diff options
author | Azat Bahawi <azat@bahawi.net> | 2022-11-10 14:19:19 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2022-11-10 14:19:19 +0300 |
commit | 164b2b3f693dd5da3c1b1661e43c45b36a6b764c (patch) | |
tree | 2fc9a4ab1d3b44a3eb6d686b42527a18411c240b /modules | |
parent | 2022-10-26 (diff) |
2022-11-10
Diffstat (limited to '')
30 files changed, 262 insertions, 175 deletions
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix index e6564fb..871b0c4 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixfiles/alertmanager.nix @@ -26,8 +26,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://alertmanager"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://alertmanager"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/aria2.nix b/modules/nixfiles/aria2.nix index a9b5d42..9e72176 100644 --- a/modules/nixfiles/aria2.nix +++ b/modules/nixfiles/aria2.nix @@ -11,37 +11,26 @@ in { mkEnableOption "aria2"; config = mkIf cfg.enable { - hm = { - programs.aria2 = { - enable = true; + hm.programs.aria2 = { + enable = true; - settings = { - bt-max-peers = 128; - bt-save-metadata = true; - continue = true; - enable-dht = true; - enable-peer-exchange = true; - enable-rpc = false; - follow-torrent = true; - log-level = "info"; - max-connection-per-server = 16; - max-overall-upload-limit = "1K"; - max-tries = 5; - max-upload-limit = "1K"; - seed-ratio = 0.1; - seed-time = 0.1; - stream-piece-selector = "default"; - timeout = 60; - }; - }; - - xdg.desktopEntries.aria2c = { - name = "aria2"; - genericName = "Download Manager"; - exec = "${pkgs.aria2}/bin/aria2c"; - terminal = true; - categories = ["Application" "Network"]; - mimeType = ["application/x-bittorrent" "x-scheme-handler/magnet"]; + settings = { + bt-max-peers = 128; + bt-save-metadata = true; + continue = true; + enable-dht = true; + enable-peer-exchange = true; + enable-rpc = false; + follow-torrent = true; + log-level = "info"; + max-connection-per-server = 16; + max-overall-upload-limit = "1K"; + max-tries = 5; + max-upload-limit = "1K"; + seed-ratio = 0.1; + seed-time = 0.1; + stream-piece-selector = "default"; + timeout = 60; }; }; }; diff --git a/modules/nixfiles/beets.nix b/modules/nixfiles/beets.nix index 6b1e227..83cbff1 100644 --- a/modules/nixfiles/beets.nix +++ b/modules/nixfiles/beets.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hm = let - beetsdir = "${config.hm.xdg.dataHome}/beets"; + beetsdir = "${config.dirs.data}/beets"; in { home.sessionVariables.BEETSDIR = beetsdir; diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 3085797..8512d78 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -13,56 +13,66 @@ with lib; { ''; # TODO Support multiple interfaces and IP addresses. - networking = let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in { - domain = my.domain.shire; + networking = mkMerge [ + { + domain = my.domain.shire; - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - nameservers = mkDefault dns.const.quad9.default; + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; - useDHCP = false; + nameservers = mkDefault dns.const.quad9.default; - # This could potentially break something. - usePredictableInterfaceNames = false; - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + useDHCP = false; - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; + firewall = { + enable = true; - firewall = { - enable = true; + rejectPackets = false; - rejectPackets = false; + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - }; + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + ]; environment = { systemPackages = with pkgs; [myip]; diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index 47cd5c1..f6c75ba 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -98,14 +98,6 @@ with lib; { alejandra = super.alejandra.overrideAttrs (_: _: { patches = [./patches/alejandra-no-ads.patch]; }); - - # https://github.com/NixOS/nixpkgs/pull/192671 - # inherit - # (pkgsPR - # "192671" - # "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=") - # please - # ; } // (with super; let np = nodePackages; @@ -114,6 +106,7 @@ with lib; { css-language-server = np.vscode-css-languageserver-bin; dockerfile-language-server = np.dockerfile-language-server-nodejs; editorconfig = editorconfig-core-c; + go-language-server = gopls; html-language-server = np.vscode-html-languageserver-bin; inherit (np) bash-language-server; inherit (np) vim-language-server; @@ -127,13 +120,24 @@ with lib; { })) agenix.overlay emacs-overlay.overlay - nix-minecraft-servers.overlays.default + # nil.overlays.default + # nix-minecraft-servers.overlays.default nur.overlay - pollymc.overlay + # pollymc.overlay xmonad-ng.overlays.default ]; - system.stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; + system = { + stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; + + extraDependencies = with inputs; [ + nixos-hardware + nixpkgs + nixpkgs-master + nixpkgs-stable + nur + ]; + }; environment = { sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix index 4e0572f..8ed2e99 100644 --- a/modules/nixfiles/common/shell/default.nix +++ b/modules/nixfiles/common/shell/default.nix @@ -70,7 +70,7 @@ with lib; { super.patches ++ [ (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/master/advcpmv-0.9-9.1.patch"; + url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; }) ]; diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index ff0238d..fa72549 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -30,13 +30,13 @@ in { programs.doom-emacs = { enable = true; doomPrivateDir = ./doom; - emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises. + emacsPackage = pkgs.emacs28; # The package is pinned to avoid surprises. extraPackages = with pkgs; [ mu # :email mu4e ]; extraConfig = let - # NOTE gopls will require a Go executable, which must be provided by - # the project's flake. + # NOTE gopls will require the "go" executable which must be provided + # by the project's flake/shell. extraBins = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) # :checkers (spell +aspell) (python3.withPackages (p: @@ -59,8 +59,8 @@ in { gdb # :tools debugger gnuplot # :lang (org +gnuplot) gnutls # doom! + go-language-server # :lang (go +lsp) gomodifytags # :lang go - gopls # :lang (go +lsp) gore # :lang go gotests # :lang go graphviz # :lang (org +roam2) :lang plantuml @@ -92,6 +92,7 @@ in { shellcheck # :lang sh shfmt # :lang sh :editor format sqlite # :lang (org +roam2) :tools lookup + texlab # lang (tex +lsp) texlive.combined.scheme-full # :lang org tex unzip # :tools debugger wordnet # :tools (lookup +dictionary +offline) @@ -104,7 +105,7 @@ in { zstd # :emacs undo ]; in '' - ;; This will integrate packages, which are required by various modules + ;; This will integrate packages which are required by various modules ;; without polluting the user's profile. (setq exec-path (append exec-path '(${ concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins @@ -145,5 +146,10 @@ in { client.enable = true; }; }; + + system.extraDependencies = with inputs; [ + emacs-overlay + nix-doom-emacs + ]; }; } diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index fedd98d..4f2d835 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -170,6 +170,12 @@ :user "azahi/oftc" :pass nixfiles/irc-bouncer-password-f)) +;; (set-irc-server! "hackint" +;; `(:host "shire.me" +;; :port 6667 +;; :user "azahi/hackint" +;; :pass nixfiles/irc-bouncer-password-f)) + (set-irc-server! "rizon" `(:host "shire.me" :port 6667 diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index 8642b6f..6f4d327 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -207,7 +207,20 @@ in { }; }; }; - "2000".enable = true; + "2000" = { + enable = true; + "2022" = { + enable = true; + "media.eme.enabled" = { + enable = true; + value = false; + }; + "browser.eme.ui.enabled" = { + enable = true; + value = false; + }; + }; + }; "2400".enable = false; "2600" = { enable = true; @@ -276,5 +289,7 @@ in { }; services.psd.enable = true; + + system.extraDependencies = [inputs.arkenfox-nixos]; }; } diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css index 1440c1a..9b2dd4e 100644 --- a/modules/nixfiles/firefox/userContent.css +++ b/modules/nixfiles/firefox/userContent.css @@ -16,22 +16,33 @@ } } -@-moz-document regexp("https?:\/\/(.*.)?gitlab(\..*)?\.(com|org).*") { +@-moz-document regexp("https?://(www)?yandex\.(com|ru)/search/.*") +{ + #search-result-aside, + .RelatedAbove { + display: none !important; + } +} + +@-moz-document regexp("https?://(.*.)?gitlab(\..*)?\.(com|org).*") +{ code { font-family: var(--monospace-font-family) !important; font-size: var(--monospace-font-size) !important; } } -@-moz-document regexp("https?:\/\/(.*\.)?github.com.*") { +@-moz-document regexp("https?://(.*\.)?github.com.