ldsalkjdsalkjdsalkj

This commit is contained in:
Peder Bergebakken Sundt 2024-04-16 06:49:45 +02:00
parent 1cc9257346
commit 22a3158e3c
17 changed files with 1198 additions and 147 deletions

View File

@ -1,91 +1 @@
# Initial setup (old)
nixos-generate-config
# Reading list
* https://nixos.wiki/wiki/Flakes
* https://teu5us.github.io/nix-lib.html
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
* https://nixos.wiki/wiki/Nix-writers
# TODOs:
* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089
* [ ] https://github.com/ogoid/nixos-expose-cuda
* [ ] http health monitoring `services.netdata.httpcheck.checks.<foobar>`
* [x] Split stuff into multiple files
* [x] Make a flake
* [ ] homemanager: ip cameras with frigate
* [x] merge hosted docs into a single subdomain
* [x] Setup some remote-development and deploy flow
* [ ] host older versions of nixpkgs documentation (like 20.09)
* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI
* [ ] desktop entries
* https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix
* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix
* [ ] extend it to work over ssh
* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency
* [ ] https://search.nixos.org/packages?query=heroic
* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs)
* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix)
* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix)
* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix)
* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix)
* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix)
* [ ] shares
* [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix)
* [ ] nfs
* [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix)
* [x] rocm
* [x] cuda
* [ ] xclip
* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851
* [ ] declarative libvirt
* [ ] https://git.m-labs.hk/M-Labs/wfvm
* [ ] https://github.com/kholia/OSX-KVM
* [ ] s3: minio or garage
* [ ] mlflow / wandb service
* [x] xforwarding over ssh
* [ ] autogenerate ssh keys for new hosts
* [ ] switch to systemd networkd
* [ ] pre-commit hook with 'nix eval ...outPath'
* [x] use `nom` when deploying
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
* [ ] gnome:
* [x] lxterminal
* [ ] replace gnome terminal
* [x] themes
* [x] shortcuts
* [x] pavucontrol
* [ ] nixos-generate-config instructions for new hosts
* [ ] zfs, declarative pools?
* [ ] some tunneling for NFS hosts
* [ ] transgui config
* [x] secrets - nix-sops ?
* [x] flexget
* [ ] microbin
* [ ] transmission
* [ ] transmission remote gui (requires sops in home-manager)
* [x] domeneshop
* [ ] webdav
* [ ] code-remote
* [ ] add .netrc
* [ ] hydra
* perfect for CUDA and RISCV
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?)
* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
* [ ] profiles/http: make ACME/nginx helper a function
* [ ] Support multiple tlds
* [ ] Support multiple acme accounts
* [ ] Support a per-account provider?
* [ ] Support DNS auth
* [ ] Setup aliases instead of a per-vhost cert?
* [ ] Preferably setup a wildchar cert per host
* [ ] once secrets are in place: coin a one true ssh key, automate adding ssh host public keys to flake
* [ ] then add darwin and aarch64 community remote builders
* [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3
* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1
* [ ] requires GNOME xstart in home-manager
( ͡° ͜ʖ ͡°)

View File

@ -53,6 +53,10 @@
sops-nix-2305.inputs.nixpkgs.follows = "nixpkgs-2305";
sops-nix-2305.inputs.nixpkgs-stable.follows = "nixpkgs-2305";
## https://github.com/h7x4/maunium-stickerpicker-nix
#maunium-stickerpicker-nix.url = "github:h7x4/maunium-stickerpicker-nix";
#maunium-stickerpicker-nix.inputs.nixpkgs.follows = "nixpkgs-2311";
/** /
https://willbush.dev/blog/impermanent-nixos/
matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
@ -199,7 +203,7 @@
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"nixpkgs-unstable=${inputs.unstable}"
"nixpkgs-git=github:NixOS/nixpkgs/nixos-unstable-small"
"nixpkgs-git=github:NixOS/nixpkgs/refs/tags/nixos-unstable-small" # is this right?
];
});
mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem {
@ -298,8 +302,8 @@
nixosReports = mkHosts (mkReport []);
packages = forAllSystems ({ inputs, pkgs, lib, flakes, ... }: let
mk-nspawn-deployer = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk
(pkgs.callPackage ./pkgs/mk-nspawn-deployer {})
mk-nspawn-setup = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk
(pkgs.callPackage ./pkgs/mk-nspawn-setup {})
(mkHosts (mkConfig [ "${nixos-nspawn}/nspawn-tarball.nix" ])).${hostname};
in {
# TODO: get faketty to work ${expect}/bin/unbuffer is bad
@ -311,9 +315,11 @@
fi
'';
nspawn-setup-brumlebasse = mk-nspawn-deployer "brumlebasse";
device-mon = pkgs.callPackage ./pkgs/device-mon {};
#pdoc-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs;
#pdoc3-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs3;
# nixos-generators images
nspawn-setup-brumlebasse = mk-nspawn-setup "brumlebasse";
image-brumlebasse-openstack = nixos-generators-2311.nixosGenerate {
system = "x86_64-linux";
specialArgs = { inherit inputs flakes; };

