ldsalkjdsalkjdsalkj
This commit is contained in:
parent
1cc9257346
commit
22a3158e3c
92
README.md
92
README.md
@ -1,91 +1 @@
|
||||
# Initial setup (old)
|
||||
|
||||
nixos-generate-config
|
||||
|
||||
# Reading list
|
||||
|
||||
* https://nixos.wiki/wiki/Flakes
|
||||
* https://teu5us.github.io/nix-lib.html
|
||||
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
|
||||
* https://nixos.wiki/wiki/Nix-writers
|
||||
|
||||
# TODOs:
|
||||
|
||||
* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089
|
||||
* [ ] https://github.com/ogoid/nixos-expose-cuda
|
||||
* [ ] http health monitoring `services.netdata.httpcheck.checks.<foobar>`
|
||||
* [x] Split stuff into multiple files
|
||||
* [x] Make a flake
|
||||
* [ ] homemanager: ip cameras with frigate
|
||||
* [x] merge hosted docs into a single subdomain
|
||||
* [x] Setup some remote-development and deploy flow
|
||||
* [ ] host older versions of nixpkgs documentation (like 20.09)
|
||||
* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI
|
||||
* [ ] desktop entries
|
||||
* https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix
|
||||
* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix
|
||||
* [ ] extend it to work over ssh
|
||||
* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency
|
||||
* [ ] https://search.nixos.org/packages?query=heroic
|
||||
* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs)
|
||||
* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix)
|
||||
* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix)
|
||||
* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix)
|
||||
* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix)
|
||||
* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix)
|
||||
* [ ] shares
|
||||
* [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix)
|
||||
* [ ] nfs
|
||||
* [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix)
|
||||
* [x] rocm
|
||||
* [x] cuda
|
||||
* [ ] xclip
|
||||
* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851
|
||||
* [ ] declarative libvirt
|
||||
* [ ] https://git.m-labs.hk/M-Labs/wfvm
|
||||
* [ ] https://github.com/kholia/OSX-KVM
|
||||
* [ ] s3: minio or garage
|
||||
* [ ] mlflow / wandb service
|
||||
* [x] xforwarding over ssh
|
||||
* [ ] autogenerate ssh keys for new hosts
|
||||
* [ ] switch to systemd networkd
|
||||
* [ ] pre-commit hook with 'nix eval ...outPath'
|
||||
* [x] use `nom` when deploying
|
||||
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
|
||||
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
||||
* [ ] gnome:
|
||||
* [x] lxterminal
|
||||
* [ ] replace gnome terminal
|
||||
* [x] themes
|
||||
* [x] shortcuts
|
||||
* [x] pavucontrol
|
||||
* [ ] nixos-generate-config instructions for new hosts
|
||||
* [ ] zfs, declarative pools?
|
||||
* [ ] some tunneling for NFS hosts
|
||||
* [ ] transgui config
|
||||
* [x] secrets - nix-sops ?
|
||||
* [x] flexget
|
||||
* [ ] microbin
|
||||
* [ ] transmission
|
||||
* [ ] transmission remote gui (requires sops in home-manager)
|
||||
* [x] domeneshop
|
||||
* [ ] webdav
|
||||
* [ ] code-remote
|
||||
* [ ] add .netrc
|
||||
* [ ] hydra
|
||||
* perfect for CUDA and RISCV
|
||||
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?)
|
||||
* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
|
||||
* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
|
||||
* [ ] profiles/http: make ACME/nginx helper a function
|
||||
* [ ] Support multiple tlds
|
||||
* [ ] Support multiple acme accounts
|
||||
* [ ] Support a per-account provider?
|
||||
* [ ] Support DNS auth
|
||||
* [ ] Setup aliases instead of a per-vhost cert?
|
||||
* [ ] Preferably setup a wildchar cert per host
|
||||
* [ ] once secrets are in place: coin a one true ssh key, automate adding ssh host public keys to flake
|
||||
* [ ] then add darwin and aarch64 community remote builders
|
||||
* [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3
|
||||
* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1
|
||||
* [ ] requires GNOME xstart in home-manager
|
||||
( ͡° ͜ʖ ͡°)
|
||||
|
16
flake.nix
16
flake.nix
@ -53,6 +53,10 @@
|
||||
sops-nix-2305.inputs.nixpkgs.follows = "nixpkgs-2305";
|
||||
sops-nix-2305.inputs.nixpkgs-stable.follows = "nixpkgs-2305";
|
||||
|
||||
## https://github.com/h7x4/maunium-stickerpicker-nix
|
||||
#maunium-stickerpicker-nix.url = "github:h7x4/maunium-stickerpicker-nix";
|
||||
#maunium-stickerpicker-nix.inputs.nixpkgs.follows = "nixpkgs-2311";
|
||||
|
||||
/** /
|
||||
https://willbush.dev/blog/impermanent-nixos/
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
||||
@ -199,7 +203,7 @@
|
||||
nix.nixPath = [
|
||||
"nixpkgs=${inputs.nixpkgs}"
|
||||
"nixpkgs-unstable=${inputs.unstable}"
|
||||
"nixpkgs-git=github:NixOS/nixpkgs/nixos-unstable-small"
|
||||
"nixpkgs-git=github:NixOS/nixpkgs/refs/tags/nixos-unstable-small" # is this right?
