lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests 1 Activity Actions

Compare commits

base: lyes:mail-ldap
Branches Tags
lyes:main
lyes:mail-ldap
..
compare: lyes:main
Branches Tags
lyes:main
lyes:mail-ldap

16 commits
mail-ldap ... main

Author SHA1 Message Date
Lyes Saadi
f068d74916
Git migration 2026-04-05 12:33:55 +02:00
Lyes Saadi
c33a558fee
Vault migration 2026-04-05 11:53:03 +02:00
Lyes Saadi
c48870c14c
Part 1 of lyes.eu -> minish.link migration 2026-04-04 20:23:42 +02:00
Lyes Saadi
1db440bd1d
Adding minish.link 2026-04-03 21:19:27 +02:00
Lyes Saadi
6036ca99b2
Adding helix extension support 2026-04-03 16:32:10 +02:00
Lyes Saadi
b457b9973d
Adding archipelago 2026-04-01 14:52:17 +02:00
Lyes Saadi
75d93e113e
Add mattermost 2026-03-25 11:38:25 +01:00
Lyes Saadi
631c9ca2cc
Go back to mainline firefox 2026-03-25 11:27:47 +01:00
Lyes Saadi
9c244751cb
Updates 2026-03-25 10:33:38 +01:00
Lyes Saadi
a10a6db8e0
Activating syncplay 2026-03-21 19:19:29 +01:00
Lyes Saadi
58003570a3
Adding syncplay 2026-03-21 19:18:43 +01:00
Lyes Saadi
a1e1272ebb
Adding a minecraft server 2026-03-16 15:54:56 +01:00
Lyes Saadi
fba02c0c19
Update cinny 2026-03-13 01:40:02 +01:00
Lyes Saadi
f287ac426a
Fixes to ptitgoron, adding cinny and updates 2026-03-10 02:50:23 +01:00
Lyes Saadi
169912a47b
Fixing all warnings 2026-03-06 20:34:14 +01:00
Lyes Saadi
32720ae712
Adding vicinae and various refactors 2026-02-26 12:13:24 +01:00
43 changed files with 868 additions and 349 deletions
Download patch file Download diff file Expand all files Collapse all files

157
flake.lock generated
View file

@ -47,11 +47,11 @@
]
},
"locked": {
"lastModified": 1770681688,
"narHash": "sha256-bGVEgZMxmw9N+IKp5nG+2nyKFezdPWYDxyxXkYW+d2M=",
"lastModified": 1774983731,
"narHash": "sha256-ZJGManY8rA/7+AZIxiW0CEMW9x8megcoh1xZ/oXq/aY=",
"owner": "9001",
"repo": "copyparty",
"rev": "e5d0a0572da507acfe774e0f86ad541f5daab97f",
"rev": "198f631ac80adc33a8f072d598ff0cd1aa2b5abd",
"type": "github"
},
"original": {
@ -109,11 +109,11 @@
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github"
},
"original": {
@ -182,11 +182,11 @@
]
},
"locked": {
"lastModified": 1769939035,
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
"lastModified": 1774959120,
"narHash": "sha256-Pzk6UbueeWy9WFiDY6iA1aHid+2AMzkS6gg2x2cSkz4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a8ca480175326551d6c4121498316261cbb5b260",
"rev": "c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a",
"type": "github"
},
"original": {
@ -217,6 +217,26 @@
"type": "github"
}
},
"helix-ext": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1774804218,
"narHash": "sha256-5h6eicp0+qzgiDrWc0mlTiX+jvcx8d54Fp922uQ2p0k=",
"owner": "mattwparas",
"repo": "helix",
"rev": "912d8d8b97da21de9b44b4e24a476e193e7cc44d",
"type": "github"
},
"original": {
"owner": "mattwparas",
"ref": "steel-event-system",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -245,11 +265,11 @@
]
},
"locked": {
"lastModified": 1770654520,
"narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=",
"lastModified": 1775047159,
"narHash": "sha256-UWM4VZvfKaPwA9FMu7iZha5YAE8vsEtUazk+rFxmbTY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e",
"rev": "1ce9e62690dfdd7e76bd266ccb9a887778410eb2",
"type": "github"
},
"original": {
@ -267,11 +287,11 @@
]
},
"locked": {
"lastModified": 1769872935,
"narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=",
"lastModified": 1774991950,
"narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7",
"rev": "f2d3e04e278422c7379e067e323734f3e8c585a7",
"type": "github"
},
"original": {
@ -285,14 +305,14 @@
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1770659507,
"narHash": "sha256-RVZno9CypFN3eHxfULKN1K7mb/Cq0HkznnWqnshxpWY=",
"lastModified": 1774999302,
"narHash": "sha256-KJfDmGLMVO8Hr4TrTwOAQpOykLLOSgk9dxkaf2dHzFU=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "781e833633ebc0873d251772a74e4400a73f5d78",
"rev": "493f0ff8a7571cc4ddd190babfa447489f41c752",
"type": "gitlab"
},
"original": {
@ -301,22 +321,6 @@
"type": "gitlab"
}
},
"mozilla": {
"locked": {
"lastModified": 1750265908,
"narHash": "sha256-ZGo9BPm0L6kkuke6Bp5rb1XwF5Qv3/+a3mowsr0fcU4=",
"owner": "andersk",
"repo": "nixpkgs-mozilla",
"rev": "174a36cd95c9bed0dcbcc8a51f16d0cc8be490f3",
"type": "github"
},
"original": {
"owner": "andersk",
"ref": "channel",
"repo": "nixpkgs-mozilla",
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1767983141,
@ -335,11 +339,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1770631810,
"narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=",
"lastModified": 1774933469,
"narHash": "sha256-OrnCQeUO2bqaWUl0lkDWyGWjKsOhtCyd7JSfTedQNUE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2889685785848de940375bf7fea5e7c5a3c8d502",
"rev": "f4c4c2c0c923d7811ac2a63ccc154767e4195337",
"type": "github"
},
"original": {
@ -383,11 +387,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770562336,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
"lastModified": 1774709303,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
"type": "github"
},
"original": {
@ -399,11 +403,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1770650459,
"narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=",
"lastModified": 1770841267,
"narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1774935083,
"narHash": "sha256-Mh6bLcYAcENBAZk3RoMPMFCGGMZmfaGMERE4siZOgP4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378",
"rev": "2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6",
"type": "github"
},
"original": {
@ -413,13 +433,13 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1770562336,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
"lastModified": 1774709303,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
"type": "github"
},
"original": {
@ -429,13 +449,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"lastModified": 1774709303,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
"type": "github"
},
"original": {
@ -467,18 +487,39 @@
"copyparty": "copyparty",
"deploy-rs": "deploy-rs",
"disko": "disko",
"helix-ext": "helix-ext",
"home-manager": "home-manager_2",
"mailserver": "mailserver",
"mozilla": "mozilla",
"nix-flatpak": "nix-flatpak",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"pin-factorio": "pin-factorio",
"zen-browser": "zen-browser"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"helix-ext",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770952264,
"narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -530,14 +571,14 @@
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1770707140,
"narHash": "sha256-3ZRA2+o5p1+FKWx988WbwB1SQ2Mz5aL95zxhL5iD+O0=",
"lastModified": 1775021133,
"narHash": "sha256-JB0u0evfSlmNg9HdGDxtXjaCcdKUpFPdSAMGxvJo5Pw=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "db14437f8667f7f09784e2a4e73c105bdc1c7023",
"rev": "4bf1a6837064486c4f573a9d500c4cf3c1c075c0",
"type": "github"
},
"original": {

