stuff

hosts/headful/flamingo/supersonic.nix

@@ -1,5 +1,5 @@
 {
   services.flatpak.packages = [
-    "com.spotify.Client"
+    "io.github.dweymouth.supersonic"
   ];
 }

hosts/headful/glacier/supersonic.nix

@@ -1,5 +1,5 @@
 {
   services.flatpak.packages = [
-    "com.spotify.Client"
+    "io.github.dweymouth.supersonic"
   ];
 }

hosts/headful/glacier/users.nix

@@ -0,0 +1,8 @@
+{
+  users.users.futura = {
+    description = "Futura";
+    uid = 1001;
+    isNormalUser = true;
+    password = "futura";
+  };
+}

hosts/headful/insomniac/supersonic.nix

@@ -1,5 +1,5 @@
 {
   services.flatpak.packages = [
-    "com.spotify.Client"
+    "io.github.dweymouth.supersonic"
   ];
 }

hosts/headful/work/php.nix

@@ -25,6 +25,7 @@
     xdebug.client_host = localhost
   '';
 
+  # Wrap all PHP versions with the extensions I need and bundle composer
   phps = lib.genAttrs supportedPhps (
     phpName: let
       phpBase = inputs.phps.packages.${pkgs.system}.${phpName};
@@ -47,7 +48,6 @@
         paths = [
           phpWithEnv
           phpWithEnv.packages.composer
-          pkgs.symfony-cli
         ];
       };
     in
@@ -55,12 +55,32 @@
   );
 
   prefix = "/var/lib/phps";
+
+  # Tell Symfony's CLI where it can access the different PHP versions
+  symfony-cli = let
+    package = pkgs.symfony-cli;
+  in
+    pkgs.symlinkJoin {
+      inherit (package) pname version meta;
+
+      paths = [package];
+
+      buildInputs = [pkgs.makeWrapper];
+
+      postBuild = ''
+        wrapProgram $out/bin/${package.meta.mainProgram} \
+          --suffix PATH : ${pkgs.lib.makeBinPath (
+          builtins.attrValues phps
+        )}
+      '';
+    };
 in {
   nix.settings = {
     substituters = ["https://fossar.cachix.org/"];
     trusted-public-keys = ["fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="];
   };
 
+  # Link PHP installations so that PhpStorm knows about them
   systemd.tmpfiles.settings =
     builtins.mapAttrs (name: drv: {
       "${prefix}/${name}"."L+".argument = drv.outPath;
@@ -68,6 +88,8 @@ in {
     phps;
 
   environment.systemPackages = [
-    phps.${selectedPhp}.packages.composer
+    pkgs.jetbrains.phpstorm
+    phps.${selectedPhp}
+    symfony-cli
   ];
 }

hosts/headful/work/phpstorm.nix

@@ -1,5 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = [
-    pkgs.jetbrains.phpstorm
-  ];
-}

hosts/headful/work/plasma.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  services = {
+    desktopManager = {
+      cosmic.enable = lib.mkForce false;
+      plasma6.enable = true;
+    };
+    displayManager = {
+      cosmic-greeter.enable = lib.mkForce false;
+      sddm = {
+        enable = true;
+        wayland.enable = true;
+      };
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.kdePackages.sddm-kcm
+    pkgs.kdePackages.discover
+    pkgs.kdePackages.kate
+  ];
+
+  programs = {
+    kdeconnect.enable = true;
+    partition-manager.enable = true;
+  };
+
+  xdg.portal = {
+    xdgOpenUsePortal = true;
+    extraPortals = [pkgs.xdg-desktop-portal-gtk];
+  };
+}

hosts/headful/work/supersonic.nix

@@ -0,0 +1,5 @@
+{
+  services.flatpak.packages = [
+    "io.github.dweymouth.supersonic"
+  ];
+}

hosts/headful/work/tools.nix

@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+  environment.systemPackages = [
+    pkgs.gnumake
+    pkgs.unzip
+    pkgs.pv
+    pkgs.jq
+    pkgs.mariadb
+    pkgs.openssl
+  ];
+}

hosts/headless/abacus/backup.nix

@@ -12,6 +12,12 @@
     paths = [
       config.services.vaultwarden.backupDir
       config.services.syncthing.dataDir
+      config.services.forgejo.stateDir
+      config.services.postgresqlBackup.location
+      config.services.postgresqlBackup.location
+      # TODO: Add stateDir options for these
+      "/var/lib/headscale"
+      "/var/lib/navidrome"
     ];
     passwordFile = config.age.secrets."restic-${attrName}".path;
     pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];