|
||||
];
|
||||
});
|
||||
mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem {
|
||||
@ -298,8 +302,8 @@
|
||||
nixosReports = mkHosts (mkReport []);
|
||||
|
||||
packages = forAllSystems ({ inputs, pkgs, lib, flakes, ... }: let
|
||||
mk-nspawn-deployer = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk
|
||||
(pkgs.callPackage ./pkgs/mk-nspawn-deployer {})
|
||||
mk-nspawn-setup = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk
|
||||
(pkgs.callPackage ./pkgs/mk-nspawn-setup {})
|
||||
(mkHosts (mkConfig [ "${nixos-nspawn}/nspawn-tarball.nix" ])).${hostname};
|
||||
in {
|
||||
# TODO: get faketty to work ${expect}/bin/unbuffer is bad
|
||||
@ -311,9 +315,11 @@
|
||||
fi
|
||||
'';
|
||||
|
||||
nspawn-setup-brumlebasse = mk-nspawn-deployer "brumlebasse";
|
||||
device-mon = pkgs.callPackage ./pkgs/device-mon {};
|
||||
#pdoc-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs;
|
||||
#pdoc3-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs3;
|
||||
|
||||
# nixos-generators images
|
||||
nspawn-setup-brumlebasse = mk-nspawn-setup "brumlebasse";
|
||||
image-brumlebasse-openstack = nixos-generators-2311.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs flakes; };
|
||||
|
@ -7,7 +7,7 @@
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../profiles/sshd.nix
|
||||
../../profiles/podman.nix
|
||||
#../../profiles/oci/podman.nix
|
||||
|
||||
../../profiles/vpn-pbsds/headscale.nix # opens port 3478
|
||||
|
||||
@ -47,9 +47,11 @@
|
||||
../../profiles/http/services/polaris.nix
|
||||
#../../profiles/http/services/resilio.nix
|
||||
../../profiles/http/services/roundcube.nix
|
||||
#../../profiles/http/services/snappymail.nix # WIP
|
||||
../../profiles/http/services/thelounge.nix
|
||||
../../profiles/http/services/vaultwarden.nix
|
||||
../../profiles/http/services/webdav-zotero.nix
|
||||
#../../profiles/http/services/garage/gunktrunk.nix
|
||||
#../../profiles/http/services/convos.nix
|
||||
#../../profiles/http/services/cryptpad.nix
|
||||
#../../profiles/http/services/galene.nix
|
||||
@ -64,6 +66,8 @@
|
||||
#../../profiles/http/services/censordodge.nix
|
||||
#../../profiles/http/services/openspeedtest.nix
|
||||
|
||||
/**/
|
||||
# TODO: move to brumle
|
||||
../../profiles/http/docs
|
||||
../../profiles/http/docs/pdoc.nix
|
||||
../../profiles/http/docs/python-docs.nix
|
||||
@ -72,6 +76,7 @@
|
||||
../../profiles/http/docs/linux-docs.nix
|
||||
../../profiles/http/docs/programs.nix
|
||||
../../profiles/http/docs/yagcd.nix
|
||||
/**/
|
||||
|
||||
#../../profiles/http/sites/linktree-pbsds.nix # github bby!! TODO: remove
|
||||
../../profiles/http/sites/refleksjon-no.nix
|
||||
|
@ -43,6 +43,7 @@
|
||||
../../profiles/desktop/sound/pipewire.nix
|
||||
|
||||
../../profiles/desktop/steam.nix
|
||||
#../../profiles/desktop/xboxdrv.nix # TODO: try out
|
||||
../../profiles/desktop/lutris.nix
|
||||
../../profiles/desktop/flatpak.nix
|
||||
|
||||
|
@ -1,44 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# TODO: assert correct system
|
||||
|
||||
NSPAWN=nixos-@hostname@
|
||||
|
||||
TARBALL=./"$NSPAWN".tar #"https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz"
|
||||
|
||||
test $(id -u) -eq 0 || {
|
||||
>&2 echo you must run this as root
|
||||
exit 1
|
||||
}
|
||||
|
||||
install_pkg() {
|
||||
# TODO: use bash hashmaps to map from apt to other package managers
|
||||
# * [x] apt
|
||||
# * [ ] apk
|
||||
# * [ ] pacman
|
||||
# * [ ] dnf
|
||||
DEBIAN_FRONTEND=noninteractive apt install -y "$@"
|
||||
}
|
||||
|
||||
|
||||
if ! >/dev/null command -v systemd-nspawn; then
|
||||
# TODO: support more than ubuntu
|
||||
install_pkg systemd-container
|
||||
fi
|
||||
|
||||
machinectl remove "$NSPAWN" || true # TODO: interactive?
|
||||
#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN" --verify=no
|
||||
machinectl import-tar "$TARBALL" "$NSPAWN"
|
||||
|
||||
# use host network
|
||||
cat <<"EOF" > /etc/systemd/nspawn/"$NSPAWN".nspawn
|
||||
[Network]
|
||||
VirtualEthernet=no
|
||||
EOF
|
||||
|
||||
machinectl enable "$NSPAWN"
|
||||
machinectl start "$NSPAWN"
|
||||
echo Setting root password...
|
||||
machinectl shell "$NSPAWN" /usr/bin/env passwd
|
||||
|
||||
machinectl status "$NSPAWN"
|
@ -2,12 +2,13 @@
|
||||
, pkgs
|
||||
}:
|
||||
|
||||
# assumes nspawn-tarball.nix is mixed into it
|
||||
# this assumes github:tfc/nspawn-nixos nspawn-tarball.nix is mixed into it
|
||||
nixosConfiguration:
|
||||
|
||||
let
|
||||
|
||||
hostname = nixosConfiguration.config.networking.hostName;
|
||||
inherit (nixosConfiguration.config.nixpkgs) system;
|
||||
|
||||
setup = pkgs.substituteAll {
|
||||
src = ./setup-nspawn.sh;
|
||||
@ -23,7 +24,9 @@ pkgs.runCommandNoCC "nspawn-setup-${hostname}.sh" {
|
||||
nativeBuildInputs = with pkgs; [ makeself ];
|
||||
} ''
|
||||
mkdir -p archive/
|
||||
ln -s ${setup} archive/setup.sh
|
||||
ln -s ${tarball}/* archive/nixos-${hostname}.tar
|
||||
makeself --follow archive/ $out setup-nixos-nspawn-${hostname} ./setup.sh
|
||||
ln -s ${setup} archive/setup.sh
|
||||
ln -s ${tarball}/tarball/nixos-system-${system}.tar.xz archive/nixos-${hostname}.tar.xz
|
||||
|
||||
echo tarball: ${tarball}
|
||||
makeself --nocomp --follow archive/ $out "setup-nixos-nspawn-${hostname}" ./setup.sh
|
||||
''
|
45
pkgs/mk-nspawn-setup/setup-nspawn.sh
Normal file
45
pkgs/mk-nspawn-setup/setup-nspawn.sh
Normal file
@ -0,0 +1,45 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# TODO: assert correct system
|
||||
|
||||
NSPAWN_NAME=nixos-@hostname@
|
||||
TARBALL=./nixos-@hostname@.tar.xz
|
||||
|
||||
test $(id -u) -eq 0 || {
|
||||
>&2 echo you must run this as root
|
||||
exit 1
|
||||
}
|
||||
|
||||
if ! >/dev/null command -v systemd-nspawn; then
|
||||
>&2 echo "systemd-nspawn" not found in PATH
|
||||
>&2 echo consider installing 'systemd-container'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! >/dev/null command -v machinectl; then
|
||||
>&2 echo "machinectl" not found in PATH
|
||||
>&2 echo consider installing 'systemd-container'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -ex
|
||||
|
||||
machinectl remove "$NSPAWN_NAME" || true # TODO: is this interactive?