11
flake.nix
View file

@ -14,7 +14,8 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nix-flatpak.url = "github:gmodena/nix-flatpak/latest";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
mozilla.url = "github:andersk/nixpkgs-mozilla/channel";
# mozilla.url = "github:andersk/nixpkgs-mozilla/channel";
helix-ext.url = "github:mattwparas/helix/steel-event-system";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
@ -40,7 +41,7 @@
pin-factorio.url = "github:NixOS/nixpkgs?rev=c5ae371f1a6a7fd27823bc500d9390b38c05fa55";
};
outputs = { self, nixpkgs, mailserver, copyparty, deploy-rs, ... }@inputs: {
outputs = { self, nixpkgs, deploy-rs, ... }@inputs: {
nixosConfigurations = {
# Framework Computer
piaf = nixpkgs.lib.nixosSystem {
@ -53,11 +54,7 @@
zora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
./hosts/zora
mailserver.nixosModules.default
copyparty.nixosModules.default
];
modules = [ ./hosts/zora ];
};
# Desktop ISO

20
hosts/piaf/hardware.nix
View file

@ -2,7 +2,7 @@
{
# Kernel
boot.kernelPackages = pkgs.linuxPackages_6_18;
boot.kernelPackages = pkgs.linuxPackages_6_19;
# Boot
boot.loader.systemd-boot.enable = true;
@ -74,12 +74,12 @@
# Tweaking failing packages
nixpkgs.overlays = [ (final: prev: {
dfu-programmer = prev.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; });
# upower = prev.upower.overrideAttrs (_: { doCheck = false; });
# gxml = prev.gxml.overrideAttrs (_: { doCheck = false; });
# # orc = prev.orc.overrideAttrs (_: { doCheck = false; });
# # gsl = prev.gsl.overrideAttrs (_: { doCheck = false; });
# fprintd = prev.fprintd.overrideAttrs (super: {
# dfu-programmer = final.dfu-programmer.overrideAttrs (_: { env.NIX_CFLAGS_COMPILE = "-std=gnu17"; });
# upower = final.upower.overrideAttrs (_: { doCheck = false; });
# gxml = final.gxml.overrideAttrs (_: { doCheck = false; });
# # orc = final.orc.overrideAttrs (_: { doCheck = false; });
# # gsl = final.gsl.overrideAttrs (_: { doCheck = false; });
# fprintd = final.fprintd.overrideAttrs (super: {
# # doCheck = false;
# # buildInputs = super.buildInputs or [ ] ++ (with pkgs; [ libpam-wrapper (pkgs.python3.withPackages (python-pkgs: [ python-pkgs.pycairo python-pkgs.dbus-python python-pkgs.python-dbusmock ])) ]);
# mesonCheckFlags = [
@ -87,7 +87,7 @@
# "--no-suite" "fprintd"
# ];
# });
# libsrtp = prev.libsrtp.overrideAttrs (_: {
# libsrtp = final.libsrtp.overrideAttrs (_: {
# mesonFlags = [
# "-Dcrypto-library=openssl"
# "-Dcrypto-library-kdf=disabled"
@ -95,8 +95,8 @@
# "-Dtests=disabled"
# ];
# });
# # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal prev.crypton (_: { doCheck = false; });
# # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal prev.cryptonite (_: { doCheck = false; });
# # # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal final.crypton (_: { doCheck = false; });
# # # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal final.cryptonite (_: { doCheck = false; });
}) ];
# nixpkgs.config.packageOverrides = pkgs: {

3
hosts/zora/default.nix
View file

@ -13,7 +13,6 @@
./users.nix
../../users/lyes
../../users/lyes/server
../../modules
../../modules/server
@ -21,12 +20,14 @@
../../modules/server/baba
../../modules/server/biggoron
../../modules/server/biggoron/runner.nix
../../modules/server/facteur
../../modules/server/giovanni
../../modules/server/kalif
../../modules/server/lanayru
../../modules/server/link
../../modules/server/maistro
../../modules/server/mikau
../../modules/server/midona
../../modules/server/nayru
../../modules/server/taf
../../modules/server/tetra

2
hosts/zora/networking.nix
View file

@ -113,6 +113,8 @@
type filter hook input priority 0; policy drop;
iifname lo accept
iifname incusbr0 accept
iifname podman* accept
tcp dport 22 accept

46
hosts/zora/reverse-proxy.nix
View file

@ -3,7 +3,7 @@
{
security.acme = {
acceptTerms = true;
defaults.email = "root.security@lyes.eu";
defaults.email = "security@lyes.eu";
};
services.nginx = {
@ -12,28 +12,44 @@
recommendedTlsSettings = true;
virtualHosts = {
"lyes.eu" = {
"minish.link" = {
serverAliases = [
"www.minish.link"
"minish.fr"
"www.minish.fr"
];
default = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/data/www/minish.link/";
};
extraConfig = ''
error_page 404 /404.html;
'';
};
"lyes.eu" = {
serverAliases = [ "www.lyes.eu" ];
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/data/www/lyes.eu/";
};
# extraConfig = ''
# allow 82.67.15.247;
# deny all;
# '';
extraConfig = ''
error_page 404 /404.html;
'';
};
# 44300
"auth.lyes.eu" = {
"auth.minish.link" = {
serverAliases = [ "auth.lyes.eu" ];
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}";
proxyPass = "https://${config.services.kanidm.server.settings.bindaddress}";
};
};
# 44301
"vault.lyes.eu" = {
"vault.minish.link" = {
forceSSL = true;
enableACME = true;
locations."/" = {
@ -42,7 +58,7 @@
};
};
# 44302
"manga.lyes.eu" = {
"manga.minish.link" = {
forceSSL = true;
enableACME = true;
locations."/" = {
@ -51,13 +67,13 @@
};
};
# 44312
"dl.manga.lyes.eu" = {
"dl.manga.minish.link" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://${config.networking.vpn-netns.vethIP}:${toString config.services.suwayomi-server.settings.server.port}";
};
# 44303
"git.lyes.eu" = {
"git.minish.link" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
@ -66,7 +82,7 @@
locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
# 8096
"media.lyes.eu" = {
"media.minish.link" = {
forceSSL = true;
enableACME = true;
locations = {
@ -86,7 +102,7 @@
};
};
# 44304
"torrent.lyes.eu" = {
"torrent.minish.link" = {
forceSSL = true;
enableACME = true;
locations."/" = {
@ -94,7 +110,7 @@
};
};
# 44305
"files.lyes.eu" = {
"files.minish.link" = {
forceSSL = true;
enableACME = true;
locations."/" = {

