jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:skycam
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:zitadel
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

28 Commits
skycam ... zitadel

Author SHA1 Message Date
Jordan Holt
ec51278987 Fix zitadel config 2024-08-11 22:27:14 +01:00
Jordan Holt
1250683996 Add zitadel config 2024-08-11 17:06:17 +01:00
Jordan Holt
bbb7548659 flake.lock: Update 
Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=b47efe67031e12a2d5560b94fdb4de7dca3df80c' (2024-08-11)
 2024-08-11 15:07:10 +01:00
Jordan Holt
8216088c46 Split overlays into directories 2024-08-11 14:30:55 +01:00
Jordan Holt
d05d353ee7 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/3f1dae074a12feb7327b4bf43cbac0d124488bb7' (2024-07-30)
  → 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/107bb46eef1f05e86fc485ee8af9b637e5157988' (2024-08-08)
  → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/21cc704b5e918c5fbf4f9fff22b4ac2681706d90' (2024-08-06)
  → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
  → 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09)
• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=dfe0e95be5ef539bf28602ff47beeea26cc4d1b8' (2024-08-03)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
 2024-08-11 13:10:27 +01:00
Jordan Holt
b74bfc9683 Extract networking domain from host configs
All checks were successful
Check flake / build-amd64-linux (push) Successful in 4m22s
Details
2024-08-11 10:06:26 +01:00
Jordan Holt
19dbe4c226 Add agenix to devshell
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m41s
Details
2024-08-11 09:52:16 +01:00
Jordan Holt
a0bb510d8d Refactor deploy nodes config
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m37s
Details
2024-08-11 09:40:45 +01:00
Jordan Holt
fdfacc0f97 Scope overlays and modules to specific host sets
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m39s
Details
2024-08-11 09:21:08 +01:00
Jordan Holt
6eed6303f2 Use rpi libcamera fork
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m44s
Details
2024-08-10 22:22:03 +01:00
Jordan Holt
1cb6482106 Fix udev rules on skycam
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m32s
Details
2024-08-10 21:53:25 +01:00
Jordan Holt
3323f930d3 Add camera-streamer package to skycam 2024-08-10 21:53:09 +01:00
Jordan Holt
37d56b613e Patch out IPA signature validation in libcamera 2024-08-10 21:52:45 +01:00
Jordan Holt
6205824c0d Re-add default overlay 2024-08-10 21:52:20 +01:00
Jordan Holt
b613c266ed Patch out libdatachannel in camera-streamer 2024-08-10 21:51:35 +01:00
Jordan Holt
c9fa49b24d Update deployment hostnames
All checks were successful
Check flake / build-amd64-linux (push) Successful in 45m16s
Details
2024-08-09 22:06:19 +01:00
Jordan Holt
064f180528 Apply libcamera overlay to skycam only 2024-08-09 21:54:40 +01:00
Jordan Holt
3f36be6cb7 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05)
  → 'github:NixOS/nixpkgs/21cc704b5e918c5fbf4f9fff22b4ac2681706d90' (2024-08-06)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/5ab818b79ba5c6651209cc1c1d19afe6c9046ed4' (2024-08-08)
  → 'github:nix-community/plasma-manager/22bea90404c5ff6457913a03c1a54a3caa5b1c57' (2024-08-09)
 2024-08-09 21:43:39 +01:00
Jordan Holt
ab23bb3b76 Merge branch 'skycam'
Some checks failed
Check flake / build-amd64-linux (push) Failing after 0s
Details
2024-08-09 21:41:28 +01:00
Jordan Holt
533397fc21 Proxy skycam snapshot on jdholt.com 2024-08-09 21:41:01 +01:00
Jordan Holt
7943e063c2 Prevent skycam reboot on panic 2024-08-09 20:03:42 +01:00
Jordan Holt
91d66003aa Add build instructions for skycam to README 2024-08-09 19:36:15 +01:00
Jordan Holt
ecf34dbc89 Remove jdholt.com redirect 2024-08-09 19:05:01 +01:00
Jordan Holt
08c9a6ae19 flake.lock: Update
Some checks failed
Check flake / build-amd64-linux (push) Failing after 0s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/0257e44f4ad472b54f19a6dd1615aee7fa48ed49' (2024-08-05)
  → 'github:nix-community/disko/ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed' (2024-08-08)
• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/cc70ec20e2775df7cd2bccdd20dcdecc3e0a733b' (2024-07-18)
  → 'github:rafaelmardojai/firefox-gnome-theme/fb5b578a4f49ae8705e5fea0419242ed1b8dba70' (2024-08-08)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30)
  → 'github:NixOS/nixos-hardware/107bb46eef1f05e86fc485ee8af9b637e5157988' (2024-08-08)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8b5b6723aca5a51edf075936439d9cd3947b7b2c' (2024-08-04)
  → 'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/d04953086551086b44b6f3c6b7eeb26294f207da' (2024-08-02)
  → 'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
• Updated input 'nixvim':
    'github:nix-community/nixvim/4e6974c619bd280789ef3697a73fcf7c20f70819' (2024-08-03)
  → 'github:nix-community/nixvim/170df9814c3e41d5a4d6e3339e611801b1f02ce2' (2024-08-06)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15)
  → 'github:cachix/git-hooks.nix/06939f6b7ec4d4f465bf3132a05367cccbbf64da' (2024-08-05)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/f7142b8024d6b70c66fd646e1d099d3aa5bfec49' (2024-08-02)
  → 'github:lnl7/nix-darwin/91010a5613ffd7ee23ee9263213157a1c422b705' (2024-08-06)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/61d9342fb471cd3c45a047406428fba7b6fb49ad' (2024-08-04)
  → 'github:nix-community/plasma-manager/5ab818b79ba5c6651209cc1c1d19afe6c9046ed4' (2024-08-08)
 2024-08-08 23:23:33 +01:00
Jordan Holt
0c564903ab Fix ustreamer 2024-08-06 08:58:05 +01:00
Jordan Holt
ad9f4e52ef Revert "Update rpi base" 
This reverts commit 5903eb650a.
 2024-08-06 08:29:32 +01:00
Jordan Holt
a96d5a9aeb Remote builder uses root 2024-08-05 19:48:30 +01:00
Jordan Holt
d57d70bbbf Add supportedFeatures to aarch64builder
Some checks failed
Check flake / build-amd64-linux (push) Failing after 0s
Details
2024-08-05 19:06:03 +01:00
41 changed files with 492 additions and 462 deletions
Expand all files Collapse all files

