From 5d055c6a88ac087661cb805fb487a1c9219b3063 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 16:20:33 +0000 Subject: [PATCH 001/374] updated git username --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 4e1d6fd..d3dda26 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -76,7 +76,7 @@ in { git = { enable = true; - userName = "Eve Halfmann"; + userName = "Eve"; userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; From 327a5ce55fa9af2442845cad14662db95ee7aa6f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 16:31:08 +0000 Subject: [PATCH 002/374] added vscodium --- configurations/home-manager/eve/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index d3dda26..7dedb68 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,6 +80,11 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; openssh = { hostKeys = [ From c54210411d5f6c5097adb0c96f1f31d9db00649f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 11:59:56 -0500 Subject: [PATCH 003/374] added steam + dependencies --- configurations/nixos/emergent/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index a880ef5..4325eb3 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -80,6 +80,8 @@ # programs.firefox.enable = true; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. # You can use https://search.nixos.org/ to find more packages (and options). # environment.systemPackages = with pkgs; [ @@ -87,6 +89,13 @@ # wget # ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; From 7acf6a1c13935a5a5b4fb8b4a078697bf322dca3 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 12:22:42 -0500 Subject: [PATCH 004/374] added nvidia-drivers as a seperate file and imported to config file --- .../nixos/emergent/configuration.nix | 1 + .../nixos/emergent/nvidia-drivers.nix | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 configurations/nixos/emergent/nvidia-drivers.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 4325eb3..389dfe5 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -8,6 +8,7 @@ ... }: { imports = [ + ./nvidia-drivers.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix new file mode 100644 index 0000000..4df1b67 --- /dev/null +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +{ + + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + } \ No newline at end of file From 2820252c54f9b5bac43d09e280c48baaaf45657d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:00:34 -0500 Subject: [PATCH 005/374] made leyla configs optional --- configurations/home-manager/eve/default.nix | 2 +- configurations/home-manager/leyla/default.nix | 45 +- configurations/home-manager/leyla/firefox.nix | 623 +++++++++--------- .../home-manager/leyla/packages.nix | 72 +- .../home-manager/leyla/vscode/default.nix | 185 +++--- .../nixos/emergent/nvidia-drivers.nix | 20 +- 6 files changed, 477 insertions(+), 470 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 7dedb68..b2ae492 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,7 +80,7 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; - + vscode = { enable = true; package = pkgs.vscodium; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 0c90ab1..90251a3 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,8 +1,4 @@ -{ - osConfig, - config, - ... -}: { +{osConfig, ...}: { imports = [ ./i18n.nix ./packages.nix @@ -108,44 +104,5 @@ }; }; }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; }; } diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 4f8c624..0adea28 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -2,340 +2,345 @@ lib, pkgs, inputs, + osConfig, ... -}: { - programs.firefox = { - enable = true; - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; +}: let + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; +in { + config = lib.mkIf is-desktop-user { + programs.firefox = { + enable = true; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; }; }; - }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - privacy-badger - decentraleyes - clearurls - localcdn + privacy-badger + decentraleyes + clearurls + localcdn - snowflake + snowflake - deutsch-de-language-pack - dictionary-german + deutsch-de-language-pack + dictionary-german - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" "privacy_privacy_com-browser-action" - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" + "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" "jid1-bofifl9vbdl2zq_jetpack-browser-action" "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } ]; }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; }; }; }; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 13263ea..e9ab230 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, pkgs, ... @@ -12,22 +13,22 @@ in { ./firefox.nix ]; - nixpkgs.config = { - allowUnfree = true; - }; + config = lib.mkMerge [ + (lib.mkIf userConfig.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf userConfig.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; - home = { - packages = - lib.lists.optionals userConfig.isTerminalUser ( - with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ] - ) - ++ ( + home.packages = ( lib.lists.optionals userConfig.isDesktopUser ( (with pkgs; [ # helvetica font @@ -91,5 +92,44 @@ in { ) ) ); - }; + programs = lib.mkIf userConfig.isDesktopUser { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; + }; + }; + bash.enable = true; + + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }) + ]; } diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 2f3c455..c2ee066 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -8,110 +8,113 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; + config = lib.mkIf is-desktop-user { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; + programs = { + bash.shellAliases = { + code = "codium"; + }; - package = pkgs.vscodium; + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; - mutableExtensionsDir = false; + package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf ai-tooling-enabled { + "continue.telemetryEnabled" = false; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # go extensions - golang.go + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # go extensions + golang.go - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); + }; }; }; }; diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index 4df1b67..b264ca5 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: { - + config, + lib, + pkgs, + ... +}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -10,13 +13,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -26,17 +28,17 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; - } \ No newline at end of file +} From 21eff1d08302abacb7010b5dd065d49e69f57e69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:07:56 -0500 Subject: [PATCH 006/374] moved Eve configurations into their own package --- configurations/home-manager/eve/default.nix | 45 +--------------- configurations/home-manager/eve/packages.nix | 52 +++++++++++++++++++ .../nixos/emergent/configuration.nix | 13 ++--- 3 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 configurations/home-manager/eve/packages.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b2ae492..0ab0c59 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,10 +1,4 @@ -{ - pkgs, - lib, - config, - osConfig, - ... -}: let +{osConfig, ...}: let userConfig = osConfig.host.users.eve; in { nixpkgs.config = { @@ -57,42 +51,5 @@ in { sessionVariables = { # EDITOR = "emacs"; }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin - ungoogled-chromium - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; - - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; }; } diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix new file mode 100644 index 0000000..6cc4630 --- /dev/null +++ b/configurations/home-manager/eve/packages.nix @@ -0,0 +1,52 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.eve; +in { + config = { + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + home.packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop-bin + ungoogled-chromium + ] + ); + + # Packages that need to be installed with some extra configuration + # See https://home-manager-options.extranix.com/ for all options + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 389dfe5..2d7df4c 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -83,13 +83,14 @@ nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + environment.systemPackages = with pkgs; [ + wget + ]; + # Packages that need to be installed with some extra configuration + # See https://search.nixos.org/options for all options programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 93793f2f1c71786215025d06f1c8072bbe4ea026 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:44 -0500 Subject: [PATCH 007/374] set nvidia drivers to open --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b264ca5..fd569b3 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -32,7 +32,7 @@ # supported GPUs is at: # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ - open = false; + open = true; # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. From 54d03b280c5de2cd11c26fbed6f3a3e5f4497c4d Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:50 -0500 Subject: [PATCH 008/374] increase size of boot partiton for emergent --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index ec002b2..ac2067f 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -8,7 +8,7 @@ type = "gpt"; partitions = { ESP = { - size = "64M"; + size = "512M"; type = "EF00"; content = { type = "filesystem"; From 36382ebfe0001273823e2fe417e3242495b75da6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:19:31 -0500 Subject: [PATCH 009/374] switched to using nixos-anywhere flake in dev shell --- flake.lock | 153 +++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 12 +++- util/default.nix | 2 +- 3 files changed, 163 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..fe1ba7d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -57,6 +79,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -151,6 +194,27 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748765518, + "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", + "owner": "Mic92", + "repo": "nix-vm-test", + "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-vm-test", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -172,6 +236,32 @@ "type": "github" } }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748794949, + "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "b7686308b281917d63137373a2eb5c566a973d03", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -188,6 +278,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748481078, + "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -214,6 +345,7 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -270,6 +402,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 496456a..c0a72cf 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # disk configurations disko = { url = "github:nix-community/disko"; @@ -79,6 +84,7 @@ sops-nix, nix-syncthing, home-manager, + nixos-anywhere, impermanence, ... } @ inputs: let @@ -131,11 +137,11 @@ systemsHomes // homeSystems; in { - formatter = forEachPkgs (pkgs: pkgs.alejandra); + formatter = forEachPkgs (system: pkgs: pkgs.alejandra); # templates = import ./templates; - devShells = forEachPkgs (pkgs: { + devShells = forEachPkgs (system: pkgs: { default = pkgs.mkShell { packages = with pkgs; [ # for version controlling this repo @@ -147,7 +153,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere + nixos-anywhere.packages.${system}.nixos-anywhere # for updating disko configurations disko ]; diff --git a/util/default.nix b/util/default.nix index 4b713da..5b61779 100644 --- a/util/default.nix +++ b/util/default.nix @@ -53,7 +53,7 @@ ../modules/system-modules ]; in { - forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: From b1e7be48b37adc932bac365d0ae10bdb6b0d9f9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:27:50 -0500 Subject: [PATCH 010/374] moved packages to common-modules --- modules/common-modules/pkgs/default.nix | 19 ++++++++++++++++--- .../pkgs}/prostudiomasters.nix | 0 .../pkgs}/webtoon-dl.nix | 0 modules/nixos-modules/default.nix | 1 - modules/nixos-modules/packages/default.nix | 17 ----------------- 5 files changed, 16 insertions(+), 21 deletions(-) rename modules/{nixos-modules/packages => common-modules/pkgs}/prostudiomasters.nix (100%) rename modules/{nixos-modules/packages => common-modules/pkgs}/webtoon-dl.nix (100%) delete mode 100644 modules/nixos-modules/packages/default.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 3e4456b..208ee24 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,17 @@ -# this folder is for custom derivations -{...}: { - # package = pkgs.callPackage ./package.nix {}; +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; } diff --git a/modules/nixos-modules/packages/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix similarity index 100% rename from modules/nixos-modules/packages/prostudiomasters.nix rename to modules/common-modules/pkgs/prostudiomasters.nix diff --git a/modules/nixos-modules/packages/webtoon-dl.nix b/modules/common-modules/pkgs/webtoon-dl.nix similarity index 100% rename from modules/nixos-modules/packages/webtoon-dl.nix rename to modules/common-modules/pkgs/webtoon-dl.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index d668a74..8cdeae9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,7 +15,6 @@ ./ai.nix ./tailscale.nix ./server - ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix deleted file mode 100644 index 208ee24..0000000 --- a/modules/nixos-modules/packages/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - ]; -} From 7979b4ed17663d504f95036af80de4a07ab2f697 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:29:39 -0500 Subject: [PATCH 011/374] installed prostudiomasters for leyla only --- configurations/home-manager/leyla/packages.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index e9ab230..020060d 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -72,6 +72,7 @@ in { # proprietary platforms discord obsidian + prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 7e2ab8a..770eeef 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -50,7 +50,6 @@ environment.systemPackages = with pkgs; [ webtoon-dl - prostudiomasters ]; programs = { From a68f81cf3bc41a131ceb7ec644629037e1102ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:41:55 -0500 Subject: [PATCH 012/374] moved disko needed configuration to disko.nix --- modules/nixos-modules/disko.nix | 41 ++++++++++++++++++++++++-- modules/nixos-modules/impermanence.nix | 27 ----------------- 2 files changed, 39 insertions(+), 29 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 13ddb8f..af83023 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -20,6 +20,8 @@ disk: lib.attrsets.nameValuePair (hashDisk disk) disk ) config.host.storage.pool.cache; + + datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; @@ -63,6 +65,39 @@ in { description = "list of drives that are going to be used as cache"; default = []; }; + # Default datasets that are needed to make a functioning system + datasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + default = { + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + }; extraDatasets = lib.mkOption { type = lib.types.attrsOf (inputs.disko.lib.subType { types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; @@ -222,13 +257,15 @@ in { ); datasets = lib.mkMerge [ - (lib.attrsets.mapAttrs (name: value: { + ( + lib.attrsets.mapAttrs (name: value: { type = value.type; options = value.options; mountpoint = value.mountpoint; postCreateHook = value.postCreateHook; }) - config.host.storage.pool.extraDatasets) + datasets + ) ]; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e969e20..2f38cd3 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -38,33 +38,6 @@ }; host.storage.pool.extraDatasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - # persist datasets are datasets that contain information that we would like to keep around "persist" = { type = "zfs_fs"; From 99ea35547290d71e04fb600f9cb8cec2979bfbef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:59:24 -0500 Subject: [PATCH 013/374] made boot disko partition configurable --- .../nixos/defiant/configuration.nix | 2 + modules/nixos-modules/disko.nix | 99 ++++++++----------- 2 files changed, 45 insertions(+), 56 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fef7a56..a48bddb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,6 +40,8 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; vdevs = [ [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index af83023..2cfeacc 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,16 +50,25 @@ in { }; }; pool = { - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; + # list of drives in pool that will have a boot partition put onto them + bootDrives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of disks that are going to have a boot partition installed on them"; + default = lib.lists.flatten config.host.storage.pool.vdevs; }; + # shorthand for vdevs if you only have 1 vdev drives = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be in the vdev"; default = []; }; + # list of all drives in each vdev + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + # list of cache drives for pool cache = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be used as cache"; @@ -156,59 +165,37 @@ in { disko.devices = { disk = ( builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { + # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - (lib.lists.flatten vdevs) - ) - ++ ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - # 2G here because its not much relative to how much storage we have for caching - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - cache + (lib.lists.flatten vdevs) ++ cache ) ) ); From 795b9b010f2890b2414ea549e3f5a133186234a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:04:37 -0500 Subject: [PATCH 014/374] made zfs mode settable --- modules/nixos-modules/disko.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 2cfeacc..3d15498 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; }; pool = { + mode = lib.mkOption { + type = lib.types.str; + default = "raidz2"; + description = "what level of redundancy should this pool have"; + }; # list of drives in pool that will have a boot partition put onto them bootDrives = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -207,7 +212,7 @@ in { type = "topology"; vdev = ( builtins.map (disks: { - mode = "raidz2"; + mode = config.host.storage.pool.mode; members = builtins.map (disk: disk.name) disks; }) From 6ce718ab095036ae60e2979e825a1ffee9777f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:07:13 -0500 Subject: [PATCH 015/374] moved emergent to common disko configuration --- .../nixos/emergent/configuration.nix | 8 +++ configurations/nixos/emergent/default.nix | 1 - .../nixos/emergent/disco-configuration.nix | 57 ------------------- 3 files changed, 8 insertions(+), 58 deletions(-) delete mode 100644 configurations/nixos/emergent/disco-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 2d7df4c..8176f97 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -50,6 +50,14 @@ isPrincipleUser = true; }; }; + + storage = { + enable = true; + pool = { + mode = ""; + drives = ["wwn-0x5000039fd0cf05eb"]; + }; + }; }; # Configure keymap in X11 diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 3455825..452334a 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,6 +3,5 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./disco-configuration.nix ]; } diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix deleted file mode 100644 index ac2067f..0000000 --- a/configurations/nixos/emergent/disco-configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -{...}: { - disko.devices = { - disk = { - disk1 = { - type = "disk"; - device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = ""; - options.cachefile = "none"; - rootFsOptions = { - compression = "zstd"; - "com.sun:auto-snapshot" = "true"; - }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - - datasets = { - "system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - }; - }; - }; -} From ba2a31a80ebea98dff88657c968f6cb239343086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:16:27 -0500 Subject: [PATCH 016/374] removed unused variable --- configurations/nixos/emergent/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 8176f97..eaac657 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -2,7 +2,6 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - config, lib, pkgs, ... From 2475170d0aecd74581b9d9f37dd6ce907d3ca48e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:28:06 -0500 Subject: [PATCH 017/374] moved user set configurations out of hardware-configuration.nix --- .../nixos/horizon/configuration.nix | 28 ++++- .../nixos/horizon/hardware-configuration.nix | 115 ++---------------- 2 files changed, 39 insertions(+), 104 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 770eeef..4a73d8c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,7 +1,8 @@ { + lib, + pkgs, config, inputs, - pkgs, ... }: { imports = [ @@ -10,6 +11,19 @@ nixpkgs.config.allowUnfree = true; + boot = { + initrd = { + availableKernelModules = ["usb_storage" "sd_mod"]; + }; + kernelModules = ["sg"]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + host = { users = { leyla = { @@ -49,8 +63,10 @@ }; environment.systemPackages = with pkgs; [ + cachefilesd webtoon-dl ]; + services.cachefilesd.enable = true; programs = { adb.enable = true; @@ -61,6 +77,16 @@ }; }; + networking = { + networkmanager.enable = true; + hostName = "horizon"; # Define your hostname. + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware = { + graphics.enable = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index e88d8dc..cec4914 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,22 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - supportedFilesystems = ["nfs"]; - }; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -39,98 +26,20 @@ device = "/dev/disk/by-uuid/E138-65B5"; fsType = "vfat"; }; - - "/mnt/leyla_documents" = { - device = "defiant:/export/leyla_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/eve_documents" = { - device = "defiant:/export/eve_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/export/users_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/media" = { - device = "defiant:/export/media"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - - services.cachefilesd.enable = true; - swapDevices = [ {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} ]; - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - hostName = "horizon"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From 35d6c1a63476a007ee81ce30bb517e8ceda5930a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:04:13 -0500 Subject: [PATCH 018/374] enabled fwupd on horizon --- configurations/nixos/horizon/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 4a73d8c..5817e2b 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -98,6 +98,10 @@ fprintd = { enable = true; }; + # firmware update tool + fwupd = { + enable = true; + }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; From 2e41153c43a8c3c1729b8deccc841d3bad38fcd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:37:12 -0500 Subject: [PATCH 019/374] reverted nixos-anywhere devshell --- flake.lock | 153 ----------------------- flake.nix | 8 +- modules/home-manager-modules/openssh.nix | 16 +-- 3 files changed, 9 insertions(+), 168 deletions(-) diff --git a/flake.lock b/flake.lock index fe1ba7d..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -20,28 +20,6 @@ "type": "github" } }, - "disko_2": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", - "owner": "nix-community", - "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -79,27 +57,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -194,27 +151,6 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, - "nix-vm-test": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748765518, - "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", - "owner": "Mic92", - "repo": "nix-vm-test", - "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-vm-test", - "type": "github" - } - }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -236,32 +172,6 @@ "type": "github" } }, - "nixos-anywhere": { - "inputs": { - "disko": "disko_2", - "flake-parts": "flake-parts", - "nix-vm-test": "nix-vm-test", - "nixos-images": "nixos-images", - "nixos-stable": "nixos-stable", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1748794949, - "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", - "owner": "nix-community", - "repo": "nixos-anywhere", - "rev": "b7686308b281917d63137373a2eb5c566a973d03", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-anywhere", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -278,47 +188,6 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-anywhere", - "nixos-stable" - ], - "nixos-unstable": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748481078, - "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", - "owner": "nix-community", - "repo": "nixos-images", - "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-stable": { - "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -345,7 +214,6 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -402,27 +270,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c0a72cf..ac651f7 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-anywhere = { - url = "github:nix-community/nixos-anywhere"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # disk configurations disko = { url = "github:nix-community/disko"; @@ -84,7 +79,6 @@ sops-nix, nix-syncthing, home-manager, - nixos-anywhere, impermanence, ... } @ inputs: let @@ -153,7 +147,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere.packages.${system}.nixos-anywhere + nixos-anywhere # for updating disko configurations disko ]; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b8..d7a0873 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; + # programs.ssh = { + # enable = true; + # compression = true; + # addKeysToAgent = "confirm"; + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); + # }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From 5e0bf9f068b879f8b00bcec30cf4cdda47d0862e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 17:37:56 -0500 Subject: [PATCH 020/374] re enabled ssh agent IdentityFile --- modules/home-manager-modules/openssh.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index d7a0873..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - # programs.ssh = { - # enable = true; - # compression = true; - # addKeysToAgent = "confirm"; - # extraConfig = lib.strings.concatLines ( - # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - # ); - # }; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From ac7c2e6de6eb957c8408c66f50d51397624be090 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:11:27 -0500 Subject: [PATCH 021/374] switched to lix --- flake.lock | 86 +++++++++++++++++++++++++++++++- flake.nix | 8 +-- modules/nixos-modules/system.nix | 1 - util/default.nix | 4 +- 4 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..3dbabc8 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +143,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +221,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -270,6 +339,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac651f7..7896d60 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 51a92ed..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,6 +1,5 @@ {...}: { nix = { - settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; diff --git a/util/default.nix b/util/default.nix index 5b61779..fb2f83d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9664eeb38dd162ea6d76102bfe7215a8c09bec44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:19:03 -0500 Subject: [PATCH 022/374] updated flakes --- .../nixos/emergent/configuration.nix | 4 +-- flake.lock | 34 +++++++++---------- modules/nixos-modules/desktop.nix | 10 +++--- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index eaac657..aacc820 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -38,8 +38,8 @@ services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; host = { users = { diff --git a/flake.lock b/flake.lock index 3dbabc8..bbaffa4 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748405006, - "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", + "lastModified": 1748730131, + "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9801a86d6603260940890c36650275090d1dceb", + "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748455938, - "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", + "lastModified": 1748811839, + "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", "owner": "nix-community", "repo": "home-manager", - "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", + "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", "type": "github" }, "original": { @@ -150,7 +150,7 @@ "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", @@ -171,7 +171,7 @@ "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748397853, - "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", + "lastModified": 1748744745, + "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", + "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748634340, + "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index cf59cd9..323b7cc 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -19,12 +19,6 @@ # Enable the X11 windowing system. enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - }; - # Get rid of xTerm desktopManager.xterm.enable = false; excludePackages = with pkgs; [ @@ -47,6 +41,10 @@ ]; }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + pipewire = { enable = true; alsa.enable = true; From 42e2ce9258660796c4607ce8b088978406e7d57e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 20:58:30 -0500 Subject: [PATCH 023/374] fixed warnings on defiant --- configurations/nixos/defiant/configuration.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a48bddb..0b9d1b7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,16 +201,14 @@ # temp enable desktop enviroment for setup # Enable the X11 windowing system. - xserver = { - enable = true; + xserver.enable = true; - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; }; ollama = { @@ -300,7 +298,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; - services.xserver.displayManager.gdm.autoSuspend = false; + services.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 1a4c2b2f950359eb905a2a7975e6e9af56e1aceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 21:06:54 -0500 Subject: [PATCH 024/374] stripped down twilight configuration.nix --- .../nixos/twilight/configuration.nix | 63 ++++++++++ configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/hardware-configuration.nix | 116 +----------------- .../nixos/twilight/nvidia-drivers.nix | 52 ++++++++ 4 files changed, 121 insertions(+), 111 deletions(-) create mode 100644 configurations/nixos/twilight/nvidia-drivers.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index e9032d8..0306f19 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,6 +1,7 @@ { inputs, config, + pkgs, ... }: { imports = [ @@ -121,6 +122,63 @@ syncthing.enable = true; }; + + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + cachefilesd + ]; programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play @@ -128,6 +186,11 @@ }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index + networking = { + networkmanager.enable = true; + hostName = "twilight"; # Define your hostname. + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index edfb3f6..43a9164 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./nvidia-drivers.nix ]; } diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1cba7de..9a4c2d2 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,16 +25,6 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - - supportedFilesystems = ["nfs"]; - }; - - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; }; fileSystems = { @@ -48,111 +38,15 @@ fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; - - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" - "fsc" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - swapDevices = []; - networking = { - networkmanager.enable = true; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - hostName = "twilight"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix new file mode 100644 index 0000000..883b5cb --- /dev/null +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -0,0 +1,52 @@ +{ + lib, + config, + ... +}: { + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} From a7b738eae366d806f145b291c6de1ba8e1580dc2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 22:10:29 -0500 Subject: [PATCH 025/374] made twilight hardware-configuration.nix match what is automatically generated --- .../nixos/twilight/configuration.nix | 8 ++++++++ .../nixos/twilight/hardware-configuration.nix | 20 +++++-------------- .../nixos/twilight/nvidia-drivers.nix | 8 +------- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0306f19..6cef2fb 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,6 +10,14 @@ nixpkgs.config.allowUnfree = true; + boot.initrd.availableKernelModules = ["usb_storage"]; + boot.kernelModules = ["sg"]; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/twilight" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 9a4c2d2..1389caf 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,20 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -49,4 +38,5 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 883b5cb..d373bf2 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{config, ...}: { services.xserver = { # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; @@ -46,7 +42,5 @@ # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.production; }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } From e6a640abfc772e034b9dcdffc14a5101d8973fac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 23:52:13 -0500 Subject: [PATCH 026/374] fixed warning in nvida-drivers --- configurations/nixos/twilight/nvidia-drivers.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d373bf2..47763f8 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,9 @@ {config, ...}: { - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; # Use X instead of wayland for gaming reasons displayManager.gdm.wayland = false; }; From dd537353547ae61bf29174997014180cca9cc644 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:07:09 -0500 Subject: [PATCH 027/374] refactored leyla packages into several folders --- configurations/home-manager/leyla/default.nix | 2 +- .../home-manager/leyla/packages.nix | 136 ------------------ .../home-manager/leyla/packages/default.nix | 104 ++++++++++++++ .../home-manager/leyla/packages/direnv.nix | 12 ++ .../leyla/{ => packages}/firefox.nix | 10 +- .../home-manager/leyla/packages/git.nix | 22 +++ .../home-manager/leyla/packages/openssh.nix | 24 ++++ .../leyla/{ => packages}/vscode/default.nix | 3 +- .../{ => packages}/vscode/user-words.nix | 0 modules/home-manager-modules/continue.nix | 60 ++++---- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 117 +++++++-------- modules/home-manager-modules/user.nix | 17 +++ 13 files changed, 275 insertions(+), 233 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages.nix create mode 100644 configurations/home-manager/leyla/packages/default.nix create mode 100644 configurations/home-manager/leyla/packages/direnv.nix rename configurations/home-manager/leyla/{ => packages}/firefox.nix (98%) create mode 100644 configurations/home-manager/leyla/packages/git.nix create mode 100644 configurations/home-manager/leyla/packages/openssh.nix rename configurations/home-manager/leyla/{ => packages}/vscode/default.nix (97%) rename configurations/home-manager/leyla/{ => packages}/vscode/user-words.nix (100%) create mode 100644 modules/home-manager-modules/user.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 90251a3..d7cecc4 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,7 +1,7 @@ {osConfig, ...}: { imports = [ + ./packages ./i18n.nix - ./packages.nix ./impermanence.nix ./dconf.nix ]; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix deleted file mode 100644 index 020060d..0000000 --- a/configurations/home-manager/leyla/packages.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ - lib, - config, - osConfig, - pkgs, - ... -}: let - userConfig = osConfig.host.users.leyla; - hardware = osConfig.host.hardware; -in { - imports = [ - ./vscode/default.nix - ./firefox.nix - ]; - - config = lib.mkMerge [ - (lib.mkIf userConfig.isTerminalUser { - home.packages = with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ]; - }) - (lib.mkIf userConfig.isDesktopUser { - nixpkgs.config = { - allowUnfree = true; - }; - - home.packages = ( - lib.lists.optionals userConfig.isDesktopUser ( - (with pkgs; [ - # helvetica font - aileron - - gnomeExtensions.dash-to-dock - - # development tools - dbeaver-bin - bruno - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - signal-desktop-bin - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - picard - - # proprietary platforms - discord - obsidian - prostudiomasters - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - jetbrains.idea-community - qFlipper - - # system tools - protonvpn-gui - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ]) - ) - ) - ); - programs = lib.mkIf userConfig.isDesktopUser { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; - }) - ]; -} diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix new file mode 100644 index 0000000..fd2347c --- /dev/null +++ b/configurations/home-manager/leyla/packages/default.nix @@ -0,0 +1,104 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + hardware = osConfig.host.hardware; +in { + imports = [ + ./vscode + ./firefox.nix + ./direnv.nix + ./openssh.nix + ./git.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf config.user.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf config.user.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; + + home.packages = ( + (with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + + # development tools + dbeaver-bin + bruno + proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent + picard + + # proprietary platforms + discord + obsidian + prostudiomasters + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) + ); + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + bash.enable = true; + }; + }) + ]; +} diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix new file mode 100644 index 0000000..630d0cc --- /dev/null +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -0,0 +1,12 @@ +{config, ...}: { + config = { + programs = { + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix similarity index 98% rename from configurations/home-manager/leyla/firefox.nix rename to configurations/home-manager/leyla/packages/firefox.nix index 0adea28..fcac972 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,14 +2,12 @@ lib, pkgs, inputs, - osConfig, + config, ... -}: let - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; -in { - config = lib.mkIf is-desktop-user { +}: { + config = { programs.firefox = { - enable = true; + enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix new file mode 100644 index 0000000..038c149 --- /dev/null +++ b/configurations/home-manager/leyla/packages/git.nix @@ -0,0 +1,22 @@ +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { + programs = { + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix new file mode 100644 index 0000000..07b4488 --- /dev/null +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -0,0 +1,24 @@ +{ + config, + osConfig, + ... +}: { + config = { + programs = { + openssh = { + enable = config.user.isDesktopUser; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix similarity index 97% rename from configurations/home-manager/leyla/vscode/default.nix rename to configurations/home-manager/leyla/packages/vscode/default.nix index c2ee066..4ad8c81 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,9 +8,8 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - config = lib.mkIf is-desktop-user { + config = lib.mkIf config.user.isDesktopUser { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix similarity index 100% rename from configurations/home-manager/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/packages/vscode/user-words.nix diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index 327ee44..20ec52b 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -7,40 +7,38 @@ }: let ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { - options = { - user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; + options.user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; + startUrl = lib.mkOption { + type = lib.types.str; }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; }; }; }; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ee47fb5..b4d9c16 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./user.nix ./flipperzero.nix ./i18n.nix ./openssh.nix diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b8..c8ba22d 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -6,6 +6,7 @@ ... }: { options.programs.openssh = { + enable = lib.mkEnableOption "should we enable openssh"; authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; @@ -37,63 +38,65 @@ }; }; - config = lib.mkMerge [ - ( - lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { - services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + config = lib.mkIf config.programs.openssh.enable ( + lib.mkMerge [ + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; + + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* + fi + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; - - systemd.user.services = builtins.listToAttrs ( - builtins.map (hostKey: - lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { - Install = { - WantedBy = ["default.target"]; - }; - Service = let - path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; - in { - Restart = "always"; - Type = "simple"; - ExecStart = "${ - pkgs.writeShellScript "ssh-gen-keys" '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" - fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ${pkgs.openssh}/bin/ssh-keygen \ - -t "${hostKey.type}" \ - ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ - ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ - ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ - ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - chown ${config.home.username} ${path}* - chgrp ${config.home.username} ${path}* - fi - '' - }"; - }; - }) - config.programs.openssh.hostKeys - ); - } - ) - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys - ); - }; - }) - ]; + }) + ] + ); } diff --git a/modules/home-manager-modules/user.nix b/modules/home-manager-modules/user.nix new file mode 100644 index 0000000..efce22d --- /dev/null +++ b/modules/home-manager-modules/user.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + osConfig, + ... +}: { + options.user = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isDesktopUser; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isTerminalUser; + }; + }; +} From 666504a63aca6f31213bb28a299fc51103c3c432 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:13:45 -0500 Subject: [PATCH 028/374] added notes for leyla packages --- .../home-manager/leyla/packages/default.nix | 10 ++++++++ .../home-manager/leyla/packages/direnv.nix | 24 +++++++++++++------ .../home-manager/leyla/packages/firefox.nix | 1 + .../home-manager/leyla/packages/git.nix | 24 ++++++------------- .../home-manager/leyla/packages/openssh.nix | 1 + 5 files changed, 36 insertions(+), 24 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index fd2347c..d8b200d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,7 +45,9 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms + # TODO: move signal to package with impermanence signal-desktop-bin + # TODO: move bitwarden to package with impermanence bitwarden ungoogled-chromium libreoffice @@ -55,9 +57,12 @@ in { freecad # cura # kicad-small + # TODO: move makemkv to package with configs set and impermanence makemkv onionshare # rhythmbox + + # TODO: move obs to package with impermanence (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager @@ -71,17 +76,22 @@ in { picard # proprietary platforms + # TODO: move discord to package with impermanence discord + # TODO: move obsidian to package with impermanence obsidian + # TODO: move prostudiomasters to package with impermanence prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary + # TODO: move idea to package with impermanence and installed extensions jetbrains.idea-community qFlipper # system tools + # TODO: move protonvpn to package with impermanence and installed extensions protonvpn-gui openvpn noisetorch diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix index 630d0cc..038c149 100644 --- a/configurations/home-manager/leyla/packages/direnv.nix +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -1,11 +1,21 @@ -{config, ...}: { - config = { +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { programs = { - git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; }; }; }; diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index fcac972..a343b0a 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -341,5 +341,6 @@ }; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 038c149..630d0cc 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,21 +1,11 @@ -{ - lib, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.leyla; -in { - config = lib.mkIf userConfig.isDesktopUser { +{config, ...}: { + config = { programs = { - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; - }; + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; }; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index 07b4488..e7131c9 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -20,5 +20,6 @@ ]; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } From 9fe35e74ad5feb6711ec3335d6ee12db15231c2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:47:01 -0500 Subject: [PATCH 029/374] created program option entries for all packages that needs continual state --- configurations/home-manager/eve/packages.nix | 62 ++++++++++--------- .../home-manager/leyla/packages/default.nix | 56 +++++++++-------- .../home-manager/leyla/packages/firefox.nix | 2 - .../home-manager/leyla/packages/git.nix | 3 +- .../home-manager/leyla/packages/openssh.nix | 2 - .../leyla/packages/vscode/default.nix | 2 - modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/anki.nix | 24 +++++++ .../programs/bitwarden.nix | 24 +++++++ .../home-manager-modules/programs/calibre.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 17 +++++ .../home-manager-modules/programs/discord.nix | 24 +++++++ .../home-manager-modules/programs/firefox.nix | 3 + .../home-manager-modules/programs/idea.nix | 24 +++++++ .../home-manager-modules/programs/makemkv.nix | 25 ++++++++ modules/home-manager-modules/programs/obs.nix | 24 +++++++ .../programs/obsidian.nix | 24 +++++++ .../programs/prostudiomasters.nix | 24 +++++++ .../programs/protonvpn.nix | 24 +++++++ .../programs/qbittorrent.nix | 24 +++++++ .../home-manager-modules/programs/signal.nix | 24 +++++++ 21 files changed, 374 insertions(+), 63 deletions(-) create mode 100644 modules/home-manager-modules/programs/anki.nix create mode 100644 modules/home-manager-modules/programs/bitwarden.nix create mode 100644 modules/home-manager-modules/programs/calibre.nix create mode 100644 modules/home-manager-modules/programs/default.nix create mode 100644 modules/home-manager-modules/programs/discord.nix create mode 100644 modules/home-manager-modules/programs/firefox.nix create mode 100644 modules/home-manager-modules/programs/idea.nix create mode 100644 modules/home-manager-modules/programs/makemkv.nix create mode 100644 modules/home-manager-modules/programs/obs.nix create mode 100644 modules/home-manager-modules/programs/obsidian.nix create mode 100644 modules/home-manager-modules/programs/prostudiomasters.nix create mode 100644 modules/home-manager-modules/programs/protonvpn.nix create mode 100644 modules/home-manager-modules/programs/qbittorrent.nix create mode 100644 modules/home-manager-modules/programs/signal.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6cc4630..1abf501 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -12,41 +12,47 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin ungoogled-chromium ] ); # Packages that need to be installed with some extra configuration # See https://home-manager-options.extranix.com/ for all options - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf userConfig.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + }; - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; + firefox.enable = true; + bitwarden.enable = true; + discord.enable = true; + makemkv.enable = true; + signal-desktop-bin.enable = true; + }) + ]; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index d8b200d..cfe70cc 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,10 +45,6 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms - # TODO: move signal to package with impermanence - signal-desktop-bin - # TODO: move bitwarden to package with impermanence - bitwarden ungoogled-chromium libreoffice inkscape @@ -57,42 +53,25 @@ in { freecad # cura # kicad-small - # TODO: move makemkv to package with configs set and impermanence - makemkv onionshare # rhythmbox - # TODO: move obs to package with impermanence - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager # fritzing mfoc tor-browser - anki pdfarranger - calibre - qbittorrent picard # proprietary platforms - # TODO: move discord to package with impermanence - discord - # TODO: move obsidian to package with impermanence - obsidian - # TODO: move prostudiomasters to package with impermanence - prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary - # TODO: move idea to package with impermanence and installed extensions - jetbrains.idea-community qFlipper # system tools - # TODO: move protonvpn to package with impermanence and installed extensions - protonvpn-gui openvpn noisetorch @@ -103,12 +82,35 @@ in { ]) ) ); - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - bash.enable = true; - }; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + bash.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf hardware.directAccess.enable { + anki.enable = true; + bitwarden.enable = true; + signal-desktop-bin.enable = true; + makemkv.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + calibre.enable = true; + qbittorrent.enable = true; + discord.enable = true; + obsidian.enable = true; + prostudiomasters.enable = true; + jetbrains.idea-community.enable = true; + protonvpn-gui.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + vscode.enable = true; + firefox.enable = true; + }) + ]; }) ]; } diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index a343b0a..f9787b9 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,12 +2,10 @@ lib, pkgs, inputs, - config, ... }: { config = { programs.firefox = { - enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 630d0cc..568cd7a 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,8 +1,7 @@ -{config, ...}: { +{...}: { config = { programs = { git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index e7131c9..91aec11 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -6,7 +6,6 @@ config = { programs = { openssh = { - enable = config.user.isDesktopUser; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" @@ -20,6 +19,5 @@ ]; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 4ad8c81..c21e01d 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -26,8 +26,6 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; - package = pkgs.vscodium; mutableExtensionsDir = false; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index b4d9c16..faf6f58 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,5 +6,6 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./programs ]; } diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix new file mode 100644 index 0000000..d513657 --- /dev/null +++ b/modules/home-manager-modules/programs/anki.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.anki = { + enable = lib.mkEnableOption "enable anki"; + }; + + config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + anki + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for anki + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix new file mode 100644 index 0000000..b68ee30 --- /dev/null +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bitwarden = { + enable = lib.mkEnableOption "enable bitwarden"; + }; + + config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bitwarden + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bitwarden + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix new file mode 100644 index 0000000..f22fbbf --- /dev/null +++ b/modules/home-manager-modules/programs/calibre.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.calibre = { + enable = lib.mkEnableOption "enable calibre"; + }; + + config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + calibre + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for calibre + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix new file mode 100644 index 0000000..a9139bc --- /dev/null +++ b/modules/home-manager-modules/programs/default.nix @@ -0,0 +1,17 @@ +{...}: { + imports = [ + ./firefox.nix + ./signal.nix + ./bitwarden.nix + ./makemkv.nix + ./obs.nix + ./anki.nix + ./qbittorrent.nix + ./discord.nix + ./obsidian.nix + ./prostudiomasters.nix + ./idea.nix + ./protonvpn.nix + ./calibre.nix + ]; +} diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix new file mode 100644 index 0000000..a81bb03 --- /dev/null +++ b/modules/home-manager-modules/programs/discord.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.discord = { + enable = lib.mkEnableOption "enable discord"; + }; + + config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + discord + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for discord + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix new file mode 100644 index 0000000..654a480 --- /dev/null +++ b/modules/home-manager-modules/programs/firefox.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: map firefox impermanence +} diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix new file mode 100644 index 0000000..a7a6d7f --- /dev/null +++ b/modules/home-manager-modules/programs/idea.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.jetbrains.idea-community = { + enable = lib.mkEnableOption "enable idea-community"; + }; + + config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + jetbrains.idea-community + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for idea-community + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix new file mode 100644 index 0000000..c1040bb --- /dev/null +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.makemkv = { + enable = lib.mkEnableOption "enable makemkv"; + }; + + config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + makemkv + ]; + # TODO: write config file for makemkv + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for makemkv + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix new file mode 100644 index 0000000..b29521a --- /dev/null +++ b/modules/home-manager-modules/programs/obs.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obs-studio = { + # enable = lib.mkEnableOption "enable obs"; + }; + + config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obs-studio + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obs + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix new file mode 100644 index 0000000..57f119b --- /dev/null +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obsidian = { + # enable = lib.mkEnableOption "enable obsidian"; + }; + + config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obsidian + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obsidian + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix new file mode 100644 index 0000000..4481f5b --- /dev/null +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.prostudiomasters = { + enable = lib.mkEnableOption "enable prostudiomasters"; + }; + + config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + prostudiomasters + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for prostudiomasters + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix new file mode 100644 index 0000000..1ddedc7 --- /dev/null +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.protonvpn-gui = { + enable = lib.mkEnableOption "enable protonvpn"; + }; + + config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + protonvpn-gui + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for protonvpn + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix new file mode 100644 index 0000000..1e98c3e --- /dev/null +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qbittorrent = { + enable = lib.mkEnableOption "enable qbittorrent"; + }; + + config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qbittorrent + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for qbittorrent + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix new file mode 100644 index 0000000..4eb0f37 --- /dev/null +++ b/modules/home-manager-modules/programs/signal.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.signal-desktop-bin = { + enable = lib.mkEnableOption "enable signal"; + }; + + config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + signal-desktop-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for signal + } + ) + ]); +} From d741c252914683a6e5f38eb50f2fdcf262badef7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:50:35 -0500 Subject: [PATCH 030/374] moved some packages under desktop + direct access --- .../home-manager/leyla/packages/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index cfe70cc..ff32361 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -92,21 +92,21 @@ in { git.enable = true; openssh.enable = true; }) - (lib.mkIf hardware.directAccess.enable { - anki.enable = true; + (lib.mkIf config.user.isDesktopUser { bitwarden.enable = true; - signal-desktop-bin.enable = true; - makemkv.enable = true; obs-studio.enable = hardware.graphicsAcceleration.enable; - calibre.enable = true; qbittorrent.enable = true; - discord.enable = true; - obsidian.enable = true; prostudiomasters.enable = true; - jetbrains.idea-community.enable = true; protonvpn-gui.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; }) From eca8dfcf69ed8a312ea1326f7493535513a0d0b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 23:15:17 -0500 Subject: [PATCH 031/374] removed extra packages --- flake.lock | 24 +++++++++---------- modules/home-manager-modules/programs/obs.nix | 10 -------- .../programs/obsidian.nix | 10 -------- 3 files changed, 12 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index bbaffa4..f77dacd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "lastModified": 1748832438, + "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", "owner": "nix-community", "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748730131, - "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", + "lastModified": 1748923398, + "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", + "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748811839, - "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", + "lastModified": 1748923085, + "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", "owner": "nix-community", "repo": "home-manager", - "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", + "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748744745, - "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", + "lastModified": 1748916419, + "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", + "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index b29521a..98c4fea 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obs-studio = { - # enable = lib.mkEnableOption "enable obs"; - }; - config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obs-studio - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obs diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 57f119b..9dd9299 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obsidian = { - # enable = lib.mkEnableOption "enable obsidian"; - }; - config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obsidian - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obsidian From 7473ad541586ed857039bc651567c3b1d7278ce0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 11:19:34 -0500 Subject: [PATCH 032/374] moved more packages to module --- .../home-manager/leyla/packages/default.nix | 66 +++++++++---------- .../home-manager-modules/programs/bruno.nix | 24 +++++++ .../home-manager-modules/programs/dbeaver.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 2 + 4 files changed, 83 insertions(+), 33 deletions(-) create mode 100644 modules/home-manager-modules/programs/bruno.nix create mode 100644 modules/home-manager-modules/programs/dbeaver.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index ff32361..8f06441 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -16,6 +16,39 @@ in { ]; config = lib.mkMerge [ + { + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) { + bash.enable = true; + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf config.user.isDesktopUser { + bitwarden.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + qbittorrent.enable = true; + prostudiomasters.enable = true; + protonvpn-gui.enable = true; + dbeaver-bin.enable = true; + bruno.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; + vscode.enable = true; + firefox.enable = true; + }) + ]; + } (lib.mkIf config.user.isTerminalUser { home.packages = with pkgs; [ # command line tools @@ -32,14 +65,10 @@ in { home.packages = ( (with pkgs; [ - # helvetica font aileron gnomeExtensions.dash-to-dock - # development tools - dbeaver-bin - bruno proxmark3 ]) ++ ( @@ -82,35 +111,6 @@ in { ]) ) ); - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - bash.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - git.enable = true; - openssh.enable = true; - }) - (lib.mkIf config.user.isDesktopUser { - bitwarden.enable = true; - obs-studio.enable = hardware.graphicsAcceleration.enable; - qbittorrent.enable = true; - prostudiomasters.enable = true; - protonvpn-gui.enable = true; - }) - (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { - anki.enable = true; - makemkv.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - calibre.enable = true; - obsidian.enable = true; - jetbrains.idea-community.enable = true; - vscode.enable = true; - firefox.enable = true; - }) - ]; }) ]; } diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix new file mode 100644 index 0000000..b7e6ae3 --- /dev/null +++ b/modules/home-manager-modules/programs/bruno.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bruno = { + enable = lib.mkEnableOption "enable bruno"; + }; + + config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bruno + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bruno + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix new file mode 100644 index 0000000..fed1d6d --- /dev/null +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.dbeaver-bin = { + enable = lib.mkEnableOption "enable dbeaver"; + }; + + config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + dbeaver-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for dbeaver + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index a9139bc..aa15701 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -13,5 +13,7 @@ ./idea.nix ./protonvpn.nix ./calibre.nix + ./bruno.nix + ./dbeaver.nix ]; } From 9c7cc3e3a759f38c515e7b2e73dd2cbe5f1aaebf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:23:20 -0500 Subject: [PATCH 033/374] drafted out home manager steam configuration --- .../home-manager/leyla/packages/default.nix | 1 + configurations/nixos/horizon/configuration.nix | 2 +- .../nixos/twilight/configuration.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/steam.nix | 17 +++++++++++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/steam.nix | 18 ++++++++++++++++++ 7 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/steam.nix create mode 100644 modules/nixos-modules/home-manager/steam.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 8f06441..5af20ef 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -46,6 +46,7 @@ in { jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; + steam.enable = true; }) ]; } diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5817e2b..8398a38 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -71,7 +71,7 @@ programs = { adb.enable = true; steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6cef2fb..cb3813e 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -188,7 +188,7 @@ cachefilesd ]; programs.steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index aa15701..ee52da2 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -15,5 +15,6 @@ ./calibre.nix ./bruno.nix ./dbeaver.nix + ./steam.nix ]; } diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix new file mode 100644 index 0000000..a754575 --- /dev/null +++ b/modules/home-manager-modules/programs/steam.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.steam = { + enable = lib.mkEnableOption "enable steam"; + }; + + config = lib.mkIf config.programs.steam.enable { + home.packages = with pkgs; [ + steam + steam.run + ]; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index cab004b..10f86c7 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./steam.nix ]; } diff --git a/modules/nixos-modules/home-manager/steam.nix b/modules/nixos-modules/home-manager/steam.nix new file mode 100644 index 0000000..d151bca --- /dev/null +++ b/modules/nixos-modules/home-manager/steam.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + setupSteam = + lib.lists.any + (value: value) + (lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users); +in { + config = lib.mkIf setupSteam { + programs.steam = { + enable = true; + # TODO: figure out how to not install steam here + # package = lib.mkDefault pkgs.emptyFile; + }; + }; +} From 2c011fda87b99f9a8d8811f18821940114644089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:32:44 -0500 Subject: [PATCH 034/374] moved steam config out of nix configurations --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 7 +------ configurations/nixos/horizon/configuration.nix | 5 ----- configurations/nixos/twilight/configuration.nix | 5 ----- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/steam.nix | 9 +++++++++ 6 files changed, 12 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/steam.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 1abf501..3c2a281 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -52,6 +52,7 @@ in { discord.enable = true; makemkv.enable = true; signal-desktop-bin.enable = true; + steam.enable = true; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index aacc820..c75c162 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -98,12 +98,7 @@ # Packages that need to be installed with some extra configuration # See https://search.nixos.org/options for all options - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; + programs = {}; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8398a38..1c88cc3 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -70,11 +70,6 @@ programs = { adb.enable = true; - steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index cb3813e..111c002 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -187,11 +187,6 @@ environment.systemPackages = with pkgs; [ cachefilesd ]; - programs.steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index networking = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae9..2ba1a58 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -14,6 +14,7 @@ ./ollama.nix ./ai.nix ./tailscale.nix + ./steam.nix ./server ]; diff --git a/modules/nixos-modules/steam.nix b/modules/nixos-modules/steam.nix new file mode 100644 index 0000000..20c0978 --- /dev/null +++ b/modules/nixos-modules/steam.nix @@ -0,0 +1,9 @@ +{...}: { + programs = { + steam = { + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + }; +} From ef03167d23b28506cf3c086d8ca4b5688ded866f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 20:22:35 -0500 Subject: [PATCH 035/374] added TODO note --- modules/home-manager-modules/programs/steam.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index a754575..551cb5d 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -14,4 +14,6 @@ steam.run ]; }; + + # TODO: bind impermanence config } From 54722eff619a303b6ce59aa206bba12958622a52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:12:51 -0500 Subject: [PATCH 036/374] set up impermanence configurations for applications --- modules/home-manager-modules/programs/anki.nix | 7 ++++++- modules/home-manager-modules/programs/bitwarden.nix | 7 ++++++- modules/home-manager-modules/programs/bruno.nix | 7 ++++++- modules/home-manager-modules/programs/calibre.nix | 7 ++++++- modules/home-manager-modules/programs/dbeaver.nix | 7 ++++++- modules/home-manager-modules/programs/discord.nix | 7 ++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index d513657..13e28c9 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for anki + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/Anki2" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b68ee30..0265488 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bitwarden + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/Bitwarden" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index b7e6ae3..3323e5b 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bruno + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/bruno/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index f22fbbf..c26cd5e 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for calibre + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/calibre" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index fed1d6d..26dcc52 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for dbeaver + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/DBeaverData/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a81bb03..a7cbb5f 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for discord + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/discord/" + ]; + allowOther = true; + }; } ) ]); From 17cb9bbaf560066d3605db3ddf0fe39c7a810c44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:15:26 -0500 Subject: [PATCH 037/374] set up more continue agents for horizon --- .../nixos/horizon/configuration.nix | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1c88cc3..f72b264 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -46,6 +46,28 @@ roles = ["chat" "edit" "apply"]; apiBase = "http://twilight:11434"; }; + "Deepseek Coder:6.7B" = { + model = "deepseek-coder:6.7b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + "Deepseek Coder:33B" = { + model = "deepseek-coder:33b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:8B" = { + model = "deepseek-r1:8b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:32B" = { + model = "deepseek-r1:32b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; From 8d86de4a2d7f9d9586219ba2202283b086c0e5b7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:17:08 -0500 Subject: [PATCH 038/374] drafted out firefox impermanence --- .../home-manager-modules/programs/firefox.nix | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 654a480..5e78114 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,3 +1,33 @@ -{...}: { +{ + lib, + config, + osConfig, + ... +}: { # TODO: map firefox impermanence + config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + # firefox profiles are defined by: programs.firefox.profile + # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile + # home.persistence."/persist${config.home.homeDirectory}" = { + # directories = [ + # ".mozilla/firefox/default/extensions" + # ]; + # files = [ + # ".mozilla/firefox/default/cookies.sqlite" + # ".mozilla/firefox/default/favicons.sqlite" + # # Permissions and zoom levels for each site + # ".mozilla/firefox/default/permissions.sqlite" + # ".mozilla/firefox/default/content-prefs.sqlite" + # # Browser history and bookmarks + # ".mozilla/firefox/default/places.sqlite" + # # I guess this is useful? + # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + # ".mozilla/firefox/default/storage.sqlite" + # # Extension configuration + # ".mozilla/firefox/default/extension-settings.json" + # ]; + # allowOther = true; + # }; + }; } From 89373ac24366250e791a2a156018ebcb57016550 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:16:21 -0500 Subject: [PATCH 039/374] set up firefox impermanence --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager-modules/programs/firefox.nix | 60 +++++++++++-------- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 3c2a281..30fc361 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -41,7 +41,7 @@ in { ]; }; }) - (lib.mkIf userConfig.isDesktopUser { + (lib.mkIf config.user.isDesktopUser { vscode = { enable = true; package = pkgs.vscodium; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 5e78114..907b619 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -3,31 +3,41 @@ config, osConfig, ... -}: { - # TODO: map firefox impermanence +}: let + buildProfilePersistence = profile: { + directories = [ + ".mozilla/firefox/${profile}/extensions" + ]; + files = [ + ".mozilla/firefox/${profile}/cookies.sqlite" + ".mozilla/firefox/${profile}/favicons.sqlite" + # Permissions and ${profileName} levels for each site + ".mozilla/firefox/${profile}/permissions.sqlite" + ".mozilla/firefox/${profile}/content-prefs.sqlite" + # Browser history and bookmarks + ".mozilla/firefox/${profile}/places.sqlite" + # I guess this is useful? + # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + ".mozilla/firefox/${profile}/storage.sqlite" + # Extension configuration + ".mozilla/firefox/${profile}/extension-settings.json" + ]; + allowOther = true; + }; +in { config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { - # firefox profiles are defined by: programs.firefox.profile - # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile - # home.persistence."/persist${config.home.homeDirectory}" = { - # directories = [ - # ".mozilla/firefox/default/extensions" - # ]; - # files = [ - # ".mozilla/firefox/default/cookies.sqlite" - # ".mozilla/firefox/default/favicons.sqlite" - # # Permissions and zoom levels for each site - # ".mozilla/firefox/default/permissions.sqlite" - # ".mozilla/firefox/default/content-prefs.sqlite" - # # Browser history and bookmarks - # ".mozilla/firefox/default/places.sqlite" - # # I guess this is useful? - # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 - # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria - # ".mozilla/firefox/default/storage.sqlite" - # # Extension configuration - # ".mozilla/firefox/default/extension-settings.json" - # ]; - # allowOther = true; - # }; + home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( + ( + lib.attrsets.mapAttrsToList + (profile: _: buildProfilePersistence profile) + config.programs.firefox.profiles + ) + ++ ( + lib.lists.optional + ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0) + (buildProfilePersistence "default") + ) + ); }; } From 4e94731d9c33c95e6776116e3e8a6ea6f1bf60e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:30:40 -0500 Subject: [PATCH 040/374] added impermanence for jetbrains idea-community --- modules/home-manager-modules/programs/idea.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index a7a6d7f..f4edf12 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -17,7 +17,16 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for idea-community + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + # configuration + "~/.config/JetBrains/" + # plugins + "~/.local/share/JetBrains/" + # System and Logs + "~/.cache/JetBrains/" + ]; + }; } ) ]); From 50aca7b17014f102f413bc796bd236363f1a09d2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:14:11 -0500 Subject: [PATCH 041/374] added applications key file --- .sops.yaml | 4 ++++ flake.lock | 44 ++++++++++++++++++++++---------------------- nix-config-secrets | 2 +- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index b8b0adf..a6e6f4f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,3 +13,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/application-keys.yaml$ + key_groups: + - age: + - *leyla \ No newline at end of file diff --git a/flake.lock b/flake.lock index f77dacd..eeebec5 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748923398, - "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", + "lastModified": 1749009805, + "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", + "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748923085, - "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", + "lastModified": 1749049052, + "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", + "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1748352827, - "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", + "lastModified": 1749012745, + "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", + "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748916419, - "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", + "lastModified": 1749002682, + "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", + "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748634340, - "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1743538790, - "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", + "lastModified": 1749060788, + "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", "ref": "refs/heads/main", - "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", - "revCount": 17, + "rev": "96e0ee4409830716a1658b37737f9e05d366408e", + "revCount": 18, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 3d63dff..96e0ee4 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 +Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e From 7363fc97bc0c6248bc12891940175052777d5b62 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:19:44 -0500 Subject: [PATCH 042/374] updated application key file structure --- flake.lock | 8 ++++---- nix-config-secrets | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index eeebec5..636f746 100644 --- a/flake.lock +++ b/flake.lock @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749060788, - "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", + "lastModified": 1749061163, + "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", "ref": "refs/heads/main", - "rev": "96e0ee4409830716a1658b37737f9e05d366408e", - "revCount": 18, + "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", + "revCount": 19, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 96e0ee4..1c5c059 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e +Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba From 0f26b73f6a3e96aed1978432f80689b892083760 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:37:53 -0500 Subject: [PATCH 043/374] set up makemkv persistence --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager/leyla/packages/makemkv.nix | 17 +++++++++++++++ modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/makemkv.nix | 21 +++++++++++++++++-- modules/home-manager-modules/sops.nix | 7 +++++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 configurations/home-manager/leyla/packages/makemkv.nix create mode 100644 modules/home-manager-modules/sops.