From 1555d7b643fee6678239da1811141e2961a55ba6 Mon Sep 17 00:00:00 2001 From: Lukas Wurzinger Date: Sun, 23 Mar 2025 22:48:46 +0100 Subject: [PATCH] what --- README.md | 3 + classes/headless/grafana.nix | 22 +++--- classes/headless/prometheus.nix | 14 ++-- classes/headless/tailscale.nix | 12 ---- classes/kiosk/cosmic.nix | 32 --------- classes/kiosk/flatpak.nix | 14 ---- classes/kiosk/fonts.nix | 26 ------- classes/kiosk/gtk.nix | 5 -- classes/kiosk/hardware.nix | 9 --- classes/kiosk/location.nix | 3 - classes/kiosk/networking.nix | 10 --- classes/kiosk/pipewire.nix | 11 --- classes/kiosk/xdg.nix | 3 - common/comma.nix | 3 + common/{cnf.nix => command-not-found.nix} | 1 + common/nix-index-database.nix | 5 ++ common/nix.nix | 2 + common/tailscale.nix | 14 ++++ flake.lock | 69 ++++++++++++------- flake.nix | 13 ++-- .../flamingo/libreoffice.nix} | 2 +- hosts/headful/flamingo/mpv.nix | 5 ++ hosts/headful/flamingo/spotify.nix | 5 ++ hosts/headful/glacier/gimp.nix | 5 ++ hosts/headful/glacier/inkscape.nix | 5 ++ hosts/headful/glacier/libreoffice.nix | 5 ++ hosts/headful/glacier/mpv.nix | 5 ++ hosts/headful/glacier/steam.nix | 1 + hosts/headful/insomniac/cosmic.nix | 17 +++++ .../{kiosk => headful}/insomniac/dolphin.nix | 0 .../insomniac/filesystems.nix | 0 hosts/headful/insomniac/flatpak.nix | 6 ++ .../{kiosk => headful}/insomniac/freetube.nix | 0 .../{kiosk => headful}/insomniac/hardware.nix | 0 hosts/{kiosk => headful}/insomniac/rmg.nix | 0 hosts/headful/insomniac/spotify.nix | 5 ++ hosts/{kiosk => headful}/insomniac/steam.nix | 0 hosts/{kiosk => headful}/insomniac/system.nix | 0 hosts/{kiosk => headful}/insomniac/users.nix | 0 hosts/headful/work/spotify.nix | 5 ++ hosts/headless/abacus/domains.nix | 14 ++++ hosts/headless/abacus/forgejo.nix | 16 ++--- hosts/headless/abacus/headscale.nix | 32 ++++++--- hosts/headless/abacus/microbin.nix | 7 +- hosts/headless/abacus/miniflux.nix | 1 + hosts/headless/abacus/navidrome.nix | 15 ++-- hosts/headless/abacus/nginx.nix | 18 +++-- .../abacus/{static.nix => static-sites.nix} | 11 +-- hosts/headless/abacus/vaultwarden.nix | 9 ++- hosts/headless/vessel/syncthing.nix | 9 +-- lib.nix | 5 -- 51 files changed, 243 insertions(+), 231 deletions(-) delete mode 100644 classes/headless/tailscale.nix delete mode 100644 classes/kiosk/cosmic.nix delete mode 100644 classes/kiosk/flatpak.nix delete mode 100644 classes/kiosk/fonts.nix delete mode 100644 classes/kiosk/gtk.nix delete mode 100644 classes/kiosk/hardware.nix delete mode 100644 classes/kiosk/location.nix delete mode 100644 classes/kiosk/networking.nix delete mode 100644 classes/kiosk/pipewire.nix delete mode 100644 classes/kiosk/xdg.nix create mode 100644 common/comma.nix rename common/{cnf.nix => command-not-found.nix} (84%) create mode 100644 common/nix-index-database.nix create mode 100644 common/tailscale.nix rename hosts/{kiosk/insomniac/librewolf.nix => headful/flamingo/libreoffice.nix} (53%) create mode 100644 hosts/headful/flamingo/mpv.nix create mode 100644 hosts/headful/flamingo/spotify.nix create mode 100644 hosts/headful/glacier/gimp.nix create mode 100644 hosts/headful/glacier/inkscape.nix create mode 100644 hosts/headful/glacier/libreoffice.nix create mode 100644 hosts/headful/glacier/mpv.nix create mode 100644 hosts/headful/insomniac/cosmic.nix rename hosts/{kiosk => headful}/insomniac/dolphin.nix (100%) rename hosts/{kiosk => headful}/insomniac/filesystems.nix (100%) create mode 100644 hosts/headful/insomniac/flatpak.nix rename hosts/{kiosk => headful}/insomniac/freetube.nix (100%) rename hosts/{kiosk => headful}/insomniac/hardware.nix (100%) rename hosts/{kiosk => headful}/insomniac/rmg.nix (100%) create mode 100644 hosts/headful/insomniac/spotify.nix rename hosts/{kiosk => headful}/insomniac/steam.nix (100%) rename hosts/{kiosk => headful}/insomniac/system.nix (100%) rename hosts/{kiosk => headful}/insomniac/users.nix (100%) create mode 100644 hosts/headful/work/spotify.nix create mode 100644 hosts/headless/abacus/domains.nix rename hosts/headless/abacus/{static.nix => static-sites.nix} (83%) diff --git a/README.md b/README.md index cd2b8cf..0cf3286 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,6 @@ This is my cobbled together NixOS configuration. There are many like it, but thi - [ ] logging (loki) - [ ] kiosk - [ ] tailscale and headscale +- [ ] game rom sync insomniac +- [ ] insomniac backups +- [ ] nginx websites diff --git a/classes/headless/grafana.nix b/classes/headless/grafana.nix index 56267f0..e3b2532 100644 --- a/classes/headless/grafana.nix +++ b/classes/headless/grafana.nix @@ -1,13 +1,11 @@ -{ - config, - lib, - ... -}: { +{config, ...}: let + virtualHostName = "grafana.helveticanonstandard.net"; +in { services.grafana = { enable = true; settings.server = { - domain = "grafana.pele"; + domain = virtualHostName; http_port = 9010; http_addr = "127.0.0.1"; root_url = "http://192.168.1.10:8010"; # TODO @@ -23,24 +21,24 @@ name = "Prometheus"; type = "prometheus"; access = "proxy"; - url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + url = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}"; } { name = "Loki"; type = "loki"; access = "proxy"; - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; + url = "http://127.0.0.1:${builtins.toString config.services.loki.configuration.server.http_listen_port}"; } ]; }; }; - services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { + services.nginx.virtualHosts.${virtualHostName} = { locations."/" = { - proxyPass = "http://${lib.formatHostPort { + proxyPass = let host = config.services.grafana.settings.server.http_addr; - port = config.services.grafana.settings.server.http_port; - }}"; + port = builtins.toString config.services.grafana.settings.server.http_port; + in "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/classes/headless/prometheus.nix b/classes/headless/prometheus.nix index 427c218..53c2130 100644 --- a/classes/headless/prometheus.nix +++ b/classes/headless/prometheus.nix @@ -1,8 +1,4 @@ -{ - config, - lib, - ... -}: { +{config, ...}: { services.prometheus = { enable = true; port = 3020; @@ -22,11 +18,9 @@ static_configs = [ { targets = let - target = lib.formatHostPort { - host = config.services.prometheus.exporters.node.listenAddress; - inherit (config.services.prometheus.exporters.node) port; - }; - in [target]; + host = config.services.prometheus.exporters.node.listenAddress; + port = builtins.toString config.services.prometheus.exporters.node.port; + in ["${host}:${port}"]; } ]; } diff --git a/classes/headless/tailscale.nix b/classes/headless/tailscale.nix deleted file mode 100644 index fb757c4..0000000 --- a/classes/headless/tailscale.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - services.tailscale = { - enable = true; - openFirewall = true; #TODO - }; - - networking.firewall = { - checkReversePath = "loose"; - trustedInterfaces = ["tailscale0"]; - allowedUDPPorts = [config.services.tailscale.port]; - }; -} diff --git a/classes/kiosk/cosmic.nix b/classes/kiosk/cosmic.nix deleted file mode 100644 index e5455f4..0000000 --- a/classes/kiosk/cosmic.