Compare commits

...

23 commits

Author SHA1 Message Date
chayleaf 71fbf8606e
change update script for ci branch 2023-11-21 04:47:23 +07:00
chayleaf ef8c0dec63
update inputs 2023-11-21 04:46:52 +07:00
chayleaf ebab2df5c1
scanservjs: 2.27.0 -> 3.0.3 2023-11-19 01:31:01 +07:00
chayleaf 7f829af357
home: neomutt->alot; mpv: add libaribcaption; misc fixes 2023-11-08 11:47:14 +07:00
chayleaf 5bfcdf6e65
home/nvim: get rid of the stupid _ semicolon thing 2023-10-30 06:22:57 +07:00
chayleaf 0cc3ec10b3
pleroma: fix config
email and manual activation cant coexist (plus i didnt configure email
activation)
2023-10-27 02:01:00 +07:00
chayleaf ceeb526ec5
flake.packages: dont export stuff from nixpkgs package sets 2023-10-26 22:22:39 +07:00
chayleaf 598044863f
server: reorganize 2023-10-26 07:26:03 +07:00
chayleaf 7535990be0 server/certspotter: check tbs instead of pubkey 2023-10-26 02:02:48 +07:00
chayleaf dcdb5f3734 home: update git config 2023-10-26 02:01:59 +07:00
chayleaf 91a8a50c7b router/kea: update runtime dir 2023-10-25 18:04:07 +07:00
chayleaf 5b0b925fe3 server/certspotter: fix state path 2023-10-25 14:54:46 +07:00
chayleaf ece8104cf2 server/gitea: further increase timeout 2023-10-25 06:30:32 +07:00
chayleaf 891fa83f01 certspotter: switch to using StateDirectory 2023-10-25 04:34:15 +07:00
chayleaf 8948db4dac server/gitea: enable federation, etc 2023-10-25 03:43:39 +07:00
chayleaf 4e840ce3b3 fish: fix nix develop alias 2023-10-25 01:22:41 +07:00
chayleaf 1ccdb2bd47 server: gitea->forgejo 2023-10-25 00:04:46 +07:00
chayleaf 1d77aed15f certspotter: fix cert check 2023-10-24 16:49:40 +07:00
chayleaf 67f43298e8 server: add certspotter 2023-10-24 00:19:12 +07:00
chayleaf eda0322bc7 nixmsi: switch to latest kernel again 2023-10-24 00:17:53 +07:00
chayleaf ce2d2e4a78 router: allow assigning ips per duid 2023-10-24 00:16:14 +07:00
chayleaf 73b1b3b47d restructure packages; change akkoma domain 2023-10-23 10:36:50 +07:00
chayleaf ac5d7923fa COPYING: properly write out 0BSD 2023-10-19 19:30:48 +07:00
42 changed files with 773 additions and 2070 deletions

11
COPYING
View file

@ -1 +1,10 @@
public domain/0BSD Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

View file

@ -69,11 +69,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1693611461, "lastModified": 1698882062,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -107,11 +107,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696446489, "lastModified": 1700419052,
"narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=", "narHash": "sha256-U6a5f9ynbzcp8PMIHULbHPkbwp7YfPKOYmTcLqlalD4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a", "rev": "993fb02d20760067b8ee19c713d94cee07037759",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -122,11 +122,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1694622745, "lastModified": 1697303681,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -143,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1697331506, "lastModified": 1700512623,
"narHash": "sha256-N6RD9EudU+i7SJO3z3S309XQRhp81iqaN9G9sxRtVts=", "narHash": "sha256-UpIxPW8Y5RauHugB9GRXge77vEs77RycZEDhh41V6Lc=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "maubot.nix", "repo": "maubot.nix",
"rev": "cf32a2873523c80cebdd1ee409c45593040944b8", "rev": "efe241fe720dfc9799348e5b12e7d55facd4bafa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -181,11 +181,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696468271, "lastModified": 1700468447,
"narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=", "narHash": "sha256-CGCewYuVPnlyC6cFHNrYVEx5BwFPZuEUA466odTS8wQ=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae", "rev": "cd4ca3d39babd063f36b6a46b31bf9a1be2ee7cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -196,11 +196,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1696614066, "lastModified": 1700392353,
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=", "narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0", "rev": "2b00bc76dc893cd996a3d76a2f059d657a5ef37a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -225,11 +225,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1689976554, "lastModified": 1700085753,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -245,11 +245,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696627040, "lastModified": 1698842376,
"narHash": "sha256-HOG11+J/akMF/egPoVcVSk4nhFFQOuCl1K8pWjdZIL0=", "narHash": "sha256-bQN00rn8GFwUt1uX8gPuhjdWo3Ev4z+wRcD/ziKUcRQ=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixos-router", "repo": "nixos-router",
"rev": "fd1c895481286b80759b128b082c7a4cc132614a", "rev": "e91a680d9e643208d818aafd15523ce2e387be2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,16 +260,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1696375444, "lastModified": 1700509298,
"narHash": "sha256-Sv0ICt/pXfpnFhTGYTsX6lUr1SljnuXWejYTI2ZqHa4=", "narHash": "sha256-I2BUpeOm77z+QpUPikxzjNw6bfLQ7ytN9TIUULv8y5Q=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "81e8f48ebdecf07aab321182011b067aafc78896", "rev": "929e4c17a6016102ce8c0e8888fee06f8e62973e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "release-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -277,11 +277,11 @@
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1693471703, "lastModified": 1698611440,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,22 +292,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs2": {
"locked": {
"lastModified": 1696696817,
"narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"notlua": { "notlua": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -315,11 +299,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1691609126, "lastModified": 1697413333,
"narHash": "sha256-InbGoENdL8LNT/09pl7AW5uv2ZSDburqr5LgvkJDfj0=", "narHash": "sha256-2nmu/+QhR/VhxFFr54l0Ok/yVhLCrrYVuTgeD4LHEhE=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "notlua", "repo": "notlua",
"rev": "0e972a0d23f2faa511b9a3f6d445204e18cd5020", "rev": "ef7cdb7a883fe87238c9fff13bc14ad1fd06f4ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -335,11 +319,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1691616520, "lastModified": 1700483422,
"narHash": "sha256-loZuL2YnMNwgH5GEZfXgXZadvo5P3Sp+YZSf9L3Wpu8=", "narHash": "sha256-ni6niOmObnG9EVGtaeT1I7ULz5+EkEewGTJVeFuWNuc=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "notnft", "repo": "notnft",
"rev": "118e25deeb741ba7963931212f02c96c50898578", "rev": "b3e6a023a13a81d70a6a30997e2f1aaf36feafb3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -350,11 +334,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1696624462, "lastModified": 1700512041,
"narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=", "narHash": "sha256-fAl29aDdOj4AjORaEh85hS0GkCCfjFFCymuOfF4P+Ek=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1", "rev": "4486267d862ccc8fbbac6c112ccf1f0595cfbd74",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -375,7 +359,6 @@
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixos-router": "nixos-router", "nixos-router": "nixos-router",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs2": "nixpkgs2",
"notlua": "notlua", "notlua": "notlua",
"notnft": "notnft", "notnft": "notnft",
"nur": "nur", "nur": "nur",
@ -390,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696558324, "lastModified": 1700446608,
"narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=", "narHash": "sha256-q/87GqBvQoUNBYiI3hwhsDqfyfk972RuZK+EwKab5s0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b", "rev": "e17bfe3baa0487f0671c9ed0e9057d10987ba7f7",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -3,9 +3,8 @@
inputs = { inputs = {
#nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f"; #nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs2.url = "github:nixos/nixpkgs/master"; nixpkgs.url = "github:nixos/nixpkgs/release-23.11";
# nixpkgs.url = "github:chayleaf/nixpkgs/ccache2";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
mobile-nixos = { mobile-nixos = {
# url = "github:NixOS/mobile-nixos"; # url = "github:NixOS/mobile-nixos";
@ -59,7 +58,6 @@
outputs = inputs@ outputs = inputs@
{ self { self
, nixpkgs , nixpkgs
, nixpkgs2
, nixos-hardware , nixos-hardware
, mobile-nixos , mobile-nixos
, impermanence , impermanence
@ -100,7 +98,7 @@
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr; if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
}; };
# can't use callPackage ./pkgs here, idk why; use import instead # can't use callPackage ./pkgs here, idk why; use import instead
overlay = self: super: import ./pkgs { overlay' = args: self: super: import ./pkgs ({
pkgs = super; pkgs = super;
pkgs' = self; pkgs' = self;
lib = super.lib; lib = super.lib;
@ -109,16 +107,17 @@
nurpkgs = super; nurpkgs = super;
}; };
nix-gaming = nix-gaming.packages.${super.system}; nix-gaming = nix-gaming.packages.${super.system};
}; } // args);
overlay = overlay' { };
# I override some settings down the line, but overlays always stay the same # I override some settings down the line, but overlays always stay the same
mkPkgs = config: import nixpkgs (config // { mkPkgs = config: import nixpkgs (config // {
overlays = (config.overlays or [ ]) ++ [ overlay ]; overlays = config.overlays or [ ] ++ [ overlay ];
}); });
# this is actual config, it gets processed below # this is actual config, it gets processed below
config = let config = let
mkBpiR3 = args: config: config // { mkBpiR3 = args: config: config // {
system = "aarch64-linux"; system = "aarch64-linux";
modules = (config.modules or [ ]) ++ [ (import ./system/devices/bpi-r3-router.nix args) ]; modules = config.modules or [ ] ++ [ (import ./system/devices/bpi-r3-router.nix args) ];
}; };
routerConfig = rec { routerConfig = rec {
system = "aarch64-linux"; system = "aarch64-linux";
@ -170,7 +169,6 @@
notlua = notlua.lib.${system}; notlua = notlua.lib.${system};
}; };
home.user = [ home.user = [
{ _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; }
nur.nixosModules.nur nur.nixosModules.nur
./home/hosts/nixmsi.nix ./home/hosts/nixmsi.nix
]; ];
@ -303,7 +301,7 @@
packages = lib.genAttrs [ packages = lib.genAttrs [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
] (system: let self = overlay ((mkPkgs { inherit system; }) // self) (import nixpkgs { inherit system; }); in self); ] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in { nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix { emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-emmc) config; inherit (nixosConfigurations.router-emmc) config;

