nnn | ||||
|   | ||||
							
								
								
									
										35
									
								
								overlays/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								overlays/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| final: prev: | ||||
|  | ||||
| /* | ||||
|   Generate an overlay from `pkgs` by handling the `callPackage` behaviour | ||||
|   ourselves, making exceptions for namespaced package sets. We cannot reuse | ||||
|   the definitions from `self.legacyPackages.${prev.system}`, as that would | ||||
|   evaluate nixpkgs twice here (prev.system does not exist then). | ||||
| */ | ||||
|  | ||||
| let | ||||
|   lib = prev.lib; | ||||
|  | ||||
|   pkgs = lib.packagesFromDirectoryRecursive { | ||||
|     callPackage = path: overrides: path; | ||||
|     directory = ../pkgs; | ||||
|   }; | ||||
| in | ||||
|   lib.mapAttrs | ||||
|     (name: value: | ||||
|       if lib.isAttrs value then | ||||
|         if lib.hasAttrByPath [ name "overrideScope" ] prev then | ||||
|           # Namespaced package sets created with `lib.makeScope pkgs.newScope`. | ||||
|           prev.${name}.overrideScope (final': prev': | ||||
|             lib.mapAttrs (name': value': final'.callPackage value' { }) value) | ||||
|         else if lib.hasAttrByPath [ name "extend" ] prev then | ||||
|           # Namespaced package sets created with `lib.makeExtensible`. | ||||
|           prev.${name}.extend (final': prev': | ||||
|             lib.mapAttrs (name': value': final.callPackage value' { }) value) | ||||
|         else | ||||
|           # Namespaced package sets in regular attrsets. | ||||
|           prev.${name} // value | ||||
|       else | ||||
|         final.callPackage value { }) | ||||
|     pkgs | ||||
|  | ||||
| @@ -1,10 +1,10 @@ | ||||
| self: super: | ||||
| final: prev: | ||||
| { | ||||
|   gnome = super.gnome.overrideScope' (gself: gsuper: { | ||||
|   gnome = prev.gnome.overrideScope' (gself: gsuper: { | ||||
|     mutter = gsuper.mutter.overrideAttrs (oldAttrs: { | ||||
|       src = super.fetchurl { | ||||
|       src = prev.fetchurl { | ||||
|         url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz"; | ||||
|         sha256 = "5Dow9/wsyeqAQxucegFvPTGIS3jEBFisjSCY3XZronw="; | ||||
|         sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE="; | ||||
|       }; | ||||
|     }); | ||||
|   }); | ||||
							
								
								
									
										25
									
								
								overlays/libcamera/0001-Ignore-IPA-signing.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								overlays/libcamera/0001-Ignore-IPA-signing.patch
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| From 625939e594ce255afa3fab3a40c3e524460e1f8b Mon Sep 17 00:00:00 2001 | ||||
| From: Jordan Holt <jordan@vimium.com> | ||||
| Date: Sat, 10 Aug 2024 18:28:08 +0100 | ||||
| Subject: [PATCH] Ignore IPA signing | ||||
|  | ||||
| --- | ||||
|  src/libcamera/ipa_manager.cpp | 2 +- | ||||
|  1 file changed, 1 insertion(+), 1 deletion(-) | ||||
|  | ||||
| diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp | ||||
| index 6d5bbd05..43004175 100644 | ||||
| --- a/src/libcamera/ipa_manager.cpp | ||||
| +++ b/src/libcamera/ipa_manager.cpp | ||||
| @@ -295,7 +295,7 @@ bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const | ||||
|  	if (data.empty()) | ||||
|  		return false; | ||||
|   | ||||
| -	bool valid = pubKey_.verify(data, ipa->signature()); | ||||
| +	bool valid = true; | ||||
|   | ||||
|  	LOG(IPAManager, Debug) | ||||
|  		<< "IPA module " << ipa->path() << " signature is " | ||||
| --  | ||||
| 2.44.1 | ||||
|  | ||||
							
								
								
