gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: gerg-l:5b206952074390c6c283cff3b436ce19d63ef1a5
Branches Tags
gerg-l:master
..
compare: gerg-l:9d39f0325c27f7d40d536c9e64088561c62d6819
Branches Tags
gerg-l:master

No commits in common. "5b206952074390c6c283cff3b436ce19d63ef1a5" and "9d39f0325c27f7d40d536c9e64088561c62d6819" have entirely different histories.
5b20695207 ... 9d39f0325c

25 changed files with 619 additions and 651 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.lock generated
View file

@ -42,11 +42,11 @@
]
},
"locked": {
"lastModified": 1741820453,
"narHash": "sha256-GUItxBNz/VtVAjPnltF0RYCDChIhfn0YV5T/GSG9jFI=",
"lastModified": 1737589030,
"narHash": "sha256-vEomFIFl2nXUJQC0fuSKexUYqufhebbkyx+hF2l1bX8=",
"owner": "Gerg-L",
"repo": "fetch-rs",
"rev": "d4a675837ac40c54cf1b3987c783645376d6cbbb",
"rev": "b9b2e406412a6f416d6ac2c6fab24ac79cb78d15",
"type": "github"
},
"original": {
@ -631,11 +631,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1741910893,
"narHash": "sha256-W66Plcq5rOWSOa64VySwCKfOuv3ottMuFIk37Eorj+Q=",
"lastModified": 1741483537,
"narHash": "sha256-z0enmKFtlFiJXeXMmiWRtRMSvbfVyICmTmDDdMHdkL0=",
"owner": "Gerg-L",
"repo": "nvim-flake",
"rev": "ad53aad5d8fe0c5215a703dbb2df5b2704f08a13",
"rev": "cf2223a7d041af388ad8e05cea5265c8e04c84d8",
"type": "github"
},
"original": {

135
lib/_default.nix
View file

@ -1,8 +1,141 @@
{
unstable,
self,
...
}@inputs:
let
inherit (unstable) lib;
in
lib.fix (self: (import ./overlay.nix inputs self lib))
lib.fix (myLib: {
wrench = lib.flip lib.pipe;
needsSystem = lib.flip builtins.elem [
"apps"
"checks"
"defaultPackage"
"devShell"
"devShells"
"formatter"
"legacyPackages"
"packages"
];
constructInputs' =
system:
myLib.wrench [
(lib.filterAttrs (_: lib.isType "flake"))
(lib.mapAttrs (
_: lib.mapAttrs (name: value: if myLib.needsSystem name then value.${system} else value)
))
];
listNixFilesRecursive = myLib.wrench [
builtins.unsafeDiscardStringContext
lib.filesystem.listFilesRecursive
(builtins.filter (x: !lib.hasPrefix "_" (builtins.baseNameOf x) && lib.hasSuffix ".nix" x))
];
addSchizophreniaToModule =
x:
let
# the imported module
imported = import x;
in
/*
If the module isn't a function then
it doesn't need arguments and error
message locations will function correctly
*/
if !lib.isFunction imported then
x
else
let
# all arguments defined in the module
funcArgs = lib.functionArgs imported;
/*
The names of all arguments which will be
available to be inserted into the module arguments
*/
argNames = builtins.attrNames inputs ++ [
"inputs"
"inputs'"
"self'"
"_dir"
];
/*
arguments to be passed minus
per system attributes
for example flake-parts-esque inputs'
*/
argsPre = {
inherit inputs self;
/*
_dir is the "self" derived
path to the directory containing the module
*/
_dir = builtins.dirOf x;
};
/*
arguments which will be inserted
set to the before per-system values
*/
providedArgs = lib.pipe funcArgs [
(lib.filterAttrs (n: _: builtins.elem n argNames))
(lib.mapAttrs (n: _: argsPre.${n} or { }))
];
/*
arguments which the module system
not provided here. either to be
provided by the module system or invalid
*/
neededArgs = lib.filterAttrs (n: _: !builtins.elem n argNames) funcArgs;
in
{
__functionArgs = neededArgs // {
/*
always require pkgs to be passed
to derive system from pkgs.stdenv.system
*/
pkgs = false;
};
__functor =
/*
args is specialArgs + _module.args which are needed
and always pkgs
*/
_: args:
imported (
/*
take module system provided arguments
filter them so only the required ones are passed
*/
(lib.filterAttrs (n: _: neededArgs ? ${n}) args)
# add needed arguments
// (
providedArgs
# add system dependent arguments
// (
let
inputs' = myLib.constructInputs' args.pkgs.stdenv.system inputs;
actuallyAllArgs = inputs' // {
inherit inputs';
self' = inputs'.self;
inherit (inputs) self;
};
in
lib.filterAttrs (n: _: providedArgs ? ${n}) actuallyAllArgs
)
)
)
# add _file to the final module attribute set
// {
_file = x;
};
};
})