*") +{ #org-repo-pin-select-menu, #sponsor-button, - .btn.ml-2.d-none.d-md-block, /* Go to file button */ + .btn.ml-2.d-none.d-md-block, /* "Go to file" button. */ .dropdown-divider, .footer, .octicon.octicon-info, .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ .starring-container, + .user-following-container, .user-profile-link, .user-status-circle-badge-container, .user-status-container, @@ -60,13 +71,15 @@ } } -@-moz-document regexp("https?:\/\/github.com/?") { +@-moz-document regexp("https?://github.com/?") +{ .application-main { display: none !important; } } -@-moz-document regexp("https?:\/\/.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com\/questions\/.*") { +@-moz-document regexp("https?://.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com/questions/.*") +{ html, body { --ff-mono: var(--monospace-font-family) !important; @@ -109,7 +122,8 @@ } } -@-moz-document regexp("https?:\/\/kubernetes\.io\/docs\/.*") { +@-moz-document regexp("https?://kubernetes\.io/docs/.*") +{ .announcement, .announcement-main, .d-none { @@ -117,19 +131,22 @@ } } -@-moz-document regexp("https?:\/\/min\.io\/docs\/.*") { +@-moz-document regexp("https?://min\.io/docs/.*") +{ #cookie { display: none !important; } } -@-moz-document regexp("https?:\/\/werf\.io\/documentation\/.*") { +@-moz-document regexp("https?://werf\.io/documentation/.*") +{ .guides-banner { display: none !important; } } -@-moz-document regexp("https?:\/\/habr\.com\/(ru|en)\/(article|company\/.*\/blog|post)\/.*") { +@-moz-document regexp("https?://habr\.com/(ru|en)/(article|company/.*/blog|post)/.*") +{ .Vue-Toastification__container, .tm-article-presenter__footer, .tm-article-presenter__meta, @@ -188,26 +205,30 @@ } } -@-moz-document regexp("https?:\/\/jisho\.org.*") { +@-moz-document regexp("https?://jisho\.org.*") +{ header, footer { display: none !important; } } -@-moz-document regexp("https?:\/\/gog.com.*") { - .galaxy-section-wrapper { +@-moz-document regexp("https?:\/\/gog\.com.*") { + .galaxy-section-wrapper, + footer { display: none !important; } } -@-moz-document regexp("https?:\/\/steamdb\.info.*") { +@-moz-document regexp("https?://steamdb\.info.*") +{ #steamdb-extension-protip { display: none !important; } } -@-moz-document regexp("https?:\/\/\.*\.hh\.ru.*") { +@-moz-document regexp("https?://(.*\.)?hh\.ru.*") +{ .HH-Supernova-Footer, .index-dashboard-applicant__banners, .notification-manager, @@ -217,7 +238,8 @@ } } -@-moz-document regexp("https?:\/\/www\.songsterr\.com.*") { +@-moz-document regexp("https?://www\.songsterr\.com.*") +{ #favorite, #fullscreen, #logo, @@ -229,14 +251,18 @@ #promo, #revisions, #showroom, + #showroom_sidebar, #text-showroom, footer { display: none !important; } } -@-moz-document regexp("https?:\/\/developer\.mozilla\.org.*") { - .main-document-header-container.top-navigation { +@-moz-document regexp("https?://developer\.mozilla\.org.*") +{ + #nav-footer, + .main-document-header-container.top-navigation, + .mdn-cta-container { display: none !important; } @@ -245,7 +271,8 @@ } } -@-moz-document regexp("https?:\/\/(.*\.)?wikipedia\.org\/wiki\/.*") { +@-moz-document regexp("https?://(.*\.)?wikipedia\.org/wiki/.*") +{ #footer, #mp-topbanner, #siteNotice { @@ -253,7 +280,8 @@ } } -@-moz-document regexp("https?:\/\/wikiless\.org\/wiki\/.*") { +@-moz-document regexp("https?://wikiless\.org/wiki/.*") +{ #footer, #mw-navigation, #mw-page-base { diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix index e53f9eb..47279f8 100644 --- a/modules/nixfiles/games/minecraft.nix +++ b/modules/nixfiles/games/minecraft.nix @@ -23,6 +23,8 @@ in { config = mkMerge [ (mkIf cfg.client.enable { hm.home.packages = with pkgs; [pollymc]; + + system.extraDependencies = [inputs.pollymc]; }) (mkIf cfg.server.enable { # Configurations, opslist, whitelist and plugins are managed imperatively. @@ -45,6 +47,8 @@ in { # Defined in /var/lib/minecraft/server.properties. networking.firewall.allowedTCPPorts = [55565]; + + system.extraDependencies = [inputs.nix-minecraft-servers]; }) ]; } diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix index f21a98d..db47bb4 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixfiles/gotify.nix @@ -24,9 +24,11 @@ in { nginx = { enable = true; upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://gotify"; - proxyWebsockets = true; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://gotify"; + proxyWebsockets = true; + }; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix index b98be13..a614502 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixfiles/grafana.nix @@ -49,9 +49,11 @@ in { nginx = { enable = true; upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://grafana"; - proxyWebsockets = true; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://grafana"; + proxyWebsockets = true; + }; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix index f998d6d..0ec64e5 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixfiles/ipfs.nix @@ -157,10 +157,8 @@ in { }; "api.