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5af20ef..4acfaf1 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -13,6 +13,7 @@ in { ./direnv.nix ./openssh.nix ./git.nix + ./makemkv.nix ]; config = lib.mkMerge [ diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix new file mode 100644 index 0000000..ee71955 --- /dev/null +++ b/configurations/home-manager/leyla/packages/makemkv.nix @@ -0,0 +1,17 @@ +{ + config, + inputs, + ... +}: { + config = { + sops.secrets = { + "application-keys/makemkv" = { + sopsFile = "${inputs.secrets}/application-keys.yaml"; + }; + }; + programs.makemkv = { + appKeyFile = config.sops.placeholder."application-keys/makemkv"; + destinationDir = "/home/leyla/downloads/makemkv"; + }; + }; +} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index faf6f58..73876f4 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./sops.nix ./user.nix ./flipperzero.nix ./i18n.nix diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index c1040bb..eca059d 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -7,6 +7,12 @@ }: { options.programs.makemkv = { enable = lib.mkEnableOption "enable makemkv"; + appKeyFile = lib.mkOption { + type = lib.types.str; + }; + destinationDir = lib.mkOption { + type = lib.types.str; + }; }; config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ @@ -14,11 +20,22 @@ home.packages = with pkgs; [ makemkv ]; - # TODO: write config file for makemkv + + sops.templates."MakeMKV.settings.conf".content = '' + app_DestinationDir = "${config.programs.makemkv.destinationDir}" + app_DestinationType = "2" + app_Key = "${config.programs.makemkv.appKeyFile}" + ''; + + home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for makemkv + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".MakeMKV" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix new file mode 100644 index 0000000..910fbb6 --- /dev/null +++ b/modules/home-manager-modules/sops.nix @@ -0,0 +1,7 @@ +{...}: { + config = { + sops = { + age.keyFile = "/var/lib/sops-nix/key.txt"; + }; + }; +} From 033cc6bc2202749421defbda249c0568f4816899 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:43:22 -0500 Subject: [PATCH 044/374] removed outdated note --- configurations/home-manager/leyla/packages/firefox.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index f9787b9..1613cb3 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -339,6 +339,5 @@ }; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } From ca01e667a197e5175c903689d67aa79201539608 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:50:15 -0500 Subject: [PATCH 045/374] added more application persistence configurations --- modules/home-manager-modules/programs/obsidian.nix | 6 +++++- modules/home-manager-modules/programs/prostudiomasters.nix | 6 +++++- modules/home-manager-modules/programs/protonvpn.nix | 7 ++++++- modules/home-manager-modules/programs/qbittorrent.nix | 6 +++++- modules/home-manager-modules/programs/signal.nix | 6 +++++- 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 9dd9299..d2d9c77 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -7,7 +7,11 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for obsidian + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/obsidian" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 4481f5b..372cfc6 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for prostudiomasters + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/ProStudioMasters" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 1ddedc7..9a0ee65 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for protonvpn + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/protonvpn" + ".config/Proton" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 1e98c3e..5d22c89 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for qbittorrent + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/qBittorrent" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 4eb0f37..d75b8a6 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for signal + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/Signal" + ]; + }; } ) ]); From 28ac8a4fa46b5a50f3cfb115fd0af84ff8a636ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:54:47 -0500 Subject: [PATCH 046/374] fixed home directory starts --- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 13e28c9..0e3ebdf 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/Anki2" + ".local/share/Anki2" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 0265488..117e302 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/Bitwarden" + ".config/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 3323e5b..20b0ce6 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/bruno/" + ".config/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index c26cd5e..3d6e9db 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/calibre" + ".config/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f4edf12..8f2768e 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - "~/.config/JetBrains/" + ".config/JetBrains/" # plugins - "~/.local/share/JetBrains/" + ".local/share/JetBrains/" # System and Logs - "~/.cache/JetBrains/" + ".cache/JetBrains/" ]; }; } From 8c4bd4291ddd893ad2cd07a84d551ffd3d67c0f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 21:00:04 -0500 Subject: [PATCH 047/374] updated paths to be based on xdg configurations --- configurations/home-manager/leyla/default.nix | 8 ++++++-- configurations/home-manager/leyla/impermanence.nix | 5 +++-- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- modules/home-manager-modules/programs/obsidian.nix | 2 +- .../home-manager-modules/programs/prostudiomasters.nix | 2 +- modules/home-manager-modules/programs/protonvpn.nix | 4 ++-- modules/home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- 14 files changed, 24 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index d7cecc4..49abfe1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,8 @@ -{osConfig, ...}: { +{ + config, + osConfig, + ... +}: { imports = [ ./packages ./i18n.nix @@ -35,7 +39,7 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; - ".config/user-dirs.dirs" = { + "${config.xdg.configHome}/user-dirs.dirs" = { force = true; text = '' # This file is written by xdg-user-dirs-update diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 29936b5..ceab775 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, ... }: { @@ -10,13 +11,13 @@ "downloads" "documents" { - directory = ".local/share/Steam"; + directory = "${config.xdg.dataHome}/Steam"; method = "symlink"; } ]; files = [ ".bash_history" # keep shell history around - ".local/share/recently-used.xbel" # gnome recently viewed files + "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 0e3ebdf..083d205 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".local/share/Anki2" + "${config.xdg.dataHome}/Anki2/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 117e302..b9b91c4 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Bitwarden" + "${config.xdg.configHome}/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 20b0ce6..00b248f 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/bruno/" + "${config.xdg.configHome}/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 3d6e9db..9e5f34e 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/calibre" + "${config.xdg.configHome}/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 26dcc52..a962459 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/DBeaverData/" + "${config.xdg.dataHome}/DBeaverData/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a7cbb5f..e8605a5 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/discord/" + "${config.xdg.configHome}/discord/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 8f2768e..f0a928c 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - ".config/JetBrains/" + "${config.xdg.configHome}/JetBrains/" # plugins - ".local/share/JetBrains/" + "${config.xdg.dataHome}/JetBrains/" # System and Logs - ".cache/JetBrains/" + "${config.xdg.cacheHome}/JetBrains/" ]; }; } diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index d2d9c77..4d28b3e 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -9,7 +9,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/obsidian" + "${config.xdg.configHome}/obsidian" ]; }; } diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 372cfc6..9e6088f 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/ProStudioMasters" + "${config.xdg.configHome}/ProStudioMasters" ]; }; } diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 9a0ee65..dd11aae 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -19,8 +19,8 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/protonvpn" - ".config/Proton" + "${config.xdg.configHome}/protonvpn" + "${config.xdg.configHome}/Proton" ]; }; } diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 5d22c89..02e23df 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/qBittorrent" + "${config.xdg.configHome}/qBittorrent" ]; }; } diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index d75b8a6..fdf0af9 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Signal" + "${config.xdg.configHome}/Signal" ]; }; } From fc294686bac331f7311fbb7987e58c5550eccad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 22:57:14 -0500 Subject: [PATCH 048/374] added steam impermanence config --- .../home-manager/leyla/impermanence.nix | 4 --- .../home-manager-modules/programs/steam.nix | 30 +++++++++++++++---- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ceab775..041bff8 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,10 +10,6 @@ "desktop" "downloads" "documents" - { - directory = "${config.xdg.dataHome}/Steam"; - method = "symlink"; - } ]; files = [ ".bash_history" # keep shell history around diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 551cb5d..4661151 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,18 +2,36 @@ lib, pkgs, config, + osConfig, ... }: { options.programs.steam = { enable = lib.mkEnableOption "enable steam"; }; - config = lib.mkIf config.programs.steam.enable { - home.packages = with pkgs; [ - steam - steam.run - ]; - }; + config = lib.mkIf config.programs.steam.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + steam + steam.run + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = "${config.xdg.dataHome}/Steam"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); # TODO: bind impermanence config } From 6c7b40e10e0c2181018b05e089b7d18fb6216a1d Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:40:13 +0000 Subject: [PATCH 049/374] fixed eve not importing packages.nix --- configurations/home-manager/eve/default.nix | 6 +++--- configurations/home-manager/eve/packages.nix | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ab0c59..52a70a6 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,9 +1,9 @@ {osConfig, ...}: let userConfig = osConfig.host.users.eve; in { - nixpkgs.config = { - allowUnfree = true; - }; + imports = [ + ./packages.nix + ]; home = { username = userConfig.name; diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 30fc361..6edfa37 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -8,6 +8,10 @@ userConfig = osConfig.host.users.eve; in { config = { + nixpkgs.config = { + allowUnfree = true; + }; + # Packages that can be installed without any extra configuration # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( From 98a1d1da6098a5517b2361fb9e4899f59f1c0534 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:53:30 +0000 Subject: [PATCH 050/374] added piper for user eve --- configurations/home-manager/eve/packages.nix | 2 ++ configurations/nixos/emergent/configuration.nix | 3 +++ 2 files changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6edfa37..c6e38f9 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -6,6 +6,7 @@ ... }: let userConfig = osConfig.host.users.eve; + hardware = osConfig.host.hardware; in { config = { nixpkgs.config = { @@ -17,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c75c162..c42c97e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -49,6 +49,9 @@ isPrincipleUser = true; }; }; + hardware = { + piperMouse.enable = true; + }; storage = { enable = true; From b3918c8105074b741c995cab63e0cf84c487405d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 5 Jun 2025 14:04:52 -0500 Subject: [PATCH 051/374] added dconf-editor to devShell --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index 7896d60..71acc37 100644 --- a/flake.nix +++ b/flake.nix @@ -150,6 +150,8 @@ nixos-anywhere # for updating disko configurations disko + # for viewing dconf entries + dconf-editor ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From 616baf3baf19dccbf2d484ff17e3f0fdbc325f3a Mon Sep 17 00:00:00 2001 From: Eve Date: Fri, 6 Jun 2025 03:46:45 +0000 Subject: [PATCH 052/374] disabled wayland in theory --- configurations/nixos/emergent/nvidia-drivers.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fd569b3..fb66cf6 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -10,7 +10,14 @@ }; # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; + # Use X instead of wayland + displayManager.gdm.wayland = false; + }; hardware.nvidia = { # Modesetting is required. From 95e500593e898aa8e581243dec4ca79449f916ff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Jun 2025 11:48:18 -0500 Subject: [PATCH 053/374] enabled wacom on emergent --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c6e38f9..0e82959 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + krita (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c42c97e..90aecab 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -36,6 +36,11 @@ # Enable the X11 windowing system. services.xserver.enable = true; + # Enable wacom touchscreen device + services.xserver.wacom.enable = true; + + # installed opentabletdriver + hardware.opentabletdriver.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; From 1e0eda06b60e57de81ed566630ee3b7a881fa79b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 19:52:25 -0500 Subject: [PATCH 054/374] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 8f194cf..2de3ea1 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -38,7 +38,7 @@ group = config.services.ollama.group; } { - directory = "/var/lib/private/ollama"; + directory = "/var/lib/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 0476afb47195c0aa83a43ad3df8358d438e37e98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 20:07:39 -0500 Subject: [PATCH 055/374] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 2de3ea1..9507190 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,9 +36,11 @@ directory = config.services.ollama.models; user = config.services.ollama.user; group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; } { - directory = "/var/lib/ollama"; + directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 52a1d97fd484e19a7971289505dd2b44d78b7ee6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:36:29 -0500 Subject: [PATCH 056/374] drafted out entangled worlds mod --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 636f746..f5f5ca0 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc37..651a210 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5..1fab060 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee24..71431d9 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 0000000..322ce41 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From dbad92ac7522e8cecbc02f5b928f550364af118c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:39:07 -0500 Subject: [PATCH 057/374] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f5f5ca0..074fef7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1749701004, + "narHash": "sha256-KeZvDN/OgLsxf6y8jnyNuj3XvnPuBI3i58a4lcElddc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "f70d23962d858c8996558ff30e3f0af205fe0f3a", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1749657191, + "narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1749194393, + "narHash": "sha256-vt6hM9DNywnXXuW1qPDLzECmbDcmxhh58wpb0EEQjAo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "19346808c445f23b08652971be198b9df6c33edc", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1749693852, + "narHash": "sha256-ERtalZOvXvhb/ZWrjOGgUVkULUZ197n//cnJz436G6M=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "8219bf5f17f590d277ec7054b657b1370c7b7fc0", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { From a482a3bfce98eb3eac7c6ca7d00c64f79d16a71a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:08:42 -0500 Subject: [PATCH 058/374] updated flake.lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 48 +++++++++---------- rebuild.sh | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b7..4f900c6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = true; + enable = false; exposePort = true; loadModels = [ diff --git a/flake.lock b/flake.lock index 636f746..0e2a189 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1750305825, + "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1750325256, + "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1750298804, + "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 45dae64..32fd303 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 4aa9778a72791b67d215d69f7d67208014230655 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:13:21 -0500 Subject: [PATCH 059/374] merged with main --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 0e2a189..8b181d0 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc37..651a210 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5..1fab060 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee24..71431d9 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 0000000..322ce41 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From 317ca751190fa033e08d5bb11c5981fd84bd21ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 05:59:34 -0500 Subject: [PATCH 060/374] fixed environment.gnome.excludePackages --- modules/nixos-modules/desktop.nix | 39 +++++++++++++++---------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 323b7cc..371e262 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -11,6 +11,25 @@ host.desktop.enable = lib.mkDefault true; } (lib.mkIf config.host.desktop.enable { + environment.gnome.excludePackages = with pkgs; [ + xterm # default terminal + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + gnome-tour # welcome tour + ]; services = { # Enable CUPS to print documents. printing.enable = true; @@ -21,24 +40,6 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = with pkgs; [ - xterm - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - geary # email reader - gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps - hitori # sudoku game - iagno # go game - tali # poker game - yelp # help viewer - ]; }; # Enable the GNOME Desktop Environment. @@ -68,8 +69,6 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; - # disable welcome tour - environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From 173b1e3050e8ae82703843efef918ad2584acec5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:01:53 -0500 Subject: [PATCH 061/374] added comments to excluded packages --- modules/nixos-modules/desktop.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 371e262..d128f9b 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,17 +18,16 @@ epiphany # web browser geary # email reader gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps + gnome-characters # character set viewer + gnome-music # music player + gnome-photos # photo viewer + gnome-logs # log viwer + gnome-maps # map viewer + gnome-tour # welcome tour hitori # sudoku game iagno # go game tali # poker game yelp # help viewer - gnome-tour # welcome tour ]; services = { # Enable CUPS to print documents. From 9daa44c873eb833f655fd0cb1367659958ef9c5e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:09:58 -0500 Subject: [PATCH 062/374] added baobab to excluded packages --- modules/nixos-modules/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d128f9b..900aacf 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,6 +18,7 @@ epiphany # web browser geary # email reader gedit # text editor + decibels # audio player gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer From 025eaa935a3fe46ad594bed1c24d00c2c22fce23 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 18:48:59 -0500 Subject: [PATCH 063/374] enabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/ollama.nix | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 4f900c6..0b9d1b7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = false; + enable = true; exposePort = true; loadModels = [ diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 9507190..a29a9aa 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,23 +28,19 @@ }; })) (lib.mkIf config.host.impermanence.enable { + # TODO: move this somewhere common + systemd.tmpfiles.rules = [ + "d /var/lib/private 0700 root root" + ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - defaultPerms.mode = "0700"; - } { directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; - defaultPerms.mode = "0700"; } ]; }; From b7cfcfef7db3553009d355ea74eccf18f3b7a784 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 20:10:25 -0500 Subject: [PATCH 064/374] limit zfs arc to 50gb --- configurations/nixos/defiant/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b7..7d9c6d8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -192,6 +192,9 @@ }; }; + # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory + boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + services = { # TODO: move zfs scrubbing into module zfs = { @@ -215,6 +218,8 @@ enable = true; exposePort = true; + acceleration = false; + loadModels = [ # conversation models "llama3.1:8b" From b5d292f20e92fa5fd0793b5771066c553049cd9b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 21:03:23 -0500 Subject: [PATCH 065/374] made horizon use models from defiant --- configurations/nixos/horizon/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f72b264..42dcbb9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -42,43 +42,43 @@ enable = true; models = { "Llama 3.1 8B" = { - model = "lamma3.1:8b"; + model = "llama3.1:8b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:6.7B" = { model = "deepseek-coder:6.7b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:33B" = { model = "deepseek-coder:33b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:8B" = { model = "deepseek-r1:8b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:32B" = { model = "deepseek-r1:32b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; roles = ["autocomplete"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; roles = ["embed"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; }; }; From 5c4e677fe880ab2325e223a783498bc5c1b5a5ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:40:03 -0500 Subject: [PATCH 066/374] added gdx-liftoff package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/gdx-liftoff.nix | 45 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/common-modules/pkgs/gdx-liftoff.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 4acfaf1..bbd8152 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -95,6 +95,8 @@ in { pdfarranger picard + gdx-liftoff + # proprietary platforms (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 71431d9..e955354 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -16,5 +16,8 @@ (final: prev: { noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; }) + (final: prev: { + gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix new file mode 100644 index 0000000..c292544 --- /dev/null +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -0,0 +1,45 @@ +{ + udev, + stdenv, + fetchurl, + makeWrapper, + jre_headless, + lib, + xorg, + libGL, + ... +}: +stdenv.mkDerivation rec { + pname = "gdx-liftoff"; + version = "1.13.5.1"; + + src = fetchurl { + url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar"; + hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA="; + }; + + dontUnpack = true; + + nativeBuildInputs = [makeWrapper]; + + runtimeDependencies = lib.makeLibraryPath [ + # glfw + libGL + xorg.libX11 + xorg.libXcursor + xorg.libXext + xorg.libXrandr + xorg.libXxf86vm + ]; + + installPhase = '' + runHook preInstall + + install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar + + makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ + ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} + runHook postInstall + ''; +} From b4755365bad4276bbf5236ab843496037e7dbc08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:42:07 -0500 Subject: [PATCH 067/374] removed unused param --- modules/common-modules/pkgs/gdx-liftoff.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index c292544..3df7be8 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -1,5 +1,4 @@ { - udev, stdenv, fetchurl, makeWrapper, From fb757e9d1c83f254bd072a71ecd35f18b0acc882 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 17:01:25 -0500 Subject: [PATCH 068/374] switched to JDK for gdx --- modules/common-modules/pkgs/gdx-liftoff.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index 3df7be8..d2e9424 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -2,7 +2,7 @@ stdenv, fetchurl, makeWrapper, - jre_headless, + jdk, lib, xorg, libGL, @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar - makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \ --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} runHook postInstall From 5ac103230a79d63616781280e4ca9524f44cb9c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Jun 2025 10:53:51 -0500 Subject: [PATCH 069/374] updated flake lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 8b181d0..2d00dff 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1750680230, + "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750305825, - "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", + "lastModified": 1750737804, + "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", + "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750304462, - "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", + "lastModified": 1750730235, + "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", "owner": "nix-community", "repo": "home-manager", - "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", + "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750325256, - "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750298804, - "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", + "lastModified": 1750730765, + "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", + "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { From 117b30f8557a62b3eea15a8ea51990ff3ca87bcc Mon Sep 17 00:00:00 2001 From: Eve Date: Tue, 24 Jun 2025 21:43:43 -0500 Subject: [PATCH 070/374] created module to add dconf changes. tried to add dash-to-panel in this module, unsure if it worked --- configurations/home-manager/eve/default.nix | 1 + configurations/home-manager/eve/gnomeconf.nix | 12 ++++++++++++ configurations/home-manager/eve/packages.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 configurations/home-manager/eve/gnomeconf.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 52a70a6..192c980 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -3,6 +3,7 @@ in { imports = [ ./packages.nix + ./gnomeconf.nix ]; home = { diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix new file mode 100644 index 0000000..fbad391 --- /dev/null +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/shell".enabled-extensions = [ + pkgs.gnomeExtensions.dash-to-panel.extensionUuid + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 0e82959..295597a 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ ungoogled-chromium krita + gnomeExtensions.dash-to-panel (lib.mkIf hardware.piperMouse.enable piper) ] ); From 4825c5ec5ed5287f208dab10e109037a30d66b81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 13:32:07 -0500 Subject: [PATCH 071/374] made common configuration place for gnome extensions --- configurations/home-manager/leyla/dconf.nix | 20 +++++---------- .../home-manager/leyla/packages/default.nix | 2 -- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/gnome.nix | 25 +++++++++++++++++++ 4 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/gnome.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 5818641..08fd36f 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,5 +1,11 @@ {pkgs, ...}: { config = { + gnome = { + extensions = [ + pkgs.gnomeExtensions.dash-to-dock + ]; + }; + dconf = { enable = true; settings = { @@ -7,20 +13,6 @@ "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bbd8152..63f9661 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -69,8 +69,6 @@ in { (with pkgs; [ aileron - gnomeExtensions.dash-to-dock - proxmark3 ]) ++ ( diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 73876f4..f83f143 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -7,6 +7,7 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./gnome.nix ./programs ]; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix new file mode 100644 index 0000000..a8503e8 --- /dev/null +++ b/modules/home-manager-modules/gnome.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: { + options.gnome = { + extensions = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = "The set of extensions to install and enable in the user environment."; + }; + }; + + config = { + home.packages = config.gnome.extensions; + dconf = { + settings = { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + }; + }; + }; +} From 7c61f8617b19cd6f730b2200819815ca214ec34d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 14:30:12 -0500 Subject: [PATCH 072/374] created hotkey generator --- configurations/home-manager/leyla/dconf.nix | 12 +++---- modules/home-manager-modules/gnome.nix | 40 +++++++++++++++++---- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 08fd36f..847977d 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,12 @@ extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; + hotkeys = { + "Open Terminal" = { + binding = "t"; + command = "kgx"; + }; + }; }; dconf = { @@ -27,12 +33,6 @@ ]; }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index a8503e8..531ad86 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -9,17 +9,45 @@ default = []; description = "The set of extensions to install and enable in the user environment."; }; + hotkeys = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + binding = lib.mkOption { + type = lib.types.str; + }; + command = lib.mkOption { + type = lib.types.str; + }; + }; + })); + default = {}; + }; }; config = { home.packages = config.gnome.extensions; dconf = { - settings = { - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; - }; - }; + settings = lib.mkMerge [ + { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + } + ( + builtins.listToAttrs ( + lib.lists.imap0 ( + i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + ) + (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + ) + ) + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + ]; }; }; } From f8aa299e16fc02bea2f7a4b1f0584ce2b67540ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:27:18 -0500 Subject: [PATCH 073/374] fixed hotkey config --- configurations/home-manager/leyla/dconf.nix | 6 ----- modules/home-manager-modules/gnome.nix | 30 ++++++++++++++++++--- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 847977d..0e4a6a7 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -27,12 +27,6 @@ "show-mounts" = false; }; - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 531ad86..ace1da7 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -12,6 +12,10 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + name = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9_-]+"; + default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + }; binding = lib.mkOption { type = lib.types.str; }; @@ -35,13 +39,31 @@ }; } ( - builtins.listToAttrs ( - lib.lists.imap0 ( - i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + lib.mkMerge ( + builtins.map (value: let + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + in { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "${entry}/" + ]; + }; + + ${entry} = value; + }) + ( + lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) - (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) ) ) + # ( + # builtins.listToAttrs ( + # lib.lists.imap0 ( + # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + # ) + # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + # ) + # ) # "org/gnome/settings-daemon/plugins/media-keys" = { # custom-keybindings = [ # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" From b3f992f0010578fd53477416ce619ec788c382b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:42:37 -0500 Subject: [PATCH 074/374] added more options to gnome.nix --- configurations/home-manager/leyla/dconf.nix | 7 ++-- modules/home-manager-modules/gnome.nix | 36 +++++++++++++++++++++ rebuild.sh | 2 +- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 0e4a6a7..ef75db6 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,6 +1,9 @@ {pkgs, ...}: { config = { gnome = { + extraWindowControls = true; + colorScheme = "prefer-dark"; + clockFormat = "24h"; extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; @@ -15,10 +18,6 @@ dconf = { enable = true; settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ace1da7..6a01b2b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -4,6 +4,36 @@ ... }: { options.gnome = { + extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; + clockFormat = lib.mkOption { + type = lib.types.enum [ + "12h" + "24h" + ]; + default = "24h"; + }; + colorScheme = lib.mkOption { + type = lib.types.enum [ + "default" + "prefer-dark" + "prefer-light" + ]; + default = "default"; + }; + accentColor = lib.mkOption { + type = lib.types.enum [ + "blue" + "teal" + "green" + "yellow" + "orange" + "red" + "pink" + "purple" + "slate" + ]; + default = "blue"; + }; extensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; @@ -37,6 +67,12 @@ disable-user-extensions = false; # enables user extensions enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; }; + + "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; + + "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; + "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; + "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; } ( lib.mkMerge ( diff --git a/rebuild.sh b/rebuild.sh index 32fd303..37b6e10 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" +command="nixos-rebuild $mode --sudo --flake .#$flake" if [[ $host ]]; then From 4c0c443048dd178eebe0331c3c07d5a1344a5024 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 18:35:51 -0500 Subject: [PATCH 075/374] fixed hotkeys --- modules/home-manager-modules/gnome.nix | 37 +++++++++++--------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 6a01b2b..8c70cf6 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -42,9 +42,13 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + key = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9-]+"; + default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name; + }; name = lib.mkOption { - type = lib.types.strMatching "[a-zA-Z0-9_-]+"; - default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + type = lib.types.str; + default = name; }; binding = lib.mkOption { type = lib.types.str; @@ -77,34 +81,25 @@ ( lib.mkMerge ( builtins.map (value: let - entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}"; in { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "${entry}/" - ]; + ${entry} = { + binding = value.binding; + command = value.command; + name = value.name; }; - ${entry} = value; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/${entry}/" + ]; + }; }) ( lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) ) ) - # ( - # builtins.listToAttrs ( - # lib.lists.imap0 ( - # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value - # ) - # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) - # ) - # ) - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; ]; }; }; From b6ce78b35ceaf833278e2c44e4ada85e356e33d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Jun 2025 10:33:59 -0500 Subject: [PATCH 076/374] updated nix flake --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2d00dff..0bea92a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750680230, - "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", + "lastModified": 1750903843, + "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", "owner": "nix-community", "repo": "disko", - "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", + "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750737804, - "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "lastModified": 1751083400, + "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "rev": "e805fa9d7c2968712896f71684540dac21449744", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750973805, + "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750730765, - "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", + "lastModified": 1751076164, + "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", + "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { From 4db136d5271d93d680995a5e44406fcc3b47223e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Jun 2025 22:37:38 -0500 Subject: [PATCH 077/374] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- rebuild.sh | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 0bea92a..7bb221c 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751083400, - "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e805fa9d7c2968712896f71684540dac21449744", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750973805, - "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", + "lastModified": 1751336185, + "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", "owner": "nix-community", "repo": "home-manager", - "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", + "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751076164, - "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", + "lastModified": 1751336244, + "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", + "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 37b6e10..36a1201 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --sudo --flake .#$flake" +command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 43ce00703399eea337bceae14fcb2b9586868cb2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:01:28 -0500 Subject: [PATCH 078/374] moved impermanence config for var lib private into impermanence module --- modules/nixos-modules/impermanence.nix | 12 ++++++++++++ modules/nixos-modules/ollama.nix | 4 ---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 2f38cd3..7735e97 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,18 @@ } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + programs.fuse.userAllowOther = true; boot.initrd.postResumeCommands = lib.mkAfter '' diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index a29a9aa..99819bf 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,10 +28,6 @@ }; })) (lib.mkIf config.host.impermanence.enable { - # TODO: move this somewhere common - systemd.tmpfiles.rules = [ - "d /var/lib/private 0700 root root" - ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 84dfcfddbd8ec7f8e81643675f0b6c56dfff40f6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:18:00 -0500 Subject: [PATCH 079/374] updated flake lock --- flake.lock | 36 +++++++++---------- .../home-manager-modules/programs/anki.nix | 28 ++++----------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7bb221c..ee4ebda 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1751688200, + "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751336185, - "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", + "lastModified": 1751690735, + "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", "owner": "nix-community", "repo": "home-manager", - "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", + "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751336244, - "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", + "lastModified": 1751681058, + "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", + "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 083d205..c2f93ea 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,29 +1,15 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.anki = { - enable = lib.mkEnableOption "enable anki"; - }; - - config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - anki + config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/Anki2/" ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - } - ) - ]); + allowOther = true; + }; + }; } From 56ef83b4ba8acdfd6f456089b1dc4007123eece7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 17:01:37 -0500 Subject: [PATCH 080/374] updated flake lock and fixed vscode extensions --- .../leyla/packages/vscode/default.nix | 25 +++++-------- flake.lock | 36 +++++++++---------- modules/common-modules/overlays/default.nix | 1 + 3 files changed, 27 insertions(+), 35 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c21e01d..74673a0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -1,7 +1,6 @@ { lib, pkgs, - inputs, config, osConfig, ... @@ -10,22 +9,12 @@ ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - programs = { bash.shellAliases = { code = "codium"; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { + vscode = { package = pkgs.vscodium; mutableExtensionsDir = false; @@ -57,12 +46,12 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; + # "continue.telemetryEnabled" = false; }) ]; extensions = ( - with open-vsx; + with pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -80,7 +69,7 @@ in { dsznajder.es7-react-js-snippets dbaeumer.vscode-eslint standard.vscode-standard - firsttris.vscode-jest-runner + orta.vscode-jest stylelint.vscode-stylelint tauri-apps.tauri-vscode @@ -101,13 +90,15 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; + with pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue + # continue.continue + github.copilot + github.copilot-chat ]) ) ); diff --git a/flake.lock b/flake.lock index ee4ebda..a60584d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1751607816, - "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", "owner": "nix-community", "repo": "disko", - "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751688200, - "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", + "lastModified": 1752269946, + "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", + "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751690735, - "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", + "lastModified": 1752265577, + "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", + "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751681058, - "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", + "lastModified": 1752200230, + "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", + "rev": "3c866dfb70d282247452742098d315b97df713d2", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1751432711, - "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 1fab060..465e83f 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,6 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.steam-fetcher.overlays.default + inputs.nix-vscode-extensions.overlays.default ]; } From 9650c7335a268ab29dd530c870197615a45215d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:02:05 -0500 Subject: [PATCH 081/374] installed copilot for vscode --- .../home-manager/leyla/packages/vscode/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 74673a0..8a5e15e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,8 +50,10 @@ in { }) ]; - extensions = ( - with pkgs.open-vsx; + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -90,7 +92,7 @@ in { kamadorueda.alejandra ]) ++ ( - with pkgs.vscode-marketplace; + with extension-pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley @@ -98,7 +100,7 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ # continue.continue github.copilot - github.copilot-chat + # github.copilot-chat ]) ) ); From c863b8c4b5a7180d743937710063d8457c4114a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:08:06 -0500 Subject: [PATCH 082/374] removed copilot --- .../home-manager/leyla/packages/vscode/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8a5e15e..696f770 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - # "continue.telemetryEnabled" = false; + "continue.telemetryEnabled" = false; }) ]; @@ -98,9 +98,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - # continue.continue - github.copilot - # github.copilot-chat + continue.continue ]) ) ); From 1d7e0d11f04524827ada4515f49f8447c22c0f16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 11:53:53 -0500 Subject: [PATCH 083/374] removed continue vscode plugin --- configurations/home-manager/leyla/default.nix | 26 ------- .../leyla/packages/vscode/default.nix | 8 +- modules/home-manager-modules/continue.nix | 73 ------------------- modules/home-manager-modules/default.nix | 1 - 4 files changed, 3 insertions(+), 105 deletions(-) delete mode 100644 modules/home-manager-modules/continue.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 49abfe1..538eab8 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -82,31 +82,5 @@ # EDITOR = "emacs"; }; }; - - user = { - continue = { - enable = true; - docs = { - "Continue Docs" = { - startUrl = "https://docs.continue.dev"; - }; - "Nixpkgs" = { - startUrl = "https://ryantm.github.io/nixpkgs/#preface"; - }; - "Nix Manual" = { - startUrl = "https://nixos.org/manual/nixos/stable/"; - }; - "Home manager Manual" = { - startUrl = "https://nix-community.github.io/home-manager/"; - }; - "Nix Docs" = { - startUrl = "https://nix.dev/index.html"; - }; - "Linux Man Page" = { - startUrl = "https://linux.die.net/man/"; - }; - }; - }; - }; }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 696f770..89ee876 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -6,7 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + ai-tooling-enabled = osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { programs = { @@ -46,8 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) + }) ]; extensions = let @@ -98,8 +97,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) + ]) ) ); }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix deleted file mode 100644 index 20ec52b..0000000 --- a/modules/home-manager-modules/continue.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; -in { - options.user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; - }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; - }; - }; - }; - - config = - lib.mkIf ai-tooling-enabled - (lib.mkMerge [ - { - home = { - file = { - ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { - name = "Assistant"; - version = "1.0.0"; - schema = "v1"; - models = lib.attrsets.attrValues osConfig.host.ai.models; - context = lib.attrsets.attrValues config.user.continue.context; - docs = lib.attrsets.attrValues config.user.continue.docs; - }; - }; - }; - } - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".continue/index" - ".continue/sessions" - ]; - allowOther = true; - }; - }) - ]); -} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index f83f143..4c085a5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,7 +6,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./continue.nix ./gnome.nix ./programs ]; From 3ce9b625d1630bccef9cf89fe70a0f0c29e21063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:00:59 -0500 Subject: [PATCH 084/374] fixed home assistant --- .../nixos/defiant/configuration.nix | 9 +- modules/nixos-modules/server/adguardhome.nix | 2 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 220 +++++++++--------- modules/nixos-modules/server/podman.nix | 2 +- .../server/virt-home-assistant.nix | 155 ------------ 6 files changed, 122 insertions(+), 268 deletions(-) delete mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7d9c6d8..9824e56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -282,10 +282,11 @@ subdomain = "search"; }; - virt-home-assistant = { - enable = false; - networkBridge = "bond0"; - hostDevice = "0x10c4:0xea60"; + home-assistant = { + enable = true; + subdomain = "home"; + openFirewall = true; + database = "postgres"; }; qbittorrent = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix index 866ad8a..abd1254 100644 --- a/modules/nixos-modules/server/adguardhome.nix +++ b/modules/nixos-modules/server/adguardhome.nix @@ -6,7 +6,7 @@ dnsPort = 53; in { options.host.adguardhome = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; directory = lib.mkOption { type = lib.types.str; default = "/var/lib/AdGuardHome/"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7beee8b..83a0830 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./virt-home-assistant.nix + ./home-assistant.nix ./adguardhome.nix ./immich.nix ./qbittorent.nix diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index a90bd6d..7497995 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,130 +1,138 @@ { lib, config, - inputs, ... }: let configDir = "/var/lib/hass"; + dbUser = "hass"; in { - options.host.home-assistant = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + options.services.home-assistant = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that home-assistant will be hosted at"; default = "home-assistant"; }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; }; - config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - virtualisation.libvirt = { - swtpm.enable = true; - connections."qemu:///session" = { - networks = [ - { - definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge - { - uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; - subnet_byte = 71; - }); - active = true; - } - ]; - domains = [ - { - definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux - { - name = "Home Assistant"; - uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; - memory = { - count = 4; - unit = "GiB"; - }; - # storage_vol = { - # pool = "MyPool"; - # volume = "Penguin.qcow2"; - # }; - }); - } - ]; + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; }; }; - # systemd.tmpfiles.rules = [ - # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - # ]; - # services.home-assistant = { - # enable = true; - # configDir = configDir; - # extraComponents = [ - # "met" - # "radio_browser" - # "isal" - # "zha" - # "jellyfin" - # "webostv" - # "tailscale" - # "syncthing" - # "sonos" - # "analytics_insights" - # "unifi" - # "openweathermap" - # ]; - # config = { - # http = { - # server_port = 8082; - # use_x_forwarded_for = true; - # trusted_proxies = ["127.0.0.1" "::1"]; - # ip_ban_enabled = true; - # login_attempts_threshold = 10; - # }; - # # recorder.db_url = "postgresql://@/${db_user}"; - # "automation manual" = []; - # "automation ui" = "!include automations.yaml"; - # }; - # extraPackages = python3Packages: - # with python3Packages; [ - # hassil - # numpy - # gtts - # ]; - # }; - # host = { - # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + services.home-assistant = { + configDir = configDir; + extraComponents = [ + "met" + "radio_browser" + "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + recorder.db_url = "postgresql://@/${dbUser}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; } + (lib.mkIf (config.services.home-assistant.database == "postgres") { + host = { + postgres = { + enable = true; + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.home-assistant.configDir == configDir; - # message = "home assistant config directory does not match persistence"; - # } - # ]; - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # { - # directory = configDir; - # user = "hass"; - # group = "hass"; - # } - # ]; - # }; + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; }) ]); } diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index e806e65..9301140 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -4,7 +4,7 @@ ... }: { options.host.podman = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should podman be enabled on this computer"; macvlan = { subnet = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix deleted file mode 100644 index 4212668..0000000 --- a/modules/nixos-modules/server/virt-home-assistant.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - options.services.virt-home-assistant = { - enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; - networkBridge = lib.mkOption { - type = lib.types.str; - description = "what network bridge should we attach to the image"; - }; - hostDevice = lib.mkOption { - type = lib.types.str; - description = "what host devices should be attached to the image"; - }; - initialVersion = lib.mkOption { - type = lib.types.str; - description = "what home assistant image version should we pull for initial instal"; - default = "15.0"; - }; - imageName = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "home-assistant.qcow2"; - }; - installLocation = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "/etc/hass"; - }; - virtualMachineName = lib.mkOption { - type = lib.types.str; - description = "what name should we give the virtual machine"; - default = "home-assistant"; - }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - }; - config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ - { - # environment.systemPackages = with pkgs; [ - # virt-manager - # ]; - - # TODO: move this to external module and just have an assertion here that its enabled - # enable virtualization on the system - virtualisation = { - libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - }; - - # TODO: deactivation script? - # create service to install and start the container - systemd.services.virt-install-home-assistant = let - # TODO: all of these need to be escaped to be used in commands reliably - bridgedNetwork = config.services.virt-home-assistant.networkBridge; - hostDevice = config.services.virt-home-assistant.hostDevice; - virtualMachineName = config.services.virt-home-assistant.virtualMachineName; - imageName = config.services.virt-home-assistant.imageName; - installLocation = config.services.virt-home-assistant.installLocation; - installImage = "${installLocation}/${imageName}"; - initialVersion = config.services.virt-home-assistant.initialVersion; - - home-assistant-qcow2 = pkgs.fetchurl { - name = "home-assistant.qcow2"; - url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; - hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; - postFetch = '' - cp $out src.xz - rm -r $out - ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} - ''; - }; - - # Write a script to install the Home Assistant OS qcow2 image - virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' - # Copy the initial image out of the package store to the install location if we don't have one yet - if [ ! -f ${installImage} ]; then - cp ${home-assistant-qcow2} ${installLocation} - fi - - # Check if VM already exists, and other pre-conditions - if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then - ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ - --description "Home Assistant OS" \ - --os-variant=generic \ - --boot uefi \ - --ram=2048 \ - --vcpus=2 \ - --import \ - --disk ${installImage},bus=sata \ - --network bridge=${bridgedNetwork} \ - --host-device ${hostDevice} \ - --graphics none - ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} - fi - ''; - in { - description = "Install and start Home Assistant"; - wantedBy = ["multi-user.target"]; - after = ["local-fs.target"]; - requires = ["libvirtd.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig = { - ExecStart = "${virtInstallScript}/bin/virt-install-hass"; - }; - }; - - # TODO: figure out what we need to proxy to the virtual image - # host = { - # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; - } - (lib.mkIf config.services.fail2ban.enable { - # TODO: figure out how to write a config for this, prob based on nginx proxy logs? - }) - (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.virt-home-assistant.installLocation == configDir; - # message = "home assistant install location does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.virt-home-assistant.installLocation; - } - ]; - }; - }) - ]); -} From 644f9371ebfe91fdc535d5b8fad2c8a22e14a994 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:04:44 -0500 Subject: [PATCH 085/374] added home assistant to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index be83e6f..1851e33 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -61,16 +61,16 @@ in { bantime = 600; maxretry = 5; }; - # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - # enabled = true; - # filter = "hass"; - # action = ''iptables-multiport[name=HTTP, port="http,https"]''; - # logpath = "${config.services.home-assistant.configDir}/*.log"; - # backend = "auto"; - # findtime = 600; - # bantime = 600; - # maxretry = 5; - # }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 3631ba11a8ee10f53e222f180f252943ca8e7df4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:06:32 -0500 Subject: [PATCH 086/374] removed unused parts of configuration --- .../nixos/defiant/configuration.nix | 7 -- modules/nixos-modules/server/adguardhome.nix | 72 ------------------- modules/nixos-modules/server/default.nix | 1 - 3 files changed, 80 deletions(-) delete mode 100644 modules/nixos-modules/server/adguardhome.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9824e56..2b221ab 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -109,13 +109,6 @@ }; }; }; - # home-assistant = { - # enable = false; - # subdomain = "home"; - # }; - adguardhome = { - enable = false; - }; }; systemd.network = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix deleted file mode 100644 index abd1254..0000000 --- a/modules/nixos-modules/server/adguardhome.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - config, - ... -}: let - dnsPort = 53; -in { - options.host.adguardhome = { - enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/AdGuardHome/"; - }; - }; - config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ - { - services.adguardhome = { - enable = true; - mutableSettings = false; - settings = { - dns = { - bootstrap_dns = [ - "1.1.1.1" - "9.9.9.9" - ]; - upstream_dns = [ - "dns.quad9.net" - ]; - }; - filtering = { - protection_enabled = true; - filtering_enabled = true; - - parental_enabled = false; # Parental control-based DNS requests filtering. - safe_search = { - enabled = false; # Enforcing "Safe search" option for search engines, when possible. - }; - }; - # The following notation uses map - # to not have to manually create {enabled = true; url = "";} for every filter - # This is, however, fully optional - filters = - map (url: { - enabled = true; - url = url; - }) [ - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.adguardhome.directory; - user = "adguardhome"; - group = "adguardhome"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 83a0830..5f63925 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,6 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./adguardhome.nix ./immich.nix ./qbittorent.nix ]; From 9699472b1ecefbfae9033590cc680ef6e2f48d15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:36:02 -0500 Subject: [PATCH 087/374] update readme --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bc31eca..75ff24c 100644 --- a/README.md +++ b/README.md @@ -66,5 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - migrate away from flakes and move to npins - fix nfs -- fix home assistant -- create adguard server \ No newline at end of file +- crab-hole +- nix mcp +- figure out ai vs code plugin +- whisper \ No newline at end of file From 776bf8f7442d212aba194d279a9dbb01e65c156c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 18:25:53 -0500 Subject: [PATCH 088/374] updated readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 75ff24c..d41b7a3 100644 --- a/README.md +++ b/README.md @@ -41,14 +41,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ # Tasks: ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folder passwords - nfs export should be backed by the same values for server and client ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -69,4 +68,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - crab-hole - nix mcp - figure out ai vs code plugin -- whisper \ No newline at end of file +- whisper +- figure out why syncthing and jellyfins permissions don't propagate downwards +- auto turn off on power loss \ No newline at end of file From 035089be385da1ad5e553876992034607b43b88b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 19:14:32 -0500 Subject: [PATCH 089/374] updated README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d41b7a3..e9a0629 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: From b8e21e6c61d5b969ceac78cacbb53d792bf6017c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 22:44:49 -0500 Subject: [PATCH 090/374] organized README.md --- README.md | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index e9a0629..141c2fd 100644 --- a/README.md +++ b/README.md @@ -51,24 +51,23 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - nfs export should be backed by the same values for server and client ## New Features -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- samba mounts +- crab-hole +- figure out why syncthing and jellyfins permissions don't propagate downwards - figure out steam vr things? -- Open GL? -- rotate sops encryption keys periodically (and somehow sync between devices?) +- auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this -- wake on LAN for updates -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- SMART test with email results +- fix nfs +- samba mounts +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- Create Tor guard/relay server +- migrate away from flakes and move to npins +- whisper +- figure out ai vs code plugin +- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results -- Create Tor guard/relay server +- rotate sops encryption keys periodically (and somehow sync between devices?) +- wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- fix nfs -- crab-hole -- nix mcp -- figure out ai vs code plugin -- whisper -- figure out why syncthing and jellyfins permissions don't propagate downwards -- auto turn off on power loss \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file From 0e8a148517cc90cdd3f6c2ac963b010ce7ca958a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 16:10:30 -0500 Subject: [PATCH 091/374] started to break up home-assistant config --- .../nixos/defiant/configuration.nix | 5 ++++ .../nixos-modules/server/home-assistant.nix | 28 +++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2b221ab..6655572 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -280,6 +280,11 @@ subdomain = "home"; openFirewall = true; database = "postgres"; + + extensions = { + sonos.enable = true; + jellyfin.enable = true; + }; }; qbittorrent = { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 7497995..231c2e1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -21,6 +21,20 @@ in { description = "what database do we want to use"; default = "builtin"; }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + }; }; config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ @@ -50,11 +64,9 @@ in { "radio_browser" "isal" "zha" - "jellyfin" "webostv" "tailscale" "syncthing" - "sonos" "analytics_insights" "unifi" "openweathermap" @@ -80,10 +92,22 @@ in { ]; }; + # TODO: configure /var/lib/hass/secrets.yaml via sops + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; } + (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; + }) + (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { From 2e8eba77099804b300597e760389760a446f02a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:22:46 -0500 Subject: [PATCH 092/374] installed wyoming --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 7 +++ modules/nixos-modules/server/wyoming.nix | 50 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/wyoming.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 5f63925..00e506d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,6 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix + ./wyoming.nix ./immich.nix ./qbittorent.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 231c2e1..6eb5682 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -34,6 +34,9 @@ in { jellyfin = { enable = lib.mkEnableOption "enable the jellyfin plugin"; }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; }; }; @@ -108,6 +111,10 @@ in { services.home-assistant.extraComponents = ["jellyfin"]; # TODO: configure port, address, and login information here }) + (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix new file mode 100644 index 0000000..d41a962 --- /dev/null +++ b/modules/nixos-modules/server/wyoming.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; + config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ + { + services.wyoming.piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; + }; + }; + + services.wyoming.faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; + }; + }; + + # needs access to /proc/cpuinfo + systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = "/var/lib/private/wyoming"; + mode = "0700"; + } + ]; + }; + }) + ]); +} From 2188954b79aabbf3835ec9af5f1811d672283ece Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:39:25 -0500 Subject: [PATCH 093/374] installed open wake word --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/wyoming.nix | 49 ++++++++++++------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6655572..3ab557d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; + wyoming.enable = true; }; }; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index d41a962..4894dd4 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -6,29 +6,42 @@ options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ { - services.wyoming.piper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py - voice = "en-us-amy-low"; - uri = "tcp://0.0.0.0:10200"; - speaker = 0; + services.wyoming = { + # Text to speech + piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; }; }; - }; - services.wyoming.faster-whisper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py - model = "tiny-int8"; - language = "en"; - uri = "tcp://0.0.0.0:10300"; - device = "cpu"; + # Speech to text + faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; }; }; + + openwakeword = { + enable = true; + uri = "tcp://0.0.0.0:10400"; + preloadModels = [ + "ok_nabu" + ]; + # TODO: custom models + }; }; # needs access to /proc/cpuinfo From 92839b4603b4a820bac53062226f9abd854d1d2b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 18:30:45 -0500 Subject: [PATCH 094/374] got hass app config closer to working --- modules/nixos-modules/server/home-assistant.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 6eb5682..07dcc03 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -74,6 +74,7 @@ in { "unifi" "openweathermap" "ollama" + "mobile_app" ]; config = { http = { @@ -83,6 +84,10 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + homeassistant = { + external_url = "https://home.jan-leila.com"; + internal_url = "http://192.168.1.2:8123"; + }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; @@ -97,6 +102,10 @@ in { # TODO: configure /var/lib/hass/secrets.yaml via sops + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; From 2fb56dc2967f97512cb09ff198b35c884984e664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 19:00:16 -0500 Subject: [PATCH 095/374] moved home-assistant fail2ban config to its own module --- modules/nixos-modules/server/fail2ban.nix | 24 ------------- .../nixos-modules/server/home-assistant.nix | 34 +++++++++++++++++++ 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 1851e33..d19aeeb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -16,20 +16,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - # [INCLUDES] - # before = common.conf - - # [Definition] - # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - # ignoreregex = - - # [Init] - # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - # '') - # ); }; services.fail2ban = { @@ -61,16 +47,6 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 07dcc03..3e225ff 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -155,6 +156,39 @@ in { ]; }; }) + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { From 1e5eed80c16c5f9049773bae0df4d495544585ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 10:49:04 -0500 Subject: [PATCH 096/374] installed more home assistant components --- modules/nixos-modules/server/home-assistant.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 3e225ff..f91e02e 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -64,6 +64,8 @@ in { services.home-assistant = { configDir = configDir; extraComponents = [ + "default_config" + "esphome" "met" "radio_browser" "isal" @@ -76,6 +78,20 @@ in { "openweathermap" "ollama" "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" ]; config = { http = { @@ -92,6 +108,7 @@ in { recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; + mobile_app = {}; }; extraPackages = python3Packages: with python3Packages; [ From 3a875e0c1f6587530aa4844c84b7939a2c194cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 11:43:45 -0500 Subject: [PATCH 097/374] drafted out paperless config --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 4 +- modules/nixos-modules/server/paperless.nix | 80 +++++++++++++++++++ modules/nixos-modules/users.nix | 15 ++++ 5 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/paperless.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ab557d..0d6173c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -288,6 +288,11 @@ }; }; + paperless = { + enable = false; + subdomain = "documents"; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 00e506d..95c7096 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,5 +12,6 @@ ./wyoming.nix ./immich.nix ./qbittorent.nix + ./paperless.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index f91e02e..57bedc1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -102,8 +102,8 @@ in { login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://home.jan-leila.com"; - internal_url = "http://192.168.1.2:8123"; + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix new file mode 100644 index 0000000..e49249d --- /dev/null +++ b/modules/nixos-modules/server/paperless.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + }; + }; + }; + }; + services.paperless = { + # TODO: configure passwordFile with sops + configureTika = true; + settings = { + PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: fail2ban config + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 68bd78b..a774e44 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; gids = { @@ -40,6 +41,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isNormalUser = true; group = config.users.users.qbittorrent.name; }; + + paperless = { + uid = lib.mkForce uids.paperless; + isSystemUser = true; + group = config.users.users.paperless.name; + }; }; groups = { @@ -273,6 +281,13 @@ in { leyla ]; }; + + paperless = { + gid = lib.mkForce gids.paperless; + members = [ + users.paperless.name + ]; + }; }; }; } From c8f163ed0c1950ea5f0cd25bef96d3a912f13526 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 19:38:24 -0500 Subject: [PATCH 098/374] fixed paperless --- .../nixos/defiant/configuration.nix | 9 ++++- flake.lock | 26 ++++++------- modules/nixos-modules/server/forgejo.nix | 6 +++ modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/paperless.nix | 38 +++++++++++++++++-- nix-config-secrets | 2 +- 6 files changed, 64 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0d6173c..960e90b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -17,6 +17,12 @@ "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/paperless_password" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + mode = "0700"; + owner = "paperless"; + group = "paperless"; + }; }; host = { @@ -289,8 +295,9 @@ }; paperless = { - enable = false; + enable = true; subdomain = "documents"; + passwordFile = config.sops.secrets."services/paperless_password".path; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index a60584d..a32ae84 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752269946, - "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", + "lastModified": 1752379414, + "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", + "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752265577, - "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752200230, - "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", + "lastModified": 1752459325, + "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3c866dfb70d282247452742098d315b97df713d2", + "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749061163, - "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", + "lastModified": 1752531440, + "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", "ref": "refs/heads/main", - "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", - "revCount": 19, + "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", + "revCount": 20, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 40a5303..7898daa 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -28,6 +28,12 @@ in { extraUsers = { ${db_user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; }; }; }; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a8bbe71..bad04c9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -55,7 +55,7 @@ in { } (lib.mkIf config.services.fail2ban.enable { environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + "fail2ban/filter.d/jellyfin.local".text = ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." @@ -65,7 +65,7 @@ in { services.fail2ban = { jails = { - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + jellyfin-iptables.settings = { enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index e49249d..0243d53 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let dataDir = "/var/lib/paperless"; @@ -24,7 +25,7 @@ in { { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; websockets.enable = true; forwardHeaders.enable = true; @@ -39,15 +40,20 @@ in { extraUsers = { ${config.services.paperless.database.user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; }; }; }; }; services.paperless = { - # TODO: configure passwordFile with sops configureTika = true; settings = { - PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; @@ -57,7 +63,31 @@ in { }; } (lib.mkIf config.services.fail2ban.enable { - # TODO: fail2ban config + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; }) (lib.mkIf config.host.impermanence.enable { assertions = [ diff --git a/nix-config-secrets b/nix-config-secrets index 1c5c059..f016767 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba +Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 From 3f3ae74fac8f7437d4510fa4ca79c9f96743a594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 18 Jul 2025 21:19:18 -0500 Subject: [PATCH 099/374] enabled ollama on horizon --- configurations/nixos/horizon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 42dcbb9..99b6ee9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -126,6 +126,13 @@ }; syncthing.enable = true; + + ollama = { + enable = true; + loadModels = [ + "llama3.1:8b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From 358f0394607843d23f659d6aae633c1c29b1a9ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 21 Jul 2025 19:35:11 -0500 Subject: [PATCH 100/374] created custom vscode extension --- .../leyla/packages/vscode/default.nix | 5 +++ .../pkgs/codium-extensions/ai-code.nix | 42 +++++++++++++++++++ .../pkgs/codium-extensions/default.nix | 3 ++ modules/common-modules/pkgs/default.nix | 3 ++ 4 files changed, 53 insertions(+) create mode 100644 modules/common-modules/pkgs/codium-extensions/ai-code.nix create mode 100644 modules/common-modules/pkgs/codium-extensions/default.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 89ee876..f911104 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -99,6 +99,11 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ ]) ) + ++ ( + with pkgs.codium-extensions; [ + ai-code + ] + ) ); }; }; diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix new file mode 100644 index 0000000..ccd4cb8 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -0,0 +1,42 @@ +{ + buildNpmPackage, + vscode-utils, + pkgs, + ... +}: let + version = "0.0.1"; + pname = "ai-code"; + publisher = "jan-leila"; + vsix = buildNpmPackage { + inherit version pname; + + src = builtins.fetchGit { + url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; + rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + }; + + npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + + nativeBuildInputs = with pkgs; [ + vsce + ]; + + buildPhase = '' + ${pkgs.vsce}/bin/vsce package -o ${pname}.zip + ''; + + installPhase = '' + mkdir -p $out + mv ${pname}.zip $out/${pname}.zip + ''; + }; +in + vscode-utils.buildVscodeExtension { + inherit pname version; + + src = "${vsix}/${pname}.zip"; + + vscodeExtUniqueId = "${publisher}.${pname}"; + vscodeExtPublisher = publisher; + vscodeExtName = pname; + } diff --git a/modules/common-modules/pkgs/codium-extensions/default.nix b/modules/common-modules/pkgs/codium-extensions/default.nix new file mode 100644 index 0000000..a60e8a0 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/default.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + ai-code = pkgs.callPackage ./ai-code.nix {}; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e955354..16f3a3c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -19,5 +19,8 @@ (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) + (final: prev: { + codium-extensions = pkgs.callPackage ./codium-extensions {}; + }) ]; } From e14d1387dc2936c1186fd7186c9f0dcc19f9cce5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:15:58 -0500 Subject: [PATCH 101/374] updated user-words in vscode config --- .../leyla/packages/vscode/default.nix | 104 ++++++++++-------- .../leyla/packages/vscode/user-words.nix | 79 ++++++++++++- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/desktop.nix | 2 +- modules/nixos-modules/users.nix | 16 --- 5 files changed, 133 insertions(+), 70 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f911104..2e20db7 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,6 +8,10 @@ nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = osConfig.host.ai.enable; in { + imports = [ + ./user-words.nix + ]; + config = lib.mkIf config.user.isDesktopUser { programs = { bash.shellAliases = { @@ -26,7 +30,6 @@ in { userSettings = lib.mkMerge [ { "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -52,58 +55,67 @@ in { extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - with extension-pkgs.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + ( + with extension-pkgs.open-vsx; ( + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with extension-pkgs.vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ++ ( - with pkgs.codium-extensions; [ - ai-code + # misc extensions + tamasfe.even-better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ) + ) + ++ ( + with extension-pkgs.vscode-marketplace; ( + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + ]) + ) + ) + ++ ( + with pkgs.codium-extensions; ( + [] + ++ ( + lib.lists.optionals ai-tooling-enabled [ + ai-code + ] + ) + ) + ) ); }; }; diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index b581118..145604a 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,6 +1,73 @@ -[ - "leyla" - "webdav" - "ollama" - "optimise" -] +{...