|
||||
#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN_NAME" --verify=no
|
||||
machinectl import-tar "$TARBALL" "$NSPAWN_NAME"
|
||||
|
||||
# use host network
|
||||
mkdir -p /etc/systemd/nspawn
|
||||
tee /etc/systemd/nspawn/"$NSPAWN_NAME".nspawn <<"EOF"
|
||||
[Network]
|
||||
VirtualEthernet=no
|
||||
EOF
|
||||
|
||||
NSPAWN_NAME=nixos-brumlebasse
|
||||
machinectl enable "$NSPAWN_NAME"
|
||||
machinectl start "$NSPAWN_NAME"
|
||||
|
||||
echo Please set a root password
|
||||
machinectl shell "$NSPAWN_NAME" /usr/bin/env passwd
|
||||
|
||||
machinectl status "$NSPAWN_NAME"
|
756
pkgs/pdocs.nix
Normal file
756
pkgs/pdocs.nix
Normal file
@ -0,0 +1,756 @@
|
||||
{ lib
|
||||
, pkgs
|
||||
}:
|
||||
|
||||
# TODO: pagefind
|
||||
|
||||
let
|
||||
python-builtins = [
|
||||
"builtins"
|
||||
"os"
|
||||
"array"
|
||||
"sys"
|
||||
"time"
|
||||
"traceback"
|
||||
"pathlib"
|
||||
"itertools"
|
||||
"functools"
|
||||
"unittest"
|
||||
"argparse"
|
||||
"asyncio"
|
||||
"textwrap"
|
||||
"collections"
|
||||
"configparser"
|
||||
"concurrent"
|
||||
"contextlib"
|
||||
"operator"
|
||||
"pickle"
|
||||
"copy"
|
||||
"ctypes"
|
||||
"pprint"
|
||||
"shlex"
|
||||
"re"
|
||||
"abc"
|
||||
"ast"
|
||||
"random"
|
||||
"shutil"
|
||||
"sqlite3"
|
||||
"subprocess"
|
||||
"statistics"
|
||||
"string"
|
||||
"tarfile"
|
||||
"typing"
|
||||
"uuid"
|
||||
"warnings"
|
||||
"wave"
|
||||
"dataclasses"
|
||||
"glob"
|
||||
"gzip"
|
||||
"inspect"
|
||||
"json"
|
||||
"base64"
|
||||
"zipfile"
|
||||
];
|
||||
|
||||
|
||||
#python-packages = with pkgs.python3Packages; [ cached-property ];
|
||||
|
||||
#python-packages = lib.pipe pkgs.python3Packages [
|
||||
# builtins.attrValues
|
||||
# (builtins.filter lib.isDerivation)
|
||||
#];
|
||||
/** /
|
||||
python-packages = with pkgs.python3Packages; [
|
||||
more-itertools
|
||||
altair
|
||||
pygal
|
||||
vispy
|
||||
seaborn
|
||||
bokeh
|
||||
plotly
|
||||
tabulate
|
||||
wavefile
|
||||
moderngl
|
||||
pydantic
|
||||
typer
|
||||
ptpython
|
||||
colorama
|
||||
pyjwt
|
||||
zipp
|
||||
aiofiles
|
||||
aafigure
|
||||
urllib3
|
||||
tesserocr
|
||||
trio
|
||||
starlette
|
||||
pyverilog
|
||||
nixpkgs
|
||||
wavedrom
|
||||
httpx
|
||||
pyquery
|
||||
mpv
|
||||
beautifulsoup4
|
||||
hid
|
||||
hidapi
|
||||
#sanic # broken build?
|
||||
paramiko
|
||||
pydub
|
||||
aiohttp
|
||||
papermill
|
||||
rtoml
|
||||
redis
|
||||
numpy
|
||||
#domeneshop
|
||||
munch
|
||||
migen
|
||||
amaranth
|
||||
click
|
||||
attrs
|
||||
graphviz
|
||||
baron
|
||||
redbaron
|
||||
fastapi
|
||||
pytest
|
||||
#pyglet # pyglet.com fails, windows only
|
||||
#pygame # pygame.movie fails on pdoc3, pdoc hangs
|
||||
plotly
|
||||
peewee
|
||||
parsel
|
||||
pandas
|
||||
#mutmut # moved to toplevel from python3Packages
|
||||
mlflow
|
||||
meshio
|
||||
#einops # depends on tensorflow, which is broken ATM
|
||||
aiodns
|
||||
json5
|
||||
seaborn
|
||||
matplotlib
|
||||
dash
|
||||
rarfile
|
||||
pyramid
|
||||
pygtail
|
||||
codecov
|
||||
nbconvert
|
||||
humanfriendly
|
||||
pendulum
|
||||
jsonpickle
|
||||
cachetools
|
||||
wrapt
|
||||
lxml
|
||||
chardet
|
||||
yarl
|
||||
frozenlist
|
||||
itsdangerous
|
||||
xmltodict
|
||||
cached-property
|
||||
toolz
|
||||
aioitertools
|
||||
coconut
|
||||
asyncpg
|
||||
aiopg
|
||||
libsass
|
||||
pytorch
|
||||
pytorch-lightning
|
||||
pillow
|
||||
trio
|
||||
tqdm
|
||||
rich
|
||||
pudb
|
||||
pony
|
||||
mido
|
||||
jedi
|
||||
h5py
|
||||
atom
|
||||
toml
|
||||
pyyaml
|
||||
jinja2
|
||||
requests
|
||||
h5py
|
||||
imageio
|
||||
pygments
|
||||
trimesh
|
||||
shapely
|
||||
#faiss
|
||||
#geomloss
|
||||
#mesh_to_sdf
|
||||
#pyrender
|
||||
];
|
||||
/**/
|
||||
python-packages = with pkgs.python3Packages; [
|
||||
aiocurrencylayer
|
||||
aioitertools
|
||||
aiolifx-connection
|
||||
aiolifx-effects
|
||||
aiomisc
|
||||
aionotify
|
||||
aiorun
|
||||
aioshutil
|
||||
aiozeroconf
|
||||
alembic
|
||||
aliyun-python-sdk-dbfs
|
||||
allure-python-commons-test
|
||||
amply
|
||||
angr
|
||||
aniso8601
|
||||
anonip
|
||||
ansible
|
||||
ansicolor
|
||||
ansiwrap
|
||||
apptools
|
||||
aprslib
|
||||
aqipy-atmotech
|
||||
arc4
|
||||
argcomplete
|
||||
args
|
||||
arpeggio
|
||||
asgi-csrf
|
||||
asn1tools
|
||||
aspectlib
|
||||
astor
|
||||
async-lru
|
||||
asynccmd
|
||||
asyncio-throttle
|
||||
asynctest
|
||||
asysocks
|
||||
atom
|
||||
atomicwrites-homeassistant
|
||||
attrdict
|
||||
autopage
|
||||
autopep8
|
||||
avea
|
||||
avro3k
|
||||
awacs
|
||||
awswrangler
|
||||
azure-mgmt-nspkg
|
||||
b2sdk
|
||||
behave
|
||||
bitarray
|
||||
bitcoinrpc
|
||||
bitlist
|
||||
bluetooth-auto-recovery
|
||||
bnunicodenormalizer
|
||||
boschshcpy
|
||||
bottleneck
|
||||
brelpy
|
||||
bsddb3
|
||||
bson
|
||||
bunch
|
||||
cart
|
||||
casa-formats-io
|
||||
cftime
|
||||
chacha20poly1305
|
||||
cmigemo
|
||||
coapthon3
|
||||
cogapp
|
||||
coinmetrics-api-client
|
||||
commentjson
|
||||
cons
|
||||
contexttimer
|
||||
contourpy
|
||||
coreapi
|
||||
cppheaderparser
|
||||
dash-table
|
||||
dask-jobqueue
|
||||
decli
|
||||
deep-chainmap
|
||||
diceware
|
||||
diff-cover
|
||||
django-bootstrap4
|
