diff --git a/flake.lock b/flake.lock index b7e6d97..632d531 100644 --- a/flake.lock +++ b/flake.lock @@ -116,11 +116,11 @@ }, "catppuccin": { "locked": { - "lastModified": 1730458408, - "narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=", + "lastModified": 1728407414, + "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=", "owner": "catppuccin", "repo": "nix", - "rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad", + "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f", "type": "github" }, "original": { @@ -245,11 +245,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -267,11 +267,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "lastModified": 1728727368, + "narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "rev": "eb74e0be24a11a1531b5b8659535580554d30b28", "type": "github" }, "original": { @@ -433,11 +433,11 @@ ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1728791962, + "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "64c6325b28ebd708653dd41d88f306023f296184", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1730490306, - "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", + "lastModified": 1728726232, + "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1743615b61c7285976f85b303a36cdf88a556503", + "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", "type": "github" }, "original": { @@ -489,36 +489,6 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "my-nixvim", - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "my-nixvim", - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.5", - "repo": "ixx", - "type": "github" - } - }, "my-nixvim": { "inputs": { "flake-parts": "flake-parts", @@ -528,11 +498,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1730642581, - "narHash": "sha256-Tcq+RnctJTm+TUr1fN3ivqYNcd1pJnHYzLDQdgUCX70=", + "lastModified": 1728878762, + "narHash": "sha256-aYYyuY+IM3d/5NbogZx7ctd8bfNmzHklNIwazSn3jx0=", "ref": "refs/heads/master", - "rev": "a09d2b94efb5e2d801275a244eedaab0816f3702", - "revCount": 18, + "rev": "0df66b4ab6faf481b1a94dd2edef66eec8e1efde", + "revCount": 16, "type": "git", "url": "https://git.xinyang.life/xin/nixvim" }, @@ -550,11 +520,11 @@ ] }, "locked": { - "lastModified": 1730448474, - "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=", + "lastModified": 1728385805, + "narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e", + "rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc", "type": "github" }, "original": { @@ -570,11 +540,11 @@ ] }, "locked": { - "lastModified": 1730604744, - "narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=", + "lastModified": 1728790083, + "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318", + "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", "type": "github" }, "original": { @@ -594,11 +564,11 @@ ] }, "locked": { - "lastModified": 1730944043, - "narHash": "sha256-DIYTHa57pQQc9ARiMpJWYkaoiTaQPLH7Y4qK0J10Khk=", + "lastModified": 1728179514, + "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0a959b25ff573f079ed032f88d8c988561b96a96", + "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", "type": "github" }, "original": { @@ -609,11 +579,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730919458, - "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -625,11 +595,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -641,23 +611,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "lastModified": 1728740863, + "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", "type": "github" }, "original": { @@ -669,11 +639,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -685,11 +655,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1730961289, - "narHash": "sha256-WrHPXxaPWDqu5r/546jf1pdfvEEuf0CIPuo7HjRLDdU=", + "lastModified": 1728876479, + "narHash": "sha256-tjVsONpCYX+pOBqpnLsNOcd9DpbzG2Tnm8K/lgTqQc8=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "82596c07592c14102071f72488ace046aa8e93a9", + "rev": "5f7b4a8a49de5fb589a4f67f1ec888382312a490", "type": "github" }, "original": { @@ -728,11 +698,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730569492, - "narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=", + "lastModified": 