xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: xin:bd2004199f5aa90930d5b3d01c760859e84550db
Branches Tags
xin:master
xin:deploy
xin:testing-weilite
xin:testing-raspite
xin:testing-calcite
xin:next
xin:deploy-comin-eval
..
compare: xin:e4a65d5c9abfc0ca819216252919794c1752eca0
Branches Tags
xin:deploy
xin:testing-weilite
xin:testing-raspite
xin:testing-calcite
xin:next
xin:deploy-comin-eval
xin:master

2 commits
bd2004199f ... e4a65d5c9a

Author SHA1 Message Date
xinyangli
e4a65d5c9a
dolomite: add hk-00 node 2024-10-20 10:23:46 +08:00
xinyangli
df589d4bcc
weilite/immich: enable machine learning 2024-10-16 17:05:21 +08:00
9 changed files with 235 additions and 139 deletions
Show stats Expand all files Collapse all files

161
flake.lock generated
View file

@ -116,11 +116,11 @@
},
"catppuccin": {
"locked": {
"lastModified": 1730458408,
"narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=",
"lastModified": 1728407414,
"narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=",
"owner": "catppuccin",
"repo": "nix",
"rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad",
"rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f",
"type": "github"
},
"original": {
@ -245,11 +245,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
@ -267,11 +267,11 @@
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
@ -373,11 +373,11 @@
]
},
"locked": {
"lastModified": 1730302582,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"lastModified": 1728727368,
"narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"rev": "eb74e0be24a11a1531b5b8659535580554d30b28",
"type": "github"
},
"original": {
@ -433,11 +433,11 @@
]
},
"locked": {
"lastModified": 1730837930,
"narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
"lastModified": 1728791962,
"narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
"rev": "64c6325b28ebd708653dd41d88f306023f296184",
"type": "github"
},
"original": {
@ -455,11 +455,11 @@
]
},
"locked": {
"lastModified": 1730490306,
"narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
"lastModified": 1728726232,
"narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1743615b61c7285976f85b303a36cdf88a556503",
"rev": "d57112db877f07387ce7104b5ac346ede556d2d7",
"type": "github"
},
"original": {
@ -489,36 +489,6 @@
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"my-nixvim",
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"my-nixvim",
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729544999,
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "65c207c92befec93e22086da9456d3906a4e999c",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.5",
"repo": "ixx",
"type": "github"
}
},
"my-nixvim": {
"inputs": {
"flake-parts": "flake-parts",
@ -528,11 +498,11 @@
"nixvim": "nixvim"
},
"locked": {
"lastModified": 1730642581,
"narHash": "sha256-Tcq+RnctJTm+TUr1fN3ivqYNcd1pJnHYzLDQdgUCX70=",
"lastModified": 1728878762,
"narHash": "sha256-aYYyuY+IM3d/5NbogZx7ctd8bfNmzHklNIwazSn3jx0=",
"ref": "refs/heads/master",
"rev": "a09d2b94efb5e2d801275a244eedaab0816f3702",
"revCount": 18,
"rev": "0df66b4ab6faf481b1a94dd2edef66eec8e1efde",
"revCount": 16,
"type": "git",
"url": "https://git.xinyang.life/xin/nixvim"
},
@ -550,11 +520,11 @@
]
},
"locked": {
"lastModified": 1730448474,
"narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
"lastModified": 1728385805,
"narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
"rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc",
"type": "github"
},
"original": {
@ -570,11 +540,11 @@
]
},
"locked": {
"lastModified": 1730604744,
"narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=",
"lastModified": 1728790083,
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318",
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
"type": "github"
},
"original": {
@ -594,11 +564,11 @@
]
},
"locked": {
"lastModified": 1730944043,
"narHash": "sha256-DIYTHa57pQQc9ARiMpJWYkaoiTaQPLH7Y4qK0J10Khk=",
"lastModified": 1728179514,
"narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "0a959b25ff573f079ed032f88d8c988561b96a96",
"rev": "018196c371073d669510fd69dd2f6dc0ec608c41",
"type": "github"
},
"original": {
@ -609,11 +579,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1730919458,
"narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
"lastModified": 1728729581,
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"type": "github"
},
"original": {
@ -625,11 +595,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"lastModified": 1728492678,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github"
},
"original": {
@ -641,23 +611,23 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"lastModified": 1727825735,
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"lastModified": 1728740863,
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github"
},
"original": {
@ -669,11 +639,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"lastModified": 1728156290,
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
"type": "github"
},
"original": {
@ -685,11 +655,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730961289,
"narHash": "sha256-WrHPXxaPWDqu5r/546jf1pdfvEEuf0CIPuo7HjRLDdU=",
"lastModified": 1728876479,
"narHash": "sha256-tjVsONpCYX+pOBqpnLsNOcd9DpbzG2Tnm8K/lgTqQc8=",
"owner": "xinyangli",
"repo": "nixpkgs",
"rev": "82596c07592c14102071f72488ace046aa8e93a9",
"rev": "5f7b4a8a49de5fb589a4f67f1ec888382312a490",
"type": "github"
},
"original": {
@ -728,11 +698,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1730569492,
"narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=",
"lastModified": 1728829992,
"narHash": "sha256-722PdOQ4uTTAOyS3Ze4H7LXDNVi9FecKbLEvj3Qu0hM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "6f210158b03b01a1fd44bf3968165e6da80635ce",
"rev": "619e24366e8ad34230d65a323d26ca981bfa6927",
"type": "github"
},
"original": {
@ -743,11 +713,11 @@
},
"nur": {
"locked": {
"lastModified": 1730959878,
"narHash": "sha256-UZ6oSptjE04ooORHvvR+kiGnr/nhzWgYwGryxUkKAv0=",
"lastModified": 1728878648,
"narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "bc4d2a3b71c75d81cc247b1bf991b63f75358004",
"rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8",
"type": "github"
},
"original": {
@ -759,7 +729,6 @@
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"my-nixvim",
"nixvim",
@ -767,11 +736,11 @@
]
},
"locked": {
"lastModified": 1730515563,
"narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=",
"lastModified": 1728701796,
"narHash": "sha256-FTDCOUnq+gdnHC3p5eisv1X1mMtKJDNMegwpZjRzQKY=",
"owner": "NuschtOS",
"repo": "search",
"rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e",
"rev": "9578d865b081c29ae98131caf7d2f69a42f0ca6e",
"type": "github"
},
"original": {
@ -805,11 +774,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1730883027,
"narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=",
"lastModified": 1728345710,
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c5ae1e214ff935f2d3593187a131becb289ea639",
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github"
},
"original": {
@ -902,11 +871,11 @@
]
},
"locked": {
"lastModified": 1730321837,
"narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
"lastModified": 1727984844,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -222,7 +222,7 @@
{ ... }:
{
deployment = {
targetHost = "raspite.coho-tet.ts.net";
targetHost = "raspite.local";
buildOnTarget = false;
};
nixpkgs.system = "aarch64-linux";