||||
django-cache-url
|
||||
django-cacheops
|
||||
django-celery-results
|
||||
django-compressor
|
||||
django-picklefield
|
||||
django-reversion
|
||||
django-tables2
|
||||
djangorestframework-guardian2
|
||||
djmail
|
||||
doit-py
|
||||
dotmap
|
||||
drf-nested-routers
|
||||
dugong
|
||||
dunamai
|
||||
dvc-render
|
||||
entrance-with-router-features
|
||||
ephemeral-port-reserve
|
||||
et_xmlfile
|
||||
eth-hash
|
||||
eth-keys
|
||||
eve
|
||||
exdown
|
||||
exif
|
||||
face
|
||||
fastbencode
|
||||
fastcache
|
||||
fastentrypoints
|
||||
fe25519
|
||||
filetype
|
||||
fingerprints
|
||||
fire
|
||||
fixtures
|
||||
flake8-future-import
|
||||
flask-gravatar
|
||||
flask-swagger
|
||||
flask-swagger-ui
|
||||
fpdf
|
||||
fs
|
||||
ftputil
|
||||
funcparserlib
|
||||
funcy
|
||||
fuzzywuzzy
|
||||
gbinder-python
|
||||
gcovr
|
||||
generic
|
||||
geoip
|
||||
geojson
|
||||
ghrepo-stats
|
||||
gibberish-detector
|
||||
google-cloud-bigquery-logging
|
||||
google-cloud-dns
|
||||
gpaw
|
||||
graphql-server-core
|
||||
greeclimate
|
||||
gunicorn
|
||||
gvm-tools
|
||||
headerparser
|
||||
heapdict
|
||||
hijri-converter
|
||||
hledger-utils
|
||||
htmllaundry
|
||||
httpie
|
||||
httpx
|
||||
hyperlink
|
||||
imageio-ffmpeg
|
||||
imaplib2
|
||||
importlib-resources
|
||||
inotifyrecursive
|
||||
inquirer
|
||||
insteon-frontend-home-assistant
|
||||
intelhex
|
||||
interface-meta
|
||||
ipwhl
|
||||
irctokens
|
||||
isounidecode
|
||||
itemloaders
|
||||
iteration-utilities
|
||||
itsdangerous
|
||||
itypes
|
||||
jaeger-client
|
||||
javaproperties
|
||||
jax
|
||||
joblib
|
||||
json-rpc
|
||||
json-tricks
|
||||
jsonpatch
|
||||
junit-xml
|
||||
jupyter-cache
|
||||
jupyter-packaging
|
||||
jupyterlab-pygments
|
||||
jupyterlab_launcher
|
||||
jxmlease
|
||||
keyrings-cryptfile
|
||||
korean-lunar-calendar
|
||||
kubernetes
|
||||
language-data
|
||||
lazy
|
||||
lcov_cobertura
|
||||
ldap3
|
||||
ledger
|
||||
libais
|
||||
libarchive-c
|
||||
libarcus
|
||||
libgpuarray
|
||||
license-expression
|
||||
lightwave
|
||||
lima
|
||||
lit
|
||||
lockfile
|
||||
log-symbols
|
||||
luhn
|
||||
m3u8
|
||||
magic-wormhole
|
||||
mail-parser
|
||||
manhole
|
||||
markups
|
||||
marshmallow-oneofschema
|
||||
marshmallow-polyfield
|
||||
mastodon-py
|
||||
maxminddb
|
||||
mdurl
|
||||
mdutils
|
||||
meep
|
||||
mergedict
|
||||
merkletools
|
||||
mip
|
||||
mkdocs
|
||||
mkdocs-material-extensions
|
||||
msoffcrypto-tool
|
||||
multimethod
|
||||
multipart
|
||||
multiprocess
|
||||
mypy
|
||||
nanoid
|
||||
napalm
|
||||
napalm-hp-procurve
|
||||
nbdime
|
||||
nbformat
|
||||
nbval
|
||||
ndtypes
|
||||
neo4j
|
||||
nessclient
|
||||
netdata
|
||||
nose-randomly
|
||||
notebook-shim
|
||||
nsz
|
||||
nulltype
|
||||
ome-zarr
|
||||
onetimepass
|
||||
oocsi
|
||||
opsdroid_get_image_size
|
||||
opytimark
|
||||
oracledb
|
||||
pa-ringbuffer
|
||||
pad4pi
|
||||
papermill
|
||||
parsimonious
|
||||
parsley
|
||||
pcapy-ng
|
||||
pdoc
|
||||
phonopy
|
||||
pick
|
||||
picobox
|
||||
pipdate
|
||||
pkce
|
||||
pkgconfig
|
||||
pkginfo
|
||||
plantuml
|
||||
platformdirs
|
||||
plum-py
|
||||
plyer
|
||||
plyvel
|
||||
progressbar33
|
||||
prometheus-client
|
||||
promise
|
||||
prox-tv
|
||||
pulumi-command
|
||||
pure-cdb
|
||||
py-dmidecode
|
||||
py-multiaddr
|
||||
py-multibase
|
||||
py-nextbusnext
|
||||
py-zabbix
|
||||
pyaehw4a1
|
||||
pyatv
|
||||
pybullet
|
||||
pycangjie
|
||||
pycddl
|
||||
pycep-parser
|
||||
pydevccu
|
||||
pyftdi
|
||||
pyfume
|
||||
pygatt
|
||||
pygetwindow
|
||||
pyglet
|
||||
pygmars
|
||||
pyhcl
|
||||
pyheos
|
||||
pyinstrument
|
||||
pykdtree
|
||||
pylint-flask
|
||||
pymeeus
|
||||
pymetar
|
||||
pymodbus
|
||||
pymysensors
|
||||
pypdf
|
||||
pypdf3
|
||||
pyprind
|
||||
pyqtwebengine
|
||||
pyrainbird
|
||||
pyrmvtransport
|
||||
pyro5
|
||||
pyrogram
|
||||
pyrr
|
||||
pyscss
|
||||
pysdl2
|
||||
pysearpc
|
||||
pysensors
|
||||
pyside2
|
||||
pysmf
|
||||
pysmi
|
||||
pysml
|
||||
pysmt
|
||||
pysnmp-pyasn1
|
||||
pyspf
|
||||
pysvg-py3
|
||||
pysychonaut
|
||||
pytest-bdd
|
||||
pytest-catchlog
|
||||
pytest-django
|
||||
pytest-expect
|
||||
pytest-factoryboy
|
||||
pytest-flask
|
||||
pytest-isort
|
||||
pytest-relaxed
|
||||
pytest-snapshot
|
||||
pytest-socket
|
||||
pytest-virtualenv
|
||||
pytestcache
|
||||
python-baseconv
|
||||
python-bidi
|
||||
python-daemon
|
||||
python-decouple
|
||||
python-editor
|
||||
python-ipware
|
||||
python-ldap-test
|
||||
python-packer
|
||||
python-socketio
|
||||
python-status
|
||||
python-u2flib-server
|
||||
pytimeparse
|
||||
pytm
|
||||
pytzdata
|
||||
pyvisa
|
||||
pywemo
|
||||
pyworld
|
||||
pyxl3
|
||||
qtile
|
||||
reactivex
|
||||
rebulk
|
||||
reikna
|
||||
related
|
||||
repath
|
||||
repoze_lru
|
||||
requests-pkcs12
|
||||
requirements-parser
|
||||
result
|
||||
retrying
|
||||
rich-argparse-plus
|
||||
rivet
|
||||
rouge-score
|
||||
rtp
|
||||
rx
|
||||
safe
|
||||
sasmodels
|
||||
scikit-bio
|
||||
scikit-fmm
|
||||
seccomp
|
||||
securetar
|
||||
sendgrid
|
||||
sentence-transformers
|
||||
serialio
|
||||
setuptools-git
|
||||
sexpdata
|
||||
sfrbox-api
|
||||
sh
|
||||
sievelib
