ldsalkjdsalkjdsalkj

2024-04-16 06:49:45 +02:00
parent 1cc9257346
commit 22a3158e3c
17 changed files with 1198 additions and 147 deletions
--- a/profiles/desktop/xboxdrv.nix
+++ b/profiles/desktop/xboxdrv.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+# based on
+# https://github.com/yurifrl/NixFiles/blob/3b36740fb4063574247d5741247fb1bdf92520d8/modules/programs/xboxdrv.nix#L11
+# https://github.com/Lassulus/superconfig/blob/0ac6dfb43ece63b6b3132aa7b56aa3366c7ed95d/machines/xerxes/config.nix#L43
+
+# transitive links:
+# https://github.com/NixOS/nixpkgs/issues/25490
+# https://www.reddit.com/r/RetroPie/comments/bi5bm4/psa_new_method_for_disabling_ertm_fix_controller/
+# https://github.com/baracoder/nix/blob/master/configuration.nix
+# https://www.reddit.com/r/NixOS/comments/a7g4oi/declaratively_setting_sysfs_properties/
+# https://nixos.org/nixos/options.html#kernel.sysctl
+# https://github.com/timor/timor-overlay/blob/d49783d2880b730cd67dbe6700ea2968f893b32e/modules/xbox360-wireless.nix
+# https://github.com/phildenhoff/pd/blob/44025561b223df9901e4415650deae08b1077865/dotfiles/entertainment.nix
+
+let
+
+  configFile = pkgs.writeFile "xboxdrv.ini" ''
+    [xboxdrv]
+    silent = true
+    device-name = "Xbox 360 Wireless Receiver"
+    mimic-xpad = true
+    deadzone = 4000
+    [xboxdrv-daemon]
+    dbus = disabled
+  '';
+
+in
+
+{
+  boot.blacklistedKernelModules = [ "xpad" ];
+
+  environment.systemPackages = [ pkgs.xboxdrv ];
+
+  #environment.etc."default/xboxdrv".text = ''
+  systemd.services.xboxdrv = {
+    inherit (pkgs.xboxdrv.meta) description;
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      ExecStart = ''
+        ${pkgs.xboxdrv}/bin/xboxdrv --daemon --config ${configFile}
+      '';
+      Restart = "always";
+      RestartSec = 3;
+    };
+  };
+}
--- a/profiles/http/default.nix
+++ b/profiles/http/default.nix
@@ -8,12 +8,12 @@ in
    #(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
    (lib.mapAttrsToList (domain: vhost: [ domain ]))
    lib.flatten
-    #(builtins.filter (domain: domain != ""))
+    (builtins.filter (domain: domain != ""))
    (lib.sort (x: y: x<y))
  ];

  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "pbsds+acme@hotmail.com";
+  security.acme.defaults.email = "pbsds+acme@hotmail.com"; # TODO: parametrize per host
  #security.acme.defaults.renewInterval = "daily";
  #security.acme.defaults.reloadServices

