From bf8e99ce0ee5775989b9b8a94f3d829e14505f75 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Mon, 3 Mar 2025 17:30:40 -0500 Subject: [PATCH 1/9] plymouth simpledrm --- nixosModules/boot/silent.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosModules/boot/silent.nix b/nixosModules/boot/silent.nix index 341a4d6..68d4704 100644 --- a/nixosModules/boot/silent.nix +++ b/nixosModules/boot/silent.nix @@ -21,6 +21,7 @@ "quiet" # Less log messages "systemd.show_status=auto" # Only show systemd errors "udev.log_level=3" # Only show udev errors + "plymouth.use-simpledrm" # Faster plymouth splash "splash" # Show splash ]; consoleLogLevel = 3; # Only errors From 4f0a7c169ce7f71b57b422169875f978a4b78e8d Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Mon, 3 Mar 2025 19:11:40 -0500 Subject: [PATCH 2/9] vocard: use nix for configuration --- .../services/vocard/_application.nix | 94 +++++++++++ .../services/vocard/_settings.nix | 146 ++++++++++++++++ .../services/vocard/application.yml | 109 ------------ .../services/vocard/settings.json | 157 ------------------ .../gerg-desktop/services/vocard/vocard.nix | 54 +++--- 5 files changed, 273 insertions(+), 287 deletions(-) create mode 100644 nixosConfigurations/gerg-desktop/services/vocard/_application.nix create mode 100644 nixosConfigurations/gerg-desktop/services/vocard/_settings.nix delete mode 100644 nixosConfigurations/gerg-desktop/services/vocard/application.yml delete mode 100644 nixosConfigurations/gerg-desktop/services/vocard/settings.json diff --git a/nixosConfigurations/gerg-desktop/services/vocard/_application.nix b/nixosConfigurations/gerg-desktop/services/vocard/_application.nix new file mode 100644 index 0000000..728264b --- /dev/null +++ b/nixosConfigurations/gerg-desktop/services/vocard/_application.nix @@ -0,0 +1,94 @@ +{ link, lavalinkPlugins }: +{ + + server = { + http2.enabled = false; + port = link.portStr; + address = link.ipv4; + }; + lavalink = { + plugins = [ + { + dependency = "dev.lavalink.youtube:youtube-plugin:1.11.5"; + enabled = true; + snapshot = false; + } + ]; + server = { + #password = ""; + + bufferDurationMs = 400; + filters = { + channelMix = true; + distortion = true; + equalizer = true; + karaoke = true; + lowPass = true; + rotation = true; + timescale = true; + tremolo = true; + vibrato = true; + volume = true; + }; + frameBufferDurationMs = 5000; + gc-warnings = true; + nonAllocatingFrameBuffer = false; + opusEncodingQuality = 10; + playerUpdateInterval = 5; + resamplingQuality = "LOW"; + soundcloudSearchEnabled = true; + sources = { + bandcamp = true; + http = true; + local = false; + nico = true; + soundcloud = true; + twitch = true; + vimeo = true; + youtube = false; + }; + trackStuckThresholdMs = 10000; + useSeekGhosting = true; + youtubePlaylistLoadLimit = 6; + youtubeSearchEnabled = true; + }; + }; + logging = { + file.path = null; + + level = { + "dev.lavalink.youtube.http.YoutubeOauth2Handler" = "INFO"; + lavalink = "INFO"; + root = "INFO"; + }; + request = { + enabled = true; + includeClientInfo = true; + includeHeaders = false; + includePayload = true; + includeQueryString = true; + maxPayloadLength = 10000; + }; + }; + + metrics.prometheus.enabled = false; + + plugins = { + pluginsDir = lavalinkPlugins; + youtube = { + allowDirectPlaylistIds = true; + allowDirectVideoIds = true; + allowSearch = true; + clients = [ "TVHTML5EMBEDDED" ]; + enabled = true; + oauth = { + enabled = true; + #refreshToken = ""; + }; + }; + }; + sentry = { + dsn = ""; + environment = ""; + }; +} diff --git a/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix b/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix new file mode 100644 index 0000000..501057e --- /dev/null +++ b/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix @@ -0,0 +1,146 @@ +{ + link, + ferretLink, + p, +}: +{ + activity = [ + { + name = "/help"; + status = "online"; + type = "listening"; + } + ]; + aliases = { + connect = [ "join" ]; + leave = [ + "stop" + "bye" + ]; + play = [ "p" ]; + view = [ "v" ]; + }; + bot_access_user = [ ]; + client_id = p."vocard/client_id"; + cooldowns = { + connect = [ + 2 + 30 + ]; + "playlist view" = [ + 1 + 30 + ]; + }; + default_controller = { + default_buttons = [ + [ + "back" + "resume" + "skip" + { stop = "red"; } + "add" + ] + [ "tracks" ] + ]; + disableButtonText = false; + embeds = { + active = { + author = { + icon_url = "@@bot_icon@@"; + name = "Music Controller | @@channel_name@@"; + }; + color = "@@track_color@@"; + description = "**Now Playing: ```[@@track_name@@]```\nLink: [Click Me](@@track_url@@) | Requester: @@requester@@ | DJ: @@dj@@**"; + footer.text = "Queue Length: @@queue_length@@ | Duration: @@track_duration@@ | Volume: @@volume@@% {{loop_mode != 'Off' ?? | Repeat: @@loop_mode@@}}"; + image = "@@track_thumbnail@@"; + }; + inactive = { + color = "@@default_embed_color@@"; + description = "[Support](@@server_invite_link@@) | [Invite](@@invite_link@@) | [Questionnaire](https://forms.gle/Qm8vjBfg2kp13YGD7)"; + image = "https://i.imgur.com/dIFBwU7.png"; + title.name = "There are no songs playing right now"; + }; + }; + }; + default_max_queue = 1000; + default_voice_status_template = "{{@@track_name@@ != 'None' ?? @@track_source_emoji@@ Now Playing: @@track_name@@ // Waiting for song requests}}"; + embed_color = "0xb3b3b3"; + genius_token = "YOUR_GENIUS_TOKEN"; + ipc_client = { + enable = false; + host = "127.0.0.1"; + password = "YOUR_PASSWORD"; + port = 8000; + secure = false; + }; + logging = { + file = { + enable = false; + path = "./logs"; + }; + level = { + discord = "INFO"; + ipc_client = "INFO"; + vocard = "INFO"; + }; + max-history = 30; + }; + lyrics_platform = "lyrist"; + mongodb_name = "vocard"; + mongodb_url = ferretLink.url; + nodes.DEFAULT = { + host = link.ipv4; + identifier = "DEFAULT"; + password = p."vocard/password"; + inherit (link) port; + secure = false; + }; + prefix = "?"; + sources_settings = { + apple = { + color = "0xE298C4"; + emoji = "<:applemusic:994844332374884413>"; + }; + bandcamp = { + color = "0x6F98A7"; + emoji = "<:bandcamp:864694003811221526>"; + }; + reddit = { + color = "0xFF5700"; + emoji = "<:reddit:996007566863773717>"; + }; + soundcloud = { + color = "0xFF7700"; + emoji = "<:soundcloud:852729280027033632>"; + }; + spotify = { + color = "0x1DB954"; + emoji = "<:spotify:826661996615172146>"; + }; + tiktok = { + color = "0x74ECE9"; + emoji = "<:tiktok:996007689798811698>"; + }; + twitch = { + color = "0x9B4AFF"; + emoji = "<:twitch:852729278285086741>"; + }; + vimeo = { + color = "0x1ABCEA"; + emoji = "<:vimeo:864694001919721473>"; + }; + youtube = { + color = "0xFF0000"; + emoji = "<:youtube:826661982760992778>"; + }; + "youtube music" = { + color = "0xFF0000"; + emoji = "<:youtube:826661982760992778>"; + }; + }; + spotify_client_id = p."vocard/spotify_client_id"; + spotify_client_secret = p."vocard/spotify_client_secret"; + token = p."vocard/token"; + version = "v2.6.9"; +} diff --git a/nixosConfigurations/gerg-desktop/services/vocard/application.yml b/nixosConfigurations/gerg-desktop/services/vocard/application.yml deleted file mode 100644 index 92ce11b..0000000 --- a/nixosConfigurations/gerg-desktop/services/vocard/application.yml +++ /dev/null @@ -1,109 +0,0 @@ -server: # REST and WS server - port: 2333 - address: 0.0.0.0 - http2: - enabled: false # Whether to enable HTTP/2 support -plugins: - youtube: - enabled: true - allowSearch: true # Whether "ytsearch:" and "ytmsearch:" can be used. - allowDirectVideoIds: true # Whether just video IDs can match. If false, only complete URLs will be loaded. - allowDirectPlaylistIds: true # Whether just playlist IDs can match. If false, only complete URLs will be loaded. - # The clients to use for track loading. See below for a list of valid clients. - # Clients are queried in the order they are given (so the first client is queried first and so on...) - clients: - - TVHTML5EMBEDDED - oauth: - enabled: true - # Set with env vars - #refreshToken: "" -lavalink: - plugins: - - dependency: "dev.lavalink.youtube:youtube-plugin:1.11.5" - snapshot: false - # setting "enabled: true" is the bare minimum to get OAuth working. - enabled: true - - # Set with env vars - #pluginsDir: "" - server: - - # Set with env vars - #password: "" - sources: - youtube: false - bandcamp: true - soundcloud: true - twitch: true - vimeo: true - nico: true - http: true - local: false - filters: # All filters are enabled by default - volume: true - equalizer: true - karaoke: true - timescale: true - tremolo: true - vibrato: true - distortion: true - rotation: true - channelMix: true - lowPass: true - nonAllocatingFrameBuffer: false # Setting to true reduces the number of allocations made by each player at the expense of frame rebuilding (e.g. non-instantaneous volume changes) - bufferDurationMs: 400 # The duration of the NAS buffer. Higher values fare better against longer GC pauses. Duration <= 0 to disable JDA-NAS. Minimum of 40ms, lower values may introduce pauses. - frameBufferDurationMs: 5000 # How many milliseconds of audio to keep buffered - opusEncodingQuality: 10 # Opus encoder quality. Valid values range from 0 to 10, where 10 is best quality but is the most expensive on the CPU. - resamplingQuality: LOW # Quality of resampling operations. Valid values are LOW, MEDIUM and HIGH, where HIGH uses the most CPU. - trackStuckThresholdMs: 10000 # The threshold for how long a track can be stuck. A track is stuck if does not return any audio data. - useSeekGhosting: true # Seek ghosting is the effect where whilst a seek is in progress, the audio buffer is read from until empty, or until seek is ready. - youtubePlaylistLoadLimit: 6 # Number of pages at 100 each - playerUpdateInterval: 5 # How frequently to send player updates to clients, in seconds - youtubeSearchEnabled: true - soundcloudSearchEnabled: true - gc-warnings: true - #ratelimit: - #ipBlocks: ["1.0.0.0/8", "..."] # list of ip blocks - #excludedIps: ["...", "..."] # ips which should be explicit excluded from usage by lavalink - #strategy: "RotateOnBan" # RotateOnBan | LoadBalance | NanoSwitch | RotatingNanoSwitch - #searchTriggersFail: true # Whether a search 429 should trigger marking the ip as failing - #retryLimit: -1 # -1 = use default lavaplayer value | 0 = infinity | >0 = retry will happen this numbers times - #youtubeConfig: # Required for avoiding all age restrictions by YouTube, some restricted videos still can be played without. - #email: "" # Email of Google account - #password: "" # Password of Google account - #httpConfig: # Useful for blocking bad-actors from ip-grabbing your music node and attacking it, this way only the http proxy will be attacked - #proxyHost: "localhost" # Hostname of the proxy, (ip or domain) - #proxyPort: 3128 # Proxy port, 3128 is the default for squidProxy - #proxyUser: "" # Optional user for basic authentication fields, leave blank if you don't use basic auth - #proxyPassword: "" # Password for basic authentication - -metrics: - prometheus: - enabled: false - endpoint: /metrics - - -sentry: - dsn: "" - environment: "" - -logging: - file: - path: null - level: - root: INFO - lavalink: INFO - dev.lavalink.youtube.http.YoutubeOauth2Handler: INFO - - request: - enabled: true - includeClientInfo: true - includeHeaders: false - includeQueryString: true - includePayload: true - maxPayloadLength: 10000 - - logback: - rollingpolicy: - max-file-size: 1GB - max-history: 30 diff --git a/nixosConfigurations/gerg-desktop/services/vocard/settings.json b/nixosConfigurations/gerg-desktop/services/vocard/settings.json deleted file mode 100644 index 2715a29..0000000 --- a/nixosConfigurations/gerg-desktop/services/vocard/settings.