261
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1722339003, "lastModified": 1723293904,
"narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -107,11 +107,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722821805, "lastModified": 1723080788,
"narHash": "sha256-FGrUPUD+LMDwJsYyNSxNIzFMldtCm8wXiQuyL2PHSrM=", "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0257e44f4ad472b54f19a6dd1615aee7fa48ed49", "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -123,11 +123,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1721276923, "lastModified": 1723137499,
"narHash": "sha256-HJKuwVvi+yGv+8n9Ez4EwaJA0B79JRss9J30vpgy/GI=", "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "cc70ec20e2775df7cd2bccdd20dcdecc3e0a733b", "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -233,11 +233,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721042469, "lastModified": 1722857853,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -365,40 +365,6 @@
"type": "github" "type": "github"
} }
}, },
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1718617480,
"narHash": "sha256-qqEMJzMotybf1nJp1dsz3zc910Qj0TmqCm1CwuSb1VY=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "6ddd79b5bdbedc1f61007aed35391f1559f9e29a",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "6ddd79b5bdbedc1f61007aed35391f1559f9e29a",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1718613892,
"narHash": "sha256-V/d4RrXoq8HNc8r/Kr1gH3E7YTZzfIdgbaJtq/Xi7uQ=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "b567f04556801ca350331ed21a1ae3eef4675c23",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.6",
"repo": "libpisp",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -407,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722609272, "lastModified": 1722924007,
"narHash": "sha256-Kkb+ULEHVmk07AX+OhwyofFxBDpw+2WvsXguUS2m6e4=", "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "f7142b8024d6b70c66fd646e1d099d3aa5bfec49", "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -422,11 +388,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1722332872, "lastModified": 1723310128,
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -493,11 +459,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1722630782, "lastModified": 1723175592,
"narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d04953086551086b44b6f3c6b7eeb26294f207da", "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -524,11 +490,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1722791413, "lastModified": 1723282977,
"narHash": "sha256-rCTrlCWvHzMCNcKxPE3Z/mMK2gDZ+BvvpEVyRM4tKmU=", "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8b5b6723aca5a51edf075936439d9cd3947b7b2c", "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -537,22 +503,6 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1722651103,
"narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
@ -567,11 +517,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1722688115, "lastModified": 1722925293,
"narHash": "sha256-Ubk5KzAp2Z4Dzmi81aGgabvy41QXjZMwNikDYm7+jS0=", "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "4e6974c619bd280789ef3697a73fcf7c20f70819", "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -591,11 +541,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722804745, "lastModified": 1723232379,
"narHash": "sha256-l6N3QaiDqN2QmHDAxjczQPLPCTv+Kp7PsrtJBltmhTo=", "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "61d9342fb471cd3c45a047406428fba7b6fb49ad", "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -604,33 +554,6 @@
"type": "github" "type": "github"
} }
}, },
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": "nixpkgs_4",
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_10_0-rc5-src": "rpi-linux-6_10_0-rc5-src",
"rpi-linux-6_6_31-src": "rpi-linux-6_6_31-src",
"rpicam-apps-src": "rpicam-apps-src",
"u-boot-src": "u-boot-src"
},
"locked": {
"lastModified": 1722525809,
"narHash": "sha256-LTCbMSKbSHvKubfXolss39UeTKDIoP9wWTyXV/tDPHU=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "35bb455fdeb495043a94433f67e05fa88980cdad",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -646,121 +569,18 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"raspberry-pi-nix": "raspberry-pi-nix",
"secrets": "secrets", "secrets": "secrets",
"thunderbird-gnome-theme": "thunderbird-gnome-theme" "thunderbird-gnome-theme": "thunderbird-gnome-theme"
} }
}, },
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1708967191,
"narHash": "sha256-BGq0+cr+xBRwQM/LqiQuRWuZpQsKM5jfcrNCqWMuVzM=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "223ccf3a3ddb11b3ea829749fbbba4d65b380897",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1716978780,
"narHash": "sha256-KsCo7ZG6vKstxRyFljZtbQvnDSqiAPdUza32xTY/tlA=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "3590de0c181d433af368a95f15bc480bdaff8b47",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20240529",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_10_0-rc5-src": {
"flake": false,
"locked": {
"lastModified": 1719265450,
"narHash": "sha256-xd/Pz/uZFYW9hJIFKryWDE9Aks6f2EIvEDCmfk0C70c=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "f61d3aca8045e70d64b55f7b98f083738f639ad2",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.10.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_31-src": {
"flake": false,
"locked": {
"lastModified": 1716545726,
"narHash": "sha256-UWUTeCpEN7dlFSQjog6S3HyEWCCnaqiUqV5KxCjYink=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "c1432b4bae5b6582f4d32ba381459f33c34d1424",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "stable_20240529",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1717081637,
"narHash": "sha256-s4zJh6r3VhiquO54KWZ78dVCH1BmlphY9zEB9BidNyo=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "49344f2a8d1817558d4e6463032fcf11be618b38",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.0",
"repo": "rpicam-apps",
"type": "github"
}
},
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1722712220, "lastModified": 1723385164,
"narHash": "sha256-gEmbk/DROfVZ+v/BAZHDloHzS0KdqIzxtW7z9g2eH4Y=", "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "dfe0e95be5ef539bf28602ff47beeea26cc4d1b8", "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c",
"revCount": 22, "revCount": 24,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },
@ -851,19 +671,6 @@
"type": "github" "type": "github"
} }
}, },
"u-boot-src": {
"flake": false,
"locked": {
"lastModified": 1712055538,
"narHash": "sha256-IlaDdjKq/Pq2orzcU959h93WXRZfvKBGDO/MFw9mZMg=",
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.04.tar.bz2"
},
"original": {
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.04.tar.bz2"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"

