Merge branch 'zenix/master' into alpine/master

2025-01-18 00:25:15 +00:00 · 2025-01-18 00:25:15 +00:00 · 2c406b36d3
commit 2c406b36d3
parent 123e7088f5 297c241458
38 changed files with 843 additions and 360 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -11,7 +11,7 @@ in {

  nix = {
    settings = {
-      experimental-features = ["nix-command" "flakes"];
+      experimental-features = ["nix-command" "flakes" "pipe-operators"];
    };
    settings.trusted-users = ["root" user];

@ -42,12 +42,6 @@ in {
      }
    ];
  };
-  networking.hosts = {
-    "100.65.29.110" = ["zenix"];
-    "100.106.241.122" = ["alpine" "tristans.cloud"];
-    "100.71.130.111" = ["fcs-tristan-nixbook"];
-    "100.69.60.83" = ["google-pixel-8"];
-  };

  time.timeZone = lib.mkDefault "Europe/London";

@ -56,7 +50,10 @@ in {
    useXkbConfig = true;
  };

-  services.avahi.enable = true;
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+  };

  i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8";

@ -93,6 +90,11 @@ in {
    unzip
    fzf
    sops
+    lsof
+    nix-tree
+    nix-index
+    nh
+    jq
  ];

  boot.kernel.sysctl = {
--- a/nixos/modules/podman.nix
+++ b/nixos/modules/podman.nix
@ -0,0 +1,87 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib) mkOption types;
+  mkRunCommand = name: {
+    image,
+    command ? "",
+    environment ? {},
+    ports ? [],
+    volumes ? [],
+    envFile ? null,
+    ...
+  }: ''
+    ${pkgs.podman}/bin/podman run \
+      ${toString (builtins.attrValues (builtins.mapAttrs (name: value: "-e ${name}='${value}'") environment))} \
+      ${toString (builtins.map (mapping: "-p ${mapping}") ports)} \
+      ${toString (builtins.map (mapping: "-v ${mapping}") volumes)} \
+      ${
+      if builtins.isNull envFile
+      then ""
+      else "--env-file ${toString envFile}"
+    } \
+      --detach --replace \
+      --name ${name} \
+      ${image} ${command}
+  '';
+  opts = {
+    config,
+    name,
+    ...
+  }: {
+    options = {
+      image = mkOption {
+        type = types.str;
+      };
+      command = mkOption {
+        type = types.str;
+        default = "";
+      };
+      environment = mkOption {
+        type = types.attrsOf types.str;
+        default = {};
+      };
+      ports = mkOption {
+        type = types.listOf types.str;
+        default = [];
+      };
+      volumes = mkOption {
+        type = types.listOf types.str;
+        default = [];
+      };
+      envFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+      };
+    };
+  };
+  mkService = name: config: {
+    enable = true;
+    wants = ["network-online.target"];
+    after = ["network-online.target"];
+    wantedBy = ["default.target"];
+    unitConfig = {
+      RequiresMountsFor = "/run/containers/storage";
+    };
+    serviceConfig = {
+      Environment = "PODMAN_SYSTEMD_UNIT=%n";
+      Restart = "on-failure";
+      TimeoutStopSec = 70;
+      ExecStart = mkRunCommand name config;
+      ExecStop = "${pkgs.podman}/bin/podman stop -t 10 ${name}";
+      ExecStopPost = "${pkgs.podman}/bin/podman stop -t 10 ${name}";
+      Type = "forking";
+    };
+  };
+in {
+  options.podman = mkOption {
+    type = types.attrsOf (types.submodule opts);
+    default = {};
+  };
+  config = {
+    systemd.services = lib.mapAttrs mkService config.podman;
+  };
+}
--- a/nixos/modules/work.nix
+++ b/nixos/modules/work.nix
@ -11,10 +11,13 @@ in {
      # nonfree vscode required for dev containers
      "vscode"
      "steam-run"
+      "postman"
+      "drawio" # the creator had a hissyfit over a negative review: https://github.com/jgraph/drawio/discussions/4623
    ];

  nixpkgs.config.permittedInsecurePackages = [
    "openssl-1.1.1w" # required for mongodb
+    "electron-27.3.11"
  ];

  networking = {
--- a/nixos/programs/cosmic.nix
+++ b/nixos/programs/cosmic.nix
@ -14,7 +14,7 @@
  services.displayManager.cosmic-greeter.enable = true;
  services.system76-scheduler.enable = true;
  home-manager.users.${config.user}.imports = [
-    (import "${inputs.home-manager-cosmic}/modules/programs/cosmic/.")
+    (inputs.hm-cosmic.homeManagerModules.cosmic)
    ../../home/desktop/cosmic/.
  ];
 }
--- a/nixos/programs/gamer.nix
+++ b/nixos/programs/gamer.nix
@ -6,23 +6,23 @@
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "steam"
+      "steam-unwrapped"
      "steam-run"
      "steam-original"
      "osu-lazer"
    ];
  programs.steam = {
    enable = true;
-    extest.enable = true;
-    extraCompatPackages = with pkgs; [
-      proton-ge-bin
-    ];
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
+    gamescopeSession = {
+      enable = true;
+      args = ["-r" "144" "-O" "DP-1" "--rt"];
+    };
+  };
+  programs.gamescope = {
+    enable = true;
+    capSysNice = true;
  };
  programs.gamemode.enable = true;
-  services.monado.enable = true;
-  systemd.user.services.monado.environment = {
-    STEAMVR_LH_ENABLE = "true";
-    XRT_COMPOSITOR_SCALE_PERCENTAGE = "200";
-  };
 }
--- a/nixos/programs/kodi.nix
+++ b/nixos/programs/kodi.nix
@ -0,0 +1,14 @@
+{pkgs, ...}: {
+  services.xserver.desktopManager.kodi = {
+    enable = true;
+    package =
+      pkgs.kodi.withPackages
+      (exts:
+        with exts; [
+          jellyfin
+          steam-launcher
+          joystick
+          youtube
+        ]);
+  };
+}
--- a/nixos/programs/libvertd.nix
+++ b/nixos/programs/libvertd.nix
@ -0,0 +1,13 @@
+{config, ...}: let
+  user = config.user;
+in {
+  users.users.${user}.extraGroups = ["libvirtd" "kvm"];
+  virtualisation.libvirtd = {
+    enable = true;
+    nss = {
+      enable = true;
+      enableGuest = true;
+    };
+  };
+  programs.virt-manager.enable = true;
+}
--- a/nixos/programs/pipewire.nix
+++ b/nixos/programs/pipewire.nix
@ -1,4 +1,4 @@
-{
+{pkgs, ...}: {
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
--- a/nixos/services/arr.nix
+++ b/nixos/services/arr.nix
@ -2,6 +2,12 @@
  inherit (config) sops;
  inherit (sops) templates placeholder;
 in {
+  nixpkgs.config.permittedInsecurePackages = [
+    "aspnetcore-runtime-6.0.36"
+    "aspnetcore-runtime-wrapped-6.0.36"
+    "dotnet-sdk-6.0.428"
+    "dotnet-sdk-wrapped-6.0.428"
+  ];
  users.groups.media = {};
  services.jackett = {
    enable = true;
@ -37,20 +43,21 @@ in {
    ports = ["9091:9091"];
    volumes = [
      "/mnt/storage/downloads:/data"
-      "transmission-config:/config"
+      "/home/tristan/pods/transmission/config:/config"
      "/mnt/storage/media/unsorted:/data/completed"
    ];
    environmentFiles = [ templates."transmission/env".path ];
    environment = {
      PUID = "1000";
      GUID = "1000";
-      SUBNET = "100.0.0.0/8";
+      LOCAL_NETWORK = "100.0.0.0/8";
+    };
+    privileged = true;
+    capabilities = {
+      "NET_ADMIN" = true;
+      "NET_RAW" = true;
+      "MKNOD" = true;
    };
-    extraOptions = builtins.map (cap: "--cap-add=${cap}") [
-      "NET_ADMIN"
-      "NET_RAW"
-      "MKNOD"
-    ];
  };
  sops.secrets = {
    "transmission/auth/OPENVPN_PROVIDER" = {};
--- a/nixos/services/mautrix/whatsapp.nix
+++ b/nixos/services/mautrix/whatsapp.nix
@ -1,12 +1,14 @@
-{config, ...}: {
-  nixpkgs.config.permittedInsecurePackages = [
-    "olm-3.2.16"
-  ];
-
+{config, ...}:
+{
+# TODO: totally borked for some reason. DB migration?
  services.mautrix-whatsapp = {
    enable = true;
    registerToSynapse = true;
    settings = {
+      appservice.database = {
+        type = "sqlite3";
+        uri = "/var/lib/mautrix-whatsapp/mautrix-whatsapp.db";
+      };
      homeserver = {
        address = "http://localhost:8008";
        domain = "tristans.cloud";
--- a/nixos/services/musnix.nix
+++ b/nixos/services/musnix.nix
@ -0,0 +1,24 @@
+{ inputs, user, pkgs, lib, ... }: {
+  imports = [inputs.musnix.nixosModules.musnix];
+  users.users.${user}.extraGroups = ["audio"];
+  musnix = {
+    enable = true;
+    rtcqs.enable = true;
+    kernel.realtime = true;
+  };
+  environment.systemPackages = with pkgs; [
+    ardour
+    musescore
+    muse
+    helm
+    calf
+    qjackctl
+    sfizz
+    tap-plugins
+    x42-plugins
+    x42-gmsynth
+    carla
+    drumgizmo
+    distrho-ports
+  ];
+}
--- a/nixos/services/nextcloud.nix
+++ b/nixos/services/nextcloud.nix
@ -81,17 +81,13 @@ in {
        maps
        previewgenerator
        deck
+        news
        ;
      oidc_login = pkgs.fetchNextcloudApp {
        sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
        license = "agpl3Only";
      };
-      news = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-jH1F/IZItlZEpsfgXhRojiYD6ZEVhsuRvz8Qs0Z3UFI=";
-        url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha9/news.tar.gz";
-        license = "agpl3Only";
-      };
    };
    maxUploadSize = "5G";
  };
--- a/nixos/services/synapse/default.nix
+++ b/nixos/services/synapse/default.nix
@ -86,12 +86,6 @@ in {
    };
  };

