diff --git a/base/defaults.nix b/base/defaults.nix index 74e9d01..a3f743d 100644 --- a/base/defaults.nix +++ b/base/defaults.nix @@ -3,28 +3,19 @@ config = lib.mkDefault { i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "us"; - services.xserver.xkb.layout = "us-fruchti"; + services.xserver.layout = "us-fruchti"; services.openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; - X11Forwarding = true; }; }; - programs.command-not-found.enable = true; - - programs.direnv.enable = true; - nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; - services.angrr = { - enable = true; - period = "2weeks"; - }; }; } diff --git a/base/hardware.nix b/base/hardware.nix index bc59584..d7f0905 100644 --- a/base/hardware.nix +++ b/base/hardware.nix @@ -3,8 +3,5 @@ services.udev.extraRules = '' # Keychron C2 function key fix SUBSYSTEMS=="input", ATTRS{name}=="Keychron Keychron C2", RUN+="${pkgs.bash}/bin/bash -c 'echo 0 > /sys/module/hid_apple/parameters/fnmode'" - - # EM8026 thermal printer - SUBSYSTEM=="usb", ATTRS{idVendor}=="28e9", ATTRS{idProduct}=="0289", MODE="0660", GROUP="plugdev" ''; } diff --git a/base/neovim.nix b/base/neovim.nix index 2838321..59fcc51 100644 --- a/base/neovim.nix +++ b/base/neovim.nix @@ -19,7 +19,7 @@ changeColorScheme-vim vim-dispatch vimtex - vim-suda + suda-vim ]; opt = []; }; diff --git a/base/packages.nix b/base/packages.nix index d81347f..a2645ed 100644 --- a/base/packages.nix +++ b/base/packages.nix @@ -1,19 +1,19 @@ { config, pkgs, lib, ... }: { environment.systemPackages = with pkgs; [ + direnv nix-direnv tmux zellij wget rsync - magic-wormhole - git git-lfs + git gnupg file ripgrep fd - htop btop + htop ncdu killall - ranger nnn # joshuto + ranger nnn joshuto hexyl rink @@ -37,7 +37,7 @@ xsel ]; - fonts.packages = with pkgs; [ + fonts.fonts = with pkgs; [ vollkorn alegreya alegreya-sans b612 diff --git a/base/users.nix b/base/users.nix index e6f84cb..298c65c 100644 --- a/base/users.nix +++ b/base/users.nix @@ -24,7 +24,7 @@ in groups = [ "wheel" ]; commands = [ { - command = "/run/current-system/sw/bin/nixos-rebuild"; + command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild *"; options = [ "NOPASSWD" ]; } ]; diff --git a/base/xkb/default.nix b/base/xkb/default.nix index 5c9e6c1..fc97d17 100644 --- a/base/xkb/default.nix +++ b/base/xkb/default.nix @@ -1,6 +1,6 @@ { ... }: { - services.xserver.xkb.extraLayouts = { + services.xserver.extraLayouts = { de-x270 = { description = "DE layout with some small changes for Thinkpad X270"; languages = [ "deu" ]; diff --git a/hosts/Disco.nix b/hosts/Disco.nix index c69a278..09c5437 100644 --- a/hosts/Disco.nix +++ b/hosts/Disco.nix @@ -2,17 +2,16 @@ { imports = [ ./development.nix - ./xfce.nix + ./gnome.nix ./x270.nix ./scanner.nix ./printer.nix - ./clamav.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; console.keyMap = "de"; - services.xserver.xkb.layout = "de-x270"; + services.xserver.layout = "de-x270"; i18n.defaultLocale = "de_DE.UTF-8"; networking.hostName = "Disco"; networking.networkmanager.enable = true; @@ -26,6 +25,7 @@ environment.systemPackages = with pkgs; [ ntfsprogs + direnv nix-direnv tmux zellij helix picocom @@ -43,12 +43,12 @@ rink htop ncmpcpp - cyme usbutils # lsusb etc. - nmap - file exiftool binwalk + usbutils # lsusb etc. + file + binwalk shellcheck - #wine + wine wineWowPackages.stable winePackages.fonts pavucontrol @@ -63,29 +63,22 @@ zathura inkscape - vlc mpv a52dec + vlc gthumb gimp - darktable tenacity - openscad freecad solvespace - dune3d - vscodium marktext - tor-browser + tor-browser-bundle-bin libreoffice-fresh - telegram-desktop signal-desktop + tdesktop horizon-eda - kicad-small - # cura - (pkgs.callPackage ../packages/cura-appimage.nix {}) + cura pulseview nextcloud-client - kdePackages.okular evince ]; programs.evolution = { enable = true; @@ -94,8 +87,6 @@ system.extraDependencies = with pkgs; [ # For various development environments gcc-arm-embedded - pkgsCross.arm-embedded.buildPackages.gcc - pkgsCross.riscv32-embedded.buildPackages.gcc gnumake ]; @@ -113,7 +104,6 @@ exclude_regex = /home/.*/\.mozilla exclude_regex = /home/.*/\.local exclude_regex = /home/.*/\.cargo - exclude_regex = /home/.*/\.rustup exclude_regex = /home/.*/\.texlive.* exclude_regex = /home/.*/\.vscode.* exclude_regex = sync_[0-9a-f]+\.db @@ -122,14 +112,8 @@ programs.steam = { enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - }; - - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -137,7 +121,6 @@ "steam-original" "steam-runtime" "steam-run" - "steam-unwrapped" ]; fileSystems."/windows" = { @@ -185,23 +168,9 @@ ExecStart = lib.mkForce "systemd-inhibit --what=sleep:handle-lid-switch --why='NixOS upgrade' ${updateScript}/bin/nixos-upgrade"; }; }; - services.logind.settings.Login = { - LidSwitchIgnoreInhibited = "no"; - }; - - services.earlyoom = { - enable = true; - enableNotifications = true; - }; - - swapDevices = [{ - device = "/swapfile"; - size = 16 * 1024; - }]; - - environment.variables = { - FREETYPE_PROPERTIES = "cff:no-stem-darkening=0 autofitter:no-stem-darkening=0 type1:no-stem-darkening=0 t1cid:no-stem-darkening=0"; - }; + services.logind.extraConfig = '' + LidSwitchIgnoreInhibited = no + ''; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix index 8f12e6e..5400a99 100644 --- a/hosts/Emitter.nix +++ b/hosts/Emitter.nix @@ -1,12 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: { imports = [ - ./forgejo.nix + ./gitea.nix ./tls_sni.nix ]; boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.device = "/dev/vda"; networking.hostName = "Emitter"; @@ -14,12 +14,12 @@ networking.useDHCP = false; networking = { defaultGateway = { - address = "176.96.139.1"; - interface = "ens18"; + address = "2.59.133.1"; + interface = "ens3"; }; defaultGateway6 = { - address = "2a0d:5940:80:4e::1"; - interface = "ens18"; + address = "2a0d:5940:7::1"; + interface = "ens3"; }; nameservers = [ "9.9.9.10" @@ -27,38 +27,38 @@ "2606:4700:4700::1111" "2001:4860:4860::8888" ]; - interfaces.ens18 = { + interfaces.ens3 = { ipv4 = { addresses = [ { - address = "176.96.139.54"; + address = "2.59.133.12"; prefixLength = 24; } ]; routes = [ { - address = "176.96.139.0"; + address = "2.59.133.0"; prefixLength = 24; - via = "176.96.139.1"; + via = "2.59.133.1"; } ]; }; ipv6 = { addresses = [ { - address = "2a0d:5940:80:4e::2"; + address = "2a0d:5940:7:16f:216:3cff:fe63:9a54"; prefixLength = 64; } { - address = "fe80::4874:40ff:fe38:7a45"; + address = "fe80::216:3cff:fe63:9a54"; prefixLength = 64; } ]; routes = [ { - address = "2a0d:5940:80:4e::2"; + address = "2a0d:5940:7:16f:216:3cff:fe63:9a54"; prefixLength = 64; - via = "2a0d:5940:80:4e::1"; + via = "2a0d:5940:7::1"; } ]; }; @@ -98,12 +98,9 @@ cat > $out/sbin/burp <<-EOF #!