View file

@ -13,7 +13,7 @@
cfg.enableKeePassXC = true; cfg.enableKeePassXC = true;
}; };
profiles.chayleaf = { profiles.chayleaf = {
extensions = with config.nur.repos.rycee.firefox-addons; [ extensions = (with config.nur.repos.rycee.firefox-addons; [
cookies-txt cookies-txt
don-t-fuck-with-paste don-t-fuck-with-paste
greasemonkey greasemonkey
@ -32,7 +32,7 @@
unpaywall unpaywall
vimium-c vimium-c
youtube-shorts-block youtube-shorts-block
] ++ (with pkgs.firefox-addons; [ ]) ++ (with pkgs.firefoxAddons; [
fastforwardteam fastforwardteam
middle-mouse-button-scroll middle-mouse-button-scroll
rikaitan rikaitan

View file

@ -60,8 +60,7 @@
set argv[1] fish set argv[1] fish
${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv ${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv
else if test $argv[1] = develop else if test $argv[1] = develop
set argv[1] fish command nix $argv --command fish
command nix develop --command $argv
else else
command nix $argv command nix $argv
end end
@ -77,8 +76,7 @@
set argv[1] fish set argv[1] fish
PATH="${nom-compat}/bin:$PATH" ${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv PATH="${nom-compat}/bin:$PATH" ${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv
else if test $argv[1] = develop else if test $argv[1] = develop
set argv[1] fish command nom $argv --command fish
command nom develop --command $argv
else if test $argv[1] = build else if test $argv[1] = build
command nom $argv command nom $argv
else else

View file

@ -83,11 +83,6 @@
}; };
}; };
}; };
neomutt = {
enable = true;
sidebar.enable = true;
vimKeys = true;
};
home-manager.enable = true; home-manager.enable = true;
# i only use this as a login shell # i only use this as a login shell
bash = { bash = {
@ -102,11 +97,16 @@
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
delta.enable = true; delta.enable = true;
extraConfig = { extraConfig = {
commit.gpgsign = true;
# disable the atrocious gui password prompt # disable the atrocious gui password prompt
core.askPass = ""; core.askPass = "";
# ...and prefer getting passwords from libsecret (and storing them there) # ...and prefer getting passwords from libsecret (and storing them there)
credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret"; credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret";
init.defaultBranch = "master"; init.defaultBranch = "master";
# no need for git pust -u origin <branch>
push.autoSetupRemote = true;
# allow different upstream branch name
push.default = "upstream";
}; };
lfs.enable = true; lfs.enable = true;
}; };
@ -155,7 +155,33 @@
# (because I use nix plugins and plugins are nix version-specific) # (because I use nix plugins and plugins are nix version-specific)
package = pkgs.nix-index-unwrapped; package = pkgs.nix-index-unwrapped;
}; };
#neomutt = {
# enable = true;
# sidebar.enable = true;
# vimKeys = true;
#};
alot = {
enable = true;
settings = {
handle_mouse = true;
initial_command = "search tag:inbox AND NOT tag:killed";
prefer_plaintext = true;
}; };
};
msmtp.enable = true;
notmuch = {
enable = true;
hooks.preNew = ''
${config.services.mbsync.package}/bin/mbsync --all || ${pkgs.coreutils}/bin/true
'';
};
mbsync.enable = true;
};
#services.mbsync.enable = true;
# TODO: see https://github.com/pazz/alot/issues/1632
home.file.".mailcap".text = ''
text/html; ${pkgs.w3m}/bin/w3m -dump -o document_charset=%{charset} -o display_link_number=1 '%s'; nametemplate=%s.html; copiousoutput
'';
systemd.user.timers.nix-index = { systemd.user.timers.nix-index = {
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];

View file

@ -1,4 +1,4 @@
{ config, pkgs, pkgs2, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ ./terminal.nix ]; imports = [ ./terminal.nix ];
i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in { i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in {
@ -178,10 +178,17 @@
input-default-bindings = false; input-default-bindings = false;
}; };
# profiles = { }; # profiles = { };
package = pkgs.wrapMpv (pkgs.mpv-unwrapped.override { package = pkgs.wrapMpv ((pkgs.mpv-unwrapped.override {
# webp support # webp support
ffmpeg_5 = pkgs.ffmpeg_5-full; ffmpeg_5 = pkgs.ffmpeg-custom;
}) { }).overrideAttrs (old: {
patches = old.patches or [] ++ [
(pkgs.fetchpatch {
url = "https://github.com/mpv-player/mpv/pull/11648.patch";
hash = "sha256-rp5VxVD74dY3w5rKct1BwFbruxpHsGk8zwtkkhdJovM=";
})
];
})) {
scripts = with pkgs.mpvScripts; [ scripts = with pkgs.mpvScripts; [
thumbnail thumbnail
mpris mpris
@ -254,7 +261,7 @@
# for working with nix # for working with nix
nix-init nix-init
pkgs2.nvfetcher nvfetcher
config.nur.repos.rycee.mozilla-addons-to-nix config.nur.repos.rycee.mozilla-addons-to-nix
anki-bin anki-bin