134
flake.nix
View File

@ -41,9 +41,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
raspberry-pi-nix = {
url = "github:nix-community/raspberry-pi-nix";
};
secrets = { secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false; flake = false;
@ -54,82 +51,60 @@
}; };
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, ... }: outputs = inputs @ { self, nixpkgs, ... }:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
domain = "mesh.vimium.net";
forEverySystem = lib.getAttrs lib.systems.flakeExposed;
forEachSystem = lib.genAttrs [ forEachSystem = lib.genAttrs [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
]; ];
mkPkgsForSystem = system: inputs.nixpkgs; mkDeployNode = hostName: {
customPkgs = forEachSystem (system: hostname = "${hostName}.${domain}";
lib.packagesFromDirectoryRecursive {
callPackage = nixpkgs.legacyPackages.${system}.callPackage; profiles.system = {
directory = ./pkgs; user = "root";
}); path = inputs.deploy-rs.lib.${self.nixosConfigurations.${hostName}.config.system.build.toplevel.system}.activate.nixos self.nixosConfigurations.${hostName};
overlays = [
agenix.overlays.default
(import ./overlays/gnome.nix)
(import ./overlays/libcamera.nix)
(
final: prev: {
unstable = import inputs.nixpkgs-unstable { system = final.system; };
}
)
];
commonModules = [
agenix.nixosModules.age
disko.nixosModules.disko
nixos-mailserver.nixosModule
home-manager.nixosModule
./modules
];
mkNixosSystem = { system, name, extraModules ? [] }:
let
nixpkgs = mkPkgsForSystem system;
lib = (import nixpkgs { inherit overlays system; }).lib;
in
inputs.nixpkgs.lib.nixosSystem {
inherit lib system;
specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
modules = commonModules ++ [
({ config, ... }:
{
nixpkgs.pkgs = import nixpkgs {
inherit overlays system;
config.allowUnfree = true;
config.nvidia.acceptLicense = true;
};
networking.hostName = name;
})
./hosts/${name}
] ++ extraModules;
}; };
};
in in
{ {
overlays = lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: import path;
directory = ./overlays;
};
legacyPackages = forEachSystem (system: legacyPackages = forEachSystem (system:
lib.packagesFromDirectoryRecursive { lib.packagesFromDirectoryRecursive {
callPackage = nixpkgs.legacyPackages.${system}.callPackage; callPackage = nixpkgs.legacyPackages.${system}.callPackage;
directory = ./pkgs; directory = ./pkgs;
}); });
nixosConfigurations = { nixosConfigurations = lib.pipe ./hosts [
atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; }; builtins.readDir
eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; }; (lib.filterAttrs (name: value: value == "directory"))
helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; (lib.mapAttrs (name: value:
hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; lib.nixosSystem {
library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; specialArgs = { inherit self; };
mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; modules = [
pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; {
skycam = mkNixosSystem { system = "aarch64-linux"; name = "skycam"; extraModules = [ inputs.raspberry-pi-nix.nixosModules.raspberry-pi ]; }; networking = {
vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; inherit domain;
}; hostName = name;
};
}
./hosts/${name}
];
}))
];
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell { devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
buildInputs = [ buildInputs = [
deploy-rs.packages.x86_64-linux.deploy-rs inputs.agenix.packages.x86_64-linux.agenix
inputs.deploy-rs.packages.x86_64-linux.deploy-rs
]; ];
}; };
@ -137,43 +112,10 @@
magicRollback = true; magicRollback = true;
autoRollback = true; autoRollback = true;
sshUser = "root"; sshUser = "root";
nodes = { nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
mail = {
hostname = "mail.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
};
};
vps1 = {
hostname = "vps1.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
};
};
pi = {
hostname = "10.0.1.191";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
};
};
skycam = {
hostname = "10.0.1.146";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.skycam;
};
};
};
}; };
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
}; };
} }