}: { + config.programs.vscode.profiles.default.userSettings = { + "cSpell.userWords" = [ + "leyla" + "ollama" + ]; + "[javascript][typescript]"."cSpell.userWords" = [ + "webdav" + ]; + "[nix]"."cSpell.userWords" = [ + "pname" + "direnv" + "deepseek" + "qwen" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "tmpfiles" + "networkmanager" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "protonmail" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "pulseaudio" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 960e90b..094becb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,7 +201,7 @@ autoSnapshot.enable = true; }; - # temp enable desktop enviroment for setup + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 900aacf..e1882b3 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -22,7 +22,7 @@ gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer - gnome-logs # log viwer + gnome-logs # log viewer gnome-maps # map viewer gnome-tour # welcome tour hitori # sudoku game diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index a774e44..b135367 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,6 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -34,7 +33,6 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -129,12 +127,6 @@ in { group = config.users.users.forgejo.name; }; - adguardhome = { - uid = lib.mkForce uids.adguardhome; - isSystemUser = true; - group = config.users.users.adguardhome.name; - }; - hass = { uid = lib.mkForce uids.hass; isSystemUser = true; @@ -227,14 +219,6 @@ in { ]; }; - adguardhome = { - gid = lib.mkForce gids.adguardhome; - members = [ - users.adguardhome.name - # leyla - ]; - }; - hass = { gid = lib.mkForce gids.hass; members = [ From 1ac0b89935dc11609bbc26b18e016db1bfc7295a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:47:46 -0500 Subject: [PATCH 102/374] fixed cname words --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 --- .../home-manager/leyla/packages/vscode/user-words.nix | 4 ---- 2 files changed, 7 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 2e20db7..228f634 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -44,9 +44,6 @@ in { "editor.formatOnType" = true; }; "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; }) (lib.mkIf ai-tooling-enabled { }) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index 145604a..ca4b1d1 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -3,11 +3,7 @@ "cSpell.userWords" = [ "leyla" "ollama" - ]; - "[javascript][typescript]"."cSpell.userWords" = [ "webdav" - ]; - "[nix]"."cSpell.userWords" = [ "pname" "direnv" "deepseek" From 9b5ccf6cc95ba0bffa542ea0df313846689a9072 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Jul 2025 01:06:50 -0500 Subject: [PATCH 103/374] updated aiCode extension --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 ++- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 228f634..c28861f 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,8 @@ in { "alejandra.program" = "alejandra"; }) (lib.mkIf ai-tooling-enabled { - }) + "aiCode.ollamaHost" = "http://defiant:11434"; + }) ]; extensions = let diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index ccd4cb8..38e9dd9 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,10 +12,10 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + rev = "bdb615876df41717180c31640a8542b86326a9b3"; }; - npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; nativeBuildInputs = with pkgs; [ vsce From 3131d264d350f487fc18183ef968d97e96cfa7c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 20:50:53 -0500 Subject: [PATCH 104/374] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 62 +++++------ flake.nix | 2 +- modules/nixos-modules/server/qbittorent.nix | 101 +----------------- modules/nixos-modules/users.nix | 2 +- 6 files changed, 38 insertions(+), 133 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661..eaaaf2d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = true; + jetbrains.idea-community.enable = false; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 094becb..9e8f25a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -304,7 +304,7 @@ enable = true; mediaDir = "/srv/qbittorent"; openFirewall = true; - webPort = 8084; + webuiPort = 8084; }; }; diff --git a/flake.lock b/flake.lock index a32ae84..5a853aa 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "owner": "nix-community", "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752379414, - "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", + "lastModified": 1753416229, + "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", + "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -146,15 +146,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1753306924, + "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", + "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -167,15 +167,15 @@ ] }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1753282722, + "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", + "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" } }, "nix-darwin": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752459325, - "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", + "lastModified": 1753409666, + "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", + "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 651a210..67ff0c4 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix index 9b7b7e8..2d54587 100644 --- a/modules/nixos-modules/server/qbittorent.nix +++ b/modules/nixos-modules/server/qbittorent.nix @@ -1,115 +1,20 @@ { lib, - pkgs, config, ... }: let - qbittorent_data_directory = "/var/lib/qbittorrent"; + qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { options.services.qbittorrent = { - enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; - - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/qbittorrent"; - description = lib.mdDoc '' - The directory where qBittorrent stores its data files. - ''; - }; - mediaDir = lib.mkOption { type = lib.types.path; description = lib.mdDoc '' The directory to create to store qbittorrent media. ''; }; - - user = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - User account under which qBittorrent runs. - ''; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - Group under which qBittorrent runs. - ''; - }; - - webPort = lib.mkOption { - type = lib.types.port; - default = 8080; - description = lib.mdDoc '' - qBittorrent web UI port. - ''; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Open services.qBittorrent.webPort to the outside network."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.qbittorrent-nox; - defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; - description = "The qbittorrent package to use."; - }; }; config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - { - networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { - allowedTCPPorts = [config.services.qbittorrent.webPort]; - }; - - systemd.services.qbittorrent = { - # based on the plex.nix service module and - # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in - description = "qBittorrent-nox service"; - documentation = ["man:qbittorrent-nox(1)"]; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - - serviceConfig = { - Type = "simple"; - User = config.services.qbittorrent.user; - Group = config.services.qbittorrent.group; - - # Run the pre-start script with full permissions (the "!" prefix) so it - # can create the data directory if necessary. - ExecStartPre = let - preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' - #!${pkgs.bash}/bin/bash - - # Create data directory if it doesn't exist - if ! test -d "$QBT_PROFILE"; then - echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" - install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" - fi - ''; - in "!${preStartScript}"; - - #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; - ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - #Restart = "on-success"; - #UMask = "0002"; - #LimitNOFILE = cfg.openFilesLimit; - }; - - environment = { - QBT_PROFILE = config.services.qbittorrent.dataDir; - QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; - }; - }; - } (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; @@ -126,7 +31,7 @@ in { assertions = [ { - assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; message = "qbittorrent data directory does not match persistence"; } ]; @@ -135,7 +40,7 @@ in { "/persist/system/root" = { directories = [ { - directory = qbittorent_data_directory; + directory = qbittorent_profile_directory; user = "qbittorrent"; group = "qbittorrent"; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index b135367..eeddafd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -160,7 +160,7 @@ in { qbittorrent = { uid = lib.mkForce uids.qbittorrent; - isNormalUser = true; + isSystemUser = true; group = config.users.users.qbittorrent.name; }; From dfcd16fdd226f6d7b21046302fe7e8f453eb5b5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 21:33:18 -0500 Subject: [PATCH 105/374] updated user words --- .../leyla/packages/vscode/user-words.nix | 183 ++++++++++++------ 1 file changed, 120 insertions(+), 63 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index ca4b1d1..bb99bbc 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,69 +1,126 @@ -{...}: { +{ + pkgs, + lib, + ... +}: { config.programs.vscode.profiles.default.userSettings = { "cSpell.userWords" = [ "leyla" - "ollama" - "webdav" - "pname" - "direnv" - "deepseek" - "qwen" - "syncthing" - "immich" - "sonos" - "makemkv" - "hass" - "qbittorent" - "prostudiomasters" - "tmpfiles" - "networkmanager" - "Networkd" - "networkmanager" - "dialout" - "adbusers" - "protonmail" - "authkey" - "netdevs" - "atomix" - "geary" - "gedit" - "hitori" - "iagno" - "alsa" - "timezoned" - "pipewire" - "pulseaudio" - "rtkit" - "disko" - "ashift" - "autotrim" - "canmount" - "mountpoint" - "xattr" - "acltype" - "relatime" - "keyformat" - "keylocation" - "vdevs" - - # codium extensions - "akamud" - "onedark" - "jeanp" - "dsznajder" - "dbaeumer" - "orta" - "tauri" - "unifiedjs" - "tamasfe" - "pinage" - "jnoortheen" - "kamadorueda" - "karyfoundation" - "nearley" - - # nix.optimise is spelled wrong - "optimise" ]; + + "cSpell.languageSettings" = [ + { + "languageId" = "nix"; + "locale" = "*"; + "dictionaries" = [ + "applications" + "ai-words" + "nix-words" + + # We need to include all other dictionaries in the nix language settings because they exist in this file + # TODO: see if there is a way to make this only apply for this file + "js-words" + ]; + } + { + "languageId" = "javascript,typescript,js,ts"; + "locale" = "*"; + "dictionaries" = [ + "js-words" + ]; + } + ]; + + "cSpell.customDictionaries" = { + applications = { + name = "applications"; + description = "application names"; + path = pkgs.writeText "applications.txt" (lib.strings.concatLines [ + "ollama" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "protonmail" + "pulseaudio" + ]); + }; + + ai-words = { + name = "ai-words"; + description = "common words used for ai development"; + path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [ + "ollama" + "deepseek" + "qwen" + ]); + }; + + nix-words = { + name = "nix-words"; + description = "words used in nix configurations"; + path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [ + "pname" + "direnv" + "tmpfiles" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]); + }; + + js-words = { + name = "js-words"; + description = "words used in js development"; + path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [ + "webdav" + ]); + }; + }; }; } From 99fb7b8a6273fbfc5007113a35aec858c995dd91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 12:50:21 -0500 Subject: [PATCH 106/374] started to move extensions into configurable options --- .../leyla/packages/vscode/default.nix | 26 ++++++---------- .../home-manager-modules/programs/default.nix | 1 + .../programs/vscode/aiCode.nix | 31 +++++++++++++++++++ .../programs/vscode/atomKeybindings.nix | 27 ++++++++++++++++ .../programs/vscode/default.nix | 7 +++++ .../programs/vscode/oneDark.nix | 30 ++++++++++++++++++ 6 files changed, 106 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/aiCode.nix create mode 100644 modules/home-manager-modules/programs/vscode/atomKeybindings.nix create mode 100644 modules/home-manager-modules/programs/vscode/default.nix create mode 100644 modules/home-manager-modules/programs/vscode/oneDark.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c28861f..5294ed2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -29,7 +29,6 @@ in { userSettings = lib.mkMerge [ { - "workbench.colorTheme" = "Atom One Dark"; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -45,11 +44,18 @@ in { }; "alejandra.program" = "alejandra"; }) - (lib.mkIf ai-tooling-enabled { - "aiCode.ollamaHost" = "http://defiant:11434"; - }) ]; + # TODO: move the rest of the extensions into enable options like this + extraExtensions = { + oneDark.enable = true; + atomKeybindings.enable = true; + aiCode = { + enable = ai-tooling-enabled; + ollamaHost = "http://defiant:11434"; + }; + }; + extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( @@ -57,8 +63,6 @@ in { with extension-pkgs.open-vsx; ( [ # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian @@ -104,16 +108,6 @@ in { ]) ) ) - ++ ( - with pkgs.codium-extensions; ( - [] - ++ ( - lib.lists.optionals ai-tooling-enabled [ - ai-code - ] - ) - ) - ) ); }; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index ee52da2..675e77d 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -16,5 +16,6 @@ ./bruno.nix ./dbeaver.nix ./steam.nix + ./vscode ]; } diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix new file mode 100644 index 0000000..cd23f92 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -0,0 +1,31 @@ +{ + lib, + pkgs, + ... +}: let + pkgsRepository = pkgs.codium-extensions; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.aiCode = { + enable = lib.mkEnableOption "should the ai code extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "ai-code" {}; + ollamaHost = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what host should be used for ollama"; + default = null; + }; + }; + }; + config = lib.mkIf config.extraExtensions.aiCode.enable { + extensions = [ + config.extraExtensions.aiCode.extension + ]; + userSettings = { + "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/atomKeybindings.nix b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix new file mode 100644 index 0000000..95cd928 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.atomKeybindings = { + enable = lib.mkEnableOption "should the atom keybindings extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "atom-keybindings" { + default = ["ms-vscode" "atom-keybindings"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.atomKeybindings.enable { + extensions = [ + config.extraExtensions.atomKeybindings.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix new file mode 100644 index 0000000..a5fe474 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./oneDark.nix + ./atomKeybindings.nix + ./aiCode.nix + ]; +} diff --git a/modules/home-manager-modules/programs/vscode/oneDark.nix b/modules/home-manager-modules/programs/vscode/oneDark.nix new file mode 100644 index 0000000..5ed43f4 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/oneDark.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.oneDark = { + enable = lib.mkEnableOption "should the one dark theme for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "onedark" { + default = ["akamud" "vscode-theme-onedark"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.oneDark.enable { + extensions = [ + config.extraExtensions.oneDark.extension + ]; + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + }; + })); + }; +} From e58f08b72330189f2fdc78615e5a50c39c448d53 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 16:19:41 -0500 Subject: [PATCH 107/374] move nix extensions into vscode extensions folders --- .../leyla/packages/vscode/default.nix | 70 +++++++------------ .../programs/vscode/alejandra.nix | 34 +++++++++ .../programs/vscode/default.nix | 2 + .../programs/vscode/nixIde.nix | 29 ++++++++ 4 files changed, 91 insertions(+), 44 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/alejandra.nix create mode 100644 modules/home-manager-modules/programs/vscode/nixIde.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 5294ed2..0f06f57 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -33,20 +33,8 @@ in { "editor.tabSize" = 2; "editor.insertSpaces" = false; } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - }) ]; - # TODO: move the rest of the extensions into enable options like this extraExtensions = { oneDark.enable = true; atomKeybindings.enable = true; @@ -54,49 +42,43 @@ in { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( ( - with extension-pkgs.open-vsx; ( - [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ) + # misc extensions + tamasfe.even-better-toml + ] ) ++ ( with extension-pkgs.vscode-marketplace; ( diff --git a/modules/home-manager-modules/programs/vscode/alejandra.nix b/modules/home-manager-modules/programs/vscode/alejandra.nix new file mode 100644 index 0000000..ffeaf96 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/alejandra.nix @@ -0,0 +1,34 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.alejandra = { + enable = lib.mkEnableOption "Enable Alejandra extension for Nix formatting"; + extension = lib.mkPackageOption pkgsRepository "alejandra" { + default = ["kamadorueda" "alejandra"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.alejandra.enable { + extensions = [config.extraExtensions.alejandra.extension]; + userSettings = { + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a5fe474..1f2d86f 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -3,5 +3,7 @@ ./oneDark.nix ./atomKeybindings.nix ./aiCode.nix + ./alejandra.nix + ./nixIde.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/nixIde.nix b/modules/home-manager-modules/programs/vscode/nixIde.nix new file mode 100644 index 0000000..bc79b69 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nixIde.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nixIde = { + enable = lib.mkEnableOption "Enable Nix IDE extension"; + extension = lib.mkPackageOption pkgsRepository "nix-ide" { + default = ["jnoortheen" "nix-ide"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nixIde.enable { + extensions = [config.extraExtensions.nixIde.extension]; + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + }; + }; + })); + }; +} From 1f0a147a426ddbf849213c31d567e5f8b3c53faa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:40:01 -0500 Subject: [PATCH 108/374] moved more extensions into extension modules --- .../leyla/packages/vscode/default.nix | 33 +++++++++++-------- .../programs/vscode/autoRenameTag.nix | 27 +++++++++++++++ .../programs/vscode/default.nix | 8 +++++ .../programs/vscode/es7ReactJsSnippets.nix | 27 +++++++++++++++ .../programs/vscode/liveServer.nix | 27 +++++++++++++++ .../programs/vscode/tauriVscode.nix | 27 +++++++++++++++ .../programs/vscode/vscodeEslint.nix | 27 +++++++++++++++ .../programs/vscode/vscodeJest.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStandard.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStylelint.nix | 27 +++++++++++++++ 10 files changed, 243 insertions(+), 14 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/autoRenameTag.nix create mode 100644 modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix create mode 100644 modules/home-manager-modules/programs/vscode/liveServer.nix create mode 100644 modules/home-manager-modules/programs/vscode/tauriVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeEslint.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeJest.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStandard.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStylelint.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 0f06f57..009d7f0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -36,14 +36,31 @@ in { ]; extraExtensions = { + # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + + # html development + autoRenameTag.enable = true; + liveServer.enable = true; + + # js development + es7ReactJsSnippets.enable = true; + tauriVscode.enable = true; + vscodeEslint.enable = true; + vscodeJest.enable = true; + vscodeStandard.enable = true; + vscodeStylelint.enable = true; + + # nix development + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; + + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; - alejandra.enable = nix-development-enabled; - nixIde.enable = nix-development-enabled; }; extensions = let @@ -57,18 +74,6 @@ in { streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - # go extensions golang.go diff --git a/modules/home-manager-modules/programs/vscode/autoRenameTag.nix b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix new file mode 100644 index 0000000..5f24a32 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.autoRenameTag = { + enable = lib.mkEnableOption "should the auto-rename-tag extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "auto-rename-tag" { + default = ["formulahendry" "auto-rename-tag"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.autoRenameTag.enable { + extensions = [ + config.extraExtensions.autoRenameTag.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 1f2d86f..a11d3e5 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -5,5 +5,13 @@ ./aiCode.nix ./alejandra.nix ./nixIde.nix + ./autoRenameTag.nix + ./es7ReactJsSnippets.nix + ./liveServer.nix + ./tauriVscode.nix + ./vscodeEslint.nix + ./vscodeJest.nix + ./vscodeStandard.nix + ./vscodeStylelint.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix new file mode 100644 index 0000000..09e6da3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.es7ReactJsSnippets = { + enable = lib.mkEnableOption "should the es7-react-js-snippets extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "es7-react-js-snippets" { + default = ["dsznajder" "es7-react-js-snippets"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.es7ReactJsSnippets.enable { + extensions = [ + config.extraExtensions.es7ReactJsSnippets.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/liveServer.nix b/modules/home-manager-modules/programs/vscode/liveServer.nix new file mode 100644 index 0000000..3f53ca3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/liveServer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.liveServer = { + enable = lib.mkEnableOption "should the live-server extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "live-server" { + default = ["ms-vscode" "live-server"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.liveServer.enable { + extensions = [ + config.extraExtensions.liveServer.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/tauriVscode.nix b/modules/home-manager-modules/programs/vscode/tauriVscode.nix new file mode 100644 index 0000000..9185fb3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/tauriVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.tauriVscode = { + enable = lib.mkEnableOption "should the tauri-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "tauri-vscode" { + default = ["tauri-apps" "tauri-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.tauriVscode.enable { + extensions = [ + config.extraExtensions.tauriVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeEslint.nix b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix new file mode 100644 index 0000000..64d979f --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeEslint = { + enable = lib.mkEnableOption "should the vscode-eslint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-eslint" { + default = ["dbaeumer" "vscode-eslint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeEslint.enable { + extensions = [ + config.extraExtensions.vscodeEslint.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeJest.nix b/modules/home-manager-modules/programs/vscode/vscodeJest.nix new file mode 100644 index 0000000..7c24f2a --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeJest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeJest = { + enable = lib.mkEnableOption "should the vscode-jest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-jest" { + default = ["orta" "vscode-jest"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeJest.enable { + extensions = [ + config.extraExtensions.vscodeJest.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStandard.nix b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix new file mode 100644 index 0000000..31c8ad0 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStandard = { + enable = lib.mkEnableOption "should the vscode-standard extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-standard" { + default = ["standard" "vscode-standard"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStandard.enable { + extensions = [ + config.extraExtensions.vscodeStandard.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix new file mode 100644 index 0000000..0d43b29 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStylelint = { + enable = lib.mkEnableOption "should the vscode-stylelint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-stylelint" { + default = ["stylelint" "vscode-stylelint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStylelint.enable { + extensions = [ + config.extraExtensions.vscodeStylelint.extension + ]; + }; + })); + }; +} From 0fd54a5494788a54df3f18f1d6c52839f3d8328c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:53:37 -0500 Subject: [PATCH 109/374] added more options to aiCode --- .../home-manager/leyla/packages/vscode/default.nix | 1 + .../programs/vscode/aiCode.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 009d7f0..9ad87bf 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -60,6 +60,7 @@ in { aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; + inlineCompletion.model = "qwen3:4b"; }; }; diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix index cd23f92..838a439 100644 --- a/modules/home-manager-modules/programs/vscode/aiCode.nix +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -16,6 +16,18 @@ in { description = "what host should be used for ollama"; default = null; }; + inlineCompletion = { + enable = lib.mkOption { + type = lib.types.bool; + description = "should inline completion be enabled"; + default = true; + }; + model = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what model should be used for ollama"; + default = null; + }; + }; }; }; config = lib.mkIf config.extraExtensions.aiCode.enable { @@ -24,6 +36,8 @@ in { ]; userSettings = { "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + "aiCode.inlineCompletion.enable" = config.extraExtensions.aiCode.inlineCompletion.enable; + "aiCode.inlineCompletion.model" = lib.mkIf (config.extraExtensions.aiCode.inlineCompletion.model != null) config.extraExtensions.aiCode.inlineCompletion.model; }; }; })); From b5cfb5ec77826f118e94d274dd6edc9fcfc2ca5f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:22:08 -0500 Subject: [PATCH 110/374] moved all extensions other then spell check into their own modules --- .../leyla/packages/vscode/default.nix | 48 ++++++++----------- .../programs/vscode/astroVscode.nix | 27 +++++++++++ .../programs/vscode/default.nix | 6 +++ .../programs/vscode/evenBetterToml.nix | 27 +++++++++++ .../programs/vscode/go.nix | 27 +++++++++++ .../programs/vscode/nearley.nix | 27 +++++++++++ .../programs/vscode/openRemoteSsh.nix | 27 +++++++++++ .../programs/vscode/vscodeMdx.nix | 27 +++++++++++ 8 files changed, 187 insertions(+), 29 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/astroVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/evenBetterToml.nix create mode 100644 modules/home-manager-modules/programs/vscode/go.nix create mode 100644 modules/home-manager-modules/programs/vscode/nearley.nix create mode 100644 modules/home-manager-modules/programs/vscode/openRemoteSsh.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeMdx.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9ad87bf..6e7887a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -39,6 +39,7 @@ in { # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + openRemoteSsh.enable = true; # html development autoRenameTag.enable = true; @@ -52,50 +53,39 @@ in { vscodeStandard.enable = true; vscodeStylelint.enable = true; + nearley.enable = true; + + # astro development + vscodeMdx.enable = true; + astroVscode.enable = true; + # nix development alejandra.enable = nix-development-enabled; nixIde.enable = nix-development-enabled; + # go development + go.enable = true; + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; inlineCompletion.model = "qwen3:4b"; }; + + # misc extensions + evenBetterToml.enable = true; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - ( - with extension-pkgs.open-vsx; [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ) - ++ ( - with extension-pkgs.vscode-marketplace; ( - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ) + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + ] ); }; }; diff --git a/modules/home-manager-modules/programs/vscode/astroVscode.nix b/modules/home-manager-modules/programs/vscode/astroVscode.nix new file mode 100644 index 0000000..4bae34a --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/astroVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.astroVscode = { + enable = lib.mkEnableOption "should the astro-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "astro-vscode" { + default = ["astro-build" "astro-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.astroVscode.enable { + extensions = [ + config.extraExtensions.astroVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a11d3e5..ea54d4f 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -13,5 +13,11 @@ ./vscodeJest.nix ./vscodeStandard.nix ./vscodeStylelint.nix + ./go.nix + ./evenBetterToml.nix + ./openRemoteSsh.nix + ./astroVscode.nix + ./vscodeMdx.nix + ./nearley.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/evenBetterToml.nix b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix new file mode 100644 index 0000000..9813ee1 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.evenBetterToml = { + enable = lib.mkEnableOption "should the even-better-toml extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "even-better-toml" { + default = ["tamasfe" "even-better-toml"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.evenBetterToml.enable { + extensions = [ + config.extraExtensions.evenBetterToml.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix new file mode 100644 index 0000000..02ffe5d --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/go.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.go = { + enable = lib.mkEnableOption "should the go extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "go" { + default = ["golang" "go"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.go.enable { + extensions = [ + config.extraExtensions.go.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/nearley.nix b/modules/home-manager-modules/programs/vscode/nearley.nix new file mode 100644 index 0000000..3020a9e --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nearley.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nearley = { + enable = lib.mkEnableOption "should the nearley extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "nearley" { + default = ["karyfoundation" "nearley"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nearley.enable { + extensions = [ + config.extraExtensions.nearley.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix new file mode 100644 index 0000000..c1b6daa --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openRemoteSsh = { + enable = lib.mkEnableOption "should the open-remote-ssh extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "open-remote-ssh" { + default = ["jeanp413" "open-remote-ssh"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openRemoteSsh.enable { + extensions = [ + config.extraExtensions.openRemoteSsh.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeMdx.nix b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix new file mode 100644 index 0000000..c49fe51 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeMdx = { + enable = lib.mkEnableOption "should the vscode-mdx extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-mdx" { + default = ["unifiedjs" "vscode-mdx"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeMdx.enable { + extensions = [ + config.extraExtensions.vscodeMdx.extension + ]; + }; + })); + }; +} From 53c0526c4dbcec32ab0860c6bdfed6b8605185fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:27:46 -0500 Subject: [PATCH 111/374] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 141c2fd..039391f 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- figure out ai vs code plugin - nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote From 22f2052ccffe09e660b85823647c099067169e35 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 17:53:31 -0500 Subject: [PATCH 112/374] updated flake lock --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 5a853aa..28d5df8 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753416229, - "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", + "lastModified": 1753761817, + "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", "owner": "rycee", "repo": "nur-expressions", - "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", + "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "lastModified": 1753983724, + "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753306924, - "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", - "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", + "lastModified": 1753223229, + "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", + "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1753409666, - "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", + "lastModified": 1753928221, + "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", + "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { From 7b3d4bc0213735c56a362c841ec8a08302291a9f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:24:45 -0500 Subject: [PATCH 113/374] added acl rules to defiant media_directory --- modules/nixos-modules/server/jellyfin.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index bad04c9..294c8e1 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -52,6 +52,11 @@ in { ]; networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 5658a392491f1dfee521bca654708c9efc1049cf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:30:28 -0500 Subject: [PATCH 114/374] added ACL to syncthing mnt folder --- modules/nixos-modules/sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 8915dc8..bf43041 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -11,6 +11,7 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" "d ${mountDir} 2755 syncthing syncthing -" "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" From 7b9d1ee390b1f2fef5009791eea36d14416d9279 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 21:20:52 -0500 Subject: [PATCH 115/374] added qwen3:235b-a22b --- configurations/nixos/defiant/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9e8f25a..75a4b3e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -235,6 +235,10 @@ # agent models "qwen3:8b" "qwen3:32b" + "qwen3:235b-a22b" + + "qwen3-coder:30b" + "qwen3-coder:30b-a3b-fp16" # embedding models "nomic-embed-text:latest" From b7a4f63ddd37ec0ff780670e3e543d7cee2dbc30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 17:46:56 -0500 Subject: [PATCH 116/374] further refined and documents issues with wire guard config --- .../nixos/defiant/configuration.nix | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 75a4b3e..1a3de77 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,12 +120,6 @@ systemd.network = { enable = true; - # config = { - # routeTables = { - # p2p = 1; - # }; - # }; - netdevs = { "10-bond0" = { netdevConfig = { @@ -138,23 +132,20 @@ }; }; - # "15-p2p0" = { + # "20-wg0" = { # netdevConfig = { # Kind = "wireguard"; - # Name = "p2p0"; - # MTUBytes = "1280"; + # Name = "wg0"; # }; # wireguardConfig = { # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; # ListenPort = 51820; - # # RouteTable = "p2p"; # }; # wireguardPeers = [ # { # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; # Endpoint = "185.230.126.146:51820"; # AllowedIPs = ["0.0.0.0/0"]; - # RouteTable = "off"; # } # ]; # }; @@ -176,17 +167,25 @@ dns = ["192.168.1.1"]; }; - # "45-p2p0" = { - # matchConfig.Name = "p2p0"; + # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip + # debugging steps: + # try sending data on the interface `ping -I wg0 8.8.8.8` + # view all traffic on the interface `sudo tshark -i wg0` + # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` + # "50-wg0" = { + # matchConfig.Name = "wg0"; + # networkConfig = { + # DHCP = "no"; + # }; # address = [ # "10.2.0.2/32" # ]; - # routes = [ - # { - # Destination = "0.0.0.0/0"; - # } - # ]; - # linkConfig.RequiredForOnline = false; + # # routes = [ + # # { + # # Destination = "10.2.0.2/32"; + # # Gateway = "10.2.0.1"; + # # } + # # ]; # }; }; }; From 3f897fae25d419ad659b2b006324b6d90eca3785 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 20:08:45 -0500 Subject: [PATCH 117/374] updated ai code plugin --- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index 38e9dd9..9c9efe3 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,7 +12,7 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "bdb615876df41717180c31640a8542b86326a9b3"; + rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6"; }; npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; From 7e1e1f357f0fc467566a6d777639f2c8fa0858a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 5 Aug 2025 00:15:58 -0500 Subject: [PATCH 118/374] updated scrub email settings --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/disko.nix | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a3de77..8b49e4b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -42,7 +42,7 @@ host = "smtp.protonmail.ch"; port = 587; to = "leyla@jan-leila.com"; - user = "leyla@jan-leila.com"; + user = "noreply@jan-leila.com"; tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 3d15498..9e56d87 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -149,14 +149,13 @@ in { autoSnapshot.enable = true; zed = lib.mkIf config.host.storage.notifications.enable { - # this option is broken we are just going to disable it - enableMail = false; + enableMail = true; settings = { ZED_DEBUG_LOG = "/tmp/zed.debug.log"; ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "@ADDRESS@"; + ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = true; From 93b8582734cd601320ee8f737921948306d9e859 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 6 Aug 2025 22:12:42 -0500 Subject: [PATCH 119/374] installed tab session manager --- configurations/home-manager/leyla/packages/firefox.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index 1613cb3..d166eb4 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -72,6 +72,8 @@ deutsch-de-language-pack dictionary-german + tab-session-manager + # ( # buildFirefoxXpiAddon rec { # pname = "italiano-it-language-pack"; @@ -140,7 +142,6 @@ "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ - "privacy_privacy_com-browser-action" # bitwarden "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" From ee6ab1c0eb991e64fc7adf404d12867f79e39cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Aug 2025 23:32:32 -0500 Subject: [PATCH 120/374] installed printer drivers --- modules/nixos-modules/desktop.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index e1882b3..6686ee3 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -32,7 +32,14 @@ ]; services = { # Enable CUPS to print documents. - printing.enable = true; + printing = { + enable = true; + drivers = [ + pkgs.hplip + pkgs.gutenprint + pkgs.gutenprintBin + ]; + }; xserver = { # Enable the X11 windowing system. From c1926f625624b16fe8f3ffe8c9e48de3582fd24d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Aug 2025 18:34:13 -0500 Subject: [PATCH 121/374] updated flake lock --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 28d5df8..721255f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1754971456, + "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753761817, - "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", + "lastModified": 1755002386, + "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", + "rev": "170f218715e93fc36a9077a926eb8516d789138b", "type": "gitlab" }, "original": { @@ -75,39 +75,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,11 +82,11 @@ ] }, "locked": { - "lastModified": 1753983724, - "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", + "lastModified": 1755121891, + "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", + "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", "type": "github" }, "original": { @@ -143,41 +110,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1753223229, - "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753282722, - "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", - "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -221,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1753928221, - "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", + "lastModified": 1754964325, + "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", + "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", "type": "github" }, "original": { @@ -242,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -279,7 +211,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -313,11 +244,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -360,21 +291,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 67ff0c4..23a8aab 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index fb2f83d..5b61779 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 102a61b38eb0065a0c5ab1cdd263e40da884c797 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Aug 2025 11:32:03 -0500 Subject: [PATCH 122/374] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index eaaaf2d..63f9661 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = false; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/flake.lock b/flake.lock index 721255f..6d8fa45 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755002386, - "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", + "lastModified": 1755246238, + "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "170f218715e93fc36a9077a926eb8516d789138b", + "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1755313937, + "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "lastModified": 1755275010, + "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754964325, - "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", + "lastModified": 1755309796, + "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", + "rev": "73db918d57f44c8a0d8a809596863188675f9cab", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From d12f4b5327fcb50f82f1ddce5db89941bfd78a8e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Aug 2025 22:02:10 -0500 Subject: [PATCH 123/374] installed actual on defiant --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/actual.nix | 54 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++++++ 4 files changed, 75 insertions(+) create mode 100644 modules/nixos-modules/server/actual.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8b49e4b..9ef4c82 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,11 @@ subdomain = "search"; }; + actual = { + enable = true; + subdomain = "budget"; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix new file mode 100644 index 0000000..7fc0b93 --- /dev/null +++ b/modules/nixos-modules/server/actual.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + dataDirectory = "/var/lib/actual/"; +in { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: configuration for fail2ban for actual + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 95c7096..4ca50e2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -13,5 +13,6 @@ ./immich.nix ./qbittorent.nix ./paperless.nix + ./actual.nix ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index eeddafd..7fd43da 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; gids = { @@ -40,6 +41,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isSystemUser = true; group = config.users.users.paperless.name; }; + + actual = { + uid = lib.mkForce uids.actual; + isSystemUser = true; + group = config.users.users.actual.name; + }; }; groups = { @@ -272,6 +280,13 @@ in { users.paperless.name ]; }; + + actual = { + gid = lib.mkForce gids.actual; + members = [ + users.actual.name + ]; + }; }; }; } From bf07bbdb1b69977ff639de4e8b089ee713e70db4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Aug 2025 13:26:04 -0500 Subject: [PATCH 124/374] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9ef4c82..b7da763 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -285,7 +285,7 @@ }; actual = { - enable = true; + enable = false; subdomain = "budget"; }; diff --git a/flake.lock b/flake.lock index 6d8fa45..f885584 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1754971456, - "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755246238, - "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", + "lastModified": 1755921820, + "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", + "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755313937, - "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", + "lastModified": 1755914636, + "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", + "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755275010, - "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755309796, - "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", + "lastModified": 1755914146, + "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "73db918d57f44c8a0d8a809596863188675f9cab", + "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { From 19bd67afe58c186feacc659789288a8e7cfc7171 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 15:55:07 -0500 Subject: [PATCH 125/374] installed claudeDev --- .../leyla/packages/vscode/default.nix | 8 ++---- .../nixos/defiant/configuration.nix | 4 +++ .../programs/vscode/claudeDev.nix | 27 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 4 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/claudeDev.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e7887a..3878d94 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -66,12 +66,8 @@ in { # go development go.enable = true; - # ai tooling - aiCode = { - enable = ai-tooling-enabled; - ollamaHost = "http://defiant:11434"; - inlineCompletion.model = "qwen3:4b"; - }; + # claude development + claudeDev.enable = ai-tooling-enabled; # misc extensions evenBetterToml.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b7da763..8151111 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -218,6 +218,10 @@ acceleration = false; + environmentVariables = { + OLLAMA_KEEP_ALIVE = "24h"; + }; + loadModels = [ # conversation models "llama3.1:8b" diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix new file mode 100644 index 0000000..8d5dd75 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.claudeDev = { + enable = lib.mkEnableOption "should the claude-dev extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "claude-dev" { + default = ["saoudrizwan" "claude-dev"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.claudeDev.enable { + extensions = [ + config.extraExtensions.claudeDev.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index ea54d4f..a86d0c3 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -18,6 +18,7 @@ ./openRemoteSsh.nix ./astroVscode.nix ./vscodeMdx.nix + ./claudeDev.nix ./nearley.nix ]; } From d128b54a0583628017acf18d12890301dce80fa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 23:01:04 -0500 Subject: [PATCH 126/374] removed redundant part of config --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8151111..14410f4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -194,12 +194,6 @@ boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; services = { - # TODO: move zfs scrubbing into module - zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - }; - # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; From 060e6ef037361c3fca9a2411f3c8cf8d25ab230c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 15:53:45 -0500 Subject: [PATCH 127/374] installed fonts --- configurations/home-manager/leyla/default.nix | 8 ++++++++ configurations/home-manager/leyla/packages/default.nix | 2 -- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 538eab8..6d759c5 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,5 @@ { + pkgs, config, osConfig, ... @@ -82,5 +83,12 @@ # EDITOR = "emacs"; }; }; + + # TODO: move this into a fonts module + home.packages = with pkgs; [ + aileron + nerd-fonts.open-dyslexic + ]; + fonts.fontconfig.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661..6a24e31 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -67,8 +67,6 @@ in { home.packages = ( (with pkgs; [ - aileron - proxmark3 ]) ++ ( From dbe4b674d7c409049fa2abe694755ab022cb61fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 18:00:12 -0500 Subject: [PATCH 128/374] set zfs auth and tls to true --- configurations/home-manager/leyla/packages/default.nix | 2 ++ modules/nixos-modules/disko.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6a24e31..702edda 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -108,6 +108,8 @@ in { (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) + + (lib.mkIf osConfig.host.ai.enable claude-code) ]) ) ); diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 9e56d87..a962689 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -136,6 +136,8 @@ in { }; accounts = { zfs_notifications = { + auth = true; + tls = true; host = config.host.storage.notifications.host; passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; user = config.host.storage.notifications.user; From 9c8de12ad37978ed5d40b87ecd0775dd38569767 Mon Sep 17 00:00:00 2001 From: Eve Date: Wed, 27 Aug 2025 10:52:24 -0500 Subject: [PATCH 129/374] installed tailscale --- configurations/nixos/emergent/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 90aecab..bb671f7 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -67,6 +67,8 @@ }; }; + services.tailscale.enable = true; + # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; From 1c079fa47906cb8c305718471ae2fc35f670aa85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 13:37:31 -0500 Subject: [PATCH 130/374] installed vitest --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/vitest.nix | 27 +++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/vitest.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 3878d94..651d941 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,6 +50,7 @@ in { tauriVscode.enable = true; vscodeEslint.enable = true; vscodeJest.enable = true; + vitest.enable = true; vscodeStandard.enable = true; vscodeStylelint.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a86d0c3..50b323d 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -20,5 +20,6 @@ ./vscodeMdx.nix ./claudeDev.nix ./nearley.nix + ./vitest.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/vitest.nix b/modules/home-manager-modules/programs/vscode/vitest.nix new file mode 100644 index 0000000..446d25b --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vitest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vitest = { + enable = lib.mkEnableOption "should the vitest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vitest" { + default = ["vitest" "explorer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vitest.enable { + extensions = [ + config.extraExtensions.vitest.extension + ]; + }; + })); + }; +} From ca2b188560ba131ac0e10539d6921ef1318538e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 17:51:11 -0500 Subject: [PATCH 131/374] fixed nfs mounts --- README.md | 1 - .../nixos/horizon/configuration.nix | 79 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 43 +++++++--- .../server/network_storage/default.nix | 2 +- .../server/network_storage/nfs.nix | 10 ++- 5 files changed, 120 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 039391f..e379f91 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this - SMART test with email results -- fix nfs - samba mounts - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Create Tor guard/relay server diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99b6ee9..adaab1c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,6 +135,85 @@ }; }; + # NFS support for mobile device - optimized for frequent disconnections + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; + + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 111c002..7d88430 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -140,12 +140,20 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" - "x-systemd.idle-timeout=600" - "fsc" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -155,11 +163,17 @@ options = [ "x-systemd.automount" "noauto" - "user" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" + "bg" "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" ]; }; @@ -169,21 +183,30 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=60" ]; }; }; + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 00ea7ac..eaac7fe 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/export"; + default = "/exports"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index bad0452..297dc1a 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -61,8 +61,6 @@ # loopback "127.0.0.1" "::1" - # local network - # "192.168.0.0/24" # tailscale "100.64.0.0/10" "fd7a:115c:a1e0::/48" @@ -84,7 +82,7 @@ ); }; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + networking.firewall = let ports = [ 111 config.host.network_storage.nfs.port @@ -94,6 +92,12 @@ 20048 ]; in { + # Allow NFS on Tailscale interface + interfaces.${config.services.tailscale.interfaceName} = { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; + # Allow NFS on local network (assuming default interface) allowedTCPPorts = ports; allowedUDPPorts = ports; }; From 4a7b57df99579df26939ee967c100c4594e3a2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:19:04 -0500 Subject: [PATCH 132/374] removed invalid config option --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7d88430..245b4f7 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -153,7 +153,6 @@ "_netdev" # Network device - wait for network "x-systemd.requires=network-online.target" # Require network to be online "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -199,7 +198,6 @@ "_netdev" "x-systemd.requires=network-online.target" "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=60" ]; }; }; From 0d2a3e26a8a9593cd70e14ade62c46ad3f69c338 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:21:39 -0500 Subject: [PATCH 133/374] moved network mounts out of main config and into their own file --- .../nixos/horizon/configuration.nix | 76 ------------------- configurations/nixos/horizon/default.nix | 1 + .../nixos/horizon/network-mount.nix | 76 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 71 ----------------- configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/network-mount.nix | 72 ++++++++++++++++++ 6 files changed, 150 insertions(+), 147 deletions(-) create mode 100644 configurations/nixos/horizon/network-mount.nix create mode 100644 configurations/nixos/twilight/network-mount.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index adaab1c..731c6b0 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,82 +135,6 @@ }; }; - # NFS support for mobile device - optimized for frequent disconnections - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=30" # 3 second timeout (30 deciseconds) - "retrans=2" # Only 2 retries before giving up - "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile - "x-systemd.device-timeout=15" # 15 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=30" # 30 second mount timeout - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - # Mobile-optimized read settings - "rsize=8192" # Smaller read size for mobile - "wsize=8192" # Smaller write size for mobile - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 1263215..0f307d2 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/horizon/network-mount.nix b/configurations/nixos/horizon/network-mount.nix new file mode 100644 index 0000000..fde16f5 --- /dev/null +++ b/configurations/nixos/horizon/network-mount.nix @@ -0,0 +1,76 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; +} diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 245b4f7..477c517 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -131,77 +131,6 @@ syncthing.enable = true; }; - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile - "retrans=3" # 3 retries for desktop - "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop - "x-systemd.device-timeout=30" # 30 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=30" - "bg" - # Desktop-optimized read settings - "rsize=32768" # Larger read size for desktop - "wsize=32768" # Larger write size for desktop - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index 43a9164..f61e0ad 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,5 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/network-mount.nix b/configurations/nixos/twilight/network-mount.nix new file mode 100644 index 0000000..9f84b04 --- /dev/null +++ b/configurations/nixos/twilight/network-mount.nix @@ -0,0 +1,72 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + }; +} From 0d57fb08b162a3f35e77cc580b938b2307695deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 11:48:00 -0500 Subject: [PATCH 134/374] set up nix mcp server --- README.md | 1 - .../leyla/packages/vscode/default.nix | 5 +- flake.lock | 94 ++++++++++++++++++- flake.nix | 8 ++ .../programs/vscode/claudeDev.nix | 36 +++++++ 5 files changed, 140 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e379f91..339a8e8 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - rotate sops encryption keys periodically (and somehow sync between devices?) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 651d941..c605f9b 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -68,7 +68,10 @@ in { go.enable = true; # claude development - claudeDev.enable = ai-tooling-enabled; + claudeDev = lib.mkIf ai-tooling-enabled { + enable = true; + mcp.nixos.enable = true; + }; # misc extensions evenBetterToml.enable = true; diff --git a/flake.lock b/flake.lock index f885584..03a9467 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "devshell": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -75,6 +93,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +146,28 @@ "type": "github" } }, + "mcp-nixos": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755372538, + "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "owner": "utensils", + "repo": "mcp-nixos", + "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "type": "github" + }, + "original": { + "owner": "utensils", + "repo": "mcp-nixos", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +211,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -189,6 +247,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1722073938, + "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -211,11 +285,12 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "secrets": "secrets", "sops-nix": "sops-nix", "steam-fetcher": "steam-fetcher" @@ -291,6 +366,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 23a8aab..7980012 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,12 @@ url = "github:nix-community/steam-fetcher"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # MCP NixOS server for Claude Dev + mcp-nixos = { + url = "github:utensils/mcp-nixos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -157,6 +163,8 @@ disko # for viewing dconf entries dconf-editor + # for MCP NixOS server support in development + inputs.mcp-nixos.packages.${system}.default ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 8d5dd75..5e08b41 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -2,10 +2,27 @@ lib, pkgs, config, + inputs, ... }: let pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; pkgsRepository = pkgsRepositories.open-vsx; + + mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + + anyProfileHasMcpNixos = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.nixos.enable + ) (lib.attrValues config.programs.vscode.profiles); + + mcpServersConfig = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -15,6 +32,12 @@ in { extension = lib.mkPackageOption pkgsRepository "claude-dev" { default = ["saoudrizwan" "claude-dev"]; }; + + mcp = { + nixos = { + enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + }; + }; }; }; config = lib.mkIf config.extraExtensions.claudeDev.enable { @@ -24,4 +47,17 @@ in { }; })); }; + + config = lib.mkIf anyProfileHasMcpNixos { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = mcpServersConfig; + }; + force = true; + }; + + home.packages = [ + mcp-nixos + ]; + }; } From 9f94a218cc2e01ad756c8a4313c54416fabe10ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:11:29 -0500 Subject: [PATCH 135/374] disabled nfs mounts --- configurations/nixos/horizon/default.nix | 2 +- configurations/nixos/twilight/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 0f307d2..b916d82 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,6 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./network-mount.nix + # ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index f61e0ad..aa841f8 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,6 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix - ./network-mount.nix + # ./network-mount.nix ]; } From 5a53a7bac44e25d21c0547cc7dd4194b4b0a6deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:14:05 -0500 Subject: [PATCH 136/374] installed nix mcp server --- .../programs/vscode/claudeDev.nix | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 5e08b41..a2b4b9e 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,14 +15,6 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - mcpServersConfig = lib.mkMerge [ - (lib.mkIf anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,7 +43,11 @@ in { config = lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = mcpServersConfig; + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 6e0650f73b6ac42edb549ca1eef2579e8b935bd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 31 Aug 2025 13:56:20 -0500 Subject: [PATCH 137/374] installed the eslint mcp server --- .../leyla/packages/vscode/default.nix | 5 +- .../programs/vscode/claudeDev.nix | 60 ++++++++++++++----- 2 files changed, 49 insertions(+), 16 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c605f9b..778439a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -70,7 +70,10 @@ in { # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; - mcp.nixos.enable = true; + mcp = { + nixos.enable = true; + eslint.enable = true; + }; }; # misc extensions diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index a2b4b9e..11eb155 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,11 +10,21 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' + ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" + ''; + anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +39,9 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; }; }; }; @@ -40,20 +53,37 @@ in { })); }; - config = lib.mkIf anyProfileHasMcpNixos { - home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { - text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; - }; - force = true; - }; + config = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + home.packages = [ + mcp-nixos + ]; + }) - home.packages = [ - mcp-nixos - ]; - }; + (lib.mkIf anyProfileHasMcpEslint { + home.packages = [ + mcp-eslint + pkgs.eslint + ]; + }) + + (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${mcp-eslint}/bin/mcp-eslint"; + }; + }); + }; + force = true; + }; + }) + ]; } From d89d085409d97668230204eb2fbc218ce6ecf4b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:05:27 -0500 Subject: [PATCH 138/374] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- modules/home-manager-modules/openssh.nix | 9 +++-- modules/nixos-modules/server/forgejo.nix | 8 ++++- 4 files changed, 33 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 14410f4..e109d45 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -296,7 +296,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; - wyoming.enable = true; + wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper }; }; diff --git a/flake.lock b/flake.lock index 03a9467..5b4d6a3 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756733629, + "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755921820, - "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", + "lastModified": 1756699417, + "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", + "rev": "007b803d1eff595d25e7886e83054dbd038bf029", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1755914636, - "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", + "lastModified": 1756734952, + "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", "owner": "nix-community", "repo": "home-manager", - "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", + "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1755914146, - "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", + "lastModified": 1756692643, + "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", + "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1756245047, + "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index c8ba22d..9d77d10 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -45,8 +45,13 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - compression = true; - addKeysToAgent = "confirm"; + enableDefaultConfig = false; + matchBlocks = { + "*" = { + compression = true; + addKeysToAgent = "confirm"; + }; + }; extraConfig = lib.strings.concatLines ( builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys ); diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7898daa..de06f94 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -19,6 +19,12 @@ in { config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; host = { reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; @@ -52,7 +58,7 @@ in { START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + BUILTIN_SSH_SERVER_USER = "git"; ROOT_URL = "https://git.jan-leila.com"; }; service = { From afcf4156212747cac2751061ed3307646ce64530 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:11:29 -0500 Subject: [PATCH 139/374] enabled power management from twilight and emergent --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- configurations/nixos/twilight/nvidia-drivers.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fb66cf6..b532446 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -27,7 +27,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 47763f8..d875e37 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -21,7 +21,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). From b7dd5328d0c3a653e8e68c5df8e1f686fba57720 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:20:24 -0500 Subject: [PATCH 140/374] moved piper to module with enable option --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + modules/home-manager-modules/programs/piper.nix | 17 +++++++++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/piper.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 295597a..754ced2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -20,7 +20,6 @@ in { ungoogled-chromium krita gnomeExtensions.dash-to-panel - (lib.mkIf hardware.piperMouse.enable piper) ] ); @@ -61,6 +60,7 @@ in { makemkv.enable = true; signal-desktop-bin.enable = true; steam.enable = true; + piper.enable = hardware.piperMouse.enable; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 702edda..33c6103 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -36,6 +36,7 @@ in { protonvpn-gui.enable = true; dbeaver-bin.enable = true; bruno.enable = true; + piper.enable = hardware.piperMouse.enable; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -105,7 +106,6 @@ in { noisetorch # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 675e77d..be4b072 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -6,6 +6,7 @@ ./makemkv.nix ./obs.nix ./anki.nix + ./piper.nix ./qbittorrent.nix ./discord.nix ./obsidian.nix diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix new file mode 100644 index 0000000..ec0d887 --- /dev/null +++ b/modules/home-manager-modules/programs/piper.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.piper = { + enable = lib.mkEnableOption "enable piper"; + }; + + config = lib.mkIf config.programs.piper.enable { + home.packages = with pkgs; [ + piper + ]; + }; +} From 2d396228c728a19f46e69c09fc22bfb8e9eb9ab1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:27:26 -0500 Subject: [PATCH 141/374] moved krita to programs folder --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/krita.nix | 30 +++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/krita.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 754ced2..f7f0c78 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,7 +18,6 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium - krita gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { signal-desktop-bin.enable = true; steam.enable = true; piper.enable = hardware.piperMouse.enable; + krita.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 33c6103..717b153 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -49,6 +49,7 @@ in { vscode.enable = true; firefox.enable = true; steam.enable = true; + krita.enable = true; }) ]; } @@ -77,7 +78,6 @@ in { libreoffice inkscape gimp - krita freecad # cura # kicad-small diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index be4b072..f2a22ee 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,6 +12,7 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix new file mode 100644 index 0000000..d662251 --- /dev/null +++ b/modules/home-manager-modules/programs/krita.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.krita = { + enable = lib.mkEnableOption "enable krita"; + }; + + config = lib.mkIf config.programs.krita.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + krita + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kritarc" + "${config.xdg.dataHome}/krita" + ]; + allowOther = true; + }; + } + ) + ]); +} From fab03391fced092fa46b50fb14815f566036703d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 00:33:53 -0500 Subject: [PATCH 142/374] updated flake.lock --- flake.lock | 30 +++++++++++----------- modules/nixos-modules/server/paperless.nix | 3 +-- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 5b4d6a3..19959d9 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756699417, - "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", + "lastModified": 1756958609, + "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "007b803d1eff595d25e7886e83054dbd038bf029", + "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756734952, - "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756692643, - "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", + "lastModified": 1756950692, + "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", + "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756245047, - "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", + "lastModified": 1756925795, + "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", + "rev": "ba6fab29768007e9f2657014a6e134637100c57d", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index 0243d53..b97c48d 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -51,10 +51,9 @@ in { }; }; services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { - PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBNAME = config.services.paperless.database.user; From c31eb38229e0be1414ecad42a0085debba16c5fd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 14:33:17 -0500 Subject: [PATCH 143/374] installed direnv extension --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/direnv.nix | 25 +++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/direnv.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 778439a..f213d3c 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -78,6 +78,7 @@ in { # misc extensions evenBetterToml.enable = true; + direnv.enable = config.programs.direnv.enable; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 50b323d..48eb1ce 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -21,5 +21,6 @@ ./claudeDev.nix ./nearley.nix ./vitest.nix + ./direnv.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/direnv.nix b/modules/home-manager-modules/programs/vscode/direnv.nix new file mode 100644 index 0000000..231ea17 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/direnv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.direnv = { + enable = lib.mkEnableOption "Enable direnv extension"; + extension = lib.mkPackageOption pkgsRepository "direnv" { + default = ["mkhl" "direnv"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.direnv.enable { + extensions = [config.extraExtensions.direnv.extension]; + }; + })); + }; +} From 2aad75a334050e30f9fba9567d231ff6d338bda7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:23:59 -0500 Subject: [PATCH 144/374] moved more packages to modules --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 66 ++++++------------- .../programs/davinci-resolve.nix | 30 +++++++++ .../home-manager-modules/programs/default.nix | 18 +++++ .../home-manager-modules/programs/freecad.nix | 29 ++++++++ .../programs/gdx-liftoff.nix | 17 +++++ .../home-manager-modules/programs/gimp.nix | 29 ++++++++ .../programs/inkscape.nix | 29 ++++++++ .../programs/libreoffice.nix | 29 ++++++++ .../home-manager-modules/programs/mfoc.nix | 17 +++++ .../programs/noisetorch.nix | 17 +++++ .../programs/onionshare.nix | 17 +++++ .../home-manager-modules/programs/openrgb.nix | 17 +++++ .../home-manager-modules/programs/openvpn.nix | 17 +++++ .../programs/pdfarranger.nix | 17 +++++ .../home-manager-modules/programs/picard.nix | 29 ++++++++ .../programs/proxmark3.nix | 17 +++++ .../programs/qflipper.nix | 29 ++++++++ .../programs/tor-browser.nix | 29 ++++++++ .../programs/ungoogled-chromium.nix | 29 ++++++++ modules/home-manager-modules/programs/via.nix | 17 +++++ 21 files changed, 453 insertions(+), 48 deletions(-) create mode 100644 modules/home-manager-modules/programs/davinci-resolve.nix create mode 100644 modules/home-manager-modules/programs/freecad.nix create mode 100644 modules/home-manager-modules/programs/gdx-liftoff.nix create mode 100644 modules/home-manager-modules/programs/gimp.nix create mode 100644 modules/home-manager-modules/programs/inkscape.nix create mode 100644 modules/home-manager-modules/programs/libreoffice.nix create mode 100644 modules/home-manager-modules/programs/mfoc.nix create mode 100644 modules/home-manager-modules/programs/noisetorch.nix create mode 100644 modules/home-manager-modules/programs/onionshare.nix create mode 100644 modules/home-manager-modules/programs/openrgb.nix create mode 100644 modules/home-manager-modules/programs/openvpn.nix create mode 100644 modules/home-manager-modules/programs/pdfarranger.nix create mode 100644 modules/home-manager-modules/programs/picard.nix create mode 100644 modules/home-manager-modules/programs/proxmark3.nix create mode 100644 modules/home-manager-modules/programs/qflipper.nix create mode 100644 modules/home-manager-modules/programs/tor-browser.nix create mode 100644 modules/home-manager-modules/programs/ungoogled-chromium.nix create mode 100644 modules/home-manager-modules/programs/via.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f7f0c78..f738fe2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -17,7 +17,6 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - ungoogled-chromium gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { steam.enable = true; piper.enable = hardware.piperMouse.enable; krita.enable = true; + ungoogled-chromium.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 717b153..86bbd96 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -37,6 +37,12 @@ in { dbeaver-bin.enable = true; bruno.enable = true; piper.enable = hardware.piperMouse.enable; + proxmark3.enable = true; + openrgb.enable = hardware.openRGB.enable; + via.enable = hardware.viaKeyboard.enable; + claude-code.enable = osConfig.host.ai.enable; + davinci-resolve.enable = hardware.graphicsAcceleration.enable; + mfoc.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -50,6 +56,19 @@ in { firefox.enable = true; steam.enable = true; krita.enable = true; + ungoogled-chromium.enable = true; + libreoffice.enable = true; + inkscape.enable = true; + gimp.enable = true; + freecad.enable = true; + onionshare.enable = true; + pdfarranger.enable = true; + picard.enable = true; + qflipper.enable = true; + openvpn.enable = true; + noisetorch.enable = true; + tor-browser.enable = true; + gdx-liftoff.enable = true; }) ]; } @@ -66,53 +85,6 @@ in { nixpkgs.config = { allowUnfree = true; }; - - home.packages = ( - (with pkgs; [ - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - ungoogled-chromium - libreoffice - inkscape - gimp - freecad - # cura - # kicad-small - onionshare - # rhythmbox - - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - pdfarranger - picard - - gdx-liftoff - - # proprietary platforms - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - qFlipper - - # system tools - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - - (lib.mkIf osConfig.host.ai.enable claude-code) - ]) - ) - ); }) ]; } diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix new file mode 100644 index 0000000..00ba525 --- /dev/null +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.davinci-resolve = { + enable = lib.mkEnableOption "enable davinci-resolve"; + }; + + config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + davinci-resolve + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/DaVinciResolve" + "${config.xdg.configHome}/blackmagic" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index f2a22ee..d1c13db 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -19,5 +19,23 @@ ./dbeaver.nix ./steam.nix ./vscode + ./ungoogled-chromium.nix + ./libreoffice.nix + ./inkscape.nix + ./gimp.nix + ./proxmark3.nix + ./freecad.nix + ./onionshare.nix + ./mfoc.nix + ./pdfarranger.nix + ./picard.nix + ./qflipper.nix + ./openvpn.nix + ./noisetorch.nix + ./openrgb.nix + ./via.nix + ./davinci-resolve.nix + ./gdx-liftoff.nix + ./tor-browser.nix ]; } diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix new file mode 100644 index 0000000..ec17205 --- /dev/null +++ b/modules/home-manager-modules/programs/freecad.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.freecad = { + enable = lib.mkEnableOption "enable freecad"; + }; + + config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + freecad + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/FreeCAD" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix new file mode 100644 index 0000000..b29230d --- /dev/null +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gdx-liftoff = { + enable = lib.mkEnableOption "enable gdx-liftoff"; + }; + + config = lib.mkIf config.programs.gdx-liftoff.enable { + home.packages = with pkgs; [ + gdx-liftoff + ]; + }; +} diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix new file mode 100644 index 0000000..428068e --- /dev/null +++ b/modules/home-manager-modules/programs/gimp.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gimp = { + enable = lib.mkEnableOption "enable gimp"; + }; + + config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + gimp + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/GIMP" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix new file mode 100644 index 0000000..facb08f --- /dev/null +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.inkscape = { + enable = lib.mkEnableOption "enable inkscape"; + }; + + config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + inkscape + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/inkscape" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix new file mode 100644 index 0000000..b61ea58 --- /dev/null +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.libreoffice = { + enable = lib.mkEnableOption "enable libreoffice"; + }; + + config = lib.mkIf config.programs.libreoffice.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + libreoffice + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/libreoffice" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix new file mode 100644 index 0000000..7b92007 --- /dev/null +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.mfoc = { + enable = lib.mkEnableOption "enable mfoc"; + }; + + config = lib.mkIf config.programs.mfoc.enable { + home.packages = with pkgs; [ + mfoc + ]; + }; +} diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix new file mode 100644 index 0000000..c53e3a9 --- /dev/null +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.noisetorch = { + enable = lib.mkEnableOption "enable noisetorch"; + }; + + config = lib.mkIf config.programs.noisetorch.enable { + home.packages = with pkgs; [ + noisetorch + ]; + }; +} diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix new file mode 100644 index 0000000..ed1903d --- /dev/null +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.onionshare = { + enable = lib.mkEnableOption "enable onionshare"; + }; + + config = lib.mkIf config.programs.onionshare.enable { + home.packages = with pkgs; [ + onionshare + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix new file mode 100644 index 0000000..0260c91 --- /dev/null +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openrgb = { + enable = lib.mkEnableOption "enable openrgb"; + }; + + config = lib.mkIf config.programs.openrgb.enable { + home.packages = with pkgs; [ + openrgb + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix new file mode 100644 index 0000000..814c16d --- /dev/null +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openvpn = { + enable = lib.mkEnableOption "enable openvpn"; + }; + + config = lib.mkIf config.programs.openvpn.enable { + home.packages = with pkgs; [ + openvpn + ]; + }; +} diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix new file mode 100644 index 0000000..d4e33b5 --- /dev/null +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.pdfarranger = { + enable = lib.mkEnableOption "enable pdfarranger"; + }; + + config = lib.mkIf config.programs.pdfarranger.enable { + home.packages = with pkgs; [ + pdfarranger + ]; + }; +} diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix new file mode 100644 index 0000000..d2c1fe2 --- /dev/null +++ b/modules/home-manager-modules/programs/picard.