View file

@ -25,27 +25,6 @@
inherit (notlua-nvim.keywords) REQ REQ'; inherit (notlua-nvim.keywords) REQ REQ';
in let in let
vimg = name: PROP vim.g name; vimg = name: PROP vim.g name;
# _ is basically semicolon
_ = { __IS_SEPARATOR = true; };
splitList = sep: list:
let
ivPairs = lib.imap0 (i: x: { inherit i x; }) list;
is' = map ({ i, ... }: i) (builtins.filter ({ x, ... }: sep == x) ivPairs);
is = [ 0 ] ++ (map (x: x + 1) is');
ie = is' ++ [ (builtins.length list) ];
se = lib.zipLists is ie;
in
map ({ fst, snd }: lib.sublist fst (snd - fst) list) se;
# this transforms [ a b _ c _ d _ e f g ] into [ (a b) c d (RETURN (e f g)) ]
L = args:
let
spl = splitList _ args;
body = lib.init spl;
ret = lib.last spl;
in
(map
(list: builtins.foldl' lib.id (builtins.head list) (builtins.tail list))
body) ++ (if ret == [] then [] else [(APPLY RETURN ret)]);
keymapSetSingle = opts@{ keymapSetSingle = opts@{
mode, mode,
lhs, lhs,
@ -84,7 +63,6 @@
which-key = REQ "which-key"; which-key = REQ "which-key";
luasnip = REQ "luasnip"; luasnip = REQ "luasnip";
compile' = name: stmts: compile name (L stmts);
in { in {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
@ -114,40 +92,40 @@
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
extraLuaConfig = (compile' "main" [ extraLuaConfig = compile "main" [
kmSetNs { (kmSetNs {
"<C-X>" = { "<C-X>" = {
rhs = DEFUN (vim.fn.system [ "chmod" "+x" (vim.fn.expand "%") ]); rhs = DEFUN (vim.fn.system [ "chmod" "+x" (vim.fn.expand "%") ]);
desc = "chmod +x %"; desc = "chmod +x %";
}; };
} _ })
SET (vimg "vimsyn_embed") "l" _ (SET (vimg "vimsyn_embed") "l")
LET (vim.api.nvim_create_augroup "nvimrc" { clear = true; }) (group: (LET (vim.api.nvim_create_augroup "nvimrc" { clear = true; }) (group:
lib.mapAttrsToList (k: v: vim.api.nvim_create_autocmd k { inherit group; callback = v; }) { lib.mapAttrsToList (k: v: vim.api.nvim_create_autocmd k { inherit group; callback = v; }) {
BufReadPre = DEFUN (SET vim.o.foldmethod "syntax"); BufReadPre = DEFUN (SET vim.o.foldmethod "syntax");
BufEnter = { buf, ... }: BufEnter = { buf, ... }:
LET (vim.filetype.match { inherit buf; }) (filetype: L [ LET (vim.filetype.match { inherit buf; }) (filetype: [
IF (APPLY OR (map (EQ filetype) [ "gitcommit" "markdown" ])) ( (IF (APPLY OR (map (EQ filetype) [ "gitcommit" "markdown" "mail" ])) (
LET vim.o.colorcolumn (old_colorcolumn: L [ LET vim.o.colorcolumn (old_colorcolumn: [
SET vim.o.colorcolumn "73" _ (SET vim.o.colorcolumn "73")
vim.api.nvim_create_autocmd "BufLeave" { (vim.api.nvim_create_autocmd "BufLeave" {
buffer = buf; buffer = buf;
callback = DEFUN (L [ callback = DEFUN [
SET vim.o.colorcolumn old_colorcolumn _ (SET vim.o.colorcolumn old_colorcolumn)
# return true = delete autocommand # return true = delete autocommand
true (RETURN true)
]); ];
} _ })
]) ])
) _ ))
IF (EQ filetype "markdown") ( (IF (APPLY OR (map (EQ filetype) [ "markdown" "mail" ])) (
(SET (IDX vim.bo buf).textwidth 72) (SET (IDX vim.bo buf).textwidth 72)
) _ ))
]); ]);
BufWinEnter = { buf, ... }: BufWinEnter = { buf, ... }:
LET (vim.filetype.match { inherit buf; }) (filetype: L [ LET (vim.filetype.match { inherit buf; }) (filetype: [
CALL (PROP vim.cmd "folddoc") "foldopen!" _ (CALL (PROP vim.cmd "folddoc") "foldopen!")
IF (EQ filetype "gitcommit") ( (IF (EQ filetype "gitcommit") (
vim.cmd { vim.cmd {
cmd = "normal"; bang = true; cmd = "normal"; bang = true;
args = [ "gg" ]; args = [ "gg" ];
@ -171,11 +149,11 @@
cmd = "normal"; bang = true; cmd = "normal"; bang = true;
args = [ "gg" ]; args = [ "gg" ];
}) })
)) _ )))
]); ]);
} }
) _ ))
]); ];
plugins = let ps = pkgs.vimPlugins; in map (x: if x?config && x?plugin then { type = "lua"; } // x else x) [ plugins = let ps = pkgs.vimPlugins; in map (x: if x?config && x?plugin then { type = "lua"; } // x else x) [
ps.vim-svelte ps.vim-svelte
# vim-nix isn't necessary for syntax highlighting, but it improves overall editing experience # vim-nix isn't necessary for syntax highlighting, but it improves overall editing experience
@ -190,8 +168,8 @@
sha256 = "sha256-X2IgIjO5NNq7vJdl09hBY1TFqHlsfF1xfllKr4osILI="; sha256 = "sha256-X2IgIjO5NNq7vJdl09hBY1TFqHlsfF1xfllKr4osILI=";
}; };
}; };
config = compile' "vscode_nvim" [ config = compile "vscode_nvim" [
(REQ "vscode").setup { ((REQ "vscode").setup {
transparent = true; transparent = true;
color_overrides = { color_overrides = {
vscGray = "#745b5f"; vscGray = "#745b5f";
@ -208,25 +186,25 @@
vscYellow = "#${config.colors.yellow}"; vscYellow = "#${config.colors.yellow}";
vscPink = "#cf83c4"; vscPink = "#cf83c4";
}; };
} _ })
vim.api.nvim_set_hl 0 "NormalFloat" { (vim.api.nvim_set_hl 0 "NormalFloat" {
bg = "NONE"; bg = "NONE";
} _ })
]; } ]; }
{ plugin = ps.nvim-web-devicons; { plugin = ps.nvim-web-devicons;
config = compile "nvim_web_devicons" ((REQ "nvim-web-devicons").setup { }); } config = compile "nvim_web_devicons" ((REQ "nvim-web-devicons").setup { }); }
{ plugin = ps.nvim-tree-lua; { plugin = ps.nvim-tree-lua;
config = compile "nvim_tree_lua" (LET (REQ "nvim-tree") (REQ "nvim-tree.api") (nvim-tree: nvim-tree-api: L [ config = compile "nvim_tree_lua" (LET (REQ "nvim-tree") (REQ "nvim-tree.api") (nvim-tree: nvim-tree-api: [
SET (vimg "loaded_netrw") 1 _ (SET (vimg "loaded_netrw") 1)
SET (vimg "loaded_netrwPlugin") 1 _ (SET (vimg "loaded_netrwPlugin") 1)
SET vim.o.termguicolors true _ (SET vim.o.termguicolors true)
nvim-tree.setup { } _ # :help nvim-tree-setup (nvim-tree.setup { }) # :help nvim-tree-setup
kmSetNs { (kmSetNs {
"<C-N>" = { "<C-N>" = {
rhs = nvim-tree-api.tree.toggle; rhs = nvim-tree-api.tree.toggle;
desc = "Toggle NvimTree"; desc = "Toggle NvimTree";
}; };
} _ })
])); } ])); }
ps.vim-sleuth ps.vim-sleuth
ps.luasnip ps.luasnip
@ -259,9 +237,9 @@
}; };
}; };
formatting = { formatting = {
format = entry: vim_item: let kind = PROP vim_item "kind"; in L [ format = entry: vim_item: let kind = PROP vim_item "kind"; in [
SET kind (string.format "%s %s" (IDX lspkind kind) kind) _ (SET kind (string.format "%s %s" (IDX lspkind kind) kind))
vim_item (RETURN vim_item)
]; ];
}; };
mapping = { mapping = {
@ -311,28 +289,28 @@
config = compile "nvim_autopairs" (LET config = compile "nvim_autopairs" (LET
(REQ "cmp") (REQ "nvim-autopairs.completion.cmp") (REQ "nvim-autopairs") (REQ "cmp") (REQ "nvim-autopairs.completion.cmp") (REQ "nvim-autopairs")
(cmp: cmp-autopairs: nvim-autopairs: (cmp: cmp-autopairs: nvim-autopairs:
L [ [
nvim-autopairs.setup { (nvim-autopairs.setup {
disable_filetype = [ "TelescopePrompt" "vim" ]; disable_filetype = [ "TelescopePrompt" "vim" ];
} _ })
cmp.event.on cmp.event "confirm_done" (cmp-autopairs.on_confirm_done { }) _ (cmp.event.on cmp.event "confirm_done" (cmp-autopairs.on_confirm_done { }))
])); } ])); }
{ plugin = ps.comment-nvim; { plugin = ps.comment-nvim;
config = compile' "comment_nvim" [ config = compile "comment_nvim" [
(REQ "Comment").setup { } _ ((REQ "Comment").setup { })
kmSetNs { (kmSetNs {
"<space>/" = { "<space>/" = {
# metatables...... # metatables......
rhs = REQ' (PROP (require "Comment.api") "toggle.linewise.current"); rhs = REQ' (PROP (require "Comment.api") "toggle.linewise.current");
desc = "Comment current line"; desc = "Comment current line";
}; };
} _ })
kmSetVs { (kmSetVs {
"<space>/" = { "<space>/" = {
rhs = "<esc><cmd>lua require('Comment.api').toggle.linewise(vim.fn.visualmode())<cr>"; rhs = "<esc><cmd>lua require('Comment.api').toggle.linewise(vim.fn.visualmode())<cr>";
desc = "Comment selection"; desc = "Comment selection";
}; };
} _ })
]; } ]; }
{ plugin = ps.nvim-lspconfig; { plugin = ps.nvim-lspconfig;
config = compile "nvim_lspconfig" ( config = compile "nvim_lspconfig" (
@ -341,9 +319,9 @@
(REQ "lspconfig.server_configurations.${name}") (REQ "lspconfig.server_configurations.${name}")
# metatables, son! they harden in response to physical trauma # metatables, son! they harden in response to physical trauma
(REQ' (PROP (require "lspconfig") name)); (REQ' (PROP (require "lspconfig") name));
in L [ in [
# See `:help vim.diagnostic.*` for documentation on any of the below functions # See `:help vim.diagnostic.*` for documentation on any of the below functions
kmSetNs { (kmSetNs {
"<space>e" = { "<space>e" = {
rhs = vim.diagnostic.open_float; rhs = vim.diagnostic.open_float;
desc = "Show diagnostics in a floating window."; desc = "Show diagnostics in a floating window.";
@ -360,19 +338,17 @@
rhs = vim.diagnostic.setloclist; rhs = vim.diagnostic.setloclist;
desc = "Add buffer diagnostics to the location list."; desc = "Add buffer diagnostics to the location list.";
}; };
} _ })
LET (LET
# LET on_attach # LET on_attach
(client: bufnr: L [ (client: bufnr: [
SET (IDX vim.bo bufnr).omnifunc "v:lua.vim.lsp.omnifunc" _ (SET (IDX vim.bo bufnr).omnifunc "v:lua.vim.lsp.omnifunc")
# Mappings. # Mappings.
# See `:help vim.lsp.*` for documentation on any of the below functions # See `:help vim.lsp.*` for documentation on any of the below functions
keymapSetNs { (keymapSetNs {
buffer = bufnr; buffer = bufnr;
keys = { keys = {
"gD" = { "gD" = { rhs = vim.lsp.buf.declaration; desc = "Jumps to the declaration of the symbol under the cursor."; };
rhs = vim.lsp.buf.declaration;
desc = "Jumps to the declaration of the symbol under the cursor."; };
"gd" = { "gd" = {
rhs = vim.lsp.buf.definition; rhs = vim.lsp.buf.definition;
desc = "Jumps to the definition of the symbol under the cursor."; }; desc = "Jumps to the definition of the symbol under the cursor."; };
@ -410,7 +386,7 @@
rhs = DEFUN (vim.lsp.buf.format { async = true; }); rhs = DEFUN (vim.lsp.buf.format { async = true; });
desc = "Formats a buffer."; }; desc = "Formats a buffer."; };
}; };
} _ })
]) ])
# LET rust_settings # LET rust_settings
{ rust-analyzer = { { rust-analyzer = {
@ -428,29 +404,29 @@
(on_attach: rust_settings: capabilities: (on_attach: rust_settings: capabilities:
LETREC LETREC
# LETREC on_attach_rust # LETREC on_attach_rust
(on_attach_rust: client: bufnr: L [ (on_attach_rust: client: bufnr: [
vim.api.nvim_buf_create_user_command bufnr "RustAndroid" (opts: L [ (vim.api.nvim_buf_create_user_command bufnr "RustAndroid" (opts: [
vim.lsp.set_log_level "debug" _ (vim.lsp.set_log_level "debug")
(lsp "rust_analyzer").setup { ((lsp "rust_analyzer").setup {
on_attach = on_attach_rust; on_attach = on_attach_rust;
inherit capabilities; inherit capabilities;
settings = vim.tbl_deep_extend settings = vim.tbl_deep_extend
"keep" "keep"
config.rustAnalyzerAndroidSettings config.rustAnalyzerAndroidSettings
rust_settings; rust_settings;
} _ })
]) {} _ ]) {})
on_attach client bufnr _ (on_attach client bufnr)
]) ])
# BEGIN # BEGIN
(let setupLsp = name: args: (lsp name).setup ({ (let setupLsp = name: args: (lsp name).setup ({
inherit on_attach capabilities; inherit on_attach capabilities;
settings = { }; settings = { };
} // args); } // args);
in on_attach_rust: L [ in on_attach_rust: [
# vim.lsp.set_log_level "debug" _ # (vim.lsp.set_log_level "debug")
# see https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md # see https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
lib.mapAttrsToList setupLsp { (lib.mapAttrsToList setupLsp {
bashls = { }; bashls = { };
clangd = { }; clangd = { };
# https://github.com/python-lsp/python-lsp-server/blob/develop/CONFIGURATION.md # https://github.com/python-lsp/python-lsp-server/blob/develop/CONFIGURATION.md
@ -471,15 +447,15 @@
on_attach = on_attach_rust; on_attach = on_attach_rust;
settings = rust_settings; settings = rust_settings;
}; };
} _ })
]) # END ]) # END
) _ # END )) # END
]); } ]); }
{ plugin = ps.which-key-nvim; { plugin = ps.which-key-nvim;
config = compile' "which_key_nvim" [ config = compile "which_key_nvim" [
SET vim.o.timeout true _ (SET vim.o.timeout true)
SET vim.o.timeoutlen 500 _ (SET vim.o.timeoutlen 500)
which-key.setup { } _ (which-key.setup { })
]; } ]; }
]; ];
}; };

1407
pkgs/Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -22,24 +22,24 @@
"pinned": false, "pinned": false,
"src": { "src": {
"name": null, "name": null,
"sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=", "sha256": "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=",
"type": "url", "type": "url",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz" "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz"
}, },
"version": "GE-Proton8-16" "version": "GE-Proton8-24"
}, },
"searxng": { "searxng": {
"cargoLocks": null, "cargoLocks": null,
"date": "2023-10-06", "date": "2023-11-14",
"extract": null, "extract": null,
"name": "searxng", "name": "searxng",
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=", "sha256": "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz" "url": "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz"
}, },
"version": "ce270961e82585971579844c64d7cde5f5d855ec" "version": "b3d29cb86db4cc1a4e6320016529d1361451e1f1"
} }
} }

