merge
This commit is contained in:
commit
91544b0b5b
@ -1,4 +1,7 @@
|
||||
#+TITLE: xin
|
||||
xin
|
||||
===
|
||||
|
||||
Ever growing nix configuration. It started as a single host and has eventually
|
||||
consumed more and more machines in my environment!
|
||||
|
||||
![xin](./xintray-logo.png)
|
13
bin/ci
13
bin/ci
@ -2,6 +2,11 @@
|
||||
|
||||
. ./common.sh
|
||||
|
||||
if [ -f ./lock ]; then
|
||||
msg "${SCRIPT_NAME} locked..."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
direnv allow
|
||||
|
||||
CMD=${1:-""}
|
||||
@ -49,15 +54,23 @@ if [ "${1}" = "update" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
current_hash="$(git rev-parse HEAD)"
|
||||
|
||||
if ! nix flake lock --commit-lock-file --update-input "$inp"; then
|
||||
handle_update_fail "$inp"
|
||||
continue
|
||||
fi
|
||||
|
||||
maybe_new_hash="$(git rev-parse HEAD)"
|
||||
|
||||
if [ "${current_hash}" != "${maybe_new_hash}" ]; then
|
||||
if ! nix flake check --print-build-logs; then
|
||||
handle_update_check_fail "$inp"
|
||||
continue
|
||||
fi
|
||||
else
|
||||
msg "No change in input, skipping checks."
|
||||
fi
|
||||
|
||||
if ! git checkout "${ci_branch}"; then
|
||||
handle_co_fail "${ci_branch}"
|
||||
|
2
bin/fmt
2
bin/fmt
@ -2,7 +2,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
find . -name \*.nix -exec nix fmt {} \+
|
||||
find . -name \*.nix -exec nix fmt -- -q {} \+
|
||||
find . -name \*.sh -exec shfmt -w {} \+
|
||||
|
||||
deadnix -f .
|
||||
|
18
bin/update-openssh
Executable file
18
bin/update-openssh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/bin/sh
|
||||
|
||||
ATOM="$(curl -s https://github.com/openssh/openssh-portable/commits/master.atom)"
|
||||
CURRENT="$(cat pkgs/openssh/version.json)"
|
||||
|
||||
COMMIT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].id' | awk -F/ '{print $NF}')"
|
||||
COMMENT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].title')"
|
||||
UPDATED="$(echo $ATOM | dasel -rxml 'feed.entry.[0].updated' | awk -FT '{print $1}')"
|
||||
|
||||
CURRENT_COMMIT="$(echo $CURRENT | jq -r .rev)"
|
||||
|
||||
if [ "${CURRENT_COMMIT}" != "${COMMIT}" ]; then
|
||||
nix-prefetch-github openssh openssh-portable \
|
||||
-rev "${COMMIT}" \
|
||||
--json > pkgs/openssh/version.json
|
||||
else
|
||||
echo "No updates."
|
||||
fi
|
@ -18,9 +18,11 @@
|
||||
inherit gosignify;
|
||||
inherit (pkgs) curl;
|
||||
});
|
||||
genPatches = pkgs.callPackage ./gen-patches.nix {};
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
checkRestart
|
||||
genPatches
|
||||
ix
|
||||
sfetch
|
||||
tstart
|
||||
|
55
bins/gen-patches.nix
Normal file
55
bins/gen-patches.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
writeShellApplication,
|
||||
diffutils,
|
||||
findutils,
|
||||
coreutils,
|
||||
...
|
||||
}: let
|
||||
genPatches = writeShellApplication {
|
||||
name = "gen-patches";
|
||||
runtimeInputs = [diffutils findutils coreutils];
|
||||
text = ''
|
||||
suffix=".orig"
|
||||
srcdir=$PWD
|
||||
output="$PWD/patches"
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 [-s suffix (default .orig)] [-d source directory (default PWD)] [-o output directory (default PWD/patches)]" 1>&2;
|
||||
exit 1;
|
||||
}
|
||||
|
||||
while getopts "d:ho:s:" arg; do
|
||||
case $arg in
|
||||
d)
|
||||
srcdir=$OPTARG
|
||||
;;
|
||||
h)
|
||||
usage
|
||||
;;
|
||||
s)
|
||||
suffix=$OPTARG
|
||||
;;
|
||||
o)
|
||||
output=$OPTARG
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
esac
|
||||
done
|
||||
|
||||
mkdir -p "$output"
|
||||
|
||||
# hold my be er!
|
||||
# shellcheck disable=SC2044
|
||||
for patch in $(find "$srcdir" -name "*$suffix"); do
|
||||
fname=$(basename "$patch" "$suffix")
|
||||
dname=$(dirname "$patch")
|
||||
file="$dname/$fname"
|
||||
outfile="$(echo "$dname/$fname" | sed 's;/;_;g').diff"
|
||||
diff -u "$patch" "$file" > "$output/$outfile" || \
|
||||
echo "==> Created patch: $output/$outfile"
|
||||
done
|
||||
'';
|
||||
};
|
||||
in
|
||||
genPatches
|
@ -7,12 +7,17 @@
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Data::Dumper;
|
||||
use MIME::Base64;
|
||||
|
||||
use lib "${perlPackages.JSON}/${perl.libPrefix}/${perl.version}/";
|
||||
use JSON qw{ decode_json encode_json };
|
||||
|
||||
my $info = decode_json(`nixos-version --json`);
|
||||
$info->{needs_restart} = system('check-restart >/dev/null') == 0 ? JSON::false : JSON::true;
|
||||
my $sys_diff = `nix store diff-closures /run/booted-system /run/current-system`;
|
||||
$sys_diff =~ s/\e\[[0-9;]*m(?:\e\[K)?//g;
|
||||
|
||||
$info->{system_diff} = encode_base64($sys_diff);
|
||||
|
||||
print encode_json $info;
|
||||
''
|
||||
|
@ -6,6 +6,7 @@
|
||||
xinlib,
|
||||
...
|
||||
}: let
|
||||
inherit (xinlib) prIsOpen;
|
||||
jobs = [
|
||||
{
|
||||
name = "xin-ci-update";
|
||||
@ -105,6 +106,6 @@ in
|
||||
#};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
|
||||
};
|
||||
}
|
||||
|
@ -20,7 +20,17 @@ with lib; {
|
||||
services.xserver = {
|
||||
layout = "us";
|
||||
xkbVariant = "colemak";
|
||||
xkbOptions = "ctrl:swapcaps";
|
||||
xkbOptions = "ctrl:swapcaps,compose:ralt";
|
||||
inputClassSections = [
|
||||
''
|
||||
Identifier "precursor"
|
||||
MatchIsKeyboard "on"
|
||||
MatchProduct "Precursor"
|
||||
MatchVendor "Kosagi"
|
||||
Option "XkbLayout" "us"
|
||||
Option "XkbVariant" "basic"
|
||||
''
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -3,7 +3,6 @@
|
||||
./ca.nix
|
||||
./ci.nix
|
||||
./colemak.nix
|
||||
./develop.nix
|
||||
./dns.nix
|
||||
./doas.nix
|
||||
./git.nix
|
||||
|
@ -1,20 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
options = {
|
||||
jetbrains = {enable = mkEnableOption "Install JetBrains editors";};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf config.jetbrains.enable {
|
||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) ["idea-ultimate"];
|
||||
|
||||
environment.systemPackages = with pkgs; [jetbrains.idea-ultimate sshfs];
|
||||
})
|
||||
];
|
||||
}
|
4
configs/doom.d/config.el
Normal file
4
configs/doom.d/config.el
Normal file
@ -0,0 +1,4 @@
|
||||
(setq
|
||||
acme-theme-black-fg t)
|
||||
|
||||
(load-theme 'acme t)
|
186
configs/doom.d/init.el
Normal file
186
configs/doom.d/init.el
Normal file
@ -0,0 +1,186 @@
|
||||
;;; init.el -*- lexical-binding: t; -*-
|
||||
|
||||
;; This file controls what Doom modules are enabled and what order they load
|
||||
;; in. Remember to run 'doom sync' after modifying it!
|
||||
|
||||
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
|
||||
;; documentation. There you'll find a "Module Index" link where you'll find
|
||||
;; a comprehensive list of Doom's modules and what flags they support.
|
||||
|
||||
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
|
||||
;; 'C-c c k' for non-vim users) to view its documentation. This works on
|
||||
;; flags as well (those symbols that start with a plus).
|
||||
;;
|
||||
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
|
||||
;; directory (for easy access to its source code).
|
||||
|
||||
(doom! :input
|
||||
|
||||
:completion
|
||||
company ; the ultimate code completion backend
|
||||
vertico ; the search engine of the future
|
||||
|
||||
:ui
|
||||
doom ; what makes DOOM look the way it does
|
||||
doom-dashboard ; a nifty splash screen for Emacs
|
||||
doom-quit ; DOOM quit-message prompts when you quit Emacs
|
||||
doom-theme
|
||||
;;(emoji +unicode) ; 🙂
|
||||
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
|
||||
;;hydra
|
||||
;;indent-guides ; highlighted indent columns
|
||||
;;ligatures ; ligatures and symbols to make your code pretty again
|
||||
;;minimap ; show a map of the code on the side
|
||||
modeline ; snazzy, Atom-inspired modeline, plus API
|
||||
;;nav-flash ; blink cursor line after big motions
|
||||
;;neotree ; a project drawer, like NERDTree for vim
|
||||
ophints ; highlight the region an operation acts on
|
||||
(popup +defaults) ; tame sudden yet inevitable temporary windows
|
||||
;;tabs ; a tab bar for Emacs
|
||||
treemacs ; a project drawer, like neotree but cooler
|
||||
unicode ; extended unicode support for various languages
|
||||
vc-gutter ; vcs diff in the fringe
|
||||
vi-tilde-fringe ; fringe tildes to mark beyond EOB
|
||||
;;window-select ; visually switch windows
|
||||
workspaces ; tab emulation, persistence & separate workspaces
|
||||
;;zen ; distraction-free coding or writing
|
||||
|
||||
:editor
|
||||
(evil +everywhere); come to the dark side, we have cookies
|
||||
file-templates ; auto-snippets for empty files
|
||||
fold ; (nigh) universal code folding
|
||||
(format +onsave) ; automated prettiness
|
||||
;;god ; run Emacs commands without modifier keys
|
||||
;;lispy ; vim for lisp, for people who don't like vim
|
||||
;;multiple-cursors ; editing in many places at once
|
||||
;;objed ; text object editing for the innocent
|
||||
;;parinfer ; turn lisp into python, sort of
|
||||
;;rotate-text ; cycle region at point between text candidates
|
||||
snippets ; my elves. They type so I don't have to
|
||||
;;word-wrap ; soft wrapping with language-aware indent
|
||||
|
||||
:emacs
|
||||
dired ; making dired pretty [functional]
|
||||
electric ; smarter, keyword-based electric-indent
|
||||
;;ibuffer ; interactive buffer management
|
||||
undo ; persistent, smarter undo for your inevitable mistakes
|
||||
vc ; version-control and Emacs, sitting in a tree
|
||||
|
||||
:term
|
||||
;;eshell ; the elisp shell that works everywhere
|
||||
;;shell ; simple shell REPL for Emacs
|
||||
;;term ; basic terminal emulator for Emacs
|
||||
;;vterm ; the best terminal emulation in Emacs
|
||||
|
||||
:checkers
|
||||
syntax ; tasing you for every semicolon you forget
|
||||
(spell +flyspell) ; tasing you for misspelling mispelling
|
||||
;;grammar ; tasing grammar mistake every you make
|
||||
|
||||
:tools
|
||||
;;ansible
|
||||
;;biblio ; Writes a PhD for you (citation needed)
|
||||
;;debugger ; FIXME stepping through code, to help you add bugs
|
||||
direnv
|
||||
;;docker
|
||||
;;editorconfig ; let someone else argue about tabs vs spaces
|
||||
;;ein ; tame Jupyter notebooks with emacs
|
||||
(eval +overlay) ; run code, run (also, repls)
|
||||
;;gist ; interacting with github gists
|
||||
lookup ; navigate your code and its documentation
|
||||
;;lsp ; M-x vscode
|
||||
magit ; a git porcelain for Emacs
|
||||
;;make ; run make tasks from Emacs
|
||||
;;pass ; password manager for nerds
|
||||
;;pdf ; pdf enhancements
|
||||
;;prodigy ; FIXME managing external services & code builders
|
||||
;;rgb ; creating color strings
|
||||
;;taskrunner ; taskrunner for all your projects
|
||||
;;terraform ; infrastructure as code
|
||||
;;tmux ; an API for interacting with tmux
|
||||
;;upload ; map local to remote projects via ssh/ftp
|
||||
|
||||
:os
|
||||
(:if IS-MAC macos) ; improve compatibility with macOS
|
||||
;;tty ; improve the terminal Emacs experience
|
||||
|
||||
:lang
|
||||
;;agda ; types of types of types of types...
|
||||
;;beancount ; mind the GAAP
|
||||
;;cc ; C > C++ == 1
|
||||
clojure ; java with a lisp
|
||||
;;common-lisp ; if you've seen one lisp, you've seen them all
|
||||
;;coq ; proofs-as-programs
|
||||
;;crystal ; ruby at the speed of c
|
||||
;;csharp ; unity, .NET, and mono shenanigans
|
||||
;;data ; config/data formats
|
||||
;;(dart +flutter) ; paint ui and not much else
|
||||
;;dhall
|
||||
;;elixir ; erlang done right
|
||||
elm ; care for a cup of TEA?
|
||||
emacs-lisp ; drown in parentheses
|
||||
erlang ; an elegant language for a more civilized age
|
||||
;;ess ; emacs speaks statistics
|
||||
;;factor
|
||||
;;faust ; dsp, but you get to keep your soul
|
||||
;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER)
|
||||
;;fsharp ; ML stands for Microsoft's Language
|
||||
;;fstar ; (dependent) types and (monadic) effects and Z3
|
||||
;;gdscript ; the language you waited for
|
||||
(go +lsp) ; the hipster dialect
|
||||
(haskell +lsp) ; a language that's lazier than I am
|
||||
;;hy ; readability of scheme w/ speed of python
|
||||
;;idris ; a language you can depend on
|
||||
;;json ; At least it ain't XML
|
||||
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
|
||||
javascript ; all(hope(abandon(ye(who(enter(here))))))
|
||||
;;julia ; a better, faster MATLAB
|
||||
;;kotlin ; a better, slicker Java(Script)
|
||||
latex ; writing papers in Emacs has never been so fun
|
||||
;;lean ; for folks with too much to prove
|
||||
;;ledger ; be audit you can be
|
||||
lua ; one-based indices? one-based indices
|
||||
markdown ; writing docs for people to ignore
|
||||
;;nim ; python + lisp at the speed of c
|
||||
nix ; I hereby declare "nix geht mehr!"
