chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

update inputs

Browse source
This commit is contained in:
chayleaf 2023-11-21 04:46:52 +07:00
parent ebab2df5c1
commit dcbef373c4
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
28 changed files with 17649 additions and 626 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

101
flake.lock
View file

@ -69,11 +69,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1693611461, "lastModified": 1698882062,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -107,11 +107,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696446489, "lastModified": 1700553346,
"narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=", "narHash": "sha256-kW7uWsCv/lxuA824Ng6EYD9hlVYRyjuFn0xBbYltAeQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a", "rev": "1aabb0a31b25ad83cfaa37c3fe29053417cd9a0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -122,11 +122,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1694622745, "lastModified": 1697303681,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -143,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1697331506, "lastModified": 1700661503,
"narHash": "sha256-N6RD9EudU+i7SJO3z3S309XQRhp81iqaN9G9sxRtVts=", "narHash": "sha256-2GGbVFmAC8G1FLxIabCBYhfbUeUIZM/3p2VW9Eia60Q=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "maubot.nix", "repo": "maubot.nix",
"rev": "cf32a2873523c80cebdd1ee409c45593040944b8", "rev": "71d397c5897233c592d35be6c4f28c295ce2e79d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -181,11 +181,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696468271, "lastModified": 1700616016,
"narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=", "narHash": "sha256-GCD2U3jMWmBqJccDDXr8pf2Ia2NnFiIYqnm9wK1DxLk=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae", "rev": "7d81bdbf62936d50906609097b1fd6e68e59daa7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -196,11 +196,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1696614066, "lastModified": 1700559156,
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=", "narHash": "sha256-gL4epO/qf+wo30JjC3g+b5Bs8UrpxzkhNBBsUYxpw2g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0", "rev": "c3abafb01cd7045dba522af29b625bd1e170c2fb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -225,11 +225,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1689976554, "lastModified": 1700085753,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -245,11 +245,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698227887, "lastModified": 1700524221,
"narHash": "sha256-QDVR3tZ5ugxtyCb9TlZLmqNTdAAH6wMUU8sGnPtduTA=", "narHash": "sha256-YQGjhwhd68N9fILRwZXlT3z6yXP5kRH8B6bxD2uQq14=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixos-router", "repo": "nixos-router",
"rev": "7d9669390a87da7e67dabcbce34681630e67cf32", "rev": "e9d2ec7ad1f34cb9f1f71c1400430af817431a3b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,11 +260,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1697804921, "lastModified": 1700647334,
"narHash": "sha256-PAoThb0U52HGscrU/Qp1GKwidqM6xnWxgovJCXNpjCc=", "narHash": "sha256-0F5B7oJAAJ4u4sq97nIhcH/pVFkFjYY5JFxXXHOBJQ4=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "77ba48251d2b629d347e566c888000a379711ce0", "rev": "e70edbbc30bca7d90c4a1e8c653ceb1607cc2858",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -276,11 +276,11 @@
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1693471703, "lastModified": 1698611440,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -291,22 +291,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs2": {
"locked": {
"lastModified": 1696696817,
"narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"notlua": { "notlua": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -314,11 +298,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1691609126, "lastModified": 1697413333,
"narHash": "sha256-InbGoENdL8LNT/09pl7AW5uv2ZSDburqr5LgvkJDfj0=", "narHash": "sha256-2nmu/+QhR/VhxFFr54l0Ok/yVhLCrrYVuTgeD4LHEhE=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "notlua", "repo": "notlua",
"rev": "0e972a0d23f2faa511b9a3f6d445204e18cd5020", "rev": "ef7cdb7a883fe87238c9fff13bc14ad1fd06f4ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -334,11 +318,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1691616520, "lastModified": 1700483422,
"narHash": "sha256-loZuL2YnMNwgH5GEZfXgXZadvo5P3Sp+YZSf9L3Wpu8=", "narHash": "sha256-ni6niOmObnG9EVGtaeT1I7ULz5+EkEewGTJVeFuWNuc=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "notnft", "repo": "notnft",
"rev": "118e25deeb741ba7963931212f02c96c50898578", "rev": "b3e6a023a13a81d70a6a30997e2f1aaf36feafb3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -349,11 +333,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1696624462, "lastModified": 1700660661,
"narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=", "narHash": "sha256-1+//5oLdqYo8ptS/ZpaGEzgnQ6FWJOjLPyTuiD6mPjY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1", "rev": "0707dd061f4fb82393f3c96c6ed10c60396d7f9c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -374,7 +358,6 @@
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixos-router": "nixos-router", "nixos-router": "nixos-router",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs2": "nixpkgs2",
"notlua": "notlua", "notlua": "notlua",
"notnft": "notnft", "notnft": "notnft",
"nur": "nur", "nur": "nur",
@ -389,11 +372,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696558324, "lastModified": 1700619457,
"narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=", "narHash": "sha256-zjmlh8xo4UsNdw7nMyiHgQg1xXNcJnpdMLvyunnnitQ=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b", "rev": "7c94410d52d4e8bd72803fc1fe6c51fe179edaf5",
"type": "github" "type": "github"
}, },
"original": { "original": {

