Compare commits

..

1 commit

Author SHA1 Message Date
chayleaf 4d6acdbb41 change update script for ci branch 2023-10-19 12:20:16 +07:00
41 changed files with 2064 additions and 767 deletions

11
COPYING
View file

@ -1,10 +1 @@
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
public domain/0BSD

View file

@ -69,11 +69,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github"
},
"original": {
@ -107,11 +107,11 @@
]
},
"locked": {
"lastModified": 1700419052,
"narHash": "sha256-U6a5f9ynbzcp8PMIHULbHPkbwp7YfPKOYmTcLqlalD4=",
"lastModified": 1696446489,
"narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "993fb02d20760067b8ee19c713d94cee07037759",
"rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a",
"type": "github"
},
"original": {
@ -122,11 +122,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1697303681,
"narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github"
},
"original": {
@ -143,11 +143,11 @@
]
},
"locked": {
"lastModified": 1700512623,
"narHash": "sha256-UpIxPW8Y5RauHugB9GRXge77vEs77RycZEDhh41V6Lc=",
"lastModified": 1697331506,
"narHash": "sha256-N6RD9EudU+i7SJO3z3S309XQRhp81iqaN9G9sxRtVts=",
"owner": "chayleaf",
"repo": "maubot.nix",
"rev": "efe241fe720dfc9799348e5b12e7d55facd4bafa",
"rev": "cf32a2873523c80cebdd1ee409c45593040944b8",
"type": "github"
},
"original": {
@ -181,11 +181,11 @@
]
},
"locked": {
"lastModified": 1700468447,
"narHash": "sha256-CGCewYuVPnlyC6cFHNrYVEx5BwFPZuEUA466odTS8wQ=",
"lastModified": 1696468271,
"narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "cd4ca3d39babd063f36b6a46b31bf9a1be2ee7cc",
"rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae",
"type": "github"
},
"original": {
@ -196,11 +196,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1700392353,
"narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=",
"lastModified": 1696614066,
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2b00bc76dc893cd996a3d76a2f059d657a5ef37a",
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
"type": "github"
},
"original": {
@ -225,11 +225,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1700085753,
"narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
"lastModified": 1689976554,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
"type": "gitlab"
},
"original": {
@ -245,11 +245,11 @@
]
},
"locked": {
"lastModified": 1698842376,
"narHash": "sha256-bQN00rn8GFwUt1uX8gPuhjdWo3Ev4z+wRcD/ziKUcRQ=",
"lastModified": 1696627040,
"narHash": "sha256-HOG11+J/akMF/egPoVcVSk4nhFFQOuCl1K8pWjdZIL0=",
"owner": "chayleaf",
"repo": "nixos-router",
"rev": "e91a680d9e643208d818aafd15523ce2e387be2d",
"rev": "fd1c895481286b80759b128b082c7a4cc132614a",
"type": "github"
},
"original": {
@ -260,16 +260,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1700509298,
"narHash": "sha256-I2BUpeOm77z+QpUPikxzjNw6bfLQ7ytN9TIUULv8y5Q=",
"lastModified": 1696375444,
"narHash": "sha256-Sv0ICt/pXfpnFhTGYTsX6lUr1SljnuXWejYTI2ZqHa4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "929e4c17a6016102ce8c0e8888fee06f8e62973e",
"rev": "81e8f48ebdecf07aab321182011b067aafc78896",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-23.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -277,11 +277,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1698611440,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"lastModified": 1693471703,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github"
},
"original": {
@ -292,6 +292,22 @@
"type": "github"
}
},
"nixpkgs2": {
"locked": {
"lastModified": 1696696817,
"narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"notlua": {
"inputs": {
"nixpkgs": [
@ -299,11 +315,11 @@
]
},
"locked": {
"lastModified": 1697413333,
"narHash": "sha256-2nmu/+QhR/VhxFFr54l0Ok/yVhLCrrYVuTgeD4LHEhE=",
"lastModified": 1691609126,
"narHash": "sha256-InbGoENdL8LNT/09pl7AW5uv2ZSDburqr5LgvkJDfj0=",
"owner": "chayleaf",
"repo": "notlua",
"rev": "ef7cdb7a883fe87238c9fff13bc14ad1fd06f4ba",
"rev": "0e972a0d23f2faa511b9a3f6d445204e18cd5020",
"type": "github"
},
"original": {
@ -319,11 +335,11 @@
]
},
"locked": {
"lastModified": 1700483422,
"narHash": "sha256-ni6niOmObnG9EVGtaeT1I7ULz5+EkEewGTJVeFuWNuc=",
"lastModified": 1691616520,
"narHash": "sha256-loZuL2YnMNwgH5GEZfXgXZadvo5P3Sp+YZSf9L3Wpu8=",
"owner": "chayleaf",
"repo": "notnft",
"rev": "b3e6a023a13a81d70a6a30997e2f1aaf36feafb3",
"rev": "118e25deeb741ba7963931212f02c96c50898578",
"type": "github"
},
"original": {
@ -334,11 +350,11 @@
},
"nur": {
"locked": {
"lastModified": 1700512041,
"narHash": "sha256-fAl29aDdOj4AjORaEh85hS0GkCCfjFFCymuOfF4P+Ek=",
"lastModified": 1696624462,
"narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=",
"owner": "nix-community",
"repo": "NUR",
"rev": "4486267d862ccc8fbbac6c112ccf1f0595cfbd74",
"rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1",
"type": "github"
},
"original": {
@ -359,6 +375,7 @@
"nixos-mailserver": "nixos-mailserver",
"nixos-router": "nixos-router",
"nixpkgs": "nixpkgs",
"nixpkgs2": "nixpkgs2",
"notlua": "notlua",
"notnft": "notnft",
"nur": "nur",
@ -373,11 +390,11 @@
]
},
"locked": {
"lastModified": 1700446608,
"narHash": "sha256-q/87GqBvQoUNBYiI3hwhsDqfyfk972RuZK+EwKab5s0=",
"lastModified": 1696558324,
"narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e17bfe3baa0487f0671c9ed0e9057d10987ba7f7",
"rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b",
"type": "github"
},
"original": {

View file

@ -3,8 +3,9 @@
inputs = {
#nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/release-23.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs2.url = "github:nixos/nixpkgs/master";
# nixpkgs.url = "github:chayleaf/nixpkgs/ccache2";
nixos-hardware.url = "github:NixOS/nixos-hardware";
mobile-nixos = {
# url = "github:NixOS/mobile-nixos";
@ -58,6 +59,7 @@
outputs = inputs@
{ self
, nixpkgs
, nixpkgs2
, nixos-hardware
, mobile-nixos
, impermanence
@ -98,7 +100,7 @@
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
};
# can't use callPackage ./pkgs here, idk why; use import instead
overlay' = args: self: super: import ./pkgs ({
overlay = self: super: import ./pkgs {
pkgs = super;
pkgs' = self;
lib = super.lib;
@ -107,17 +109,16 @@
nurpkgs = super;
};
nix-gaming = nix-gaming.packages.${super.system};
} // args);
overlay = overlay' { };
};
# I override some settings down the line, but overlays always stay the same
mkPkgs = config: import nixpkgs (config // {
overlays = config.overlays or [ ] ++ [ overlay ];
overlays = (config.overlays or [ ]) ++ [ overlay ];
});
# this is actual config, it gets processed below
config = let
mkBpiR3 = args: config: config // {
system = "aarch64-linux";
modules = config.modules or [ ] ++ [ (import ./system/devices/bpi-r3-router.nix args) ];
modules = (config.modules or [ ]) ++ [ (import ./system/devices/bpi-r3-router.nix args) ];
};
routerConfig = rec {
system = "aarch64-linux";
@ -169,6 +170,7 @@
notlua = notlua.lib.${system};
};
home.user = [
{ _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; }
nur.nixosModules.nur
./home/hosts/nixmsi.nix
];
@ -301,7 +303,7 @@
packages = lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
] (system: let self = overlay ((mkPkgs { inherit system; }) // self) (import nixpkgs { inherit system; }); in self);
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-emmc) config;

View file

@ -13,7 +13,7 @@
cfg.enableKeePassXC = true;
};
profiles.chayleaf = {
extensions = (with config.nur.repos.rycee.firefox-addons; [
extensions = with config.nur.repos.rycee.firefox-addons; [
cookies-txt
don-t-fuck-with-paste
greasemonkey
@ -32,7 +32,7 @@
unpaywall
vimium-c
youtube-shorts-block
]) ++ (with pkgs.firefoxAddons; [
] ++ (with pkgs.firefox-addons; [
fastforwardteam
middle-mouse-button-scroll
rikaitan