|
||||
ocaml ; an objective camel
|
||||
org ; organize your plain life in plain text
|
||||
;;php ; perl's insecure younger brother
|
||||
;;plantuml ; diagrams for confusing people more
|
||||
;;purescript ; javascript, but functional
|
||||
;;python ; beautiful is better than ugly
|
||||
;;qt ; the 'cutest' gui framework ever
|
||||
;;racket ; a DSL for DSLs
|
||||
;;raku ; the artist formerly known as perl6
|
||||
;;rest ; Emacs as a REST client
|
||||
;;rst ; ReST in peace
|
||||
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
|
||||
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
|
||||
;;scala ; java, but good
|
||||
;;(scheme +guile) ; a fully conniving family of lisps
|
||||
sh ; she sells {ba,z,fi}sh shells on the C xor
|
||||
;;sml
|
||||
;;solidity ; do you need a blockchain? No.
|
||||
;;swift ; who asked for emoji variables?
|
||||
;;terra ; Earth and Moon in alignment for performance.
|
||||
web ; the tubes
|
||||
;;yaml ; JSON, but readable
|
||||
zig ; C, but simpler
|
||||
|
||||
:email
|
||||
(mu4e +org)
|
||||
;;notmuch
|
||||
;;(wanderlust +gmail)
|
||||
|
||||
:app
|
||||
;;calendar
|
||||
;;emms
|
||||
;;everywhere ; *leave* Emacs!? You must be joking
|
||||
;;irc ; how neckbeards socialize
|
||||
;;(rss +org) ; emacs as an RSS reader
|
||||
;;twitter ; twitter client https://twitter.com/vnought
|
||||
|
||||
:config
|
||||
;;literate
|
||||
(default +bindings +smartparens))
|
||||
|
1
configs/doom.d/packages.el
Normal file
1
configs/doom.d/packages.el
Normal file
@ -0,0 +1 @@
|
||||
(package! acme-theme)
|
@ -25,6 +25,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
imports = [./tailnet.nix];
|
||||
config = mkIf config.nixManager.enable {
|
||||
sops.defaultSopsFile = config.xin-secrets.manager;
|
||||
sops.secrets = {
|
||||
|
@ -25,8 +25,8 @@ require("compe").setup {
|
||||
nvim_lua = true,
|
||||
vsnip = true,
|
||||
ultisnips = true,
|
||||
luasnip = true,
|
||||
},
|
||||
luasnip = true
|
||||
}
|
||||
}
|
||||
|
||||
local telescope = require('telescope')
|
||||
@ -41,20 +41,16 @@ require("nvim-tree").setup({
|
||||
file = false,
|
||||
folder = false,
|
||||
folder_arrow = false,
|
||||
git = true,
|
||||
},
|
||||
},
|
||||
},
|
||||
git = true
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
require('obsidian').setup({
|
||||
dir = "~/Brain",
|
||||
daily_notes = {
|
||||
folder = "Daily",
|
||||
},
|
||||
completion = {
|
||||
nvim_cmp = false,
|
||||
}
|
||||
daily_notes = {folder = "Daily"},
|
||||
completion = {nvim_cmp = false}
|
||||
})
|
||||
|
||||
require'nvim-treesitter.configs'.setup({})
|
||||
@ -69,15 +65,7 @@ local lspc = require('lspconfig')
|
||||
lspc.elmls.setup {};
|
||||
lspc.gopls.setup {};
|
||||
lspc.hls.setup {};
|
||||
lspc.lua_ls.setup {
|
||||
settings = {
|
||||
Lua = {
|
||||
diagnostics = {
|
||||
globals = {'vim'},
|
||||
},
|
||||
},
|
||||
},
|
||||
};
|
||||
lspc.lua_ls.setup {settings = {Lua = {diagnostics = {globals = {'vim'}}}}};
|
||||
lspc.nil_ls.setup {};
|
||||
lspc.perlpls.setup {};
|
||||
lspc.solargraph.setup {};
|
||||
@ -116,6 +104,7 @@ vim.keymap.set('n', '<space>e', vim.diagnostic.open_float)
|
||||
vim.keymap.set('n', '[d', vim.diagnostic.goto_prev)
|
||||
vim.keymap.set('n', ']d', vim.diagnostic.goto_next)
|
||||
vim.keymap.set('n', '<space>q', vim.diagnostic.setloclist)
|
||||
vim.keymap.set('n', '<space>f', ':Neoformat<CR>')
|
||||
|
||||
vim.api.nvim_create_autocmd('LspAttach', {
|
||||
group = vim.api.nvim_create_augroup('UserLspConfig', {}),
|
||||
@ -125,22 +114,17 @@ vim.api.nvim_create_autocmd('LspAttach', {
|
||||
vim.keymap.set('n', '<space>D', vim.lsp.buf.type_definition, opts)
|
||||
vim.keymap.set('n', '<space>rn', vim.lsp.buf.rename, opts)
|
||||
vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts)
|
||||
vim.keymap.set('n', '<space>f', function()
|
||||
vim.lsp.buf.format { async = true }
|
||||
end, opts)
|
||||
end,
|
||||
-- vim.keymap.set('n', '<space>f', function()
|
||||
-- vim.lsp.buf.format { async = true }
|
||||
-- end, opts)
|
||||
end
|
||||
})
|
||||
|
||||
vim.g.tagbar_type_elm = {
|
||||
ctagstype = 'elm',
|
||||
kinds = {
|
||||
'f:function:0:0',
|
||||
'm:modules:0:0',
|
||||
'i:imports:1:0',
|
||||
't:types:1:0',
|
||||
'a:type aliases:0:0',
|
||||
'c:type constructors:0:0',
|
||||
'p:ports:0:0',
|
||||
'f:function:0:0', 'm:modules:0:0', 'i:imports:1:0', 't:types:1:0',
|
||||
'a:type aliases:0:0', 'c:type constructors:0:0', 'p:ports:0:0',
|
||||
's:functions:0:0'
|
||||
}
|
||||
}
|
||||
@ -148,13 +132,7 @@ vim.g.tagbar_type_elm = {
|
||||
vim.g.tagbar_type_typescript = {
|
||||
ctagstype = 'typescript',
|
||||
kinds = {
|
||||
'c:classes',
|
||||
'n:modules',
|
||||
'f:functions',
|
||||
'v:variables',
|
||||
'v:varlambdas',
|
||||
'm:members',
|
||||
'i:interfaces',
|
||||
'e:enums'
|
||||
'c:classes', 'n:modules', 'f:functions', 'v:variables', 'v:varlambdas',
|
||||
'm:members', 'i:interfaces', 'e:enums'
|
||||
}
|
||||
}
|
||||
|
@ -108,10 +108,12 @@ with pkgs; let
|
||||
};
|
||||
|
||||
baseVimPackages = with vimPlugins; [
|
||||
ale
|
||||
elm-vim
|
||||
fugitive
|
||||
fzf-vim
|
||||
haskell-vim
|
||||
neoformat
|
||||
nvim-compe
|
||||
nvim-lspconfig
|
||||
nvim-tree-lua
|
||||
@ -145,6 +147,7 @@ with pkgs; let
|
||||
else baseVimPackages ++ [];
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
alejandra
|
||||
elmPackages.elm
|
||||
elmPackages.elm-format
|
||||
elmPackages.elm-language-server
|
||||
@ -159,6 +162,7 @@ in {
|
||||
luajitPackages.lua-lsp
|
||||
manix
|
||||
nodejs
|
||||
nodePackages.prettier
|
||||
nodePackages.typescript-language-server
|
||||
perl
|
||||
perlPackages.PerlCritic
|
||||
|
104
configs/tailnet.nix
Normal file
104
configs/tailnet.nix
Normal file
@ -0,0 +1,104 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
xinlib,
|
||||
...
|
||||
}: let
|
||||
tailnetACLs = let
|
||||
acls = {
|
||||
hosts = {
|
||||
europa = "100.92.31.80";
|
||||
startpage = "100.120.84.116";
|
||||
startdev = "100.92.56.119";
|
||||
go = "100.117.47.51";
|
||||
nbc = "100.122.61.43"; # nix-binary-cache
|
||||
console = "100.87.112.70";
|
||||
box = "100.120.151.126";
|
||||
};
|
||||
|
||||
tagOwners = {
|
||||
"tag:untrusted" = ["qbit@github"];
|
||||
"tag:minservice" = ["qbit@github"];
|
||||
"tag:sshonly" = ["qbit@github"];
|
||||
"tag:apper" = ["qbit@github"];
|
||||
"tag:golink" = ["qbit@github"];
|
||||
"tag:lab" = ["qbit@github"];
|
||||
};
|
||||
|
||||
acls = [
|
||||
{
|
||||
action = "accept";
|
||||
src = ["tag:untrusted"];
|
||||
dst = [
|
||||
"europa:22"
|
||||
"europa:12304"
|
||||
"startpage:443"
|
||||
"startdev:443"
|
||||
"go:80"
|
||||
"tag:lab:22"
|
||||
"nbc:443"
|
||||
];
|
||||
}
|
||||
{
|
||||
action = "accept";
|
||||
src = ["tag:minservice" "tag:sshonly"];
|
||||
dst = ["*:22" "box:3030" "nbc:443" "console:2222"];
|
||||
}
|
||||
{
|
||||
action = "accept";
|
||||
src = ["qbit@github"];
|
||||
dst = ["*:*"];
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
pkgs.writeTextFile {
|
||||
name = "tailnet-acls.json";
|
||||
text = builtins.toJSON acls;
|
||||
};
|
||||
aclUpdateScript = pkgs.writeShellScriptBin "tailnet-acl-updater" ''
|
||||
set -eu
|
||||
|
||||
. ${config.sops.secrets.po_env.path}
|
||||
|
||||
JQ=${pkgs.jq}/bin/jq
|
||||
PO=${inputs.po.packages.${pkgs.system}.po}/bin/po
|
||||
|
||||
APIURL="https://api.tailscale.com/api/v2/tailnet/-/acl"
|
||||
TOKEN="$(cat ${config.sops.secrets.tailnet_acl_manager.path}):"
|
||||
|
||||
ERROR="$(${pkgs.curl}/bin/curl "$APIURL/validate" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)"
|
||||
|
||||
if [ "$ERROR" = "null" ]; then
|
||||
RESP="$(${pkgs.curl}/bin/curl "$APIURL" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)"
|
||||
if [ "$RESP" != "null" ]; then
|
||||
$PO -title "Failed to update TailNet!" -body "$RESP"
|
||||
fi
|
||||
fi
|
||||
'';
|
||||
jobs = [
|
||||
{
|
||||
name = "update-talenet-acls";
|
||||
script = "${aclUpdateScript}/bin/tailnet-acl-updater";
|
||||
startAt = "*:30:00";
|
||||
path = [];
|
||||
inherit (config.nixManager) user;
|
||||
}
|
||||
];
|
||||
enabled = config.nixManager.enable;
|
||||
in
|
||||
with lib; {
|
||||
sops.secrets = mkIf enabled {
|
||||
tailnet_acl_manager = {
|
||||
owner = config.nixManager.user;
|
||||
sopsFile = config.xin-secrets.manager;
|
||||
};
|
||||
po_env = {
|
||||
owner = config.nixManager.user;
|
||||
sopsFile = config.xin-secrets.manager;
|
||||
};
|
||||
};
|
||||
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
|
||||
}
|
16
default.nix
16
default.nix
@ -17,6 +17,7 @@
|
||||
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
|
||||
'';
|
||||
gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;};
|
||||
myOpenSSH = pkgs.callPackage ./pkgs/openssh {};
|
||||
in {
|
||||
imports = [
|
||||
./configs
|
||||
@ -136,14 +137,14 @@ in {
|
||||
|
||||
nix = {
|
||||
settings =
|
||||
if config.networking.hostName != "pwntie"
|
||||
then {
|
||||
if config.xinCI.enable
|
||||
then {}
|
||||
else {
|
||||
substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"];
|
||||
trusted-public-keys = [
|
||||
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||
];
|
||||
}
|
||||
else {};
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs;
|
||||
@ -161,8 +162,8 @@ in {
|
||||
lz4
|
||||
minisign
|
||||
mosh
|
||||
nb
|
||||
nix-diff
|
||||
nixfmt
|
||||
nix-index
|
||||
nix-top
|
||||
pass
|
||||
@ -182,7 +183,6 @@ in {
|
||||
|
||||
time.timeZone = "US/Mountain";
|
||||
|
||||
documentation.enable = true;
|
||||
documentation.man.enable = true;
|
||||
|
||||
networking.timeServers = options.networking.timeServers.default;
|
||||
@ -191,6 +191,8 @@ in {
|
||||
zsh.enable = true;
|
||||
gnupg.agent.enable = true;
|
||||
ssh = {
|
||||
package = myOpenSSH.openssh;
|
||||
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
|
||||
knownHosts = {
|
||||
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
|
||||
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
|
||||
@ -212,7 +214,7 @@ in {
|
||||
|
||||
environment.etc."ssh/ca.pub" = {text = caPubKeys;};
|
||||
|
||||
services.logrotate.enable =
|
||||
services.logrotate.checkConfig =
|
||||
todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false;
|
||||
|
||||
services = {
|
||||
|
521
flake.lock
generated
521
flake.lock
generated
@ -7,11 +7,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687385522,
|
||||
"narHash": "sha256-GR8mqsqYcdZ67dCcII5SWcwHqPAJRWXPmqsuMl7+KA4=",
|
||||
"lastModified": 1692248770,
|
||||
"narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "bc346a67d34a336ca3c507570875cc88038e6120",
|
||||
"rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -20,29 +20,169 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"doom-emacs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1662497747,
|
||||
"narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=",
|
||||
"owner": "doomemacs",
|
||||
"repo": "doomemacs",
|
||||
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "doomemacs",
|
||||
"repo": "doomemacs",
|
||||
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"doom-snippets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1676839496,
|
||||
"narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=",
|
||||
"owner": "doomemacs",
|
||||
"repo": "snippets",
|
||||
"rev": "fe4003014ae00b866f117cb193f711fd9d72fd11",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "doomemacs",
|
||||
"repo": "snippets",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"emacs-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"stable"
|
||||
]
|
||||
},
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1669639095,
|
||||
"narHash": "sha256-yeP89LGRqMbTuEVII4/2BCMEKgEAbEqOMcwEev2S03U=",
|
||||
"lastModified": 1676366521,
|
||||
"narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "d54a1521619daa37c9aa8c9e3362abb34e676007",
|
||||
"rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "d54a1521619daa37c9aa8c9e3362abb34e676007",
|
||||
"rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"emacs-so-long": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1575031854,
|
||||
"narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=",
|
||||
"owner": "hlissner",
|
||||
"repo": "emacs-so-long",
|
||||
"rev": "ed666b0716f60e8988c455804de24b55919e71ca",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hlissner",
|
||||
"repo": "emacs-so-long",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"evil-escape": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1588439096,
|
||||
"narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=",
|
||||
"owner": "hlissner",
|
||||
"repo": "evil-escape",
|
||||
"rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hlissner",
|
||||
"repo": "evil-escape",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"evil-markdown": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1626852210,
|
||||
"narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=",
|
||||
"owner": "Somelauw",
|
||||
"repo": "evil-markdown",
|
||||
"rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Somelauw",
|
||||
"repo": "evil-markdown",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"evil-org-mode": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1607203864,
|
||||
"narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=",
|
||||
"owner": "hlissner",
|
||||
"repo": "evil-org-mode",
|
||||
"rev": "a9706da260c45b98601bcd72b1d2c0a24a017700",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hlissner",