									
										142
									
								
								overlays/libcamera/0001-Remove-relative-config-lookups.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										142
									
								
								overlays/libcamera/0001-Remove-relative-config-lookups.patch
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,142 @@ | ||||
| From 57128bb78f56cadf9e2dcca5ba4d710c3bd478a7 Mon Sep 17 00:00:00 2001 | ||||
| From: Jordan Holt <jordan@vimium.com> | ||||
| Date: Mon, 5 Aug 2024 21:53:09 +0100 | ||||
| Subject: [PATCH] Remove relative config lookups | ||||
|  | ||||
| --- | ||||
|  src/libcamera/ipa_manager.cpp      | 16 ---------- | ||||
|  src/libcamera/ipa_proxy.cpp        | 48 ++---------------------------- | ||||
|  src/libcamera/pipeline_handler.cpp | 21 ++----------- | ||||
|  3 files changed, 4 insertions(+), 81 deletions(-) | ||||
|  | ||||
| diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp | ||||
| index f4e0b633..6d5bbd05 100644 | ||||
| --- a/src/libcamera/ipa_manager.cpp | ||||
| +++ b/src/libcamera/ipa_manager.cpp | ||||
| @@ -131,22 +131,6 @@ IPAManager::IPAManager() | ||||
|  				<< "No IPA found in '" << modulePaths << "'"; | ||||
|  	} | ||||
|   | ||||
| -	/* | ||||
| -	 * When libcamera is used before it is installed, load IPAs from the | ||||
| -	 * same build directory as the libcamera library itself. | ||||
| -	 */ | ||||
| -	std::string root = utils::libcameraBuildPath(); | ||||
| -	if (!root.empty()) { | ||||
| -		std::string ipaBuildPath = root + "src/ipa"; | ||||
| -		constexpr int maxDepth = 2; | ||||
| - | ||||
| -		LOG(IPAManager, Info) | ||||
| -			<< "libcamera is not installed. Adding '" | ||||
| -			<< ipaBuildPath << "' to the IPA search path"; | ||||
| - | ||||
| -		ipaCount += addDir(ipaBuildPath.c_str(), maxDepth); | ||||
| -	} | ||||
| - | ||||
|  	/* Finally try to load IPAs from the installed system path. */ | ||||
|  	ipaCount += addDir(IPA_MODULE_DIR); | ||||
|   | ||||
| diff --git a/src/libcamera/ipa_proxy.cpp b/src/libcamera/ipa_proxy.cpp | ||||
| index 69975d8f..cd9284a3 100644 | ||||
| --- a/src/libcamera/ipa_proxy.cpp | ||||
| +++ b/src/libcamera/ipa_proxy.cpp | ||||
| @@ -122,33 +122,11 @@ std::string IPAProxy::configurationFile(const std::string &name, | ||||
|  		} | ||||
|  	} | ||||
|   | ||||
| -	std::string root = utils::libcameraSourcePath(); | ||||
| -	if (!root.empty()) { | ||||
| -		/* | ||||
| -		 * When libcamera is used before it is installed, load | ||||
| -		 * configuration files from the source directory. The | ||||
| -		 * configuration files are then located in the 'data' | ||||
| -		 * subdirectory of the corresponding IPA module. | ||||
| -		 */ | ||||
| -		std::string ipaConfDir = root + "src/ipa/" + ipaName + "/data"; | ||||
| - | ||||
| -		LOG(IPAProxy, Info) | ||||
| -			<< "libcamera is not installed. Loading IPA configuration from '" | ||||
| -			<< ipaConfDir << "'"; | ||||
| - | ||||
| -		std::string confPath = ipaConfDir + "/" + name; | ||||
| +	for (const auto &dir : utils::split(IPA_CONFIG_DIR, ":")) { | ||||
| +		std::string confPath = dir + "/" + ipaName + "/" + name; | ||||
|  		ret = stat(confPath.c_str(), &statbuf); | ||||
|  		if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG) | ||||
|  			return confPath; | ||||
| - | ||||
| -	} else { | ||||
| -		/* Else look in the system locations. */ | ||||
| -		for (const auto &dir : utils::split(IPA_CONFIG_DIR, ":")) { | ||||
| -			std::string confPath = dir + "/" + ipaName + "/" + name; | ||||
| -			ret = stat(confPath.c_str(), &statbuf); | ||||
| -			if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG) | ||||
| -				return confPath; | ||||
| -		} | ||||
|  	} | ||||
|   | ||||
|  	if (fallbackName.empty()) { | ||||
| @@ -197,28 +175,6 @@ std::string IPAProxy::resolvePath(const std::string &file) const | ||||
|  		} | ||||
|  	} | ||||
|   | ||||
| -	/* | ||||
| -	 * When libcamera is used before it is installed, load proxy workers | ||||
| -	 * from the same build directory as the libcamera directory itself. | ||||
| -	 * This requires identifying the path of the libcamera.so, and | ||||
| -	 * referencing a relative path for the proxy workers from that point. | ||||
| -	 */ | ||||
| -	std::string root = utils::libcameraBuildPath(); | ||||
| -	if (!root.empty()) { | ||||
| -		std::string ipaProxyDir = root + "src/libcamera/proxy/worker"; | ||||
| - | ||||
| -		LOG(IPAProxy, Info) | ||||
| -			<< "libcamera is not installed. Loading proxy workers from '" | ||||
| -			<< ipaProxyDir << "'"; | ||||
| - | ||||
| -		std::string proxyPath = ipaProxyDir + proxyFile; | ||||
| -		if (!access(proxyPath.c_str(), X_OK)) | ||||
| -			return proxyPath; | ||||
| - | ||||
| -		return std::string(); | ||||
| -	} | ||||
| - | ||||
| -	/* Else try finding the exec target from the install directory. */ | ||||
|  	std::string proxyPath = std::string(IPA_PROXY_DIR) + proxyFile; | ||||
|  	if (!access(proxyPath.c_str(), X_OK)) | ||||
|  		return proxyPath; | ||||
| diff --git a/src/libcamera/pipeline_handler.cpp b/src/libcamera/pipeline_handler.cpp | ||||
| index 5ea2ca78..fd8555ca 100644 | ||||
| --- a/src/libcamera/pipeline_handler.cpp | ||||
| +++ b/src/libcamera/pipeline_handler.cpp | ||||
| @@ -561,25 +561,8 @@ std::string PipelineHandler::configurationFile(const std::string &subdir, | ||||
|  	struct stat statbuf; | ||||
|  	int ret; | ||||
|   | ||||
| -	std::string root = utils::libcameraSourcePath(); | ||||
| -	if (!root.empty()) { | ||||
| -		/* | ||||
| -		 * When libcamera is used before it is installed, load | ||||
| -		 * configuration files from the source directory. The | ||||
| -		 * configuration files are then located in the 'data' | ||||
| -		 * subdirectory of the corresponding pipeline handler. | ||||
| -		 */ | ||||
| -		std::string confDir = root + "src/libcamera/pipeline/"; | ||||
| -		confPath = confDir + subdir + "/data/" + name; | ||||
| - | ||||
| -		LOG(Pipeline, Info) | ||||
| -			<< "libcamera is not installed. Loading platform configuration file from '" | ||||
| -			<< confPath << "'"; | ||||
| -	} else { | ||||
| -		/* Else look in the system locations. */ | ||||
| -		confPath = std::string(LIBCAMERA_DATA_DIR) | ||||
| -				+ "/pipeline/" + subdir + '/' + name; | ||||
| -	} | ||||
| +	confPath = std::string(LIBCAMERA_DATA_DIR) | ||||
| +			+ "/pipeline/" + subdir + '/' + name; | ||||
|   | ||||
|  	ret = stat(confPath.c_str(), &statbuf); | ||||
|  	if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG) | ||||
| --  | ||||
| 2.44.1 | ||||
|  | ||||
							
