dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: maintain

Browse source
This commit is contained in:
danny 2026-01-20 13:41:53 +08:00
parent 2378a66114
commit 25482857d4
58 changed files with 1095 additions and 747 deletions
Download patch file Download diff file Expand all files Collapse all files

25
system/modules/actual/default.nix
View file

@ -8,21 +8,28 @@
...
}:
let
inherit (builtins) toString;
inherit (lib) mkIf;
finalFqdn = if fqdn != null then fqdn else config.networking.fqdn;
in
{
users.users.actual = {
isSystemUser = true;
group = "actual";
};
users.groups.actual = { };
services = {
actual = {
enable = true;
user = config.users.users.actual.name;
group = config.users.users.actual.group;
settings = {
port = 31000;
hostname = "127.0.0.1";
serverFiles = "/var/lib/actual/server-files";
userFiles = "/var/lib/actual/user-files";
loginMethod = "openid";
};
};
@ -35,11 +42,21 @@ in
};
services.nginx.virtualHosts."${finalFqdn}" = mkIf proxy {
enableACME = true;
forceSSL = true;
locations."/api/".proxyPass =
"http://127.0.0.1:${toString config.services.actual-budget-api.listenPort}/";
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}";
extraConfig = ''
proxy_hide_header Cross-Origin-Embedder-Policy;
proxy_hide_header Cross-Origin-Opener-Policy;
add_header Cross-Origin-Embedder-Policy "require-corp" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Origin-Agent-Cluster "?1" always;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
'';
};
};
}

1
system/modules/grafana.nix
View file

@ -58,7 +58,6 @@ in
// extraConf;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {

16
system/modules/nextcloud.nix
View file

@ -3,7 +3,7 @@
adminpassFile,
datadir ? null,
https ? true,
configureACME ? true,
configureNginx ? true,
trusted-domains ? [ ],
trusted-proxies ? [ ],
whiteboardSecrets ? [ ],
@ -16,13 +16,6 @@
}:
let
inherit (lib) mkIf optionalString;
nextcloudPkg = pkgs.nextcloud32.overrideAttrs (oldAttr: rec {
caBundle = config.security.pki.caBundle;
postPatch = ''
cp ${caBundle} resources/config/ca-bundle.crt
'';
});
in
{
imports = [
@ -86,13 +79,12 @@ in
services.nextcloud = {
enable = true;
package = nextcloudPkg;
configureRedis = true;
hostName = hostname;
https = https;
datadir = lib.mkIf (datadir != null) datadir;
phpExtraExtensions =
all: with all; [
allEx: with allEx; [
imagick
];
@ -153,9 +145,7 @@ in
secrets = whiteboardSecrets;
};
services.nginx.virtualHosts.${hostname} = mkIf configureACME {
enableACME = true;
forceSSL = true;
services.nginx.virtualHosts.${hostname} = mkIf configureNginx {
locations."/whiteboard/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${config.services.nextcloud-whiteboard-server.settings.PORT}/";

13
system/modules/niri.nix
View file

@ -73,7 +73,7 @@ in
extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
};
services.nfsm.enable = false;
services.nfsm.enable = true;
programs.niri.package = osConfig.programs.niri.package;
programs.niri.settings = {
@ -154,6 +154,7 @@ in
matches = [
{ app-id = "^xdg-desktop-portal-gtk$"; }
{ app-id = "^(org.gnome.Nautilus)$"; }
{ app-id = "^(org.gnome.Loupe)$"; }
];
open-floating = true;
}
@ -177,9 +178,9 @@ in
in
{
# ==== Launch ==== #
"Mod+Return".action = sh ''${prefix} ${terminal}'';
"Mod+F".action = sh ''${browser}'';
"Mod+E".action = sh ''${prefix} ${terminal} -e yazi'';
"Mod+Return".action = sh "${prefix} ${terminal}";
"Mod+F".action = sh "${browser}";
"Mod+E".action = sh "${prefix} ${terminal} -e yazi";
"Mod+Ctrl+P".action = spawn "${rbwSelector}";
"Mod+Ctrl+M".action = spawn "${toggleWlogout}";
@ -198,9 +199,9 @@ in
"XF86AudioStop".action = spawn "playerctl" "stop";
"XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_SINK@" "toggle";
"XF86AudioRaiseVolume".action =
sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+'';
sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+";
"XF86AudioLowerVolume".action =
sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-'';
sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-";
"XF86MonBrightnessDown".action = spawn "brightnessctl set ${brightnessStep}%-";
"XF86MonBrightnessUp".action = spawn "brightnessctl set ${brightnessStep}%+";