|
||||
simber
|
||||
simpleaudio
|
||||
simpleeval
|
||||
snapshottest
|
||||
soapysdr
|
||||
somajo
|
||||
speedtest-cli
|
||||
sphinx_pypi_upload
|
||||
sphinxcontrib-openapi
|
||||
sqlobject
|
||||
starkbank-ecdsa
|
||||
starlette
|
||||
staticjinja
|
||||
stdiomask
|
||||
strategies
|
||||
stravalib
|
||||
strenum
|
||||
strictyaml
|
||||
stringcase
|
||||
stringly
|
||||
sympy
|
||||
syncer
|
||||
sysv_ipc
|
||||
tabview
|
||||
takethetime
|
||||
tblite
|
||||
tcolorpy
|
||||
termstyle
|
||||
testing-common-database
|
||||
textacy
|
||||
textwrap3
|
||||
textx
|
||||
tweepy
|
||||
twilio
|
||||
twitter-common-collections
|
||||
twitter-common-confluence
|
||||
types-futures
|
||||
types-redis
|
||||
types-urllib3
|
||||
typesystem
|
||||
udatetime
|
||||
ukpostcodeparser
|
||||
unicrypto
|
||||
unidecode
|
||||
unidic-lite
|
||||
unpaddedbase64
|
||||
update-copyright
|
||||
ush
|
||||
vdirsyncer
|
||||
vector
|
||||
venusian
|
||||
versioneer
|
||||
veryprettytable
|
||||
videocr
|
||||
voluptuous-stubs
|
||||
volvooncall
|
||||
wakeonlan
|
||||
web
|
||||
webcolors
|
||||
webhelpers
|
||||
wfuzz
|
||||
whichcraft
|
||||
widlparser
|
||||
winacl
|
||||
wordfreq
|
||||
ws4py
|
||||
wsdiscovery
|
||||
wsgi-intercept
|
||||
xdg
|
||||
xhtml2pdf
|
||||
xstatic-jquery-file-upload
|
||||
xstatic-pygments
|
||||
yamllint
|
||||
yaramod
|
||||
yubico
|
||||
zarr
|
||||
zc_lockfile
|
||||
zigpy-zigate
|
||||
zigpy-znp
|
||||
zipstream
|
||||
zipstream-ng
|
||||
zope_proxy
|
||||
zope_schema
|
||||
zopfli
|
||||
];
|
||||
/**/
|
||||
|
||||
mkPdoc = use-pdoc3: drv: let
|
||||
isBuiltin = !lib.isDerivation drv;
|
||||
name = if isBuiltin then drv else drv.pname;
|
||||
desc = if isBuiltin then "builtin" else drv.meta.description;
|
||||
version = if isBuiltin then "-" else drv.version;
|
||||
homepage = if isBuiltin
|
||||
then "https://docs.python.org/3/library/${drv}.html"
|
||||
else drv.meta.homepage or "-";
|
||||
doc = pkgs.runCommand "pdoc${if use-pdoc3 then "3" else ""}-${name}-docs" {
|
||||
nativeBuildInputs = (if use-pdoc3
|
||||
then [pkgs.python3Packages.pdoc3]
|
||||
else [pkgs.python3Packages.pdoc])
|
||||
++ lib.optionals (!isBuiltin) [ drv ]
|
||||
++ lib.optionals (!isBuiltin) (lib.pipe (drv.passthru.optional-dependencies or {}) [
|
||||
builtins.attrValues
|
||||
lib.flatten
|
||||
(builtins.filter (drv':
|
||||
(builtins.tryEval drv'.outPath).success
|
||||
))
|
||||
]);
|
||||
|
||||
env.NAME = lib.toLower name;
|
||||
env.DESC = lib.escapeXML desc;
|
||||
# TODO: license
|
||||
# TODO: build html with something better than bash
|
||||
} ''
|
||||
LITERALS=()
|
||||
${lib.optionalString isBuiltin ''
|
||||
LITERALS+=("${name}")
|
||||
_tmp="$(python -c 'import ${name}; print((getattr(${name}, "__doc__", "") or "builtin").split("\n")[0])')"
|
||||
test "$?" -eq 0 && DESC="$_tmp"
|
||||
''}
|
||||
${lib.optionalString (!isBuiltin) ''
|
||||
LITERALS+=(${lib.escapeShellArgs (
|
||||
(drv.pythonImportsCheck or []) ++
|
||||
(drv.pythonImportsExtraCheck or [])
|
||||
)})
|
||||
|
||||
pushd ${drv}/${pkgs.python3.sitePackages}
|
||||
shopt -s globstar
|
||||
#for fname in **/*; do
|
||||
for fname in *; do
|
||||
if test -f "$fname" && ( test "''${fname##*.}" = "py" || test "''${fname##*.}" = "so" ) ; then
|
||||
[[ "$fname" =~ (^|/)"_"* ]] && continue
|
||||
LITERALS+=("$(echo "''${fname%%.py*}" | tr "/-" "._" )")
|
||||
elif test -d "$fname" && test -f "$fname"/__init__.py; then
|
||||
LITERALS+=("$(echo "$fname" | tr "/-" "._" )")
|
||||
fi
|
||||
done
|
||||
popd
|
||||
|
||||
# make unique
|
||||
LITERALS=( $(printf "%q\n" "''${LITERALS[@]}" | sort -u) )
|
||||
echo "''${LITERALS[0]}"
|
||||
''}
|
||||
|
||||
( timeout 900s ${if !use-pdoc3
|
||||
then ''pdoc --no-search --math --no-browser --output-directory $out "''${LITERALS[@]}"''
|
||||
else ''pdoc3 --skip-errors --output-dir $out --html "''${LITERALS[@]}" --force''
|
||||
} 2>&1 | tee "$NAME".log ) || true
|
||||
mkdir -p $out
|
||||
cp "$NAME".log $out
|
||||
test -f $out/index.html && rm -v $out/index.html
|
||||
|
||||
function write {
|
||||
{ printf "%s" "$@"; echo; } >> $out/index.part-"$NAME".html
|
||||
}
|
||||
|
||||
write "<tr>"
|
||||
if test -f $out/"''${LITERALS[0]}".html; then
|
||||
write "<td><a href=\"''${LITERALS[0]}.html\">${lib.escapeXML name}</a>"
|
||||
elif test -d $out/"''${LITERALS[0]}"; then
|
||||
write "<td><a href=\"''${LITERALS[0]}/\">${lib.escapeXML name}</a>"
|
||||
else
|
||||
write "<td>${lib.escapeXML name}"
|
||||
fi
|
||||
write "<td>${version}"
|
||||
if test -s $out/$NAME.log; then
|
||||
write "<td><a href=\"$NAME.log\">log</a>"
|
||||
else
|
||||
write "<td>-"
|
||||
fi
|
||||
write "<td>$DESC"
|
||||
${if homepage == "-" then ''
|
||||
write "<td>n/a"
|
||||
'' else ''
|
||||
write "<td><a href=\"${homepage}\">${homepage}</a>"
|
||||
''}
|
||||
write "</tr>"
|
||||
'';
|
||||
fallback = pkgs.writeTextDir "index.part-${lib.toLower name}.html" ''
|
||||
<tr>
|
||||
<td>${lib.escapeXML name}
|
||||
<td>${version}
|
||||
<td>⨯
|
||||
<td>${lib.escapeXML desc}
|
||||
<td>${if homepage == "-" then
|
||||
"n/a"
|
||||
else
|
||||
''<a href="${homepage}">${homepage}</a>''
|
||||