View File

@ -7,7 +7,7 @@
imports = [
./hardware-configuration.nix
../../profiles/sshd.nix
../../profiles/podman.nix
#../../profiles/oci/podman.nix
../../profiles/vpn-pbsds/headscale.nix # opens port 3478
@ -47,9 +47,11 @@
../../profiles/http/services/polaris.nix
#../../profiles/http/services/resilio.nix
../../profiles/http/services/roundcube.nix
#../../profiles/http/services/snappymail.nix # WIP
../../profiles/http/services/thelounge.nix
../../profiles/http/services/vaultwarden.nix
../../profiles/http/services/webdav-zotero.nix
#../../profiles/http/services/garage/gunktrunk.nix
#../../profiles/http/services/convos.nix
#../../profiles/http/services/cryptpad.nix
#../../profiles/http/services/galene.nix
@ -64,6 +66,8 @@
#../../profiles/http/services/censordodge.nix
#../../profiles/http/services/openspeedtest.nix
/**/
# TODO: move to brumle
../../profiles/http/docs
../../profiles/http/docs/pdoc.nix
../../profiles/http/docs/python-docs.nix
@ -72,6 +76,7 @@
../../profiles/http/docs/linux-docs.nix
../../profiles/http/docs/programs.nix
../../profiles/http/docs/yagcd.nix
/**/
#../../profiles/http/sites/linktree-pbsds.nix # github bby!! TODO: remove
../../profiles/http/sites/refleksjon-no.nix

View File

@ -43,6 +43,7 @@
../../profiles/desktop/sound/pipewire.nix
../../profiles/desktop/steam.nix
#../../profiles/desktop/xboxdrv.nix # TODO: try out
../../profiles/desktop/lutris.nix
../../profiles/desktop/flatpak.nix

View File

@ -1,44 +0,0 @@
#!/usr/bin/env bash
# TODO: assert correct system
NSPAWN=nixos-@hostname@
TARBALL=./"$NSPAWN".tar #"https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz"
test $(id -u) -eq 0 || {
>&2 echo you must run this as root
exit 1
}
install_pkg() {
# TODO: use bash hashmaps to map from apt to other package managers
# * [x] apt
# * [ ] apk
# * [ ] pacman
# * [ ] dnf
DEBIAN_FRONTEND=noninteractive apt install -y "$@"
}
if ! >/dev/null command -v systemd-nspawn; then
# TODO: support more than ubuntu
install_pkg systemd-container
fi
machinectl remove "$NSPAWN" || true # TODO: interactive?
#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN" --verify=no
machinectl import-tar "$TARBALL" "$NSPAWN"
# use host network
cat <<"EOF" > /etc/systemd/nspawn/"$NSPAWN".nspawn
[Network]
VirtualEthernet=no
EOF
machinectl enable "$NSPAWN"
machinectl start "$NSPAWN"
echo Setting root password...
machinectl shell "$NSPAWN" /usr/bin/env passwd
machinectl status "$NSPAWN"

View File

@ -2,12 +2,13 @@
, pkgs
}:
# assumes nspawn-tarball.nix is mixed into it
# this assumes github:tfc/nspawn-nixos nspawn-tarball.nix is mixed into it
nixosConfiguration:
let
hostname = nixosConfiguration.config.networking.hostName;
inherit (nixosConfiguration.config.nixpkgs) system;
setup = pkgs.substituteAll {
src = ./setup-nspawn.sh;
@ -23,7 +24,9 @@ pkgs.runCommandNoCC "nspawn-setup-${hostname}.sh" {
nativeBuildInputs = with pkgs; [ makeself ];
} ''
mkdir -p archive/
ln -s ${setup} archive/setup.sh
ln -s ${tarball}/* archive/nixos-${hostname}.tar
makeself --follow archive/ $out setup-nixos-nspawn-${hostname} ./setup.sh
ln -s ${setup} archive/setup.sh
ln -s ${tarball}/tarball/nixos-system-${system}.tar.xz archive/nixos-${hostname}.tar.xz
echo tarball: ${tarball}
makeself --nocomp --follow archive/ $out "setup-nixos-nspawn-${hostname}" ./setup.sh
''