View file

@ -60,7 +60,8 @@
set argv[1] fish
${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv
else if test $argv[1] = develop
command nix $argv --command fish
set argv[1] fish
command nix develop --command $argv
else
command nix $argv
end
@ -76,7 +77,8 @@
set argv[1] fish
PATH="${nom-compat}/bin:$PATH" ${pkgs.any-nix-shell}/bin/.any-nix-wrapper $argv
else if test $argv[1] = develop
command nom $argv --command fish
set argv[1] fish
command nom develop --command $argv
else if test $argv[1] = build
command nom $argv
else

View file

@ -83,6 +83,11 @@
};
};
};
neomutt = {
enable = true;
sidebar.enable = true;
vimKeys = true;
};
home-manager.enable = true;
# i only use this as a login shell
bash = {
@ -97,16 +102,11 @@
package = pkgs.gitAndTools.gitFull;
delta.enable = true;
extraConfig = {
commit.gpgsign = true;
# disable the atrocious gui password prompt
core.askPass = "";
# ...and prefer getting passwords from libsecret (and storing them there)
credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret";
init.defaultBranch = "master";
# no need for git pust -u origin <branch>
push.autoSetupRemote = true;
# allow different upstream branch name
push.default = "upstream";
};
lfs.enable = true;
};
@ -155,33 +155,7 @@
# (because I use nix plugins and plugins are nix version-specific)
package = pkgs.nix-index-unwrapped;
};
#neomutt = {
# enable = true;
# sidebar.enable = true;
# vimKeys = true;
#};
alot = {
enable = true;
settings = {
handle_mouse = true;
initial_command = "search tag:inbox AND NOT tag:killed";
prefer_plaintext = true;
};
};
msmtp.enable = true;
notmuch = {
enable = true;
hooks.preNew = ''
${config.services.mbsync.package}/bin/mbsync --all || ${pkgs.coreutils}/bin/true
'';
};
mbsync.enable = true;
};
#services.mbsync.enable = true;
# TODO: see https://github.com/pazz/alot/issues/1632
home.file.".mailcap".text = ''
text/html; ${pkgs.w3m}/bin/w3m -dump -o document_charset=%{charset} -o display_link_number=1 '%s'; nametemplate=%s.html; copiousoutput
'';
systemd.user.timers.nix-index = {
Install.WantedBy = [ "timers.target" ];

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, pkgs2, lib, ... }:
{
imports = [ ./terminal.nix ];
i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in {
@ -178,17 +178,10 @@
input-default-bindings = false;
};
# profiles = { };
package = pkgs.wrapMpv ((pkgs.mpv-unwrapped.override {
package = pkgs.wrapMpv (pkgs.mpv-unwrapped.override {
# webp support
ffmpeg_5 = pkgs.ffmpeg-custom;
}).overrideAttrs (old: {
patches = old.patches or [] ++ [
(pkgs.fetchpatch {
url = "https://github.com/mpv-player/mpv/pull/11648.patch";
hash = "sha256-rp5VxVD74dY3w5rKct1BwFbruxpHsGk8zwtkkhdJovM=";
})
];
})) {
ffmpeg_5 = pkgs.ffmpeg_5-full;
}) {
scripts = with pkgs.mpvScripts; [
thumbnail
mpris
@ -261,7 +254,7 @@
# for working with nix
nix-init
nvfetcher
pkgs2.nvfetcher
config.nur.repos.rycee.mozilla-addons-to-nix
anki-bin