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "token": "@token@", - "client_id": "@client_id@", - "spotify_client_id": "@spotify_client_id@", - "spotify_client_secret": "@spotify_client_secret@", - "genius_token": "YOUR_GENIUS_TOKEN", - "mongodb_url": "0.0.0.0", - "mongodb_name": "vocard", - "nodes": { - "DEFAULT": { - "host": "0.0.0.0", - "port": 2333, - "password": "@password@", - "secure": false, - "identifier": "DEFAULT" - } - }, - "prefix": "?", - "activity": [ - { - "type": "listening", - "name": "/help", - "status": "online" - } - ], - "logging": { - "file": { - "path": "./logs", - "enable": false - }, - "level": { - "discord": "INFO", - "vocard": "INFO", - "ipc_client": "INFO" - }, - "max-history": 30 - }, - "bot_access_user": [], - "embed_color": "0xb3b3b3", - "default_max_queue": 1000, - "lyrics_platform": "lyrist", - "ipc_client": { - "host": "127.0.0.1", - "port": 8000, - "password": "YOUR_PASSWORD", - "secure": false, - "enable": false - }, - "sources_settings": { - "youtube": { - "emoji": "<:youtube:826661982760992778>", - "color": "0xFF0000" - }, - "youtube music": { - "emoji": "<:youtube:826661982760992778>", - "color": "0xFF0000" - }, - "spotify": { - "emoji": "<:spotify:826661996615172146>", - "color": "0x1DB954" - }, - "soundcloud": { - "emoji": "<:soundcloud:852729280027033632>", - "color": "0xFF7700" - }, - "twitch": { - "emoji": "<:twitch:852729278285086741>", - "color": "0x9B4AFF" - }, - "bandcamp": { - "emoji": "<:bandcamp:864694003811221526>", - "color": "0x6F98A7" - }, - "vimeo": { - "emoji": "<:vimeo:864694001919721473>", - "color": "0x1ABCEA" - }, - "apple": { - "emoji": "<:applemusic:994844332374884413>", - "color": "0xE298C4" - }, - "reddit": { - "emoji": "<:reddit:996007566863773717>", - "color": "0xFF5700" - }, - "tiktok": { - "emoji": "<:tiktok:996007689798811698>", - "color": "0x74ECE9" - } - }, - "default_controller": { - "embeds": { - "active": { - "description": "**Now Playing: ```[@@track_name@@]```\nLink: [Click Me](@@track_url@@) | Requester: @@requester@@ | DJ: @@dj@@**", - "footer": { - "text": "Queue Length: @@queue_length@@ | Duration: @@track_duration@@ | Volume: @@volume@@% {{loop_mode != 'Off' ?? | Repeat: @@loop_mode@@}}" - }, - "image": "@@track_thumbnail@@", - "author": { - "name": "Music Controller | @@channel_name@@", - "icon_url": "@@bot_icon@@" - }, - "color": "@@track_color@@" - }, - "inactive": { - "title": { - "name": "There are no songs playing right now" - }, - "description": "[Support](@@server_invite_link@@) | [Invite](@@invite_link@@) | [Questionnaire](https://forms.gle/Qm8vjBfg2kp13YGD7)", - "image": "https://i.imgur.com/dIFBwU7.png", - "color": "@@default_embed_color@@" - } - }, - "default_buttons": [ - [ - "back", - "resume", - "skip", - { - "stop": "red" - }, - "add" - ], - [ - "tracks" - ] - ], - "disableButtonText": false - }, - "default_voice_status_template": "{{@@track_name@@ != 'None' ?? @@track_source_emoji@@ Now Playing: @@track_name@@ // Waiting for song requests}}", - "cooldowns": { - "connect": [ - 2, - 30 - ], - "playlist view": [ - 1, - 30 - ] - }, - "aliases": { - "connect": [ - "join" - ], - "leave": [ - "stop", - "bye" - ], - "play": [ - "p" - ], - "view": [ - "v" - ] - }, - "version": "v2.6.9" -} diff --git a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix index db2ef35..c225408 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix +++ b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix @@ -2,8 +2,18 @@ self', lib, config, + pkgs, }: +let + link = config.local.links.lavalink; + ferretLink = config.local.links.ferretdb; +in { + local.links = { + lavalink = { }; + ferretdb.protocol = "mongodb"; + }; + sops = { secrets = { @@ -36,23 +46,12 @@ "vocard.service" "lavalink.service" ]; - content = - builtins.replaceStrings - [ - "@token@" - "@client_id@" - "@spotify_client_id@" - "@spotify_client_secret@" - "@password@" - ] - (map (x: config.sops.placeholder.${x}) [ - "vocard/token" - "vocard/client_id" - "vocard/spotify_client_id" - "vocard/spotify_client_secret" - "vocard/password" - ]) - (builtins.readFile ./settings.json); + content = builtins.toJSON ( + import ./_settings.nix { + inherit link ferretLink; + p = config.sops.placeholder; + } + ); }; }; @@ -88,10 +87,20 @@ "network-online.target" ]; - environment.LAVALINK_PLUGINS_DIR = self'.packages.lavalinkPlugins; - serviceConfig = { - ExecStart = "${lib.getExe self'.packages.lavalink} --spring.config.location='file:${./application.yml}'"; + ExecStart = + let + configFile = pkgs.writeText "application.yml" ( + builtins.toJSON ( + import ./_application.nix { + inherit link; + inherit (self'.packages) lavalinkPlugins; + } + ) + ); + in + + "${lib.getExe self'.packages.lavalink} --spring.config.location='file:${configFile}'"; DynamicUser = true; EnvironmentFile = config.sops.secrets.lavalink.path; Restart = "on-failure"; @@ -100,7 +109,10 @@ }; }; - services.ferretdb.enable = true; + services.ferretdb = { + enable = true; + settings.FERRETDB_LISTEN_ADDR = ferretLink.tuple; + }; systemd.mounts = [ { From 29b35ab0582ff42c09828dd6cbfc50a3d45c6340 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 5 Mar 2025 18:01:04 -0500 Subject: [PATCH 3/9] pipe operators --- nixosModules/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosModules/nix.nix b/nixosModules/nix.nix index 3a46f85..a7c3e6e 100644 --- a/nixosModules/nix.nix +++ b/nixosModules/nix.nix @@ -51,6 +51,7 @@ "read-only-local-store" "recursive-nix" "configurable-impure-env" + "pipe-operators" ]; auto-optimise-store = true; warn-dirty = false; From 518ab13797314de2de4b6f7a36aaeb03e33fb511 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 5 Mar 2025 22:32:40 -0500 Subject: [PATCH 4/9] better services --- nixosConfigurations/gerg-desktop/secrets.yaml | 9 +- .../gerg-desktop/services/forgejo.nix | 33 ++--- .../gerg-desktop/services/immich.nix | 22 +++- .../gerg-desktop/services/miniflux.nix | 19 +-- .../gerg-desktop/services/nginx.nix | 123 +++++++++--------- .../gerg-desktop/services/postgresql.nix | 17 ++- .../gerg-desktop/services/searxng.nix | 11 +- .../services/vocard/_application.nix | 2 +- .../services/vocard/_settings.nix | 2 +- .../gerg-desktop/services/vocard/vocard.nix | 74 ++++++++--- 10 files changed, 189 insertions(+), 123 deletions(-) diff --git a/nixosConfigurations/gerg-desktop/secrets.yaml b/nixosConfigurations/gerg-desktop/secrets.yaml index 489f244..8473701 100644 --- a/nixosConfigurations/gerg-desktop/secrets.yaml +++ b/nixosConfigurations/gerg-desktop/secrets.yaml @@ -1,7 +1,10 @@ +ferretdb: ENC[AES256_GCM,data:T+aeEtgiM4D+a7MOumE69UNMFjKYKASexSl5/r2HC2fSg93qlISwXRPuSXp6RidyWQE/HJWh3RdPzkbIkBtTmcyxF78gk/LlHsMbrCdSBHF9/hPd4N1AuKquZi8PvyDE6e0RjmUjZxn1PkzDdqWB7bWtYLFyZO7T8WaReouyZObFCG1hI00oT/s=,iv:6xwdMS/JPzVThT3rJmF7/MPs6oEoUwdwYhvyGC1mCrQ=,tag:wxBfckBmo+JM6me+PKcjfw==,type:str] +forgejo: ENC[AES256_GCM,data:gNpOxeXlkYIqIFTqQvFg3pr/b1P5CEVbKDDXhmNnsp6PpdLDKjdRsMobEAOHsSuqdRUpuRsLolAlMUayHyQZ5pLtATXhxLN9TZtucn52eKqVdYx4spbSbbPdHHRznEze55MZuNmMPH9Y3tk+uzIQgzOpHohRs8+/lI3dS8F2dfqg,iv:vIGaWyDRFoR5csdIwsLoHyr3LmA7qyOGshivdvYFy5c=,tag:hif0XGaLQRzhDFVDQLTDBQ==,type:str] +immich: ENC[AES256_GCM,data:P5sMIZ0qaXDvmJ9h1pm+w53FtjMFZcaHXFCqpqldEZ9umVRqidaie5C2c/5SMPpiNWxpFMksvzfA8CQrZVgFEo7kqbg/xU4KeZMEhAqC8tWku0Zi3c452479PARzRvN/e1v24KSzFA5X0zztDNRxMFpjIAURNhQ7ZxKaP/ItP/MW9rzukP3Ow5homThawjk=,iv:dvTLTyh1Cbcmmcq87yvGDffe43Q/Grp7lz36zI5Yd1A=,tag:fLgVTUyQqULiodM4MVfAlQ==,type:str] cloudflare: ENC[AES256_GCM,data:RZ+Smjn1nvnkxYAF56fEcBsFvO3YY+FWJ8wb0c72sxQleRjy9tVp7yDr9gRfUg3G,iv:mGaFxKFLrIouNhyqq/nBKaKub1WfekcCeHVLASQpBCs=,tag:xKl5EHR9g7d4pJkt49BLyw==,type:str] reboot_token: ENC[AES256_GCM,data:/3QP30OUZsFaagj9Ljde1jz5nxZA6jp6/B6pmlponepRy3uZJ2jlaYQ3EBDiv5L413ecfWePAeWlX07eZ08JIRdoO5Ky52LM1+nPHMJFXzQ0h2onz4RVQAM=,iv:qiRk93LM7+3QmW27ItoWYGo7PLlu/hpprcPdnOaCBdw=,tag:X9kEov2FOrsIqkkStLegPw==,type:str] searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str] -minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str] +minifluxenv: ENC[AES256_GCM,data:xn1x68dE0+/wP627w7zbm+lCvOKfKkPahjlLN+4zg/zoTGbIrstb40HFLTt8opCMgW3OmCPIY45DjT49W29m8SipJwOjWvqbm5iGhI3KYgE/jzpjLnFiNLdigGeZ0aBf5OiN/ef82B+qkjlOcO3x0CWFSONLRsDqa0KJR/eHWFCsqdxJxUd9KpJ47TiPb4y7mvnfJebrg3IPxxABrImeg2d5a2RjDIueFdWyJLJol9JTJDPpTLFm0OEG6Xbr2G2sQQ==,iv:mXdcFtbLGTu3aOCJ/m/axA9bnHNqzPsQFuLv5Bj1Dkw=,tag:255hftEAi2CPsr5gwXs1zQ==,type:str] gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str] store_key: ENC[AES256_GCM,data:2XioKwoH0V5QuedXl4w2IFrT2qOQWF0kbchYTMhyL9BaUqYHhXQi4buvKUVbBQ8AnzD1GJT3ZRy1S13CxEkdQvXE0IY0iX5nkTJtI3VgpiF64wfvZqcLQGaaNTCg+AEDP304KtIZZiao,iv:PV0bORWHoRDM8HvFwOI2sl7QjfD9G0VXSZ9RrPBUsyM=,tag:caVnOow466eBT/5bqYU0Iw==,type:str] github_token: ENC[AES256_GCM,data:LijyCmMkfaCmh3rVKB96GHd7eM5Qbj9Jea1UZbQGgf67rof1uS+XML+3hmC6lOf6iOeJQtg12fC3ODHnzGuiC+dd1VbIkL5xRR7VBpFF2g6q5ixz9On/IRP74lX7SexCbcOx6YHi6eU6FX6fXe8wWhM87RYZcuiaEw==,iv:GWpI5Q2svJCz28wPVwTPq/+aLN7bWFz4gHNm3Qe6YFI=,tag:1KO9shVI0m2DSomDAuGnsQ==,type:str] @@ -22,8 +25,8 @@ sops: dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-26T23:23:36Z" - mac: ENC[AES256_GCM,data:rUuzMNzXf2rgmT7t4eNXnVDtA4izwbc+8wvMztu5gvymJNBGf2B+uvFzEZMqMA+gmdqwX4B51K2oTYe7GU3EAgjp+7709hy4Dzs0vILebJn6ijO3AVHLEWLE7ia0cao6wAzKv6qtlyvAb1TvyTgtJpM+LCsuOkEItPJxoEDGlzc=,iv:rYlkNXaz/mk7WBYm27y/+eqJAThZ/pcjW6bMuTjTIZ4=,tag:end6/klu3sW9PuTIbWxZmw==,type:str] + lastmodified: "2025-03-06T03:09:11Z" + mac: ENC[AES256_GCM,data:3EeCTjNO74bwoa9mi2Da5jigmjwQC+IZO9eJS8V5ujuIz2suB1Q9xl7AUBk8JT5oqCvuVJZ4QuOjtSUp00h2f4cvuq0/VQWurb7RBDG956iT0v6Js+3s4sgZ6mTaD0W3IXYpQkoCLKA0EdfZpqayBAK8ToUYCJhCaNBLl7eUZBw=,iv:heJUcxMbJCmEq14woFFXGEfx2xlID0ZeDxtBK8kXWOE=,tag:jNahdAVH9IoIs63H3yW0AA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/nixosConfigurations/gerg-desktop/services/forgejo.nix b/nixosConfigurations/gerg-desktop/services/forgejo.nix index aa21d13..461390a 100644 --- a/nixosConfigurations/gerg-desktop/services/forgejo.nix +++ b/nixosConfigurations/gerg-desktop/services/forgejo.nix @@ -3,19 +3,13 @@ let link = config.local.links.forgejo; in { + sops.secrets.forgejo.owner = config.services.forgejo.user; local.links.forgejo = { }; - users = { - groups.${config.services.forgejo.group} = { }; - users = { - ${config.services.forgejo.user} = { - isSystemUser = true; - inherit (config.services.forgejo) group; - extraGroups = [ "postgres" ]; - openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ]; - }; - }; - }; + users.users.${config.services.forgejo.user}.openssh.authorizedKeys.keys = [ + config.local.keys.gerg_gerg-desktop + ]; + services.forgejo = { enable = true; stateDir = "/persist/services/forgejo"; @@ -25,16 +19,25 @@ in DOMAIN = "git.gerg-l.com"; ROOT_URL = "https://git.gerg-l.com/"; LANDING_PAGE = "/explore/repos"; + PROTOCOL = link.protocol; HTTP_ADDR = link.ipv4; HTTP_PORT = link.port; }; ui.DEFAULT_THEME = "forgejo-dark"; service.DISABLE_REGISTRATION = true; + database.LOG_SQL = false; }; - database = { - type = "postgres"; - createDatabase = true; - }; + database = + let + dbLink = config.local.links.postgresql; + in + { + type = "postgres"; + createDatabase = true; + inherit (dbLink) port; + host = dbLink.hostname; + passwordFile = config.sops.secrets.forgejo.path; + }; }; local.nginx.proxyVhosts."git.gerg-l.com" = link.url; diff --git a/nixosConfigurations/gerg-desktop/services/immich.nix b/nixosConfigurations/gerg-desktop/services/immich.nix index dca391f..cd0b090 100644 --- a/nixosConfigurations/gerg-desktop/services/immich.nix +++ b/nixosConfigurations/gerg-desktop/services/immich.nix @@ -1,25 +1,33 @@ -{ config, ... }: +{ config }: let cfg = config.services.immich; link = config.local.links.immich; in { + sops.secrets.immich.owner = cfg.user; + local.links.immich = { }; systemd.tmpfiles.rules = [ "d ${cfg.mediaLocation} - ${cfg.user} ${cfg.group} - -" ]; - users.users.