diff --git a/flake.lock b/flake.lock index 558ebd3..e0ab42d 100644 --- a/flake.lock +++ b/flake.lock @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1772605780, - "narHash": "sha256-p7IzkFmB1kCtl16+bvLKP1hdP61EFQxj+VSKX2lOWgE=", + "lastModified": 1773005383, + "narHash": "sha256-Nlln9sKJa1q5lYX4xXS34Lt1oREwgQbT59Aa37nBGkU=", "owner": "9001", "repo": "copyparty", - "rev": "00e821db231d143169236971b50b85b9c9edd298", + "rev": "266d6e0ae6a6eecac7bc863bd8f746d16686e61a", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1772699110, - "narHash": "sha256-jkyo/9fZVB3F/PHk3fVK1ImxJBZ71DCOYZvAz4R4v4E=", + "lastModified": 1773025010, + "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "owner": "nix-community", "repo": "disko", - "rev": "42affa9d33750ac0a0a89761644af20d8d03e6ee", + "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "type": "github" }, "original": { @@ -182,11 +182,11 @@ ] }, "locked": { - "lastModified": 1772665116, - "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -245,11 +245,11 @@ ] }, "locked": { - "lastModified": 1772807318, - "narHash": "sha256-Qjw6ILt8cb2HQQpCmWNLMZZ63wEo1KjTQt+1BcQBr7k=", + "lastModified": 1773093840, + "narHash": "sha256-u/96NoAyN8BSRuM3ZimGf7vyYgXa3pLx4MYWjokuoH4=", "owner": "nix-community", "repo": "home-manager", - "rev": "daa2c221320809f5514edde74d0ad0193ad54ed8", + "rev": "bb014746edb2a98d975abde4dd40fa240de4cf86", "type": "github" }, "original": { @@ -288,11 +288,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1772763116, - "narHash": "sha256-5NUtdVWnEflm829QI0BIj2rDhI+pfagt+cxIARJEhi8=", + "lastModified": 1773090017, + "narHash": "sha256-IEmBgsV6VGv1XI/h7QlQ2PvE4iWsixKB14mOidZqNxQ=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "c04152fa90ba5079f4517aa24383245937e43ab8", + "rev": "12401730341ef15fb4fb532553308ea9ebf60fd4", "type": "gitlab" }, "original": { @@ -335,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1772972630, + "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72", "type": "github" }, "original": { @@ -383,11 +383,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772624091, - "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "type": "github" }, "original": { @@ -399,11 +399,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1772732342, - "narHash": "sha256-GcO/uW4b6lb0X8eIluact8YLA4uOgEjNh8pYsu7ozCk=", + "lastModified": 1773046814, + "narHash": "sha256-3CEw64UyzEk5QjfbcXNIl4TfmIpa2oY+duuo6aiawcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d2acf504d602c98f5ec2518dacea4f35e5a4e50f", + "rev": "0c6c0dd2469abaa216599bb19bbf77a328af6564", "type": "github" }, "original": { @@ -415,11 +415,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772624091, - "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "type": "github" }, "original": { @@ -596,11 +596,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1772772172, - "narHash": "sha256-OCEb6jXTvhnMTMqMLleYChekDO/zh+VtunBAS0WevPM=", + "lastModified": 1772945022, + "narHash": "sha256-Fv14NttjL/7xfi6eVwrSEBAyBvDjI00RLiRNqA5apcw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5f8f34c0dd56808ecbfa35697353c455e4a416b3", + "rev": "3a6a5ca7fb48cc8fd8183386506a06579d1d79dc", "type": "github" }, "original": { diff --git a/hosts/zora/networking.nix b/hosts/zora/networking.nix index d787241..4c2815a 100644 --- a/hosts/zora/networking.nix +++ b/hosts/zora/networking.nix @@ -113,6 +113,8 @@ type filter hook input priority 0; policy drop; iifname lo accept + iifname incusbr0 accept + iifname podman* accept tcp dport 22 accept diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index 24ab15f..172bc9d 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -19,10 +19,9 @@ locations."