/${pkgs.bash}/bin/bash set -e - echo "Ensuring rupert.gvfr.de is up." ${pkgs.dig}/bin/nslookup rupert.gvfr.de - ${pkgs.unixtools.ping}/bin/ping -c2 rupert.gvfr.de - echo "Opening SSH tunnel." - ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true - echo "Beginning backup operation." + ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null + ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true $out/sbin/burp-untunneled \$@ EOF chmod +x $out/sbin/burp @@ -134,39 +131,7 @@ }; serviceConfig = { Restart = "on-failure"; - RestartSec = retryDelay; - # Skip transitions through failed state, i.e. don’t send a e-mail - # before the maximum number of retries is exhausted - RestartMode = "direct"; - }; - }; - - services.postgresql = { - package = pkgs.postgresql_16; - authentication = lib.mkOrder 600 '' - local all postgres peer map=postgres - ''; - }; - - services.goatcounter = { - enable = true; - proxy = true; - }; - - services.nginx = { - commonHttpConfig = '' - log_format combined_realip '$proxy_protocol_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; - log_format combined_vhost escape=none '$host: $remote_addr $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/access.log combined_vhost; - ''; - }; - - services.logrotate = { - enable = true; - settings.nginx = { - frequency = "daily"; - rotate = 14; }; }; diff --git a/hosts/Ernesto.nix b/hosts/Ernesto.nix deleted file mode 100644 index 8b30ea8..0000000 --- a/hosts/Ernesto.nix +++ /dev/null @@ -1,203 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./kde.nix - ./development.nix - ./printer.nix - # ./clamav.nix - ]; - - networking.hostName = "Ernesto"; - - boot.loader.systemd-boot = { - enable = true; - windows = { - "windows" = { - title = "Windows 10"; - efiDeviceHandle = "HD1d65535a3"; - sortKey = "a_windows"; - }; - }; - edk2-uefi-shell = { - enable = true; - sortKey = "z_edk2"; - }; - }; - boot.loader.efi.canTouchEfiVariables = true; - - hardware.bluetooth = { - enable = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - # Bluetooth headsets don’t appear in PulseAudio without this, - # might be a pecularity of the dongle - ControllerMode = "bredr"; - }; - }; - }; - hardware.graphics.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - powerManagement.enable = true; - open = false; - }; - - console.keyMap = "us"; - services.xserver.xkb.layout = "us-fruchti"; - i18n.defaultLocale = "de_DE.UTF-8"; - networking.networkmanager.enable = true; - services.avahi.enable = true; - networking.firewall.allowedTCPPorts = [ 22 ]; - - programs.gnupg.agent = { - enable = true; - # enableSSHSupport = true; - }; - - environment.systemPackages = with pkgs; [ - ntfsprogs - tmux zellij - helix - picocom - wget - texlive.combined.scheme-full - xsel - rsync - ranger nnn w3m - hexyl - git - gnupg - ripgrep - fd - ncdu - rink - htop - ncmpcpp - usbutils # lsusb etc. - dig - nmap - file - binwalk - ffmpeg - shellcheck - - wine - wineWowPackages.stable - winePackages.fonts - pavucontrol - xsensors - - kitty - kitty-themes - - firefox - ungoogled-chromium - thunderbird - - zathura - inkscape - vlc mpv a52dec - gthumb - gimp - darktable - tenacity - - openscad - freecad - solvespace - dune3d - - vscodium - marktext - tor-browser - libreoffice-fresh - telegram-desktop signal-desktop - horizon-eda - kicad-small - pulseview - ghidra - nextcloud-client - ]; - - services.burp.client = { - enable = true; - server = "rupert"; - includes = [ - "/etc/nixos" - "/home" - "/data" - "/windows/Users" - "/shared" - ]; - passwordFile = "/secrets/burp_client_password"; - sslKeyPasswordFile = "/secrets/burp_ssl_key_password"; - encryptionPasswordFile = "/secrets/burp_encryption_password"; - extraConfig = '' - working_dir_recovery_method = resume - max_resume_attempts = 5 - exclude_regex = /home/.*/\.cache - exclude_regex = /home/.*/\.mozilla - exclude_regex = /home/.*/\.local - exclude_regex = /home/.*/\.cargo - exclude_regex = /home/.*/\.texlive.* - exclude_regex = /home/.*/\.vscode.* - exclude_regex = sync_[0-9a-f]+\.db - exclude_regex = \.fuse_hidden.* - ''; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-runtime" - "steam-run" - "steam-unwrapped" - "nvidia-x11" - "nvidia-settings" - ]; - - fileSystems = { - "/windows" = { - device = "/dev/disk/by-uuid/7692527592523A37"; - fsType = "ntfs"; - options = [ - "defaults" - "gid=1010" - "umask=002" - ]; - }; - "/data" = { - device = "/dev/disk/by-uuid/6b063b1a-8f80-430e-8ecb-83f1d4087e4c"; - fsType = "btrfs"; - }; - "/shared" = { - device = "/dev/disk/by-uuid/15D9B1070A5041E1"; - fsType = "ntfs"; - options = [ - "defaults" - "gid=1010" - "umask=002" - ]; - }; - }; - - users.extraGroups = { - windows = { - gid = 1010; - members = [ "fruchti" ]; - }; - }; - - services.earlyoom = { - enable = true; - enableNotifications = true; - }; -} diff --git a/hosts/Rupert.nix b/hosts/Rupert.nix index 54e83af..f1e8896 100644 --- a/hosts/Rupert.nix +++ b/hosts/Rupert.nix @@ -14,44 +14,13 @@ in ./development.nix ./bspwm.nix - # ../migrations/pgsql_upgrade.nix - ]; - - nixpkgs.overlays = let - libbluray = pkgs.libbluray.override { - withAACS = true; - withBDplus = true; - }; - in - [ - ( - self: super: { - vlc = super.vlc.override { inherit libbluray; }; - } - ) + # ./open-pgsql.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelParams = [ "acpi=force" "reboot=bios" ]; - boot.initrd.kernelModules = [ "i915" ]; - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - intel-vaapi-driver - libvdpau-va-gl - libva-vdpau-driver - ]; - }; - environment.variables = { - VDPAU_DRIVER = "va_gl"; - }; - hardware.cpu.intel.updateMicrocode = true; - networking.hostName = "Rupert"; users.users = { @@ -73,7 +42,6 @@ in environment.systemPackages = with pkgs; [ ntfsprogs - smartmontools texlive.combined.scheme-full ncmpcpp ]; @@ -82,24 +50,12 @@ in enable = true; passwordFile = "/secrets/burp_client_passwords/${config.networking.hostName}"; sslKeyPasswordFile = "/secrets/burp_client_ssl_key_password"; - extraConfig = '' - exclude_regex = /home/.*/\.cache - exclude_regex = /home/.*/\.mozilla - ''; - }; - - services.postgresql = { - package = pkgs.postgresql_16; - authentication = lib.mkOrder 600 '' - local all postgres peer map=postgres - ''; }; # Flatpak services.flatpak.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.enable = true; - xdg.portal.config.common.default = "*"; hardware.bluetooth = { enable = true; @@ -113,12 +69,14 @@ in enableSSHSupport = true; }; + # List services that you want to enable: + + # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { + # ForwardX11 = true; PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - X11Forwarding = true; }; }; @@ -130,6 +88,11 @@ in 4971 # BURP ]; + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + system.autoUpgrade = { enable = true; allowReboot = true; @@ -137,30 +100,10 @@ in gitPull = true; gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration"; gitUser = "fruchti"; - rebootIgnoreUsersActive = [ "waldi" ]; }; # systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ]; - services.smartd = { - enable = true; - autodetect = false; - devices = [ - { - device = "/dev/sda"; - } - { - device = "/dev/sdb"; - } - ]; - notifications.x11.enable = false; - notifications.mail = { - enable = true; - sender = config.email.fromAddress; - recipient = config.email.adminEmail; - mailer = "${pkgs.system-sendmail}/bin/sendmail"; - }; - }; services.btrfsScrub = { enable = true; paths = { @@ -172,23 +115,6 @@ in }; }; }; - services.beesd = { - filesystems = { - "data" = { - spec = "/data"; - hashTableSizeMB = 1024; - verbosity = "alert"; - }; - "backup-disk" = { - spec = "/mnt/backup"; - hashTableSizeMB = 1024; - verbosity = "alert"; - }; - }; - }; - # Don’t start automatically - systemd.services."beesd@backup-disk".wantedBy = lib.mkForce []; - systemd.services."beesd@data".serviceConfig.CPUQuota = "10%"; security.acme = { defaults = { @@ -201,11 +127,6 @@ in SUBSYSTEM=="video4linux", ATTRS{idProduct}=="0002", ATTRS{idVendor}=="1d6b", SYMLINK+="hdmi_capture" ''; - swapDevices = [{ - device = "/swapfile"; - size = 8 * 1024; - }]; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/bspwm.nix b/hosts/bspwm.nix index d32093a..dbf37a4 100644 --- a/hosts/bspwm.nix +++ b/hosts/bspwm.nix @@ -4,14 +4,12 @@ enable = true; windowManager.bspwm.enable = true; displayManager = { + defaultSession = "none+bspwm"; lightdm.enable = true; + autoLogin.enable = true; + autoLogin.user = "waldi"; }; }; - services.displayManager = { - defaultSession = "none+bspwm"; - autoLogin.enable = true; - autoLogin.user = "waldi"; - }; services.unclutter-xfixes = { enable = true; diff --git a/hosts/burp-server.nix b/hosts/burp-server.nix index 334a954..a98fc21 100644 --- a/hosts/burp-server.nix +++ b/hosts/burp-server.nix @@ -19,7 +19,6 @@ "Berthold" "Ernesto" "Emitter" - "Adelheid" ]); superClients = [ config.networking.hostName diff --git a/hosts/clamav.nix b/hosts/clamav.nix deleted file mode 100644 index a6c9c79..0000000 --- a/hosts/clamav.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = [ - pkgs.clamav - ]; - services.clamav.daemon.enable = true; - - services.clamav.updater.enable = true; -} diff --git a/hosts/development.nix b/hosts/development.nix index b929fcd..c801216 100644 --- a/hosts/development.nix +++ b/hosts/development.nix @@ -19,45 +19,23 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", MODE="0660", GROUP="plugdev" # ESP32 devkit USB-serial - SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d3", MODE="0660", GROUP="plugdev" SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d4", MODE="0660", GROUP="plugdev" # Prolific USB-TTL SUBSYSTEM=="tty", ATTRS{idVendor}=="067b", ATTRS{idProduct}=="2303", MODE="0660", GROUP="plugdev" - # BlackMagic Probe - SUBSYSTEM=="tty", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="6017", MODE="0660", GROUP="plugdev" - SUBSYSTEM=="tty", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="6018", MODE="0660", GROUP="plugdev" - SUBSYSTEM=="tty", ACTION=="add", ATTRS{interface}=="Black Magic GDB Server", SYMLINK+="gdbBMP" - SUBSYSTEM=="tty", ACTION=="add", ATTRS{interface}=="Black Magic GDB Server", SYMLINK+="gdbBMP%E{ID_SERIAL_SHORT}" - SUBSYSTEM=="tty", ACTION=="add", ATTRS{interface}=="Black Magic UART Port", SYMLINK+="ttyBMP" - SUBSYSTEM=="tty", ACTION=="add", ATTRS{interface}=="Black Magic UART Port", SYMLINK+="ttyBMP%E{ID_SERIAL_SHORT}" - # OpenBench Logic Sniffer SUBSYSTEM=="tty", ATTRS{idVendor}=="04d8", ATTRS{idProduct}=="fc92", MODE="0660", GROUP="plugdev", SYMLINK+="OpenLogicSniffer" # ST-LINK/V2 SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="0660", GROUP="plugdev" - # ST-LINK/V2.1 - SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="0660", GROUP="plugdev" - - # ST DFU mode - SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0660", GROUP="plugdev" - # WCH-LinkE - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8010", MODE="0660", GROUP="plugdev" - - # Tai-Action CMSIS-DAP Link - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0d28", ATTRS{idProduct}=="0204", MODE="0660", GROUP="plugdev" + SUBSYSTEM=="usb", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8010", MODE="0660", GROUP="plugdev" # Glasgow SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="plugdev" - # Cynthion - SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="615b", MODE="0660", GROUP="plugdev" - SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="615c", MODE="0660", GROUP="plugdev" - # Shared V-USB VID:PID for use with various homebrew stuff ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", MODE="0660", GROUP="plugdev" ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", MODE="0660", GROUP="plugdev" diff --git a/hosts/forgejo-custom/public/assets/css/fonts.css b/hosts/gitea-custom/public/css/fonts.css similarity index 100% rename from hosts/forgejo-custom/public/assets/css/fonts.css rename to hosts/gitea-custom/public/css/fonts.css diff --git a/hosts/forgejo-custom/public/assets/css/jupyter.css b/hosts/gitea-custom/public/css/jupyter.css similarity index 100% rename from hosts/forgejo-custom/public/assets/css/jupyter.css rename to hosts/gitea-custom/public/css/jupyter.css diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.eot b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.eot rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.svg b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.svg rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.ttf b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.ttf rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff2 b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff2 rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-700.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.eot b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.eot rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.svg b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.svg rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.ttf b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.ttf rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff2 b/hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff2 rename to hosts/gitea-custom/public/fonts/fira-code-v21-latin-ext_latin_greek_cyrillic-regular.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.eot b/hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.eot rename to hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.svg b/hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.svg rename to hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.ttf b/hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.ttf rename to hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.woff b/hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.woff rename to hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.woff2 b/hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/hammersmith-one-v17-latin-regular.woff2 rename to hosts/gitea-custom/public/fonts/hammersmith-one-v17-latin-regular.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.eot b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.eot rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.svg b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.svg rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.ttf b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.ttf rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff2 b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff2 rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.eot b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.eot rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.svg b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.svg rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.ttf b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.ttf rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff2 b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff2 rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-700italic.