}
|
||||
</tr>
|
||||
'';
|
||||
in if (builtins.tryEval doc.outPath).success
|
||||
then doc
|
||||
else fallback;
|
||||
|
||||
mkPdocs = use-pdoc3: with builtins; pkgs.symlinkJoin {
|
||||
name = "pdoc-docs";
|
||||
paths = map (mkPdoc use-pdoc3) (python-builtins ++ python-packages);
|
||||
# note: globs are sorted
|
||||
postBuild = ''
|
||||
shopt -s nocaseglob
|
||||
>>$out/index.html echo "<!DOCTYPE html>"
|
||||
>>$out/index.html echo "<table><tr><th>name<th>version<th>log<th>description<th>homepage</tr>"
|
||||
>>$out/index.html cat $out/index.part-*.html
|
||||
>>$out/index.html echo "</table>"
|
||||
rm $out/index.part-*.html
|
||||
'';
|
||||
};
|
||||
in {
|
||||
pdocs = mkPdocs false;
|
||||
pdocs3 = mkPdocs true;
|
||||
}
|
47
profiles/desktop/xboxdrv.nix
Normal file
47
profiles/desktop/xboxdrv.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
# based on
|
||||
# https://github.com/yurifrl/NixFiles/blob/3b36740fb4063574247d5741247fb1bdf92520d8/modules/programs/xboxdrv.nix#L11
|
||||
# https://github.com/Lassulus/superconfig/blob/0ac6dfb43ece63b6b3132aa7b56aa3366c7ed95d/machines/xerxes/config.nix#L43
|
||||
|
||||
# transitive links:
|
||||
# https://github.com/NixOS/nixpkgs/issues/25490
|
||||
# https://www.reddit.com/r/RetroPie/comments/bi5bm4/psa_new_method_for_disabling_ertm_fix_controller/
|
||||
# https://github.com/baracoder/nix/blob/master/configuration.nix
|
||||
# https://www.reddit.com/r/NixOS/comments/a7g4oi/declaratively_setting_sysfs_properties/
|
||||
# https://nixos.org/nixos/options.html#kernel.sysctl
|
||||
# https://github.com/timor/timor-overlay/blob/d49783d2880b730cd67dbe6700ea2968f893b32e/modules/xbox360-wireless.nix
|
||||
# https://github.com/phildenhoff/pd/blob/44025561b223df9901e4415650deae08b1077865/dotfiles/entertainment.nix
|
||||
|
||||
let
|
||||
|
||||
configFile = pkgs.writeFile "xboxdrv.ini" ''
|
||||
[xboxdrv]
|
||||
silent = true
|
||||
device-name = "Xbox 360 Wireless Receiver"
|
||||
mimic-xpad = true
|
||||
deadzone = 4000
|
||||
[xboxdrv-daemon]
|
||||
dbus = disabled
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
boot.blacklistedKernelModules = [ "xpad" ];
|
||||
|
||||
environment.systemPackages = [ pkgs.xboxdrv ];
|
||||
|
||||
#environment.etc."default/xboxdrv".text = ''
|
||||
systemd.services.xboxdrv = {
|
||||
inherit (pkgs.xboxdrv.meta) description;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.xboxdrv}/bin/xboxdrv --daemon --config ${configFile}
|
||||
'';
|
||||
Restart = "always";
|
||||
RestartSec = 3;
|
||||
};
|
||||
};
|
||||
}
|
@ -8,12 +8,12 @@ in
|
||||
#(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
|
||||
(lib.mapAttrsToList (domain: vhost: [ domain ]))
|
||||
lib.flatten
|
||||
#(builtins.filter (domain: domain != ""))
|
||||
(builtins.filter (domain: domain != ""))
|
||||
(lib.sort (x: y: x<y))
|
||||
];
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "pbsds+acme@hotmail.com";
|
||||
security.acme.defaults.email = "pbsds+acme@hotmail.com"; # TODO: parametrize per host
|
||||
#security.acme.defaults.renewInterval = "daily";
|
||||
#security.acme.defaults.reloadServices
|
||||
|
||||
|
81
profiles/http/services/garage/gunktrunk.nix
Normal file
81
profiles/http/services/garage/gunktrunk.nix
Normal file
@ -0,0 +1,81 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.garage;
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
# gunktrunk
|
||||
|
||||
sops.secrets."garage/env".owner = "garage";
|
||||
sops.secrets."garage/env".restartUnits = [ "garage.service" ];
|
||||
|
||||
services.garage = {
|
||||
enable = true;
|
||||
package = pkgs.garage_0_8;
|
||||
|
||||
environmentFile = config.sops.secrets."garage/env".path; # TODO: 23.11
|
||||
|
||||
settings = {
|
||||
# https://search.nixos.org/options?query=services.garage.settings
|
||||
replication_mode = "1";
|
||||
#metadata_dir = ;
|
||||
data_dir = "/mnt/meconium/garage/gunktrunk";
|
||||
#data_dir = [
|
||||
# { path = "/mnt/meconium/garage/gunktrunk"; capacity = "2T"; }
|
||||
#];
|
||||
|
||||
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
|
||||
|
||||
db_engine = "lmdb"; # default since v0.9
|
||||
compression_level = 0; # zstd, 0 lets garage choose (curently 3)
|
||||
|
||||
rpc_bind_addr = "[::]:3901";
|
||||
|
||||
# Standard S3 api endpoint
|
||||
s3_api = {
|
||||
s3_region = "stoolus";
|
||||
api_bind_addr = "[::]:3900";
|
||||
root_domain = "s3.gunktrunk.kuklef.se";
|
||||
};
|
||||
|
||||
# Static file serve endpoint
|
||||
s3_web = {
|
||||
bind_addr = "[::]:3902";
|
||||
root_domain = "web.gunktrunk.kuklef.se";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.settings.s3_api.root_domain} = lib.mkIf cfg.enable {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${cfg.settings.s3_api.api_bind_addr}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.settings.s3_web.root_domain} = lib.mkIf cfg.enable {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${cfg.settings.s3_web.bind_addr}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = lib.mkIf cfg.enable {
|
||||
garage.serviceConfig.DynamicUser = false;
|
||||
#garage.serviceConfig.EnvironmentFile = config.sops.secrets."garage/env".path; # TODO: remove after 23.11
