diff --git a/flake.lock b/flake.lock index 977b4b3..b22336e 100644 --- a/flake.lock +++ b/flake.lock @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1774983731, - "narHash": "sha256-ZJGManY8rA/7+AZIxiW0CEMW9x8megcoh1xZ/oXq/aY=", + "lastModified": 1770681688, + "narHash": "sha256-bGVEgZMxmw9N+IKp5nG+2nyKFezdPWYDxyxXkYW+d2M=", "owner": "9001", "repo": "copyparty", - "rev": "198f631ac80adc33a8f072d598ff0cd1aa2b5abd", + "rev": "e5d0a0572da507acfe774e0f86ad541f5daab97f", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -182,11 +182,11 @@ ] }, "locked": { - "lastModified": 1774959120, - "narHash": "sha256-Pzk6UbueeWy9WFiDY6iA1aHid+2AMzkS6gg2x2cSkz4=", + "lastModified": 1769939035, + "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a", + "rev": "a8ca480175326551d6c4121498316261cbb5b260", "type": "github" }, "original": { @@ -217,26 +217,6 @@ "type": "github" } }, - "helix-ext": { - "inputs": { - "nixpkgs": "nixpkgs_2", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1774804218, - "narHash": "sha256-5h6eicp0+qzgiDrWc0mlTiX+jvcx8d54Fp922uQ2p0k=", - "owner": "mattwparas", - "repo": "helix", - "rev": "912d8d8b97da21de9b44b4e24a476e193e7cc44d", - "type": "github" - }, - "original": { - "owner": "mattwparas", - "ref": "steel-event-system", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -265,11 +245,11 @@ ] }, "locked": { - "lastModified": 1775047159, - "narHash": "sha256-UWM4VZvfKaPwA9FMu7iZha5YAE8vsEtUazk+rFxmbTY=", + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", "owner": "nix-community", "repo": "home-manager", - "rev": "1ce9e62690dfdd7e76bd266ccb9a887778410eb2", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", "type": "github" }, "original": { @@ -287,11 +267,11 @@ ] }, "locked": { - "lastModified": 1774991950, - "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=", + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", "owner": "nix-community", "repo": "home-manager", - "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", "type": "github" }, "original": { @@ -305,14 +285,14 @@ "blobs": "blobs", "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1774999302, - "narHash": "sha256-KJfDmGLMVO8Hr4TrTwOAQpOykLLOSgk9dxkaf2dHzFU=", + "lastModified": 1770659507, + "narHash": "sha256-RVZno9CypFN3eHxfULKN1K7mb/Cq0HkznnWqnshxpWY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "493f0ff8a7571cc4ddd190babfa447489f41c752", + "rev": "781e833633ebc0873d251772a74e4400a73f5d78", "type": "gitlab" }, "original": { @@ -321,6 +301,22 @@ "type": "gitlab" } }, + "mozilla": { + "locked": { + "lastModified": 1750265908, + "narHash": "sha256-ZGo9BPm0L6kkuke6Bp5rb1XwF5Qv3/+a3mowsr0fcU4=", + "owner": "andersk", + "repo": "nixpkgs-mozilla", + "rev": "174a36cd95c9bed0dcbcc8a51f16d0cc8be490f3", + "type": "github" + }, + "original": { + "owner": "andersk", + "ref": "channel", + "repo": "nixpkgs-mozilla", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1767983141, @@ -339,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774933469, - "narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=", + "lastModified": 1770631810, + "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337", + "rev": "2889685785848de940375bf7fea5e7c5a3c8d502", "type": "github" }, "original": { @@ -387,11 +383,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -403,27 +399,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1774935083, - "narHash": "sha256-Mh6bLcYAcENBAZk3RoMPMFCGGMZmfaGMERE4siZOgP4=", + "lastModified": 1770650459, + "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6", + "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378", "type": "github" }, "original": { @@ -433,13 +413,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -449,13 +429,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -487,39 +467,18 @@ "copyparty": "copyparty", "deploy-rs": "deploy-rs", "disko": "disko", - "helix-ext": "helix-ext", "home-manager": "home-manager_2", "mailserver": "mailserver", + "mozilla": "mozilla", "nix-flatpak": "nix-flatpak", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "pin-factorio": "pin-factorio", "zen-browser": "zen-browser" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "helix-ext", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770952264, - "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -571,14 +530,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1775021133, - "narHash": "sha256-JB0u0evfSlmNg9HdGDxtXjaCcdKUpFPdSAMGxvJo5Pw=", + "lastModified": 1770707140, + "narHash": "sha256-3ZRA2+o5p1+FKWx988WbwB1SQ2Mz5aL95zxhL5iD+O0=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "4bf1a6837064486c4f573a9d500c4cf3c1c075c0", + "rev": "db14437f8667f7f09784e2a4e73c105bdc1c7023", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b7ee3af..ab9195c 100644 --- a/flake.nix +++ b/flake.nix @@ -14,8 +14,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; zen-browser.url = "github:0xc000022070/zen-browser-flake"; - # mozilla.url = "github:andersk/nixpkgs-mozilla/channel"; - helix-ext.url = "github:mattwparas/helix/steel-event-system"; + mozilla.url = "github:andersk/nixpkgs-mozilla/channel"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; @@ -41,7 +40,7 @@ pin-factorio.url = "github:NixOS/nixpkgs?rev=c5ae371f1a6a7fd27823bc500d9390b38c05fa55"; }; - outputs = { self, nixpkgs, deploy-rs, ... }@inputs: { + outputs = { self, nixpkgs, mailserver, copyparty, deploy-rs, ... }@inputs: { nixosConfigurations = { # Framework Computer piaf = nixpkgs.lib.nixosSystem { @@ -54,7 +53,11 @@ zora = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = inputs; - modules = [ ./hosts/zora ]; + modules = [ + ./hosts/zora + mailserver.nixosModules.default + copyparty.nixosModules.default + ]; }; # Desktop ISO diff --git a/hosts/piaf/hardware.nix b/hosts/piaf/hardware.nix index 867e209..f5c507d 100644 --- a/hosts/piaf/hardware.nix +++ b/hosts/piaf/hardware.nix @@ -2,7 +2,7 @@ { # Kernel - boot.kernelPackages = pkgs.linuxPackages_6_19; + boot.kernelPackages = pkgs.linuxPackages_6_18; # Boot boot.loader.systemd-boot.enable = true; @@ -74,12 +74,12 @@ # Tweaking failing packages nixpkgs.overlays = [ (final: prev: { - # dfu-programmer = final.