jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:immich
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:4082863b9b885a9d14edc6d5548072eee9e1be88
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

1 Commits
immich ... 4082863b9b

Author SHA1 Message Date
Jordan Holt
4082863b9b Remove deprecated gitea DISABLE_ROUTER_LOG option
Some checks failed
Check flake / build-amd64-linux (push) Failing after 2m15s
Details
2024-07-21 14:19:12 +01:00
46 changed files with 243 additions and 1047 deletions
Expand all files Collapse all files

138
flake.lock generated
View File

@@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"lastModified": 1720546205,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"type": "github"
},
"original": {
@@ -66,11 +66,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
@@ -81,17 +81,18 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
@@ -107,11 +108,11 @@
]
},
"locked": {
"lastModified": 1727359191,
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
"lastModified": 1721417620,
"narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
"owner": "nix-community",
"repo": "disko",
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
"rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
"type": "github"
},
"original": {
@@ -123,11 +124,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1723137499,
"narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
"lastModified": 1721276923,
"narHash": "sha256-HJKuwVvi+yGv+8n9Ez4EwaJA0B79JRss9J30vpgy/GI=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
"rev": "cc70ec20e2775df7cd2bccdd20dcdecc3e0a733b",
"type": "github"
},
"original": {
@@ -206,11 +207,11 @@
]
},
"locked": {
"lastModified": 1725234343,
"narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
@@ -219,6 +220,24 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_4",
@@ -233,11 +252,11 @@
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"lastModified": 1721038330,
"narHash": "sha256-DyIGJ+DEnKeGd346YJCwjmp9hXwiYq8wqGtikgbDqSc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"rev": "622291c026190caf13cb26f5136616b1ff0a07aa",
"type": "github"
},
"original": {
@@ -313,11 +332,11 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
@@ -373,11 +392,11 @@
]
},
"locked": {
"lastModified": 1725189302,
"narHash": "sha256-IhXok/kwQqtusPsoguQLCHA+h6gKvgdCrkhIaN+kByA=",
"lastModified": 1720845312,
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "7c4b53a7d9f3a3df902b3fddf2ae245ef20ebcda",
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github"
},
"original": {
@@ -388,11 +407,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1727437159,
"narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=",
"lastModified": 1721413321,
"narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2",
"rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f",
"type": "github"
},
"original": {
@@ -459,11 +478,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1727122398,
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
"lastModified": 1721379653,
"narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
"rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
"type": "github"
},
"original": {
@@ -490,11 +509,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1727264057,
"narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
"lastModified": 1721409541,
"narHash": "sha256-b6PLr0Ty7JPDBtJtjnYzlBf02bbH9alWMAgispMkTwk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
"rev": "0c53b6b8c2a3e46c68e04417e247bba660689c9d",
"type": "github"
},
"original": {
@@ -517,11 +536,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1725350106,
"narHash": "sha256-TaMMlI2KPJ3wCyxJk6AShOLhNuTeabHCnvYRkLBlEFs=",
"lastModified": 1721045803,
"narHash": "sha256-dQGvOK+t45unF7DTp5bfO37hY0NkDUw6X3MH5CCTEAs=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "0f2c31e6a57a83ed4e6fa3adc76749620231055d",
"rev": "eef2f4c6b190d92e296e47e5fe10e7ced65fd959",
"type": "github"
},
"original": {
@@ -541,11 +560,11 @@
]
},
"locked": {
"lastModified": 1727210241,
"narHash": "sha256-lufS6uzSbSrggNCSgubymMQWnQMh7PvQ+lRZ8qH9Uoc=",
"lastModified": 1720992717,
"narHash": "sha256-8j1bZVfKT1vJ0e+U7NYRNBG+DdBj5C/tpwe5krxT4/4=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "a02fef2ece8084aff0b41700bb57d24d73574cd1",
"rev": "460b48dc3dcd05df568e27cbb90581d23baec8dc",
"type": "github"
},
"original": {
@@ -576,11 +595,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1724093899,
"narHash": "sha256-VohYwTIBq7NEssFibuu+HMXXwuCoLmMOmEwQf7sESSI=",
"lastModified": 1720459643,
"narHash": "sha256-X71/NplPXPe9pCvrd9ELpnYBEYtju4+x3LA7S5I1GXM=",
"ref": "refs/heads/master",
"rev": "7f5901bb5d6eeaa94d7e1f18f66093be9df014e4",
"revCount": 27,
"rev": "f8d68b934f4380ecbc6365b4ef7f7c632833d1aa",
"revCount": 21,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
@@ -634,14 +653,29 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"thunderbird-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1721874544,
"narHash": "sha256-BHW9jlx92CsHY84FT0ce5Vxl0KFheLhNn2vndcIf7no=",
"lastModified": 1721309490,
"narHash": "sha256-Xheela/OazoNH9YjP9IgC3hzxQdnPHRQMeH9yW7xl2c=",
"owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme",
"rev": "628fcccb7788e3e0ad34f67114f563c87ac8c1dc",
"rev": "1c89a500dd35b7746ef1fde104a1baf809c2b59a",
"type": "github"
},
"original": {
@@ -658,11 +692,11 @@
]
},
"locked": {
"lastModified": 1724833132,
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
"lastModified": 1720930114,
"narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
"rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
"type": "github"
},
"original": {