|
||||
};
|
||||
|
||||
users = lib.mkIf cfg.enable {
|
||||
users.garage.isSystemUser = true;
|
||||
users.garage.uid = 5000;
|
||||
users.garage.group = "garage";
|
||||
groups.garage.gid = 5000;
|
||||
};
|
||||
|
||||
}
|
115
profiles/http/services/snappymail.nix
Normal file
115
profiles/http/services/snappymail.nix
Normal file
@ -0,0 +1,115 @@
|
||||
# adapted from https://github.com/samrose/dotfiles-1/blob/8887ca3b01edecd83c2e95f01e42885ce26f76c5/nixos/eve/modules/snappymail.nix#L55
|
||||
{ pkgs, config, lib, mkDomain, ... }:
|
||||
|
||||
let
|
||||
maxUploadSize = "256M";
|
||||
toKeyValue = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.generators.mkKeyValueDefault {} " = ";
|
||||
};
|
||||
|
||||
baseIni = pkgs.runCommand "application.ini" { # eww
|
||||
nativeBuildInputs = [ pkgs.php ];
|
||||
} ''
|
||||
mkdir /tmp/foobar123
|
||||
php-cgi "${pkgs.snappymail.override { dataPath = "/tmp/foobar123"; }}/index.php" >/dev/null
|
||||
cp /tmp/foobar123/_data_/_default_/configs/application.ini $out
|
||||
'';
|
||||
|
||||
extendIni = baseFile: fname: args: pkgs.runCommand fname { # eww
|
||||
preferLocalBuild = true;
|
||||
nativeBuildInputs = [ pkgs.initool ];
|
||||
} ''
|
||||
cat ${baseFile} |
|
||||
${lib.pipe args [
|
||||
(lib.mapAttrsToList (section: data: lib.mapAttrsToList (key: val: { inherit section key val; }) data))
|
||||
lib.flatten
|
||||
(builtins.map ({ section, key, val }: ''
|
||||
initool s - ${lib.escapeShellArgs [ section key val ]} |
|
||||
''))
|
||||
lib.concatStrings
|
||||
]}
|
||||
cat > $out
|
||||
'';
|
||||
|
||||
modifiedIni = with builtins; extendIni baseIni "application.ini" {
|
||||
webmail.title = "pbsds SnappyMail";
|
||||
webmail.loading_description = "pbsds SnappyMail";
|
||||
webmail.messages_per_page = 20;
|
||||
|
||||
contacts.type = "pgsql";
|
||||
contacts.pdo_dsn = ''"pgsql:host=/run/postgresql;port=${toString config.services.postgresql.port};dbname=snappymail"'';
|
||||
contacts.pdo_user = "snappymail";
|
||||
contacts.pdo_password = "";
|
||||
|
||||
login.default_domain = "imap.fyrkat.no";
|
||||
#security.allow_admin_panel = "Off";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
services.phpfpm.pools.snappymail = {
|
||||
user = "snappymail";
|
||||
group = "snappymail";
|
||||
phpOptions = toKeyValue {
|
||||
upload_max_filesize = maxUploadSize;
|
||||
post_max_size = maxUploadSize;
|
||||
memory_limit = maxUploadSize;
|
||||
};
|
||||
settings = {
|
||||
"listen.owner" = "nginx";
|
||||
"listen.group" = "nginx";
|
||||
"pm" = "ondemand";
|
||||
"pm.max_children" = 32;
|
||||
"pm.process_idle_timeout" = "10s";
|
||||
"pm.max_requests" = 500;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql.ensureDatabases = [ "snappymail" ];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "snappymail";
|
||||
ensurePermissions."DATABASE snappymail" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
|
||||
#services.nginx.preStart = ''
|
||||
systemd.services."phpfpm-snappymail".preStart = ''
|
||||
mkdir -p /var/lib/snappymail/_data_/_default_/configs
|
||||
ln -sf ${modifiedIni} /var/lib/snappymail/_data_/_default_/configs/application.ini
|
||||
'';
|
||||
|
||||
services.nginx.virtualHosts.${mkDomain "snappymail"} = {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
locations."/".extraConfig = ''
|
||||
index index.php;
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
autoindex_localtime on;
|
||||
'';
|
||||
locations."^~ /data".extraConfig = ''
|
||||
deny all;
|
||||
'';
|
||||
locations."~ \.php$".extraConfig = ''
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket};
|
||||
'';
|
||||
extraConfig = ''
|
||||
client_max_body_size ${maxUploadSize};
|
||||
'';
|
||||
root = pkgs.snappymail.override {
|
||||
dataPath = "/var/lib/snappymail"; # the default
|
||||
};
|
||||
};
|
||||
|
||||
users.users.snappymail = {
|
||||
isSystemUser = true;
|
||||
createHome = true;
|
||||
home = "/var/lib/snappymail";
|
||||
group = "snappymail";
|
||||
};
|
||||
users.groups.snappymail = {};
|
||||
|
||||
}
|
28
profiles/http/services/stickers.nix
Normal file
28
profiles/http/services/stickers.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, lib, mkDomain, flakes, ... }:
|
||||
|
||||
let
|
||||
myStickerPicker = flakes.maunium-stickerpicker-nix.createStickerPicker {
|
||||
#homeserver = "https://matrix.pvv.ntnu.no";
|
||||
#userId = "@stickerbot:my.matrix.server";
|
||||
## You should probably encrypt this with either agenix, sops-nix or whatever else
|
||||
#accessTokenFile = ./stickerbot_access_token.txt;
|
||||
#sha256 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
packs = [
|
||||
{
|
||||
type = "chatsticker";
|
||||
name = "pompom-tao3";
|
||||
}
|
||||
{
|
||||
type = "directory";
|
||||
src = ./myHomemadeStickers;
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
# TODO: https://gist.github.com/pbsds/a1b03eb8d5602330765b3fd14f621dc5
|
||||
# separate into separate FODs
|
||||
|
||||
}
|
@ -20,6 +20,8 @@
|
||||
"/backups"
|
||||
"/backups/rocm"
|
||||
"/beets_music"
|
||||
#"/garage"
|
||||
#"/garage/gunktrunk"
|
||||
])
|
||||
);
|
||||
|
||||
|
4
todos-pulsar.md
Normal file