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; }); - # upower = final.upower.overrideAttrs (_: { doCheck = false; }); - # gxml = final.gxml.overrideAttrs (_: { doCheck = false; }); - # # orc = final.orc.overrideAttrs (_: { doCheck = false; }); - # # gsl = final.gsl.overrideAttrs (_: { doCheck = false; }); - # fprintd = final.fprintd.overrideAttrs (super: { + dfu-programmer = prev.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; }); + # upower = prev.upower.overrideAttrs (_: { doCheck = false; }); + # gxml = prev.gxml.overrideAttrs (_: { doCheck = false; }); + # # orc = prev.orc.overrideAttrs (_: { doCheck = false; }); + # # gsl = prev.gsl.overrideAttrs (_: { doCheck = false; }); + # fprintd = prev.fprintd.overrideAttrs (super: { # # doCheck = false; # # buildInputs = super.buildInputs or [ ] ++ (with pkgs; [ libpam-wrapper (pkgs.python3.withPackages (python-pkgs: [ python-pkgs.pycairo python-pkgs.dbus-python python-pkgs.python-dbusmock ])) ]); # mesonCheckFlags = [ @@ -87,7 +87,7 @@ # "--no-suite" "fprintd" # ]; # }); - # libsrtp = final.libsrtp.overrideAttrs (_: { + # libsrtp = prev.libsrtp.overrideAttrs (_: { # mesonFlags = [ # "-Dcrypto-library=openssl" # "-Dcrypto-library-kdf=disabled" @@ -95,8 +95,8 @@ # "-Dtests=disabled" # ]; # }); - # # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal final.crypton (_: { doCheck = false; }); - # # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal final.cryptonite (_: { doCheck = false; }); + # # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal prev.crypton (_: { doCheck = false; }); + # # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal prev.cryptonite (_: { doCheck = false; }); }) ]; # nixpkgs.config.packageOverrides = pkgs: { diff --git a/hosts/zora/default.nix b/hosts/zora/default.nix index 26cb0ce..a9352bc 100644 --- a/hosts/zora/default.nix +++ b/hosts/zora/default.nix @@ -13,6 +13,7 @@ ./users.nix ../../users/lyes + ../../users/lyes/server ../../modules ../../modules/server @@ -20,14 +21,12 @@ ../../modules/server/baba ../../modules/server/biggoron ../../modules/server/biggoron/runner.nix - ../../modules/server/facteur ../../modules/server/giovanni ../../modules/server/kalif ../../modules/server/lanayru ../../modules/server/link ../../modules/server/maistro ../../modules/server/mikau - ../../modules/server/midona ../../modules/server/nayru ../../modules/server/taf ../../modules/server/tetra diff --git a/hosts/zora/networking.nix b/hosts/zora/networking.nix index 4c2815a..d787241 100644 --- a/hosts/zora/networking.nix +++ b/hosts/zora/networking.nix @@ -113,8 +113,6 @@ type filter hook input priority 0; policy drop; iifname lo accept - iifname incusbr0 accept - iifname podman* accept tcp dport 22 accept diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index 87a960f..f4e6501 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -3,7 +3,7 @@ { security.acme = { acceptTerms = true; - defaults.email = "security@lyes.eu"; + defaults.email = "root.security@lyes.eu"; }; services.nginx = { @@ -12,44 +12,28 @@ recommendedTlsSettings = true; virtualHosts = { - "minish.link" = { - serverAliases = [ - "www.minish.link" - "minish.fr" - "www.minish.fr" - ]; - default = true; - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/data/www/minish.link/"; - }; - extraConfig = '' - error_page 404 /404.html; - ''; - }; "lyes.eu" = { - serverAliases = [ "www.lyes.eu" ]; + default = true; forceSSL = true; enableACME = true; locations."/" = { root = "/var/data/www/lyes.eu/"; }; - extraConfig = '' - error_page 404 /404.html; - ''; + # extraConfig = '' + # allow 82.67.15.247; + # deny all; + # ''; }; # 44300 - "auth.minish.link" = { - serverAliases = [ "auth.lyes.eu" ]; + "auth.lyes.eu" = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "https://${config.services.kanidm.server.settings.bindaddress}"; + proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}"; }; }; # 44301 - "vault.minish.link" = { + "vault.lyes.eu" = { forceSSL = true; enableACME = true; locations."/" = { @@ -58,7 +42,7 @@ }; }; # 44302 - "manga.minish.link" = { + "manga.lyes.eu" = { forceSSL = true; enableACME = true; locations."/" = { @@ -67,13 +51,13 @@ }; }; # 44312 - "dl.manga.minish.link" = { + "dl.manga.lyes.eu" = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://${config.networking.vpn-netns.vethIP}:${toString config.services.suwayomi-server.settings.server.port}"; }; # 44303 - "git.minish.link" = { + "git.lyes.eu" = { forceSSL = true; enableACME = true; extraConfig = '' @@ -82,7 +66,7 @@ locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; # 8096 - "media.minish.link" = { + "media.lyes.eu" = { forceSSL = true; enableACME = true; locations = { @@ -102,7 +86,7 @@ }; }; # 44304 - "torrent.minish.link" = { + "torrent.lyes.eu" = { forceSSL = true; enableACME = true; locations."/" = { @@ -110,7 +94,7 @@ }; }; # 44305 - "files.minish.link" = { + "files.lyes.eu" = { forceSSL = true; enableACME = true; locations."/" = { diff --git a/modules/common/default.nix b/modules/common/default.nix index 60ab484..8b1b197 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1,4 +1,4 @@ -{ nixpkgs-unstable, nixpkgs-stable, pin-factorio, helix-ext, ... }: +{ nixpkgs-unstable, nixpkgs-stable, pin-factorio, ... }: { imports = @@ -7,8 +7,8 @@ ./system.nix ]; + # Import local packages nixpkgs.overlays = [ - # Import local packages (final: prev: { local = import ../../pkgs { pkgs = final; }; }) @@ -16,28 +16,23 @@ # Unstable (final: prev: { unstable = import nixpkgs-unstable { - system = final.stdenv.hostPlatform.system; + system = prev.system; }; }) # Stable (final: prev: { stable = import nixpkgs-stable { - system = final.stdenv.hostPlatform.system; + system = prev.system; }; }) # Pins (final: prev: { pin = { - factorio = import pin-factorio { system = final.stdenv.hostPlatform.system; config.allowUnfree = true; }; + factorio = import pin-factorio { system = prev.system; config.allowUnfree = true; }; }; }) - - # Helix - (final: prev: { - helix-with-extensions = helix-ext.packages."x86_64-linux".helix; - }) ]; nixpkgs.config = { diff --git a/modules/desktop/gaming/default.nix