129
flake.nix
View File

@@ -51,60 +51,65 @@
};
};
outputs = inputs @ { self, nixpkgs, ... }:
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, ... }:
let
inherit (nixpkgs) lib;
domain = "mesh.vimium.net";
forEverySystem = lib.getAttrs lib.systems.flakeExposed;
forEachSystem = lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
mkPkgsForSystem = system: inputs.nixpkgs;
overlays = [
agenix.overlays.default
(import ./overlays/gnome.nix)
(
final: prev: {
unstable = import inputs.nixpkgs-unstable { system = final.system; };
custom = self.packages { system = final.system; };
}
)
];
mkDeployNode = hostName: {
hostname = "${hostName}.${domain}";
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${self.nixosConfigurations.${hostName}.config.system.build.toplevel.system}.activate.nixos self.nixosConfigurations.${hostName};
commonModules = [
agenix.nixosModules.age
disko.nixosModules.disko
nixos-mailserver.nixosModule
home-manager.nixosModule
./modules
];
mkNixosSystem = { system, name, extraModules ? [] }:
let
nixpkgs = mkPkgsForSystem system;
lib = (import nixpkgs { inherit overlays system; }).lib;
in
inputs.nixpkgs.lib.nixosSystem {
inherit lib system;
specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
modules = commonModules ++ [
({ config, ... }:
{
nixpkgs.pkgs = import nixpkgs {
inherit overlays system;
config.allowUnfree = true;
config.nvidia.acceptLicense = true;
};
networking.hostName = name;
})
./hosts/${name}
] ++ extraModules;
};
};
in
{
overlays = lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: import path;
directory = ./overlays;
nixosConfigurations = {
atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; };
eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; };
helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
};
legacyPackages = forEachSystem (system:
lib.packagesFromDirectoryRecursive {
callPackage = nixpkgs.legacyPackages.${system}.callPackage;
directory = ./pkgs;
});
nixosConfigurations = lib.pipe ./hosts [
builtins.readDir
(lib.filterAttrs (name: value: value == "directory"))
(lib.mapAttrs (name: value:
lib.nixosSystem {
specialArgs = { inherit self; };
modules = [
{
networking = {
inherit domain;
hostName = name;
};
}
./hosts/${name}
];
}))
];
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
buildInputs = [
inputs.agenix.packages.x86_64-linux.agenix
inputs.deploy-rs.packages.x86_64-linux.deploy-rs
deploy-rs.packages.x86_64-linux.deploy-rs
];
};
@@ -112,15 +117,35 @@
magicRollback = true;
autoRollback = true;
sshUser = "root";
nodes = lib.genAttrs [
"mail"
# "pi"
# "skycam"
"vps1"
] mkDeployNode;
nodes = {
mail = {
hostname = "mail.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
};
};
vps1 = {
hostname = "vps1.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
};
};
# pi = {
# hostname = "10.0.1.191";
#
# profiles.system = {
# user = "root";
# path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
# };
# };
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

4
hosts/atlas/default.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, lib, ... }:
{
imports = [
@@ -6,8 +6,6 @@
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

31
hosts/common.nix
View File

@@ -1,22 +1,6 @@
{ config, pkgs, self, ... }:
{ config, lib, pkgs, ... }:
{
imports = [
self.inputs.agenix.nixosModules.age
self.inputs.home-manager.nixosModule
../modules
];
nixpkgs.overlays = [
self.inputs.agenix.overlays.default
(import ../overlays/default.nix)
(
final: prev: {
unstable = import self.inputs.nixpkgs-unstable { system = final.system; };
}
)
];
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
@@ -31,7 +15,7 @@
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
security.sudo.execWheelOnly = true;
@@ -58,17 +42,6 @@
extraOptions = ''
experimental-features = nix-command flakes
'';
buildMachines = [
{
hostName = "10.0.1.79";
sshUser = "root";
system = "aarch64-linux";
maxJobs = 6;
speedFactor = 1;
supportedFeatures = [ "big-parallel" "benchmark" ];
}
];
distributedBuilds = true;
settings = {
connect-timeout = 5;
log-lines = 25;

8
hosts/desktop.nix
View File

@@ -1,14 +1,10 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
imports = [
./common.nix
];
nixpkgs.overlays = [
(import ../overlays/gnome.nix)
];
services.printing.enable = true;
services.openssh.startWhenNeeded = true;
@@ -63,7 +59,7 @@
fd
ffmpeg
iotop
# unstable.nix-du
unstable.nix-du
# unstable.nix-melt
unstable.nix-tree
unstable.nix-visualize

4
hosts/eos/default.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, lib, pkgs, ... }:
{
imports = [
@@ -6,8 +6,6 @@
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

7
hosts/eos/hardware-configuration.nix
View File

@@ -7,12 +7,11 @@
boot = {
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ];
kernel.sysctl = {
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelModules = [ ];
kernelParams = [ "elevator=none" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};

