noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-08 10:40:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:48b1d41afffc790310f545b171c0eb53e3173c81
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:eblume-mole
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

1 Commits
48b1d41aff ... eblume-mol

Author SHA1 Message Date
Noah Masur
068cdbf5d4 try building mole for eblume 
relates to #68
 2024-06-26 16:24:35 -04:00
46 changed files with 318 additions and 744 deletions
Expand all files Collapse all files

4
.github/workflows/update.yml vendored
View File

@ -19,14 +19,12 @@ jobs:
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
with:
nix-package-url: https://releases.nixos.org/nix/nix-2.18.4/nix-2.18.4-x86_64-linux.tar.xz
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v23
uses: DeterminateSystems/update-flake-lock@v21
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created

216
flake.lock generated
View File

@ -3,11 +3,11 @@
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1721805312,
"narHash": "sha256-qA1x5kplP2I8bURO0I4R0gt/zeznu9hQQ+XHptLGuwc=",
"lastModified": 1717182435,
"narHash": "sha256-duI3myrJSvmtjF9n7NVrVOsuSo1O3JEypA5ghBHsULc=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "1b25eac3ac03659c3d3af75c7455e179e5f197f7",
"rev": "4d3b27dbec65a44ceecd9306f605a980bcf4e9b1",
"type": "github"
},
"original": {
@ -87,11 +87,11 @@
]
},
"locked": {
"lastModified": 1724994893,
"narHash": "sha256-yutISDGg6HUaZqCaa54EcsfTwew3vhNtt/FNXBBo44g=",
"lastModified": 1718662658,
"narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "c8d3157d1f768e382de5526bb38e74d2245cad04",
"rev": "29b3096a6e283d7e6779187244cb2a3942239fdf",
"type": "github"
},
"original": {
@ -108,11 +108,11 @@
]
},
"locked": {
"lastModified": 1724895876,
"narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=",
"lastModified": 1718846788,
"narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
"owner": "nix-community",
"repo": "disko",
"rev": "511388d837178979de66d14ca4a2ebd5f7991cd3",
"rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
"type": "github"
},
"original": {
@ -145,11 +145,11 @@
]
},
"locked": {
"lastModified": 1725152465,
"narHash": "sha256-6oM7r2iu0pIGbhiitFyM1zNn2mScrYhQqZw1p8JV2Ss=",
"lastModified": 1718930737,
"narHash": "sha256-+nKJ/VP6X+hirXqRry3GzdNn4OJvOdB4nRnJY22ixFw=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "d6fb0bcaf97c356862baf1c90724314f36eebb72",
"rev": "087919070dffc9798a8cb753e97babe287f06c25",
"type": "github"
},
"original": {
@ -267,11 +267,11 @@
]
},
"locked": {
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"lastModified": 1718983978,
"narHash": "sha256-lp6stESwTLBZUQ5GBivxwNehShmBp4jqeX/1xahM61w=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"rev": "c559542f0aa87971a7f4c1b3478fe33cc904b902",
"type": "github"
},
"original": {
@ -291,11 +291,11 @@
]
},
"locked": {
"lastModified": 1719942949,
"narHash": "sha256-srSQac7dhXtisqu4XwPGrK8qcmT2rflJJ1mRIV9j0Qk=",
"lastModified": 1718893255,
"narHash": "sha256-NdSDGdz5eU/EcnGn8ECP1V+mn5hyGOZQ4ybv2bWTpuk=",
"owner": "hraban",
"repo": "mac-app-util",
"rev": "63f269f737cafb2219ba38780c1ecb1dc24bc4a2",
"rev": "1857b26aceaf64c2b6a357eb83cf34139b6365cc",
"type": "github"
},
"original": {
@ -304,72 +304,55 @@
"type": "github"
}
},
"markview-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1725132498,
"narHash": "sha256-R2QowdqGT5rIAvFjzUDyNpqfGz9y+oGitbnkmVnzsPc=",
"owner": "OXY2DEV",
"repo": "markview.nvim",
"rev": "ea71a5bc6e0a0b28af62e2f21d264ddcc466bd51",
"type": "github"
},
"original": {
"owner": "OXY2DEV",
"repo": "markview.nvim",
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1719431638,
"narHash": "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=",
"lastModified": 1702545935,
"narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz"
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz"
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1710338675,
"narHash": "sha256-bJJ/dVmE1o04QCyrxD0sko0okRsnxJmT6sOTOmBiifs=",
"lastModified": 1699624334,
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1718102703,
"narHash": "sha256-XNGjf7SWgJYFdVNOh3ED0jxSG0GJwWImVQq4cJT1Lo4=",
"lastModified": 1703426420,
"narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"locked": {
"lastModified": 1725162283,
"narHash": "sha256-WwCRAZzxYWUpOy6iVTDpVIr/DrkJkQGjgIdVWNfCH3Q=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.37.2-nextcloud.tar.gz"
"narHash": "sha256-7oJEJ6t6iS/pcnSHashf1AkOEf+gKizpQHBy9XwY4Yo=",
"type": "file",
"url": "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.1/snappymail-2.36.1-nextcloud.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.37.2-nextcloud.tar.gz"
"type": "file",
"url": "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.1/snappymail-2.36.1-nextcloud.tar.gz"
}
},
"nix2vim": {
@ -395,11 +378,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1724547350,
"narHash": "sha256-WKkGeNpenNMKD1gOF0Xuqi3VsKX/QCAiwz9qe5PDvzA=",
"lastModified": 1712450863,
"narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b741d900fecd2f0c32d90f853b24be9f5f098b7d",
"rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
"type": "github"
},
"original": {
@ -416,11 +399,11 @@
]
},
"locked": {
"lastModified": 1724893087,
"narHash": "sha256-M3+Z8SSpzKPQ+/vw9a99G9HfqKWbVGzhFz4p3KAX0NI=",
"lastModified": 1718025593,
"narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "0dd0205bc3f6d602ddb62aaece5f62a8715a9e85",
"rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3",
"type": "github"
},
"original": {
@ -431,11 +414,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"lastModified": 1718895438,
"narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
"type": "github"
},
"original": {
@ -461,29 +444,13 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725001927,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1725161660,
"narHash": "sha256-K0sqIq2BHo+OlYQoRMw8g+qtQOb1TvGjazS4NtQF6gk=",
"lastModified": 1719001822,
"narHash": "sha256-rbEP1CTzYvdSAKf1a729De9t8GMIrZ5GmD+PdYCnrgg=",
"owner": "nix-community",
"repo": "nur",
"rev": "45a53f457546d3c0bf3c4f4673cb53bb78279a07",
"rev": "e7edcaeae9db01224266febe88eb7d3411055636",
"type": "github"
},
"original": {
@ -495,11 +462,11 @@
"nvim-lint-src": {
"flake": false,
"locked": {
"lastModified": 1723839733,
"narHash": "sha256-V35ivsZnL9M5ge7E+7fqcLjjM3xsDGCLmxTmQ8iZNiA=",
"lastModified": 1717789608,
"narHash": "sha256-LNYFxAM9lQNNOIOc+IgKgbSRp2U09B/9HivSCwMyUpQ=",
"owner": "mfussenegger",
"repo": "nvim-lint",
"rev": "debabca63c0905b59ce596a55a8e33eafdf66342",
"rev": "941fa1220a61797a51f3af9ec6b7d74c8c7367ce",
"type": "github"
},
"original": {
@ -528,11 +495,11 @@
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1724556208,
"narHash": "sha256-/1qj0L/d/iZk+zn0JIUkdHSYp2etciMo35fhV28J5Kw=",
"lastModified": 1717900986,
"narHash": "sha256-7KO3wPW65IH4m0jEoyFScNiAVwrlNHU+p0H55AuwlWk=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "d43ab67d0eb4317961c5e9d15fffe908519debe0",
"rev": "2086e564c4d23fea714e8a6d63b881e551af2f41",
"type": "github"
},
"original": {
@ -544,11 +511,11 @@
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1725144173,
"narHash": "sha256-oo4U8PzLCkw4HYEw83/n0Xfry8QqO7D2ZkpiUHo/rN0=",
"lastModified": 1718957498,
"narHash": "sha256-GEuKEAZxLGMkyjdJGzrIKNR1X10RHlACC6s1lNOq7aw=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "749df308870381979dc098063973f6ace9968ef6",
"rev": "b967bbc27b564001c3d3b8ea93444cf6d0b21d23",
"type": "github"
},
"original": {
@ -603,7 +570,6 @@
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager",
"mac-app-util": "mac-app-util",
"markview-nvim-src": "markview-nvim-src",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
@ -612,7 +578,6 @@
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"nixpkgs-caddy": "nixpkgs-caddy",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"nvim-lint-src": "nvim-lint-src",
"nvim-lspconfig-src": "nvim-lspconfig-src",
@ -620,11 +585,8 @@
"nvim-treesitter-src": "nvim-treesitter-src",
"ren": "ren",
"rep": "rep",
"snipe-nvim-src": "snipe-nvim-src",
"stu": "stu",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"tiny-inline-diagnostic-nvim-src": "tiny-inline-diagnostic-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
@ -638,38 +600,6 @@
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
}
},
"snipe-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1724418876,
"narHash": "sha256-G4g/OzyXhDhX84HkxlhFSy6E+EAGxH+HL1Bw5s5FWHE=",
"owner": "leath-dub",
"repo": "snipe.nvim",
"rev": "f1abd4aaaef6398b45dcddc9f1a40dd982f732b0",
"type": "github"
},
"original": {
"owner": "leath-dub",
"repo": "snipe.nvim",
"type": "github"
}
},
"stu": {
"flake": false,
"locked": {
"lastModified": 1721633982,
"narHash": "sha256-JLsUMZDXK89QmHLlGG9i5L+1e/redjk5ff6NiZdNsYo=",
"owner": "lusingander",
"repo": "stu",
"rev": "aefd555fb3e128d40f8bd80d37aa5c6e5d8bc011",
"type": "github"
},
"original": {
"owner": "lusingander",
"repo": "stu",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -748,22 +678,6 @@
"type": "github"
}
},
"tiny-inline-diagnostic-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1725043147,
"narHash": "sha256-JSW+5s9OAhSRLB1ca1s67K3Uk2UY2JWnzpxX3JeaIBo=",
"owner": "rachartier",
"repo": "tiny-inline-diagnostic.nvim",
"rev": "8387094305d51c55100528c6a45254c011f8ba13",
"type": "github"
},
"original": {
"owner": "rachartier",
"repo": "tiny-inline-diagnostic.nvim",
"type": "github"
}
},
"toggleterm-nvim-src": {
"flake": false,
"locked": {
@ -801,11 +715,11 @@
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1724942827,
"narHash": "sha256-FTs1O87hS30wMYnZ7qwKRnv36wepMAEX7MmvR/leZOw=",
"lastModified": 1716889525,
"narHash": "sha256-IyHrIxcmuzs60zUiJv4E3nSkhSkgbcaLDUdeDx5mlHk=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "fc37e95b8d9651c60d81cccbcbbc55867dbb0afd",
"rev": "87176e524f0a98f5be75fa44f4f0ff5c6eac069c",
"type": "github"
},
"original": {
@ -850,11 +764,11 @@
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1724692805,
"narHash": "sha256-Mg/U7X9uvHEwo06bo0aBmJHbH9wsZ+nKBt0Dpz4o6l0=",
"lastModified": 1714528221,
"narHash": "sha256-hHQ5gK4dTRSdp0fLKarytU9vFhsBeQp7Ka61vFoIr7Y=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "346fa42dc2990d2a2736cc60891369d0d3d8e65c",
"rev": "71778c2a472ed00a64abf4219544edbf8e4b86d7",
"type": "github"
},
"original": {
@ -921,11 +835,11 @@
]
},
"locked": {
"lastModified": 1724664098,
"narHash": "sha256-4SgV4jCoN5RffR1Mtn3HI1cjgHmARh+rZrpVlBclj9U=",
"lastModified": 1718710563,
"narHash": "sha256-O4rrM0Bkh3IRe8D600iniQ52QTmlnuTSp2KyXV7C2jE=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "345dfa06658a37873ca18aa205f409e4aaf1caa6",
"rev": "2fb93bea657ad99a7005ef601c67cb2820560a41",
"type": "github"
},
"original": {