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: { - imports = [ - inputs.nixos-cosmic.nixosModules.default - ]; - - nix.settings = { - substituters = ["https://cosmic.cachix.org/"]; - trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; - }; - - services = { - desktopManager.cosmic.enable = true; - displayManager.cosmic-greeter.enable = true; - - greetd.settings.initial_session = { - user = config.users.mainUser; - command = '' - ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} - ''; - }; - }; - - environment.cosmic.excludePackages = [ - pkgs.cosmic-store - ]; -} diff --git a/classes/kiosk/flatpak.nix b/classes/kiosk/flatpak.nix deleted file mode 100644 index f59aa97..0000000 --- a/classes/kiosk/flatpak.nix +++ /dev/null @@ -1,14 +0,0 @@ -{inputs, ...}: { - imports = [ - inputs.flatpak.nixosModules.nix-flatpak - ]; - - services.flatpak = { - enable = true; - - update.auto = { - enable = true; - onCalendar = "weekly"; - }; - }; -} diff --git a/classes/kiosk/fonts.nix b/classes/kiosk/fonts.nix deleted file mode 100644 index 24ab985..0000000 --- a/classes/kiosk/fonts.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, ...}: { - fonts = { - enableDefaultPackages = true; - packages = [ - pkgs.noto-fonts - pkgs.noto-fonts-extra - pkgs.noto-fonts-cjk-sans - pkgs.noto-fonts-cjk-serif - pkgs.noto-fonts-monochrome-emoji - pkgs.noto-fonts-color-emoji - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = ["Noto Sans Mono"]; - sansSerif = ["Noto Sans"]; - serif = ["Noto Serif"]; - emoji = ["Noto Color Emoji" "Noto Emoji"]; - }; - }; - - fontDir.enable = true; - }; -} diff --git a/classes/kiosk/gtk.nix b/classes/kiosk/gtk.nix deleted file mode 100644 index 34ada01..0000000 --- a/classes/kiosk/gtk.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, ...}: { - xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; - - programs.dconf.enable = true; -} diff --git a/classes/kiosk/hardware.nix b/classes/kiosk/hardware.nix deleted file mode 100644 index 625fbdd..0000000 --- a/classes/kiosk/hardware.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - hardware = { - bluetooth.enable = true; - steam-hardware.enable = true; - xone.enable = true; - xpadneo.enable = true; - graphics.enable = true; - }; -} diff --git a/classes/kiosk/location.nix b/classes/kiosk/location.nix deleted file mode 100644 index 474ee00..0000000 --- a/classes/kiosk/location.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - location.provider = "geoclue2"; -} diff --git a/classes/kiosk/networking.nix b/classes/kiosk/networking.nix deleted file mode 100644 index d7cd8c0..0000000 --- a/classes/kiosk/networking.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: { - services.resolved.enable = true; - - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - users.groups.networkmanager.members = config.users.normalUsers; -} diff --git a/classes/kiosk/pipewire.nix b/classes/kiosk/pipewire.nix deleted file mode 100644 index 157b2af..0000000 --- a/classes/kiosk/pipewire.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - pulse.enable = true; - jack.enable = true; - }; -} diff --git a/classes/kiosk/xdg.nix b/classes/kiosk/xdg.nix deleted file mode 100644 index a5a81d9..0000000 --- a/classes/kiosk/xdg.