jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrated channel 24.05 to unstable

Browse Source
This commit is contained in:
Danilo Reyes 2024-10-27 17:10:31 -06:00
parent 6b6b7e39b1
commit 37aa35daed
22 changed files with 131 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
base.nix
View File

@ -17,7 +17,7 @@
./jawz.nix ./jawz.nix
] ]
++ (map (file: ./modules/${file}) moduleFiles); ++ (map (file: ./modules/${file}) moduleFiles);
system.stateVersion = "24.05"; system.stateVersion = "24.11";
sops = { sops = {
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
defaultSopsFile = ./secrets/secrets.yaml; defaultSopsFile = ./secrets/secrets.yaml;

33
flake.lock generated
View File

@ -112,16 +112,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1730016908,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e83414058edd339148dc142a8437edb9450574c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "master",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -439,16 +439,16 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1729691686, "lastModified": 1729880355,
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", "rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -502,7 +502,6 @@
"nixos-cosmic": "nixos-cosmic", "nixos-cosmic": "nixos-cosmic",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"unstable": "unstable",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
}, },
@ -588,22 +587,6 @@
"url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix"
} }
}, },
"unstable": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "hyprland-protocols": [

8
flake.nix
View File

@ -1,11 +1,10 @@
{ {
description = "JawZ NixOS flake setup"; description = "JawZ NixOS flake setup";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
master.url = "github:nixos/nixpkgs?ref=master"; master.url = "github:nixos/nixpkgs?ref=master";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.05"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.url = "github:fufexan/nix-gaming";
@ -41,9 +40,8 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
pkgs = makePkgs nixpkgs; pkgs = makePkgs nixpkgs;
pkgsU = makePkgs inputs.unstable;
pkgsM = makePkgs inputs.master; pkgsM = makePkgs inputs.master;
overlays = [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ]; overlays = [ (import ./overlay.nix { inherit pkgs pkgsM; }) ];
createConfig = name: { createConfig = name: {
inherit system; inherit system;
specialArgs = { specialArgs = {

27
gnome.nix
View File

@ -8,7 +8,7 @@
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome = { desktopManager.gnome = {
enable = true; enable = true;
extraGSettingsOverridePackages = [ pkgs.gnome.mutter ]; extraGSettingsOverridePackages = [ pkgs.mutter ];
extraGSettingsOverrides = '' extraGSettingsOverrides = ''
[org.gnome.mutter] [org.gnome.mutter]
experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer'] experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer']
@ -16,24 +16,21 @@
}; };
}; };
}; };
environment.gnome.excludePackages = environment.gnome.excludePackages = with pkgs; [
(with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
# gnome-shell-extensions # gnome-shell-extensions
baobab
])
++ (with pkgs.gnome; [
# totem # totem
gnome-music baobab
cheese
epiphany epiphany
gnome-characters gnome-characters
yelp gnome-connections
gnome-font-viewer gnome-font-viewer
cheese gnome-music
]); gnome-photos
gnome-text-editor
gnome-tour
yelp
];
qt = { qt = {
enable = true; enable = true;
style = "adwaita"; style = "adwaita";
@ -42,7 +39,7 @@
(with pkgs; [ (with pkgs; [
# ffmpegthumbnailer # generate thumbnails # ffmpegthumbnailer # generate thumbnails
adw-gtk3 # theme legacy applications adw-gtk3 # theme legacy applications
gnome.gnome-tweaks # tweaks for the gnome desktop environment gnome-tweaks # tweaks for the gnome desktop environment
papirus-icon-theme # icon theme papirus-icon-theme # icon theme
libgda # for pano shell extension libgda # for pano shell extension
# gradience # theme customizer, allows you to modify adw-gtk3 themes # gradience # theme customizer, allows you to modify adw-gtk3 themes

2
home-manager.nix
View File

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
{ {
home.stateVersion = "24.05"; home.stateVersion = "24.11";
programs.bash = { programs.bash = {
enable = true; enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history"; historyFile = "\${XDG_STATE_HOME}/bash/history";