b/modules/desktop/gaming/default.nix index 099677c..325989f 100644 --- a/modules/desktop/gaming/default.nix +++ b/modules/desktop/gaming/default.nix @@ -23,7 +23,7 @@ programs.gamemode.enable = true; environment.systemPackages = with pkgs; [ - wineWow64Packages.waylandFull + wineWowPackages.waylandFull mangohud protonup-ng ]; diff --git a/modules/desktop/networking.nix b/modules/desktop/networking.nix index 17eeed3..17479e8 100644 --- a/modules/desktop/networking.nix +++ b/modules/desktop/networking.nix @@ -20,20 +20,18 @@ services.resolved = { enable = false; - settings = { - Resolve = { - DNSOverTLS = true; - DNSSEC = true; - Domains = [ "~." ]; - FallbackDns = [ - "9.9.9.9" - "149.112.112.112" - "1.1.1.1" - "1.0.0.1" - "2620:fe::fe" - "2620:fe::9" - ]; - }; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ + "9.9.9.9" + "149.112.112.112" + "1.1.1.1" + "1.0.0.1" + "2620:fe::fe" + "2620:fe::9" + ]; + settings.Resolve = { + DNSOverTLS = true; }; }; @@ -53,6 +51,12 @@ # Network services #services.openssh.enable = true; + #services.syncplay = { + # enable = true; + # port = 8998; + # extraArgs = [ "--password pouicbarilstepson123cassoulet" ]; + #}; + # Bluetooth hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; diff --git a/modules/desktop/sway/default.nix b/modules/desktop/sway/default.nix index fd54555..da15575 100644 --- a/modules/desktop/sway/default.nix +++ b/modules/desktop/sway/default.nix @@ -39,7 +39,6 @@ in wofi wlogout slurp - vicinae ]; }; diff --git a/modules/desktop/system.nix b/modules/desktop/system.nix index 508d75b..58b04be 100644 --- a/modules/desktop/system.nix +++ b/modules/desktop/system.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, mozilla, ... }: { # Boot @@ -58,9 +58,8 @@ # package = pkgs.firefox-beta; # Doesn't work ? # languagePacks = [ "fr" "en-US" ]; - # package = pkgs.latest.firefox-nightly-bin; }; - # nixpkgs.overlays = [ mozilla.overlays.firefox ]; + nixpkgs.overlays = [ mozilla.overlays.firefox ]; # let # # Change this to a rev sha to pin # moz-rev = "master"; @@ -73,6 +72,8 @@ # nightlyOverlay # ]; + programs.firefox.package = pkgs.latest.firefox-nightly-bin; + xdg.portal.enable = true; # Virtualisation @@ -80,8 +81,7 @@ # virtualisation.virtualbox.host.enable = true; # virtualisation.virtualbox.host.enableExtensionPack = true; # users.extraGroups.vboxusers.members = [ "lyes" ]; - virtualisation.waydroid.enable = true; - virtualisation.waydroid.package = pkgs.waydroid-nftables; + # virtualisation.waydroid.enable = true; # Containers virtualisation.containers.enable = true; diff --git a/modules/server/README.md b/modules/server/README.md index 87e7bbc..f9df551 100644 --- a/modules/server/README.md +++ b/modules/server/README.md @@ -1,15 +1,13 @@ - `agraf` : Copyparty (`files.lyes.eu`) - `baba` : Nextcloud (`cloud.lyes.eu`) - `biggoron` : Forgejo (`git.lyes.eu`) -- `facteur` : Syncplay - `giovanni` : Vaultwarden (`vault.lyes.eu`) - `kaepora` : PostgreSQL - `kalif` : Factorio (`factorio.lyes.eu`) - `lanayru` : Suwayomi (`dl.manga.lyes.eu`) -- `link` : Kanidm (`auth.minish.link`) +- `link` : Kanidm (`auth.lyes.eu`) - `maistro` : Incus -- `mikau` : Jellyfin (`media.minish.link`) -- `midona` : Gate Minecraft Server Proxy +- `mikau` : Jellyfin (`media.lyes.eu`) - `mogma` : VPN NetNS Configuration - `nayru` : Komga/Manga (`manga.lyes.eu`) - `taf` : Mail (`taf.lyes.eu`/`mail.lyes.eu`) diff --git a/modules/server/agraf/default.nix b/modules/server/agraf/default.nix index f98e966..5772227 100644 --- a/modules/server/agraf/default.nix +++ b/modules/server/agraf/default.nix @@ -1,10 +1,6 @@ { config, copyparty, ... }: { - imports = [ - copyparty.nixosModules.default - ]; - services.copyparty = { enable = true; @@ -24,7 +20,7 @@ # General options ed = true; # See hidden files (starting with a dot) name = "zora"; # Server name - name-url = "https://files.minish.link"; # Server URL + name-url = "https://files.lyes.eu"; # Server URL j = 4; # Max jobs (CPU usage) # Network options diff --git a/modules/server/baba/default.nix b/modules/server/baba/default.nix index 01f7c34..34a0220 100644 --- a/modules/server/baba/default.nix +++ b/modules/server/baba/default.nix @@ -7,7 +7,7 @@ services.nextcloud = { enable = true; - package = pkgs.nextcloud33; + package = pkgs.nextcloud32; hostName = "cloud.lyes.eu"; https = true; configureRedis = true; @@ -15,7 +15,6 @@ extraAppsEnable = true; extraApps = { - # inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks dav_push repod gpoddersync phonetrack music; inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks news dav_push repod gpoddersync phonetrack music; # gpoddersync = pkgs.fetchNextcloudApp { # hash = "sha256-EQVs1fe0ierjqFZ5+KVc1Yj67zrwjLBAzY5A+QsC7AU="; diff --git a/modules/server/biggoron/default.nix b/modules/server/biggoron/default.nix index 88ad6d3..905bb47 100644 --- a/modules/server/biggoron/default.nix +++ b/modules/server/biggoron/default.nix @@ -37,7 +37,7 @@ in settings = { server = { - DOMAIN = "git.minish.link"; + DOMAIN = "git.lyes.eu"; # You need to specify this to remove the port from URLs in the web UI. ROOT_URL = "https://${srv.DOMAIN}/"; HTTP_PORT = 44303; diff --git a/modules/server/biggoron/runner.nix b/modules/server/biggoron/runner.nix index 72a8282..4c8a5a8 100644 --- a/modules/server/biggoron/runner.nix +++ b/modules/server/biggoron/runner.nix @@ -4,16 +4,13 @@ podman = { enable = true; dockerCompat = true; - dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; - autoPrune.enable = true; }; }; networking.firewall.trustedInterfaces = [ "podman*" ]; - networking.firewall.interfaces."podman*".allowedUDPPorts = [ 53 ]; users.users.gitea-runner.isSystemUser = true; users.users.gitea-runner.group = "gitea-runner"; @@ -21,29 +18,25 @@ services.gitea-actions-runner = { package = pkgs.forgejo-runner; - instances = { - ptigoron = { - enable = true; - name = "ptigoron"; - url = "https://git.minish.link"; - # Obtaining the path to the runner token file may differ - # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd - tokenFile = config.age.secrets.ptigoron-token.path; - labels = [ - "fedora-rawhide:docker://quay.io/fedora/fedora:rawhide" - "fedora-latest:docker://quay.io/fedora/fedora:latest" - "ubuntu-rolling:docker://ubuntu:rolling" - "ubuntu-latest:docker://ubuntu:latest" - "nixos-latest:docker://nixos/nix" - ## optionally provide native execution on the host: - # "native:host" - ]; - }; + instances.default = { + enable = true; + name = "ptigoron"; + url = "https://git.lyes.eu"; + # Obtaining the path to the runner token file may differ + # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + tokenFile = config.age.secrets.ptigoron-token.path; + labels = [ + "fedora-rawhide:docker://quay.io/fedora/fedora:rawhide" + "fedora-latest:docker://quay.io/fedora/fedora:latest" + "ubuntu-rolling:docker://ubuntu:rolling" + "ubuntu-latest:docker://ubuntu:latest" + "nixos-latest:docker://nixos/nix" + ## optionally provide native execution on the host: + # "native:host" + ]; }; }; - systemd.services.gitea-runner-ptigoron.after = [ "forgejo.service" ]; - age.secrets.ptigoron-token = { file = ../../../secrets/zora/services/ptigoron-token.age; owner = "gitea-runner"; diff --git a/modules/server/facteur/default.nix b/modules/server/facteur/default.nix deleted file mode 100644 index 322e6fd..0000000 --- a/modules/server/facteur/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.syncplay = { - enable = true; - package = pkgs.syncplay-nogui; - passwordFile = config.age.secrets.facteur-pass.path; - }; - - age.secrets = { - facteur-pass = { - file = ../../../secrets/zora/services/facteur-pass.age; - mode = "444"; - }; - }; -} diff --git a/modules/server/lanayru/default.nix b/modules/server/lanayru/default.nix index 4195ee1..d12ce73 100644 --- a/modules/server/lanayru/default.nix +++ b/modules/server/lanayru/default.nix @@ -42,8 +42,6 @@ }; }; - networking.vpn-netns.encapsulatedServices.suwayomi-server.enable = true; - age.secrets = { suwayomi-pass = { file = ../../../secrets/zora/services/lanayru-pass.age; diff --git a/modules/server/link/client.nix b/modules/server/link/client.nix index 166b992..1b8ae2c 100644 --- a/modules/server/link/client.nix +++ b/modules/server/link/client.nix @@ -2,13 +2,12 @@ { services.kanidm = { - package = pkgs.kanidmWithSecretProvisioning_1_9; + package = pkgs.kanidmWithSecretProvisioning_1_8; - client = { - enable = true; - settings = { - uri = "https://auth.minish.link"; - }; + enableClient = true; + + clientSettings = { + uri = "https://auth.lyes.eu"; }; }; } diff --git a/modules/server/link/default.nix b/modules/server/link/default.nix index a9c3f40..b2627d7 100644 --- a/modules/server/link/default.nix +++ b/modules/server/link/default.nix @@ -1,7 +1,7 @@ { config, ... }: let - hostname = "auth.minish.link"; + hostname = "auth.${config.networking.domain}"; port = "44300"; in { @@ -13,21 +13,19 @@ in services.kanidm = { # package = pkgs.kanidmWithSecretProvisioning_1_7; - server = { - enable = true; - settings = { - bindaddress = "127.0.0.1:${port}"; - ldapbindaddress = "0.0.0.0:636"; - domain = hostname; - origin = "https://${hostname}"; - tls_chain = "/var/lib/acme/${hostname}/cert.pem"; - tls_key = "/var/lib/acme/${hostname}/key.pem"; + enableServer = true; + server.settings = { + bindaddress = "127.0.0.1:${port}"; + ldapbindaddress = "0.0.0.0:636"; + domain = hostname; + origin = "https://${hostname}"; + tls_chain = "/var/lib/acme/${hostname}/cert.pem"; + tls_key = "/var/lib/acme/${hostname}/key.pem"; - online_backup = { - path = "/var/data/backups/kanidm"; - schedule = "00 06 * * *"; - versions = 5; - }; + online_backup = { + path = "/var/data/backups/kanidm"; + schedule = "00 06 * * *"; + versions = 5; }; }; diff --git a/modules/server/midona/default.nix b/modules/server/midona/default.nix deleted file mode 100644 index 5e66478..0000000 --- a/modules/server/midona/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ lib, pkgs, ... }: - -let - config = lib.toFile "config.yml" '' - config: - lite: - enabled: true - routes: - - host: stepson.minecraft.minish.link - backend: 10.0.100.80:25565 - ''; -in -{ - environment.systemPackages = with pkgs; [ gate ]; - - systemd.services.gate = { - description = "Gate Minecraft Proxy"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - ExecStart = "${pkgs.gate}/bin/gate --config ${config}"; - Restart = "always"; - - # StandardInput = "socket"; - # StandardOutput = "journal"; - # StandardError = "journal"; - - # Hardening - CapabilityBoundingSet = [ "" ]; - DeviceAllow = [ "" ]; - LockPersonality = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - UMask = "0077"; - }; - }; - - services.nginx.streamConfig = '' - server { - listen 24454; - proxy_pass 10.0.100.80:24454; - } - server { - listen 24454 udp; - proxy_pass 10.0.100.80:24454; - } - ''; - - networking.firewall = { - allowedTCPPorts = [ - 25565 - 24454 # Simple Voice Chat stepson - ]; - allowedUDPPorts = [ - 25565 - 24454 # Simple Voice Chat stepson - ]; - }; -} diff --git a/modules/server/mogma/forwarding.nix b/modules/server/mogma/forwarding.nix index 55ef3b4..72431e4 100644 --- a/modules/server/mogma/forwarding.nix +++ b/modules/server/mogma/forwarding.nix @@ -32,8 +32,6 @@ let } forwardedServices; serviceList = lib.mapAttrsToList (name: _: name + ".service") forwardedServices; - encServicesList = lib.mapAttrsToList (name: _: name + ".service") cfg.encapsulatedServices; - in lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) { assertions = [ @@ -51,11 +49,11 @@ lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) { services.natpmpc-lease = { description = "Request VPN port forwarding leases."; - # wantedBy = serviceList; - after = [ "wireguard.target" ] ++ encServicesList; - wants = [ "wireguard.target" ] ++ encServicesList; + wantedBy = serviceList; + after = [ "wireguard.target" ]; + wants = [ "wireguard.target" ]; - preStart = "sleep 3"; + # preStart = "sleep 3"; path = with pkgs; [ libnatpmp diff --git a/modules/server/taf/default.nix b/modules/server/taf/default.nix index 9a87808..c4a461d 100644 --- a/modules/server/taf/default.nix +++ b/modules/server/taf/default.nix @@ -1,17 +1,31 @@ -{ config, mailserver, ... }: +{ config, lib, ... }: +let + alias = '' + @lyes.eu lyes + lyes@mail.lyes.eu lyes + abuse@taf.lyes.eu lyes + abuse@mail.lyes.eu