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - xdg.portal.xdgOpenUsePortal = true; -} diff --git a/common/comma.nix b/common/comma.nix new file mode 100644 index 0000000..05bde3a --- /dev/null +++ b/common/comma.nix @@ -0,0 +1,3 @@ +{ + programs.nix-index-database.comma.enable = true; +} diff --git a/common/cnf.nix b/common/command-not-found.nix similarity index 84% rename from common/cnf.nix rename to common/command-not-found.nix index fa415f2..5f8fcff 100644 --- a/common/cnf.nix +++ b/common/command-not-found.nix @@ -1,3 +1,4 @@ { + # TODO programs.command-not-found.enable = false; } diff --git a/common/nix-index-database.nix b/common/nix-index-database.nix new file mode 100644 index 0000000..c8b6d0d --- /dev/null +++ b/common/nix-index-database.nix @@ -0,0 +1,5 @@ +{inputs, ...}: { + imports = [ + inputs.nix-index-database.nixosModules.nix-index + ]; +} diff --git a/common/nix.nix b/common/nix.nix index f435fe5..fe2be20 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -18,6 +18,8 @@ "flakes" ]; auto-optimise-store = true; + flake-registry = ""; + use-xdg-base-directories = true; }; }; diff --git a/common/tailscale.nix b/common/tailscale.nix new file mode 100644 index 0000000..12922dd --- /dev/null +++ b/common/tailscale.nix @@ -0,0 +1,14 @@ +{config, ...}: { + services.tailscale = { + enable = true; + openFirewall = true; + }; + + networking.firewall = { + trustedInterfaces = [ + config.services.tailscale.interfaceName + ]; + # Required to connect to Tailscale exit nodes + checkReversePath = "loose"; + }; +} diff --git a/flake.lock b/flake.lock index ddfe614..c35d882 100644 --- a/flake.lock +++ b/flake.lock @@ -95,11 +95,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1741348424, - "narHash": "sha256-nPwbJpX8AxmzbgRd2m6KHIbyN1xavq1BaBdJzO/lkW0=", + "lastModified": 1742659231, + "narHash": "sha256-7bvafmxXeRfoAtWSJeTFmHlCHMte0cZecGE/BvvgyqE=", "owner": "cachix", "repo": "devenv", - "rev": "8f8c96bb1e0c6a59a97592328dc61b9fdbe7474b", + "rev": "c651cb04013be972767aaecb3e9a98fc930d080e", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1742631601, + "narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "380ed15bcd6440606c6856db44a99140d422b46f", "type": "github" }, "original": { @@ -425,11 +425,11 @@ ] }, "locked": { - "lastModified": 1734114420, - "narHash": "sha256-n52PUzub5jZWc8nI/sR7UICOheU8rNA+YZ73YaHeCBg=", + "lastModified": 1741798497, + "narHash": "sha256-E3j+3MoY8Y96mG1dUIiLFm2tZmNbRvSiyN7CrSKuAVg=", "owner": "domenkozar", "repo": "nix", - "rev": "bde6a1a0d1f2af86caa4d20d23eca019f3d57eee", + "rev": "f3f44b2baaf6c4c6e179de8cbb1cc6db031083cd", "type": "github" }, "original": { @@ -439,6 +439,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nixos-cosmic": { "inputs": { "flake-compat": "flake-compat_3", @@ -446,11 +466,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1741532023, - "narHash": "sha256-wPoRT99r7dMQiXWzDe9v/2OSXOmGOWad/0q9norshvs=", + "lastModified": 1742641703, + "narHash": "sha256-hoN8blvJco8OSZmPj8izwQaQUdydVi+5FO4/nWd1MNU=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "364761eb5ba3f1514446b6a0eb8e8651c5bc4c67", + "rev": "216557e6cd229dbe7d73a497c227824a3c579cd7", "type": "github" }, "original": { @@ -508,11 +528,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1742512142, + "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", "type": "github" }, "original": { @@ -588,11 +608,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1741379970, - "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -604,11 +624,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1741310760, - "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", + "lastModified": 1742578646, + "narHash": "sha256-GiQ40ndXRnmmbDZvuv762vS+gew1uDpFwOfgJ8tLiEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "de0fe301211c267807afd11b12613f5511ff7433", + "rev": "94c4dbe77c0740ebba36c173672ca15a7926c993", "type": "github" }, "original": { @@ -625,11 +645,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1741496686, - "narHash": "sha256-dJJ6n2w4OIemUWwfOy3yufKhggE0ncNOklbKgfa8CRY=", + "lastModified": 1742730186, + "narHash": "sha256-LSAS036RA4iXtJNBzdiOayHQ3ZUrLlgi//jqwsuqqv4=", "owner": "fossar", "repo": "nix-phps", - "rev": "f40909d5223656db01879d3325a8306883bcc668", + "rev": "032d917f90ac19899915bfc528ebf9ae7a58e53f", "type": "github" }, "original": { @@ -674,6 +694,7 @@ "flatpak": "flatpak", "hardware": "hardware", "lanzaboote": "lanzaboote", + "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", "nixpkgs": [ "nixos-cosmic", diff --git a/flake.nix b/flake.nix index 305c8e7..fc35944 100644 --- a/flake.nix +++ b/flake.nix @@ -4,18 +4,22 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; - hardware.url = "github:NixOS/nixos-hardware"; - agenix.url = "github:ryantm/agenix"; devenv-root = { url = "file+file:///dev/null"; flake = false; }; devenv.url = "github:cachix/devenv"; + hardware.url = "github:NixOS/nixos-hardware"; + agenix.url = "github:ryantm/agenix"; phps.url = "github:fossar/nix-phps"; lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; flatpak.url = "github:gmodena/nix-flatpak?ref=latest"; nixpkgs.follows = "nixos-cosmic/nixpkgs"; nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -40,13 +44,14 @@ perSystem = { pkgs, inputs', + lib, ... }: { devenv.shells.default = { devenv.root = let devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath; in - self.lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; + lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; name = "puter"; @@ -59,7 +64,7 @@ ]; }; - packages = self.lib.packagesFromDirectoryRecursive { + packages = lib.packagesFromDirectoryRecursive { inherit (pkgs) callPackage; directory = ./packages; }; diff --git a/hosts/kiosk/insomniac/librewolf.nix b/hosts/headful/flamingo/libreoffice.nix similarity index 53% rename from hosts/kiosk/insomniac/librewolf.nix rename to hosts/headful/flamingo/libreoffice.nix index 229aa0a..fd1b44d 100644 --- a/hosts/kiosk/insomniac/librewolf.nix +++ b/hosts/headful/flamingo/libreoffice.nix @@ -1,5 +1,5 @@ { services.flatpak.packages = [ - "io.gitlab.librewolf-community" + "org.libreoffice.LibreOffice" ]; } diff --git a/hosts/headful/flamingo/mpv.nix b/hosts/headful/flamingo/mpv.nix new file mode 100644 index 0000000..24250ff --- /dev/null +++ b/hosts/headful/flamingo/mpv.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.mpv.Mpv" + ]; +} diff --git a/hosts/headful/flamingo/spotify.nix b/hosts/headful/flamingo/spotify.nix new file mode 100644 index 0000000..79817b7 --- /dev/null +++ b/hosts/headful/flamingo/spotify.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "com.spotify.Client" + ]; +} diff --git a/hosts/headful/glacier/gimp.nix b/hosts/headful/glacier/gimp.nix new file mode 100644 index 0000000..468fc89 --- /dev/null +++ b/hosts/headful/glacier/gimp.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.gimp.GIMP" + ]; +} diff --git a/hosts/headful/glacier/inkscape.nix b/hosts/headful/glacier/inkscape.nix new file mode 100644 index 0000000..c274256 --- /dev/null +++ b/hosts/headful/glacier/inkscape.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.inkscape.Inkscape" + ]; +} diff --git a/hosts/headful/glacier/libreoffice.nix b/hosts/headful/glacier/libreoffice.nix new file mode 100644 index 0000000..fd1b44d --- /dev/null +++ b/hosts/headful/glacier/libreoffice.