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.picard = { + enable = lib.mkEnableOption "enable picard"; + }; + + config = lib.mkIf config.programs.picard.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + picard + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/MusicBrainz" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix new file mode 100644 index 0000000..ad1e298 --- /dev/null +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.proxmark3 = { + enable = lib.mkEnableOption "enable proxmark3"; + }; + + config = lib.mkIf config.programs.proxmark3.enable { + home.packages = with pkgs; [ + proxmark3 + ]; + }; +} diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix new file mode 100644 index 0000000..abc2442 --- /dev/null +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qflipper = { + enable = lib.mkEnableOption "enable qflipper"; + }; + + config = lib.mkIf config.programs.qflipper.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qFlipper + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/qFlipper" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix new file mode 100644 index 0000000..2c58578 --- /dev/null +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.tor-browser = { + enable = lib.mkEnableOption "enable tor-browser"; + }; + + config = lib.mkIf config.programs.tor-browser.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + tor-browser + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/torbrowser" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix new file mode 100644 index 0000000..5b52cd6 --- /dev/null +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.ungoogled-chromium = { + enable = lib.mkEnableOption "enable ungoogled-chromium"; + }; + + config = lib.mkIf config.programs.ungoogled-chromium.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + ungoogled-chromium + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix new file mode 100644 index 0000000..0b79452 --- /dev/null +++ b/modules/home-manager-modules/programs/via.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.via = { + enable = lib.mkEnableOption "enable via"; + }; + + config = lib.mkIf config.programs.via.enable { + home.packages = with pkgs; [ + via + ]; + }; +} From 1831fea96a57f9c538b3f72f13b09adb51a35ea1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:40:22 -0500 Subject: [PATCH 145/374] updated flake lock --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 19959d9..03054c1 100644 --- a/flake.lock +++ b/flake.lock @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1756991914, + "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b08f8737776f10920c330657bee8b95834b7a70f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1757015938, + "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", "type": "github" }, "original": { From 68b791f7c10340d2e97992f9bfe3e12311945ac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:11:22 -0500 Subject: [PATCH 146/374] feat: installed conventional commits plugin --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/conventionalCommits.nix | 25 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/conventionalCommits.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f213d3c..8ac026e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -79,6 +79,7 @@ in { # misc extensions evenBetterToml.enable = true; direnv.enable = config.programs.direnv.enable; + conventionalCommits.enable = true; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix new file mode 100644 index 0000000..00ca6fa --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.conventionalCommits = { + enable = lib.mkEnableOption "Enable VSCode Conventional Commits extension"; + extension = lib.mkPackageOption pkgsRepository "conventional-commits" { + default = ["vivaxy" "vscode-conventional-commits"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.conventionalCommits.enable { + extensions = [config.extraExtensions.conventionalCommits.extension]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 48eb1ce..85f4a62 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -22,5 +22,6 @@ ./nearley.nix ./vitest.nix ./direnv.nix + ./conventionalCommits.nix ]; } From 09d258840662c034f187e66bea1536eefb1f644a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:42:13 -0500 Subject: [PATCH 147/374] feat: added config options to hte conventional commit extension to disable emoji and scopes propts --- .../programs/vscode/conventionalCommits.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 00ca6fa..1e3954c 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -15,10 +15,27 @@ in { extension = lib.mkPackageOption pkgsRepository "conventional-commits" { default = ["vivaxy" "vscode-conventional-commits"]; }; + + emojiFormat = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable emoji format for conventional commits"; + }; + + promptScopes = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable prompting for scopes in conventional commits"; + }; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; + + userSettings = { + "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + }; }; })); }; From 58fec3f132f0fdfd4ade138ffc1edf9905753ad4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 15:58:54 -0500 Subject: [PATCH 148/374] refactor: switched to using mkEnableOption --- .../programs/vscode/conventionalCommits.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 1e3954c..5bc8124 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -16,24 +16,16 @@ in { default = ["vivaxy" "vscode-conventional-commits"]; }; - emojiFormat = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable emoji format for conventional commits"; - }; + gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; - promptScopes = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable prompting for scopes in conventional commits"; - }; + promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; userSettings = { - "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; }; }; From 487dc215503aab6d309ade68480ac48a47604376 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 20:12:46 -0500 Subject: [PATCH 149/374] refactor: removed eslint mcp server --- .../leyla/packages/vscode/default.nix | 1 - .../programs/vscode/claudeDev.nix | 38 +++---------------- 2 files changed, 6 insertions(+), 33 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8ac026e..6e36908 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,7 +72,6 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 11eb155..21ff6b5 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,21 +10,11 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; - mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' - ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" - ''; - anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpEslint = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.eslint.enable - ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -39,9 +29,6 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; - eslint = { - enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; - }; }; }; }; @@ -60,27 +47,14 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpEslint { - home.packages = [ - mcp-eslint - pkgs.eslint - ]; - }) - - (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + (lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = - (lib.optionalAttrs anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${mcp-eslint}/bin/mcp-eslint"; - }; - }); + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 2745af9443d5a814866e791e513648d887dc7dbe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 8 Sep 2025 16:47:05 -0500 Subject: [PATCH 150/374] feat: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 03054c1..6ea6f9b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1756733629, - "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "lastModified": 1757255839, + "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", "owner": "nix-community", "repo": "disko", - "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756958609, - "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", + "lastModified": 1757304222, + "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", + "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756991914, - "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", + "lastModified": 1757256385, + "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", "owner": "nix-community", "repo": "home-manager", - "rev": "b08f8737776f10920c330657bee8b95834b7a70f", + "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757015938, - "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", + "lastModified": 1757130842, + "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", + "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756950692, - "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", + "lastModified": 1757296711, + "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", + "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756925795, - "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ba6fab29768007e9f2657014a6e134637100c57d", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { From ca9f54d795a84177cf4d98e818891e87c5c44f28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 00:41:17 -0500 Subject: [PATCH 151/374] feat: installed mcp servers for vitest and eslint --- .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/claudeDev.nix | 45 ++++++++++++++++--- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e36908..41ecdcb 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,6 +72,8 @@ in { enable = true; mcp = { nixos.enable = true; + eslint.enable = true; + vitest.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 21ff6b5..47da0af 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,6 +15,20 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpVitest = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.vitest.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +43,12 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; + vitest = { + enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + }; }; }; }; @@ -47,14 +67,27 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpNixos { + (lib.mkIf anyProfileHasMcp { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@eslint/mcp@latest"]; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpVitest { + vitest = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@djankies/vitest-mcp"]; + }; + }); }; force = true; }; From cf330b1cbb44a07a28bca5d86eebd40176f5ac5a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:18:06 -0500 Subject: [PATCH 152/374] feat: installed sleep-mcp server --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/claudeDev.nix | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 41ecdcb..a651265 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -74,6 +74,7 @@ in { nixos.enable = true; eslint.enable = true; vitest.enable = true; + sleep.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 47da0af..9c067e8 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -28,7 +28,13 @@ && profile.extraExtensions.claudeDev.mcp.vitest.enable ) (lib.attrValues config.programs.vscode.profiles); - anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; + anyProfileHasMcpSleep = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.sleep.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -49,6 +55,9 @@ in { vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; }; + sleep = { + enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + }; }; }; }; @@ -87,6 +96,12 @@ in { command = "${pkgs.nodejs}/bin/npx"; args = ["-y" "@djankies/vitest-mcp"]; }; + }) + // (lib.optionalAttrs anyProfileHasMcpSleep { + sleep-mcp = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "sleep-mcp"]; + }; }); }; force = true; From 0f8faadd80cb86c34d23b7e17f327de5f3f7acde Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:47:31 -0500 Subject: [PATCH 153/374] feat: added more config options for mcp servers --- .../leyla/packages/vscode/default.nix | 24 +++- .../programs/vscode/claudeDev.nix | 110 ++++++++++++++++-- 2 files changed, 119 insertions(+), 15 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index a651265..583f440 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,9 +72,27 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; - vitest.enable = true; - sleep.enable = true; + eslint = { + enable = true; + autoApprove = { + lint-files = true; + }; + }; + vitest = { + enable = true; + autoApprove = { + list_tests = true; + run_tests = true; + analyze_coverage = true; + }; + }; + sleep = { + enable = true; + timeout = 18000; # 5 hours to match claude codes timeout + autoApprove = { + sleep = true; + }; + }; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 9c067e8..0e34f97 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -35,6 +35,30 @@ ) (lib.attrValues config.programs.vscode.profiles); anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; + + getMcpTimeout = serverName: + lib.findFirst (timeout: timeout != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.timeout + else null + ) (lib.attrValues config.programs.vscode.profiles)); + + getMcpAutoApprove = serverName: + lib.foldl' ( + acc: profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then acc // profile.extraExtensions.claudeDev.mcp.${serverName}.autoApprove + else acc + ) {} (lib.attrValues config.programs.vscode.profiles); + + getMcpPackage = serverName: + lib.findFirst (package: package != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.package + else null + ) (lib.attrValues config.programs.vscode.profiles)); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,12 +75,53 @@ in { }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@eslint/mcp@latest"; + description = "NPM package to use for ESLint MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for ESLint MCP server operations"; + }; + autoApprove = { + lint-files = lib.mkEnableOption "Should the lint-files tool be auto approved for ESLint MCP server"; + }; }; vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@djankies/vitest-mcp"; + description = "NPM package to use for Vitest MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Vitest MCP server operations"; + }; + autoApprove = { + list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; + run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; + analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + }; }; sleep = { enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "sleep-mcp"; + description = "NPM package to use for Sleep MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Sleep MCP server operations"; + }; + autoApprove = { + sleep = lib.mkEnableOption "Should the sleep tool be auto approved for Sleep MCP server"; + }; }; }; }; @@ -86,22 +151,43 @@ in { }; }) // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@eslint/mcp@latest"]; - }; + eslint = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "eslint")]; + } + // (lib.optionalAttrs ((getMcpTimeout "eslint") != null) { + timeout = getMcpTimeout "eslint"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "eslint") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "eslint")); + }); }) // (lib.optionalAttrs anyProfileHasMcpVitest { - vitest = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@djankies/vitest-mcp"]; - }; + vitest = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "vitest")]; + } + // (lib.optionalAttrs ((getMcpTimeout "vitest") != null) { + timeout = getMcpTimeout "vitest"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "vitest") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "vitest")); + }); }) // (lib.optionalAttrs anyProfileHasMcpSleep { - sleep-mcp = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "sleep-mcp"]; - }; + sleep-mcp = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "sleep")]; + } + // (lib.optionalAttrs ((getMcpTimeout "sleep") != null) { + timeout = getMcpTimeout "sleep"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "sleep") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "sleep")); + }); }); }; force = true; From ffcba0d714f2fed4a72aadf68ccd184d5872dcee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:03:04 -0500 Subject: [PATCH 154/374] feat: created mapillary desktop uploader dirivation --- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/mapillary-uploader.nix | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 modules/common-modules/pkgs/mapillary-uploader.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 16f3a3c..669533b 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -22,5 +22,8 @@ (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix new file mode 100644 index 0000000..3ab38f8 --- /dev/null +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -0,0 +1,42 @@ +{ + lib, + fetchurl, + appimageTools, +}: let + pname = "mapillary-uploader"; + version = "4.7.2"; # Based on the application output + + src = fetchurl { + url = "https://tools.mapillary.com/uploader/download/linux"; + name = "mapillary-uploader.AppImage"; + sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + }; + + appimageContents = appimageTools.extractType2 { + inherit pname version src; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + + extraInstallCommands = '' + # Install desktop file + install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop + + # Install icon + install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png + + # Fix desktop file paths + substituteInPlace $out/share/applications/mapillary-uploader.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' + ''; + + meta = with lib; { + description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary"; + homepage = "https://www.mapillary.com/"; + license = licenses.unfree; # Mapillary's license terms + maintainers = []; + platforms = ["x86_64-linux"]; + sourceProvenance = with sourceTypes; [binaryNativeCode]; + }; + } From 3bf3391eb90e7b2cead773c262ecf0d8c8c8a4c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:15:43 -0500 Subject: [PATCH 155/374] feat: created mapillary desktop uploader program config and installed for leyla --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/mapillary-uploader.nix | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 modules/home-manager-modules/programs/mapillary-uploader.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 86bbd96..6377ed2 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -58,6 +58,7 @@ in { krita.enable = true; ungoogled-chromium.enable = true; libreoffice.enable = true; + mapillary-uploader.enable = true; inkscape.enable = true; gimp.enable = true; freecad.enable = true; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index d1c13db..79f3351 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -21,6 +21,7 @@ ./vscode ./ungoogled-chromium.nix ./libreoffice.nix + ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix ./proxmark3.nix diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix new file mode 100644 index 0000000..38c1144 --- /dev/null +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.programs.mapillary-uploader; +in { + options.programs.mapillary-uploader = { + enable = mkEnableOption "Mapillary Desktop Uploader"; + }; + + config = mkIf cfg.enable { + home.packages = [pkgs.mapillary-uploader]; + }; +} From 22b9c5b3f96094ddd6e210070650da4c1d9a497c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 17:34:19 -0500 Subject: [PATCH 156/374] chore: added items to task list --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 339a8e8..13d1206 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - rotate sops encryption keys periodically (and somehow sync between devices?) - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- panoramax instance +- mastodon instance +- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 88dcba346f6413963277fdb0f216a4f64811ac08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:42:34 -0500 Subject: [PATCH 157/374] feat: started to create panoramax config --- modules/common-modules/pkgs/default.nix | 3 + modules/common-modules/pkgs/panoramax.nix | 65 ++++++++++++++++++++++ modules/nixos-modules/server/panoramax.nix | 43 ++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 modules/common-modules/pkgs/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 669533b..f1235cc 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -25,5 +25,8 @@ (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) + (final: prev: { + panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix new file mode 100644 index 0000000..e2dad14 --- /dev/null +++ b/modules/common-modules/pkgs/panoramax.nix @@ -0,0 +1,65 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + flask, + pillow, + requests, + python-dotenv, + authlib, + sentry-sdk, + python-dateutil, + croniter, + pydantic, + ... +}: let + pname = "geovisio"; + version = "2.10.0"; + repo = fetchFromGitLab { + owner = "panoramax"; + repo = "server/api"; + rev = version; + hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E="; + }; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = repo; + + build-system = [ + flit-core + ]; + + dependencies = [ + flask + pillow + requests + python-dotenv + authlib + sentry-sdk + python-dateutil + croniter + pydantic + ]; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as many dependencies are not available in nixpkgs + dontCheckRuntimeDeps = true; + + # Disable imports check as many dependencies are not available in nixpkgs + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax API client and tools for street-level imagery platform"; + homepage = "https://gitlab.com/panoramax/server/api"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix new file mode 100644 index 0000000..a16588a --- /dev/null +++ b/modules/nixos-modules/server/panoramax.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + osConfig, + ... +}: let + cfg = config.services.panoramax; +in { + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + # TODO: create configs + # TODO: auto config db + # config = { + # DB_PORT = lib.mkOption {}; + # DB_HOST = lib.mkOption {}; + # DB_USERNAME = lib.mkOption {}; + # DB_PASSWORD = lib.mkOption {}; + # DB_NAME = lib.mkOption {}; + # FS_URL = lib.mkOption {}; + # }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + # TODO: configure options for the package + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: configure impermanence for panoramax data + } + ) + ] + ); +} From 663bdcc012cbf6410bf6acebaf4566313c4081fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:48:10 -0500 Subject: [PATCH 158/374] chore: stubed out section for fail2ban for panoramax --- modules/nixos-modules/server/panoramax.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index a16588a..f7d305f 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -33,6 +33,11 @@ in { { # TODO: configure options for the package } + ( + lib.mkIf config.services.fail2ban { + # TODO: configure options for fail2ban + } + ) ( lib.mkIf osConfig.host.impermanence.enable { # TODO: configure impermanence for panoramax data From 52801b4bb7a71f02115c6f3b05899ed3daf150ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 22:10:57 -0500 Subject: [PATCH 159/374] refactor: moved reverse proxy into own section in server modules --- modules/nixos-modules/server/actual.nix | 12 +- modules/nixos-modules/server/forgejo.nix | 10 +- .../nixos-modules/server/home-assistant.nix | 37 +++--- modules/nixos-modules/server/immich.nix | 38 +++--- modules/nixos-modules/server/jellyfin.nix | 28 ++--- modules/nixos-modules/server/paperless.nix | 26 +++-- modules/nixos-modules/server/searx.nix | 110 +++++++++--------- 7 files changed, 142 insertions(+), 119 deletions(-) diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix index 7fc0b93..80f4fab 100644 --- a/modules/nixos-modules/server/actual.nix +++ b/modules/nixos-modules/server/actual.nix @@ -18,11 +18,6 @@ in { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" ]; - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; services.actual = { settings = { @@ -30,6 +25,13 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { # TODO: configuration for fail2ban for actual }) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index de06f94..3b19695 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -26,9 +26,6 @@ in { } ]; host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; postgres = { enable = true; extraUsers = { @@ -76,6 +73,13 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 57bedc1..baf6683 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,24 +43,6 @@ in { config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - services.home-assistant = { configDir = configDir; extraComponents = [ @@ -173,6 +155,25 @@ in { ]; }; }) + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index e7088a9..fa376e4 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -17,23 +17,6 @@ in { config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; postgres = { enable = true; extraUsers = { @@ -53,6 +36,27 @@ in { ]; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 294c8e1..85c870f 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -30,6 +30,20 @@ in { config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + } + (lib.mkIf config.host.reverse_proxy.enable { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; @@ -45,19 +59,7 @@ in { proxy_buffering off; ''; }; - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/jellyfin.local".text = ( diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index b97c48d..303d742 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -24,17 +24,6 @@ in { config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; postgres = { enable = true; extraUsers = { @@ -61,6 +50,21 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/paperless.local".text = ( diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index d357308..0e547af 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -12,61 +12,67 @@ }; }; - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; + config = lib.mkIf config.services.searx.enable ( + lib.mkMerge [ + { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; - }; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; + } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; + }) + ] + ); } From 84b204f8b1553aa25a0831ec25f03de62df3d7b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 10:40:34 -0500 Subject: [PATCH 160/374] feat: created env config for panoramax --- modules/nixos-modules/server/panoramax.nix | 191 +++++++++++++++++++-- 1 file changed, 177 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index f7d305f..5196a2d 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -4,8 +4,28 @@ pkgs, osConfig, ... -}: let - cfg = config.services.panoramax; +}: +with lib; let + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; in { options.services.panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -16,23 +36,166 @@ in { description = "The panoramax package to use"; }; - # TODO: create configs - # TODO: auto config db - # config = { - # DB_PORT = lib.mkOption {}; - # DB_HOST = lib.mkOption {}; - # DB_USERNAME = lib.mkOption {}; - # DB_PASSWORD = lib.mkOption {}; - # DB_NAME = lib.mkOption {}; - # FS_URL = lib.mkOption {}; - # }; + # TODO: sgblur config + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + database = { + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; }; - config = lib.mkIf cfg.enable ( + config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - # TODO: configure options for the package + environment.systemPackages = with pkgs; [ + config.services.panoramax.package + python3Packages.waitress + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + # TODO: auto config db } + ( + lib.mkIf config.host.reverse_proxy.enable { + # TODO: configure reverse proxy here + } + ) ( lib.mkIf config.services.fail2ban { # TODO: configure options for fail2ban From 376cb934c322be84390c57f30ddb234f6a45a50f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:29:43 -0500 Subject: [PATCH 161/374] refactor: added asseration for db config --- modules/nixos-modules/server/panoramax.nix | 68 +++++++++++++++++----- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 5196a2d..0ebd82f 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,23 +6,40 @@ ... }: with lib; let + cfg = config.services.panoramax; + + # Database configuration assertions + dbUrlConfigured = cfg.database.url != null; + individualDbConfigured = all (x: x != null) [ + cfg.database.host + cfg.database.port + cfg.database.username + cfg.database.password + cfg.database.name + ]; + envContent = '' # Panoramax Configuration FLASK_APP=geovisio - ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ${ + if dbUrlConfigured + then "DB_URL=${cfg.database.url}" + else '' + DB_HOST=${cfg.database.host} + DB_PORT=${toString cfg.database.port} + DB_USERNAME=${cfg.database.username} + DB_PASSWORD=${cfg.database.password} + DB_NAME=${cfg.database.name} + '' + } + ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} + ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} + ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} + ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} + ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} + ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} + ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -189,6 +206,29 @@ in { "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" ]; + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + ]; + # TODO: auto config db } ( From 1d0f51c70ad69b103c630281a75dc65b2776df26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:36:12 -0500 Subject: [PATCH 162/374] chore: addede panoramax.nix to server modules --- modules/nixos-modules/server/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4ca50e2..87f3dae 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -14,5 +14,6 @@ ./qbittorent.nix ./paperless.nix ./actual.nix + ./panoramax.nix ]; } From c0579f55dc56e90af409dfbab22bafba4b3338c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 13:36:07 -0500 Subject: [PATCH 163/374] feat: created sgblur package --- modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/sgblur.nix | 65 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 modules/common-modules/pkgs/sgblur.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index f1235cc..28141c8 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -28,5 +28,8 @@ (final: prev: { panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; }) + (final: prev: { + sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/sgblur.nix b/modules/common-modules/pkgs/sgblur.nix new file mode 100644 index 0000000..d007b4e --- /dev/null +++ b/modules/common-modules/pkgs/sgblur.nix @@ -0,0 +1,65 @@ +{ + lib, + python3Packages, + fetchFromGitHub, + pkg-config, + libjpeg_turbo, + exiftran ? libjpeg_turbo, +}: +python3Packages.buildPythonPackage { + pname = "sgblur"; + version = "1.0.0"; + + pyproject = true; + + src = fetchFromGitHub { + owner = "cquest"; + repo = "sgblur"; + rev = "master"; + hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y="; + }; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libjpeg_turbo + exiftran + ]; + + build-system = with python3Packages; [ + setuptools + wheel + ]; + + dependencies = with python3Packages; [ + # Core dependencies from pyproject.toml + ultralytics + # pyturbojpeg # May need special handling + pillow + # uuid # Built into Python + # exifread + python-multipart + fastapi + uvicorn + requests + # piexif + pydantic-settings + pydantic + ]; + + # Skip tests as they may require GPU or specific setup + doCheck = false; + + # The package may have import issues due to system dependencies + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API"; + homepage = "https://github.com/cquest/sgblur"; + license = licenses.mit; + maintainers = []; + platforms = platforms.unix; + }; +} From 0f87d78271bd2ca520f70bc20cdda6b27a86537b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:02:16 -0500 Subject: [PATCH 164/374] feat: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6ea6f9b..ca41b02 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757304222, - "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", + "lastModified": 1757822625, + "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", + "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757256385, - "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "owner": "nix-community", "repo": "home-manager", - "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757130842, - "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757296711, - "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", + "lastModified": 1757901553, + "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", + "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757847158, + "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", "type": "github" }, "original": { From dbd5d36913bd38c4485e46d8992f3bd861afa558 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:54:31 -0500 Subject: [PATCH 165/374] feat: drafted out reverse proxy config for panoramax --- modules/nixos-modules/server/panoramax.nix | 26 +++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 0ebd82f..ad21738 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -53,6 +53,12 @@ in { description = "The panoramax package to use"; }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + # TODO: sgblur config port = mkOption { type = types.nullOr types.port; @@ -233,7 +239,25 @@ in { } ( lib.mkIf config.host.reverse_proxy.enable { - # TODO: configure reverse proxy here + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; } ) ( From 01325c306867c786f2828594ec0eef1fe98c64ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 15:25:05 -0500 Subject: [PATCH 166/374] feat: drafted out database configuration and sgblur config --- modules/nixos-modules/server/panoramax.nix | 229 ++++++++++++++++----- 1 file changed, 181 insertions(+), 48 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index ad21738..dd026cd 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,16 +6,14 @@ ... }: with lib; let - cfg = config.services.panoramax; - # Database configuration assertions - dbUrlConfigured = cfg.database.url != null; + dbUrlConfigured = config.services.panoramax.database.url != null; individualDbConfigured = all (x: x != null) [ - cfg.database.host - cfg.database.port - cfg.database.username - cfg.database.password - cfg.database.name + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name ]; envContent = '' @@ -23,23 +21,24 @@ with lib; let FLASK_APP=geovisio ${ if dbUrlConfigured - then "DB_URL=${cfg.database.url}" + then "DB_URL=${config.services.panoramax.database.url}" else '' - DB_HOST=${cfg.database.host} - DB_PORT=${toString cfg.database.port} - DB_USERNAME=${cfg.database.username} - DB_PASSWORD=${cfg.database.password} - DB_NAME=${cfg.database.name} + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} '' } - ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} - ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} - ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} - ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} - ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} - ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} - ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -59,26 +58,13 @@ in { default = "panoramax"; }; - # TODO: sgblur config - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + url = mkOption { type = types.nullOr types.str; default = null; @@ -113,12 +99,62 @@ in { }; name = mkOption { - type = types.nullOr types.str; + type = types.str; default = "panoramax"; description = "Database name (ignored if database.url is set)"; }; }; + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + storage = { fsUrl = mkOption { type = types.nullOr types.str; @@ -179,10 +215,14 @@ in { config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - environment.systemPackages = with pkgs; [ - config.services.panoramax.package - python3Packages.waitress - ]; + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; systemd.services.panoramax = { description = "Panoramax Service"; @@ -233,10 +273,103 @@ in { } ''; } - ]; + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" - # TODO: auto config db + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; } + ( + lib.mkIf config.services.panoramax.sgblur.enable { + systemd.services.sgblur = { + description = "SGBlur AI-powered face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; + Restart = "always"; + User = "sgblur"; + Group = "sgblur"; + WorkingDirectory = "/var/lib/sgblur"; + Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.sgblur = { + isSystemUser = true; + group = "sgblur"; + home = "/var/lib/sgblur"; + createHome = true; + }; + + users.groups.sgblur = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/sgblur 0755 sgblur sgblur -" + ]; + + # Update panoramax service dependencies when sgblur is enabled + systemd.services.panoramax = { + after = ["sgblur.service"]; + wants = ["sgblur.service"]; + }; + } + ) + ( + lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + } + ) ( lib.mkIf config.host.reverse_proxy.enable { host = { From b2e5ae1f98be4cece2bbab8ae1a9c7ba5d7df9aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 09:58:35 -0500 Subject: [PATCH 167/374] build: updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ca41b02..b6e48bb 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757822625, - "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", + "lastModified": 1757995413, + "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", + "rev": "4ae8996b3e139926c784acd22824cde46cd28833", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757920978, - "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", + "lastModified": 1757997814, + "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", "owner": "nix-community", "repo": "home-manager", - "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", + "rev": "5820376beb804de9acf07debaaff1ac84728b708", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757901553, - "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", + "lastModified": 1757987448, + "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", + "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1757847158, - "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { From cdeb4e108b4604acf9ec15bd2e9bcfb906a2f0a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:14:33 -0500 Subject: [PATCH 168/374] refactor: split server modules into smaller more manageable files --- modules/nixos-modules/server/actual.nix | 56 --- modules/nixos-modules/server/actual/const.nix | 3 + .../nixos-modules/server/actual/default.nix | 34 ++ .../nixos-modules/server/actual/fail2ban.nix | 9 + .../server/actual/impermanence.nix | 26 ++ modules/nixos-modules/server/actual/proxy.nix | 13 + modules/nixos-modules/server/default.nix | 23 +- modules/nixos-modules/server/forgejo.nix | 128 ------ .../nixos-modules/server/forgejo/const.nix | 4 + .../nixos-modules/server/forgejo/database.nix | 41 ++ .../nixos-modules/server/forgejo/default.nix | 61 +++ .../nixos-modules/server/forgejo/fail2ban.nix | 32 ++ .../server/forgejo/impermanence.nix | 28 ++ .../nixos-modules/server/forgejo/proxy.nix | 18 + .../nixos-modules/server/home-assistant.nix | 230 ---------- .../server/home-assistant/database.nix | 56 +++ .../server/home-assistant/default.nix | 118 +++++ .../home-assistant/extensions/default.nix | 12 + .../home-assistant/extensions/jellyfin.nix | 9 + .../home-assistant/extensions/sonos.nix | 11 + .../home-assistant/extensions/wyoming.nix | 9 + .../server/home-assistant/fail2ban.nix | 39 ++ .../server/home-assistant/impermanence.nix | 26 ++ .../server/home-assistant/proxy.nix | 24 ++ modules/nixos-modules/server/immich.nix | 99 ----- .../nixos-modules/server/immich/database.nix | 26 ++ .../nixos-modules/server/immich/default.nix | 28 ++ .../nixos-modules/server/immich/fail2ban.nix | 26 ++ .../server/immich/impermanence.nix | 25 ++ modules/nixos-modules/server/immich/proxy.nix | 27 ++ modules/nixos-modules/server/jellyfin.nix | 147 ------- .../nixos-modules/server/jellyfin/default.nix | 48 +++ .../server/jellyfin/fail2ban.nix | 32 ++ .../server/jellyfin/impermanence.nix | 66 +++ .../nixos-modules/server/jellyfin/proxy.nix | 25 ++ modules/nixos-modules/server/panoramax.nix | 408 ------------------ .../server/panoramax/default.nix | 340 +++++++++++++++ .../server/panoramax/fail2ban.nix | 11 + .../server/panoramax/impermanence.nix | 14 + .../nixos-modules/server/panoramax/proxy.nix | 27 ++ modules/nixos-modules/server/paperless.nix | 113 ----- .../server/paperless/database.nix | 34 ++ .../server/paperless/default.nix | 40 ++ .../server/paperless/fail2ban.nix | 34 ++ .../server/paperless/impermanence.nix | 25 ++ .../nixos-modules/server/paperless/proxy.nix | 21 + modules/nixos-modules/server/searx.nix | 78 ---- .../nixos-modules/server/searx/default.nix | 71 +++ modules/nixos-modules/server/searx/proxy.nix | 14 + 49 files changed, 1519 insertions(+), 1270 deletions(-) delete mode 100644 modules/nixos-modules/server/actual.nix create mode 100644 modules/nixos-modules/server/actual/const.nix create mode 100644 modules/nixos-modules/server/actual/default.nix create mode 100644 modules/nixos-modules/server/actual/fail2ban.nix create mode 100644 modules/nixos-modules/server/actual/impermanence.nix create mode 100644 modules/nixos-modules/server/actual/proxy.nix delete mode 100644 modules/nixos-modules/server/forgejo.nix create mode 100644 modules/nixos-modules/server/forgejo/const.nix create mode 100644 modules/nixos-modules/server/forgejo/database.nix create mode 100644 modules/nixos-modules/server/forgejo/default.nix create mode 100644 modules/nixos-modules/server/forgejo/fail2ban.nix create mode 100644 modules/nixos-modules/server/forgejo/impermanence.nix create mode 100644 modules/nixos-modules/server/forgejo/proxy.nix delete mode 100644 modules/nixos-modules/server/home-assistant.nix create mode 100644 modules/nixos-modules/server/home-assistant/database.nix create mode 100644 modules/nixos-modules/server/home-assistant/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/sonos.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/wyoming.nix create mode 100644 modules/nixos-modules/server/home-assistant/fail2ban.nix create mode 100644 modules/nixos-modules/server/home-assistant/impermanence.nix create mode 100644 modules/nixos-modules/server/home-assistant/proxy.nix delete mode 100644 modules/nixos-modules/server/immich.nix create mode 100644 modules/nixos-modules/server/immich/database.nix create mode 100644 modules/nixos-modules/server/immich/default.nix create mode 100644 modules/nixos-modules/server/immich/fail2ban.nix create mode 100644 modules/nixos-modules/server/immich/impermanence.nix create mode 100644 modules/nixos-modules/server/immich/proxy.nix delete mode 100644 modules/nixos-modules/server/jellyfin.nix create mode 100644 modules/nixos-modules/server/jellyfin/default.nix create mode 100644 modules/nixos-modules/server/jellyfin/fail2ban.nix create mode 100644 modules/nixos-modules/server/jellyfin/impermanence.nix create mode 100644 modules/nixos-modules/server/jellyfin/proxy.nix delete mode 100644 modules/nixos-modules/server/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax/default.nix create mode 100644 modules/nixos-modules/server/panoramax/fail2ban.nix create mode 100644 modules/nixos-modules/server/panoramax/impermanence.nix create mode 100644 modules/nixos-modules/server/panoramax/proxy.nix delete mode 100644 modules/nixos-modules/server/paperless.nix create mode 100644 modules/nixos-modules/server/paperless/database.nix create mode 100644 modules/nixos-modules/server/paperless/default.nix create mode 100644 modules/nixos-modules/server/paperless/fail2ban.nix create mode 100644 modules/nixos-modules/server/paperless/impermanence.nix create mode 100644 modules/nixos-modules/server/paperless/proxy.nix delete mode 100644 modules/nixos-modules/server/searx.nix create mode 100644 modules/nixos-modules/server/searx/default.nix create mode 100644 modules/nixos-modules/server/searx/proxy.nix diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix deleted file mode 100644 index 80f4fab..0000000 --- a/modules/nixos-modules/server/actual.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDirectory = "/var/lib/actual/"; -in { - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - # TODO: configuration for fail2ban for actual - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix new file mode 100644 index 0000000..13b068e --- /dev/null +++ b/modules/nixos-modules/server/actual/const.nix @@ -0,0 +1,3 @@ +{ + dataDirectory = "/var/lib/actual/"; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix new file mode 100644 index 0000000..bef7a05 --- /dev/null +++ b/modules/nixos-modules/server/actual/default.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/fail2ban.nix b/modules/nixos-modules/server/actual/fail2ban.nix new file mode 100644 index 0000000..3ad754e --- /dev/null +++ b/modules/nixos-modules/server/actual/fail2ban.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.services.fail2ban.enable) { + # TODO: configuration for fail2ban for actual + }; +} diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix new file mode 100644 index 0000000..5eee95a --- /dev/null +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix new file mode 100644 index 0000000..e20a6cd --- /dev/null +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -0,0 +1,13 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 87f3dae..15f833b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,19 +1,20 @@ {...}: { imports = [ - ./fail2ban.nix - ./network_storage ./reverse_proxy.nix + ./fail2ban.nix ./postgres.nix + ./network_storage ./podman.nix - ./jellyfin.nix - ./forgejo.nix - ./searx.nix - ./home-assistant.nix - ./wyoming.nix - ./immich.nix + + ./actual + ./immich + ./panoramax + ./forgejo + ./home-assistant + ./jellyfin + ./paperless + ./searx ./qbittorent.nix - ./paperless.nix - ./actual.nix - ./panoramax.nix + ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix deleted file mode 100644 index 3b19695..0000000 --- a/modules/nixos-modules/server/forgejo.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - forgejoPort = 8081; - stateDir = "/var/lib/forgejo"; - db_user = "forgejo"; - sshPort = 22222; -in { - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - host = { - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; - }; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - config.services.forgejo.settings.server.SSH_LISTEN_PORT - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); - }; - - services.fail2ban = { - jails = { - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/forgejo/const.nix b/modules/nixos-modules/server/forgejo/const.nix new file mode 100644 index 0000000..10e3974 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/const.nix @@ -0,0 +1,4 @@ +{ + httpPort = 8081; + sshPort = 22222; +} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix new file mode 100644 index 0000000..0417aab --- /dev/null +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.forgejo.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; + message = "Forgejo database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + forgejo = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + forgejo = { + name = "forgejo"; + }; + }; + }; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix new file mode 100644 index 0000000..cec2630 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix new file mode 100644 index 0000000..213c804 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix new file mode 100644 index 0000000..04f21a5 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: let + stateDir = "/var/lib/forgejo"; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix new file mode 100644 index 0000000..9e85f78 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString httpPort}"; + }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; + }; +} diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix deleted file mode 100644 index baf6683..0000000 --- a/modules/nixos-modules/server/home-assistant.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - configDir = "/var/lib/hass"; - dbUser = "hass"; -in { - options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = configDir; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${dbUser}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { - services.home-assistant.extraComponents = ["sonos"]; - networking.firewall.allowedTCPPorts = [ - config.services.home-assistant.extensions.sonos.port - ]; - }) - (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { - services.home-assistant.extraComponents = ["jellyfin"]; - # TODO: configure port, address, and login information here - }) - (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { - services.home-assistant.extraComponents = ["wyoming"]; - services.wyoming.enable = true; - }) - (lib.mkIf (config.services.home-assistant.database == "postgres") { - host = { - postgres = { - enable = true; - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; - - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; - - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); - }; - - services.fail2ban = { - jails = { - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix new file mode 100644 index 0000000..0ac8002 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -0,0 +1,56 @@ +{ + lib, + config, + ... +}: let + dbUser = "hass"; +in { + config = lib.mkIf config.services.home-assistant.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.home-assistant.database == "postgres"; + message = "Home Assistant database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix new file mode 100644 index 0000000..6edf0c0 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -0,0 +1,118 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ./extensions + ]; + + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/default.nix b/modules/nixos-modules/server/home-assistant/extensions/default.nix new file mode 100644 index 0000000..9ef84a3 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/default.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./sonos.nix + ./jellyfin.nix + ./wyoming.nix + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix new file mode 100644 index 0000000..29af274 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/sonos.nix b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix new file mode 100644 index 0000000..c70649f --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix new file mode 100644 index 0000000..840d360 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; +} diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix new file mode 100644 index 0000000..6ac5900 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -0,0 +1,39 @@ +{ + lib, + pkgs, + config, + ... +}: +lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix new file mode 100644 index 0000000..8c056a1 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in + lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; + } diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix new file mode 100644 index 0000000..63396b5 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix deleted file mode 100644 index fa376e4..0000000 --- a/modules/nixos-modules/server/immich.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedUDPPorts = [ - config.services.immich.port - ]; - allowedTCPPorts = [ - config.services.immich.port - ]; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); - }; - - services.fail2ban = { - jails = { - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix new file mode 100644 index 0000000..74b1aaa --- /dev/null +++ b/modules/nixos-modules/server/immich/database.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix new file mode 100644 index 0000000..9d782f0 --- /dev/null +++ b/modules/nixos-modules/server/immich/default.nix @@ -0,0 +1,28 @@ +{lib, ...}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + # NOTE: This shouldn't be needed now that we are out of testing + # config = lib.mkIf config.services.immich.enable { + # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + # allowedUDPPorts = [ + # config.services.immich.port + # ]; + # allowedTCPPorts = [ + # config.services.immich.port + # ]; + # }; + # }; +} diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix new file mode 100644 index 0000000..c9ec87b --- /dev/null +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + environment.etc = { + "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + ''); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix new file mode 100644 index 0000000..f63d178 --- /dev/null +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix new file mode 100644 index 0000000..9d8790a --- /dev/null +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix deleted file mode 100644 index 85c870f..0000000 --- a/modules/nixos-modules/server/jellyfin.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable ( - lib.mkMerge [ - { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host.reverse_proxy.subdomains.jellyfin = { - target = "http://localhost:${toString jellyfinPort}"; - - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - }; - - services.fail2ban = { - jails = { - jellyfin-iptables.settings = { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix new file mode 100644 index 0000000..238ce3a --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/fail2ban.nix b/modules/nixos-modules/server/jellyfin/fail2ban.nix new file mode 100644 index 0000000..ba8d8ba --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf (config.services.jellyfin.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\\\\(IP: \\\"\\\"\\\\\\)\\\\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix new file mode 100644 index 0000000..e0b3b5d --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -0,0 +1,66 @@ +{ + lib, + config, + ... +}: let + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix new file mode 100644 index 0000000..5edb865 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + jellyfinPort = 8096; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; + + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; + + forwardHeaders.enable = true; + + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix deleted file mode 100644 index dd026cd..0000000 --- a/modules/nixos-modules/server/panoramax.nix +++ /dev/null @@ -1,408 +0,0 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable ( - lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - ( - lib.mkIf config.services.panoramax.sgblur.enable { - systemd.services.sgblur = { - description = "SGBlur AI-powered face and license plate blurring service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; - Restart = "always"; - User = "sgblur"; - Group = "sgblur"; - WorkingDirectory = "/var/lib/sgblur"; - Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.sgblur = { - isSystemUser = true; - group = "sgblur"; - home = "/var/lib/sgblur"; - createHome = true; - }; - - users.groups.sgblur = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/sgblur 0755 sgblur sgblur -" - ]; - - # Update panoramax service dependencies when sgblur is enabled - systemd.services.panoramax = { - after = ["sgblur.service"]; - wants = ["sgblur.service"]; - }; - } - ) - ( - lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - } - ) - ( - lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; - }; - }; - } - ) - ( - lib.mkIf config.services.fail2ban { - # TODO: configure options for fail2ban - } - ) - ( - lib.mkIf osConfig.host.impermanence.enable { - # TODO: configure impermanence for panoramax data - } - ) - ] - ); -} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix new file mode 100644 index 0000000..e506b80 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -0,0 +1,340 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + # Database configuration assertions + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + + database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" + + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; + } + (lib.mkIf config.services.panoramax.database.createDB { + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/fail2ban.nix b/modules/nixos-modules/server/panoramax/fail2ban.nix new file mode 100644 index 0000000..649b53a --- /dev/null +++ b/modules/nixos-modules/server/panoramax/fail2ban.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.services.fail2ban.enable) { + # TODO: configure options for fail2ban + # This is a placeholder - panoramax fail2ban configuration would need to be defined + # based on the specific log patterns and security requirements + }; +} diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix new file mode 100644 index 0000000..011c322 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + # TODO: configure impermanence for panoramax data + # This would typically include directories like: + # - /var/lib/panoramax + # - panoramax storage directories + # - any cache or temporary directories that need to persist + }; +} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix new file mode 100644 index 0000000..70e3f5b --- /dev/null +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix deleted file mode 100644 index 303d742..0000000 --- a/modules/nixos-modules/server/paperless.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; - services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/paperless.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ - ignoreregex = - - '') - ); - }; - - services.fail2ban = { - jails = { - paperless.settings = { - enabled = true; - filter = "paperless"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.paperless.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix new file mode 100644 index 0000000..6f4ce51 --- /dev/null +++ b/modules/nixos-modules/server/paperless/database.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; + }; + }; + }; + }; + } + ) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix new file mode 100644 index 0000000..ec01fef --- /dev/null +++ b/modules/nixos-modules/server/paperless/default.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/fail2ban.nix b/modules/nixos-modules/server/paperless/fail2ban.nix new file mode 100644 index 0000000..e1a70f9 --- /dev/null +++ b/modules/nixos-modules/server/paperless/fail2ban.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix new file mode 100644 index 0000000..d9e17bd --- /dev/null +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix new file mode 100644 index 0000000..cb0f157 --- /dev/null +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix deleted file mode 100644 index 0e547af..0000000 --- a/modules/nixos-modules/server/searx.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: { - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - - config = lib.mkIf config.services.searx.enable ( - lib.mkMerge [ - { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix new file mode 100644 index 0000000..73ec489 --- /dev/null +++ b/modules/nixos-modules/server/searx/default.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + inputs, + ... +}: { + imports = [ + ./proxy.nix + ]; + + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix new file mode 100644 index 0000000..d925918 --- /dev/null +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + }; +} From dfdd6bcc82c088eb2aac31737df2e388a13398c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:20:00 -0500 Subject: [PATCH 169/374] chore: removed resolved item from research topics --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 13d1206..62040e3 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ -- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: @@ -70,4 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 9b02e300801a0db6e2e7c3911af2843776099e56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:44:00 -0500 Subject: [PATCH 170/374] refactor: moved subdomain options into proxy file --- .../nixos-modules/server/actual/default.nix | 8 ----- modules/nixos-modules/server/actual/proxy.nix | 8 +++++ .../nixos-modules/server/forgejo/default.nix | 8 ----- .../nixos-modules/server/forgejo/proxy.nix | 8 +++++ .../server/home-assistant/default.nix | 6 ---- .../server/home-assistant/proxy.nix | 35 ++++++++++++------- .../nixos-modules/server/immich/default.nix | 10 +----- modules/nixos-modules/server/immich/proxy.nix | 8 +++++ .../nixos-modules/server/jellyfin/default.nix | 10 ------ .../nixos-modules/server/jellyfin/proxy.nix | 13 +++++++ .../server/panoramax/default.nix | 6 ---- .../nixos-modules/server/panoramax/proxy.nix | 8 +++++ .../server/paperless/default.nix | 5 --- .../nixos-modules/server/paperless/proxy.nix | 8 +++++ .../nixos-modules/server/searx/default.nix | 8 ----- modules/nixos-modules/server/searx/proxy.nix | 8 +++++ 16 files changed, 84 insertions(+), 73 deletions(-) diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index bef7a05..546240e 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -12,14 +12,6 @@ in { ./impermanence.nix ]; - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - config = lib.mkIf config.services.actual.enable { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index e20a6cd..6ca51e4 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.actual.subdomain} = { diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index cec2630..1fdc8d9 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -15,14 +15,6 @@ in { ./impermanence.nix ]; - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - config = lib.mkIf config.services.forgejo.enable { assertions = [ { diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 9e85f78..51f769d 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -6,6 +6,14 @@ const = import ./const.nix; httpPort = const.httpPort; in { + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString httpPort}"; diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 6edf0c0..83d8ba7 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -12,12 +12,6 @@ ]; options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - database = lib.mkOption { type = lib.types.enum [ "builtin" diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 63396b5..ba8f20d 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -2,23 +2,32 @@ lib, config, ... -}: -lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; +}: { + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; - websockets.enable = true; - forwardHeaders.enable = true; + config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; + websockets.enable = true; + forwardHeaders.enable = true; - proxy_buffering off; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; - proxy_read_timeout 90; - ''; + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; }; }; } diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix index 9d782f0..4d93c0b 100644 --- a/modules/nixos-modules/server/immich/default.nix +++ b/modules/nixos-modules/server/immich/default.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +{...}: { imports = [ ./proxy.nix ./database.nix @@ -6,14 +6,6 @@ ./impermanence.nix ]; - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - # NOTE: This shouldn't be needed now that we are out of testing # config = lib.mkIf config.services.immich.enable { # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index 9d8790a..dae2420 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.immich.subdomain} = { diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 238ce3a..0d88481 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -14,16 +14,6 @@ in { ]; options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; media_directory = lib.mkOption { type = lib.types.str; description = "directory jellyfin media will be hosted at"; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 5edb865..1020a19 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -5,6 +5,19 @@ }: let jellyfinPort = 8096; in { + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + }; + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index e506b80..779f284 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -57,12 +57,6 @@ in { description = "The panoramax package to use"; }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - database = { createDB = mkOption { type = types.bool; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 70e3f5b..79f9326 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.panoramax = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + }; + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index ec01fef..a6878eb 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -11,11 +11,6 @@ ]; options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; database = { user = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index cb0f157..2910f07 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + }; + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index 73ec489..ac84c1d 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -8,14 +8,6 @@ ./proxy.nix ]; - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index d925918..0c1eae1 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.searx = { From e2e07c9a70c4f3ff591b72f8b90292fe62b7ca1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:09:41 -0500 Subject: [PATCH 171/374] feat: reworked databse config for panoramax --- .../server/panoramax/default.nix | 330 +----------------- .../server/panoramax/panoramax.nix | 253 ++++++++++++++ 2 files changed, 255 insertions(+), 328 deletions(-) create mode 100644 modules/nixos-modules/server/panoramax/panoramax.nix diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index 779f284..f029ee3 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -1,334 +1,8 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +{...}: { imports = [ ./proxy.nix ./fail2ban.nix ./impermanence.nix + ./panoramax.nix ]; - - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - (lib.mkIf config.services.panoramax.database.createDB { - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - }) - ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix new file mode 100644 index 0000000..cdbc632 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -0,0 +1,253 @@ +{ + config, + lib, + pkgs, + ... +}: let + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = lib.all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + options.services = { + panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The user panoramax should run as."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The group panoramax should run as."; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the panoramax service to"; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5000; + description = "Port for the panoramax service"; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the panoramax port in the firewall"; + }; + + settings = { + urlScheme = lib.mkOption { + type = lib.types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + database = { + createDB = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + name = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The name of the panoramax database"; + }; + + host = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/run/postgresql"; + description = "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path."; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5432; + description = "Port of the postgresql server."; + }; + + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "panoramax"; + description = "The database user for panoramax."; + }; + + # TODO: password file for external database + }; + + sgblur = { + # TODO: configs to bind to sgblur + }; + }; + sgblur = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = lib.mkOption { + type = lib.types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + # TODO: start panoramax service + } + (lib.mkIf config.services.sgblur.enable { + # TODO: start sg blur config + }) + (lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = lib.mkIf config.services.panoramax.database.enable { + enable = true; + ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; + ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ + { + name = config.services.panoramax.database.user; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + }; + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + + ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + + GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.user}" -f "${sqlFile}" + '' + ]; + }) + ]); +} From 1b1a3f7219790da0fca2b1012d7edd30642b4cfd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:40:19 -0500 Subject: [PATCH 172/374] fix: fixed database timezone alter not working --- modules/nixos-modules/server/panoramax/panoramax.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index cdbc632..aae7052 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -223,7 +223,7 @@ in { # TODO: start sg blur config }) (lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = lib.mkIf config.services.panoramax.database.enable { + services.postgresql = { enable = true; ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ @@ -239,7 +239,8 @@ in { sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' CREATE EXTENSION IF NOT EXISTS postgis; - ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + -- TODO: how can we ensure that this runs after the databases have been created + -- ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; ''; From 3bee0c74028118e2fd93b172178e49a54d31efcf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 15:15:07 -0500 Subject: [PATCH 173/374] fix: fixed pkg dependencies for panoramax --- .../nixos/defiant/configuration.nix | 4 + modules/common-modules/pkgs/default.nix | 8 + modules/common-modules/pkgs/h3-c-lib.nix | 36 ++++ modules/common-modules/pkgs/panoramax.nix | 40 ++++ .../common-modules/pkgs/python/default.nix | 18 ++ .../pkgs/python/geojson-pydantic.nix | 48 +++++ .../pkgs/python/geopic-tag-reader.nix | 70 +++++++ modules/common-modules/pkgs/python/h3.nix | 81 ++++++++ .../common-modules/pkgs/python/pyexiv2.nix | 49 +++++ .../pkgs/python/pygeofilter.nix | 52 +++++ .../common-modules/pkgs/python/pygeoif.nix | 48 +++++ modules/common-modules/pkgs/python/rfeed.nix | 40 ++++ .../server/panoramax/panoramax.nix | 177 ++++++++++++++---- 13 files changed, 632 insertions(+), 39 deletions(-) create mode 100644 modules/common-modules/pkgs/h3-c-lib.nix create mode 100644 modules/common-modules/pkgs/python/default.nix create mode 100644 modules/common-modules/pkgs/python/geojson-pydantic.nix create mode 100644 modules/common-modules/pkgs/python/geopic-tag-reader.nix create mode 100644 modules/common-modules/pkgs/python/h3.nix create mode 100644 modules/common-modules/pkgs/python/pyexiv2.nix create mode 100644 modules/common-modules/pkgs/python/pygeofilter.nix create mode 100644 modules/common-modules/pkgs/python/pygeoif.nix create mode 100644 modules/common-modules/pkgs/python/rfeed.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e109d45..9be3065 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -306,6 +306,10 @@ passwordFile = config.sops.secrets."services/paperless_password".path; }; + panoramax = { + enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 28141c8..e608350 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ {pkgs, ...}: { + imports = [ + ./python + ]; + nixpkgs.overlays = [ (final: prev: { webtoon-dl = @@ -31,5 +35,9 @@ (final: prev: { sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; }) + (final: prev: { + # Override h3 C library to version 4.3.0 + h3 = pkgs.callPackage ./h3-c-lib.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/h3-c-lib.nix b/modules/common-modules/pkgs/h3-c-lib.nix new file mode 100644 index 0000000..2615d3c --- /dev/null +++ b/modules/common-modules/pkgs/h3-c-lib.nix @@ -0,0 +1,36 @@ +{ + lib, + stdenv, + fetchFromGitHub, + cmake, + doxygen, +}: +stdenv.mkDerivation rec { + pname = "h3"; + version = "4.3.0"; + + src = fetchFromGitHub { + owner = "uber"; + repo = "h3"; + rev = "v${version}"; + hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg="; + }; + + nativeBuildInputs = [ + cmake + doxygen + ]; + + cmakeFlags = [ + "-DBUILD_SHARED_LIBS=ON" + "-DBUILD_TESTING=OFF" + ]; + + meta = with lib; { + homepage = "https://github.com/uber/h3"; + description = "Hexagonal hierarchical geospatial indexing system"; + license = licenses.asl20; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix index e2dad14..75b5e0e 100644 --- a/modules/common-modules/pkgs/panoramax.nix +++ b/modules/common-modules/pkgs/panoramax.nix @@ -10,8 +10,27 @@ authlib, sentry-sdk, python-dateutil, + dateparser, croniter, pydantic, + flask-cors, + flask-compress, + flask-babel, + flasgger, + yoyo-migrations, + psycopg, + psycopg-pool, + tzdata, + email-validator, + pydantic-extra-types, + python-multipart, + fs, + fs-s3fs, + geopic-tag-reader, + pygeofilter, + pygeoif, + rfeed, + geojson-pydantic, ... }: let pname = "geovisio"; @@ -42,8 +61,29 @@ in authlib sentry-sdk python-dateutil + dateparser croniter pydantic + flask-cors + flask-compress + flask-babel + flasgger + yoyo-migrations + psycopg + psycopg-pool + tzdata + email-validator + pydantic-extra-types + python-multipart + fs + fs-s3fs + geopic-tag-reader + pygeofilter + pygeoif + rfeed + geojson-pydantic + # Missing from nixpkgs - may need custom packages: + # flask-executor ]; # Skip tests as they may require network access or specific setup diff --git a/modules/common-modules/pkgs/python/default.nix b/modules/common-modules/pkgs/python/default.nix new file mode 100644 index 0000000..f69c512 --- /dev/null +++ b/modules/common-modules/pkgs/python/default.nix @@ -0,0 +1,18 @@ +{...}: { + nixpkgs.overlays = [ + (final: prev: { + python3 = prev.python3.override { + packageOverrides = pythonPrev: pythonFinal: { + h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;}; + pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {}; + pygeoif = pythonPrev.callPackage ./pygeoif.nix {}; + rfeed = pythonPrev.callPackage ./rfeed.nix {}; + pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {}; + geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {}; + geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {}; + }; + }; + python3Packages = final.python3.pkgs; + }) + ]; +} diff --git a/modules/common-modules/pkgs/python/geojson-pydantic.nix b/modules/common-modules/pkgs/python/geojson-pydantic.nix new file mode 100644 index 0000000..96ec6b5 --- /dev/null +++ b/modules/common-modules/pkgs/python/geojson-pydantic.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + flit-core, + pydantic, + geojson, + ... +}: let + pname = "geojson_pydantic"; + version = "2.0.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4="; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + pydantic + geojson + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["geojson_pydantic"]; + + meta = with lib; { + description = "Pydantic models for GeoJSON objects"; + homepage = "https://github.com/developmentseed/geojson-pydantic"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/geopic-tag-reader.nix b/modules/common-modules/pkgs/python/geopic-tag-reader.nix new file mode 100644 index 0000000..bd8451f --- /dev/null +++ b/modules/common-modules/pkgs/python/geopic-tag-reader.nix @@ -0,0 +1,70 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + typer, + xmltodict, + timezonefinder, + pytz, + types-pytz, + types-python-dateutil, + rtree, + python-dateutil, + pyexiv2, + ... +}: let + pname = "geopic-tag-reader"; + version = "1.8.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchFromGitLab { + owner = "panoramax"; + repo = "server/geo-picture-tag-reader"; + rev = version; + sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j"; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + typer + xmltodict + pyexiv2 + timezonefinder + pytz + types-pytz + types-python-dateutil + rtree + ]; + + optional-dependencies = { + write-exif = [ + python-dateutil + types-python-dateutil + ]; + }; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as some dependencies might have issues + dontCheckRuntimeDeps = true; + + # Disable imports check initially to avoid dependency issues + pythonImportsCheck = []; + + meta = with lib; { + description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata"; + homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/h3.nix b/modules/common-modules/pkgs/python/h3.nix new file mode 100644 index 0000000..2dc3d26 --- /dev/null +++ b/modules/common-modules/pkgs/python/h3.nix @@ -0,0 +1,81 @@ +{ + autoPatchelfHook, + buildPythonPackage, + cmake, + cython, + fetchFromGitHub, + h3, + lib, + ninja, + numpy, + pytestCheckHook, + pytest-cov-stub, + scikit-build-core, + stdenv, +}: +buildPythonPackage rec { + pname = "h3"; + version = "4.3.1"; + pyproject = true; + + # pypi version does not include tests + src = fetchFromGitHub { + owner = "uber"; + repo = "h3-py"; + tag = "v${version}"; + hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4="; + }; + + dontConfigure = true; + + nativeCheckInputs = [ + pytestCheckHook + pytest-cov-stub + ]; + + build-system = + [ + scikit-build-core + cmake + cython + ninja + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + # On Linux the .so files ends up referring to libh3.so instead of the full + # Nix store path. I'm not sure why this is happening! On Darwin it works + # fine. + autoPatchelfHook + ]; + + # This is not needed per-se, it's only added for autoPatchelfHook to work + # correctly. See the note above ^^ + buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3]; + + dependencies = [numpy]; + + # The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs. + # + # - Remove the h3lib submodule. + # - Patch CMakeLists to avoid building h3lib, and use h3 instead. + prePatch = let + cmakeCommands = '' + include_directories(${lib.getDev h3}/include/h3) + link_directories(${h3}/lib) + ''; + in '' + rm -r src/h3lib + substituteInPlace CMakeLists.txt \ + --replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \ + --replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h" + ''; + + # Extra check to make sure we can import it from Python + pythonImportsCheck = ["h3"]; + + meta = { + homepage = "https://github.com/uber/h3-py"; + description = "Hierarchical hexagonal geospatial indexing system"; + license = lib.licenses.asl20; + maintainers = [lib.maintainers.kalbasit]; + }; +} diff --git a/modules/common-modules/pkgs/python/pyexiv2.nix b/modules/common-modules/pkgs/python/pyexiv2.nix new file mode 100644 index 0000000..69fa537 --- /dev/null +++ b/modules/common-modules/pkgs/python/pyexiv2.nix @@ -0,0 +1,49 @@ +{ + lib, + fetchFromGitHub, + buildPythonPackage, + exiv2, + boost, + pybind11, + setuptools, + ... +}: let + pname = "pyexiv2"; + version = "2.15.3"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + build-system = [setuptools]; + + src = fetchFromGitHub { + owner = "LeoHsiao1"; + repo = "pyexiv2"; + rev = "v${version}"; + sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo="; + }; + + buildInputs = [ + exiv2 + boost + ]; + + nativeBuildInputs = [ + pybind11 + ]; + + # Skip tests as they may require specific test images + doCheck = false; + + # Disable runtime dependencies check initially + dontCheckRuntimeDeps = true; + + meta = with lib; { + description = "Python binding to the library exiv2"; + homepage = "https://github.com/LeoHsiao1/pyexiv2"; + license = licenses.gpl3Plus; + maintainers = []; + platforms = platforms.linux; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeofilter.nix b/modules/common-modules/pkgs/python/pygeofilter.nix new file mode 100644 index 0000000..aa310f9 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeofilter.nix @@ -0,0 +1,52 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + lark, + python-dateutil, + shapely, + ... +}: let + pname = "pygeofilter"; + version = "0.3.