137
lib/overlay.nix
View file

@ -1,137 +0,0 @@
{ self, ... }@inputs:
myLib: lib: {
overlay = import ./overlay.nix inputs;
wrench = lib.flip lib.pipe;
needsSystem = lib.flip builtins.elem [
"apps"
"checks"
"defaultPackage"
"devShell"
"devShells"
"formatter"
"legacyPackages"
"packages"
];
constructInputs' =
system:
myLib.wrench [
(lib.filterAttrs (_: lib.isType "flake"))
(lib.mapAttrs (
_: lib.mapAttrs (name: value: if myLib.needsSystem name then value.${system} else value)
))
];
listNixFilesRecursive = myLib.wrench [
builtins.unsafeDiscardStringContext
lib.filesystem.listFilesRecursive
(builtins.filter (x: !lib.hasPrefix "_" (builtins.baseNameOf x) && lib.hasSuffix ".nix" x))
];
addSchizophreniaToModule =
x:
let
# the imported module
imported = import x;
in
/*
If the module isn't a function then
it doesn't need arguments and error
message locations will function correctly
*/
if !lib.isFunction imported then
x
else
let
# all arguments defined in the module
funcArgs = lib.functionArgs imported;
/*
The names of all arguments which will be
available to be inserted into the module arguments
*/
argNames = builtins.attrNames inputs ++ [
"inputs"
"inputs'"
"self'"
"_dir"
];
/*
arguments to be passed minus
per system attributes
for example flake-parts-esque inputs'
*/
argsPre = {
inherit inputs self;
/*
_dir is the "self" derived
path to the directory containing the module
*/
_dir = builtins.dirOf x;
};
/*
arguments which will be inserted
set to the before per-system values
*/
providedArgs = lib.pipe funcArgs [
(lib.filterAttrs (n: _: builtins.elem n argNames))
(lib.mapAttrs (n: _: argsPre.${n} or { }))
];
/*
arguments which the module system
not provided here. either to be
provided by the module system or invalid
*/
neededArgs = lib.filterAttrs (n: _: !builtins.elem n argNames) funcArgs;
in
{
__functionArgs = neededArgs // {
/*
always require pkgs to be passed
to derive system from pkgs.stdenv.system
*/
pkgs = false;
};
__functor =
/*
args is specialArgs + _module.args which are needed
and always pkgs
*/
_: args:
imported (
/*
take module system provided arguments
filter them so only the required ones are passed
*/
(lib.filterAttrs (n: _: neededArgs ? ${n}) args)
# add needed arguments
// (
providedArgs
# add system dependent arguments
// (
let
inputs' = myLib.constructInputs' args.pkgs.stdenv.system inputs;
actuallyAllArgs = inputs' // {
inherit inputs';
self' = inputs'.self;
inherit (inputs) self;
};
in
lib.filterAttrs (n: _: providedArgs ? ${n}) actuallyAllArgs
)
)
)
# add _file to the final module attribute set
// {
_file = x;
};
};
}

11
nixosConfigurations/gerg-desktop/main.nix
View file

@ -9,7 +9,11 @@
{
local = {
DE.dwm.enable = true;
DM.lightdm.enable = true;
DM = {
lightdm.enable = true;
autoLogin = true;
loginUser = "gerg";
};
theming = {
enable = true;
kmscon.enable = true;
@ -110,10 +114,7 @@
'';
};
services.displayManager.autoLogin = {
enable = true;
user = "gerg";
};
services.libinput.mouse.accelProfile = "flat";
programs = {
steam.enable = true;