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "org.libreoffice.LibreOffice" + ]; +} diff --git a/hosts/headful/glacier/mpv.nix b/hosts/headful/glacier/mpv.nix new file mode 100644 index 0000000..24250ff --- /dev/null +++ b/hosts/headful/glacier/mpv.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.mpv.Mpv" + ]; +} diff --git a/hosts/headful/glacier/steam.nix b/hosts/headful/glacier/steam.nix index e51a6e8..50a8f9f 100644 --- a/hosts/headful/glacier/steam.nix +++ b/hosts/headful/glacier/steam.nix @@ -1,5 +1,6 @@ { services.flatpak.packages = [ "com.valvesoftware.Steam" + "com.github.Matoking.protontricks" ]; } diff --git a/hosts/headful/insomniac/cosmic.nix b/hosts/headful/insomniac/cosmic.nix new file mode 100644 index 0000000..629d9f9 --- /dev/null +++ b/hosts/headful/insomniac/cosmic.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.greetd.settings.initial_session = { + user = config.users.mainUser; + command = '' + ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} + ''; + }; + + environment.cosmic.excludePackages = [ + pkgs.cosmic-store + ]; +} diff --git a/hosts/kiosk/insomniac/dolphin.nix b/hosts/headful/insomniac/dolphin.nix similarity index 100% rename from hosts/kiosk/insomniac/dolphin.nix rename to hosts/headful/insomniac/dolphin.nix diff --git a/hosts/kiosk/insomniac/filesystems.nix b/hosts/headful/insomniac/filesystems.nix similarity index 100% rename from hosts/kiosk/insomniac/filesystems.nix rename to hosts/headful/insomniac/filesystems.nix diff --git a/hosts/headful/insomniac/flatpak.nix b/hosts/headful/insomniac/flatpak.nix new file mode 100644 index 0000000..9976199 --- /dev/null +++ b/hosts/headful/insomniac/flatpak.nix @@ -0,0 +1,6 @@ +{ + services.flatpak.update.auto = { + enable = true; + onCalendar = "weekly"; + }; +} diff --git a/hosts/kiosk/insomniac/freetube.nix b/hosts/headful/insomniac/freetube.nix similarity index 100% rename from hosts/kiosk/insomniac/freetube.nix rename to hosts/headful/insomniac/freetube.nix diff --git a/hosts/kiosk/insomniac/hardware.nix b/hosts/headful/insomniac/hardware.nix similarity index 100% rename from hosts/kiosk/insomniac/hardware.nix rename to hosts/headful/insomniac/hardware.nix diff --git a/hosts/kiosk/insomniac/rmg.nix b/hosts/headful/insomniac/rmg.nix similarity index 100% rename from hosts/kiosk/insomniac/rmg.nix rename to hosts/headful/insomniac/rmg.nix diff --git a/hosts/headful/insomniac/spotify.nix b/hosts/headful/insomniac/spotify.nix new file mode 100644 index 0000000..79817b7 --- /dev/null +++ b/hosts/headful/insomniac/spotify.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "com.spotify.Client" + ]; +} diff --git a/hosts/kiosk/insomniac/steam.nix b/hosts/headful/insomniac/steam.nix similarity index 100% rename from hosts/kiosk/insomniac/steam.nix rename to hosts/headful/insomniac/steam.nix diff --git a/hosts/kiosk/insomniac/system.nix b/hosts/headful/insomniac/system.nix similarity index 100% rename from hosts/kiosk/insomniac/system.nix rename to hosts/headful/insomniac/system.nix diff --git a/hosts/kiosk/insomniac/users.nix b/hosts/headful/insomniac/users.nix similarity index 100% rename from hosts/kiosk/insomniac/users.nix rename to hosts/headful/insomniac/users.nix diff --git a/hosts/headful/work/spotify.nix b/hosts/headful/work/spotify.nix new file mode 100644 index 0000000..79817b7 --- /dev/null +++ b/hosts/headful/work/spotify.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "com.spotify.Client" + ]; +} diff --git a/hosts/headless/abacus/domains.nix b/hosts/headless/abacus/domains.nix new file mode 100644 index 0000000..89658b5 --- /dev/null +++ b/hosts/headless/abacus/domains.nix @@ -0,0 +1,14 @@ +{lib, ...