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + lark + python-dateutil + shapely + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeofilter"]; + + meta = with lib; { + description = "A pure Python parser implementation of OGC filtering standards"; + homepage = "https://github.com/geopython/pygeofilter"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeoif.nix b/modules/common-modules/pkgs/python/pygeoif.nix new file mode 100644 index 0000000..12b8b12 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeoif.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + typing-extensions, + ... +}: let + pname = "pygeoif"; + version = "1.5.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + typing-extensions + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeoif"]; + + meta = with lib; { + description = "A basic implementation of the __geo_interface__"; + homepage = "https://github.com/cleder/pygeoif"; + license = licenses.lgpl21Plus; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/rfeed.nix b/modules/common-modules/pkgs/python/rfeed.nix new file mode 100644 index 0000000..0be8ab9 --- /dev/null +++ b/modules/common-modules/pkgs/python/rfeed.nix @@ -0,0 +1,40 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + python-dateutil, +}: +buildPythonPackage rec { + pname = "rfeed"; + version = "1.1.1"; + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk="; + }; + + build-system = [ + setuptools + ]; + + dependencies = [ + python-dateutil + ]; + + # No tests available in the package + doCheck = false; + + pythonImportsCheck = [ + "rfeed" + ]; + + meta = with lib; { + description = "RSS feed generation library for Python"; + homepage = "https://pypi.org/project/rfeed/"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index aae7052..2af9982 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -3,43 +3,7 @@ lib, pkgs, ... -}: let - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = lib.all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +}: { options.services = { panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -217,10 +181,145 @@ in { config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ { - # TODO: start panoramax service + # Create panoramax user and group + users.users.${config.services.panoramax.user} = { + isSystemUser = true; + group = config.services.panoramax.group; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.${config.services.panoramax.group} = {}; + + # Ensure storage directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d '${config.services.panoramax.settings.storage.fsUrl}' 0755 ${config.services.panoramax.user} ${config.services.panoramax.group} - -" + ]; + + systemd.services.panoramax-api = { + description = "Panoramax API server (self hosted map street view)"; + after = ["network.target" "postgresql.service"]; + wantedBy = ["multi-user.target"]; + + environment = + { + # Core Flask configuration + FLASK_APP = "geovisio"; + + # Database configuration + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + + # Storage configuration + FS_URL = config.services.panoramax.settings.storage.fsUrl; + + # Infrastructure configuration + INFRA_NB_PROXIES = toString config.services.panoramax.settings.infrastructure.nbProxies; + + # Application configuration + PORT = toString config.services.panoramax.port; + + # Python path to include the panoramax package + PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; + } + // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { + FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.flask.sessionCookieDomain != null) { + FLASK_SESSION_COOKIE_DOMAIN = config.services.panoramax.settings.flask.sessionCookieDomain; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseSpdxId != null) { + API_PICTURES_LICENSE_SPDX_ID = config.services.panoramax.settings.api.pictures.licenseSpdxId; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseUrl != null) { + API_PICTURES_LICENSE_URL = config.services.panoramax.settings.api.pictures.licenseUrl; + }) + // (lib.optionalAttrs config.services.sgblur.enable { + SGBLUR_API_URL = config.services.sgblur.url; + }) + // config.services.panoramax.settings.extraEnvironment; + + path = with pkgs; [ + (python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])) + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])}/bin/waitress-serve --port ${toString config.services.panoramax.port} --call geovisio:create_app"; + User = config.services.panoramax.user; + Group = config.services.panoramax.group; + WorkingDirectory = "/var/lib/panoramax"; + Restart = "always"; + RestartSec = 5; + + # Security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/var/lib/panoramax" + config.services.panoramax.settings.storage.fsUrl + ]; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + # Open firewall if requested + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.panoramax.port + ]; } (lib.mkIf config.services.sgblur.enable { - # TODO: start sg blur config + # SGBlur service configuration + systemd.services.sgblur = { + description = "SGBlur face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + path = with pkgs; [ + config.services.sgblur.package + python3 + python3Packages.waitress + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --host ${config.services.sgblur.host} --port ${toString config.services.sgblur.port} src.detect.detect_api:app"; + WorkingDirectory = "${config.services.sgblur.package}"; + Restart = "always"; + RestartSec = 5; + + # Basic security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.sgblur.port + ]; }) (lib.mkIf config.services.panoramax.database.createDB { services.postgresql = { From 7e6fa744af1710f58828f9cee05bce32075b03e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 19:42:15 -0500 Subject: [PATCH 174/374] fix: wrapped prostudiomasters in --in-process-gpu flag --- modules/common-modules/pkgs/default.nix | 1 - .../common-modules/pkgs/prostudiomasters.nix | 25 ++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e608350..c97f97c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -10,7 +10,6 @@ ./webtoon-dl.nix {}; }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? (final: prev: { prostudiomasters = pkgs.callPackage diff --git a/modules/common-modules/pkgs/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix index c1c03fe..1a3ad01 100644 --- a/modules/common-modules/pkgs/prostudiomasters.nix +++ b/modules/common-modules/pkgs/prostudiomasters.nix @@ -1,6 +1,7 @@ { fetchurl, appimageTools, + writeShellScript, }: let pname = "prostudiomasters"; version = "2.5.6"; @@ -8,7 +9,25 @@ url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; }; -in - appimageTools.wrapType2 { + + # Create the base AppImage wrapper + baseApp = appimageTools.wrapType2 { inherit pname version src; - } + }; + + # Create a wrapper script that automatically adds the --in-process-gpu flag + wrapper = writeShellScript "prostudiomasters-wrapper" '' + exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@" + ''; +in + # Override the base app to use our wrapper script + baseApp.overrideAttrs (oldAttrs: { + buildCommand = + oldAttrs.buildCommand + + '' + # Replace the original binary with our wrapper + rm $out/bin/prostudiomasters + cp ${wrapper} $out/bin/prostudiomasters + chmod +x $out/bin/prostudiomasters + ''; + }) From 333c68a8cd047098c111aa409b0ea89d30d50561 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 22:18:15 -0500 Subject: [PATCH 175/374] feat: created db config for panoramax --- .../nixos/defiant/configuration.nix | 1 + .../server/panoramax/database.nix | 29 +++++++++++++++++++ .../server/panoramax/default.nix | 1 + 3 files changed, 31 insertions(+) create mode 100644 modules/nixos-modules/server/panoramax/database.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9be3065..a309704 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -308,6 +308,7 @@ panoramax = { enable = true; + openFirewall = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix new file mode 100644 index 0000000..3cf3455 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = {}; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index f029ee3..4c6b9ea 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -4,5 +4,6 @@ ./fail2ban.nix ./impermanence.nix ./panoramax.nix + ./database.nix ]; } From 2cdc39f3dcc29090d48d54bc8f24a67303e99ff2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 14:19:57 -0500 Subject: [PATCH 176/374] fix: disabled broken panoramax config --- .../nixos/defiant/configuration.nix | 2 +- .../server/panoramax/database.nix | 27 +++++++++++-------- .../server/panoramax/panoramax.nix | 18 ++++++++----- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a309704..d10bea0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -307,7 +307,7 @@ }; panoramax = { - enable = true; + enable = false; openFirewall = true; }; diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 3cf3455..8679f9a 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -11,19 +11,24 @@ }; }; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = { + name = config.services.panoramax.database.user; + }; }; }; - extraDatabases = { - ${config.services.panoramax.database.name} = {}; - }; }; - }; - }) + } + ) ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index 2af9982..fd77db7 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -206,12 +206,6 @@ # Core Flask configuration FLASK_APP = "geovisio"; - # Database configuration - DB_HOST = config.services.panoramax.database.host; - DB_PORT = toString config.services.panoramax.database.port; - DB_USERNAME = config.services.panoramax.database.user; - DB_NAME = config.services.panoramax.database.name; - # Storage configuration FS_URL = config.services.panoramax.settings.storage.fsUrl; @@ -224,6 +218,18 @@ # Python path to include the panoramax package PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; } + // ( + if config.services.panoramax.database.host == "/run/postgresql" + then { + DB_URL = "postgresql://${config.services.panoramax.database.user}@/${config.services.panoramax.database.name}?host=/run/postgresql"; + } + else { + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + } + ) // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; }) From ca6de5c0cda53b0b47686bfcd58050cc789bd9b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 23:40:13 -0500 Subject: [PATCH 177/374] chore: added talk to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 62040e3..f1521ce 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- graphana accessible though tailscale \ No newline at end of file From d35e2c93c1e38f8d67847e2b7be17034665615a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Sep 2025 21:04:47 -0500 Subject: [PATCH 178/374] feat: added option for auto aprove set root for vitest mcp server --- configurations/home-manager/leyla/packages/vscode/default.nix | 1 + modules/home-manager-modules/programs/vscode/claudeDev.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 583f440..981156b 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -84,6 +84,7 @@ in { list_tests = true; run_tests = true; analyze_coverage = true; + set_project_root = true; }; }; sleep = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 0e34f97..cebf614 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -105,6 +105,7 @@ in { list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + set_project_root = lib.mkEnableOption "Should the set_project_root tool be auto approved for Vitest MCP server"; }; }; sleep = { From ee80636b2b4c958d3d003450371024ac71570114 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 24 Sep 2025 09:51:27 -0500 Subject: [PATCH 179/374] build: updated flake lock --- flake.lock | 71 ++++++++------------- flake.nix | 5 -- modules/common-modules/overlays/default.nix | 1 - 3 files changed, 25 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index b6e48bb..6123425 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757995413, - "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", + "lastModified": 1758600213, + "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4ae8996b3e139926c784acd22824cde46cd28833", + "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757997814, - "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", + "lastModified": 1758719930, + "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", "owner": "nix-community", "repo": "home-manager", - "rev": "5820376beb804de9acf07debaaff1ac84728b708", + "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757430124, - "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "lastModified": 1758447883, + "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757987448, - "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", + "lastModified": 1758678836, + "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", + "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, - "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", + "lastModified": 1758663926, + "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -292,8 +292,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "secrets": "secrets", - "sops-nix": "sops-nix", - "steam-fetcher": "steam-fetcher" + "sops-nix": "sops-nix" } }, "secrets": { @@ -319,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758007585, - "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -332,26 +331,6 @@ "type": "github" } }, - "steam-fetcher": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1714795926, - "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", - "owner": "nix-community", - "repo": "steam-fetcher", - "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "steam-fetcher", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 7980012..151a54b 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,6 @@ url = "github:edolstra/flake-compat"; }; - steam-fetcher = { - url = "github:nix-community/steam-fetcher"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # MCP NixOS server for Claude Dev mcp-nixos = { url = "github:utensils/mcp-nixos"; diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 465e83f..2c0f712 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,7 +1,6 @@ # this folder is for derivation overlays {inputs, ...}: { nixpkgs.overlays = [ - inputs.steam-fetcher.overlays.default inputs.nix-vscode-extensions.overlays.default ]; } From 4d52c58f79d13c25fa1ca098f37db04ee9e9e33f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 14:58:51 -0500 Subject: [PATCH 180/374] feat: instealled media editing programs for defiant --- configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/packages.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 configurations/nixos/defiant/packages.nix diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index fe850af..3013946 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -3,5 +3,6 @@ imports = [ ./hardware-configuration.nix ./configuration.nix + ./packages.nix ]; } diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix new file mode 100644 index 0000000..45780b0 --- /dev/null +++ b/configurations/nixos/defiant/packages.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + ffsubsync + sox + yt-dlp + ffmpeg + imagemagick + ]; +} From f9fe74cc8afcd50561eb4d796942246ed31c85bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 19:36:34 -0500 Subject: [PATCH 181/374] feat: installed bazarr, radarr, and sonarr --- .../nixos/defiant/configuration.nix | 15 ++++++++++ .../nixos-modules/server/bazarr/default.nix | 6 ++++ .../server/bazarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/bazarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 9 ++++-- .../nixos-modules/server/radarr/default.nix | 6 ++++ .../server/radarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/radarr/proxy.nix | 28 +++++++++++++++++++ .../nixos-modules/server/sonarr/default.nix | 6 ++++ .../server/sonarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/sonarr/proxy.nix | 28 +++++++++++++++++++ 11 files changed, 201 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/bazarr/default.nix create mode 100644 modules/nixos-modules/server/bazarr/impermanence.nix create mode 100644 modules/nixos-modules/server/bazarr/proxy.nix create mode 100644 modules/nixos-modules/server/radarr/default.nix create mode 100644 modules/nixos-modules/server/radarr/impermanence.nix create mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/sonarr/default.nix create mode 100644 modules/nixos-modules/server/sonarr/impermanence.nix create mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d10bea0..830af16 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,6 +287,21 @@ subdomain = "budget"; }; + sonarr = { + enable = true; + openFirewall = true; + }; + + radarr = { + enable = true; + openFirewall = true; + }; + + bazarr = { + enable = true; + openFirewall = true; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix new file mode 100644 index 0000000..22fb0e6 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + bazarr_data_directory = "/var/lib/bazarr"; +in { + config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.bazarr.dataDir == bazarr_data_directory; + message = "bazarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = bazarr_data_directory; + user = "bazarr"; + group = "bazarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix new file mode 100644 index 0000000..fe310d8 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.bazarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { + host.reverse_proxy.subdomains.bazarr = { + subdomain = config.services.bazarr.subdomain; + extraSubdomains = config.services.bazarr.extraSubdomains; + target = "http://127.0.0.1:6767"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 15f833b..e550123 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -7,14 +7,17 @@ ./podman.nix ./actual - ./immich - ./panoramax + ./bazarr ./forgejo ./home-assistant + ./immich ./jellyfin + ./panoramax ./paperless - ./searx ./qbittorent.nix + ./radarr + ./searx + ./sonarr ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/radarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix new file mode 100644 index 0000000..4a3242c --- /dev/null +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + radarr_data_directory = "/var/lib/radarr/.config/Radarr"; +in { + config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.radarr.dataDir == radarr_data_directory; + message = "radarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = radarr_data_directory; + user = "radarr"; + group = "radarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix new file mode 100644 index 0000000..ec5f575 --- /dev/null +++ b/modules/nixos-modules/server/radarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.radarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { + host.reverse_proxy.subdomains.radarr = { + subdomain = config.services.radarr.subdomain; + extraSubdomains = config.services.radarr.extraSubdomains; + target = "http://127.0.0.1:7878"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix new file mode 100644 index 0000000..abc843c --- /dev/null +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; +in { + config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.sonarr.dataDir == sonarr_data_directory; + message = "sonarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = sonarr_data_directory; + user = "sonarr"; + group = "sonarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix new file mode 100644 index 0000000..22b90a6 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.sonarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { + host.reverse_proxy.subdomains.sonarr = { + subdomain = config.services.sonarr.subdomain; + extraSubdomains = config.services.sonarr.extraSubdomains; + target = "http://127.0.0.1:8989"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From a8139f4265963e091062d354ab09e413a0103cda Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:04:51 -0500 Subject: [PATCH 182/374] feat: installed filebot --- configurations/nixos/defiant/packages.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index 45780b0..f9cce58 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,9 +1,19 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick + filebot ]; } From d2be5c7e2459355fbed24c74918b5793dcbffae0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:10:49 -0500 Subject: [PATCH 183/374] feat: added radarr, sonarr, and bazarr to the jellyfin_media group --- modules/nixos-modules/users.nix | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7fd43da..ea8d877 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,6 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 985; }; gids = { @@ -42,6 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 981; }; users = config.users.users; @@ -177,6 +183,24 @@ in { isSystemUser = true; group = config.users.users.actual.name; }; + + radarr = { + uid = lib.mkForce uids.radarr; + isSystemUser = true; + group = config.users.users.radarr.name; + }; + + sonarr = { + uid = lib.mkForce uids.sonarr; + isSystemUser = true; + group = config.users.users.sonarr.name; + }; + + bazarr = { + uid = lib.mkForce uids.bazarr; + isSystemUser = true; + group = config.users.users.bazarr.name; + }; }; groups = { @@ -206,6 +230,9 @@ in { gid = lib.mkForce gids.jellyfin_media; members = [ users.jellyfin.name + users.radarr.name + users.sonarr.name + users.bazarr.name leyla eve ]; @@ -287,6 +314,27 @@ in { users.actual.name ]; }; + + radarr = { + gid = lib.mkForce gids.radarr; + members = [ + users.radarr.name + ]; + }; + + sonarr = { + gid = lib.mkForce gids.sonarr; + members = [ + users.sonarr.name + ]; + }; + + bazarr = { + gid = lib.mkForce gids.bazarr; + members = [ + users.bazarr.name + ]; + }; }; }; } From a8dfcb02c86052113b5d46f242601c1b5f075a4e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:20:15 -0500 Subject: [PATCH 184/374] feat: created filebot cleanup service to run in background --- .../nixos/defiant/configuration.nix | 5 ++ configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/filebot.nix | 82 +++++++++++++++++++ configurations/nixos/defiant/packages.nix | 12 +-- 4 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 830af16..e5f63f7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -332,6 +332,11 @@ openFirewall = true; webuiPort = 8084; }; + + filebot-cleanup = { + enable = true; + licenseFile = "/srv/jellyfin/filebot_license.psm"; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 3013946..05975a1 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,5 +4,6 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix new file mode 100644 index 0000000..77d81bd --- /dev/null +++ b/configurations/nixos/defiant/filebot.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.filebot-cleanup; +in { + options.services.filebot-cleanup = { + enable = mkEnableOption "Filebot cleanup service"; + + licenseFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to the Filebot license file"; + }; + + cleanupDirectory = mkOption { + type = types.str; + default = "/srv/jellyfin/filebot_cleanup"; + description = "Directory where cleaned up media files are stored"; + }; + }; + + config = mkIf cfg.enable { + users.groups.filebot_cleanup = {}; + users.users.filebot_cleanup = { + isSystemUser = true; + group = "filebot_cleanup"; + extraGroups = ["jellyfin_media"]; + home = cfg.cleanupDirectory; + createHome = true; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + + environment.systemPackages = with pkgs; [ + filebot + ]; + + systemd.services.filebot-cleanup = { + description = "Filebot media cleanup service"; + serviceConfig = { + Type = "simple"; + User = "filebot_cleanup"; + Group = "filebot_cleanup"; + ExecStart = pkgs.writeShellScript "filebot-cleanup" '' + ${optionalString (cfg.licenseFile != null) '' + ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" + ''} + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ''; + StandardOutput = "journal"; + StandardError = "journal"; + }; + wantedBy = ["multi-user.target"]; + }; + + environment.persistence = lib.mkIf config.host.impermanence.enable { + "/persist/system/filebot_cleanup" = { + enable = true; + hideMounts = true; + files = [ + cfg.licenseFile + ]; + directories = [ + { + directory = cfg.cleanupDirectory; + user = "filebot_cleanup"; + group = "filebot_cleanup"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index f9cce58..45780b0 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,19 +1,9 @@ -{ - pkgs, - lib, - ... -}: { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - +{pkgs, ...}: { environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick - filebot ]; } From 24def1e3d3428e7fe30a06eecc1786110065a14a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:31:29 -0500 Subject: [PATCH 185/374] chore: added tasks to README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index f1521ce..cad757a 100644 --- a/README.md +++ b/README.md @@ -69,5 +69,9 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance +- update proxy.nix files to contain the subdomain configs +- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- make radarr, sonarr, and bazarr accessible over vpn +- create some sort of service that allows uploading files to jellyfin - graphana accessible though tailscale \ No newline at end of file From 1d940fd8d8275a4050876d981e769e5c1572fe20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:33:14 -0500 Subject: [PATCH 186/374] feat: disabled sonarr, radarr, and bazarr --- configurations/nixos/defiant/configuration.nix | 15 --------------- modules/nixos-modules/users.nix | 12 ++++++------ 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e5f63f7..2cde0b1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,21 +287,6 @@ subdomain = "budget"; }; - sonarr = { - enable = true; - openFirewall = true; - }; - - radarr = { - enable = true; - openFirewall = true; - }; - - bazarr = { - enable = true; - openFirewall = true; - }; - home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ea8d877..db7d4ab 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,9 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 985; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; gids = { @@ -45,9 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 981; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; users = config.users.users; From c8d994814fb0d040be8e16cbc3c40ffbfb5a87e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:35:28 -0500 Subject: [PATCH 187/374] chore: added note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cad757a..c58d847 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin + - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale \ No newline at end of file From 178b414a0ace601d899f27ea9c33899f70a87c6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:41:10 -0500 Subject: [PATCH 188/374] chore: removed already completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c58d847..e94eb58 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- update proxy.nix files to contain the subdomain configs - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn From 0cb4c25467ea159cce3d29df5f617491d9aced4a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 26 Sep 2025 20:21:58 -0500 Subject: [PATCH 189/374] fat: disabled filebot-cleanup service --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2cde0b1..401173e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; }; From 6dfe3ac3265c6de1202ac7cd6cad2bea8697b129 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Oct 2025 15:14:36 -0500 Subject: [PATCH 190/374] build: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6123425..b5607f6 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1758600213, - "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", + "lastModified": 1759291409, + "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", + "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1758719930, - "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -155,11 +155,11 @@ ] }, "locked": { - "lastModified": 1755372538, - "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "lastModified": 1759342933, + "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1758447883, - "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", + "lastModified": 1758805352, + "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", + "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1758678836, - "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", + "lastModified": 1759284197, + "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", + "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1758663926, - "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "lastModified": 1759261527, + "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1759188042, + "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "type": "github" }, "original": { From c10c61003474a2760d92710b7bdb721cb9337d49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:49:29 -0500 Subject: [PATCH 191/374] feat: started to create polycule package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 + .../common-modules/pkgs/polycule/default.nix | 149 + .../pkgs/polycule/polycule-pubspec.lock.json | 2459 +++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + .../programs/polycule.nix | 32 + 6 files changed, 2646 insertions(+) create mode 100644 modules/common-modules/pkgs/polycule/default.nix create mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json create mode 100644 modules/home-manager-modules/programs/polycule.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6377ed2..a6da7f5 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,6 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; + # polycule package is currently broken + polycule.enable = false; }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index c97f97c..a2f61b1 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -38,5 +38,8 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) + (final: prev: { + polycule = pkgs.callPackage ./polycule {}; + }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix new file mode 100644 index 0000000..d092897 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -0,0 +1,149 @@ +{ + lib, + flutter329, + fetchFromGitLab, + pkg-config, + wrapGAppsHook, + gtk3, + glib, + glib-networking, + webkitgtk_4_1, + libsecret, + libnotify, + dbus, + sqlcipher, + openssl, + mpv, + alsa-lib, + libass, + ffmpeg-full, + libplacebo, + libunwind, + shaderc, + vulkan-headers, + vulkan-loader, + lcms2, + libdovi, + libdvdnav, + libdvdread, + mujs, + libbluray, + lua, + rubberband, + libuchardet, + zimg, + openal, + pipewire, + libpulseaudio, + libcaca, + libdrm, + libdisplay-info, + libgbm, + xorg, + nv-codec-headers-11, + libva, + libvdpau, +}: +flutter329.buildFlutterApplication rec { + pname = "polycule"; + version = "0.3.0"; + + src = fetchFromGitLab { + owner = "polycule_client"; + repo = "polycule"; + rev = "v${version}"; + hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + }; + + pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; + + gitHashes = { + matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; + media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; + }; + + nativeBuildInputs = [ + pkg-config + wrapGAppsHook + ]; + + buildInputs = [ + gtk3 + glib + glib-networking + webkitgtk_4_1 + libsecret + libnotify + dbus + sqlcipher + openssl + mpv + alsa-lib + libass + ffmpeg-full + libplacebo + libunwind + shaderc + vulkan-headers + vulkan-loader + lcms2 + libdovi + libdvdnav + libdvdread + mujs + libbluray + lua + rubberband + libuchardet + zimg + openal + pipewire + libpulseaudio + libcaca + libdrm + libdisplay-info + libgbm + xorg.libXScrnSaver + xorg.libXpresent + nv-codec-headers-11 + libva + libvdpau + ]; + + flutterBuildFlags = [ + "--release" + "--target" + "lib/main.dart" + "--dart-define=POLYCULE_VERSION=v${version}" + "--dart-define=POLYCULE_IS_STABLE=true" + "--no-tree-shake-icons" + ]; + + postInstall = '' + # Install desktop files and icons from the source + install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop + install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png + + # Update desktop file to use correct executable name + substituteInPlace $out/share/applications/polycule.desktop \ + --replace 'Exec=business.braid.polycule' 'Exec=polycule' + + # Create a symlink with the expected name + ln -sf $out/bin/polycule $out/bin/business.braid.polycule + ''; + + meta = with lib; { + description = "A geeky and efficient [matrix] client for power users"; + longDescription = '' + Polycule is a modern Matrix client built with Flutter, designed for power users + who want a fast, efficient, and feature-rich Matrix experience. + ''; + homepage = "https://polycule.im/"; + license = licenses.eupl12; + maintainers = []; + platforms = ["x86_64-linux" "aarch64-linux"]; + sourceProvenance = with sourceTypes; [fromSource]; + mainProgram = "polycule"; + }; +} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json new file mode 100644 index 0000000..e119fa2 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json @@ -0,0 +1,2459 @@ +{ + "packages": { + "_fe_analyzer_shared": { + "dependency": "transitive", + "description": { + "name": "_fe_analyzer_shared", + "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "85.0.0" + }, + "analyzer": { + "dependency": "transitive", + "description": { + "name": "analyzer", + "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.7.1" + }, + "animations": { + "dependency": "direct main", + "description": { + "name": "animations", + "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.11" + }, + "app_links": { + "dependency": "direct main", + "description": { + "name": "app_links", + "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.4.0" + }, + "app_links_linux": { + "dependency": "transitive", + "description": { + "name": "app_links_linux", + "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "app_links_platform_interface": { + "dependency": "transitive", + "description": { + "name": "app_links_platform_interface", + "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "app_links_web": { + "dependency": "transitive", + "description": { + "name": "app_links_web", + "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.4" + }, + "archive": { + "dependency": "transitive", + "description": { + "name": "archive", + "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.7" + }, + "args": { + "dependency": "transitive", + "description": { + "name": "args", + "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.7.0" + }, + "async": { + "dependency": "direct main", + "description": { + "name": "async", + "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.13.0" + }, + "audio_session": { + "dependency": "transitive", + "description": { + "name": "audio_session", + "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "barcode": { + "dependency": "transitive", + "description": { + "name": "barcode", + "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.9" + }, + "barcode_widget": { + "dependency": "direct main", + "description": { + "name": "barcode_widget", + "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "base58check": { + "dependency": "transitive", + "description": { + "name": "base58check", + "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "blurhash_dart": { + "dependency": "direct main", + "description": { + "name": "blurhash_dart", + "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "boolean_selector": { + "dependency": "transitive", + "description": { + "name": "boolean_selector", + "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "build_cli_annotations": { + "dependency": "transitive", + "description": { + "name": "build_cli_annotations", + "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "camera": { + "dependency": "transitive", + "description": { + "name": "camera", + "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.2" + }, + "camera_android_camerax": { + "dependency": "transitive", + "description": { + "name": "camera_android_camerax", + "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.19+1" + }, + "camera_avfoundation": { + "dependency": "transitive", + "description": { + "name": "camera_avfoundation", + "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.21+1" + }, + "camera_platform_interface": { + "dependency": "transitive", + "description": { + "name": "camera_platform_interface", + "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "camera_web": { + "dependency": "transitive", + "description": { + "name": "camera_web", + "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.5" + }, + "canonical_json": { + "dependency": "transitive", + "description": { + "name": "canonical_json", + "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "characters": { + "dependency": "transitive", + "description": { + "name": "characters", + "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "checked_yaml": { + "dependency": "transitive", + "description": { + "name": "checked_yaml", + "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "cli_config": { + "dependency": "transitive", + "description": { + "name": "cli_config", + "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "cli_util": { + "dependency": "transitive", + "description": { + "name": "cli_util", + "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.2" + }, + "clock": { + "dependency": "transitive", + "description": { + "name": "clock", + "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "collection": { + "dependency": "direct main", + "description": { + "name": "collection", + "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.19.1" + }, + "convert": { + "dependency": "transitive", + "description": { + "name": "convert", + "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.2" + }, + "coverage": { + "dependency": "transitive", + "description": { + "name": "coverage", + "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.15.0" + }, + "cross_file": { + "dependency": "direct main", + "description": { + "name": "cross_file", + "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.4+2" + }, + "crypto": { + "dependency": "transitive", + "description": { + "name": "crypto", + "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "csslib": { + "dependency": "direct main", + "description": { + "name": "csslib", + "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "cupertino_http": { + "dependency": "direct main", + "description": { + "name": "cupertino_http", + "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "cupertino_icons": { + "dependency": "direct main", + "description": { + "name": "cupertino_icons", + "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.8" + }, + "dart_animated_emoji": { + "dependency": "direct main", + "description": { + "name": "dart_animated_emoji", + "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.2" + }, + "dbus": { + "dependency": "direct main", + "description": { + "name": "dbus", + "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.11" + }, + "diacritic": { + "dependency": "direct main", + "description": { + "name": "diacritic", + "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.6" + }, + "diffutil_dart": { + "dependency": "direct main", + "description": { + "name": "diffutil_dart", + "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.1" + }, + "dynamic_color": { + "dependency": "direct main", + "description": { + "name": "dynamic_color", + "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "emoji_extension": { + "dependency": "direct main", + "description": { + "name": "emoji_extension", + "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.0" + }, + "enhanced_enum": { + "dependency": "transitive", + "description": { + "name": "enhanced_enum", + "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.4" + }, + "equatable": { + "dependency": "transitive", + "description": { + "name": "equatable", + "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.7" + }, + "fake_async": { + "dependency": "transitive", + "description": { + "name": "fake_async", + "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.3" + }, + "fetch_api": { + "dependency": "transitive", + "description": { + "name": "fetch_api", + "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "fetch_client": { + "dependency": "direct main", + "description": { + "name": "fetch_client", + "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "ffi": { + "dependency": "transitive", + "description": { + "name": "ffi", + "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "file": { + "dependency": "transitive", + "description": { + "name": "file", + "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.1" + }, + "file_selector": { + "dependency": "direct main", + "description": { + "name": "file_selector", + "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "file_selector_android": { + "dependency": "transitive", + "description": { + "name": "file_selector_android", + "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1+15" + }, + "file_selector_ios": { + "dependency": "transitive", + "description": { + "name": "file_selector_ios", + "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.3+1" + }, + "file_selector_linux": { + "dependency": "transitive", + "description": { + "name": "file_selector_linux", + "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+2" + }, + "file_selector_macos": { + "dependency": "transitive", + "description": { + "name": "file_selector_macos", + "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+3" + }, + "file_selector_platform_interface": { + "dependency": "transitive", + "description": { + "name": "file_selector_platform_interface", + "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.6.2" + }, + "file_selector_web": { + "dependency": "transitive", + "description": { + "name": "file_selector_web", + "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+2" + }, + "file_selector_windows": { + "dependency": "transitive", + "description": { + "name": "file_selector_windows", + "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+4" + }, + "fixnum": { + "dependency": "transitive", + "description": { + "name": "fixnum", + "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "flutter": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_adaptive_scaffold": { + "dependency": "direct main", + "description": { + "name": "flutter_adaptive_scaffold", + "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.3+1" + }, + "flutter_confetti": { + "dependency": "direct main", + "description": { + "name": "flutter_confetti", + "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1" + }, + "flutter_driver": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_highlighting": { + "dependency": "direct main", + "description": { + "name": "flutter_highlighting", + "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "flutter_html": { + "dependency": "direct main", + "description": { + "name": "flutter_html", + "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_html_svg", + "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_table": { + "dependency": "direct main", + "description": { + "name": "flutter_html_table", + "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_keyboard_visibility": { + "dependency": "direct main", + "description": { + "name": "flutter_keyboard_visibility", + "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_keyboard_visibility_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_linux", + "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_macos": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_macos", + "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_platform_interface", + "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_web": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_web", + "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_windows", + "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_launcher_icons": { + "dependency": "direct dev", + "description": { + "name": "flutter_launcher_icons", + "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.14.4" + }, + "flutter_layout_grid": { + "dependency": "transitive", + "description": { + "name": "flutter_layout_grid", + "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.8" + }, + "flutter_lints": { + "dependency": "direct dev", + "description": { + "name": "flutter_lints", + "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications": { + "dependency": "direct main", + "description": { + "name": "flutter_local_notifications", + "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "19.4.0" + }, + "flutter_local_notifications_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_linux", + "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_platform_interface", + "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.1.0" + }, + "flutter_local_notifications_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_windows", + "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "flutter_localizations": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_openssl_crypto": { + "dependency": "direct main", + "description": { + "name": "flutter_openssl_crypto", + "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.0" + }, + "flutter_plugin_android_lifecycle": { + "dependency": "transitive", + "description": { + "name": "flutter_plugin_android_lifecycle", + "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.29" + }, + "flutter_rust_bridge": { + "dependency": "transitive", + "description": { + "name": "flutter_rust_bridge", + "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "flutter_secure_storage": { + "dependency": "direct main", + "description": { + "name": "flutter_secure_storage", + "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.0-beta.4" + }, + "flutter_secure_storage_darwin": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_darwin", + "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "flutter_secure_storage_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_linux", + "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_platform_interface", + "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_web": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_web", + "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_secure_storage_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_windows", + "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "flutter_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_svg", + "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "flutter_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_typeahead": { + "dependency": "direct main", + "description": { + "name": "flutter_typeahead", + "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.2.0" + }, + "flutter_vodozemac": { + "dependency": "direct main", + "description": { + "name": "flutter_vodozemac", + "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "flutter_web_plugins": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_zxing": { + "dependency": "direct main", + "description": { + "name": "flutter_zxing", + "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "frontend_server_client": { + "dependency": "transitive", + "description": { + "name": "frontend_server_client", + "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "fuchsia_remote_debug_protocol": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "glob": { + "dependency": "transitive", + "description": { + "name": "glob", + "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.3" + }, + "go_router": { + "dependency": "direct main", + "description": { + "name": "go_router", + "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "16.1.0" + }, + "gtk": { + "dependency": "transitive", + "description": { + "name": "gtk", + "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "highlighting": { + "dependency": "direct main", + "description": { + "name": "highlighting", + "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "html": { + "dependency": "direct main", + "description": { + "name": "html", + "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.15.6" + }, + "html_unescape": { + "dependency": "transitive", + "description": { + "name": "html_unescape", + "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "http": { + "dependency": "direct main", + "description": { + "name": "http", + "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.0" + }, + "http_parser": { + "dependency": "transitive", + "description": { + "name": "http_parser", + "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.1.2" + }, + "http_profile": { + "dependency": "transitive", + "description": { + "name": "http_profile", + "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "image": { + "dependency": "direct main", + "description": { + "name": "image", + "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.4" + }, + "image_picker": { + "dependency": "direct main", + "description": { + "name": "image_picker", + "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "image_picker_android": { + "dependency": "transitive", + "description": { + "name": "image_picker_android", + "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+25" + }, + "image_picker_for_web": { + "dependency": "transitive", + "description": { + "name": "image_picker_for_web", + "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "image_picker_ios": { + "dependency": "transitive", + "description": { + "name": "image_picker_ios", + "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+2" + }, + "image_picker_linux": { + "dependency": "transitive", + "description": { + "name": "image_picker_linux", + "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_macos": { + "dependency": "transitive", + "description": { + "name": "image_picker_macos", + "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_platform_interface": { + "dependency": "transitive", + "description": { + "name": "image_picker_platform_interface", + "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.1" + }, + "image_picker_windows": { + "dependency": "transitive", + "description": { + "name": "image_picker_windows", + "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+1" + }, + "import_sorter": { + "dependency": "direct main", + "description": { + "name": "import_sorter", + "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "integration_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "intl": { + "dependency": "direct main", + "description": { + "name": "intl", + "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.20.2" + }, + "io": { + "dependency": "transitive", + "description": { + "name": "io", + "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.5" + }, + "js": { + "dependency": "transitive", + "description": { + "name": "js", + "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.7" + }, + "json_annotation": { + "dependency": "transitive", + "description": { + "name": "json_annotation", + "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.9.0" + }, + "just_audio": { + "dependency": "direct main", + "description": { + "name": "just_audio", + "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.4" + }, + "just_audio_media_kit": { + "dependency": "direct main", + "description": { + "name": "just_audio_media_kit", + "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "just_audio_platform_interface": { + "dependency": "transitive", + "description": { + "name": "just_audio_platform_interface", + "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "just_audio_web": { + "dependency": "transitive", + "description": { + "name": "just_audio_web", + "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.16" + }, + "just_waveform": { + "dependency": "direct main", + "description": { + "name": "just_waveform", + "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.0.7" + }, + "leak_tracker": { + "dependency": "transitive", + "description": { + "name": "leak_tracker", + "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.9" + }, + "leak_tracker_flutter_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_flutter_testing", + "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.9" + }, + "leak_tracker_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_testing", + "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "linkify": { + "dependency": "direct main", + "description": { + "name": "linkify", + "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.0" + }, + "lints": { + "dependency": "transitive", + "description": { + "name": "lints", + "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "list_counter": { + "dependency": "transitive", + "description": { + "name": "list_counter", + "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "locale_names": { + "dependency": "direct main", + "description": { + "name": "locale_names", + "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "logging": { + "dependency": "transitive", + "description": { + "name": "logging", + "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "lottie": { + "dependency": "direct main", + "description": { + "name": "lottie", + "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.3.1" + }, + "markdown": { + "dependency": "transitive", + "description": { + "name": "markdown", + "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.3.0" + }, + "matcher": { + "dependency": "transitive", + "description": { + "name": "matcher", + "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.12.17" + }, + "material_color_utilities": { + "dependency": "transitive", + "description": { + "name": "material_color_utilities", + "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.1" + }, + "matrix": { + "dependency": "direct main", + "description": { + "path": ".", + "ref": "braid/msc3861-native-oidc", + "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", + "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" + }, + "source": "git", + "version": "1.1.0" + }, + "matrix_homeserver_recommendations": { + "dependency": "direct main", + "description": { + "name": "matrix_homeserver_recommendations", + "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.1" + }, + "media_kit": { + "dependency": "direct main", + "description": { + "path": "media_kit", + "ref": "braid/stub-template", + "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", + "url": "https://github.com/TheOneWithTheBraid/media-kit.git" + }, + "source": "git", + "version": "1.2.0" + }, + "media_kit_libs_android_video": { + "dependency": "direct overridden", + "description": { + "path": "libs/android/media_kit_libs_android_video", + "ref": "main", + "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", + "url": "https://github.com/Predidit/media-kit.git" + }, + "source": "git", + "version": "1.3.6" + }, + "media_kit_libs_ios_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_ios_video", + "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_linux": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_linux", + "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "media_kit_libs_macos_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_macos_video", + "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_libs_video", + "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.6" + }, + "media_kit_libs_windows_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_windows_video", + "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.11" + }, + "media_kit_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_video", + "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "media_store_plus": { + "dependency": "direct main", + "description": { + "name": "media_store_plus", + "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.3" + }, + "meta": { + "dependency": "transitive", + "description": { + "name": "meta", + "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.16.0" + }, + "mime": { + "dependency": "direct main", + "description": { + "name": "mime", + "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "objective_c": { + "dependency": "transitive", + "description": { + "name": "objective_c", + "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.1.0" + }, + "package_config": { + "dependency": "transitive", + "description": { + "name": "package_config", + "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "package_info_plus": { + "dependency": "transitive", + "description": { + "name": "package_info_plus", + "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "8.3.1" + }, + "package_info_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "package_info_plus_platform_interface", + "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "path": { + "dependency": "transitive", + "description": { + "name": "path", + "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.9.1" + }, + "path_parsing": { + "dependency": "transitive", + "description": { + "name": "path_parsing", + "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "path_provider": { + "dependency": "direct main", + "description": { + "name": "path_provider", + "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.5" + }, + "path_provider_android": { + "dependency": "transitive", + "description": { + "name": "path_provider_android", + "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.17" + }, + "path_provider_foundation": { + "dependency": "transitive", + "description": { + "name": "path_provider_foundation", + "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "path_provider_linux": { + "dependency": "transitive", + "description": { + "name": "path_provider_linux", + "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "path_provider_platform_interface": { + "dependency": "transitive", + "description": { + "name": "path_provider_platform_interface", + "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "path_provider_windows": { + "dependency": "transitive", + "description": { + "name": "path_provider_windows", + "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "petitparser": { + "dependency": "transitive", + "description": { + "name": "petitparser", + "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "platform": { + "dependency": "transitive", + "description": { + "name": "platform", + "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.6" + }, + "plugin_platform_interface": { + "dependency": "transitive", + "description": { + "name": "plugin_platform_interface", + "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.8" + }, + "pointer_interceptor": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor", + "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1+2" + }, + "pointer_interceptor_ios": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_ios", + "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "pointer_interceptor_platform_interface": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_platform_interface", + "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.0+1" + }, + "pointer_interceptor_web": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_web", + "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.3" + }, + "pool": { + "dependency": "transitive", + "description": { + "name": "pool", + "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.1" + }, + "posix": { + "dependency": "transitive", + "description": { + "name": "posix", + "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.3" + }, + "process": { + "dependency": "transitive", + "description": { + "name": "process", + "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.3" + }, + "pub_semver": { + "dependency": "transitive", + "description": { + "name": "pub_semver", + "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "qr": { + "dependency": "transitive", + "description": { + "name": "qr", + "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.2" + }, + "quiver": { + "dependency": "transitive", + "description": { + "name": "quiver", + "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "random_string": { + "dependency": "transitive", + "description": { + "name": "random_string", + "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "receive_sharing_intent": { + "dependency": "direct main", + "description": { + "name": "receive_sharing_intent", + "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "rxdart": { + "dependency": "transitive", + "description": { + "name": "rxdart", + "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.28.0" + }, + "safe_local_storage": { + "dependency": "transitive", + "description": { + "name": "safe_local_storage", + "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "screen_brightness_android": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_android", + "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "screen_brightness_platform_interface": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_platform_interface", + "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "sdp_transform": { + "dependency": "transitive", + "description": { + "name": "sdp_transform", + "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.2" + }, + "sentry": { + "dependency": "direct main", + "description": { + "name": "sentry", + "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.6.0" + }, + "share_plus": { + "dependency": "direct main", + "description": { + "name": "share_plus", + "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "11.1.0" + }, + "share_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "share_plus_platform_interface", + "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "sky_engine": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "slugify": { + "dependency": "transitive", + "description": { + "name": "slugify", + "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "source_map_stack_trace": { + "dependency": "transitive", + "description": { + "name": "source_map_stack_trace", + "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "source_maps": { + "dependency": "transitive", + "description": { + "name": "source_maps", + "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.13" + }, + "source_span": { + "dependency": "transitive", + "description": { + "name": "source_span", + "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.10.1" + }, + "sprintf": { + "dependency": "transitive", + "description": { + "name": "sprintf", + "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.0" + }, + "sqflite": { + "dependency": "direct main", + "description": { + "name": "sqflite", + "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_android": { + "dependency": "transitive", + "description": { + "name": "sqflite_android", + "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "sqflite_common": { + "dependency": "transitive", + "description": { + "name": "sqflite_common", + "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.5.6" + }, + "sqflite_common_ffi": { + "dependency": "direct main", + "description": { + "name": "sqflite_common_ffi", + "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.6" + }, + "sqflite_darwin": { + "dependency": "transitive", + "description": { + "name": "sqflite_darwin", + "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_platform_interface": { + "dependency": "transitive", + "description": { + "name": "sqflite_platform_interface", + "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.0" + }, + "sqlcipher_flutter_libs": { + "dependency": "direct main", + "description": { + "name": "sqlcipher_flutter_libs", + "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "sqlite3": { + "dependency": "transitive", + "description": { + "name": "sqlite3", + "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.9.0" + }, + "stack_trace": { + "dependency": "transitive", + "description": { + "name": "stack_trace", + "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.12.1" + }, + "stream_channel": { + "dependency": "transitive", + "description": { + "name": "stream_channel", + "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "stream_transform": { + "dependency": "transitive", + "description": { + "name": "stream_transform", + "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.1" + }, + "string_scanner": { + "dependency": "transitive", + "description": { + "name": "string_scanner", + "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.1" + }, + "sync_http": { + "dependency": "transitive", + "description": { + "name": "sync_http", + "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.1" + }, + "synchronized": { + "dependency": "transitive", + "description": { + "name": "synchronized", + "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "term_glyph": { + "dependency": "transitive", + "description": { + "name": "term_glyph", + "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2" + }, + "test_api": { + "dependency": "transitive", + "description": { + "name": "test_api", + "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.4" + }, + "test_core": { + "dependency": "transitive", + "description": { + "name": "test_core", + "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "timezone": { + "dependency": "transitive", + "description": { + "name": "timezone", + "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "tint": { + "dependency": "transitive", + "description": { + "name": "tint", + "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "tuple": { + "dependency": "transitive", + "description": { + "name": "tuple", + "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "typed_data": { + "dependency": "transitive", + "description": { + "name": "typed_data", + "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "unifiedpush": { + "dependency": "direct main", + "description": { + "name": "unifiedpush", + "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.2" + }, + "unifiedpush_android": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_android", + "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.1" + }, + "unifiedpush_platform_interface": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_platform_interface", + "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "universal_platform": { + "dependency": "transitive", + "description": { + "name": "universal_platform", + "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "unorm_dart": { + "dependency": "direct main", + "description": { + "name": "unorm_dart", + "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "uri_parser": { + "dependency": "transitive", + "description": { + "name": "uri_parser", + "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "url_launcher": { + "dependency": "direct main", + "description": { + "name": "url_launcher", + "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.2" + }, + "url_launcher_android": { + "dependency": "transitive", + "description": { + "name": "url_launcher_android", + "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.17" + }, + "url_launcher_ios": { + "dependency": "transitive", + "description": { + "name": "url_launcher_ios", + "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.3" + }, + "url_launcher_linux": { + "dependency": "transitive", + "description": { + "name": "url_launcher_linux", + "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "url_launcher_macos": { + "dependency": "transitive", + "description": { + "name": "url_launcher_macos", + "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "url_launcher_platform_interface": { + "dependency": "transitive", + "description": { + "name": "url_launcher_platform_interface", + "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.2" + }, + "url_launcher_web": { + "dependency": "transitive", + "description": { + "name": "url_launcher_web", + "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "url_launcher_windows": { + "dependency": "transitive", + "description": { + "name": "url_launcher_windows", + "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.4" + }, + "uuid": { + "dependency": "transitive", + "description": { + "name": "uuid", + "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.1" + }, + "vector_graphics": { + "dependency": "transitive", + "description": { + "name": "vector_graphics", + "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.19" + }, + "vector_graphics_codec": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_codec", + "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.13" + }, + "vector_graphics_compiler": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_compiler", + "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.17" + }, + "vector_math": { + "dependency": "transitive", + "description": { + "name": "vector_math", + "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "visibility_detector": { + "dependency": "direct main", + "description": { + "name": "visibility_detector", + "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.0+2" + }, + "vm_service": { + "dependency": "transitive", + "description": { + "name": "vm_service", + "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "15.0.0" + }, + "vodozemac": { + "dependency": "direct main", + "description": { + "name": "vodozemac", + "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "volume_controller": { + "dependency": "transitive", + "description": { + "name": "volume_controller", + "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "wakelock_plus": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus", + "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.2" + }, + "wakelock_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus_platform_interface", + "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.3" + }, + "watcher": { + "dependency": "transitive", + "description": { + "name": "watcher", + "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "web": { + "dependency": "direct main", + "description": { + "name": "web", + "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "web_multiple_tab_detector": { + "dependency": "direct main", + "description": { + "name": "web_multiple_tab_detector", + "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.0" + }, + "web_socket": { + "dependency": "transitive", + "description": { + "name": "web_socket", + "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.1" + }, + "webdriver": { + "dependency": "transitive", + "description": { + "name": "webdriver", + "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.0" + }, + "webrtc_interface": { + "dependency": "transitive", + "description": { + "name": "webrtc_interface", + "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2+hotfix.2" + }, + "win32": { + "dependency": "transitive", + "description": { + "name": "win32", + "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.14.0" + }, + "xdg_directories": { + "dependency": "transitive", + "description": { + "name": "xdg_directories", + "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "xml": { + "dependency": "transitive", + "description": { + "name": "xml", + "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.5.0" + }, + "yaml": { + "dependency": "transitive", + "description": { + "name": "yaml", + "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.3" + } + }, + "sdks": { + "dart": ">=3.8.0 <4.0.0", + "flutter": ">=3.29.0" + } +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 79f3351..68e5c71 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -38,5 +38,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix + ./polycule.nix ]; } diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix new file mode 100644 index 0000000..a7004bd --- /dev/null +++ b/modules/home-manager-modules/programs/polycule.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.polycule = { + enable = lib.mkEnableOption "enable polycule matrix client"; + package = lib.mkPackageOption pkgs "polycule" {}; + }; + + config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ + { + home.packages = [ + config.programs.polycule.package + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + # TODO: check that these are actually the correct folders + # directories = [ + # "${config.xdg.configHome}/polycule" + # "${config.xdg.dataHome}/polycule" + # "${config.xdg.cacheHome}/polycule" + # ]; + }; + } + ) + ]); +} From d4615fc4354c0e9c824a10485d096123ce34b32c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:51:20 -0500 Subject: [PATCH 192/374] chore: updated README --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e94eb58..dc74557 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli -- graphana accessible though tailscale \ No newline at end of file +- graphana accessible though tailscale +- fix polycule package +- fix panoramax package +- actual instance +- intergrade radarr, sonarr, and bazarr \ No newline at end of file From 21edda5fe6eb75680abf3f4d478b00c006e845b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:55:49 -0500 Subject: [PATCH 193/374] feat: added auto aproval for nixos mcp server settings --- README.md | 3 ++- .../home-manager/leyla/packages/vscode/default.nix | 13 ++++++++++++- .../programs/vscode/claudeDev.nix | 9 +++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dc74557..d0cda10 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - fix polycule package - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr \ No newline at end of file +- intergrade radarr, sonarr, and bazarr +- claude code MCP servers should bundle node with them so they work in all environments diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 981156b..ba9e48a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -71,7 +71,18 @@ in { claudeDev = lib.mkIf ai-tooling-enabled { enable = true; mcp = { - nixos.enable = true; + nixos = { + enable = true; + autoApprove = { + nixos_search = true; + nixos_info = true; + home_manager_search = true; + home_manager_info = true; + darwin_search = true; + darwin_info = true; + nixos_flakes_search = true; + }; + }; eslint = { enable = true; autoApprove = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index cebf614..ffeaff3 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -72,6 +72,15 @@ in { mcp = { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + autoApprove = { + nixos_search = lib.mkEnableOption "should the nixos_search tool be auto approved for the nixos MCP server"; + nixos_info = lib.mkEnableOption "should the nixos_info tool be auto approved for the nixos MCP server"; + home_manager_search = lib.mkEnableOption "should the home_manager_search tool be auto approved for the nixos MCP server"; + home_manager_info = lib.mkEnableOption "should the home_manager_info tool be auto approved for the nixos MCP server"; + darwin_search = lib.mkEnableOption "should the darwin_search tool be auto approved for the nixos MCP server"; + darwin_info = lib.mkEnableOption "should the darwin_info tool be auto approved for the nixos MCP server"; + nixos_flakes_search = lib.mkEnableOption "should the nixos_flakes_search tool be auto approved for the nixos MCP server"; + }; }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; From c9bb9380b510ec0c9f50cf631e04e6170e866499 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 15:45:21 -0500 Subject: [PATCH 194/374] feat: fixed vpn on defiant --- .../nixos/defiant/configuration.nix | 108 ++++++++++++------ 1 file changed, 70 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 401173e..b16036b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,23 +132,24 @@ }; }; - # "20-wg0" = { - # netdevConfig = { - # Kind = "wireguard"; - # Name = "wg0"; - # }; - # wireguardConfig = { - # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - # ListenPort = 51820; - # }; - # wireguardPeers = [ - # { - # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - # Endpoint = "185.230.126.146:51820"; - # AllowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; + "20-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + }; + wireguardPeers = [ + { + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + # Allow all traffic but use policy routing to prevent system-wide VPN + AllowedIPs = ["0.0.0.0/0"]; + } + ]; + }; }; networks = { "40-bond0" = { @@ -163,36 +164,67 @@ "192.168.1.10/32" ]; - gateway = ["192.168.1.1"]; + # Set lower priority for default gateway to allow WireGuard interface binding + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = "192.168.1.1"; + Metric = 100; + } + ]; dns = ["192.168.1.1"]; }; - # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip - # debugging steps: - # try sending data on the interface `ping -I wg0 8.8.8.8` - # view all traffic on the interface `sudo tshark -i wg0` - # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` - # "50-wg0" = { - # matchConfig.Name = "wg0"; - # networkConfig = { - # DHCP = "no"; - # }; - # address = [ - # "10.2.0.2/32" - # ]; - # # routes = [ - # # { - # # Destination = "10.2.0.2/32"; - # # Gateway = "10.2.0.1"; - # # } - # # ]; - # }; + "50-wg0" = { + matchConfig.Name = "wg0"; + networkConfig = { + DHCP = "no"; + }; + address = [ + "10.2.0.2/32" + ]; + # Configure routing for application binding + routingPolicyRules = [ + { + # Route traffic from VPN interface through VPN table + From = "10.2.0.2/32"; + Table = 200; + Priority = 100; + } + ]; + routes = [ + { + # Direct route to VPN gateway + Destination = "10.2.0.1/32"; + Scope = "link"; + } + { + # Route VPN subnet through VPN gateway in custom table + Destination = "10.2.0.0/16"; + Gateway = "10.2.0.1"; + Table = 200; + } + { + # Route all traffic through VPN gateway in custom table + Destination = "0.0.0.0/0"; + Gateway = "10.2.0.1"; + Table = 200; + } + ]; + }; }; }; # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + # Enable policy routing and source routing for application-specific VPN binding + boot.kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.wg0.rp_filter" = 2; + }; + services = { # temp enable desktop environment for setup # Enable the X11 windowing system. From 03149db7ea58095fba9712d23e8e4e7179e69643 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 17:53:07 -0500 Subject: [PATCH 195/374] build: updated flake lock --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b5607f6..080c221 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759291409, - "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", + "lastModified": 1759403080, + "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", + "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", "type": "gitlab" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1759284197, - "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", + "lastModified": 1759369908, + "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", + "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { From 2c918478abf29afc9e4a64bf59679fbee4c250e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 18:53:32 -0500 Subject: [PATCH 196/374] feat: enabled filebot-cleanup task --- configurations/nixos/defiant/configuration.nix | 15 ++++++++++++++- configurations/nixos/defiant/filebot.nix | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b16036b..9fbdee6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,9 +351,22 @@ }; filebot-cleanup = { - enable = false; + enable = true; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; + + sonarr = { + enable = false; + openFirewall = true; + }; + radarr = { + enable = false; + openFirewall = true; + }; + bazarr = { + enable = false; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index 77d81bd..c6153f9 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -52,8 +52,8 @@ in { ${optionalString (cfg.licenseFile != null) '' ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate ''; StandardOutput = "journal"; StandardError = "journal"; From 7483c2c01c320a7c46a4add634cc90af2e8c9a9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 13:59:12 -0500 Subject: [PATCH 197/374] feat: fixed polyclue package --- configurations/home-manager/leyla/packages/default.nix | 4 ++-- modules/common-modules/pkgs/polycule/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index a6da7f5..5bccad3 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,8 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is currently broken - polycule.enable = false; + # polycule package is now working with Flutter 3.29 + polycule.enable = true; }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index d092897..28c51fc 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -1,6 +1,6 @@ { lib, - flutter329, + flutter332, fetchFromGitLab, pkg-config, wrapGAppsHook, @@ -44,7 +44,7 @@ libva, libvdpau, }: -flutter329.buildFlutterApplication rec { +flutter332.buildFlutterApplication rec { pname = "polycule"; version = "0.3.0"; From bc705098d65a4366dd2458492b55d8996f1437e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 14:23:26 -0500 Subject: [PATCH 198/374] chore: removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d0cda10..c952fbf 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale -- fix polycule package - fix panoramax package - actual instance - intergrade radarr, sonarr, and bazarr From 2935d43bcb34aca22a0221be1736e47bd2971dff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 21:10:20 -0500 Subject: [PATCH 199/374] feat: moved filebot cleanup to jellyfin persistence --- configurations/nixos/defiant/filebot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index c6153f9..aaf247d 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -62,7 +62,7 @@ in { }; environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/filebot_cleanup" = { + "/persist/system/jellyfin" = { enable = true; hideMounts = true; files = [ From 0730cc6594cdd9a3a66add42021de16c4ba9d220 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 11:15:53 -0500 Subject: [PATCH 200/374] feat: updated polycule package --- modules/common-modules/pkgs/polycule/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index 28c51fc..b463cc5 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -46,19 +46,19 @@ }: flutter332.buildFlutterApplication rec { pname = "polycule"; - version = "0.3.0"; + version = "0.3.4"; src = fetchFromGitLab { owner = "polycule_client"; repo = "polycule"; rev = "v${version}"; - hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; }; pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; gitHashes = { - matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; }; From 884d11d0a36c5b05a29deddad32a1a9e503ba201 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 12:12:45 -0500 Subject: [PATCH 201/374] chore: updated host map in README --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c952fbf..acaa6e7 100644 --- a/README.md +++ b/README.md @@ -7,19 +7,19 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Hosts ## Host Map -| Hostname | Device Description | Primary User | Role | -| :---------: | :------------------------: | :--------------: | :-------: | -| `twilight` | Desktop Computer | Leyla | Desktop | -| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Server | -| `hesperium` | Mac | ????? | ??? | -| `emergent` | Desktop Computer | Eve | Desktop | -| `threshold` | Laptop | Eve | Laptop | -| `wolfram` | Steam Deck | House | Handheld | -| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | -| `shale` | A6 Tablet (not using nix) | Eve | Tablet | -| `coven` | Pixel 8 (not using nix) | Leyla | Android | +| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix | +| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ | +| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ | +| `hesperium` | Mac | ????? | Mac | ❌ | ❌ | +| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ | +| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ | +| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ | +| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ | +| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ | +| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ | +| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ | # Tooling ## Rebuilding From 44922dfcd589116c996bf054e7951a020b06294e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Oct 2025 14:58:41 -0500 Subject: [PATCH 202/374] feat: re enabled lix --- flake.lock | 90 ++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 8 ++--- util/default.nix | 4 +-- 3 files changed, 94 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 080c221..5be844f 100644 --- a/flake.lock +++ b/flake.lock @@ -111,6 +111,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -146,10 +179,47 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1759624822, + "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", + "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756511062, + "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "ref": "refs/heads/main", + "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", + "revCount": 162, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + } + }, "mcp-nixos": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,7 +281,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -285,6 +355,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", @@ -360,6 +431,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 151a54b..ddf92ce 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 5b61779..fb2f83d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 76d3c488db0c7468e7a9c47ebcfe9b6ac9cd0984 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 8 Oct 2025 13:05:08 -0500 Subject: [PATCH 203/374] feat: pinned mapilary version downloader feat: created user ivy --- configurations/home-manager/default.nix | 1 + configurations/home-manager/ivy/default.nix | 55 ++++++++++++++ configurations/home-manager/ivy/packages.nix | 73 +++++++++++++++++++ .../nixos/horizon/configuration.nix | 1 + flake.lock | 8 +- .../pkgs/mapillary-uploader.nix | 4 +- modules/nixos-modules/users.nix | 30 ++++++++ modules/system-modules/users.nix | 5 ++ nix-config-secrets | 2 +- 9 files changed, 172 insertions(+), 7 deletions(-) create mode 100644 configurations/home-manager/ivy/default.nix create mode 100644 configurations/home-manager/ivy/packages.