15
modules/common/default.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs-unstable, nixpkgs-stable, pin-factorio, ... }:
{ nixpkgs-unstable, nixpkgs-stable, pin-factorio, helix-ext, ... }:
{
imports =
@ -7,8 +7,8 @@
./system.nix
];
# Import local packages
nixpkgs.overlays = [
# Import local packages
(final: prev: {
local = import ../../pkgs { pkgs = final; };
})
@ -16,23 +16,28 @@
# Unstable
(final: prev: {
unstable = import nixpkgs-unstable {
system = prev.system;
system = final.stdenv.hostPlatform.system;
};
})
# Stable
(final: prev: {
stable = import nixpkgs-stable {
system = prev.system;
system = final.stdenv.hostPlatform.system;
};
})
# Pins
(final: prev: {
pin = {
factorio = import pin-factorio { system = prev.system; config.allowUnfree = true; };
factorio = import pin-factorio { system = final.stdenv.hostPlatform.system; config.allowUnfree = true; };
};
})
# Helix
(final: prev: {
helix-with-extensions = helix-ext.packages."x86_64-linux".helix;
})
];
nixpkgs.config = {

2
modules/desktop/gaming/default.nix
View file

@ -23,7 +23,7 @@
programs.gamemode.enable = true;
environment.systemPackages = with pkgs; [
wineWowPackages.waylandFull
wineWow64Packages.waylandFull
mangohud
protonup-ng
];

18
modules/desktop/networking.nix
View file

@ -20,9 +20,12 @@
services.resolved = {
enable = false;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
settings = {
Resolve = {
DNSOverTLS = true;
DNSSEC = true;
Domains = [ "~." ];
FallbackDns = [
"9.9.9.9"
"149.112.112.112"
"1.1.1.1"
@ -30,8 +33,7 @@
"2620:fe::fe"
"2620:fe::9"
];
settings.Resolve = {
DNSOverTLS = true;
};
};
};
@ -51,12 +53,6 @@
# Network services
#services.openssh.enable = true;
#services.syncplay = {
# enable = true;
# port = 8998;
# extraArgs = [ "--password pouicbarilstepson123cassoulet" ];
#};
# Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;

1
modules/desktop/sway/default.nix
View file

@ -39,6 +39,7 @@ in
wofi
wlogout
slurp
vicinae
];
};

10
modules/desktop/system.nix
View file

@ -1,4 +1,4 @@
{ pkgs, mozilla, ... }:
{ pkgs, ... }:
{
# Boot
@ -58,8 +58,9 @@
# package = pkgs.firefox-beta;
# Doesn't work ?
# languagePacks = [ "fr" "en-US" ];
# package = pkgs.latest.firefox-nightly-bin;
};
nixpkgs.overlays = [ mozilla.overlays.firefox ];
# nixpkgs.overlays = [ mozilla.overlays.firefox ];
# let
# # Change this to a rev sha to pin
# moz-rev = "master";
@ -72,8 +73,6 @@
# nightlyOverlay
# ];
programs.firefox.package = pkgs.latest.firefox-nightly-bin;
xdg.portal.enable = true;
# Virtualisation
@ -81,7 +80,8 @@
# virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enableExtensionPack = true;
# users.extraGroups.vboxusers.members = [ "lyes" ];
# virtualisation.waydroid.enable = true;
virtualisation.waydroid.enable = true;
virtualisation.waydroid.package = pkgs.waydroid-nftables;
# Containers
virtualisation.containers.enable = true;

6
modules/server/README.md
View file

@ -1,13 +1,15 @@
- `agraf` : Copyparty (`files.lyes.eu`)
- `baba` : Nextcloud (`cloud.lyes.eu`)
- `biggoron` : Forgejo (`git.lyes.eu`)
- `facteur` : Syncplay
- `giovanni` : Vaultwarden (`vault.lyes.eu`)
- `kaepora` : PostgreSQL
- `kalif` : Factorio (`factorio.lyes.eu`)
- `lanayru` : Suwayomi (`dl.manga.lyes.eu`)
- `link` : Kanidm (`auth.lyes.eu`)
- `link` : Kanidm (`auth.minish.link`)
- `maistro` : Incus
- `mikau` : Jellyfin (`media.lyes.eu`)
- `mikau` : Jellyfin (`media.minish.link`)
- `midona` : Gate Minecraft Server Proxy
- `mogma` : VPN NetNS Configuration
- `nayru` : Komga/Manga (`manga.lyes.eu`)
- `taf` : Mail (`taf.lyes.eu`/`mail.lyes.eu`)

6
modules/server/agraf/default.nix
View file

@ -1,6 +1,10 @@
{ config, copyparty, ... }:
{
imports = [
copyparty.nixosModules.default
];
services.copyparty = {
enable = true;
@ -20,7 +24,7 @@
# General options
ed = true; # See hidden files (starting with a dot)
name = "zora"; # Server name
name-url = "https://files.lyes.eu"; # Server URL
name-url = "https://files.minish.link"; # Server URL
j = 4; # Max jobs (CPU usage)
# Network options

3
modules/server/baba/default.nix
View file

@ -7,7 +7,7 @@
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
package = pkgs.nextcloud33;
hostName = "cloud.lyes.eu";
https = true;
configureRedis = true;
@ -15,6 +15,7 @@
extraAppsEnable = true;
extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks dav_push repod gpoddersync phonetrack music;
inherit (config.services.nextcloud.package.packages.apps) mail calendar contacts cospend user_oidc notes richdocuments tasks news dav_push repod gpoddersync phonetrack music;
# gpoddersync = pkgs.fetchNextcloudApp {
# hash = "sha256-EQVs1fe0ierjqFZ5+KVc1Yj67zrwjLBAzY5A+QsC7AU=";