}: let + inherit (lib) types; +in { + options.networking.domains = lib.mkOption { + description = "Domains."; + type = types.attrsOf types.str; + default = {}; + }; + + config.networking.domains = { + wrz = "wrz.one"; + helvetica = "helveticanonstandard.net"; + }; +} diff --git a/hosts/headless/abacus/forgejo.nix b/hosts/headless/abacus/forgejo.nix index f6fdcc4..c52d7d2 100644 --- a/hosts/headless/abacus/forgejo.nix +++ b/hosts/headless/abacus/forgejo.nix @@ -3,8 +3,7 @@ lib, ... }: let - inherit (config.networking) domain; - virtualHostName = "tea.${domain}"; + virtualHostName = "tea.wrz.one"; in { age.secrets = lib.mkSecrets { forgejo-mailer = { @@ -43,8 +42,8 @@ in { mailer = { ENABLED = true; SMTP_ADDR = "smtp.fastmail.com"; - FROM = "tea@${domain}"; - USER = "lukas@${domain}"; + FROM = "tea@wrz.one"; + USER = "lukas@wrz.one"; }; }; secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path; @@ -53,6 +52,7 @@ in { systemd.services.forgejo.preStart = let forgejo = lib.getExe config.services.forgejo.package; passwordFile = config.age.secrets.forgejo-admin.path; + # TODO user = "lukas"; email = "lukas@wrz.one"; in '' @@ -78,10 +78,8 @@ in { ''; locations."/".proxyPass = let - inherit (config.services.forgejo.settings.server) HTTP_ADDR HTTP_PORT; - in "http://${lib.formatHostPort { - host = HTTP_ADDR; - port = HTTP_PORT; - }}"; + host = config.services.forgejo.settings.server.HTTP_ADDR; + port = builtins.toString config.services.forgejo.settings.server.HTTP_PORT; + in "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/headscale.nix b/hosts/headless/abacus/headscale.nix index 3306e15..19b0a00 100644 --- a/hosts/headless/abacus/headscale.nix +++ b/hosts/headless/abacus/headscale.nix @@ -1,9 +1,23 @@ -{ - services.headscale = { - enable = true; - address = "127.0.0.1"; - port = 3122; # TODO - settings = { - }; - }; -} +# {config, ...}: let +# virtualHostName = ""; +# in { +# services.headscale = { +# enable = true; +# address = "127.0.0.1"; +# port = 8070; +# server_url = "https://${virtualHostName}"; +# settings = { +# logtail.enabled = false; +# }; +# }; +# +# services.nginx.virtualHosts.${virtualHostName} = { +# forceSSL = true; +# enableACME = true; +# locations."/" = { +# proxyPass = "http://localhost:${toString config.services.headscale.port}"; +# proxyWebsockets = true; +# }; +# }; +# } +{} diff --git a/hosts/headless/abacus/microbin.nix b/hosts/headless/abacus/microbin.nix index b5cdc48..d6274ff 100644 --- a/hosts/headless/abacus/microbin.nix +++ b/hosts/headless/abacus/microbin.nix @@ -1,3 +1,4 @@ +# TODO: use another service for this { config, lib, @@ -41,9 +42,9 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://${lib.formatHostPort { + locations."/".proxyPass = let host = config.services.microbin.settings.MICROBIN_BIND; - port = config.services.microbin.settings.MICROBIN_PORT; - }}"; + port = builtins.toString config.services.microbin.settings.MICROBIN_PORT; + in "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/miniflux.nix b/hosts/headless/abacus/miniflux.nix index 2e7788a..6534c59 100644 --- a/hosts/headless/abacus/miniflux.nix +++ b/hosts/headless/abacus/miniflux.nix @@ -1,3 +1,4 @@ +# TODO: is this bloat { config, lib, diff --git a/hosts/headless/abacus/navidrome.nix b/hosts/headless/abacus/navidrome.nix index 1c3f35f..6c4b1e5 100644 --- a/hosts/headless/abacus/navidrome.nix +++ b/hosts/headless/abacus/navidrome.nix @@ -1,10 +1,5 @@ -{ - config, - lib, - ... -}: let - inherit (config.networking) domain; - virtualHostName = "navi.${domain}"; +{config, ...