4
hosts/helios/default.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, lib, pkgs, inputs, ... }:
{
imports = [
@@ -6,8 +6,6 @@
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader.grub = {
enable = true;

11
hosts/hypnos/default.nix
View File

@@ -1,21 +1,12 @@
{ config, lib, self, ... }:
{ config, lib, ... }:
{
imports = [
self.inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

4
hosts/hypnos/hardware-configuration.nix
View File

@@ -7,10 +7,6 @@
boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernel.sysctl = {
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelModules = [ "applesmc" "kvm-intel" "wl" ];
extraModulePackages = [
config.boot.kernelPackages.broadcom_sta

3
hosts/library/default.nix
View File

@@ -6,8 +6,6 @@
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
@@ -15,6 +13,7 @@
};
networking = {
domain = "mesh.vimium.net";
hostId = "d24ae953";
firewall = {
enable = true;

6
hosts/mail/default.nix
View File

@@ -1,17 +1,15 @@
{ config, lib, self, ... }:
{ config, lib, pkgs, inputs, ... }:
{
imports = [
self.inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostId = "08ac2f14";
domain = "mesh.vimium.net";
firewall = {
enable = true;
allowedTCPPorts = [

10
hosts/odyssey/default.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, lib, pkgs, inputs, ... }:
{
imports = [
@@ -6,14 +6,6 @@
../desktop.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = {
systemd-boot = {
enable = true;

11
hosts/pi/default.nix
View File

@@ -1,13 +1,12 @@
{ config, lib, pkgs, self, ... }:
{ config, lib, pkgs, inputs, ... }:
{
imports = [
self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix
../server.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
networking.hostId = "731d1660";
hardware = {
raspberry-pi."4" = {
@@ -98,8 +97,6 @@
];
};
networking.hostId = "731d1660";
sound.enable = true;
security.rtkit.enable = true;
@@ -111,7 +108,7 @@
};
age.secrets."files/services/home-assistant/secrets.yaml" = {
file = "${self.inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = "hass";
group = "hass";
@@ -176,7 +173,7 @@
};
age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
file = "${self.inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";

29
hosts/skycam/README.md
View File

@@ -1,29 +0,0 @@
# Skycam
## Overview
Raspberry Pi 4-based webcam
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `skycam.mesh.vimium.net`.
## Devices and connections
- Camera Module 3 with wide-angle lens
## Building
To generate a compressed SD card image for Skycam, run:
`nix build '.#nixosConfigurations.skycam.config.system.build.sdImage'`
Once a card is imaged, the existing SSH host keys should be copied to
`/etc/ssh` manually to enable secret decryption.

111
hosts/skycam/default.nix
View File

@@ -1,111 +0,0 @@
{ config, lib, pkgs, self, ... }:
{
imports = [
self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix
../server.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = false;
xhci.enable = false;
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
# From https://github.com/Electrostasy/dots/blob/3b81723feece67610a252ce754912f6769f0cd34/hosts/phobos/klipper.nix#L43-L65
overlays =
let
mkCompatibleDtsFile = dtbo:
let
drv = pkgs.runCommand "fix-dts" { nativeBuildInputs = with pkgs; [ dtc gnused ]; } ''
mkdir "$out"
dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts
'';
in
"${drv}/overlay.dts";
inherit (config.boot.kernelPackages) kernel;
in
[
{
name = "imx708.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo";
}
{
name = "vc4-kms-v3d-pi4.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo";
}
];
};
firmware = with pkgs; [
firmwareLinuxNonfree
];
};
services.udev.extraRules = ''
SUBSYSTEM=="rpivid-*", GROUP="video", MODE="0660"
KERNEL=="vcsm-cma", GROUP="video", MODE="0660"
SUBSYSTEM=="dma_heap", GROUP="video", MODE="0660"
'';
nixpkgs.overlays = [
(import ./../../overlays/libcamera.nix)
];
networking = {
hostId = "731d1660";
firewall = {
enable = true;
allowedTCPPorts = [ 8080 ];
allowedUDPPorts = [ 8080 ];
};
};
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
systemd.services.ustreamer = {
enable = true;
description = "uStreamer service";
unitConfig = {
Type = "simple";
ConditionPathExists = "/sys/bus/i2c/drivers/imx708/10-001a/video4linux";
};
serviceConfig = {
ExecStart = ''${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \
--host=0.0.0.0 \
--resolution=4608x2592
'';
DynamicUser = "yes";
SupplementaryGroups = [ "video" ];
Restart = "always";
RestartSec = 10;
};
wantedBy = [ "network-online.target" ];
confinement.mode = "chroot-only";
};
environment.systemPackages = with pkgs; [
camera-streamer
git
neovim
libcamera
libraspberrypi
raspberrypi-eeprom
v4l-utils
unstable.ustreamer
];
system.stateVersion = "24.05";
}

33
hosts/skycam/hardware-configuration.nix
View File

@@ -1,33 +0,0 @@
{ config, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
];
boot = {
kernelModules = [ "bcm2835-v4l2" ];
kernelParams = [
"cma=512M"
"panic=0"
];
supportedFilesystems = lib.mkForce [ "f2fs" "vfat" "xfs" ];
tmp.cleanOnBoot = false;
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
}