9
nixosConfigurations/gerg-desktop/secrets.yaml
View file

@ -1,10 +1,7 @@
ferretdb: ENC[AES256_GCM,data:T+aeEtgiM4D+a7MOumE69UNMFjKYKASexSl5/r2HC2fSg93qlISwXRPuSXp6RidyWQE/HJWh3RdPzkbIkBtTmcyxF78gk/LlHsMbrCdSBHF9/hPd4N1AuKquZi8PvyDE6e0RjmUjZxn1PkzDdqWB7bWtYLFyZO7T8WaReouyZObFCG1hI00oT/s=,iv:6xwdMS/JPzVThT3rJmF7/MPs6oEoUwdwYhvyGC1mCrQ=,tag:wxBfckBmo+JM6me+PKcjfw==,type:str]
forgejo: ENC[AES256_GCM,data:gNpOxeXlkYIqIFTqQvFg3pr/b1P5CEVbKDDXhmNnsp6PpdLDKjdRsMobEAOHsSuqdRUpuRsLolAlMUayHyQZ5pLtATXhxLN9TZtucn52eKqVdYx4spbSbbPdHHRznEze55MZuNmMPH9Y3tk+uzIQgzOpHohRs8+/lI3dS8F2dfqg,iv:vIGaWyDRFoR5csdIwsLoHyr3LmA7qyOGshivdvYFy5c=,tag:hif0XGaLQRzhDFVDQLTDBQ==,type:str]
immich: ENC[AES256_GCM,data:P5sMIZ0qaXDvmJ9h1pm+w53FtjMFZcaHXFCqpqldEZ9umVRqidaie5C2c/5SMPpiNWxpFMksvzfA8CQrZVgFEo7kqbg/xU4KeZMEhAqC8tWku0Zi3c452479PARzRvN/e1v24KSzFA5X0zztDNRxMFpjIAURNhQ7ZxKaP/ItP/MW9rzukP3Ow5homThawjk=,iv:dvTLTyh1Cbcmmcq87yvGDffe43Q/Grp7lz36zI5Yd1A=,tag:fLgVTUyQqULiodM4MVfAlQ==,type:str]
cloudflare: ENC[AES256_GCM,data:RZ+Smjn1nvnkxYAF56fEcBsFvO3YY+FWJ8wb0c72sxQleRjy9tVp7yDr9gRfUg3G,iv:mGaFxKFLrIouNhyqq/nBKaKub1WfekcCeHVLASQpBCs=,tag:xKl5EHR9g7d4pJkt49BLyw==,type:str]
reboot_token: ENC[AES256_GCM,data:/3QP30OUZsFaagj9Ljde1jz5nxZA6jp6/B6pmlponepRy3uZJ2jlaYQ3EBDiv5L413ecfWePAeWlX07eZ08JIRdoO5Ky52LM1+nPHMJFXzQ0h2onz4RVQAM=,iv:qiRk93LM7+3QmW27ItoWYGo7PLlu/hpprcPdnOaCBdw=,tag:X9kEov2FOrsIqkkStLegPw==,type:str]
searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str]
minifluxenv: ENC[AES256_GCM,data:xn1x68dE0+/wP627w7zbm+lCvOKfKkPahjlLN+4zg/zoTGbIrstb40HFLTt8opCMgW3OmCPIY45DjT49W29m8SipJwOjWvqbm5iGhI3KYgE/jzpjLnFiNLdigGeZ0aBf5OiN/ef82B+qkjlOcO3x0CWFSONLRsDqa0KJR/eHWFCsqdxJxUd9KpJ47TiPb4y7mvnfJebrg3IPxxABrImeg2d5a2RjDIueFdWyJLJol9JTJDPpTLFm0OEG6Xbr2G2sQQ==,iv:mXdcFtbLGTu3aOCJ/m/axA9bnHNqzPsQFuLv5Bj1Dkw=,tag:255hftEAi2CPsr5gwXs1zQ==,type:str]
minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str]
gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
store_key: ENC[AES256_GCM,data:2XioKwoH0V5QuedXl4w2IFrT2qOQWF0kbchYTMhyL9BaUqYHhXQi4buvKUVbBQ8AnzD1GJT3ZRy1S13CxEkdQvXE0IY0iX5nkTJtI3VgpiF64wfvZqcLQGaaNTCg+AEDP304KtIZZiao,iv:PV0bORWHoRDM8HvFwOI2sl7QjfD9G0VXSZ9RrPBUsyM=,tag:caVnOow466eBT/5bqYU0Iw==,type:str]
github_token: ENC[AES256_GCM,data:LijyCmMkfaCmh3rVKB96GHd7eM5Qbj9Jea1UZbQGgf67rof1uS+XML+3hmC6lOf6iOeJQtg12fC3ODHnzGuiC+dd1VbIkL5xRR7VBpFF2g6q5ixz9On/IRP74lX7SexCbcOx6YHi6eU6FX6fXe8wWhM87RYZcuiaEw==,iv:GWpI5Q2svJCz28wPVwTPq/+aLN7bWFz4gHNm3Qe6YFI=,tag:1KO9shVI0m2DSomDAuGnsQ==,type:str]
@ -25,8 +22,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-06T03:09:11Z"
mac: ENC[AES256_GCM,data:3EeCTjNO74bwoa9mi2Da5jigmjwQC+IZO9eJS8V5ujuIz2suB1Q9xl7AUBk8JT5oqCvuVJZ4QuOjtSUp00h2f4cvuq0/VQWurb7RBDG956iT0v6Js+3s4sgZ6mTaD0W3IXYpQkoCLKA0EdfZpqayBAK8ToUYCJhCaNBLl7eUZBw=,iv:heJUcxMbJCmEq14woFFXGEfx2xlID0ZeDxtBK8kXWOE=,tag:jNahdAVH9IoIs63H3yW0AA==,type:str]
lastmodified: "2025-02-26T23:23:36Z"
mac: ENC[AES256_GCM,data:rUuzMNzXf2rgmT7t4eNXnVDtA4izwbc+8wvMztu5gvymJNBGf2B+uvFzEZMqMA+gmdqwX4B51K2oTYe7GU3EAgjp+7709hy4Dzs0vILebJn6ijO3AVHLEWLE7ia0cao6wAzKv6qtlyvAb1TvyTgtJpM+LCsuOkEItPJxoEDGlzc=,iv:rYlkNXaz/mk7WBYm27y/+eqJAThZ/pcjW6bMuTjTIZ4=,tag:end6/klu3sW9PuTIbWxZmw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

1
nixosConfigurations/gerg-desktop/services/ddns.nix
View file

@ -10,6 +10,7 @@
reloadIfChanged = false;
restartIfChanged = false;
stopIfChanged = false;
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "hourly";

33
nixosConfigurations/gerg-desktop/services/forgejo.nix
View file

@ -3,13 +3,19 @@ let
link = config.local.links.forgejo;
in
{
sops.secrets.forgejo.owner = config.services.forgejo.user;
local.links.forgejo = { };
users = {
groups.${config.services.forgejo.group} = { };
users = {
${config.services.forgejo.user} = {
isSystemUser = true;
inherit (config.services.forgejo) group;
extraGroups = [ "postgres" ];
openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ];
};
users.users.${config.services.forgejo.user}.openssh.authorizedKeys.keys = [
config.local.keys.gerg_gerg-desktop
];
};
};
services.forgejo = {
enable = true;
stateDir = "/persist/services/forgejo";
@ -19,25 +25,16 @@ in
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
LANDING_PAGE = "/explore/repos";
PROTOCOL = link.protocol;
HTTP_ADDR = link.ipv4;
HTTP_PORT = link.port;
};
ui.DEFAULT_THEME = "forgejo-dark";
service.DISABLE_REGISTRATION = true;
database.LOG_SQL = false;
};
database =
let
dbLink = config.local.links.postgresql;
in
{
type = "postgres";
createDatabase = true;
inherit (dbLink) port;
host = dbLink.hostname;
passwordFile = config.sops.secrets.forgejo.path;
};
database = {
type = "postgres";
createDatabase = true;
};
};
local.nginx.proxyVhosts."git.gerg-l.com" = link.url;