8
flake.nix
View file

@ -2,10 +2,9 @@
description = "NixOS + Home Manager configuration of chayleaf"; description = "NixOS + Home Manager configuration of chayleaf";
inputs = { inputs = {
#nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f"; #nixpkgs.url = "github:NixOS/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:chayleaf/nixpkgs"; nixpkgs.url = "github:chayleaf/nixpkgs";
nixpkgs2.url = "github:nixos/nixpkgs/master";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
mobile-nixos = { mobile-nixos = {
# url = "github:NixOS/mobile-nixos"; # url = "github:NixOS/mobile-nixos";
@ -59,7 +58,6 @@
outputs = inputs@ outputs = inputs@
{ self { self
, nixpkgs , nixpkgs
, nixpkgs2
, nixos-hardware , nixos-hardware
, mobile-nixos , mobile-nixos
, impermanence , impermanence
@ -157,7 +155,6 @@
./system/devices/radxa-rock5a-server.nix ./system/devices/radxa-rock5a-server.nix
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default) (if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
./system/modules/scanservjs.nix ./system/modules/scanservjs.nix
./system/modules/certspotter.nix
]; ];
}; };
server-cross = crossConfig server; server-cross = crossConfig server;
@ -172,7 +169,6 @@
notlua = notlua.lib.${system}; notlua = notlua.lib.${system};
}; };
home.user = [ home.user = [
{ _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; }
nur.nixosModules.nur nur.nixosModules.nur
./home/hosts/nixmsi.nix ./home/hosts/nixmsi.nix
]; ];

2
home/common/firefox.nix
View file

@ -10,7 +10,7 @@
inherit (pkgs.librewolf-unwrapped) extraPrefsFiles extraPoliciesFiles; inherit (pkgs.librewolf-unwrapped) extraPrefsFiles extraPoliciesFiles;
wmClass = "LibreWolf"; wmClass = "LibreWolf";
libName = "librewolf"; libName = "librewolf";
cfg.enableKeePassXC = true; nativeMessagingHosts = with pkgs; [ keepassxc ];
}; };
profiles.chayleaf = { profiles.chayleaf = {
extensions = (with config.nur.repos.rycee.firefox-addons; [ extensions = (with config.nur.repos.rycee.firefox-addons; [

8
home/common/gui.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, pkgs2, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ ./terminal.nix ]; imports = [ ./terminal.nix ];
i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in { i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in {
@ -180,7 +180,7 @@
# profiles = { }; # profiles = { };
package = pkgs.wrapMpv ((pkgs.mpv-unwrapped.override { package = pkgs.wrapMpv ((pkgs.mpv-unwrapped.override {
# webp support # webp support
ffmpeg_5 = pkgs.ffmpeg-custom; ffmpeg = pkgs.ffmpeg-custom;
}).overrideAttrs (old: { }).overrideAttrs (old: {
patches = old.patches or [] ++ [ patches = old.patches or [] ++ [
(pkgs.fetchpatch { (pkgs.fetchpatch {
@ -251,7 +251,7 @@
keepassxc nheko qbittorrent mumble keepassxc nheko qbittorrent mumble
nextcloud-client gnome.zenity kdeconnect nextcloud-client gnome.zenity kdeconnect
# cli tools # cli tools
imagemagick ffmpeg_5-full xdg-utils imagemagick ffmpeg-full xdg-utils
# fonts # fonts
noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif
noto-fonts-emoji noto-fonts-extra noto-fonts-emoji noto-fonts-extra
@ -261,7 +261,7 @@
# for working with nix # for working with nix
nix-init nix-init
pkgs2.nvfetcher nvfetcher
config.nur.repos.rycee.mozilla-addons-to-nix config.nur.repos.rycee.mozilla-addons-to-nix
anki-bin anki-bin

2
home/hosts/nixmsi.nix
View file

@ -67,7 +67,7 @@
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold"; CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS = "-C link-arg=--ld-path=${pkgs.mold}/bin/mold";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
gimp krita blender-hip (gimp.overrideAttrs (old: { doCheck = false; })) krita blender-hip
kdenlive glaxnimate mediainfo kdenlive glaxnimate mediainfo
ghidra (cutter.withPlugins (p: with p; [ sigdb rz-ghidra ])) ghidra (cutter.withPlugins (p: with p; [ sigdb rz-ghidra ]))
openrgb piper openrgb piper

14
pkgs/_sources/generated.json
View file

@ -22,24 +22,24 @@
"pinned": false, "pinned": false,
"src": { "src": {
"name": null, "name": null,
"sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=", "sha256": "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=",
"type": "url", "type": "url",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz" "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz"
}, },
"version": "GE-Proton8-16" "version": "GE-Proton8-24"
}, },
"searxng": { "searxng": {
"cargoLocks": null, "cargoLocks": null,
"date": "2023-10-06", "date": "2023-11-14",
"extract": null, "extract": null,
"name": "searxng", "name": "searxng",
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=", "sha256": "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz" "url": "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz"
}, },
"version": "ce270961e82585971579844c64d7cde5f5d855ec" "version": "b3d29cb86db4cc1a4e6320016529d1361451e1f1"
} }
} }

14
pkgs/_sources/generated.nix
View file

@ -12,19 +12,19 @@
}; };
proton-ge = { proton-ge = {
pname = "proton-ge"; pname = "proton-ge";
version = "GE-Proton8-16"; version = "GE-Proton8-24";
src = fetchurl { src = fetchurl {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"; url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz";
sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8="; sha256 = "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=";
}; };
}; };
searxng = { searxng = {
pname = "searxng"; pname = "searxng";
version = "ce270961e82585971579844c64d7cde5f5d855ec"; version = "b3d29cb86db4cc1a4e6320016529d1361451e1f1";
src = fetchTarball { src = fetchTarball {
url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"; url = "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz";
sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE="; sha256 = "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=";
}; };
date = "2023-10-06"; date = "2023-11-14";
}; };
} }

