diff options
| -rw-r--r-- | chaski/configuration.nix | 1 | ||||
| -rw-r--r-- | chaski/services/headscale.nix | 40 | ||||
| -rw-r--r-- | common/desktop.nix | 16 | ||||
| -rw-r--r-- | flora/services/cgit.nix | 14 | ||||
| -rw-r--r-- | flora/services/nginx.nix | 16 | ||||
| -rw-r--r-- | home/home.nix | 5 | ||||
| -rw-r--r-- | home/newsboat-public.nix | 12 | ||||
| -rw-r--r-- | home/packages-minimal.nix | 2 | ||||
| -rw-r--r-- | home/packages.nix | 2 | ||||
| -rw-r--r-- | npins/sources.json | 50 | ||||
| -rw-r--r-- | surltesh-echer/configuration.scm | 7 | ||||
| -rw-r--r-- | surltesh-echer/home/home-configuration.scm | 2 |
12 files changed, 126 insertions, 41 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix index da8fdaf..6339d32 100644 --- a/chaski/configuration.nix +++ b/chaski/configuration.nix @@ -12,6 +12,7 @@ ./services/chat.nix ./services/bahnhof-name.nix ./services/conduit.nix + ./services/headscale.nix ]; sops.defaultSopsFile = ../secrets/chaski.yaml; diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix new file mode 100644 index 0000000..8240d93 --- /dev/null +++ b/chaski/services/headscale.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + services.headscale = { + enable = true; + settings = { + server_url = "https://headscale.noms.ing"; + listen_addr = "127.0.0.1:8323"; + + # oidc = { + # only_start_if_oidc_is_available = true; + # issuer = "https://idm.cuties.network/oauth2/openid/headscale"; + # client_id = "headscale"; + # client_secret_path = "/run/secrets/headscale_oidc_secret"; + # strip_email_domain = true; + # }; + + dns_config.magic_dns = true; + dns_config.domains = [ "nodes.headscale.noms.ing" ]; + # dns_config.base_domain = "ts.cuties.network"; + }; + }; + + users.users.headscale.extraGroups = [ config.users.groups.keys.name ]; + # sops.secrets.headscale_oidc_secret = { + # owner = config.users.users.headscale.name; + # sopsFile = ./headscale.sops.yaml; + # }; + + services.nginx.virtualHosts."headscale.noms.ing" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8323"; + proxyWebsockets = true; + }; + }; + + services.tailscale.enable = true; +} diff --git a/common/desktop.nix b/common/desktop.nix index 5d3bcf5..4c07183 100644 --- a/common/desktop.nix +++ b/common/desktop.nix @@ -90,5 +90,19 @@ # Enable sound. sound.enable = true; - hardware.pulseaudio.enable = true; + # hardware.pulseaudio.enable = true; + + xdg.portal.wlr.enable = true; + + services.pipewire = { + enable = true; + audio.enable = true; + pulse.enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + # jack.enable = true; + }; + } diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix index 032ec1d..1dae737 100644 --- a/flora/services/cgit.nix +++ b/flora/services/cgit.nix @@ -56,10 +56,14 @@ let ''; in { - services.fcgiwrap = { + services.fcgiwrap.instances.cgit.process = { user = "git"; group = "users"; - enable = true; + }; + services.fcgiwrap.instances.cgit.socket = { + user = "git"; + group = "users"; + mode = "0622"; }; services.nginx.virtualHosts."stuebinm.eu" = { @@ -69,7 +73,7 @@ in # this one should come last, behind the git-http-backend blocks locations."~ /git(/.*)".priority = 1100; locations."~ /git(/.