|
||||
"repo": "evil-org-mode",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"evil-quick-diff": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1575189609,
|
||||
"narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=",
|
||||
"owner": "rgrinberg",
|
||||
"repo": "evil-quick-diff",
|
||||
"rev": "69c883720b30a892c63bc89f49d4f0e8b8028908",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rgrinberg",
|
||||
"repo": "evil-quick-diff",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"explain-pause-mode": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1595842060,
|
||||
"narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=",
|
||||
"owner": "lastquestion",
|
||||
"repo": "explain-pause-mode",
|
||||
"rev": "2356c8c3639cbeeb9751744dbe737267849b4b51",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lastquestion",
|
||||
"repo": "explain-pause-mode",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1627913399,
|
||||
@ -63,11 +203,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687171271,
|
||||
"narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -91,6 +231,23 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"format-all": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1581716637,
|
||||
"narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=",
|
||||
"owner": "lassik",
|
||||
"repo": "emacs-format-all-the-code",
|
||||
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lassik",
|
||||
"repo": "emacs-format-all-the-code",
|
||||
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gostart": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -98,11 +255,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686584905,
|
||||
"narHash": "sha256-1Dd1bcp934Bx3Jjl1yg4sSuAhBUHrJz5jVEDxA5GDu8=",
|
||||
"lastModified": 1690546436,
|
||||
"narHash": "sha256-6B4i87l+dtGesLvRHuwGEBM8QbQC88iSA+TOB4dQNbs=",
|
||||
"owner": "qbit",
|
||||
"repo": "gostart",
|
||||
"rev": "a4f6edb9f49f2ebb9225da0d54128da0fa2ec45a",
|
||||
"rev": "a216e85942325efd61febf8641811ae2c0bd9f2f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -147,13 +304,71 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-doom-emacs": {
|
||||
"inputs": {
|
||||
"doom-emacs": "doom-emacs",
|
||||
"doom-snippets": "doom-snippets",
|
||||
"emacs-overlay": "emacs-overlay",
|
||||
"emacs-so-long": "emacs-so-long",
|
||||
"evil-escape": "evil-escape",
|
||||
"evil-markdown": "evil-markdown",
|
||||
"evil-org-mode": "evil-org-mode",
|
||||
"evil-quick-diff": "evil-quick-diff",
|
||||
"explain-pause-mode": "explain-pause-mode",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"format-all": "format-all",
|
||||
"nix-straight": "nix-straight",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nose": "nose",
|
||||
"ob-racket": "ob-racket",
|
||||
"org": "org",
|
||||
"org-contrib": "org-contrib",
|
||||
"org-yt": "org-yt",
|
||||
"php-extras": "php-extras",
|
||||
"revealjs": "revealjs",
|
||||
"rotate-text": "rotate-text",
|
||||
"sln-mode": "sln-mode",
|
||||
"ts-fold": "ts-fold",
|
||||
"ws-butler": "ws-butler"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689075996,
|
||||
"narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-doom-emacs",
|
||||
"rev": "9a5b34d9ba30842eb8f0d7deb08bf03a75930471",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-doom-emacs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-straight": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1666982610,
|
||||
"narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-straight.el",
|
||||
"rev": "ad10364d64f472c904115fd38d194efe1c3f1226",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-straight.el",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1686838567,
|
||||
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
|
||||
"lastModified": 1692952286,
|
||||
"narHash": "sha256-TsrtPv3+Q1KR0avZxpiJH+b6fX/R/hEQVHbjl1ebotY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
|
||||
"rev": "817e297fc3352fadc15f2c5306909aa9192d7d97",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -163,9 +378,104 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1682566018,
|
||||
"narHash": "sha256-HPzPRFiy2o/7k7mtnwfM1E6NVZHiFbPdmYCMoIpkHO4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8e3b64db39f2aaa14b35ee5376bd6a2e707cadc2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nose": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1400604510,
|
||||
"narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=",
|
||||
"owner": "emacsattic",
|
||||
"repo": "nose",
|
||||
"rev": "f8528297519eba911696c4e68fa88892de9a7b72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "emacsattic",
|
||||
"repo": "nose",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ob-racket": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1584656173,
|
||||
"narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=",
|
||||
"owner": "xchrishawk",
|
||||
"repo": "ob-racket",
|
||||
"rev": "83457ec9e1e96a29fd2086ed19432b9d75787673",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "xchrishawk",
|
||||
"repo": "ob-racket",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"org": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1683136293,
|
||||
"narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=",
|
||||
"owner": "emacs-straight",
|
||||
"repo": "org-mode",
|
||||
"rev": "080710797ad25e76c4556d2b03cc0aa5313cd187",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "emacs-straight",
|
||||
"repo": "org-mode",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"org-contrib": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1675694242,
|
||||
"narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=",
|
||||
"owner": "emacsmirror",
|
||||
"repo": "org-contrib",
|
||||
"rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "emacsmirror",
|
||||
"repo": "org-contrib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"org-yt": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1527381913,
|
||||
"narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=",
|
||||
"owner": "TobiasZawada",
|
||||
"repo": "org-yt",
|
||||
"rev": "40cc1ac76d741055cbefa13860d9f070a7ade001",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "TobiasZawada",
|
||||
"repo": "org-yt",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"peerix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"stable"
|
||||
@ -185,6 +495,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"php-extras": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1573312690,
|
||||
"narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=",
|
||||
"owner": "arnested",
|
||||
"repo": "php-extras",
|
||||
"rev": "d410c5af663c30c01d461ac476d1cbfbacb49367",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "arnested",
|
||||
"repo": "php-extras",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"po": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -245,13 +571,29 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"revealjs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1681386605,
|
||||
"narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
|
||||
"owner": "hakimel",
|
||||
"repo": "reveal.js",
|
||||
"rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hakimel",
|
||||
"repo": "reveal.js",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"emacs-overlay": "emacs-overlay",
|
||||
"gostart": "gostart",
|
||||
"gqrss": "gqrss",
|
||||
"microca": "microca",
|
||||
"nix-doom-emacs": "nix-doom-emacs",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"peerix": "peerix",
|
||||
"po": "po",
|
||||
@ -259,7 +601,6 @@
|
||||
"pr-status": "pr-status",
|
||||
"sops-nix": "sops-nix",
|
||||
"stable": "stable",
|
||||
"talon": "talon",
|
||||
"taskobs": "taskobs",
|
||||
"tsRevProx": "tsRevProx",
|
||||
"tsvnstat": "tsvnstat",
|
||||
@ -269,6 +610,38 @@
|
||||
"xintray": "xintray"
|
||||
}
|
||||
},
|
||||
"rotate-text": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1322962747,
|
||||
"narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=",
|
||||
"owner": "debug-ito",
|
||||
"repo": "rotate-text.el",
|
||||
"rev": "48f193697db996855aee1ad2bc99b38c6646fe76",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "debug-ito",
|
||||
"repo": "rotate-text.el",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sln-mode": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1423727528,
|
||||
"narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=",
|
||||
"owner": "sensorflo",
|
||||
"repo": "sln-mode",
|
||||
"rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "sensorflo",
|
||||
"repo": "sln-mode",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -279,11 +652,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687398569,
|
||||
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
|
||||
"lastModified": 1693404499,
|
||||
"narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
|
||||
"rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -294,11 +667,11 @@
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1687354544,
|
||||
"narHash": "sha256-1Xu+QzyA10AiY21i27Zu9bqQAaxXBacNKbGUA9OZy7Y=",
|
||||
"lastModified": 1693428224,
|
||||
"narHash": "sha256-FWUUlhYqkGEySUD0blTADRiDQ7fw+H1ikivfu88uy+w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "876181e3ae452cc6186486f6f7300a8a6de237cb",
|
||||
"rev": "841889913dfd06a70ffb39f603e29e46f45f0c1a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -339,27 +712,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"talon": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"unstable"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674481533,
|
||||
"narHash": "sha256-aMrexhFzVJKFB2PKUjjJiJCCNDTyCWFDHlhjFNAuHFg=",
|
||||
"owner": "qbit",
|
||||
"repo": "talon-nix",
|
||||
"rev": "52b4568e186691624db941517418e165b6ff0e9f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "qbit",
|
||||
"repo": "talon-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"taskobs": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -380,6 +732,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ts-fold": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1681029086,
|
||||
"narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
|
||||
"owner": "jcs-elpa",
|
||||
"repo": "ts-fold",
|
||||
"rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "jcs-elpa",
|
||||
"repo": "ts-fold",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tsRevProx": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -387,11 +755,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1683583841,
|
||||
"narHash": "sha256-5r2TP7cuEyy/XgSQhfaqLjbgiIbXtlNp9P9OvPjzvTk=",
|
||||
"lastModified": 1690485919,
|
||||
"narHash": "sha256-7DxtcPq/QPsdwqUg91vs1mMu21mYn1HCamUkOD0ug2M=",
|
||||
"owner": "qbit",
|
||||
"repo": "ts-reverse-proxy",
|
||||
"rev": "36749e9fbe0f4c04163f9924f8e8be01d0442745",
|
||||
"rev": "1b7eac645a0c56effc8d637019161febd0015d08",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -422,11 +790,11 @@
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1687411311,
|
||||
"narHash": "sha256-JcRFavmdTl6VE52xGREv+qZ8jXNVxZ05Ny93R7a2hb0=",
|
||||
"lastModified": 1693537891,
|
||||
"narHash": "sha256-djrWi+Qkj033Py+pWZZriUcWKFtfQJcrO0JZXiFXUTk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5da1a523cbe09f2f7e0f85605f6a54f372469bd0",
|
||||
"rev": "9d33ec806554aa74a6415a9e1e3b5b78e0af26d1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -437,11 +805,11 @@
|
||||
},
|
||||
"unstableSmall": {
|
||||
"locked": {
|
||||
"lastModified": 1687369486,
|
||||
"narHash": "sha256-BFXrDo7yuLamfbi53voC2TrHHTKEr/LJ0P+qSP51xkg=",
|
||||
"lastModified": 1693481239,
|
||||
"narHash": "sha256-HNEeTL3b0aiwbJh/hFKUMOqRg34e5r+t1X3dFMFUVR4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8b0f22dc5155e8a6d329520c27751dfb0f821d63",
|
||||
"rev": "72845c89285ca57c1d2bbc33018aca7455cd9c25",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -451,18 +819,19 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"ws-butler": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"lastModified": 1634511126,
|
||||
"narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=",
|
||||
"owner": "hlissner",
|
||||
"repo": "ws-butler",
|
||||
"rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"owner": "hlissner",
|
||||
"repo": "ws-butler",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@ -474,11 +843,11 @@
|
||||
"stable": "stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686765987,
|
||||
"narHash": "sha256-dwT4w+dFG5ovM9ip32fj54I8Bq427SQZ91X/wJ3mhXU=",
|
||||
"lastModified": 1691077496,
|
||||
"narHash": "sha256-Ue8ldvIt2gU51MuWAMwcZIME5htEBeG5NDTo/QWw7Qw=",
|
||||
"ref": "main",
|
||||
"rev": "4019a419bd9ab0e927d44cb4ff4b84654de90712",
|
||||
"revCount": 100,
|
||||
"rev": "10a766cc56235210091913414019d98a9fc6b987",
|
||||
"revCount": 104,
|
||||
"type": "git",
|
||||
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||
},
|
||||
@ -495,11 +864,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686054616,
|
||||
"narHash": "sha256-nBvQL3pSFZTBM0kM+/HVNFNbsa/It+OzQSlgKdIkgAY=",
|
||||
"lastModified": 1688047611,
|
||||
"narHash": "sha256-pHbxJwZGQjPwpA2gfeUGy9hHu3Dx/J6ZT4DkV2v1RT4=",
|
||||
"owner": "qbit",
|
||||
"repo": "xintray",
|
||||
"rev": "04dfd6b23e165c2e5495eeaf2b5ba2818a683bb2",
|
||||
"rev": "dff83a5e9b8b84d0f4d29f6e5704dee21b165c75",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