71
pkgs/certspotter/configurable-sendmail.patch
View file

@ -1,71 +0,0 @@
diff --git a/cmd/certspotter/main.go b/cmd/certspotter/main.go
index 9730789..f2eb081 100644
--- a/cmd/certspotter/main.go
+++ b/cmd/certspotter/main.go
@@ -163,6 +163,7 @@ func main() {
logs string
noSave bool
script string
+ sendmail string
startAtEnd bool
stateDir string
stdout bool
@@ -176,6 +177,7 @@ func main() {
flag.StringVar(&flags.logs, "logs", defaultLogList, "File path or URL of JSON list of logs to monitor")
flag.BoolVar(&flags.noSave, "no_save", false, "Do not save a copy of matching certificates in state directory")
flag.StringVar(&flags.script, "script", "", "Program to execute when a matching certificate is discovered")
+ flag.StringVar(&flags.sendmail, "sendmail", "/usr/sbin/sendmail", "Path to the sendmail-compatible program to use")
flag.BoolVar(&flags.startAtEnd, "start_at_end", false, "Start monitoring logs from the end rather than the beginning (saves considerable bandwidth)")
flag.StringVar(&flags.stateDir, "state_dir", defaultStateDir(), "Directory for storing log position and discovered certificates")
flag.BoolVar(&flags.stdout, "stdout", false, "Write matching certificates to stdout")
@@ -201,6 +203,7 @@ func main() {
Verbose: flags.verbose,
Script: flags.script,
ScriptDir: defaultScriptDir(),
+ SendmailPath: flags.sendmail,
Email: flags.email,
Stdout: flags.stdout,
HealthCheckInterval: flags.healthcheck,
diff --git a/monitor/config.go b/monitor/config.go
index 1e0d60c..d1bc430 100644
--- a/monitor/config.go
+++ b/monitor/config.go
@@ -20,6 +20,7 @@ type Config struct {
WatchList WatchList
Verbose bool
SaveCerts bool
+ SendmailPath string
Script string
ScriptDir string
Email []string
diff --git a/monitor/notify.go b/monitor/notify.go
index 8fc6d09..86cabca 100644
--- a/monitor/notify.go
+++ b/monitor/notify.go
@@ -36,7 +36,7 @@ func notify(ctx context.Context, config *Config, notif notification) error {
}
if len(config.Email) > 0 {
- if err := sendEmail(ctx, config.Email, notif); err != nil {
+ if err := sendEmail(ctx, config.SendmailPath, config.Email, notif); err != nil {
return err
}
}
@@ -62,7 +62,7 @@ func writeToStdout(notif notification) {
os.Stdout.WriteString(notif.Text() + "\n")
}
-func sendEmail(ctx context.Context, to []string, notif notification) error {
+func sendEmail(ctx context.Context, sendmailPath string, to []string, notif notification) error {
stdin := new(bytes.Buffer)
stderr := new(bytes.Buffer)
@@ -77,7 +77,7 @@ func sendEmail(ctx context.Context, to []string, notif notification) error {
args := []string{"-i", "--"}
args = append(args, to...)
- sendmail := exec.CommandContext(ctx, "/usr/sbin/sendmail", args...)
+ sendmail := exec.CommandContext(ctx, sendmailPath, args...)
sendmail.Stdin = stdin
sendmail.Stderr = stderr

41
pkgs/certspotter/default.nix
View file

@ -1,41 +0,0 @@
{ lib
, buildGoModule
, fetchFromGitHub
, lowdown
}:
buildGoModule rec {
pname = "certspotter";
version = "0.16.0";
src = fetchFromGitHub {
owner = "SSLMate";
repo = "certspotter";
rev = "v${version}";
hash = "sha256-0+7GWxbV4j2vVdmool8J9hqRqUi8O/yKedCyynWJDkE=";
};
vendorHash = "sha256-haYmWc2FWZNFwMhmSy3DAtj9oW5G82dX0fxpGqI8Hbw=";
patches = [ ./configurable-sendmail.patch ];
ldflags = [ "-s" "-w" ];
nativeBuildInputs = [ lowdown ];
postInstall = ''
cd man
make
mkdir -p $out/share/man/man8
mv *.8 $out/share/man/man8
'';
meta = with lib; {
description = "Certificate Transparency Log Monitor";
homepage = "https://github.com/SSLMate/certspotter";
changelog = "https://github.com/SSLMate/certspotter/blob/${src.rev}/CHANGELOG.md";
license = licenses.mpl20;
mainProgram = "certspotter";
maintainers = with maintainers; [ chayleaf ];
};
}