45
hosts/vps1/default.nix
View File

@@ -1,4 +1,7 @@
{ config, pkgs, lib, ... }:
{
lib,
...
}:
{
imports = [
@@ -6,10 +9,9 @@
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostId = "08bf6db3";
domain = "mesh.vimium.net";
firewall = {
enable = true;
allowedTCPPorts = [
@@ -37,47 +39,10 @@
groups = {
jellyfin = { };
};
extraGroups.acme.members = [ "kanidm" "nginx" ];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.certs."auth.vimium.com" = {
postRun = "systemctl restart kanidm.service";
group = "acme";
};
services.kanidm = let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
uri = "https://${domain}";
in {
package = pkgs.unstable.kanidm;
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
};
serverSettings = {
bindaddress = "[::1]:3013";
ldapbindaddress = "[::1]:636";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
services.nginx.virtualHosts = {
"auth.vimium.com" = {
useACMEHost = "auth.vimium.com";
forceSSL = true;
locations."/" = {
proxyPass = "https://[::1]:3013";
};
};
};
modules = rec {
databases.postgresql.enable = true;
services = {

2
modules/default.nix
View File

@@ -32,7 +32,6 @@
./editors/neovim
./editors/vscode.nix
./hardware/presonus-studio.nix
./networking/netbird.nix
./networking/tailscale.nix
./networking/wireless.nix
./security/gpg.nix
@@ -43,7 +42,6 @@
./services/gitea
./services/gitea-runner
./services/headscale
./services/immich
./services/mail
./services/matrix
./services/nginx

4
modules/desktop/apps/thunderbird.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }:
{ config, lib, pkgs, inputs, ... }:
let cfg = config.modules.desktop.apps.thunderbird;
in {
@@ -10,7 +10,7 @@ in {
};
config = lib.mkIf cfg.enable {
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme;
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme;
home.programs.thunderbird = {
enable = true;

2
modules/desktop/browsers/brave.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, inputs, ... }:
let cfg = config.modules.desktop.browsers.brave;
in {

4
modules/desktop/browsers/firefox.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }:
{ config, lib, inputs, ... }:
let cfg = config.modules.desktop.browsers.firefox;
in {
@@ -10,7 +10,7 @@ in {
};
config = lib.mkIf cfg.enable {
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme;
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme;
home.programs.firefox = {
enable = true;

12
modules/desktop/gnome.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, self, ... }:
{ config, inputs, lib, pkgs, ... }:
let cfg = config.modules.desktop.gnome;
in {
@@ -101,7 +101,6 @@ in {
# "smart-auto-move@khimaros.com"
"space-bar@luchrioh"
# "tiling-assistant@leleat-on-github"
"tilingshell@ferrarodomenico.com"
"Vitals@CoreCoding.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
# "worksets@blipk.xyz"
@@ -178,11 +177,6 @@ in {
screen-left-gap = 8;
window-gap = 8;
};
"org/gnome/shell/extensions/tilingshell" = {
inner-gaps = 16;
outer-gaps = 8;
enable-blur-snap-assistant = true;
};
"org/gnome/Console" = {
font-scale = 1.4;
use-system-font = false;
@@ -207,7 +201,7 @@ in {
"Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} {
General.theme = "KvLibadwaitaDark";
};
"Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita";
"Kvantum/KvLibadwaita".source = "${inputs.kvlibadwaita}/src/KvLibadwaita";
};
user.packages = with pkgs; [
@@ -274,7 +268,7 @@ in {
gnomeExtensions.smart-auto-move
gnomeExtensions.space-bar
gnomeExtensions.tiling-assistant
gnomeExtensions.tiling-shell
# gnomeExtensions.tiling-shell
gnomeExtensions.todotxt
gnomeExtensions.vitals
gnomeExtensions.window-is-ready-remover

70
modules/networking/netbird.nix
View File

@@ -1,70 +0,0 @@
{ config, lib, self, ... }:
let
cfg = config.modules.networking.netbird;
hostname = config.networking.hostName;
in {
options.modules.networking.netbird = {
enable = lib.mkEnableOption "netbird";
coordinatorDomain = lib.mkOption {
type = lib.types.str;
default = "netbird.vimium.net";
};
meshDomain = lib.mkOption {
type = lib.types.str;
default = "mesh.vimium.net";
};
};
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/netbird/data-store-encryption-key" = {
file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
};
services.netbird = {
enable = true;
};
services.netbird.server = {
domain = cfg.coordinatorDomain;
enable = true;
enableNginx = true;
dashboard.settings = {
AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
};
management = rec {
disableAnonymousMetrics = true;
dnsDomain = cfg.meshDomain;
oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
DataStoreEncryptionKey = {
_secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
};
HttpConfig = {
AuthAudience = "netbird";
};
StoreConfig = { Engine = "sqlite"; };
TURNConfig = {
Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
TimeBasedCredentials = true;
};
PKCEAuthorizationFlow.ProviderConfig = {
AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
TokenEndpoint = "https://auth.vimium.com/oauth2/token";
};
};
singleAccountModeDomain = dnsDomain;
turnDomain = config.services.coturn.realm;
turnPort = config.services.coturn.listening-port;
};
};
systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
systemd.services.netbird-management.serviceConfig.RestartSec = "60";
services.nginx.virtualHosts."netbird.vimium.net" = {
enableACME = true;
forceSSL = true;
};
};
}