39
flake.nix
39
flake.nix
@ -21,10 +21,11 @@
|
||||
|
||||
nixos-hardware = {url = "github:NixOS/nixos-hardware/master";};
|
||||
|
||||
emacs-overlay = {
|
||||
url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
|
||||
inputs.nixpkgs.follows = "stable";
|
||||
};
|
||||
#emacs-overlay = {
|
||||
# url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007";
|
||||
# inputs.nixpkgs.follows = "stable";
|
||||
#};
|
||||
nix-doom-emacs.url = "github:nix-community/nix-doom-emacs";
|
||||
|
||||
darwin = {
|
||||
url = "github:lnl7/nix-darwin";
|
||||
@ -77,11 +78,6 @@
|
||||
url = "github:cid-chan/peerix";
|
||||
inputs.nixpkgs.follows = "stable";
|
||||
};
|
||||
|
||||
talon = {
|
||||
url = "github:qbit/talon-nix";
|
||||
inputs.nixpkgs.follows = "unstable";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = {
|
||||
@ -94,7 +90,6 @@
|
||||
pots,
|
||||
pr-status,
|
||||
stable,
|
||||
talon,
|
||||
tsRevProx,
|
||||
tsvnstat,
|
||||
unstable,
|
||||
@ -133,13 +128,12 @@
|
||||
};
|
||||
|
||||
overlays = [
|
||||
inputs.emacs-overlay.overlay
|
||||
#inputs.emacs-overlay.overlay
|
||||
inputs.gostart.overlay
|
||||
inputs.microca.overlay
|
||||
inputs.peerix.overlay
|
||||
inputs.pots.overlay
|
||||
inputs.pr-status.overlay
|
||||
inputs.talon.overlays.default
|
||||
inputs.taskobs.overlay
|
||||
inputs.tsRevProx.overlay
|
||||
];
|
||||
@ -201,8 +195,8 @@
|
||||
[] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays;
|
||||
};
|
||||
|
||||
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixfmt;
|
||||
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixfmt;
|
||||
formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra;
|
||||
formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra;
|
||||
|
||||
devShells.x86_64-linux.default = xinlib.buildShell lpkgs;
|
||||
devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs;
|
||||
@ -210,7 +204,6 @@
|
||||
nixosConfigurations = {
|
||||
europa = buildSys "x86_64-linux" unstable [
|
||||
nixos-hardware.nixosModules.framework
|
||||
talon.nixosModules.talon
|
||||
] "europa";
|
||||
pwntie = buildSys "x86_64-linux" stable [] "pwntie";
|
||||
stan = buildSys "x86_64-linux" unstable [] "stan";
|
||||
@ -262,6 +255,8 @@
|
||||
spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;};
|
||||
alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;};
|
||||
bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;};
|
||||
rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;};
|
||||
clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;};
|
||||
gqrss = spkgs.callPackage ./pkgs/gqrss.nix {
|
||||
inherit spkgs;
|
||||
isUnstable = true;
|
||||
@ -272,11 +267,14 @@
|
||||
isUnstable = true;
|
||||
};
|
||||
femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {};
|
||||
fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;};
|
||||
flake-warn =
|
||||
spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;};
|
||||
kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
|
||||
#kurinto = spkgs.callPackage ./pkgs/kurinto.nix {};
|
||||
mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;};
|
||||
yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;};
|
||||
gen-patches =
|
||||
spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;};
|
||||
yarr = spkgs.callPackage ./pkgs/yarr.nix {
|
||||
inherit spkgs;
|
||||
isUnstable = true;
|
||||
@ -284,6 +282,9 @@
|
||||
precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix {
|
||||
inherit spkgs;
|
||||
};
|
||||
rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix {
|
||||
inherit spkgs;
|
||||
};
|
||||
kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
@ -302,11 +303,11 @@
|
||||
gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;};
|
||||
gotosocial =
|
||||
spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;};
|
||||
govulncheck =
|
||||
upkgs.callPackage ./pkgs/govulncheck.nix {inherit upkgs;};
|
||||
zutty = upkgs.callPackage ./pkgs/zutty.nix {
|
||||
inherit upkgs;
|
||||
isUnstable = true;
|
||||
};
|
||||
mvoice = upkgs.callPackage ./pkgs/mvoice.nix {
|
||||
inherit upkgs;
|
||||
};
|
||||
inherit (xintray.packages.${system}) xintray;
|
||||
inherit (tsvnstat.packages.${system}) tsvnstat;
|
||||
|
@ -3,15 +3,13 @@
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
myArcan = pkgs.arcanPackages or pkgs.arcan;
|
||||
in
|
||||
}:
|
||||
with lib; {
|
||||
options = {
|
||||
arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";};
|
||||
};
|
||||
|
||||
config = mkIf config.arcan.enable {
|
||||
environment.systemPackages = with pkgs; [myArcan.all-wrapped];
|
||||
environment.systemPackages = with pkgs; [arcanPackages.all-wrapped];
|
||||
};
|
||||
}
|
||||
|
@ -62,21 +62,24 @@ in
|
||||
pcscd.enable = true;
|
||||
};
|
||||
|
||||
documentation.enable = true;
|
||||
|
||||
# TODO: TEMP FIX
|
||||
systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
|
||||
lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"];
|
||||
fonts.fonts = with pkgs; [
|
||||
go-font
|
||||
(callPackage ../pkgs/kurinto.nix {})
|
||||
#(callPackage ../pkgs/kurinto.nix {})
|
||||
];
|
||||
sound.enable = true;
|
||||
environment.systemPackages = with pkgs; (xinlib.filterList [
|
||||
arcanPackages.all-wrapped
|
||||
bc
|
||||
black
|
||||
brave
|
||||
drawterm
|
||||
exiftool
|
||||
go-font
|
||||
govulncheck
|
||||
hpi
|
||||
pcsctools
|
||||
promnesia
|
||||
@ -85,7 +88,6 @@ in
|
||||
vlc
|
||||
zeal
|
||||
|
||||
(callPackage ../pkgs/govulncheck.nix {})
|
||||
(callPackage ../configs/helix.nix {})
|
||||
]);
|
||||
|
||||
|
@ -30,7 +30,7 @@
|
||||
proxy_set_header Connection "";
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_pass http://ftp.usa.openbsd.org;
|
||||
proxy_pass http://cdn.openbsd.org;
|
||||
'';
|
||||
};
|
||||
|
||||
@ -46,10 +46,21 @@
|
||||
};
|
||||
in {
|
||||
_module.args.isUnstable = false;
|
||||
imports = [./hardware-configuration.nix];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
"${inputs.unstable}/nixos/modules/services/home-automation/home-assistant.nix"
|
||||
];
|
||||
|
||||
sops.secrets = {
|
||||
photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;};
|
||||
#nextcloud_db_pass = {
|
||||
# owner = config.users.users.nextcloud.name;
|
||||
# sopsFile = config.xin-secrets.box.services;
|
||||
#};
|
||||
#nextcloud_admin_pass = {
|
||||
# owner = config.users.users.nextcloud.name;
|
||||
# sopsFile = config.xin-secrets.box.services;
|
||||
#};
|
||||
#photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;};
|
||||
gitea_db_pass = {
|
||||
owner = config.users.users.gitea.name;
|
||||
sopsFile = config.xin-secrets.box.services;
|
||||
@ -80,6 +91,10 @@ in {
|
||||
sops.secrets.bw_key = mkNginxSecret;
|
||||
sops.secrets.invidious_cert = mkNginxSecret;
|
||||
sops.secrets.invidious_key = mkNginxSecret;
|
||||
sops.secrets.readarr_cert = mkNginxSecret;
|
||||
sops.secrets.readarr_key = mkNginxSecret;
|
||||
sops.secrets.home_cert = mkNginxSecret;
|
||||
sops.secrets.home_key = mkNginxSecret;
|
||||
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.loader.grub.copyKernels = true;
|
||||
@ -97,6 +112,7 @@ in {
|
||||
|
||||
hosts = {
|
||||
"127.0.0.1" = ["git.tapenet.org"];
|
||||
"10.6.0.15" = ["jelly.bold.daemon"];
|
||||
"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];
|
||||
};
|
||||
interfaces.enp7s0 = {useDHCP = true;};
|
||||
@ -114,7 +130,17 @@ in {
|
||||
};
|
||||
allowedTCPPorts =
|
||||
config.services.openssh.ports
|
||||
++ [80 443 config.services.gitea.settings.server.SSH_PORT];
|
||||
++ [
|
||||
80
|
||||
443
|
||||
config.services.gitea.settings.server.SSH_PORT
|
||||
21063 #homekit
|
||||
21064 #homekit
|
||||
1883 # mosquitto
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 #homekit
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 60000;
|
||||
@ -144,16 +170,27 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
(_: _: {
|
||||
inherit (inputs.unstable.legacyPackages.${pkgs.system}) home-assistant;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
disabledModules = [
|
||||
"services/home-automation/home-assistant.nix"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixfmt
|
||||
tmux
|
||||
mosh
|
||||
apg
|
||||
git
|
||||
signify
|
||||
glowing-bear
|
||||
rtl_433
|
||||
|
||||
(callPackage ../../pkgs/athens.nix {inherit isUnstable;})
|
||||
];
|
||||
@ -163,64 +200,174 @@ in {
|
||||
defaults.email = "aaron@bolddaemon.com";
|
||||
};
|
||||
|
||||
# for photoprism
|
||||
#users.groups.photoprism = {
|
||||
# name = "photoprism";
|
||||
# gid = 986;
|
||||
#};
|
||||
#users.users.photoprism = {
|
||||
# uid = 991;
|
||||
# name = "photoprism";
|
||||
# isSystemUser = true;
|
||||
# hashedPassword = null;
|
||||
# group = "photoprism";
|
||||
# shell = "/bin/sh";
|
||||
# openssh.authorizedKeys.keys = pubKeys;
|
||||
#};
|
||||
users.groups.media = {
|
||||
name = "media";
|
||||
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"];
|
||||
};
|
||||
|
||||
#virtualisation.podman = {
|
||||
# enable = false;
|
||||
# #dockerCompat = true;
|
||||
#};
|
||||
#virtualisation.oci-containers.backend = "podman";
|
||||
#virtualisation.oci-containers.containers = {
|
||||
# #kativa = {
|
||||
# # autoStart = true;
|
||||
# # ports = [ "127.0.0.1:5000:5000" ];
|
||||
# # image = "kizaing/kavita:0.5.2";
|
||||
# # volumes = [ "/media/books:/books" "/media/books/config:/kativa/config" ];
|
||||
# #};
|
||||
users.groups.photos = {
|
||||
name = "photos";
|
||||
members = ["qbit"];
|
||||
};
|
||||
|
||||
users.groups.photoprism = {
|
||||
name = "photoprism";
|
||||
gid = 986;
|
||||
};
|
||||
users.users.photoprism = {
|
||||
uid = 991;
|
||||
name = "photoprism";
|
||||
isSystemUser = true;
|
||||
hashedPassword = null;
|
||||
group = "photoprism";
|
||||
shell = "/bin/sh";
|
||||
openssh.authorizedKeys.keys = pubKeys;
|
||||
};
|
||||
|
||||
systemd.services.photoprism = {
|
||||
serviceConfig = {
|
||||
WorkingDirectory = lib.mkForce "/media/pictures/photoprism";
|
||||
};
|
||||
preStart = lib.mkForce "";
|
||||
};
|
||||
|
||||
hardware.rtl-sdr.enable = true;
|
||||
|
||||
services = {
|
||||
mosquitto = {
|
||||
enable = true;
|
||||
listeners = [
|
||||
{
|
||||
acl = ["pattern readwrite #"];
|
||||
omitPasswordAuth = true;
|
||||
settings.allow_anonymous = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
avahi = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
home-assistant = {
|
||||
enable = true;
|
||||
extraPackages = python3Packages:
|
||||
with python3Packages; [
|
||||
pyipp
|
||||
pymetno
|
||||
];
|
||||
extraComponents = [
|
||||
"airthings"
|
||||
"airthings_ble"
|
||||
"airvisual"
|
||||
"airvisual_pro"
|
||||
"apple_tv"
|
||||
#"aprs"
|
||||
"brother"
|
||||
"esphome"
|
||||
"ffmpeg"
|
||||
"homekit"
|
||||
"homekit_controller"
|
||||
"icloud"
|
||||
"jellyfin"
|
||||
"logger"
|
||||
"met"
|
||||
"mqtt"
|
||||
"nextdns"
|
||||
"openevse"
|
||||
"prometheus"
|
||||
"pushover"
|
||||
"rest"
|
||||
"snmp"
|
||||
"zeroconf"
|
||||
];
|
||||
config = {
|
||||
mqtt.sensor = [
|
||||
];
|
||||
logger = {
|
||||
default = "warning";
|
||||
logs = {
|
||||
#"homeassistant.components.aprs" = "debug";
|
||||
};
|
||||
};
|
||||
"automation manual" = [
|
||||
];
|
||||
"automation ui" = "!include automations.yaml";
|
||||
rest = [
|
||||
{
|
||||
resource = "http://127.0.0.1:9001/api/v1/query?query=rtl_433_temperature_celsius";
|
||||
sensor = {
|
||||
name = "rtl_433_temperature_celsius";
|
||||
value_template = "{{value_json.data.result[0].value[1]}}";
|
||||
};
|
||||
}
|
||||
{
|
||||
resource = "http://127.0.0.1:9001/api/v1/query?query=wstation_temp_c";
|
||||
sensor = {
|
||||
name = "wstation_garage_temp_c";
|
||||
value_template = "{{value_json.data.result[0].value[1]}}";
|
||||
};
|
||||
}
|
||||
];
|
||||
device_tracker = [
|
||||
];
|
||||
default_config = {};
|
||||
http = {
|
||||
use_x_forwarded_for = true;
|
||||
server_host = "127.0.0.1";
|
||||
trusted_proxies = "127.0.0.1";
|
||||
};
|
||||
homeassistant = {
|
||||
name = "Home";
|
||||
time_zone = "America/Denver";
|
||||
temperature_unit = "C";
|
||||
unit_system = "metric";
|
||||
longitude = -104.72;
|
||||
latitude = 38.35;
|
||||
};
|
||||
};
|
||||
};
|
||||
#photoprism = {
|
||||
# #user = "${toString config.users.users.photoprism.name}:${toString config.users.groups.photoprism.name}";
|
||||
# autoStart = true;
|
||||
# ports = [ "127.0.0.1:2343:2343" ];
|
||||
# image = "photoprism/photoprism:${photoPrismTag}";
|
||||
# workdir = "/photoprism";
|
||||
# volumes = [
|
||||
# "/media/pictures/photoprism/storage:/photoprism/storage"
|
||||
# "/media/pictures/photoprism/originals:/photoprism/originals"
|
||||
# "/media/pictures/photoprism/import:/photoprism/import"
|
||||
# ];
|
||||
# environment = {
|
||||
# PHOTOPRISM_HTTP_PORT = "2343";
|
||||
# enable = true;
|
||||
# port = 2343;
|
||||
# storagePath = "/media/pictures/photoprism/storage";
|
||||
# originalsPath = "/media/pictures/photoprism/originals";
|
||||
# importPath = "/media/pictures/photoprism/import";
|
||||
# settings = {
|
||||
# PHOTOPRISM_UPLOAD_NSFW = "true";
|
||||
# PHOTOPRISM_DETECT_NSFW = "false";
|
||||
# PHOTOPRISM_UID = "${toString config.users.users.photoprism.uid}";
|
||||
# PHOTOPRISM_GID = "${toString config.users.groups.photoprism.gid}";
|
||||
# #PHOTOPRISM_SITE_URL = "https://photos.tapenet.org/";
|
||||
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
|
||||