View file

@ -12,19 +12,19 @@
}; };
proton-ge = { proton-ge = {
pname = "proton-ge"; pname = "proton-ge";
version = "GE-Proton8-16"; version = "GE-Proton8-24";
src = fetchurl { src = fetchurl {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"; url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz";
sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8="; sha256 = "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=";
}; };
}; };
searxng = { searxng = {
pname = "searxng"; pname = "searxng";
version = "ce270961e82585971579844c64d7cde5f5d855ec"; version = "b3d29cb86db4cc1a4e6320016529d1361451e1f1";
src = fetchTarball { src = fetchTarball {
url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"; url = "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz";
sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE="; sha256 = "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=";
}; };
date = "2023-10-06"; date = "2023-11-14";
}; };
} }

View file

@ -1,25 +0,0 @@
# TODO: remove this file when searxng gets updated in nixpkgs
{ lib
, buildPythonPackage
, fetchPypi
}:
buildPythonPackage rec {
pname = "chompjs";
version = "1.2.2";
format = "setuptools";
src = fetchPypi {
inherit pname version;
hash = "sha256-I5PbVinyjO1OF78t9h67lVBM/VsogYoMj3iFZS4WTn8=";
};
pythonImportsCheck = [ "chompjs" ];
meta = with lib; {
description = "Parsing JavaScript objects into Python dictionaries";
homepage = "https://pypi.org/project/chompjs/";
license = licenses.mit;
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -3,6 +3,7 @@
, nur , nur
, nix-gaming , nix-gaming
, pkgs' ? pkgs , pkgs' ? pkgs
, isOverlay ? true
, ... }: , ... }:
let let
inherit (pkgs') callPackage; inherit (pkgs') callPackage;
@ -65,8 +66,33 @@ in
/*ghidra = pkgs.ghidra.overrideAttrs (old: { /*ghidra = pkgs.ghidra.overrideAttrs (old: {
patches = old.patches ++ [ ./ghidra-stdcall.patch ]; patches = old.patches ++ [ ./ghidra-stdcall.patch ];
});*/ });*/
ffmpeg-custom = (pkgs'.ffmpeg_6-full.override {
withCuda = false;
withCudaLLVM = false;
withNvdec = false;
withNvenc = false;
}).overrideAttrs (old: {
version = "unstable-20231031";
src = pkgs'.fetchgit {
url = "https://git.ffmpeg.org/ffmpeg.git";
rev = "4e5f3e6b8e1132354eed810dfdadf87f45c5de27";
hash = "sha256-fiWkU9fK8qPmxl2MOADKdlFf6XjHGKFhi8uaWltphCE=";
};
patches = [ ];
postPatch = ''
${old.postPatch or ""}
substituteInPlace libavutil/hwcontext_vulkan.c \
--replace FF_VK_KHR_VIDEO_DECODE_QUEUE FF_VK_EXT_VIDEO_DECODE_QUEUE \
--replace FF_VK_KHR_VIDEO_DECODE_H264 FF_VK_EXT_VIDEO_DECODE_H264 \
--replace FF_VK_KHR_VIDEO_DECODE_H265 FF_VK_EXT_VIDEO_DECODE_H265 \
--replace FF_VK_KHR_VIDEO_DECODE_AV1 FF_VK_EXT_VIDEO_DECODE_AV1
'';
buildInputs = old.buildInputs ++ [ pkgs'.libaribcaption ];
configureFlags = old.configureFlags ++ [ "--enable-libaribcaption" ];
});
gimp = callPackage ./gimp { inherit (pkgs) gimp; }; gimp = callPackage ./gimp { inherit (pkgs) gimp; };
home-daemon = callPackage ./home-daemon { }; home-daemon = callPackage ./home-daemon { };
libaribcaption = callPackage ./libaribcaption { };
# pin version # pin version
looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: { looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: {
version = "B6"; version = "B6";
@ -81,7 +107,6 @@ in
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: { kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src; inherit (pkgs'.looking-glass-client) version src;
}); });
pineapplebot = callPackage ./pineapplebot.nix { };
proton-ge = pkgs.stdenvNoCC.mkDerivation { proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src; inherit (sources.proton-ge) pname version src;
installPhase = '' installPhase = ''
@ -90,21 +115,18 @@ in
''; '';
}; };
rofi-steam-game-list = callPackage ./rofi-steam-game-list { }; rofi-steam-game-list = callPackage ./rofi-steam-game-list { };
scanservjs = callPackage ./scanservjs.nix { }; scanservjs = callPackage ./scanservjs { };
searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: { searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: {
inherit (sources.searxng) src; inherit (sources.searxng) src;
version = "unstable-" + sources.searxng.date; version = "unstable-" + sources.searxng.date;
propagatedBuildInputs = old.propagatedBuildInputs ++ [ postInstall = builtins.replaceStrings [ "/botdetection" ] [ "" ] old.postInstall;
(pkgs'.python3.pkgs.callPackage ./chompjs.nix { })
];
})); }));
# system76-scheduler = callPackage ./system76-scheduler.nix { };
techmino = callPackage ./techmino { }; techmino = callPackage ./techmino { };
firefox-addons = lib.recurseIntoAttrs (callPackage ./firefox-addons { inherit nur sources; }); firefoxAddons = lib.recurseIntoAttrs (callPackage ./firefox-addons { inherit nur sources; });
mpvScripts = pkgs.mpvScripts // callPackage ./mpv-scripts { }; mpvScripts = lib.optionalAttrs isOverlay pkgs.mpvScripts // callPackage ./mpv-scripts { };
qemu_7 = callPackage ./qemu_7.nix { qemu_7 = callPackage ./qemu/7.nix {
stdenv = pkgs'.ccacheStdenv; stdenv = pkgs'.ccacheStdenv;
inherit (pkgs.darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor vmnet; inherit (pkgs.darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor vmnet;
inherit (pkgs.darwin.stubs) rez setfile; inherit (pkgs.darwin.stubs) rez setfile;
@ -118,7 +140,7 @@ in
qemu_7_xen_4_15-light = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; xenSupport = true; xen = pkgs.xen_4_15-light; }); qemu_7_xen_4_15-light = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; xenSupport = true; xen = pkgs.xen_4_15-light; });
qemu_7_test = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; nixosTestRunner = true; }); qemu_7_test = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; nixosTestRunner = true; });
# TODO: when https://gitlab.com/virtio-fs/virtiofsd/-/issues/96 is fixed remove this # TODO: when https://gitlab.com/virtio-fs/virtiofsd/-/issues/96 is fixed remove this
virtiofsd = callPackage ./qemu_virtiofsd.nix { virtiofsd = callPackage ./qemu/virtiofsd.nix {
qemu = pkgs'.qemu_7; qemu = pkgs'.qemu_7;
}; };
@ -130,5 +152,6 @@ in
stdenv = pkgs'.ccacheStdenv; stdenv = pkgs'.ccacheStdenv;
}; };
} }
// import ./postgresql-packages { inherit pkgs pkgs' lib sources isOverlay; }
// import ./ccache.nix { inherit pkgs pkgs' lib sources; } // import ./ccache.nix { inherit pkgs pkgs' lib sources; }
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; } // import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }

View file

@ -63,10 +63,10 @@
}; };
"youtube-nonstop" = buildFirefoxXpiAddon { "youtube-nonstop" = buildFirefoxXpiAddon {
pname = "youtube-nonstop"; pname = "youtube-nonstop";
version = "0.9.1"; version = "0.9.2";
addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}"; addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}";
url = "https://addons.mozilla.org/firefox/downloads/file/3848483/youtube_nonstop-0.9.1.xpi"; url = "https://addons.mozilla.org/firefox/downloads/file/4187690/youtube_nonstop-0.9.2.xpi";
sha256 = "8340d57622a663949ec1768eb37d47651c809fadf0ffaa5ff546c48fdd28e33d"; sha256 = "7659d180f76ea908ea81b84ed9bdd188624eaaa62b88accbe6d8ad4e8caeff38";
meta = with lib; meta = with lib;
{ {
homepage = "https://github.com/lawfx/YoutubeNonStop"; homepage = "https://github.com/lawfx/YoutubeNonStop";

View file

@ -1,16 +0,0 @@
diff --git a/kvmfr.c b/kvmfr.c
index 121aae5b..2f4c9e1a 100644
--- a/kvmfr.c
+++ b/kvmfr.c
@@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void)
if (kvmfr->major < 0)
goto out_free;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME);
+#else
+ kvmfr->pClass = class_create(KVMFR_DEV_NAME);
+#endif
if (IS_ERR(kvmfr->pClass))
goto out_unreg;

View file

@ -0,0 +1,33 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, fontconfig
, freetype
}:
stdenv.mkDerivation rec {
pname = "libaribcaption";
version = "1.1.1";
src = fetchFromGitHub {
owner = "xqq";
repo = "libaribcaption";
rev = "v${version}";
hash = "sha256-x6l0ZrTktSsqfDLVRXpQtUOruhfc8RF3yT991UVZiKA=";
};
nativeBuildInputs = [ cmake ];
cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" ];
buildInputs = lib.optionals (!stdenv.isDarwin) [ fontconfig freetype ];
meta = with lib; {
description = "Portable ARIB STD-B24 Caption Decoder/Renderer";
homepage = "https://github.com/xqq/libaribcaption";
license = licenses.mit;
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -1,34 +0,0 @@
{ python3
, fetchFromGitHub
, rustPlatform
, magic ? "<PIZZABOT_MAGIC_SEP>"
, ... }:
python3.pkgs.buildPythonPackage rec {
pname = "pineapplebot";
version = "0.1.0";
src = fetchFromGitHub {
owner = "chayleaf";
repo = "pizzabot_v3";
rev = "master";
sha256 = "sha256-ZLskMlllZfmqIlbSr0pNHHJehDycohiwqgYbuEYP7Qc=";
};
preBuild = ''
head -n13 Cargo.toml > Cargo.toml.new
mv Cargo.toml.new Cargo.toml
'';
sourceRoot = "source/pineapplebot";
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src sourceRoot;
name = "${pname}-${version}";
sha256 = "14jxgykwg1apy97gy1j8mz7ny2cqg4q9s03a2bk9kx2y6ibm4668";
};
nativeBuildInputs = with rustPlatform; [
cargoSetupHook
maturinBuildHook
];
doCheck = false;
doInstallCheck = true;
pythonImportsCheck = [ "pineapplebot" ];
PIZZABOT_MAGIC = magic;
}