22
nixosConfigurations/gerg-desktop/services/immich.nix
View file

@ -1,33 +1,25 @@
{ config }:
{ config, ... }:
let
cfg = config.services.immich;
link = config.local.links.immich;
in
{
sops.secrets.immich.owner = cfg.user;
local.links.immich = { };
systemd.tmpfiles.rules = [ "d ${cfg.mediaLocation} - ${cfg.user} ${cfg.group} - -" ];
users.users.${cfg.user}.extraGroups = [ "postgres" ];
services.immich = {
enable = true;
openFirewall = true;
#secretsFile = config.sops.secrets.immich.path;
database =
let
dbLink = config.local.links.postgresql;
in
{
enable = true;
createDB = true;
inherit (dbLink) port;
#host = dbLink.hostname;
};
database = {
enable = true;
createDB = true;
};
mediaLocation = "/persist/services/immich";
machine-learning.enable = true;
settings = null;
inherit (link) port;
host = link.hostname;
host = link.ipv4;
};
local.nginx.proxyVhosts."photos.gerg-l.com" = link.url;

19
nixosConfigurations/gerg-desktop/services/miniflux.nix
View file

@ -1,5 +1,4 @@
{
lib,
config,
}:
let
@ -15,15 +14,23 @@ in
config = {
BASE_URL = "https://flux.gerg-l.com";
LISTEN_ADDR = link.tuple;
DATABASE_URL =
let
dbLink = config.local.links.postgresql;
in
lib.mkForce "user=miniflux host=${dbLink.hostname} port=${dbLink.portStr} dbname=miniflux sslmode=disable";
};
adminCredentialsFile = config.sops.secrets.minifluxenv.path;
createDatabaseLocally = true;
};
users = {
groups.miniflux.gid = 377;
users = {
miniflux = {
group = "miniflux";
extraGroups = [ "postgres" ];
isSystemUser = true;
uid = 377;
};
${config.services.nginx.user}.extraGroups = [ "miniflux" ];
};
};
local.nginx.proxyVhosts."flux.gerg-l.com" = link.url;
}

123
nixosConfigurations/gerg-desktop/services/nginx.nix
View file

@ -9,71 +9,70 @@
};
};
config =
let
cfg = config.services.nginx;
in
{
local.nginx.defaultVhosts = builtins.mapAttrs (_: v: {
locations."/".proxyPass = v;
}) config.local.nginx.proxyVhosts;
config = {
local.nginx.defaultVhosts = builtins.mapAttrs (_: v: {
locations."/".proxyPass = v;
}) config.local.nginx.proxyVhosts;
sops.secrets = {
gerg_ssl_key.owner = cfg.user;
gerg_ssl_cert.owner = cfg.user;
sops.secrets = {
gerg_ssl_key.owner = config.services.nginx.user;
gerg_ssl_cert.owner = config.services.nginx.user;
};
security.acme = {
acceptTerms = true;
certs."gerg-l.com" = {
email = "GregLeyda@proton.me";
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = builtins.attrNames config.local.nginx.defaultVhosts;
};
};
security.acme = {
acceptTerms = true;
certs."gerg-l.com" = {
email = "GregLeyda@proton.me";
inherit (cfg) group;
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = builtins.attrNames config.local.nginx.defaultVhosts;
};
};
systemd.mounts = [
{
what = "/persist/services/acme";
where = "/var/lib/acme";
type = "none";
options = "bind";
}
];
services.nginx = {
enable = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# For immich
clientMaxBodySize = "50000M";
proxyTimeout = "600s";
virtualHosts =
builtins.mapAttrs
(
_: v:
{
forceSSL = true;
useACMEHost = "gerg-l.com";
}
// v
)
(
config.local.nginx.defaultVhosts
// {
"_" = {
default = true;
locations."/".return = "404";
};
}
);
};
networking.firewall.allowedTCPPorts = [
80
443
fileSystems."/var/lib/acme" = {
device = "/persist/services/acme";
fsType = "none";
options = [ "bind" ];
depends = [
"/persist"
"/var"
];
};
users.users.${config.services.nginx.user}.extraGroups = [ "acme" ];
services.nginx = {
enable = true;
recommendedZstdSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# For immich
clientMaxBodySize = "50000M";
proxyTimeout = "600s";
virtualHosts =
builtins.mapAttrs
(
_: v:
{
forceSSL = true;
useACMEHost = "gerg-l.com";
}
// v
)
(
config.local.nginx.defaultVhosts
// {
"_" = {
default = true;
locations."/".return = "404";
};
}
);
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

17
nixosConfigurations/gerg-desktop/services/postgresql.nix
View file

@ -1,22 +1,9 @@
{ pkgs }:
{
lib,
pkgs,
config,
}:
let
link = config.local.links.postgresql;
in
{
local.links.postgresql.port = 5432;
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
dataDir = "/persist/services/postgresql";
settings = {
inherit (link) port;
listen_addresses = lib.mkForce link.ipv4;
#unix_socket_directories = "";
};
settings.unix_socket_permissions = "0770";
};
}

11
nixosConfigurations/gerg-desktop/services/searxng.nix
View file

@ -22,13 +22,10 @@ in
secret_key = "@SEARXNG_SECRET@";
base_url = "https://search.gerg-l.com";
};
search = {
default_lang = "en";
formats = [
"html"
"json"
];
};
search.formats = [
"html"
"json"
];
engines = [
{
name = "bing";