/" = { root = "/var/data/www/lyes.eu/"; }; - # extraConfig = '' - # allow 82.67.15.247; - # deny all; - # ''; + extraConfig = '' + error_page 404 /404.html; + ''; }; # 44300 "auth.lyes.eu" = { diff --git a/modules/server/biggoron/runner.nix b/modules/server/biggoron/runner.nix index 4c8a5a8..c8d4d14 100644 --- a/modules/server/biggoron/runner.nix +++ b/modules/server/biggoron/runner.nix @@ -4,13 +4,16 @@ podman = { enable = true; dockerCompat = true; + dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; + autoPrune.enable = true; }; }; networking.firewall.trustedInterfaces = [ "podman*" ]; + networking.firewall.interfaces."podman*".allowedUDPPorts = [ 53 ]; users.users.gitea-runner.isSystemUser = true; users.users.gitea-runner.group = "gitea-runner"; diff --git a/pkgs/cinny/cinny-desktop.nix b/pkgs/cinny/cinny-desktop.nix new file mode 100644 index 0000000..8434e97 --- /dev/null +++ b/pkgs/cinny/cinny-desktop.nix @@ -0,0 +1,102 @@ +{ + lib, + stdenv, + fetchFromGitHub, + rustPlatform, + cargo-tauri, + cinny, + desktop-file-utils, + wrapGAppsHook4, + makeBinaryWrapper, + pkg-config, + openssl, + glib-networking, + webkitgtk_4_1, + jq, + moreutils, +}: + +rustPlatform.buildRustPackage (finalAttrs: { + pname = "cinny-desktop"; + version = "4.10.6a"; + + # nixpkgs-update: no auto update + src = fetchFromGitHub { + owner = "cinnyapp"; + repo = "cinny-desktop"; + rev = "1e8d28faee9acef767a71ba7fe31243eb703a351"; + hash = "sha256-rPLz9kfm2cp1zKk7sKrybN8ooCduoM3w+xmn0pdXM8w="; + }; + + sourceRoot = "${finalAttrs.src.name}/src-tauri"; + + cargoHash = "sha256-28kaU/vChINQgrzplIF25s6MQ+S3LcrfqSQMziSAFJk="; + + postPatch = + let + cinny' = + assert lib.assertMsg ( + cinny.version == finalAttrs.version + ) "cinny.version (${cinny.version}) != cinny-desktop.version (${finalAttrs.version})"; + cinny.override { + conf = { + hashRouter.enabled = true; + }; + }; + in + '' + ${lib.getExe jq} \ + 'del(.app.windows) | del(.plugins.updater) | del(.bundle.createUpdaterArtifacts) | .build.frontendDist = "${cinny'}" | del(.build.beforeBuildCommand)' tauri.conf.json \ + | ${lib.getExe' moreutils "sponge"} tauri.conf.json + cat tauri.conf.json + ''; + + postInstall = + lib.optionalString stdenv.hostPlatform.isDarwin '' + mkdir -p "$out/bin" + makeWrapper "$out/Applications/Cinny.app/Contents/MacOS/Cinny" "$out/bin/cinny" + '' + + lib.optionalString stdenv.hostPlatform.isLinux '' + desktop-file-edit \ + --set-comment "Yet another matrix client for desktop" \ + --set-key="Categories" --set-value="Network;InstantMessaging;" \ + $out/share/applications/Cinny.desktop + ''; + + preFixup = '' + gappsWrapperArgs+=( + --set-default WEBKIT_DISABLE_DMABUF_RENDERER "1" + ) + ''; + + nativeBuildInputs = [ + cargo-tauri.hook + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + desktop-file-utils + pkg-config + wrapGAppsHook4 + ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + makeBinaryWrapper + ]; + + buildInputs = lib.optionals stdenv.hostPlatform.isLinux [ + glib-networking + openssl + webkitgtk_4_1 + ]; + + meta = { + description = "Yet another matrix client for