View file

@ -0,0 +1,45 @@
{ pkgs
, pkgs'
, isOverlay
, lib
, ... }:
let
inherit (pkgs') callPackage;
extraPackages = {
tsja = callPackage ./tsja.nix { };
};
gen' = postgresql: builtins.mapAttrs (k: v: v.override { inherit postgresql; }) extraPackages;
gen = ver:
lib.optionalAttrs isOverlay pkgs."postgresql${toString ver}Packages"
// gen' pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
psql = ver: let
old = pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
in old // { pkgs = old.pkgs // gen' old; };
self = {
mecab = pkgs.mecab.overrideAttrs (old: {
postInstall = ''
mkdir -p $out/lib/mecab/dic
ln -s ${callPackage /${pkgs.path}/pkgs/tools/text/mecab/ipadic.nix {
mecab-nodic = callPackage /${pkgs.path}/pkgs/tools/text/mecab/nodic.nix { };
}} $out/lib/mecab/dic/ipadic
'';
});
postgresqlPackages = gen "";
postgresql11Packages = gen 11;
postgresql12Packages = gen 12;
postgresql13Packages = gen 13;
postgresql14Packages = gen 14;
postgresql15Packages = gen 15;
postgresql16Packages = gen 16;
} // lib.optionalAttrs isOverlay {
postgresql = psql "";
postgresql_11 = psql 11;
postgresql_12 = psql 12;
postgresql_13 = psql 13;
postgresql_14 = psql 14;
postgresql_15 = psql 15;
postgresql_16 = psql 16;
};
in self

View file

@ -0,0 +1,39 @@
{ lib
, stdenv
, postgresql
, mecab
}:
stdenv.mkDerivation rec {
pname = "tsja";
version = "0.5.0";
src = fetchTarball {
url = "https://www.amris.jp/tsja/tsja-${version}.tar.xz";
sha256 = "0hx4iygnqw1ay3nwrf3x2izflw4ip9i8i0yny26vivdz862m97w7";
};
postPatch = ''
substituteInPlace Makefile \
--replace /usr/local/pgsql ${postgresql} \
--replace -L/usr/local/lib "" \
--replace -I/usr/local/include ""
substituteInPlace tsja.c --replace /usr/local/lib/mecab ${mecab}/lib/mecab
'';
buildInputs = [ postgresql mecab ];
installPhase = ''
mkdir -p $out/lib $out/share/postgresql/extension
cp libtsja.so $out/lib
cp dbinit_libtsja.txt $out/share/postgresql/extension/libtsja_dbinit.sql
'';
meta = with lib; {
description = "PostgreSQL extension implementing Japanese text search";
homepage = "https://www.amris.jp/tsja/index.html";
maintainers = with maintainers; [ chayleaf ];
platforms = postgresql.meta.platforms;
license = licenses.postgresql;
};
}

View file

@ -1,91 +0,0 @@
{ lib
, fetchFromGitHub
, buildNpmPackage
, fetchNpmDeps
, nodejs
}:
let
version = "2.27.0";
src = fetchFromGitHub {
owner = "sbs20";
repo = "scanservjs";
rev = "v${version}";
hash = "sha256-GFpfH7YSXFRNRmx8F2bUJsGdPW1ECT7AQquJRxiRJEU=";
};
depsHashes = {
server = "sha256-V4w4euMl67eS4WNIFM8j06/JAEudaq+4zY9pFVgTmlY=";
client = "sha256-r/uYaXpQnlI90Yn6mo2KViKDMHE8zaCAxNFnEZslnaY=";
};
serverDepsForClient = fetchNpmDeps {
inherit src nodejs;
sourceRoot = "${src.name}/packages/server";
name = "scanservjs-server";
hash = depsHashes.server or lib.fakeHash;
};
# static client files
client = buildNpmPackage ({
pname = "scanservjs-static";
inherit version src nodejs;
sourceRoot = "${src.name}/packages/client";
npmDepsHash = depsHashes.client or lib.fakeHash;
preBuild = ''
cd ../server
chmod +w package-lock.json . /build/source/
npmDeps=${serverDepsForClient} npmConfigHook
cd ../client
'';
env.NODE_OPTIONS = "--openssl-legacy-provider";
dontNpmInstall = true;
installPhase = ''
mv /build/source/dist/client $out
'';
});
in buildNpmPackage {
pname = "scanservjs";
inherit version src nodejs;
sourceRoot = "${src.name}/packages/server";
npmDepsHash = depsHashes.server or lib.fakeHash;
preBuild = ''
chmod +w /build/source
substituteInPlace src/server.js --replace "express.static('client')" "express.static('${client}')"
substituteInPlace src/api.js --replace \
'`''${config.previewDirectory}/default.jpg`' \
"'$out/lib/node_modules/scanservjs-api/data/preview/default.jpg'"
substituteInPlace src/application.js --replace \
"'../../config/config.local.js'" \
"process.env.NIX_SCANSERVJS_CONFIG_PATH"
substituteInPlace src/classes/user-options.js --replace \
"const localPath = path.join(__dirname, localConfigPath);" \
"const localPath = localConfigPath;"
substituteInPlace src/configure.js --replace \
"fs.mkdirSync(config.outputDirectory, { recursive: true });" \
"fs.mkdirSync(config.outputDirectory, { recursive: true }); fs.mkdirSync(config.previewDirectory, { recursive: true });"
'';
postInstall = ''
mkdir -p $out/bin
makeWrapper ${nodejs}/bin/node $out/bin/scanservjs \
--set NODE_ENV production \
--add-flags "'$out/lib/node_modules/scanservjs-api/src/server.js'"
'';
meta = with lib; {
description = "SANE scanner nodejs web ui";
longDescription = "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.";
homepage = "https://github.com/sbs20/scanservjs";
license = licenses.gpl2Only;
mainProgram = "scanservjs";
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -0,0 +1,46 @@
{ lib
, fetchFromGitHub
, buildNpmPackage
, nodejs
}:
buildNpmPackage {
pname = "scanservjs";
version = "3.0.3";
src = fetchFromGitHub {
# owner = "sbs20";
owner = "chayleaf";
repo = "scanservjs";
# rev = "v${version}";
rev = "bf41a95c9cd6bd924d6e14a28da6d33ddc64ef2e";
hash = "sha256-ePg8spI1rlWYcpjtax7gaZp2wUX4beHzMd71b8XKNG8=";
};
inherit nodejs;
npmDepsHash = "sha256-bigIFAQ2RLk6yxbUcMnmXwgaEkzFFUYn+hE7RIiFm8Y=";
preBuild = ''
npm run build
'';
postInstall = ''
mv $out/lib/node_modules/scanservjs/node_modules dist/
rm -rf $out/lib/node_modules/scanservjs
mv dist $out/lib/node_modules/scanservjs
mkdir -p $out/bin
makeWrapper ${nodejs}/bin/node $out/bin/scanservjs \
--set NODE_ENV production \
--add-flags "'$out/lib/node_modules/scanservjs/server/server.js'"
'';
meta = with lib; {
description = "SANE scanner nodejs web ui";
longDescription = "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.";
homepage = "https://github.com/sbs20/scanservjs";
license = licenses.gpl2Only;
mainProgram = "scanservjs";
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -1,65 +0,0 @@
{ lib
, fetchFromGitHub
, writeText
, rustPlatform
, pkg-config
, dbus
, bcc
}:
rustPlatform.buildRustPackage {
pname = "system76-scheduler";
version = "unstable-2022-11-08";
src = fetchFromGitHub {
owner = "pop-os";
repo = "system76-scheduler";
rev = "0fe4d8dfc4275fd856aee28ca942b9fa53229fc9";
sha256 = "sha256-uFFJkuMxqcGj6OQShF0zh/FGwX4/ln1l6NwGonkUsNI=";
};
cargoPatches = [(writeText "ron-rev.diff" ''
diff --git i/daemon/Cargo.toml w/daemon/Cargo.toml
index 0397788..fbd6202 100644
--- i/daemon/Cargo.toml
+++ w/daemon/Cargo.toml
@@ -33,7 +33,7 @@ clap = { version = "3.1.18", features = ["cargo"] }
# Necessary for deserialization of untagged enums in assignments.
[dependencies.ron]
git = "https://github.com/MomoLangenstein/ron"
-branch = "253-untagged-enums"
+rev = "afb960bb8b0402a79260533aa3b9d87a8abae72b"
[dependencies.tracing-subscriber]
version = "0.3.11"
diff --git i/Cargo.lock w/Cargo.lock
index a782756..fe56c1f 100644
--- i/Cargo.lock
+++ w/Cargo.lock
@@ -788,7 +788,7 @@ dependencies = [
[[package]]
name = "ron"
version = "0.8.0"
-source = "git+https://github.com/MomoLangenstein/ron?branch=253-untagged-enums#afb960bb8b0402a79260533aa3b9d87a8abae72b"
+source = "git+https://github.com/MomoLangenstein/ron?rev=afb960bb8b0402a79260533aa3b9d87a8abae72b#afb960bb8b0402a79260533aa3b9d87a8abae72b"
dependencies = [
"base64",
"bitflags",
'')];
cargoSha256 = "sha256-tY7o09Nu1/Lbn//5+iecUmV67Aw1QvVLdUaD8DDgKi0=";
cargoLock.lockFile = ./Cargo.lock;
cargoLock.outputHashes."ron-0.8.0" = "sha256-k+LuTEq97/DohcsulXoLXWqFLzPUzIR1D5pGru+M5Ew=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ dbus ];
EXECSNOOP_PATH = "${bcc}/bin/execsnoop";
postInstall = ''
install -D -m 0644 data/com.system76.Scheduler.conf $out/etc/dbus-1/system.d/com.system76.Scheduler.conf
mkdir -p $out/etc/system76-scheduler
install -D -m 0644 data/*.ron $out/etc/system76-scheduler/
'';
meta = {
description = "System76 Scheduler";
homepage = "https://github.com/pop-os/system76-scheduler";
license = lib.licenses.mpl20;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