View file

@ -25,6 +25,27 @@
inherit (notlua-nvim.keywords) REQ REQ';
in let
vimg = name: PROP vim.g name;
# _ is basically semicolon
_ = { __IS_SEPARATOR = true; };
splitList = sep: list:
let
ivPairs = lib.imap0 (i: x: { inherit i x; }) list;
is' = map ({ i, ... }: i) (builtins.filter ({ x, ... }: sep == x) ivPairs);
is = [ 0 ] ++ (map (x: x + 1) is');
ie = is' ++ [ (builtins.length list) ];
se = lib.zipLists is ie;
in
map ({ fst, snd }: lib.sublist fst (snd - fst) list) se;
# this transforms [ a b _ c _ d _ e f g ] into [ (a b) c d (RETURN (e f g)) ]
L = args:
let
spl = splitList _ args;
body = lib.init spl;
ret = lib.last spl;
in
(map
(list: builtins.foldl' lib.id (builtins.head list) (builtins.tail list))
body) ++ (if ret == [] then [] else [(APPLY RETURN ret)]);
keymapSetSingle = opts@{
mode,
lhs,
@ -63,6 +84,7 @@
which-key = REQ "which-key";
luasnip = REQ "luasnip";
compile' = name: stmts: compile name (L stmts);
in {
enable = true;
defaultEditor = true;
@ -92,40 +114,40 @@
vimAlias = true;
vimdiffAlias = true;
extraLuaConfig = compile "main" [
(kmSetNs {
extraLuaConfig = (compile' "main" [
kmSetNs {
"<C-X>" = {
rhs = DEFUN (vim.fn.system [ "chmod" "+x" (vim.fn.expand "%") ]);
desc = "chmod +x %";
};
})
(SET (vimg "vimsyn_embed") "l")
(LET (vim.api.nvim_create_augroup "nvimrc" { clear = true; }) (group:
} _
SET (vimg "vimsyn_embed") "l" _
LET (vim.api.nvim_create_augroup "nvimrc" { clear = true; }) (group:
lib.mapAttrsToList (k: v: vim.api.nvim_create_autocmd k { inherit group; callback = v; }) {
BufReadPre = DEFUN (SET vim.o.foldmethod "syntax");
BufEnter = { buf, ... }:
LET (vim.filetype.match { inherit buf; }) (filetype: [
(IF (APPLY OR (map (EQ filetype) [ "gitcommit" "markdown" "mail" ])) (
LET vim.o.colorcolumn (old_colorcolumn: [
(SET vim.o.colorcolumn "73")
(vim.api.nvim_create_autocmd "BufLeave" {
LET (vim.filetype.match { inherit buf; }) (filetype: L [
IF (APPLY OR (map (EQ filetype) [ "gitcommit" "markdown" ])) (
LET vim.o.colorcolumn (old_colorcolumn: L [
SET vim.o.colorcolumn "73" _
vim.api.nvim_create_autocmd "BufLeave" {
buffer = buf;
callback = DEFUN [
(SET vim.o.colorcolumn old_colorcolumn)
callback = DEFUN (L [
SET vim.o.colorcolumn old_colorcolumn _
# return true = delete autocommand
(RETURN true)
];
})
true
]);
} _
])
))
(IF (APPLY OR (map (EQ filetype) [ "markdown" "mail" ])) (
) _
IF (EQ filetype "markdown") (
(SET (IDX vim.bo buf).textwidth 72)
))
) _
]);
BufWinEnter = { buf, ... }:
LET (vim.filetype.match { inherit buf; }) (filetype: [
(CALL (PROP vim.cmd "folddoc") "foldopen!")
(IF (EQ filetype "gitcommit") (
LET (vim.filetype.match { inherit buf; }) (filetype: L [
CALL (PROP vim.cmd "folddoc") "foldopen!" _
IF (EQ filetype "gitcommit") (
vim.cmd {
cmd = "normal"; bang = true;
args = [ "gg" ];
@ -149,11 +171,11 @@
cmd = "normal"; bang = true;
args = [ "gg" ];
})
)))
)) _
]);
}
))
];
) _
]);
plugins = let ps = pkgs.vimPlugins; in map (x: if x?config && x?plugin then { type = "lua"; } // x else x) [
ps.vim-svelte
# vim-nix isn't necessary for syntax highlighting, but it improves overall editing experience
@ -168,8 +190,8 @@
sha256 = "sha256-X2IgIjO5NNq7vJdl09hBY1TFqHlsfF1xfllKr4osILI=";
};
};
config = compile "vscode_nvim" [
((REQ "vscode").setup {
config = compile' "vscode_nvim" [
(REQ "vscode").setup {
transparent = true;
color_overrides = {
vscGray = "#745b5f";
@ -186,25 +208,25 @@
vscYellow = "#${config.colors.yellow}";
vscPink = "#cf83c4";
};
})
(vim.api.nvim_set_hl 0 "NormalFloat" {
} _
vim.api.nvim_set_hl 0 "NormalFloat" {
bg = "NONE";
})
} _
]; }
{ plugin = ps.nvim-web-devicons;
config = compile "nvim_web_devicons" ((REQ "nvim-web-devicons").setup { }); }
{ plugin = ps.nvim-tree-lua;
config = compile "nvim_tree_lua" (LET (REQ "nvim-tree") (REQ "nvim-tree.api") (nvim-tree: nvim-tree-api: [
(SET (vimg "loaded_netrw") 1)
(SET (vimg "loaded_netrwPlugin") 1)
(SET vim.o.termguicolors true)
(nvim-tree.setup { }) # :help nvim-tree-setup
(kmSetNs {
config = compile "nvim_tree_lua" (LET (REQ "nvim-tree") (REQ "nvim-tree.api") (nvim-tree: nvim-tree-api: L [
SET (vimg "loaded_netrw") 1 _
SET (vimg "loaded_netrwPlugin") 1 _
SET vim.o.termguicolors true _
nvim-tree.setup { } _ # :help nvim-tree-setup
kmSetNs {
"<C-N>" = {
rhs = nvim-tree-api.tree.toggle;
desc = "Toggle NvimTree";
};
})
} _
])); }
ps.vim-sleuth
ps.luasnip
@ -237,9 +259,9 @@
};
};
formatting = {
format = entry: vim_item: let kind = PROP vim_item "kind"; in [
(SET kind (string.format "%s %s" (IDX lspkind kind) kind))
(RETURN vim_item)
format = entry: vim_item: let kind = PROP vim_item "kind"; in L [
SET kind (string.format "%s %s" (IDX lspkind kind) kind) _
vim_item
];
};
mapping = {
@ -289,28 +311,28 @@
config = compile "nvim_autopairs" (LET
(REQ "cmp") (REQ "nvim-autopairs.completion.cmp") (REQ "nvim-autopairs")
(cmp: cmp-autopairs: nvim-autopairs:
[
(nvim-autopairs.setup {
L [
nvim-autopairs.setup {
disable_filetype = [ "TelescopePrompt" "vim" ];
})
(cmp.event.on cmp.event "confirm_done" (cmp-autopairs.on_confirm_done { }))
} _
cmp.event.on cmp.event "confirm_done" (cmp-autopairs.on_confirm_done { }) _
])); }
{ plugin = ps.comment-nvim;
config = compile "comment_nvim" [
((REQ "Comment").setup { })
(kmSetNs {
config = compile' "comment_nvim" [
(REQ "Comment").setup { } _
kmSetNs {
"<space>/" = {
# metatables......
rhs = REQ' (PROP (require "Comment.api") "toggle.linewise.current");
desc = "Comment current line";
};
})
(kmSetVs {
} _
kmSetVs {
"<space>/" = {
rhs = "<esc><cmd>lua require('Comment.api').toggle.linewise(vim.fn.visualmode())<cr>";
desc = "Comment selection";
};
})
} _
]; }
{ plugin = ps.nvim-lspconfig;
config = compile "nvim_lspconfig" (
@ -319,9 +341,9 @@
(REQ "lspconfig.server_configurations.${name}")
# metatables, son! they harden in response to physical trauma
(REQ' (PROP (require "lspconfig") name));
in [
in L [
# See `:help vim.diagnostic.*` for documentation on any of the below functions
(kmSetNs {
kmSetNs {
"<space>e" = {
rhs = vim.diagnostic.open_float;
desc = "Show diagnostics in a floating window.";
@ -338,17 +360,19 @@
rhs = vim.diagnostic.setloclist;
desc = "Add buffer diagnostics to the location list.";
};
})
(LET
} _
LET
# LET on_attach
(client: bufnr: [
(SET (IDX vim.bo bufnr).omnifunc "v:lua.vim.lsp.omnifunc")
(client: bufnr: L [
SET (IDX vim.bo bufnr).omnifunc "v:lua.vim.lsp.omnifunc" _
# Mappings.
# See `:help vim.lsp.*` for documentation on any of the below functions
(keymapSetNs {
keymapSetNs {
buffer = bufnr;
keys = {
"gD" = { rhs = vim.lsp.buf.declaration; desc = "Jumps to the declaration of the symbol under the cursor."; };
"gD" = {
rhs = vim.lsp.buf.declaration;
desc = "Jumps to the declaration of the symbol under the cursor."; };
"gd" = {
rhs = vim.lsp.buf.definition;
desc = "Jumps to the definition of the symbol under the cursor."; };
@ -386,7 +410,7 @@
rhs = DEFUN (vim.lsp.buf.format { async = true; });
desc = "Formats a buffer."; };
};
})
} _
])
# LET rust_settings
{ rust-analyzer = {
@ -404,29 +428,29 @@
(on_attach: rust_settings: capabilities:
LETREC
# LETREC on_attach_rust
(on_attach_rust: client: bufnr: [
(vim.api.nvim_buf_create_user_command bufnr "RustAndroid" (opts: [
(vim.lsp.set_log_level "debug")
((lsp "rust_analyzer").setup {
(on_attach_rust: client: bufnr: L [
vim.api.nvim_buf_create_user_command bufnr "RustAndroid" (opts: L [
vim.lsp.set_log_level "debug" _
(lsp "rust_analyzer").setup {
on_attach = on_attach_rust;
inherit capabilities;
settings = vim.tbl_deep_extend
"keep"
config.rustAnalyzerAndroidSettings
rust_settings;
})
]) {})
(on_attach client bufnr)
} _
]) {} _
on_attach client bufnr _
])
# BEGIN
(let setupLsp = name: args: (lsp name).setup ({
inherit on_attach capabilities;
settings = { };
} // args);
in on_attach_rust: [
# (vim.lsp.set_log_level "debug")
in on_attach_rust: L [
# vim.lsp.set_log_level "debug" _
# see https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
(lib.mapAttrsToList setupLsp {
lib.mapAttrsToList setupLsp {
bashls = { };
clangd = { };
# https://github.com/python-lsp/python-lsp-server/blob/develop/CONFIGURATION.md
@ -447,15 +471,15 @@
on_attach = on_attach_rust;
settings = rust_settings;
};
})
} _
]) # END
)) # END
) _ # END
]); }
{ plugin = ps.which-key-nvim;
config = compile "which_key_nvim" [
(SET vim.o.timeout true)
(SET vim.o.timeoutlen 500)
(which-key.setup { })
config = compile' "which_key_nvim" [
SET vim.o.timeout true _
SET vim.o.timeoutlen 500 _
which-key.setup { } _
]; }
];
};

1407
pkgs/Cargo.lock generated Normal file

File diff suppressed because it is too large Load diff

View file

@ -22,24 +22,24 @@
"pinned": false,
"src": {
"name": null,
"sha256": "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=",
"sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=",
"type": "url",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz"
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
},
"version": "GE-Proton8-24"
"version": "GE-Proton8-16"
},
"searxng": {
"cargoLocks": null,
"date": "2023-11-14",
"date": "2023-10-06",
"extract": null,
"name": "searxng",
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=",
"sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=",
"type": "tarball",
"url": "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz"
"url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"
},
"version": "b3d29cb86db4cc1a4e6320016529d1361451e1f1"
"version": "ce270961e82585971579844c64d7cde5f5d855ec"
}
}

View file

@ -12,19 +12,19 @@
};
proton-ge = {
pname = "proton-ge";
version = "GE-Proton8-24";
version = "GE-Proton8-16";
src = fetchurl {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz";
sha256 = "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=";
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=";
};
};
searxng = {
pname = "searxng";
version = "b3d29cb86db4cc1a4e6320016529d1361451e1f1";
version = "ce270961e82585971579844c64d7cde5f5d855ec";
src = fetchTarball {
url = "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz";
sha256 = "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=";
url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz";
sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=";
};
date = "2023-11-14";
date = "2023-10-06";
};
}