94
nixosConfigurations/gerg-desktop/services/vocard/_application.nix
View file

@ -1,94 +0,0 @@
{ link, lavalinkPlugins }:
{
server = {
http2.enabled = false;
port = link.portStr;
address = link.ipv4;
};
lavalink = {
pluginsDir = lavalinkPlugins;
plugins = [
{
dependency = "dev.lavalink.youtube:youtube-plugin:1.11.5";
enabled = true;
snapshot = false;
}
];
server = {
#password = "";
bufferDurationMs = 400;
filters = {
channelMix = true;
distortion = true;
equalizer = true;
karaoke = true;
lowPass = true;
rotation = true;
timescale = true;
tremolo = true;
vibrato = true;
volume = true;
};
frameBufferDurationMs = 5000;
gc-warnings = true;
nonAllocatingFrameBuffer = false;
opusEncodingQuality = 10;
playerUpdateInterval = 5;
resamplingQuality = "LOW";
soundcloudSearchEnabled = true;
sources = {
bandcamp = true;
http = true;
local = false;
nico = true;
soundcloud = true;
twitch = true;
vimeo = true;
youtube = false;
};
trackStuckThresholdMs = 10000;
useSeekGhosting = true;
youtubePlaylistLoadLimit = 6;
youtubeSearchEnabled = true;
};
};
logging = {
file.path = null;
level = {
"dev.lavalink.youtube.http.YoutubeOauth2Handler" = "INFO";
lavalink = "INFO";
root = "INFO";
};
request = {
enabled = true;
includeClientInfo = true;
includeHeaders = false;
includePayload = true;
includeQueryString = true;
maxPayloadLength = 10000;
};
};
metrics.prometheus.enabled = false;
plugins = {
youtube = {
allowDirectPlaylistIds = true;
allowDirectVideoIds = true;
allowSearch = true;
clients = [ "TVHTML5EMBEDDED" ];
enabled = true;
oauth = {
enabled = true;
#refreshToken = "";
};
};
};
sentry = {
dsn = "";
environment = "";
};
}

146
nixosConfigurations/gerg-desktop/services/vocard/_settings.nix
View file

@ -1,146 +0,0 @@
{
link,
ferretLink,
p,
}:
{
activity = [
{
name = "/help";
status = "online";
type = "listening";
}
];
aliases = {
connect = [ "join" ];
leave = [
"stop"
"bye"
];
play = [ "p" ];
view = [ "v" ];
};
bot_access_user = [ ];
client_id = p."vocard/client_id";
cooldowns = {
connect = [
2
30
];
"playlist view" = [
1
30
];
};
default_controller = {
default_buttons = [
[
"back"
"resume"
"skip"
{ stop = "red"; }
"add"
]
[ "tracks" ]
];
disableButtonText = false;
embeds = {
active = {
author = {
icon_url = "@@bot_icon@@";
name = "Music Controller | @@channel_name@@";
};
color = "@@track_color@@";
description = "**Now Playing: ```[@@track_name@@]```\nLink: [Click Me](@@track_url@@) | Requester: @@requester@@ | DJ: @@dj@@**";
footer.text = "Queue Length: @@queue_length@@ | Duration: @@track_duration@@ | Volume: @@volume@@% {{loop_mode != 'Off' ?? | Repeat: @@loop_mode@@}}";
image = "@@track_thumbnail@@";
};
inactive = {
color = "@@default_embed_color@@";
description = "[Support](@@server_invite_link@@) | [Invite](@@invite_link@@) | [Questionnaire](https://forms.gle/Qm8vjBfg2kp13YGD7)";
image = "https://i.imgur.com/dIFBwU7.png";
title.name = "There are no songs playing right now";
};
};
};
default_max_queue = 1000;
default_voice_status_template = "{{@@track_name@@ != 'None' ?? @@track_source_emoji@@ Now Playing: @@track_name@@ // Waiting for song requests}}";
embed_color = "0xb3b3b3";
genius_token = "YOUR_GENIUS_TOKEN";
ipc_client = {
enable = false;
host = "127.0.0.1";
password = "YOUR_PASSWORD";
port = 8000;
secure = false;
};
logging = {
file = {
enable = false;
path = "./logs";
};
level = {
discord = "INFO";
ipc_client = "INFO";
vocard = "INFO";
};
max-history = 30;
};
lyrics_platform = "lyrist";
mongodb_name = "vocard";
mongodb_url = ferretLink.url;
nodes.DEFAULT = {
host = link.hostname;
identifier = "DEFAULT";
password = p."vocard/password";
inherit (link) port;
secure = false;
};
prefix = "?";
sources_settings = {
apple = {
color = "0xE298C4";
emoji = "<:applemusic:994844332374884413>";
};
bandcamp = {
color = "0x6F98A7";
emoji = "<:bandcamp:864694003811221526>";
};
reddit = {
color = "0xFF5700";
emoji = "<:reddit:996007566863773717>";
};
soundcloud = {
color = "0xFF7700";
emoji = "<:soundcloud:852729280027033632>";
};
spotify = {
color = "0x1DB954";
emoji = "<:spotify:826661996615172146>";
};
tiktok = {
color = "0x74ECE9";
emoji = "<:tiktok:996007689798811698>";
};
twitch = {
color = "0x9B4AFF";
emoji = "<:twitch:852729278285086741>";
};
vimeo = {
color = "0x1ABCEA";
emoji = "<:vimeo:864694001919721473>";
};
youtube = {
color = "0xFF0000";
emoji = "<:youtube:826661982760992778>";
};
"youtube music" = {
color = "0xFF0000";
emoji = "<:youtube:826661982760992778>";
};
};
spotify_client_id = p."vocard/spotify_client_id";
spotify_client_secret = p."vocard/spotify_client_secret";
token = p."vocard/token";
version = "v2.6.9";
}