38
flake.nix
View File

@ -7,9 +7,6 @@
# Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Used for specific stable packages
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
# Used for caddy plugins
nixpkgs-caddy.url = "github:jpds/nixpkgs/caddy-external-plugins";
@ -130,18 +127,6 @@
url = "github:mfussenegger/nvim-lint";
flake = false;
};
markview-nvim-src = {
url = "github:OXY2DEV/markview.nvim";
flake = false;
};
tiny-inline-diagnostic-nvim-src = {
url = "github:rachartier/tiny-inline-diagnostic.nvim";
flake = false;
};
snipe-nvim-src = {
url = "github:leath-dub/snipe.nvim";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
@ -189,33 +174,26 @@
flake = false;
};
# Stu - TUI for S3
stu = {
url = "github:lusingander/stu";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz";
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url = "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz";
url = "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz";
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
# https://snappymail.eu/repository/nextcloud
url = "https://snappymail.eu/repository/nextcloud/snappymail-2.37.2-nextcloud.tar.gz";
# url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
url = "file+https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.1/snappymail-2.36.1-nextcloud.tar.gz";
flake = false;
};
};
@ -240,14 +218,12 @@
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
files = "files.${baseName}";
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
n8n = "n8n2.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
@ -264,6 +240,7 @@
inputs.nur.overlay
inputs.nix2vim.overlay
(import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
@ -271,7 +248,6 @@
(import ./overlays/betterlockscreen.nix)
(import ./overlays/gh-collaborators.nix)
(import ./overlays/ren-rep.nix inputs)
(import ./overlays/stu.nix inputs)
];
# System types to support.
@ -343,7 +319,6 @@
system = "x86_64-linux";
format = "iso";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
@ -352,7 +327,6 @@
system = "x86_64-linux";
format = "amazon";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [

3
hosts/flame/default.nix
View File

@ -17,7 +17,6 @@
inputs.nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [
@ -80,8 +79,6 @@ inputs.nixpkgs.lib.nixosSystem rec {
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
services.n8n.enable = true;
services.ntfy-sh.enable = true;
system.autoUpgrade.enable = true;
# Allows private remote access over the internet

2
hosts/lookingglass/default.nix
View File

@ -34,6 +34,7 @@ inputs.darwin.lib.darwinSystem {
dark = true;
};
mail.user = globals.user;
mole.enable = true;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
@ -53,7 +54,6 @@ inputs.darwin.lib.darwinSystem {
_1password.enable = true;
slack.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
}
];
}

2
hosts/swan/default.nix
View File

@ -11,7 +11,6 @@
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [
@ -97,7 +96,6 @@ inputs.nixpkgs.lib.nixosSystem rec {
cloudflare.enable = true;
dotfiles.enable = true;
arrs.enable = true;
filebrowser.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.jellyfin.enable = true;

7
hosts/tempest/default.nix
View File

@ -8,12 +8,8 @@
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [
globals
inputs.home-manager.nixosModules.home-manager
@ -122,7 +118,6 @@ inputs.nixpkgs.lib.nixosSystem rec {
dwarf-fortress.enable = true;
enable = true;
steam.enable = true;
moonlight.enable = true;
legendary.enable = true;
lutris.enable = true;
ryujinx.enable = true;

1
modules/common/applications/default.nix
View File

@ -8,6 +8,7 @@
./firefox.nix
./kitty.nix
./media.nix
./mole.nix
./obsidian.nix
./qbittorrent.nix
./slack.nix

11
modules/common/applications/kitty.nix
View File

@ -34,13 +34,10 @@
programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux (lib.mkDefault "${pkgs.kitty}/bin/kitty");
# Display images in the terminal
programs.fish.interactiveShellInit = # fish
''
if test "$TERM" = "xterm-kitty"
alias icat="kitty +kitten icat"
alias ssh="kitty +kitten ssh"
end
'';
programs.fish.shellAliases = {
icat = "kitty +kitten icat";
ssh = "kitty +kitten ssh";
};
programs.kitty = {
enable = true;

110
modules/common/applications/mole.nix Normal file
View File

@ -0,0 +1,110 @@
{
config,
pkgs,
lib,
...
}:
let
# Build kdl-py
kdl-py = pkgs.python311.pkgs.buildPythonPackage rec {
pname = "kdl-py";
version = "1.2.0";
pyproject = true;
src = pkgs.fetchPypi {
inherit pname version;
hash = "sha256-Y/P0bGJ33trc5E3PyUZyv25r8zMLkBIuATTCKFfimXM=";
};
build-system = [ pkgs.python311.pkgs.setuptools ];
# has no tests
doCheck = false;
};
mole = pkgs.python311.pkgs.buildPythonPackage rec {
pname = "mole";
version = "0.7.1";
pyproject = true;
src = pkgs.fetchFromGitHub {
owner = "eblume";
repo = pname;
rev = "30bb052a97050b1fa89c287855d834f7952b195a";
sha256 = "sha256-DUWsfyICCfFQ2ZQBYSQVoA3eLdKC8djUylKgGdHIyJo=";
};
patches = [
(builtins.toString (
pkgs.writeText "pyproject.toml.patch" ''
diff --git a/pyproject.toml b/pyproject.toml
index 12ce0f5..787e978 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,11 +12,11 @@ packages = [
[tool.poetry.dependencies]
python = "^3.11"
# Now back to the regular dependencies
-typer = {extras = ["all"], version = "^0.9"}
+typer = {extras = ["all"], version = "^0.12"}
todoist-api-python = "^2.1.3"
openai = "^1.2.4"
rich = "^13.4.2"
-watchdog = "^3.0.0"
+watchdog = "^4.0.0"
pydub = "^0.25.1"
requests = "^2.31.0"
pyyaml = "^6.0.1"
''
))
];
# Used during build time
nativeBuildInputs = [ pkgs.python311Packages.poetry-core ];
# Used during run time
buildInputs = [
pkgs._1password
pkgs.nb-cli
];
# Both build and run time
propagatedBuildInputs = [
pkgs.python311Packages.typer
pkgs.python311Packages.todoist-api-python
pkgs.python311Packages.openai
pkgs.python311Packages.rich
pkgs.python311Packages.watchdog
pkgs.python311Packages.pydub
pkgs.python311Packages.requests
pkgs.python311Packages.pyyaml
pkgs.python311Packages.pydantic
pkgs.python311Packages.pendulum
kdl-py
pkgs.ffmpeg
];
build-system = [ pkgs.python311.pkgs.setuptools ];
# has no tests
doCheck = false;
};
in
{
options = {
mole = {
enable = lib.mkEnableOption {
description = "Enable Mole.";
default = false;
};
};
};
config = lib.mkIf config.mole.enable {
home-manager.users.${config.user} = {
home.packages = [ mole ];
};
};
}