4
hosts/atlas/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, ... }:
{ {
imports = [ imports = [
@ -6,6 +6,8 @@
../desktop.nix ../desktop.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

23
hosts/common.nix
View File

@ -1,6 +1,22 @@
{ config, pkgs, ... }: { config, pkgs, self, ... }:
{ {
imports = [
self.inputs.agenix.nixosModules.age
self.inputs.home-manager.nixosModule
../modules
];
nixpkgs.overlays = [
self.inputs.agenix.overlays.default
(import ../overlays/default.nix)
(
final: prev: {
unstable = import self.inputs.nixpkgs-unstable { system = final.system; };
}
)
];
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8"; i18n.defaultLocale = "en_GB.UTF-8";
@ -45,10 +61,11 @@
buildMachines = [ buildMachines = [
{ {
hostName = "10.0.1.79"; hostName = "10.0.1.79";
sshUser = "builder"; sshUser = "root";
system = "aarch64-linux"; system = "aarch64-linux";
maxJobs = 6; maxJobs = 6;
speedFactor = 1; speedFactor = 1;
supportedFeatures = [ "big-parallel" "benchmark" ];
} }
]; ];
distributedBuilds = true; distributedBuilds = true;
@ -62,12 +79,10 @@
auto-optimise-store = true; auto-optimise-store = true;
substituters = [ substituters = [
"http://odyssey.mesh.vimium.net" "http://odyssey.mesh.vimium.net"
"https://nix-community.cachix.org"
"https://cache.nixos.org" "https://cache.nixos.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ=" "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
}; };
gc = { gc = {

6
hosts/desktop.nix
View File

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
./common.nix ./common.nix
]; ];
nixpkgs.overlays = [
(import ../overlays/gnome)
];
services.printing.enable = true; services.printing.enable = true;
services.openssh.startWhenNeeded = true; services.openssh.startWhenNeeded = true;

4
hosts/eos/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, ... }:
{ {
imports = [ imports = [
@ -6,6 +6,8 @@
../desktop.nix ../desktop.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

4
hosts/helios/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, ... }:
{ {
imports = [ imports = [
@ -6,6 +6,8 @@
../desktop.nix ../desktop.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
boot = { boot = {
loader.grub = { loader.grub = {
enable = true; enable = true;

11
hosts/hypnos/default.nix
View File

@ -1,12 +1,21 @@
{ config, lib, ... }: { config, lib, self, ... }:
{ {
imports = [ imports = [
self.inputs.disko.nixosModules.disko
./hardware-configuration.nix ./hardware-configuration.nix
./disko-config.nix ./disko-config.nix
../desktop.nix ../desktop.nix
]; ];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

3
hosts/library/default.nix
View File

@ -6,6 +6,8 @@
../server.nix ../server.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
@ -13,7 +15,6 @@
}; };
networking = { networking = {
domain = "mesh.vimium.net";
hostId = "d24ae953"; hostId = "d24ae953";
firewall = { firewall = {
enable = true; enable = true;

6
hosts/mail/default.nix
View File

@ -1,15 +1,17 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, self, ... }:
{ {
imports = [ imports = [
self.inputs.disko.nixosModules.disko
./hardware-configuration.nix ./hardware-configuration.nix
./disko-config.nix ./disko-config.nix
../server.nix ../server.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
networking = { networking = {
hostId = "08ac2f14"; hostId = "08ac2f14";
domain = "mesh.vimium.net";
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [

10
hosts/odyssey/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, ... }:
{ {
imports = [ imports = [
@ -6,6 +6,14 @@
../desktop.nix ../desktop.nix
]; ];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = { boot.loader = {
systemd-boot = { systemd-boot = {
enable = true; enable = true;

11
hosts/pi/default.nix
View File

@ -1,12 +1,13 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, self, ... }:
{ {
imports = [ imports = [
self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix ./hardware-configuration.nix
../server.nix ../server.nix
]; ];
networking.hostId = "731d1660"; nixpkgs.hostPlatform = "aarch64-linux";
hardware = { hardware = {
raspberry-pi."4" = { raspberry-pi."4" = {
@ -97,6 +98,8 @@
]; ];
}; };
networking.hostId = "731d1660";
sound.enable = true; sound.enable = true;
security.rtkit.enable = true; security.rtkit.enable = true;
@ -108,7 +111,7 @@
}; };
age.secrets."files/services/home-assistant/secrets.yaml" = { age.secrets."files/services/home-assistant/secrets.yaml" = {
file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age"; file = "${self.inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml"; path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = "hass"; owner = "hass";
group = "hass"; group = "hass";
@ -173,7 +176,7 @@
}; };
age.secrets."files/services/zigbee2mqtt/secret.yaml" = { age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age"; file = "${self.inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml"; path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
owner = "zigbee2mqtt"; owner = "zigbee2mqtt";
group = "zigbee2mqtt"; group = "zigbee2mqtt";