109
nixosConfigurations/gerg-desktop/services/vocard/application.yml Normal file
View file

@ -0,0 +1,109 @@
server: # REST and WS server
port: 2333
address: 0.0.0.0
http2:
enabled: false # Whether to enable HTTP/2 support
plugins:
youtube:
enabled: true
allowSearch: true # Whether "ytsearch:" and "ytmsearch:" can be used.
allowDirectVideoIds: true # Whether just video IDs can match. If false, only complete URLs will be loaded.
allowDirectPlaylistIds: true # Whether just playlist IDs can match. If false, only complete URLs will be loaded.
# The clients to use for track loading. See below for a list of valid clients.
# Clients are queried in the order they are given (so the first client is queried first and so on...)
clients:
- TVHTML5EMBEDDED
oauth:
enabled: true
# Set with env vars
#refreshToken: ""
lavalink:
plugins:
- dependency: "dev.lavalink.youtube:youtube-plugin:1.11.5"
snapshot: false
# setting "enabled: true" is the bare minimum to get OAuth working.
enabled: true
# Set with env vars
#pluginsDir: ""
server:
# Set with env vars
#password: ""
sources:
youtube: false
bandcamp: true
soundcloud: true
twitch: true
vimeo: true
nico: true
http: true
local: false
filters: # All filters are enabled by default
volume: true
equalizer: true
karaoke: true
timescale: true
tremolo: true
vibrato: true
distortion: true
rotation: true
channelMix: true
lowPass: true
nonAllocatingFrameBuffer: false # Setting to true reduces the number of allocations made by each player at the expense of frame rebuilding (e.g. non-instantaneous volume changes)
bufferDurationMs: 400 # The duration of the NAS buffer. Higher values fare better against longer GC pauses. Duration <= 0 to disable JDA-NAS. Minimum of 40ms, lower values may introduce pauses.
frameBufferDurationMs: 5000 # How many milliseconds of audio to keep buffered
opusEncodingQuality: 10 # Opus encoder quality. Valid values range from 0 to 10, where 10 is best quality but is the most expensive on the CPU.
resamplingQuality: LOW # Quality of resampling operations. Valid values are LOW, MEDIUM and HIGH, where HIGH uses the most CPU.
trackStuckThresholdMs: 10000 # The threshold for how long a track can be stuck. A track is stuck if does not return any audio data.
useSeekGhosting: true # Seek ghosting is the effect where whilst a seek is in progress, the audio buffer is read from until empty, or until seek is ready.
youtubePlaylistLoadLimit: 6 # Number of pages at 100 each
playerUpdateInterval: 5 # How frequently to send player updates to clients, in seconds
youtubeSearchEnabled: true
soundcloudSearchEnabled: true
gc-warnings: true
#ratelimit:
#ipBlocks: ["1.0.0.0/8", "..."] # list of ip blocks
#excludedIps: ["...", "..."] # ips which should be explicit excluded from usage by lavalink
#strategy: "RotateOnBan" # RotateOnBan | LoadBalance | NanoSwitch | RotatingNanoSwitch
#searchTriggersFail: true # Whether a search 429 should trigger marking the ip as failing
#retryLimit: -1 # -1 = use default lavaplayer value | 0 = infinity | >0 = retry will happen this numbers times
#youtubeConfig: # Required for avoiding all age restrictions by YouTube, some restricted videos still can be played without.
#email: "" # Email of Google account
#password: "" # Password of Google account
#httpConfig: # Useful for blocking bad-actors from ip-grabbing your music node and attacking it, this way only the http proxy will be attacked
#proxyHost: "localhost" # Hostname of the proxy, (ip or domain)
#proxyPort: 3128 # Proxy port, 3128 is the default for squidProxy
#proxyUser: "" # Optional user for basic authentication fields, leave blank if you don't use basic auth
#proxyPassword: "" # Password for basic authentication
metrics:
prometheus:
enabled: false
endpoint: /metrics
sentry:
dsn: ""
environment: ""
logging:
file:
path: null
level:
root: INFO
lavalink: INFO
dev.lavalink.youtube.http.YoutubeOauth2Handler: INFO
request:
enabled: true
includeClientInfo: true
includeHeaders: false
includeQueryString: true
includePayload: true
maxPayloadLength: 10000
logback:
rollingpolicy:
max-file-size: 1GB
max-history: 30

157
nixosConfigurations/gerg-desktop/services/vocard/settings.json Normal file
View file