${cfg.domain}" = { # TODO Redirect "/" to "/webui" but keep other endpoints. - locations."/" = { - proxyPass = "http://ipfs_api"; - extraConfig = nginxInternalOnly; - }; + locations."/".proxyPass = "http://ipfs_api"; + extraConfig = nginxInternalOnly; }; }; }; diff --git a/modules/nixfiles/kde.nix b/modules/nixfiles/kde.nix index e22663c..6b20569 100644 --- a/modules/nixfiles/kde.nix +++ b/modules/nixfiles/kde.nix @@ -27,7 +27,12 @@ in { print-manager ]; }; - displayManager.sddm.enable = true; + displayManager = { + sddm.enable = true; + + # NOTE https://github.com/NixOS/nixpkgs/pull/199881 + setupCommands = lib.mkForce ""; + }; }; environment.systemPackages = with pkgs; [pinentry-qt]; diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix index 4d9aab7..1582164 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixfiles/loki.nix @@ -27,8 +27,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain}.locations."/" = { - proxyPass = "http://loki"; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://loki"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/mpd.nix b/modules/nixfiles/mpd.nix index cc542fe..4b49213 100644 --- a/modules/nixfiles/mpd.nix +++ b/modules/nixfiles/mpd.nix @@ -41,7 +41,7 @@ in { enable = true; settings = rec { - ncmpcpp_directory = "${config.hm.xdg.dataHome}/ncmpcpp"; + ncmpcpp_directory = "${config.dirs.data}/ncmpcpp"; lyrics_directory = "${ncmpcpp_directory}/lyrics"; playlist_disable_highlight_delay = 1; diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix index 38fc613..b8ab24d 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixfiles/nginx.nix @@ -43,13 +43,14 @@ in { commonHttpConfig = concatStrings [ '' - add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) (with config.nixfiles.modules.wireguard; '' geo $internal { default 0; 127.0.0.1/32 1; + ::1/128 1; ${ipv4.subnet} 1; ${ipv6.subnet} 1; } diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 27a36bb..14ad007 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -46,14 +46,19 @@ in { shellAliases = let base = "${pkgs.nmap}/bin/nmap -sV"; in { - nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; nmap-vulners = "${base} --script=vulners/vulners.nse"; + nmap-vulscan = "${base} --script=vulscan/vulscan.nse"; }; initExtra = mkAfter '' - _complete_alias nmap-vulscan _nmap nmap _complete_alias nmap-vulners _nmap nmap + _complete_alias nmap-vulscan _nmap nmap ''; }; }; + + system.extraDependencies = with inputs; [ + nmap-vulners + nmap-vulscan + ]; }; } diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix index 0dade8f..f5a7d84 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixfiles/nsd.nix @@ -170,5 +170,7 @@ in { allowedTCPPorts = [53]; allowedUDPPorts = allowedTCPPorts; }; + + system.extraDependencies = [inputs.dns-nix]; }; } diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix index c9e82d7..ef41229 100644 --- a/modules/nixfiles/profiles/dev/containers.nix +++ b/modules/nixfiles/profiles/dev/containers.nix @@ -16,26 +16,18 @@ in { config = mkIf cfg.enable { nixfiles.modules.podman.enable = true; - hm = let - minikubeHome = "${config.dirs.data}/minikube"; - in { + hm = { home = { sessionVariables = { - MINIKUBE_HOME = minikubeHome; - MINIKUBE_IN_STYLE = false; - WERF_DEV = true; - WERF_INSECURE_REGISTRY = true; - WERF_LOG_DEBUG = true; - WERF_LOG_PRETTY = false; - WERF_LOG_VERBOSE = true; + MINIKUBE_HOME = "${config.dirs.config}/minikube"; + MINIKUBE_IN_STYLE = "false"; + WERF_DEV = "true"; + WERF_INSECURE_REGISTRY = "true"; + WERF_LOG_DEBUG = "true"; + WERF_LOG_PRETTY = "false"; + WERF_LOG_VERBOSE = "true"; WERF_SYNCHRONIZATION = ":local"; - WERF_TELEMETRY = false; - }; - - file."