								
								
									
										64
									
								
								overlays/libcamera/default.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								overlays/libcamera/default.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| final: prev: | ||||
| { | ||||
|   libpisp = final.stdenv.mkDerivation { | ||||
|     name = "libpisp"; | ||||
|     version = "1.0.5"; | ||||
|     src = final.fetchFromGitHub { | ||||
|       owner = "raspberrypi"; | ||||
|       repo = "libpisp"; | ||||
|       rev = "v1.0.5"; | ||||
|       hash = "sha256-CHd44CH5dBcZuK+5fZtONZ8HE/lwGKwK5U0BYUK8gG4="; | ||||
|     }; | ||||
|  | ||||
|     nativeBuildInputs = with final; [ | ||||
|       pkg-config | ||||
|       meson | ||||
|       ninja | ||||
|     ]; | ||||
|  | ||||
|     buildInputs = with final; [ | ||||
|       nlohmann_json | ||||
|       boost | ||||
|     ]; | ||||
|  | ||||
|     BOOST_INCLUDEDIR = "${prev.lib.getDev final.boost}/include"; | ||||
|     BOOST_LIBRARYDIR = "${prev.lib.getLib final.boost}/lib"; | ||||
|   }; | ||||
|  | ||||
|   libcamera = prev.libcamera.overrideAttrs (old: { | ||||
|     src = final.fetchFromGitHub { | ||||
|       owner = "raspberrypi"; | ||||
|       repo = "libcamera"; | ||||
|       rev = "eb00c13d7c9f937732305d47af5b8ccf895e700f"; | ||||
|       hash = "sha256-p0/inkHPRUkxSIsTmj7VI7sIaX7OXdqjMGZ31W7cnt4="; | ||||
|     }; | ||||
|  | ||||
|     postPatch = '' | ||||
|       patchShebangs utils/ src/py/ | ||||
|     ''; | ||||
|  | ||||
|     patches = [ | ||||
|       ./0001-Remove-relative-config-lookups.patch | ||||
|       ./0001-Ignore-IPA-signing.patch | ||||
|     ]; | ||||
|  | ||||
|     buildInputs = old.buildInputs ++ (with final; [ | ||||
|       libpisp | ||||
|       libglibutil | ||||
|     ]); | ||||
|  | ||||
|     mesonFlags = old.mesonFlags ++ [ | ||||
|       "--buildtype=release" | ||||
|       "-Dpipelines=rpi/vc4,rpi/pisp" | ||||
|       "-Dipas=rpi/vc4,rpi/pisp" | ||||
|       "-Dgstreamer=enabled" | ||||
|       "-Dtest=false" | ||||
|       "-Dcam=enabled" | ||||
|       "-Dpycamera=disabled" | ||||
|     ]; | ||||
|   }); | ||||
|  | ||||
|   camera-streamer = prev.callPackage ../pkgs/camera-streamer/package.nix { | ||||
|     libcamera = final.libcamera; | ||||
|   }; | ||||
| } | ||||
							