49
hosts/miniserver/hardware-configuration.nix
View File

@ -4,20 +4,14 @@
powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = { hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true; cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = { graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
}; };
}; };
boot = { boot = {
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernel.sysctl = { kernel.sysctl."vm.swappiness" = 80;
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 0;
"net.ipv6.conf.lo.disable_ipv6" = 0;
"net.ipv6.conf.default.disable_ipv6" = 0;
};
loader = { loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
@ -51,7 +45,19 @@
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
}; };
}; };
fileSystems = { fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
};
in
{
"/" = { "/" = {
device = "/dev/mapper/nvme"; device = "/dev/mapper/nvme";
fsType = "btrfs"; fsType = "btrfs";
@ -79,17 +85,6 @@
"datacow" "datacow"
]; ];
}; };
# "/srv/pool" = {
# device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
# fsType = "btrfs";
# options = [
# "subvol=@data"
# "compress=zstd:3"
# "space_cache=v2"
# "commit=120"
# "datacow"
# ];
# };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334"; device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
fsType = "ext4"; fsType = "ext4";
@ -103,12 +98,6 @@
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
# "/srv/jellyfin/media" = {
# device = "/srv/pool/multimedia/media";
# options = [ "bind" "ro" ];
# depends = [ "/srv/pool" ];
# };
# NFS
"/export/pool" = { "/export/pool" = {
device = "/srv/pool"; device = "/srv/pool";
options = [ "bind" ]; options = [ "bind" ];
@ -119,9 +108,10 @@
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/srv/server/pool" = nfsMount "server" "pool" // { };
"/srv/server/jawz" = nfsMount "server" "jawz" // { };
}; };
services.nfs = { services.nfs.server = {
server = {
enable = true; enable = true;
exports = '' exports = ''
/export workstation(rw,fsid=0,no_subtree_check) /export workstation(rw,fsid=0,no_subtree_check)
@ -129,7 +119,6 @@
/export/pool workstation(rw,nohide,insecure,no_subtree_check) /export/pool workstation(rw,nohide,insecure,no_subtree_check)
''; '';
}; };
};
swapDevices = [ swapDevices = [
{ {
device = "/dev/nvme0n1p3"; device = "/dev/nvme0n1p3";

29
hosts/server/hardware-configuration.nix
View File

@ -1,18 +1,7 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
hardware = { hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
boot = { boot = {
loader = { loader = {
efi = { efi = {
@ -61,12 +50,7 @@
}; };
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernel.sysctl = { kernel.sysctl."vm.swappiness" = 80;
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
extraModulePackages = [ ]; extraModulePackages = [ ];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
@ -128,7 +112,6 @@
device = "/dev/disk/by-uuid/CBE7-5DEB"; device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat"; fsType = "vfat";
}; };
# NEXTCCLOUD
"/var/lib/nextcloud/data" = { "/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud"; device = "/srv/pool/nextcloud";
options = [ "bind" ]; options = [ "bind" ];
@ -142,7 +125,6 @@
]; ];
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
# NFS
"/export/pool" = { "/export/pool" = {
device = "/srv/pool"; device = "/srv/pool";
options = [ "bind" ]; options = [ "bind" ];
@ -154,16 +136,17 @@
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
}; };
services.nfs = { services.nfs.server = {
server = {
enable = true; enable = true;
exports = '' exports = ''
/export workstation(rw,fsid=0,no_subtree_check) /export workstation(rw,fsid=0,no_subtree_check)
miniserver(rw,fsid=0,no_subtree_check)
/export/jawz workstation(rw,nohide,insecure,no_subtree_check) /export/jawz workstation(rw,nohide,insecure,no_subtree_check)
miniserver(rw,nohide,insecure,no_subtree_check)
/export/pool workstation(rw,nohide,insecure,no_subtree_check) /export/pool workstation(rw,nohide,insecure,no_subtree_check)
miniserver(rw,nohide,insecure,no_subtree_check)
''; '';
}; };
};
swapDevices = [ swapDevices = [
{ {
device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca"; device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";

2
hosts/workstation/configuration.nix
View File

@ -4,7 +4,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../base.nix ../../base.nix
../../gnome.nix ../../gnome.nix
../../pkgs/obs-studio.nix
]; ];
my = { my = {
enableContainers = true; enableContainers = true;
@ -82,7 +81,6 @@
groups.nixremote.gid = 555; groups.nixremote.gid = 555;
users = { users = {
jawz.packages = with pkgs; [ jawz.packages = with pkgs; [
nvidia-podman # why not? i'll probably be dissapointed
distrobox # install packages from other os distrobox # install packages from other os
gocryptfs # encrypted filesystem! shhh!!! gocryptfs # encrypted filesystem! shhh!!!
torrenttools # create torrent files from the terminal! torrenttools # create torrent files from the terminal!