2
modules/common/applications/wezterm.nix
View File

@ -169,7 +169,7 @@
-- super-t open new tab in new dir
{
key = 't',
mods = ${if pkgs.stdenv.isDarwin then "'SUPER'" else "'ALT'"},
mods = 'SUPER',
action = wezterm.action.SpawnCommandInNewTab {
cwd = wezterm.home_dir,
},

8
modules/common/default.nix
View File

@ -77,10 +77,6 @@
default = [ ];
};
hostnames = {
files = lib.mkOption {
type = lib.types.str;
description = "Hostname for files server (Filebrowser).";
};
git = lib.mkOption {
type = lib.types.str;
description = "Hostname for git server (Gitea).";
@ -133,10 +129,6 @@
type = lib.types.str;
description = "Hostname for n8n automation.";
};
notifications = lib.mkOption {
type = lib.types.str;
description = "Hostname for push notification services (ntfy).";
};
transmission = lib.mkOption {
type = lib.types.str;
description = "Hostname for peer2peer downloads (Transmission).";

6
modules/common/neovim/config/bufferline.nix
View File

@ -6,7 +6,6 @@
plugins = [
pkgs.vimPlugins.bufferline-nvim
pkgs.vimPlugins.vim-bbye # Better closing of buffers
pkgs.vimPlugins.snipe-nvim # Jump between open buffers
];
setup.bufferline = {
options = {
@ -16,7 +15,6 @@
offsets = [ { filetype = "NvimTree"; } ];
};
};
setup.snipe = { };
lua = ''
-- Move buffers
vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true })
@ -24,7 +22,5 @@
-- Kill buffer
vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true })
-- Jump to buffer
vim.keymap.set("n", "gb", require("snipe").open_buffer_menu, { silent = true }) '';
'';
}

8
modules/common/neovim/config/lsp.nix
View File

@ -19,11 +19,9 @@
pkgs.vimPlugins.fidget-nvim
pkgs.vimPlugins.nvim-lint
pkgs.vimPlugins.vim-table-mode
pkgs.vimPlugins.tiny-inline-diagnostic-nvim
];
setup.fidget = { };
setup.tiny-inline-diagnostic = { };
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = {
@ -73,9 +71,6 @@
files = {
excludeDirs = [ ".direnv" ];
};
cargo = {
features = "all";
};
};
};
};
@ -138,9 +133,6 @@
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
-- Hide buffer diagnostics (use tiny-inline-diagnostic.nvim instead)
vim.diagnostic.config({ virtual_text = false })
'';
};
}

8
modules/common/neovim/config/misc.nix
View File

@ -10,7 +10,7 @@
pkgs.vimPlugins.vim-eunuch # File manipulation commands
pkgs.vimPlugins.vim-fugitive # Git commands
pkgs.vimPlugins.vim-repeat # Better repeat using .
pkgs.vimPlugins.markview-nvim # Markdown preview
pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper
];
@ -21,7 +21,7 @@
names = false;
};
};
setup.markview = { };
setup.glow = { };
setup.which-key = { };
vim.o = {
@ -57,8 +57,8 @@
# Better backup, swap and undo storage
vim.o.backup = true; # Easier to recover and more secure
vim.opt.undofile = true; # Keeps undos after quit
vim.opt.swapfile = false; # Instead of swaps, create backups
vim.bo.swapfile = false; # Instead of swaps, create backups
vim.bo.undofile = true; # Keeps undos after quit
vim.o.backupdir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")'';
vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")'';

5
modules/common/neovim/config/toggleterm.nix
View File

@ -14,6 +14,11 @@
open_mapping = dsl.rawLua "[[<c-\\>]]";
hide_numbers = true;
direction = "float";
float_opts = {
width = dsl.rawLua "vim.o.columns - 4";
height = dsl.rawLua "vim.o.lines - 4";
row = 0;
};
};
lua = ''

11
modules/common/shell/bash/scripts/terraform-init.sh
View File

@ -6,15 +6,14 @@ BUCKET_NAME_PART_1="t2"
BUCKET_NAME_PART_2="global"
BUCKET_NAME_PART_3="terraformstate"
PROJECT_ROOT=$(git rev-parse --show-toplevel)
WORKFLOW_FILE="${PROJECT_ROOT}/.github/workflows/terraform.yml"
WORKFLOW_FILE=".github/workflows/terraform.yml"
if [ ! -f "$WORKFLOW_FILE" ]; then
WORKFLOW_FILE="${PROJECT_ROOT}/.github/workflows/apply.yml"
if [ ! -f $WORKFLOW_FILE ]; then
WORKFLOW_FILE=".github/workflows/apply.yml"
fi
AWS_ACCOUNT_NUMBER=$(
awk '/aws_account_number: .*/ {print $2}' "$WORKFLOW_FILE" | # Grab account number
awk '/aws_account_number: .*/ {print $2}' $WORKFLOW_FILE | # Grab account number
echo "$(
read -r s
s=${s//\'/}
@ -24,7 +23,7 @@ AWS_ACCOUNT_NUMBER=$(
if [ -z "${AWS_ACCOUNT_NUMBER}" ]; then
AWS_ACCOUNT_NUMBER=$(
awk '/AWS_ACCOUNT_NUMBER: .*/ {print $2}' "$WORKFLOW_FILE" | # Grab account number
awk '/AWS_ACCOUNT_NUMBER: .*/ {print $2}' $WORKFLOW_FILE | # Grab account number
echo "$(
read -r s
s=${s//\'/}

1
modules/common/shell/fish/default.nix
View File

@ -105,7 +105,6 @@
s = "sudo";
sc = "systemctl";
scs = "systemctl status";
sca = "systemctl cat";
m = "make";
t = "trash";