2
modules/server/biggoron/default.nix
View file

@ -37,7 +37,7 @@ in
settings = {
server = {
DOMAIN = "git.lyes.eu";
DOMAIN = "git.minish.link";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 44303;

11
modules/server/biggoron/runner.nix
View file

@ -4,13 +4,16 @@
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune.enable = true;
};
};
networking.firewall.trustedInterfaces = [
"podman*"
];
networking.firewall.interfaces."podman*".allowedUDPPorts = [ 53 ];
users.users.gitea-runner.isSystemUser = true;
users.users.gitea-runner.group = "gitea-runner";
@ -18,10 +21,11 @@
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
instances = {
ptigoron = {
enable = true;
name = "ptigoron";
url = "https://git.lyes.eu";
url = "https://git.minish.link";
# Obtaining the path to the runner token file may differ
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
tokenFile = config.age.secrets.ptigoron-token.path;
@ -36,6 +40,9 @@
];
};
};
};
systemd.services.gitea-runner-ptigoron.after = [ "forgejo.service" ];
age.secrets.ptigoron-token = {
file = ../../../secrets/zora/services/ptigoron-token.age;

16
modules/server/facteur/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
services.syncplay = {
enable = true;
package = pkgs.syncplay-nogui;
passwordFile = config.age.secrets.facteur-pass.path;
};
age.secrets = {
facteur-pass = {
file = ../../../secrets/zora/services/facteur-pass.age;
mode = "444";
};
};
}

2
modules/server/lanayru/default.nix
View file

@ -42,6 +42,8 @@
};
};
networking.vpn-netns.encapsulatedServices.suwayomi-server.enable = true;
age.secrets = {
suwayomi-pass = {
file = ../../../secrets/zora/services/lanayru-pass.age;

11
modules/server/link/client.nix
View file

@ -2,12 +2,13 @@
{
services.kanidm = {
package = pkgs.kanidmWithSecretProvisioning_1_8;
package = pkgs.kanidmWithSecretProvisioning_1_9;
enableClient = true;
clientSettings = {
uri = "https://auth.lyes.eu";
client = {
enable = true;
settings = {
uri = "https://auth.minish.link";
};
};
};
}

8
modules/server/link/default.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
let
hostname = "auth.${config.networking.domain}";
hostname = "auth.minish.link";
port = "44300";
in
{
@ -13,8 +13,9 @@ in
services.kanidm = {
# package = pkgs.kanidmWithSecretProvisioning_1_7;
enableServer = true;
server.settings = {
server = {
enable = true;
settings = {
bindaddress = "127.0.0.1:${port}";
ldapbindaddress = "0.0.0.0:636";
domain = hostname;
@ -28,6 +29,7 @@ in
versions = 5;
};
};
};
provision = {
enable = true;

77
modules/server/midona/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ lib, pkgs, ... }:
let
config = lib.toFile "config.yml" ''
config:
lite:
enabled: true
routes:
- host: stepson.minecraft.minish.link
backend: 10.0.100.80:25565
'';
in
{
environment.systemPackages = with pkgs; [ gate ];
systemd.services.gate = {
description = "Gate Minecraft Proxy";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.gate}/bin/gate --config ${config}";
Restart = "always";
# StandardInput = "socket";
# StandardOutput = "journal";
# StandardError = "journal";
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
};
services.nginx.streamConfig = ''
server {
listen 24454;
proxy_pass 10.0.100.80:24454;
}
server {
listen 24454 udp;
proxy_pass 10.0.100.80:24454;
}
'';
networking.firewall = {
allowedTCPPorts = [
25565
24454 # Simple Voice Chat stepson
];
allowedUDPPorts = [
25565
24454 # Simple Voice Chat stepson
];
};
}

10
modules/server/mogma/forwarding.nix
View file

@ -32,6 +32,8 @@ let
} forwardedServices;
serviceList = lib.mapAttrsToList (name: _: name + ".service") forwardedServices;
encServicesList = lib.mapAttrsToList (name: _: name + ".service") cfg.encapsulatedServices;
in
lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) {
assertions = [
@ -49,11 +51,11 @@ lib.mkIf (forwardedServices != { } && cfg.portForwarding.enable) {
services.natpmpc-lease = {
description = "Request VPN port forwarding leases.";
wantedBy = serviceList;
after = [ "wireguard.target" ];
wants = [ "wireguard.target" ];
# wantedBy = serviceList;
after = [ "wireguard.target" ] ++ encServicesList;
wants = [ "wireguard.target" ] ++ encServicesList;
# preStart = "sleep 3";
preStart = "sleep 3";
path = with pkgs; [
libnatpmp