@ -0,0 +1,157 @@
{
"token": "@token@",
"client_id": "@client_id@",
"spotify_client_id": "@spotify_client_id@",
"spotify_client_secret": "@spotify_client_secret@",
"genius_token": "YOUR_GENIUS_TOKEN",
"mongodb_url": "0.0.0.0",
"mongodb_name": "vocard",
"nodes": {
"DEFAULT": {
"host": "0.0.0.0",
"port": 2333,
"password": "@password@",
"secure": false,
"identifier": "DEFAULT"
}
},
"prefix": "?",
"activity": [
{
"type": "listening",
"name": "/help",
"status": "online"
}
],
"logging": {
"file": {
"path": "./logs",
"enable": false
},
"level": {
"discord": "INFO",
"vocard": "INFO",
"ipc_client": "INFO"
},
"max-history": 30
},
"bot_access_user": [],
"embed_color": "0xb3b3b3",
"default_max_queue": 1000,
"lyrics_platform": "lyrist",
"ipc_client": {
"host": "127.0.0.1",
"port": 8000,
"password": "YOUR_PASSWORD",
"secure": false,
"enable": false
},
"sources_settings": {
"youtube": {
"emoji": "<:youtube:826661982760992778>",
"color": "0xFF0000"
},
"youtube music": {
"emoji": "<:youtube:826661982760992778>",
"color": "0xFF0000"
},
"spotify": {
"emoji": "<:spotify:826661996615172146>",
"color": "0x1DB954"
},
"soundcloud": {
"emoji": "<:soundcloud:852729280027033632>",
"color": "0xFF7700"
},
"twitch": {
"emoji": "<:twitch:852729278285086741>",
"color": "0x9B4AFF"
},
"bandcamp": {
"emoji": "<:bandcamp:864694003811221526>",
"color": "0x6F98A7"
},
"vimeo": {
"emoji": "<:vimeo:864694001919721473>",
"color": "0x1ABCEA"
},
"apple": {
"emoji": "<:applemusic:994844332374884413>",
"color": "0xE298C4"
},
"reddit": {
"emoji": "<:reddit:996007566863773717>",
"color": "0xFF5700"
},
"tiktok": {
"emoji": "<:tiktok:996007689798811698>",
"color": "0x74ECE9"
}
},
"default_controller": {
"embeds": {
"active": {
"description": "**Now Playing: ```[@@track_name@@]```\nLink: [Click Me](@@track_url@@) | Requester: @@requester@@ | DJ: @@dj@@**",
"footer": {
"text": "Queue Length: @@queue_length@@ | Duration: @@track_duration@@ | Volume: @@volume@@% {{loop_mode != 'Off' ?? | Repeat: @@loop_mode@@}}"
},
"image": "@@track_thumbnail@@",
"author": {
"name": "Music Controller | @@channel_name@@",
"icon_url": "@@bot_icon@@"
},
"color": "@@track_color@@"
},
"inactive": {
"title": {
"name": "There are no songs playing right now"
},
"description": "[Support](@@server_invite_link@@) | [Invite](@@invite_link@@) | [Questionnaire](https://forms.gle/Qm8vjBfg2kp13YGD7)",
"image": "https://i.imgur.com/dIFBwU7.png",
"color": "@@default_embed_color@@"
}
},
"default_buttons": [
[
"back",
"resume",
"skip",
{
"stop": "red"
},
"add"
],
[
"tracks"
]
],
"disableButtonText": false
},
"default_voice_status_template": "{{@@track_name@@ != 'None' ?? @@track_source_emoji@@ Now Playing: @@track_name@@ // Waiting for song requests}}",
"cooldowns": {
"connect": [
2,
30
],
"playlist view": [
1,
30
]
},
"aliases": {
"connect": [
"join"
],
"leave": [
"stop",
"bye"
],
"play": [
"p"
],
"view": [
"v"
]
},
"version": "v2.6.9"
}

96
nixosConfigurations/gerg-desktop/services/vocard/vocard.nix
View file

@ -2,22 +2,11 @@
self',
lib,
config,
pkgs,
}:
let
link = config.local.links.lavalink;
ferretLink = config.local.links.ferretdb;
in
{
local.links = {
lavalink = { };
ferretdb.protocol = "mongodb";
};
sops = {
secrets =
{
ferretdb = { };
lavalink = {
sopsFile = ./secrets.yaml;
restartUnits = [
@ -47,12 +36,23 @@ in
"vocard.service"
"lavalink.service"
];
content = builtins.toJSON (
import ./_settings.nix {
inherit link ferretLink;
p = config.sops.placeholder;
}
);
content =
builtins.replaceStrings
[
"@token@"
"@client_id@"
"@spotify_client_id@"
"@spotify_client_secret@"
"@password@"
]
(map (x: config.sops.placeholder.${x}) [
"vocard/token"
"vocard/client_id"
"vocard/spotify_client_id"
"vocard/spotify_client_secret"
"vocard/password"
])
(builtins.readFile ./settings.json);
};
};
@ -88,16 +88,10 @@ in
"network-online.target"
];
environment.LAVALINK_PLUGINS_DIR = self'.packages.lavalinkPlugins;
serviceConfig = {
ExecStart = lib.getExe self'.packages.lavalink;
WorkingDirectory = lib.pipe ./_application.nix [
(lib.flip import {
inherit link;
inherit (self'.packages) lavalinkPlugins;
})
builtins.toJSON
(pkgs.writeTextDir "application.yml")
];
ExecStart = "${lib.getExe self'.packages.lavalink} --spring.config.location='file:${./application.yml}'";
DynamicUser = true;
EnvironmentFile = config.sops.secrets.lavalink.path;
Restart = "on-failure";
@ -106,55 +100,7 @@ in
};
};
services.postgresql = {
ensureDatabases = [ "ferretdb" ];
ensureUsers = [
{
name = "ferretdb";
ensureDBOwnership = true;
}
];
};
systemd.services.ferretdb = {
description = "FerretDB";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
FERRETDB_HANDLER = "pg";
FERRETDB_LISTEN_ADDR = ferretLink.tuple;
};
serviceConfig = {
ExecStart =
let
dbLink = config.local.links.postgresql;
in
"${lib.getExe pkgs.ferretdb} --debug-addr='-' --telemetry='disable' --postgresql-url=\"postgres:///ferretdb?user=ferretdb&host=${dbLink.hostname}&port=${dbLink.portStr}&passfile=\${CREDENTIALS_DIRECTORY}/password\"";
Type = "simple";
StateDirectory = "ferretdb";
WorkingDirectory = "%S/ferretdb";
LoadCredential = "password:${config.sops.secrets.ferretdb.path}";
Restart = "on-failure";
ProtectHome = true;
ProtectSystem = "strict";
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
DynamicUser = true;
};
};
services.ferretdb.enable = true;
systemd.mounts = [
{