53
pkgs/default.nix
View file

@ -10,7 +10,7 @@ let
sources = import ./_sources/generated.nix { sources = import ./_sources/generated.nix {
inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools; inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;
}; };
nixForNixPlugins = pkgs.nixVersions.nix_2_17; nixForNixPlugins = pkgs.nixVersions.nix_2_18;
in in
{ {
@ -22,16 +22,16 @@ in
unstable = nixForNixPlugins; unstable = nixForNixPlugins;
}); });
# Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf # Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
nix-plugins = pkgs.nix-plugins.override { nix = nixForNixPlugins; }; /*.overrideAttrs (old: { nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
version = "12.0.0"; version = "13.0.0";
patches = [ patches = [
(pkgs.fetchpatch { (pkgs.fetchpatch {
# pull 17 # pull 16
url = "https://github.com/shlevy/nix-plugins/commit/f7534b96e70ca056ef793918733d1820af89a433.patch"; url = "https://github.com/chayleaf/nix-plugins/commit/8f945cadad7f2e60e8f308b2f498ec5e16961ede.patch";
hash = "sha256-ePRAnZAobasF6jA3QC73p8zyzayXORuodhus96V+crs="; hash = "sha256-pOogMtjXYkSDtXW12TmBpGr/plnizJtud2nP3q2UldQ=";
}) })
]; ];
});*/ });
harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }); /*.overrideAttrs { harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }); /*.overrideAttrs {
patches = [ patches = [
(pkgs.fetchpatch { (pkgs.fetchpatch {
@ -48,38 +48,39 @@ in
# TODO: remove when https://github.com/NixOS/nix/issues/8796 is fixed or hydra code stops needing a fix # TODO: remove when https://github.com/NixOS/nix/issues/8796 is fixed or hydra code stops needing a fix
configureFlags = builtins.filter (x: x != "--enable-lto") (old.configureFlags or []); configureFlags = builtins.filter (x: x != "--enable-lto") (old.configureFlags or []);
});*/ });*/
});/*.overrideAttrs (old: { }).overrideAttrs (old: {
# who cares about failing tests amirite
doCheck = false;
patches = (old.patches or [ ]) ++ [ patches = (old.patches or [ ]) ++ [
(pkgs.fetchpatch { (pkgs.fetchpatch {
url = "https://github.com/NixOS/hydra/pull/1296/commits/b23431a657d8a9b2f478c95dd81034780751a262.patch"; url = "https://github.com/chayleaf/hydra/commit/e9da80fff6234fab2458173272ee0bedbe8935c3.patch";
hash = "sha256-ruTAIPUrPtfy8JkXYK2qigBrSa6KPXpJlORTNkUYrG0="; hash = "sha256-PS8rwe5lIzvaVlh/DogYmW5OccVfpKQ6JehTQibx2XQ=";
}) })
]; ];
});*/
nurl = pkgs.nurl.override { nix = nixForNixPlugins; };
nvfetcher = pkgs.nvfetcher.overrideAttrs (old: {
meta = builtins.removeAttrs old.meta [ "broken" ];
}); });
nurl = pkgs.nurl.override { nix = nixForNixPlugins; };
/*nvfetcher = pkgs.nvfetcher.overrideAttrs (old: {
meta = builtins.removeAttrs old.meta [ "broken" ];
});*/
certspotter = callPackage ./certspotter { };
clang-tools_latest = pkgs.clang-tools_16; clang-tools_latest = pkgs.clang-tools_16;
clang_latest = pkgs.clang_16; clang_latest = pkgs.clang_16;
/*ghidra = pkgs.ghidra.overrideAttrs (old: { /*ghidra = pkgs.ghidra.overrideAttrs (old: {
patches = old.patches ++ [ ./ghidra-stdcall.patch ]; patches = old.patches ++ [ ./ghidra-stdcall.patch ];
});*/ });*/
ffmpeg-custom = (pkgs'.ffmpeg_6-full.override { ffmpeg-custom = (pkgs.callPackage (import /${pkgs.path}/pkgs/development/libraries/ffmpeg/generic.nix {
version = "6.1";
sha256 = "sha256-NzhD2D16bCVCyCXo0TRwZYp3Ta5eFSfoQPa+iRkeNZg=";
}) {
ffmpegVariant = "full";
withCuda = false; withCuda = false;
withCudaLLVM = false; withCudaLLVM = false;
withNvdec = false; withNvdec = false;
withNvenc = false; withNvenc = false;
inherit (pkgs'.darwin.apple_sdk.frameworks)
Cocoa CoreServices CoreAudio CoreMedia AVFoundation MediaToolbox
VideoDecodeAcceleration VideoToolbox;
}).overrideAttrs (old: { }).overrideAttrs (old: {
version = "unstable-20231031";
src = pkgs'.fetchgit {
url = "https://git.ffmpeg.org/ffmpeg.git";
rev = "4e5f3e6b8e1132354eed810dfdadf87f45c5de27";
hash = "sha256-fiWkU9fK8qPmxl2MOADKdlFf6XjHGKFhi8uaWltphCE=";
};
patches = [ ];
postPatch = '' postPatch = ''
${old.postPatch or ""} ${old.postPatch or ""}
substituteInPlace libavutil/hwcontext_vulkan.c \ substituteInPlace libavutil/hwcontext_vulkan.c \
@ -88,12 +89,11 @@ in
--replace FF_VK_KHR_VIDEO_DECODE_H265 FF_VK_EXT_VIDEO_DECODE_H265 \ --replace FF_VK_KHR_VIDEO_DECODE_H265 FF_VK_EXT_VIDEO_DECODE_H265 \
--replace FF_VK_KHR_VIDEO_DECODE_AV1 FF_VK_EXT_VIDEO_DECODE_AV1 --replace FF_VK_KHR_VIDEO_DECODE_AV1 FF_VK_EXT_VIDEO_DECODE_AV1
''; '';
buildInputs = old.buildInputs ++ [ pkgs'.libaribcaption ]; buildInputs = old.buildInputs ++ [ pkgs.libaribcaption ];
configureFlags = old.configureFlags ++ [ "--enable-libaribcaption" ]; configureFlags = old.configureFlags ++ [ "--enable-libaribcaption" ];
}); });
gimp = callPackage ./gimp { inherit (pkgs) gimp; }; gimp = callPackage ./gimp { inherit (pkgs) gimp; };
home-daemon = callPackage ./home-daemon { }; home-daemon = callPackage ./home-daemon { };
libaribcaption = callPackage ./libaribcaption { };
# pin version # pin version
looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: { looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: {
version = "B6"; version = "B6";
@ -108,7 +108,6 @@ in
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: { kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src; inherit (pkgs'.looking-glass-client) version src;
}); });
pineapplebot = callPackage ./pineapplebot.nix { };
proton-ge = pkgs.stdenvNoCC.mkDerivation { proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src; inherit (sources.proton-ge) pname version src;
installPhase = '' installPhase = ''
@ -121,6 +120,7 @@ in
searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: { searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: {
inherit (sources.searxng) src; inherit (sources.searxng) src;
version = "unstable-" + sources.searxng.date; version = "unstable-" + sources.searxng.date;
postInstall = builtins.replaceStrings [ "/botdetection" ] [ "" ] old.postInstall;
})); }));
techmino = callPackage ./techmino { }; techmino = callPackage ./techmino { };
@ -153,6 +153,5 @@ in
stdenv = pkgs'.ccacheStdenv; stdenv = pkgs'.ccacheStdenv;
}; };
} }
// import ./postgresql-packages { inherit pkgs pkgs' lib sources isOverlay; }
// import ./ccache.nix { inherit pkgs pkgs' lib sources; } // import ./ccache.nix { inherit pkgs pkgs' lib sources; }
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; } // import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }

6
pkgs/firefox-addons/generated.nix
View file

@ -63,10 +63,10 @@
}; };
"youtube-nonstop" = buildFirefoxXpiAddon { "youtube-nonstop" = buildFirefoxXpiAddon {
pname = "youtube-nonstop"; pname = "youtube-nonstop";
version = "0.9.1"; version = "0.9.2";
addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}"; addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}";
url = "https://addons.mozilla.org/firefox/downloads/file/3848483/youtube_nonstop-0.9.1.xpi"; url = "https://addons.mozilla.org/firefox/downloads/file/4187690/youtube_nonstop-0.9.2.xpi";
sha256 = "8340d57622a663949ec1768eb37d47651c809fadf0ffaa5ff546c48fdd28e33d"; sha256 = "7659d180f76ea908ea81b84ed9bdd188624eaaa62b88accbe6d8ad4e8caeff38";
meta = with lib; meta = with lib;
{ {
homepage = "https://github.com/lawfx/YoutubeNonStop"; homepage = "https://github.com/lawfx/YoutubeNonStop";

33
pkgs/libaribcaption/default.nix
View file

@ -1,33 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, fontconfig
, freetype
}:
stdenv.mkDerivation rec {
pname = "libaribcaption";
version = "1.1.1";
src = fetchFromGitHub {
owner = "xqq";
repo = "libaribcaption";
rev = "v${version}";
hash = "sha256-x6l0ZrTktSsqfDLVRXpQtUOruhfc8RF3yT991UVZiKA=";
};
nativeBuildInputs = [ cmake ];
cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" ];
buildInputs = lib.optionals (!stdenv.isDarwin) [ fontconfig freetype ];
meta = with lib; {
description = "Portable ARIB STD-B24 Caption Decoder/Renderer";
homepage = "https://github.com/xqq/libaribcaption";
license = licenses.mit;
maintainers = with maintainers; [ chayleaf ];
};
}

34
pkgs/pineapplebot.nix
View file

@ -1,34 +0,0 @@
{ python3
, fetchFromGitHub
, rustPlatform
, magic ? "<PIZZABOT_MAGIC_SEP>"
, ... }:
python3.pkgs.buildPythonPackage rec {
pname = "pineapplebot";
version = "0.1.0";
src = fetchFromGitHub {
owner = "chayleaf";
repo = "pizzabot_v3";
rev = "master";
sha256 = "sha256-ZLskMlllZfmqIlbSr0pNHHJehDycohiwqgYbuEYP7Qc=";
};
preBuild = ''
head -n13 Cargo.toml > Cargo.toml.new
mv Cargo.toml.new Cargo.toml
'';
sourceRoot = "source/pineapplebot";
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src sourceRoot;
name = "${pname}-${version}";
sha256 = "14jxgykwg1apy97gy1j8mz7ny2cqg4q9s03a2bk9kx2y6ibm4668";
};
nativeBuildInputs = with rustPlatform; [
cargoSetupHook
maturinBuildHook
];
doCheck = false;
doInstallCheck = true;
pythonImportsCheck = [ "pineapplebot" ];
PIZZABOT_MAGIC = magic;
}

45
pkgs/postgresql-packages/default.nix
View file

@ -1,45 +0,0 @@
{ pkgs
, pkgs'
, isOverlay
, lib
, ... }:
let
inherit (pkgs') callPackage;
extraPackages = {
tsja = callPackage ./tsja.nix { };
};
gen' = postgresql: builtins.mapAttrs (k: v: v.override { inherit postgresql; }) extraPackages;
gen = ver:
lib.optionalAttrs isOverlay pkgs."postgresql${toString ver}Packages"
// gen' pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
psql = ver: let
old = pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
in old // { pkgs = old.pkgs // gen' old; };
self = {
mecab = pkgs.mecab.overrideAttrs (old: {
postInstall = ''
mkdir -p $out/lib/mecab/dic
ln -s ${callPackage /${pkgs.path}/pkgs/tools/text/mecab/ipadic.nix {
mecab-nodic = callPackage /${pkgs.path}/pkgs/tools/text/mecab/nodic.nix { };
}} $out/lib/mecab/dic/ipadic
'';
});
postgresqlPackages = gen "";
postgresql11Packages = gen 11;
postgresql12Packages = gen 12;
postgresql13Packages = gen 13;
postgresql14Packages = gen 14;
postgresql15Packages = gen 15;
postgresql16Packages = gen 16;
} // lib.optionalAttrs isOverlay {
postgresql = psql "";
postgresql_11 = psql 11;
postgresql_12 = psql 12;
postgresql_13 = psql 13;
postgresql_14 = psql 14;
postgresql_15 = psql 15;
postgresql_16 = psql 16;
};
in self

