diff --git a/flake.lock b/flake.lock index e875559..558ebd3 100644 --- a/flake.lock +++ b/flake.lock @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1772008782, - "narHash": "sha256-cjfHydg0gwFatbISETt2HbCsBBQ7FmRFxlmEH+V/NGE=", + "lastModified": 1772605780, + "narHash": "sha256-p7IzkFmB1kCtl16+bvLKP1hdP61EFQxj+VSKX2lOWgE=", "owner": "9001", "repo": "copyparty", - "rev": "00ab7888d765e124ccd7c61792d264d598077d20", + "rev": "00e821db231d143169236971b50b85b9c9edd298", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1771881364, - "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", + "lastModified": 1772699110, + "narHash": "sha256-jkyo/9fZVB3F/PHk3fVK1ImxJBZ71DCOYZvAz4R4v4E=", "owner": "nix-community", "repo": "disko", - "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", + "rev": "42affa9d33750ac0a0a89761644af20d8d03e6ee", "type": "github" }, "original": { @@ -182,11 +182,11 @@ ] }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1772665116, + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", "type": "github" }, "original": { @@ -245,11 +245,11 @@ ] }, "locked": { - "lastModified": 1771851181, - "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", + "lastModified": 1772807318, + "narHash": "sha256-Qjw6ILt8cb2HQQpCmWNLMZZ63wEo1KjTQt+1BcQBr7k=", "owner": "nix-community", "repo": "home-manager", - "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", + "rev": "daa2c221320809f5514edde74d0ad0193ad54ed8", "type": "github" }, "original": { @@ -267,11 +267,11 @@ ] }, "locked": { - "lastModified": 1771756436, - "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=", + "lastModified": 1772330611, + "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb", + "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400", "type": "github" }, "original": { @@ -288,11 +288,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1770659507, - "narHash": "sha256-RVZno9CypFN3eHxfULKN1K7mb/Cq0HkznnWqnshxpWY=", + "lastModified": 1772763116, + "narHash": "sha256-5NUtdVWnEflm829QI0BIj2rDhI+pfagt+cxIARJEhi8=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "781e833633ebc0873d251772a74e4400a73f5d78", + "rev": "c04152fa90ba5079f4517aa24383245937e43ab8", "type": "gitlab" }, "original": { @@ -383,11 +383,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770650459, - "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=", + "lastModified": 1772732342, + "narHash": "sha256-GcO/uW4b6lb0X8eIluact8YLA4uOgEjNh8pYsu7ozCk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378", + "rev": "d2acf504d602c98f5ec2518dacea4f35e5a4e50f", "type": "github" }, "original": { @@ -415,11 +415,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "type": "github" }, "original": { @@ -431,11 +431,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "type": "github" }, "original": { @@ -577,11 +577,11 @@ "vicinae": "vicinae" }, "locked": { - "lastModified": 1771358594, - "narHash": "sha256-KwNv+THKbNUey10q26NZPDMSzYTObRHaSDr81QP9CPY=", + "lastModified": 1772621016, + "narHash": "sha256-XwYTdsSBv3/ipe8Nsn/JwdQ+3P52vDXz4/bkHdLWyZw=", "owner": "vicinaehq", "repo": "extensions", - "rev": "cf30b80f619282d45b1748eb76e784a4f875bb01", + "rev": "09eb29ed953c3ae0fe7f782d56819f75b588e358", "type": "github" }, "original": { @@ -596,11 +596,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1772005916, - "narHash": "sha256-aFYnT0gStcu1PVTh2Xzd0n8PIEKmqvTgrVkpv49qc6M=", + "lastModified": 