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.eot b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.eot rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.svg b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.svg rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.ttf b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.ttf rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff2 b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff2 rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-italic.woff2 diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.eot b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.eot similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.eot rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.eot diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.svg b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.svg rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.svg diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.ttf b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.ttf similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.ttf rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.ttf diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff diff --git a/hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff2 b/hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff2 similarity index 100% rename from hosts/forgejo-custom/public/assets/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff2 rename to hosts/gitea-custom/public/fonts/vollkorn-v21-latin-ext_latin_greek_cyrillic-regular.woff2 diff --git a/hosts/forgejo-custom/public/assets/img/apple-touch-icon.png b/hosts/gitea-custom/public/img/apple-touch-icon.png similarity index 100% rename from hosts/forgejo-custom/public/assets/img/apple-touch-icon.png rename to hosts/gitea-custom/public/img/apple-touch-icon.png diff --git a/hosts/forgejo-custom/public/assets/img/avatar_default.png b/hosts/gitea-custom/public/img/avatar_default.png similarity index 100% rename from hosts/forgejo-custom/public/assets/img/avatar_default.png rename to hosts/gitea-custom/public/img/avatar_default.png diff --git a/hosts/forgejo-custom/public/assets/img/favicon.png b/hosts/gitea-custom/public/img/favicon.png similarity index 100% rename from hosts/forgejo-custom/public/assets/img/favicon.png rename to hosts/gitea-custom/public/img/favicon.png diff --git a/hosts/forgejo-custom/public/assets/img/favicon.svg b/hosts/gitea-custom/public/img/favicon.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/img/favicon.svg rename to hosts/gitea-custom/public/img/favicon.svg diff --git a/hosts/forgejo-custom/public/assets/img/logo.png b/hosts/gitea-custom/public/img/logo.png similarity index 100% rename from hosts/forgejo-custom/public/assets/img/logo.png rename to hosts/gitea-custom/public/img/logo.png diff --git a/hosts/forgejo-custom/public/assets/img/logo.svg b/hosts/gitea-custom/public/img/logo.svg similarity index 100% rename from hosts/forgejo-custom/public/assets/img/logo.svg rename to hosts/gitea-custom/public/img/logo.svg diff --git a/hosts/forgejo-custom/templates/custom/extra_links_footer.tmpl b/hosts/gitea-custom/templates/custom/extra_links_footer.tmpl similarity index 100% rename from hosts/forgejo-custom/templates/custom/extra_links_footer.tmpl rename to hosts/gitea-custom/templates/custom/extra_links_footer.tmpl diff --git a/hosts/forgejo-custom/templates/custom/header.tmpl b/hosts/gitea-custom/templates/custom/header.tmpl similarity index 100% rename from hosts/forgejo-custom/templates/custom/header.tmpl rename to hosts/gitea-custom/templates/custom/header.tmpl diff --git a/hosts/forgejo-custom/templates/home.tmpl b/hosts/gitea-custom/templates/home.tmpl similarity index 100% rename from hosts/forgejo-custom/templates/home.tmpl rename to hosts/gitea-custom/templates/home.tmpl diff --git a/hosts/forgejo.nix b/hosts/gitea.nix similarity index 50% rename from hosts/forgejo.nix rename to hosts/gitea.nix index b167449..bb89abd 100644 --- a/hosts/forgejo.nix +++ b/hosts/gitea.nix @@ -2,17 +2,18 @@ let domain = "git.25120.org"; - forgejoCustom = pkgs.callPackage ../packages/directory.nix { - name = "forgejo-custom"; - source = ./forgejo-custom; + giteaCustom = pkgs.callPackage ../packages/directory.nix { + name = "gitea-custom"; + source = ./gitea-custom; }; in { - services.forgejo = { + services.gitea = { enable = true; + appName = "${domain}"; database = { type = "postgres"; - passwordFile = "/secrets/forgejo_db_password"; + passwordFile = "/secrets/gitea_db_password"; createDatabase = false; }; repositoryRoot = "/data/git/repositories"; @@ -41,7 +42,7 @@ in input_file="$1" command="${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic" - cache_directory="${config.services.forgejo.stateDir}/markup_cache/jupyter" + cache_directory="${config.services.gitea.stateDir}/markup_cache/jupyter" max_cache_file_count="${toString max_cached_jupyter_notebooks}" cache_file="$cache_directory/$(md5sum "$input_file" | cut -d' ' -f1)" @@ -64,7 +65,6 @@ in ''; in { - DEFAULT.APP_NAME = "${domain}"; server = { SSH_PORT = lib.head config.services.openssh.ports; ROOT_URL = "https://${domain}/"; @@ -73,43 +73,42 @@ in }; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; - UI.DEFAULT_THEME = "forgejo-auto"; "markup.restructuredtext" = { ENABLED = true; FILE_EXTENSIONS = ".rst"; RENDER_COMMAND = "${docutils}/bin/rst2html.py"; IS_INPUT_FILE = false; }; - "markup.jupyter" = { - ENABLED = true; - FILE_EXTENSIONS = ".ipynb"; - # RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \""; - RENDER_COMMAND = "\"${cached_jupyter_preview} \""; - IS_INPUT_FILE = true; - # RENDER_CONTENT_MODE = "iframe"; - }; - "markup.sanitizer.jupyter.div" = { ELEMENT = "div"; ALLOW_ATTR = "class"; REGEXP = ""; }; - "markup.sanitizer.jupyter.span" = { ELEMENT = "span"; ALLOW_ATTR = "class"; REGEXP = ""; }; - "markup.sanitizer.jupyter.img" = { ELEMENT = "img"; ALLOW_ATTR = "class"; REGEXP = ""; ALLOW_DATA_URI_IMAGES = "true"; }; - "markup.sanitizer.jupyter.svg.width" = { ELEMENT = "svg"; ALLOW_ATTR = "width"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.height" = { ELEMENT = "svg"; ALLOW_ATTR = "height"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.viewbox" = { ELEMENT = "svg"; ALLOW_ATTR = "viewbox"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.use" = { ELEMENT = "use"; ALLOW_ATTR = "transform"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.g" = { ELEMENT = "g"; ALLOW_ATTR = "class"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.path.style" = { ELEMENT = "path"; ALLOW_ATTR = "style"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.path.d" = { ELEMENT = "path"; ALLOW_ATTR = "d"; REGEXP = ""; }; - "markup.sanitizer.jupyter.svg.path.transform" = { ELEMENT = "path"; ALLOW_ATTR = "transform"; REGEXP = ""; }; + # "markup.jupyter" = { + # ENABLED = true; + # FILE_EXTENSIONS = ".ipynb"; + # # RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \""; + # RENDER_COMMAND = "\"${cached_jupyter_preview} \""; + # IS_INPUT_FILE = true; + # # RENDER_CONTENT_MODE = "iframe"; + # }; + # "markup.sanitizer.jupyter.div" = { ELEMENT = "div"; ALLOW_ATTR = "class"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.span" = { ELEMENT = "span"; ALLOW_ATTR = "class"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.img" = { ELEMENT = "img"; ALLOW_ATTR = "class"; REGEXP = ""; ALLOW_DATA_URI_IMAGES = "true"; }; + # "markup.sanitizer.jupyter.svg.width" = { ELEMENT = "svg"; ALLOW_ATTR = "width"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.height" = { ELEMENT = "svg"; ALLOW_ATTR = "height"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.viewbox" = { ELEMENT = "svg"; ALLOW_ATTR = "viewbox"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.use" = { ELEMENT = "use"; ALLOW_ATTR = "transform"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.g" = { ELEMENT = "g"; ALLOW_ATTR = "class"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.path.style" = { ELEMENT = "path"; ALLOW_ATTR = "style"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.path.d" = { ELEMENT = "path"; ALLOW_ATTR = "d"; REGEXP = ""; }; + # "markup.sanitizer.jupyter.svg.path.transform" = { ELEMENT = "path"; ALLOW_ATTR = "transform"; REGEXP = ""; }; }; }; services.postgresql = { enable = true; authentication = '' - local forgejo all ident map=forgejo-users + local gitea all ident map=gitea-users ''; - # Map the forgejo user to postgresql + # Map the gitea user to postgresql identMap = '' - forgejo-users forgejo forgejo + gitea-users gitea gitea ''; }; @@ -123,40 +122,17 @@ in enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:3001/"; - extraConfig = '' - # Maximum upload file size for git-lfs - client_max_body_size 100M; - - set_real_ip_from 127.0.0.1; - set_real_ip_from ::1; - real_ip_header proxy_protocol; - - access_log /var/log/nginx/access.${domain}.log combined_realip; - ''; - locations."/awstats/" = { - basicAuthFile = "/secrets/webstats_auth"; - }; }; }; - services.awstats = { - enable = true; - updateAt = "hourly"; - configs."${domain}" = { - logFile = "/var/log/nginx/access.${domain}.log"; - domain = domain; - webService.enable = true; - }; - }; - - # users.users.forgejo.extraGroups = [ "keys" ]; - systemd.services.forgejo = { + # users.users.gitea.extraGroups = [ "keys" ]; + systemd.services.gitea = { serviceConfig = { ReadOnlyPaths = [ "/secrets" ]; }; preStart = '' - cp -frT "${forgejoCustom}/" "${config.services.forgejo.stateDir}/custom/" - find "${config.services.forgejo.stateDir}/custom/" -type d -exec chmod 0750 '{}' + -or -type f -exec chmod 0640 '{}' + + cp -frT "${giteaCustom}/" "${config.services.gitea.stateDir}/custom/" + find "${config.services.gitea.stateDir}/custom/" -type d -exec chmod 0750 '{}' + -or -type f -exec chmod 0640 '{}' + ''; }; diff --git a/hosts/gnome.nix b/hosts/gnome.nix index 08b1aca..41ab98f 100644 --- a/hosts/gnome.nix +++ b/hosts/gnome.nix @@ -11,7 +11,6 @@ autoLogin.user = "fruchti"; }; security.pam.services.gdm.enableGnomeKeyring = true; - services.gnome.gnome-keyring.enable = true; services.touchegg.enable = true; services.gnome.gnome-settings-daemon.enable = true; diff --git a/hosts/hedgedoc.nix b/hosts/hedgedoc.nix index 8f57ff0..336db42 100644 --- a/hosts/hedgedoc.nix +++ b/hosts/hedgedoc.nix @@ -5,6 +5,7 @@ in { services.hedgedoc = { enable = true; + workDir = "/data/hedgedoc"; environmentFile = "/secrets/hedgedoc.env"; settings = { port = 7000; @@ -38,7 +39,9 @@ in ensureUsers = [ { name = "hedgedoc"; - ensureDBOwnership = true; + ensurePermissions = { + "DATABASE hedgedoc" = "ALL PRIVILEGES"; + }; } ]; ensureDatabases = [ "hedgedoc" ]; diff --git a/hosts/kde.nix b/hosts/kde.nix deleted file mode 100644 index 229d1b3..0000000 --- a/hosts/kde.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, ... }: -{ - services.displayManager = { - enable = true; - sddm.enable = true; - sddm.wayland.enable = true; - defaultSession = "plasma"; - autoLogin = { - user = "fruchti"; - enable = true; - }; - }; - - security.pam.services.sddm = { - enableKwallet = true; - }; - - services.desktopManager.plasma6.enable = true; - - # Sound - # security.rtkit.enable = true; - # services.pipewire = { - # enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - # pulse.enable = true; - # }; - services.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - extraConfig = '' - load-module module-switch-on-connect - ''; - }; - services.pipewire.enable = false; - - xdg = { - portal = { - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - }; - }; - - programs.kdeconnect.enable = true; -} diff --git a/hosts/mpd.nix b/hosts/mpd.nix index 60b84b6..29ad661 100644 --- a/hosts/mpd.nix +++ b/hosts/mpd.nix @@ -38,13 +38,12 @@ in ''; }; - services.pulseaudio = { + hardware.pulseaudio = { enable = true; systemWide = true; tcp.enable = true; tcp.anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; }; - services.pipewire.enable = false; users.extraGroups.pulse-access = { members = [ "mpd" ]; @@ -58,7 +57,7 @@ in chmod 755 /run/pulse ''; - environment.systemPackages = with pkgs; [ mpc ]; + environment.systemPackages = with pkgs; [ mpc-cli ]; networking.firewall.allowedTCPPorts = [ config.services.mpd.network.port httpStreamPort ]; } diff --git a/hosts/nextcloud.nix b/hosts/nextcloud.nix index cc961f0..fd907d5 100644 --- a/hosts/nextcloud.nix +++ b/hosts/nextcloud.nix @@ -6,24 +6,20 @@ in services.nextcloud = { enable = true; https = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud26; hostName = hostName; datadir = "/data/nextcloud"; - settings = { - trusted_domains = [ - ((lib.toLower config.networking.hostName) + ".lan") - (lib.toLower config.networking.hostName) - ]; - blacklisted_files = []; - trashbin_retention_obligation = "auto, 14"; - "simpleSignUpLink.shown" = false; - }; config = { dbtype = "pgsql"; dbhost = "/run/postgresql"; adminpassFile = "/secrets/nextcloud_admin_password.txt"; + extraTrustedDomains = [ + ((lib.toLower config.networking.hostName) + ".lan") + (lib.toLower config.networking.hostName) + ]; }; caching.redis = true; + enableBrokenCiphersForSSE = false; }; services.postgresql = { @@ -31,14 +27,16 @@ in ensureUsers = [ { name = "nextcloud"; - ensureDBOwnership = true; + ensurePermissions = { + "DATABASE nextcloud" = "ALL PRIVILEGES"; + }; + } + { + name = "superuser"; + ensurePermissions = { + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; } - # { - # name = "superuser"; - # ensurePermissions = { - # "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - # }; - # } ]; ensureDatabases = [ "nextcloud" ]; }; @@ -49,41 +47,13 @@ in after = ["postgresql.service"]; }; - networking.firewall.allowedTCPPorts = [ 80 443 4431 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { virtualHosts.