6
system/modules/nixsettings.nix
View file

@ -1,4 +1,7 @@
{ inputs, ... }:
{ config, inputs, ... }:
let
inherit (config.systemConf) username;
in
{
documentation.nixos.enable = false;
nix = {
@ -14,6 +17,7 @@
warn-dirty = false;
trusted-users = [
"@wheel"
username
];
experimental-features = [
"nix-command"

1
system/modules/paperless-ngx.nix
View file

@ -29,7 +29,6 @@ in
};
services.nginx.virtualHosts."${domain}" = mkIf configureNginx {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
};

3
system/modules/prometheus.nix
View file

@ -7,12 +7,10 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf optionalAttrs;
inherit (builtins) toString;
in
{
services.prometheus.exporters.node = mkIf selfMonitor {
@ -43,7 +41,6 @@ in
};
services.nginx.virtualHosts."${fqdn}" = mkIf configureNginx {
enableACME = true;
forceSSL = true;
locations."/" = {

8
system/modules/shells/noctalia/bar.nix
View file

@ -1,6 +1,10 @@
{ lib }:
let
inherit (lib) mkForce;
in
{
backgroundOpacity = 0.25;
capsuleOpacity = 0;
backgroundOpacity = mkForce 0.25;
capsuleOpacity = mkForce 0;
density = "comfortable";
exclusive = true;
floating = true;

13
system/modules/shells/noctalia/default.nix
View file

@ -2,7 +2,8 @@
let
inherit (config.systemConf) username;
inherit (lib) mkForce mapAttrs;
inherit (builtins) mapAttrs;
inherit (lib) mkForce;
in
{
@ -57,7 +58,7 @@ in
volumeOverdrive = false;
volumeStep = 5;
};
bar = import ./bar.nix;
bar = import ./bar.nix { inherit lib; };
brightness = {
brightnessStep = 5;
enableDdcSupport = false;
@ -98,7 +99,7 @@ in
};
controlCenter = import ./controlCenter.nix;
dock = {
backgroundOpacity = 1;
backgroundOpacity = 1.0;
colorizeIcons = false;
displayMode = "auto_hide";
enabled = false;
@ -162,7 +163,7 @@ in
manualSunset = "18:30";
};
notifications = {
backgroundOpacity = 1;
backgroundOpacity = 1.0;
criticalUrgencyDuration = 15;
enableKeyboardLayoutToast = true;
enabled = true;
@ -176,7 +177,7 @@ in
};
osd = {
autoHideMs = 1500;
backgroundOpacity = 1;
backgroundOpacity = 1.0;
enabled = true;
enabledTypes = [
0
@ -207,7 +208,7 @@ in
fontDefaultScale = 1;
fontFixed = config.stylix.fonts.monospace.name;
fontFixedScale = 1;
panelBackgroundOpacity = 0.25;
panelBackgroundOpacity = mkForce 0.25;
panelsAttachedToBar = true;
settingsPanelAttachToBar = true;
tooltipsEnabled = true;

10
system/modules/systemd-resolv.nix
View file

@ -7,11 +7,9 @@
services.resolved = {
enable = true;
llmnr = "false";
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
domains = [ "~." ];
settings.Resolve = {
LLMNR = false;
Domains = [ "~." ];
};
};
}

5
system/modules/vaultwarden.nix
View file

@ -26,8 +26,8 @@ in
environmentFile = secrets.vaultwarden.path;
config = {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = false;
ROCKET_PORT = 8222;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_LOG = "critical";
@ -42,7 +42,6 @@ in
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.config.ROCKET_PORT}/";