2
home/xin/calcite.nix
View file

@ -29,7 +29,7 @@
};
home.packages = with pkgs; [
thunderbird
betterbird
remmina
];

6
machines/calcite/configuration.nix
View file

@ -225,8 +225,6 @@
# ==== GUI Softwares ==== #
eudic
# Gnome tweaks
gnomeExtensions.paperwm
gnomeExtensions.search-light
@ -350,11 +348,11 @@
fontconfig = {
defaultFonts = {
serif = [
"Source Han Serif SC"
"Noto Serif CJK SC"
"Ubuntu"
];
sansSerif = [
"Source Han Sans SC"
"Noto Sans CJK SC"
"Ubuntu"
];
monospace = [

29
machines/raspite/configuration.nix
View file

@ -8,10 +8,7 @@
{
imports = [ ./hass.nix ];
commonSettings = {
nix.enableMirrors = true;
auth.enable = true;
};
commonSettings.nix.enableMirrors = true;
nixpkgs.overlays = [
# Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@ -36,15 +33,25 @@
# boot.kernelPackages = pkgs.linuxPackages_stable;
custom.kanidm-client = {
enable = true;
uri = "https://auth.xinyang.life";
asSSHAuth = {
enable = true;
allowedGroups = [ "linux_users" ];
hardening = true;
};
sudoers = [ "xin@auth.xinyang.life" ];
};
security.sudo = {
execWheelOnly = true;
wheelNeedsPassword = false;
};
# fileSystems."/".fsType = lib.mkForce "btrfs";
boot.supportedFilesystems.zfs = lib.mkForce false;
services.dae.enable = true;
services.dae.enable = false;
services.dae.configFile = "/var/lib/dae/config.dae";
services.tailscale = {
enable = true;
permitCertUid = config.services.caddy.user;
openFirewall = true;
};
}