${cfg.user}.extraGroups = [ "postgres" ]; services.immich = { enable = true; openFirewall = true; - database = { - enable = true; - createDB = true; - }; + #secretsFile = config.sops.secrets.immich.path; + database = + let + dbLink = config.local.links.postgresql; + in + { + enable = true; + createDB = true; + inherit (dbLink) port; + #host = dbLink.hostname; + }; mediaLocation = "/persist/services/immich"; machine-learning.enable = true; settings = null; inherit (link) port; - host = link.ipv4; + host = link.hostname; }; local.nginx.proxyVhosts."photos.gerg-l.com" = link.url; diff --git a/nixosConfigurations/gerg-desktop/services/miniflux.nix b/nixosConfigurations/gerg-desktop/services/miniflux.nix index c9351f9..42f8c4b 100644 --- a/nixosConfigurations/gerg-desktop/services/miniflux.nix +++ b/nixosConfigurations/gerg-desktop/services/miniflux.nix @@ -1,4 +1,5 @@ { + lib, config, }: let @@ -14,23 +15,15 @@ in config = { BASE_URL = "https://flux.gerg-l.com"; LISTEN_ADDR = link.tuple; + DATABASE_URL = + let + dbLink = config.local.links.postgresql; + in + lib.mkForce "user=miniflux host=${dbLink.hostname} port=${dbLink.portStr} dbname=miniflux sslmode=disable"; }; adminCredentialsFile = config.sops.secrets.minifluxenv.path; createDatabaseLocally = true; }; - users = { - groups.miniflux.gid = 377; - users = { - miniflux = { - group = "miniflux"; - extraGroups = [ "postgres" ]; - isSystemUser = true; - uid = 377; - }; - ${config.services.nginx.user}.extraGroups = [ "miniflux" ]; - }; - }; - local.nginx.proxyVhosts."flux.gerg-l.com" = link.url; } diff --git a/nixosConfigurations/gerg-desktop/services/nginx.nix b/nixosConfigurations/gerg-desktop/services/nginx.nix index 7df0f54..0b07b48 100644 --- a/nixosConfigurations/gerg-desktop/services/nginx.nix +++ b/nixosConfigurations/gerg-desktop/services/nginx.nix @@ -9,70 +9,71 @@ }; }; - config = { - local.nginx.defaultVhosts = builtins.mapAttrs (_: v: { - locations."/".proxyPass = v; - }) config.local.nginx.proxyVhosts; + config = + let + cfg = config.services.nginx; + in + { + local.nginx.defaultVhosts = builtins.mapAttrs (_: v: { + locations."/".proxyPass = v; + }) config.local.nginx.proxyVhosts; - sops.secrets = { - gerg_ssl_key.owner = config.services.nginx.user; - gerg_ssl_cert.owner = config.services.nginx.user; - }; - - security.acme = { - acceptTerms = true; - certs."gerg-l.com" = { - email = "GregLeyda@proton.me"; - webroot = "/var/lib/acme/acme-challenge"; - extraDomainNames = builtins.attrNames config.local.nginx.defaultVhosts; + sops.secrets = { + gerg_ssl_key.owner = cfg.user; + gerg_ssl_cert.owner = cfg.user; }; - }; - fileSystems."/var/lib/acme" = { - device = "/persist/services/acme"; - fsType = "none"; - options = [ "bind" ]; - depends = [ - "/persist" - "/var" + security.acme = { + acceptTerms = true; + certs."gerg-l.com" = { + email = "GregLeyda@proton.me"; + inherit (cfg) group; + webroot = "/var/lib/acme/acme-challenge"; + extraDomainNames = builtins.attrNames config.local.nginx.defaultVhosts; + }; + }; + + systemd.mounts = [ + { + what = "/persist/services/acme"; + where = "/var/lib/acme"; + type = "none"; + options = "bind"; + } + ]; + + services.nginx = { + enable = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + # For immich + clientMaxBodySize = "50000M"; + proxyTimeout = "600s"; + virtualHosts = + builtins.mapAttrs + ( + _: v: + { + forceSSL = true; + useACMEHost = "gerg-l.com"; + } + // v + ) + ( + config.local.nginx.defaultVhosts + // { + "_" = { + default = true; + locations."/".return = "404"; + }; + } + ); + }; + networking.firewall.allowedTCPPorts = [ + 80 + 443 ]; }; - - users.users.${config.services.nginx.user}.extraGroups = [ "acme" ]; - - services.nginx = { - enable = true; - recommendedZstdSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - # For immich - clientMaxBodySize = "50000M"; - proxyTimeout = "600s"; - virtualHosts = - builtins.mapAttrs - ( - _: v: - { - forceSSL = true; - useACMEHost = "gerg-l.com"; - } - // v - ) - ( - config.local.nginx.defaultVhosts - // { - "_" = { - default = true; - locations."/".return = "404"; - }; - } - ); - }; - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - }; } diff --git a/nixosConfigurations/gerg-desktop/services/postgresql.nix b/nixosConfigurations/gerg-desktop/services/postgresql.nix index f8509dd..aa2fa04 100644 --- a/nixosConfigurations/gerg-desktop/services/postgresql.nix +++ b/nixosConfigurations/gerg-desktop/services/postgresql.nix @@ -1,9 +1,22 @@ -{ pkgs }: { + lib, + pkgs, + config, +}: +let + link = config.local.links.postgresql; +in +{ + local.links.postgresql.port = 5432; + services.postgresql = { enable = true; package = pkgs.postgresql_16; dataDir = "/persist/services/postgresql"; - settings.unix_socket_permissions = "0770"; + settings = { + inherit (link) port; + listen_addresses = lib.mkForce link.ipv4; + #unix_socket_directories = ""; + }; }; } diff --git a/nixosConfigurations/gerg-desktop/services/searxng.nix b/nixosConfigurations/gerg-desktop/services/searxng.nix index a84806a..46a2c3a 100644 --- a/nixosConfigurations/gerg-desktop/services/searxng.nix +++ b/nixosConfigurations/gerg-desktop/services/searxng.nix @@ -22,10 +22,13 @@ in secret_key = "@SEARXNG_SECRET@"; base_url = "https://search.gerg-l.com"; }; - search.formats = [ - "html" - "json" - ]; + search = { + default_lang = "en"; + formats = [ + "html" + "json" + ]; + }; engines = [ { name = "bing"; diff --git a/nixosConfigurations/gerg-desktop/services/vocard/_application.nix b/nixosConfigurations/gerg-desktop/services/vocard/_application.nix index 728264b..1f05617 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/_application.nix +++ b/nixosConfigurations/gerg-desktop/services/vocard/_application.nix @@ -7,6 +7,7 @@ address = link.ipv4; }; lavalink = { + pluginsDir = lavalinkPlugins; plugins = [ { dependency = "dev.lavalink.youtube:youtube-plugin:1.11.5"; @@ -74,7 +75,6 @@ metrics.prometheus.enabled = false; plugins = { - pluginsDir = lavalinkPlugins; youtube = { allowDirectPlaylistIds = true; allowDirectVideoIds = true; diff --git a/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix b/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix index 501057e..e0c73d6 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix +++ b/nixosConfigurations/gerg-desktop/services/vocard/_settings.nix @@ -90,7 +90,7 @@ mongodb_name = "vocard"; mongodb_url = ferretLink.url; nodes.DEFAULT = { - host = link.ipv4; + host = link.hostname; identifier = "DEFAULT"; password = p."vocard/password"; inherit (link) port; diff --git a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix index c225408..8b65174 100644 --- a/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix +++ b/nixosConfigurations/gerg-desktop/services/vocard/vocard.nix @@ -17,6 +17,7 @@ in sops = { secrets = { + ferretdb = { }; lavalink = { sopsFile = ./secrets.yaml; restartUnits = [ @@ -88,19 +89,15 @@ in ]; serviceConfig = { - ExecStart = - let - configFile = pkgs.writeText "application.yml" ( - builtins.toJSON ( - import ./_application.nix { - inherit link; - inherit (self'.packages) lavalinkPlugins; - } - ) - ); - in - - "${lib.getExe self'.packages.lavalink} --spring.config.location='file:${configFile}'"; + ExecStart = lib.getExe self'.packages.lavalink; + WorkingDirectory = lib.pipe ./_application.nix [ + (lib.flip import { + inherit link; + inherit (self'.packages) lavalinkPlugins; + }) + builtins.toJSON + (pkgs.writeTextDir "application.yml") + ]; DynamicUser = true; EnvironmentFile = config.sops.secrets.lavalink.path; Restart = "on-failure"; @@ -109,9 +106,54 @@ in }; }; - services.ferretdb = { - enable = true; - settings.FERRETDB_LISTEN_ADDR = ferretLink.tuple; + services.postgresql = { + ensureDatabases = [ "ferretdb" ]; + ensureUsers = [ + { + name = "ferretdb"; + ensureDBOwnership = true; + } + ]; + }; + + systemd.services.ferretdb = { + description = "FerretDB"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + FERRETDB_HANDLER = "pg"; + FERRETDB_LISTEN_ADDR = ferretLink.tuple; + }; + + serviceConfig = { + ExecStart = + let + dbLink = config.local.links.postgresql; + in + "${lib.getExe pkgs.ferretdb} --debug-addr='-' --telemetry='disable' --postgresql-url=\"postgres:///ferretdb?user=ferretdb&host=${dbLink.hostname}&port=${dbLink.portStr}&passfile=\${CREDENTIALS_DIRECTORY}/password\""; + Type = "simple"; + StateDirectory = "ferretdb"; + WorkingDirectory = "%S/ferretdb"; + LoadCredential = "password:${config.sops.secrets.ferretdb.path}"; + Restart = "on-failure"; + ProtectHome = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + NoNewPrivileges = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + DynamicUser = true; + }; }; systemd.mounts = [ From 8fcc7d718e6f866ec07742e67d11134653ecb0ed Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 13 Mar 2025 19:26:00 -0400 Subject: [PATCH 5/9] xorg cleanup --- nixosConfigurations/gerg-desktop/main.nix | 11 ++- nixosConfigurations/media-laptop/main.nix | 10 +-- nixosModules/DE/dwm.nix | 94 +++++++++++------------ nixosModules/DE/xfce.nix | 10 +-- nixosModules/DM/autoLogin.nix | 19 ----- nixosModules/DM/lightDM.nix | 2 +- nixosModules/X11.nix | 1 + 7 files changed, 61 insertions(+), 86 deletions(-) delete mode 100644 nixosModules/DM/autoLogin.nix diff --git a/nixosConfigurations/gerg-desktop/main.nix b/nixosConfigurations/gerg-desktop/main.nix index c7db2bb..6221e67 100644 --- a/nixosConfigurations/gerg-desktop/main.nix +++ b/nixosConfigurations/gerg-desktop/main.nix @@ -9,11 +9,7 @@ { local = { DE.dwm.enable = true; - DM = { - lightdm.enable = true; - autoLogin = true; - loginUser = "gerg"; - }; + DM.lightdm.enable = true; theming = { enable = true; kmscon.enable = true; @@ -114,7 +110,10 @@ ''; }; - services.libinput.mouse.accelProfile = "flat"; + services.displayManager.autoLogin = { + enable = true; + user = "gerg"; + }; programs = { steam.enable = true; diff --git a/nixosConfigurations/media-laptop/main.nix b/nixosConfigurations/media-laptop/main.nix index 7a03148..0e0c909 100644 --- a/nixosConfigurations/media-laptop/main.nix +++ b/nixosConfigurations/media-laptop/main.nix @@ -7,11 +7,7 @@ { local = { remoteBuild.enable = true; - DM = { - lightdm.enable = true; - autoLogin = true; - loginUser = "media"; - }; + DM.lightdm.enable = true; DE.xfce.enable = true; theming = { enable = true; @@ -35,6 +31,10 @@ sops.secrets.root.neededForUsers = true; + services.displayManager.autoLogin = { + enable = true; + user = "media"; + }; users = { mutableUsers = false; users = { diff --git a/nixosModules/DE/dwm.nix b/nixosModules/DE/dwm.nix index c869fab..ce19a16 100644 --- a/nixosModules/DE/dwm.nix +++ b/nixosModules/DE/dwm.nix @@ -38,36 +38,62 @@ sxhkd = { wantedBy = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${lib.getExe pkgs.sxhkd} -c /etc/sxhkd/sxhkdrc"; - Restart = "always"; - RestartSec = 2; - ExecReload = "pkill -usr1 -x $MAINPID"; - }; + serviceConfig = + let + configFile = pkgs.writeText "sxhkdrc" '' + XF86AudioPlay + playerctl play-pause + XF86AudioPause + playerctl play-pause + XF86AudioStop + playerctl stop + XF86AudioNext + playerctl next + XF86AudioPrev + playerctl previous + XF86AudioRaiseVolume + wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+ + XF86AudioLowerVolume + wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%- + XF86AudioMute + wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle + Print + maim $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg + Print + shift + maim | xclip -selection clipboard -t image/png + super + Print + maim -s $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg + super + Print + shift + maim -s | xclip -selection clipboard -t image/png + super + ctrl + r + pkill -usr1 -x sxhkd + super + ctrl + l + xsecurelock + ''; + in + + { + ExecStart = "${lib.getExe pkgs.sxhkd} -c '${configFile}'"; + Restart = "always"; + RestartSec = 2; + ExecReload = "pkill -usr1 -x $MAINPID"; + }; }; picom = { wantedBy = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${lib.getExe pkgs.picom} --backend egl"; - Restart = "always"; - RestartSec = 2; - ExecReload = "pkill -usr1 -x $MAINPID"; - }; + serviceConfig.ExecStart = "${lib.getExe pkgs.picom} --backend egl"; }; }; services = { - gvfs.enable = true; displayManager.defaultSession = "none+dwm"; xserver = { enable = true; - displayManager = { - sessionCommands = '' - feh --bg-center "${self'.packages.images}/recursion.png" - numlockx - ''; - }; + displayManager.sessionCommands = '' + feh --bg-center "${self'.packages.images}/recursion.png" + numlockx + ''; windowManager.session = [ { name = "dwm"; @@ -93,35 +119,5 @@ }; }; - environment.etc."sxhkd/sxhkdrc".text = '' - XF86AudioPlay - playerctl play-pause - XF86AudioPause - playerctl play-pause - XF86AudioStop - playerctl stop - XF86AudioNext - playerctl next - XF86AudioPrev - playerctl previous - XF86AudioRaiseVolume - wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+ - XF86AudioLowerVolume - wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%- - XF86AudioMute - wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle - Print - maim $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg - Print + shift - maim | xclip -selection clipboard -t image/png - super + Print - maim -s $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg - super + Print + shift - maim -s | xclip -selection clipboard -t image/png - super + ctrl + r - pkill -usr1 -x sxhkd - super + ctrl + l - xsecurelock - ''; }; } diff --git a/nixosModules/DE/xfce.nix b/nixosModules/DE/xfce.nix index 57fafbf..fb941c8 100644 --- a/nixosModules/DE/xfce.nix +++ b/nixosModules/DE/xfce.nix @@ -8,13 +8,11 @@ config = lib.mkIf config.local.DE.xfce.enable { environment.systemPackages = [ pkgs.xfce.xfce4-whiskermenu-plugin ]; - services = { - xserver = { + services.xserver = { + enable = true; + desktopManager.xfce = { enable = true; - desktopManager.xfce = { - enable = true; - enableScreensaver = true; - }; + enableScreensaver = true; }; displayManager.defaultSession = "xfce"; }; diff --git a/nixosModules/DM/autoLogin.nix b/nixosModules/DM/autoLogin.nix deleted file mode 100644 index 26c52ac..0000000 --- a/nixosModules/DM/autoLogin.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib }: -{ - options.local.DM = { - autoLogin = lib.mkEnableOption ""; - loginUser = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - }; - - config = lib.mkIf config.local.DM.autoLogin { - services.displayManager = { - autoLogin = { - enable = true; - user = config.local.DM.loginUser; - }; - }; - }; -} diff --git a/nixosModules/DM/lightDM.nix b/nixosModules/DM/lightDM.nix index bf73fa7..187010a 100644 --- a/nixosModules/DM/lightDM.nix +++ b/nixosModules/DM/lightDM.nix @@ -14,7 +14,7 @@ extraConfig = "minimum-vt=1"; greeters.mini = { enable = true; - user = config.local.DM.loginUser; + inherit (config.services.displayManager.autoLogin) user; extraConfig = '' [greeter] show-password-label = false diff --git a/nixosModules/X11.nix b/nixosModules/X11.nix index 095c904..942589f 100644 --- a/nixosModules/X11.nix +++ b/nixosModules/X11.nix @@ -1,5 +1,6 @@ { pkgs, lib }: { + services.libinput.mouse.accelProfile = "flat"; services.xserver = { tty = lib.mkDefault 1; exportConfiguration = true; From b92568fbdec7878c59c405e4165a10f170adc1f5 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 13 Mar 2025 19:38:04 -0400 Subject: [PATCH 6/9] lib: add overlay --- lib/_default.nix | 135 +--------------------------------------------- lib/overlay.nix | 137 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+), 134 deletions(-) create mode 100644 lib/overlay.nix diff --git a/lib/_default.nix b/lib/_default.nix index 2b2a99f..47ce68b 100644 --- a/lib/_default.nix +++ b/lib/_default.nix @@ -1,141 +1,8 @@ { unstable, - self, ... }@inputs: let inherit (unstable) lib; in -lib.fix (myLib: { - wrench = lib.flip lib.pipe; - - needsSystem = lib.flip builtins.elem [ - "apps" - "checks" - "defaultPackage" - "devShell" - "devShells" - "formatter" - "legacyPackages" - "packages" - ]; - - constructInputs' = - system: - myLib.wrench [ - (lib.filterAttrs (_: lib.isType "flake")) - (lib.mapAttrs ( - _: lib.mapAttrs (name: value: if myLib.needsSystem name then value.${system} else value) - )) - ]; - - listNixFilesRecursive = myLib.wrench [ - builtins.unsafeDiscardStringContext - lib.filesystem.listFilesRecursive - (builtins.filter (x: !lib.hasPrefix "_" (builtins.baseNameOf x) && lib.hasSuffix ".nix" x)) - ]; - - addSchizophreniaToModule = - x: - let - # the imported module - imported = import x; - in - /* - If the module isn't a function then - it doesn't need arguments and error - message locations will function correctly - */ - if !lib.isFunction imported then - x - else - let - # all arguments defined in the module - funcArgs = lib.functionArgs imported; - /* - The names of all arguments which will be - available to be inserted into the module arguments - */ - argNames = builtins.attrNames inputs ++ [ - "inputs" - "inputs'" - "self'" - "_dir" - ]; - - /* - arguments to be passed minus - per system attributes - for example flake-parts-esque inputs' - */ - argsPre = { - inherit inputs self; - /* - _dir is the "self" derived - path to the directory containing the module - */ - _dir = builtins.dirOf x; - }; - - /* - arguments which will be inserted - set to the before per-system values - */ - providedArgs = lib.pipe funcArgs [ - (lib.filterAttrs (n: _: builtins.elem n argNames)) - (lib.mapAttrs (n: _: argsPre.