								
								
									
										25
									
								
								pkgs/camera-streamer/0001-Disable-libdatachannel.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								pkgs/camera-streamer/0001-Disable-libdatachannel.patch
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| From 0f17bb86772afe9495891e420a809a0b3c071caf Mon Sep 17 00:00:00 2001 | ||||
| From: Jordan Holt <jordan@vimium.com> | ||||
| Date: Sat, 10 Aug 2024 15:37:15 +0100 | ||||
| Subject: [PATCH] Disable libdatachannel | ||||
|  | ||||
| --- | ||||
|  Makefile | 2 +- | ||||
|  1 file changed, 1 insertion(+), 1 deletion(-) | ||||
|  | ||||
| diff --git a/Makefile b/Makefile | ||||
| index d5029bd..e50ba1a 100644 | ||||
| --- a/Makefile | ||||
| +++ b/Makefile | ||||
| @@ -23,7 +23,7 @@ USE_HW_H264 ?= 1 | ||||
|  USE_FFMPEG ?= $(shell pkg-config libavutil libavformat libavcodec && echo 1) | ||||
|  USE_LIBCAMERA ?= $(shell pkg-config libcamera && echo 1) | ||||
|  USE_RTSP ?= $(shell pkg-config live555 && echo 1) | ||||
| -USE_LIBDATACHANNEL ?= $(shell [ -e $(LIBDATACHANNEL_PATH)/CMakeLists.txt ] && echo 1) | ||||
| +USE_LIBDATACHANNEL ?= 0 | ||||
|   | ||||
|  ifeq (1,$(DEBUG)) | ||||
|  CFLAGS += -g | ||||
| --  | ||||
| 2.44.1 | ||||
|  | ||||
							
								
								
									
										78
									
								
								pkgs/camera-streamer/package.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										78
									