4
modules/networking/tailscale.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, self, ... }:
{ config, inputs, lib, pkgs, ... }:
let
cfg = config.modules.networking.tailscale;
@@ -18,7 +18,7 @@ in {
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/tailscale/${hostname}-authkey" = {
file = "${self.inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
};
environment.systemPackages = [ pkgs.tailscale ];

4
modules/networking/wireless.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, self, ... }:
{ config, lib, pkgs, inputs, ... }:
with lib;
@@ -19,7 +19,7 @@ in {
config = mkIf cfg.enable {
age.secrets."passwords/networks" = {
file = "${self.inputs.secrets}/passwords/networks.age";
file = "${inputs.secrets}/passwords/networks.age";
};
networking = {

8
modules/options.nix
View File

@@ -1,4 +1,4 @@
{ config, options, lib, self, ... }:
{ config, options, lib, home-manager, inputs, ... }:
with lib;
{
@@ -29,7 +29,7 @@ with lib;
};
config = {
age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age";
age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
user =
let user = builtins.getEnv "USER";
name = if elem user [ "" "root" ] then "jordan" else user;
@@ -68,8 +68,8 @@ with lib;
};
sharedModules = [
self.inputs.nixvim.homeManagerModules.nixvim
self.inputs.plasma-manager.homeManagerModules.plasma-manager
inputs.nixvim.homeManagerModules.nixvim
inputs.plasma-manager.homeManagerModules.plasma-manager
];
};

4
modules/services/borgmatic/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }:
{ config, lib, pkgs, inputs, ... }:
let
cfg = config.modules.services.borgmatic;
@@ -27,7 +27,7 @@ in {
config = lib.mkIf cfg.enable {
age.secrets."passwords/services/borg/${hostname}-passphrase" = {
file = "${self.inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
};
services.borgmatic = {

11
modules/services/coturn/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, self, ... }:
{
config,
lib,
inputs,
...
}:
let
cfg = config.modules.services.coturn;
@@ -49,13 +54,13 @@ in {
age.secrets = {
"passwords/services/coturn/static-auth-secret" = {
file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver";
group = "turnserver";
};
} // (if cfg.matrixIntegration then {
"passwords/services/coturn/matrix-turn-config.yml" = {
file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse";
group = "matrix-synapse";
};

4
modules/services/gitea-runner/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, self, ... }:
{ pkgs, config, lib, inputs, ... }:
# Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
@@ -176,7 +176,7 @@ in
users.groups.nix-ci-user = { };
age.secrets."files/services/gitea-runner/${hostname}-token" = {
file = "${self.inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
group = "podman";
};

10
modules/services/gitea/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, self, ... }:
{ config, lib, pkgs, inputs, ... }:
let
cfg = config.modules.services.gitea;
@@ -40,9 +40,9 @@ in {
systemd.tmpfiles.rules = [
"d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${self.inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-dark.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css"
];
services.gitea = rec {
@@ -76,7 +76,7 @@ in {
session.COOKIE_SECURE = true;
log = {
ROOT_PATH = "${stateDir}/log";
"logger.router.MODE" = "";
logger.router.MODE = "";
};
ui = {
THEMES = "gitea,arc-green,github,github-auto,github-dark";

18
modules/services/headscale/default.nix
View File

@@ -1,17 +1,19 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.headscale;
fqdn = "headscale.vimium.net";
in {
options.modules.services.headscale = {
enable = lib.mkOption {
enable = mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
@@ -20,16 +22,10 @@ in {
port = 8080;
settings = {
acl_policy_path = null;
ip_prefixes = [
"100.64.0.0/10"
];
server_url = "https://${fqdn}";
derp = {
auto_update_enable = false;
update_frequency = "24h";
urls = [];
};
dns_config = {
base_domain = "vimium.net";
extra_records = [
@@ -44,10 +40,6 @@ in {
value = "100.64.0.7";
}
];
magic_dns = true;
nameservers = [
"9.9.9.9"
];
};
logtail.enabled = false;
};

54
modules/services/immich/default.nix
View File

@@ -1,54 +0,0 @@
{ config, lib, self, ... }:
with lib;
let cfg = config.modules.services.immich;
in {
options.modules.services.immich = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
virtualHosts = {
"gallery.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.immich.port}";
extraConfig = ''
client_max_body_size 50000M;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
};
};
age.secrets."files/services/immich/envfile" = {
file = "${self.inputs.secrets}/files/services/immich/envfile.age";
};
services.immich = {
enable = true;
secretsFile = config.age.secrets."files/services/immich/envfile".path;
};
};
}

6
modules/services/mail/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, self, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.modules.services.mail;
@@ -22,10 +22,6 @@ in {
};
};
imports = [
self.inputs.nixos-mailserver.nixosModule
];
config = lib.mkIf cfg.enable {
services.roundcube = {
enable = true;