hosts/headless/abacus/firefox-syncserver.nix

@@ -0,0 +1,37 @@
+# TODO: do this via tailscale?
+# {
+#   config,
+#   lib,
+#   pkgs,
+#   ...
+# }: let
+#   virtualHostName = "syncserver.helveticanonstandard.net";
+# in {
+#   age.secrets = lib.mkSecrets {syncserver = {};};
+#
+#   services.firefox-syncserver = {
+#     enable = true;
+#     secrets = config.age.secrets.syncserver.path;
+#     singleNode = {
+#       enable = true;
+#       hostname = virtualHostName;
+#       url = "https://${virtualHostName}";
+#     };
+#     settings = {
+#       port = 8070;
+#     };
+#   };
+#
+#   services.nginx.virtualHosts.${config.services.firefox-syncserver.singleNode.hostname} = {
+#     enableACME = true;
+#     forceSSL = true;
+#
+#     locations."/".proxyPass = let
+#       host = "127.0.0.1";
+#       port = builtins.toString config.services.firefox-syncserver.settings.port;
+#     in "http://${host}:${port}";
+#   };
+#
+#   services.mysql.package = pkgs.mariadb;
+# }
+{}

hosts/headless/abacus/forgejo.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: let
   virtualHostName = "forgejo.helveticanonstandard.net";
@@ -50,24 +51,26 @@ in {
     secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
   };
 
-  systemd.services.forgejo.preStart = let
-    forgejo = lib.getExe config.services.forgejo.package;
-    passwordFile = config.age.secrets.forgejo-admin.path;
-    user = "helvetica";
-    email = "helvetica@helveticanonstandard.net";
-  in ''
-    if ! \
-      ${forgejo} admin user change-password \
-        --username ${lib.escapeShellArg user} \
-        --password "$(cat -- ${lib.escapeShellArg passwordFile})"
-    then
-      ${forgejo} admin user create \
-        --admin \
-        --email ${lib.escapeShellArg email} \
-        --username ${lib.escapeShellArg user} \
-        --password "$(cat -- ${lib.escapeShellArg passwordFile})"
-    fi
-  '';
+  systemd.services.forgejo.preStart = lib.getExe pkgs.writeShellApplication {
+    name = "forgejo-init-admin";
+    runtimeInputs = [
+      config.services.forgejo.package
+    ];
+    text = let
+      passwordFile = config.age.secrets.forgejo-admin.path;
+    in ''
+      admins=$(admin user list --admin)
+      admins=$((admins - 1))
+
+      if ((admins < 1)); then
+        gitea admin user create \
+          --admin \
+          --email helvetica@helveticanonstandard.net \
+          --username helvetica \
+          --password "$(cat -- ${passwordFile})"
+      fi
+    '';
+  };
 
   services.nginx.virtualHosts.${virtualHostName} = {
     enableACME = true;

hosts/headless/abacus/mariadb.nix

@@ -0,0 +1,10 @@
+# {pkgs, ...}: {
+#   services.mysql.package = pkgs.mariadb;
+#
+#   services.mysqlBackup = {
+#     enable = true;
+#     startAt = "*-*-* 02:00:00";
+#     location = "/srv/backup/postgresql";
+#   };
+# }
+{}

hosts/headless/abacus/mealie.nix

@@ -0,0 +1,23 @@
+{config, ...}: let
+  virtualHostName = "mealie.helveticanonstandard.net";
+in {
+  services.mealie = {
+    enable = true;
+    settings = {
+      BASE_URL = "https://${virtualHostName}";
+      ALLOW_SIGNUP = false;
+    };
+    listenAddress = "127.0.0.1";
+    port = 8040;
+  };
+
+  services.nginx.virtualHosts.${virtualHostName} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/".proxyPass = let
+      host = config.services.mealie.listenAddress;
+      port = builtins.toString config.services.mealie.port;
+    in "http://${host}:${port}";
+  };
+}

hosts/headless/abacus/postgresql.nix

@@ -0,0 +1,8 @@
+{
+  services.postgresqlBackup = {
+    enable = true;
+    startAt = "*-*-* 02:00:00";
+    location = "/srv/backup/postgresql";
+    backupAll = true;
+  };
+}

hosts/headless/vessel/musicomp.nix

@@ -1,9 +1,14 @@
 {
+  inputs,
   self,
   lib,
   pkgs,
   ...
 }: {
+  imports = [
+    inputs.musicomp.nixosModules.default
+  ];
+
   services.musicomp.jobs.main = {
     music = "/srv/music";
     comp = "/srv/compmusic";