View file

@ -1,6 +1,6 @@
# copy a path to store (needed because I don't copy the secrets to store by default) # copy a path to store (needed because I don't copy the secrets to store by default)
# arg must be a string because of how nix handles relative paths as absolute # arg must be a string because of how nix handles relative paths as absolute
{ copyToStore ? (pkgs: name: x: ./. + x) { copyToStore ? (pkgs: name: x: ./${x})
, ... }: { , ... }: {
nixmsi = { nixmsi = {
system = { pkgs, ... }: { system = { pkgs, ... }: {

View file

@ -1,4 +1,5 @@
{ hardware { hardware
, pkgs
, ... }: , ... }:
{ {
@ -12,6 +13,7 @@
common.resolution = "1920x1080"; common.resolution = "1920x1080";
vfio.pciIDs = [ "1002:73df" "1002:ab28" ]; vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
boot = { boot = {
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
initrd.availableKernelModules = [ "nvme" "xhci_pci" ]; initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
kernelParams = [ kernelParams = [
# disable PSR to *hopefully* avoid random hangs # disable PSR to *hopefully* avoid random hangs
@ -51,4 +53,19 @@
}; };
}) })
]; ];
specialisation.no_patches.configuration = {
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src;
dontFixup = true;
passthru = { inherit (prev.linux-firmware) version; };
installFlags = [ "DESTDIR=$(out)" ];
patches = [ ];
postPatch = "";
};
})
];
};
} }

View file

@ -6,8 +6,44 @@
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ]; boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ];
# TODO: switch to upstream when PCIe support works # TODO: switch to upstream when PCIe support works
# boot.kernelPackages = pkgs.linuxPackages_testing; boot.kernelPackages = pkgs.linuxPackages_testing;
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux { # not sure whether they are needed anymore, but it won't hurt, right?
boot.kernelPatches = [
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/fab08a275f328e2e0a6fef73226e45eb1d4bb108.patch"; sha256 = "1rw9n9if9xh91k05284vwbarmhpscspvl4cg7qrfd99myd2z3dql"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/967c218122840e468981031fd8888846727f5282.patch"; sha256 = "1i0bxsmpxpykxychcaww5schilngk1whh8wrmvh5rng84nmn8bn4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5747896098cee178de4bed1eb0052893690eb40e.patch"; sha256 = "1lmgj0azkc1jbjmay5swdikicvqgjzz80qwxlk8i932rkih1snjs"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/a2439d839c103c029294042b5b3d4a065e5073d0.patch"; sha256 = "1vga1vj3b0zgyla8qfjgwgxgrcffmvzrhhk75rlfd0x42xjfj011"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/292226fcc7af3e6d5e3b1587459146042fb8a2cf.patch"; sha256 = "1k0mfw9gzqzpn449rk2jd9db6py470q95r1kb4yi6vh2slg52img"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b53d373e700628a5126a49a8a73028cb553e5083.patch"; sha256 = "1lrwlymaa5wrv6lgns6ciadlg8hbkq16g9y0bnf9mwxkmm2bkf7j"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5e036b1a0c501beec312c2aa362b265a84a09076.patch"; sha256 = "182xyd069fzpf3gql9kjj1707kfm3ziwav7p2px5c3p6rz06fmfc"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/d51dcd5c602d78fadc4cc8f83b851264c4ac18db.patch"; sha256 = "0lbk2b08pv593gng4h32jw6cbgfq524y510p4gv5cnv8l7w7p3ra"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b3b601dd3a6d35779385b716a898e43071f802e5.patch"; sha256 = "176w6k0fbawm9svhfdh3yh1s4dmnk6gjvafwhv79dsqy2c0n88w8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5c34bb1e195fbbcaccf42a04f56e8d035d0864bb.patch"; sha256 = "09b9f3bh80jxpj0rry19s0c6j01636lc66xmyrsin8ajga26d77x"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/27a37c0495193fcfef1787086821c57f20b759bc.patch"; sha256 = "1kwll337nayzr0yv5pl7h6m85fyf227l501xa7ph44d2p7z2kjl0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/acb101c5f99c54d083427b2a07f8a9610a468bef.patch"; sha256 = "0qav04ld4h6mq081fff50gr2354kmcplya9bfdxyp35mw3m3h1g0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/479c1ae8a93f901a5898e2ed204b931c68de63fd.patch"; sha256 = "1w6wf0p5480qny69wkvsjdydz2xhax0ifgshsp5hp5mwpliqvgnq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/ddb788db4d8b352742a6efcc8559f4c32c38925c.patch"; sha256 = "1djrn683p5q7wkd9j8lrmfvjj43pkgg0njp7gs7lb51fm9fq4khk"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/0080918c3a50cad588fba468fb7934c80777aa07.patch"; sha256 = "09iyrybgw1y9mqaw2fz3yv32hjxnh58gqpv6fd5ws16n26qr4yc8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5afa85f867c29153afc1b801a31f55cd3021f3a6.patch"; sha256 = "0azzj4vnkc4l6bxkwav3xjbm78zlprqf54lfq31n2nlbv59rhmmg"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8f64d6bcf306fa5b5de66fdee2458cb584a78b2e.patch"; sha256 = "1w1yccwr487nm4zi0prgjzqaxasvfxnfl81a7xhgza69ahslc8f4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/aa4d816546e1bf38077df0b2ca367abc5ff6601c.patch"; sha256 = "1vx6dc6xrpb3zlg7sr1gimfa918p3flcyixnfy9xb2k1y6qjlmh8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8baebef8be9691a28f8efa284dfce9a5b9395130.patch"; sha256 = "1kk6d3g3silsjbjz6ckhvi9jvmcw1pxswp20xz9krdcmnagp65fl"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f542d93ac2d5c4b6458599494f90bd4021d34b2c.patch"; sha256 = "1xzdylb4bbrbi0is50yyc6a3zg6mdhcjwzi0hxar2vr1zdz82v4h"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e84f55d8a9d849eac51f73c47cdb90eb7dbac90f.patch"; sha256 = "1fz70l7qwsqh81a3bdw7parn2s9y59c38xlpcm2gc53ka1mfkml5"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/643d555335b4c0dc228111a74cfa5189e17616df.patch"; sha256 = "05svkfpla9la94dz8vlis7kwq8sa32zvbdgydq3wnz979s91k8aq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/c8bd3a53671c48ccf642bbc6453fdb0274022bad.patch"; sha256 = "0j8faqv066vwy41m0wqk3qlwrj1va6dndkrq5avlqqrqkm2hkabv"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/1066dd8203fdb05902b963968e8a29292dc1f2a8.patch"; sha256 = "0w08x9658c4j63lmjdg7ahpcgxnz661fcmfzv6sgqp6208jp6x2a"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e4e39588f8b46db104817795a703b1f701da9c36.patch"; sha256 = "0drdi61f0dnf3ya63is6sq8mky13kkqkb36lqk4plspckg6jx8ik"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/7ec0cb44173dd1a5357a66afa7f3b5de956df7ee.patch"; sha256 = "1ll2clz0x7znn9d3rvijfl72647lnj3f3j7acbmp5aqhd766f1ib"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/171fd53717525f0f6dc56e90e6f38a9038c5c779.patch"; sha256 = "0vv8z9rcbyf3ynm46974ajff1i7mpbvh68pw19wpvnj8lvyyf8mb"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/140267c1c11d90f4889e57ae6d58280b261081c0.patch"; sha256 = "1wsy7w5bl3hyqr3rf54xzi9akz2ccn1cqzjy6d17p6nywsd0s9cf"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/94b6bcb0b87d896e764615f9c1601ac270300ce8.patch"; sha256 = "137fjvnr4i3z4b14x945zhxgfpl5xagcqr2nl08b1xc5j2pniqx0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5760547fa8739f1185b4b2523fb801fd678cfbde.patch"; sha256 = "03asnrwini33xfc8aq2arfazvyn8c1qfxzinmq6h4pr5vlfincry"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3b1edb31f3ac2f55d62968f2fd7d9b5d430cd3ec.patch"; sha256 = "0azsmjzjh1b407vqzp597l11h367qac82bffmy1kyhh4qv3i7a84"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3e33bc702048b524d4faaa7d8f151bfe4a48fd2b.patch"; sha256 = "0playww4l3b0w2q0wkydqfvdj7bcr3faw94hbmnqxqs26fm8yam3"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f41b3e9a9d7f22bef0735b4fe0007321ce6b6d6b.patch"; sha256 = "02ppav6iwg8f00458r1rah0yj2khvayhr5xadh2pw33jlgp9i7im"; })
];
/*boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
version = "6.6.0-rc1"; version = "6.6.0-rc1";
kernelPatches = [ ]; kernelPatches = [ ];
src = pkgs.fetchFromGitLab { src = pkgs.fetchFromGitLab {
@ -18,7 +54,7 @@
rev = "f04271158aee35d270748301c5077231a75bc589"; rev = "f04271158aee35d270748301c5077231a75bc589";
hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc="; hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc=";
}; };
}); });*/
boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ]; boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ];
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;

View file

@ -282,6 +282,7 @@ in {
]; ];
router-settings.dhcp6Reservations = [ router-settings.dhcp6Reservations = [
{ ipAddress = serverAddress6; { ipAddress = serverAddress6;
duid = cfg.serverDuid;
macAddress = cfg.serverMac; } macAddress = cfg.serverMac; }
{ ipAddress = vacuumAddress6; { ipAddress = vacuumAddress6;
macAddress = cfg.vacuumMac; } macAddress = cfg.vacuumMac; }
@ -434,11 +435,11 @@ in {
gateways = [ netAddresses.lan6 ]; gateways = [ netAddresses.lan6 ];
radvdSettings.AdvAutonomous = true; radvdSettings.AdvAutonomous = true;
coreradSettings.autonomous = true; coreradSettings.autonomous = true;
# don't autoallocate addresses, keep autonomous ones # don't allocate addresses for most devices
keaSettings.pools = [ ]; keaSettings.pools = [ ];
# just assign the reservations # just assign the reservations
keaSettings.reservations = map (res: { keaSettings.reservations = map (res:
hw-address = res.macAddress; (if res.duid != null then { duid = res.duid; } else { hw-address = res.macAddress; }) // {
ip-addresses = [ res.ipAddress ]; ip-addresses = [ res.ipAddress ];
}) cfg.dhcp6Reservations; }) cfg.dhcp6Reservations;
}); });
@ -904,6 +905,9 @@ in {
extraOptions = "-i ${netAddresses.lan4} -p 6969 -P 6969 -p 80"; extraOptions = "-i ${netAddresses.lan4} -p 6969 -P 6969 -p 80";
}; };
# I only have 2GB RAM, so Unbound is killed during peak system load without this option
zramSwap.enable = true;
impermanence.directories = [ impermanence.directories = [
# for wireguard key # for wireguard key
{ directory = /secrets; mode = "0000"; } { directory = /secrets; mode = "0000"; }