1728829992, + "narHash": "sha256-722PdOQ4uTTAOyS3Ze4H7LXDNVi9FecKbLEvj3Qu0hM=", "owner": "nix-community", "repo": "nixvim", - "rev": "6f210158b03b01a1fd44bf3968165e6da80635ce", + "rev": "619e24366e8ad34230d65a323d26ca981bfa6927", "type": "github" }, "original": { @@ -743,11 +713,11 @@ }, "nur": { "locked": { - "lastModified": 1730959878, - "narHash": "sha256-UZ6oSptjE04ooORHvvR+kiGnr/nhzWgYwGryxUkKAv0=", + "lastModified": 1728878648, + "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=", "owner": "nix-community", "repo": "NUR", - "rev": "bc4d2a3b71c75d81cc247b1bf991b63f75358004", + "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8", "type": "github" }, "original": { @@ -759,7 +729,6 @@ "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils_2", - "ixx": "ixx", "nixpkgs": [ "my-nixvim", "nixvim", @@ -767,11 +736,11 @@ ] }, "locked": { - "lastModified": 1730515563, - "narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=", + "lastModified": 1728701796, + "narHash": "sha256-FTDCOUnq+gdnHC3p5eisv1X1mMtKJDNMegwpZjRzQKY=", "owner": "NuschtOS", "repo": "search", - "rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e", + "rev": "9578d865b081c29ae98131caf7d2f69a42f0ca6e", "type": "github" }, "original": { @@ -805,11 +774,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1730883027, - "narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c5ae1e214ff935f2d3593187a131becb289ea639", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { @@ -902,11 +871,11 @@ ] }, "locked": { - "lastModified": 1730321837, - "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "lastModified": 1727984844, + "narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7bc10db..c712f77 100644 --- a/flake.nix +++ b/flake.nix @@ -222,7 +222,7 @@ { ... }: { deployment = { - targetHost = "raspite.coho-tet.ts.net"; + targetHost = "raspite.local"; buildOnTarget = false; }; nixpkgs.system = "aarch64-linux"; diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index b90e361..20b90e6 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -29,7 +29,7 @@ }; home.packages = with pkgs; [ - thunderbird + betterbird remmina ]; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 7fa91d2..4601e8c 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -225,8 +225,6 @@ # ==== GUI Softwares ==== # - eudic - # Gnome tweaks gnomeExtensions.paperwm gnomeExtensions.search-light @@ -350,11 +348,11 @@ fontconfig = { defaultFonts = { serif = [ - "Source Han Serif SC" + "Noto Serif CJK SC" "Ubuntu" ]; sansSerif = [ - "Source Han Sans SC" + "Noto Sans CJK SC" "Ubuntu" ]; monospace = [ diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix index 234d0e9..049e67e 100644 --- a/machines/raspite/configuration.nix +++ b/machines/raspite/configuration.nix @@ -8,10 +8,7 @@ { imports = [ ./hass.nix ]; - commonSettings = { - nix.enableMirrors = true; - auth.enable = true; - }; + commonSettings.nix.enableMirrors = true; nixpkgs.overlays = [ # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243 @@ -36,15 +33,25 @@ # boot.kernelPackages = pkgs.linuxPackages_stable; + custom.kanidm-client = { + enable = true; + uri = "https://auth.xinyang.life"; + asSSHAuth = { + enable = true; + allowedGroups = [ "linux_users" ]; + hardening = true; + }; + sudoers = [ "xin@auth.xinyang.life" ]; + }; + + security.sudo = { + execWheelOnly = true; + wheelNeedsPassword = false; + }; + # fileSystems."/".fsType = lib.mkForce "btrfs"; boot.supportedFilesystems.zfs = lib.mkForce false; - services.dae.enable = true; + services.dae.enable = false; services.dae.configFile = "/var/lib/dae/config.dae"; - - services.tailscale = { - enable = true; - permitCertUid = config.services.caddy.user; - openFirewall = true; - }; } diff --git a/machines/raspite/hass.nix b/machines/raspite/hass.nix index f7b682e..68d161b 100644 --- a/machines/raspite/hass.nix +++ b/machines/raspite/hass.nix @@ -2,21 +2,22 @@ { services.home-assistant = { enable = true; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + ]; openFirewall = false; config = { default_config = { }; http = { - server_host = "127.0.0.1"; - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" ]; + server_host = "::1"; + base_url = "raspite.local:1000"; + use_x_forward_for = true; + trusted_proxies = [ "::1" ]; }; }; - extraPackages = - python3Packages: with python3Packages; [ - # speed up aiohttp - isal - zlib-ng - ]; }; services.esphome = { @@ -26,28 +27,23 @@ users.groups.dialout.members = config.users.groups.wheel.members; - services.mosquitto = { - enable = true; - }; + environment.systemPackages = with pkgs; [ zigbee2mqtt ]; - services.zigbee2mqtt = { - enable = true; - settings = { - home-assistant = config.services.home-assistant.enable; - permit_join = true; - serial = { - port = "/dev/ttyUSB0"; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 8443 ]; + networking.firewall.allowedTCPPorts = [ + 1000 + 1001 + ]; services.caddy = { enable = true; virtualHosts = { - "raspite.coho-tet.ts.net".extraConfig = '' - reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port} + # reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port} + "raspite.local:1000".extraConfig = '' + reverse_proxy http://[::1]:8123 + ''; + + "raspite.local:1001".extraConfig = '' + reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port} ''; }; }; diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix index 35b6981..65b2131 100644 --- a/overlays/add-pkgs.nix +++ b/overlays/add-pkgs.nix @@ -1,3 +1,4 @@ (final: prev: { oidc-agent = prev.callPackage ./pkgs/oidc-agent { }; + ocis = prev.callPackage ./pkgs/ocis { }; }) diff --git a/overlays/pkgs/ocis/default.nix b/overlays/pkgs/ocis/default.nix new file mode 100644 index 0000000..1f1aade --- /dev/null +++ b/overlays/pkgs/ocis/default.nix @@ -0,0 +1,85 @@ +{ + lib, + stdenvNoCC, + callPackage, + fetchFromGitHub, + buildGoModule, + gnumake, + pnpm, + nodejs, +}: +let + web = callPackage ./web.nix { }; + idp-assets = stdenvNoCC.mkDerivation { + pname = "idp-assets"; + version = "0-unstable-2020-10-14"; + src = fetchFromGitHub { + owner = "owncloud"; + repo = "assets"; + rev = "e8b6aeadbcee1865b9df682e9bd78083842d2b5c"; + hash = "sha256-PzGff2Zx8xmvPYQa4lS4yz2h+y/lerKvUZkYI7XvAUw="; + }; + installPhase = '' + mkdir -p $out/share + cp logo.svg favicon.ico $out/share/ + ''; + dontConfigure = true; + dontBuild = true; + dontFixup = true; + }; +in +buildGoModule rec { + pname = "ocis"; + version = "v5.0.7"; + + vendorHash = null; + + src = fetchFromGitHub { + owner = "owncloud"; + repo = "ocis"; + rev = version; + hash = "sha256-vCEr7UCGEPm0x04U8DpsUNz9c64ZSEIK4SDcitCIDCw="; + }; + + nativeBuildInputs = [ + gnumake + nodejs + pnpm.configHook + ]; + + pnpmDeps = pnpm.fetchDeps { + inherit pname version src; + sourceRoot = "${src.name}/services/idp"; + hash = "sha256-ojrgoyl+xBsgEsx3d3gv5Wf6ziabHoFkEpAoDZcYavo="; + }; + pnpmRoot = "services/idp"; + + buildPhase = '' + runHook preBuild + cp -r ${web}/share/* services/web/assets/ + pnpm -C services/idp build + + mkdir -p services/idp/assets/identifier/static + cp -r ${idp-assets}/share/* services/idp/assets/identifier/static/ + + make -C ocis VERSION=${version} DATE=${version} build + runHook postBuild + ''; + + installPhase = '' + mkdir -p $out/bin/ + cp ocis/bin/ocis $out/bin/ + ''; + + passthru = { + inherit web; + }; + + meta = with lib; { + homepage = "https://github.com/owncloud/ocis"; + description = "ownCloud Infinite Scale Stack"; + mainProgram = "ocis"; + license = licenses.asl20; + maintainers = with maintainers; [ xinyangli ]; + }; +} diff --git a/overlays/pkgs/ocis/web.nix b/overlays/pkgs/ocis/web.nix new file mode 100644 index 0000000..d28340c --- /dev/null +++ b/overlays/pkgs/ocis/web.nix @@ -0,0 +1,40 @@ +{ + lib, + stdenvNoCC, + nodejs, + pnpm, + fetchFromGitHub, +}: +stdenvNoCC.mkDerivation rec { + pname = "ocis-web"; + version = "v8.0.5"; + + src = fetchFromGitHub { + owner = "owncloud"; + repo = "web"; + rev = version; + hash = "sha256-hupdtK/V74+X7/eXoDmUjFvSKuhnoOtNQz7o6TLJXG4="; + }; + + nativeBuildInputs = [ pnpm.configHook ]; + + buildInputs = [ nodejs ]; + + buildPhase = '' + pnpm build + ''; + + installPhase = '' + mkdir -p $out/share + cp -r dist/* $out/share/ + ''; + + pnpmDeps = pnpm.fetchDeps { + inherit pname version src; + hash = "sha256-m6yGqUmDor5273JsAlKs52Ug+bc3uhpI8F+MUhULAh4="; + }; + + meta = with lib; { + license = [ licenses.agpl3Only ]; + }; +}