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
|
||||
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
|
||||
# };
|
||||
#};
|
||||
#nextcloud = {
|
||||
# enable = true;
|
||||
# enableBrokenCiphersForSSE = false;
|
||||
# hostName = "box.humpback-trout.ts.net";
|
||||
# home = "/media/nextcloud";
|
||||
# https = true;
|
||||
|
||||
# package = pkgs.nextcloud27;
|
||||
# extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
# inherit bookmarks calendar contacts notes tasks twofactor_webauthn;
|
||||
# };
|
||||
|
||||
users.groups.media = {
|
||||
name = "media";
|
||||
members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones"];
|
||||
};
|
||||
# extraAppsEnable = true;
|
||||
|
||||
services = {
|
||||
# config = {
|
||||
# overwriteProtocol = "https";
|
||||
|
||||
# dbtype = "pgsql";
|
||||
# dbuser = "nextcloud";
|
||||
# dbhost = "/run/postgresql";
|
||||
# dbname = "nextcloud";
|
||||
# dbpassFile = "${config.sops.secrets.nextcloud_db_pass.path}";
|
||||
|
||||
# adminpassFile = "${config.sops.secrets.nextcloud_admin_pass.path}";
|
||||
# adminuser = "admin";
|
||||
# };
|
||||
#};
|
||||
invidious = {
|
||||
enable = true;
|
||||
settings = {
|
||||
@ -255,6 +402,19 @@ in {
|
||||
|
||||
tor.enable = true;
|
||||
|
||||
transmission = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
downloadDirPermissions = "770";
|
||||
settings = {
|
||||
download-dir = "/media/downloads/torrents";
|
||||
};
|
||||
};
|
||||
readarr = {
|
||||
enable = true;
|
||||
dataDir = "/media/books";
|
||||
group = "media";
|
||||
};
|
||||
sonarr.enable = true;
|
||||
radarr.enable = true;
|
||||
lidarr.enable = true;
|
||||
@ -288,6 +448,7 @@ in {
|
||||
|
||||
calibre-web = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
options = {enableBookUploading = true;};
|
||||
listen.port = 8909;
|
||||
listen.ip = "127.0.0.1";
|
||||
@ -446,9 +607,33 @@ in {
|
||||
};
|
||||
|
||||
nginx = {enable = true;};
|
||||
|
||||
rtl_433 = {
|
||||
enable = true;
|
||||
group = "plugdev";
|
||||
ids = [
|
||||
{
|
||||
id = 55;
|
||||
name = "LaCrosse-TX141Bv3";
|
||||
location = "Kitchen";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "rtl_433";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"127.0.0.1:${
|
||||
toString config.services.prometheus.exporters.rtl_433.port
|
||||
}"
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "box";
|
||||
static_configs = [
|
||||
@ -483,11 +668,7 @@ in {
|
||||
}
|
||||
{
|
||||
job_name = "namish";
|
||||
static_configs = [{targets = ["10.6.0.2:9100"];}];
|
||||
}
|
||||
{
|
||||
job_name = "router";
|
||||
static_configs = [{targets = ["10.6.0.1:9100"];}];
|
||||
static_configs = [{targets = ["10.200.0.100:9100"];}];
|
||||
}
|
||||
{
|
||||
job_name = "nginx";
|
||||
@ -522,7 +703,7 @@ in {
|
||||
stateDir = "/media/git";
|
||||
appName = "Tape:neT";
|
||||
|
||||
package = inputs.unstable.legacyPackages.${pkgs.system}.gitea;
|
||||
package = inputs.unstable.legacyPackages.${pkgs.system}.forgejo;
|
||||
|
||||
lfs.enable = true;
|
||||
|
||||
@ -592,6 +773,18 @@ in {
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"home.bold.daemon" = {
|
||||
forceSSL = true;
|
||||
sslCertificateKey = "${config.sops.secrets.home_key.path}";
|
||||
sslCertificate = "${config.sops.secrets.home_cert.path}";
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8123";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"invidious.bold.daemon" = {
|
||||
forceSSL = true;
|
||||
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
|
||||
@ -747,6 +940,19 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
"readarr.bold.daemon" = {
|
||||
sslCertificateKey = "${config.sops.secrets.readarr_key.path}";
|
||||
sslCertificate = "${config.sops.secrets.readarr_cert.path}";
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8787";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${httpAllow}
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"graph.bold.daemon" = {
|
||||
sslCertificateKey = "${config.sops.secrets.graph_key.path}";
|
||||
@ -818,7 +1024,14 @@ in {
|
||||
enable = true;
|
||||
dataDir = "/db/postgres";
|
||||
|
||||
ensureDatabases = ["nextcloud" "gitea"];
|
||||
#enableTCPIP = true;
|
||||
#authentication = pkgs.lib.mkOverride 14 ''
|
||||
# local all all trust
|
||||
# host all all 127.0.0.1/32 trust
|
||||
# host all all ::1/128 trust
|
||||
#'';
|
||||
|
||||
ensureDatabases = ["nextcloud" "gitea" "invidious"];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
|
@ -1,4 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
@ -13,9 +14,12 @@ with lib; let
|
||||
inherit lib;
|
||||
inherit config;
|
||||
});
|
||||
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
|
||||
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
||||
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
||||
doomPrivateDir = ../../configs/doom.d;
|
||||
};
|
||||
peerixUser =
|
||||
if hasAttr "peerix" config.users.users
|
||||
if builtins.hasAttr "peerix" config.users.users
|
||||
then config.users.users.peerix.name
|
||||
else "root";
|
||||
jobs = [
|
||||
@ -86,10 +90,13 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
|
||||
nixpkgs.config.allowUnsupportedSystem = true;
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
allowUnsupportedSystem = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
|
||||
initrd.systemd.enable = true;
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
@ -100,24 +107,25 @@ in {
|
||||
};
|
||||
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
#kernelPackages = pkgs.linuxPackages;
|
||||
};
|
||||
|
||||
sshFidoAgent.enable = true;
|
||||
sshFidoAgent.enable = lib.mkDefault true;
|
||||
|
||||
nixManager = {
|
||||
enable = true;
|
||||
enable = lib.mkDefault true;
|
||||
user = "qbit";
|
||||
};
|
||||
|
||||
kde.enable = true;
|
||||
jetbrains.enable = true;
|
||||
kde.enable = lib.mkDefault true;
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
virtualisation.libvirtd.enable = lib.mkDefault true;
|
||||
|
||||
networking = {
|
||||
hostName = "europa";
|
||||
hostId = "87703c3e";
|
||||
hosts = {
|
||||
"192.168.122.6" = ["chubs"];
|
||||
};
|
||||
wireless.userControlled.enable = true;
|
||||
networkmanager.enable = true;
|
||||
|
||||
@ -148,6 +156,7 @@ in {
|
||||
shellAliases = {
|
||||
"gh" = "op plugin run -- gh";
|
||||
"nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token) nixpkgs-review";
|
||||
"clilol" = "env CLILOL_APIKEY=$(op item get omglol-cli --field credential) clilol";
|
||||
"godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
|
||||
"mutt" = "neomutt -F /etc/neomuttrc";
|
||||
"neomutt" = "neomutt -F /etc/neomuttrc";
|
||||
@ -185,6 +194,11 @@ in {
|
||||
];
|
||||
};
|
||||
};
|
||||
avahi = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
printing.enable = true;
|
||||
restic = {
|
||||
backups = {
|
||||
local = {
|
||||
@ -202,11 +216,11 @@ in {
|
||||
pcscd.enable = true;
|
||||
vnstat.enable = true;
|
||||
clamav.updater.enable = true;
|
||||
emacs = {
|
||||
enable = true;
|
||||
package = myEmacs;
|
||||
install = true;
|
||||
};
|
||||
#emacs = {
|
||||
# enable = true;
|
||||
# package = myEmacs;
|
||||
# install = true;
|
||||
#};
|
||||
tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
@ -262,11 +276,10 @@ in {
|
||||
users.users.qbit.extraGroups = [
|
||||
"dialout"
|
||||
"libvirtd"
|
||||
"plugdev"
|
||||
#"docker"
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.sessionVariables = {
|
||||
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||
@ -280,10 +293,13 @@ in {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
opensnitch-ui
|
||||
doom-emacs
|
||||
barrier
|
||||
calibre
|
||||
chirp
|
||||
cider
|
||||
clementine
|
||||
direwolf
|
||||
element-desktop
|
||||
elmPackages.elm
|
||||
elmPackages.elm-format
|
||||
@ -293,7 +309,10 @@ in {
|
||||
entr
|
||||
exercism
|
||||
gh
|
||||
gimp
|
||||
git-credential-1password
|
||||
gqrx
|
||||
hackrf
|
||||
isync
|
||||
klavaro
|
||||
minicom
|
||||
@ -305,12 +324,15 @@ in {
|
||||
nmap
|
||||
nushell
|
||||
obsidian
|
||||
pharo
|
||||
pharo-launcher
|
||||
picocom
|
||||
proton-caller
|
||||
protonup-ng
|
||||
python3Packages.meshtastic
|
||||
qdmr
|
||||
rex
|
||||
rofi
|
||||
rtl-sdr
|
||||
sdrpp
|
||||
signal-desktop
|
||||
taskobs
|
||||
tcpdump
|
||||
@ -319,13 +341,14 @@ in {
|
||||
tidal-hifi
|
||||
tigervnc
|
||||
unzip
|
||||
veilid
|
||||
virt-manager
|
||||
w3m
|
||||
yt-dlp
|
||||
#yubioath-flutter
|
||||
zig
|
||||
|
||||
talon
|
||||
|
||||
(callPackage ../../pkgs/clilol.nix {})
|
||||
(callPackage ../../pkgs/iamb.nix {})
|
||||
(callPackage ../../pkgs/kobuddy.nix {
|
||||
inherit pkgs;
|
||||
@ -341,6 +364,7 @@ in {
|
||||
;
|
||||
})
|
||||
(callPackage ../../pkgs/gokrazy.nix {})
|
||||
(callPackage ../../pkgs/mvoice.nix {})
|
||||
(callPackage ../../pkgs/zutty.nix {})
|
||||
|
||||
restic
|
||||
|
@ -39,5 +39,6 @@
|
||||
cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
bluetooth.enable = true;
|
||||
rtl-sdr.enable = true;
|
||||
};
|
||||
}
|
||||
|
@ -115,6 +115,8 @@ in {
|
||||
''"radarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"reddit.bold.daemon. IN A 100.120.151.126"''
|
||||
''"sonarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"readarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"home.bold.daemon. IN A 100.120.151.126"''
|
||||
''"graph.bold.daemon. IN A 100.120.151.126"''
|
||||
''"invidious.bold.daemon. IN A 100.120.151.126"''
|
||||
''"router.bold.daemon. IN A 10.6.0.1"''
|
||||
|
@ -2,6 +2,7 @@
|
||||
config,
|
||||
pkgs,
|
||||
isUnstable,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
@ -35,6 +36,11 @@ with pkgs; let
|
||||
allow 10.20.30.1/32;
|
||||
'';
|
||||
|
||||
mtxCfg = {
|
||||
port = 8009;
|
||||
address = "127.0.0.1";
|
||||
};
|
||||
|
||||
matrixServer = "tapenet.org";
|
||||
matrixClientConfig = {
|
||||
"m.homeserver".base_url = "https://${matrixServer}:443";
|
||||
@ -53,7 +59,7 @@ with pkgs; let
|
||||
};
|
||||
mkMatrixLoc = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://127.0.0.1:8009";
|
||||
proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}";
|
||||
};
|
||||
in {
|
||||
_module.args.isUnstable = false;
|
||||
@ -145,6 +151,11 @@ in {
|
||||
owner = config.services.tsrevprox.user;
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
};
|
||||
writefreely = {
|
||||
mode = "400";
|
||||
owner = config.services.writefreely.user;
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
@ -257,6 +268,21 @@ in {
|
||||
};
|
||||
|
||||
services = {
|
||||
heisenbridge = {
|
||||
enable = true;
|
||||
homeserver = "http://${mtxCfg.address}:${toString mtxCfg.port}";
|
||||
owner = "@qbit:tapenet.org";
|
||||
namespaces = {
|
||||
users = [
|
||||
{
|
||||
regex = "@irc_.*";
|
||||
exclusive = true;
|
||||
}
|
||||
];
|
||||
aliases = [];
|
||||
rooms = [];
|
||||
};
|
||||
};
|
||||
tsrevprox = {
|
||||
enable = true;
|
||||
reverseName = "pr-status";
|
||||
@ -390,6 +416,8 @@ in {
|
||||
"/var/lib/gotosocial"
|
||||
"/var/lib/mcchunkie"
|
||||
"/var/lib/taskserver"
|
||||
"/var/lib/heisenbridge"
|
||||
"/var/lib/writefreely"
|
||||
];
|
||||
|
||||
timerConfig = {OnCalendar = "00:05";};
|
||||
@ -399,6 +427,26 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
writefreely = {
|
||||
enable = true;
|
||||
host = "arst.lol";
|
||||
settings = {
|
||||
server.port = 3287;
|
||||
app = {
|
||||
single_user = true;
|
||||
min_username_len = 4;
|
||||
federation = true;
|
||||
monetization = false;
|
||||
wf_modesty = true;
|
||||
};
|
||||
};
|
||||
database.migrate = true;
|
||||
admin = {
|
||||
name = "qbit";
|
||||
initialPasswordFile = "${config.sops.secrets.writefreely.path}";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
|
||||
@ -470,6 +518,22 @@ in {
|
||||
proxyPass = "http://localhost:9009/weechat";
|
||||
};
|
||||
};
|
||||
"arst.lol" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/arst.lol";
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://127.0.0.1:${
|
||||
toString config.services.writefreely.settings.server.port
|
||||
}";
|
||||
};
|
||||
};
|
||||
#"embracethe.lol" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# root = "/var/www/embracethe.lol";
|
||||
#};
|
||||
"notes.suah.dev" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@ -746,6 +810,10 @@ in {
|
||||
"https://matrix.to/#/#go-lang:matrix.org"
|
||||
"https://matrix.to/#/#plan9:matrix.org"
|
||||
"https://matrix.to/#/#nix-openbsd:tapenet.org"
|
||||
"https://matrix.to/#/#cobug:tapenet.org"
|
||||
"https://matrix.to/#/#gosec:tapenet.org"
|
||||
"https://matrix.to/#/#gophers-offtopic:matrix.org"
|
||||
"https://matrix.to/#/#devious:tapenet.org"
|
||||
];
|
||||
settings = {
|
||||
verboseLogging = false;
|
||||
@ -785,6 +853,9 @@ in {
|
||||
signing_key_path = "${config.sops.secrets.synapse_signing_key.path}";
|
||||
url_preview_enabled = false;
|
||||
plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam];
|
||||
app_service_config_files = [
|
||||
"/var/lib/heisenbridge/registration.yml"
|
||||
];
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args = {
|
||||
@ -794,8 +865,8 @@ in {
|
||||
};
|
||||
listeners = [
|
||||
{
|
||||
bind_addresses = ["127.0.0.1"];
|
||||
port = 8009;
|
||||
inherit (mtxCfg) port;
|
||||
bind_addresses = [mtxCfg.address];
|
||||
resources = [
|
||||
{
|
||||
compress = true;
|
||||
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
isUnstable,
|
||||
...