View File

@ -0,0 +1,45 @@
#!/usr/bin/env bash
# TODO: assert correct system
NSPAWN_NAME=nixos-@hostname@
TARBALL=./nixos-@hostname@.tar.xz
test $(id -u) -eq 0 || {
>&2 echo you must run this as root
exit 1
}
if ! >/dev/null command -v systemd-nspawn; then
>&2 echo "systemd-nspawn" not found in PATH
>&2 echo consider installing 'systemd-container'
exit 1
fi
if ! >/dev/null command -v machinectl; then
>&2 echo "machinectl" not found in PATH
>&2 echo consider installing 'systemd-container'
exit 1
fi
set -ex
machinectl remove "$NSPAWN_NAME" || true # TODO: is this interactive?
#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN_NAME" --verify=no
machinectl import-tar "$TARBALL" "$NSPAWN_NAME"
# use host network
mkdir -p /etc/systemd/nspawn
tee /etc/systemd/nspawn/"$NSPAWN_NAME".nspawn <<"EOF"
[Network]
VirtualEthernet=no
EOF
NSPAWN_NAME=nixos-brumlebasse
machinectl enable "$NSPAWN_NAME"
machinectl start "$NSPAWN_NAME"
echo Please set a root password
machinectl shell "$NSPAWN_NAME" /usr/bin/env passwd
machinectl status "$NSPAWN_NAME"