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index a7fa478..3f88481 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -8,5 +8,6 @@ in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix new file mode 100644 index 0000000..48a3cae --- /dev/null +++ b/configurations/home-manager/ivy/default.nix @@ -0,0 +1,55 @@ +{osConfig, ...}: let + userConfig = osConfig.host.users.ivy; +in { + imports = [ + ./packages.nix + ]; + + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.ivy.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + }; +} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix new file mode 100644 index 0000000..3c2a3d9 --- /dev/null +++ b/configurations/home-manager/ivy/packages.nix @@ -0,0 +1,73 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + config = { + nixpkgs.config = { + allowUnfree = true; + }; + + # Programs that need to be installed with some extra configuration + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + # git = { + # enable = true; + # userName = "Ivy"; + # userEmail = "ivy@example.com"; # Update this with actual email + # extraConfig.init.defaultBranch = "main"; + # }; + + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf config.user.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + extraExtensions = { + # Cline extension (Claude AI assistant) + claudeDev.enable = true; + # Auto Rename Tag + autoRenameTag.enable = true; + # Live Server + liveServer.enable = true; + }; + + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ + streetsidesoftware.code-spell-checker + ] + ); + }; + }; + + firefox.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + claude-code.enable = true; + }) + ]; + }; +} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 731c6b0..0e86fe7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -32,6 +32,7 @@ isPrincipleUser = true; }; eve.isDesktopUser = true; + ivy.isDesktopUser = true; }; hardware = { diff --git a/flake.lock b/flake.lock index 5be844f..9309105 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1752531440, - "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", + "lastModified": 1759945215, + "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", "ref": "refs/heads/main", - "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", - "revCount": 20, + "rev": "444229a105445339fb028d15a8d866063c5f8141", + "revCount": 21, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 3ab38f8..7ce24f2 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -4,10 +4,10 @@ appimageTools, }: let pname = "mapillary-uploader"; - version = "4.7.2"; # Based on the application output + version = "4.7.2"; src = fetchurl { - url = "https://tools.mapillary.com/uploader/download/linux"; + url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index db7d4ab..137ae4b 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -15,6 +15,7 @@ uids = { leyla = 1000; eve = 1002; + ivy = 1004; jellyfin = 2000; forgejo = 2002; hass = 2004; @@ -33,6 +34,7 @@ gids = { leyla = 1000; eve = 1002; + ivy = 1004; users = 100; jellyfin_media = 2001; jellyfin = 2000; @@ -53,6 +55,7 @@ users = config.users.users; leyla = users.leyla.name; eve = users.eve.name; + ivy = users.ivy.name; in { config = lib.mkMerge [ { @@ -90,6 +93,10 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; + "passwords/ivy" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -123,6 +130,19 @@ in { group = config.users.users.eve.name; }; + ivy = { + uid = lib.mkForce uids.ivy; + name = lib.mkForce host.users.ivy.name; + description = "Ivy"; + extraGroups = + lib.optionals host.users.ivy.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); + hashedPasswordFile = config.sops.secrets."passwords/ivy".path; + isNormalUser = host.users.ivy.isNormalUser; + isSystemUser = !host.users.ivy.isNormalUser; + group = config.users.users.ivy.name; + }; + jellyfin = { uid = lib.mkForce uids.jellyfin; isSystemUser = true; @@ -218,11 +238,19 @@ in { ]; }; + ivy = { + gid = lib.mkForce gids.ivy; + members = [ + ivy + ]; + }; + users = { gid = lib.mkForce gids.users; members = [ leyla eve + ivy ]; }; @@ -235,6 +263,7 @@ in { users.bazarr.name leyla eve + ivy ]; }; @@ -268,6 +297,7 @@ in { users.syncthing.name leyla eve + ivy ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index cd9c900..dda9ed3 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -89,6 +89,11 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; + ivy = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; }; assertions = diff --git a/nix-config-secrets b/nix-config-secrets index f016767..444229a 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 +Subproject commit 444229a105445339fb028d15a8d866063c5f8141 From 32c7086394cdffc9237792a6bed0c977e0e040fb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:06:54 -0500 Subject: [PATCH 204/374] feat: added display scaling for eve --- configurations/home-manager/eve/gnomeconf.nix | 30 +++++++++++++++---- modules/home-manager-modules/gnome.nix | 19 ++++++++++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index fbad391..ac063d8 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,12 +1,30 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + lib, + ... +}: { config = { + gnome = lib.mkMerge [ + { + colorScheme = "prefer-dark"; + accentColor = "slate"; + extraWindowControls = true; + extensions = [ + pkgs.gnomeExtensions.dash-to-panel + ]; + } + + (lib.mkIf (osConfig.networking.hostName == "horizon") { + displayScaling = 125; + experimentalFeatures = { + scaleMonitorFramebuffer = true; + }; + }) + ]; + dconf = { enable = true; - settings = { - "org/gnome/shell".enabled-extensions = [ - pkgs.gnomeExtensions.dash-to-panel.extensionUuid - ]; - }; }; }; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 8c70cf6..ede189b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -60,6 +60,20 @@ })); default = {}; }; + displayScaling = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]); + default = null; + description = "Display scaling percentage for GNOME"; + }; + experimentalFeatures = lib.mkOption { + type = lib.types.submodule { + options = { + scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature"; + }; + }; + default = {}; + description = "GNOME experimental features to enable"; + }; }; config = { @@ -77,6 +91,11 @@ "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; + "org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0); + + "org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) ( + lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" + ); } ( lib.mkMerge ( From c81fa77a2959315e16e68412505e092cc550e26f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:26:24 -0500 Subject: [PATCH 205/374] feat: simplified gnome configurations with more options --- configurations/home-manager/eve/gnomeconf.nix | 9 ++-- configurations/home-manager/leyla/dconf.nix | 29 +++++++------ modules/home-manager-modules/gnome.nix | 43 +++++++++++++++++-- 3 files changed, 61 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index ac063d8..7cfb8fd 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, lib, ... @@ -10,9 +9,11 @@ colorScheme = "prefer-dark"; accentColor = "slate"; extraWindowControls = true; - extensions = [ - pkgs.gnomeExtensions.dash-to-panel - ]; + extensions = { + dash-to-panel = { + enable = true; + }; + }; } (lib.mkIf (osConfig.networking.hostName == "horizon") { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ef75db6..8c8d553 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,31 +1,36 @@ -{pkgs, ...}: { +{...}: { config = { gnome = { extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; - extensions = [ - pkgs.gnomeExtensions.dash-to-dock - ]; + extensions = { + dash-to-dock = { + enable = true; + options = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + }; + }; hotkeys = { "Open Terminal" = { binding = "t"; command = "kgx"; }; + "Open Firefox" = { + binding = "f"; + command = "firefox"; + }; }; }; dconf = { enable = true; settings = { - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ede189b..fa80eb2 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -1,8 +1,14 @@ { lib, config, + pkgs, ... -}: { +}: let + enabledExtensions = + [] + ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock + ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; +in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; clockFormat = lib.mkOption { @@ -34,7 +40,7 @@ ]; default = "blue"; }; - extensions = lib.mkOption { + extraExtensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; description = "The set of extensions to install and enable in the user environment."; @@ -74,16 +80,36 @@ default = {}; description = "GNOME experimental features to enable"; }; + + extensions = { + dash-to-dock = { + enable = lib.mkEnableOption "Dash to Dock extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Dock configuration options. If null, no custom configuration will be applied."; + }; + }; + + dash-to-panel = { + enable = lib.mkEnableOption "Dash to Panel extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Panel configuration options. If null, no custom configuration will be applied."; + }; + }; + }; }; config = { - home.packages = config.gnome.extensions; + home.packages = config.gnome.extraExtensions ++ enabledExtensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; @@ -119,6 +145,15 @@ ) ) ) + + # Extension configurations + (lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) { + "org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options; + }) + + (lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) { + "org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options; + }) ]; }; }; From ee6d48fe4926ffcff13efbaefbbc932a47503938 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:34:16 -0500 Subject: [PATCH 206/374] feat: added night light as a dconf option --- configurations/home-manager/eve/gnomeconf.nix | 8 ++++ configurations/home-manager/leyla/dconf.nix | 7 ++++ modules/home-manager-modules/gnome.nix | 41 +++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index 7cfb8fd..7cd3863 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -8,6 +8,14 @@ { colorScheme = "prefer-dark"; accentColor = "slate"; + clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extraWindowControls = true; extensions = { dash-to-panel = { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 8c8d553..9aa61f7 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,13 @@ extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extensions = { dash-to-dock = { enable = true; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index fa80eb2..d2ee3b7 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -81,6 +81,36 @@ in { description = "GNOME experimental features to enable"; }; + nightLight = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "night light (blue light filter)"; + automatic = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically schedule night light based on sunset/sunrise"; + }; + fromTime = lib.mkOption { + type = lib.types.float; + default = 20.0; + description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)"; + }; + toTime = lib.mkOption { + type = lib.types.float; + default = 6.0; + description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)"; + }; + temperature = lib.mkOption { + type = lib.types.int; + default = 4000; + description = "Color temperature for night light (1000-10000K, lower is warmer)"; + }; + }; + }; + default = {}; + description = "Night light configuration"; + }; + extensions = { dash-to-dock = { enable = lib.mkEnableOption "Dash to Dock extension"; @@ -123,6 +153,17 @@ in { lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" ); } + + # Night light configuration + (lib.mkIf config.gnome.nightLight.enable { + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = true; + night-light-schedule-automatic = config.gnome.nightLight.automatic; + night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime; + night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime; + night-light-temperature = config.gnome.nightLight.temperature; + }; + }) ( lib.mkMerge ( builtins.map (value: let From a51a364ce9e2cc31052461bf7b93cc435ded73c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Oct 2025 21:10:40 -0500 Subject: [PATCH 207/374] fix: enabled extensions installed via config options --- modules/home-manager-modules/gnome.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index d2ee3b7..ab56189 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -8,6 +8,8 @@ [] ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; + + extensions = config.gnome.extraExtensions ++ enabledExtensions; in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; @@ -133,13 +135,13 @@ in { }; config = { - home.packages = config.gnome.extraExtensions ++ enabledExtensions; + home.packages = extensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; From 6d5a07e08f0e170e36edce00ad33268638eeef86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:36:48 -0500 Subject: [PATCH 208/374] feat: refactored impermanence to be enableable for users on a system --- .../home-manager/leyla/impermanence.nix | 3 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 31 +++++++++++++++++++ modules/home-manager-modules/openssh.nix | 2 +- .../programs/bitwarden.nix | 3 +- .../home-manager-modules/programs/bruno.nix | 3 +- .../home-manager-modules/programs/calibre.nix | 3 +- .../programs/davinci-resolve.nix | 3 +- .../home-manager-modules/programs/dbeaver.nix | 3 +- .../home-manager-modules/programs/discord.nix | 3 +- .../home-manager-modules/programs/firefox.nix | 3 +- .../home-manager-modules/programs/freecad.nix | 3 +- .../home-manager-modules/programs/gimp.nix | 3 +- .../home-manager-modules/programs/idea.nix | 2 +- .../programs/inkscape.nix | 3 +- .../home-manager-modules/programs/krita.nix | 3 +- .../programs/libreoffice.nix | 3 +- .../home-manager-modules/programs/makemkv.nix | 3 +- modules/home-manager-modules/programs/obs.nix | 3 +- .../programs/obsidian.nix | 3 +- .../home-manager-modules/programs/picard.nix | 3 +- .../programs/polycule.nix | 3 +- .../programs/prostudiomasters.nix | 3 +- .../programs/protonvpn.nix | 3 +- .../programs/qbittorrent.nix | 3 +- .../programs/qflipper.nix | 3 +- .../home-manager-modules/programs/signal.nix | 3 +- .../home-manager-modules/programs/steam.nix | 3 +- .../programs/tor-browser.nix | 3 +- .../programs/ungoogled-chromium.nix | 3 +- .../server/panoramax/impermanence.nix | 3 +- 31 files changed, 61 insertions(+), 56 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 041bff8..ce81c81 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf osConfig.host.impermanence.enable { + config = lib.mkIf (config.impermanence.enable) { home.persistence."/persist/home/leyla" = { directories = [ "desktop" diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 4c085a5..29d3414 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -5,6 +5,7 @@ ./user.nix ./flipperzero.nix ./i18n.nix + ./impermanence.nix ./openssh.nix ./gnome.nix ./programs diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 0000000..dc9eae9 --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + osConfig, + ... +}: let + cfg = config.impermanence; +in { + options.impermanence = { + enable = lib.mkEnableOption "impermanence for home directory"; + }; + + config = lib.mkMerge [ + (lib.mkIf config.impermanence.enable { + assertions = [ + { + assertion = osConfig.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + } + ]; + }) + (lib.mkIf osConfig.host.impermanence.enable { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + directories = ["."]; + allowOther = true; + }; + }) + ]; +} diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 9d77d10..afc98dd 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -95,7 +95,7 @@ ); } ) - (lib.mkIf osConfig.host.impermanence.enable { + (lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b9b91c4..5c14068 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bitwarden = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Bitwarden" diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 00b248f..8ad5e63 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bruno = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/bruno/" diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 9e5f34e..dbe6e2b 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.calibre = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/calibre" diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 00ba525..6c4526f 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.davinci-resolve = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index a962459..8b6c41a 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.dbeaver-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index e8605a5..d5d7192 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.discord = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/discord/" diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 907b619..8841887 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,7 +1,6 @@ { lib, config, - osConfig, ... }: let buildProfilePersistence = profile: { @@ -26,7 +25,7 @@ allowOther = true; }; in { - config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index ec17205..89668de 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.freecad = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/FreeCAD" diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 428068e..925a2d9 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gimp = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/GIMP" diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f0a928c..73484ae 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index facb08f..a26ddec 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.inkscape = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/inkscape" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index d662251..3ba5560 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.krita = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/kritarc" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index b61ea58..93163e7 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.libreoffice = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/libreoffice" diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index eca059d..e92c3d3 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.makemkv = { @@ -30,7 +29,7 @@ home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ ".MakeMKV" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 98c4fea..5c2d3c2 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { # TODO: map impermanence for obs } ) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 4d28b3e..824563d 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/obsidian" diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index d2c1fe2..bc37b86 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.picard = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix index a7004bd..d0aea2a 100644 --- a/modules/home-manager-modules/programs/polycule.nix +++ b/modules/home-manager-modules/programs/polycule.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.polycule = { @@ -17,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { # TODO: check that these are actually the correct folders # directories = [ diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 9e6088f..5345169 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.prostudiomasters = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index dd11aae..513a610 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.protonvpn-gui = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/protonvpn" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 02e23df..61d13c0 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qbittorrent = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qBittorrent" diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index abc2442..8b42766 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qflipper = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qFlipper" diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index fdf0af9..7db23a7 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.signal-desktop-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Signal" diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 4661151..fd98cb6 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.steam = { @@ -18,7 +17,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ { diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index 2c58578..c3b085d 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.tor-browser = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/torbrowser" diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 5b52cd6..ef6a881 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.ungoogled-chromium = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 011c322..41b1401 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax From 80ad498f9405245e7ae2277cea474ab71b2a5f7e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:40:02 -0500 Subject: [PATCH 209/374] style: removed unused vars --- modules/home-manager-modules/programs/gdx-liftoff.nix | 1 - modules/home-manager-modules/programs/idea.nix | 1 - modules/home-manager-modules/programs/mfoc.nix | 1 - modules/home-manager-modules/programs/noisetorch.nix | 1 - modules/home-manager-modules/programs/onionshare.nix | 1 - modules/home-manager-modules/programs/openrgb.nix | 1 - modules/home-manager-modules/programs/openvpn.nix | 1 - modules/home-manager-modules/programs/pdfarranger.nix | 1 - modules/home-manager-modules/programs/piper.nix | 1 - modules/home-manager-modules/programs/proxmark3.nix | 1 - modules/home-manager-modules/programs/via.nix | 1 - 11 files changed, 11 deletions(-) diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix index b29230d..4440831 100644 --- a/modules/home-manager-modules/programs/gdx-liftoff.nix +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gdx-liftoff = { diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 73484ae..e59e7b2 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.jetbrains.idea-community = { diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix index 7b92007..6006c9b 100644 --- a/modules/home-manager-modules/programs/mfoc.nix +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.mfoc = { diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix index c53e3a9..4b42638 100644 --- a/modules/home-manager-modules/programs/noisetorch.nix +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.noisetorch = { diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix index ed1903d..475f993 100644 --- a/modules/home-manager-modules/programs/onionshare.nix +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.onionshare = { diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 0260c91..ab156a6 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openrgb = { diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix index 814c16d..dcd499c 100644 --- a/modules/home-manager-modules/programs/openvpn.nix +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openvpn = { diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix index d4e33b5..9246efd 100644 --- a/modules/home-manager-modules/programs/pdfarranger.nix +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.pdfarranger = { diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix index ec0d887..3ed25fd 100644 --- a/modules/home-manager-modules/programs/piper.nix +++ b/modules/home-manager-modules/programs/piper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.piper = { diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix index ad1e298..656be19 100644 --- a/modules/home-manager-modules/programs/proxmark3.nix +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.proxmark3 = { diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 0b79452..41918c8 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.via = { From 75dcac8d178660c905054862f1bc3d863d92890d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 16:51:26 -0500 Subject: [PATCH 210/374] feat: drafted out open dyslexic font for vscode --- configurations/home-manager/leyla/default.nix | 1 - .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/default.nix | 1 + .../programs/vscode/openDyslexicFont.nix | 48 +++++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/vscode/openDyslexicFont.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 6d759c5..eba7f7b 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -87,7 +87,6 @@ # TODO: move this into a fonts module home.packages = with pkgs; [ aileron - nerd-fonts.open-dyslexic ]; fonts.fontconfig.enable = true; }; diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index ba9e48a..9d1b6c6 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -40,6 +40,8 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; + # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways + openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 85f4a62..8f366fe 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -23,5 +23,6 @@ ./vitest.nix ./direnv.nix ./conventionalCommits.nix + ./openDyslexicFont.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix new file mode 100644 index 0000000..acfb79c --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openDyslexicFont = { + enable = lib.mkEnableOption "should OpenDyslexic font be set as the default font for VSCode"; + package = lib.mkPackageOption pkgs "nerd-fonts.open-dyslexic" { + default = ["nerd-fonts" "open-dyslexic"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { + userSettings = { + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontSize" = 14; + }; + }; + })); + }; + + config = let + enabledProfiles = + lib.filter (profile: profile.extraExtensions.openDyslexicFont.enable or false) + (lib.attrValues config.programs.vscode.profiles); + + anyProfileUsesOpenDyslexicFont = enabledProfiles != []; + + fontPackages = lib.unique (map (profile: profile.extraExtensions.openDyslexicFont.package) enabledProfiles); + in { + # Ensure OpenDyslexic font packages are installed when any VSCode profile uses them + home.packages = fontPackages; + + fonts.fontconfig.enable = lib.mkIf anyProfileUsesOpenDyslexicFont true; + + # Add assertion to ensure the fonts are available + assertions = + map (fontPkg: { + assertion = lib.elem fontPkg config.home.packages; + message = "OpenDyslexic font package '${fontPkg.name or "unknown"}' must be installed when using openDyslexicFont extension for VSCode."; + }) + fontPackages; + }; +} From d87462981e7e420b011da9629a4fd4668af6513e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:00:30 -0500 Subject: [PATCH 211/374] feat: enabled open dyslexia --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9d1b6c6..cf40c50 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,6 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; + "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -40,8 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways - openDyslexicFont.enable = false; + openDyslexicFont.enable = true; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index acfb79c..3c7b609 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -16,7 +16,7 @@ }; config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { userSettings = { - "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; }; }; From c953571f2fab93e184bc24573f7d83f01e526fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:11:59 -0500 Subject: [PATCH 212/374] feat: decrease letter spacing on open dyslexia vscode --- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index 3c7b609..f1f6215 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -18,6 +18,7 @@ userSettings = { "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; + "editor.letterSpacing" = -0.3; }; }; })); From 352ca6fccf574d645ec3b71efb5c36ba5d00c9e8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 19:30:33 -0500 Subject: [PATCH 213/374] feat: disabled open dyslexic --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index cf40c50..fd72006 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,7 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; - "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; + # "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -41,7 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - openDyslexicFont.enable = true; + # openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; From f02cb085700a75f4a7751aa173b19ee6aef97f76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 16 Oct 2025 23:29:37 -0500 Subject: [PATCH 214/374] feat: disabled filebot-cleanup --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9fbdee6..5dde395 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,7 +351,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; From e895fa5eddd9d5d5cceb64fed08321dd56d14cfc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 13:15:41 -0500 Subject: [PATCH 215/374] feat: removed filebot --- .../nixos/defiant/configuration.nix | 11 +-- configurations/nixos/defiant/default.nix | 1 - configurations/nixos/defiant/filebot.nix | 82 ------------------- 3 files changed, 3 insertions(+), 91 deletions(-) delete mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5dde395..03dff03 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -350,21 +350,16 @@ webuiPort = 8084; }; - filebot-cleanup = { - enable = false; - licenseFile = "/srv/jellyfin/filebot_license.psm"; - }; - sonarr = { - enable = false; + enable = true; openFirewall = true; }; radarr = { - enable = false; + enable = true; openFirewall = true; }; bazarr = { - enable = false; + enable = true; openFirewall = true; }; }; diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 05975a1..3013946 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,6 +4,5 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix - ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix deleted file mode 100644 index aaf247d..0000000 --- a/configurations/nixos/defiant/filebot.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.filebot-cleanup; -in { - options.services.filebot-cleanup = { - enable = mkEnableOption "Filebot cleanup service"; - - licenseFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to the Filebot license file"; - }; - - cleanupDirectory = mkOption { - type = types.str; - default = "/srv/jellyfin/filebot_cleanup"; - description = "Directory where cleaned up media files are stored"; - }; - }; - - config = mkIf cfg.enable { - users.groups.filebot_cleanup = {}; - users.users.filebot_cleanup = { - isSystemUser = true; - group = "filebot_cleanup"; - extraGroups = ["jellyfin_media"]; - home = cfg.cleanupDirectory; - createHome = true; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - - environment.systemPackages = with pkgs; [ - filebot - ]; - - systemd.services.filebot-cleanup = { - description = "Filebot media cleanup service"; - serviceConfig = { - Type = "simple"; - User = "filebot_cleanup"; - Group = "filebot_cleanup"; - ExecStart = pkgs.writeShellScript "filebot-cleanup" '' - ${optionalString (cfg.licenseFile != null) '' - ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" - ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ''; - StandardOutput = "journal"; - StandardError = "journal"; - }; - wantedBy = ["multi-user.target"]; - }; - - environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - files = [ - cfg.licenseFile - ]; - directories = [ - { - directory = cfg.cleanupDirectory; - user = "filebot_cleanup"; - group = "filebot_cleanup"; - mode = "1770"; - } - ]; - }; - }; - }; -} From 6afdcce9512b6718b00a6f39e2c2ca3d12cc658c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 14:58:49 -0500 Subject: [PATCH 216/374] feat: installed jackett --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/jackett/default.nix | 6 ++++ .../server/jackett/impermanence.nix | 26 +++++++++++++++++ .../nixos-modules/server/jackett/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 65 insertions(+) create mode 100644 modules/nixos-modules/server/jackett/default.nix create mode 100644 modules/nixos-modules/server/jackett/impermanence.nix create mode 100644 modules/nixos-modules/server/jackett/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 03dff03..0c1c50c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + jackett = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e550123..0ed7c18 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -18,6 +18,7 @@ ./radarr ./searx ./sonarr + ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/jackett/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix new file mode 100644 index 0000000..5826a54 --- /dev/null +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + jackett_data_directory = "/var/lib/jackett/.config/Jackett"; +in { + config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.jackett.dataDir == jackett_data_directory; + message = "jackett data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = jackett_data_directory; + user = "jackett"; + group = "jackett"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix new file mode 100644 index 0000000..af5fa79 --- /dev/null +++ b/modules/nixos-modules/server/jackett/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.jackett = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { + host.reverse_proxy.subdomains.jackett = { + subdomain = config.services.jackett.subdomain; + extraSubdomains = config.services.jackett.extraSubdomains; + target = "http://127.0.0.1:9117"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 59dc4a7ee1a00e71849e35974ea86518568c1251 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:12:19 -0500 Subject: [PATCH 217/374] feat: installed flaresolverr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../server/flaresolverr/default.nix | 6 ++++ .../server/flaresolverr/impermanence.nix | 19 +++++++++++++ .../server/flaresolverr/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/flaresolverr/default.nix create mode 100644 modules/nixos-modules/server/flaresolverr/impermanence.nix create mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0c1c50c..20835a4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -366,6 +366,10 @@ enable = true; openFirewall = true; }; + flaresolverr = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 0ed7c18..22a0223 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./flaresolverr ./forgejo ./home-assistant ./immich diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix new file mode 100644 index 0000000..b568a56 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + # FlareSolverr typically doesn't need persistent storage as it's a proxy service + # but we'll add basic structure in case it's needed for logs or configuration + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = "/var/lib/flaresolverr"; + user = "flaresolverr"; + group = "flaresolverr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix new file mode 100644 index 0000000..5b8dd4c --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.flaresolverr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { + host.reverse_proxy.subdomains.flaresolverr = { + subdomain = config.services.flaresolverr.subdomain; + extraSubdomains = config.services.flaresolverr.extraSubdomains; + target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 488ef1e94a76e0328c97b732b1c6a7f268cdca7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:58:17 -0500 Subject: [PATCH 218/374] build: updated flake.lock --- flake.lock | 98 ++++++++++++++++++------------------------------------ 1 file changed, 32 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index 9309105..bb7e3a6 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759403080, - "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", + "lastModified": 1760673822, + "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", + "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", "type": "gitlab" }, "original": { @@ -111,24 +111,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -151,11 +133,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760662441, + "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "722792af097dff5790f1a66d271a47759f477755", "type": "github" }, "original": { @@ -182,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1759624822, - "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", - "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "lastModified": 1755787066, + "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", + "rev": "ac9721a92e8138d29707824dbedb484c76948493", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" }, "original": { "type": "tarball", @@ -203,11 +185,11 @@ ] }, "locked": { - "lastModified": 1756511062, - "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "lastModified": 1759851320, + "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", "ref": "refs/heads/main", - "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", - "revCount": 162, + "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", + "revCount": 163, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -245,11 +227,11 @@ ] }, "locked": { - "lastModified": 1758805352, - "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", + "lastModified": 1760721282, + "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", + "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", "type": "github" }, "original": { @@ -281,17 +263,16 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1759369908, - "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", + "lastModified": 1760720017, + "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", + "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", "type": "github" }, "original": { @@ -302,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { @@ -334,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -389,11 +370,11 @@ ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -431,21 +412,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", From 62bb650878e45acccd2aa2dae17193101fc6a522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 16:09:37 -0500 Subject: [PATCH 219/374] fix: fixed mapillary build --- modules/common-modules/pkgs/mapillary-uploader.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 7ce24f2..9ae2ea7 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; }; appimageContents = appimageTools.extractType2 { @@ -23,9 +23,6 @@ in # Install desktop file install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop - # Install icon - install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png - # Fix desktop file paths substituteInPlace $out/share/applications/mapillary-uploader.desktop \ --replace 'Exec=AppRun' 'Exec=${pname}' From 5ccfe1a337cd3d8bcf9437a7aabd8e27df27db70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 13:30:08 -0500 Subject: [PATCH 220/374] feat: installed lidarr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 3 +- .../nixos-modules/server/lidarr/default.nix | 6 ++++ .../server/lidarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/lidarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/users.nix | 16 +++++++++++ 6 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 modules/nixos-modules/server/lidarr/default.nix create mode 100644 modules/nixos-modules/server/lidarr/impermanence.nix create mode 100644 modules/nixos-modules/server/lidarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 20835a4..5c33ce6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + lidarr = { + enable = true; + openFirewall = true; + }; jackett = { enable = true; openFirewall = true; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 22a0223..d35bdc1 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,14 +12,15 @@ ./forgejo ./home-assistant ./immich + ./jackett ./jellyfin + ./lidarr ./panoramax ./paperless ./qbittorent.nix ./radarr ./searx ./sonarr - ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix new file mode 100644 index 0000000..689b924 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; +in { + config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.lidarr.dataDir == lidarr_data_directory; + message = "lidarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = lidarr_data_directory; + user = "lidarr"; + group = "lidarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix new file mode 100644 index 0000000..0146ccf --- /dev/null +++ b/modules/nixos-modules/server/lidarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.lidarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { + host.reverse_proxy.subdomains.lidarr = { + subdomain = config.services.lidarr.subdomain; + extraSubdomains = config.services.lidarr.extraSubdomains; + target = "http://127.0.0.1:8686"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 137ae4b..45d688a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -29,6 +29,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; gids = { @@ -50,6 +51,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; users = config.users.users; @@ -221,6 +223,12 @@ in { isSystemUser = true; group = config.users.users.bazarr.name; }; + + lidarr = { + uid = lib.mkForce uids.lidarr; + isSystemUser = true; + group = config.users.users.lidarr.name; + }; }; groups = { @@ -261,6 +269,7 @@ in { users.radarr.name users.sonarr.name users.bazarr.name + users.lidarr.name leyla eve ivy @@ -365,6 +374,13 @@ in { users.bazarr.name ]; }; + + lidarr = { + gid = lib.mkForce gids.lidarr; + members = [ + users.lidarr.name + ]; + }; }; }; } From 69ec14ef79e3aa5d838fac8a5e82ed94126ce336 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:26:14 -0500 Subject: [PATCH 221/374] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index acaa6e7..05e3b30 100644 --- a/README.md +++ b/README.md @@ -79,3 +79,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - actual instance - intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments +- Vikunja service \ No newline at end of file From 85a6f4a006bd519a80702cca059f6d5d0fac03dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:29:16 -0500 Subject: [PATCH 222/374] chore: removed completed tasks from README.md --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 05e3b30..e3efb63 100644 --- a/README.md +++ b/README.md @@ -67,16 +67,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- panoramax instance - mastodon instance - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn -- create some sort of service that allows uploading files to jellyfin - - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments - Vikunja service \ No newline at end of file From b05bfc31fef4c4e61afc3dcfc7d34841265dac1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 17:33:50 -0500 Subject: [PATCH 223/374] feat: removed TODO for provisioning drives --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c33ce6..e7646b0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -57,7 +57,6 @@ "ata-ST18000NT001-3NF101_ZVTEF27J" "ata-ST18000NE000-3G6101_ZVTJ7359" ] - # TODO: this needs to be configured manually [ "ata-ST4000NE001-2MA101_WS2275P3" "ata-ST4000NE001-2MA101_WS227B9F" From 290db94f42c5823df36e4409dbd17a7a8fb2ba00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 11:31:15 -0500 Subject: [PATCH 224/374] chore: organized tasks in README.md --- README.md | 79 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index e3efb63..ab32ac8 100644 --- a/README.md +++ b/README.md @@ -47,32 +47,53 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: ## Tech Debt -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- nfs export should be backed by the same values for server and client -## New Features -- crab-hole -- figure out why syncthing and jellyfins permissions don't propagate downwards -- figure out steam vr things? -- auto turn off on power loss - nut -- zfs email after scrubbing # TODO: test this -- SMART test with email results -- samba mounts -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Create Tor guard/relay server -- migrate away from flakes and move to npins -- whisper -- zfs encryption FIDO2 2fa (look into shavee) -- Secure Boot - https://github.com/nix-community/lanzaboote -- rotate sops encryption keys periodically (and somehow sync between devices?) -- wake on LAN for updates -- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- mastodon instance -- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn -- make radarr, sonarr, and bazarr accessible over vpn -- graphana accessible though tailscale -- fix panoramax package -- actual instance -- claude code MCP servers should bundle node with them so they work in all environments -- Vikunja service \ No newline at end of file +- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) +- [ ] migrate away from flakes and move to npins +- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier + +## Broken things +- [ ] figure out steam vr things? +- [ ] whisper was having issues + +## Data Integrity +- [ ] zfs email after scrubbing # TODO: test this +- [ ] SMART test with email results +- [ ] zfs encryption FIDO2 2fa (look into shavee) +- [ ] rotate sops encryption keys periodically (and somehow sync between devices?) +- [ ] Secure Boot - https://github.com/nix-community/lanzaboote +- [ ] auto turn off on power loss - nut + +## Data Access +- [ ] nfs export should be backed by the same values for server and client +- [ ] samba mounts +- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards +- [ ] make radarr, sonarr, and bazarr accessible over vpn +- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn + +## Services +- [ ] crab-hole for ad block +- [ ] enable and learn actual for budgeting +- [ ] vikunja service for project management +- [ ] Create Tor guard/relay server +- [ ] mastodon instance + +## DevOps +- [ ] wake on LAN for updates +- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- [ ] fix panoramax package +- [ ] claude code MCP servers should bundle node with them so they work in all environments + +## Observability +- [ ] graphana for dashboards +- [ ] prometheus and loki for metric and log collection + - [ ] zfs storage usage + - [ ] zfs drive health status + - [ ] service version lag + - [ ] network/cpu/ram utilization + - [ ] http latency + - [ ] postgres db load + - [ ] nginx queries +- [ ] ntfy.sh for push notifications +- [ ] kuma for uptime visualization \ No newline at end of file From 46890110f817489b437bb8e621824bd316f4ef17 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 16:32:10 -0500 Subject: [PATCH 225/374] feat: created crab-hole service --- README.md | 6 +- .../nixos/defiant/configuration.nix | 14 ++ .../server/crab-hole/crab-hole.nix | 144 ++++++++++++++++++ .../server/crab-hole/default.nix | 6 + .../server/crab-hole/impermanence.nix | 26 ++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++ 7 files changed, 210 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/crab-hole/crab-hole.nix create mode 100644 modules/nixos-modules/server/crab-hole/default.nix create mode 100644 modules/nixos-modules/server/crab-hole/impermanence.nix diff --git a/README.md b/README.md index ab32ac8..f8c7ecf 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: +## Chores: +- [ ] test out crab hole service +- [ ] learn how to use actual + ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins @@ -72,8 +76,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn ## Services -- [ ] crab-hole for ad block -- [ ] enable and learn actual for budgeting - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e7646b0..c2b8fc5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -342,6 +342,20 @@ openFirewall = true; }; + crab-hole = { + enable = true; + port = 8085; + openFirewall = true; + show_doc = true; + downstreams = { + loopback = { + enable = true; + openFirewall = true; + }; + }; + upstreams.cloudFlare.enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix new file mode 100644 index 0000000..58ff660 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -0,0 +1,144 @@ +{ + config, + lib, + ... +}: let + cfg = config.services.crab-hole; +in { + options.services.crab-hole = { + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the crab-hole API to listen on."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the firewall for the crab-hole API port."; + }; + + listen = lib.mkOption { + type = lib.types.str; + default = "0.0.0.0"; + description = "Address for the crab-hole API to listen on."; + }; + + show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; + + downstreams = { + loopback = { + enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; + openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + }; + }; + + extraDownstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol for the downstream server."; + }; + + listen = lib.mkOption { + type = lib.types.str; + description = "Address to listen on for downstream connections."; + }; + + port = lib.mkOption { + type = lib.types.port; + description = "Port to listen on for downstream connections."; + }; + }; + }); + default = []; + description = "List of additional downstream DNS server configurations."; + }; + + upstreams = { + cloudFlare = { + enable = lib.mkEnableOption "Cloudflare DNS over TLS upstream servers (1.1.1.1 and 1.0.0.1)"; + }; + }; + + extraUpstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + socket_addr = lib.mkOption { + type = lib.types.str; + description = "Socket address of the upstream DNS server (e.g., \"1.1.1.1:853\" or \"[2606:4700:4700::1111]:853\")."; + }; + + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol to use for upstream DNS queries."; + }; + }; + }); + default = []; + description = "List of additional upstream DNS server configurations."; + }; + }; + + config = lib.mkIf cfg.enable { + services.crab-hole.settings = lib.mkMerge [ + { + api = { + port = cfg.port; + listen = cfg.listen; + show_doc = cfg.show_doc; + }; + downstream = cfg.extraDownstreams; + upstream.name_servers = cfg.extraUpstreams; + } + (lib.mkIf cfg.downstreams.loopback.enable { + downstream = [ + { + protocol = "udp"; + listen = "localhost"; + port = 53; + } + ]; + }) + (lib.mkIf cfg.upstreams.cloudFlare.enable { + upstream.name_servers = [ + { + socket_addr = "1.1.1.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "1.0.0.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1111]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1001]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + ]; + }) + ]; + + # Open firewall if requested + networking.firewall = lib.mkMerge [ + (lib.mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + }) + (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { + allowedUDPPorts = [53]; + }) + ]; + }; +} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix new file mode 100644 index 0000000..158a851 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./crab-hole.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix new file mode 100644 index 0000000..455e593 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + workingDirectory = "/var/lib/private/crab-hole"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = + config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); + message = "crab-hole working directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = workingDirectory; + user = "crab-hole"; + group = "crab-hole"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index d35bdc1..57874d5 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./crab-hole ./flaresolverr ./forgejo ./home-assistant diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 45d688a..987e080 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -30,6 +30,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; gids = { @@ -52,6 +53,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; users = config.users.users; @@ -229,6 +231,12 @@ in { isSystemUser = true; group = config.users.users.lidarr.name; }; + + crab-hole = { + uid = lib.mkForce uids.crab-hole; + isSystemUser = true; + group = config.users.users.crab-hole.name; + }; }; groups = { @@ -381,6 +389,13 @@ in { users.lidarr.name ]; }; + + crab-hole = { + gid = lib.mkForce gids.crab-hole; + members = [ + users.crab-hole.name + ]; + }; }; }; } From 0c88746da1f8d5d961f9606e98065df6ab9a3b49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 17:24:29 -0500 Subject: [PATCH 226/374] feat: stubbed out configs for eve home manager user --- configurations/home-manager/eve/packages.nix | 13 ++++++++++ .../nixos/emergent/configuration.nix | 4 ++++ .../home-manager-modules/programs/default.nix | 5 ++++ .../programs/dungeon-draft.nix | 24 +++++++++++++++++++ .../programs/guild-wars-2.nix | 24 +++++++++++++++++++ .../programs/kdenlive.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/olympus.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/vortex.nix | 24 +++++++++++++++++++ 8 files changed, 140 insertions(+) create mode 100644 modules/home-manager-modules/programs/dungeon-draft.nix create mode 100644 modules/home-manager-modules/programs/guild-wars-2.nix create mode 100644 modules/home-manager-modules/programs/kdenlive.nix create mode 100644 modules/home-manager-modules/programs/olympus.nix create mode 100644 modules/home-manager-modules/programs/vortex.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f738fe2..c8f0390 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -61,6 +61,19 @@ in { piper.enable = hardware.piperMouse.enable; krita.enable = true; ungoogled-chromium.enable = true; + + inkscape.enable = true; + obsidian.enable = true; + obs-studio.enable = true; + kdenlive.enable = true; + tor-browser.enable = true; + olympus.enable = true; + libreoffice.enable = true; + + # Windows applications that we need to figure out how to install + guild-wars-2.enable = false; + vortex.enable = false; + dungeon-draft.enable = false; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index bb671f7..d9222a2 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -41,6 +41,7 @@ # installed opentabletdriver hardware.opentabletdriver.enable = true; + hardware.keyboard.qmk.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; @@ -68,6 +69,9 @@ }; services.tailscale.enable = true; + # We were having weird build errors so this is disabled right now + # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option + services.syncthing.enable = false; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 68e5c71..831e73c 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,11 +12,13 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./kdenlive.nix ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix ./dbeaver.nix + ./dungeon-draft.nix ./steam.nix ./vscode ./ungoogled-chromium.nix @@ -24,6 +26,7 @@ ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix + ./guild-wars-2.nix ./proxmark3.nix ./freecad.nix ./onionshare.nix @@ -33,8 +36,10 @@ ./qflipper.nix ./openvpn.nix ./noisetorch.nix + ./olympus.nix ./openrgb.nix ./via.nix + ./vortex.nix ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix diff --git a/modules/home-manager-modules/programs/dungeon-draft.nix b/modules/home-manager-modules/programs/dungeon-draft.nix new file mode 100644 index 0000000..faa69c6 --- /dev/null +++ b/modules/home-manager-modules/programs/dungeon-draft.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.dungeon-draft; +in { + options.programs.dungeon-draft = { + enable = lib.mkEnableOption "Dungeon Draft"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Dungeon Draft module is not yet fully configured. + Please download the Dungeon Draft executable (.exe) from the official website, + then configure the Wine environment and executable path as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/guild-wars-2.nix b/modules/home-manager-modules/programs/guild-wars-2.nix new file mode 100644 index 0000000..3f68ec6 --- /dev/null +++ b/modules/home-manager-modules/programs/guild-wars-2.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.guild-wars-2; +in { + options.programs.guild-wars-2 = { + enable = lib.mkEnableOption "Guild Wars 2"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Guild Wars 2 module is not yet fully configured. + Please install Guild Wars 2 manually via Steam or the official client, + then configure the Wine environment as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix new file mode 100644 index 0000000..2c72fc6 --- /dev/null +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.kdenlive; +in { + options.programs.kdenlive = { + enable = lib.mkEnableOption "kdenlive"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.kdePackages.kdenlive; + description = "The kdenlive package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix new file mode 100644 index 0000000..4aec03b --- /dev/null +++ b/modules/home-manager-modules/programs/olympus.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.olympus; +in { + options.programs.olympus = { + enable = lib.mkEnableOption "olympus"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.olympus; + description = "The olympus package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/vortex.nix b/modules/home-manager-modules/programs/vortex.nix new file mode 100644 index 0000000..cb86526 --- /dev/null +++ b/modules/home-manager-modules/programs/vortex.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.vortex; +in { + options.programs.vortex = { + enable = lib.mkEnableOption "Vortex (Nexus Mods manager)"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Vortex module is not yet fully configured. + Please download and install Vortex manually from the Nexus Mods website, + then configure the Wine environment and dependencies as needed. + ''; + } + ]; + }; +} From 260e37e0169b1655d024d8100c3f2a6ebe8053fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 18:50:26 -0500 Subject: [PATCH 227/374] feat: supported branching for commit checking --- .hooks/post-merge | 18 ++++++++++++++ .hooks/pre-merge-commit | 37 ++++++++++++++++++++++++++++ rebuild.sh | 54 ++++++++++++++++++++++++++++++++++------- 3 files changed, 100 insertions(+), 9 deletions(-) create mode 100755 .hooks/post-merge create mode 100755 .hooks/pre-merge-commit diff --git a/.hooks/post-merge b/.hooks/post-merge new file mode 100755 index 0000000..11fb20c --- /dev/null +++ b/.hooks/post-merge @@ -0,0 +1,18 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get current branch name +current_branch=$(git branch --show-current) + +# Only restore stash if we're on main branch and a merge just completed +if [ "$current_branch" = "main" ]; then + # Check if there are any stashes to restore + if git stash list | grep -q "stash@"; then + echo "Post-merge: restoring stashed changes on main branch" + git stash pop -q + else + echo "Post-merge: no stash to restore on main branch" + fi +else + echo "Post-merge: no action needed on branch '$current_branch'" +fi diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit new file mode 100755 index 0000000..9edaf92 --- /dev/null +++ b/.hooks/pre-merge-commit @@ -0,0 +1,37 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get the target branch (the branch being merged into) +target_branch="" + +# Check if we're in the middle of a merge +if [ -f .git/MERGE_HEAD ]; then + # We're in a merge, check if the current branch is main + current_branch=$(git branch --show-current) + if [ "$current_branch" = "main" ]; then + target_branch="main" + fi +fi + +# If we're merging into main, run nix flake check +if [ "$target_branch" = "main" ]; then + echo "Merging into main branch - running nix flake check..." + + echo "stashing all uncommitted changes" + git stash -q --keep-index + + echo "checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed. Merge aborted." + echo "Please fix the issues and try merging again." + exit 1 + fi + + echo "nix flake check passed. Merge can proceed." +else + echo "Not merging into main branch, skipping nix flake check." +fi + +exit 0 diff --git a/rebuild.sh b/rebuild.sh index 36a1201..6750450 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,15 @@ #!/usr/bin/env bash +# Get current branch and git status for branch-aware behavior +current_branch=$(git branch --show-current 2>/dev/null || echo "unknown") +git_status=$(git status --porcelain 2>/dev/null || echo "") + +# Default values +default_target=$(hostname) +default_user="$USER" +default_host=$(hostname) +default_mode=$(if [[ "$current_branch" != "main" ]]; then echo "test"; else echo "switch"; fi) + if [ -d "result" ]; then preserve_result=true @@ -42,14 +52,29 @@ while [ $# -gt 0 ]; do ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to rebuild on" - echo "--flake -f: set the flake to rebuild on the target system" - echo "--mode -m: set the mode to rebuild flake as on the target system" - echo "--user -u: set the user to rebuild flake as on the target system" - echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" + echo "--target -t: defaults to the current system" + echo " currently: $default_target" + echo "--flake -f: defaults to same as target" + echo " currently: ${target:-$default_target}" + echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" + echo " currently would be: $default_mode" + echo "--user -u: defaults to the current user" + echo " currently: $default_user" + echo "--host: defaults to building on the current machine" + echo " currently: $default_host" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "" + echo "Branch-aware behavior:" + echo " - On non-main branches: defaults to test mode with warning" + echo " - On main with uncommitted changes: shows warning about creating a branch" + echo " - Current branch: $current_branch" + if [[ -n "$git_status" ]]; then + echo " - Git status: uncommitted changes detected" + else + echo " - Git status: clean working tree" + fi exit 0 ;; *) @@ -60,10 +85,21 @@ while [ $# -gt 0 ]; do shift done -target=${target:-$(hostname)} +target=${target:-$default_target} flake=${flake:-$target} -mode=${mode:-switch} -user=${user:-$USER} +mode=${mode:-$default_mode} +user=${user:-$default_user} + +# Branch-aware warnings and behavior +if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then + echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" + echo " Defaulting to test mode to prevent accidental system changes" + echo " Specify --mode=switch explicitly if you want to apply changes" +elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" != "test" ]]; then + echo "⚠️ WARNING: You are on main branch with uncommitted changes" + echo " Consider creating a feature branch for development:" + echo " git checkout -b feature/your-feature-name" +fi command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" @@ -91,4 +127,4 @@ then then rm -r result fi -fi \ No newline at end of file +fi From dd165d48fea49671e4c74b09fd320ee9be69d404 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 19:14:34 -0500 Subject: [PATCH 228/374] feat: installed vmware for eve home manager user --- configurations/home-manager/eve/packages.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/vmware-workstation.nix | 37 +++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 modules/home-manager-modules/programs/vmware-workstation.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c8f0390..a180616 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -74,6 +74,7 @@ in { guild-wars-2.enable = false; vortex.enable = false; dungeon-draft.enable = false; + vmware-workstation.enable = true; }) ]; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 831e73c..3fff489 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -44,5 +44,6 @@ ./gdx-liftoff.nix ./tor-browser.nix ./polycule.nix + ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix new file mode 100644 index 0000000..8e9d406 --- /dev/null +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vmware-workstation = { + enable = lib.mkEnableOption "enable VMware Workstation"; + }; + + config = lib.mkIf config.programs.vmware-workstation.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + vmware-workstation + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = ".vmware"; + method = "symlink"; + } + { + directory = "vmware"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); +} From ebf7ea3cf78ff7a007f216b0d0bf13f5ff3dde89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:32:38 -0500 Subject: [PATCH 229/374] feat: added impermanence for more applications --- .../programs/kdenlive.nix | 23 +++++++++++++++---- .../programs/mapillary-uploader.nix | 19 ++++++++++++--- modules/home-manager-modules/programs/obs.nix | 7 +++++- .../home-manager-modules/programs/olympus.nix | 23 +++++++++++++++---- .../home-manager-modules/programs/openrgb.nix | 22 ++++++++++++++---- modules/home-manager-modules/programs/via.nix | 23 +++++++++++++++---- 6 files changed, 93 insertions(+), 24 deletions(-) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 2c72fc6..05327d1 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kdenliverc" + "${config.xdg.dataHome}/kdenlive" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 38c1144..df1f093 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -11,7 +11,20 @@ in { enable = mkEnableOption "Mapillary Desktop Uploader"; }; - config = mkIf cfg.enable { - home.packages = [pkgs.mapillary-uploader]; - }; + config = mkIf cfg.enable (mkMerge [ + { + home.packages = [pkgs.mapillary-uploader]; + } + ( + mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/mapillary-uploader" + "${config.xdg.dataHome}/mapillary-uploader" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5c2d3c2..bfdba90 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,12 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - # TODO: map impermanence for obs + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/obs-studio" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 4aec03b..0e38eec 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/olympus" + "${config.xdg.dataHome}/olympus" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index ab156a6..c9d5e14 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -8,9 +8,21 @@ enable = lib.mkEnableOption "enable openrgb"; }; - config = lib.mkIf config.programs.openrgb.enable { - home.packages = with pkgs; [ - openrgb - ]; - }; + config = lib.mkIf config.programs.openrgb.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + openrgb + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/OpenRGB" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 41918c8..0aa58e4 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -8,9 +8,22 @@ enable = lib.mkEnableOption "enable via"; }; - config = lib.mkIf config.programs.via.enable { - home.packages = with pkgs; [ - via - ]; - }; + config = lib.mkIf config.programs.via.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + via + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/via" + "${config.xdg.dataHome}/via" + ]; + allowOther = true; + }; + } + ) + ]); } From e8f7331b6c8e3e33bc927459e2720c0a7e954f55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:52:46 -0500 Subject: [PATCH 230/374] feat: enabled ai for emergent and claude code for eve --- configurations/home-manager/eve/packages.nix | 3 +++ configurations/nixos/emergent/configuration.nix | 1 + 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index a180616..73195c4 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ gnomeExtensions.dash-to-panel + claude-code ] ); @@ -70,6 +71,8 @@ in { olympus.enable = true; libreoffice.enable = true; + claude-code.enable = osConfig.host.ai.enable; + # Windows applications that we need to figure out how to install guild-wars-2.enable = false; vortex.enable = false; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index d9222a2..6121069 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -48,6 +48,7 @@ services.desktopManager.gnome.enable = true; host = { + ai.enable = true; users = { eve = { isDesktopUser = true; From 197031975ab5773f493cce0457d998741e92e7aa Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 19 Oct 2025 21:51:01 -0500 Subject: [PATCH 231/374] updated disk id's for new hdd --- configurations/nixos/twilight/hardware-configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1389caf..94c83d6 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -18,12 +18,12 @@ fileSystems = { "/" = { - device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part2"; fsType = "ext4"; }; "/boot" = { - device = "/dev/disk/by-uuid/3006-3867"; + device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part1"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; From d19d535d851eedc73a56f562e7cdf652f43891ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:01:07 -0500 Subject: [PATCH 232/374] fix: made crab-hole dns accessible from other devices --- .../nixos/defiant/configuration.nix | 2 +- .../server/crab-hole/crab-hole.nix | 44 +++++++++++++++---- 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c2b8fc5..fdf7356 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -348,7 +348,7 @@ openFirewall = true; show_doc = true; downstreams = { - loopback = { + host = { enable = true; openFirewall = true; }; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index 58ff660..bde1d76 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -27,9 +27,19 @@ in { show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; downstreams = { - loopback = { - enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; - openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + host = { + enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; + port = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for the host downstream DNS server to listen on."; + }; + openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; + disableSystemdResolved = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; + }; }; }; @@ -82,6 +92,24 @@ in { }; config = lib.mkIf cfg.enable { + # Assertions for proper configuration + assertions = [ + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); + message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; + } + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); + message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; + } + ]; + + # Automatically disable systemd-resolved if using port 53 + services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); + + # Configure DNS nameservers when disabling systemd-resolved + networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); + services.crab-hole.settings = lib.mkMerge [ { api = { @@ -92,12 +120,12 @@ in { downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; } - (lib.mkIf cfg.downstreams.loopback.enable { + (lib.mkIf cfg.downstreams.host.enable { downstream = [ { protocol = "udp"; - listen = "localhost"; - port = 53; + listen = "0.0.0.0"; + port = cfg.downstreams.host.port; } ]; }) @@ -136,8 +164,8 @@ in { (lib.mkIf cfg.openFirewall { allowedTCPPorts = [cfg.port]; }) - (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { - allowedUDPPorts = [53]; + (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { + allowedUDPPorts = [cfg.downstreams.host.port]; }) ]; }; From 290c0692bb394071c470f35e96ceb08ec987f7fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:24:28 -0500 Subject: [PATCH 233/374] feat: added block list to crab-hole --- .../nixos/defiant/configuration.nix | 1 + .../server/crab-hole/crab-hole.nix | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fdf7356..6908eb7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -354,6 +354,7 @@ }; }; upstreams.cloudFlare.enable = true; + blocklists.ad_malware.enable = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index bde1d76..d76323a 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -89,6 +89,23 @@ in { default = []; description = "List of additional upstream DNS server configurations."; }; + + blocklists = { + ad_malware = { + enable = lib.mkEnableOption "Host file for blocking ads and malware"; + url = lib.mkOption { + type = lib.types.str; + default = "http://sbc.io/hosts/hosts"; + description = "URL of the ad and malware blocklist host file"; + }; + }; + }; + + extraBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional blocklist URLs to be added to the configuration"; + }; }; config = lib.mkIf cfg.enable { @@ -119,7 +136,11 @@ in { }; downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; + blocklist.lists = cfg.extraBlocklists; } + (lib.mkIf cfg.blocklists.ad_malware.enable { + blocklist.lists = [cfg.blocklists.ad_malware.url]; + }) (lib.mkIf cfg.downstreams.host.enable { downstream = [ { From f21777b1fbe69d747e84f0a7bd5eed85a62f576e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:55:35 -0500 Subject: [PATCH 234/374] fix: fixed pre and post commit hook behavior --- .hooks/post-commit | 10 +++++++++- .hooks/post-merge | 26 ++++++++++++++++++++------ .hooks/pre-commit | 24 +++++++++++++++++------- .hooks/pre-merge-commit | 4 ++-- 4 files changed, 48 insertions(+), 16 deletions(-) diff --git a/.hooks/post-commit b/.hooks/post-commit index 56c439d..03a160d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -3,4 +3,12 @@ echo "restoring stashed changes" -git stash pop -q +# Find the most recent pre-commit stash and restore it +recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + +if [ -n "$recent_stash" ]; then + echo "Found recent pre-commit stash: $recent_stash" + git stash pop -q "$recent_stash" +else + echo "No pre-commit stash found to restore" +fi diff --git a/.hooks/post-merge b/.hooks/post-merge index 11fb20c..06fabc3 100755 --- a/.hooks/post-merge +++ b/.hooks/post-merge @@ -4,14 +4,28 @@ # Get current branch name current_branch=$(git branch --show-current) -# Only restore stash if we're on main branch and a merge just completed +# Only perform actions if we're on main branch and a merge just completed if [ "$current_branch" = "main" ]; then - # Check if there are any stashes to restore - if git stash list | grep -q "stash@"; then - echo "Post-merge: restoring stashed changes on main branch" - git stash pop -q + echo "Post-merge on main branch - running nix flake check" + + # Run nix flake check after merge into main + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Warning: nix flake check failed after merge into main" + echo "Please fix the issues as soon as possible" else - echo "Post-merge: no stash to restore on main branch" + echo "nix flake check passed after merge" + fi + + # Check if there are any pre-commit stashes to restore + recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + + if [ -n "$recent_stash" ]; then + echo "Post-merge: restoring pre-commit stash on main branch" + git stash pop -q "$recent_stash" + else + echo "Post-merge: no pre-commit stash to restore on main branch" fi else echo "Post-merge: no action needed on branch '$current_branch'" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index f98c64f..74cbc64 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,14 +1,24 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash ../shell.nix -echo "stashing all uncommitted changes" -git stash -q --keep-index +# Get current branch name +current_branch=$(git branch --show-current) -echo "checking flakes all compile" -nix flake check +echo "stashing all uncommitted changes with named stash (excluding hooks)" +git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' -if [ ! $? -eq 0 ]; then - exit 1 +# Only run nix flake check if we're on main branch +if [ "$current_branch" = "main" ]; then + echo "On main branch - checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed on main branch" + exit 1 + fi + echo "nix flake check passed" +else + echo "Not on main branch - skipping nix flake check" fi echo "running linter" @@ -19,4 +29,4 @@ RESULT=$? echo "adding lint changes to commit" git add -u -exit $RESULT \ No newline at end of file +exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit index 9edaf92..9b7b41d 100755 --- a/.hooks/pre-merge-commit +++ b/.hooks/pre-merge-commit @@ -17,8 +17,8 @@ fi if [ "$target_branch" = "main" ]; then echo "Merging into main branch - running nix flake check..." - echo "stashing all uncommitted changes" - git stash -q --keep-index + echo "stashing all uncommitted changes with named stash (excluding hooks)" + git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' echo "checking flakes all compile" nix flake check From 539af51473126cf2a715803d80d21b5a7bfdcd13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 18:52:38 -0500 Subject: [PATCH 235/374] disabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/crab-hole/impermanence.