|
||||
}: let
|
||||
@ -14,6 +15,8 @@ in {
|
||||
|
||||
networking.hostName = "plq";
|
||||
|
||||
security.pam.enableSudoTouchIdAuth = true;
|
||||
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
@ -22,10 +25,16 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
services.nix-daemon.enable = true;
|
||||
nix.package = pkgs.nix;
|
||||
|
||||
services.emacs.package = pkgs.emacsUnstable;
|
||||
nix = {
|
||||
package = pkgs.nix;
|
||||
settings = {
|
||||
sandbox = true;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
nix-daemon.enable = true;
|
||||
emacs.package = pkgs.emacsUnstable;
|
||||
};
|
||||
|
||||
system = {
|
||||
keyboard = {
|
||||
@ -47,23 +56,32 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elm (lib.getName pkg) [
|
||||
"obsidian"
|
||||
];
|
||||
};
|
||||
|
||||
environment.variables = {
|
||||
SSH_AUTH_SOCK = "$HOME/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
(callPackage ../../pkgs/nheko.nix {inherit isUnstable;})
|
||||
(callPackage ../../pkgs/secretive.nix {inherit isUnstable;})
|
||||
(callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;})
|
||||
|
||||
nixpkgs-review
|
||||
direnv
|
||||
exiftool
|
||||
gh
|
||||
go
|
||||
mosh
|
||||
nb
|
||||
neovim
|
||||
nixfmt
|
||||
nixpkgs-review
|
||||
nmap
|
||||
obsidian
|
||||
rage
|
||||
statix
|
||||
];
|
||||
|
@ -1,11 +1,20 @@
|
||||
{pkgs, ...}: let
|
||||
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
];
|
||||
in {
|
||||
_module.args.isUnstable = false;
|
||||
imports = [./hardware-configuration.nix];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules/rtlamr2mqtt.nix
|
||||
];
|
||||
|
||||
hardware.rtl-sdr.enable = true;
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
@ -38,19 +47,24 @@ in {
|
||||
PATH = ["\${XDG_BIN_HOME}"];
|
||||
};
|
||||
|
||||
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker"];
|
||||
users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
#nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
rtl-sdr
|
||||
direwolf
|
||||
(callPackage ../../pkgs/rtlamr.nix {})
|
||||
];
|
||||
|
||||
programs = {
|
||||
steam.enable = true;
|
||||
_1password.enable = true;
|
||||
_1password-gui = {
|
||||
enable = true;
|
||||
polkitPolicyOwners = ["qbit"];
|
||||
};
|
||||
dconf.enable = true;
|
||||
};
|
||||
#programs = {
|
||||
# steam.enable = true;
|
||||
# _1password.enable = true;
|
||||
# _1password-gui = {
|
||||
# enable = true;
|
||||
# polkitPolicyOwners = [ "qbit" ];
|
||||
# };
|
||||
# dconf.enable = true;
|
||||
#};
|
||||
|
||||
xinCI = {
|
||||
user = "qbit";
|
||||
@ -58,11 +72,45 @@ in {
|
||||
};
|
||||
|
||||
services = {
|
||||
emacs = {
|
||||
rtlamr2mqtt = {
|
||||
enable = true;
|
||||
package = myEmacs;
|
||||
install = true;
|
||||
configuration = {
|
||||
general = {
|
||||
device_ids_path = "${config.services.rtlamr2mqtt.package}/sdl_ids.txt";
|
||||
sleep_for = 0;
|
||||
verbosity = "debug";
|
||||
tickle_rtl_tcp = false;
|
||||
device_id = "0bda:2838";
|
||||
};
|
||||
mqtt = {
|
||||
host = "10.6.0.15";
|
||||
port = 1883;
|
||||
tls_enabled = false;
|
||||
ha_autodiscovery = true;
|
||||
base_topec = "rtlamr";
|
||||
};
|
||||
custom_parameters = {
|
||||
rtltcp = "-s 2048000";
|
||||
rtlamr = "-unique=true -symbollength=32";
|
||||
};
|
||||
meters = [
|
||||
{
|
||||
id = 48582066;
|
||||
protocol = "scm";
|
||||
name = "gas_meter";
|
||||
unit_of_measurement = "ft³";
|
||||
icon = "mdi:gas-burner";
|
||||
device_class = "gas";
|
||||
state_class = "total_increasing";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
#emacs = {
|
||||
# enable = true;
|
||||
# package = myEmacs;
|
||||
# install = true;
|
||||
#};
|
||||
fwupd = {
|
||||
enable = true;
|
||||
enableTestRemote = true;
|
||||
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
@ -12,11 +13,13 @@
|
||||
userBase = {
|
||||
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
|
||||
};
|
||||
myEmacs = pkgs.callPackage ../../configs/emacs.nix {};
|
||||
peerixUser =
|
||||
if builtins.hasAttr "peerix" config.users.users
|
||||
then config.users.users.peerix.name
|
||||
else "root";
|
||||
doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override {
|
||||
doomPrivateDir = ../../configs/doom.d;
|
||||
};
|
||||
in {
|
||||
_module.args.isUnstable = true;
|
||||
imports = [./hardware-configuration.nix];
|
||||
@ -97,7 +100,7 @@ in {
|
||||
"172.16.30.253" = ["proxmox-02.vm.calyptix.local"];
|
||||
"127.0.0.1" = ["borg.calyptix.dev" "localhost"];
|
||||
"192.168.122.249" = ["arst.arst" "vm"];
|
||||
"192.168.54.1" = ["router.arst" "router"];
|
||||
"192.168.8.194" = ["router.arst" "router"];
|
||||
};
|
||||
|
||||
networkmanager.enable = true;
|
||||
@ -111,7 +114,6 @@ in {
|
||||
|
||||
kde.enable = true;
|
||||
defaultUsers.enable = false;
|
||||
jetbrains.enable = true;
|
||||
sshFidoAgent.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
@ -159,7 +161,7 @@ in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
barrier
|
||||
bitwarden
|
||||
brave
|
||||
doom-emacs
|
||||
fzf
|
||||
google-chrome-dev
|
||||
ispell
|
||||
@ -187,6 +189,8 @@ in {
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
programs.git.config.safe.directory = "/home/abieber/aef100";
|
||||
|
||||
programs = {
|
||||
dconf.enable = true;
|
||||
zsh.enable = true;
|
||||
@ -199,11 +203,6 @@ in {
|
||||
};
|
||||
|
||||
services = {
|
||||
emacs = {
|
||||
enable = true;
|
||||
package = myEmacs;
|
||||
install = true;
|
||||
};
|
||||
printing.enable = true;
|
||||
fwupd.enable = true;
|
||||
unifi.enable = false;
|
||||
@ -215,7 +214,7 @@ in {
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
"[192.168.122.249]:7022".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJd1dn/0YmUEInXbNTpUFNwzDrP0/FoMEJJc+3yYkZaCMrT0WPS5rFlkWJZ8mQf8udnfUWnTZzpDwIvXpfMQqf0=";
|
||||
"[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc";
|
||||
};
|
||||
|
||||
system.autoUpgrade.allowReboot = false;
|
||||
|
56
hosts/weatherzero/default.nix
Normal file
56
hosts/weatherzero/default.nix
Normal file
@ -0,0 +1,56 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
pubKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
|
||||
];
|
||||
userBase = {
|
||||
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
|
||||
};
|
||||
in {
|
||||
_module.args.isUnstable = false;
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
defaultUsers.enable = false;
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = lib.mkForce [
|
||||
"mmc_block"
|
||||
"usbhid"
|
||||
"hid_generic"
|
||||
"hid_microsoft"
|
||||
];
|
||||
|
||||
supportedFilesystems = lib.mkForce ["vfat"];
|
||||
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "wzero";
|
||||
networkmanager = {enable = true;};
|
||||
wireless.userControlled.enable = true;
|
||||
hosts."100.120.151.126" = ["graph.tapenet.org"];
|
||||
};
|
||||
|
||||
users.users.weather = {
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
description = "Weather";
|
||||
extraGroups = ["wheel"];
|
||||
};
|
||||
|
||||
preDNS.enable = false;
|
||||
users.users.root = userBase;
|
||||
|
||||
#environment.systemPackages = with pkgs; [
|
||||
#];
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
}
|
14
hosts/weatherzero/hardware-configuration.nix
Normal file
14
hosts/weatherzero/hardware-configuration.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{pkgs, ...}: {
|
||||
hardware = {
|
||||
deviceTree = {
|
||||
enable = true;
|
||||
overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"];
|
||||
};
|
||||
|
||||
enableRedistributableFirmware = true;
|
||||
i2c.enable = true;
|
||||
firmware = with pkgs; [
|
||||
raspberrypiWirelessFirmware
|
||||
];
|
||||
};
|
||||
}
|
@ -42,7 +42,7 @@ in {
|
||||
};
|
||||
|
||||
# neovim will overwrite my neovim!!
|
||||
environment.systemPackages = with pkgs; [neovim nixfmt jq];
|
||||
environment.systemPackages = with pkgs; [neovim jq];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
@ -102,7 +102,7 @@ in {
|
||||
'';
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [apg inetutils nixfmt];
|
||||
environment.systemPackages = with pkgs; [apg inetutils];
|
||||
|
||||
environment.interactiveShellInit = ''
|
||||
alias vi=nvim
|
||||
|
@ -24,6 +24,12 @@
|
||||
in
|
||||
prStatus;
|
||||
prIsOpen = {
|
||||
option = pr: a: let
|
||||
prStatus = getPrStatus pr;
|
||||
in
|
||||
if prStatus.status == "open"
|
||||
then a
|
||||
else {};
|
||||
pkg = pr: localPkg: upstreamPkg: let
|
||||
prStatus = getPrStatus pr;
|
||||
in
|
||||
@ -128,6 +134,7 @@
|
||||
'';
|
||||
nativeBuildInputs = with pkgs; [
|
||||
curl
|
||||
dasel
|
||||
deadnix
|
||||
git
|
||||
git-bug
|
||||
@ -136,6 +143,7 @@
|
||||
nil
|
||||
nix-diff
|
||||
nix-output-monitor
|
||||
nix-prefetch-github
|
||||
shfmt
|
||||
sops
|
||||
ssh-to-age
|
||||
|
81
modules/rtlamr2mqtt.nix
Normal file
81
modules/rtlamr2mqtt.nix
Normal file
@ -0,0 +1,81 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs; let
|
||||
cfg = config.services.rtlamr2mqtt;
|
||||
rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {};
|
||||
settingsFormat = pkgs.formats.json {};
|
||||
settingsType = settingsFormat.type;
|
||||
prettyJSON = conf:
|
||||
pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} ''
|
||||
echo '${
|
||||
builtins.toJSON conf
|
||||
}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
'';
|
||||
in {
|
||||
options = with lib; {
|
||||
services.rtlamr2mqtt = {
|
||||
enable = mkEnableOption "Enable rtlamr2mqtt";
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [str int];
|
||||
default = "rtlamr2mqtt";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [str int];
|
||||
default = "rtlamr2mqtt";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
configuration = mkOption {
|
||||
type = settingsType;
|
||||
description = ''
|
||||
Specify the configuration for rtlamr2mqtt in Nix.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = rtlamr2mqtt;
|
||||
defaultText = literalExpression "pkgs.rtlamr2mqtt";
|
||||
description = "The package to use for rtlamr2mqtt";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups.rtlamr2mqtt = {};
|
||||
users.users.rtlamr2mqtt = {
|
||||
description = "rtlamr2mqtt service user";
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/rtlamr2mqtt";
|
||||
createHome = true;
|
||||
group = "rtlamr2mqtt";
|
||||
extraGroups = ["plugdev"];
|
||||
};
|
||||
|
||||
systemd.services.rtlamr2mqtt = {
|
||||
enable = true;
|
||||
description = "rtlamr2mqtt server";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
||||
RuntimeDirectory = "/var/lib/rtlamr2mqtt";
|
||||
|
||||
ExecStart = "${cfg.package}/bin/rtlamr2mqtt ${prettyJSON cfg.configuration}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -15,11 +15,14 @@ with lib; let
|
||||
;
|
||||
|
||||
nginxCfg = config.services.nginx;
|
||||
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: _: ''
|
||||
buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v:
|
||||
if v.fsType != "sshfs"
|
||||
then ''
|
||||
check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f}
|
||||
if space usage > 90% then alert
|
||||
if inode usage > 90% then alert
|
||||
'')
|
||||
''
|
||||
else "")
|
||||
fsList)));
|
||||
buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: ''
|
||||
check host ${f} with address ${f}
|
||||
|
@ -7,22 +7,45 @@
|
||||
#_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix);
|
||||
#openssh = import ./openssh.nix;
|
||||
#obsidian = prIsOpen.overlay 235408 (import ./obsidian.nix);
|
||||
tailscale = prIsOpen.overlay 239176 import ./tailscale.nix;
|
||||
#jetbrains = prIsOpen 232308 (import ./jetbrains.nix);
|
||||
tidal-hifi = prIsOpen.overlay 238572 (import ./tidal-hifi.nix);
|
||||