7
hosts/skycam/README.md
View File

@ -20,3 +20,10 @@ SD card | `/dev/mmcblk0` (ext4, NixOS Root)
## Devices and connections ## Devices and connections
- Camera Module 3 with wide-angle lens - Camera Module 3 with wide-angle lens
## Building
To generate a compressed SD card image for Skycam, run:
`nix build '.#nixosConfigurations.skycam.config.system.build.sdImage'`
Once a card is imaged, the existing SSH host keys should be copied to
`/etc/ssh` manually to enable secret decryption.

58
hosts/skycam/default.nix
View File

@ -1,16 +1,63 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, self, ... }:
{ {
imports = [ imports = [
self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix ./hardware-configuration.nix
../server.nix ../server.nix
]; ];
raspberry-pi-nix = { nixpkgs.hostPlatform = "aarch64-linux";
board = "bcm2711";
libcamera-overlay.enable = false; hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = false;
xhci.enable = false;
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
# From https://github.com/Electrostasy/dots/blob/3b81723feece67610a252ce754912f6769f0cd34/hosts/phobos/klipper.nix#L43-L65
overlays =
let
mkCompatibleDtsFile = dtbo:
let
drv = pkgs.runCommand "fix-dts" { nativeBuildInputs = with pkgs; [ dtc gnused ]; } ''
mkdir "$out"
dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts
'';
in
"${drv}/overlay.dts";
inherit (config.boot.kernelPackages) kernel;
in
[
{
name = "imx708.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo";
}
{
name = "vc4-kms-v3d-pi4.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo";
}
];
};
firmware = with pkgs; [
firmwareLinuxNonfree
];
}; };
services.udev.extraRules = ''
SUBSYSTEM=="rpivid-*", GROUP="video", MODE="0660"
KERNEL=="vcsm-cma", GROUP="video", MODE="0660"
SUBSYSTEM=="dma_heap", GROUP="video", MODE="0660"
'';
nixpkgs.overlays = [
(import ./../../overlays/libcamera)
];
networking = { networking = {
hostId = "731d1660"; hostId = "731d1660";
firewall = { firewall = {
@ -41,7 +88,7 @@
--resolution=4608x2592 --resolution=4608x2592
''; '';
DynamicUser = "yes"; DynamicUser = "yes";
SupplementaryGroups = [ "video" "i2c" ]; SupplementaryGroups = [ "video" ];
Restart = "always"; Restart = "always";
RestartSec = 10; RestartSec = 10;
}; };
@ -50,6 +97,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
camera-streamer
git git
neovim neovim
libcamera libcamera

21
hosts/skycam/hardware-configuration.nix
View File

@ -1,6 +1,27 @@
{ config, lib, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
];
boot = {
kernelModules = [ "bcm2835-v4l2" ];
kernelParams = [
"cma=512M"
"panic=0"
];
supportedFilesystems = lib.mkForce [ "f2fs" "vfat" "xfs" ];
tmp.cleanOnBoot = false;
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

92
hosts/vps1/default.nix
View File

@ -1,7 +1,4 @@
{ { config, lib, self, ... }:
lib,
...
}:
{ {
imports = [ imports = [
@ -9,9 +6,10 @@
../server.nix ../server.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux";
networking = { networking = {
hostId = "08bf6db3"; hostId = "08bf6db3";
domain = "mesh.vimium.net";
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
@ -43,6 +41,90 @@
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
services.postgresql = {
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
};
}
];
ensureDatabases = [ "zitadel" ];
};
age.secrets."files/services/zitadel/masterkey" = {
file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
owner = "zitadel";
group = "zitadel";
};
systemd.services.zitadel = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
settings = {
Database.postgres = {
Host = "/run/postgresql";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
ExistingDatabase = "zitadel";
Username = "zitadel";
SSL.Mode = "disable";
};
};
ExternalDomain = "id.vimium.com";
ExternalPort = 443;
ExternalSecure = true;
Machine = {
Identification = {
Hostname.Enabled = true;
PrivateIp.Enabled = false;
Webhook.Enabled = false;
};
};
Port = 8081;
WebAuthNName = "Vimium";
};
steps.FirstInstance = {
InstanceName = "Vimium";
Org.Name = "Vimium";
Org.Human = {
UserName = "jordan@vimium.com";
FirstName = "Jordan";
LastName = "Holt";
Email = {
Address = "jordan@vimium.com";
Verified = true;
};
Password = "Password1!";
PasswordChangeRequired = true;
};
LoginPolicy.AllowRegister = false;
};
};
services.nginx.virtualHosts."id.vimium.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
grpc_set_header Host $host:$server_port;
'';
};
};
modules = rec { modules = rec {
databases.postgresql.enable = true; databases.postgresql.enable = true;
services = { services = {