lyes + abuse@minish.fr lyes + abuse@minish.link lyes + postmaster@taf.lyes.eu lyes + postmaster@mail.lyes.eu lyes + postmaster@minish.fr lyes + postmaster@minish.link lyes + ''; + aliasFile = lib.toFile "alias" alias; +in { - imports = [ - mailserver.nixosModules.default - ]; - mailserver = { enable = true; stateVersion = 3; fqdn = "taf.lyes.eu"; domains = [ "lyes.eu" + "taf.lyes.eu" "mail.lyes.eu" + "minish.fr" + "minish.link" ]; localDnsResolver = false; @@ -19,175 +33,85 @@ # debug.all = true; - # ldap = { - # enable = true; + ldap = { + enable = true; - # uris = [ "ldaps://auth.lyes.eu:636" ]; - # searchBase = "dc=auth,dc=lyes,dc=eu"; - # searchScope = "sub"; + uris = [ "ldaps://auth.lyes.eu:636" ]; + searchBase = "dc=auth,dc=lyes,dc=eu"; + searchScope = "sub"; - # bind = { - # # dn = "dn=token,dc=auth,dc=lyes,dc=eu"; - # dn = "dn=token"; - # passwordFile = config.age.secrets.taf-token.path; - # }; + bind = { + # dn = "dn=token,dc=auth,dc=lyes,dc=eu"; + dn = "dn=token"; + passwordFile = config.age.secrets.taf-token.path; + }; - # dovecot = { - # userFilter = "(name=%u)"; - # passFilter = "(name=%u)"; - # }; + dovecot = { + userFilter = "(&(memberof=taf_users)(mail=%u))"; + passFilter = "(&(memberof=taf_users)(mail=%u))"; + }; - # postfix = { - # filter = "(name=%s)"; - # mailAttribute = "mail"; - # uidAttribute = "name"; - # }; - # }; - - loginAccounts = { - "lyes@mail.lyes.eu" = { - hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path; - aliases = [ - "@lyes.eu" - ]; - quota = "1T"; - sieveScript = '' - require ["include", "fileinto", "mailbox", "copy", "regex", "variables", "imap4flags"]; - - include :personal "hiddensieve"; - - # lyes.eu filters - if address :is :domain "X-Original-To" "lyes.eu" { - # If the mail comes from my crans mailbox - if address :is :localpart "X-Original-To" "crans" { - # Aurore Support - if header :contains "List-Id" "" { - fileinto :create "Crans.aurore.support"; - } - # Mailman moderation request - elsif address :matches :all "To" "*-owner@lists.crans.org" { - fileinto :create "Crans.moderation"; - } - # Crans Bureau - elsif anyof ( - header :contains "List-Id" "", - header :contains "List-Id" "", - header :contains "List-Id" "" - ) { - fileinto :create "Crans.crans.bureau"; - } - # Crans CA - elsif header :contains "List-Id" "" { - fileinto :create "Crans.crans.ca"; - } - # Crans Root Postmaster - elsif address :is :all "To" "postmaster@crans.org" { - addflag "\\Seen"; - fileinto :create "Crans.crans.root.postmaster"; - } - # Crans Root Mailer - elsif address :is :all "From" "MAILER-DAEMON@crans.org" { - fileinto :create "Crans.crans.root.mailer"; - } - # Crans Nounou - elsif anyof ( - header :contains "List-Id" "", - header :contains "List-Id" "", - address :is :all "To" "contact@crans.org", - address :is :all "From" "contact@crans.org" - ) { - fileinto :create "Crans.crans.nounou"; - } - # Crans Root - elsif anyof ( - address :is :all "To" "root@crans.org", - address :is :all "From" "root@crans.org", - address :is :all "From" "www-data@crans.org" - ) { - fileinto :create "Crans.crans.root"; - } - # Crans Gitlab - elsif address :is :all "From" "gitlab@crans.org" { - fileinto :create "Crans.crans.gitlab"; - } - # Crans Wiki - elsif address :is :all "From" "wiki@crans.org" { - fileinto :create "Crans.crans.wiki"; - } - # Aurore CA - elsif header :contains "List-Id" "" { - fileinto :create "Crans.aurore.ca"; - } - # BDL - elsif anyof ( - header :contains "List-Id" "", - header :contains "List-Id" "" - ) { - fileinto :create "Crans.asso.bdl"; - } - # Med - elsif anyof ( - header :contains "List-Id" "", - header :contains "List-Id" "" - ) { - fileinto :create "Crans.asso.med"; - } - # NL BDE - elsif header :contains "List-Id" "" { - fileinto :create "Crans.asso.nl.bde"; - } - # NL BDA - elsif header :contains "List-Id" "" { - fileinto :create "Crans.asso.nl.bda"; - } - # Any other associative mail - elsif anyof ( - header :contains "List-Id" "", - header :contains "List-Id" "", - header :matches "List-Id" "<*.lists.crans.org>" - ) { - fileinto :create "Crans.asso"; - } - # Otherwise it's for the generic mailbox - else { - fileinto :create "Crans"; - } - } - - # Otherwise it's for my different accounts - # It's automatically sorted using the localpart - elsif address :localpart :regex "X-Original-To" "^(([a-zA-Z]+\\.)*([a-zA-Z]+))(-([a-zA-Z0-9_.\\-]*))?''$" { - set :lower "sub_folder" "''${1}"; - set "mbox_candidate" "INBOX.''${sub_folder}"; - fileinto :create "''${mbox_candidate}"; - } - - # Other unknown origin - else { - fileinto :create "INBOX.other"; - } - } - - # It's destined to my main inbox - elsif address :is "X-Original-To" "lyes@mail.lyes.eu" { - fileinto :create "INBOX"; - } - - # Other unknown origin - else { - fileinto :create "INBOX.other"; - } - ''; + postfix = { + filter = "(&(memberof=taf_users)(mail=%s))"; + mailAttribute = "mail"; + uidAttribute = "name"; }; }; + # fullTextSearch = { + # enable = true; + # autoIndex = true; + # enforced = "body"; + # }; + + # loginAccounts = { + # "lyes@mail.lyes.eu" = { + # # hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path; + # # aliases = [ + # # "@lyes.eu" + # # ]; + # # quota = "1T"; + # }; + # }; + # extraVirtualAliases = { - # "@lyes.eu" = "lyes@mail.lyes.eu"; + # "@lyes.eu" = "lyes"; + # "abuse@mail.lyes.eu" = "lyes"; + # # "abuse@minish.fr" = "lyes"; + # # "abuse@minish.link" = "lyes"; + # "postmaster@mail.lyes.eu" = "lyes"; + # # "postmaster@minish.fr" = "lyes"; + # # "postmaster@minish.link" = "lyes"; # }; x509.useACMEHost = config.mailserver.fqdn; }; + services.postfix = { + mapFiles."valias" = lib.mkForce aliasFile; + mapFiles."vaccounts" = lib.mkForce aliasFile; + virtual = lib.mkForce alias; + + settings = { + main = { + # local_recipient_maps = ""; + # virtual_alias_maps = lib.mkForce "ldap:/run/postfix/ldap-virtual-mailbox-map.cf"; + + maximal_queue_lifetime = "31d"; + + relay_domains = [ + "skaven.org" + "agreg.info" + ]; + + smtpd_recipient_restrictions = [ + "permit_mynetworks" + "permit_sasl_authenticated" + ]; + }; + }; + }; + # services.dovecot2.extraConfig = '' # userdb { # driver = ldap @@ -204,7 +128,10 @@ # } # ''; - services.dovecot2.sieve.extensions = [ "imap4flags" ]; + services.dovecot2 = { + # enableQuota = lib.mkForce false; + sieve.extensions = [ "imap4flags" ]; + }; services.roundcube = { enable = true; @@ -221,21 +148,12 @@ age.secrets = { taf-token = { - owner = "postfix"; file = ../../../secrets/zora/services/taf-token.age; }; - lyes-mail-passwd = { - owner = "postfix"; - file = ../../../secrets/lyes/mail-passwd.age; - }; - - lyes-hidden-sieve = { - file = ../../../secrets/lyes/hidden-sieve.age; - path = "/var/sieve/lyes@mail.lyes.eu/scripts/hiddensieve.sieve"; - owner = "virtualMail"; - group = "virtualMail"; - mode = "660"; - }; + # lyes-mail-passwd = { + # owner = "postfix"; + # file = ../../../secrets/lyes/mail-passwd.age; + # }; }; } diff --git a/pkgs/KhinsiderDownloader/default.nix b/pkgs/KhinsiderDownloader/default.nix index bcff559..85a011e 100644 --- a/pkgs/KhinsiderDownloader/default.nix +++ b/pkgs/KhinsiderDownloader/default.nix @@ -3,14 +3,8 @@ fetchFromGitHub, cmake, curl, - libxml2, - qtbase, - wrapQtAppsHook, - qtscxml, - qtquicktimeline, - qtquickeffectmaker, - qtnetworkauth, - qttools, + qt6, + libxml2 }: stdenv.mkDerivation (final: { @@ -24,20 +18,10 @@ stdenv.mkDerivation (final: { hash = "sha256-hqoUkzPNxAIvC/7DL9YIMPmUZqAreqCbG8NKidVtSDM="; }; - buildInputs = [ qtbase ]; - nativeBuildInputs = [ cmake curl - # qt6.env - qtscxml - # qtquick3d - # qtquick3dphysics - qtquicktimeline - qtquickeffectmaker - qtnetworkauth - qttools + qt6.full libxml2 - wrapQtAppsHook ]; }) diff --git a/pkgs/cinny/cinny-desktop.nix b/pkgs/cinny/cinny-desktop.nix deleted file mode 100644 index 72b4399..0000000 --- a/pkgs/cinny/cinny-desktop.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, - rustPlatform, - cargo-tauri, - cinny, - desktop-file-utils, - wrapGAppsHook4, - makeBinaryWrapper, - pkg-config, - openssl, - glib-networking, - webkitgtk_4_1, - jq, - moreutils, -}: - -rustPlatform.buildRustPackage (finalAttrs: { - pname = "cinny-desktop"; - version = "4.11.1"; - - # nixpkgs-update: no auto update - src = fetchFromGitHub { - owner = "cinnyapp"; - repo = "cinny-desktop"; - tag = "v4.11.2"; - hash = "sha256-iH3OBpLM5JyFo5QLjHSvGMgl0xDP9hpfngW49hvjLMY="; - }; - - sourceRoot = "${finalAttrs.src.name}/src-tauri"; - - cargoHash = "sha256-g1xDdqmouHD+qr5OvO2PVjFKAy2AXiatuTrLfh/QxAE="; - - postPatch = - let - cinny' = - assert lib.assertMsg ( - cinny.version == finalAttrs.version - ) "cinny.version (${cinny.version}) != cinny-desktop.version (${finalAttrs.version})"; - cinny.override { - conf = { - hashRouter.enabled = true; - }; - }; - in - # 'del(.app.windows) | del(.plugins.updater) | .bundle.createUpdaterArtifacts = false | .build.frontendDist = "${cinny'}" | del(.build.beforeBuildCommand)' tauri.conf.json \ - '' - ${lib.getExe jq} \ - 'del(.plugins.tauri.updater) | .bundle.createUpdaterArtifacts = false | .build.frontendDist = "${cinny'}" | del(.build.beforeBuildCommand)' tauri.conf.json \ - | ${lib.getExe' moreutils "sponge"} tauri.conf.json - cat tauri.conf.json - ''; - - postInstall = - lib.optionalString stdenv.hostPlatform.isDarwin '' - mkdir -p "$out/bin" - makeWrapper "$out/Applications/Cinny.app/Contents/MacOS/Cinny" "$out/bin/cinny" - '' - + lib.optionalString stdenv.hostPlatform.isLinux '' - desktop-file-edit \ - --set-comment "Yet another matrix client for desktop" \ - --set-key="Categories" --set-value="Network;InstantMessaging;" \ - $out/share/applications/Cinny.desktop - ''; - - preFixup = '' - gappsWrapperArgs+=( - --set-default WEBKIT_DISABLE_DMABUF_RENDERER "1" - ) - ''; - - nativeBuildInputs = [ - cargo-tauri.hook - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - desktop-file-utils - pkg-config - wrapGAppsHook4 - ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ - makeBinaryWrapper - ]; - - buildInputs = lib.optionals stdenv.hostPlatform.isLinux [ - glib-networking - openssl - webkitgtk_4_1 - ]; - - meta = { - description = "Yet another matrix client for desktop"; - homepage = "https://github.com/cinnyapp/cinny-desktop"; - maintainers = with lib.maintainers; [ - qyriad - rebmit - ryand56 - ]; - license = lib.licenses.agpl3Only; - platforms = lib.platforms.linux ++ lib.platforms.darwin; - mainProgram = "cinny"; - }; -}) diff --git a/pkgs/cinny/cinny-unwrapped.nix b/pkgs/cinny/cinny-unwrapped.nix deleted file mode 100644 index 6d84a23..0000000 --- a/pkgs/cinny/cinny-unwrapped.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - lib, - buildNpmPackage, - fetchFromGitHub, - nodejs_22, -}: - -buildNpmPackage { - pname = "cinny-unwrapped"; - # Remember to update cinny-desktop when bumping this version. - version = "4.11.1"; - - # nixpkgs-update: no auto update - src = fetchFromGitHub { - owner = "cinnyapp"; - repo = "cinny"; - # rev = "55e83065767645ed7cd510a6f4b5cf4733b000b4"; - tag = "v4.11.1"; - # hash = "sha256-2qxmlj4IK6twDh27R6qMJDmYSfsWoofVGuRHxSP72f0="; - hash = "sha256-dwI3zNey/ukF3t2fhH/ePf4o4iBDwZyLWMYebPgXmWU="; - }; - - nodejs = nodejs_22; - - # npmDepsHash = "sha256-qyQ0SXkPSUES/tavKzPra0Q+ZnU9qHvkTC1JgAjL0o8="; - # npmDepsHash = "sha256-2Lrd0jAwAH6HkwLHyivqwaEhcpFAIALuno+MchSIfxo="; - npmDepsHash = "sha256-27WFjb08p09aJRi0S2PvYq3bivEuG5+z2QhFahTSj4Q="; - - # Skip rebuilding native modules since they're not needed for the web app - npmRebuildFlags = [ - "--ignore-scripts" - ]; - - installPhase = '' - runHook preInstall - - cp -r dist $out - - runHook postInstall - ''; - - meta = { - description = "Yet another Matrix client for the web"; - homepage = "https://cinny.in/"; - maintainers = with lib.maintainers; [ - abbe - rebmit - ]; - license = lib.licenses.agpl3Only; - platforms = lib.platforms.all; - }; -} diff --git a/pkgs/cinny/cinny.nix b/pkgs/cinny/cinny.nix deleted file mode 100644 index df49478..0000000 --- a/pkgs/cinny/cinny.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - cinny-unwrapped, - jq, - stdenvNoCC, - writeText, - conf ? { }, -}: -let - configOverrides = writeText "cinny-config-overrides.json" (builtins.toJSON conf); -in -if (conf == { }) then - cinny-unwrapped -else - stdenvNoCC.mkDerivation { - pname = "cinny"; - inherit (cinny-unwrapped) version meta; - - dontUnpack = true; - - nativeBuildInputs = [ jq ]; - - installPhase = '' - runHook preInstall - - mkdir -p $out - ln -s ${cinny-unwrapped}/* $out - rm $out/config.json - jq -s '.