15
modules/services/matrix/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, self, ... }:
{
config,
lib,
pkgs,
inputs,
...
}:
let
cfg = config.modules.services.matrix;
@@ -171,11 +177,6 @@ in {
};
} else {});
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services.matrix-synapse = {
enable = true;
enableRegistrationScript = true;
@@ -196,7 +197,7 @@ in {
age.secrets = if cfg.slidingSync.enable then {
"files/services/matrix/sliding-sync" = {
file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age";
file = "${inputs.secrets}/files/services/matrix/sliding-sync.age";
};
} else {};

29
modules/services/nginx/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, inputs, ... }:
with lib;
@@ -82,13 +82,6 @@ in {
worker_connections 20000;
multi_accept off;
'';
proxyCachePath = {
"skycam" = {
enable = true;
keysZoneName = "skycam_cache";
maxSize = "100m";
};
};
virtualHosts = {
## Static sites
"jellyfin.vimium.com" = {
@@ -112,25 +105,6 @@ in {
'';
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
resolver 100.100.100.100;
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
@@ -168,6 +142,7 @@ in {
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "jdholt.com" "vimium.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")

4
modules/services/photoprism/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, self, ... }:
{ config, lib, pkgs, inputs, ... }:
with lib;
@@ -36,7 +36,7 @@ in {
};
age.secrets."passwords/services/photoprism/admin" = {
file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age";
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
services.photoprism = {

2
modules/shell/zsh/default.nix
View File

@@ -21,7 +21,7 @@ in {
user.packages = with pkgs; [
fd
unstable.fzf
fzf
jq
nix-zsh-completions
nnn

25
overlays/0001-Ignore-IPA-signing.patch
View File

@@ -1,25 +0,0 @@
From 625939e594ce255afa3fab3a40c3e524460e1f8b Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 10 Aug 2024 18:28:08 +0100
Subject: [PATCH] Ignore IPA signing
---
src/libcamera/ipa_manager.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index 6d5bbd05..43004175 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -295,7 +295,7 @@ bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
if (data.empty())
return false;
- bool valid = pubKey_.verify(data, ipa->signature());
+ bool valid = true;
LOG(IPAManager, Debug)
<< "IPA module " << ipa->path() << " signature is "
--
2.44.1

142
overlays/0001-Remove-relative-config-lookups.patch
View File

@@ -1,142 +0,0 @@
From 57128bb78f56cadf9e2dcca5ba4d710c3bd478a7 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Mon, 5 Aug 2024 21:53:09 +0100
Subject: [PATCH] Remove relative config lookups
---
src/libcamera/ipa_manager.cpp | 16 ----------
src/libcamera/ipa_proxy.cpp | 48 ++----------------------------
src/libcamera/pipeline_handler.cpp | 21 ++-----------
3 files changed, 4 insertions(+), 81 deletions(-)
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index f4e0b633..6d5bbd05 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -131,22 +131,6 @@ IPAManager::IPAManager()
<< "No IPA found in '" << modulePaths << "'";
}
- /*
- * When libcamera is used before it is installed, load IPAs from the
- * same build directory as the libcamera library itself.
- */
- std::string root = utils::libcameraBuildPath();
- if (!root.empty()) {
- std::string ipaBuildPath = root + "src/ipa";
- constexpr int maxDepth = 2;
-
- LOG(IPAManager, Info)
- << "libcamera is not installed. Adding '"
- << ipaBuildPath << "' to the IPA search path";
-
- ipaCount += addDir(ipaBuildPath.c_str(), maxDepth);
- }
-
/* Finally try to load IPAs from the installed system path. */
ipaCount += addDir(IPA_MODULE_DIR);
diff --git a/src/libcamera/ipa_proxy.cpp b/src/libcamera/ipa_proxy.cpp
index 69975d8f..cd9284a3 100644
--- a/src/libcamera/ipa_proxy.cpp
+++ b/src/libcamera/ipa_proxy.cpp
@@ -122,33 +122,11 @@ std::string IPAProxy::configurationFile(const std::string &name,
}
}
- std::string root = utils::libcameraSourcePath();
- if (!root.empty()) {
- /*
- * When libcamera is used before it is installed, load
- * configuration files from the source directory. The
- * configuration files are then located in the 'data'
- * subdirectory of the corresponding IPA module.
- */
- std::string ipaConfDir = root + "src/ipa/" + ipaName + "/data";
-
- LOG(IPAProxy, Info)
- << "libcamera is not installed. Loading IPA configuration from '"
- << ipaConfDir << "'";
-
- std::string confPath = ipaConfDir + "/" + name;
+ for (const auto &dir : utils::split(IPA_CONFIG_DIR, ":")) {
+ std::string confPath = dir + "/" + ipaName + "/" + name;
ret = stat(confPath.c_str(), &statbuf);
if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG)
return confPath;
-
- } else {
- /* Else look in the system locations. */
- for (const auto &dir : utils::split(IPA_CONFIG_DIR, ":")) {
- std::string confPath = dir + "/" + ipaName + "/" + name;
- ret = stat(confPath.c_str(), &statbuf);
- if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG)
- return confPath;
- }
}
if (fallbackName.empty()) {
@@ -197,28 +175,6 @@ std::string IPAProxy::resolvePath(const std::string &file) const
}
}
- /*
- * When libcamera is used before it is installed, load proxy workers
- * from the same build directory as the libcamera directory itself.
- * This requires identifying the path of the libcamera.so, and
- * referencing a relative path for the proxy workers from that point.
- */
- std::string root = utils::libcameraBuildPath();
- if (!root.empty()) {
- std::string ipaProxyDir = root + "src/libcamera/proxy/worker";
-
- LOG(IPAProxy, Info)
- << "libcamera is not installed. Loading proxy workers from '"
- << ipaProxyDir << "'";
-
- std::string proxyPath = ipaProxyDir + proxyFile;
- if (!access(proxyPath.c_str(), X_OK))
- return proxyPath;
-
- return std::string();
- }
-
- /* Else try finding the exec target from the install directory. */
std::string proxyPath = std::string(IPA_PROXY_DIR) + proxyFile;
if (!access(proxyPath.c_str(), X_OK))
return proxyPath;
diff --git a/src/libcamera/pipeline_handler.cpp b/src/libcamera/pipeline_handler.cpp
index 5ea2ca78..fd8555ca 100644
--- a/src/libcamera/pipeline_handler.cpp
+++ b/src/libcamera/pipeline_handler.cpp
@@ -561,25 +561,8 @@ std::string PipelineHandler::configurationFile(const std::string &subdir,
struct stat statbuf;
int ret;
- std::string root = utils::libcameraSourcePath();
- if (!root.empty()) {
- /*
- * When libcamera is used before it is installed, load
- * configuration files from the source directory. The
- * configuration files are then located in the 'data'
- * subdirectory of the corresponding pipeline handler.
- */
- std::string confDir = root + "src/libcamera/pipeline/";
- confPath = confDir + subdir + "/data/" + name;
-
- LOG(Pipeline, Info)
- << "libcamera is not installed. Loading platform configuration file from '"
- << confPath << "'";
- } else {
- /* Else look in the system locations. */
- confPath = std::string(LIBCAMERA_DATA_DIR)
- + "/pipeline/" + subdir + '/' + name;
- }
+ confPath = std::string(LIBCAMERA_DATA_DIR)
+ + "/pipeline/" + subdir + '/' + name;
ret = stat(confPath.c_str(), &statbuf);
if (ret == 0 && (statbuf.st_mode & S_IFMT) == S_IFREG)
--
2.44.1