${minikubeHome}/config/config.json".text = generators.toJSON {} { - config.Rootless = true; - driver = "podman"; - container-runtime = "cri-o"; + WERF_TELEMETRY = "false"; }; packages = with pkgs; [ @@ -56,6 +48,12 @@ in { ]; }; + xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + programs.bash = { shellAliases = with pkgs; { b = "${buildah}/bin/buildah"; diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index 0563640..f3355b6 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -33,6 +33,18 @@ in { hm = { home.packages = with pkgs; [ + # (openconnect.overrideAttrs (_: super: { + # version = "unstable-2022-10-23"; + # src = pkgs.fetchFromGitLab { + # owner = "openconnect"; + # repo = "openconnect"; + # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; + # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; + # }; + # configureFlags = super.configureFlags ++ [ + # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox" + # ]; + # })) calibre fd imv diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix index 0b0c096..a75c151 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixfiles/prometheus.nix @@ -26,8 +26,8 @@ in { nixfiles.modules.nginx = with cfg; { enable = true; upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain}.locations."/" = { - proxyPass = "http://prometheus"; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://prometheus"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/psd.nix b/modules/nixfiles/psd.nix index e497bcf..77d3c66 100644 --- a/modules/nixfiles/psd.nix +++ b/modules/nixfiles/psd.nix @@ -11,12 +11,12 @@ in { mkEnableOption "Profile Sync Daemon"; config = mkIf cfg.enable { - hm.home = { - file."${config.hm.xdg.configHome}/psd/psd.conf".text = '' + hm = { + home.packages = with pkgs; [profile-sync-daemon]; + + xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" ''; - - packages = with pkgs; [profile-sync-daemon]; }; systemd.user = { diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix index 76f6b49..c903d39 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixfiles/radicale.nix @@ -30,8 +30,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://radicale"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://radicale"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix index 42bb7d0..fef1070 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixfiles/rss-bridge.nix @@ -17,14 +17,15 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx.enable = true; + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; + }; - services = { - rss-bridge = { - enable = true; - virtualHost = cfg.domain; - whitelist = ["LWNprev" "Phoronix"]; - }; + services.rss-bridge = { + enable = true; + virtualHost = cfg.domain; + whitelist = ["*"]; }; }; } diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix index 834e36d..4014a3b 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixfiles/rtorrent.nix @@ -220,20 +220,16 @@ in { virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { - "/" = { - tryFiles = "$uri /index.html"; - extraConfig = nginxInternalOnly; - }; + "/".tryFiles = "$uri /index.html"; "/api" = { proxyPass = "http://flood"; - extraConfig = - nginxInternalOnly - + '' - proxy_buffering off; - proxy_cache off; - ''; + extraConfig = '' + proxy_buffering off; + proxy_cache off; + ''; }; }; + extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix index 24482cc..9462d5d 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixfiles/searx.nix @@ -33,8 +33,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://searx"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://searx"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix index ed51e73..b690ab4 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixfiles/syncthing.nix @@ -119,7 +119,7 @@ in { options = { autoUpgradeIntervalH = 0; crashReportingEnabled = false; - globalAnnounceEnabled = false; # We don't need that with Wireguard. + globalAnnounceEnabled = false; relaysEnabled = false; setLowPriority = this.isHeadless; stunKeepaliveMinS = 0; @@ -135,8 +135,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://syncthing"; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; extraConfig = nginxInternalOnly; }; }; diff --git a/modules/nixfiles/xmonad.nix b/modules/nixfiles/xmonad.nix index da005b2..847110e 100644 --- a/modules/nixfiles/xmonad.nix +++ b/modules/nixfiles/xmonad.nix @@ -1,5 +1,6 @@ { config, + inputs, lib, pkgs, ... @@ -23,5 +24,7 @@ in { }; services.xserver.displayManager.startx.enable = true; + + system.extraDependencies = [inputs.xmonad-ng]; }; } |