39
pkgs/postgresql-packages/tsja.nix
View file

@ -1,39 +0,0 @@
{ lib
, stdenv
, postgresql
, mecab
}:
stdenv.mkDerivation rec {
pname = "tsja";
version = "0.5.0";
src = fetchTarball {
url = "https://www.amris.jp/tsja/tsja-${version}.tar.xz";
sha256 = "0hx4iygnqw1ay3nwrf3x2izflw4ip9i8i0yny26vivdz862m97w7";
};
postPatch = ''
substituteInPlace Makefile \
--replace /usr/local/pgsql ${postgresql} \
--replace -L/usr/local/lib "" \
--replace -I/usr/local/include ""
substituteInPlace tsja.c --replace /usr/local/lib/mecab ${mecab}/lib/mecab
'';
buildInputs = [ postgresql mecab ];
installPhase = ''
mkdir -p $out/lib $out/share/postgresql/extension
cp libtsja.so $out/lib
cp dbinit_libtsja.txt $out/share/postgresql/extension/libtsja_dbinit.sql
'';
meta = with lib; {
description = "PostgreSQL extension implementing Japanese text search";
homepage = "https://www.amris.jp/tsja/index.html";
maintainers = with maintainers; [ chayleaf ];
platforms = postgresql.meta.platforms;
license = licenses.postgresql;
};
}

54
pkgs/rizin/rz-ghidra.nix
View file

@ -1,54 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
# buildInputs
, rizin
, openssl
, pugixml
# optional buildInputs
, enableCutterPlugin ? true
, cutter
, qtbase
, qtsvg
}:
stdenv.mkDerivation rec {
pname = "rz-ghidra";
version = "0.5.0";
src = fetchFromGitHub {
owner = "rizinorg";
repo = "rz-ghidra";
rev = "v${version}";
hash = "sha256-2QQEj4TIBmiZgbb66R7q6iEp2WitUc8Ui6Nr71JelXs=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];
buildInputs = [
openssl
pugixml
rizin
] ++ lib.optionals enableCutterPlugin [
cutter
qtbase
qtsvg
];
dontWrapQtApps = true;
cmakeFlags = [
"-DUSE_SYSTEM_PUGIXML=ON"
] ++ lib.optionals enableCutterPlugin [
"-DBUILD_CUTTER_PLUGIN=ON"
"-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native"
];
meta = with lib; {
description = "Deep ghidra decompiler and sleigh disassembler integration for rizin";
homepage = src.meta.homepage;
license = licenses.lgpl3;
maintainers = with maintainers; [ chayleaf ];
};
}

29
pkgs/rizin/wrapper.nix
View file

@ -1,29 +0,0 @@
{ makeWrapper
, symlinkJoin
, unwrapped
}:
plugins:
symlinkJoin {
name = "cutter-with-plugins";
paths = [ unwrapped ] ++ plugins;
nativeBuildInputs = [ makeWrapper ];
passthru = {
inherit unwrapped;
};
postBuild = ''
rm $out/bin/*
wrapperArgs=(--set RZ_LIBR_PLUGINS $out/lib/rizin/plugins)
if [ -d $out/share/rizin/cutter ]; then
wrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share)
fi
for binary in $(ls ${unwrapped}/bin); do
makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}"
done
'';
}

2
system/devices/radxa-rock5a-server.nix
View file

@ -59,6 +59,8 @@ in
}; };
}; };
boot.supportedFilesystems = [ "bcachefs" ];
fileSystems = let fileSystems = let
device = rootPart; device = rootPart;
fsType = "btrfs"; fsType = "btrfs";

2
system/hardware/bpi-r3/default.nix
View file

@ -9,7 +9,7 @@
}; };
#boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache; #boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache;
boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3 or pkgs.linuxPackages_bpiR3; boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache (config._module.args.fromSourcePkgs.linux_bpiR3 or pkgs.linux_bpiR3));
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;
hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";

8
system/hardware/msi-delta-15/default.nix
View file

@ -28,10 +28,8 @@
(final: prev: { (final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; }; amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation { linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src; inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
dontFixup = true;
passthru = { inherit (prev.linux-firmware) version; }; passthru = { inherit (prev.linux-firmware) version; };
installFlags = [ "DESTDIR=$(out)" ];
# revert microcode updates which break boot for me # revert microcode updates which break boot for me
patches = [ patches = [
@ -58,10 +56,8 @@
(final: prev: { (final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; }; amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation { linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src; inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
dontFixup = true;
passthru = { inherit (prev.linux-firmware) version; }; passthru = { inherit (prev.linux-firmware) version; };
installFlags = [ "DESTDIR=$(out)" ];
patches = [ ]; patches = [ ];
postPatch = ""; postPatch = "";
}; };

24
system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch
View file

@ -6,7 +6,7 @@ index dbcdced..dd7b8d5 100644
RawFile: amd-ucode/microcode_amd_fam17h.bin RawFile: amd-ucode/microcode_amd_fam17h.bin
Version: 2023-07-19 Version: 2023-07-19
RawFile: amd-ucode/microcode_amd_fam19h.bin RawFile: amd-ucode/microcode_amd_fam19h.bin
-Version: 2023-08-08 -Version: 2023-10-19
+Version: 2023-07-18 +Version: 2023-07-18
File: amd-ucode/README File: amd-ucode/README
@ -19,13 +19,13 @@ index f47743c..6a9ff1e 100644
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
Microcode patches in microcode_amd_fam19h.bin: Microcode patches in microcode_amd_fam19h.bin:
- Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes - Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 Length=5568 bytes
- Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes - Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
- Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 Length=5568 bytes
- -
-NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0), -NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0),
-either AGESA version >= 1.0.0.8 OR a kernel with the following commit is -either AGESA version >= 1.0.0.8 OR a kernel with the following commit is
@ -45,14 +45,14 @@ index 8cff901..a32b4d6 100644
@@ -1,11 +1,11 @@ @@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmTEYrcACgkQ5L5TOfMo -iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmUoW6AACgkQ5L5TOfMo
-rnN4IQf/QKbOezXZ4OYzaPANvsZQEAzLNfuylC/aQMwrPaO7daz5/zmCN4HU5XkH -rnMHAAf/SxaKEu5l7FGXR+QJYc2oSJDpf9ZsHTkVnxqF1I3ReItEGAR3iqSWrsRw
-dDT8DYfPg+fQHIgxAw0/L24xPOm5Op/QuLVDyDqVr4qvL8+65eeI+JqxD/wXMXYN -KA4niP9Ihr8EqwhOaOtqkRKKF9D5yg+DksnRWbh2VTUECO4KQxjHNrPp3JWEzBwb
-V34kkLM2p8iuyY1Nc8IDLXu4X75KGNPbKZlMRKMU3Pr7ai5O4ihmiAM+N6qv1KEJ -Xn+vRVP02ZRi3u4MCYbnDC4AfUSnKnldY3TTlNi/6HUaGS2pcw8Vjli/C06zwfgh
-YToNN6vrg0qt1cv0SLM8sa4e7L1+oblUrg/o0FViYE8pxsU3ZRRVSJMUg+lKjvl/ -WwUAoFMQl4SDJhbGfC9cb93MKjBl/0Hv4uhK5W8fJ1iUkMvY8Ijna/oDTZCNPqP0
-1ZPGKOdD80fcNJ+ItYGHNNs3eCc3WgW7Kc/E668eH75Yu9Zt7ewWZX8Sg/mygleY -0AgOwdAdzoyOYWjbUXcwofz2Umpz12xmJW8yXNwdv1pmaCvv9aCJz1L49lGwFH9E
-OzMwhbPJg4bF4zm7C/Pku7i1T2Omcg== -lhhoFQ1SQL3hhPjTXO6DbeeT9+fjOg==
-=km2X -=9Xav
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo +iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo
+rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx +rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx
+7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm +7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm

22
system/hardware/radxa-rock5a/default.nix
View file

@ -5,20 +5,14 @@
{ {
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ]; boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ];
# TODO: switch to upstream when PCIe support works # TODO: switch to mainline when PCIe support works
# boot.kernelPackages = pkgs.linuxPackages_testing; boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache pkgs.linux_testing);
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux { boot.kernelPatches = [
version = "6.6.0-rc1"; {
kernelPatches = [ ]; name = "linux_6.7.patch";
src = pkgs.fetchFromGitLab { patch = ./linux_6.7.patch;
domain = "gitlab.collabora.com"; }
group = "hardware-enablement"; ];
owner = "rockchip-3588";
repo = "linux";
rev = "f04271158aee35d270748301c5077231a75bc589";
hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc=";
};
});
boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ]; boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ];
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;

17516
system/hardware/radxa-rock5a/linux_6.7.patch Normal file
View file

File diff suppressed because it is too large Load diff

1
system/hosts/server/files.nix
View file

@ -65,7 +65,6 @@ in {
}; };
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line # TODO: use socket auth and remove the next line

19
system/hosts/server/home.nix
View file

@ -12,6 +12,9 @@ let
(x: "127.0.0.1:${toString x.port}") (x: "127.0.0.1:${toString x.port}")
(builtins.attrValues (builtins.attrValues
(lib.filterAttrs (k: v: builtins.elem k names && v.enable) config.services.prometheus.exporters)); (lib.filterAttrs (k: v: builtins.elem k names && v.enable) config.services.prometheus.exporters));
hplip = pkgs.hplipWithPlugin.override {
withQt5 = false;
};
in { in {
# a bunch of services for personal use not intended for the public # a bunch of services for personal use not intended for the public
# TODO: keycloakify this # TODO: keycloakify this
@ -89,11 +92,11 @@ in {
signKeyPath = "/secrets/cache-priv-key.pem"; signKeyPath = "/secrets/cache-priv-key.pem";
settings.bind = "[::1]:5000"; settings.bind = "[::1]:5000";
}; };
nix.settings.allowed-users = [ "nix-serve" "harmonia" "hydra" "hydra-www" ]; nix.settings.allowed-users = [ "nix-serve" "harmonia" ] ++ lib.optionals config.services.hydra.enable [ "hydra" "hydra-www" ];
# make sure only hydra has access to this file # make sure only hydra has access to this file
# so normal nix evals don't have access to builtins # so normal nix evals don't have access to builtins
nix.settings.extra-builtins-file = "/etc/nixos/extra-builtins.nix"; nix.settings.extra-builtins-file = "/etc/nixos/extra-builtins.nix";
impermanence.directories = [ impermanence.directories = lib.mkIf config.services.hydra.enable [
{ directory = /etc/nixos; user = "hydra"; group = "hydra"; mode = "0700"; } { directory = /etc/nixos; user = "hydra"; group = "hydra"; mode = "0700"; }
]; ];
nix.settings.allowed-uris = [ nix.settings.allowed-uris = [
@ -161,14 +164,16 @@ in {
} }
]; ];
nix.distributedBuilds = true; nix.distributedBuilds = true;
# limit CI CPU usage to 30% since I'm running everything else off this server too # limit CI CPU usage to 30%
systemd.services.nix-daemon.serviceConfig.CPUQuota = "240%"; # systemd.services.nix-daemon.serviceConfig.CPUQuota = "240%";
# TODO: check if LimitNICE should be used instead
systemd.services.nix-daemon.serviceConfig.Nice = "19";
nix.daemonCPUSchedPolicy = "idle"; nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle"; nix.daemonIOSchedClass = "idle";
systemd.services.hydra-evaluator = lib.mkIf config.services.hydra.enable { systemd.services.hydra-evaluator = lib.mkIf config.services.hydra.enable {
# https://github.com/NixOS/hydra/issues/1186 # https://github.com/NixOS/hydra/issues/1186
environment.GC_DONT_GC = "1"; environment.GC_DONT_GC = "1";
serviceConfig.CPUQuota = "240%"; # serviceConfig.CPUQuota = "240%";
serviceConfig.CPUSchedulingPolicy = "idle"; serviceConfig.CPUSchedulingPolicy = "idle";
serviceConfig.IOSchedulingClass = "idle"; serviceConfig.IOSchedulingClass = "idle";
}; };
@ -386,7 +391,7 @@ in {
''; '';
listenAddresses = [ "*:631" ]; listenAddresses = [ "*:631" ];
defaultShared = true; defaultShared = true;
drivers = [ pkgs.hplip ]; drivers = [ hplip ];
startWhenNeeded = false; startWhenNeeded = false;
}; };
services.avahi = { services.avahi = {
@ -398,7 +403,7 @@ in {
}; };
hardware.sane = { hardware.sane = {
enable = true; enable = true;
extraBackends = with pkgs; [ hplipWithPlugin ]; extraBackends = [ hplip ];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: lib.getName pkg == "hplip"; nixpkgs.config.allowUnfreePredicate = pkg: lib.getName pkg == "hplip";
services.scanservjs.enable = true; services.scanservjs.enable = true;