}: let + virtualHostName = "navidrome.helveticanonstandard.net"; in { services.navidrome = { enable = true; @@ -19,9 +14,9 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://${lib.formatHostPort { + locations."/".proxyPass = let host = config.services.navidrome.settings.Address; - port = config.services.navidrome.settings.Port; - }}"; + port = builtins.toString config.services.navidrome.settings.Port; + in "http://${host}:${port}"; }; } diff --git a/hosts/headless/abacus/nginx.nix b/hosts/headless/abacus/nginx.nix index dd9bc60..d4a8656 100644 --- a/hosts/headless/abacus/nginx.nix +++ b/hosts/headless/abacus/nginx.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{ services.nginx = { enable = true; @@ -12,11 +12,19 @@ access_log /var/log/nginx/access.log; ''; - virtualHosts."~.*" = { - default = true; - rejectSSL = true; + virtualHosts = let + matchAll = ''~.*''; + matchWww = ''~^www\.(?.+)$''; + in { + # Redirect anything that doesn't match any server name to networking.domain + ${matchAll} = { + default = true; + rejectSSL = true; - globalRedirect = config.networking.domain; + globalRedirect = "wrz.one"; + }; + # Redirect www to non-www + ${matchWww}.globalRedirect = "$domain"; }; }; } diff --git a/hosts/headless/abacus/static.nix b/hosts/headless/abacus/static-sites.nix similarity index 83% rename from hosts/headless/abacus/static.nix rename to hosts/headless/abacus/static-sites.nix index cd5ae05..4e0deda 100644 --- a/hosts/headless/abacus/static.nix +++ b/hosts/headless/abacus/static-sites.nix @@ -3,14 +3,14 @@ lib, ... }: let - inherit (config.networking) domain; parent = "/var/www"; sites = [ - domain - "log.${domain}" + "wrz.one" + "helveticanonstandard.net" ]; in - lib.mkMerge (map ( + lib.mkMerge ( + map ( virtualHostName: let root = "${parent}/${virtualHostName}"; in { @@ -28,4 +28,5 @@ in }; } ) - sites) + sites + ) diff --git a/hosts/headless/abacus/vaultwarden.nix b/hosts/headless/abacus/vaultwarden.nix index a58e7a1..bd3bf96 100644 --- a/hosts/headless/abacus/vaultwarden.nix +++ b/hosts/headless/abacus/vaultwarden.nix @@ -3,8 +3,7 @@ lib, ... }: let - inherit (config.networking) domain; - virtualHostName = "vault.${domain}"; + virtualHostName = "vault.wrz.one"; backupDir = "/srv/backup/vaultwarden"; in { age.secrets = lib.mkSecrets {vaultwarden = {};}; @@ -38,10 +37,10 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://${lib.formatHostPort { + proxyPass = let host = config.services.vaultwarden.config.ROCKET_ADDRESS; - port = config.services.vaultwarden.config.ROCKET_PORT; - }}"; + port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; + in "http://${host}:${port}"; proxyWebsockets = true; }; }; diff --git a/hosts/headless/vessel/syncthing.nix b/hosts/headless/vessel/syncthing.nix index f430f0d..b184a4b 100644 --- a/hosts/headless/vessel/syncthing.nix +++ b/hosts/headless/vessel/syncthing.nix @@ -1,14 +1,15 @@ -{lib, ...}: let +# TODO: unify syncthing.nix files +let guiPort = 8384; in { services.syncthing = { enable = true; systemService = true; openDefaultPorts = true; - guiAddress = lib.formatHostPort { + guiAddress = let host = "0.0.0.0"; - port = guiPort; - }; + port = builtins.toString guiPort; + in "${host}:${port}"; }; networking.firewall.allowedTCPPorts = [guiPort]; diff --git a/lib.nix b/lib.nix index 9374f57..c9acc8a 100644 --- a/lib.nix +++ b/lib.nix @@ -15,11 +15,6 @@ lib: _: { (lib.mkIf (!condition) falseContent) ]; - formatHostPort = { - host, - port, - }: "${host}:${builtins.toString port}"; - mkSecrets = secrets: let mkSecret = { name,