View file

@ -52,7 +52,7 @@ in {
in { in {
ipv4.kea.settings = { ipv4.kea.settings = {
control-socket = { control-socket = {
socket-name = "/run/kea/kea-dhcp4-ctrl.sock"; socket-name = "/run/kea4-br0/kea.sock";
socket-type = "unix"; socket-type = "unix";
}; };
loggers = lib.toList { loggers = lib.toList {
@ -67,7 +67,7 @@ in {
}; };
ipv6.kea.settings = { ipv6.kea.settings = {
control-socket = { control-socket = {
socket-name = "/run/kea/kea-dhcp6-ctrl.sock"; socket-name = "/run/kea6-br0/kea.sock";
socket-type = "unix"; socket-type = "unix";
}; };
loggers = lib.toList { loggers = lib.toList {

View file

@ -13,6 +13,11 @@
description = "server's mac address"; description = "server's mac address";
type = lib.types.str; type = lib.types.str;
}; };
serverDuid = lib.mkOption {
description = "server's duid";
type = with lib.types; nullOr str;
default = null;
};
serverInitrdMac = lib.mkOption { serverInitrdMac = lib.mkOption {
description = "server's mac address in initrd"; description = "server's mac address in initrd";
type = lib.types.str; type = lib.types.str;
@ -92,9 +97,15 @@
description = "device's ip address"; description = "device's ip address";
}; };
options.macAddress = lib.mkOption { options.macAddress = lib.mkOption {
type = lib.types.str; type = with lib.types; nullOr str;
default = null;
description = "device's mac address"; description = "device's mac address";
}; };
options.duid = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = "device's duid";
};
}); });
}; };
dnatRules = lib.mkOption { dnatRules = lib.mkOption {

View file

@ -0,0 +1,84 @@
{ config
, pkgs
, ... }:
let
cfg = config.server;
in {
# TODO: remove this in 2024
services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
quic = true;
enableACME = true;
addSSL = true;
serverAliases = [ "akkoma.${cfg.domainName}" ];
locations."/".return = "301 https://fedi.${cfg.domainName}$request_uri";
};
services.postgresql.extraPlugins = with config.services.postgresql.package.pkgs; [ tsja ];
services.akkoma = let
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw;
in {
enable = true;
dist.extraFlags = [
"+sbwt" "none"
"+sbwtdcpu" "none"
"+sbwtdio" "none"
];
config.":pleroma"."Pleroma.Web.Endpoint" = {
url = {
scheme = "https";
host = "fedi.${cfg.domainName}";
port = 443;
};
secret_key_base._secret = "/secrets/akkoma/secret_key_base";
signing_salt._secret = "/secrets/akkoma/signing_salt";
live_view.signing_salt._secret = "/secrets/akkoma/live_view_signing_salt";
};
initDb = {
enable = false;
username = "akkoma";
password._secret = "/secrets/akkoma/postgres_password";
};
config.":pleroma".":instance" = {
name = cfg.domainName;
description = "Insert instance description here";
email = "webmaster-akkoma@${cfg.domainName}";
notify_email = "noreply@${cfg.domainName}";
limit = 5000;
registrations_open = true;
account_approval_required = true;
};
config.":pleroma"."Pleroma.Repo" = {
adapter = mkRaw "Ecto.Adapters.Postgres";
username = "akkoma";
password._secret = "/secrets/akkoma/postgres_password";
database = "akkoma";
hostname = "localhost";
prepare = mkRaw ":named";
parameters.plan_cache_mode = "force_custom_plan";
timeout = 30000;
connect_timeout = 10000;
};
config.":web_push_encryption".":vapid_details" = {
subject = "mailto:webmaster-akkoma@${cfg.domainName}";
public_key._secret = "/secrets/akkoma/push_public_key";
private_key._secret = "/secrets/akkoma/push_private_key";
};
config.":joken".":default_signer"._secret = "/secrets/akkoma/joken_signer";
# config.":logger".":ex_syslogger".level = ":debug";
nginx = {
quic = true;
enableACME = true;
forceSSL = true;
};
};
systemd.services.akkoma = {
path = [ pkgs.exiftool pkgs.gawk ];
serviceConfig.Restart = "on-failure";
unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 3;
};
};
}

View file

@ -0,0 +1,44 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
security.acme.certs = lib.flip builtins.mapAttrs (lib.filterAttrs (k: v: v.enableACME) config.services.nginx.virtualHosts) (k: v: {
postRun = let
python = pkgs.python3.withPackages (p: with p; [ cryptography pyasn1 pyasn1-modules ]);
tbs-hash = pkgs.writeScript "tbs-hash.py" ''
#!${python}/bin/python3
import hashlib
from pyasn1.codec.der.decoder import decode
from pyasn1.codec.der.encoder import encode
from pyasn1_modules import rfc5280
from cryptography import x509
with open('full.pem', 'rb') as f:
cert = x509.load_pem_x509_certificate(f.read())
tbs, _leftover = decode(cert.tbs_certificate_bytes, asn1Spec=rfc5280.TBSCertificate())
precert_exts = [v.dotted_string for k, v in x509.ExtensionOID.__dict__.items() if k.startswith('PRECERT_')]
exts = [ext for ext in tbs["extensions"] if str(ext["extnID"]) not in precert_exts]
tbs["extensions"].clear()
tbs["extensions"].extend(exts)
print(hashlib.sha256(encode(tbs)).hexdigest())
'';
in ''
${tbs-hash} > "/var/lib/certspotter/tbs-hashes/${k}"
'';
});
services.certspotter = {
enable = true;
extraFlags = [ ];
watchlist = [ ".pavluk.org" ];
hooks = lib.toList (pkgs.writeShellScript "certspotter-hook" ''
if [[ "$EVENT" == discovered_cert ]]; then
${pkgs.gnugrep}/bin/grep -r "$TBS_SHA256" /var/lib/certspotter/tbs-hashes/ && exit
fi
(echo "Subject: $SUMMARY" && echo && cat "$TEXT_FILENAME") | /run/wrappers/bin/sendmail -i webmaster-certspotter@${cfg.domainName}
'');
};
}

View file

@ -6,7 +6,7 @@
let let
cfg = config.server; cfg = config.server;
hosted-domains = hostedDomains =
builtins.concatLists builtins.concatLists
(builtins.attrValues (builtins.attrValues
(builtins.mapAttrs (builtins.mapAttrs
@ -15,12 +15,16 @@ let
in { in {
imports = [ imports = [
./options.nix ./options.nix
./matrix.nix ./akkoma.nix
./certspotter.nix
./fdroid.nix ./fdroid.nix
./mumble.nix ./files.nix
./mailserver.nix
./home.nix ./home.nix
./keycloak.nix ./keycloak.nix
./mailserver.nix
./matrix.nix
./mumble.nix
./searxng.nix
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
@ -77,8 +81,8 @@ in {
}; };
}; };
# just in case # just in case
networking.hosts."127.0.0.1" = hosted-domains; networking.hosts."127.0.0.1" = hostedDomains;
networking.hosts."::1" = hosted-domains; networking.hosts."::1" = hostedDomains;
services.postgresql.enable = true; services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_13; services.postgresql.package = pkgs.postgresql_13;
@ -96,56 +100,6 @@ in {
''; '';
}; };
# SEARXNG
services.searx.enable = true;
services.searx.package = pkgs.searxng;
services.searx.runInUwsgi = true;
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
};
services.searx.environmentFile = /var/lib/searx/searx.env;
services.searx.settings = {
use_default_settings = true;
search = {
safe_search = 0;
autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
};
server = {
port = 8888;
bind_address = "::1";
secret_key = "@SEARX_SECRET_KEY@";
base_url = "https://search.${cfg.domainName}/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
outgoing = {
request_timeout = 5.0; # default timeout in seconds, can be override by engine
max_request_timeout = 15.0; # the maximum timeout in seconds
pool_connections = 100; # Maximum number of allowable connections, or null
pool_maxsize = 10; # Number of allowable keep-alive connections, or null
enable_http2 = true; # See https://www.python-httpx.org/http2/
};
};
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
# locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
locations."/".extraConfig = ''
uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
include ${config.services.nginx.package}/conf/uwsgi_params;
'';
};
# NGINX # NGINX
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.enableReload = true; services.nginx.enableReload = true;
@ -211,129 +165,6 @@ in {
}; };
}; };
# GITEA
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.gitea) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
};
services.gitea = {
enable = true;
database = {
createDatabase = false;
passwordFile = "/var/lib/gitea/db_password";
type = "postgres";
};
settings = {
mailer = {
ENABLED = true;
FROM = "Gitea <noreply@${cfg.domainName}>";
MAILER_TYPE = "smtp";
HOST = "mail.${cfg.domainName}:587";
USER = "noreply@${cfg.domainName}";
PASSWD = cfg.unhashedNoreplyPassword;
SKIP_VERIFY = true;
};
session = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.${cfg.domainName}";
HTTP_ADDR = "::1";
HTTP_PORT = 3310;
DOMAIN = "git.${cfg.domainName}";
# START_SSH_SERVER = true;
# SSH_PORT = 2222;
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
};
};
# NEXTCLOUD
services.nginx.virtualHosts."cloud.${cfg.domainName}" = {
quic = true;
enableACME = true;
forceSSL = true;
};
services.nextcloud = {
enable = true;
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line
database.createLocally = false;
config = {
adminpassFile = "/var/lib/nextcloud/admin_password";
dbpassFile = "/var/lib/nextcloud/db_password";
dbtype = "pgsql";
dbhost = "/run/postgresql";
overwriteProtocol = "https";
};
hostName = "cloud.${cfg.domainName}";
https = true;
};
services.akkoma = {
enable = true;
config.":pleroma"."Pleroma.Web.Endpoint" = {
url = {
scheme = "https";
host = "pleroma.${cfg.domainName}";
port = 443;
};
secret_key_base._secret = "/secrets/akkoma/secret_key_base";
signing_salt._secret = "/secrets/akkoma/signing_salt";
live_view.signing_salt._secret = "/secrets/akkoma/live_view_signing_salt";
};
extraStatic."static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
no bigotry kthx
'';
initDb = {
enable = false;
username = "pleroma";
password._secret = "/secrets/akkoma/postgres_password";
};
config.":pleroma".":instance" = {
name = cfg.domainName;
description = "Insert instance description here";
email = "webmaster-akkoma@${cfg.domainName}";
notify_email = "noreply@${cfg.domainName}";
limit = 5000;
registrations_open = true;
};
config.":pleroma"."Pleroma.Repo" = {
adapter = (pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
username = "pleroma";
password._secret = "/secrets/akkoma/postgres_password";
database = "pleroma";
hostname = "localhost";
};
config.":web_push_encryption".":vapid_details" = {
subject = "mailto:webmaster-akkoma@${cfg.domainName}";
public_key._secret = "/secrets/akkoma/push_public_key";
private_key._secret = "/secrets/akkoma/push_private_key";
};
config.":joken".":default_signer"._secret = "/secrets/akkoma/joken_signer";
nginx = {
serverAliases = [ "akkoma.${cfg.domainName}" ];
quic = true;
enableACME = true;
forceSSL = true;
};
};
systemd.services.akkoma.path = [ pkgs.exiftool pkgs.gawk ];
systemd.services.akkoma.serviceConfig = {
Restart = "on-failure";
};
systemd.services.akkoma.unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 3;
};
/*locations."/dns-query".extraConfig = '' /*locations."/dns-query".extraConfig = ''
grpc_pass grpc://127.0.0.1:53453; grpc_pass grpc://127.0.0.1:53453;
'';*/ '';*/