1
modules/databases/postgresql.nix
View File

@ -17,6 +17,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableJIT = true;
initdbArgs = [ initdbArgs = [
"--allow-group-access" "--allow-group-access"
"--encoding=UTF8" "--encoding=UTF8"

4
modules/desktop/apps/thunderbird.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, self, ... }:
let cfg = config.modules.desktop.apps.thunderbird; let cfg = config.modules.desktop.apps.thunderbird;
in { in {
@ -10,7 +10,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme; home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme;
home.programs.thunderbird = { home.programs.thunderbird = {
enable = true; enable = true;

2
modules/desktop/browsers/brave.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
let cfg = config.modules.desktop.browsers.brave; let cfg = config.modules.desktop.browsers.brave;
in { in {

4
modules/desktop/browsers/firefox.nix
View File

@ -1,4 +1,4 @@
{ config, lib, inputs, ... }: { config, lib, self, ... }:
let cfg = config.modules.desktop.browsers.firefox; let cfg = config.modules.desktop.browsers.firefox;
in { in {
@ -10,7 +10,7 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme; home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme;
home.programs.firefox = { home.programs.firefox = {
enable = true; enable = true;

4
modules/desktop/gnome.nix
View File

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { config, lib, pkgs, self, ... }:
let cfg = config.modules.desktop.gnome; let cfg = config.modules.desktop.gnome;
in { in {
@ -207,7 +207,7 @@ in {
"Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} { "Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} {
General.theme = "KvLibadwaitaDark"; General.theme = "KvLibadwaitaDark";
}; };
"Kvantum/KvLibadwaita".source = "${inputs.kvlibadwaita}/src/KvLibadwaita"; "Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita";
}; };
user.packages = with pkgs; [ user.packages = with pkgs; [

4
modules/networking/tailscale.nix
View File

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { config, lib, pkgs, self, ... }:
let let
cfg = config.modules.networking.tailscale; cfg = config.modules.networking.tailscale;
@ -18,7 +18,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets."passwords/services/tailscale/${hostname}-authkey" = { age.secrets."passwords/services/tailscale/${hostname}-authkey" = {
file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age"; file = "${self.inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
}; };
environment.systemPackages = [ pkgs.tailscale ]; environment.systemPackages = [ pkgs.tailscale ];

4
modules/networking/wireless.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, self, ... }:
with lib; with lib;
@ -19,7 +19,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets."passwords/networks" = { age.secrets."passwords/networks" = {
file = "${inputs.secrets}/passwords/networks.age"; file = "${self.inputs.secrets}/passwords/networks.age";
}; };
networking = { networking = {

10
modules/options.nix
View File

@ -1,4 +1,4 @@
{ config, options, lib, home-manager, inputs, ... }: { config, options, lib, self, ... }:
with lib; with lib;
{ {
@ -29,14 +29,14 @@ with lib;
}; };
config = { config = {
age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age"; age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age";
user = user =
let user = builtins.getEnv "USER"; let user = builtins.getEnv "USER";
name = if elem user [ "" "root" ] then "jordan" else user; name = if elem user [ "" "root" ] then "jordan" else user;
in { in {
inherit name; inherit name;
isNormalUser = true; isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "lxd" "video" ]; extraGroups = [ "networkmanager" "wheel" "lxd" ];
description = "Jordan Holt"; description = "Jordan Holt";
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -68,8 +68,8 @@ with lib;
}; };
sharedModules = [ sharedModules = [
inputs.nixvim.homeManagerModules.nixvim self.inputs.nixvim.homeManagerModules.nixvim
inputs.plasma-manager.homeManagerModules.plasma-manager self.inputs.plasma-manager.homeManagerModules.plasma-manager
]; ];
}; };

4
modules/services/borgmatic/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, self, ... }:
let let
cfg = config.modules.services.borgmatic; cfg = config.modules.services.borgmatic;
@ -27,7 +27,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets."passwords/services/borg/${hostname}-passphrase" = { age.secrets."passwords/services/borg/${hostname}-passphrase" = {
file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age"; file = "${self.inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
}; };
services.borgmatic = { services.borgmatic = {

11
modules/services/coturn/default.nix
View File

@ -1,9 +1,4 @@
{ { config, lib, self, ... }:
config,
lib,
inputs,
...
}:
let let
cfg = config.modules.services.coturn; cfg = config.modules.services.coturn;
@ -54,13 +49,13 @@ in {
age.secrets = { age.secrets = {
"passwords/services/coturn/static-auth-secret" = { "passwords/services/coturn/static-auth-secret" = {
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age"; file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver"; owner = "turnserver";
group = "turnserver"; group = "turnserver";
}; };
} // (if cfg.matrixIntegration then { } // (if cfg.matrixIntegration then {
"passwords/services/coturn/matrix-turn-config.yml" = { "passwords/services/coturn/matrix-turn-config.yml" = {
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age"; file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse"; owner = "matrix-synapse";
group = "matrix-synapse"; group = "matrix-synapse";
}; };