25
pkgs/chompjs.nix Normal file
View file

@ -0,0 +1,25 @@
# TODO: remove this file when searxng gets updated in nixpkgs
{ lib
, buildPythonPackage
, fetchPypi
}:
buildPythonPackage rec {
pname = "chompjs";
version = "1.2.2";
format = "setuptools";
src = fetchPypi {
inherit pname version;
hash = "sha256-I5PbVinyjO1OF78t9h67lVBM/VsogYoMj3iFZS4WTn8=";
};
pythonImportsCheck = [ "chompjs" ];
meta = with lib; {
description = "Parsing JavaScript objects into Python dictionaries";
homepage = "https://pypi.org/project/chompjs/";
license = licenses.mit;
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -3,7 +3,6 @@
, nur
, nix-gaming
, pkgs' ? pkgs
, isOverlay ? true
, ... }:
let
inherit (pkgs') callPackage;
@ -66,33 +65,8 @@ in
/*ghidra = pkgs.ghidra.overrideAttrs (old: {
patches = old.patches ++ [ ./ghidra-stdcall.patch ];
});*/
ffmpeg-custom = (pkgs'.ffmpeg_6-full.override {
withCuda = false;
withCudaLLVM = false;
withNvdec = false;
withNvenc = false;
}).overrideAttrs (old: {
version = "unstable-20231031";
src = pkgs'.fetchgit {
url = "https://git.ffmpeg.org/ffmpeg.git";
rev = "4e5f3e6b8e1132354eed810dfdadf87f45c5de27";
hash = "sha256-fiWkU9fK8qPmxl2MOADKdlFf6XjHGKFhi8uaWltphCE=";
};
patches = [ ];
postPatch = ''
${old.postPatch or ""}
substituteInPlace libavutil/hwcontext_vulkan.c \
--replace FF_VK_KHR_VIDEO_DECODE_QUEUE FF_VK_EXT_VIDEO_DECODE_QUEUE \
--replace FF_VK_KHR_VIDEO_DECODE_H264 FF_VK_EXT_VIDEO_DECODE_H264 \
--replace FF_VK_KHR_VIDEO_DECODE_H265 FF_VK_EXT_VIDEO_DECODE_H265 \
--replace FF_VK_KHR_VIDEO_DECODE_AV1 FF_VK_EXT_VIDEO_DECODE_AV1
'';
buildInputs = old.buildInputs ++ [ pkgs'.libaribcaption ];
configureFlags = old.configureFlags ++ [ "--enable-libaribcaption" ];
});
gimp = callPackage ./gimp { inherit (pkgs) gimp; };
home-daemon = callPackage ./home-daemon { };
libaribcaption = callPackage ./libaribcaption { };
# pin version
looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: {
version = "B6";
@ -107,6 +81,7 @@ in
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src;
});
pineapplebot = callPackage ./pineapplebot.nix { };
proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src;
installPhase = ''
@ -115,18 +90,21 @@ in
'';
};
rofi-steam-game-list = callPackage ./rofi-steam-game-list { };
scanservjs = callPackage ./scanservjs { };
scanservjs = callPackage ./scanservjs.nix { };
searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: {
inherit (sources.searxng) src;
version = "unstable-" + sources.searxng.date;
postInstall = builtins.replaceStrings [ "/botdetection" ] [ "" ] old.postInstall;
propagatedBuildInputs = old.propagatedBuildInputs ++ [
(pkgs'.python3.pkgs.callPackage ./chompjs.nix { })
];
}));
# system76-scheduler = callPackage ./system76-scheduler.nix { };
techmino = callPackage ./techmino { };
firefoxAddons = lib.recurseIntoAttrs (callPackage ./firefox-addons { inherit nur sources; });
mpvScripts = lib.optionalAttrs isOverlay pkgs.mpvScripts // callPackage ./mpv-scripts { };
firefox-addons = lib.recurseIntoAttrs (callPackage ./firefox-addons { inherit nur sources; });
mpvScripts = pkgs.mpvScripts // callPackage ./mpv-scripts { };
qemu_7 = callPackage ./qemu/7.nix {
qemu_7 = callPackage ./qemu_7.nix {
stdenv = pkgs'.ccacheStdenv;
inherit (pkgs.darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor vmnet;
inherit (pkgs.darwin.stubs) rez setfile;
@ -140,7 +118,7 @@ in
qemu_7_xen_4_15-light = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; xenSupport = true; xen = pkgs.xen_4_15-light; });
qemu_7_test = lib.lowPrio (pkgs'.qemu_7.override { hostCpuOnly = true; nixosTestRunner = true; });
# TODO: when https://gitlab.com/virtio-fs/virtiofsd/-/issues/96 is fixed remove this
virtiofsd = callPackage ./qemu/virtiofsd.nix {
virtiofsd = callPackage ./qemu_virtiofsd.nix {
qemu = pkgs'.qemu_7;
};
@ -152,6 +130,5 @@ in
stdenv = pkgs'.ccacheStdenv;
};
}
// import ./postgresql-packages { inherit pkgs pkgs' lib sources isOverlay; }
// import ./ccache.nix { inherit pkgs pkgs' lib sources; }
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }

View file

@ -63,10 +63,10 @@
};
"youtube-nonstop" = buildFirefoxXpiAddon {
pname = "youtube-nonstop";
version = "0.9.2";
version = "0.9.1";
addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}";
url = "https://addons.mozilla.org/firefox/downloads/file/4187690/youtube_nonstop-0.9.2.xpi";
sha256 = "7659d180f76ea908ea81b84ed9bdd188624eaaa62b88accbe6d8ad4e8caeff38";
url = "https://addons.mozilla.org/firefox/downloads/file/3848483/youtube_nonstop-0.9.1.xpi";
sha256 = "8340d57622a663949ec1768eb37d47651c809fadf0ffaa5ff546c48fdd28e33d";
meta = with lib;
{
homepage = "https://github.com/lawfx/YoutubeNonStop";

16
pkgs/kvmfr-linux6_4.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/kvmfr.c b/kvmfr.c
index 121aae5b..2f4c9e1a 100644
--- a/kvmfr.c
+++ b/kvmfr.c
@@ -539,7 +539,11 @@ static int __init kvmfr_module_init(void)
if (kvmfr->major < 0)
goto out_free;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME);
+#else
+ kvmfr->pClass = class_create(KVMFR_DEV_NAME);
+#endif
if (IS_ERR(kvmfr->pClass))
goto out_unreg;

View file

@ -1,33 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, fontconfig
, freetype
}:
stdenv.mkDerivation rec {
pname = "libaribcaption";
version = "1.1.1";
src = fetchFromGitHub {
owner = "xqq";
repo = "libaribcaption";
rev = "v${version}";
hash = "sha256-x6l0ZrTktSsqfDLVRXpQtUOruhfc8RF3yT991UVZiKA=";
};
nativeBuildInputs = [ cmake ];
cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" ];
buildInputs = lib.optionals (!stdenv.isDarwin) [ fontconfig freetype ];
meta = with lib; {
description = "Portable ARIB STD-B24 Caption Decoder/Renderer";
homepage = "https://github.com/xqq/libaribcaption";
license = licenses.mit;
maintainers = with maintainers; [ chayleaf ];
};
}

34
pkgs/pineapplebot.nix Normal file
View file

@ -0,0 +1,34 @@
{ python3
, fetchFromGitHub
, rustPlatform
, magic ? "<PIZZABOT_MAGIC_SEP>"
, ... }:
python3.pkgs.buildPythonPackage rec {
pname = "pineapplebot";
version = "0.1.0";
src = fetchFromGitHub {
owner = "chayleaf";
repo = "pizzabot_v3";
rev = "master";
sha256 = "sha256-ZLskMlllZfmqIlbSr0pNHHJehDycohiwqgYbuEYP7Qc=";
};
preBuild = ''
head -n13 Cargo.toml > Cargo.toml.new
mv Cargo.toml.new Cargo.toml
'';
sourceRoot = "source/pineapplebot";
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src sourceRoot;
name = "${pname}-${version}";
sha256 = "14jxgykwg1apy97gy1j8mz7ny2cqg4q9s03a2bk9kx2y6ibm4668";
};
nativeBuildInputs = with rustPlatform; [
cargoSetupHook
maturinBuildHook
];
doCheck = false;
doInstallCheck = true;
pythonImportsCheck = [ "pineapplebot" ];
PIZZABOT_MAGIC = magic;
}

View file

@ -1,45 +0,0 @@
{ pkgs
, pkgs'
, isOverlay
, lib
, ... }:
let
inherit (pkgs') callPackage;
extraPackages = {
tsja = callPackage ./tsja.nix { };
};
gen' = postgresql: builtins.mapAttrs (k: v: v.override { inherit postgresql; }) extraPackages;
gen = ver:
lib.optionalAttrs isOverlay pkgs."postgresql${toString ver}Packages"
// gen' pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
psql = ver: let
old = pkgs."postgresql${if ver == "" then "" else "_" + toString ver}";
in old // { pkgs = old.pkgs // gen' old; };
self = {
mecab = pkgs.mecab.overrideAttrs (old: {
postInstall = ''
mkdir -p $out/lib/mecab/dic
ln -s ${callPackage /${pkgs.path}/pkgs/tools/text/mecab/ipadic.nix {
mecab-nodic = callPackage /${pkgs.path}/pkgs/tools/text/mecab/nodic.nix { };
}} $out/lib/mecab/dic/ipadic
'';
});
postgresqlPackages = gen "";
postgresql11Packages = gen 11;
postgresql12Packages = gen 12;
postgresql13Packages = gen 13;
postgresql14Packages = gen 14;
postgresql15Packages = gen 15;
postgresql16Packages = gen 16;
} // lib.optionalAttrs isOverlay {
postgresql = psql "";
postgresql_11 = psql 11;
postgresql_12 = psql 12;
postgresql_13 = psql 13;
postgresql_14 = psql 14;
postgresql_15 = psql 15;
postgresql_16 = psql 16;
};
in self