1
modules/darwin/system.nix
View File

@ -106,6 +106,7 @@
"${pkgs.discord}/Applications/Discord.app"
"${pkgs.obsidian}/Applications/Obsidian.app"
"${pkgs.wezterm}/Applications/WezTerm.app"
"/System/Applications/System Settings.app"
];
};

3
modules/darwin/user.nix
View File

@ -14,9 +14,6 @@
# shell = pkgs.fish; # Default shell
};
# This might fix the shell issues
# users.knownUsers = [ config.user ];
home-manager.users.${config.user} = {
# Default shell setting doesn't work

3
modules/darwin/utilities.nix
View File

@ -19,6 +19,7 @@
pkgs.visidata # CSV inspector
pkgs.dos2unix # Convert Windows text files
pkgs.inetutils # Includes telnet
pkgs.youtube-dl # Convert web videos
pkgs.pandoc # Convert text documents
pkgs.mpd # TUI slideshows
pkgs.mpv # Video player
@ -26,14 +27,12 @@
pkgs.awscli2
pkgs.ssm-session-manager-plugin
pkgs.awslogs
pkgs.stu # TUI for AWS S3
pkgs.google-cloud-sdk
pkgs.vault-bin
pkgs.consul
pkgs.noti # Create notifications programmatically
pkgs.ipcalc # Make IP network calculations
pkgs.teams
pkgs.cloudflared # Allow connecting to Cloudflare tunnels
(pkgs.writeShellApplication {
name = "ocr";
runtimeInputs = [ pkgs.tesseract ];

37
modules/nixos/applications/calendar.nix
View File

@ -1,37 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options = {
calendar = {
enable = lib.mkEnableOption {
description = "Enable calendar.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.calendar.enable) {
home-manager.users.${config.user} = {
accounts.calendar.accounts.default = {
basePath = "other/calendars"; # Where to save calendars in ~ directory
name = "personal";
local.type = "filesystem";
primary = true;
remote = {
passwordCommand = [ "" ];
type = "caldav";
url = "https://${config.hostnames.content}/remote.php/dav/principals/users/${config.user}";
userName = config.user;
};
};
home.packages = with pkgs; [ gnome-calendar ];
};
};
}

1
modules/nixos/applications/default.nix
View File

@ -2,7 +2,6 @@
{
imports = [
./calendar.nix
./calibre.nix
./nautilus.nix
];

6
modules/nixos/applications/nautilus.nix
View File

@ -20,7 +20,7 @@
# Quick preview with spacebar
services.gnome.sushi.enable = true;
environment.systemPackages = [ pkgs.nautilus ];
environment.systemPackages = [ pkgs.gnome.nautilus ];
home-manager.users.${config.user} = {
@ -28,13 +28,13 @@
xsession.windowManager.i3.config.keybindings = {
"${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+n" = "exec --no-startup-id ${pkgs.nautilus}/bin/nautilus";
}+n" = "exec --no-startup-id ${pkgs.gnome.nautilus}/bin/nautilus";
};
# Generates a QR code and previews it with sushi
programs.fish.functions = {
qr = {
body = "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.sushi}/bin/sushi /tmp/qr.png";
body = "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
};
};

1
modules/nixos/gaming/default.nix
View File

@ -12,7 +12,6 @@
./legendary.nix
./lutris.nix
./minecraft-server.nix
./moonlight.nix
./ryujinx.nix
./steam.nix
];

14
modules/nixos/gaming/moonlight.nix
View File

@ -1,14 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options.gaming.moonlight.enable = lib.mkEnableOption "Enable Moonlight game streaming client.";
config = lib.mkIf config.gaming.moonlight.enable {
environment.systemPackages = with pkgs; [ moonlight-qt ];
};
}

8
modules/nixos/graphical/polybar.nix
View File

@ -42,7 +42,7 @@
module-margin = 1;
modules-left = "i3";
modules-center = "xwindow";
modules-right = "mailcount network pulseaudio date power";
modules-right = "mailcount network pulseaudio date keyboard power";
cursor-click = "pointer";
cursor-scroll = "ns-resize";
enable-ipc = true;
@ -209,6 +209,12 @@
label-foreground = config.theme.colors.base06;
# format-background = colors.background;
};
"module/keyboard" = {
type = "custom/text";
content = "󰌌";
click-left = "doas systemctl restart keyd";
content-foreground = config.theme.colors.base04;
};
"module/power" = {
type = "custom/text";
content = " ";

2
modules/nixos/hardware/audio.nix
View File

@ -36,6 +36,8 @@ in
{
config = lib.mkIf (pkgs.stdenv.isLinux && config.gui.enable) {
sound.enable = true;
# Enable PipeWire
services.pipewire = {
enable = true;

41
modules/nixos/hardware/keyboard.nix
View File

@ -1,4 +1,9 @@
{ config, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf config.physical {
@ -12,29 +17,23 @@
autoRepeatInterval = 40;
};
# Swap Caps-Lock with Escape when pressed or LCtrl when held/combined with others
# Inspired by: https://www.youtube.com/watch?v=XuQVbZ0wENE
services.kanata = {
# Use capslock as escape and/or control
services.keyd = {
enable = true;
keyboards.default = {
devices = [
"/dev/input/by-id/usb-Logitech_Logitech_G710_Keyboard-event-kbd"
"/dev/input/by-id/usb-Logitech_Logitech_G710_Keyboard-if01-event-kbd"
];
extraDefCfg = "process-unmapped-keys yes";
config = ''
(defsrc
caps
)
(defalias
escctrl (tap-hold-press 1000 1000 esc lctrl)
)
(deflayer base
@escctrl
)
'';
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
capslock = "overload(control, esc)";
};
};
};
};
};
# For some reason, keyd doesn't restart properly when updating
system.activationScripts.keyd.text = "${pkgs.systemd}/bin/systemctl restart keyd.service";
# Enable num lock on login
home-manager.users.${config.user}.xsession.numlock.enable = true;

10
modules/nixos/hardware/mouse.nix
View File

@ -21,15 +21,5 @@
accelProfile = "flat";
accelSpeed = "1.15";
};
# Cursor
home-manager.users.${config.user}.home.pointerCursor = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = 24;
gtk.enable = true;
x11.enable = true;
};
};
}