35
overlays/default.nix
View File

@@ -1,35 +0,0 @@
final: prev:
/*
Generate an overlay from `pkgs` by handling the `callPackage` behaviour
ourselves, making exceptions for namespaced package sets. We cannot reuse
the definitions from `self.legacyPackages.${prev.system}`, as that would
evaluate nixpkgs twice here (prev.system does not exist then).
*/
let
lib = prev.lib;
pkgs = lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: path;
directory = ../pkgs;
};
in
lib.mapAttrs
(name: value:
if lib.isAttrs value then
if lib.hasAttrByPath [ name "overrideScope" ] prev then
# Namespaced package sets created with `lib.makeScope pkgs.newScope`.
prev.${name}.overrideScope (final': prev':
lib.mapAttrs (name': value': final'.callPackage value' { }) value)
else if lib.hasAttrByPath [ name "extend" ] prev then
# Namespaced package sets created with `lib.makeExtensible`.
prev.${name}.extend (final': prev':
lib.mapAttrs (name': value': final.callPackage value' { }) value)
else
# Namespaced package sets in regular attrsets.
prev.${name} // value
else
final.callPackage value { })
pkgs

8
overlays/gnome.nix
View File

@@ -1,10 +1,10 @@
final: prev:
self: super:
{
gnome = prev.gnome.overrideScope' (gself: gsuper: {
gnome = super.gnome.overrideScope' (gself: gsuper: {
mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
src = prev.fetchurl {
src = super.fetchurl {
url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
sha256 = "9MVb53tcOTkcXJ025bF2kX1+fGSfffliA43q00x2c/Y=";
sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
};
});
});

64
overlays/libcamera.nix
View File

@@ -1,64 +0,0 @@
final: prev:
{
libpisp = final.stdenv.mkDerivation {
name = "libpisp";
version = "1.0.5";
src = final.fetchFromGitHub {
owner = "raspberrypi";
repo = "libpisp";
rev = "v1.0.5";
hash = "sha256-CHd44CH5dBcZuK+5fZtONZ8HE/lwGKwK5U0BYUK8gG4=";
};
nativeBuildInputs = with final; [
pkg-config
meson
ninja
];
buildInputs = with final; [
nlohmann_json
boost
];
BOOST_INCLUDEDIR = "${prev.lib.getDev final.boost}/include";
BOOST_LIBRARYDIR = "${prev.lib.getLib final.boost}/lib";
};
libcamera = prev.libcamera.overrideAttrs (old: {
src = final.fetchFromGitHub {
owner = "raspberrypi";
repo = "libcamera";
rev = "eb00c13d7c9f937732305d47af5b8ccf895e700f";
hash = "sha256-p0/inkHPRUkxSIsTmj7VI7sIaX7OXdqjMGZ31W7cnt4=";
};
postPatch = ''
patchShebangs utils/ src/py/
'';
patches = [
./0001-Remove-relative-config-lookups.patch
./0001-Ignore-IPA-signing.patch
];
buildInputs = old.buildInputs ++ (with final; [
libpisp
libglibutil
]);
mesonFlags = old.mesonFlags ++ [
"--buildtype=release"
"-Dpipelines=rpi/vc4,rpi/pisp"
"-Dipas=rpi/vc4,rpi/pisp"
"-Dgstreamer=enabled"
"-Dtest=false"
"-Dcam=enabled"
"-Dpycamera=disabled"
];
});
camera-streamer = prev.callPackage ../pkgs/camera-streamer/package.nix {
libcamera = final.libcamera;
};
}