4
modules/services/gitea-runner/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, inputs, ... }: { pkgs, config, lib, self, ... }:
# Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix # Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
@ -176,7 +176,7 @@ in
users.groups.nix-ci-user = { }; users.groups.nix-ci-user = { };
age.secrets."files/services/gitea-runner/${hostname}-token" = { age.secrets."files/services/gitea-runner/${hostname}-token" = {
file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age"; file = "${self.inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
group = "podman"; group = "podman";
}; };

8
modules/services/gitea/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, self, ... }:
let let
cfg = config.modules.services.gitea; cfg = config.modules.services.gitea;
@ -40,9 +40,9 @@ in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -" "d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css" "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${self.inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css" "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css" "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-dark.css"
]; ];
services.gitea = rec { services.gitea = rec {

2
modules/services/headscale/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;

6
modules/services/mail/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, self, ... }:
let let
cfg = config.modules.services.mail; cfg = config.modules.services.mail;
@ -22,6 +22,10 @@ in {
}; };
}; };
imports = [
self.inputs.nixos-mailserver.nixosModule
];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.roundcube = { services.roundcube = {
enable = true; enable = true;

10
modules/services/matrix/default.nix
View File

@ -1,10 +1,4 @@
{ { config, lib, pkgs, self, ... }:
config,
lib,
pkgs,
inputs,
...
}:
let let
cfg = config.modules.services.matrix; cfg = config.modules.services.matrix;
@ -197,7 +191,7 @@ in {
age.secrets = if cfg.slidingSync.enable then { age.secrets = if cfg.slidingSync.enable then {
"files/services/matrix/sliding-sync" = { "files/services/matrix/sliding-sync" = {
file = "${inputs.secrets}/files/services/matrix/sliding-sync.age"; file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age";
}; };
} else {}; } else {};

25
modules/services/nginx/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
@ -82,6 +82,13 @@ in {
worker_connections 20000; worker_connections 20000;
multi_accept off; multi_accept off;
''; '';
proxyCachePath = {
"skycam" = {
enable = true;
keysZoneName = "skycam_cache";
maxSize = "100m";
};
};
virtualHosts = { virtualHosts = {
## Static sites ## Static sites
"jellyfin.vimium.com" = { "jellyfin.vimium.com" = {
@ -105,6 +112,21 @@ in {
''; '';
}; };
}; };
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = {
proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
extraConfig = ''
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = { "pki.vimium.com" = {
addSSL = true; addSSL = true;
forceSSL = false; forceSSL = false;
@ -142,7 +164,6 @@ in {
## Redirects ## Redirects
// (mkRedirect "h0lt.com" "jdholt.com") // (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com") // (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "jdholt.com" "vimium.com")
// (mkRedirect "omnimagic.com" "vimium.com") // (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com") // (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com") // (mkRedirect "thelostlegend.com" "suhailhussain.com")

4
modules/services/photoprism/default.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, self, ... }:
with lib; with lib;
@ -36,7 +36,7 @@ in {
}; };
age.secrets."passwords/services/photoprism/admin" = { age.secrets."passwords/services/photoprism/admin" = {
file = "${inputs.secrets}/passwords/services/photoprism/admin.age"; file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age";
}; };
services.photoprism = { services.photoprism = {

32
overlays/0001-Always-installed.patch
View File

@ -1,32 +0,0 @@
From ff76624c4407c6132cd4068e6ce065a7b429351f Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 4 Aug 2024 15:46:04 +0100
Subject: [PATCH] Always installed
---
src/libcamera/source_paths.cpp | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/libcamera/source_paths.cpp b/src/libcamera/source_paths.cpp
index 1af5386a..3fc7d044 100644
--- a/src/libcamera/source_paths.cpp
+++ b/src/libcamera/source_paths.cpp
@@ -39,15 +39,6 @@ namespace {
*/
bool isLibcameraInstalled()
{
- /*
- * DT_RUNPATH (DT_RPATH when the linker uses old dtags) is removed on
- * install.
- */
- for (const ElfW(Dyn) *dyn = _DYNAMIC; dyn->d_tag != DT_NULL; ++dyn) {
- if (dyn->d_tag == DT_RUNPATH || dyn->d_tag == DT_RPATH)
- return false;
- }
-
return true;
}
--
2.44.1

6
overlays/gnome.nix → overlays/gnome/default.nix
View File

@ -1,8 +1,8 @@
self: super: final: prev:
{ {
gnome = super.gnome.overrideScope' (gself: gsuper: { gnome = prev.gnome.overrideScope' (gself: gsuper: {
mutter = gsuper.mutter.overrideAttrs (oldAttrs: { mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
src = super.fetchurl { src = prev.fetchurl {
url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz"; url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE="; sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
}; };

25
overlays/libcamera.nix
View File

@ -1,25 +0,0 @@
final: prev:
{
libcamera = prev.libcamera.overrideAttrs (old: {
postPatch = ''
patchShebangs utils/ src/py/
'';
patches = [
./0001-Remove-relative-config-lookups.patch
];
mesonFlags = old.mesonFlags ++ [
"--buildtype=release"
"-Dpipelines=rpi/vc4"
"-Dipas=rpi/vc4"
"-Dgstreamer=enabled"
"-Dtest=false"
"-Dcam=enabled"
];
});
camera-streamer = prev.callPackage ../pkgs/camera-streamer/package.nix {
libcamera = final.libcamera;
};
}