270
modules/server/taf/default.nix
View file

@ -1,31 +1,17 @@
{ config, lib, ... }:
{ config, mailserver, ... }:
let
alias = ''
@lyes.eu lyes
lyes@mail.lyes.eu lyes
abuse@taf.lyes.eu lyes
abuse@mail.lyes.eu lyes
abuse@minish.fr lyes
abuse@minish.link lyes
postmaster@taf.lyes.eu lyes
postmaster@mail.lyes.eu lyes
postmaster@minish.fr lyes
postmaster@minish.link lyes
'';
aliasFile = lib.toFile "alias" alias;
in
{
imports = [
mailserver.nixosModules.default
];
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "taf.lyes.eu";
domains = [
"lyes.eu"
"taf.lyes.eu"
"mail.lyes.eu"
"minish.fr"
"minish.link"
];
localDnsResolver = false;
@ -33,85 +19,175 @@ in
# debug.all = true;
ldap = {
enable = true;
uris = [ "ldaps://auth.lyes.eu:636" ];
searchBase = "dc=auth,dc=lyes,dc=eu";
searchScope = "sub";
bind = {
# dn = "dn=token,dc=auth,dc=lyes,dc=eu";
dn = "dn=token";
passwordFile = config.age.secrets.taf-token.path;
};
dovecot = {
userFilter = "(&(memberof=taf_users)(mail=%u))";
passFilter = "(&(memberof=taf_users)(mail=%u))";
};
postfix = {
filter = "(&(memberof=taf_users)(mail=%s))";
mailAttribute = "mail";
uidAttribute = "name";
};
};
# fullTextSearch = {
# ldap = {
# enable = true;
# autoIndex = true;
# enforced = "body";
# uris = [ "ldaps://auth.lyes.eu:636" ];
# searchBase = "dc=auth,dc=lyes,dc=eu";
# searchScope = "sub";
# bind = {
# # dn = "dn=token,dc=auth,dc=lyes,dc=eu";
# dn = "dn=token";
# passwordFile = config.age.secrets.taf-token.path;
# };
# loginAccounts = {
# "lyes@mail.lyes.eu" = {
# # hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path;
# # aliases = [
# # "@lyes.eu"
# # ];
# # quota = "1T";
# dovecot = {
# userFilter = "(name=%u)";
# passFilter = "(name=%u)";
# };
# postfix = {
# filter = "(name=%s)";
# mailAttribute = "mail";
# uidAttribute = "name";
# };
# };
loginAccounts = {
"lyes@mail.lyes.eu" = {
hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path;
aliases = [
"@lyes.eu"
];
quota = "1T";
sieveScript = ''
require ["include", "fileinto", "mailbox", "copy", "regex", "variables", "imap4flags"];
include :personal "hiddensieve";
# lyes.eu filters
if address :is :domain "X-Original-To" "lyes.eu" {
# If the mail comes from my crans mailbox
if address :is :localpart "X-Original-To" "crans" {
# Aurore Support
if header :contains "List-Id" "<support.aurore.lists.crans.org>" {
fileinto :create "Crans.aurore.support";
}
# Mailman moderation request
elsif address :matches :all "To" "*-owner@lists.crans.org" {
fileinto :create "Crans.moderation";
}
# Crans Bureau
elsif anyof (
header :contains "List-Id" "<bureau.lists.crans.org>",
header :contains "List-Id" "<achats-crans.lists.crans.org>",
header :contains "List-Id" "<tresorerie.lists.crans.org>"
) {
fileinto :create "Crans.crans.bureau";
}
# Crans CA
elsif header :contains "List-Id" "<ca.lists.crans.org>" {
fileinto :create "Crans.crans.ca";
}
# Crans Root Postmaster
elsif address :is :all "To" "postmaster@crans.org" {
addflag "\\Seen";
fileinto :create "Crans.crans.root.postmaster";
}
# Crans Root Mailer
elsif address :is :all "From" "MAILER-DAEMON@crans.org" {
fileinto :create "Crans.crans.root.mailer";
}
# Crans Nounou
elsif anyof (
header :contains "List-Id" "<nounou.lists.crans.org>",
header :contains "List-Id" "<apprenti-es.lists.crans.org>",
address :is :all "To" "contact@crans.org",
address :is :all "From" "contact@crans.org"
) {
fileinto :create "Crans.crans.nounou";
}
# Crans Root
elsif anyof (
address :is :all "To" "root@crans.org",
address :is :all "From" "root@crans.org",
address :is :all "From" "www-data@crans.org"
) {
fileinto :create "Crans.crans.root";
}
# Crans Gitlab
elsif address :is :all "From" "gitlab@crans.org" {
fileinto :create "Crans.crans.gitlab";
}
# Crans Wiki
elsif address :is :all "From" "wiki@crans.org" {
fileinto :create "Crans.crans.wiki";
}
# Aurore CA
elsif header :contains "List-Id" "<ca.aurore.lists.crans.org>" {
fileinto :create "Crans.aurore.ca";
}
# BDL
elsif anyof (
header :contains "List-Id" "<bdl-bureau.lists.crans.org>",
header :contains "List-Id" "<bdl.lists.crans.org>"
) {
fileinto :create "Crans.asso.bdl";
}
# Med
elsif anyof (
header :contains "List-Id" "<med-bureau.lists.crans.org>",
header :contains "List-Id" "<med.lists.crans.org>"
) {
fileinto :create "Crans.asso.med";
}
# NL BDE
elsif header :contains "List-Id" "<evenements.lists.crans.org>" {
fileinto :create "Crans.asso.nl.bde";
}
# NL BDA
elsif header :contains "List-Id" "<evenement.bda.lists.crans.org>" {
fileinto :create "Crans.asso.nl.bda";
}
# Any other associative mail
elsif anyof (
header :contains "List-Id" "<la5emeparallele-bureau.lists.crans.org>",
header :contains "List-Id" "<la5emeparallele.lists.crans.org>",
header :matches "List-Id" "<*.lists.crans.org>"
) {
fileinto :create "Crans.asso";
}
# Otherwise it's for the generic mailbox
else {
fileinto :create "Crans";
}
}
# Otherwise it's for my different accounts
# It's automatically sorted using the localpart
elsif address :localpart :regex "X-Original-To" "^(([a-zA-Z]+\\.)*([a-zA-Z]+))(-([a-zA-Z0-9_.\\-]*))?''$" {
set :lower "sub_folder" "''${1}";
set "mbox_candidate" "INBOX.''${sub_folder}";
fileinto :create "''${mbox_candidate}";
}
# Other unknown origin
else {
fileinto :create "INBOX.other";
}
}
# It's destined to my main inbox
elsif address :is "X-Original-To" "lyes@mail.lyes.eu" {
fileinto :create "INBOX";
}
# Other unknown origin
else {
fileinto :create "INBOX.other";
}
'';
};
};
# extraVirtualAliases = {
# "@lyes.eu" = "lyes";
# "abuse@mail.lyes.eu" = "lyes";
# # "abuse@minish.fr" = "lyes";
# # "abuse@minish.link" = "lyes";
# "postmaster@mail.lyes.eu" = "lyes";
# # "postmaster@minish.fr" = "lyes";
# # "postmaster@minish.link" = "lyes";
# "@lyes.eu" = "lyes@mail.lyes.eu";
# };
x509.useACMEHost = config.mailserver.fqdn;
};
services.postfix = {
mapFiles."valias" = lib.mkForce aliasFile;
mapFiles."vaccounts" = lib.mkForce aliasFile;
virtual = lib.mkForce alias;
settings = {
main = {
# local_recipient_maps = "";
# virtual_alias_maps = lib.mkForce "ldap:/run/postfix/ldap-virtual-mailbox-map.cf";
maximal_queue_lifetime = "31d";
relay_domains = [
"skaven.org"
"agreg.info"
];
smtpd_recipient_restrictions = [
"permit_mynetworks"
"permit_sasl_authenticated"
];
};
};
};
# services.dovecot2.extraConfig = ''
# userdb {
# driver = ldap
@ -128,10 +204,7 @@ in
# }
# '';
services.dovecot2 = {
# enableQuota = lib.mkForce false;
sieve.extensions = [ "imap4flags" ];
};
services.dovecot2.sieve.extensions = [ "imap4flags" ];
services.roundcube = {
enable = true;
@ -148,12 +221,21 @@ in
age.secrets = {
taf-token = {
owner = "postfix";
file = ../../../secrets/zora/services/taf-token.age;
};
# lyes-mail-passwd = {
# owner = "postfix";
# file = ../../../secrets/lyes/mail-passwd.age;
# };
lyes-mail-passwd = {
owner = "postfix";
file = ../../../secrets/lyes/mail-passwd.age;
};
lyes-hidden-sieve = {
file = ../../../secrets/lyes/hidden-sieve.age;
path = "/var/sieve/lyes@mail.lyes.eu/scripts/hiddensieve.sieve";
owner = "virtualMail";
group = "virtualMail";
mode = "660";
};
};
}