143
modules/nixos/services/caddy.nix
View File

@ -46,7 +46,7 @@
# Force Caddy to 403 if not coming from allowlisted source
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
caddy.routes = lib.mkBefore [
caddy.routes = [
{
match = [ { not = [ { remote_ip.ranges = config.caddy.cidrAllowlist; } ]; } ];
handle = [
@ -58,26 +58,7 @@
}
];
services.caddy =
let
default_logger_name = "other";
roll_size_mb = 25;
# Extract list of hostnames (fqdns) from current caddy routes
getHostnameFromMatch = match: if (lib.hasAttr "host" match) then match.host else [ ];
getHostnameFromRoute =
route:
if (lib.hasAttr "match" route) then (lib.concatMap getHostnameFromMatch route.match) else [ ];
hostnames_non_unique = lib.concatMap getHostnameFromRoute config.caddy.routes;
hostnames = lib.unique hostnames_non_unique;
# Create attrset of subdomains to their fqdns
hostname_map = builtins.listToAttrs (
map (hostname: {
name = builtins.head (lib.splitString "." hostname);
value = hostname;
}) hostnames
);
in
{
services.caddy = {
adapter = "''"; # Required to enable JSON
configFile = pkgs.writeText "Caddyfile" (
builtins.toJSON {
@ -88,124 +69,30 @@
routes = config.caddy.routes;
errors.routes = config.caddy.blocks;
# Uncommenting collects access logs
logs = {
inherit default_logger_name;
# Invert hostnames keys and values
logger_names = lib.mapAttrs' (name: value: {
name = value;
value = name;
}) hostname_map;
};
logs = { }; # Uncommenting collects access logs
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
# Setup logging to journal and files
logging.logs =
{
# System logs and catch-all
# Must be called `default` to override Caddy's built-in default logger
default = {
# Setup logging to file
logging.logs.main = {
encoder = {
format = "console";
};
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/caddy.log";
roll = true;
roll_size_mb = 1;
};
level = "INFO";
encoder.format = "console";
writer = {
output = "stderr";
};
exclude = (map (hostname: "http.log.access.${hostname}") (builtins.attrNames hostname_map)) ++ [
"http.log.access.${default_logger_name}"
];
};
# This is for the default access logs (anything not captured by hostname)
other = {
level = "INFO";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/other.log";
roll = true;
inherit roll_size_mb;
};
include = [ "http.log.access.${default_logger_name}" ];
};
# This is for using the Caddy API, which will probably never happen
admin = {
level = "INFO";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/admin.log";
roll = true;
inherit roll_size_mb;
};
include = [ "admin" ];
};
# This is for TLS cert management tracking
tls = {
level = "INFO";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/tls.log";
roll = true;
inherit roll_size_mb;
};
include = [ "tls" ];
};
# This is for debugging
debug = {
level = "DEBUG";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/debug.log";
roll = true;
roll_keep = 1;
inherit roll_size_mb;
};
};
}
# These are the access logs for individual hostnames
// (lib.mapAttrs (name: value: {
level = "INFO";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/${name}-access.log";
roll = true;
inherit roll_size_mb;
};
include = [ "http.log.access.${name}" ];
}) hostname_map)
# We also capture just the errors separately for easy debugging
// (lib.mapAttrs' (name: value: {
name = "${name}-error";
value = {
level = "ERROR";
encoder.format = "json";
writer = {
output = "file";
filename = "${config.services.caddy.logDir}/${name}-error.log";
roll = true;
inherit roll_size_mb;
};
include = [ "http.log.access.${name}" ];
};
}) hostname_map);
}
);
};
systemd.services.caddy.serviceConfig = {
# Allows Caddy to serve lower ports (443, 80)
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# Prevent flooding of logs by rate-limiting
LogRateLimitIntervalSec = "5s"; # Limit period
LogRateLimitBurst = 100; # Limit threshold
};
systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# Required for web traffic to reach this machine
networking.firewall.allowedTCPPorts = [

28
modules/nixos/services/cloudflare.nix
View File

@ -78,8 +78,6 @@ in
issuers = [
{
module = "acme";
email = "acme@${config.mail.server}";
account_key = "{env.ACME_ACCOUNT_KEY}";
challenges = {
dns = {
provider = {
@ -94,18 +92,7 @@ in
}
];
# Allow Caddy to read Cloudflare API key for DNS validation
systemd.services.caddy.serviceConfig.EnvironmentFile = [
config.secrets.cloudflare-api.dest
config.secrets.letsencrypt-key.dest
];
# Private key is used for LetsEncrypt
secrets.letsencrypt-key = {
source = ../../../private/letsencrypt-key.age;
dest = "${config.secretsDirectory}/letsencrypt-key";
owner = "caddy";
group = "caddy";
};
systemd.services.caddy.serviceConfig.EnvironmentFile = config.secrets.cloudflare-api.dest;
# API key must have access to modify Cloudflare DNS records
secrets.cloudflare-api = {
@ -117,14 +104,8 @@ in
# Wait for secret to exist
systemd.services.caddy = {
after = [
"cloudflare-api-secret.service"
"letsencrypt-key-secret.service"
];
requires = [
"cloudflare-api-secret.service"
"letsencrypt-key-secret.service"
];
after = [ "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
};
# Allows Nextcloud to trust Cloudflare IPs
@ -135,9 +116,6 @@ in
[ "127.0.0.1" ] ++ cloudflareIpRanges
);
# Using dyn-dns instead of ddclient because I can't find a way to choose
# between proxied and non-proxied records for Cloudflare using just
# ddclient.
services.cloudflare-dyndns =
lib.mkIf ((builtins.length config.services.cloudflare-dyndns.domains) > 0)
{

2
modules/nixos/services/default.nix
View File

@ -12,7 +12,6 @@
./calibre.nix
./cloudflare-tunnel.nix
./cloudflare.nix
./filebrowser.nix
./identity.nix
./irc.nix
./gitea-runner.nix
@ -27,7 +26,6 @@
./n8n.nix
./netdata.nix
./nextcloud.nix
./ntfy.nix
./paperless.nix
./postgresql.nix
./prometheus.nix