10
nixosConfigurations/media-laptop/main.nix
View file

@ -7,7 +7,11 @@
{
local = {
remoteBuild.enable = true;
DM.lightdm.enable = true;
DM = {
lightdm.enable = true;
autoLogin = true;
loginUser = "media";
};
DE.xfce.enable = true;
theming = {
enable = true;
@ -31,10 +35,6 @@
sops.secrets.root.neededForUsers = true;
services.displayManager.autoLogin = {
enable = true;
user = "media";
};
users = {
mutableUsers = false;
users = {

94
nixosModules/DE/dwm.nix
View file

@ -38,62 +38,36 @@
sxhkd = {
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig =
let
configFile = pkgs.writeText "sxhkdrc" ''
XF86AudioPlay
playerctl play-pause
XF86AudioPause
playerctl play-pause
XF86AudioStop
playerctl stop
XF86AudioNext
playerctl next
XF86AudioPrev
playerctl previous
XF86AudioRaiseVolume
wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+
XF86AudioLowerVolume
wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-
XF86AudioMute
wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
Print
maim $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg
Print + shift
maim | xclip -selection clipboard -t image/png
super + Print
maim -s $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg
super + Print + shift
maim -s | xclip -selection clipboard -t image/png
super + ctrl + r
pkill -usr1 -x sxhkd
super + ctrl + l
xsecurelock
'';
in
{
ExecStart = "${lib.getExe pkgs.sxhkd} -c '${configFile}'";
Restart = "always";
RestartSec = 2;
ExecReload = "pkill -usr1 -x $MAINPID";
};
serviceConfig = {
ExecStart = "${lib.getExe pkgs.sxhkd} -c /etc/sxhkd/sxhkdrc";
Restart = "always";
RestartSec = 2;
ExecReload = "pkill -usr1 -x $MAINPID";
};
};
picom = {
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${lib.getExe pkgs.picom} --backend egl";
serviceConfig = {
ExecStart = "${lib.getExe pkgs.picom} --backend egl";
Restart = "always";
RestartSec = 2;
ExecReload = "pkill -usr1 -x $MAINPID";
};
};
};
services = {
gvfs.enable = true;
displayManager.defaultSession = "none+dwm";
xserver = {
enable = true;
displayManager.sessionCommands = ''
feh --bg-center "${self'.packages.images}/recursion.png"
numlockx
'';
displayManager = {
sessionCommands = ''
feh --bg-center "${self'.packages.images}/recursion.png"
numlockx
'';
};
windowManager.session = [
{
name = "dwm";
@ -119,5 +93,35 @@
};
};
environment.etc."sxhkd/sxhkdrc".text = ''
XF86AudioPlay
playerctl play-pause
XF86AudioPause
playerctl play-pause
XF86AudioStop
playerctl stop
XF86AudioNext
playerctl next
XF86AudioPrev
playerctl previous
XF86AudioRaiseVolume
wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+
XF86AudioLowerVolume
wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-
XF86AudioMute
wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
Print
maim $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg
Print + shift
maim | xclip -selection clipboard -t image/png
super + Print
maim -s $HOME/Screenshots/$(date +%Y-%m-%d_%H-%m-%s).jpg
super + Print + shift
maim -s | xclip -selection clipboard -t image/png
super + ctrl + r
pkill -usr1 -x sxhkd
super + ctrl + l
xsecurelock
'';
};
}

10
nixosModules/DE/xfce.nix
View file

@ -8,11 +8,13 @@
config = lib.mkIf config.local.DE.xfce.enable {
environment.systemPackages = [ pkgs.xfce.xfce4-whiskermenu-plugin ];
services.xserver = {
enable = true;
desktopManager.xfce = {
services = {
xserver = {
enable = true;
enableScreensaver = true;
desktopManager.xfce = {
enable = true;
enableScreensaver = true;
};
};
displayManager.defaultSession = "xfce";
};

19
nixosModules/DM/autoLogin.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib }:
{
options.local.DM = {
autoLogin = lib.mkEnableOption "";
loginUser = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.local.DM.autoLogin {
services.displayManager = {
autoLogin = {
enable = true;
user = config.local.DM.loginUser;
};
};
};
}

2
nixosModules/DM/lightDM.nix
View file

@ -14,7 +14,7 @@
extraConfig = "minimum-vt=1";
greeters.mini = {
enable = true;
inherit (config.services.displayManager.autoLogin) user;
user = config.local.DM.loginUser;
extraConfig = ''
[greeter]
show-password-label = false

1
nixosModules/X11.nix
View file

@ -1,6 +1,5 @@
{ pkgs, lib }:
{
services.libinput.mouse.accelProfile = "flat";
services.xserver = {
tty = lib.mkDefault 1;
exportConfiguration = true;

1
nixosModules/boot/silent.nix
View file

@ -21,7 +21,6 @@
"quiet" # Less log messages
"systemd.show_status=auto" # Only show systemd errors
"udev.log_level=3" # Only show udev errors
"plymouth.use-simpledrm" # Faster plymouth splash
"splash" # Show splash
];
consoleLogLevel = 3; # Only errors

1
nixosModules/nix.nix
View file

@ -51,7 +51,6 @@
"read-only-local-store"
"recursive-nix"
"configurable-impure-env"
"pipe-operators"
];
auto-optimise-store = true;
warn-dirty = false;