View file

@ -1,39 +0,0 @@
{ lib
, stdenv
, postgresql
, mecab
}:
stdenv.mkDerivation rec {
pname = "tsja";
version = "0.5.0";
src = fetchTarball {
url = "https://www.amris.jp/tsja/tsja-${version}.tar.xz";
sha256 = "0hx4iygnqw1ay3nwrf3x2izflw4ip9i8i0yny26vivdz862m97w7";
};
postPatch = ''
substituteInPlace Makefile \
--replace /usr/local/pgsql ${postgresql} \
--replace -L/usr/local/lib "" \
--replace -I/usr/local/include ""
substituteInPlace tsja.c --replace /usr/local/lib/mecab ${mecab}/lib/mecab
'';
buildInputs = [ postgresql mecab ];
installPhase = ''
mkdir -p $out/lib $out/share/postgresql/extension
cp libtsja.so $out/lib
cp dbinit_libtsja.txt $out/share/postgresql/extension/libtsja_dbinit.sql
'';
meta = with lib; {
description = "PostgreSQL extension implementing Japanese text search";
homepage = "https://www.amris.jp/tsja/index.html";
maintainers = with maintainers; [ chayleaf ];
platforms = postgresql.meta.platforms;
license = licenses.postgresql;
};
}

91
pkgs/scanservjs.nix Normal file
View file

@ -0,0 +1,91 @@
{ lib
, fetchFromGitHub
, buildNpmPackage
, fetchNpmDeps
, nodejs
}:
let
version = "2.27.0";
src = fetchFromGitHub {
owner = "sbs20";
repo = "scanservjs";
rev = "v${version}";
hash = "sha256-GFpfH7YSXFRNRmx8F2bUJsGdPW1ECT7AQquJRxiRJEU=";
};
depsHashes = {
server = "sha256-V4w4euMl67eS4WNIFM8j06/JAEudaq+4zY9pFVgTmlY=";
client = "sha256-r/uYaXpQnlI90Yn6mo2KViKDMHE8zaCAxNFnEZslnaY=";
};
serverDepsForClient = fetchNpmDeps {
inherit src nodejs;
sourceRoot = "${src.name}/packages/server";
name = "scanservjs-server";
hash = depsHashes.server or lib.fakeHash;
};
# static client files
client = buildNpmPackage ({
pname = "scanservjs-static";
inherit version src nodejs;
sourceRoot = "${src.name}/packages/client";
npmDepsHash = depsHashes.client or lib.fakeHash;
preBuild = ''
cd ../server
chmod +w package-lock.json . /build/source/
npmDeps=${serverDepsForClient} npmConfigHook
cd ../client
'';
env.NODE_OPTIONS = "--openssl-legacy-provider";
dontNpmInstall = true;
installPhase = ''
mv /build/source/dist/client $out
'';
});
in buildNpmPackage {
pname = "scanservjs";
inherit version src nodejs;
sourceRoot = "${src.name}/packages/server";
npmDepsHash = depsHashes.server or lib.fakeHash;
preBuild = ''
chmod +w /build/source
substituteInPlace src/server.js --replace "express.static('client')" "express.static('${client}')"
substituteInPlace src/api.js --replace \
'`''${config.previewDirectory}/default.jpg`' \
"'$out/lib/node_modules/scanservjs-api/data/preview/default.jpg'"
substituteInPlace src/application.js --replace \
"'../../config/config.local.js'" \
"process.env.NIX_SCANSERVJS_CONFIG_PATH"
substituteInPlace src/classes/user-options.js --replace \
"const localPath = path.join(__dirname, localConfigPath);" \
"const localPath = localConfigPath;"
substituteInPlace src/configure.js --replace \
"fs.mkdirSync(config.outputDirectory, { recursive: true });" \
"fs.mkdirSync(config.outputDirectory, { recursive: true }); fs.mkdirSync(config.previewDirectory, { recursive: true });"
'';
postInstall = ''
mkdir -p $out/bin
makeWrapper ${nodejs}/bin/node $out/bin/scanservjs \
--set NODE_ENV production \
--add-flags "'$out/lib/node_modules/scanservjs-api/src/server.js'"
'';
meta = with lib; {
description = "SANE scanner nodejs web ui";
longDescription = "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.";
homepage = "https://github.com/sbs20/scanservjs";
license = licenses.gpl2Only;
mainProgram = "scanservjs";
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -1,46 +0,0 @@
{ lib
, fetchFromGitHub
, buildNpmPackage
, nodejs
}:
buildNpmPackage {
pname = "scanservjs";
version = "3.0.3";
src = fetchFromGitHub {
# owner = "sbs20";
owner = "chayleaf";
repo = "scanservjs";
# rev = "v${version}";
rev = "bf41a95c9cd6bd924d6e14a28da6d33ddc64ef2e";
hash = "sha256-ePg8spI1rlWYcpjtax7gaZp2wUX4beHzMd71b8XKNG8=";
};
inherit nodejs;
npmDepsHash = "sha256-bigIFAQ2RLk6yxbUcMnmXwgaEkzFFUYn+hE7RIiFm8Y=";
preBuild = ''
npm run build
'';
postInstall = ''
mv $out/lib/node_modules/scanservjs/node_modules dist/
rm -rf $out/lib/node_modules/scanservjs
mv dist $out/lib/node_modules/scanservjs
mkdir -p $out/bin
makeWrapper ${nodejs}/bin/node $out/bin/scanservjs \
--set NODE_ENV production \
--add-flags "'$out/lib/node_modules/scanservjs/server/server.js'"
'';
meta = with lib; {
description = "SANE scanner nodejs web ui";
longDescription = "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.";
homepage = "https://github.com/sbs20/scanservjs";
license = licenses.gpl2Only;
mainProgram = "scanservjs";
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -0,0 +1,65 @@
{ lib
, fetchFromGitHub
, writeText
, rustPlatform
, pkg-config
, dbus
, bcc
}:
rustPlatform.buildRustPackage {
pname = "system76-scheduler";
version = "unstable-2022-11-08";
src = fetchFromGitHub {
owner = "pop-os";
repo = "system76-scheduler";
rev = "0fe4d8dfc4275fd856aee28ca942b9fa53229fc9";
sha256 = "sha256-uFFJkuMxqcGj6OQShF0zh/FGwX4/ln1l6NwGonkUsNI=";
};
cargoPatches = [(writeText "ron-rev.diff" ''
diff --git i/daemon/Cargo.toml w/daemon/Cargo.toml
index 0397788..fbd6202 100644
--- i/daemon/Cargo.toml
+++ w/daemon/Cargo.toml
@@ -33,7 +33,7 @@ clap = { version = "3.1.18", features = ["cargo"] }
# Necessary for deserialization of untagged enums in assignments.
[dependencies.ron]
git = "https://github.com/MomoLangenstein/ron"
-branch = "253-untagged-enums"
+rev = "afb960bb8b0402a79260533aa3b9d87a8abae72b"
[dependencies.tracing-subscriber]
version = "0.3.11"
diff --git i/Cargo.lock w/Cargo.lock
index a782756..fe56c1f 100644
--- i/Cargo.lock
+++ w/Cargo.lock
@@ -788,7 +788,7 @@ dependencies = [
[[package]]
name = "ron"
version = "0.8.0"
-source = "git+https://github.com/MomoLangenstein/ron?branch=253-untagged-enums#afb960bb8b0402a79260533aa3b9d87a8abae72b"
+source = "git+https://github.com/MomoLangenstein/ron?rev=afb960bb8b0402a79260533aa3b9d87a8abae72b#afb960bb8b0402a79260533aa3b9d87a8abae72b"
dependencies = [
"base64",
"bitflags",
'')];
cargoSha256 = "sha256-tY7o09Nu1/Lbn//5+iecUmV67Aw1QvVLdUaD8DDgKi0=";
cargoLock.lockFile = ./Cargo.lock;
cargoLock.outputHashes."ron-0.8.0" = "sha256-k+LuTEq97/DohcsulXoLXWqFLzPUzIR1D5pGru+M5Ew=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ dbus ];
EXECSNOOP_PATH = "${bcc}/bin/execsnoop";
postInstall = ''
install -D -m 0644 data/com.system76.Scheduler.conf $out/etc/dbus-1/system.d/com.system76.Scheduler.conf
mkdir -p $out/etc/system76-scheduler
install -D -m 0644 data/*.ron $out/etc/system76-scheduler/
'';
meta = {
description = "System76 Scheduler";
homepage = "https://github.com/pop-os/system76-scheduler";
license = lib.licenses.mpl20;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

View file

@ -1,6 +1,6 @@
# copy a path to store (needed because I don't copy the secrets to store by default)
# arg must be a string because of how nix handles relative paths as absolute
{ copyToStore ? (pkgs: name: x: ./${x})
{ copyToStore ? (pkgs: name: x: ./. + x)
, ... }: {
nixmsi = {
system = { pkgs, ... }: {