								
								pkgs/camera-streamer/package.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,78 @@ | ||||
| { stdenv | ||||
| , fetchFromGitHub | ||||
|  | ||||
| , cmake | ||||
| , gnumake | ||||
| , pkg-config | ||||
| , xxd | ||||
|  | ||||
| , v4l-utils | ||||
| , nlohmann_json | ||||
| , ffmpegSupport ? true | ||||
| , ffmpeg | ||||
| , libcameraSupport ? true | ||||
| , libcamera | ||||
| , rtspSupport ? false | ||||
| , live555 | ||||
| , webrtcSupport ? false | ||||
| , openssl | ||||
|  | ||||
| , lib | ||||
| }: | ||||
|  | ||||
| stdenv.mkDerivation (finalAttrs: { | ||||
|   pname = "camera-streamer"; | ||||
|   version = "0.2.8"; | ||||
|  | ||||
|   src = fetchFromGitHub { | ||||
|     owner = "ayufan"; | ||||
|     repo = "camera-streamer"; | ||||
|     rev = "refs/tags/v${finalAttrs.version}"; | ||||
|     hash = "sha256-8vV8BMFoDeh22I1/qxk6zttJROaD/lrThBxXHZSPpT4="; | ||||
|     fetchSubmodules = true; | ||||
|   }; | ||||
|  | ||||
|   patches = [ | ||||
|     ./0001-Disable-libdatachannel.patch | ||||
|   ]; | ||||
|  | ||||
|   # Second replacement fixes literal newline in generated version.h. | ||||
|   postPatch = '' | ||||
|     substituteInPlace Makefile \ | ||||
|       --replace '/usr/local/bin' '/bin' \ | ||||
|       --replace 'echo "#define' 'echo -e "#define' | ||||
|   ''; | ||||
|  | ||||
|   env.NIX_CFLAGS_COMPILE = builtins.toString [ | ||||
|     "-Wno-error=stringop-overflow" | ||||
|     "-Wno-error=format" | ||||
|     "-Wno-format" | ||||
|     "-Wno-format-security" | ||||
|     "-Wno-error=unused-result" | ||||
|   ]; | ||||
|  | ||||
|   nativeBuildInputs = [ | ||||
|     cmake | ||||
|     gnumake | ||||
|     pkg-config | ||||
|     xxd | ||||
|   ]; | ||||
|  | ||||
|   dontUseCmakeConfigure = true; | ||||
|  | ||||
|   buildInputs = [ nlohmann_json v4l-utils ] | ||||
|     ++ (lib.optional ffmpegSupport ffmpeg) | ||||
|     ++ (lib.optional libcameraSupport libcamera) | ||||
|     ++ (lib.optional rtspSupport live555) | ||||
|     ++ (lib.optional webrtcSupport openssl); | ||||
|  | ||||
|   installFlags = [ "DESTDIR=${builtins.placeholder "out"}" ]; | ||||
|   preInstall = "mkdir -p $out/bin"; | ||||
|  | ||||
|   meta = with lib; { | ||||
|     description = "High-performance low-latency camera streamer for Raspberry Pi's"; | ||||
|     website = "https://github.com/ayufan/camera-streamer"; | ||||
|     license = licenses.gpl3Only; | ||||
|   }; | ||||
| }) | ||||
|  | ||||
							
								
								
									
										58
									
								
								pkgs/rpicam-apps/package.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										58
									
								
								pkgs/rpicam-apps/package.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,58 @@ | ||||
| { stdenv | ||||
| , fetchFromGitHub | ||||
| , meson | ||||
| , ninja | ||||
| , pkg-config | ||||
| , boost | ||||
| , ffmpeg | ||||
| , libcamera | ||||
| , libdrm | ||||
| , libexif | ||||
| , libjpeg | ||||
| , libpng | ||||
| , libtiff | ||||
| , lib | ||||
| }: | ||||
|  | ||||
| stdenv.mkDerivation (finalAttrs: { | ||||
|   pname = "rpicam-apps"; | ||||
|   version = "1.4.1"; | ||||
|  | ||||
|   src = fetchFromGitHub { | ||||
|     owner = "raspberrypi"; | ||||
|     repo = "rpicam-apps"; | ||||
|     rev = "v" + finalAttrs.version; | ||||
|     hash = "sha256-3NG2ZE/Ub3lTbfne0LCXuDgLGTPaAAADRdElEbZwvls="; | ||||
|   }; | ||||
|  | ||||
|   nativeBuildInputs = [ | ||||
|     meson | ||||
|     ninja | ||||
|     pkg-config | ||||
|   ]; | ||||
|  | ||||
|   buildInputs = [ | ||||
|     boost | ||||
|     ffmpeg | ||||
|     libcamera | ||||
|     libdrm | ||||
|     libexif | ||||
|     libjpeg | ||||
|     libpng | ||||
|     libtiff | ||||
|   ]; | ||||
|  | ||||
|   # Meson is no longer able to pick up Boost automatically: | ||||
|   # https://github.com/NixOS/nixpkgs/issues/86131 | ||||
|   BOOST_INCLUDEDIR = "${lib.getDev boost}/include"; | ||||
|   BOOST_LIBRARYDIR = "${lib.getLib boost}/lib"; | ||||
|  | ||||
|   meta = with lib; { | ||||
|     description = '' | ||||
|       libcamera-based applications to drive the cameras on a Raspberry Pi platform | ||||
|     ''; | ||||
|     homepage = "https://github.com/raspberrypi/rpicam-apps"; | ||||
|     license = licenses.bsd2; | ||||
|   }; | ||||
| }) | ||||
|  | ||||
		Reference in New Issue
	
	Block a user