74
modules/nixos/services/filebrowser.nix
View File

@ -1,74 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
user =
if config.services.nextcloud.enable then
config.services.phpfpm.pools.nextcloud.user
else
"filebrowser";
dataDir = "/var/lib/filebrowser";
settings = {
port = 8020;
baseURL = "";
address = "";
log = "stdout";
database = "${dataDir}/filebrowser.db";
root = "";
"auth.method" = "json";
username = config.user;
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
};
in
{
options.filebrowser.enable = lib.mkEnableOption "Use Filebrowser.";
config = lib.mkIf config.filebrowser.enable {
environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings;
systemd.services.filebrowser = lib.mkIf config.filebrowser.enable {
description = "Filebrowser cloud file services";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
serviceConfig = {
ExecStart = "${pkgs.filebrowser}/bin/filebrowser";
DynamicUser = !config.services.nextcloud.enable; # Unique user if not using Nextcloud
User = user;
Group = user;
ReadWritePaths = [ dataDir ];
StateDirectory = [ "filebrowser" ];
Restart = "on-failure";
RestartPreventExitStatus = 1;
RestartSec = "5s";
};
};
caddy.routes = [
{
match = [ { host = [ config.hostnames.files ]; } ];
handle = [
{
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:${builtins.toString settings.port}"; } ];
}
];
}
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.files ];
};
}

76
modules/nixos/services/grafana.nix
View File

@ -669,7 +669,7 @@ in
};
editorMode = "code";
exemplar = false;
"expr" = ''delta(zfs_dataset_used_bytes{name="tank"}[1d])'';
"expr" = ''increase(zfs_dataset_used_bytes{name="tank"}[1d])'';
hide = false;
instant = false;
interval = "";
@ -683,7 +683,7 @@ in
uid = promUid;
};
editorMode = "code";
"expr" = ''delta(zfs_dataset_used_bytes{name="tank"}[7d])'';
"expr" = ''increase(zfs_dataset_used_bytes{name="tank"}[7d])'';
hide = false;
legendFormat = "Past Week";
range = true;
@ -695,7 +695,7 @@ in
uid = promUid;
};
editorMode = "code";
"expr" = ''delta(zfs_dataset_used_bytes{name="tank"}[30d])'';
"expr" = ''increase(zfs_dataset_used_bytes{name="tank"}[30d])'';
hide = false;
legendFormat = "Past Month";
range = true;
@ -885,28 +885,6 @@ in
}
];
}
{
matcher = {
id = "byName";
options = "localhost:8086";
};
properties = [
{
id = "displayName";
value = "InfluxDB";
}
{
id = "links";
value = [
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.influxdb}";
}
];
}
];
}
{
matcher = {
id = "byName";
@ -951,28 +929,6 @@ in
}
];
}
{
matcher = {
id = "byName";
options = "localhost:9000";
};
properties = [
{
id = "displayName";
value = "The Lounge";
}
{
id = "links";
value = [
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.irc}";
}
];
}
];
}
{
matcher = {
id = "byName";
@ -1083,28 +1039,6 @@ in
}
];
}
{
matcher = {
id = "byName";
options = "localhost:${builtins.toString config.services.paperless.port}";
};
properties = [
{
id = "displayName";
value = "Paperless";
}
{
id = "links";
value = [
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.paperless}";
}
];
}
];
}
];
};
gridPos = {
@ -2387,7 +2321,7 @@ in
datasourceUid = promUid;
model = {
editorMode = "code";
expr = ''systemd_unit_state{name=~"cloudflared-tunnel-.*", state="active", job!="tempest"}'';
expr = ''systemd_unit_state{name=~"cloudflared-tunnel-.*", state="active"}'';
hide = false;
instant = true;
intervalMs = 1000;
@ -2484,7 +2418,7 @@ in
execErrState = "Error";
for = "5m";
annotations = {
description = "Cloudflare Tunnel for {{ index $labels \"job\" }}.";
description = "Cloudflare Tunnel for {{ $job }}.";
summary = "Cloudflare Tunnel is down.";
};
isPaused = false;

2
modules/nixos/services/nextcloud.nix
View File

@ -26,8 +26,6 @@
trusted_domains = [ config.hostnames.content ];
trusted_proxies = [ "127.0.0.1" ];
maintenance_window_start = 4; # Run jobs at 4am UTC
log_type = "file";
loglevel = 1; # Include all actions in the log
};
extraAppsEnable = true;
extraApps = {

33
modules/nixos/services/ntfy.nix
View File

@ -1,33 +0,0 @@
{ config, lib, ... }:
{
config = lib.mkIf config.services.ntfy-sh.enable {
services.ntfy-sh = {
settings = rec {
base-url = "https://${config.hostnames.notifications}";
upstream-base-url = "https://ntfy.sh";
listen-http = ":8333";
behind-proxy = true;
auth-default-access = "deny-all";
auth-file = "/var/lib/ntfy-sh/user.db";
};
};
caddy.routes = [
{
match = [ { host = [ config.hostnames.notifications ]; } ];
handle = [
{
handler = "reverse_proxy";
upstreams = [ { dial = "localhost${config.services.ntfy-sh.settings.listen-http}"; } ];
}
];
}
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.notifications ];
};
}

8
modules/nixos/services/victoriametrics.nix
View File

@ -5,7 +5,6 @@
config,
pkgs,
lib,
pkgs-stable,
...
}:
@ -39,10 +38,6 @@ in
config = {
services.victoriametrics.extraOptions = [
"-promscrape.config=${(pkgs.formats.yaml { }).generate "scrape.yml" prometheusConfig}"
];
systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
description = "VictoriaMetrics basic auth proxy";
after = [ "network.target" ];
@ -89,10 +84,7 @@ in
# VMAgent
services.vmagent = {
package = pkgs-stable.vmagent;
prometheusConfig = prometheusConfig;
# https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5567
extraArgs = [ "-promscrape.maxScrapeSize 450000000" ];
remoteWrite = {
url = "https://${config.hostnames.prometheus}/api/v1/write";
basicAuthUsername = username;

5
modules/nixos/system/journald.nix
View File

@ -4,10 +4,7 @@
# How long to keep journalctl entries
# This helps to make sure log disk usage doesn't grow too unwieldy
services.journald.extraConfig = ''
SystemMaxUse=4G
SystemKeepFree=10G
SystemMaxFileSize=128M
SystemMaxFiles=500
SystemMaxUse=100M
MaxFileSec=1month
MaxRetentionSec=2month
'';

