swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 21:29:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-03-05 23:09:50 +01:00
parent c1a5cfa20c
commit 2ea5b9c764
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
25 changed files with 1527 additions and 1270 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/home/common/anki.nix
View file

@ -18,7 +18,7 @@ in
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;

4
modules/home/common/programs.nix
View file

@ -87,5 +87,9 @@
];
};
};
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
};
}

8
modules/home/optional/work.nix
View file

@ -21,7 +21,10 @@ in
prometheus.cli
tigervnc
# openstackclient
step-cli
vscode-fhs
copilot-cli
antigravity
@ -145,7 +148,7 @@ in
programs =
let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in
{
openstackclient = {
@ -166,7 +169,8 @@ in
# };
# };
};
git.settings.user.email = lib.mkForce gitMail;
# this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = {
shellAliases = {

40
modules/nixos/client/nix-ld.nix
View file

@ -86,26 +86,26 @@
systemd
tbb
vulkan-loader
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libxcb
xorg.libxshmfence
libice
libsm
libx11
libxscrnsaver
libxcomposite
libxcursor
libxdamage
libxext
libxfixes
libxft
libxi
libxinerama
libxmu
libxrandr
libxrender
libxt
libxtst
libxxf86vm
libxcb
libxshmfence
zlib
];
};

1
modules/nixos/client/packages.nix
View file

@ -16,6 +16,7 @@
pcsc-tools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -29,6 +29,8 @@ in
github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki {
anki-user = { owner = mainUser; };
anki-pw = { owner = mainUser; };

40
modules/nixos/server/kanidm.nix
View file

@ -110,7 +110,7 @@ in
};
script = ''
set -eu
set -eu
${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
@ -205,23 +205,27 @@ in
services = {
${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8;
enableServer = true;
serverSettings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
tls_chain = certPathBase;
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
package = pkgs.kanidmWithSecretProvisioning_1_9;
server = {
enable = true;
settings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
tls_chain = certPathBase;
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
};
};
enableClient = true;
clientSettings = {
uri = config.services.kanidm.serverSettings.origin;
verify_ca = true;
verify_hostnames = true;
client = {
enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true;
verify_hostnames = true;
};
};
provision = {
enable = true;
@ -416,7 +420,7 @@ in
nodes =
let
extraConfig = ''
allow ${globals.networks.home-lan.vlans.services.cidrv4};
allow ${globals.networks.home-lan.vlans.services.cidrv4};
allow ${globals.networks.home-lan.vlans.services.cidrv6};
'';
in

5
modules/nixos/server/kavita.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
@ -8,9 +8,6 @@ in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = {
persistentIds.kavita = confLib.mkIds 995;

8
modules/nixos/server/mailserver.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
baseDomain = globals.domains.main;
@ -127,7 +127,7 @@ in
};
# the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
virtualHosts = {
@ -158,8 +158,8 @@ in
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
};
};

4
modules/nixos/server/monitoring.nix
View file

@ -124,7 +124,9 @@ in
analytics.reporting_enabled = false;
users.allow_sign_up = false;
security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}";
# admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true;
disable_gravatar = true;
};

1
modules/nixos/server/navidrome.nix
View file

@ -82,7 +82,6 @@ in
services.${serviceName} = {
enable = true;
# openFirewall = true;
settings = {
LogLevel = "debug";
Address = "0.0.0.0";

2
modules/nixos/server/nextcloud.nix
View file

@ -5,7 +5,7 @@ let
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32";
nextcloudVersion = "33";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";

5
modules/nixos/server/paperless.nix
View file

@ -104,6 +104,7 @@ in
gotenberg = {
enable = true;
package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort;
bindIP = "127.0.0.1";
timeout = "600s";
@ -114,7 +115,7 @@ in
# Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS
systemd.services.paperless-web.script = lib.mkBefore ''
oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
--compact-output \
@ -125,7 +126,7 @@ in
nodes =
let
extraConfigLoc = ''
proxy_connect_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;

57
modules/shared/vars.nix
View file

@ -1,14 +1,17 @@
{ self, lib, pkgs, ... }:
{ self, pkgs, ... }:
{
_module.args = {
vars = rec {
waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
waylandExports =
@ -94,28 +97,28 @@
noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
# (buildFirefoxXpiAddon {
# pname = "shortkeys";
# version = "4.0.2";
# addonId = "Shortkeys@Shortkeys.com";
# url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
# sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
# meta = with lib;
# {
# description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
# mozPermissions = [
# "tabs"
# "downloads"
# "clipboardWrite"
# "browsingData"
# "storage"
# "bookmarks"
# "sessions"
# "<all_urls>"
# ];
# platforms = platforms.all;
# };
# })
];
};