--- a/profiles/http/services/garage/gunktrunk.nix
+++ b/profiles/http/services/garage/gunktrunk.nix
@@ -0,0 +1,81 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.garage;
+in
+
+{
+
+  # gunktrunk
+
+  sops.secrets."garage/env".owner = "garage";
+  sops.secrets."garage/env".restartUnits = [ "garage.service" ];
+
+  services.garage = {
+    enable = true;
+    package = pkgs.garage_0_8;
+
+    environmentFile = config.sops.secrets."garage/env".path; # TODO: 23.11
+
+    settings = {
+      # https://search.nixos.org/options?query=services.garage.settings
+      replication_mode = "1";
+      #metadata_dir = ;
+      data_dir = "/mnt/meconium/garage/gunktrunk";
+      #data_dir = [
+      #  { path = "/mnt/meconium/garage/gunktrunk"; capacity = "2T"; }
+      #];
+
+      # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
+
+      db_engine = "lmdb"; # default since v0.9
+      compression_level = 0; # zstd, 0 lets garage choose (curently 3)
+
+      rpc_bind_addr = "[::]:3901";
+
+      # Standard S3 api endpoint
+      s3_api = {
+        s3_region = "stoolus";
+        api_bind_addr = "[::]:3900";
+        root_domain = "s3.gunktrunk.kuklef.se";
+      };
+
+      # Static file serve endpoint
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = "web.gunktrunk.kuklef.se";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts.${cfg.settings.s3_api.root_domain} = lib.mkIf cfg.enable {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${cfg.settings.s3_api.api_bind_addr}";
+      proxyWebsockets = true;
+    };
+  };
+
+  services.nginx.virtualHosts.${cfg.settings.s3_web.root_domain} = lib.mkIf cfg.enable {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${cfg.settings.s3_web.bind_addr}";
+      proxyWebsockets = true;
+    };
+  };
+
+  systemd.services = lib.mkIf cfg.enable {
+    garage.serviceConfig.DynamicUser = false;
+    #garage.serviceConfig.EnvironmentFile = config.sops.secrets."garage/env".path; # TODO: remove after 23.11
+  };
+
+  users = lib.mkIf cfg.enable {
+    users.garage.isSystemUser = true;
+    users.garage.uid = 5000;
+    users.garage.group = "garage";
+    groups.garage.gid = 5000;
+  };
+
+}
--- a/profiles/http/services/snappymail.nix
+++ b/profiles/http/services/snappymail.nix
@@ -0,0 +1,115 @@
+# adapted from https://github.com/samrose/dotfiles-1/blob/8887ca3b01edecd83c2e95f01e42885ce26f76c5/nixos/eve/modules/snappymail.nix#L55
+{ pkgs, config, lib, mkDomain, ... }:
+
+let
+  maxUploadSize = "256M";
+  toKeyValue = lib.generators.toKeyValue {
+    mkKeyValue = lib.generators.mkKeyValueDefault {} " = ";
+  };
+
+  baseIni = pkgs.runCommand "application.ini" { # eww
+  	nativeBuildInputs = [ pkgs.php ];
+  } ''
+    mkdir /tmp/foobar123
+    php-cgi "${pkgs.snappymail.override { dataPath = "/tmp/foobar123"; }}/index.php" >/dev/null
+  	cp /tmp/foobar123/_data_/_default_/configs/application.ini $out
+  '';
+
+  extendIni = baseFile: fname: args: pkgs.runCommand fname { # eww
+    preferLocalBuild = true;
+    nativeBuildInputs = [ pkgs.initool ];
+  } ''
+    cat ${baseFile} |
+    ${lib.pipe args [
+      (lib.mapAttrsToList (section: data: lib.mapAttrsToList (key: val: { inherit section key val; }) data))
+      lib.flatten
+      (builtins.map ({ section, key, val }: ''
+        initool s - ${lib.escapeShellArgs [ section key val ]} |
+      ''))
+      lib.concatStrings
+    ]}
+    cat > $out
+  '';
+
+  modifiedIni = with builtins; extendIni baseIni "application.ini" {
+    webmail.title = "pbsds SnappyMail";
+    webmail.loading_description = "pbsds SnappyMail";
+    webmail.messages_per_page = 20;
+
+    contacts.type = "pgsql";
+    contacts.pdo_dsn = ''"pgsql:host=/run/postgresql;port=${toString config.services.postgresql.port};dbname=snappymail"'';
+    contacts.pdo_user = "snappymail";
+    contacts.pdo_password = "";
+
+    login.default_domain = "imap.fyrkat.no";
+    #security.allow_admin_panel = "Off";
+  };
+
+in
+{
+  services.phpfpm.pools.snappymail = {
+    user  = "snappymail";
+    group = "snappymail";
+    phpOptions = toKeyValue {
+      upload_max_filesize = maxUploadSize;
+      post_max_size       = maxUploadSize;
+      memory_limit        = maxUploadSize;
+    };
+    settings = {
+      "listen.owner"            = "nginx";
+      "listen.group"            = "nginx";
+      "pm"                      = "ondemand";
+      "pm.max_children"         = 32;
+      "pm.process_idle_timeout" = "10s";
+      "pm.max_requests"         = 500;
+    };
+  };
+
+  services.postgresql.ensureDatabases = [ "snappymail" ];
+  services.postgresql.ensureUsers = [
+    {
+      name = "snappymail";
+      ensurePermissions."DATABASE snappymail" = "ALL PRIVILEGES";
+    }
+  ];
+
+  #services.nginx.preStart = ''
+  systemd.services."phpfpm-snappymail".preStart = ''
+    mkdir -p /var/lib/snappymail/_data_/_default_/configs
+    ln -sf ${modifiedIni} /var/lib/snappymail/_data_/_default_/configs/application.ini
+  '';
+
+  services.nginx.virtualHosts.${mkDomain "snappymail"} = {
+    forceSSL = true; # addSSL = true;
+    enableACME = true; #useACMEHost = acmeDomain;
+    locations."/".extraConfig = ''
+      index index.php;
+      autoindex on;
+      autoindex_exact_size off;
+      autoindex_localtime on;
+    '';
+    locations."^~ /data".extraConfig = ''
+      deny all;
+    '';
+    locations."~ \.php$".extraConfig = ''
+      include ${pkgs.nginx}/conf/fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_pass  unix:${config.services.phpfpm.pools.snappymail.socket};
+    '';
+    extraConfig = ''
+      client_max_body_size ${maxUploadSize};
+    '';
+    root = pkgs.snappymail.override {
+      dataPath = "/var/lib/snappymail"; # the default
+    };
+  };
+
+  users.users.snappymail = {
+    isSystemUser = true;
+    createHome   = true;
+    home         = "/var/lib/snappymail";
+    group        = "snappymail";
+  };
+  users.groups.snappymail = {};
+
+}
--- a/profiles/http/services/stickers.nix
+++ b/profiles/http/services/stickers.nix
@@ -0,0 +1,28 @@
+{ config, lib, mkDomain, flakes, ... }:
+
+let
+  myStickerPicker = flakes.maunium-stickerpicker-nix.createStickerPicker {
+    #homeserver = "https://matrix.pvv.ntnu.no";
+    #userId = "@stickerbot:my.matrix.server";
+    ## You should probably encrypt this with either agenix, sops-nix or whatever else
+    #accessTokenFile = ./stickerbot_access_token.txt;
+    #sha256 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+    packs = [
+      {
+        type = "chatsticker";
+        name = "pompom-tao3";
+      }
+      {
+        type = "directory";
+        src = ./myHomemadeStickers;
+      }
+    ];
+  };
+in
+
+{
+
+  # TODO: https://gist.github.com/pbsds/a1b03eb8d5602330765b3fd14f621dc5
+  # separate into separate FODs
+
+}
--- a/profiles/mounts/meconium-nfs.nix
+++ b/profiles/mounts/meconium-nfs.nix
@@ -20,6 +20,8 @@
      "/backups"
      "/backups/rocm"
      "/beets_music"
+      #"/garage"
+      #"/garage/gunktrunk"
    ])
  );