View file

@ -1,5 +1,4 @@
{ hardware
, pkgs
, ... }:
{
@ -13,7 +12,6 @@
common.resolution = "1920x1080";
vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
boot = {
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
kernelParams = [
# disable PSR to *hopefully* avoid random hangs
@ -53,19 +51,4 @@
};
})
];
specialisation.no_patches.configuration = {
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src;
dontFixup = true;
passthru = { inherit (prev.linux-firmware) version; };
installFlags = [ "DESTDIR=$(out)" ];
patches = [ ];
postPatch = "";
};
})
];
};
}

View file

@ -6,44 +6,8 @@
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ];
# TODO: switch to upstream when PCIe support works
boot.kernelPackages = pkgs.linuxPackages_testing;
# not sure whether they are needed anymore, but it won't hurt, right?
boot.kernelPatches = [
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/fab08a275f328e2e0a6fef73226e45eb1d4bb108.patch"; sha256 = "1rw9n9if9xh91k05284vwbarmhpscspvl4cg7qrfd99myd2z3dql"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/967c218122840e468981031fd8888846727f5282.patch"; sha256 = "1i0bxsmpxpykxychcaww5schilngk1whh8wrmvh5rng84nmn8bn4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5747896098cee178de4bed1eb0052893690eb40e.patch"; sha256 = "1lmgj0azkc1jbjmay5swdikicvqgjzz80qwxlk8i932rkih1snjs"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/a2439d839c103c029294042b5b3d4a065e5073d0.patch"; sha256 = "1vga1vj3b0zgyla8qfjgwgxgrcffmvzrhhk75rlfd0x42xjfj011"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/292226fcc7af3e6d5e3b1587459146042fb8a2cf.patch"; sha256 = "1k0mfw9gzqzpn449rk2jd9db6py470q95r1kb4yi6vh2slg52img"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b53d373e700628a5126a49a8a73028cb553e5083.patch"; sha256 = "1lrwlymaa5wrv6lgns6ciadlg8hbkq16g9y0bnf9mwxkmm2bkf7j"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5e036b1a0c501beec312c2aa362b265a84a09076.patch"; sha256 = "182xyd069fzpf3gql9kjj1707kfm3ziwav7p2px5c3p6rz06fmfc"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/d51dcd5c602d78fadc4cc8f83b851264c4ac18db.patch"; sha256 = "0lbk2b08pv593gng4h32jw6cbgfq524y510p4gv5cnv8l7w7p3ra"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b3b601dd3a6d35779385b716a898e43071f802e5.patch"; sha256 = "176w6k0fbawm9svhfdh3yh1s4dmnk6gjvafwhv79dsqy2c0n88w8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5c34bb1e195fbbcaccf42a04f56e8d035d0864bb.patch"; sha256 = "09b9f3bh80jxpj0rry19s0c6j01636lc66xmyrsin8ajga26d77x"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/27a37c0495193fcfef1787086821c57f20b759bc.patch"; sha256 = "1kwll337nayzr0yv5pl7h6m85fyf227l501xa7ph44d2p7z2kjl0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/acb101c5f99c54d083427b2a07f8a9610a468bef.patch"; sha256 = "0qav04ld4h6mq081fff50gr2354kmcplya9bfdxyp35mw3m3h1g0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/479c1ae8a93f901a5898e2ed204b931c68de63fd.patch"; sha256 = "1w6wf0p5480qny69wkvsjdydz2xhax0ifgshsp5hp5mwpliqvgnq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/ddb788db4d8b352742a6efcc8559f4c32c38925c.patch"; sha256 = "1djrn683p5q7wkd9j8lrmfvjj43pkgg0njp7gs7lb51fm9fq4khk"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/0080918c3a50cad588fba468fb7934c80777aa07.patch"; sha256 = "09iyrybgw1y9mqaw2fz3yv32hjxnh58gqpv6fd5ws16n26qr4yc8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5afa85f867c29153afc1b801a31f55cd3021f3a6.patch"; sha256 = "0azzj4vnkc4l6bxkwav3xjbm78zlprqf54lfq31n2nlbv59rhmmg"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8f64d6bcf306fa5b5de66fdee2458cb584a78b2e.patch"; sha256 = "1w1yccwr487nm4zi0prgjzqaxasvfxnfl81a7xhgza69ahslc8f4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/aa4d816546e1bf38077df0b2ca367abc5ff6601c.patch"; sha256 = "1vx6dc6xrpb3zlg7sr1gimfa918p3flcyixnfy9xb2k1y6qjlmh8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8baebef8be9691a28f8efa284dfce9a5b9395130.patch"; sha256 = "1kk6d3g3silsjbjz6ckhvi9jvmcw1pxswp20xz9krdcmnagp65fl"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f542d93ac2d5c4b6458599494f90bd4021d34b2c.patch"; sha256 = "1xzdylb4bbrbi0is50yyc6a3zg6mdhcjwzi0hxar2vr1zdz82v4h"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e84f55d8a9d849eac51f73c47cdb90eb7dbac90f.patch"; sha256 = "1fz70l7qwsqh81a3bdw7parn2s9y59c38xlpcm2gc53ka1mfkml5"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/643d555335b4c0dc228111a74cfa5189e17616df.patch"; sha256 = "05svkfpla9la94dz8vlis7kwq8sa32zvbdgydq3wnz979s91k8aq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/c8bd3a53671c48ccf642bbc6453fdb0274022bad.patch"; sha256 = "0j8faqv066vwy41m0wqk3qlwrj1va6dndkrq5avlqqrqkm2hkabv"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/1066dd8203fdb05902b963968e8a29292dc1f2a8.patch"; sha256 = "0w08x9658c4j63lmjdg7ahpcgxnz661fcmfzv6sgqp6208jp6x2a"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e4e39588f8b46db104817795a703b1f701da9c36.patch"; sha256 = "0drdi61f0dnf3ya63is6sq8mky13kkqkb36lqk4plspckg6jx8ik"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/7ec0cb44173dd1a5357a66afa7f3b5de956df7ee.patch"; sha256 = "1ll2clz0x7znn9d3rvijfl72647lnj3f3j7acbmp5aqhd766f1ib"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/171fd53717525f0f6dc56e90e6f38a9038c5c779.patch"; sha256 = "0vv8z9rcbyf3ynm46974ajff1i7mpbvh68pw19wpvnj8lvyyf8mb"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/140267c1c11d90f4889e57ae6d58280b261081c0.patch"; sha256 = "1wsy7w5bl3hyqr3rf54xzi9akz2ccn1cqzjy6d17p6nywsd0s9cf"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/94b6bcb0b87d896e764615f9c1601ac270300ce8.patch"; sha256 = "137fjvnr4i3z4b14x945zhxgfpl5xagcqr2nl08b1xc5j2pniqx0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5760547fa8739f1185b4b2523fb801fd678cfbde.patch"; sha256 = "03asnrwini33xfc8aq2arfazvyn8c1qfxzinmq6h4pr5vlfincry"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3b1edb31f3ac2f55d62968f2fd7d9b5d430cd3ec.patch"; sha256 = "0azsmjzjh1b407vqzp597l11h367qac82bffmy1kyhh4qv3i7a84"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3e33bc702048b524d4faaa7d8f151bfe4a48fd2b.patch"; sha256 = "0playww4l3b0w2q0wkydqfvdj7bcr3faw94hbmnqxqs26fm8yam3"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f41b3e9a9d7f22bef0735b4fe0007321ce6b6d6b.patch"; sha256 = "02ppav6iwg8f00458r1rah0yj2khvayhr5xadh2pw33jlgp9i7im"; })
];
/*boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
# boot.kernelPackages = pkgs.linuxPackages_testing;
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
version = "6.6.0-rc1";
kernelPatches = [ ];
src = pkgs.fetchFromGitLab {
@ -54,7 +18,7 @@
rev = "f04271158aee35d270748301c5077231a75bc589";
hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc=";
};
});*/
});
boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ];
hardware.deviceTree.enable = true;

View file

@ -282,7 +282,6 @@ in {
];
router-settings.dhcp6Reservations = [
{ ipAddress = serverAddress6;
duid = cfg.serverDuid;
macAddress = cfg.serverMac; }
{ ipAddress = vacuumAddress6;
macAddress = cfg.vacuumMac; }
@ -435,11 +434,11 @@ in {
gateways = [ netAddresses.lan6 ];
radvdSettings.AdvAutonomous = true;
coreradSettings.autonomous = true;
# don't allocate addresses for most devices
# don't autoallocate addresses, keep autonomous ones
keaSettings.pools = [ ];
# just assign the reservations
keaSettings.reservations = map (res:
(if res.duid != null then { duid = res.duid; } else { hw-address = res.macAddress; }) // {
keaSettings.reservations = map (res: {
hw-address = res.macAddress;
ip-addresses = [ res.ipAddress ];
}) cfg.dhcp6Reservations;
});
@ -905,9 +904,6 @@ in {
extraOptions = "-i ${netAddresses.lan4} -p 6969 -P 6969 -p 80";
};
# I only have 2GB RAM, so Unbound is killed during peak system load without this option
zramSwap.enable = true;
impermanence.directories = [
# for wireguard key
{ directory = /secrets; mode = "0000"; }