22
pkgs/KhinsiderDownloader/default.nix
View file

@ -3,8 +3,14 @@
fetchFromGitHub,
cmake,
curl,
qt6,
libxml2
libxml2,
qtbase,
wrapQtAppsHook,
qtscxml,
qtquicktimeline,
qtquickeffectmaker,
qtnetworkauth,
qttools,
}:
stdenv.mkDerivation (final: {
@ -18,10 +24,20 @@ stdenv.mkDerivation (final: {
hash = "sha256-hqoUkzPNxAIvC/7DL9YIMPmUZqAreqCbG8NKidVtSDM=";
};
buildInputs = [ qtbase ];
nativeBuildInputs = [
cmake
curl
qt6.full
# qt6.env
qtscxml
# qtquick3d
# qtquick3dphysics
qtquicktimeline
qtquickeffectmaker
qtnetworkauth
qttools
libxml2
wrapQtAppsHook
];
})

103
pkgs/cinny/cinny-desktop.nix Normal file
View file

@ -0,0 +1,103 @@
{
lib,
stdenv,
fetchFromGitHub,
rustPlatform,
cargo-tauri,
cinny,
desktop-file-utils,
wrapGAppsHook4,
makeBinaryWrapper,
pkg-config,
openssl,
glib-networking,
webkitgtk_4_1,
jq,
moreutils,
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "cinny-desktop";
version = "4.11.1";
# nixpkgs-update: no auto update
src = fetchFromGitHub {
owner = "cinnyapp";
repo = "cinny-desktop";
tag = "v4.11.2";
hash = "sha256-iH3OBpLM5JyFo5QLjHSvGMgl0xDP9hpfngW49hvjLMY=";
};
sourceRoot = "${finalAttrs.src.name}/src-tauri";
cargoHash = "sha256-g1xDdqmouHD+qr5OvO2PVjFKAy2AXiatuTrLfh/QxAE=";
postPatch =
let
cinny' =
assert lib.assertMsg (
cinny.version == finalAttrs.version
) "cinny.version (${cinny.version}) != cinny-desktop.version (${finalAttrs.version})";
cinny.override {
conf = {
hashRouter.enabled = true;
};
};
in
# 'del(.app.windows) | del(.plugins.updater) | .bundle.createUpdaterArtifacts = false | .build.frontendDist = "${cinny'}" | del(.build.beforeBuildCommand)' tauri.conf.json \
''
${lib.getExe jq} \
'del(.plugins.tauri.updater) | .bundle.createUpdaterArtifacts = false | .build.frontendDist = "${cinny'}" | del(.build.beforeBuildCommand)' tauri.conf.json \
| ${lib.getExe' moreutils "sponge"} tauri.conf.json
cat tauri.conf.json
'';
postInstall =
lib.optionalString stdenv.hostPlatform.isDarwin ''
mkdir -p "$out/bin"
makeWrapper "$out/Applications/Cinny.app/Contents/MacOS/Cinny" "$out/bin/cinny"
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
desktop-file-edit \
--set-comment "Yet another matrix client for desktop" \
--set-key="Categories" --set-value="Network;InstantMessaging;" \
$out/share/applications/Cinny.desktop
'';
preFixup = ''
gappsWrapperArgs+=(
--set-default WEBKIT_DISABLE_DMABUF_RENDERER "1"
)
'';
nativeBuildInputs = [
cargo-tauri.hook
]
++ lib.optionals stdenv.hostPlatform.isLinux [
desktop-file-utils
pkg-config
wrapGAppsHook4
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
makeBinaryWrapper
];
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
glib-networking
openssl
webkitgtk_4_1
];
meta = {
description = "Yet another matrix client for desktop";
homepage = "https://github.com/cinnyapp/cinny-desktop";
maintainers = with lib.maintainers; [
qyriad
rebmit
ryand56
];
license = lib.licenses.agpl3Only;
platforms = lib.platforms.linux ++ lib.platforms.darwin;
mainProgram = "cinny";
};
})

52
pkgs/cinny/cinny-unwrapped.nix Normal file
View file

@ -0,0 +1,52 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
nodejs_22,
}:
buildNpmPackage {
pname = "cinny-unwrapped";
# Remember to update cinny-desktop when bumping this version.
version = "4.11.1";
# nixpkgs-update: no auto update
src = fetchFromGitHub {
owner = "cinnyapp";
repo = "cinny";
# rev = "55e83065767645ed7cd510a6f4b5cf4733b000b4";
tag = "v4.11.1";
# hash = "sha256-2qxmlj4IK6twDh27R6qMJDmYSfsWoofVGuRHxSP72f0=";
hash = "sha256-dwI3zNey/ukF3t2fhH/ePf4o4iBDwZyLWMYebPgXmWU=";
};
nodejs = nodejs_22;
# npmDepsHash = "sha256-qyQ0SXkPSUES/tavKzPra0Q+ZnU9qHvkTC1JgAjL0o8=";
# npmDepsHash = "sha256-2Lrd0jAwAH6HkwLHyivqwaEhcpFAIALuno+MchSIfxo=";
npmDepsHash = "sha256-27WFjb08p09aJRi0S2PvYq3bivEuG5+z2QhFahTSj4Q=";
# Skip rebuilding native modules since they're not needed for the web app
npmRebuildFlags = [
"--ignore-scripts"
];
installPhase = ''
runHook preInstall
cp -r dist $out
runHook postInstall
'';
meta = {
description = "Yet another Matrix client for the web";
homepage = "https://cinny.in/";
maintainers = with lib.maintainers; [
abbe
rebmit
];
license = lib.licenses.agpl3Only;
platforms = lib.platforms.all;
};
}