matrix-synapse = prIsOpen.overlay 238845 (import ./matrix-synapse.nix);
|
||||
nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
|
||||
#tailscale = prIsOpen.overlay 239176 import ./tailscale.nix;
|
||||
#tidal-hifi = prIsOpen.overlay 239732 (import ./tidal-hifi.nix);
|
||||
matrix-synapse = prIsOpen.overlay 252544 (import ./matrix-synapse.nix);
|
||||
#nixd = prIsOpen.overlay 238779 (import ./nixd.nix);
|
||||
heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
|
||||
#rex = prIsOpen.overlay 0 (import ./rex.nix);
|
||||
in {
|
||||
nixpkgs.overlays =
|
||||
if isUnstable
|
||||
then [
|
||||
tailscale
|
||||
tidal-hifi
|
||||
nixd
|
||||
#rex
|
||||
heisenbridge
|
||||
(_: super: {
|
||||
clementine = super.clementine.overrideAttrs (_: {
|
||||
patches = [
|
||||
(super.fetchpatch {
|
||||
name = "clementine-di-radio-fix.diff";
|
||||
url = "https://patch-diff.githubusercontent.com/raw/clementine-player/Clementine/pull/7217.diff";
|
||||
hash = "sha256-kaKc2YFkXJRPibbKbBCHvlm6Y/H9zS83ohMxtUNUFlM=";
|
||||
})
|
||||
];
|
||||
});
|
||||
})
|
||||
]
|
||||
else [
|
||||
#rex
|
||||
matrix-synapse
|
||||
tailscale
|
||||
heisenbridge
|
||||
(_: super: {
|
||||
invidious = super.invidious.overrideAttrs (_: {
|
||||
patches = [
|
||||
(super.fetchpatch {
|
||||
name = "invidious-newpipe.diff";
|
||||
url = "https://patch-diff.githubusercontent.com/raw/iv-org/invidious/pull/4037.patch";
|
||||
hash = "sha256-KyqQtmfIPIX48S8SZnSlvCLvdw6Ws1u0oWEk8jLKWlU=";
|
||||
})
|
||||
];
|
||||
});
|
||||
})
|
||||
];
|
||||
}
|
||||
# Example Python dep overlay
|
||||
|
17
overlays/heisenbridge.nix
Normal file
17
overlays/heisenbridge.nix
Normal file
@ -0,0 +1,17 @@
|
||||
let
|
||||
hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE=";
|
||||
heisenbridge = _: super: {
|
||||
heisenbridge = super.heisenbridge.overrideAttrs (_: rec {
|
||||
version = "1.14.5";
|
||||
pname = "heisenbridge";
|
||||
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "hifi";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
inherit hash;
|
||||
};
|
||||
});
|
||||
};
|
||||
in
|
||||
heisenbridge
|
@ -1,17 +0,0 @@
|
||||
let
|
||||
jetbrains = _: super: {
|
||||
# Override jetbrains idea-ultimate until the newer version is available
|
||||
jetbrains =
|
||||
super.jetbrains
|
||||
// {
|
||||
idea-ultimate = super.jetbrains.idea-ultimate.overrideAttrs (_: rec {
|
||||
version = "2023.1.2";
|
||||
src = super.fetchurl {
|
||||
url = "https://download-cdn.jetbrains.com/idea/ideaIU-${version}.tar.gz";
|
||||
sha256 = "sha256-4aJgcOkb3Gp9JirtoxanKQjR/7uLUA8IZmW/zSneJJo=";
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
in
|
||||
jetbrains
|
@ -1,20 +1,21 @@
|
||||
let
|
||||
hash = "sha256-rLEewCN8OdZ4wIWQRbLkxVF/VOAESTLAVQLfUu/PYsA=";
|
||||
sha256 = "sha256-aOoSvT6e2x7JcXoQ2sVTCDvkWupixLzpbk3cTHVQs7I=";
|
||||
matrix-synapse = _: super: {
|
||||
matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec {
|
||||
version = "1.86.0";
|
||||
version = "1.91.0";
|
||||
pname = "matrix-synapse";
|
||||
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "matrix-org";
|
||||
repo = "synapse";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-vSNAISWTTT3IAeA8hxQhQNp9T3soey4vgh7v+BxI+K0=";
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
cargoDeps = super.rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
inherit src sha256;
|
||||
name = "${pname}-${version}";
|
||||
sha256 = "sha256-lPLhh5FkxpBUQ5UH6eAfUIyGvHIcZHmbYBT5QUW/W4k=";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
10
overlays/rex.nix
Normal file
10
overlays/rex.nix
Normal file
@ -0,0 +1,10 @@
|
||||
let
|
||||
rex = _: super: {
|
||||
rex = super.rex.overrideAttrs (_: {
|
||||
postPatch = ''
|
||||
patchShebangs bin
|
||||
'';
|
||||
});
|
||||
};
|
||||
in
|
||||
rex
|
@ -12,24 +12,20 @@ let
|
||||
"-X tailscale.com/version.shortStamp=${version}"
|
||||
];
|
||||
|
||||
#tailscale = _: super: {
|
||||
# tailscale = super.tailscale.overrideAttrs (_: {
|
||||
# version = "1.44.0";
|
||||
# src = super.fetchFromGitHub fetchArgs
|
||||
# inherit vendorHash ldflags version;
|
||||
# ];
|
||||
# });
|
||||
#};
|
||||
|
||||
tailscale = _: super: {
|
||||
tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
|
||||
buildGoModule = args:
|
||||
super.buildGo120Module (args
|
||||
// {
|
||||
tailscale = super.tailscale.overrideAttrs (_: {
|
||||
src = super.fetchFromGitHub fetchArgs;
|
||||
inherit vendorHash ldflags version;
|
||||
});
|
||||
};
|
||||
};
|
||||
#tailscale = _: super: {
|
||||
# tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" {
|
||||
# buildGoModule = args:
|
||||
# super.buildGo120Module (args // {
|
||||
# src = super.fetchFromGitHub fetchArgs;
|
||||
# inherit vendorHash ldflags version;
|
||||
# });
|
||||
# };
|
||||
#};
|
||||
in
|
||||
tailscale
|
||||
|
@ -1,11 +1,11 @@
|
||||
let
|
||||
tidal-hifi = _: super: {
|
||||
tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec {
|
||||
version = "5.2.0";
|
||||
version = "5.3.0";
|
||||
|
||||
src = super.fetchurl {
|
||||
url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb";
|
||||
sha256 = "sha256-ZdEbGsGt1Z/vve3W/Z6Pw1+m5xoTY/l7Es03yM4T0tE=";
|
||||
sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M=";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
29
pkgs/clilol.nix
Normal file
29
pkgs/clilol.nix
Normal file
@ -0,0 +1,29 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchgit,
|
||||
...
|
||||
}:
|
||||
buildGoModule rec {
|
||||
pname = "clilol";
|
||||
version = "1.0.4";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.mcornick.dev/mcornick/clilol.git";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-VlL5prd021JrOf33jUdqORk9MxpyRQHNMpqDoSLLYi8=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-i4UG52Z1zTM4VHBaNf5IYfQKnpC5iZTkK6L5hyQ6f4s=";
|
||||
|
||||
# attempts to make calls to api.omg.lol
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "a CLI for omg.lol";
|
||||
homepage = "https://mcornick.dev/clilol/";
|
||||
changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}";
|
||||
license = licenses.mpl20;
|
||||
maintainers = [maintainers.qbit];
|
||||
};
|
||||
}
|
31
pkgs/fyne.nix
Normal file
31
pkgs/fyne.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
pname = "fyne";
|
||||
version = "2.3.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "fyne-io";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-iSQ1oqUePxDyjQTKNazX0IZyHAoz50bqukV2CmQjrAk=";
|
||||
};
|
||||
|
||||
vendorHash = null;
|
||||
|
||||
proxyVendor = true;
|
||||
|
||||
subPackages = ["cmd/fyne"];
|
||||
|
||||
meta = {
|
||||
description = "Fyne command line tool";
|
||||
homepage = "https://github.com/fyne-io/fyne";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [qbit];
|
||||
};
|
||||
}
|
@ -1,21 +1,21 @@
|
||||
{
|
||||
lib,
|
||||
buildGo119Module,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
go,
|
||||
ffmpeg,
|
||||
...
|
||||
}: let
|
||||
gotosocialVersion = "0.9.0";
|
||||
gtswaHash = "sha256:1yxyl8q0dqpv3cqzxj0anh8rskk3rmw9mjnjkm4svc0vgaph1y1s";
|
||||
gtssHash = "sha256-UZRIQTdVESCYv2KW7HUS2c4bS5qnB7wdwiYAgEJ60fU=";
|
||||
gotosocialVersion = "0.11.0";
|
||||
gtswaHash = "sha256:0qbs4a3wblrlcr1l5155p54vdd6hn2szkdns99wxjhjr8kw6dbil";
|
||||
gtssHash = "sha256-qbq5pDvG2L1s6BG+sh7eagcFNH/DWyANMQaAl2WcQzE=";
|
||||
gotosocialWebAssets = builtins.fetchurl {
|
||||
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${gotosocialVersion}/gotosocial_${gotosocialVersion}_web-assets.tar.gz";
|
||||
sha256 = gtswaHash;
|
||||
};
|
||||
in
|
||||
with lib;
|
||||
buildGo119Module rec {
|
||||
buildGoModule rec {
|
||||
pname = "gotosocial";
|
||||
version = gotosocialVersion;
|
||||
|
||||
|
@ -1,31 +0,0 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
name = "vuln";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "golang";
|
||||
repo = name;
|
||||
rev = "03dd099d9b0dd4e0a3ab25b3192b9d95c97252ea";
|
||||
sha256 = "sha256-UJ2svg/exjwH/T3dqHixRgD6ZqYjbV/MpnEEaFza6Ns=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-tk186BCy8l0o1mxaWXcz0BWVMvvMvhEGcTmDdthJlcc=";
|
||||
|
||||
#> github.com/tidwall/pretty@v1.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
|
||||
doCheck = false;
|
||||
|
||||
subPackages = ["cmd/govulncheck"];
|
||||
|
||||
meta = {
|
||||
description = "tools for the Go vulnerability database";
|
||||
homepage = "https://github.com/golang/vuln";
|
||||
license = licenses.isc;
|
||||
maintainers = with maintainers; [qbit];
|
||||
};
|
||||
}
|
51
pkgs/mvoice.nix
Normal file
51
pkgs/mvoice.nix
Normal file
@ -0,0 +1,51 @@
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
pname = "mvoice";
|
||||
version = "unstable-2023-05-30";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "n7tae";
|
||||
repo = "mvoice";
|
||||
rev = "8e0a9fb350f8308d7ee7e07e3cc48e7c33a7be64";
|
||||
sha256 = "sha256-DNCF/m56owu8DYcv2lLxUZ+mVpmivXbPjBFE2V/23pE=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
alsa-lib
|
||||
curl
|
||||
fltk
|
||||
gcc
|
||||
gettext
|
||||
gnutls
|
||||
msgpack
|
||||
opendht
|
||||
paprefs
|
||||
pavucontrol
|
||||
pulseaudio
|
||||
];
|
||||
|
||||
prePatch = ''
|
||||
substituteInPlace Makefile \
|
||||
--replace "/bin/cp" "cp"
|
||||
substituteInPlace Makefile \
|
||||
--replace "/bin/rm" "rm"
|
||||
'';
|
||||
|
||||
preBuild = ''
|
||||
export HOME=$out
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "A prototype M17 voice application for ham radio";
|
||||
homepage = "https://github.com/n7tae/mvoice";
|
||||
license = licenses.gpl3;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [qbit];
|
||||
};
|
||||
}
|
165
pkgs/openssh/common.nix
Normal file
165
pkgs/openssh/common.nix
Normal file
@ -0,0 +1,165 @@
|
||||
{ pname
|
||||
, version
|
||||
, extraDesc ? ""
|
||||
, src
|
||||
, extraPatches ? []
|
||||
, extraNativeBuildInputs ? []
|
||||
, extraConfigureFlags ? []
|
||||
, extraMeta ? {}
|
||||
}:
|
||||
|
||||
{ lib, stdenv
|
||||
# This *is* correct, though unusual. as a way of getting krb5-config from the
|
||||
# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
|
||||
, pkgs
|
||||
, autoreconfHook
|
||||
, zlib
|
||||
, libressl
|
||||
, libedit
|
||||
, pkg-config
|
||||
, pam
|
||||
, libredirect
|
||||
, etcDir ? "/etc/ssh"
|
||||
, withKerberos ? true
|
||||
, libkrb5
|
||||
, libfido2
|
||||
, hostname
|
||||
, nixosTests
|
||||
, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
|
||||
, withPAM ? stdenv.hostPlatform.isLinux
|
||||
, linkOpenssl ? true
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
inherit pname version src;
|
||||
|
||||
patches = [
|
||||
./locale_archive.patch
|
||||
|
||||
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
|
||||
./dont_create_privsep_path.patch
|
||||
] ++ extraPatches;
|
||||
|
||||
postPatch =
|
||||
# On Hydra this makes installation fail (sometimes?),
|
||||
# and nix store doesn't allow such fancy permission bits anyway.
|
||||
''
|
||||
substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
|
||||
'';
|
||||
|
||||
strictDeps = true;
|
||||
nativeBuildInputs = [ autoreconfHook pkg-config ]
|
||||
# This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is
|
||||
# needed here to access krb5-config in order to cross compile. See:
|
||||
# https://github.com/NixOS/nixpkgs/pull/107606
|
||||
++ lib.optional withKerberos pkgs.libkrb5
|
||||
++ extraNativeBuildInputs;
|
||||
buildInputs = [ zlib libressl libedit ]
|
||||
++ lib.optional withFIDO libfido2
|
||||
++ lib.optional withKerberos libkrb5
|
||||
++ lib.optional withPAM pam;
|
||||
|
||||
preConfigure = ''
|
||||
# Setting LD causes `configure' and `make' to disagree about which linker
|
||||
# to use: `configure' wants `gcc', but `make' wants `ld'.
|
||||
unset LD
|
||||
'';