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf}; @@ -78,7 +82,7 @@ in locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = { extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${pkgs.gitMinimal}/bin/git-http-backend; fastcgi_param GIT_HTTP_EXPORT_ALL ""; @@ -89,7 +93,7 @@ in locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = { extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${pkgs.gitMinimal}/bin/git-http-backend; fastcgi_param GIT_HTTP_EXPORT_ALL ""; diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix index 1d95255..4a9bf33 100644 --- a/flora/services/nginx.nix +++ b/flora/services/nginx.nix @@ -24,12 +24,24 @@ enableACME = true; forceSSL = true; locations."~ (.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.nomsing.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring}; fastcgi_param PATH_INFO $1; ''; }; }; - services.fcgiwrap.enable = true; + + services.fcgiwrap.instances.nomsing = { + socket = { + user = "nomsring"; + group = "users"; + mode = "0622"; + }; + }; + + users.users.nomsring = { + isSystemUser = true; + group = "users"; + }; } diff --git a/home/home.nix b/home/home.nix index 22640b9..0452e0f 100644 --- a/home/home.nix +++ b/home/home.nix @@ -316,6 +316,11 @@ user = "git"; identityFile = keydir + "/id_surltesh-echer"; }; + "encoder* mixer* atem* minion*" = { + # hostname = "%h.lan.c3voc.de"; + user = "voc"; + extraOptions.StrictHostKeyChecking = "no"; + }; "nobelium" = { hostname = "no.colorspace.club"; user = "root"; diff --git a/home/newsboat-public.nix b/home/newsboat-public.nix index ca75c5e..8216b14 100644 --- a/home/newsboat-public.nix +++ b/home/newsboat-public.nix @@ -28,6 +28,8 @@ with import ./newsboat-lib.nix; (ntag "https://git.github.io/feed.xml" "comp") (ntag "https://www.gdl.de/feed.rss" "trains") (ntag "https://www.transformativeworks.org/feed" "fandom") + (ntag "https://haskell.github.io/security-advisories/atom.xml" "comp") + (ntag "https://blog.haskell.org/atom.xml" "comp") # blogs (btag "https://scilogs.spektrum.de/klimalounge/feed/" "climate") @@ -201,6 +203,12 @@ with import ./newsboat-lib.nix; (btag "https://nanmu.me/en/posts/index.xml" "comp") (btag "https://forgejo.org/releases/rss.xml" "comp") (btag "https://ludic.mataroa.blog/rss/" "comp") + (btag "https://blog.poisson.chat/rss.xml" "comp") + (btag "https://blog.nadja.top/feed.rss" "hardware") + (btag "https://matttproud.com/blog/index.xml" "comp") + (btag "https://www.rntz.net/blog/atom.xml" "comp") + (btag "https://realdougwilson.com/feed.xml" "fonts") + (btag "https://feeds.feedburner.com/balpha" "fonts") # paper (btag "http://arxiv.org/rss/cs.PL" "paper") @@ -265,6 +273,10 @@ with import ./newsboat-lib.nix; (ytag "UC6IxnFzHofFJ5X2PycSMsww" "stuff") # xkcd's What If? (ytag "UClgXF_jwWAwPRu8nT1g90xQ" "stuff") # Matt Gray (ytag "UCqqJQ_cXSat0KIAVfIfKkVA" "food") # Kenji + (ytag "UCK48_8v5k90EXEYRD5mATlw" "plants") # techplant + (ytag "UChIwaIJ8nxk8nskUZJD2yyg" "plants") # plants in jars + (ytag "UCWYSiz0rqNEJ0mX4a45Lhrw" "plants") # nick alexander + (ytag "UC9_p50tH3WmMslWRWKnM7dQ" "food") # Adam Ragusea (blender 2737) # blender developers (blender 10) # reels (blender 9) # open movies diff --git a/home/packages-minimal.nix b/home/packages-minimal.nix index 1e54596..fe09bc3 100644 --- a/home/packages-minimal.nix +++ b/home/packages-minimal.nix @@ -28,6 +28,6 @@ jq html-tidy nodePackages.stylelint nodePackages.js-beautify zola lowdown # nix things - nixfmt-rfc-style niv deploy-rs.deploy-rs + nixfmt-rfc-style deploy-rs.deploy-rs ]; } diff --git a/home/packages.nix b/home/packages.nix index 0250184..78ea25d 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -61,7 +61,7 @@ in # others python39 inweb # nix things - niv npins nix-output-monitor direnv + npins nix-output-monitor direnv # isabelle (isabelle.mkEnv "isabelle-env" "fish") isabat diff --git a/npins/sources.json b/npins/sources.json index 38a8606..e2d934b 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -18,9 +18,9 @@ "url": "https://stuebinm.eu/git/bahnhof.name" }, "branch": "main", - "revision": "8a4723f12fb220204d0aa5ebde8fb65214ad1b47", + "revision": "2dd565d546ef7cba05846e90d79ae4a15a193f41", "url": null, - "hash": "0lbraq56vqlisv98hp6ck8bj6z83psqmnq17c647ln498hjp7i4c" + "hash": "137wq0hj9j4wikq401mz577a7r5cmfzfxyf4wv1ncxy450l4lrsh" }, "blog": { "type": "Git", @@ -29,9 +29,9 @@ "url": "ssh://cgit/~/blog" }, "branch": "main", - "revision": "58e380da3f6cc57bc8673067973d880c209c011c", + "revision": "8ab8e7f9580b1144baf511d206188dece7b13bc8", "url": null, - "hash": "129v5q9ayf63v616rjy88v07i2brl8s7hw6s2yxsxvknyrnykbj7" + "hash": "1n78xgl5vfnfvjd2q7zycpy295y0qi2s028yjwgk3pb0zlk43wvs" }, "deploy-rs": { "type": "Git", @@ -78,9 +78,9 @@ "repo": "home-manager" }, "branch": "release-24.05", - "revision": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", - "url": "https://github.com/nix-community/home-manager/archive/e1391fb22e18a36f57e6999c7a9f966dc80ac073.tar.gz", - "hash": "0c83di08nhkzq0cwc3v7aax3x8y5m7qahyzxppinzwxi3r8fnjq3" + "revision": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "url": "https://github.com/nix-community/home-manager/archive/2f23fa308a7c067e52dfcc30a0758f47043ec176.tar.gz", + "hash": "00wp0s9b5nm5rsbwpc1wzfrkyxxmqjwsc1kcibjdbfkh69arcpsn" }, "isabelle-utils": { "type": "Git", @@ -100,9 +100,9 @@ "url": "git+ssh://git@git.lix.systems/lix-project/lix" }, "branch": "main", - "revision": "accfd8aa9d786831e6e08e92162891e99e11c08a", + "revision": "61146c73ce4e102bbf63f16caa32b0c60cd5a766", "url": null, - "hash": "03bdrf6pa9fy797wqh3iv7slls0w28yqas1j3ckkaxj52hrcrhdx" + "hash": "04f8w0ngq1ryl41l0xmi1aihcwnmx2yf05pqf9a6m8s42bdaxpbr" }, "lix-nixos-module": { "type": "Git", @@ -111,9 +111,9 @@ "url": "git+ssh://git@git.lix.systems/lix-project/nixos-module" }, "branch": "main", - "revision": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37", + "revision": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d", "url": null, - "hash": "02dg1icyxamxblrvgxshadp2s8mx2ryjja7m9w26sgs07jl438zk" + "hash": "0jxpqaz12lqibg03iv36sa0shfvamn2yhg937llv3kl4csijd34f" }, "nixpkgs": { "type": "Git", @@ -123,9 +123,9 @@ "repo": "nixpkgs" }, "branch": "nixos-24.05", - "revision": "194846768975b7ad2c4988bdb82572c00222c0d7", - "url": "https://github.com/NixOS/nixpkgs/archive/194846768975b7ad2c4988bdb82572c00222c0d7.tar.gz", - "hash": "0snj72i9dm99jlnnmk8id8ffjnfg1k81lr7aw8d01kz3hdiraqil" + "revision": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "url": "https://github.com/NixOS/nixpkgs/archive/cd3e8833d70618c4eea8df06f95b364b016d4950.tar.gz", + "hash": "1fg5pl26c7n82wgjkxs7x34qwzdyyh0lld8nhd89j2fkcw2daycj" }, "nixpkgs-unstable": { "type": "Git", @@ -135,9 +135,9 @@ "repo": "nixpkgs" }, "branch": "nixpkgs-unstable", - "revision": "ab82a9612aa45284d4adf69ee81871a389669a9e", - "url": "https://github.com/NixOS/nixpkgs/archive/ab82a9612aa45284d4adf69ee81871a389669a9e.tar.gz", - "hash": "1d1jnz5ydcmmv5w91jhkn9wi7bj0282n7d6qks2dxrb8fli2kgg6" + "revision": "86e78d3d2084ff87688da662cf78c2af085d8e73", + "url": "https://github.com/NixOS/nixpkgs/archive/86e78d3d2084ff87688da662cf78c2af085d8e73.tar.gz", + "hash": "01j4f1v7kdymy0lh0rifh89q85gdn47cz9m4dhx8wzv115jd2qvr" }, "ntfy-matrix-bot": { "type": "Git", @@ -169,9 +169,9 @@ "repo": "rust-overlay" }, "branch": "master", - "revision": "f0ca58b37ff4179ce4587589c32205764d9b4a4f", - "url": "https://github.com/oxalica/rust-overlay/archive/f0ca58b37ff4179ce4587589c32205764d9b4a4f.tar.gz", - "hash": "0vj09lwvv671gvq4v0a6wahxb1kq8p487xaglhlbn8ck14mpngpc" + "revision": "0d594a39c8f08d81246d06a56e1ccfc04782404f", + "url": "https://github.com/oxalica/rust-overlay/archive/0d594a39c8f08d81246d06a56e1ccfc04782404f.tar.gz", + "hash": "1yylsp1dhx8j537mgc66ny5f21y3lyxwcsd1ncrfpzdnw7kzsqy4" }, "showrt": { "type": "Git", @@ -204,9 +204,9 @@ "repo": "sops-nix" }, "branch": "master", - "revision": "c184aca4db5d71c3db0c8cbfcaaec337a5d065ea", - "url": "https://github.com/Mic92/sops-nix/archive/c184aca4db5d71c3db0c8cbfcaaec337a5d065ea.tar.gz", - "hash": "0j9q7fl7n8mzmid127h8bwg29dqcnmm7v82ciy9g1wv1sfmkrhli" + "revision": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "url": "https://github.com/Mic92/sops-nix/archive/1666d16426abe79af5c47b7c0efa82fd31bf4c56.tar.gz", + "hash": "1v1fxsd201kfr6lqkyjdljzcapx93l7jjlz25mxhyvixsc52wvda" }, "traveltext": { "type": "Git", @@ -215,9 +215,9 @@ "url": "https://stuebinm.eu/git/traveltext" }, "branch": "main", - "revision": "b6080abc5661f9323593944f5701d7dd7597afb9", + "revision": "0a3aad3a4e31049b36832827a5b3afff1334bff8", "url": null, - "hash": "0rwfkkq46j7yjbkv3ylpsifzlhq7qlc2svzpbwjyqm65d53dyalm" + "hash": "1pxzngg7lyacnc260h7v63yl4vbh74h1ipkfrff71qk7lg4xvcyg" }, "uplcg": { "type": "Git", diff --git a/surltesh-echer/configuration.scm b/surltesh-echer/configuration.scm index e97a9f3..7c679c8 100644 --- a/surltesh-echer/configuration.scm +++ b/surltesh-echer/configuration.scm @@ -11,8 +11,7 @@ emacs terminals wm xdisorg shells admin - version-control - nss) + version-control) (use-service-modules desktop base) @@ -52,9 +51,7 @@ ;; window managers hikari emacs kitty fuzzel git - fish - ;; for HTTPS access - nss-certs) + fish) %base-packages)) ;; Use the "desktop" services, which include the X11 diff --git a/surltesh-echer/home/home-configuration.scm b/surltesh-echer/home/home-configuration.scm index 9e87bac..728cfba 100644 --- a/surltesh-echer/home/home-configuration.scm +++ b/surltesh-echer/home/home-configuration.scm @@ -71,7 +71,7 @@ (url "https://git.savannah.gnu.org/git/guix.git") (branch "master") (commit - "5a95cf76e1d0f9fdff5b232b42337c657b76d1d4") + "7a89bbffd081129da8c2c5b58b4e12133bf210c5") (introduction (make-channel-introduction "9edb3f66fd807b096b48283debdcddccfea34bad" |