27
overlays/calibre-web-cloudflare.patch Normal file
View File

@ -0,0 +1,27 @@
diff --git a/cps/__init__.py b/cps/__init__.py
index f4f8dbf2..7377acdf 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -151,7 +151,6 @@ def create_app():
lm.login_view = 'web.login'
lm.anonymous_user = ub.Anonymous
- lm.session_protection = 'strong' if config.config_session == 1 else "basic"
db.CalibreDB.update_config(config)
db.CalibreDB.setup_db(config.config_calibre_dir, cli_param.settings_path)
diff --git a/cps/admin.py b/cps/admin.py
index 045a9523..825a28af 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -102,10 +102,6 @@ def admin_required(f):
@admi.before_app_request
def before_request():
- if not ub.check_user_session(current_user.id,
- flask_session.get('_id')) and 'opds' not in request.path \
- and config.config_session == 1:
- logout_user()
g.constants = constants
g.google_site_verification = os.getenv('GOOGLE_SITE_VERIFICATION', '')
g.allow_registration = config.config_public_reg

7
overlays/calibre-web.nix Normal file
View File

@ -0,0 +1,7 @@
# Fix: https://github.com/janeczku/calibre-web/issues/2422
_final: prev: {
calibre-web = prev.calibre-web.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ./calibre-web-cloudflare.patch ];
});
}

3
overlays/neovim-plugins.nix
View File

@ -38,8 +38,5 @@ in
base16-nvim = plugin "base16-nvim" inputs.base16-nvim-src;
baleia-nvim = plugin "baleia-nvim" inputs.baleia-nvim-src;
hmts-nvim = plugin "hmts-nvim" inputs.hmts-nvim-src;
markview-nvim = plugin "markview-nvim" inputs.markview-nvim-src;
tiny-inline-diagnostic-nvim = plugin "tiny-inline-diagnostic-nvim" inputs.tiny-inline-diagnostic-nvim-src;
snipe-nvim = plugin "snipe-nvim" inputs.snipe-nvim-src;
};
}

4
overlays/nextcloud-apps.nix
View File

@ -5,25 +5,21 @@ inputs: _final: prev: {
url = inputs.nextcloud-news.outPath;
sha256 = inputs.nextcloud-news.narHash;
license = "agpl3Plus";
unpack = true;
};
external = prev.fetchNextcloudApp {
url = inputs.nextcloud-external.outPath;
sha256 = inputs.nextcloud-external.narHash;
license = "agpl3Plus";
unpack = true;
};
cookbook = prev.fetchNextcloudApp {
url = inputs.nextcloud-cookbook.outPath;
sha256 = inputs.nextcloud-cookbook.narHash;
license = "agpl3Plus";
unpack = true;
};
snappymail = prev.fetchNextcloudApp {
url = inputs.nextcloud-snappymail.outPath;
sha256 = inputs.nextcloud-snappymail.narHash;
license = "agpl3Plus";
unpack = true;
};
};
}

17
overlays/stu.nix
View File

@ -1,17 +0,0 @@
inputs: _final: prev: {
stu = prev.rustPlatform.buildRustPackage {
pname = "stu";
version = "0.5.0";
src = inputs.stu;
cargoHash = "sha256-gUolS7HXkTddxDWDGir4YC+2tJjgB/CCQC49SSRaR6U=";
buildInputs =
if prev.stdenv.isDarwin then
[
prev.darwin.apple_sdk.frameworks.CoreGraphics
prev.darwin.apple_sdk.frameworks.AppKit
]
else
[ ];
};
}

21
private/letsencrypt-key.age
View File

@ -1,21 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBCc2hS
RUw4Y200allVODI0QTYxdXlHSHRiS1pWWHg5SW9tZ0tGVmc2ajJZCitXeEd0dk9K
MmRkZlRYd253RWFzNXpUR0xuTXI2dWVhNFZpQnNlU0VFdEUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIHNScVkwd1RmVGhNcFVSRTlxQzlvSUc2cGxNWUc0YVJ5RjRydk9J
RG1peDQKVU5iN1ZmWEJyOXBiNWdiRFlnNFFKR09vaFB4SWZWK0x3VWJwMDZtYlBj
MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgSXR5OEk5cWZHUEZ3WmFCUTVFeTBnTG5h
cmNxVWFLV2JhUTRBaUJGWERncwpYMFBIN0kySXdjOE5YcS85bXRCRnRsK3NyMHY4
N0JKelFyeHB6T1dEZ2VnCi0+IHNzaC1lZDI1NTE5IENxSU9VQSAyQVJYRXJ1cFVl
dldaa0Qydlc3MzlFYnN5YUx0amdWZm5PcWovRm1MaVg0CkJsSFZRdGJIZzA1T0Ny
bUNnL0Zxa05ubHluSVBUenVCZTZpYlA5UUFEMDQKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IDFPQU5HZm5mRFl5NnNLVHUvdUlmTEtyS0djNWZaMWg5VDl1ZldNTkVWbXMK
RkVBTzNUa0d6c3NJUHQrazdKWXNZY3NIRzRndGdRNjFjMXZCSEhIQnIyYwotLS0g
VzNOa3dXS0hrMWxNUlJ4UzAxNlkzSXM4RWc1RGFzQjFyb1dGZXFnL3RCVQoq002V
S5MQqBjKKOacO4OWgn5KpmU2D7zJWJjNMxH80L6HFNoyOj4wNa+8TA0Q7MTn3bKN
YvAuwbDAGjjDt8vZFKOiZB0xAex+H7A1MVvuGIA8xQa6iNBMwj7nWTLif5pCbVk+
9aAAprcJVDJx4TeFXlNF6XtcQ3J8abwi6TDqNFpfwwBb/wruyzutgvlOiz1XSBX0
xlCGckq/BCnItLURIb7zhqRMqk/JODPjOKArmP86nCq25Wm+W5JQ8ViQ7LHJyoFj
zbiwabqeBJZgqoVdVMj8Glz+91RVodn6f9VwQcHINgHxmkd6j2z75AmWZecwD2ic
pUMnikqIMI0B3zW5H38t2cJv+aIMTl7lH5Hf1P5jEn3NPw==
-----END AGE ENCRYPTED FILE-----