6
hosts/workstation/hardware-configuration.nix
View File

@ -2,6 +2,7 @@
config, config,
modulesPath, modulesPath,
lib, lib,
pkgs,
... ...
}: }:
{ {
@ -21,12 +22,9 @@
}; };
}; };
boot = { boot = {
# kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
kernel.sysctl = { kernel.sysctl = {
"vm.swappiness" = 80; "vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 0;
"net.ipv6.conf.lo.disable_ipv6" = 0;
"net.ipv6.conf.default.disable_ipv6" = 0;
"net.ipv4.tcp_mtu_probing" = 1; "net.ipv4.tcp_mtu_probing" = 1;
}; };
loader = { loader = {

3
modules/apps/gaming.nix
View File

@ -27,10 +27,9 @@
gamemode # optimizes linux to have better gaming performance gamemode # optimizes linux to have better gaming performance
heroic # install epic games heroic # install epic games
protonup-qt # update proton-ge protonup-qt # update proton-ge
# minecraft # minecraft official launcher
ns-usbloader # load games into my switch ns-usbloader # load games into my switch
grapejuice # roblox manager
(callPackage ../../pkgs/polymc/default.nix { }) # minecraft launcher (callPackage ../../pkgs/polymc/default.nix { }) # minecraft launcher
# minecraft # minecraft official launcher
# emulators # emulators
rpcs3 # ps3 rpcs3 # ps3

2
modules/dev/python.nix
View File

@ -11,7 +11,7 @@
environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc"; environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
users.users.jawz.packages = with pkgs; [ users.users.jawz.packages = with pkgs; [
pipenv # python development workflow for humans pipenv # python development workflow for humans
nodePackages.pyright # LSP pyright # LSP
(python3.withPackages ( (python3.withPackages (
ps: with ps; [ ps: with ps; [
black # Python code formatter black # Python code formatter

2
modules/servers/mealie.nix
View File

@ -4,8 +4,6 @@ let
setup = import ./setup.nix { inherit lib config; }; setup = import ./setup.nix { inherit lib config; };
in in
{ {
disabledModules = [ "services/web-apps/mealie.nix" ];
imports = [ ../../pkgs/mealie-service.nix ];
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925; options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;
config = { config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ]; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];

8
modules/servers/nextcloud.nix
View File

@ -43,7 +43,7 @@ in
mediainfo mediainfo
nodejs nodejs
perl perl
(python3.withPackages (ps: with ps; [ tensorflow ])) (python311.withPackages (ps: with ps; [ tensorflow ]))
(perlPackages.buildPerlPackage rec { (perlPackages.buildPerlPackage rec {
pname = "Image-ExifTool"; pname = "Image-ExifTool";
version = "12.70"; version = "12.70";
@ -84,7 +84,6 @@ in
adminpassFile = config.sops.secrets.nextcloud-adminpass.path; adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = config.my.postgresSocket; dbhost = config.my.postgresSocket;
dbtableprefix = "oc_";
dbname = "nextcloud"; dbname = "nextcloud";
}; };
phpOptions = { phpOptions = {
@ -134,7 +133,10 @@ in
"OC\\Preview\\Movie" "OC\\Preview\\Movie"
]; ];
}; };
# phpExtraExtensions = all: [ all.pdlib all.bz2 ]; phpExtraExtensions = all: [
all.pdlib
all.bz2
];
}; };
nginx.virtualHosts = { nginx.virtualHosts = {
"${config.services.nextcloud.hostName}" = lib.mkIf cfg.enableProxy { "${config.services.nextcloud.hostName}" = lib.mkIf cfg.enableProxy {

2
modules/servers/shiori.nix
View File

@ -4,8 +4,6 @@ let
setup = import ./setup.nix { inherit lib config; }; setup = import ./setup.nix { inherit lib config; };
in in
{ {
disabledModules = [ "services/web-apps/shiori.nix" ];
imports = [ ../../pkgs/shiori-service.nix ];
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) { config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ]; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];

5
modules/services/nvidia.nix
View File

@ -10,10 +10,9 @@
boot.kernelParams = lib.mkIf (config.networking.hostName == "workstation") [ "nvidia-drm.fbdev=1" ]; boot.kernelParams = lib.mkIf (config.networking.hostName == "workstation") [ "nvidia-drm.fbdev=1" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware = { hardware = {
opengl = { graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nvidia-vaapi-driver nvidia-vaapi-driver
vaapiVdpau vaapiVdpau