32
pkgs/cinny/cinny.nix Normal file
View file

@ -0,0 +1,32 @@
{
cinny-unwrapped,
jq,
stdenvNoCC,
writeText,
conf ? { },
}:
let
configOverrides = writeText "cinny-config-overrides.json" (builtins.toJSON conf);
in
if (conf == { }) then
cinny-unwrapped
else
stdenvNoCC.mkDerivation {
pname = "cinny";
inherit (cinny-unwrapped) version meta;
dontUnpack = true;
nativeBuildInputs = [ jq ];
installPhase = ''
runHook preInstall
mkdir -p $out
ln -s ${cinny-unwrapped}/* $out
rm $out/config.json
jq -s '.[0] * .[1]' "${cinny-unwrapped}/config.json" "${configOverrides}" > "$out/config.json"
runHook postInstall
'';
}

7
pkgs/default.nix
View file

@ -1,8 +1,11 @@
{ pkgs ? import <nixpkgs> { } }:
{
rec {
quadcastrgb = pkgs.callPackage ./quadcastrgb { };
ens-intel-unite = pkgs.callPackage ./ens-intel-unite { };
KhinsiderDownloader = pkgs.callPackage ./KhinsiderDownloader { };
KhinsiderDownloader = pkgs.qt6Packages.callPackage ./KhinsiderDownloader { };
amy-mono = pkgs.callPackage ./amy-mono { };
cinny = pkgs.callPackage ./cinny/cinny.nix { inherit cinny-unwrapped; };
cinny-unwrapped = pkgs.callPackage ./cinny/cinny-unwrapped.nix { };
cinny-desktop = pkgs.callPackage ./cinny/cinny-desktop.nix { inherit cinny; };
}

3
secrets.nix
View file

@ -8,7 +8,7 @@ in
{
# Lyes
"secrets/lyes/mail-passwd.age".publicKeys = [ lyes zora ];
"secrets/lyes/sieve.age".publicKeys = [ lyes zora ];
"secrets/lyes/hidden-sieve.age".publicKeys = [ lyes zora ];
# Zora
"secrets/zora/services/kanidm-admin-password.age".publicKeys = all;
@ -27,4 +27,5 @@ in
"secrets/zora/services/lanayru-pass.age".publicKeys = all;
"secrets/zora/services/agraf-root-pass.age".publicKeys = all;
"secrets/zora/services/agraf-lyes-pass.age".publicKeys = all;
"secrets/zora/services/facteur-pass.age".publicKeys = all;
}

BIN
secrets/lyes/hidden-sieve.age Normal file
View file

Binary file not shown.

BIN
secrets/lyes/sieve.age
View file

Binary file not shown.

7
secrets/zora/services/facteur-pass.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 whuRpQ SjgklfrTXj3TptfA1MxYkbjcWkFNTNwvpHoto0YfEnY
/MhJDiLIqHjUKU8jEe9NPTR/29YYij8E6u6t9/Mj1VM
-> ssh-ed25519 TFqgIg qXDuQIj9gq/hO07+6KBkCKVTd3L6eomSMetxXfVu1yc
RWpVvmkM5hN9yHO4JlPWsTvl8sDG0DOA1y5DGcTlTa0
--- UwLsYqcbzfvzL2SoevAhhG2K1JA3XlHTVeF73nEU21c
÷ÑKÒ¶d¯IT«[îöWFäu×f¹Èê:¶Lp‡Äl8Š€6©X©

BIN
secrets/zora/services/giovanni-env.age
View file

Binary file not shown.

BIN
secrets/zora/services/nayru-conf.age
View file

Binary file not shown.

5
users/lyes/desktop/default.nix
View file

@ -24,4 +24,9 @@
via
];
};
# Fixing launch issues with some desktops (sway...)
# systemd.user.extraConfig = ''
# DefaultEnvironment="PATH=/run/current-system/sw/bin"
# '';
}

2
users/lyes/desktop/home/apps/ghostty.nix
View file

@ -20,7 +20,7 @@
shell-integration-features = [
"sudo"
"ssh-env"
"ssh-terminfo"
# "ssh-terminfo"
];
# keybind = [

51
users/lyes/desktop/home/desktops/sway.nix
View file

@ -23,7 +23,8 @@ in
swaynag.enable = true;
config = {
startup = [
{ command = "poweralertd"; }
{ command = "${pkgs.poweralertd}/bin/poweralertd"; }
# { command = "${pkgs.vicinae}/bin/vicinae server"; }
{
command = ''
swayidle -w \
@ -35,7 +36,7 @@ in
];
modifier = "Mod4";
menu = "${pkgs.wofi}/bin/wofi --show drun";
menu = "${pkgs.vicinae}/bin/vicinae toggle";
# Switch to ghostty ?
terminal = "${pkgs.ghostty}/bin/ghostty";
@ -610,6 +611,52 @@ in
};
programs = {
vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
# environment = {
# USE_LAYER_SHELL = 1;
# };
};
# useLayerShell = false;
settings = {
close_on_focus_loss = false;
consider_preedit = true;
pop_to_root_on_close = true;
launcher_window.layer_shell.enabled = false;
theme = {
light = {
name = "rose-pine-moon";
};
dark = {
name = "rose-pine-moon";
};
};
};
extensions =
let
extsrc = pkgs.fetchFromGitHub {
owner = "vicinaehq";
repo = "extensions";
sha256 = "sha256-KwNv+THKbNUey10q26NZPDMSzYTObRHaSDr81QP9CPY=";
rev = "cf30b80f619282d45b1748eb76e784a4f875bb01";
};
in
lib.map
(ext:
config.lib.vicinae.mkExtension {
name = ext;
src = extsrc + "/extensions/" + ext;
}
)
[
"bluetooth"
"nix"
"power-profile"
];
};
wofi = {
enable = true;
settings = {};