4
todos-pulsar.md
Normal file
@ -0,0 +1,4 @@
|
||||
# base
|
||||
ppm install atom-jinja2 autocomplete-cmake autocomplete-cmake copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust jinja2 language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations
|
||||
# resolved
|
||||
ppm install atom-ide-base atom-ide-code-format atom-ide-datatip atom-ide-definitions atom-ide-hyperclick atom-ide-markdown-service atom-ide-outline atom-ide-signature-help atom-jinja2 autocomplete-cmake busy-signal copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust intentions language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines linter linter-ui-default MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations
|
91
todos.md
Normal file
91
todos.md
Normal file
@ -0,0 +1,91 @@
|
||||
# nice to have
|
||||
* [ ] nixos-generate-config instructions for new hosts
|
||||
* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851
|
||||
* [x] xforwarding over ssh
|
||||
* [ ] pre-commit hook with 'nix eval ...outPath'
|
||||
* [x] use `nom` when deploying
|
||||
# machine park
|
||||
* [ ] wg
|
||||
* [ ] remote-builders over wg
|
||||
* [ ] autogenerate ssh keys for new hosts
|
||||
* [ ] http health monitoring `services.netdata.httpcheck.checks.<foobar>`
|
||||
* [ ] switch to systemd networkd
|
||||
* [x] Setup some remote-development and deploy flow
|
||||
* [ ] zfs, declarative pools?
|
||||
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
|
||||
* [ ] some tunneling for NFS hosts
|
||||
# ricing
|
||||
* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix)
|
||||
* [ ] https://github.com/NixOS/nixpkgs/pull/266094 (see https://nixos.wiki/wiki/Cursor_Themes)
|
||||
# selfhosting
|
||||
* [ ] hydra - perfect for CUDA and RISCV
|
||||
* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix)
|
||||
* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix)
|
||||
* [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix)
|
||||
* [ ] s3: minio or garage
|
||||
* [ ] mlflow / wandb service
|
||||
* [x] nfs
|
||||
* [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix)
|
||||
* [ ] https://github.com/ibizaman/selfhostblocks?tab=readme-ov-file
|
||||
* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089
|
||||
* [ ] homemanager: ip cameras with frigate
|
||||
* [ ] host older versions of nixpkgs documentation (like 20.09)
|
||||
* [ ] declarative libvirt
|
||||
* [ ] https://git.m-labs.hk/M-Labs/wfvm
|
||||
* [ ] https://github.com/kholia/OSX-KVM
|
||||
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?)
|
||||
* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
|
||||
* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
|
||||
* [ ] profiles/http: make ACME/nginx helper a function
|
||||
* [ ] Support multiple tlds
|
||||
* [ ] Support multiple acme accounts
|
||||
* [ ] Support a per-account provider?
|
||||
* [ ] Support DNS auth
|
||||
* [ ] Setup aliases instead of a per-vhost cert?
|
||||
* [ ] Preferably setup a wildchar cert per host
|
||||
# framework
|
||||
# to read
|
||||
* [ ] https://github.com/ogoid/nixos-expose-cuda
|
||||
# refactoring
|
||||
* [x] Split stuff into multiple files
|
||||
* [x] Make a flake
|
||||
* [x] merge hosted docs into a single subdomain
|
||||
# desktop
|
||||
* [ ] transgui config
|
||||
* [ ] xclip
|
||||
* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI
|
||||
* [ ] desktop entries - https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix
|
||||
* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix - extend it to work over ssh
|
||||
* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency
|
||||
* [x] rocm
|
||||
* [x] cuda
|
||||
# gaming
|
||||
* [ ] https://search.nixos.org/packages?query=heroic
|
||||
* [ ] htpc/handheld emulation station
|
||||
* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs)
|
||||
# security
|
||||
* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix)
|
||||
* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix)
|
||||
# home/pbsds
|
||||
* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1
|
||||
* [ ] requires GNOME xstart in home-manager
|
||||
* [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3
|
||||
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
||||
* [x] lxterminal
|
||||
* [ ] replace gnome terminal
|
||||
* [x] themes
|
||||
* [x] shortcuts
|
||||
* [x] pavucontrol
|
||||
# sops
|
||||
* [x] secrets - nix-sops ?
|
||||
* [x] flexget
|
||||
* [ ] microbin
|
||||
* [ ] transmission
|
||||
* [ ] transmission remote gui (requires sops in home-manager)
|
||||
* [x] domeneshop
|
||||
* [ ] webdav
|
||||
* [ ] code-remote
|
||||
* [ ] add .netrc
|
||||
* [ ] mint a one true ssh key?
|
||||
* [ ] then add darwin and aarch64 community remote builders
|
||||
* [ ] automate adding ssh host public keys to flake
|
@ -13,6 +13,7 @@
|
||||
programs.git.enable = true;
|
||||
programs.git.lfs.enable = true;
|
||||
programs.git.delta.enable = true;
|
||||
programs.git.delta.options.max-line-length = 0;
|
||||
#programs.git.lfs.enable = true;
|
||||
#programs.git.signing
|
||||
#programs.git.userName = "pbsds"
|
||||
|
Loading…
Reference in New Issue
Block a user