diff options
Diffstat (limited to 'users/tazjin/nixos/modules')
| -rw-r--r-- | users/tazjin/nixos/modules/airsonic.nix | 32 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/chromium.nix | 30 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/desktop.nix | 10 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/fonts.nix | 2 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/geesefs.nix | 38 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/hidpi.nix | 4 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/home-config.nix | 4 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/miniflux.nix | 22 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/physical.nix | 177 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/predlozhnik.nix | 2 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/tgsa.nix | 7 | ||||
| -rw-r--r-- | users/tazjin/nixos/modules/zerotier.nix | 14 |
12 files changed, 234 insertions, 108 deletions
diff --git a/users/tazjin/nixos/modules/airsonic.nix b/users/tazjin/nixos/modules/airsonic.nix new file mode 100644 index 0000000000..815f183778 --- /dev/null +++ b/users/tazjin/nixos/modules/airsonic.nix @@ -0,0 +1,32 @@ +# airsonic is a decent, web-based player UI for subsonic +{ pkgs, ... }: + +let + env = builtins.toFile "env.js" '' + window.env = { + SERVER_URL: "https://music.tazj.in", + } + ''; + + airsonicDist = pkgs.fetchzip { + name = "airsonic-refix"; + + # from master CI @ f894d5eacebec2f47486f340c8610f446d4f64b3 + # https://github.com/tamland/airsonic-refix/actions/runs/6150155527 + url = "https://storage.yandexcloud.net/tazjin-public/airsonic-refix-f894d5ea.zip"; + sha256 = "02rnh9h7rh22wkghays389yddwbwg7sawmczdxdmjrcnkc7mq2jz"; + + stripRoot = false; + postFetch = "cp ${env} $out/env.js"; + }; +in +{ + services.nginx.virtualHosts."player.tazj.in" = { + enableACME = true; + forceSSL = true; + root = "${airsonicDist}"; + + # deal with SPA routing requirements + locations."/".extraConfig = "try_files $uri /index.html;"; + }; +} diff --git a/users/tazjin/nixos/modules/chromium.nix b/users/tazjin/nixos/modules/chromium.nix new file mode 100644 index 0000000000..22f1c8d362 --- /dev/null +++ b/users/tazjin/nixos/modules/chromium.nix @@ -0,0 +1,30 @@ +# Configure the Chromium browser with various useful things. +{ pkgs, ... }: + +{ + environment.systemPackages = [ + (pkgs.chromium.override { + enableWideVine = true; # DRM support (for Кинопоиск) + }) + ]; + + programs.chromium = { + enable = true; + homepageLocation = "about:blank"; + + extensions = [ + "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin + "mohaicophfnifehkkkdbcejkflmgfkof" # nitter redirect + "lhdifindchogekmjooeiolmjdlheilae" # Huruf + ]; + + extraOpts = { + SpellcheckEnabled = true; + SpellcheckLanguage = [ + "ru" + "en-GB" + ]; + }; + }; +} diff --git a/users/tazjin/nixos/modules/desktop.nix b/users/tazjin/nixos/modules/desktop.nix index c78463386c..12a42b8faa 100644 --- a/users/tazjin/nixos/modules/desktop.nix +++ b/users/tazjin/nixos/modules/desktop.nix @@ -1,11 +1,12 @@ # EXWM and other desktop configuration. -{ depot, lib, pkgs, ... }: +{ config, depot, lib, pkgs, ... }: { services = { pipewire = { enable = true; alsa.enable = true; + alsa.support32Bit = true; pulse.enable = true; }; @@ -14,8 +15,8 @@ xserver = { enable = true; - layout = "us"; - xkbOptions = "caps:super"; + xkb.layout = "us"; + xkb.options = "caps:super"; libinput.enable = true; @@ -28,7 +29,7 @@ windowManager.session = lib.singleton { name = "exwm"; - start = "${depot.users.tazjin.emacs}/bin/tazjins-emacs"; + start = "${config.tazjin.emacs}/bin/tazjins-emacs --internal-border=0 --border-width=0"; }; }; }; @@ -40,6 +41,7 @@ QT_IM_MODULE = "xim"; CLUTTER_IM_MODULE = "xim"; EDITOR = "emacsclient"; + _JAVA_AWT_WM_NONREPARENTING = "1"; }; # Do not restart the display manager automatically diff --git a/users/tazjin/nixos/modules/fonts.nix b/users/tazjin/nixos/modules/fonts.nix index 3b4461056f..ee1b84e581 100644 --- a/users/tazjin/nixos/modules/fonts.nix +++ b/users/tazjin/nixos/modules/fonts.nix @@ -4,7 +4,7 @@ { fonts = { - fonts = with pkgs; [ + packages = with pkgs; [ corefonts dejavu_fonts jetbrains-mono diff --git a/users/tazjin/nixos/modules/geesefs.nix b/users/tazjin/nixos/modules/geesefs.nix new file mode 100644 index 0000000000..c45ee528f6 --- /dev/null +++ b/users/tazjin/nixos/modules/geesefs.nix @@ -0,0 +1,38 @@ +{ depot, pkgs, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age"; + programs.fuse.userAllowOther = true; + + systemd.services.geesefs = { + description = "geesefs @ tazjins-files"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.fuse ]; + + serviceConfig = { + # TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why? + + Restart = "always"; + LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files"; + StateDirectory = "geesefs"; + ExecStartPre = "/run/wrappers/bin/umount -a -t fuse.geesefs"; + }; + + script = '' + set -u # bail out if systemd is misconfigured ... + set -x + + mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache + + ${depot.third_party.geesefs}/bin/geesefs \ + -f -o allow_other \ + --cache $STATE_DIRECTORY/cache \ + --shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \ + tazjins-files $STATE_DIRECTORY/tazjins-files + ''; + }; +} diff --git a/users/tazjin/nixos/modules/hidpi.nix b/users/tazjin/nixos/modules/hidpi.nix index 7fa3e41933..2ff61d499a 100644 --- a/users/tazjin/nixos/modules/hidpi.nix +++ b/users/tazjin/nixos/modules/hidpi.nix @@ -7,8 +7,10 @@ # screen settings to do conditional initialisation (mostly for Emacs). environment.variables.HIDPI_SCREEN = "true"; + # TODO(tazjin): this option has been removed and needs to be replaced + # by manual configuration: https://github.com/NixOS/nixpkgs/issues/222805 # Ensure a larger font size in early boot stage. - hardware.video.hidpi.enable = true; + # hardware.video.hidpi.enable = true; # Bump DPI across the board. # TODO(tazjin): This should actually be set per monitor, but I diff --git a/users/tazjin/nixos/modules/home-config.nix b/users/tazjin/nixos/modules/home-config.nix index 6157f2850d..bda8f7a440 100644 --- a/users/tazjin/nixos/modules/home-config.nix +++ b/users/tazjin/nixos/modules/home-config.nix @@ -12,9 +12,7 @@ initialHashedPassword = "$2b$05$1eBPdoIgan/C/L8JFqIHBuVscQyTKw1L/4VBlzlLvLBEf6CXS3EW6"; }; - nix = { - trustedUsers = [ "tazjin" ]; - }; + nix.settings.trusted-users = [ "tazjin" ]; home-manager.useGlobalPkgs = true; home-manager.users.tazjin = depot.users.tazjin.home."${config.networking.hostName}"; diff --git a/users/tazjin/nixos/modules/miniflux.nix b/users/tazjin/nixos/modules/miniflux.nix new file mode 100644 index 0000000000..72089bfb3d --- /dev/null +++ b/users/tazjin/nixos/modules/miniflux.nix @@ -0,0 +1,22 @@ +{ config, depot, lib, pkgs, ... }: + +{ + age.secrets.miniflux.file = depot.users.tazjin.secrets."miniflux.age"; + + services.miniflux = { + enable = true; + adminCredentialsFile = "/run/agenix/miniflux"; + config.LISTEN_ADDR = "127.0.0.1:6359"; + config.BASE_URL = "https://feeds.tazj.in"; + }; + + services.nginx.virtualHosts."feeds" = { + serverName = "feeds.tazj.in"; + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:6359"; + }; + }; +} diff --git a/users/tazjin/nixos/modules/physical.nix b/users/tazjin/nixos/modules/physical.nix index 1f8b694381..d469da7e5a 100644 --- a/users/tazjin/nixos/modules/physical.nix +++ b/users/tazjin/nixos/modules/physical.nix @@ -1,95 +1,106 @@ # Default configuration settings for physical machines that I use. -{ lib, pkgs, depot, ... }: +{ lib, pkgs, config, depot, ... }: let pass-otp = pkgs.pass.withExtensions (e: [ e.pass-otp ]); in { - # Install all the default software. - environment.systemPackages = - # programs from the depot - (with depot; [ - users.tazjin.screenLock - users.tazjin.emacs - third_party.agenix.cli - third_party.josh - ]) ++ + options = with lib; { + tazjin.emacs = mkOption { + type = types.package; + default = depot.users.tazjin.emacs; + description = '' + Derivation with my Emacs package, with configuration included. + ''; + }; + }; - # programs from nixpkgs - (with pkgs; [ - amber - bat - curl - ddcutil - direnv - dnsutils - electrum - emacsNativeComp # emacsclient - exa - fd - file - firefox - gdb - gh - git - gnupg - google-chrome - gtk3 # for gtk-launch - htop - hyperfine - iftop - imagemagick - jq - lieer - man-pages - moreutils - mosh - msmtp - mullvad-vpn - networkmanagerapplet - nix-prefetch-github - nmap - notmuch - openssh - openssl - pass-otp - pavucontrol - pinentry - pinentry-emacs - pulseaudio # for pactl - pwgen - quasselClient - rink - ripgrep - rust-analyzer - rustup - screen - scrot - thunderbird - tig - tokei - tree - unzip - vlc - volumeicon - whois - xclip - xsecurelock - zoxide - ]); + config = { + # Install all the default software. + environment.systemPackages = + # programs from the depot + (with depot; [ + users.tazjin.screenLock + users.tazjin.chase-geese + config.tazjin.emacs + third_party.agenix.cli + tools.when + ]) ++ - # Run services & configure programs for all machines. - services = { - mullvad-vpn.enable = true; - fwupd.enable = true; - }; + # programs from nixpkgs + (with pkgs; [ + (aspellWithDicts (d: [ d.ru ])) + amber + bat + curl + ddcutil + direnv + dnsutils + electrum + firefox + config.tazjin.emacs.emacs # emacsclient + expect + fd + file + gdb + git + gnupg + gtk3 # for gtk-launch + htop + hyperfine + iftop + imagemagick + josh + jq + lieer + maim + man-pages + moreutils + mosh + msmtp + networkmanagerapplet + nix-prefetch-github + nmap + notmuch + openssh + openssl + pass-otp + pavucontrol + pinentry + pinentry-emacs + pulseaudio # for pactl + pwgen + quasselClient + rink + ripgrep + rustup + screen + tig + tokei + tree + unzip + vlc + volumeicon + whois + xclip + xsecurelock + zoxide + ]); + + # Run services & configure programs for all machines. + services.fwupd.enable = true; + + # Disable the broken NetworkManager-wait-online.service + systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; - # Disable the broken NetworkManager-wait-online.service - systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; + # Disable the thing that prints annoying warnings when trying to + # run manually patchelfed binaries + environment.stub-ld.enable = false; - programs = { - fish.enable = true; - mosh.enable = true; - ssh.startAgent = true; + programs = { + fish.enable = true; + mosh.enable = true; + ssh.startAgent = true; + }; }; } diff --git a/users/tazjin/nixos/modules/predlozhnik.nix b/users/tazjin/nixos/modules/predlozhnik.nix index df402ce299..db20963df1 100644 --- a/users/tazjin/nixos/modules/predlozhnik.nix +++ b/users/tazjin/nixos/modules/predlozhnik.nix @@ -3,7 +3,7 @@ { services.nginx.virtualHosts."predlozhnik.ru" = { - root = depot.users.tazjin.predlozhnik; + root = depot.corp.russian.predlozhnik; enableACME = true; forceSSL = true; }; diff --git a/users/tazjin/nixos/modules/tgsa.nix b/users/tazjin/nixos/modules/tgsa.nix index ac6d940c2a..e162e0d822 100644 --- a/users/tazjin/nixos/modules/tgsa.nix +++ b/users/tazjin/nixos/modules/tgsa.nix @@ -8,8 +8,13 @@ serviceConfig = { DynamicUser = true; Restart = "always"; - ExecStart = "${depot.users.tazjin.tgsa}/bin/tgsa"; + LoadCredential = "tgsa-yandex.json:/run/agenix/tgsa-yandex"; }; + + script = '' + export YANDEX_KEY_FILE="''${CREDENTIALS_DIRECTORY}/tgsa-yandex.json" + ${depot.users.tazjin.tgsa}/bin/tgsa + ''; }; services.nginx.virtualHosts."tgsa" = { diff --git a/users/tazjin/nixos/modules/zerotier.nix b/users/tazjin/nixos/modules/zerotier.nix deleted file mode 100644 index bd503cf8f0..0000000000 --- a/users/tazjin/nixos/modules/zerotier.nix +++ /dev/null @@ -1,14 +0,0 @@ -# Configuration for my Zerotier network. - -{ - environment.persistence."/persist".directories = [ - "/var/lib/zerotier-one" - ]; - - services.zerotierone.enable = true; - services.zerotierone.joinNetworks = [ - "35c192ce9bd4c8c7" - ]; - - networking.firewall.trustedInterfaces = [ "zt7nnembs4" ]; -} |