48
machines/raspite/hass.nix
View file

@ -2,21 +2,22 @@
{
services.home-assistant = {
enable = true;
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
];
openFirewall = false;
config = {
default_config = { };
http = {
server_host = "127.0.0.1";
use_x_forwarded_for = true;
trusted_proxies = [ "127.0.0.1" ];
server_host = "::1";
base_url = "raspite.local:1000";
use_x_forward_for = true;
trusted_proxies = [ "::1" ];
};
};
extraPackages =
python3Packages: with python3Packages; [
# speed up aiohttp
isal
zlib-ng
];
};
services.esphome = {
@ -26,28 +27,23 @@
users.groups.dialout.members = config.users.groups.wheel.members;
services.mosquitto = {
enable = true;
};
environment.systemPackages = with pkgs; [ zigbee2mqtt ];
services.zigbee2mqtt = {
enable = true;
settings = {
home-assistant = config.services.home-assistant.enable;
permit_join = true;
serial = {
port = "/dev/ttyUSB0";
};
};
};
networking.firewall.allowedTCPPorts = [ 8443 ];
networking.firewall.allowedTCPPorts = [
1000
1001
];
services.caddy = {
enable = true;
virtualHosts = {
"raspite.coho-tet.ts.net".extraConfig = ''
reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
# reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
"raspite.local:1000".extraConfig = ''
reverse_proxy http://[::1]:8123
'';
"raspite.local:1001".extraConfig = ''
reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port}
'';
};
};

1
overlays/add-pkgs.nix
View file

@ -1,3 +1,4 @@
(final: prev: {
oidc-agent = prev.callPackage ./pkgs/oidc-agent { };
ocis = prev.callPackage ./pkgs/ocis { };
})

85
overlays/pkgs/ocis/default.nix Normal file
View file

@ -0,0 +1,85 @@
{
lib,
stdenvNoCC,
callPackage,
fetchFromGitHub,
buildGoModule,
gnumake,
pnpm,
nodejs,
}:
let
web = callPackage ./web.nix { };
idp-assets = stdenvNoCC.mkDerivation {
pname = "idp-assets";
version = "0-unstable-2020-10-14";
src = fetchFromGitHub {
owner = "owncloud";
repo = "assets";
rev = "e8b6aeadbcee1865b9df682e9bd78083842d2b5c";
hash = "sha256-PzGff2Zx8xmvPYQa4lS4yz2h+y/lerKvUZkYI7XvAUw=";
};
installPhase = ''
mkdir -p $out/share
cp logo.svg favicon.ico $out/share/
'';
dontConfigure = true;
dontBuild = true;
dontFixup = true;
};
in
buildGoModule rec {
pname = "ocis";
version = "v5.0.7";
vendorHash = null;
src = fetchFromGitHub {
owner = "owncloud";
repo = "ocis";
rev = version;
hash = "sha256-vCEr7UCGEPm0x04U8DpsUNz9c64ZSEIK4SDcitCIDCw=";
};
nativeBuildInputs = [
gnumake
nodejs
pnpm.configHook
];
pnpmDeps = pnpm.fetchDeps {
inherit pname version src;
sourceRoot = "${src.name}/services/idp";
hash = "sha256-ojrgoyl+xBsgEsx3d3gv5Wf6ziabHoFkEpAoDZcYavo=";
};
pnpmRoot = "services/idp";
buildPhase = ''
runHook preBuild
cp -r ${web}/share/* services/web/assets/
pnpm -C services/idp build
mkdir -p services/idp/assets/identifier/static
cp -r ${idp-assets}/share/* services/idp/assets/identifier/static/
make -C ocis VERSION=${version} DATE=${version} build
runHook postBuild
'';
installPhase = ''
mkdir -p $out/bin/
cp ocis/bin/ocis $out/bin/
'';
passthru = {
inherit web;
};
meta = with lib; {
homepage = "https://github.com/owncloud/ocis";
description = "ownCloud Infinite Scale Stack";
mainProgram = "ocis";
license = licenses.asl20;
maintainers = with maintainers; [ xinyangli ];
};
}

40
overlays/pkgs/ocis/web.nix Normal file
View file

@ -0,0 +1,40 @@
{
lib,
stdenvNoCC,
nodejs,
pnpm,
fetchFromGitHub,
}:
stdenvNoCC.mkDerivation rec {
pname = "ocis-web";
version = "v8.0.5";
src = fetchFromGitHub {
owner = "owncloud";
repo = "web";
rev = version;
hash = "sha256-hupdtK/V74+X7/eXoDmUjFvSKuhnoOtNQz7o6TLJXG4=";
};
nativeBuildInputs = [ pnpm.configHook ];
buildInputs = [ nodejs ];
buildPhase = ''
pnpm build
'';
installPhase = ''
mkdir -p $out/share
cp -r dist/* $out/share/
'';
pnpmDeps = pnpm.fetchDeps {
inherit pname version src;
hash = "sha256-m6yGqUmDor5273JsAlKs52Ug+bc3uhpI8F+MUhULAh4=";
};
meta = with lib; {
license = [ licenses.agpl3Only ];
};
}