756
pkgs/pdocs.nix Normal file
View File

@ -0,0 +1,756 @@
{ lib
, pkgs
}:
# TODO: pagefind
let
python-builtins = [
"builtins"
"os"
"array"
"sys"
"time"
"traceback"
"pathlib"
"itertools"
"functools"
"unittest"
"argparse"
"asyncio"
"textwrap"
"collections"
"configparser"
"concurrent"
"contextlib"
"operator"
"pickle"
"copy"
"ctypes"
"pprint"
"shlex"
"re"
"abc"
"ast"
"random"
"shutil"
"sqlite3"
"subprocess"
"statistics"
"string"
"tarfile"
"typing"
"uuid"
"warnings"
"wave"
"dataclasses"
"glob"
"gzip"
"inspect"
"json"
"base64"
"zipfile"
];
#python-packages = with pkgs.python3Packages; [ cached-property ];
#python-packages = lib.pipe pkgs.python3Packages [
# builtins.attrValues
# (builtins.filter lib.isDerivation)
#];
/** /
python-packages = with pkgs.python3Packages; [
more-itertools
altair
pygal
vispy
seaborn
bokeh
plotly
tabulate
wavefile
moderngl
pydantic
typer
ptpython
colorama
pyjwt
zipp
aiofiles
aafigure
urllib3
tesserocr
trio
starlette
pyverilog
nixpkgs
wavedrom
httpx
pyquery
mpv
beautifulsoup4
hid
hidapi
#sanic # broken build?
paramiko
pydub
aiohttp
papermill
rtoml
redis
numpy
#domeneshop
munch
migen
amaranth
click
attrs
graphviz
baron
redbaron
fastapi
pytest
#pyglet # pyglet.com fails, windows only
#pygame # pygame.movie fails on pdoc3, pdoc hangs
plotly
peewee
parsel
pandas
#mutmut # moved to toplevel from python3Packages
mlflow
meshio
#einops # depends on tensorflow, which is broken ATM
aiodns
json5
seaborn
matplotlib
dash
rarfile
pyramid
pygtail
codecov
nbconvert
humanfriendly
pendulum
jsonpickle
cachetools
wrapt
lxml
chardet
yarl
frozenlist
itsdangerous
xmltodict
cached-property
toolz
aioitertools
coconut
asyncpg
aiopg
libsass
pytorch
pytorch-lightning
pillow
trio
tqdm
rich
pudb
pony
mido
jedi
h5py
atom
toml
pyyaml
jinja2
requests
h5py
imageio
pygments
trimesh
shapely
#faiss
#geomloss
#mesh_to_sdf
#pyrender
];
/**/
python-packages = with pkgs.python3Packages; [
aiocurrencylayer
aioitertools
aiolifx-connection
aiolifx-effects
aiomisc
aionotify
aiorun
aioshutil
aiozeroconf
alembic
aliyun-python-sdk-dbfs
allure-python-commons-test
amply
angr
aniso8601
anonip
ansible
ansicolor
ansiwrap
apptools
aprslib
aqipy-atmotech
arc4
argcomplete
args
arpeggio
asgi-csrf
asn1tools
aspectlib
astor
async-lru
asynccmd
asyncio-throttle
asynctest
asysocks
atom
atomicwrites-homeassistant
attrdict
autopage
autopep8
avea
avro3k
awacs
awswrangler
azure-mgmt-nspkg
b2sdk
behave
bitarray
bitcoinrpc
bitlist
bluetooth-auto-recovery
bnunicodenormalizer
boschshcpy
bottleneck
brelpy
bsddb3
bson
bunch
cart
casa-formats-io
cftime
chacha20poly1305
cmigemo
coapthon3
cogapp
coinmetrics-api-client
commentjson
cons
contexttimer
contourpy
coreapi
cppheaderparser
dash-table
dask-jobqueue
decli
deep-chainmap
diceware
diff-cover
django-bootstrap4
django-cache-url
django-cacheops
django-celery-results
django-compressor
django-picklefield
django-reversion
django-tables2
djangorestframework-guardian2
djmail
doit-py
dotmap
drf-nested-routers
dugong
dunamai
dvc-render
entrance-with-router-features
ephemeral-port-reserve
et_xmlfile
eth-hash
eth-keys
eve
exdown
exif
face
fastbencode
fastcache
fastentrypoints
fe25519
filetype
fingerprints
fire
fixtures
flake8-future-import
flask-gravatar
flask-swagger
flask-swagger-ui
fpdf
fs
ftputil
funcparserlib
funcy
fuzzywuzzy
gbinder-python
gcovr
generic
geoip
geojson
ghrepo-stats
gibberish-detector
google-cloud-bigquery-logging
google-cloud-dns
gpaw
graphql-server-core
greeclimate
gunicorn
gvm-tools
headerparser
heapdict
hijri-converter
hledger-utils
htmllaundry
httpie
httpx
hyperlink
imageio-ffmpeg
imaplib2
importlib-resources
inotifyrecursive
inquirer
insteon-frontend-home-assistant
intelhex
interface-meta
ipwhl
irctokens
isounidecode
itemloaders
iteration-utilities
itsdangerous
itypes
jaeger-client
javaproperties
jax
joblib
json-rpc
json-tricks
jsonpatch
junit-xml
jupyter-cache
jupyter-packaging
jupyterlab-pygments
jupyterlab_launcher
jxmlease
keyrings-cryptfile
korean-lunar-calendar
kubernetes
language-data
lazy
lcov_cobertura
ldap3
ledger
libais
libarchive-c
libarcus
libgpuarray
license-expression
lightwave
lima
lit
lockfile
log-symbols
luhn
m3u8
magic-wormhole
mail-parser
manhole
markups
marshmallow-oneofschema
marshmallow-polyfield
mastodon-py
maxminddb
mdurl
mdutils
meep
mergedict
merkletools
mip
mkdocs
mkdocs-material-extensions
msoffcrypto-tool
multimethod
multipart
multiprocess
mypy
nanoid
napalm
napalm-hp-procurve
nbdime
nbformat
nbval
ndtypes
neo4j
nessclient
netdata
nose-randomly
notebook-shim
nsz
nulltype
ome-zarr
onetimepass
oocsi
opsdroid_get_image_size
opytimark
oracledb
pa-ringbuffer
pad4pi
papermill
parsimonious
parsley
pcapy-ng
pdoc
phonopy
pick
picobox
pipdate
pkce
pkgconfig
pkginfo
plantuml
platformdirs
plum-py
plyer
plyvel
progressbar33
prometheus-client
promise
prox-tv
pulumi-command
pure-cdb
py-dmidecode
py-multiaddr
py-multibase
py-nextbusnext
py-zabbix
pyaehw4a1
pyatv
pybullet
pycangjie
pycddl
pycep-parser
pydevccu
pyftdi
pyfume
pygatt
pygetwindow
pyglet
pygmars
pyhcl
pyheos
pyinstrument
pykdtree
pylint-flask
pymeeus
pymetar
pymodbus
pymysensors
pypdf
pypdf3
pyprind
pyqtwebengine
pyrainbird
pyrmvtransport
pyro5
pyrogram
pyrr
pyscss
pysdl2
pysearpc
pysensors
pyside2
pysmf
pysmi
pysml
pysmt
pysnmp-pyasn1
pyspf
pysvg-py3
pysychonaut
pytest-bdd
pytest-catchlog
pytest-django
pytest-expect
pytest-factoryboy
pytest-flask
pytest-isort
pytest-relaxed
pytest-snapshot
pytest-socket
pytest-virtualenv
pytestcache
python-baseconv
python-bidi
python-daemon
python-decouple
python-editor
python-ipware
python-ldap-test
python-packer
python-socketio
python-status
python-u2flib-server
pytimeparse
pytm
pytzdata
pyvisa
pywemo
pyworld
pyxl3
qtile
reactivex
rebulk
reikna
related
repath
repoze_lru
requests-pkcs12
requirements-parser
result
retrying
rich-argparse-plus
rivet
rouge-score
rtp
rx
safe
sasmodels
scikit-bio
scikit-fmm
seccomp
securetar
sendgrid
sentence-transformers
serialio
setuptools-git
sexpdata
sfrbox-api
sh
sievelib
simber
simpleaudio
simpleeval
snapshottest
soapysdr
somajo
speedtest-cli
sphinx_pypi_upload
sphinxcontrib-openapi
sqlobject
starkbank-ecdsa
starlette
staticjinja
stdiomask
strategies
stravalib
strenum
strictyaml
stringcase
stringly
sympy
syncer
sysv_ipc
tabview
takethetime
tblite
tcolorpy
termstyle
testing-common-database
textacy
textwrap3
textx
tweepy
twilio
twitter-common-collections
twitter-common-confluence
types-futures
types-redis
types-urllib3
typesystem
udatetime
ukpostcodeparser
unicrypto
unidecode
unidic-lite
unpaddedbase64
update-copyright
ush
vdirsyncer
vector
venusian
versioneer
veryprettytable
videocr
voluptuous-stubs
volvooncall
wakeonlan
web
webcolors
webhelpers
wfuzz
whichcraft
widlparser
winacl
wordfreq
ws4py
wsdiscovery
wsgi-intercept
xdg
xhtml2pdf
xstatic-jquery-file-upload
xstatic-pygments
yamllint
yaramod
yubico
zarr
zc_lockfile
zigpy-zigate
zigpy-znp
zipstream
zipstream-ng
zope_proxy
zope_schema
zopfli
];
/**/
mkPdoc = use-pdoc3: drv: let
isBuiltin = !lib.isDerivation drv;
name = if isBuiltin then drv else drv.pname;
desc = if isBuiltin then "builtin" else drv.meta.description;
version = if isBuiltin then "-" else drv.version;
homepage = if isBuiltin
then "https://docs.python.org/3/library/${drv}.html"
else drv.meta.homepage or "-";
doc = pkgs.runCommand "pdoc${if use-pdoc3 then "3" else ""}-${name}-docs" {
nativeBuildInputs = (if use-pdoc3
then [pkgs.python3Packages.pdoc3]
else [pkgs.python3Packages.pdoc])
++ lib.optionals (!isBuiltin) [ drv ]
++ lib.optionals (!isBuiltin) (lib.pipe (drv.passthru.optional-dependencies or {}) [
builtins.attrValues
lib.flatten
(builtins.filter (drv':
(builtins.tryEval drv'.outPath).success
))
]);
env.NAME = lib.toLower name;
env.DESC = lib.escapeXML desc;
# TODO: license
# TODO: build html with something better than bash
} ''
LITERALS=()
${lib.optionalString isBuiltin ''
LITERALS+=("${name}")
_tmp="$(python -c 'import ${name}; print((getattr(${name}, "__doc__", "") or "builtin").split("\n")[0])')"
test "$?" -eq 0 && DESC="$_tmp"
''}
${lib.optionalString (!isBuiltin) ''
LITERALS+=(${lib.escapeShellArgs (
(drv.pythonImportsCheck or []) ++
(drv.pythonImportsExtraCheck or [])
)})
pushd ${drv}/${pkgs.python3.sitePackages}
shopt -s globstar
#for fname in **/*; do
for fname in *; do
if test -f "$fname" && ( test "''${fname##*.}" = "py" || test "''${fname##*.}" = "so" ) ; then
[[ "$fname" =~ (^|/)"_"* ]] && continue
LITERALS+=("$(echo "''${fname%%.py*}" | tr "/-" "._" )")
elif test -d "$fname" && test -f "$fname"/__init__.py; then
LITERALS+=("$(echo "$fname" | tr "/-" "._" )")
fi
done
popd
# make unique
LITERALS=( $(printf "%q\n" "''${LITERALS[@]}" | sort -u) )
echo "''${LITERALS[0]}"
''}
( timeout 900s ${if !use-pdoc3
then ''pdoc --no-search --math --no-browser --output-directory $out "''${LITERALS[@]}"''
else ''pdoc3 --skip-errors --output-dir $out --html "''${LITERALS[@]}" --force''
} 2>&1 | tee "$NAME".log ) || true
mkdir -p $out
cp "$NAME".log $out
test -f $out/index.html && rm -v $out/index.html
function write {
{ printf "%s" "$@"; echo; } >> $out/index.part-"$NAME".html
}
write "<tr>"
if test -f $out/"''${LITERALS[0]}".html; then
write "<td><a href=\"''${LITERALS[0]}.html\">${lib.escapeXML name}</a>"
elif test -d $out/"''${LITERALS[0]}"; then
write "<td><a href=\"''${LITERALS[0]}/\">${lib.escapeXML name}</a>"
else
write "<td>${lib.escapeXML name}"
fi
write "<td>${version}"
if test -s $out/$NAME.log; then
write "<td><a href=\"$NAME.log\">log</a>"
else
write "<td>-"
fi
write "<td>$DESC"
${if homepage == "-" then ''
write "<td>n/a"
'' else ''
write "<td><a href=\"${homepage}\">${homepage}</a>"
''}
write "</tr>"
'';
fallback = pkgs.writeTextDir "index.part-${lib.toLower name}.html" ''
<tr>
<td>${lib.escapeXML name}
<td>${version}
<td>&#10799;
<td>${lib.escapeXML desc}
<td>${if homepage == "-" then
"n/a"
else
''<a href="${homepage}">${homepage}</a>''
}
</tr>
'';
in if (builtins.tryEval doc.outPath).success
then doc
else fallback;
mkPdocs = use-pdoc3: with builtins; pkgs.symlinkJoin {
name = "pdoc-docs";
paths = map (mkPdoc use-pdoc3) (python-builtins ++ python-packages);
# note: globs are sorted
postBuild = ''
shopt -s nocaseglob
>>$out/index.html echo "<!DOCTYPE html>"
>>$out/index.html echo "<table><tr><th>name<th>version<th>log<th>description<th>homepage</tr>"
>>$out/index.html cat $out/index.part-*.html
>>$out/index.html echo "</table>"
rm $out/index.part-*.html
'';
};
in {
pdocs = mkPdocs false;
pdocs3 = mkPdocs true;
}

View File

@ -0,0 +1,47 @@
{ config, pkgs, ... }:
# based on
# https://github.com/yurifrl/NixFiles/blob/3b36740fb4063574247d5741247fb1bdf92520d8/modules/programs/xboxdrv.nix#L11
# https://github.com/Lassulus/superconfig/blob/0ac6dfb43ece63b6b3132aa7b56aa3366c7ed95d/machines/xerxes/config.nix#L43
# transitive links:
# https://github.com/NixOS/nixpkgs/issues/25490
# https://www.reddit.com/r/RetroPie/comments/bi5bm4/psa_new_method_for_disabling_ertm_fix_controller/
# https://github.com/baracoder/nix/blob/master/configuration.nix
# https://www.reddit.com/r/NixOS/comments/a7g4oi/declaratively_setting_sysfs_properties/
# https://nixos.org/nixos/options.html#kernel.sysctl
# https://github.com/timor/timor-overlay/blob/d49783d2880b730cd67dbe6700ea2968f893b32e/modules/xbox360-wireless.nix
# https://github.com/phildenhoff/pd/blob/44025561b223df9901e4415650deae08b1077865/dotfiles/entertainment.nix
let
configFile = pkgs.writeFile "xboxdrv.ini" ''
[xboxdrv]
silent = true
device-name = "Xbox 360 Wireless Receiver"
mimic-xpad = true
deadzone = 4000
[xboxdrv-daemon]
dbus = disabled
'';
in
{
boot.blacklistedKernelModules = [ "xpad" ];
environment.systemPackages = [ pkgs.xboxdrv ];
#environment.etc."default/xboxdrv".text = ''
systemd.services.xboxdrv = {
inherit (pkgs.xboxdrv.meta) description;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.xboxdrv}/bin/xboxdrv --daemon --config ${configFile}
'';
Restart = "always";
RestartSec = 3;
};
};
}

View File

@ -8,12 +8,12 @@ in
#(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
(lib.mapAttrsToList (domain: vhost: [ domain ]))
lib.flatten
#(builtins.filter (domain: domain != ""))
(builtins.filter (domain: domain != ""))
(lib.sort (x: y: x<y))
];
security.acme.acceptTerms = true;
security.acme.defaults.email = "pbsds+acme@hotmail.com";
security.acme.defaults.email = "pbsds+acme@hotmail.com"; # TODO: parametrize per host
#security.acme.defaults.renewInterval = "daily";
#security.acme.defaults.reloadServices

View File

@ -0,0 +1,81 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.garage;
in
{
# gunktrunk
sops.secrets."garage/env".owner = "garage";
sops.secrets."garage/env".restartUnits = [ "garage.service" ];
services.garage = {
enable = true;
package = pkgs.garage_0_8;
environmentFile = config.sops.secrets."garage/env".path; # TODO: 23.11
settings = {
# https://search.nixos.org/options?query=services.garage.settings
replication_mode = "1";
#metadata_dir = ;
data_dir = "/mnt/meconium/garage/gunktrunk";
#data_dir = [
# { path = "/mnt/meconium/garage/gunktrunk"; capacity = "2T"; }
#];
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
db_engine = "lmdb"; # default since v0.9
compression_level = 0; # zstd, 0 lets garage choose (curently 3)
rpc_bind_addr = "[::]:3901";
# Standard S3 api endpoint
s3_api = {
s3_region = "stoolus";
api_bind_addr = "[::]:3900";
root_domain = "s3.gunktrunk.kuklef.se";
};
# Static file serve endpoint
s3_web = {
bind_addr = "[::]:3902";
root_domain = "web.gunktrunk.kuklef.se";
};
};
};
services.nginx.virtualHosts.${cfg.settings.s3_api.root_domain} = lib.mkIf cfg.enable {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${cfg.settings.s3_api.api_bind_addr}";
proxyWebsockets = true;
};
};
services.nginx.virtualHosts.${cfg.settings.s3_web.root_domain} = lib.mkIf cfg.enable {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${cfg.settings.s3_web.bind_addr}";
proxyWebsockets = true;
};
};
systemd.services = lib.mkIf cfg.enable {
garage.serviceConfig.DynamicUser = false;
#garage.serviceConfig.EnvironmentFile = config.sops.secrets."garage/env".path; # TODO: remove after 23.11
};
users = lib.mkIf cfg.enable {
users.garage.isSystemUser = true;
users.garage.uid = 5000;
users.garage.group = "garage";
groups.garage.gid = 5000;
};
}

View File

@ -0,0 +1,115 @@
# adapted from https://github.com/samrose/dotfiles-1/blob/8887ca3b01edecd83c2e95f01e42885ce26f76c5/nixos/eve/modules/snappymail.nix#L55
{ pkgs, config, lib, mkDomain, ... }:
let
maxUploadSize = "256M";
toKeyValue = lib.generators.toKeyValue {
mkKeyValue = lib.generators.mkKeyValueDefault {} " = ";
};
baseIni = pkgs.runCommand "application.ini" { # eww
nativeBuildInputs = [ pkgs.php ];
} ''
mkdir /tmp/foobar123
php-cgi "${pkgs.snappymail.override { dataPath = "/tmp/foobar123"; }}/index.php" >/dev/null
cp /tmp/foobar123/_data_/_default_/configs/application.ini $out
'';
extendIni = baseFile: fname: args: pkgs.runCommand fname { # eww
preferLocalBuild = true;
nativeBuildInputs = [ pkgs.initool ];
} ''
cat ${baseFile} |
${lib.pipe args [
(lib.mapAttrsToList (section: data: lib.mapAttrsToList (key: val: { inherit section key val; }) data))
lib.flatten
(builtins.map ({ section, key, val }: ''
initool s - ${lib.escapeShellArgs [ section key val ]} |
''))
lib.concatStrings
]}
cat > $out
'';
modifiedIni = with builtins; extendIni baseIni "application.ini" {
webmail.title = "pbsds SnappyMail";
webmail.loading_description = "pbsds SnappyMail";
webmail.messages_per_page = 20;
contacts.type = "pgsql";
contacts.pdo_dsn = ''"pgsql:host=/run/postgresql;port=${toString config.services.postgresql.port};dbname=snappymail"'';
contacts.pdo_user = "snappymail";
contacts.pdo_password = "";
login.default_domain = "imap.fyrkat.no";
#security.allow_admin_panel = "Off";
};
in
{
services.phpfpm.pools.snappymail = {
user = "snappymail";
group = "snappymail";
phpOptions = toKeyValue {
upload_max_filesize = maxUploadSize;
post_max_size = maxUploadSize;
memory_limit = maxUploadSize;
};
settings = {
"listen.owner" = "nginx";
"listen.group" = "nginx";
"pm" = "ondemand";
"pm.max_children" = 32;
"pm.process_idle_timeout" = "10s";
"pm.max_requests" = 500;
};
};
services.postgresql.ensureDatabases = [ "snappymail" ];
services.postgresql.ensureUsers = [
{
name = "snappymail";
ensurePermissions."DATABASE snappymail" = "ALL PRIVILEGES";
}
];
#services.nginx.preStart = ''
systemd.services."phpfpm-snappymail".preStart = ''
mkdir -p /var/lib/snappymail/_data_/_default_/configs
ln -sf ${modifiedIni} /var/lib/snappymail/_data_/_default_/configs/application.ini
'';
services.nginx.virtualHosts.${mkDomain "snappymail"} = {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/".extraConfig = ''
index index.php;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
'';
locations."^~ /data".extraConfig = ''
deny all;
'';
locations."~ \.php$".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket};
'';
extraConfig = ''
client_max_body_size ${maxUploadSize};
'';
root = pkgs.snappymail.override {
dataPath = "/var/lib/snappymail"; # the default
};
};
users.users.snappymail = {
isSystemUser = true;
createHome = true;
home = "/var/lib/snappymail";
group = "snappymail";
};
users.groups.snappymail = {};
}

View File

@ -0,0 +1,28 @@
{ config, lib, mkDomain, flakes, ... }:
let
myStickerPicker = flakes.maunium-stickerpicker-nix.createStickerPicker {
#homeserver = "https://matrix.pvv.ntnu.no";
#userId = "@stickerbot:my.matrix.server";
## You should probably encrypt this with either agenix, sops-nix or whatever else
#accessTokenFile = ./stickerbot_access_token.txt;
#sha256 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
packs = [
{
type = "chatsticker";
name = "pompom-tao3";
}
{
type = "directory";
src = ./myHomemadeStickers;
}
];
};
in
{
# TODO: https://gist.github.com/pbsds/a1b03eb8d5602330765b3fd14f621dc5
# separate into separate FODs
}

View File

@ -20,6 +20,8 @@
"/backups"
"/backups/rocm"
"/beets_music"
#"/garage"
#"/garage/gunktrunk"
])
);

4
todos-pulsar.md Normal file
View File

@ -0,0 +1,4 @@
# base
ppm install atom-jinja2 autocomplete-cmake autocomplete-cmake copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust jinja2 language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations
# resolved
ppm install atom-ide-base atom-ide-code-format atom-ide-datatip atom-ide-definitions atom-ide-hyperclick atom-ide-markdown-service atom-ide-outline atom-ide-signature-help atom-jinja2 autocomplete-cmake busy-signal copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust intentions language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines linter linter-ui-default MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations

91
todos.md Normal file
View File

@ -0,0 +1,91 @@
# nice to have
* [ ] nixos-generate-config instructions for new hosts
* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851
* [x] xforwarding over ssh
* [ ] pre-commit hook with 'nix eval ...outPath'
* [x] use `nom` when deploying
# machine park
* [ ] wg
* [ ] remote-builders over wg
* [ ] autogenerate ssh keys for new hosts
* [ ] http health monitoring `services.netdata.httpcheck.checks.<foobar>`
* [ ] switch to systemd networkd
* [x] Setup some remote-development and deploy flow
* [ ] zfs, declarative pools?
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
* [ ] some tunneling for NFS hosts
# ricing
* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix)
* [ ] https://github.com/NixOS/nixpkgs/pull/266094 (see https://nixos.wiki/wiki/Cursor_Themes)
# selfhosting
* [ ] hydra - perfect for CUDA and RISCV
* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix)
* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix)
* [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix)
* [ ] s3: minio or garage
* [ ] mlflow / wandb service
* [x] nfs
* [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix)
* [ ] https://github.com/ibizaman/selfhostblocks?tab=readme-ov-file
* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089
* [ ] homemanager: ip cameras with frigate
* [ ] host older versions of nixpkgs documentation (like 20.09)
* [ ] declarative libvirt
* [ ] https://git.m-labs.hk/M-Labs/wfvm
* [ ] https://github.com/kholia/OSX-KVM
* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?)
* https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855
* https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1
* [ ] profiles/http: make ACME/nginx helper a function
* [ ] Support multiple tlds
* [ ] Support multiple acme accounts
* [ ] Support a per-account provider?
* [ ] Support DNS auth
* [ ] Setup aliases instead of a per-vhost cert?
* [ ] Preferably setup a wildchar cert per host
# framework
# to read
* [ ] https://github.com/ogoid/nixos-expose-cuda
# refactoring
* [x] Split stuff into multiple files
* [x] Make a flake
* [x] merge hosted docs into a single subdomain
# desktop
* [ ] transgui config
* [ ] xclip
* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI
* [ ] desktop entries - https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix
* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix - extend it to work over ssh
* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency
* [x] rocm
* [x] cuda
# gaming
* [ ] https://search.nixos.org/packages?query=heroic
* [ ] htpc/handheld emulation station
* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs)
# security
* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix)
* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix)
# home/pbsds
* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1
* [ ] requires GNOME xstart in home-manager
* [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
* [x] lxterminal
* [ ] replace gnome terminal
* [x] themes
* [x] shortcuts
* [x] pavucontrol
# sops
* [x] secrets - nix-sops ?
* [x] flexget
* [ ] microbin
* [ ] transmission
* [ ] transmission remote gui (requires sops in home-manager)
* [x] domeneshop
* [ ] webdav
* [ ] code-remote
* [ ] add .netrc
* [ ] mint a one true ssh key?
* [ ] then add darwin and aarch64 community remote builders
* [ ] automate adding ssh host public keys to flake

View File

@ -13,6 +13,7 @@
programs.git.enable = true;
programs.git.lfs.enable = true;
programs.git.delta.enable = true;
programs.git.delta.options.max-line-length = 0;
#programs.git.lfs.enable = true;
#programs.git.signing
#programs.git.userName = "pbsds"