${n} or { })) - ]; - - /* - arguments which the module system - not provided here. either to be - provided by the module system or invalid - */ - neededArgs = lib.filterAttrs (n: _: !builtins.elem n argNames) funcArgs; - in - { - __functionArgs = neededArgs // { - /* - always require pkgs to be passed - to derive system from pkgs.stdenv.system - */ - pkgs = false; - }; - - __functor = - /* - args is specialArgs + _module.args which are needed - and always pkgs - */ - _: args: - imported ( - /* - take module system provided arguments - filter them so only the required ones are passed - */ - (lib.filterAttrs (n: _: neededArgs ? ${n}) args) - # add needed arguments - // ( - providedArgs - # add system dependent arguments - // ( - let - inputs' = myLib.constructInputs' args.pkgs.stdenv.system inputs; - - actuallyAllArgs = inputs' // { - inherit inputs'; - self' = inputs'.self; - inherit (inputs) self; - }; - in - lib.filterAttrs (n: _: providedArgs ? ${n}) actuallyAllArgs - ) - ) - ) - # add _file to the final module attribute set - // { - _file = x; - }; - }; - -}) +lib.fix (self: (import ./overlay.nix inputs self lib)) diff --git a/lib/overlay.nix b/lib/overlay.nix new file mode 100644 index 0000000..1552d73 --- /dev/null +++ b/lib/overlay.nix @@ -0,0 +1,137 @@ +{ self, ... }@inputs: + +myLib: lib: { + overlay = import ./overlay.nix inputs; + + wrench = lib.flip lib.pipe; + + needsSystem = lib.flip builtins.elem [ + "apps" + "checks" + "defaultPackage" + "devShell" + "devShells" + "formatter" + "legacyPackages" + "packages" + ]; + + constructInputs' = + system: + myLib.wrench [ + (lib.filterAttrs (_: lib.isType "flake")) + (lib.mapAttrs ( + _: lib.mapAttrs (name: value: if myLib.needsSystem name then value.${system} else value) + )) + ]; + + listNixFilesRecursive = myLib.wrench [ + builtins.unsafeDiscardStringContext + lib.filesystem.listFilesRecursive + (builtins.filter (x: !lib.hasPrefix "_" (builtins.baseNameOf x) && lib.hasSuffix ".nix" x)) + ]; + + addSchizophreniaToModule = + x: + let + # the imported module + imported = import x; + in + /* + If the module isn't a function then + it doesn't need arguments and error + message locations will function correctly + */ + if !lib.isFunction imported then + x + else + let + # all arguments defined in the module + funcArgs = lib.functionArgs imported; + /* + The names of all arguments which will be + available to be inserted into the module arguments + */ + argNames = builtins.attrNames inputs ++ [ + "inputs" + "inputs'" + "self'" + "_dir" + ]; + + /* + arguments to be passed minus + per system attributes + for example flake-parts-esque inputs' + */ + argsPre = { + inherit inputs self; + /* + _dir is the "self" derived + path to the directory containing the module + */ + _dir = builtins.dirOf x; + }; + + /* + arguments which will be inserted + set to the before per-system values + */ + providedArgs = lib.pipe funcArgs [ + (lib.filterAttrs (n: _: builtins.elem n argNames)) + (lib.mapAttrs (n: _: argsPre.${n} or { })) + ]; + + /* + arguments which the module system + not provided here. either to be + provided by the module system or invalid + */ + neededArgs = lib.filterAttrs (n: _: !builtins.elem n argNames) funcArgs; + in + { + __functionArgs = neededArgs // { + /* + always require pkgs to be passed + to derive system from pkgs.stdenv.system + */ + pkgs = false; + }; + + __functor = + /* + args is specialArgs + _module.args which are needed + and always pkgs + */ + _: args: + imported ( + /* + take module system provided arguments + filter them so only the required ones are passed + */ + (lib.filterAttrs (n: _: neededArgs ? ${n}) args) + # add needed arguments + // ( + providedArgs + # add system dependent arguments + // ( + let + inputs' = myLib.constructInputs' args.pkgs.stdenv.system inputs; + + actuallyAllArgs = inputs' // { + inherit inputs'; + self' = inputs'.self; + inherit (inputs) self; + }; + in + lib.filterAttrs (n: _: providedArgs ? ${n}) actuallyAllArgs + ) + ) + ) + # add _file to the final module attribute set + // { + _file = x; + }; + }; + +} From 0dedea7fae6e5e77f8305b063aa79779477c08c4 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 13 Mar 2025 20:08:38 -0400 Subject: [PATCH 7/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nvim-flake': 'github:Gerg-L/nvim-flake/cf2223a7d041af388ad8e05cea5265c8e04c84d8?narHash=sha256-z0enmKFtlFiJXeXMmiWRtRMSvbfVyICmTmDDdMHdkL0%3D' (2025-03-09) → 'github:Gerg-L/nvim-flake/ad53aad5d8fe0c5215a703dbb2df5b2704f08a13?narHash=sha256-W66Plcq5rOWSOa64VySwCKfOuv3ottMuFIk37Eorj%2BQ%3D' (2025-03-14) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 997dc0d..bfa56b9 100644 --- a/flake.lock +++ b/flake.lock @@ -631,11 +631,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1741483537, - "narHash": "sha256-z0enmKFtlFiJXeXMmiWRtRMSvbfVyICmTmDDdMHdkL0=", + "lastModified": 1741910893, + "narHash": "sha256-W66Plcq5rOWSOa64VySwCKfOuv3ottMuFIk37Eorj+Q=", "owner": "Gerg-L", "repo": "nvim-flake", - "rev": "cf2223a7d041af388ad8e05cea5265c8e04c84d8", + "rev": "ad53aad5d8fe0c5215a703dbb2df5b2704f08a13", "type": "github" }, "original": { From 2415a079222372d8954e346900219ef55ce9d57b Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 13 Mar 2025 20:22:32 -0400 Subject: [PATCH 8/9] ddns: remove wantedBy --- nixosConfigurations/gerg-desktop/services/ddns.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixosConfigurations/gerg-desktop/services/ddns.nix b/nixosConfigurations/gerg-desktop/services/ddns.nix index e66d501..357e91c 100644 --- a/nixosConfigurations/gerg-desktop/services/ddns.nix +++ b/nixosConfigurations/gerg-desktop/services/ddns.nix @@ -10,7 +10,6 @@ reloadIfChanged = false; restartIfChanged = false; stopIfChanged = false; - wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; startAt = "hourly"; From 5b206952074390c6c283cff3b436ce19d63ef1a5 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 13 Mar 2025 20:22:47 -0400 Subject: [PATCH 9/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'fetch-rs': 'github:Gerg-L/fetch-rs/b9b2e406412a6f416d6ac2c6fab24ac79cb78d15?narHash=sha256-vEomFIFl2nXUJQC0fuSKexUYqufhebbkyx%2BhF2l1bX8%3D' (2025-01-22) → 'github:Gerg-L/fetch-rs/d4a675837ac40c54cf1b3987c783645376d6cbbb?narHash=sha256-GUItxBNz/VtVAjPnltF0RYCDChIhfn0YV5T/GSG9jFI%3D' (2025-03-12) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bfa56b9..5435d46 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1737589030, - "narHash": "sha256-vEomFIFl2nXUJQC0fuSKexUYqufhebbkyx+hF2l1bX8=", + "lastModified": 1741820453, + "narHash": "sha256-GUItxBNz/VtVAjPnltF0RYCDChIhfn0YV5T/GSG9jFI=", "owner": "Gerg-L", "repo": "fetch-rs", - "rev": "b9b2e406412a6f416d6ac2c6fab24ac79cb78d15", + "rev": "d4a675837ac40c54cf1b3987c783645376d6cbbb", "type": "github" }, "original": {