View file

@ -0,0 +1,82 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.forgejo) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
};
services.forgejo = {
enable = true;
database = {
createDatabase = false;
type = "postgres";
user = "gitea";
name = "gitea";
passwordFile = "/secrets/forgejo_db_password";
};
lfs.enable = true;
settings = {
federation.ENABLED = true;
"git.timeout" = {
DEFAULT = 6000;
MIGRATE = 60000;
MIRROR = 60000;
GC = 120;
};
mailer = {
ENABLED = true;
FROM = "Forgejo <noreply@${cfg.domainName}>";
PROTOCOL = "smtp";
SMTP_ADDR = "mail.${cfg.domainName}";
SMTP_PORT = 587;
USER = "noreply@${cfg.domainName}";
PASSWD = cfg.unhashedNoreplyPassword;
FORCE_TRUST_SERVER_CERT = true;
};
session = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.${cfg.domainName}";
HTTP_ADDR = "::1";
HTTP_PORT = 3310;
DOMAIN = "git.${cfg.domainName}";
# START_SSH_SERVER = true;
# SSH_PORT = 2222;
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
};
};
services.nginx.virtualHosts."cloud.${cfg.domainName}" = {
quic = true;
enableACME = true;
forceSSL = true;
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line
database.createLocally = false;
config = {
adminpassFile = "/var/lib/nextcloud/admin_password";
dbpassFile = "/var/lib/nextcloud/db_password";
dbtype = "pgsql";
dbhost = "/run/postgresql";
overwriteProtocol = "https";
};
hostName = "cloud.${cfg.domainName}";
https = true;
};
}

View file

@ -61,9 +61,7 @@ in {
translate translate
rss rss
]; ];
services.maubot.pythonPackages = [ services.maubot.pythonPackages = (with pkgs.python3.pkgs; [
(pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })
] ++ (with pkgs.python3.pkgs; [
levenshtein levenshtein
]); ]);
} }

View file

@ -23,7 +23,7 @@ in {
# Allow murmur to read the certificate # Allow murmur to read the certificate
security.acme.certs."mumble.${cfg.domainName}" = { security.acme.certs."mumble.${cfg.domainName}" = {
group = "nginxandmurmur"; group = "nginxandmurmur";
postRun = "systemctl try-reload-or-restart murmur"; reloadServices = [ "murmur" ];
}; };
users.groups.nginxandmurmur.members = [ "murmur" "nginx" ]; users.groups.nginxandmurmur.members = [ "murmur" "nginx" ];

View file

@ -57,10 +57,6 @@
description = "unhashed noreply password for internal access only. \ description = "unhashed noreply password for internal access only. \
This should be different from the password that is hashed for better security"; This should be different from the password that is hashed for better security";
}; };
pizzabotMagic = mkOption {
type = types.str;
default = "<PIZZABOT_MAGIC_SEP>";
};
}; };
}; };
description = "server settings"; description = "server settings";

View file

@ -0,0 +1,57 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
# locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
locations."/".extraConfig = ''
uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
include ${config.services.nginx.package}/conf/uwsgi_params;
'';
};
services.searx.enable = true;
services.searx.package = pkgs.searxng;
services.searx.runInUwsgi = true;
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
};
services.searx.environmentFile = /var/lib/searx/searx.env;
services.searx.settings = {
use_default_settings = true;
search = {
safe_search = 0;
autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
};
server = {
port = 8888;
bind_address = "::1";
secret_key = "@SEARX_SECRET_KEY@";
base_url = "https://search.${cfg.domainName}/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
outgoing = {
request_timeout = 5.0; # default timeout in seconds, can be override by engine
max_request_timeout = 15.0; # the maximum timeout in seconds
pool_connections = 100; # Maximum number of allowable connections, or null
pool_maxsize = 10; # Number of allowable keep-alive connections, or null
enable_http2 = true; # See https://www.python-httpx.org/http2/
};
};
}

View file

@ -93,6 +93,7 @@ in {
# ISO-8601 # ISO-8601
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8"; i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
environment.systemPackages = with pkgs; ([ environment.systemPackages = with pkgs; ([
bottom
wget wget
git git
tmux tmux

View file

@ -75,6 +75,8 @@ in {
{ directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; } { directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; }
] ++ lib.optionals config.services.gitea.enable [ ] ++ lib.optionals config.services.gitea.enable [
{ directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; } { directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; }
] ++ lib.optionals config.services.forgejo.enable [
{ directory = /var/lib/forgejo; user = "forgejo"; group = "forgejo"; mode = "0755"; }
] ++ lib.optionals config.services.matrix-synapse.enable [ ] ++ lib.optionals config.services.matrix-synapse.enable [
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; } { directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
] ++ lib.optionals config.services.heisenbridge.enable [ ] ++ lib.optionals config.services.heisenbridge.enable [

View file

@ -5,19 +5,13 @@
let let
cfg = config.services.scanservjs; cfg = config.services.scanservjs;
/*
substituteInPlace src/classes/config.js \
--replace '/usr/bin/scanimage' '${sane-backends}/bin/scanimage' \
--replace '/usr/bin/convert' '${imagemagick}/bin/convert' \
--replace '/usr/bin/tesseract' '${tesseract}/bin/tesseract'
*/
settings = { settings = {
scanimage = "${pkgs.sane-backends}/bin/scanimage"; scanimage = "${pkgs.sane-backends}/bin/scanimage";
convert = "${pkgs.imagemagick}/bin/convert"; convert = "${pkgs.imagemagick}/bin/convert";
tesseract = "${pkgs.tesseract}/bin/tesseract"; tesseract = "${pkgs.tesseract}/bin/tesseract";
# it defaults to config/devices.json, but "config" dir doesn't exist and scanservjs doesn't create it
devicesPath = "devices.json";
} // cfg.settings; } // cfg.settings;
settingsFormat = pkgs.formats.json { }; settingsFormat = pkgs.formats.json { };
leafs = attrs: leafs = attrs:
@ -58,7 +52,7 @@ let
}, },
actions: [ actions: [
${builtins.concatStringsSep ",\n" cfg.extraActions} ${builtins.concatStringsSep ",\n" (map (x: "(${x})") cfg.extraActions)}
], ],
}; };
''; '';
@ -119,6 +113,7 @@ in {
description = "Actions to add to config.local.js's `actions`"; description = "Actions to add to config.local.js's `actions`";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
hardware.sane.enable = true; hardware.sane.enable = true;
users.users.scanservjs = { users.users.scanservjs = {
@ -126,7 +121,7 @@ in {
extraGroups = [ "scanner" "lp" ]; extraGroups = [ "scanner" "lp" ];
home = cfg.stateDir; home = cfg.stateDir;
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = lib.mkIf (cfg.stateDir != "/var/lib/scanservjs") true;
}; };
users.groups.scanservjs = { }; users.groups.scanservjs = { };
@ -136,14 +131,14 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# yes, those paths are configurable, but the config option isn't always used... # yes, those paths are configurable, but the config option isn't always used...
path = with pkgs; [ coreutils sane-backends imagemagick tesseract ]; path = with pkgs; [ coreutils sane-backends imagemagick tesseract ];
environment.NIX_SCANSERVJS_CONFIG_PATH = configFile;
environment.SANE_CONFIG_DIR = "/etc/sane-config"; environment.SANE_CONFIG_DIR = "/etc/sane-config";
environment.LD_LIBRARY_PATH = "/etc/sane-libs"; environment.LD_LIBRARY_PATH = "/etc/sane-libs";
serviceConfig = { serviceConfig = {
ExecStart = "${package}/bin/scanservjs"; ExecStart = "${package}/bin/scanservjs --config ${configFile}";
Restart = "always"; Restart = "always";
User = "scanservjs"; User = "scanservjs";
Group = "scanservjs"; Group = "scanservjs";
StateDirectory = lib.mkIf (cfg.stateDir == "/var/lib/scanservjs") "scanservjs";
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
}; };
}; };

View file

@ -7,9 +7,9 @@ mozilla-addons-to-nix \
./pkgs/firefox-addons/addons.json \ ./pkgs/firefox-addons/addons.json \
./pkgs/firefox-addons/generated.nix || echo "failed to update firefox addons" ./pkgs/firefox-addons/generated.nix || echo "failed to update firefox addons"
nix flake update nix flake update
if [ -z ${SUDO_ASKPASS+x} ]; then #if [ -z ${SUDO_ASKPASS+x} ]; then
sudo nixos-rebuild switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix" # sudo nixos-rebuild switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix"
else #else
sudo -A nixos-rebuild switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix" # sudo -A nixos-rebuild switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix"
fi #fi
home-manager switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix" #home-manager switch --flake . --option extra-builtins-file "$(pwd)/extra-builtins.nix"