chore: routine maintenance
This commit is contained in:
danny
parent
c45ba82b90
commit
c7743490a7
75 changed files with 1200 additions and 634 deletions
|
|
@ -3,13 +3,14 @@
|
|||
proxy ? true,
|
||||
}:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
inherit (builtins) toString;
|
||||
inherit (lib) mkIf;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
systemd.services.flatpak-repo = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.flatpak ];
|
||||
script = ''
|
||||
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||
'';
|
||||
};
|
||||
|
||||
services = {
|
||||
flatpak.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -4,7 +4,9 @@
|
|||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (config.systemConf) username;
|
||||
in
|
||||
{
|
||||
nix = {
|
||||
settings = {
|
||||
|
|
@ -17,12 +19,17 @@
|
|||
|
||||
programs.gamescope.enable = lib.mkDefault true;
|
||||
|
||||
users.users.${username}.extraGroups = [ "gamemode" ];
|
||||
|
||||
programs = {
|
||||
steam = {
|
||||
enable = true;
|
||||
protontricks.enable = true;
|
||||
gamescopeSession.enable = true;
|
||||
extest.enable = true;
|
||||
extraCompatPackages = with pkgs; [
|
||||
proton-ge-bin
|
||||
];
|
||||
remotePlay.openFirewall = true;
|
||||
dedicatedServer.openFirewall = true;
|
||||
localNetworkGameTransfers.openFirewall = true;
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
pkgs-hyprland = inputs.hyprland.inputs.nixpkgs.legacyPackages.${system};
|
||||
in
|
||||
{
|
||||
|
|
@ -17,8 +17,8 @@ in
|
|||
package = pkgs-hyprland.mesa;
|
||||
extraPackages = with pkgs; [
|
||||
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
vaapiVdpau
|
||||
(vaapiIntel.override {
|
||||
libva-vdpau-driver
|
||||
(intel-vaapi-driver.override {
|
||||
enableHybridCodec = true;
|
||||
})
|
||||
libvdpau-va-gl
|
||||
|
|
|
|||
|
|
@ -23,28 +23,6 @@ let
|
|||
cp ${caBundle} resources/config/ca-bundle.crt
|
||||
'';
|
||||
});
|
||||
|
||||
# Patch for downloading models. Hardcoded to `/var/lib/nextcloud/models`
|
||||
recognize = pkgs.stdenvNoCC.mkDerivation (finalAttrs: {
|
||||
pname = "recognize-patched";
|
||||
version = "10.0.4";
|
||||
|
||||
src = pkgs.fetchNextcloudApp {
|
||||
url = "https://github.com/nextcloud/recognize/releases/download/v10.0.4/recognize-10.0.4.tar.gz";
|
||||
sha256 = "sha256-/RHnnvGJMcxe4EuceYc20xh3qkYy1ZzGsyvp0h03eLk=";
|
||||
license = "agpl3Plus";
|
||||
};
|
||||
|
||||
patches = [
|
||||
../../pkgs/patches/nextcloud_recognize_models_path.patch
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r . $out/
|
||||
'';
|
||||
});
|
||||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
|
|
@ -90,14 +68,13 @@ in
|
|||
inherit (config.services.nextcloud.package.packages.apps)
|
||||
contacts
|
||||
calendar
|
||||
tasks
|
||||
whiteboard
|
||||
user_oidc
|
||||
memories
|
||||
recognize # May break
|
||||
recognize
|
||||
;
|
||||
|
||||
# inherit recognize;
|
||||
|
||||
camerarawpreviews = pkgs.fetchNextcloudApp {
|
||||
url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz";
|
||||
sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I=";
|
||||
|
|
@ -138,7 +115,7 @@ in
|
|||
services.nextcloud-whiteboard-server = {
|
||||
enable = true;
|
||||
settings = {
|
||||
NEXTCLOUD_URL = "http${optionalString configureACME "s"}://${hostname}";
|
||||
NEXTCLOUD_URL = "http${optionalString https "s"}://${hostname}";
|
||||
PORT = "3002";
|
||||
};
|
||||
secrets = whiteboardSecrets;
|
||||
|
|
|
|||
|
|
@ -4,9 +4,11 @@
|
|||
nix = {
|
||||
settings = {
|
||||
substituters = [
|
||||
"https://yazi.cachix.org"
|
||||
"https://cache.net.dn/dn-main"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
|
||||
"dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k="
|
||||
];
|
||||
warn-dirty = false;
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ lib.checkListOfEnum "Nvidia Prime Mode" validModes [ nvidia-mode ] {
|
|||
enable32Bit = true;
|
||||
extraPackages = with pkgs; [
|
||||
nvidia-vaapi-driver
|
||||
vaapiVdpau
|
||||
libva-vdpau-driver
|
||||
libvdpau-va-gl
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,9 +1,11 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
in
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
file
|
||||
|
|
@ -31,7 +33,7 @@
|
|||
p7zip
|
||||
killall
|
||||
zip
|
||||