2
modules/services/printing.nix
View File

@ -13,7 +13,7 @@ in
{ {
options.my.services.printing.enable = lib.mkEnableOption "enable"; options.my.services.printing.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.services.printing.enable { config = lib.mkIf config.my.services.printing.enable {
users.users.jawz.packages = [ pkgs.gnome.simple-scan ]; users.users.jawz.packages = [ pkgs.simple-scan ];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = printingDrivers; drivers = printingDrivers;

1
modules/services/sound.nix
View File

@ -10,7 +10,6 @@
config = lib.mkIf config.my.services.sound.enable { config = lib.mkIf config.my.services.sound.enable {
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; # make pipewire realtime-capable security.rtkit.enable = true; # make pipewire realtime-capable
sound.enable = false;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;

35
overlay.nix
View File

@ -1,8 +1,4 @@
{ { pkgs, pkgsM }:
pkgs,
pkgsU,
pkgsM,
}:
_self: super: { _self: super: {
gnome = super.gnome.overrideScope ( gnome = super.gnome.overrideScope (
_gFinal: gPrev: { _gFinal: gPrev: {
@ -19,7 +15,7 @@ _self: super: {
}); });
} }
); );
lutris = pkgsU.lutris.override { lutris = super.lutris.override {
extraPkgs = extraPkgs =
pkgs: with pkgs; [ pkgs: with pkgs; [
pango pango
@ -37,33 +33,6 @@ _self: super: {
]; ];
}; };
inherit (pkgsM) gallery-dl yt-dlp; inherit (pkgsM) gallery-dl yt-dlp;
inherit (pkgsU)
planify
gdtoolkit_4
ns-usbloader
collector
homepage-dashboard
stash
kavita
mealie
shiori
bazarr
sonarr
radarr
prowlarr
jellyfin
jellyfin-ffmpeg
pureref
;
inherit (pkgsU.gnomeExtensions)
appindicator
reading-strip
tactile
pano
freon
gamemode-indicator-in-system-settings
burn-my-windows
;
handbrake = super.handbrake.override { useGtk = true; }; handbrake = super.handbrake.override { useGtk = true; };
discord = super.discord.override { withOpenASAR = true; }; discord = super.discord.override { withOpenASAR = true; };
ripgrep = super.ripgrep.override { withPCRE2 = true; }; ripgrep = super.ripgrep.override { withPCRE2 = true; };

82
pkgs/mealie-service.nix
View File

@ -1,82 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.mealie;
pkg = cfg.package;
in
{
options.services.mealie = {
enable = lib.mkEnableOption "Mealie, a recipe manager and meal planner";
package = lib.mkPackageOption pkgs "mealie" { };
listenAddress = lib.mkOption {
type = lib.types.str;
default = "0.0.0.0";
description = "Address on which the service should listen.";
};
port = lib.mkOption {
type = lib.types.port;
default = 9000;
description = "Port on which to serve the Mealie service.";
};
settings = lib.mkOption {
type = with lib.types; attrsOf anything;
default = { };
description = ''
Configuration of the Mealie service.
See [the mealie documentation](https://nightly.mealie.io/documentation/getting-started/installation/backend-config/) for available options and default values.
'';
example = {
ALLOW_SIGNUP = "false";
};
};
credentialsFile = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/run/secrets/mealie-credentials.env";
description = ''
File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`
or sensitive LDAP options.
Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.mealie = {
description = "Mealie, a self hosted recipe manager and meal planner";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
PRODUCTION = "true";
API_PORT = toString cfg.port;
BASE_URL = "http://localhost:${toString cfg.port}";
DATA_DIR = "/var/lib/mealie";
CRF_MODEL_PATH = "/var/lib/mealie/model.crfmodel";
} // (builtins.mapAttrs (_: toString) cfg.settings);
serviceConfig = {
DynamicUser = true;
User = "mealie";
ExecStartPre = "${pkg}/libexec/init_db";
ExecStart = "${lib.getExe pkg} -b ${cfg.listenAddress}:${builtins.toString cfg.port}";
EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile;
StateDirectory = "mealie";
StandardOutput = "journal";
};
};
};
}