View file

@ -52,7 +52,7 @@ in {
in {
ipv4.kea.settings = {
control-socket = {
socket-name = "/run/kea4-br0/kea.sock";
socket-name = "/run/kea/kea-dhcp4-ctrl.sock";
socket-type = "unix";
};
loggers = lib.toList {
@ -67,7 +67,7 @@ in {
};
ipv6.kea.settings = {
control-socket = {
socket-name = "/run/kea6-br0/kea.sock";
socket-name = "/run/kea/kea-dhcp6-ctrl.sock";
socket-type = "unix";
};
loggers = lib.toList {

View file

@ -13,11 +13,6 @@
description = "server's mac address";
type = lib.types.str;
};
serverDuid = lib.mkOption {
description = "server's duid";
type = with lib.types; nullOr str;
default = null;
};
serverInitrdMac = lib.mkOption {
description = "server's mac address in initrd";
type = lib.types.str;
@ -97,15 +92,9 @@
description = "device's ip address";
};
options.macAddress = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
type = lib.types.str;
description = "device's mac address";
};
options.duid = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = "device's duid";
};
});
};
dnatRules = lib.mkOption {

View file

@ -1,84 +0,0 @@
{ config
, pkgs
, ... }:
let
cfg = config.server;
in {
# TODO: remove this in 2024
services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
quic = true;
enableACME = true;
addSSL = true;
serverAliases = [ "akkoma.${cfg.domainName}" ];
locations."/".return = "301 https://fedi.${cfg.domainName}$request_uri";
};
services.postgresql.extraPlugins = with config.services.postgresql.package.pkgs; [ tsja ];
services.akkoma = let
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw;
in {
enable = true;
dist.extraFlags = [
"+sbwt" "none"
"+sbwtdcpu" "none"
"+sbwtdio" "none"
];
config.":pleroma"."Pleroma.Web.Endpoint" = {
url = {
scheme = "https";
host = "fedi.${cfg.domainName}";
port = 443;
};
secret_key_base._secret = "/secrets/akkoma/secret_key_base";
signing_salt._secret = "/secrets/akkoma/signing_salt";
live_view.signing_salt._secret = "/secrets/akkoma/live_view_signing_salt";
};
initDb = {
enable = false;
username = "akkoma";
password._secret = "/secrets/akkoma/postgres_password";
};
config.":pleroma".":instance" = {
name = cfg.domainName;
description = "Insert instance description here";
email = "webmaster-akkoma@${cfg.domainName}";
notify_email = "noreply@${cfg.domainName}";
limit = 5000;
registrations_open = true;
account_approval_required = true;
};
config.":pleroma"."Pleroma.Repo" = {
adapter = mkRaw "Ecto.Adapters.Postgres";
username = "akkoma";
password._secret = "/secrets/akkoma/postgres_password";
database = "akkoma";
hostname = "localhost";
prepare = mkRaw ":named";
parameters.plan_cache_mode = "force_custom_plan";
timeout = 30000;
connect_timeout = 10000;
};
config.":web_push_encryption".":vapid_details" = {
subject = "mailto:webmaster-akkoma@${cfg.domainName}";
public_key._secret = "/secrets/akkoma/push_public_key";
private_key._secret = "/secrets/akkoma/push_private_key";
};
config.":joken".":default_signer"._secret = "/secrets/akkoma/joken_signer";
# config.":logger".":ex_syslogger".level = ":debug";
nginx = {
quic = true;
enableACME = true;
forceSSL = true;
};
};
systemd.services.akkoma = {
path = [ pkgs.exiftool pkgs.gawk ];
serviceConfig.Restart = "on-failure";
unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 3;
};
};
}

View file

@ -1,44 +0,0 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
security.acme.certs = lib.flip builtins.mapAttrs (lib.filterAttrs (k: v: v.enableACME) config.services.nginx.virtualHosts) (k: v: {
postRun = let
python = pkgs.python3.withPackages (p: with p; [ cryptography pyasn1 pyasn1-modules ]);
tbs-hash = pkgs.writeScript "tbs-hash.py" ''
#!${python}/bin/python3
import hashlib
from pyasn1.codec.der.decoder import decode
from pyasn1.codec.der.encoder import encode
from pyasn1_modules import rfc5280
from cryptography import x509
with open('full.pem', 'rb') as f:
cert = x509.load_pem_x509_certificate(f.read())
tbs, _leftover = decode(cert.tbs_certificate_bytes, asn1Spec=rfc5280.TBSCertificate())
precert_exts = [v.dotted_string for k, v in x509.ExtensionOID.__dict__.items() if k.startswith('PRECERT_')]
exts = [ext for ext in tbs["extensions"] if str(ext["extnID"]) not in precert_exts]
tbs["extensions"].clear()
tbs["extensions"].extend(exts)
print(hashlib.sha256(encode(tbs)).hexdigest())
'';
in ''
${tbs-hash} > "/var/lib/certspotter/tbs-hashes/${k}"
'';
});
services.certspotter = {
enable = true;
extraFlags = [ ];
watchlist = [ ".pavluk.org" ];
hooks = lib.toList (pkgs.writeShellScript "certspotter-hook" ''
if [[ "$EVENT" == discovered_cert ]]; then
${pkgs.gnugrep}/bin/grep -r "$TBS_SHA256" /var/lib/certspotter/tbs-hashes/ && exit
fi
(echo "Subject: $SUMMARY" && echo && cat "$TEXT_FILENAME") | /run/wrappers/bin/sendmail -i webmaster-certspotter@${cfg.domainName}
'');
};
}

View file

@ -6,7 +6,7 @@
let
cfg = config.server;
hostedDomains =
hosted-domains =
builtins.concatLists
(builtins.attrValues
(builtins.mapAttrs
@ -15,16 +15,12 @@ let
in {
imports = [
./options.nix
./akkoma.nix
./certspotter.nix
./matrix.nix
./fdroid.nix
./files.nix
./mumble.nix
./mailserver.nix
./home.nix
./keycloak.nix
./mailserver.nix
./matrix.nix
./mumble.nix
./searxng.nix
];
system.stateVersion = "22.11";
@ -81,8 +77,8 @@ in {
};
};
# just in case
networking.hosts."127.0.0.1" = hostedDomains;
networking.hosts."::1" = hostedDomains;
networking.hosts."127.0.0.1" = hosted-domains;
networking.hosts."::1" = hosted-domains;
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_13;
@ -100,6 +96,56 @@ in {
'';
};
# SEARXNG
services.searx.enable = true;
services.searx.package = pkgs.searxng;
services.searx.runInUwsgi = true;
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
};
services.searx.environmentFile = /var/lib/searx/searx.env;
services.searx.settings = {
use_default_settings = true;
search = {
safe_search = 0;
autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
};
server = {
port = 8888;
bind_address = "::1";
secret_key = "@SEARX_SECRET_KEY@";
base_url = "https://search.${cfg.domainName}/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
outgoing = {
request_timeout = 5.0; # default timeout in seconds, can be override by engine
max_request_timeout = 15.0; # the maximum timeout in seconds
pool_connections = 100; # Maximum number of allowable connections, or null
pool_maxsize = 10; # Number of allowable keep-alive connections, or null
enable_http2 = true; # See https://www.python-httpx.org/http2/
};
};
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
# locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
locations."/".extraConfig = ''
uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
include ${config.services.nginx.package}/conf/uwsgi_params;
'';
};
# NGINX
services.nginx.enable = true;
services.nginx.enableReload = true;
@ -165,6 +211,129 @@ in {
};
};
# GITEA
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.gitea) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
};
services.gitea = {
enable = true;
database = {
createDatabase = false;
passwordFile = "/var/lib/gitea/db_password";
type = "postgres";
};
settings = {
mailer = {
ENABLED = true;
FROM = "Gitea <noreply@${cfg.domainName}>";
MAILER_TYPE = "smtp";
HOST = "mail.${cfg.domainName}:587";
USER = "noreply@${cfg.domainName}";
PASSWD = cfg.unhashedNoreplyPassword;
SKIP_VERIFY = true;
};
session = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.${cfg.domainName}";
HTTP_ADDR = "::1";
HTTP_PORT = 3310;
DOMAIN = "git.${cfg.domainName}";
# START_SSH_SERVER = true;
# SSH_PORT = 2222;
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
};
};
# NEXTCLOUD
services.nginx.virtualHosts."cloud.${cfg.domainName}" = {
quic = true;
enableACME = true;
forceSSL = true;
};
services.nextcloud = {
enable = true;
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line
database.createLocally = false;
config = {
adminpassFile = "/var/lib/nextcloud/admin_password";
dbpassFile = "/var/lib/nextcloud/db_password";
dbtype = "pgsql";
dbhost = "/run/postgresql";
overwriteProtocol = "https";
};
hostName = "cloud.${cfg.domainName}";
https = true;
};
services.akkoma = {
enable = true;
config.":pleroma"."Pleroma.Web.Endpoint" = {
url = {
scheme = "https";
host = "pleroma.${cfg.domainName}";
port = 443;
};
secret_key_base._secret = "/secrets/akkoma/secret_key_base";
signing_salt._secret = "/secrets/akkoma/signing_salt";
live_view.signing_salt._secret = "/secrets/akkoma/live_view_signing_salt";
};
extraStatic."static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
no bigotry kthx
'';
initDb = {
enable = false;
username = "pleroma";
password._secret = "/secrets/akkoma/postgres_password";
};
config.":pleroma".":instance" = {
name = cfg.domainName;
description = "Insert instance description here";
email = "webmaster-akkoma@${cfg.domainName}";
notify_email = "noreply@${cfg.domainName}";
limit = 5000;
registrations_open = true;
};
config.":pleroma"."Pleroma.Repo" = {
adapter = (pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
username = "pleroma";
password._secret = "/secrets/akkoma/postgres_password";
database = "pleroma";
hostname = "localhost";
};
config.":web_push_encryption".":vapid_details" = {
subject = "mailto:webmaster-akkoma@${cfg.domainName}";
public_key._secret = "/secrets/akkoma/push_public_key";
private_key._secret = "/secrets/akkoma/push_private_key";
};
config.":joken".":default_signer"._secret = "/secrets/akkoma/joken_signer";
nginx = {
serverAliases = [ "akkoma.${cfg.domainName}" ];
quic = true;
enableACME = true;
forceSSL = true;
};
};
systemd.services.akkoma.path = [ pkgs.exiftool pkgs.gawk ];
systemd.services.akkoma.serviceConfig = {
Restart = "on-failure";
};
systemd.services.akkoma.unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 3;
};
/*locations."/dns-query".extraConfig = ''
grpc_pass grpc://127.0.0.1:53453;
'';*/