25
overlays/libcamera/0001-Ignore-IPA-signing.patch Normal file
View File

@ -0,0 +1,25 @@
From 625939e594ce255afa3fab3a40c3e524460e1f8b Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 10 Aug 2024 18:28:08 +0100
Subject: [PATCH] Ignore IPA signing
---
src/libcamera/ipa_manager.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index 6d5bbd05..43004175 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -295,7 +295,7 @@ bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
if (data.empty())
return false;
- bool valid = pubKey_.verify(data, ipa->signature());
+ bool valid = true;
LOG(IPAManager, Debug)
<< "IPA module " << ipa->path() << " signature is "
--
2.44.1

0
overlays/0001-Remove-relative-config-lookups.patch → overlays/libcamera/0001-Remove-relative-config-lookups.patch
View File

64
overlays/libcamera/default.nix Normal file
View File

@ -0,0 +1,64 @@
final: prev:
{
libpisp = final.stdenv.mkDerivation {
name = "libpisp";
version = "1.0.5";
src = final.fetchFromGitHub {
owner = "raspberrypi";
repo = "libpisp";
rev = "v1.0.5";
hash = "sha256-CHd44CH5dBcZuK+5fZtONZ8HE/lwGKwK5U0BYUK8gG4=";
};
nativeBuildInputs = with final; [
pkg-config
meson
ninja
];
buildInputs = with final; [
nlohmann_json
boost
];
BOOST_INCLUDEDIR = "${prev.lib.getDev final.boost}/include";
BOOST_LIBRARYDIR = "${prev.lib.getLib final.boost}/lib";
};
libcamera = prev.libcamera.overrideAttrs (old: {
src = final.fetchFromGitHub {
owner = "raspberrypi";
repo = "libcamera";
rev = "eb00c13d7c9f937732305d47af5b8ccf895e700f";
hash = "sha256-p0/inkHPRUkxSIsTmj7VI7sIaX7OXdqjMGZ31W7cnt4=";
};
postPatch = ''
patchShebangs utils/ src/py/
'';
patches = [
./0001-Remove-relative-config-lookups.patch
./0001-Ignore-IPA-signing.patch
];
buildInputs = old.buildInputs ++ (with final; [
libpisp
libglibutil
]);
mesonFlags = old.mesonFlags ++ [
"--buildtype=release"
"-Dpipelines=rpi/vc4,rpi/pisp"
"-Dipas=rpi/vc4,rpi/pisp"
"-Dgstreamer=enabled"
"-Dtest=false"
"-Dcam=enabled"
"-Dpycamera=disabled"
];
});
camera-streamer = prev.callPackage ../pkgs/camera-streamer/package.nix {
libcamera = final.libcamera;
};
}

25
pkgs/camera-streamer/0001-Disable-libdatachannel.patch Normal file
View File

@ -0,0 +1,25 @@
From 0f17bb86772afe9495891e420a809a0b3c071caf Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 10 Aug 2024 15:37:15 +0100
Subject: [PATCH] Disable libdatachannel
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index d5029bd..e50ba1a 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ USE_HW_H264 ?= 1
USE_FFMPEG ?= $(shell pkg-config libavutil libavformat libavcodec && echo 1)
USE_LIBCAMERA ?= $(shell pkg-config libcamera && echo 1)
USE_RTSP ?= $(shell pkg-config live555 && echo 1)
-USE_LIBDATACHANNEL ?= $(shell [ -e $(LIBDATACHANNEL_PATH)/CMakeLists.txt ] && echo 1)
+USE_LIBDATACHANNEL ?= 0
ifeq (1,$(DEBUG))
CFLAGS += -g
--
2.44.1

15
pkgs/camera-streamer/package.nix
View File

@ -1,5 +1,5 @@
{ stdenv { stdenv
, fetchFromGitea , fetchFromGitHub
, cmake , cmake
, gnumake , gnumake
@ -24,15 +24,18 @@ stdenv.mkDerivation (finalAttrs: {
pname = "camera-streamer"; pname = "camera-streamer";
version = "0.2.8"; version = "0.2.8";
src = fetchFromGitea { src = fetchFromGitHub {
domain = "git.vimium.com"; owner = "ayufan";
owner = "jordan";
repo = "camera-streamer"; repo = "camera-streamer";
rev = "464f05172c725b4b302464eecdb8b6e85fda6e84"; rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-IkLR/oozYU+hfpct+GXej2T3GEhauQtqwWOcrQAErbM="; hash = "sha256-8vV8BMFoDeh22I1/qxk6zttJROaD/lrThBxXHZSPpT4=";
fetchSubmodules = true; fetchSubmodules = true;
}; };
patches = [
./0001-Disable-libdatachannel.patch
];
# Second replacement fixes literal newline in generated version.h. # Second replacement fixes literal newline in generated version.h.
postPatch = '' postPatch = ''
substituteInPlace Makefile \ substituteInPlace Makefile \