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb7..6d2925a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = true; + enable = false; port = 8085; openFirewall = true; show_doc = true; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 455e593..8e1182c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,7 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { assertions = [ { assertion = From 3f107f8d1eed9b38ae1270d61c283e1aed480ffa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 19:35:56 -0500 Subject: [PATCH 236/374] fix: fixed home manager impermanence activation on defiant --- configurations/home-manager/git/default.nix | 2 ++ configurations/home-manager/leyla/default.nix | 2 ++ modules/home-manager-modules/impermanence.nix | 16 ++++++++++------ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix index 2276e7a..1ea29cc 100644 --- a/configurations/home-manager/git/default.nix +++ b/configurations/home-manager/git/default.nix @@ -1,4 +1,6 @@ {osConfig, ...}: { + impermanence.fallbackPersistence.enable = false; + home = { username = osConfig.users.users.git.name; homeDirectory = osConfig.users.users.git.home; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index eba7f7b..8a37754 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,6 +12,8 @@ ]; config = { + impermanence.enable = osConfig.host.impermanence.enable; + # Home Manager needs a bit of information about you and the paths it should # manage. home = { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index dc9eae9..6c75edd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -8,21 +8,25 @@ in { options.impermanence = { enable = lib.mkEnableOption "impermanence for home directory"; + fallbackPersistence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkMerge [ (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + assertion = osConfig.host.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) - (lib.mkIf osConfig.host.impermanence.enable { - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; allowOther = true; }; From 455a98810abeefa12186e6484569131db4240a73 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:03:52 -0500 Subject: [PATCH 237/374] feat: enabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6d2925a..6908eb7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = false; + enable = true; port = 8085; openFirewall = true; show_doc = true; From b17f8d49d5f3bd141ccc1a8e287c5f6b8b2acd76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:32:24 -0500 Subject: [PATCH 238/374] build: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index bb7e3a6..09349a6 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1760673822, - "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", + "lastModified": 1761019419, + "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", + "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1760662441, - "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "722792af097dff5790f1a66d271a47759f477755", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1759342933, - "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", + "lastModified": 1760821194, + "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", + "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1760720017, - "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", + "lastModified": 1761011896, + "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", + "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { From db8d36dadc3edff29eecf85137d5c5048c4a5960 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:39:16 -0500 Subject: [PATCH 239/374] build: updated mapillary uploader hash --- modules/common-modules/pkgs/mapillary-uploader.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 9ae2ea7..acff772 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; + sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; }; appimageContents = appimageTools.extractType2 { From 466926b919bbc929aece6cb0f21c6cc62cd13a06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:44:53 -0500 Subject: [PATCH 240/374] refactor: updated git configuration --- configurations/home-manager/eve/packages.nix | 8 +++++--- configurations/home-manager/leyla/packages/git.nix | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 73195c4..fb8d8a4 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -32,9 +32,11 @@ in { (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { git = { enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Eve"; + user.email = "evesnrobins@gmail.com"; + init.defaultBranch = "main"; + }; }; openssh = { diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 568cd7a..499e37b 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -2,9 +2,11 @@ config = { programs = { git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Leyla Becker"; + user.email = "git@jan-leila.com"; + init.defaultBranch = "main"; + }; }; }; }; From 4dd285c1229a15ad051f432219897f9b3c93d0c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:45:17 -0500 Subject: [PATCH 241/374] feat: refactored reverse proxy to be a normally named module --- .../nixos/defiant/configuration.nix | 31 ++-- modules/nixos-modules/server/actual/proxy.nix | 23 ++- .../nixos-modules/server/bazarr/default.nix | 1 - modules/nixos-modules/server/bazarr/proxy.nix | 28 ---- modules/nixos-modules/server/default.nix | 2 +- .../server/flaresolverr/default.nix | 1 - .../server/flaresolverr/proxy.nix | 28 ---- .../nixos-modules/server/forgejo/default.nix | 2 +- .../nixos-modules/server/forgejo/proxy.nix | 25 ++- .../server/home-assistant/default.nix | 2 +- .../server/home-assistant/proxy.nix | 36 ++-- modules/nixos-modules/server/immich/proxy.nix | 39 +++-- .../nixos-modules/server/jackett/default.nix | 1 - .../nixos-modules/server/jackett/proxy.nix | 28 ---- .../nixos-modules/server/jellyfin/proxy.nix | 33 ++-- .../nixos-modules/server/lidarr/default.nix | 1 - modules/nixos-modules/server/lidarr/proxy.nix | 28 ---- .../nixos-modules/server/panoramax/proxy.nix | 36 ++-- .../server/paperless/default.nix | 1 - .../nixos-modules/server/paperless/proxy.nix | 33 ++-- .../nixos-modules/server/radarr/default.nix | 1 - modules/nixos-modules/server/radarr/proxy.nix | 28 ---- .../server/reverseProxy/default.nix | 6 + .../server/reverseProxy/impermanence.nix | 21 +++ .../server/reverseProxy/reverseProxy.nix | 158 ++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 128 -------------- modules/nixos-modules/server/searx/proxy.nix | 28 +++- .../nixos-modules/server/sonarr/default.nix | 1 - modules/nixos-modules/server/sonarr/proxy.nix | 28 ---- 29 files changed, 352 insertions(+), 426 deletions(-) delete mode 100644 modules/nixos-modules/server/bazarr/proxy.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix delete mode 100644 modules/nixos-modules/server/jackett/proxy.nix delete mode 100644 modules/nixos-modules/server/lidarr/proxy.nix delete mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/reverseProxy/default.nix create mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/reverseProxy.nix delete mode 100644 modules/nixos-modules/server/reverse_proxy.nix delete mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb7..91a8c2c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,11 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - reverse_proxy = { - enable = true; - enableACME = true; - hostname = "jan-leila.com"; - }; postgres = { extraUsers = { leyla = { @@ -237,6 +232,16 @@ gnome.enable = true; }; + # Enable new reverse proxy system + reverseProxy = { + enable = true; + openFirewall = true; + acme = { + enable = true; + email = "jan-leila@protonmail.com"; + }; + }; + ollama = { enable = true; exposePort = true; @@ -294,33 +299,33 @@ jellyfin = { enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; + domain = "media.jan-leila.com"; + extraDomains = ["jellyfin.jan-leila.com"]; }; immich = { enable = true; - subdomain = "photos"; + domain = "photos.jan-leila.com"; }; forgejo = { enable = true; - subdomain = "git"; + domain = "git.jan-leila.com"; }; searx = { enable = true; - subdomain = "search"; + domain = "search.jan-leila.com"; }; actual = { enable = false; - subdomain = "budget"; + domain = "budget.jan-leila.com"; }; home-assistant = { enable = true; - subdomain = "home"; + domain = "home.jan-leila.com"; openFirewall = true; database = "postgres"; @@ -333,7 +338,7 @@ paperless = { enable = true; - subdomain = "documents"; + domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; }; diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index 6ca51e4..bf1711a 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -4,17 +4,26 @@ ... }: { options.services.actual = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; + description = "domain that actual will be hosted at"; + default = "actual.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for actual"; + default = []; }; }; - config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; + config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.actual = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + domain = config.services.actual.domain; + extraDomains = config.services.actual.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix deleted file mode 100644 index fe310d8..0000000 --- a/modules/nixos-modules/server/bazarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.bazarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { - host.reverse_proxy.subdomains.bazarr = { - subdomain = config.services.bazarr.subdomain; - extraSubdomains = config.services.bazarr.extraSubdomains; - target = "http://127.0.0.1:6767"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 57874d5..4981f28 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./reverse_proxy.nix + ./reverseProxy ./fail2ban.nix ./postgres.nix ./network_storage diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix deleted file mode 100644 index 5b8dd4c..0000000 --- a/modules/nixos-modules/server/flaresolverr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { - host.reverse_proxy.subdomains.flaresolverr = { - subdomain = config.services.flaresolverr.subdomain; - extraSubdomains = config.services.flaresolverr.extraSubdomains; - target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 1fdc8d9..5d0e7ad 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -31,7 +31,7 @@ in { lfs.enable = true; settings = { server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + DOMAIN = config.services.forgejo.reverseProxy.domain; HTTP_PORT = httpPort; START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 51f769d..bde59d1 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -7,16 +7,29 @@ httpPort = const.httpPort; in { options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that forgejo will be hosted at"; + default = "git.jan-leila.com"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for forgejo"; + default = []; + }; }; }; - config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; + domain = config.services.forgejo.reverseProxy.domain; + extraDomains = config.services.forgejo.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 83d8ba7..4b1846b 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -82,7 +82,7 @@ login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + external_url = "https://${config.services.home-assistant.domain}"; # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index ba8f20d..1075c59 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -4,29 +4,33 @@ ... }: { options.services.home-assistant = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; + description = "domain that home-assistant will be hosted at"; + default = "home-assistant.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for home-assistant"; + default = []; }; }; - config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + services.reverseProxy.services.home-assistant = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + domain = config.services.home-assistant.domain; + extraDomains = config.services.home-assistant.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 90; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index dae2420..a50ea1e 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -4,31 +4,34 @@ ... }: { options.services.immich = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; + description = "domain that immich will be hosted at"; + default = "immich.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for immich"; + default = []; }; }; - config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; + config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.immich = { + target = "http://localhost:${toString config.services.immich.port}"; + domain = config.services.immich.domain; + extraDomains = config.services.immich.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; + maxBodySize = 50000; - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 600; + }; }; }; }; diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix deleted file mode 100644 index af5fa79..0000000 --- a/modules/nixos-modules/server/jackett/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.jackett = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { - host.reverse_proxy.subdomains.jackett = { - subdomain = config.services.jackett.subdomain; - extraSubdomains = config.services.jackett.extraSubdomains; - target = "http://127.0.0.1:9117"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 1020a19..f803ecb 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -6,33 +6,30 @@ jellyfinPort = 8096; in { options.services.jellyfin = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; + description = "domain that jellyfin will be hosted at"; + default = "jellyfin.arpa"; }; - extraSubdomains = lib.mkOption { + extraDomains = lib.mkOption { type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; + description = "extra domains that should be configured for jellyfin"; default = []; }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.jellyfin = { + config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; + domain = config.services.jellyfin.domain; + extraDomains = config.services.jellyfin.extraDomains; - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; + settings = { + forwardHeaders.enable = true; + maxBodySize = 20; + noSniff.enable = true; + proxyBuffering.enable = false; + }; }; }; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix deleted file mode 100644 index 0146ccf..0000000 --- a/modules/nixos-modules/server/lidarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.lidarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { - host.reverse_proxy.subdomains.lidarr = { - subdomain = config.services.lidarr.subdomain; - extraSubdomains = config.services.lidarr.extraSubdomains; - target = "http://127.0.0.1:8686"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 79f9326..35bc79b 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -4,31 +4,29 @@ ... }: { options.services.panoramax = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; + description = "domain that panoramax will be hosted at"; + default = "panoramax.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for panoramax"; + default = []; }; }; - config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; + config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.panoramax = { + target = "http://localhost:${toString config.services.panoramax.port}"; + domain = config.services.panoramax.domain; + extraDomains = config.services.panoramax.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; + maxBodySize = 100000; + timeout = 300; }; }; }; diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index a6878eb..d2bc930 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -22,7 +22,6 @@ config = lib.mkIf config.services.paperless.enable { services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { PAPERLESS_DBENGINE = "postgresql"; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 2910f07..e79c8d9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,30 @@ ... }: { options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that paperless will be hosted at"; + default = "paperless.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; + }; }; }; - config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.paperless = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + domain = config.services.paperless.reverseProxy.domain; + extraDomains = config.services.paperless.reverseProxy.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; + maxBodySize = 50000; }; }; }; diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix deleted file mode 100644 index ec5f575..0000000 --- a/modules/nixos-modules/server/radarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.radarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { - host.reverse_proxy.subdomains.radarr = { - subdomain = config.services.radarr.subdomain; - extraSubdomains = config.services.radarr.extraSubdomains; - target = "http://127.0.0.1:7878"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix new file mode 100644 index 0000000..5d57175 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./reverseProxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix new file mode 100644 index 0000000..7af55df --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/impermanence.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix new file mode 100644 index 0000000..5b8357f --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -0,0 +1,158 @@ +{ + lib, + config, + ... +}: { + options.services.reverseProxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + openFirewall = lib.mkEnableOption "open the firewall"; + ports = { + http = lib.mkOption { + type = lib.types.port; + description = "HTTP port for the reverse proxy"; + default = 80; + }; + https = lib.mkOption { + type = lib.types.port; + description = "HTTPS port for the reverse proxy"; + default = 443; + }; + }; + acme = { + enable = lib.mkOption { + type = lib.types.bool; + description = "enable ACME certificate management"; + default = true; + }; + email = lib.mkOption { + type = lib.types.str; + description = "email address for ACME certificate registration"; + }; + }; + services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + target = lib.mkOption { + type = lib.types.str; + description = "what url will all traffic to this application be forwarded to"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + settings = { + certificateRenewal.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + forceSSL.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + proxyHeaders = { + enable = lib.mkEnableOption "should we proxy headers"; + timeout = lib.mkOption { + type = lib.types.int; + default = 60; + }; + }; + proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; + proxyBuffering.enable = lib.mkOption { + type = lib.types.bool; + description = "should proxy buffering be enabled"; + default = true; + }; + maxBodySize = lib.mkOption { + type = lib.types.nullOr lib.types.int; + description = ""; + default = null; + }; + }; + }; + })); + }; + }; + + config = let + httpPort = config.services.reverseProxy.ports.http; + httpsPort = config.services.reverseProxy.ports.https; + in + lib.mkIf config.services.reverseProxy.enable { + security.acme = lib.mkIf config.services.reverseProxy.acme.enable { + acceptTerms = true; + defaults.email = config.services.reverseProxy.acme.email; + }; + + services.nginx = { + enable = true; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: service: let + hostConfig = { + forceSSL = service.settings.forceSSL.enable; + enableACME = service.settings.certificateRenewal.enable; + locations = { + "/" = { + proxyPass = service.target; + proxyWebsockets = service.settings.proxyWebsockets.enable; + recommendedProxySettings = service.settings.forwardHeaders.enable; + extraConfig = let + # Client upload size configuration + maxBodySizeConfig = + lib.optionalString (service.settings.maxBodySize != null) + "client_max_body_size ${toString service.settings.maxBodySize}M;"; + + # Security header configuration + noSniffConfig = + lib.optionalString service.settings.noSniff.enable + "add_header X-Content-Type-Options nosniff;"; + + # Proxy buffering configuration + proxyBufferingConfig = + lib.optionalString (!service.settings.proxyBuffering.enable) + "proxy_buffering off;"; + + # Proxy timeout configuration + proxyTimeoutConfig = + lib.optionalString service.settings.proxyHeaders.enable + '' + proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; + ''; + in + maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; + }; + }; + }; + in ( + [ + { + ${service.domain} = hostConfig; + } + ] + ++ builtins.map (domain: {${domain} = hostConfig;}) + service.extraDomains + ) + ) + config.services.reverseProxy.services + ) + ); + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ + httpPort + httpsPort + ]; + }; +} diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix deleted file mode 100644 index 26b4374..0000000 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; - httpPort = 80; - httpsPort = 443; -in { - options.host.reverse_proxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - hostname = lib.mkOption { - type = lib.types.str; - description = "what host name are we going to be proxying from"; - }; - forceSSL = lib.mkOption { - type = lib.types.bool; - description = "force connections to use https"; - default = config.host.reverse_proxy.enableACME; - }; - enableACME = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - - websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - These lines go to the end of the upstream verbatim. - ''; - }; - }; - })); - }; - }; - - config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ - { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: value: let - hostConfig = { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations = { - "/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets.enable; - recommendedProxySettings = value.forwardHeaders.enable; - extraConfig = - value.extraConfig; - }; - }; - }; - in ( - [ - { - ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; - } - ] - ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) - value.extraSubdomains - ) - ) - config.host.reverse_proxy.subdomains - ) - ); - }; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - # TODO: figure out how to write an assertion for this - # assertions = [ - # { - # assertion = security.acme.certs..directory == dataDir; - # message = "postgres data directory does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index 0c1eae1..aca5e36 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,18 +4,28 @@ ... }: { options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that searx will be hosted at"; + default = "searx.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; + }; }; }; - config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; + config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.searx = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + domain = config.services.searx.reverseProxy.domain; + extraDomains = config.services.searx.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix deleted file mode 100644 index 22b90a6..0000000 --- a/modules/nixos-modules/server/sonarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.sonarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { - host.reverse_proxy.subdomains.sonarr = { - subdomain = config.services.sonarr.subdomain; - extraSubdomains = config.services.sonarr.extraSubdomains; - target = "http://127.0.0.1:8989"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} From ad04be6534fb45e12630d2cffdea15dc82eaa48f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:49:36 -0500 Subject: [PATCH 242/374] feat: removed unused podman module --- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/podman.nix | 73 ------------------------ 2 files changed, 74 deletions(-) delete mode 100644 modules/nixos-modules/server/podman.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4981f28..e4a68c2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -4,7 +4,6 @@ ./fail2ban.nix ./postgres.nix ./network_storage - ./podman.nix ./actual ./bazarr diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix deleted file mode 100644 index 9301140..0000000 --- a/modules/nixos-modules/server/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: { - options.host.podman = { - enable = lib.mkEnableOption "should podman be enabled on this computer"; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - }; - config = lib.mkIf config.host.podman.enable { - systemd = { - services = { - # "podman-network-macvlan" = { - # path = [pkgs.podman]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # ExecStop = "podman network rm -f macvlan"; - # }; - # script = '' - # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - # ''; - # partOf = ["podman-compose-root.target"]; - # wantedBy = ["podman-compose-root.target"]; - # }; - }; - # disable computer sleeping - targets = { - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; - }; - }; - - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - # defaultNetwork.settings = { - # # Required for container networking to be able to use names. - # dns_enabled = true; - # }; - }; - - oci-containers = { - backend = "podman"; - }; - }; - }; -} From 0f5507c32800aaa8b2f215c6bf4ea1987ada6e6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 13:08:13 -0500 Subject: [PATCH 243/374] refactor: split configurations for fail2ban, postgres, and qbittorent into folders --- modules/nixos-modules/server/default.nix | 6 +- modules/nixos-modules/server/fail2ban.nix | 74 ----------- .../nixos-modules/server/fail2ban/default.nix | 6 + .../server/fail2ban/fail2ban.nix | 51 ++++++++ .../server/fail2ban/impermanence.nix | 27 ++++ modules/nixos-modules/server/postgres.nix | 121 ------------------ .../nixos-modules/server/postgres/default.nix | 6 + .../server/postgres/impermanence.nix | 27 ++++ .../server/postgres/postgres.nix | 98 ++++++++++++++ modules/nixos-modules/server/qbittorent.nix | 65 ---------- .../server/qbittorent/default.nix | 6 + .../server/qbittorent/impermanence.nix | 54 ++++++++ .../server/qbittorent/qbittorent.nix | 18 +++ 13 files changed, 296 insertions(+), 263 deletions(-) delete mode 100644 modules/nixos-modules/server/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/default.nix create mode 100644 modules/nixos-modules/server/fail2ban/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix delete mode 100644 modules/nixos-modules/server/postgres.nix create mode 100644 modules/nixos-modules/server/postgres/default.nix create mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/postgres.nix delete mode 100644 modules/nixos-modules/server/qbittorent.nix create mode 100644 modules/nixos-modules/server/qbittorent/default.nix create mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/qbittorent.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e4a68c2..2b33089 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,8 +1,8 @@ {...}: { imports = [ ./reverseProxy - ./fail2ban.nix - ./postgres.nix + ./fail2ban + ./postgres ./network_storage ./actual @@ -17,7 +17,7 @@ ./lidarr ./panoramax ./paperless - ./qbittorent.nix + ./qbittorent ./radarr ./searx ./sonarr diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix deleted file mode 100644 index d19aeeb..0000000 --- a/modules/nixos-modules/server/fail2ban.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix new file mode 100644 index 0000000..30fca99 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./fail2ban.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix new file mode 100644 index 0000000..261c68f --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/fail2ban.nix @@ -0,0 +1,51 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + }; + + services.fail2ban = { + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix new file mode 100644 index 0000000..5bc4673 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix deleted file mode 100644 index 71ce44c..0000000 --- a/modules/nixos-modules/server/postgres.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/postgresql/16"; - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; -in { - options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - })); - default = {}; - }; - extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ - { - services = { - postgresql = { - enable = true; - package = pkgs.postgresql_16; - ensureUsers = - [ - { - name = "postgres"; - } - ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix new file mode 100644 index 0000000..abf4ade --- /dev/null +++ b/modules/nixos-modules/server/postgres/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./postgres.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix new file mode 100644 index 0000000..6c2d295 --- /dev/null +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix new file mode 100644 index 0000000..e76857c --- /dev/null +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -0,0 +1,98 @@ +{ + config, + lib, + pkgs, + ... +}: let + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; +in { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; + }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + package = pkgs.postgresql_16; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + ensureDBOwnership = true; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=user_map + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 2d54587..0000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix new file mode 100644 index 0000000..f7511e6 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./qbittorent.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix new file mode 100644 index 0000000..da47d1a --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_profile_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix new file mode 100644 index 0000000..44603c8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/qbittorent.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: { + options.services.qbittorrent = { + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable { + # Main qbittorrent configuration goes here if needed + }; +} From c2435883f1e9a1e945ad50bd62fdcf2ec492f3ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 15:01:16 -0500 Subject: [PATCH 244/374] fix: fixed domains for searx and paperless --- .../nixos-modules/server/paperless/proxy.nix | 19 ++++++------------- modules/nixos-modules/server/searx/proxy.nix | 19 ++++++------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index e79c8d9..04c8304 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.paperless = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that paperless will be hosted at"; - default = "paperless.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for paperless"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; }; }; config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - domain = config.services.paperless.reverseProxy.domain; - extraDomains = config.services.paperless.reverseProxy.extraDomains; + domain = config.services.paperless.domain; + extraDomains = config.services.paperless.extraDomains; settings = { proxyWebsockets.enable = true; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index aca5e36..fbc80e0 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.searx = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that searx will be hosted at"; - default = "searx.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for searx"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; }; }; config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; - domain = config.services.searx.reverseProxy.domain; - extraDomains = config.services.searx.reverseProxy.extraDomains; + domain = config.services.searx.domain; + extraDomains = config.services.searx.extraDomains; settings = { forwardHeaders.enable = true; From 7f740607133c55d32b2e5bb328563c7bda3791fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 01:55:58 -0500 Subject: [PATCH 245/374] chore: updated task list in README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f8c7ecf..23a4966 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins -- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier ## Broken things - [ ] figure out steam vr things? @@ -73,12 +72,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn -- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn ## Services - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance +- [ ] screeps server ## DevOps - [ ] wake on LAN for updates From ecec04a9ce84c62555b31ced2378d490681245d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:31:11 -0500 Subject: [PATCH 246/374] feat: added per service enable options for reverseProxy configs --- modules/nixos-modules/server/actual/proxy.nix | 6 +++++- modules/nixos-modules/server/forgejo/proxy.nix | 6 +++++- modules/nixos-modules/server/home-assistant/proxy.nix | 8 +++++++- modules/nixos-modules/server/immich/proxy.nix | 8 +++++++- modules/nixos-modules/server/jellyfin/proxy.nix | 8 +++++++- modules/nixos-modules/server/panoramax/proxy.nix | 8 +++++++- modules/nixos-modules/server/paperless/proxy.nix | 8 +++++++- modules/nixos-modules/server/searx/proxy.nix | 8 +++++++- 8 files changed, 52 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index bf1711a..9d37574 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -14,9 +14,13 @@ description = "extra domains that should be configured for actual"; default = []; }; + reverseProxy.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.services.reverseProxy.enable; + }; }; - config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.actual.reverseProxy.enable { services.reverseProxy.services.actual = { target = "http://localhost:${toString config.services.actual.settings.port}"; domain = config.services.actual.domain; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index bde59d1..c2d3131 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -8,6 +8,10 @@ in { options.services.forgejo = { reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.reverseProxy.enable; + }; domain = lib.mkOption { type = lib.types.str; description = "domain that forgejo will be hosted at"; @@ -21,7 +25,7 @@ in { }; }; - config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.forgejo.reverseProxy.enable { services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; domain = config.services.forgejo.reverseProxy.domain; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 1075c59..b756459 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for home-assistant"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.services.home-assistant.enable; + }; + }; }; - config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + config = lib.mkIf config.services.home-assistant.reverseProxy.enable { services.reverseProxy.services.home-assistant = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; domain = config.services.home-assistant.domain; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index a50ea1e..9c8c165 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for immich"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.immich.reverseProxy.enable { services.reverseProxy.services.immich = { target = "http://localhost:${toString config.services.immich.port}"; domain = config.services.immich.domain; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index f803ecb..35289e7 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -16,9 +16,15 @@ in { description = "extra domains that should be configured for jellyfin"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.jellyfin.reverseProxy.enable { services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; domain = config.services.jellyfin.domain; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 35bc79b..7cd7111 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for panoramax"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.panoramax.reverseProxy.enable { services.reverseProxy.services.panoramax = { target = "http://localhost:${toString config.services.panoramax.port}"; domain = config.services.panoramax.domain; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 04c8304..9d152c9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for paperless"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.paperless.reverseProxy.enable { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; domain = config.services.paperless.domain; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index fbc80e0..e994e4a 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for searx"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.searx.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.searx.reverseProxy.enable { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; domain = config.services.searx.domain; From a8af8930fa8f835bc2697aae88e3b9ddb9bf7a10 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:37:53 -0500 Subject: [PATCH 247/374] feat: added per service enable options for fail2ban configs --- .../nixos/defiant/configuration.nix | 2 +- .../nixos-modules/server/forgejo/fail2ban.nix | 11 +++- .../server/home-assistant/fail2ban.nix | 66 +++++++++++-------- .../nixos-modules/server/immich/fail2ban.nix | 11 +++- 4 files changed, 59 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 91a8c2c..ae897ce 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -310,7 +310,7 @@ forgejo = { enable = true; - domain = "git.jan-leila.com"; + reverseProxy.domain = "git.jan-leila.com"; }; searx = { diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix index 213c804..dfe221a 100644 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + options.services.forgejo = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.fail2ban.enable; + }; + }; + }; + + config = lib.mkIf config.services.forgejo.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix index 6ac5900..25194ef 100644 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -3,36 +3,46 @@ pkgs, config, ... -}: -lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); +}: { + options.services.home-assistant = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.home-assistant.enable; + }; + }; }; - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; + config = lib.mkIf config.services.home-assistant.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix index c9ec87b..21593e7 100644 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + options.services.immich = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.immich.enable; + }; + }; + }; + + config = lib.mkIf config.services.immich.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] From 89793fca6aa221fa1b105f737b082320a8b0e001 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:41:00 -0500 Subject: [PATCH 248/374] feat: added per service enable options for impermanence configs --- modules/nixos-modules/server/actual/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/bazarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/crab-hole/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/fail2ban/impermanence.nix | 9 ++++++++- .../nixos-modules/server/flaresolverr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/forgejo/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/immich/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jackett/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jellyfin/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/lidarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/panoramax/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/paperless/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/qbittorent/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/radarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/sonarr/impermanence.nix | 9 ++++++++- 15 files changed, 120 insertions(+), 15 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5eee95a..5a2bb6c 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -6,7 +6,14 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { - config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + options.services.actual = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix index 22fb0e6..70a45d1 100644 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -5,7 +5,14 @@ }: let bazarr_data_directory = "/var/lib/bazarr"; in { - config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + options.services.bazarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.bazarr.impermanence.enable { assertions = [ { assertion = config.services.bazarr.dataDir == bazarr_data_directory; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 8e1182c..51efc0c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,14 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { + options.services.crab-hole = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.crab-hole.impermanence.enable { assertions = [ { assertion = diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix index 5bc4673..6e214b3 100644 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -6,7 +6,14 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + options.services.fail2ban = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.fail2ban.impermanence.enable { assertions = [ { assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix index b568a56..4544e75 100644 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + options.services.flaresolverr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.flaresolverr.impermanence.enable { # FlareSolverr typically doesn't need persistent storage as it's a proxy service # but we'll add basic structure in case it's needed for logs or configuration environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix index 04f21a5..6fe3de8 100644 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -5,7 +5,14 @@ }: let stateDir = "/var/lib/forgejo"; in { - config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + options.services.forgejo = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.forgejo.impermanence.enable { assertions = [ { assertion = config.services.forgejo.stateDir == stateDir; diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix index f63d178..56e51d0 100644 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -5,7 +5,14 @@ }: let mediaLocation = "/var/lib/immich"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.immich = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.immich.impermanence.enable { assertions = [ { assertion = config.services.immich.mediaLocation == mediaLocation; diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix index 5826a54..24fc5e6 100644 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -5,7 +5,14 @@ }: let jackett_data_directory = "/var/lib/jackett/.config/Jackett"; in { - config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + options.services.jackett = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jackett.impermanence.enable { assertions = [ { assertion = config.services.jackett.dataDir == jackett_data_directory; diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix index e0b3b5d..cbcb54f 100644 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -6,7 +6,14 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + options.services.jellyfin = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jellyfin.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix index 689b924..5d3aa3f 100644 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -5,7 +5,14 @@ }: let lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; in { - config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + options.services.lidarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.lidarr.impermanence.enable { assertions = [ { assertion = config.services.lidarr.dataDir == lidarr_data_directory; diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 41b1401..e25ef92 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { + options.services.panoramax = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.panoramax.impermanence.enable { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix index d9e17bd..fc87ea7 100644 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -5,7 +5,14 @@ }: let dataDir = "/var/lib/paperless"; in { - config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + options.services.paperless = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.paperless.impermanence.enable { assertions = [ { assertion = config.services.paperless.dataDir == dataDir; diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix index da47d1a..1489e7d 100644 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -5,7 +5,14 @@ }: let qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { - config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + options.services.qbittorrent = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.qbittorrent.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix index 4a3242c..c948e3a 100644 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -5,7 +5,14 @@ }: let radarr_data_directory = "/var/lib/radarr/.config/Radarr"; in { - config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + options.services.radarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.radarr.impermanence.enable { assertions = [ { assertion = config.services.radarr.dataDir == radarr_data_directory; diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix index abc843c..5b90ee9 100644 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -5,7 +5,14 @@ }: let sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; in { - config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + options.services.sonarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.sonarr.impermanence.enable { assertions = [ { assertion = config.services.sonarr.dataDir == sonarr_data_directory; From 30a042d709f0e12eca50c001cbdbf5d7fa3855e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:56:07 -0500 Subject: [PATCH 249/374] refactor: moved server module configs out of default.nix files --- .../nixos-modules/server/actual/actual.nix | 20 ++++ .../nixos-modules/server/actual/default.nix | 20 +--- .../nixos-modules/server/forgejo/default.nix | 46 +------- .../nixos-modules/server/forgejo/forgejo.nix | 46 ++++++++ .../server/home-assistant/default.nix | 104 +----------------- .../server/home-assistant/home-assistant.nix | 104 ++++++++++++++++++ .../nixos-modules/server/jellyfin/default.nix | 32 +----- .../server/jellyfin/jellyfin.nix | 32 ++++++ .../server/network_storage/default.nix | 86 +-------------- .../network_storage/network_storage.nix | 86 +++++++++++++++ .../server/paperless/default.nix | 27 +---- .../server/paperless/paperless.nix | 27 +++++ .../nixos-modules/server/searx/default.nix | 59 +--------- modules/nixos-modules/server/searx/searx.nix | 59 ++++++++++ 14 files changed, 381 insertions(+), 367 deletions(-) create mode 100644 modules/nixos-modules/server/actual/actual.nix create mode 100644 modules/nixos-modules/server/forgejo/forgejo.nix create mode 100644 modules/nixos-modules/server/home-assistant/home-assistant.nix create mode 100644 modules/nixos-modules/server/jellyfin/jellyfin.nix create mode 100644 modules/nixos-modules/server/network_storage/network_storage.nix create mode 100644 modules/nixos-modules/server/paperless/paperless.nix create mode 100644 modules/nixos-modules/server/searx/searx.nix diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix new file mode 100644 index 0000000..96ea586 --- /dev/null +++ b/modules/nixos-modules/server/actual/actual.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index 546240e..b59517b 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -1,26 +1,8 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { imports = [ + ./actual.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 5d0e7ad..4333f69 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -1,53 +1,9 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { imports = [ + ./forgejo.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.services.forgejo.reverseProxy.domain; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix new file mode 100644 index 0000000..70d3087 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/forgejo.nix @@ -0,0 +1,46 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.services.forgejo.reverseProxy.domain; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 4b1846b..b6f9356 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -1,112 +1,10 @@ { - lib, - config, - ... -}: { imports = [ + ./home-assistant.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; - - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.domain}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); } diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix new file mode 100644 index 0000000..fa58d5e --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/home-assistant.nix @@ -0,0 +1,104 @@ +{ + lib, + config, + ... +}: { + options.services.home-assistant = { + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.domain}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 0d88481..2dbdcfd 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -1,38 +1,8 @@ { - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { imports = [ + ./jellyfin.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; } diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix new file mode 100644 index 0000000..9bfa921 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/jellyfin.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + options.services.jellyfin = { + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index eaac7fe..cd100ab 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -1,90 +1,6 @@ { - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { imports = [ + ./network_storage.nix ./nfs.nix ]; - - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); } diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix new file mode 100644 index 0000000..ebc3bee --- /dev/null +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.str; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.str; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index d2bc930..7e5e16b 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -1,34 +1,9 @@ { - config, - lib, - ... -}: { imports = [ + ./paperless.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; } diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix new file mode 100644 index 0000000..5bcbfed --- /dev/null +++ b/modules/nixos-modules/server/paperless/paperless.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + options.services.paperless = { + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index ac84c1d..5426380 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -1,63 +1,6 @@ { - config, - lib, - inputs, - ... -}: { imports = [ + ./searx.nix ./proxy.nix ]; - - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; } diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix new file mode 100644 index 0000000..d4d4012 --- /dev/null +++ b/modules/nixos-modules/server/searx/searx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: { + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} From 5114f52607aae5462eb391c2d13edee52beb0b70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 15:11:25 -0500 Subject: [PATCH 250/374] feat: added rust-analyzer vscode package --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/rustAnalyzer.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/rustAnalyzer.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index fd72006..36168b2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -69,6 +69,9 @@ in { # go development go.enable = true; + # rust development + rustAnalyzer.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 8f366fe..f9d83dc 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix ./claudeDev.nix diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix new file mode 100644 index 0000000..66e9ebe --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.rustAnalyzer = { + enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { + default = ["rust-lang" "rust-analyzer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { + extensions = [ + config.extraExtensions.rustAnalyzer.extension + ]; + }; + })); + }; +} From c97d43957df6413ab524c608169c77e58b464e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:06:08 -0500 Subject: [PATCH 251/374] feat: enabled actual --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae897ce..62ab1de 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; actual = { - enable = false; + enable = true; domain = "budget.jan-leila.com"; }; From 7ad6a83dfa1bc7f1d1335636e976035e1abf425f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:17:48 -0500 Subject: [PATCH 252/374] feat: broke leyla firefox config into submodules --- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager/leyla/packages/firefox.nix | 344 ------------------ .../leyla/packages/firefox/bookmarks.nix | 149 ++++++++ .../leyla/packages/firefox/default.nix | 18 + .../leyla/packages/firefox/firefox.nix | 221 +++++++++++ .../leyla/packages/firefox/harden.nix | 50 +++ 6 files changed, 439 insertions(+), 345 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/bookmarks.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/default.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/harden.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5bccad3..50cc175 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -9,7 +9,7 @@ in { imports = [ ./vscode - ./firefox.nix + ./firefox ./direnv.nix ./openssh.nix ./git.nix diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix deleted file mode 100644 index d166eb4..0000000 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ /dev/null @@ -1,344 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - config = { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - deutsch-de-language-pack - dictionary-german - - tab-session-manager - - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix new file mode 100644 index 0000000..8435d45 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -0,0 +1,149 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + bookmarks = { + force = true; + settings = [ + # Personal Services + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Search"; + url = "https://search.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Budget"; + url = "https://budget.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Documents"; + url = "https://documents.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + + # Defiant Server Services + { + name = "QBittorrent"; + url = "http://defiant:8084"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Sonarr"; + url = "http://defiant:8989"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Radarr"; + url = "http://defiant:7878"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Bazarr"; + url = "http://defiant:6767"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Lidarr"; + url = "http://defiant:8686"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Jackett"; + url = "http://defiant:9117"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Crab-hole DNS"; + url = "http://defiant:8085"; + keyword = ""; + tags = ["defiant"]; + } + + # External Services + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix new file mode 100644 index 0000000..4246c68 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/default.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./firefox.nix + ./bookmarks.nix + ./harden.nix + ]; + + config = { + programs.firefox = { + enable = true; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix new file mode 100644 index 0000000..1678353 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -0,0 +1,221 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + programs.firefox = { + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; + + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes + + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes + + privacy-badger + decentraleyes + clearurls + localcdn + + snowflake + + deutsch-de-language-pack + dictionary-german + + tab-session-manager + + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "italiano-it-language-pack";\ + # version = "132.0.20241110.231641";\ + # addonId = "langpack-it@firefox.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Firefox Language Pack for Italiano (it) – Italian";\ + # license = licenses.mpl20;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "dizionario-italiano";\ + # version = "5.1";\ + # addonId = "it-IT@dictionaries.addons.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Add support for Italian to spellchecking";\ + # license = licenses.gpl3;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + ]; + + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix new file mode 100644 index 0000000..66310c2 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/harden.nix @@ -0,0 +1,50 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + settings = { + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Privacy & Data Protection + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + + # Disable telemetry and data collection + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; +} From f72a6da0132b370a6d84db2c91e53e3a8857cc37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:24:18 -0500 Subject: [PATCH 253/374] feat: fixed actual install --- modules/nixos-modules/server/actual/actual.nix | 14 +++++++++----- modules/nixos-modules/server/actual/const.nix | 2 +- .../nixos-modules/server/actual/impermanence.nix | 10 ++++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix index 96ea586..4cca449 100644 --- a/modules/nixos-modules/server/actual/actual.nix +++ b/modules/nixos-modules/server/actual/actual.nix @@ -6,14 +6,18 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { + options.services.actual = { + port = lib.mkOption { + type = lib.types.port; + description = "The port to listen on"; + default = 5006; + }; + }; config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - services.actual = { settings = { - ACTUAL_DATA_DIR = dataDirectory; + port = config.services.actual.port; + dataDir = dataDirectory; }; }; }; diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix index 13b068e..14b715e 100644 --- a/modules/nixos-modules/server/actual/const.nix +++ b/modules/nixos-modules/server/actual/const.nix @@ -1,3 +1,3 @@ { - dataDirectory = "/var/lib/actual/"; + dataDirectory = "/var/lib/private/actual"; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5a2bb6c..f203178 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,6 +5,8 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; + # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) + configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { @@ -16,8 +18,12 @@ in { config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; } ]; environment.persistence."/persist/system/root" = { From 758cbd17f72a738658e7d8554b9d3560a01fbb06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:43:50 -0500 Subject: [PATCH 254/374] refactor: removed unused var --- modules/nixos-modules/server/actual/impermanence.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index f203178..d870789 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,8 +5,6 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; - # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) - configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { From 81a65885374148fc60e0335624b8e7102cfbbdab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 23:35:54 -0500 Subject: [PATCH 255/374] feat: updated flack lock --- flake.lock | 30 ++++++++++++------------ modules/nixos-modules/server/wyoming.nix | 6 ++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 09349a6..11fb672 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761019419, - "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", + "lastModified": 1761478231, + "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", + "rev": "ae968708476302f8781fb5e245d53f112ed04111", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761081701, - "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1761339987, + "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761011896, - "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", + "lastModified": 1761530505, + "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", + "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index 4894dd4..c9a1474 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -37,9 +37,9 @@ openwakeword = { enable = true; uri = "tcp://0.0.0.0:10400"; - preloadModels = [ - "ok_nabu" - ]; + # preloadModels = [ + # "ok_nabu" + # ]; # TODO: custom models }; }; From bb5c94ec2c8c4955a3fd21bd1c460601889d749d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:53:59 -0500 Subject: [PATCH 256/374] feat: added catch all route to reverse proxy that blocks connections on non specified hosts --- .../server/reverseProxy/reverseProxy.nix | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix index 5b8357f..eecc9bf 100644 --- a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -6,6 +6,11 @@ options.services.reverseProxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; openFirewall = lib.mkEnableOption "open the firewall"; + refuseUnmatchedDomains = lib.mkOption { + type = lib.types.bool; + description = "refuse connections for domains that don't match any configured virtual hosts"; + default = true; + }; ports = { http = lib.mkOption { type = lib.types.port; @@ -96,7 +101,20 @@ services.nginx = { enable = true; virtualHosts = lib.mkMerge ( - lib.lists.flatten ( + (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ + { + "_" = { + default = true; + serverName = "_"; + locations."/" = { + extraConfig = '' + return 444; + ''; + }; + }; + } + ]) + ++ lib.lists.flatten ( lib.attrsets.mapAttrsToList ( name: service: let hostConfig = { From ec802a2462571c069485b1eeaac6d3c476e332d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:56:56 -0500 Subject: [PATCH 257/374] chore: updated README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 23a4966..a251dad 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- proton mail now has an smtp server we could use that for our zfs and SMART test emails # Tasks: ## Chores: - [ ] test out crab hole service -- [ ] learn how to use actual ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f91f20be7c68920c1c52378aba82dba2a8ec472d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 01:13:42 -0500 Subject: [PATCH 258/374] chore: added more tasks to README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a251dad..b253091 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] secondary server with data sync ## Data Access - [ ] nfs export should be backed by the same values for server and client @@ -76,6 +77,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Services - [ ] vikunja service for project management +- [ ] Penpot services (need to make this custom) +- [ ] minecraft server with old world file - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server @@ -98,4 +101,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] postgres db load - [ ] nginx queries - [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization \ No newline at end of file +- [ ] kuma for uptime visualization + +## Packages +- [ ] Custom private fork of MultiMC \ No newline at end of file From df663e5438753d2cde51bed048217a2dd99c3058 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:34:53 -0500 Subject: [PATCH 259/374] chore: added task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b253091..883e143 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut -- [ ] secondary server with data sync +- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access - [ ] nfs export should be backed by the same values for server and client From e57c1df6e5a6537b4ca8f4fc315fcbdcfd69f2a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:52:56 -0500 Subject: [PATCH 260/374] chore:added task for qbittorent directory --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e143..d3a2121 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service +- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f9c27c82b67930a90db943587543abfe46fda406 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 03:55:09 -0500 Subject: [PATCH 261/374] feat: refactored database configuration --- .../nixos/defiant/configuration.nix | 15 ++- .../nixos-modules/server/forgejo/database.nix | 59 ++++------ .../server/home-assistant/database.nix | 91 +++++++-------- .../nixos-modules/server/immich/database.nix | 44 +++---- .../server/panoramax/database.nix | 64 +++++++---- .../server/paperless/database.nix | 50 ++++---- .../server/postgres/impermanence.nix | 2 +- .../server/postgres/postgres.nix | 108 +++++++++++------- 8 files changed, 229 insertions(+), 204 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 62ab1de..e2f9401 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,13 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - postgres = { - extraUsers = { - leyla = { - isAdmin = true; - }; - }; - }; }; systemd.network = { @@ -220,6 +213,12 @@ }; services = { + # PostgreSQL database server + postgresql = { + enable = true; + adminUsers = ["leyla"]; + }; + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; @@ -327,7 +326,7 @@ enable = true; domain = "home.jan-leila.com"; openFirewall = true; - database = "postgres"; + postgres.enable = true; extensions = { sonos.enable = true; diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix index 0417aab..bb8781c 100644 --- a/modules/nixos-modules/server/forgejo/database.nix +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -2,40 +2,31 @@ lib, config, ... -}: { - config = lib.mkIf config.services.forgejo.enable ( - lib.mkMerge [ +}: let + usingPostgres = config.services.forgejo.database.type == "postgres"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; - message = "Forgejo database type must be postgres"; - } - ]; + assertion = !usingPostgres || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when Forgejo database type is postgres"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - forgejo = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - forgejo = { - name = "forgejo"; - }; - }; - }; - }; - }) - ] - ); + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); + message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); + message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; + + systemd.services.forgejo = lib.mkIf usingPostgres { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix index 0ac8002..f1927ed 100644 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -2,55 +2,52 @@ lib, config, ... -}: let - dbUser = "hass"; -in { - config = lib.mkIf config.services.home-assistant.enable ( - lib.mkMerge [ +}: { + options.services.home-assistant = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database name"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.home-assistant.database == "postgres"; - message = "Home Assistant database type must be postgres"; - } - ]; + assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; + ]; - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; + services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + enable = true; + user = config.services.home-assistant.postgres.user; + database = config.services.home-assistant.postgres.database; + }; - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - ] - ); + services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix index 74b1aaa..52af51e 100644 --- a/modules/nixos-modules/server/immich/database.nix +++ b/modules/nixos-modules/server/immich/database.nix @@ -3,24 +3,28 @@ config, ... }: { - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - }) - ]); + config = lib.mkIf config.services.immich.enable { + assertions = [ + { + assertion = !config.services.immich.database.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Immich"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); + message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); + message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency + + systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 8679f9a..1721726 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -3,32 +3,46 @@ config, ... }: { - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; + options.services.panoramax = { + database = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database name"; }; }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.panoramax.database.name} = { - name = config.services.panoramax.database.user; - }; - }; - }; - }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable { + assertions = [ + { + assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Panoramax"; } - ) - ]); + ]; + + services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + enable = true; + user = config.services.panoramax.database.postgres.user; + database = config.services.panoramax.database.postgres.database; + }; + + systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix index 6f4ce51..c63e59d 100644 --- a/modules/nixos-modules/server/paperless/database.nix +++ b/modules/nixos-modules/server/paperless/database.nix @@ -3,32 +3,28 @@ lib, ... }: { - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; + config = lib.mkIf config.services.paperless.enable { + assertions = [ + { + assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using local postgres database for Paperless"; } - ) - ]); + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); + message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); + message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.paperless.database.createLocally = lib.mkDefault true; + + systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix index 6c2d295..a67fb1a 100644 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -5,7 +5,7 @@ }: let dataDir = "/var/lib/postgresql/16"; in { - config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix index e76857c..af7d1b4 100644 --- a/modules/nixos-modules/server/postgres/postgres.nix +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -4,70 +4,94 @@ pkgs, ... }: let - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; + enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; + extraDatabasesList = config.services.postgresql.extraDatabases; + + serviceDatabaseUsers = lib.mapAttrsToList (_: db: { + name = db.user; + ensureDBOwnership = true; + }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); + + extraDatabaseUsers = + builtins.map (dbName: { + name = dbName; + ensureDBOwnership = true; + }) + extraDatabasesList; + + serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; + extraDatabaseNames = extraDatabasesList; + + serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; + extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; + + builtinServiceMappings = let + forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; + immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; + paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; + in + forgejoMapping ++ immichMapping ++ paperlessMapping; in { options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { + services.postgresql = { + databases = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { - name = lib.mkOption { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to create this database and user"; + }; + user = lib.mkOption { type = lib.types.str; default = name; + description = "Database user name"; }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; + database = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database name"; }; - isClient = lib.mkOption { + ensureUser = lib.mkOption { type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; + default = true; + description = "Whether to ensure the user exists"; }; }; })); default = {}; + description = "Databases to create for services"; }; + extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional databases to create (user name will match database name)"; + example = ["custom_db" "test_db"]; + }; + + adminUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "System users who should have PostgreSQL superuser access"; + example = ["leyla" "admin"]; }; }; }; - config = lib.mkIf config.host.postgres.enable { + config = lib.mkIf config.services.postgresql.enable { services = { postgresql = { - enable = true; package = pkgs.postgresql_16; + ensureUsers = [ - { - name = "postgres"; - } + {name = "postgres";} ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; + ++ serviceDatabaseUsers ++ extraDatabaseUsers; + + ensureDatabases = serviceDatabases ++ extraDatabaseNames; + identMap = '' # ArbitraryMapName systemUser DBUser @@ -77,16 +101,16 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) ); - # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map From 69ccbffd86992895196013fbf737ead6a8adfe7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 11:02:42 -0500 Subject: [PATCH 262/374] chore: removed incorrect task --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d3a2121..883e143 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service -- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From c0e2e7ba4a6294033a45685d758f31bd2651d2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 17:43:52 -0500 Subject: [PATCH 263/374] feat: updated flake.lock --- flake.lock | 36 +++++++++---------- .../common-modules/pkgs/polycule/default.nix | 4 +-- .../programs/bitwarden.nix | 2 +- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 11fb672..ae03c48 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761478231, - "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", + "lastModified": 1761797037, + "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ae968708476302f8781fb5e245d53f112ed04111", + "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1761845621, + "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761530505, - "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", + "lastModified": 1761789484, + "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", + "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760958188, - "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", + "lastModified": 1761827175, + "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", + "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index b463cc5..e9841fe 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -3,7 +3,7 @@ flutter332, fetchFromGitLab, pkg-config, - wrapGAppsHook, + wrapGAppsHook3, gtk3, glib, glib-networking, @@ -65,7 +65,7 @@ flutter332.buildFlutterApplication rec { nativeBuildInputs = [ pkg-config - wrapGAppsHook + wrapGAppsHook3 ]; buildInputs = [ diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 5c14068..e305b6c 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ { home.packages = with pkgs; [ - bitwarden + bitwarden-desktop ]; } ( From e1a5ddde95472de74219a40592dd746c9efa704d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 22:28:02 -0500 Subject: [PATCH 264/374] feat: added storj to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e143..dc12d35 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server +- [ ] storj server ## DevOps - [ ] wake on LAN for updates From bfe774b74ccf604029f9e2b9870b7eee096069b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:08:28 -0500 Subject: [PATCH 265/374] added --vm flag to rebuild --- .gitignore | 3 ++- rebuild.sh | 68 ++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 53 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index ce2538f..2810727 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ result .direnv .vscode/* -!.vscode/settings.json \ No newline at end of file +!.vscode/settings.json +nixos.qcow2 diff --git a/rebuild.sh b/rebuild.sh index 6750450..48746d9 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -18,6 +18,7 @@ else fi show_trace=false +clean_vm=false while [ $# -gt 0 ]; do case "$1" in @@ -50,6 +51,9 @@ while [ $# -gt 0 ]; do --show-trace) show_trace=true ;; + --clean-vm) + clean_vm=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: defaults to the current system" @@ -58,6 +62,8 @@ while [ $# -gt 0 ]; do echo " currently: ${target:-$default_target}" echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" echo " currently would be: $default_mode" + echo " Available modes: switch, test, build, boot, vm" + echo " 'vm' mode builds and starts a virtual machine" echo "--user -u: defaults to the current user" echo " currently: $default_user" echo "--host: defaults to building on the current machine" @@ -65,6 +71,7 @@ while [ $# -gt 0 ]; do echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "--clean-vm: remove existing VM disk (nixos.qcow2) before building" echo "" echo "Branch-aware behavior:" echo " - On non-main branches: defaults to test mode with warning" @@ -90,6 +97,20 @@ flake=${flake:-$target} mode=${mode:-$default_mode} user=${user:-$default_user} +# Validate mode +valid_modes="switch test build boot vm" +if [[ ! " $valid_modes " =~ " $mode " ]]; then + echo "Error: Invalid mode '$mode'" + echo "Valid modes are: $valid_modes" + exit 1 +fi + +# Clean VM disk if requested +if [[ "$clean_vm" = true ]] && [[ -f "nixos.qcow2" ]]; then + echo "Removing existing VM disk: nixos.qcow2" + rm nixos.qcow2 +fi + # Branch-aware warnings and behavior if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" @@ -101,26 +122,39 @@ elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" ! echo " git checkout -b feature/your-feature-name" fi -command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" +if [[ "$mode" == "vm" ]]; then + command="nix build .#nixosConfigurations.