61
pkgs/obs-studio.nix
View File

@ -1,61 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
cfg = config.programs.obs-studio;
in
{
options.programs.obs-studio = {
enable = lib.mkEnableOption (lib.mdDoc "obs-studio");
package = lib.mkPackageOption pkgs "obs-studio" { example = "obs-studio"; };
finalPackage = lib.mkOption {
type = lib.types.package;
visible = false;
readOnly = true;
description = "Resulting customized OBS Studio package.";
};
plugins = lib.mkOption {
default = [ ];
example = lib.literalExpression "[ pkgs.obs-studio-plugins.wlrobs ]";
description = "Optional OBS plugins.";
type = lib.types.listOf lib.types.package;
};
enableVirtualCamera = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Installs and sets up the v4l2loopback kernel module, necessary for OBS
to start a virtual camera.
'';
};
};
config = lib.mkIf cfg.enable {
programs.obs-studio.finalPackage = pkgs.wrapOBS.override { obs-studio = cfg.package; } {
inherit (cfg) plugins;
};
environment.systemPackages = [ cfg.finalPackage ];
boot = lib.mkIf cfg.enableVirtualCamera {
kernelModules = [ "v4l2loopback" ];
extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
};
security.polkit.enable = lib.mkIf cfg.enableVirtualCamera true;
};
meta.maintainers = with lib.maintainers; [ CaptainJawZ ];
}

146
pkgs/shiori-service.nix
View File

@ -1,146 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.shiori;
in
{
options = {
services.shiori = {
enable = lib.mkEnableOption "Shiori simple bookmarks manager";
package = lib.mkPackageOption pkgs "shiori" { };
address = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
The IP address on which Shiori will listen.
If empty, listens on all interfaces.
'';
};
port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = "The port of the Shiori web application";
};
webRoot = lib.mkOption {
type = lib.types.str;
default = "/";
example = "/shiori";
description = "The root of the Shiori web application";
};
environmentFile = lib.mkOption {
type = lib.types.null or lib.types.path;
default = null;
example = "/path/to/environmentFile";
description = ''
Path to file containing environment variables.
Useful for passing down secrets.
<https://github.com/go-shiori/shiori/blob/master/docs/Configuration.md#overall-configuration>
'';
};
databaseUrl = lib.mkOption {
type = lib.types.null or lib.types.str;
default = null;
example = "postgresql:///shiori?host=/run/postgresql";
description = "The connection URL to connect to MySQL or PostgreSQL";
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.shiori = {
description = "Shiori simple bookmarks manager";
wantedBy = [ "multi-user.target" ];
after = [
"postgresql.service"
"mysql.service"
];
environment = {
SHIORI_DIR = "/var/lib/shiori";
} // lib.optionalAttrs (cfg.databaseUrl != null) { SHIORI_DATABASE_URL = cfg.databaseUrl; };
serviceConfig = {
ExecStart = "${cfg.package}/bin/shiori server --address '${cfg.address}' --port '${toString cfg.port}' --webroot '${cfg.webRoot}'";
DynamicUser = true;
StateDirectory = "shiori";
# As the RootDirectory
RuntimeDirectory = "shiori";
# Security options
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
BindReadOnlyPaths =
[
"/nix/store"
# For SSL certificates, and the resolv.conf
"/etc"
]
++ lib.optional (
lib.strings.hasInfix "postgres" cfg.databaseUrl && config.services.postgresql.enable
) "/run/postgresql"
++ lib.optional (
lib.strings.hasInfix "mysql" cfg.databaseUrl && config.services.mysql.enable
) "/var/run/mysqld";
CapabilityBoundingSet = "";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictRealtime = true;
RestrictSUIDSGID = true;
RootDirectory = "/run/shiori";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@obsolete"
"~@privileged"
"~@setuid"
];
};
};
};
meta.maintainers = with lib.maintainers; [
minijackson
CaptainJawZ
];
}

47
pkgs/stash.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.stash;
in
{
options = {
services.stash = {
enable = lib.mkEnableOption "Stash";
package = lib.mkPackageOption pkgs "stash" { };
# port = lib.mkOption {
# type = lib.types.port;
# default = 8080;
# description = "The port of the Stash web application";
# };
};
};
config = lib.mkIf cfg.enable {
systemd.services.stash = {
description = "Stash";
wantedBy = [ "multi-user.target" ];
# environment = {
# STASH_DIR = "/var/lib/stash";
# } // lib.optionalAttrs (cfg.databaseUrl != null) {
# STASH_DATABASE_URL = cfg.databaseUrl;
# };
serviceConfig = {
ExecStart = "${cfg.package}/bin/stash server --address '${cfg.address}' --port '${toString cfg.port}' --webroot '${cfg.webRoot}'";
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
RootDirectory = "/var/lib/stash";
};
};
};
meta.maintainers = with lib.maintainers; [ CaptainJawZ ];
}