100
users/lyes/desktop/home/xdg.nix
View file

@ -6,6 +6,7 @@
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
desktop = "${config.home.homeDirectory}/Bureau";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Téléchargements";
@ -35,53 +36,66 @@
"x-scheme-handler/sms" = "org.gnome.Shell.Extensions.GSConnect.desktop;";
"x-scheme-handler/tel" = "org.gnome.Shell.Extensions.GSConnect.desktop;";
};
defaultApplications = {
"text/plain" = "org.gnome.TextEditor.desktop";
"text/markdown" = "org.gnome.TextEditor.desktop";
"text/json" = "org.gnome.TextEditor.desktop";
"text/html" = "firefox.desktop";
"text/xml" = "org.gnome.TextEditor.desktop";
"image/avif" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/jpeg" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"audio/mpeg" = "mpv.desktop";
"audio/aac" = "mpv.desktop";
"audio/webm" = "mpv.desktop";
"audio/ogg" = "mpv.desktop";
"video/x-matroska" = "mpv.desktop";
"video/mp4" = "mpv.desktop";
"video/webm" = "mpv.desktop";
"video/ogg" = "mpv.desktop";
defaultApplications =
let
web = "firefox.desktop";
mail = "thunderbird.desktop";
editor = "org.gnome.TextEditor.desktop";
image = "org.gnome.Loupe.desktop";
video = "mpv.desktop";
audio = "mpv.desktop";
office-writer = "writer.desktop";
office-document = "impress.desktop";
office-spreadsheet = "calc.desktop";
in
{
"text/plain" = editor;
"text/markdown" = editor;
"text/json" = editor;
"text/html" = web;
"text/xml" = editor;
"image/avif" = image;
"image/png" = image;
"image/jpeg" = image;
"image/svg+xml" = image;
"image/gif" = image;
"image/webp" = image;
"audio/mpeg" = audio;
"audio/aac" = audio;
"audio/webm" = audio;
"audio/ogg" = audio;
"video/x-matroska" = video;
"video/mp4" = video;
"video/webm" = video;
"video/ogg" = video;
"application/pdf" = "org.gnome.Papers.desktop";
"application/msword" = "onlyoffice-desktopeditors.desktop";
"application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop";
"application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "onlyoffice-desktopeditors.desktop";
"application/vnd.openxmlformats-officedocument.presentationml.presentation" = "onlyoffice-desktopeditors.desktop";
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = "onlyoffice-desktopeditors.desktop";
"application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop";
"application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop";
"application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop";
"application/msword" = office-writer;
"application/vnd.ms-powerpoint" = office-document;
"application/vnd.ms-excel" = office-spreadsheet;
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" = office-writer;
"application/vnd.openxmlformats-officedocument.presentationml.presentation" = office-document;
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = office-spreadsheet;
"application/vnd.oasis.opendocument.text" = office-writer;
"application/vnd.oasis.opendocument.presentation" = office-document;
"application/vnd.oasis.opendocument.spreadsheet" = office-spreadsheet;
"application/epub+zip" = "com.github.johnfactotum.Foliate.desktop";
"application/ogg" = "mpv.desktop";
"application/xml" = "org.gnome.TextEditor.desktop";
"application/xhtml+xml" = "firefox.desktop";
"application/x-extension-htm" = "firefox.desktop";
"application/x-extension-html" = "firefox.desktop";
"application/x-extension-shtml" = "firefox.desktop";
"application/x-extension-xhtml" = "firefox.desktop";
"application/x-extension-xht" = "firefox.desktop";
"application/ogg" = audio;
"application/xml" = editor;
"application/xhtml+xml" = web;
"application/x-extension-htm" = web;
"application/x-extension-html" = web;
"application/x-extension-shtml" = web;
"application/x-extension-xhtml" = web;
"application/x-extension-xht" = web;
"application/x-bittorrent" = "de.haeckerfelix.Fragments.desktop";
"message/rfc822" = "thunderbird.desktop";
"x-scheme-handler/mailto" = "thunderbird.desktop";
"x-scheme-handler/mid" = "thunderbird.desktop";
"message/rfc822" = mail;
"x-scheme-handler/mailto" = mail;
"x-scheme-handler/mid" = mail;
"x-scheme-handler/discord" = "vesktop.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/chrome" = "firefox.desktop";
"x-scheme-handler/http" = web;
"x-scheme-handler/https" = web;
"x-scheme-handler/chrome" = web;
};
};
};

17
users/lyes/desktop/packages.nix
View file

@ -37,7 +37,8 @@ in {
element-desktop
fractal
zoom-us
# cinny-desktop
local.cinny-desktop
mattermost-desktop
# Image
gimp
@ -58,15 +59,16 @@ in {
# stremio # insecure dependency
# Audio
helvum
crosspipe
local.quadcastrgb
euphonica
#local.KhinsiderDownloader
local.KhinsiderDownloader
# Games
heroic
cemu
prismlauncher
cubiomes-viewer
# vvvvvv
ryubing
dolphin-emu
@ -75,6 +77,7 @@ in {
# suyu
pin.factorio.factorio
sgt-puzzles
archipelago
# Reading
# calibre
@ -99,6 +102,7 @@ in {
vscodium
# zed-editor
gcc
gnumake
rustup
python3
zola
@ -112,7 +116,7 @@ in {
nodejs
nil
nixd
nixfmt-rfc-style
nixfmt
protege # LogIA Course
haskellPackages.Agda
agdaPackages.standard-library
@ -169,6 +173,7 @@ in {
packages = [
# Internet
"net.waterfox.waterfox"
"io.freetubeapp.FreeTube"
# Messaging
"org.signal.Signal"
@ -196,13 +201,13 @@ in {
nixpkgs.overlays = [
# Version pins
(final: prev: {
# factorio = prev.factorio.overrideAttrs (super: {
# factorio = final.factorio.overrideAttrs (super: {
# version = "2.0.42";
# # src.name = "factorio_alpha_x64-2.0.42.tar.xz";
# # src.sha256 = "1zq6wcqkmn9bzys27v0jlk9m9m1jhaai1mybdv8hz7p2si4l76n9";
# src = "/nix/store/b9y0dwgxa6hpddrd8nn0g2fizxl3xss7-factorio_alpha_x64-2.0.42.tar.xz";
# });
# factorio = prev.factorio.overrideAttrs (super: {
# factorio = final.factorio.overrideAttrs (super: {
# username = "ntlyes";
# token = "";
# src =

9
users/lyes/home/default.nix
View file

@ -1,17 +1,16 @@
{ home-manager, config, ... }:
{ home-manager, config, inputs, ... }:
{
imports =
[
imports = [
home-manager.nixosModules.default
];
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.users.lyes = { ... }: {
imports =
[
imports = [
./editors
./shells
./home.nix

3
users/lyes/home/editors/helix.nix
View file

@ -1,8 +1,9 @@
{ ... }:
{ pkgs, ... }:
{
programs.helix = {
enable = true;
package = pkgs.helix-with-extensions;
defaultEditor = true;
settings = {

8
users/lyes/server/default.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
imports =
[
./sieve.nix
];
}

13
users/lyes/server/sieve.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
age.secrets = {
lyes-sieve = {
file = ../../../secrets/lyes/sieve.age;
path = "/var/sieve/lyes@taf.lyes.eu/default.sieve";
owner = "virtualMail";
group = "virtualMail";
mode = "660";
};
};
}