6
system/hosts/server/maubot.nix
View file

@ -61,9 +61,7 @@ in {
translate translate
rss rss
]; ];
services.maubot.pythonPackages = [ services.maubot.pythonPackages = with pkgs.python3.pkgs; [
(pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })
] ++ (with pkgs.python3.pkgs; [
levenshtein levenshtein
]); ];
} }

4
system/hosts/server/options.nix
View file

@ -57,10 +57,6 @@
description = "unhashed noreply password for internal access only. \ description = "unhashed noreply password for internal access only. \
This should be different from the password that is hashed for better security"; This should be different from the password that is hashed for better security";
}; };
pizzabotMagic = mkOption {
type = types.str;
default = "<PIZZABOT_MAGIC_SEP>";
};
}; };
}; };
description = "server settings"; description = "server settings";

115
system/modules/certspotter.nix
View file

@ -1,115 +0,0 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.services.certspotter;
in {
options.services.certspotter = {
enable = lib.mkEnableOption "Cert Spotter, a Certificate Transparency log monitor";
sendmailPath = lib.mkOption {
type = lib.types.path;
description = ''
Path to the `sendmail` binary. By default, the local sendmail wrapper is used
(see `config.services.mail.sendmailSetuidWrapper`).
'';
example = lib.literalExpression ''"''${pkgs.system-sendmail}/bin/sendmail"'';
};
watchlist = lib.mkOption {
type = with lib.types; listOf str;
description = "Domain names to watch. To monitor a domain with all subdomains, prefix its name with `.` (e.g. `.example.org`).";
default = [ ];
example = [ ".example.org" "another.example.com" ];
};
emailRecipients = lib.mkOption {
type = with lib.types; listOf str;
description = "A list of email addresses to send certificate updates to.";
default = [ ];
};
hooks = lib.mkOption {
type = with lib.types; listOf path;
description = ''
Scripts to run upon the detection of a new certificate. See `man 8 certspotter-script` or [the GitHub page](https://github.com/SSLMate/certspotter/blob/master/man/certspotter-script.md) for more info.
'';
default = [];
example = lib.literalExpression ''
[
(pkgs.writeShellScript "certspotter-hook" '''
echo "Event summary: $SUMMARY."
''')
]
'';
};
extraFlags = lib.mkOption {
type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to Cert Spotter";
example = [ "-start_at_end" ];
default = [ ];
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.watchlist != [ ];
message = "You must specify at least one domain for Cert Spotter to watch";
}
{
assertion = cfg.hooks != [] || cfg.emailRecipients != [];
message = "You must specify at least one hook or email recipient for Cert Spotter";
}
{
assertion = (cfg.emailRecipients != []) -> (cfg.sendmailPath != "/run/current-system/sw/bin/false");
message = ''
You must configure the sendmail setuid wrapper (services.mail.sendmailSetuidWrapper)
or services.certspotter.sendmailPath
'';
}
];
services.certspotter.sendmailPath = lib.mkMerge [
(lib.mkIf (config.services.mail.sendmailSetuidWrapper != null) (lib.mkOptionDefault "/run/wrappers/bin/sendmail"))
(lib.mkIf (config.services.mail.sendmailSetuidWrapper == null) (lib.mkOptionDefault "/run/current-system/sw/bin/false"))
];
users.users.certspotter = {
group = "certspotter";
home = "/var/lib/certspotter";
createHome = true;
isSystemUser = true;
# uid = config.ids.uids.certspotter;
};
users.groups.certspotter = {
# gid = config.ids.gids.certspotter;
};
systemd.services.certspotter = {
description = "Cert Spotter - Certificate Transparency Monitor";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.CERTSPOTTER_CONFIG_DIR = pkgs.linkFarm "certspotter-config"
(lib.toList {
name = "watchlist";
path = pkgs.writeText "cerspotter-watchlist" (builtins.concatStringsSep "\n" cfg.watchlist);
}
++ lib.optional (cfg.emailRecipients != [ ]) {
name = "email_recipients";
path = pkgs.writeText "cerspotter-email_recipients" (builtins.concatStringsSep "\n" cfg.emailRecipients);
}
++ lib.optional (cfg.hooks != [ ]) {
name = "hooks.d";
path = pkgs.linkFarm "certspotter-hooks" (lib.imap1 (i: path: {
inherit path;
name = "hook${toString i}";
}) cfg.hooks);
});
serviceConfig = {
User = "certspotter";
Group = "certspotter";
StateDirectory = "certspotter";
};
script = ''
export CERTSPOTTER_STATE_DIR="$STATE_DIRECTORY"
cd "$CERTSPOTTER_STATE_DIR"
${pkgs.certspotter}/bin/certspotter -sendmail ${cfg.sendmailPath} ${lib.escapeShellArgs cfg.extraFlags}
'';
};
};
}