${hostName} = { forceSSL = true; enableACME = true; }; - defaultListen = [ - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 80; - ssl = false; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - { - addr = "[::]"; - port = 4431; - ssl = true; - proxyProtocol = true; - } - ]; }; users.extraGroups.music = { diff --git a/migrations/open_pgsql.nix b/hosts/open-pgsql.nix similarity index 100% rename from migrations/open_pgsql.nix rename to hosts/open-pgsql.nix diff --git a/hosts/tls_sni.nix b/hosts/tls_sni.nix index 58e2195..ec4d7ee 100644 --- a/hosts/tls_sni.nix +++ b/hosts/tls_sni.nix @@ -3,54 +3,30 @@ services.nginx = { streamConfig = '' map $ssl_preread_server_name $target_backend { - default rupert; - md.gvfr.de rupert; - rupert.gvfr.de rupert; - git.25120.org localserv; + md.gvfr.de rupert; + default localserv; } upstream rupert { - zone upstream_rupert 64k; - - server rupert.gvfr.de:4431 resolve; - resolver 9.9.9.9 ipv4=off ipv6=on; + server rupert.gvfr.de:443; } upstream localserv { - server 127.0.0.1:4431; + server localhost:4431; } server { listen 443; - ssl_preread on; - proxy_protocol on; + + # proxy_connect_timeout 1s; + # proxy_timeout 3s; + # resolver 1.1.1.1; + proxy_pass $target_backend; + ssl_preread on; } ''; - defaultListen = [ - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - { - addr = "[::0]"; - port = 80; - ssl = false; - } - { - addr = "0.0.0.0"; - port = 4431; - ssl = true; - proxyProtocol = true; - } - { - addr = "[::0]"; - port = 4431; - ssl = true; - proxyProtocol = true; - } - ]; + defaultSSLListenPort = 4431; }; } diff --git a/hosts/x270.nix b/hosts/x270.nix index 1fc9ee7..70b3ef0 100644 --- a/hosts/x270.nix +++ b/hosts/x270.nix @@ -1,19 +1,27 @@ { lib, pkgs, ... }: { - imports = [ - - ]; hardware.trackpoint = { enable = true; sensitivity = 230; speed = 170; }; - hardware.graphics = { + services.xserver.videoDrivers = [ "modesetting" ]; + + boot.initrd.kernelModules = [ "i915" ]; + hardware.opengl = { enable = true; # driSupport = true; # driSupport32Bit = true; }; + environment.variables = { + VDPAU_DRIVER = "va_gl"; + }; + hardware.opengl.extraPackages = with pkgs; [ + (if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then vaapiIntel else intel-vaapi-driver) + libvdpau-va-gl + intel-media-driver + ]; console = { font = "Lat2-Terminus16"; diff --git a/hosts/xfce.nix b/hosts/xfce.nix deleted file mode 100644 index b44492b..0000000 --- a/hosts/xfce.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, pkgs, ... }: -{ - services.xserver = { - enable = true; - desktopManager = { - xfce= { - enable = true; - enableXfwm = true; - }; - xterm.enable = false; - }; - displayManager = { - lightdm.enable = true; - }; - }; - services.displayManager = { - gdm.wayland = false; - defaultSession = "xfce"; - autoLogin.enable = true; - autoLogin.user = "fruchti"; - }; - services.libinput.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - hardware.bluetooth.enable = true; - services.blueman.enable = true; - # environment.xfce.excludePackages = with pkgs.xfce; [ - # xfce4-terminal - # ]; - environment.systemPackages = with pkgs; [ - xfce.xfce4-whiskermenu-plugin - xfce.xfce4-pulseaudio-plugin - xfce.xfce4-volumed-pulse - xfce.xfwm4-themes - pinentry-gtk2 - lounge-gtk-theme - hackneyed - blueman - file-roller - gnome-font-viewer - ]; - security.pam.services.lightdm.enableGnomeKeyring = true; - services.gnome.gnome-keyring.enable = true; - - services.cpupower-gui.enable = true; - - programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2; - services.pcscd.enable = true; - services.dbus.packages = [ pkgs.gcr ]; -} diff --git a/migrations/pgsql_upgrade.nix b/migrations/pgsql_upgrade.nix deleted file mode 100644 index 6aeb991..0000000 --- a/migrations/pgsql_upgrade.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - environment.systemPackages = [( - let - # XXX specify the postgresql package you'd like to upgrade to. - # Do not forget to list the extensions you need. - newPostgres = pkgs.postgresql_16.withPackages (pp: [ - # pp.plv8 - ]); - cfg = config.services.postgresql; - in - pkgs.writeScriptBin "upgrade-pg-cluster" '' - set -eux - # XXX it's perhaps advisable to stop all services that depend on postgresql - systemctl stop postgresql - - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - export NEWBIN="${newPostgres}/bin" - - export OLDDATA="${cfg.dataDir}" - export OLDBIN="${cfg.finalPackage}/bin" - - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} - - sudo -u postgres "$NEWBIN/pg_upgrade" \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ - "$@" - '' - )]; -} diff --git a/options/auto-upgrade.nix b/options/auto-upgrade.nix index 80f83a9..0809236 100644 --- a/options/auto-upgrade.nix +++ b/options/auto-upgrade.nix @@ -36,225 +36,191 @@ in User used for the `git pull` operation (if `gitPull` is enabled). ''; }; - rebootIgnoreUsersActive = mkOption { - type = types.listOf types.str; - default = []; - description = mdDoc '' - If reboots are allowed, active users will prohibit a reboot. Users listed here are ignored from that check. - ''; - }; }; config = mkIf cfg.enable { email.enable = true; - systemd.services.nixos-upgrade = { - serviceConfig.TimeoutStartSec = "2h"; - script = mkOverride 50 ( - let - nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild"; - nix-store = "${pkgs.nix}/bin/nix-store"; - diff = "${pkgs.diffutils}/bin/diff"; - grep = "${pkgs.gnugrep}/bin/grep"; - git = "${pkgs.git}/bin/git"; - ssh = "${pkgs.openssh}/bin/ssh"; - sudo = "${pkgs.sudo}/bin/sudo"; - shutdown = "${config.systemd.package}/bin/shutdown"; - sendmail = "${pkgs.system-sendmail}/bin/sendmail"; - upgradeFlag = optional (cfg.channel == null) "--upgrade"; - in '' - set -o pipefail + systemd.services.nixos-upgrade.script = mkOverride 50 ( + let + nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild"; + nix-store = "${pkgs.nix}/bin/nix-store"; + diff = "${pkgs.diffutils}/bin/diff"; + git = "${pkgs.git}/bin/git"; + ssh = "${pkgs.openssh}/bin/ssh"; + sudo = "${pkgs.sudo}/bin/sudo"; + shutdown = "${config.systemd.package}/bin/shutdown"; + sendmail = "${pkgs.system-sendmail}/bin/sendmail"; + upgradeFlag = optional (cfg.channel == null) "--upgrade"; + in '' + set -o pipefail - indent() - { - while read -r line ; do - echo " $line" - done <<< "$1" - } + indent() + { + while read -r line ; do + echo " $line" + done <<< "$1" + } - start_time="$(date)" - reboot_allowed="no" - activate_configuration="yes" - do_reboot="no" - exit_code=0 + start_time="$(date)" + reboot_allowed="no" + activate_configuration="yes" + do_reboot="no" + exit_code=0 - ${optionalString cfg.allowReboot '' - reboot_allowed="yes" + ${optionalString cfg.allowReboot '' + reboot_allowed="yes" - ${optionalString (cfg.rebootWindow != null) '' - current_time="$(${date} +%H:%M)" - lower="${cfg.rebootWindow.lower}" - upper="${cfg.rebootWindow.upper}" - if [[ "''${lower}" < "''${upper}" ]]; then - if [[ "''${current_time}" > "''${lower}" ]] && \ - [[ "''${current_time}" < "''${upper}" ]]; then - reboot_allowed="yes" - else - reboot_allowed="no" - fi + ${optionalString (cfg.rebootWindow != null) '' + current_time="$(${date} +%H:%M)" + lower="${cfg.rebootWindow.lower}" + upper="${cfg.rebootWindow.upper}" + if [[ "''${lower}" < "''${upper}" ]]; then + if [[ "''${current_time}" > "''${lower}" ]] && \ + [[ "''${current_time}" < "''${upper}" ]]; then + reboot_allowed="yes" else - # lower > upper, so we are crossing midnight (e.g. lower=23h, upper=6h) - # we want to reboot if cur > 23h or cur < 6h - if [[ "''${current_time}" < "''${upper}" ]] || \ - [[ "''${current_time}" > "''${lower}" ]]; then - reboot_allowed="yes" - else - reboot_allowed="no" - fi + reboot_allowed="no" fi - ''} - ''} - - output_file="$(mktemp)" - send_email=no - email_subject_additions= - - ${optionalString cfg.gitPull '' - { - cd /etc/nixos - echo "→ Refreshing git repository at /etc/nixos." | tee -a "$output_file" - if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${optionalString (cfg.gitUser != null) ''${sudo} -nu ${cfg.gitUser} ''}${git} pull 2>&1 | tee -a "$output_file" ; then - send_email=yes - email_subject_additions="$email_subject_additions, errors during git pull" - fi - } - ''} - - echo "→ Running upgrade." | tee -a "$output_file" - ${nixos-rebuild} boot ${toString (cfg.flags ++ upgradeFlag)} 2>&1 | tee -a "$output_file" || exit_code=$? - - email_subject="Upgrade succeeded" - email_body="The system upgrade started at $start_time has succeeded." - if [ "$exit_code" -ne 0 ] ; then - send_email=yes - email_subject="Upgrade failed (exit code $exit_code)" - email_body="The system upgrade started at $start_time has failed with exit code $exit_code." + else + # lower > upper, so we are crossing midnight (e.g. lower=23h, upper=6h) + # we want to reboot if cur > 23h or cur < 6h + if [[ "''${current_time}" < "''${upper}" ]] || \ + [[ "''${current_time}" > "''${lower}" ]]; then + reboot_allowed="yes" else - echo "→ Determining package differences." | tee -a "$output_file" - installed_packages() - { - ${nix-store} --query --requisites "$1" | cut -d- -f2- | sort | uniq - } - current_packages="$(installed_packages /run/current-system)" - built_packages="$(installed_packages /nix/var/nix/profiles/system)" - ${diff} -y --suppress-common-lines --width=71 \ - <(printf "Current generation\n------------------\n%s" "$current_packages") \ - <(printf "New generation\n--------------\n%s" "$built_packages") \ - | tee -a "$output_file" || true - - booted_version="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" - built_version="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" - - echo "→ Checking if a reboot is needed." | tee -a "$output_file" - if [ "$booted_version" != "$built_version" ] ; then - version_comparison="$(cat <<-EOF - The booted kernel version - $(indent "$booted_version") - does not match the newly built - $(indent "$built_version") - . - EOF - )" - echo "$version_comparison" - send_email=yes - email_body="$(cat <<-EOF - $email_body - - - A reboot is required, because: - ------------------------------ - $version_comparison - EOF - )" - activate_configuration="no" - - if [ "$reboot_allowed" = "yes" ] ; then - echo "→ Checking if a reboot is allowed." | tee -a "$output_file" - - # Check if any user sessions are open - active_users=$(users | tr ' ' '\n' | sort | uniq | ${grep} -vE '^(${concatStringsSep "|" cfg.rebootIgnoreUsersActive})$' || true) - if [ -n "$active_users" ] ; then - reboot_allowed=no - email_body="$(printf "%s\n%s\n%s" "$email_body" "The system cannot reboot since the following users are active:" "$active_users")" - echo "$(echo $active_users | wc -l) active users blocking reboot." | tee -a "$output_file" - fi - - ${optionalString config.virtualisation.libvirtd.enable '' - # Check if virtual machines are running - active_vms=$(${pkgs.libvirt}/bin/virsh list --state-running --no-autostart --id --name || true) - if [ -n "$active_vms" ] ; then - reboot_allowed=no - email_body="$(printf "%s\n%s\n%s" "$email_body" "The system cannot reboot since the following virtual machines are active:" "$active_vms")" - echo "$(echo $active_vms | wc -l) active VMs blocking reboot." | tee -a "$output_file" - fi - ''} - fi - - if [ "$reboot_allowed" = "yes" ] && [ $exit_code -eq 0 ] ; then - email_body="$(printf "%s\n%s" "$email_body" "The system will reboot now.")" - do_reboot="yes" - activate_configuration="yes" - email_subject_additions="$email_subject_additions, system will reboot" - else - email_body="$(printf "%s\n%s" "$email_body" "The upgraded configuration will be activated on the next reboot.")" - email_subject_additions="$email_subject_additions, reboot required" - fi - fi - - ${optionalString (cfg.operation == "switch") '' - if [ "$activate_configuration" = "yes" ] ; then - echo "→ Activating new configuration." | tee -a "$output_file" - ${nixos-rebuild} switch ${toString cfg.flags} 2>&1 | tee -a "$output_file" || exit_code=$? - fi - ''} + reboot_allowed="no" fi + fi + ''} + ''} - upgrade_output="$(cat "$output_file")" - rm -f "$output_file" + output_file="$(mktemp)" + send_email=no + email_subject_additions= - possible_warnings="$(${grep} -e "^\(warning\|trace\|evaluation warning\):" <<<"$upgrade_output" || true)" - if [ "$possible_warnings" != "" ] ; then + ${optionalString cfg.gitPull '' + { + cd /etc/nixos + echo "→ Refreshing git repository at /etc/nixos." | tee -a "$output_file" + if ! ${optionalString (cfg.gitDeploymentKeyFile != null) ''GIT_SSH_COMMAND='${ssh} -i "${cfg.gitDeploymentKeyFile}" -o IdentitiesOnly=yes' ''}${optionalString (cfg.gitUser != null) ''${sudo} -nu ${cfg.gitUser} ''}${git} pull 2>&1 | tee -a "$output_file" ; then send_email=yes - email_subject_additions="$email_subject_additions with warnings" - email_body="$(cat <<-EOF - $email_body + email_subject_additions="$email_subject_additions, errors during git pull" + fi + } + ''} + echo "→ Running upgrade." | tee -a "$output_file" + ${nixos-rebuild} boot ${toString (cfg.flags ++ upgradeFlag)} 2>&1 | tee -a "$output_file" || exit_code=$? - These trace messages and warnings were encountered: - --------------------------------------------------- - $possible_warnings - EOF + email_subject="Upgrade succeeded" + email_body="The system upgrade started at $start_time has succeeded." + if [ "$exit_code" -ne 0 ] ; then + send_email=yes + email_subject="Upgrade failed (exit code $exit_code)" + email_body="The system upgrade started at $start_time has failed with exit code $exit_code." + else + echo "→ Determining package differences." | tee -a "$output_file" + installed_packages() + { + ${nix-store} --query --requisites "$1" | cut -d- -f2- | sort | uniq + } + current_packages="$(installed_packages /run/current-system)" + built_packages="$(installed_packages /nix/var/nix/profiles/system)" + ${diff} -y --suppress-common-lines --width=71 \ + <(printf "Current generation\n------------------\n%s" "$current_packages") \ + <(printf "New generation\n--------------\n%s" "$built_packages") \ + | tee -a "$output_file" || true + + booted_version="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" + built_version="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" + + echo "→ Checking if a reboot is needed." | tee -a "$output_file" + if [ "$booted_version" != "$built_version" ] ; then + version_comparison="$(cat <<-EOF + The booted kernel version + $(indent "$booted_version") + does not match the newly built + $(indent "$built_version") + . + EOF )" + echo "$version_comparison" + send_email=yes + email_body="$(cat <<-EOF + $email_body + + + A reboot is required, because: + ------------------------------ + $version_comparison + EOF + )" + activate_configuration="no" + if [ "$reboot_allowed" = "yes" ] && [ $exit_code -eq 0 ] ; then + email_body="$(printf "%s\n%s" "$email_body" "The system will reboot now.")" + do_reboot="yes" + activate_configuration="yes" + email_subject_additions="$email_subject_additions, system will reboot" + else + email_body="$(printf "%s\n%s" "$email_body" "The upgraded configuration will be activated on the next reboot.")" + email_subject_additions="$email_subject_additions, reboot required" + fi fi - ${optionalString cfg.sendEmail '' - if [ "$send_email" = "yes" ] ; then - echo "→ Sending e-mail to ${toAddress}." - ${sendmail} -t -X - <<-EOF - To: ${toAddress} - From: ${fromIdentity} - Subject: $email_subject$email_subject_additions - Content-Transfer-Encoding: 8bit - Content-Type: text/plain; charset=UTF-8 - X-Priority: 3 - - $email_body - - - Full upgrade output: - -------------------- - $upgrade_output - EOF + ${optionalString (cfg.operation == "switch") '' + if [ "$activate_configuration" = "yes" ] ; then + echo "→ Activating new configuration." | tee -a "$output_file" + ${nixos-rebuild} switch ${toString cfg.flags} 2>&1 | tee -a "$output_file" || exit_code=$? fi ''} + fi - if [ "$do_reboot" = "yes" ] ; then - echo "→ Rebooting system." - ${shutdown} -r +1 - fi + upgrade_output="$(cat "$output_file")" + rm -f "$output_file" - exit $exit_code - '' - ); - }; + possible_warnings="$(grep -e "^\(warning\|trace\):" <<<"$upgrade_output" || true)" + if [ "$possible_warnings" != "" ] ; then + send_email=yes + email_subject_additions="$email_subject_additions with warnings" + email_body="$(cat <<-EOF + $email_body + + + These trace messages and warnings were encountered: + --------------------------------------------------- + $possible_warnings + EOF + )" + fi + + ${optionalString cfg.sendEmail '' + if [ "$send_email" = "yes" ] ; then + echo "→ Sending e-mail to ${toAddress}." + ${sendmail} -t -X - <<-EOF + To: ${toAddress} + From: ${fromIdentity} + Subject: $email_subject$email_subject_additions + Content-Transfer-Encoding: 8bit + Content-Type: text/plain; charset=UTF-8 + X-Priority: 3 + + $email_body + + + Full upgrade output: + -------------------- + $upgrade_output + EOF + fi + ''} + + if [ "$do_reboot" = "yes" ] ; then + echo "→ Rebooting system." + ${shutdown} -r +1 + fi + + exit $exit_code + '' + ); }; } diff --git a/options/dyndns.nix b/options/dyndns.nix index 90aac18..09ea088 100644 --- a/options/dyndns.nix +++ b/options/dyndns.nix @@ -63,7 +63,7 @@ in dyndns_user="${cfg.username}" dyndns_password="$(cat "${cfg.passwordFile}")" - new_ip=$(${pkgs.iproute2}/bin/ip -6 a show scope global -temporary dev "$interface" | ${pkgs.gnused}/bin/sed -n -E 's/^\ *inet6\ (2001(:[0-9a-f]+)+).*$/\1/p' | head -1) + new_ip=$(${pkgs.iproute}/bin/ip -6 a show scope global -temporary dev "$interface" | ${pkgs.gnused}/bin/sed -n -E 's/^\ *inet6\ (2001(:[0-9a-f]+)+).*$/\1/p' | head -1) if [ -z "$new_ip" ] ; then echo "Could not determine IP address." diff --git a/options/email.nix b/options/email.nix index 244e891..62f631c 100644 --- a/options/email.nix +++ b/options/email.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; let cfg = config.email; @@ -37,7 +37,7 @@ in default = { auth = true; host = "gvfr.de"; - passwordeval = "${pkgs.coreutils}/bin/cat /secrets/email_password.txt"; + passwordeval = "cat /secrets/email_password.txt"; user = cfg.fromAddress; from = cfg.fromAddress; port = 465; diff --git a/options/status-email.nix b/options/status-email.nix index 9477ab7..4dfaa74 100644 --- a/options/status-email.nix +++ b/options/status-email.nix @@ -20,7 +20,7 @@ in to="${toAddress}" service="$1" full_status="$(systemctl status --full --lines 200 "$service")" - exit_code="$(echo "$full_status" | head -n5 | tail -1 | sed -e 's/.*ExecStart=.*status=\(.*\))$/\1/g')" + exit_code="$(echo "$full_status" | head -n5 | tail -1 | sed -e 's/.*status=\(.*\))$/\1/g')" # state="$(systemctl is-failed "$service")" fail_priority=1 diff --git a/packages/cura-appimage.nix b/packages/cura-appimage.nix deleted file mode 100644 index 9de879e..0000000 --- a/packages/cura-appimage.nix +++ /dev/null @@ -1,131 +0,0 @@ -{ - lib, - stdenv, - stdenvNoCC, - fetchurl, - writeScriptBin, - appimageTools, - copyDesktopItems, - makeDesktopItem, - nix-update-script, - wrapGAppsHook3, -}: - -stdenvNoCC.mkDerivation rec { - pname = "cura-appimage"; - version = "5.9.0"; - - # Give some good names so the intermediate packages are easy - # to recognise by name in the Nix store. - appimageBinName = "cura-appimage-tools-output"; - wrapperScriptName = "${pname}-wrapper-script"; - - src = fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/Ultimaker-Cura-${version}-linux-X64.AppImage"; - hash = "sha256-STtVeM4Zs+PVSRO3cI0LxnjRDhOxSlttZF+2RIXnAp4="; - }; - - appimageContents = appimageTools.extract { - inherit pname version src; - }; - - curaAppimageToolsWrapped = appimageTools.wrapType2 { - inherit src; - # For `appimageTools.wrapType2`, `pname` determines the binary's name in `bin/`. - pname = appimageBinName; - inherit version; - extraPkgs = _: [ ]; - }; - - # The `QT_QPA_PLATFORM=xcb` fixes Wayland support, see https://github.com/NixOS/nixpkgs/issues/186570#issuecomment-2526277637 - # The `GTK_USE_PORTAL=1` fixes file dialog issues under Gnome, see https://github.com/NixOS/nixpkgs/pull/372614#issuecomment-2585663161 - script = writeScriptBin wrapperScriptName '' - #!${stdenv.shell} - # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. - # So we convert each of the files passed as argument to an absolute path. - # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. - - args=() - for a in "$@"; do - if [ -e "$a" ]; then - a="$(realpath "$a")" - fi - args+=("$a") - done - QT_QPA_PLATFORM=xcb GTK_USE_PORTAL=1 exec "${curaAppimageToolsWrapped}/bin/${appimageBinName}" "''${args[@]}" - ''; - - dontUnpack = true; - - nativeBuildInputs = [ - copyDesktopItems - wrapGAppsHook3 - ]; - desktopItems = [ - # Based on upstream. - # https://github.com/Ultimaker/Cura/blob/382b98e8b0c910fdf8b1509557ae8afab38f1817/packaging/AppImage/cura.desktop.jinja - (makeDesktopItem { - name = "cura"; - desktopName = "UltiMaker Cura"; - genericName = "3D Printing Software"; - comment = meta.longDescription; - exec = "cura"; - icon = "cura-icon"; - terminal = false; - type = "Application"; - mimeTypes = [ - "model/stl" - "application/vnd.ms-3mfdocument" - "application/prs.wavefront-obj" - "image/bmp" - "image/gif" - "image/jpeg" - "image/png" - "text/x-gcode" - "application/x-amf" - "application/x-ply" - "application/x-ctm" - "model/vnd.collada+xml" - "model/gltf-binary" - "model/gltf+json" - "model/vnd.collada+xml+zip" - ]; - categories = [ "Graphics" ]; - keywords = [ - "3D" - "Printing" - ]; - }) - ]; - - installPhase = '' - runHook preInstall - - mkdir -p $out/bin - cp ${script}/bin/${wrapperScriptName} $out/bin/cura - - mkdir -p $out/share/applications $out/share/icons/hicolor/128x128/apps - install -Dm644 ${appimageContents}/usr/share/icons/hicolor/128x128/apps/cura-icon.png $out/share/icons/hicolor/128x128/apps/cura-icon.png - - runHook postInstall - ''; - - passthru.updateScript = nix-update-script { extraArgs = [ "--version-regex=([56789].+)" ]; }; - - meta = { - description = "3D printing software"; - homepage = "https://github.com/ultimaker/cura"; - changelog = "https://github.com/Ultimaker/Cura/releases/tag/${version}"; - longDescription = '' - Cura converts 3D models into paths for a 3D printer. It prepares your print for maximum accuracy, minimum printing time and good reliability with many extra features that make your print come out great. - ''; - license = lib.licenses.lgpl3Plus; - platforms = [ "x86_64-linux" ]; - mainProgram = "cura"; - maintainers = with lib.maintainers; [ - pbek - nh2 - fliegendewurst - ]; - }; -}