View file

@ -1,82 +0,0 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.forgejo) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
};
services.forgejo = {
enable = true;
database = {
createDatabase = false;
type = "postgres";
user = "gitea";
name = "gitea";
passwordFile = "/secrets/forgejo_db_password";
};
lfs.enable = true;
settings = {
federation.ENABLED = true;
"git.timeout" = {
DEFAULT = 6000;
MIGRATE = 60000;
MIRROR = 60000;
GC = 120;
};
mailer = {
ENABLED = true;
FROM = "Forgejo <noreply@${cfg.domainName}>";
PROTOCOL = "smtp";
SMTP_ADDR = "mail.${cfg.domainName}";
SMTP_PORT = 587;
USER = "noreply@${cfg.domainName}";
PASSWD = cfg.unhashedNoreplyPassword;
FORCE_TRUST_SERVER_CERT = true;
};
session = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.${cfg.domainName}";
HTTP_ADDR = "::1";
HTTP_PORT = 3310;
DOMAIN = "git.${cfg.domainName}";
# START_SSH_SERVER = true;
# SSH_PORT = 2222;
};
service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
};
};
services.nginx.virtualHosts."cloud.${cfg.domainName}" = {
quic = true;
enableACME = true;
forceSSL = true;
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line
database.createLocally = false;
config = {
adminpassFile = "/var/lib/nextcloud/admin_password";
dbpassFile = "/var/lib/nextcloud/db_password";
dbtype = "pgsql";
dbhost = "/run/postgresql";
overwriteProtocol = "https";
};
hostName = "cloud.${cfg.domainName}";
https = true;
};
}

View file

@ -61,7 +61,9 @@ in {
translate
rss
];
services.maubot.pythonPackages = (with pkgs.python3.pkgs; [
services.maubot.pythonPackages = [
(pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })
] ++ (with pkgs.python3.pkgs; [
levenshtein
]);
}

View file

@ -23,7 +23,7 @@ in {
# Allow murmur to read the certificate
security.acme.certs."mumble.${cfg.domainName}" = {
group = "nginxandmurmur";
reloadServices = [ "murmur" ];
postRun = "systemctl try-reload-or-restart murmur";
};
users.groups.nginxandmurmur.members = [ "murmur" "nginx" ];

View file

@ -57,6 +57,10 @@
description = "unhashed noreply password for internal access only. \
This should be different from the password that is hashed for better security";
};
pizzabotMagic = mkOption {
type = types.str;
default = "<PIZZABOT_MAGIC_SEP>";
};
};
};
description = "server settings";

View file

@ -1,57 +0,0 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
# locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
locations."/".extraConfig = ''
uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
include ${config.services.nginx.package}/conf/uwsgi_params;
'';
};
services.searx.enable = true;
services.searx.package = pkgs.searxng;
services.searx.runInUwsgi = true;
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
};
services.searx.environmentFile = /var/lib/searx/searx.env;
services.searx.settings = {
use_default_settings = true;
search = {
safe_search = 0;
autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
};
server = {
port = 8888;
bind_address = "::1";
secret_key = "@SEARX_SECRET_KEY@";
base_url = "https://search.${cfg.domainName}/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
outgoing = {
request_timeout = 5.0; # default timeout in seconds, can be override by engine
max_request_timeout = 15.0; # the maximum timeout in seconds
pool_connections = 100; # Maximum number of allowable connections, or null
pool_maxsize = 10; # Number of allowable keep-alive connections, or null
enable_http2 = true; # See https://www.python-httpx.org/http2/
};
};
}

View file

@ -93,7 +93,6 @@ in {
# ISO-8601
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
environment.systemPackages = with pkgs; ([
bottom
wget
git
tmux

View file

@ -75,8 +75,6 @@ in {
{ directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; }
] ++ lib.optionals config.services.gitea.enable [
{ directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; }
] ++ lib.optionals config.services.forgejo.enable [
{ directory = /var/lib/forgejo; user = "forgejo"; group = "forgejo"; mode = "0755"; }
] ++ lib.optionals config.services.matrix-synapse.enable [
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
] ++ lib.optionals config.services.heisenbridge.enable [

View file

@ -5,13 +5,19 @@
let
cfg = config.services.scanservjs;
/*
substituteInPlace src/classes/config.js \
--replace '/usr/bin/scanimage' '${sane-backends}/bin/scanimage' \
--replace '/usr/bin/convert' '${imagemagick}/bin/convert' \
--replace '/usr/bin/tesseract' '${tesseract}/bin/tesseract'
*/
settings = {
scanimage = "${pkgs.sane-backends}/bin/scanimage";
convert = "${pkgs.imagemagick}/bin/convert";
tesseract = "${pkgs.tesseract}/bin/tesseract";
# it defaults to config/devices.json, but "config" dir doesn't exist and scanservjs doesn't create it
devicesPath = "devices.json";
} // cfg.settings;
settingsFormat = pkgs.formats.json { };
leafs = attrs:
@ -52,7 +58,7 @@ let
},
actions: [
${builtins.concatStringsSep ",\n" (map (x: "(${x})") cfg.extraActions)}
${builtins.concatStringsSep ",\n" cfg.extraActions}
],
};
'';
@ -113,7 +119,6 @@ in {
description = "Actions to add to config.local.js's `actions`";
};
};
config = lib.mkIf cfg.enable {
hardware.sane.enable = true;
users.users.scanservjs = {
@ -121,7 +126,7 @@ in {
extraGroups = [ "scanner" "lp" ];
home = cfg.stateDir;
isSystemUser = true;
createHome = lib.mkIf (cfg.stateDir != "/var/lib/scanservjs") true;
createHome = true;
};
users.groups.scanservjs = {};
@ -131,14 +136,14 @@ in {
wantedBy = [ "multi-user.target" ];
# yes, those paths are configurable, but the config option isn't always used...
path = with pkgs; [ coreutils sane-backends imagemagick tesseract ];
environment.NIX_SCANSERVJS_CONFIG_PATH = configFile;
environment.SANE_CONFIG_DIR = "/etc/sane-config";
environment.LD_LIBRARY_PATH = "/etc/sane-libs";
serviceConfig = {
ExecStart = "${package}/bin/scanservjs --config ${configFile}";
ExecStart = "${package}/bin/scanservjs";
Restart = "always";
User = "scanservjs";
Group = "scanservjs";
StateDirectory = lib.mkIf (cfg.stateDir == "/var/lib/scanservjs") "scanservjs";
WorkingDirectory = cfg.stateDir;
};
};