1772772172, + "narHash": "sha256-OCEb6jXTvhnMTMqMLleYChekDO/zh+VtunBAS0WevPM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "044299e83752f78f9fc5d6a648f7f3dd84bb3b18", + "rev": "5f8f34c0dd56808ecbfa35697353c455e4a416b3", "type": "github" }, "original": { diff --git a/hosts/piaf/hardware.nix b/hosts/piaf/hardware.nix index f5c507d..867e209 100644 --- a/hosts/piaf/hardware.nix +++ b/hosts/piaf/hardware.nix @@ -2,7 +2,7 @@ { # Kernel - boot.kernelPackages = pkgs.linuxPackages_6_18; + boot.kernelPackages = pkgs.linuxPackages_6_19; # Boot boot.loader.systemd-boot.enable = true; @@ -74,12 +74,12 @@ # Tweaking failing packages nixpkgs.overlays = [ (final: prev: { - dfu-programmer = prev.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; }); - # upower = prev.upower.overrideAttrs (_: { doCheck = false; }); - # gxml = prev.gxml.overrideAttrs (_: { doCheck = false; }); - # # orc = prev.orc.overrideAttrs (_: { doCheck = false; }); - # # gsl = prev.gsl.overrideAttrs (_: { doCheck = false; }); - # fprintd = prev.fprintd.overrideAttrs (super: { + # dfu-programmer = final.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; }); + # upower = final.upower.overrideAttrs (_: { doCheck = false; }); + # gxml = final.gxml.overrideAttrs (_: { doCheck = false; }); + # # orc = final.orc.overrideAttrs (_: { doCheck = false; }); + # # gsl = final.gsl.overrideAttrs (_: { doCheck = false; }); + # fprintd = final.fprintd.overrideAttrs (super: { # # doCheck = false; # # buildInputs = super.buildInputs or [ ] ++ (with pkgs; [ libpam-wrapper (pkgs.python3.withPackages (python-pkgs: [ python-pkgs.pycairo python-pkgs.dbus-python python-pkgs.python-dbusmock ])) ]); # mesonCheckFlags = [ @@ -87,7 +87,7 @@ # "--no-suite" "fprintd" # ]; # }); - # libsrtp = prev.libsrtp.overrideAttrs (_: { + # libsrtp = final.libsrtp.overrideAttrs (_: { # mesonFlags = [ # "-Dcrypto-library=openssl" # "-Dcrypto-library-kdf=disabled" @@ -95,8 +95,8 @@ # "-Dtests=disabled" # ]; # }); - # # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal prev.crypton (_: { doCheck = false; }); - # # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal prev.cryptonite (_: { doCheck = false; }); + # # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal final.crypton (_: { doCheck = false; }); + # # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal final.cryptonite (_: { doCheck = false; }); }) ]; # nixpkgs.config.packageOverrides = pkgs: { diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index 5c597fd..24ab15f 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -29,7 +29,7 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}"; + proxyPass = "https://${config.services.kanidm.server.settings.bindaddress}"; }; }; # 44301 diff --git a/modules/common/default.nix b/modules/common/default.nix index 8b1b197..099db7b 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -16,21 +16,21 @@ # Unstable (final: prev: { unstable = import nixpkgs-unstable { - system = prev.system; + system = final.stdenv.hostPlatform.system; }; }) # Stable (final: prev: { stable = import nixpkgs-stable { - system = prev.system; + system = final.stdenv.hostPlatform.system; }; }) # Pins (final: prev: { pin = { - factorio = import pin-factorio { system = prev.system; config.allowUnfree = true; }; + factorio = import pin-factorio { system = final.stdenv.hostPlatform.system; config.allowUnfree = true; }; }; }) ]; diff --git a/modules/desktop/gaming/default.nix b/modules/desktop/gaming/default.nix index 325989f..099677c 100644 --- a/modules/desktop/gaming/default.nix +++ b/modules/desktop/gaming/default.nix @@ -23,7 +23,7 @@ programs.gamemode.enable = true; environment.systemPackages = with pkgs; [ - wineWowPackages.waylandFull + wineWow64Packages.waylandFull mangohud protonup-ng ]; diff --git a/modules/desktop/networking.nix b/modules/desktop/networking.nix index 17479e8..c8c16b2 100644 --- a/modules/desktop/networking.nix +++ b/modules/desktop/networking.nix @@ -20,18 +20,20 @@ services.resolved = { enable = false; - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ - "9.9.9.9" - "149.112.112.112" - "1.1.1.1" - "1.0.0.1" - "2620:fe::fe" - "2620:fe::9" - ]; - settings.Resolve = { - DNSOverTLS = true; + settings = { + Resolve = { + DNSOverTLS = true; + DNSSEC = true; + Domains = [ "~." ]; + FallbackDns = [ + "9.9.9.9" + "149.112.112.112" + "1.1.1.1" + "1.0.0.1" + "2620:fe::fe" + "2620:fe::9" + ]; + }; }; }; diff --git a/modules/server/baba/default.nix b/modules/server/baba/default.nix index 34a0220..eec8624 100644 --- a/modules/server/baba/default.nix +++ b/modules/server/baba/default.nix @@ -7,7 +7,7 @@ services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; hostName = "cloud.lyes.eu"; https = true; configureRedis = true; @@ -15,7 +15,8 @@ extraAppsEnable = true; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks news dav_push repod gpoddersync phonetrack music; + inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks dav_push repod gpoddersync phonetrack music; + # inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks news dav_push repod gpoddersync phonetrack music; # gpoddersync = pkgs.fetchNextcloudApp { # hash = "sha256-EQVs1fe0ierjqFZ5+KVc1Yj67zrwjLBAzY5A+QsC7AU="; # url = "https://github.com/thrillfall/nextcloud-gpodder/releases/download/3.13.2r/gpoddersync.tar.gz"; diff --git a/modules/server/lanayru/default.nix b/modules/server/lanayru/default.nix index d12ce73..4195ee1 100644 --- a/modules/server/lanayru/default.nix +++ b/modules/server/lanayru/default.nix @@ -42,6 +42,8 @@ }; }; + networking.vpn-netns.encapsulatedServices.suwayomi-server.enable = true; + age.secrets = { suwayomi-pass = { file = ../../../secrets/zora/services/lanayru-pass.age; diff --git a/modules/server/link/client.nix b/modules/server/link/client.nix index 1b8ae2c..cdb6e32 100644 --- a/modules/server/link/client.nix +++ b/modules/server/link/client.nix @@ -2,12 +2,13 @@ { services.kanidm = { - package = pkgs.kanidmWithSecretProvisioning_1_8; + package = pkgs.kanidmWithSecretProvisioning_1_9; - enableClient = true; - - clientSettings = { - uri = "https://auth.lyes.eu"; + client = { + enable = true; + settings = { + uri = "https://auth.lyes.eu"; + }; }; }; } diff --git a/modules/server/link/default.nix b/modules/server/link/default.nix index a76f5e3..34844db 100644 --- a/modules/server/link/default.nix +++ b/modules/server/link/default.nix @@ -13,19 +13,21 @@ in services.kanidm = { # package = pkgs.kanidmWithSecretProvisioning_1_7; - enableServer = true; - serverSettings = { - bindaddress = "127.0.0.1:${port}"; - ldapbindaddress = "0.0.0.0:636"; - domain = hostname; - origin = "https://${hostname}"; - tls_chain = "/var/lib/acme/${hostname}/cert.pem"; - tls_key = "/var/lib/acme/${hostname}/key.pem"; + server = { + enable = true; + settings = { + bindaddress = "127.0.0.1:${port}"; + ldapbindaddress = "0.0.0.0:636"; + domain = hostname; + origin = "https://${hostname}"; + tls_chain = "/var/lib/acme/${hostname}/cert.pem"; + tls_key = "/var/lib/acme/${hostname}/key.pem"; - online_backup = { - path = "/var/data/backups/kanidm"; - schedule = "00 06 * * *"; - versions = 5; + online_backup = { + path = "/var/data/backups/kanidm"; + schedule = "00 06 * * *"; + versions = 5; + }; }; }; diff --git a/modules/server/mogma/forwarding.nix b/modules/server/mogma/forwarding.nix index 72431e4..c11ed32 100644 --- a/modules/server/mogma/forwarding.nix +++ b/modules/server/mogma/forwarding.nix @@ -32,6 +32,8 @@ let } forwardedServices; serviceList = lib.mapAttrsToList (name: _: name + ".service") forwardedServices; + encServicesList = lib.mapAttrsToList (name: _: name + ".service") cfg.encapsulatedServices; + in lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) { assertions = [ @@ -49,8 +51,8 @@ lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) { services.natpmpc-lease = { description = "Request VPN port forwarding leases."; - wantedBy = serviceList; - after = [ "wireguard.target" ]; + # wantedBy = serviceList; + after = [ "wireguard.target" ] ++ encServicesList; wants = [ "wireguard.target" ]; # preStart = "sleep 3"; diff --git a/pkgs/KhinsiderDownloader/default.nix b/pkgs/KhinsiderDownloader/default.nix index 85a011e..bcff559 100644 --- a/pkgs/KhinsiderDownloader/default.nix +++ b/pkgs/KhinsiderDownloader/default.nix @@ -3,8 +3,14 @@ fetchFromGitHub, cmake, curl, - qt6, - libxml2 + libxml2, + qtbase, + wrapQtAppsHook, + qtscxml, + qtquicktimeline, + qtquickeffectmaker, + qtnetworkauth, + qttools, }: stdenv.mkDerivation (final: { @@ -18,10 +24,20 @@ stdenv.mkDerivation (final: { hash = "sha256-hqoUkzPNxAIvC/7DL9YIMPmUZqAreqCbG8NKidVtSDM="; }; + buildInputs = [ qtbase ]; + nativeBuildInputs = [ cmake curl - qt6.full + # qt6.env + qtscxml + # qtquick3d + # qtquick3dphysics + qtquicktimeline + qtquickeffectmaker + qtnetworkauth + qttools libxml2 + wrapQtAppsHook ]; }) diff --git a/pkgs/default.nix b/pkgs/default.nix index dc7caa9..27ffdef 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,6 +3,6 @@ { quadcastrgb = pkgs.callPackage ./quadcastrgb { }; ens-intel-unite = pkgs.callPackage ./ens-intel-unite { }; - KhinsiderDownloader = pkgs.callPackage ./KhinsiderDownloader { }; + KhinsiderDownloader = pkgs.qt6Packages.callPackage ./KhinsiderDownloader { }; amy-mono = pkgs.callPackage ./amy-mono { }; } diff --git a/users/lyes/desktop/default.nix b/users/lyes/desktop/default.nix index debffc7..516c93e 100644 --- a/users/lyes/desktop/default.nix +++ b/users/lyes/desktop/default.nix @@ -24,4 +24,9 @@ via ]; }; + + # Fixing launch issues with some desktops (sway...) + # systemd.user.extraConfig = '' + # DefaultEnvironment="PATH=/run/current-system/sw/bin" + # ''; } diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix index 437f6b0..e5a20b6 100644 --- a/users/lyes/desktop/packages.nix +++ b/users/lyes/desktop/packages.nix @@ -61,7 +61,7 @@ in { helvum local.quadcastrgb euphonica - #local.KhinsiderDownloader + local.KhinsiderDownloader # Games heroic @@ -99,6 +99,7 @@ in { vscodium # zed-editor gcc + gnumake rustup python3 zola @@ -112,7 +113,7 @@ in { nodejs nil nixd - nixfmt-rfc-style + nixfmt protege # LogIA Course haskellPackages.Agda agdaPackages.standard-library @@ -197,13 +198,13 @@ in { nixpkgs.overlays = [ # Version pins (final: prev: { - # factorio = prev.factorio.overrideAttrs (super: { + # factorio = final.factorio.overrideAttrs (super: { # version = "2.0.42"; # # src.name = "factorio_alpha_x64-2.0.42.tar.xz"; # # src.sha256 = "1zq6wcqkmn9bzys27v0jlk9m9m1jhaai1mybdv8hz7p2si4l76n9"; # src = "/nix/store/b9y0dwgxa6hpddrd8nn0g2fizxl3xss7-factorio_alpha_x64-2.0.42.tar.xz"; # }); - # factorio = prev.factorio.overrideAttrs (super: { + # factorio = final.factorio.overrideAttrs (super: { # username = "ntlyes"; # token = ""; # src =