|
||||
|
||||
# I set --disable-strip because later we strip anyway. And it fails to strip
|
||||
# properly when cross building.
|
||||
configureFlags = [
|
||||
"--sbindir=\${out}/bin"
|
||||
"--localstatedir=/var"
|
||||
"--with-pid-dir=/run"
|
||||
"--with-mantype=man"
|
||||
"--with-libedit=yes"
|
||||
"--disable-strip"
|
||||
(lib.withFeature withPAM "pam")
|
||||
] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
|
||||
++ lib.optional withFIDO "--with-security-key-builtin=yes"
|
||||
++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
|
||||
++ lib.optional stdenv.isDarwin "--disable-libutil"
|
||||
++ lib.optional (!linkOpenssl) "--without-openssl"
|
||||
++ extraConfigureFlags;
|
||||
|
||||
${if stdenv.hostPlatform.isStatic then "NIX_LDFLAGS" else null}= [ "-laudit" ] ++ lib.optionals withKerberos [ "-lkeyutils" ];
|
||||
|
||||
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
hardeningEnable = [ "pie" ];
|
||||
|
||||
doCheck = true;
|
||||
enableParallelChecking = false;
|
||||
nativeCheckInputs = [ libressl ] ++ lib.optional (!stdenv.isDarwin) hostname;
|
||||
preCheck = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
|
||||
# construct a dummy HOME
|
||||
export HOME=$(realpath ../dummy-home)
|
||||
mkdir -p ~/.ssh
|
||||
|
||||
# construct a dummy /etc/passwd file for the sshd under test
|
||||
# to use to look up the connecting user
|
||||
DUMMY_PASSWD=$(realpath ../dummy-passwd)
|
||||
cat > $DUMMY_PASSWD <<EOF
|
||||
$(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
|
||||
EOF
|
||||
|
||||
# we need to NIX_REDIRECTS /etc/passwd both for processes
|
||||
# invoked directly and those invoked by the "remote" session
|
||||
cat > ~/.ssh/environment.base <<EOF
|
||||
NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD
|
||||
LD_PRELOAD=${libredirect}/lib/libredirect.so
|
||||
EOF
|
||||
|
||||
# use an ssh environment file to ensure environment is set
|
||||
# up appropriately for build environment even when no shell
|
||||
# is invoked by the ssh session. otherwise the PATH will
|
||||
# only contain default unix paths like /bin which we don't
|
||||
# have in our build environment
|
||||
cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF
|
||||
cp $HOME/.ssh/environment.base $HOME/.ssh/environment
|
||||
echo "PATH=\$PATH" >> $HOME/.ssh/environment
|
||||
EOF
|
||||
mv regress/test-exec.sh.new regress/test-exec.sh
|
||||
|
||||
# explicitly enable the PermitUserEnvironment feature
|
||||
substituteInPlace regress/test-exec.sh \
|
||||
--replace \
|
||||
'cat << EOF > $OBJ/sshd_config' \
|
||||
$'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes'
|
||||
|
||||
# some tests want to use files under /bin as example files
|
||||
for f in regress/sftp-cmds.sh regress/forwarding.sh; do
|
||||
substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))"
|
||||
done
|
||||
|
||||
# set up NIX_REDIRECTS for direct invocations
|
||||
set -a; source ~/.ssh/environment.base; set +a
|
||||
'';
|
||||
# integration tests hard to get working on darwin with its shaky
|
||||
# sandbox
|
||||
# t-exec tests fail on musl
|
||||
checkTarget = lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec"
|
||||
# other tests are less demanding of the environment
|
||||
++ [ "unit" "file-tests" "interop-tests" ];
|
||||
|
||||
installTargets = [ "install-nokeys" ];
|
||||
installFlags = [
|
||||
"sysconfdir=\${out}/etc/ssh"
|
||||
];
|
||||
|
||||
passthru.tests = {
|
||||
borgbackup-integration = nixosTests.borgbackup;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "An implementation of the SSH protocol${extraDesc}";
|
||||
homepage = "https://www.openssh.com/";
|
||||
changelog = "https://www.openssh.com/releasenotes.html";
|
||||
license = licenses.bsd2;
|
||||
platforms = platforms.unix ++ platforms.windows;
|
||||
maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [ eelco aneeshusa ]);
|
||||
mainProgram = "ssh";
|
||||
} // extraMeta;
|
||||
}
|
23
pkgs/openssh/default.nix
Normal file
23
pkgs/openssh/default.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{
|
||||
callPackage,
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
}: let
|
||||
inherit (builtins) readFile fromJSON;
|
||||
common = opts: callPackage (import ./common.nix opts) {};
|
||||
verStr = fromJSON (readFile ./version.json);
|
||||
in {
|
||||
openssh = common {
|
||||
pname = "openssh";
|
||||
inherit (verStr) version;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
inherit (verStr) rev hash;
|
||||
owner = "openssh";
|
||||
repo = "openssh-portable";
|
||||
};
|
||||
|
||||
extraPatches = [./ssh-keysign-8.5.patch];
|
||||
extraMeta.maintainers = with lib.maintainers; [qbit];
|
||||
};
|
||||
}
|
12
pkgs/openssh/dont_create_privsep_path.patch
Normal file
12
pkgs/openssh/dont_create_privsep_path.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git i/Makefile.in w/Makefile.in
|
||||
index 04e1c8e5..9bd5d01b 100644
|
||||
--- i/Makefile.in
|
||||
+++ w/Makefile.in
|
||||
@@ -329,7 +329,6 @@ install-files:
|
||||
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
|
||||
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
|
||||
$(MKDIR_P) $(DESTDIR)$(libexecdir)
|
||||
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
|
15
pkgs/openssh/locale_archive.patch
Normal file
15
pkgs/openssh/locale_archive.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff --git i/session.c w/session.c
|
||||
index 58826db1..658dd911 100644
|
||||
--- i/session.c
|
||||
+++ w/session.c
|
||||
@@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
||||
if (getenv("TZ"))
|
||||
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||||
|
||||
+ /* NixOS path to the glibc locale archive, to be set in the systemd job */
|
||||
+ if (getenv("LOCALE_ARCHIVE"))
|
||||
+ child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE"));
|
||||
+
|
||||
/* Set custom environment options from pubkey authentication. */
|
||||
if (options.permit_user_env) {
|
||||
for (n = 0 ; n < auth_opts->nenv; n++) {
|
24
pkgs/openssh/ssh-keysign-8.5.patch
Normal file
24
pkgs/openssh/ssh-keysign-8.5.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff --git a/pathnames.h b/pathnames.h
|
||||
index cb44caa4..354fdf05 100644
|
||||
--- a/pathnames.h
|
||||
+++ b/pathnames.h
|
||||
@@ -124,7 +124,7 @@
|
||||
|
||||
/* Location of ssh-keysign for hostbased authentication */
|
||||
#ifndef _PATH_SSH_KEY_SIGN
|
||||
-#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign"
|
||||
+#define _PATH_SSH_KEY_SIGN "ssh-keysign"
|
||||
#endif
|
||||
|
||||
/* Location of ssh-pkcs11-helper to support keys in tokens */
|
||||
--- a/sshconnect2.c
|
||||
+++ b/sshconnect2.c
|
||||
@@ -2021,7 +2021,7 @@
|
||||
|
||||
debug3_f("[child] pid=%ld, exec %s",
|
||||
(long)getpid(), _PATH_SSH_KEY_SIGN);
|
||||
- execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
|
||||
+ execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
|
||||
fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN,
|
||||
strerror(errno));
|
||||
}
|
1
pkgs/openssh/version.json
Normal file
1
pkgs/openssh/version.json
Normal file
@ -0,0 +1 @@
|
||||
{"rev":"f98031773db361424d59e3301aa92aacf423d920","hash":"sha256-MxEwe4x/PIjofzGzQC4LhladRQT5AcnDa+BwMm0DQx4=","version":"2023-08-29"}
|
27
pkgs/rtlamr.nix
Normal file
27
pkgs/rtlamr.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
pname = "rtlamr";
|
||||
version = "0.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bemasher";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-0LufLU/wTmCRqTnQBNJg5UnDv0u1Thec5FSWATWqZsQ=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-uT6zfsWgIot0EMNqwtwJNFXN/WaAyOGfcYJjuyOXT4g=";
|
||||
|
||||
meta = {
|
||||
description = "rtl-sdr receiver for Itron ETR meters";
|
||||
homepage = "https://github.com/bemasher/rtlamr";
|
||||
license = licenses.agpl3;
|
||||
maintainers = with maintainers; [qbit];
|
||||
};
|
||||
}
|
42
pkgs/rtlamr2mqtt.nix
Normal file
42
pkgs/rtlamr2mqtt.nix
Normal file
@ -0,0 +1,42 @@
|
||||
{
|
||||
buildPythonPackage,
|
||||
callPackage,
|
||||
fetchFromGitHub,
|
||||
paho-mqtt,
|
||||
pyusb,
|
||||
pyyaml,
|
||||
requests,
|
||||
rtl-sdr,
|
||||
...
|
||||
}: let
|
||||
rtlamr = callPackage ./rtlamr.nix {};
|
||||
in
|
||||
buildPythonPackage {
|
||||
pname = "rtlamr2mqtt";
|
||||
version = "unstable-2023-08-17";
|
||||
|
||||
format = "none";
|
||||
|
||||
nativeBuildInputs = [];
|
||||
propagatedBuildInputs = [paho-mqtt pyyaml requests pyusb rtlamr rtl-sdr];
|
||||
|
||||
doCheck = false;
|
||||
doBuild = false;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp rtlamr2mqtt-addon/rtlamr2mqtt.py $out/bin/rtlamr2mqtt
|
||||
cp rtlamr2mqtt-addon/sdl_ids.txt $out/
|
||||
'';
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "qbit";
|
||||
repo = "rtlamr2mqtt";
|
||||
hash = "sha256-WqW+RZQhwYAIvBAizO3/7SdlhWR9ZIIliEq76XwsUEo=";
|
||||
rev = "631504e";
|
||||
};
|
||||
|
||||
meta = {
|
||||
mainProgram = "rtlamr2mqtt";
|
||||
};
|
||||
}
|
@ -7,12 +7,12 @@
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "secretive";
|
||||
version = "2.2.0";
|
||||
version = "2.3.1";
|
||||
|
||||
src = fetchurl {
|
||||
name = "Secretive-${version}.zip";
|
||||
url = "https://github.com/maxgoedjen/secretive/releases/download/v${version}/Secretive.zip";
|
||||
hash = "sha256-gjB8bevzbgYZ1GtAVMK+IBp9eP+Y79s8RhK/sdg7AI8=";
|
||||
hash = "sha256-STpyNiiYtEgLqnDxFdlRW0Gyr0pQPK8AJ34rw4JLC70=";
|
||||
};
|
||||
|
||||
buildInputs = [unzip];
|
||||
|
@ -7,16 +7,16 @@
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
pname = "sliding-sync";
|
||||
version = "0.99.3";
|
||||
version = "0.99.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "matrix-org";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-lmmOq0gkvrIXQmy3rbTga0cC85t0LWjDOqrH1NWUpdA=";
|
||||
rev = "8e096656f58ffdc15ac5b08fc088eee1187a4a99";
|
||||
hash = "sha256-4rYLHUlHbQ6KnxyXCCLqG4/zfXdZm4KZX1cOg5ITQPk=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-447P2TbBUEHmHubHiiZCrFVCj2/tmEuYFzLo27UyCk4=";
|
||||
vendorHash = "sha256-JYSpjAgIvQFpYmOTifRXHVB6bSrukqSVhmAAmHylPbQ=";
|
||||
|
||||
# Note: tests require a postgres install accessible to the current user
|
||||
doCheck = false;
|
||||
|
@ -7,14 +7,13 @@
|
||||
with lib;
|
||||
buildGoModule rec {
|
||||
pname = "yarr";
|
||||
version = "2023-05-16";
|
||||
version = "2.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nkanaev";
|
||||
repo = pname;
|
||||
#rev = "v${version}";
|
||||
rev = "7d99edab8d3c054e75feba183bd76fead15712f1";
|
||||
sha256 = "sha256-gOydL1SyM1bGbErpefWlwhjLWH6j0GGpI/F0kEBHxic=";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k=";
|
||||
};
|
||||
|
||||
vendorHash = null;
|
||||
|
@ -1,22 +0,0 @@
|
||||
{
|
||||
"branches": [
|
||||
"master",
|
||||
"nixos-unstable-small",
|
||||
"nixpkgs-unstable",
|
||||
"staging",
|
||||
"staging-next"
|
||||
],
|
||||
"error": "",
|
||||
"pull_request": 238572,
|
||||
"release": "unstable",
|
||||
"status": "open",
|
||||
"status_info": {
|
||||
"master": true,
|
||||
"nixos-unstable": false,
|
||||
"nixos-unstable-small": true,
|
||||
"nixpkgs-unstable": true,
|
||||
"staging": true,
|
||||
"staging-next": true
|
||||
},
|
||||
"title": "tidal-hifi: 5.1.0 -> 5.2.0"
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
{
|
||||
"branches": [
|
||||
"master",
|
||||
"nixos-unstable-small",
|
||||
"nixpkgs-unstable",
|
||||
"staging",
|
||||
"staging-next"
|
||||
],
|
||||
"error": "",
|
||||
"pull_request": 238779,
|
||||
"release": "unstable",
|
||||
"status": "open",
|
||||
"status_info": {
|
||||
"master": true,
|
||||
"nixos-unstable": false,
|
||||
"nixos-unstable-small": true,
|
||||
"nixpkgs-unstable": true,
|
||||
"staging": true,
|
||||
"staging-next": true
|
||||
},
|
||||
"title": "nixd: 1.0.0 -> 1.1.0"
|
||||
}
|
@ -1,9 +0,0 @@
|
||||
{
|
||||
"branches": [],
|
||||
"error": "",
|
||||
"pull_request": 239176,
|
||||
"release": "stable",
|
||||
"status": "open",
|
||||
"status_info": {},
|
||||
"title": "tailscale: 1.42.0 -> 1.44.0"
|
||||
}
|
@ -1,20 +1,17 @@
|
||||
{
|
||||
"branches": [
|
||||
"nixos-23.05-small",
|
||||
"nixpkgs-23.05-darwin",
|
||||
"release-23.05",
|
||||
"staging-23.05",
|
||||
"staging-next-23.05"
|
||||
],
|
||||
"error": "",
|
||||
"pull_request": 238845,
|
||||
"pull_request": 252544,
|
||||
"release": "stable",
|
||||
"status": "open",
|
||||
"status_info": {
|
||||
"nixos-23.05-small": false,
|
||||
"release-23.05": true,
|
||||
"staging-23.05": true,
|
||||
"staging-next-23.05": true
|
||||
},
|
||||
"title": "matrix-synapse: 1.85.2 -> 1.86.0"
|
||||
"title": "matrix-synapse: 1.90.0 -> 1.91.0"
|
||||
}
|
BIN
xintray-logo.png
Normal file
BIN
xintray-logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 388 KiB |
Loading…
Reference in New Issue
Block a user