diff options
| -rw-r--r-- | devShells/c.nix | 28 | ||||
| -rw-r--r-- | devShells/default.nix | 2 | ||||
| -rw-r--r-- | flake.lock | 77 | ||||
| -rw-r--r-- | flake.nix | 3 | ||||
| -rw-r--r-- | lib/default.nix | 51 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 4 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia2.nix | 4 | ||||
| -rw-r--r-- | nixos/configurations/errol.nix | 6 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 45 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 6 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox.nix | 2 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox2.nix | 2 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 86 | ||||
| -rw-r--r-- | nixos/modules/backup.nix | 63 | ||||
| -rw-r--r-- | nixos/modules/desktop.nix | 20 | ||||
| -rw-r--r-- | nixos/modules/gaming.nix | 20 | ||||
| -rw-r--r-- | nixos/modules/generic.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/wifi-client.nix | 2 | ||||
| -rw-r--r-- | pkgs/default.nix | 32 | ||||
| -rw-r--r-- | pkgs/dodo/default.nix | 37 | ||||
| -rw-r--r-- | pkgs/sdcv/default.nix | 33 |
22 files changed, 281 insertions, 245 deletions
diff --git a/devShells/c.nix b/devShells/c.nix index e5ca0a6..5798129 100644 --- a/devShells/c.nix +++ b/devShells/c.nix @@ -45,17 +45,23 @@ pkgs.mkShell { SDL2 libffi.dev - # Qt6 - qt6.qttools - qt6.qtbase - qt6.qttranslations - qt6.qtserialport - qt6.qtwebsockets - qt6.qtcharts - qt6.qtsvg - qt6.qtnetworkauth - qt6.qtwayland - qt6.wrapQtAppsHook + # Qt + #qt6.qttools + #qt6.qtbase + #qt6.qttranslations + #qt6.qtserialport + #qt6.qtwebsockets + #qt6.qtcharts + #qt6.qtsvg + #qt6.qtnetworkauth + #qt6.qtwayland + #qt6.wrapQtAppsHook + libsForQt5.qtbase + libsForQt5.qttranslations + libsForQt5.qtserialport + libsForQt5.qtwebsockets + libsForQt5.qtcharts + libsForQt5.qtwayland ]; meta.platforms = pkgs.lib.platforms.linux; } diff --git a/devShells/default.nix b/devShells/default.nix index 882f828..d09fa70 100644 --- a/devShells/default.nix +++ b/devShells/default.nix @@ -1,4 +1,6 @@ pkgs: rec { c = import ./c.nix pkgs; + musl = import ./c.nix pkgs.pkgsMusl; + #llvm = import ./c.nix pkgs.pkgsLLVM; apo = import ./apo.nix pkgs c; } @@ -48,11 +48,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -113,11 +113,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -130,11 +130,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -201,11 +201,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725716377, - "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", + "lastModified": 1730874081, + "narHash": "sha256-VK7LkfdcpUi8tqcgMIYY2jejDh4O3MNw9An0FcKveRQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", + "rev": "12ad8c1bf13ff15ffa6afe82c59b4af0b9226035", "type": "github" }, "original": { @@ -245,16 +245,15 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725857262, - "narHash": "sha256-m9n0PncgZepVgmjOO1rfVXMgUACDOwZbhjSRjJ/NUpM=", + "lastModified": 1730831018, + "narHash": "sha256-2S0HwIFRxYp+afuoFORcZA9TjryAf512GmE0MTfEOPU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5af6aefbcc55670e36663fd1f8a796e1e323001a", + "rev": "8c4dc69b9732f6bbe826b5fbb32184987520ff26", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable-small", "type": "indirect" } }, @@ -288,11 +287,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1724300212, - "narHash": "sha256-x3jl6OWTs+L9C7EtscuWZmGZWI0iSBDafvg3X7JMa1A=", + "lastModified": 1730272153, + "narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4", + "rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", "type": "github" }, "original": { @@ -302,11 +301,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1722141560, - "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=", + "lastModified": 1730272153, + "narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160", + "rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", "type": "github" }, "original": { @@ -349,11 +348,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1718186830, - "narHash": "sha256-gWvYesgp4/ZHuZZDpSSgpNm/lFGLAZaBnVw1MG0eHC4=", + "lastModified": 1727966952, + "narHash": "sha256-G/ofZSjuUtuTl9TYtcZHl6OyFQ6GOTx1RfiHHM5t4VY=", "ref": "refs/heads/master", - "rev": "07c3c94e37721b4a1365a2cd1ad84a1bac10c4da", - "revCount": 108, + "rev": "23f6ddcf4248390fc7af9424efcef9fc6dc4257d", + "revCount": 118, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -368,11 +367,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1724333785, - "narHash": "sha256-17pWZPRa4UcVOEnaawyshGWnFzoRXBuZNM3t24SV15w=", + "lastModified": 1730395408, + "narHash": "sha256-CbydVAtg1b98Rgv4B+HaLBxExETqX8Zd5HCJjYsN/5A=", "owner": "silicon-heaven", "repo": "pyshv", - "rev": "afe9817a30656a9750e9868aa1eccbf8d3c77562", + "rev": "2c02d6d632407b25a4d61ca4f324626948615a6b", "type": "gitlab" }, "original": { @@ -402,11 +401,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1721899791, - "narHash": "sha256-dT+kwR2nuymeq3qqzc5//g4nQJRG1pVWUeZztCXgYCM=", + "lastModified": 1730815332, + "narHash": "sha256-xcCeGs/HSWRhUUy6Z73zDhq+antK2ADh62QMNIX2kLo=", "ref": "refs/heads/master", - "rev": "0adc7c32594913d0f4ec774a85cb03554cd719d4", - "revCount": 112, + "rev": "b2f1bd289e9bae405f95ba0aa2478da45c07e713", + "revCount": 114, "type": "git", "url": "https://git.cynerd.cz/shellrc" }, @@ -422,11 +421,11 @@ "pyshv": "pyshv" }, "locked": { - "lastModified": 1724334728, - "narHash": "sha256-AXMBOOED8GTdJvpzwZtSkq1GBBzV3/pcWk3mpgQryzo=", + "lastModified": 1730402268, + "narHash": "sha256-Um50rlwhiq6qg734r4idVCQ0rFqos0mbEr3qimQOS4A=", "owner": "silicon-heaven", "repo": "shvcli", - "rev": "77bec05261b5f077ad2790ba4d592acdad3815b1", + "rev": "67868104311ea379e6e2d4cc0a132c18a6fabb38", "type": "github" }, "original": { @@ -561,11 +560,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1725810385, - "narHash": "sha256-+6UULi05KMHmLfhlrNGhMdLZUoQeC5Dc1nLFdINyeyI=", + "lastModified": 1730480204, + "narHash": "sha256-0ruV4QT2IlxCFQylmBvBui44cg6jTxF/qJvbR8xSn6w=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "37c5eb47ca3f11deac83e4ada20a6c21d5487f29", + "rev": "b750c250dac3796014c98a473730b3f432ce9f6b", "type": "github" }, "original": { @@ -2,7 +2,6 @@ description = "Cynerd's personal flake"; inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable-small"; nixos-hardware.url = "nixos-hardware"; nixdeploy.url = "gitlab:cynerd/nixosdeploy"; personal-secret.url = "git+ssh://git@cynerd.cz/nixos-personal-secret"; @@ -35,7 +34,7 @@ in { overlays = { - lib = _: prev: import ./lib prev; + lib = final: prev: import ./lib final prev; pkgs = final: prev: import ./pkgs final prev; default = nixpkgs.lib.composeManyExtensions [ agenix.overlays.default diff --git a/lib/default.nix b/lib/default.nix index 3f14de0..76eb693 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,30 +1,25 @@ -nixpkgslib: let - lib = nixpkgslib // nlib; +final: _: +with final; { + # Generic power of number + pow = base: e: + if e == 0 + then 1 + else foldl (x: _: x * base) 1 (genList id (e - 1)); + # Power of 2 + pow2 = pow 2; - nlib = with builtins; - with lib; { - # Generic power of number - pow = base: e: - if e == 0 - then 1 - else foldl (x: _: x * base) 1 (genList id (e - 1)); - # Power of 2 - pow2 = pow 2; + # Convert integer to list of bits + int2bits = len: e: reverseList (genList (x: bitAnd e (pow2 (x + 1)) > 0) len); + # Reverse operation for int2bits + bits2int = l: let + len = length l; + zf = a: b: + if a + then pow2 b + else 0; + in + foldl add 0 (zipListsWith zf l (genList (i: len - i) len)); - # Convert integer to list of bits - int2bits = len: e: reverseList (genList (x: bitAnd e (pow2 (x + 1)) > 0) len); - # Reverse operation for int2bits - bits2int = l: let - len = length l; - zf = a: b: - if a - then pow2 b - else 0; - in - foldl add 0 (zipListsWith zf l (genList (i: len - i) len)); - - # IPv4 utilities - ipv4 = import ./ipv4.nix lib; - }; -in - nlib + # IPv4 utilities + ipv4 = import ./ipv4.nix final; +} diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 069dfb0..056a68e 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -26,12 +26,12 @@ in { enable = false; ar9287 = { interface = "wlp1s0"; - bssids = ["04:f0:21:23:3d:ce" "08:f0:21:23:3d:ce" "0c:f0:21:23:3d:ce"]; + bssids = config.secrets.wifiMacs.adm-omnia.ar9287; channel = 11; }; qca988x = { interface = "wlp3s0"; - bssids = ["04:f0:21:24:0b:4e" "08:f0:21:24:0b:4e" "0c:f0:21:24:0b:4e"]; + bssids = config.secrets.wifiMacs.adm-omnia.qca988x; channel = 36; }; }; diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 45b8dc4..8b47e63 100644 --- a/nixos/configurations/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -15,12 +15,12 @@ enable = true; ar9287 = { interface = "wlp2s0"; - bssids = ["12:f0:21:23:2b:00" "12:f0:21:23:2b:01" "12:f0:21:23:2b:02"]; + bssids = config.secrets.wifiMacs.adm-omnia2.ar9287; channel = 11; }; qca988x = { interface = "wlp1s0"; - bssids = ["12:f0:21:23:2b:03" "12:f0:21:23:2b:04" "12:f0:21:23:2b:05"]; + bssids = config.secrets.wifiMacs.adm-omnia2.qca988x; channel = 36; }; }; diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix index fd348e8..407cf82 100644 --- a/nixos/configurations/errol.nix +++ b/nixos/configurations/errol.nix @@ -26,6 +26,7 @@ in { "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf"; }; fileSystems = { "/" = { @@ -53,6 +54,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + #"/back" = { + # device = "/dev/mapper/encback"; + # fsType = "btrfs"; + # options = ["compress=lzo"]; + #}; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 1a137db..7476ab6 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -25,6 +25,13 @@ }; wireguard = true; openvpn.oldpersonal = true; + borgjobs = { + postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' + /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall + ''; + nextcloud_data.paths = "/nas/nextcloud/data"; + sync_data.paths = "/nas/sync"; + }; }; boot.loader.systemd-boot.enable = false; @@ -43,20 +50,6 @@ fsType = "fuse.bindfs"; options = ["map=syncthing/nextcloud:@syncthing/@nextcloud"]; }; - "/nas/spt" = { - device = "nas@omnia.spt:/data/nas"; - fsType = "fuse.sshfs"; - options = [ - "allow_other" - "_netdev" - "x-systemd.automount" - "reconnect" - "identityfile=/run/secrets/nas.ssh.priv" - "idmap=user" - "uid=nextcloud" - "gid=nextcloud" - ]; - }; }; networking = { @@ -205,7 +198,7 @@ # Nextcloud ################################################################ services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; https = true; hostName = "cloud.cynerd.cz"; datadir = "/nas/nextcloud"; @@ -214,7 +207,6 @@ adminpassFile = "/run/secrets/nextcloud.admin.pass"; dbtype = "pgsql"; dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; }; settings = { #log_type = "systemd"; @@ -248,20 +240,25 @@ twofactor_webauthn ; # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" + # NEXTCLOUD_VERSIONS=29 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab" passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.7.0/passwords.tar.gz"; - sha256 = "1RwLOE2aUwISMF/WcYmL8sKs+KXBlYv0OHw8PizrGCY="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.9.0/passwords.tar.gz"; + sha256 = "L+jumcussL0c9xNMg/GMs1GSd1IY9wUvC8ZEg+3U+sc="; license = "agpl3Plus"; }; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz"; - sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg="; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.0.0/integration_github-v3.0.0.tar.gz"; + sha256 = "ruLN4lw3Vy8OavTYm1g2L9q1wusRP0a+BpvfXkrZI3A="; license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.0.1/integration_gitlab-v3.0.1.tar.gz"; - sha256 = "FAF5CHwAVm55QS9NO8B5zsvJ0BWa7Mwfw6kYr2js0Es="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.1.2/integration_gitlab-v3.1.2.tar.gz"; + sha256 = "nCH0DqYmr4T856sOU5PhSK6WAHIF9mnYThgytxEbkNA="; + license = "agpl3Plus"; + }; + money = pkgs.fetchNextcloudApp { + url = "https://github.com/powerpaul17/nc_money/releases/download/v0.29.0/money.tar.gz"; + sha256 = "EXcY69z5h6rT0RdkmOhQYKSWmVBr2zaWuSRj/m5dMkI="; license = "agpl3Plus"; }; }; @@ -278,7 +275,7 @@ } ]; ensureDatabases = ["nextcloud"]; - extraPlugins = ps: with ps; [timescaledb]; + #extraPlugins = ps: with ps; [timescaledb]; }; # SearX #################################################################### diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 2be1a7a..ff3b5a0 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -26,6 +26,7 @@ in { cynerd.autounlock = { "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e"; }; fileSystems = { "/" = { @@ -48,6 +49,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + "/back" = { + device = "/dev/mapper/encback"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 0bc7627..989df29 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -17,7 +17,7 @@ enable = true; qca988x = { interface = "wlp1s0"; - bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"]; + bssids = config.secrets.wifiMacs.spt-mox.qca988x; channel = 7; }; }; diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index af0796c..b416671 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -20,7 +20,7 @@ enable = true; qca988x = { interface = "wlp1s0"; - bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"]; + bssids = config.secrets.wifiMacs.spt-mox2.qca988x; channel = 1; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index 29fe8c4..e55e34f 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -1,14 +1,10 @@ -{ - config, - pkgs, - ... -}: let +{config, ...}: let hosts = config.cynerd.hosts.spt; in { turris.board = "omnia"; deploy = { enable = true; - ssh.host = "omnia.spt"; + ssh.host = "spt.cynerd.cz"; }; cynerd = { @@ -28,12 +24,12 @@ in { enable = true; ar9287 = { interface = "wlp1s0"; - bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"]; + bssids = config.secrets.wifiMacs.spt-omnia.ar9287; channel = 11; }; qca988x = { interface = "wlp3s0"; - bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"]; + bssids = config.secrets.wifiMacs.spt-omnia.qca988x; channel = 36; }; }; @@ -45,71 +41,15 @@ in { SystemMaxUse=8G ''; - environment = { - etc.crypttab.text = '' - nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks - nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks - ''; - systemPackages = with pkgs; [ - cryptsetup - ]; - }; - fileSystems = { - "/data" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@data" "nofail"]; - }; - "/srv" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@srv" "nofail"]; - depends = ["/data"]; - }; - }; services.btrfs.autoScrub = { enable = true; - fileSystems = ["/" "/data"]; + fileSystems = ["/"]; }; - services.udev.packages = [ - (pkgs.writeTextFile rec { - name = "queue_depth_sata.rules"; - destination = "/etc/udev/rules.d/50-${name}"; - text = '' - SUBSYSTEMS=="pci", DRIVER=="ahci", ATTR{device}!="0x0612", GOTO="turris_pci_end" - ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{vendor}=="ATA", ATTR{queue_depth}="1" - LABEL="turris_pci_end" - ''; - }) - ]; - users = { - groups.nas = {}; - users = { - nas = { - group = "nas"; - openssh.authorizedKeys.keyFiles = [ - (config.personal-secrets + "/unencrypted/nas.pub") - (config.personal-secrets + "/unencrypted/nas-spt.pub") - ]; - isNormalUser = true; - home = "/data/nas"; - homeMode = "770"; - }; - cynerd.extraGroups = ["nas"]; - }; - }; - services.openssh = { - settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access - extraConfig = '' - Match User nas - X11Forwarding no - AllowTcpForwarding no - AllowAgentForwarding no - ForceCommand internal-sftp -d /data/nas - ''; + services.fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; }; - services.fail2ban.enable = true; networking.useDHCP = false; systemd.network = { @@ -187,14 +127,4 @@ in { tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept ''; - - services.syncthing = { - enable = false; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/data"; # TODO this can't be the location - }; } diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix new file mode 100644 index 0000000..3f5042b --- /dev/null +++ b/nixos/modules/backup.