desktop"; + homepage = "https://github.com/cinnyapp/cinny-desktop"; + maintainers = with lib.maintainers; [ + qyriad + rebmit + ryand56 + ]; + license = lib.licenses.agpl3Only; + platforms = lib.platforms.linux ++ lib.platforms.darwin; + mainProgram = "cinny"; + }; +}) diff --git a/pkgs/cinny/cinny-unwrapped.nix b/pkgs/cinny/cinny-unwrapped.nix new file mode 100644 index 0000000..1fa11b5 --- /dev/null +++ b/pkgs/cinny/cinny-unwrapped.nix @@ -0,0 +1,51 @@ +{ + lib, + buildNpmPackage, + fetchFromGitHub, + nodejs_22, +}: + +buildNpmPackage { + pname = "cinny-unwrapped"; + # Remember to update cinny-desktop when bumping this version. + version = "4.10.6a"; + + # nixpkgs-update: no auto update + src = fetchFromGitHub { + owner = "cinnyapp"; + repo = "cinny"; + # rev = "55e83065767645ed7cd510a6f4b5cf4733b000b4"; + tag = "v4.10.5"; + # hash = "sha256-2qxmlj4IK6twDh27R6qMJDmYSfsWoofVGuRHxSP72f0="; + hash = "sha256-Napy3AcsLRDZPcBh3oq1U30FNtvoNtob0+AZtZSvcbM="; + }; + + nodejs = nodejs_22; + + # npmDepsHash = "sha256-qyQ0SXkPSUES/tavKzPra0Q+ZnU9qHvkTC1JgAjL0o8="; + npmDepsHash = "sha256-2Lrd0jAwAH6HkwLHyivqwaEhcpFAIALuno+MchSIfxo="; + + # Skip rebuilding native modules since they're not needed for the web app + npmRebuildFlags = [ + "--ignore-scripts" + ]; + + installPhase = '' + runHook preInstall + + cp -r dist $out + + runHook postInstall + ''; + + meta = { + description = "Yet another Matrix client for the web"; + homepage = "https://cinny.in/"; + maintainers = with lib.maintainers; [ + abbe + rebmit + ]; + license = lib.licenses.agpl3Only; + platforms = lib.platforms.all; + }; +} diff --git a/pkgs/cinny/cinny.nix b/pkgs/cinny/cinny.nix new file mode 100644 index 0000000..df49478 --- /dev/null +++ b/pkgs/cinny/cinny.nix @@ -0,0 +1,32 @@ +{ + cinny-unwrapped, + jq, + stdenvNoCC, + writeText, + conf ? { }, +}: +let + configOverrides = writeText "cinny-config-overrides.json" (builtins.toJSON conf); +in +if (conf == { }) then + cinny-unwrapped +else + stdenvNoCC.mkDerivation { + pname = "cinny"; + inherit (cinny-unwrapped) version meta; + + dontUnpack = true; + + nativeBuildInputs = [ jq ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out + ln -s ${cinny-unwrapped}/* $out + rm $out/config.json + jq -s '.[0] * .[1]' "${cinny-unwrapped}/config.json" "${configOverrides}" > "$out/config.json" + + runHook postInstall + ''; + } diff --git a/pkgs/default.nix b/pkgs/default.nix index 27ffdef..4b260fc 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,8 +1,11 @@ { pkgs ? import { } }: -{ +rec { quadcastrgb = pkgs.callPackage ./quadcastrgb { }; ens-intel-unite = pkgs.callPackage ./ens-intel-unite { }; KhinsiderDownloader = pkgs.qt6Packages.callPackage ./KhinsiderDownloader { }; amy-mono = pkgs.callPackage ./amy-mono { }; + cinny = pkgs.callPackage ./cinny/cinny.nix { inherit cinny-unwrapped; }; + cinny-unwrapped = pkgs.callPackage ./cinny/cinny-unwrapped.nix { }; + cinny-desktop = pkgs.callPackage ./cinny/cinny-desktop.nix { inherit cinny; }; } diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix index e5a20b6..f0c9f4b 100644 --- a/users/lyes/desktop/packages.nix +++ b/users/lyes/desktop/packages.nix @@ -37,7 +37,7 @@ in { element-desktop fractal zoom-us - # cinny-desktop + local.cinny-desktop # Image gimp @@ -58,7 +58,7 @@ in { # stremio # insecure dependency # Audio - helvum + crosspipe local.quadcastrgb euphonica local.KhinsiderDownloader