-  services.matrix-sliding-sync = {
-    enable = true;
-    environmentFile = templates."synapse/sliding_sync_env".path;
-    settings.SYNCV3_SERVER = "https://${domain}";
-  };
-
  services.nginx.virtualHosts = {
    ${domain} = {
      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
@ -99,7 +93,6 @@ in {
      };
      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
        "m.homeserver".base_url = "https://${fqdn}";
-        "org.matrix.msc3575.proxy"."url" = "https://${fqdn}";
      };
      locations."= /.well-known/matrix/support".extraConfig = mkWellKnown {
        admins = [
@ -112,14 +105,12 @@ in {
      };
      locations."/_matrix".proxyPass = "http://localhost:${toString port}";
      locations."/_synapse/client".proxyPass = "http://localhost:${toString port}";
-      locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://${toString matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
    };
    ${fqdn} = {
      enableACME = true;
      forceSSL = true;
      locations."/_matrix".proxyPass = "http://localhost:${toString port}";
      locations."/_synapse/client".proxyPass = "http://localhost:${toString port}";
-      locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://${toString matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
    };
  };
 }
--- a/nixos/workstation.nix
+++ b/nixos/workstation.nix
@ -13,15 +13,10 @@

  hardware.opentabletdriver.enable = true;

-  programs.nm-applet.enable = true;
-
-  services.printing.enable = true;
-
  services.dbus = {
    enable = true;
    packages = [pkgs.gcr];
  };
-  programs.light.enable = true;
  programs.dconf.enable = true;

  hardware.bluetooth.enable = true;
@ -53,11 +48,12 @@
    };
    targets = {
      gtk.enable = false; # fails to switch with cosmic overriding it (grr)
+      gnome.enable = false;
      grub = {
        useImage = true;
      };
      nixvim = {
-        transparentBackground.main = true;
+        enable = false;
      };
    };
  };
@ -69,7 +65,7 @@
  ];

  fonts.packages = with pkgs; [
-    nerdfonts
+    nerd-fonts.symbols-only
    interalia
  ];