25
pkgs/camera-streamer/0001-Disable-libdatachannel.patch
View File

@@ -1,25 +0,0 @@
From 0f17bb86772afe9495891e420a809a0b3c071caf Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 10 Aug 2024 15:37:15 +0100
Subject: [PATCH] Disable libdatachannel
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index d5029bd..e50ba1a 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ USE_HW_H264 ?= 1
USE_FFMPEG ?= $(shell pkg-config libavutil libavformat libavcodec && echo 1)
USE_LIBCAMERA ?= $(shell pkg-config libcamera && echo 1)
USE_RTSP ?= $(shell pkg-config live555 && echo 1)
-USE_LIBDATACHANNEL ?= $(shell [ -e $(LIBDATACHANNEL_PATH)/CMakeLists.txt ] && echo 1)
+USE_LIBDATACHANNEL ?= 0
ifeq (1,$(DEBUG))
CFLAGS += -g
--
2.44.1

78
pkgs/camera-streamer/package.nix
View File

@@ -1,78 +0,0 @@
{ stdenv
, fetchFromGitHub
, cmake
, gnumake
, pkg-config
, xxd
, v4l-utils
, nlohmann_json
, ffmpegSupport ? true
, ffmpeg
, libcameraSupport ? true
, libcamera
, rtspSupport ? false
, live555
, webrtcSupport ? false
, openssl
, lib
}:
stdenv.mkDerivation (finalAttrs: {
pname = "camera-streamer";
version = "0.2.8";
src = fetchFromGitHub {
owner = "ayufan";
repo = "camera-streamer";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-8vV8BMFoDeh22I1/qxk6zttJROaD/lrThBxXHZSPpT4=";
fetchSubmodules = true;
};
patches = [
./0001-Disable-libdatachannel.patch
];
# Second replacement fixes literal newline in generated version.h.
postPatch = ''
substituteInPlace Makefile \
--replace '/usr/local/bin' '/bin' \
--replace 'echo "#define' 'echo -e "#define'
'';
env.NIX_CFLAGS_COMPILE = builtins.toString [
"-Wno-error=stringop-overflow"
"-Wno-error=format"
"-Wno-format"
"-Wno-format-security"
"-Wno-error=unused-result"
];
nativeBuildInputs = [
cmake
gnumake
pkg-config
xxd
];
dontUseCmakeConfigure = true;
buildInputs = [ nlohmann_json v4l-utils ]
++ (lib.optional ffmpegSupport ffmpeg)
++ (lib.optional libcameraSupport libcamera)
++ (lib.optional rtspSupport live555)
++ (lib.optional webrtcSupport openssl);
installFlags = [ "DESTDIR=${builtins.placeholder "out"}" ];
preInstall = "mkdir -p $out/bin";
meta = with lib; {
description = "High-performance low-latency camera streamer for Raspberry Pi's";
website = "https://github.com/ayufan/camera-streamer";
license = licenses.gpl3Only;
};
})

58
pkgs/rpicam-apps/package.nix
View File

@@ -1,58 +0,0 @@
{ stdenv
, fetchFromGitHub
, meson
, ninja
, pkg-config
, boost
, ffmpeg
, libcamera
, libdrm
, libexif
, libjpeg
, libpng
, libtiff
, lib
}:
stdenv.mkDerivation (finalAttrs: {
pname = "rpicam-apps";
version = "1.4.1";
src = fetchFromGitHub {
owner = "raspberrypi";
repo = "rpicam-apps";
rev = "v" + finalAttrs.version;
hash = "sha256-3NG2ZE/Ub3lTbfne0LCXuDgLGTPaAAADRdElEbZwvls=";
};
nativeBuildInputs = [
meson
ninja
pkg-config
];
buildInputs = [
boost
ffmpeg
libcamera
libdrm
libexif
libjpeg
libpng
libtiff
];
# Meson is no longer able to pick up Boost automatically:
# https://github.com/NixOS/nixpkgs/issues/86131
BOOST_INCLUDEDIR = "${lib.getDev boost}/include";
BOOST_LIBRARYDIR = "${lib.getLib boost}/lib";
meta = with lib; {
description = ''
libcamera-based applications to drive the cameras on a Raspberry Pi platform
'';
homepage = "https://github.com/raspberrypi/rpicam-apps";
license = licenses.bsd2;
};
})