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + ... +}: let + inherit (builtins) elem readFile readDir; + inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate; + + servers = ["ridcully"]; # TODO "errol" + clients = + mapAttrs' (fname: _: + nameValuePair (removeSuffix ".pub" fname) + (readFile (config.personal-secrets + "/unencrypted/backup/${fname}"))) + (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n) + (readDir (config.personal-secrets + "/unencrypted/backup"))); + edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub"); +in { + options.cynerd = { + borgjobs = mkOption { + type = with types; attrsOf anything; + description = "Job to be backed up for this "; + }; + }; + + config = { + services.borgbackup = { + repos = mkIf (elem config.networking.hostName servers) ( + mapAttrs (name: key: { + path = "/back/${name}"; + authorizedKeys = [key edpersonal]; + allowSubRepos = true; + }) + clients + ); + + jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList + (map (server: (mapAttrs' (n: v: + nameValuePair "${server}-${n}" + (recursiveUpdate + (recursiveUpdate { + encryption.mode = "none"; + prune = { + keep = { + daily = 7; + weekly = 4; + monthly = -1; + }; + prefix = n; + }; + } + v) + { + repo = "borg@${server}:./${n}"; + environment = { + BORG_RSH = "ssh -i /run/secrets/borgbackup.key"; + }; + archiveBaseName = null; + })) + config.cynerd.borgjobs)) + servers)); + }; + }; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 4a8c7dd..b3746d0 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -70,6 +70,7 @@ in { msmtp notmuch astroid + dodo taskwarrior3 vdirsyncer khal @@ -146,12 +147,15 @@ in { kdenlive # GStreamer - gst_all_1.gst-libav - gst_all_1.gst-plugins-bad + gst_all_1.gstreamer gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-bad gst_all_1.gst-plugins-ugly + gst_all_1.gst-plugins-rs gst_all_1.gst-plugins-viperfx + gst_all_1.gst-libav + gst_all_1.gst-vaapi # Writing typst @@ -244,9 +248,15 @@ in { alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - extraConfig.pipewire."10-zeroconf" = { - "context.modules" = [{name = "libpipewire-module-zeroconf-discover";}]; - }; + configPackages = [ + (pkgs.writeTextDir "share/pipewire/pipewire.conf.d/10-zeroconf-discover.conf" '' + context.modules = [ + { name = libpipewire-module-zeroconf-discover + args = { } + } + ] + '') + ]; }; upower.enable = true; diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index 64af068..0f944bd 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -35,6 +35,26 @@ in { libopus ]; }; + heroic = pkgs.heroic.override { + extraPkgs = pkgs: + with pkgs; [ + ncurses + xorg.libXpm + flac1_3 + libopus + SDL + SDL2_image + SDL2_mixer + SDL2_ttf + SDL_image + SDL_mixer + SDL_ttf + glew110 + libdrm + libidn + tbb + ]; + }; }; }; } diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index 02afd17..502d0c3 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -9,7 +9,7 @@ in { system.stateVersion = "24.05"; nix = { - extraOptions = "experimental-features = nix-command flakes repl-flake"; + extraOptions = "experimental-features = nix-command flakes"; settings = { auto-optimise-store = true; substituters = [ diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index d321901..1052f56 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -66,6 +66,7 @@ in { speedtest-cli librespeed-cli termshark + w3m lm_sensors ] diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix index 8fc803d..b82633d 100644 --- a/nixos/modules/wifi-client.nix +++ b/nixos/modules/wifi-client.nix @@ -21,7 +21,7 @@ in { networking.wireless = { enable = true; networks = config.secrets.wifiNetworks; - environmentFile = "/run/secrets/wifi.env"; + secretsFile = "/run/secrets/wifi.secrets"; userControlled.enable = true; }; }; diff --git a/pkgs/default.nix b/pkgs/default.nix index eca6db6..083e325 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,13 +1,4 @@ -final: prev: let - # The NodeJS packages has to be build in 32bit environment if host platform is - # also 32bit because it uses 32bit stubs and links against 32bit OpenSSL. The - # only architecture that generally supports execution of 32bit is x86_64 and - # thus that is the only one handled here. - callPackageNodejs = - if prev.stdenv.buildPlatform.isx86_64 && prev.stdenv.is32bit - then prev.buildPackages.pkgsi686Linux.callPackage - else prev.callPackage; -in { +final: prev: { luks-hw-password = final.callPackage ./luks-hw-password {}; dev = final.callPackage ./dev { devShells = import ../devShells final; @@ -22,23 +13,30 @@ in { stardict-en-cz = final.callPackage ./stardict/en-cz.nix {}; stardict-de-cz = final.callPackage ./stardict/de-cz.nix {}; stardict-cz = final.callPackage ./stardict/cz.nix {}; - sdcv-unwrapped = final.callPackage ./sdcv {}; + sdcv-unwrapped = prev.sdcv; sdcv = final.callPackage ./stardict/wrapper.nix {stardict = final.sdcv-unwrapped;}; lorem-text = final.callPackage ./lorem-text {}; bigclown-leds = final.callPackage ./bigclown-leds {}; + dodo = final.callPackage ./dodo {}; + astroid = prev.astroid.overrideAttrs (oldAttrs: { + version = "240629"; + src = final.fetchFromGitHub { + owner = "astroidmail"; + repo = "astroid"; + rev = "bd0cd0c0a0f1793ced1b3f4e41654cb8cfb32d42"; + hash = "sha256-cQCHWP9kLU6D4op6WMz36ZpzoDKgd+FGbUDuOXoboEQ="; + }; + patches = []; + buildInputs = oldAttrs.buildInputs ++ [final.webkitgtk_4_1]; + }); + # nixpkgs patches zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs { npmInstallFlags = ["--no-optional"]; # Fix cross build }; - nodejs_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {}; - nodejs-slim_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {enableNpm = false;}; - nodejs_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {}; - nodejs-slim_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {enableNpm = false;}; - nodejs_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {}; - nodejs-slim_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {enableNpm = false;}; # Older version of packages flac1_3 = prev.flac.overrideAttrs { diff --git a/pkgs/dodo/default.nix b/pkgs/dodo/default.nix new file mode 100644 index 0000000..3491377 --- /dev/null +++ b/pkgs/dodo/default.nix @@ -0,0 +1,37 @@ +{ + python3Packages, + fetchFromGitHub, + qt6, + copyDesktopItems, +}: +python3Packages.buildPythonApplication { + pname = "dodo"; + version = "240917"; + pyproject = true; + + src = fetchFromGitHub { + owner = "akissinger"; + repo = "dodo"; + rev = "194fb49523c7851bedc3ca8c11adea04830fb28d"; + hash = "sha256-iGMIeGGqJnp0xi4q1Dpev4dkSp0tdFGu0U/MGeHrtcY="; + }; + + build-system = with python3Packages; [ + setuptools + ]; + + dependencies = with python3Packages; [ + qt6.qtwayland + bleach + pyqt6 + pyqt6-webengine + python-gnupg + copyDesktopItems + ]; + + nativeBuildInputs = [qt6.wrapQtAppsHook]; + dontWrapQtApps = true; + preFixup = '' + wrapQtApp "$out/bin/dodo" --prefix PATH : $out/bin/dodo + ''; +} diff --git a/pkgs/sdcv/default.nix b/pkgs/sdcv/default.nix deleted file mode 100644 index 8817270..0000000 --- a/pkgs/sdcv/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, - cmake, - pkg-config, - gettext, - zlib, - glib, - pcre, - readline, -}: -stdenv.mkDerivation (attrs: { - pname = "sdcv"; - version = "0.5.5"; - - src = fetchFromGitHub { - owner = "Dushistov"; - repo = attrs.pname; - rev = "v${attrs.version}"; - hash = "sha256-EyvljVXhOsdxIYOGTzD+T16nvW7/RNx3DuQ2OdhjXJ4="; - }; - - nativeBuildInputs = [cmake pkg-config gettext]; - buildInputs = [zlib glib pcre readline]; - makeFlags = "sdcv lang"; - - meta = with lib; { - description = "Console version of Stardict program"; - homepage = "https://dushistov.github.io/sdcv/"; - license = licenses.gpl2; - }; -}) |