glxinfo # OpenGL info
|
||||
mesa-demos # OpenGL info
|
||||
pciutils # PCI info
|
||||
xdotool # Keyboard input simulation
|
||||
ffmpeg # Video encoding
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ in
|
|||
};
|
||||
PAPERLESS_URL = "http${optionalString configureNginx "s"}://${domain}";
|
||||
};
|
||||
configureTika = true;
|
||||
configureTika = false;
|
||||
database.createLocally = true;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -6,11 +6,9 @@
|
|||
../auto-mount.nix
|
||||
../bluetooth.nix
|
||||
../display-manager.nix
|
||||
../flatpak.nix
|
||||
../obs-studio.nix
|
||||
../plymouth.nix
|
||||
../polkit.nix
|
||||
../security.nix
|
||||
../hyprland.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -17,5 +17,6 @@
|
|||
../ca.nix
|
||||
../sops-nix.nix
|
||||
../gc.nix
|
||||
../security.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,13 +12,6 @@
|
|||
];
|
||||
|
||||
programs = {
|
||||
gnupg = {
|
||||
agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
|
||||
neovim = {
|
||||
enable = true;
|
||||
configure = {
|
||||
|
|
|
|||
|
|
@ -1,12 +1,34 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
security.sudo-rs = {
|
||||
enable = true;
|
||||
execWheelOnly = true;
|
||||
extraConfig = ''
|
||||
Defaults timestamp_timeout=0
|
||||
'';
|
||||
};
|
||||
|
||||
security.sudo.enable = !config.security.sudo-rs.enable;
|
||||
|
||||
# ==== PAM u2f ===== #
|
||||
# $ nix shell nixpkgs#pam_u2f
|
||||
# $ mkdir -p ~/.config/Yubico
|
||||
# $ pamu2fcfg > ~/.config/Yubico/u2f_keys
|
||||
security.pam = {
|
||||
services.hyprlock = { };
|
||||
services.hyprlock = {
|
||||
u2fAuth = false;
|
||||
};
|
||||
services = {
|
||||
sudo.u2fAuth = true;
|
||||
login.u2fAuth = true;
|
||||
};
|
||||
|
||||
u2f = {
|
||||
|
|
@ -16,7 +38,5 @@
|
|||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
yubikey-manager
|
||||
];
|
||||
programs.yubikey-manager.enable = true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
{
|
||||
adminPassFile,
|
||||
dbPassFile,
|
||||
dkimKey,
|
||||
ldapConf,
|
||||
domain ? null,
|
||||
acmeConf ? null,
|
||||
acmeConfs ? null,
|
||||
certs ? null,
|
||||
enableNginx ? true,
|
||||
}:
|
||||
{
|
||||
|
|
@ -16,15 +15,6 @@ let
|
|||
inherit (lib) mkIf;
|
||||
|
||||
logFilePath = "${config.services.stalwart-mail.dataDir}/logs";
|
||||
mkCondition = (
|
||||
condition: ithen: ielse: [
|
||||
{
|
||||
"if" = condition;
|
||||
"then" = ithen;
|
||||
}
|
||||
{ "else" = ielse; }
|
||||
]
|
||||
);
|
||||
in
|
||||
{
|
||||
services.postgresql = {
|
||||
|
|
@ -104,7 +94,8 @@ in
|
|||
hostname = "mx1.${domain}";
|
||||
domain = "${domain}";
|
||||
};
|
||||
acme."letsencrypt" = mkIf (acmeConf != null) acmeConf;
|
||||
acme = mkIf (acmeConfs != null) acmeConfs;
|
||||
certificate = mkIf (certs != null) certs;
|
||||
|
||||
directory = {
|
||||
"in-memory" = {
|
||||
|
|
@ -120,9 +111,10 @@ in
|
|||
};
|
||||
"ldap" = ldapConf;
|
||||
imap.lookup.domains = [
|
||||
domain
|
||||
"mx1.${domain}"
|
||||
];
|
||||
};
|
||||
|
||||
authentication.fallback-admin = {
|
||||
user = "admin";
|
||||
secret = "%{file:${adminPassFile}}%";
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ in
|
|||
monospace = caskaydia;
|
||||
|
||||
emoji = {
|
||||
package = pkgs.noto-fonts-emoji;
|
||||
package = pkgs.noto-fonts-color-emoji;
|
||||
name = "Noto Color Emoji";
|
||||
};
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ in
|
|||
jetbrains-mono
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
noto-fonts-emoji
|
||||
noto-fonts-color-emoji
|
||||
liberation_ttf
|
||||
# dfkai-sb
|
||||
sf-pro-display-bold
|
||||
|
|
|
|||
|
|
@ -33,7 +33,9 @@
|
|||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass =
|
||||
"http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,25 @@
|
|||
{
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
docker.daemon.settings = {
|
||||
containers = {
|
||||
enable = true;
|
||||
containersConf.settings.compose_warning_logs = false;
|
||||
};
|
||||
oci-containers.backend = "podman";
|
||||
podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
spiceUSBRedirection.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
dive # look into docker image layers
|
||||
podman-tui
|
||||
podman-compose
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue