From 22a3158e3ccb49269872b0fbef4a80efbb9ef4e6 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Tue, 16 Apr 2024 06:49:45 +0200 Subject: [PATCH] ldsalkjdsalkjdsalkj --- README.md | 92 +-- flake.nix | 16 +- hosts/noximilien/default.nix | 7 +- hosts/sopp/default.nix | 1 + pkgs/mk-nspawn-deployer/setup-nspawn.sh | 44 - .../default.nix | 11 +- pkgs/mk-nspawn-setup/setup-nspawn.sh | 45 ++ pkgs/pdocs.nix | 756 ++++++++++++++++++ profiles/desktop/xboxdrv.nix | 47 ++ profiles/http/default.nix | 4 +- profiles/http/services/garage/gunktrunk.nix | 81 ++ profiles/http/services/snappymail.nix | 115 +++ profiles/http/services/stickers.nix | 28 + profiles/mounts/meconium-nfs.nix | 2 + todos-pulsar.md | 4 + todos.md | 91 +++ users/pbsds/home/profiles/git.nix | 1 + 17 files changed, 1198 insertions(+), 147 deletions(-) delete mode 100644 pkgs/mk-nspawn-deployer/setup-nspawn.sh rename pkgs/{mk-nspawn-deployer => mk-nspawn-setup}/default.nix (52%) create mode 100644 pkgs/mk-nspawn-setup/setup-nspawn.sh create mode 100644 pkgs/pdocs.nix create mode 100644 profiles/desktop/xboxdrv.nix create mode 100644 profiles/http/services/garage/gunktrunk.nix create mode 100644 profiles/http/services/snappymail.nix create mode 100644 profiles/http/services/stickers.nix create mode 100644 todos-pulsar.md create mode 100644 todos.md diff --git a/README.md b/README.md index 9798981..bc93b5b 100644 --- a/README.md +++ b/README.md @@ -1,91 +1 @@ -# Initial setup (old) - - nixos-generate-config - -# Reading list - -* https://nixos.wiki/wiki/Flakes -* https://teu5us.github.io/nix-lib.html -* https://ryantm.github.io/nixpkgs/builders/trivial-builders/ -* https://nixos.wiki/wiki/Nix-writers - -# TODOs: - -* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089 -* [ ] https://github.com/ogoid/nixos-expose-cuda -* [ ] http health monitoring `services.netdata.httpcheck.checks.` -* [x] Split stuff into multiple files -* [x] Make a flake -* [ ] homemanager: ip cameras with frigate -* [x] merge hosted docs into a single subdomain -* [x] Setup some remote-development and deploy flow -* [ ] host older versions of nixpkgs documentation (like 20.09) -* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI -* [ ] desktop entries - * https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix -* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix - * [ ] extend it to work over ssh -* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency -* [ ] https://search.nixos.org/packages?query=heroic -* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs) -* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix) -* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix) -* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix) -* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix) -* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix) -* [ ] shares - * [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix) - * [ ] nfs - * [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix) -* [x] rocm -* [x] cuda -* [ ] xclip -* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851 -* [ ] declarative libvirt - * [ ] https://git.m-labs.hk/M-Labs/wfvm - * [ ] https://github.com/kholia/OSX-KVM -* [ ] s3: minio or garage -* [ ] mlflow / wandb service -* [x] xforwarding over ssh -* [ ] autogenerate ssh keys for new hosts -* [ ] switch to systemd networkd -* [ ] pre-commit hook with 'nix eval ...outPath' -* [x] use `nom` when deploying -* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade -* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc - * [ ] gnome: - * [x] lxterminal - * [ ] replace gnome terminal - * [x] themes - * [x] shortcuts - * [x] pavucontrol -* [ ] nixos-generate-config instructions for new hosts -* [ ] zfs, declarative pools? -* [ ] some tunneling for NFS hosts -* [ ] transgui config -* [x] secrets - nix-sops ? - * [x] flexget - * [ ] microbin - * [ ] transmission - * [ ] transmission remote gui (requires sops in home-manager) - * [x] domeneshop - * [ ] webdav - * [ ] code-remote - * [ ] add .netrc -* [ ] hydra - * perfect for CUDA and RISCV -* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?) - * https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855 - * https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1 -* [ ] profiles/http: make ACME/nginx helper a function - * [ ] Support multiple tlds - * [ ] Support multiple acme accounts - * [ ] Support a per-account provider? - * [ ] Support DNS auth - * [ ] Setup aliases instead of a per-vhost cert? - * [ ] Preferably setup a wildchar cert per host -* [ ] once secrets are in place: coin a one true ssh key, automate adding ssh host public keys to flake - * [ ] then add darwin and aarch64 community remote builders -* [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3 -* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1 - * [ ] requires GNOME xstart in home-manager +( ͡° ͜ʖ ͡°) diff --git a/flake.nix b/flake.nix index 0494cf8..fca3076 100644 --- a/flake.nix +++ b/flake.nix @@ -53,6 +53,10 @@ sops-nix-2305.inputs.nixpkgs.follows = "nixpkgs-2305"; sops-nix-2305.inputs.nixpkgs-stable.follows = "nixpkgs-2305"; + ## https://github.com/h7x4/maunium-stickerpicker-nix + #maunium-stickerpicker-nix.url = "github:h7x4/maunium-stickerpicker-nix"; + #maunium-stickerpicker-nix.inputs.nixpkgs.follows = "nixpkgs-2311"; + /** / https://willbush.dev/blog/impermanent-nixos/ matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix @@ -199,7 +203,7 @@ nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" "nixpkgs-unstable=${inputs.unstable}" - "nixpkgs-git=github:NixOS/nixpkgs/nixos-unstable-small" + "nixpkgs-git=github:NixOS/nixpkgs/refs/tags/nixos-unstable-small" # is this right? ]; }); mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem { @@ -298,8 +302,8 @@ nixosReports = mkHosts (mkReport []); packages = forAllSystems ({ inputs, pkgs, lib, flakes, ... }: let - mk-nspawn-deployer = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk - (pkgs.callPackage ./pkgs/mk-nspawn-deployer {}) + mk-nspawn-setup = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk + (pkgs.callPackage ./pkgs/mk-nspawn-setup {}) (mkHosts (mkConfig [ "${nixos-nspawn}/nspawn-tarball.nix" ])).${hostname}; in { # TODO: get faketty to work ${expect}/bin/unbuffer is bad @@ -311,9 +315,11 @@ fi ''; - nspawn-setup-brumlebasse = mk-nspawn-deployer "brumlebasse"; + device-mon = pkgs.callPackage ./pkgs/device-mon {}; + #pdoc-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs; + #pdoc3-docs = (pkgs.callPackage ./pkgs/pdocs.nix {}).pdocs3; - # nixos-generators images + nspawn-setup-brumlebasse = mk-nspawn-setup "brumlebasse"; image-brumlebasse-openstack = nixos-generators-2311.nixosGenerate { system = "x86_64-linux"; specialArgs = { inherit inputs flakes; }; diff --git a/hosts/noximilien/default.nix b/hosts/noximilien/default.nix index b01c9a0..452d9c2 100644 --- a/hosts/noximilien/default.nix +++ b/hosts/noximilien/default.nix @@ -7,7 +7,7 @@ imports = [ ./hardware-configuration.nix ../../profiles/sshd.nix - ../../profiles/podman.nix + #../../profiles/oci/podman.nix ../../profiles/vpn-pbsds/headscale.nix # opens port 3478 @@ -47,9 +47,11 @@ ../../profiles/http/services/polaris.nix #../../profiles/http/services/resilio.nix ../../profiles/http/services/roundcube.nix + #../../profiles/http/services/snappymail.nix # WIP ../../profiles/http/services/thelounge.nix ../../profiles/http/services/vaultwarden.nix ../../profiles/http/services/webdav-zotero.nix + #../../profiles/http/services/garage/gunktrunk.nix #../../profiles/http/services/convos.nix #../../profiles/http/services/cryptpad.nix #../../profiles/http/services/galene.nix @@ -64,6 +66,8 @@ #../../profiles/http/services/censordodge.nix #../../profiles/http/services/openspeedtest.nix + /**/ + # TODO: move to brumle ../../profiles/http/docs ../../profiles/http/docs/pdoc.nix ../../profiles/http/docs/python-docs.nix @@ -72,6 +76,7 @@ ../../profiles/http/docs/linux-docs.nix ../../profiles/http/docs/programs.nix ../../profiles/http/docs/yagcd.nix + /**/ #../../profiles/http/sites/linktree-pbsds.nix # github bby!! TODO: remove ../../profiles/http/sites/refleksjon-no.nix diff --git a/hosts/sopp/default.nix b/hosts/sopp/default.nix index 701fd67..6e5f309 100644 --- a/hosts/sopp/default.nix +++ b/hosts/sopp/default.nix @@ -43,6 +43,7 @@ ../../profiles/desktop/sound/pipewire.nix ../../profiles/desktop/steam.nix + #../../profiles/desktop/xboxdrv.nix # TODO: try out ../../profiles/desktop/lutris.nix ../../profiles/desktop/flatpak.nix diff --git a/pkgs/mk-nspawn-deployer/setup-nspawn.sh b/pkgs/mk-nspawn-deployer/setup-nspawn.sh deleted file mode 100644 index 9c1d7a9..0000000 --- a/pkgs/mk-nspawn-deployer/setup-nspawn.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash - -# TODO: assert correct system - -NSPAWN=nixos-@hostname@ - -TARBALL=./"$NSPAWN".tar #"https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" - -test $(id -u) -eq 0 || { - >&2 echo you must run this as root - exit 1 -} - -install_pkg() { - # TODO: use bash hashmaps to map from apt to other package managers - # * [x] apt - # * [ ] apk - # * [ ] pacman - # * [ ] dnf - DEBIAN_FRONTEND=noninteractive apt install -y "$@" -} - - -if ! >/dev/null command -v systemd-nspawn; then - # TODO: support more than ubuntu - install_pkg systemd-container -fi - -machinectl remove "$NSPAWN" || true # TODO: interactive? -#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN" --verify=no -machinectl import-tar "$TARBALL" "$NSPAWN" - -# use host network -cat <<"EOF" > /etc/systemd/nspawn/"$NSPAWN".nspawn -[Network] -VirtualEthernet=no -EOF - -machinectl enable "$NSPAWN" -machinectl start "$NSPAWN" -echo Setting root password... -machinectl shell "$NSPAWN" /usr/bin/env passwd - -machinectl status "$NSPAWN" diff --git a/pkgs/mk-nspawn-deployer/default.nix b/pkgs/mk-nspawn-setup/default.nix similarity index 52% rename from pkgs/mk-nspawn-deployer/default.nix rename to pkgs/mk-nspawn-setup/default.nix index 7b25901..75d88a5 100644 --- a/pkgs/mk-nspawn-deployer/default.nix +++ b/pkgs/mk-nspawn-setup/default.nix @@ -2,12 +2,13 @@ , pkgs }: -# assumes nspawn-tarball.nix is mixed into it +# this assumes github:tfc/nspawn-nixos nspawn-tarball.nix is mixed into it nixosConfiguration: let hostname = nixosConfiguration.config.networking.hostName; + inherit (nixosConfiguration.config.nixpkgs) system; setup = pkgs.substituteAll { src = ./setup-nspawn.sh; @@ -23,7 +24,9 @@ pkgs.runCommandNoCC "nspawn-setup-${hostname}.sh" { nativeBuildInputs = with pkgs; [ makeself ]; } '' mkdir -p archive/ - ln -s ${setup} archive/setup.sh - ln -s ${tarball}/* archive/nixos-${hostname}.tar - makeself --follow archive/ $out setup-nixos-nspawn-${hostname} ./setup.sh + ln -s ${setup} archive/setup.sh + ln -s ${tarball}/tarball/nixos-system-${system}.tar.xz archive/nixos-${hostname}.tar.xz + + echo tarball: ${tarball} + makeself --nocomp --follow archive/ $out "setup-nixos-nspawn-${hostname}" ./setup.sh '' diff --git a/pkgs/mk-nspawn-setup/setup-nspawn.sh b/pkgs/mk-nspawn-setup/setup-nspawn.sh new file mode 100644 index 0000000..6295fc6 --- /dev/null +++ b/pkgs/mk-nspawn-setup/setup-nspawn.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env bash + +# TODO: assert correct system + +NSPAWN_NAME=nixos-@hostname@ +TARBALL=./nixos-@hostname@.tar.xz + +test $(id -u) -eq 0 || { + >&2 echo you must run this as root + exit 1 +} + +if ! >/dev/null command -v systemd-nspawn; then + >&2 echo "systemd-nspawn" not found in PATH + >&2 echo consider installing 'systemd-container' + exit 1 +fi + +if ! >/dev/null command -v machinectl; then + >&2 echo "machinectl" not found in PATH + >&2 echo consider installing 'systemd-container' + exit 1 +fi + +set -ex + +machinectl remove "$NSPAWN_NAME" || true # TODO: is this interactive? +#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN_NAME" --verify=no +machinectl import-tar "$TARBALL" "$NSPAWN_NAME" + +# use host network +mkdir -p /etc/systemd/nspawn +tee /etc/systemd/nspawn/"$NSPAWN_NAME".nspawn <<"EOF" +[Network] +VirtualEthernet=no +EOF + +NSPAWN_NAME=nixos-brumlebasse +machinectl enable "$NSPAWN_NAME" +machinectl start "$NSPAWN_NAME" + +echo Please set a root password +machinectl shell "$NSPAWN_NAME" /usr/bin/env passwd + +machinectl status "$NSPAWN_NAME" diff --git a/pkgs/pdocs.nix b/pkgs/pdocs.nix new file mode 100644 index 0000000..0d3b612 --- /dev/null +++ b/pkgs/pdocs.nix @@ -0,0 +1,756 @@ +{ lib +, pkgs +}: + +# TODO: pagefind + +let + python-builtins = [ + "builtins" + "os" + "array" + "sys" + "time" + "traceback" + "pathlib" + "itertools" + "functools" + "unittest" + "argparse" + "asyncio" + "textwrap" + "collections" + "configparser" + "concurrent" + "contextlib" + "operator" + "pickle" + "copy" + "ctypes" + "pprint" + "shlex" + "re" + "abc" + "ast" + "random" + "shutil" + "sqlite3" + "subprocess" + "statistics" + "string" + "tarfile" + "typing" + "uuid" + "warnings" + "wave" + "dataclasses" + "glob" + "gzip" + "inspect" + "json" + "base64" + "zipfile" + ]; + + + #python-packages = with pkgs.python3Packages; [ cached-property ]; + + #python-packages = lib.pipe pkgs.python3Packages [ + # builtins.attrValues + # (builtins.filter lib.isDerivation) + #]; + /** / + python-packages = with pkgs.python3Packages; [ + more-itertools + altair + pygal + vispy + seaborn + bokeh + plotly + tabulate + wavefile + moderngl + pydantic + typer + ptpython + colorama + pyjwt + zipp + aiofiles + aafigure + urllib3 + tesserocr + trio + starlette + pyverilog + nixpkgs + wavedrom + httpx + pyquery + mpv + beautifulsoup4 + hid + hidapi + #sanic # broken build? + paramiko + pydub + aiohttp + papermill + rtoml + redis + numpy + #domeneshop + munch + migen + amaranth + click + attrs + graphviz + baron + redbaron + fastapi + pytest + #pyglet # pyglet.com fails, windows only + #pygame # pygame.movie fails on pdoc3, pdoc hangs + plotly + peewee + parsel + pandas + #mutmut # moved to toplevel from python3Packages + mlflow + meshio + #einops # depends on tensorflow, which is broken ATM + aiodns + json5 + seaborn + matplotlib + dash + rarfile + pyramid + pygtail + codecov + nbconvert + humanfriendly + pendulum + jsonpickle + cachetools + wrapt + lxml + chardet + yarl + frozenlist + itsdangerous + xmltodict + cached-property + toolz + aioitertools + coconut + asyncpg + aiopg + libsass + pytorch + pytorch-lightning + pillow + trio + tqdm + rich + pudb + pony + mido + jedi + h5py + atom + toml + pyyaml + jinja2 + requests + h5py + imageio + pygments + trimesh + shapely + #faiss + #geomloss + #mesh_to_sdf + #pyrender + ]; + /**/ + python-packages = with pkgs.python3Packages; [ + aiocurrencylayer + aioitertools + aiolifx-connection + aiolifx-effects + aiomisc + aionotify + aiorun + aioshutil + aiozeroconf + alembic + aliyun-python-sdk-dbfs + allure-python-commons-test + amply + angr + aniso8601 + anonip + ansible + ansicolor + ansiwrap + apptools + aprslib + aqipy-atmotech + arc4 + argcomplete + args + arpeggio + asgi-csrf + asn1tools + aspectlib + astor + async-lru + asynccmd + asyncio-throttle + asynctest + asysocks + atom + atomicwrites-homeassistant + attrdict + autopage + autopep8 + avea + avro3k + awacs + awswrangler + azure-mgmt-nspkg + b2sdk + behave + bitarray + bitcoinrpc + bitlist + bluetooth-auto-recovery + bnunicodenormalizer + boschshcpy + bottleneck + brelpy + bsddb3 + bson + bunch + cart + casa-formats-io + cftime + chacha20poly1305 + cmigemo + coapthon3 + cogapp + coinmetrics-api-client + commentjson + cons + contexttimer + contourpy + coreapi + cppheaderparser + dash-table + dask-jobqueue + decli + deep-chainmap + diceware + diff-cover + django-bootstrap4 + django-cache-url + django-cacheops + django-celery-results + django-compressor + django-picklefield + django-reversion + django-tables2 + djangorestframework-guardian2 + djmail + doit-py + dotmap + drf-nested-routers + dugong + dunamai + dvc-render + entrance-with-router-features + ephemeral-port-reserve + et_xmlfile + eth-hash + eth-keys + eve + exdown + exif + face + fastbencode + fastcache + fastentrypoints + fe25519 + filetype + fingerprints + fire + fixtures + flake8-future-import + flask-gravatar + flask-swagger + flask-swagger-ui + fpdf + fs + ftputil + funcparserlib + funcy + fuzzywuzzy + gbinder-python + gcovr + generic + geoip + geojson + ghrepo-stats + gibberish-detector + google-cloud-bigquery-logging + google-cloud-dns + gpaw + graphql-server-core + greeclimate + gunicorn + gvm-tools + headerparser + heapdict + hijri-converter + hledger-utils + htmllaundry + httpie + httpx + hyperlink + imageio-ffmpeg + imaplib2 + importlib-resources + inotifyrecursive + inquirer + insteon-frontend-home-assistant + intelhex + interface-meta + ipwhl + irctokens + isounidecode + itemloaders + iteration-utilities + itsdangerous + itypes + jaeger-client + javaproperties + jax + joblib + json-rpc + json-tricks + jsonpatch + junit-xml + jupyter-cache + jupyter-packaging + jupyterlab-pygments + jupyterlab_launcher + jxmlease + keyrings-cryptfile + korean-lunar-calendar + kubernetes + language-data + lazy + lcov_cobertura + ldap3 + ledger + libais + libarchive-c + libarcus + libgpuarray + license-expression + lightwave + lima + lit + lockfile + log-symbols + luhn + m3u8 + magic-wormhole + mail-parser + manhole + markups + marshmallow-oneofschema + marshmallow-polyfield + mastodon-py + maxminddb + mdurl + mdutils + meep + mergedict + merkletools + mip + mkdocs + mkdocs-material-extensions + msoffcrypto-tool + multimethod + multipart + multiprocess + mypy + nanoid + napalm + napalm-hp-procurve + nbdime + nbformat + nbval + ndtypes + neo4j + nessclient + netdata + nose-randomly + notebook-shim + nsz + nulltype + ome-zarr + onetimepass + oocsi + opsdroid_get_image_size + opytimark + oracledb + pa-ringbuffer + pad4pi + papermill + parsimonious + parsley + pcapy-ng + pdoc + phonopy + pick + picobox + pipdate + pkce + pkgconfig + pkginfo + plantuml + platformdirs + plum-py + plyer + plyvel + progressbar33 + prometheus-client + promise + prox-tv + pulumi-command + pure-cdb + py-dmidecode + py-multiaddr + py-multibase + py-nextbusnext + py-zabbix + pyaehw4a1 + pyatv + pybullet + pycangjie + pycddl + pycep-parser + pydevccu + pyftdi + pyfume + pygatt + pygetwindow + pyglet + pygmars + pyhcl + pyheos + pyinstrument + pykdtree + pylint-flask + pymeeus + pymetar + pymodbus + pymysensors + pypdf + pypdf3 + pyprind + pyqtwebengine + pyrainbird + pyrmvtransport + pyro5 + pyrogram + pyrr + pyscss + pysdl2 + pysearpc + pysensors + pyside2 + pysmf + pysmi + pysml + pysmt + pysnmp-pyasn1 + pyspf + pysvg-py3 + pysychonaut + pytest-bdd + pytest-catchlog + pytest-django + pytest-expect + pytest-factoryboy + pytest-flask + pytest-isort + pytest-relaxed + pytest-snapshot + pytest-socket + pytest-virtualenv + pytestcache + python-baseconv + python-bidi + python-daemon + python-decouple + python-editor + python-ipware + python-ldap-test + python-packer + python-socketio + python-status + python-u2flib-server + pytimeparse + pytm + pytzdata + pyvisa + pywemo + pyworld + pyxl3 + qtile + reactivex + rebulk + reikna + related + repath + repoze_lru + requests-pkcs12 + requirements-parser + result + retrying + rich-argparse-plus + rivet + rouge-score + rtp + rx + safe + sasmodels + scikit-bio + scikit-fmm + seccomp + securetar + sendgrid + sentence-transformers + serialio + setuptools-git + sexpdata + sfrbox-api + sh + sievelib + simber + simpleaudio + simpleeval + snapshottest + soapysdr + somajo + speedtest-cli + sphinx_pypi_upload + sphinxcontrib-openapi + sqlobject + starkbank-ecdsa + starlette + staticjinja + stdiomask + strategies + stravalib + strenum + strictyaml + stringcase + stringly + sympy + syncer + sysv_ipc + tabview + takethetime + tblite + tcolorpy + termstyle + testing-common-database + textacy + textwrap3 + textx + tweepy + twilio + twitter-common-collections + twitter-common-confluence + types-futures + types-redis + types-urllib3 + typesystem + udatetime + ukpostcodeparser + unicrypto + unidecode + unidic-lite + unpaddedbase64 + update-copyright + ush + vdirsyncer + vector + venusian + versioneer + veryprettytable + videocr + voluptuous-stubs + volvooncall + wakeonlan + web + webcolors + webhelpers + wfuzz + whichcraft + widlparser + winacl + wordfreq + ws4py + wsdiscovery + wsgi-intercept + xdg + xhtml2pdf + xstatic-jquery-file-upload + xstatic-pygments + yamllint + yaramod + yubico + zarr + zc_lockfile + zigpy-zigate + zigpy-znp + zipstream + zipstream-ng + zope_proxy + zope_schema + zopfli + ]; + /**/ + + mkPdoc = use-pdoc3: drv: let + isBuiltin = !lib.isDerivation drv; + name = if isBuiltin then drv else drv.pname; + desc = if isBuiltin then "builtin" else drv.meta.description; + version = if isBuiltin then "-" else drv.version; + homepage = if isBuiltin + then "https://docs.python.org/3/library/${drv}.html" + else drv.meta.homepage or "-"; + doc = pkgs.runCommand "pdoc${if use-pdoc3 then "3" else ""}-${name}-docs" { + nativeBuildInputs = (if use-pdoc3 + then [pkgs.python3Packages.pdoc3] + else [pkgs.python3Packages.pdoc]) + ++ lib.optionals (!isBuiltin) [ drv ] + ++ lib.optionals (!isBuiltin) (lib.pipe (drv.passthru.optional-dependencies or {}) [ + builtins.attrValues + lib.flatten + (builtins.filter (drv': + (builtins.tryEval drv'.outPath).success + )) + ]); + + env.NAME = lib.toLower name; + env.DESC = lib.escapeXML desc; + # TODO: license + # TODO: build html with something better than bash + } '' + LITERALS=() + ${lib.optionalString isBuiltin '' + LITERALS+=("${name}") + _tmp="$(python -c 'import ${name}; print((getattr(${name}, "__doc__", "") or "builtin").split("\n")[0])')" + test "$?" -eq 0 && DESC="$_tmp" + ''} + ${lib.optionalString (!isBuiltin) '' + LITERALS+=(${lib.escapeShellArgs ( + (drv.pythonImportsCheck or []) ++ + (drv.pythonImportsExtraCheck or []) + )}) + + pushd ${drv}/${pkgs.python3.sitePackages} + shopt -s globstar + #for fname in **/*; do + for fname in *; do + if test -f "$fname" && ( test "''${fname##*.}" = "py" || test "''${fname##*.}" = "so" ) ; then + [[ "$fname" =~ (^|/)"_"* ]] && continue + LITERALS+=("$(echo "''${fname%%.py*}" | tr "/-" "._" )") + elif test -d "$fname" && test -f "$fname"/__init__.py; then + LITERALS+=("$(echo "$fname" | tr "/-" "._" )") + fi + done + popd + + # make unique + LITERALS=( $(printf "%q\n" "''${LITERALS[@]}" | sort -u) ) + echo "''${LITERALS[0]}" + ''} + + ( timeout 900s ${if !use-pdoc3 + then ''pdoc --no-search --math --no-browser --output-directory $out "''${LITERALS[@]}"'' + else ''pdoc3 --skip-errors --output-dir $out --html "''${LITERALS[@]}" --force'' + } 2>&1 | tee "$NAME".log ) || true + mkdir -p $out + cp "$NAME".log $out + test -f $out/index.html && rm -v $out/index.html + + function write { + { printf "%s" "$@"; echo; } >> $out/index.part-"$NAME".html + } + + write "" + if test -f $out/"''${LITERALS[0]}".html; then + write "${lib.escapeXML name}" + elif test -d $out/"''${LITERALS[0]}"; then + write "${lib.escapeXML name}" + else + write "${lib.escapeXML name}" + fi + write "${version}" + if test -s $out/$NAME.log; then + write "log" + else + write "-" + fi + write "$DESC" + ${if homepage == "-" then '' + write "n/a" + '' else '' + write "${homepage}" + ''} + write "" + ''; + fallback = pkgs.writeTextDir "index.part-${lib.toLower name}.html" '' + + ${lib.escapeXML name} + ${version} + ⨯ + ${lib.escapeXML desc} + ${if homepage == "-" then + "n/a" + else + ''${homepage}'' + } + + ''; + in if (builtins.tryEval doc.outPath).success + then doc + else fallback; + + mkPdocs = use-pdoc3: with builtins; pkgs.symlinkJoin { + name = "pdoc-docs"; + paths = map (mkPdoc use-pdoc3) (python-builtins ++ python-packages); + # note: globs are sorted + postBuild = '' + shopt -s nocaseglob + >>$out/index.html echo "" + >>$out/index.html echo "" + >>$out/index.html cat $out/index.part-*.html + >>$out/index.html echo "
nameversionlogdescriptionhomepage
" + rm $out/index.part-*.html + ''; + }; +in { + pdocs = mkPdocs false; + pdocs3 = mkPdocs true; +} diff --git a/profiles/desktop/xboxdrv.nix b/profiles/desktop/xboxdrv.nix new file mode 100644 index 0000000..844b989 --- /dev/null +++ b/profiles/desktop/xboxdrv.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: + +# based on +# https://github.com/yurifrl/NixFiles/blob/3b36740fb4063574247d5741247fb1bdf92520d8/modules/programs/xboxdrv.nix#L11 +# https://github.com/Lassulus/superconfig/blob/0ac6dfb43ece63b6b3132aa7b56aa3366c7ed95d/machines/xerxes/config.nix#L43 + +# transitive links: +# https://github.com/NixOS/nixpkgs/issues/25490 +# https://www.reddit.com/r/RetroPie/comments/bi5bm4/psa_new_method_for_disabling_ertm_fix_controller/ +# https://github.com/baracoder/nix/blob/master/configuration.nix +# https://www.reddit.com/r/NixOS/comments/a7g4oi/declaratively_setting_sysfs_properties/ +# https://nixos.org/nixos/options.html#kernel.sysctl +# https://github.com/timor/timor-overlay/blob/d49783d2880b730cd67dbe6700ea2968f893b32e/modules/xbox360-wireless.nix +# https://github.com/phildenhoff/pd/blob/44025561b223df9901e4415650deae08b1077865/dotfiles/entertainment.nix + +let + + configFile = pkgs.writeFile "xboxdrv.ini" '' + [xboxdrv] + silent = true + device-name = "Xbox 360 Wireless Receiver" + mimic-xpad = true + deadzone = 4000 + [xboxdrv-daemon] + dbus = disabled + ''; + +in + +{ + boot.blacklistedKernelModules = [ "xpad" ]; + + environment.systemPackages = [ pkgs.xboxdrv ]; + + #environment.etc."default/xboxdrv".text = '' + systemd.services.xboxdrv = { + inherit (pkgs.xboxdrv.meta) description; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = '' + ${pkgs.xboxdrv}/bin/xboxdrv --daemon --config ${configFile} + ''; + Restart = "always"; + RestartSec = 3; + }; + }; +} diff --git a/profiles/http/default.nix b/profiles/http/default.nix index 9b34ce5..5fa187f 100644 --- a/profiles/http/default.nix +++ b/profiles/http/default.nix @@ -8,12 +8,12 @@ in #(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases)) (lib.mapAttrsToList (domain: vhost: [ domain ])) lib.flatten - #(builtins.filter (domain: domain != "")) + (builtins.filter (domain: domain != "")) (lib.sort (x: y: x/dev/null + cp /tmp/foobar123/_data_/_default_/configs/application.ini $out + ''; + + extendIni = baseFile: fname: args: pkgs.runCommand fname { # eww + preferLocalBuild = true; + nativeBuildInputs = [ pkgs.initool ]; + } '' + cat ${baseFile} | + ${lib.pipe args [ + (lib.mapAttrsToList (section: data: lib.mapAttrsToList (key: val: { inherit section key val; }) data)) + lib.flatten + (builtins.map ({ section, key, val }: '' + initool s - ${lib.escapeShellArgs [ section key val ]} | + '')) + lib.concatStrings + ]} + cat > $out + ''; + + modifiedIni = with builtins; extendIni baseIni "application.ini" { + webmail.title = "pbsds SnappyMail"; + webmail.loading_description = "pbsds SnappyMail"; + webmail.messages_per_page = 20; + + contacts.type = "pgsql"; + contacts.pdo_dsn = ''"pgsql:host=/run/postgresql;port=${toString config.services.postgresql.port};dbname=snappymail"''; + contacts.pdo_user = "snappymail"; + contacts.pdo_password = ""; + + login.default_domain = "imap.fyrkat.no"; + #security.allow_admin_panel = "Off"; + }; + +in +{ + services.phpfpm.pools.snappymail = { + user = "snappymail"; + group = "snappymail"; + phpOptions = toKeyValue { + upload_max_filesize = maxUploadSize; + post_max_size = maxUploadSize; + memory_limit = maxUploadSize; + }; + settings = { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "pm" = "ondemand"; + "pm.max_children" = 32; + "pm.process_idle_timeout" = "10s"; + "pm.max_requests" = 500; + }; + }; + + services.postgresql.ensureDatabases = [ "snappymail" ]; + services.postgresql.ensureUsers = [ + { + name = "snappymail"; + ensurePermissions."DATABASE snappymail" = "ALL PRIVILEGES"; + } + ]; + + #services.nginx.preStart = '' + systemd.services."phpfpm-snappymail".preStart = '' + mkdir -p /var/lib/snappymail/_data_/_default_/configs + ln -sf ${modifiedIni} /var/lib/snappymail/_data_/_default_/configs/application.ini + ''; + + services.nginx.virtualHosts.${mkDomain "snappymail"} = { + forceSSL = true; # addSSL = true; + enableACME = true; #useACMEHost = acmeDomain; + locations."/".extraConfig = '' + index index.php; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + ''; + locations."^~ /data".extraConfig = '' + deny all; + ''; + locations."~ \.php$".extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket}; + ''; + extraConfig = '' + client_max_body_size ${maxUploadSize}; + ''; + root = pkgs.snappymail.override { + dataPath = "/var/lib/snappymail"; # the default + }; + }; + + users.users.snappymail = { + isSystemUser = true; + createHome = true; + home = "/var/lib/snappymail"; + group = "snappymail"; + }; + users.groups.snappymail = {}; + +} diff --git a/profiles/http/services/stickers.nix b/profiles/http/services/stickers.nix new file mode 100644 index 0000000..ffe70e3 --- /dev/null +++ b/profiles/http/services/stickers.nix @@ -0,0 +1,28 @@ +{ config, lib, mkDomain, flakes, ... }: + +let + myStickerPicker = flakes.maunium-stickerpicker-nix.createStickerPicker { + #homeserver = "https://matrix.pvv.ntnu.no"; + #userId = "@stickerbot:my.matrix.server"; + ## You should probably encrypt this with either agenix, sops-nix or whatever else + #accessTokenFile = ./stickerbot_access_token.txt; + #sha256 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + packs = [ + { + type = "chatsticker"; + name = "pompom-tao3"; + } + { + type = "directory"; + src = ./myHomemadeStickers; + } + ]; + }; +in + +{ + + # TODO: https://gist.github.com/pbsds/a1b03eb8d5602330765b3fd14f621dc5 + # separate into separate FODs + +} diff --git a/profiles/mounts/meconium-nfs.nix b/profiles/mounts/meconium-nfs.nix index 5415f5e..70a8611 100644 --- a/profiles/mounts/meconium-nfs.nix +++ b/profiles/mounts/meconium-nfs.nix @@ -20,6 +20,8 @@ "/backups" "/backups/rocm" "/beets_music" + #"/garage" + #"/garage/gunktrunk" ]) ); diff --git a/todos-pulsar.md b/todos-pulsar.md new file mode 100644 index 0000000..cb9479f --- /dev/null +++ b/todos-pulsar.md @@ -0,0 +1,4 @@ +# base +ppm install atom-jinja2 autocomplete-cmake autocomplete-cmake copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust jinja2 language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations +# resolved +ppm install atom-ide-base atom-ide-code-format atom-ide-datatip atom-ide-definitions atom-ide-hyperclick atom-ide-markdown-service atom-ide-outline atom-ide-signature-help atom-jinja2 autocomplete-cmake busy-signal copy-highlighted editorconfig fonts graphviz-preview-plus ide-bash ide-clangd ide-rust intentions language-arduino language-armasm language-autoit language-batch language-bison-flex language-cmake language-cython language-dg language-diff language-docker language-dot language-glsl language-haskell language-ini language-latex language-lua language-markdown language-scala language-systemverilog language-velocity language-verilog language-vhdl language-zonefile lines linter linter-ui-default MagicPython markdown-preview-plus markdown-table-editor nix on-save pigments pulsar-ide-python railscast-theme-markup remote-atom selection-highlight shell-it simple-align zotero-citations diff --git a/todos.md b/todos.md new file mode 100644 index 0000000..0a73ba7 --- /dev/null +++ b/todos.md @@ -0,0 +1,91 @@ +# nice to have +* [ ] nixos-generate-config instructions for new hosts +* [ ] `profiles/singularity.nix` https://github.com/NixOS/nixpkgs/issues/230851 +* [x] xforwarding over ssh +* [ ] pre-commit hook with 'nix eval ...outPath' +* [x] use `nom` when deploying +# machine park +* [ ] wg +* [ ] remote-builders over wg +* [ ] autogenerate ssh keys for new hosts +* [ ] http health monitoring `services.netdata.httpcheck.checks.` +* [ ] switch to systemd networkd +* [x] Setup some remote-development and deploy flow +* [ ] zfs, declarative pools? +* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade +* [ ] some tunneling for NFS hosts +# ricing +* [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix) +* [ ] https://github.com/NixOS/nixpkgs/pull/266094 (see https://nixos.wiki/wiki/Cursor_Themes) +# selfhosting +* [ ] hydra - perfect for CUDA and RISCV +* [ ] [avahi](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/avahi/default.nix) +* [ ] [kvm](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/virtualisation/kvm/default.nix) +* [ ] [samba](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/services/samba/default.nix) +* [ ] s3: minio or garage +* [ ] mlflow / wandb service +* [x] nfs +* [x] [zfs](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/system/zfs/default.nix) +* [ ] https://github.com/ibizaman/selfhostblocks?tab=readme-ov-file +* [x] https://discourse.nixos.org/t/jsonresume-nix-build-and-deploy-your-resume-with-nix/34089 +* [ ] homemanager: ip cameras with frigate +* [ ] host older versions of nixpkgs documentation (like 20.09) +* [ ] declarative libvirt + * [ ] https://git.m-labs.hk/M-Labs/wfvm + * [ ] https://github.com/kholia/OSX-KVM +* [ ] self-hosted binary cache (single-machine) (nix-serve, carinae, harmonia, eris or attic, ssh?) + * https://discourse.nixos.org/t/announcing-harmonia-a-nix-binary-cache-written-in-rust/19855 + * https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343/1 +* [ ] profiles/http: make ACME/nginx helper a function + * [ ] Support multiple tlds + * [ ] Support multiple acme accounts + * [ ] Support a per-account provider? + * [ ] Support DNS auth + * [ ] Setup aliases instead of a per-vhost cert? + * [ ] Preferably setup a wildchar cert per host +# framework +# to read +* [ ] https://github.com/ogoid/nixos-expose-cuda +# refactoring +* [x] Split stuff into multiple files +* [x] Make a flake +* [x] merge hosted docs into a single subdomain +# desktop +* [ ] transgui config +* [ ] xclip +* [x] add a hidpi profile? https://wiki.archlinux.org/title/HiDPI +* [ ] desktop entries - https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/hey/default.nix +* [ ] https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/packages/xdg-open-with-portal/default.nix - extend it to work over ssh +* [ ] https://github.com/fufexan/nix-gaming/tree/b090e8b7e463d9c437536b25a0e9af3477a269e9#pipewire-low-latency +* [x] rocm +* [x] cuda +# gaming +* [ ] https://search.nixos.org/packages?query=heroic +* [ ] htpc/handheld emulation station +* [ ] [doukutsu-rs](https://github.com/jakehamilton/config/tree/579827c699d9c78bd42e73f543eafb05a0d6c374#doukutsu-rs) +# security +* [ ] [gpg](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/gpg/default.nix) +* [ ] [keyring](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/keyring/default.nix) +# home/pbsds +* [ ] wrap windowmanager in nixGL on non-nixos https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/profiles/xsession/default.nix#LL138C1-L138C1 + * [ ] requires GNOME xstart in home-manager + * [ ] https://github.com/dali99/nix-dotfiles/blob/85dcafb4e0b8382a3d04b9a5f63afd01a4144143/machines/pvv-terminal.nix#L3 +* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc +* [x] lxterminal +* [ ] replace gnome terminal +* [x] themes +* [x] shortcuts +* [x] pavucontrol +# sops +* [x] secrets - nix-sops ? +* [x] flexget +* [ ] microbin +* [ ] transmission +* [ ] transmission remote gui (requires sops in home-manager) +* [x] domeneshop +* [ ] webdav +* [ ] code-remote +* [ ] add .netrc +* [ ] mint a one true ssh key? + * [ ] then add darwin and aarch64 community remote builders +* [ ] automate adding ssh host public keys to flake diff --git a/users/pbsds/home/profiles/git.nix b/users/pbsds/home/profiles/git.nix index 6a96724..814f414 100644 --- a/users/pbsds/home/profiles/git.nix +++ b/users/pbsds/home/profiles/git.nix @@ -13,6 +13,7 @@ programs.git.enable = true; programs.git.lfs.enable = true; programs.git.delta.enable = true; + programs.git.delta.options.max-line-length = 0; #programs.git.lfs.enable = true; #programs.git.signing #programs.git.userName = "pbsds"