[0] * .[1]' "${cinny-unwrapped}/config.json" "${configOverrides}" > "$out/config.json" - - runHook postInstall - ''; - } diff --git a/pkgs/default.nix b/pkgs/default.nix index 4b260fc..dc7caa9 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,11 +1,8 @@ { pkgs ? import { } }: -rec { +{ quadcastrgb = pkgs.callPackage ./quadcastrgb { }; ens-intel-unite = pkgs.callPackage ./ens-intel-unite { }; - KhinsiderDownloader = pkgs.qt6Packages.callPackage ./KhinsiderDownloader { }; + KhinsiderDownloader = pkgs.callPackage ./KhinsiderDownloader { }; amy-mono = pkgs.callPackage ./amy-mono { }; - cinny = pkgs.callPackage ./cinny/cinny.nix { inherit cinny-unwrapped; }; - cinny-unwrapped = pkgs.callPackage ./cinny/cinny-unwrapped.nix { }; - cinny-desktop = pkgs.callPackage ./cinny/cinny-desktop.nix { inherit cinny; }; } diff --git a/secrets.nix b/secrets.nix index eae3319..743eef3 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,7 +8,7 @@ in { # Lyes "secrets/lyes/mail-passwd.age".publicKeys = [ lyes zora ]; - "secrets/lyes/hidden-sieve.age".publicKeys = [ lyes zora ]; + "secrets/lyes/sieve.age".publicKeys = [ lyes zora ]; # Zora "secrets/zora/services/kanidm-admin-password.age".publicKeys = all; @@ -27,5 +27,4 @@ in "secrets/zora/services/lanayru-pass.age".publicKeys = all; "secrets/zora/services/agraf-root-pass.age".publicKeys = all; "secrets/zora/services/agraf-lyes-pass.age".publicKeys = all; - "secrets/zora/services/facteur-pass.age".publicKeys = all; } diff --git a/secrets/lyes/hidden-sieve.age b/secrets/lyes/hidden-sieve.age deleted file mode 100644 index 18607ae..0000000 Binary files a/secrets/lyes/hidden-sieve.age and /dev/null differ diff --git a/secrets/lyes/sieve.age b/secrets/lyes/sieve.age new file mode 100644 index 0000000..6c16f07 Binary files /dev/null and b/secrets/lyes/sieve.age differ diff --git a/secrets/zora/services/facteur-pass.age b/secrets/zora/services/facteur-pass.age deleted file mode 100644 index ae8cb66..0000000 --- a/secrets/zora/services/facteur-pass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 whuRpQ SjgklfrTXj3TptfA1MxYkbjcWkFNTNwvpHoto0YfEnY -/MhJDiLIqHjUKU8jEe9NPTR/29YYij8E6u6t9/Mj1VM --> ssh-ed25519 TFqgIg qXDuQIj9gq/hO07+6KBkCKVTd3L6eomSMetxXfVu1yc -RWpVvmkM5hN9yHO4JlPWsTvl8sDG0DOA1y5DGcTlTa0 ---- UwLsYqcbzfvzL2SoevAhhG2K1JA3XlHTVeF73nEU21c -÷ÑKÒ¶d¯IT«[îöWFäu×f¹Èê:¶Lp‡Äl8Š€6©X© \ No newline at end of file diff --git a/secrets/zora/services/giovanni-env.age b/secrets/zora/services/giovanni-env.age index bec072a..08171f7 100644 Binary files a/secrets/zora/services/giovanni-env.age and b/secrets/zora/services/giovanni-env.age differ diff --git a/secrets/zora/services/nayru-conf.age b/secrets/zora/services/nayru-conf.age index b15eed9..ac1b950 100644 Binary files a/secrets/zora/services/nayru-conf.age and b/secrets/zora/services/nayru-conf.age differ diff --git a/users/lyes/desktop/default.nix b/users/lyes/desktop/default.nix index 516c93e..debffc7 100644 --- a/users/lyes/desktop/default.nix +++ b/users/lyes/desktop/default.nix @@ -24,9 +24,4 @@ via ]; }; - - # Fixing launch issues with some desktops (sway...) - # systemd.user.extraConfig = '' - # DefaultEnvironment="PATH=/run/current-system/sw/bin" - # ''; } diff --git a/users/lyes/desktop/home/apps/ghostty.nix b/users/lyes/desktop/home/apps/ghostty.nix index 6f9233e..a68467d 100644 --- a/users/lyes/desktop/home/apps/ghostty.nix +++ b/users/lyes/desktop/home/apps/ghostty.nix @@ -20,7 +20,7 @@ shell-integration-features = [ "sudo" "ssh-env" - # "ssh-terminfo" + "ssh-terminfo" ]; # keybind = [ diff --git a/users/lyes/desktop/home/desktops/sway.nix b/users/lyes/desktop/home/desktops/sway.nix index bd87fc8..ba7a6cf 100644 --- a/users/lyes/desktop/home/desktops/sway.nix +++ b/users/lyes/desktop/home/desktops/sway.nix @@ -23,8 +23,7 @@ in swaynag.enable = true; config = { startup = [ - { command = "${pkgs.poweralertd}/bin/poweralertd"; } - # { command = "${pkgs.vicinae}/bin/vicinae server"; } + { command = "poweralertd"; } { command = '' swayidle -w \ @@ -36,7 +35,7 @@ in ]; modifier = "Mod4"; - menu = "${pkgs.vicinae}/bin/vicinae toggle"; + menu = "${pkgs.wofi}/bin/wofi --show drun"; # Switch to ghostty ? terminal = "${pkgs.ghostty}/bin/ghostty"; @@ -611,52 +610,6 @@ in }; programs = { - vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - # environment = { - # USE_LAYER_SHELL = 1; - # }; - }; - # useLayerShell = false; - settings = { - close_on_focus_loss = false; - consider_preedit = true; - pop_to_root_on_close = true; - launcher_window.layer_shell.enabled = false; - theme = { - light = { - name = "rose-pine-moon"; - }; - dark = { - name = "rose-pine-moon"; - }; - }; - }; - extensions = - let - extsrc = pkgs.fetchFromGitHub { - owner = "vicinaehq"; - repo = "extensions"; - sha256 = "sha256-KwNv+THKbNUey10q26NZPDMSzYTObRHaSDr81QP9CPY="; - rev = "cf30b80f619282d45b1748eb76e784a4f875bb01"; - }; - in - lib.map - (ext: - config.lib.vicinae.mkExtension { - name = ext; - src = extsrc + "/extensions/" + ext; - } - ) - [ - "bluetooth" - "nix" - "power-profile" - ]; - }; wofi = { enable = true; settings = {}; diff --git a/users/lyes/desktop/home/xdg.nix b/users/lyes/desktop/home/xdg.nix index 8567c3d..735e8d9 100644 --- a/users/lyes/desktop/home/xdg.nix +++ b/users/lyes/desktop/home/xdg.nix @@ -6,7 +6,6 @@ userDirs = { enable = true; createDirectories = true; - setSessionVariables = true; desktop = "${config.home.homeDirectory}/Bureau"; documents = "${config.home.homeDirectory}/Documents"; download = "${config.home.homeDirectory}/Téléchargements"; @@ -36,66 +35,53 @@ "x-scheme-handler/sms" = "org.gnome.Shell.Extensions.GSConnect.desktop;"; "x-scheme-handler/tel" = "org.gnome.Shell.Extensions.GSConnect.desktop;"; }; - - defaultApplications = - let - web = "firefox.desktop"; - mail = "thunderbird.desktop"; - editor = "org.gnome.TextEditor.desktop"; - image = "org.gnome.Loupe.desktop"; - video = "mpv.desktop"; - audio = "mpv.desktop"; - office-writer = "writer.desktop"; - office-document = "impress.desktop"; - office-spreadsheet = "calc.desktop"; - in - { - "text/plain" = editor; - "text/markdown" = editor; - "text/json" = editor; - "text/html" = web; - "text/xml" = editor; - "image/avif" = image; - "image/png" = image; - "image/jpeg" = image; - "image/svg+xml" = image; - "image/gif" = image; - "image/webp" = image; - "audio/mpeg" = audio; - "audio/aac" = audio; - "audio/webm" = audio; - "audio/ogg" = audio; - "video/x-matroska" = video; - "video/mp4" = video; - "video/webm" = video; - "video/ogg" = video; + defaultApplications = { + "text/plain" = "org.gnome.TextEditor.desktop"; + "text/markdown" = "org.gnome.TextEditor.desktop"; + "text/json" = "org.gnome.TextEditor.desktop"; + "text/html" = "firefox.desktop"; + "text/xml" = "org.gnome.TextEditor.desktop"; + "image/avif" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "audio/mpeg" = "mpv.desktop"; + "audio/aac" = "mpv.desktop"; + "audio/webm" = "mpv.desktop"; + "audio/ogg" = "mpv.desktop"; + "video/x-matroska" = "mpv.desktop"; + "video/mp4" = "mpv.desktop"; + "video/webm" = "mpv.desktop"; + "video/ogg" = "mpv.desktop"; "application/pdf" = "org.gnome.Papers.desktop"; - "application/msword" = office-writer; - "application/vnd.ms-powerpoint" = office-document; - "application/vnd.ms-excel" = office-spreadsheet; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = office-writer; - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = office-document; - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = office-spreadsheet; - "application/vnd.oasis.opendocument.text" = office-writer; - "application/vnd.oasis.opendocument.presentation" = office-document; - "application/vnd.oasis.opendocument.spreadsheet" = office-spreadsheet; + "application/msword" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; + "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; "application/epub+zip" = "com.github.johnfactotum.Foliate.desktop"; - "application/ogg" = audio; - "application/xml" = editor; - "application/xhtml+xml" = web; - "application/x-extension-htm" = web; - "application/x-extension-html" = web; - "application/x-extension-shtml" = web; - "application/x-extension-xhtml" = web; - "application/x-extension-xht" = web; + "application/ogg" = "mpv.desktop"; + "application/xml" = "org.gnome.TextEditor.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; "application/x-bittorrent" = "de.haeckerfelix.Fragments.desktop"; - "message/rfc822" = mail; - "x-scheme-handler/mailto" = mail; - "x-scheme-handler/mid" = mail; + "message/rfc822" = "thunderbird.desktop"; + "x-scheme-handler/mailto" = "thunderbird.desktop"; + "x-scheme-handler/mid" = "thunderbird.desktop"; "x-scheme-handler/discord" = "vesktop.desktop"; - "x-scheme-handler/http" = web; - "x-scheme-handler/https" = web; - "x-scheme-handler/chrome" = web; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; }; }; }; diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix index 89f7aba..ebdf31d 100644 --- a/users/lyes/desktop/packages.nix +++ b/users/lyes/desktop/packages.nix @@ -37,8 +37,7 @@ in { element-desktop fractal zoom-us - local.cinny-desktop - mattermost-desktop + # cinny-desktop # Image gimp @@ -59,16 +58,15 @@ in { # stremio # insecure dependency # Audio - crosspipe + helvum local.quadcastrgb euphonica - local.KhinsiderDownloader + #local.KhinsiderDownloader # Games heroic cemu prismlauncher - cubiomes-viewer # vvvvvv ryubing dolphin-emu @@ -77,7 +75,6 @@ in { # suyu pin.factorio.factorio sgt-puzzles - archipelago # Reading # calibre @@ -102,7 +99,6 @@ in { vscodium # zed-editor gcc - gnumake rustup python3 zola @@ -116,7 +112,7 @@ in { nodejs nil nixd - nixfmt + nixfmt-rfc-style protege # LogIA Course haskellPackages.Agda agdaPackages.standard-library @@ -173,7 +169,6 @@ in { packages = [ # Internet "net.waterfox.waterfox" - "io.freetubeapp.FreeTube" # Messaging "org.signal.Signal" @@ -201,13 +196,13 @@ in { nixpkgs.overlays = [ # Version pins (final: prev: { - # factorio = final.factorio.overrideAttrs (super: { + # factorio = prev.factorio.overrideAttrs (super: { # version = "2.0.42"; # # src.name = "factorio_alpha_x64-2.0.42.tar.xz"; # # src.sha256 = "1zq6wcqkmn9bzys27v0jlk9m9m1jhaai1mybdv8hz7p2si4l76n9"; # src = "/nix/store/b9y0dwgxa6hpddrd8nn0g2fizxl3xss7-factorio_alpha_x64-2.0.42.tar.xz"; # }); - # factorio = final.factorio.overrideAttrs (super: { + # factorio = prev.factorio.overrideAttrs (super: { # username = "ntlyes"; # token = ""; # src = diff --git a/users/lyes/home/default.nix b/users/lyes/home/default.nix index 9e554bc..1bdba1f 100644 --- a/users/lyes/home/default.nix +++ b/users/lyes/home/default.nix @@ -1,20 +1,21 @@ -{ home-manager, config, inputs, ... }: +{ home-manager, config, ... }: { - imports = [ - home-manager.nixosModules.default - ]; + imports = + [ + home-manager.nixosModules.default + ]; home-manager.useUserPackages = true; home-manager.useGlobalPkgs = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; home-manager.users.lyes = { ... }: { - imports = [ - ./editors - ./shells - ./home.nix - ]; + imports = + [ + ./editors + ./shells + ./home.nix + ]; home.username = "lyes"; home.homeDirectory = "/home/lyes"; diff --git a/users/lyes/home/editors/helix.nix b/users/lyes/home/editors/helix.nix index 35a17d1..e9fe010 100644 --- a/users/lyes/home/editors/helix.nix +++ b/users/lyes/home/editors/helix.nix @@ -1,9 +1,8 @@ -{ pkgs, ... }: +{ ... }: { programs.helix = { enable = true; - package = pkgs.helix-with-extensions; defaultEditor = true; settings = { diff --git a/users/lyes/server/default.nix b/users/lyes/server/default.nix new file mode 100644 index 0000000..45d468a --- /dev/null +++ b/users/lyes/server/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = + [ + ./sieve.nix + ]; +} diff --git a/users/lyes/server/sieve.nix b/users/lyes/server/sieve.nix new file mode 100644 index 0000000..ae0d258 --- /dev/null +++ b/users/lyes/server/sieve.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + age.secrets = { + lyes-sieve = { + file = ../../../secrets/lyes/sieve.age; + path = "/var/sieve/lyes@taf.lyes.eu/default.sieve"; + owner = "virtualMail"; + group = "virtualMail"; + mode = "660"; + }; + }; +}