$flake.config.system.build.vm" + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command + + if [[ $? -eq 0 ]] && [[ -d "result" ]]; then + echo "Starting VM..." + QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset + fi +else + command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" + + if [[ $host ]]; then + command="$command --build-host $host" + fi -if [[ $host ]]; -then - command="$command --build-host $host" + if [[ "$target" != "$(hostname)" ]]; then + command="$command --target-host $user@$target" + fi + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command fi -if [[ "$target" != "$(hostname)" ]]; -then - command="$command --target-host $user@$target" -fi - -if [[ "$show_trace" = true ]]; -then - command="$command --show-trace" -fi - -echo $command -$command - if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; From dfeac5585f95fd4f07a164e9002cca3b5527f3be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:29:34 -0500 Subject: [PATCH 266/374] chore: added task to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index dc12d35..ba6bfc2 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins +- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices ## Broken things - [ ] figure out steam vr things? @@ -65,6 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] every service needs to have its own data pool - [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access From c6b129726d772900d459824979697d7d5eb19e99 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:45:26 -0500 Subject: [PATCH 267/374] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ba6bfc2..08c689f 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services - [ ] vikunja service for project management From 34e8cf44058080b3a8532005ab05f026917fc598 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 19:37:59 -0500 Subject: [PATCH 268/374] chore: reorganized some tasks in TODO --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 08c689f..2a53e24 100644 --- a/README.md +++ b/README.md @@ -82,10 +82,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file -- [ ] Create Tor guard/relay server -- [ ] mastodon instance -- [ ] screeps server - [ ] storj server +- [ ] Create Tor guard/relay server +- [ ] screeps server +- [ ] mastodon instance ## DevOps - [ ] wake on LAN for updates From 353ae4b87498c2f2b8a406d9c89992427e63edb8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 19:49:10 -0500 Subject: [PATCH 269/374] chore: added more description to task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a53e24..f1b559c 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] samba mounts - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards -- [ ] make radarr, sonarr, and bazarr accessible over vpn +- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn - [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's From 4f16a0cf996c9bd5874450db38ec74a1bced548a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 21:47:30 -0500 Subject: [PATCH 270/374] chore: created nodes for impermanence module --- modules/nixos-modules/impermanence.nix | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 7735e97..60011cb 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,6 +3,39 @@ lib, ... }: { + # options.storage = { + # zfs = { + # # TODO: enable option + # # when this option is enabled we need to configure and enable disko things + + # # TODO: we need some way of managing notifications + + # # TODO: we need options to configure zfs pools + # # we should have warnings when the configured pool is missing drives + + # # TODO: dataset option that is a submodule that adds datasets to the system + # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + + # # TODO: pools and datasets need to be passed to disko + # }; + + # impermanence = { + # # TODO: enable option + + # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # # Then we should make a dataset for user folders local and persist + # # We should also create datasets for systemd modules that have have impermanence enabled for them + # # we need to figure out what options a dataset can have in zfs + # }; + + # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # # TODO: we should have a way of enabling impermanence for a systemd config + # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # # options for features that can be added to the dataset + # }; + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ @@ -93,6 +126,7 @@ ]; }; + # TODO: this should live in leylas home manager configuration security.sudo.extraConfig = "Defaults lecture=never"; } ) From 78dd22fed3939862ea1e2714177060a6d143ce5a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 3 Nov 2025 11:55:10 -0600 Subject: [PATCH 271/374] feat: started to draft out new storage interface --- modules/nixos-modules/impermanence.nix | 155 +++++++++++++++++++++---- 1 file changed, 131 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 60011cb..5b1bbd2 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,38 +3,145 @@ lib, ... }: { - # options.storage = { - # zfs = { - # # TODO: enable option - # # when this option is enabled we need to configure and enable disko things + options.storage = let + datasetSubmodule = {name, ...}: { + # TODO: we need to figure out what options a dataset can have in zfs + }; - # # TODO: we need some way of managing notifications + impermanenceDatasetSubmodules = [ + datasetSubmodule + ({...}: let + pathPermissions = { + read = lib.mkEnableOption "should the path have read permissions"; + write = lib.mkEnableOption "should the path have read permissions"; + execute = lib.mkEnableOption "should the path have read permissions"; + }; + pathTypeSubmodule = {name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + owner = { + user = lib.mkOption { + type = lib.types.str; + default = "nouser"; + }; + permissions = pathPermissions; + }; + group = { + group = lib.mkOption { + type = lib.types.str; + default = "nogroup"; + }; + permissions = pathPermissions; + }; + other = { + permissions = pathPermissions; + }; + }; + }; + in { + options = { + files = lib.types.mkOption { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + directories = { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + }; + }) + ]; + in { + zfs = { + # TODO: enable option implementation + enable = lib.mkEnableOption "Should zfs be enabled on this system."; - # # TODO: we need options to configure zfs pools - # # we should have warnings when the configured pool is missing drives + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; + }; - # # TODO: dataset option that is a submodule that adds datasets to the system - # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + # TODO: we need options to configure zfs pools + # we should have warnings when the configured pool is missing drives after activation + # TODO: implementation of this + # TODO: validations that we have at least one boot drive + pool = let + deviceType = + lib.types.coercedTo lib.types.str (device: { + device = device; + boot = false; + }) { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; + }; + in { + encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + vdevs = lib.mkOption { + type = lib.types.listOf deviceType; + default = []; + }; + cache = lib.mkOption { + type = lib.types.attrsOf deviceType; + }; + }; - # # TODO: pools and datasets need to be passed to disko - # }; + # TODO:create the root dataset automatically + # TODO: dataset option that is a submodule that adds datasets to the system + # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + datasets = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + }; - # impermanence = { - # # TODO: enable option + impermanence = { + enable = lib.mkEnableOption "should impermanence be enabled for this system"; + # TODO: enable option implementation - # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # # Then we should make a dataset for user folders local and persist - # # We should also create datasets for systemd modules that have have impermanence enabled for them - # # we need to figure out what options a dataset can have in zfs - # }; + # TODO: assertion that zfs needs to be enabled when impermanence is enabled - # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # We should also create datasets for systemd modules that have have impermanence enabled for them - # # TODO: we should have a way of enabling impermanence for a systemd config - # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) - # # options for features that can be added to the dataset - # }; + datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + + # TODO: this should just live under home-manager.users..storage.impermanence + home-manager = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + enable = lib.mkEnableOption "should impermanence be enabled for this user"; + + # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets + datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + })); + }; + + # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # TODO: we should have a way of enabling impermanence for a systemd config + # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # options for features that can be added to the dataset + }; options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; From 0d6f82f29e7341122bff2d44bf51109b4c14d458 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 3 Nov 2025 20:04:36 -0600 Subject: [PATCH 272/374] build: updated flake.lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index ae03c48..6a4736b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761797037, - "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=", + "lastModified": 1762162438, + "narHash": "sha256-GPnRGcVck+TPiQl6Rqj0i57c8hAa34RsQWVqQAW0OVY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891", + "rev": "2cf91d46e558b29f9f9bbdd23408f62e8423aa00", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761845621, - "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", + "lastModified": 1762183399, + "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", "owner": "nix-community", "repo": "home-manager", - "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", + "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", "type": "github" }, "original": { @@ -164,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1755787066, - "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", - "rev": "ac9721a92e8138d29707824dbedb484c76948493", + "lastModified": 1761937274, + "narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=", + "rev": "91867941fa73afea7869b7c71ede82e5ef8927da", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da" }, "original": { "type": "tarball", @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1759851320, - "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", + "lastModified": 1761960361, + "narHash": "sha256-FvuAw56NIVJpS3Kr8Wv9PpU4eehZMcdIVkxjStuYmqc=", "ref": "refs/heads/main", - "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", - "revCount": 163, + "rev": "c47f62187601ea2991b79a9bacdbfdf76cd29fbe", + "revCount": 167, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1761339987, - "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", + "lastModified": 1762186368, + "narHash": "sha256-dzLBZKccS0jMefj+WAYwsk7gKDluqavC7I4KfFwVh8k=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", + "rev": "69921864a70b58787abf5ba189095566c3f0ffd3", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761789484, - "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=", + "lastModified": 1762135163, + "narHash": "sha256-gP8SCvsYSfi4olYZcrZ4P1IGMzYJSFe1FuO8RL3xpEc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813", + "rev": "5d6525e4d5372973da1777b9ebdb01f033db1395", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1761827175, - "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", + "lastModified": 1762179181, + "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", + "rev": "256770618502d2eda892af3ae91da5e386ce9586", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761672384, - "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { From 573708fd479ea551a83c54d120f22b9ca5ae6496 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 15:02:49 -0600 Subject: [PATCH 273/374] moved storage option draft to its own folder --- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/impermanence.nix | 140 ------------------ modules/nixos-modules/storage/default.nix | 12 ++ .../nixos-modules/storage/impermanence.nix | 31 ++++ .../storage/submodules/dataset.nix | 3 + .../submodules/impermanenceDataset.nix | 46 ++++++ modules/nixos-modules/storage/zfs.nix | 67 +++++++++ 7 files changed, 160 insertions(+), 140 deletions(-) create mode 100644 modules/nixos-modules/storage/default.nix create mode 100644 modules/nixos-modules/storage/impermanence.nix create mode 100644 modules/nixos-modules/storage/submodules/dataset.nix create mode 100644 modules/nixos-modules/storage/submodules/impermanenceDataset.nix create mode 100644 modules/nixos-modules/storage/zfs.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 2ba1a58..77bfe93 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -16,6 +16,7 @@ ./tailscale.nix ./steam.nix ./server + ./storage ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 5b1bbd2..4cdcd00 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,146 +3,6 @@ lib, ... }: { - options.storage = let - datasetSubmodule = {name, ...}: { - # TODO: we need to figure out what options a dataset can have in zfs - }; - - impermanenceDatasetSubmodules = [ - datasetSubmodule - ({...}: let - pathPermissions = { - read = lib.mkEnableOption "should the path have read permissions"; - write = lib.mkEnableOption "should the path have read permissions"; - execute = lib.mkEnableOption "should the path have read permissions"; - }; - pathTypeSubmodule = {name, ...}: { - options = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; - owner = { - user = lib.mkOption { - type = lib.types.str; - default = "nouser"; - }; - permissions = pathPermissions; - }; - group = { - group = lib.mkOption { - type = lib.types.str; - default = "nogroup"; - }; - permissions = pathPermissions; - }; - other = { - permissions = pathPermissions; - }; - }; - }; - in { - options = { - files = lib.types.mkOption { - type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); - default = {}; - }; - directories = { - type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); - default = {}; - }; - }; - }) - ]; - in { - zfs = { - # TODO: enable option implementation - enable = lib.mkEnableOption "Should zfs be enabled on this system."; - - notifications = { - enable = lib.mkEnableOption "are notifications enabled"; - host = lib.mkOption { - type = lib.types.str; - description = "what is the host that we are going to send the email to"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "what port is the host using to receive mail on"; - }; - to = lib.mkOption { - type = lib.types.str; - description = "what account is the email going to be sent to"; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user is the email going to be set from"; - }; - tokenFile = lib.mkOption { - type = lib.types.str; - description = "file containing the password to be used by msmtp for notifications"; - }; - }; - - # TODO: we need options to configure zfs pools - # we should have warnings when the configured pool is missing drives after activation - # TODO: implementation of this - # TODO: validations that we have at least one boot drive - pool = let - deviceType = - lib.types.coercedTo lib.types.str (device: { - device = device; - boot = false; - }) { - device = lib.mkOption { - type = lib.types.str; - }; - boot = lib.mkEnableOption "should this device be a boot device"; - }; - in { - encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; - vdevs = lib.mkOption { - type = lib.types.listOf deviceType; - default = []; - }; - cache = lib.mkOption { - type = lib.types.attrsOf deviceType; - }; - }; - - # TODO:create the root dataset automatically - # TODO: dataset option that is a submodule that adds datasets to the system - # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it - datasets = lib.types.attrsOf (lib.types.submodule datasetSubmodule); - }; - - impermanence = { - enable = lib.mkEnableOption "should impermanence be enabled for this system"; - # TODO: enable option implementation - - # TODO: assertion that zfs needs to be enabled when impermanence is enabled - - # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # We should also create datasets for systemd modules that have have impermanence enabled for them - - datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - - # TODO: this should just live under home-manager.users..storage.impermanence - home-manager = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - enable = lib.mkEnableOption "should impermanence be enabled for this user"; - - # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets - datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - })); - }; - - # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface - - # TODO: we should have a way of enabling impermanence for a systemd config - # these should have an option to put their folder into their own dataset (this needs to support private vs non private) - # options for features that can be added to the dataset - }; - options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ diff --git a/modules/nixos-modules/storage/default.nix b/modules/nixos-modules/storage/default.nix new file mode 100644 index 0000000..02f7fb9 --- /dev/null +++ b/modules/nixos-modules/storage/default.nix @@ -0,0 +1,12 @@ +{...}: { + # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # TODO: we should have a way of enabling impermanence for a systemd config + # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # options for features that can be added to the dataset + + imports = [ + ./impermanence.nix + ./zfs.nix + ]; +} diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix new file mode 100644 index 0000000..c51e35f --- /dev/null +++ b/modules/nixos-modules/storage/impermanence.nix @@ -0,0 +1,31 @@ +args @ {lib, ...}: let + impermanenceDatasetSubmodules = (import ./submodules/impermanenceDataset.nix) args; +in { + options.storage = { + impermanence = { + enable = lib.mkEnableOption "should impermanence be enabled for this system"; + # TODO: enable option implementation + + # TODO: assertion that zfs needs to be enabled when impermanence is enabled + + # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # We should also create datasets for systemd modules that have have impermanence enabled for them + + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + }; + + # TODO: this should just live under home-manager.users..storage.impermanence + home-manager = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + enable = lib.mkEnableOption "should impermanence be enabled for this user"; + # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + }; + })); + }; + }; + }; +} diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix new file mode 100644 index 0000000..a6cc3e6 --- /dev/null +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -0,0 +1,3 @@ +{name, ...}: { + # TODO: we need to figure out what options a dataset can have in zfs +} diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix new file mode 100644 index 0000000..f9a4df6 --- /dev/null +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -0,0 +1,46 @@ +{lib, ...}: let + pathPermissions = { + read = lib.mkEnableOption "should the path have read permissions"; + write = lib.mkEnableOption "should the path have read permissions"; + execute = lib.mkEnableOption "should the path have read permissions"; + }; + pathTypeSubmodule = {name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + owner = { + user = lib.mkOption { + type = lib.types.str; + default = "nouser"; + }; + permissions = pathPermissions; + }; + group = { + group = lib.mkOption { + type = lib.types.str; + default = "nogroup"; + }; + permissions = pathPermissions; + }; + other = { + permissions = pathPermissions; + }; + }; + }; +in { + imports = [ + ./dataset.nix + ]; + options = { + files = lib.types.mkOption { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + directories = { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + }; +} diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix new file mode 100644 index 0000000..c5dd412 --- /dev/null +++ b/modules/nixos-modules/storage/zfs.nix @@ -0,0 +1,67 @@ +args @ {lib, ...}: let + datasetSubmodule = (import ./submodules/dataset.nix) args; +in { + options.storage = { + zfs = { + # TODO: enable option implementation + enable = lib.mkEnableOption "Should zfs be enabled on this system."; + + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; + }; + + # TODO: we need options to configure zfs pools + # we should have warnings when the configured pool is missing drives after activation + # TODO: implementation of this + # TODO: validations that we have at least one boot drive + pool = let + deviceType = + lib.types.coercedTo lib.types.str (device: { + device = device; + boot = false; + }) { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; + }; + in { + encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + vdevs = lib.mkOption { + type = lib.types.listOf deviceType; + default = []; + }; + cache = lib.mkOption { + type = lib.types.attrsOf deviceType; + }; + }; + + # TODO:create the root dataset automatically + # TODO: dataset option that is a submodule that adds datasets to the system + # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + }; + }; + }; +} From f5b026bb15dd12b52611bf322f589d843210de91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 18:05:31 -0600 Subject: [PATCH 274/374] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f1b559c..2d6911b 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services +- [ ] ntfy service for unified push - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file From 2fd14e4cc0c4c8f8a05ed91a67e9d868c67dd783 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 19:39:27 -0600 Subject: [PATCH 275/374] feat: added config block to zfs.nix and gave it notification functionality --- modules/nixos-modules/storage/zfs.nix | 70 ++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index c5dd412..e5793ca 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -1,9 +1,13 @@ -args @ {lib, ...}: let +args @ { + lib, + pkgs, + config, + ... +}: let datasetSubmodule = (import ./submodules/dataset.nix) args; in { options.storage = { zfs = { - # TODO: enable option implementation enable = lib.mkEnableOption "Should zfs be enabled on this system."; notifications = { @@ -30,10 +34,6 @@ in { }; }; - # TODO: we need options to configure zfs pools - # we should have warnings when the configured pool is missing drives after activation - # TODO: implementation of this - # TODO: validations that we have at least one boot drive pool = let deviceType = lib.types.coercedTo lib.types.str (device: { @@ -56,7 +56,7 @@ in { }; }; - # TODO:create the root dataset automatically + # TODO: create the root dataset automatically # TODO: dataset option that is a submodule that adds datasets to the system # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it datasets = lib.mkOption { @@ -64,4 +64,60 @@ in { }; }; }; + + config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # TODO: post activation script that makes sure that our configured pool match the pool that exist on the system + # TODO: validation that we have a boot drive + # TODO: disko config mapping + } + (lib.mkIf config.storage.zfs.notifications.enable { + programs.msmtp = { + enable = true; + setSendmail = true; + defaults = { + aliases = "/etc/aliases"; + port = config.storage.zfs.notifications.port; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + zfs_notifications = { + auth = true; + tls = true; + host = config.storage.zfs.notifications.host; + passwordeval = "cat ${config.storage.zfs.notifications.tokenFile}"; + user = config.storage.zfs.notifications.user; + from = config.storage.zfs.notifications.user; + }; + }; + }; + + services.zfs = { + zed = { + enableMail = true; + + settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [config.storage.zfs.notifications.to]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; + }; + }) + ]); } From d8989bb43d3353aaf2e11b01d3ea797502612436 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 5 Nov 2025 10:56:04 -0600 Subject: [PATCH 276/374] feat: drafted out zfs vdev, pool, and dataset implementations --- .../nixos-modules/storage/impermanence.nix | 2 + .../storage/submodules/dataset.nix | 97 +++- .../submodules/impermanenceDataset.nix | 2 +- modules/nixos-modules/storage/zfs.nix | 460 +++++++++++++++++- 4 files changed, 551 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index c51e35f..b1fd6b5 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -14,6 +14,7 @@ in { datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + default = {}; }; # TODO: this should just live under home-manager.users..storage.impermanence @@ -23,6 +24,7 @@ in { # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + default = {}; }; })); }; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index a6cc3e6..482671e 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -1,3 +1,96 @@ -{name, ...}: { - # TODO: we need to figure out what options a dataset can have in zfs +{lib, ...}: {name, ...}: { + options = { + type = lib.mkOption { + type = lib.types.enum ["zfs_fs" "zfs_volume"]; + default = "zfs_fs"; + description = "Type of ZFS dataset (filesystem or volume)"; + }; + + # ZFS dataset options that match what's currently hardcoded in rootFsOptions + canmount = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "noauto"]); + default = null; + description = "Controls whether the file system can be mounted"; + }; + + mountpoint = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Controls the mount point used for this file system"; + }; + + xattr = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); + default = null; + description = "Extended attribute storage method"; + }; + + acltype = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["off" "nfsv4" "posixacl"]); + default = null; + description = "Access control list type"; + }; + + relatime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls when access time is updated"; + }; + + compression = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "lz4" "gzip" "zstd" "lzjb" "zle"]); + default = null; + description = "Compression algorithm to use"; + }; + + encryption = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); + default = null; + description = "Encryption algorithm to use"; + }; + + keyformat = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); + default = null; + description = "Format of the encryption key"; + }; + + keylocation = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Location of the encryption key"; + }; + + autoSnapshot = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = "Enable automatic snapshots for this dataset"; + }; + + # Additional common ZFS options + recordsize = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Suggested block size for files in the file system"; + }; + + sync = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["standard" "always" "disabled"]); + default = null; + description = "Synchronous write behavior"; + }; + + atime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls whether access time is updated"; + }; + + # Custom options for disko integration + postCreateHook = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Script to run after dataset creation"; + }; + }; } diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index f9a4df6..193ab80 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,4 +1,4 @@ -{lib, ...}: let +{lib, ...}: {...}: let pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index e5793ca..20e41ae 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,6 +5,49 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; + + # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + poolVdevs = [ + (builtins.map ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) + config.storage.zfs.pool.vdevs) + ]; + + poolCache = builtins.map ( + name: let + device = config.storage.zfs.pool.cache.${name}; + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) (builtins.attrNames config.storage.zfs.pool.cache); + + bootDrives = + builtins.map ( + device: + if builtins.isString device + then device + else device.device + ) (builtins.filter ( + device: + if builtins.isString device + then false + else device.boot + ) + config.storage.zfs.pool.vdevs); + + allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { options.storage = { zfs = { @@ -46,35 +89,438 @@ in { boot = lib.mkEnableOption "should this device be a boot device"; }; in { - encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + encryption = { + enable = lib.mkEnableOption "Should encryption be enabled on this pool."; + keyformat = lib.mkOption { + type = lib.types.enum ["raw" "hex" "passphrase"]; + default = "hex"; + description = "Format of the encryption key"; + }; + keylocation = lib.mkOption { + type = lib.types.str; + default = "prompt"; + description = "Location of the encryption key"; + }; + }; + mode = lib.mkOption { + type = lib.types.enum ["stripe" "mirror" "raidz1" "raidz2" "raidz3"]; + default = "raidz2"; + description = "ZFS redundancy mode for the pool"; + }; + bootPartitionSize = lib.mkOption { + type = lib.types.str; + default = "2G"; + description = "Size of the boot partition on boot drives"; + }; vdevs = lib.mkOption { type = lib.types.listOf deviceType; default = []; }; cache = lib.mkOption { type = lib.types.attrsOf deviceType; + default = {}; }; }; - # TODO: create the root dataset automatically - # TODO: dataset option that is a submodule that adds datasets to the system - # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + rootDataset = lib.mkOption { + type = lib.types.submodule datasetSubmodule; + description = "Root ZFS dataset to create"; + default = {}; + }; + datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + description = "Additional ZFS datasets to create"; + default = {}; }; }; }; config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { + assertions = [ + { + assertion = builtins.length bootDrives > 0; + message = '' + ZFS configuration requires at least one boot drive. Please configure at least one device with boot = true in storage.zfs.pool.vdevs. + ''; + } + { + assertion = + !( + config.storage.zfs.pool.encryption.enable + && (config.storage.zfs.rootDataset.encryption + != null + || config.storage.zfs.rootDataset.keyformat != null + || config.storage.zfs.rootDataset.keylocation != null) + ); + message = '' + Cannot set encryption options in both pool.encryption and rootDataset. + Use either pool.encryption for default settings or rootDataset encryption options for explicit control, but not both. + ''; + } + ]; + services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; - # TODO: post activation script that makes sure that our configured pool match the pool that exist on the system - # TODO: validation that we have a boot drive - # TODO: disko config mapping + # Disko configuration based on pool settings + disko.devices = { + disk = ( + builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value bootDrives) { + size = config.storage.zfs.pool.bootPartitionSize; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + allDrives + ) + ); + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = ( + builtins.map (disks: { + mode = config.storage.zfs.pool.mode; + members = + builtins.map (disk: disk.name) disks; + }) + poolVdevs + ); + cache = builtins.map (disk: disk.name) poolCache; + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = let + rootDataset = config.storage.zfs.rootDataset; + # Start with defaults that match the original hardcoded values + defaults = { + canmount = "off"; + mountpoint = "none"; + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; + }; + # Override defaults with non-null values from rootDataset + userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + canmount = rootDataset.canmount; + mountpoint = rootDataset.mountpoint; + xattr = rootDataset.xattr; + acltype = rootDataset.acltype; + relatime = rootDataset.relatime; + compression = rootDataset.compression; + encryption = rootDataset.encryption; + keyformat = rootDataset.keyformat; + keylocation = rootDataset.keylocation; + recordsize = rootDataset.recordsize; + sync = rootDataset.sync; + atime = rootDataset.atime; + "com.sun:auto-snapshot" = + if rootDataset.autoSnapshot == null + then null + else + ( + if rootDataset.autoSnapshot + then "true" + else "false" + ); + }; + # Only apply pool encryption if user hasn't set encryption options in rootDataset + poolEncryptionOptions = + lib.attrsets.optionalAttrs ( + config.storage.zfs.pool.encryption.enable + && rootDataset.encryption == null + && rootDataset.keyformat == null + && rootDataset.keylocation == null + ) { + encryption = "on"; + keyformat = config.storage.zfs.pool.encryption.keyformat; + keylocation = config.storage.zfs.pool.encryption.keylocation; + }; + in + defaults // userOptions // rootDataset.options // poolEncryptionOptions; + + datasets = lib.mkMerge [ + ( + lib.attrsets.mapAttrs (name: value: { + type = value.type; + options = let + # For datasets, only include non-null user-specified values + userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + canmount = value.canmount; + xattr = value.xattr; + acltype = value.acltype; + relatime = value.relatime; + compression = value.compression; + encryption = value.encryption; + keyformat = value.keyformat; + keylocation = value.keylocation; + recordsize = value.recordsize; + sync = value.sync; + atime = value.atime; + "com.sun:auto-snapshot" = + if value.autoSnapshot == null + then null + else + ( + if value.autoSnapshot + then "true" + else "false" + ); + }; + in + userOptions // (value.options or {}); + mountpoint = value.mountpoint; + postCreateHook = value.postCreateHook or ""; + }) + config.storage.zfs.datasets + ) + ]; + }; + }; + }; + + # Post-activation scripts for validation + system.activationScripts = { + # Script 1: Validate pool, cache devices, and vdevs + zfs-pool-validation = { + text = '' + echo "Running ZFS pool validation..." + + # Function to check if a device exists in a vdev or cache + check_device_in_pool() { + local device_id="$1" + local device_type="$2" # "cache" or "vdev" + + if ! zpool status rpool | grep -q "$device_id"; then + echo "ERROR: Device $device_id not found in pool rpool ($device_type)" + return 1 + fi + return 0 + } + + # Function to validate vdev configuration + validate_vdevs() { + local expected_mode="${config.storage.zfs.pool.mode}" + local pool_status=$(zpool status rpool) + + # Check if pool exists + if ! zpool list rpool >/dev/null 2>&1; then + echo "ERROR: ZFS pool 'rpool' does not exist" + return 1 + fi + + # Validate each configured vdev device + ${lib.concatMapStringsSep "\n" ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in '' + if ! check_device_in_pool "${deviceStr}" "vdev"; then + echo "ERROR: Vdev device ${deviceStr} not found in pool" + exit 1 + fi + '' + ) + config.storage.zfs.pool.vdevs} + + # Check pool mode matches configuration + if ! echo "$pool_status" | grep -q "$expected_mode"; then + echo "WARNING: Pool mode may not match expected configuration ($expected_mode)" + fi + + echo "✓ All vdev devices validated successfully" + return 0 + } + + # Function to validate cache configuration + validate_cache() { + ${lib.concatMapStringsSep "\n" ( + name: let + device = config.storage.zfs.pool.cache.${name}; + deviceStr = + if builtins.isString device + then device + else device.device; + in '' + if ! check_device_in_pool "${deviceStr}" "cache"; then + echo "ERROR: Cache device ${deviceStr} (${name}) not found in pool" + exit 1 + fi + '' + ) (builtins.attrNames config.storage.zfs.pool.cache)} + + echo "✓ All cache devices validated successfully" + return 0 + } + + # Run validations + if validate_vdevs && validate_cache; then + echo "✓ ZFS pool validation completed successfully" + else + echo "✗ ZFS pool validation failed" + exit 1 + fi + ''; + deps = ["zfs"]; + }; + + # Script 2: Validate datasets and their options + zfs-dataset-validation = { + text = '' + echo "Running ZFS dataset validation..." + + # Function to check if dataset exists + check_dataset_exists() { + local dataset="$1" + if ! zfs list "$dataset" >/dev/null 2>&1; then + echo "ERROR: Dataset $dataset does not exist" + return 1 + fi + return 0 + } + + # Function to validate dataset options + validate_dataset_options() { + local dataset="$1" + local expected_options="$2" + + # Parse expected options (format: "option=value option2=value2") + echo "$expected_options" | tr ' ' '\n' | while IFS='=' read -r option expected_value; do + if [ -n "$option" ] && [ -n "$expected_value" ]; then + local actual_value=$(zfs get -H -o value "$option" "$dataset" 2>/dev/null) + if [ "$actual_value" != "$expected_value" ]; then + echo "ERROR: Dataset $dataset option $option is '$actual_value', expected '$expected_value'" + return 1 + fi + fi + done + return 0 + } + + # Validate root dataset + echo "Validating root dataset..." + if check_dataset_exists "rpool"; then + root_options="" + ${lib.concatMapStringsSep "\n" ( + option: let + value = config.storage.zfs.rootDataset.${option}; + in + lib.optionalString (value != null) '' + root_options="$root_options ${option}=${toString value}" + '' + ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} + + # Add autoSnapshot option + ${lib.optionalString (config.storage.zfs.rootDataset.autoSnapshot != null) '' + root_options="$root_options com.sun:auto-snapshot=${ + if config.storage.zfs.rootDataset.autoSnapshot + then "true" + else "false" + }" + ''} + + if validate_dataset_options "rpool" "$root_options"; then + echo "✓ Root dataset options validated" + else + echo "✗ Root dataset validation failed" + exit 1 + fi + else + echo "✗ Root dataset validation failed" + exit 1 + fi + + # Validate configured datasets + ${lib.concatMapStringsSep "\n" ( + name: let + dataset = config.storage.zfs.datasets.${name}; + in '' + echo "Validating dataset: rpool/${name}" + if check_dataset_exists "rpool/${name}"; then + dataset_options="" + ${lib.concatMapStringsSep "\n" ( + option: let + value = dataset.${option}; + in + lib.optionalString (value != null) '' + dataset_options="$dataset_options ${option}=${toString value}" + '' + ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} + + # Add autoSnapshot option + ${lib.optionalString (dataset.autoSnapshot != null) '' + dataset_options="$dataset_options com.sun:auto-snapshot=${ + if dataset.autoSnapshot + then "true" + else "false" + }" + ''} + + # Add custom options + ${lib.concatMapStringsSep "\n" ( + optName: let + optValue = dataset.options.${optName}; + in '' + dataset_options="$dataset_options ${optName}=${toString optValue}" + '' + ) (builtins.attrNames (dataset.options or {}))} + + if validate_dataset_options "rpool/${name}" "$dataset_options"; then + echo "✓ Dataset rpool/${name} options validated" + else + echo "✗ Dataset rpool/${name} validation failed" + exit 1 + fi + else + echo "✗ Dataset rpool/${name} validation failed" + exit 1 + fi + '' + ) (builtins.attrNames config.storage.zfs.datasets)} + + echo "✓ ZFS dataset validation completed successfully" + ''; + deps = ["zfs" "zfs-pool-validation"]; + }; + }; } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From 1b4d0596335f140e252b6f0d6130e4e4d2a894a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 5 Nov 2025 18:37:26 -0600 Subject: [PATCH 277/374] feat: removed polycule application --- .../home-manager/leyla/packages/default.nix | 2 - modules/common-modules/pkgs/default.nix | 3 - .../common-modules/pkgs/polycule/default.nix | 149 - .../pkgs/polycule/polycule-pubspec.lock.json | 2459 ----------------- .../home-manager-modules/programs/default.nix | 1 - .../programs/polycule.nix | 31 - 6 files changed, 2645 deletions(-) delete mode 100644 modules/common-modules/pkgs/polycule/default.nix delete mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json delete mode 100644 modules/home-manager-modules/programs/polycule.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 50cc175..d065739 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,8 +70,6 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is now working with Flutter 3.29 - polycule.enable = true; }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index a2f61b1..c97f97c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -38,8 +38,5 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) - (final: prev: { - polycule = pkgs.callPackage ./polycule {}; - }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix deleted file mode 100644 index e9841fe..0000000 --- a/modules/common-modules/pkgs/polycule/default.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - lib, - flutter332, - fetchFromGitLab, - pkg-config, - wrapGAppsHook3, - gtk3, - glib, - glib-networking, - webkitgtk_4_1, - libsecret, - libnotify, - dbus, - sqlcipher, - openssl, - mpv, - alsa-lib, - libass, - ffmpeg-full, - libplacebo, - libunwind, - shaderc, - vulkan-headers, - vulkan-loader, - lcms2, - libdovi, - libdvdnav, - libdvdread, - mujs, - libbluray, - lua, - rubberband, - libuchardet, - zimg, - openal, - pipewire, - libpulseaudio, - libcaca, - libdrm, - libdisplay-info, - libgbm, - xorg, - nv-codec-headers-11, - libva, - libvdpau, -}: -flutter332.buildFlutterApplication rec { - pname = "polycule"; - version = "0.3.4"; - - src = fetchFromGitLab { - owner = "polycule_client"; - repo = "polycule"; - rev = "v${version}"; - hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; - }; - - pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; - - gitHashes = { - matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; - media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; - media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; - }; - - nativeBuildInputs = [ - pkg-config - wrapGAppsHook3 - ]; - - buildInputs = [ - gtk3 - glib - glib-networking - webkitgtk_4_1 - libsecret - libnotify - dbus - sqlcipher - openssl - mpv - alsa-lib - libass - ffmpeg-full - libplacebo - libunwind - shaderc - vulkan-headers - vulkan-loader - lcms2 - libdovi - libdvdnav - libdvdread - mujs - libbluray - lua - rubberband - libuchardet - zimg - openal - pipewire - libpulseaudio - libcaca - libdrm - libdisplay-info - libgbm - xorg.libXScrnSaver - xorg.libXpresent - nv-codec-headers-11 - libva - libvdpau - ]; - - flutterBuildFlags = [ - "--release" - "--target" - "lib/main.dart" - "--dart-define=POLYCULE_VERSION=v${version}" - "--dart-define=POLYCULE_IS_STABLE=true" - "--no-tree-shake-icons" - ]; - - postInstall = '' - # Install desktop files and icons from the source - install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop - install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png - - # Update desktop file to use correct executable name - substituteInPlace $out/share/applications/polycule.desktop \ - --replace 'Exec=business.braid.polycule' 'Exec=polycule' - - # Create a symlink with the expected name - ln -sf $out/bin/polycule $out/bin/business.braid.polycule - ''; - - meta = with lib; { - description = "A geeky and efficient [matrix] client for power users"; - longDescription = '' - Polycule is a modern Matrix client built with Flutter, designed for power users - who want a fast, efficient, and feature-rich Matrix experience. - ''; - homepage = "https://polycule.im/"; - license = licenses.eupl12; - maintainers = []; - platforms = ["x86_64-linux" "aarch64-linux"]; - sourceProvenance = with sourceTypes; [fromSource]; - mainProgram = "polycule"; - }; -} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json deleted file mode 100644 index e119fa2..0000000 --- a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json +++ /dev/null @@ -1,2459 +0,0 @@ -{ - "packages": { - "_fe_analyzer_shared": { - "dependency": "transitive", - "description": { - "name": "_fe_analyzer_shared", - "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "85.0.0" - }, - "analyzer": { - "dependency": "transitive", - "description": { - "name": "analyzer", - "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.7.1" - }, - "animations": { - "dependency": "direct main", - "description": { - "name": "animations", - "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.11" - }, - "app_links": { - "dependency": "direct main", - "description": { - "name": "app_links", - "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.4.0" - }, - "app_links_linux": { - "dependency": "transitive", - "description": { - "name": "app_links_linux", - "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "app_links_platform_interface": { - "dependency": "transitive", - "description": { - "name": "app_links_platform_interface", - "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "app_links_web": { - "dependency": "transitive", - "description": { - "name": "app_links_web", - "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.4" - }, - "archive": { - "dependency": "transitive", - "description": { - "name": "archive", - "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.7" - }, - "args": { - "dependency": "transitive", - "description": { - "name": "args", - "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.7.0" - }, - "async": { - "dependency": "direct main", - "description": { - "name": "async", - "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.13.0" - }, - "audio_session": { - "dependency": "transitive", - "description": { - "name": "audio_session", - "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "barcode": { - "dependency": "transitive", - "description": { - "name": "barcode", - "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.9" - }, - "barcode_widget": { - "dependency": "direct main", - "description": { - "name": "barcode_widget", - "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "base58check": { - "dependency": "transitive", - "description": { - "name": "base58check", - "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "blurhash_dart": { - "dependency": "direct main", - "description": { - "name": "blurhash_dart", - "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "boolean_selector": { - "dependency": "transitive", - "description": { - "name": "boolean_selector", - "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "build_cli_annotations": { - "dependency": "transitive", - "description": { - "name": "build_cli_annotations", - "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "camera": { - "dependency": "transitive", - "description": { - "name": "camera", - "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.2" - }, - "camera_android_camerax": { - "dependency": "transitive", - "description": { - "name": "camera_android_camerax", - "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.19+1" - }, - "camera_avfoundation": { - "dependency": "transitive", - "description": { - "name": "camera_avfoundation", - "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.21+1" - }, - "camera_platform_interface": { - "dependency": "transitive", - "description": { - "name": "camera_platform_interface", - "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "camera_web": { - "dependency": "transitive", - "description": { - "name": "camera_web", - "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.5" - }, - "canonical_json": { - "dependency": "transitive", - "description": { - "name": "canonical_json", - "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "characters": { - "dependency": "transitive", - "description": { - "name": "characters", - "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "checked_yaml": { - "dependency": "transitive", - "description": { - "name": "checked_yaml", - "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "cli_config": { - "dependency": "transitive", - "description": { - "name": "cli_config", - "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "cli_util": { - "dependency": "transitive", - "description": { - "name": "cli_util", - "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.2" - }, - "clock": { - "dependency": "transitive", - "description": { - "name": "clock", - "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "collection": { - "dependency": "direct main", - "description": { - "name": "collection", - "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.19.1" - }, - "convert": { - "dependency": "transitive", - "description": { - "name": "convert", - "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.2" - }, - "coverage": { - "dependency": "transitive", - "description": { - "name": "coverage", - "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.15.0" - }, - "cross_file": { - "dependency": "direct main", - "description": { - "name": "cross_file", - "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.4+2" - }, - "crypto": { - "dependency": "transitive", - "description": { - "name": "crypto", - "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "csslib": { - "dependency": "direct main", - "description": { - "name": "csslib", - "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "cupertino_http": { - "dependency": "direct main", - "description": { - "name": "cupertino_http", - "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "cupertino_icons": { - "dependency": "direct main", - "description": { - "name": "cupertino_icons", - "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.8" - }, - "dart_animated_emoji": { - "dependency": "direct main", - "description": { - "name": "dart_animated_emoji", - "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.2" - }, - "dbus": { - "dependency": "direct main", - "description": { - "name": "dbus", - "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.11" - }, - "diacritic": { - "dependency": "direct main", - "description": { - "name": "diacritic", - "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.6" - }, - "diffutil_dart": { - "dependency": "direct main", - "description": { - "name": "diffutil_dart", - "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.1" - }, - "dynamic_color": { - "dependency": "direct main", - "description": { - "name": "dynamic_color", - "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "emoji_extension": { - "dependency": "direct main", - "description": { - "name": "emoji_extension", - "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.0" - }, - "enhanced_enum": { - "dependency": "transitive", - "description": { - "name": "enhanced_enum", - "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.4" - }, - "equatable": { - "dependency": "transitive", - "description": { - "name": "equatable", - "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.7" - }, - "fake_async": { - "dependency": "transitive", - "description": { - "name": "fake_async", - "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.3" - }, - "fetch_api": { - "dependency": "transitive", - "description": { - "name": "fetch_api", - "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "fetch_client": { - "dependency": "direct main", - "description": { - "name": "fetch_client", - "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "ffi": { - "dependency": "transitive", - "description": { - "name": "ffi", - "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "file": { - "dependency": "transitive", - "description": { - "name": "file", - "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.1" - }, - "file_selector": { - "dependency": "direct main", - "description": { - "name": "file_selector", - "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "file_selector_android": { - "dependency": "transitive", - "description": { - "name": "file_selector_android", - "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1+15" - }, - "file_selector_ios": { - "dependency": "transitive", - "description": { - "name": "file_selector_ios", - "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.3+1" - }, - "file_selector_linux": { - "dependency": "transitive", - "description": { - "name": "file_selector_linux", - "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+2" - }, - "file_selector_macos": { - "dependency": "transitive", - "description": { - "name": "file_selector_macos", - "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+3" - }, - "file_selector_platform_interface": { - "dependency": "transitive", - "description": { - "name": "file_selector_platform_interface", - "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.6.2" - }, - "file_selector_web": { - "dependency": "transitive", - "description": { - "name": "file_selector_web", - "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+2" - }, - "file_selector_windows": { - "dependency": "transitive", - "description": { - "name": "file_selector_windows", - "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+4" - }, - "fixnum": { - "dependency": "transitive", - "description": { - "name": "fixnum", - "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "flutter": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_adaptive_scaffold": { - "dependency": "direct main", - "description": { - "name": "flutter_adaptive_scaffold", - "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.3+1" - }, - "flutter_confetti": { - "dependency": "direct main", - "description": { - "name": "flutter_confetti", - "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1" - }, - "flutter_driver": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_highlighting": { - "dependency": "direct main", - "description": { - "name": "flutter_highlighting", - "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "flutter_html": { - "dependency": "direct main", - "description": { - "name": "flutter_html", - "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_html_svg", - "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_table": { - "dependency": "direct main", - "description": { - "name": "flutter_html_table", - "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_keyboard_visibility": { - "dependency": "direct main", - "description": { - "name": "flutter_keyboard_visibility", - "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_keyboard_visibility_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_linux", - "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_macos": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_macos", - "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_platform_interface", - "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_web": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_web", - "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_windows", - "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_launcher_icons": { - "dependency": "direct dev", - "description": { - "name": "flutter_launcher_icons", - "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.14.4" - }, - "flutter_layout_grid": { - "dependency": "transitive", - "description": { - "name": "flutter_layout_grid", - "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.8" - }, - "flutter_lints": { - "dependency": "direct dev", - "description": { - "name": "flutter_lints", - "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications": { - "dependency": "direct main", - "description": { - "name": "flutter_local_notifications", - "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "19.4.0" - }, - "flutter_local_notifications_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_linux", - "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_platform_interface", - "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.1.0" - }, - "flutter_local_notifications_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_windows", - "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "flutter_localizations": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_openssl_crypto": { - "dependency": "direct main", - "description": { - "name": "flutter_openssl_crypto", - "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.0" - }, - "flutter_plugin_android_lifecycle": { - "dependency": "transitive", - "description": { - "name": "flutter_plugin_android_lifecycle", - "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.29" - }, - "flutter_rust_bridge": { - "dependency": "transitive", - "description": { - "name": "flutter_rust_bridge", - "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "flutter_secure_storage": { - "dependency": "direct main", - "description": { - "name": "flutter_secure_storage", - "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.0-beta.4" - }, - "flutter_secure_storage_darwin": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_darwin", - "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "flutter_secure_storage_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_linux", - "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_platform_interface", - "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_web": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_web", - "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_secure_storage_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_windows", - "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "flutter_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_svg", - "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "flutter_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_typeahead": { - "dependency": "direct main", - "description": { - "name": "flutter_typeahead", - "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.2.0" - }, - "flutter_vodozemac": { - "dependency": "direct main", - "description": { - "name": "flutter_vodozemac", - "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "flutter_web_plugins": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_zxing": { - "dependency": "direct main", - "description": { - "name": "flutter_zxing", - "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "frontend_server_client": { - "dependency": "transitive", - "description": { - "name": "frontend_server_client", - "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "fuchsia_remote_debug_protocol": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "glob": { - "dependency": "transitive", - "description": { - "name": "glob", - "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.3" - }, - "go_router": { - "dependency": "direct main", - "description": { - "name": "go_router", - "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "16.1.0" - }, - "gtk": { - "dependency": "transitive", - "description": { - "name": "gtk", - "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "highlighting": { - "dependency": "direct main", - "description": { - "name": "highlighting", - "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "html": { - "dependency": "direct main", - "description": { - "name": "html", - "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.15.6" - }, - "html_unescape": { - "dependency": "transitive", - "description": { - "name": "html_unescape", - "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "http": { - "dependency": "direct main", - "description": { - "name": "http", - "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.0" - }, - "http_parser": { - "dependency": "transitive", - "description": { - "name": "http_parser", - "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.1.2" - }, - "http_profile": { - "dependency": "transitive", - "description": { - "name": "http_profile", - "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "image": { - "dependency": "direct main", - "description": { - "name": "image", - "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.4" - }, - "image_picker": { - "dependency": "direct main", - "description": { - "name": "image_picker", - "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "image_picker_android": { - "dependency": "transitive", - "description": { - "name": "image_picker_android", - "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+25" - }, - "image_picker_for_web": { - "dependency": "transitive", - "description": { - "name": "image_picker_for_web", - "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "image_picker_ios": { - "dependency": "transitive", - "description": { - "name": "image_picker_ios", - "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+2" - }, - "image_picker_linux": { - "dependency": "transitive", - "description": { - "name": "image_picker_linux", - "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_macos": { - "dependency": "transitive", - "description": { - "name": "image_picker_macos", - "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_platform_interface": { - "dependency": "transitive", - "description": { - "name": "image_picker_platform_interface", - "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.1" - }, - "image_picker_windows": { - "dependency": "transitive", - "description": { - "name": "image_picker_windows", - "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+1" - }, - "import_sorter": { - "dependency": "direct main", - "description": { - "name": "import_sorter", - "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "integration_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "intl": { - "dependency": "direct main", - "description": { - "name": "intl", - "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.20.2" - }, - "io": { - "dependency": "transitive", - "description": { - "name": "io", - "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.5" - }, - "js": { - "dependency": "transitive", - "description": { - "name": "js", - "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.7" - }, - "json_annotation": { - "dependency": "transitive", - "description": { - "name": "json_annotation", - "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.9.0" - }, - "just_audio": { - "dependency": "direct main", - "description": { - "name": "just_audio", - "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.4" - }, - "just_audio_media_kit": { - "dependency": "direct main", - "description": { - "name": "just_audio_media_kit", - "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "just_audio_platform_interface": { - "dependency": "transitive", - "description": { - "name": "just_audio_platform_interface", - "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "just_audio_web": { - "dependency": "transitive", - "description": { - "name": "just_audio_web", - "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.16" - }, - "just_waveform": { - "dependency": "direct main", - "description": { - "name": "just_waveform", - "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.0.7" - }, - "leak_tracker": { - "dependency": "transitive", - "description": { - "name": "leak_tracker", - "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.9" - }, - "leak_tracker_flutter_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_flutter_testing", - "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.9" - }, - "leak_tracker_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_testing", - "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "linkify": { - "dependency": "direct main", - "description": { - "name": "linkify", - "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.0" - }, - "lints": { - "dependency": "transitive", - "description": { - "name": "lints", - "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "list_counter": { - "dependency": "transitive", - "description": { - "name": "list_counter", - "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "locale_names": { - "dependency": "direct main", - "description": { - "name": "locale_names", - "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "logging": { - "dependency": "transitive", - "description": { - "name": "logging", - "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "lottie": { - "dependency": "direct main", - "description": { - "name": "lottie", - "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.3.1" - }, - "markdown": { - "dependency": "transitive", - "description": { - "name": "markdown", - "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.3.0" - }, - "matcher": { - "dependency": "transitive", - "description": { - "name": "matcher", - "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.12.17" - }, - "material_color_utilities": { - "dependency": "transitive", - "description": { - "name": "material_color_utilities", - "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.1" - }, - "matrix": { - "dependency": "direct main", - "description": { - "path": ".", - "ref": "braid/msc3861-native-oidc", - "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", - "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" - }, - "source": "git", - "version": "1.1.0" - }, - "matrix_homeserver_recommendations": { - "dependency": "direct main", - "description": { - "name": "matrix_homeserver_recommendations", - "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.1" - }, - "media_kit": { - "dependency": "direct main", - "description": { - "path": "media_kit", - "ref": "braid/stub-template", - "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", - "url": "https://github.com/TheOneWithTheBraid/media-kit.git" - }, - "source": "git", - "version": "1.2.0" - }, - "media_kit_libs_android_video": { - "dependency": "direct overridden", - "description": { - "path": "libs/android/media_kit_libs_android_video", - "ref": "main", - "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", - "url": "https://github.com/Predidit/media-kit.git" - }, - "source": "git", - "version": "1.3.6" - }, - "media_kit_libs_ios_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_ios_video", - "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_linux": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_linux", - "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "media_kit_libs_macos_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_macos_video", - "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_libs_video", - "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.6" - }, - "media_kit_libs_windows_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_windows_video", - "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.11" - }, - "media_kit_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_video", - "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "media_store_plus": { - "dependency": "direct main", - "description": { - "name": "media_store_plus", - "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.3" - }, - "meta": { - "dependency": "transitive", - "description": { - "name": "meta", - "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.16.0" - }, - "mime": { - "dependency": "direct main", - "description": { - "name": "mime", - "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "objective_c": { - "dependency": "transitive", - "description": { - "name": "objective_c", - "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.1.0" - }, - "package_config": { - "dependency": "transitive", - "description": { - "name": "package_config", - "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "package_info_plus": { - "dependency": "transitive", - "description": { - "name": "package_info_plus", - "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "8.3.1" - }, - "package_info_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "package_info_plus_platform_interface", - "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "path": { - "dependency": "transitive", - "description": { - "name": "path", - "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.9.1" - }, - "path_parsing": { - "dependency": "transitive", - "description": { - "name": "path_parsing", - "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "path_provider": { - "dependency": "direct main", - "description": { - "name": "path_provider", - "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.5" - }, - "path_provider_android": { - "dependency": "transitive", - "description": { - "name": "path_provider_android", - "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.17" - }, - "path_provider_foundation": { - "dependency": "transitive", - "description": { - "name": "path_provider_foundation", - "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "path_provider_linux": { - "dependency": "transitive", - "description": { - "name": "path_provider_linux", - "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "path_provider_platform_interface": { - "dependency": "transitive", - "description": { - "name": "path_provider_platform_interface", - "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "path_provider_windows": { - "dependency": "transitive", - "description": { - "name": "path_provider_windows", - "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "petitparser": { - "dependency": "transitive", - "description": { - "name": "petitparser", - "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "platform": { - "dependency": "transitive", - "description": { - "name": "platform", - "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.6" - }, - "plugin_platform_interface": { - "dependency": "transitive", - "description": { - "name": "plugin_platform_interface", - "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.8" - }, - "pointer_interceptor": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor", - "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1+2" - }, - "pointer_interceptor_ios": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_ios", - "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "pointer_interceptor_platform_interface": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_platform_interface", - "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.0+1" - }, - "pointer_interceptor_web": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_web", - "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.3" - }, - "pool": { - "dependency": "transitive", - "description": { - "name": "pool", - "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.1" - }, - "posix": { - "dependency": "transitive", - "description": { - "name": "posix", - "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.3" - }, - "process": { - "dependency": "transitive", - "description": { - "name": "process", - "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.3" - }, - "pub_semver": { - "dependency": "transitive", - "description": { - "name": "pub_semver", - "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "qr": { - "dependency": "transitive", - "description": { - "name": "qr", - "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.2" - }, - "quiver": { - "dependency": "transitive", - "description": { - "name": "quiver", - "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "random_string": { - "dependency": "transitive", - "description": { - "name": "random_string", - "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "receive_sharing_intent": { - "dependency": "direct main", - "description": { - "name": "receive_sharing_intent", - "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "rxdart": { - "dependency": "transitive", - "description": { - "name": "rxdart", - "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.28.0" - }, - "safe_local_storage": { - "dependency": "transitive", - "description": { - "name": "safe_local_storage", - "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "screen_brightness_android": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_android", - "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "screen_brightness_platform_interface": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_platform_interface", - "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "sdp_transform": { - "dependency": "transitive", - "description": { - "name": "sdp_transform", - "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.2" - }, - "sentry": { - "dependency": "direct main", - "description": { - "name": "sentry", - "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.6.0" - }, - "share_plus": { - "dependency": "direct main", - "description": { - "name": "share_plus", - "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "11.1.0" - }, - "share_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "share_plus_platform_interface", - "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "sky_engine": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "slugify": { - "dependency": "transitive", - "description": { - "name": "slugify", - "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "source_map_stack_trace": { - "dependency": "transitive", - "description": { - "name": "source_map_stack_trace", - "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "source_maps": { - "dependency": "transitive", - "description": { - "name": "source_maps", - "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.13" - }, - "source_span": { - "dependency": "transitive", - "description": { - "name": "source_span", - "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.10.1" - }, - "sprintf": { - "dependency": "transitive", - "description": { - "name": "sprintf", - "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.0" - }, - "sqflite": { - "dependency": "direct main", - "description": { - "name": "sqflite", - "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_android": { - "dependency": "transitive", - "description": { - "name": "sqflite_android", - "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "sqflite_common": { - "dependency": "transitive", - "description": { - "name": "sqflite_common", - "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.5.6" - }, - "sqflite_common_ffi": { - "dependency": "direct main", - "description": { - "name": "sqflite_common_ffi", - "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.6" - }, - "sqflite_darwin": { - "dependency": "transitive", - "description": { - "name": "sqflite_darwin", - "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_platform_interface": { - "dependency": "transitive", - "description": { - "name": "sqflite_platform_interface", - "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.0" - }, - "sqlcipher_flutter_libs": { - "dependency": "direct main", - "description": { - "name": "sqlcipher_flutter_libs", - "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "sqlite3": { - "dependency": "transitive", - "description": { - "name": "sqlite3", - "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.9.0" - }, - "stack_trace": { - "dependency": "transitive", - "description": { - "name": "stack_trace", - "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.12.1" - }, - "stream_channel": { - "dependency": "transitive", - "description": { - "name": "stream_channel", - "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "stream_transform": { - "dependency": "transitive", - "description": { - "name": "stream_transform", - "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.1" - }, - "string_scanner": { - "dependency": "transitive", - "description": { - "name": "string_scanner", - "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.1" - }, - "sync_http": { - "dependency": "transitive", - "description": { - "name": "sync_http", - "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.1" - }, - "synchronized": { - "dependency": "transitive", - "description": { - "name": "synchronized", - "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "term_glyph": { - "dependency": "transitive", - "description": { - "name": "term_glyph", - "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2" - }, - "test_api": { - "dependency": "transitive", - "description": { - "name": "test_api", - "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.4" - }, - "test_core": { - "dependency": "transitive", - "description": { - "name": "test_core", - "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "timezone": { - "dependency": "transitive", - "description": { - "name": "timezone", - "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "tint": { - "dependency": "transitive", - "description": { - "name": "tint", - "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "tuple": { - "dependency": "transitive", - "description": { - "name": "tuple", - "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "typed_data": { - "dependency": "transitive", - "description": { - "name": "typed_data", - "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "unifiedpush": { - "dependency": "direct main", - "description": { - "name": "unifiedpush", - "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.2" - }, - "unifiedpush_android": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_android", - "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.1" - }, - "unifiedpush_platform_interface": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_platform_interface", - "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "universal_platform": { - "dependency": "transitive", - "description": { - "name": "universal_platform", - "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "unorm_dart": { - "dependency": "direct main", - "description": { - "name": "unorm_dart", - "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "uri_parser": { - "dependency": "transitive", - "description": { - "name": "uri_parser", - "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "url_launcher": { - "dependency": "direct main", - "description": { - "name": "url_launcher", - "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.2" - }, - "url_launcher_android": { - "dependency": "transitive", - "description": { - "name": "url_launcher_android", - "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.17" - }, - "url_launcher_ios": { - "dependency": "transitive", - "description": { - "name": "url_launcher_ios", - "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.3" - }, - "url_launcher_linux": { - "dependency": "transitive", - "description": { - "name": "url_launcher_linux", - "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "url_launcher_macos": { - "dependency": "transitive", - "description": { - "name": "url_launcher_macos", - "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "url_launcher_platform_interface": { - "dependency": "transitive", - "description": { - "name": "url_launcher_platform_interface", - "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.2" - }, - "url_launcher_web": { - "dependency": "transitive", - "description": { - "name": "url_launcher_web", - "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "url_launcher_windows": { - "dependency": "transitive", - "description": { - "name": "url_launcher_windows", - "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.4" - }, - "uuid": { - "dependency": "transitive", - "description": { - "name": "uuid", - "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.1" - }, - "vector_graphics": { - "dependency": "transitive", - "description": { - "name": "vector_graphics", - "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.19" - }, - "vector_graphics_codec": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_codec", - "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.13" - }, - "vector_graphics_compiler": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_compiler", - "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.17" - }, - "vector_math": { - "dependency": "transitive", - "description": { - "name": "vector_math", - "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "visibility_detector": { - "dependency": "direct main", - "description": { - "name": "visibility_detector", - "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.0+2" - }, - "vm_service": { - "dependency": "transitive", - "description": { - "name": "vm_service", - "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "15.0.0" - }, - "vodozemac": { - "dependency": "direct main", - "description": { - "name": "vodozemac", - "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "volume_controller": { - "dependency": "transitive", - "description": { - "name": "volume_controller", - "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "wakelock_plus": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus", - "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.2" - }, - "wakelock_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus_platform_interface", - "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.3" - }, - "watcher": { - "dependency": "transitive", - "description": { - "name": "watcher", - "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "web": { - "dependency": "direct main", - "description": { - "name": "web", - "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "web_multiple_tab_detector": { - "dependency": "direct main", - "description": { - "name": "web_multiple_tab_detector", - "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.0" - }, - "web_socket": { - "dependency": "transitive", - "description": { - "name": "web_socket", - "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.1" - }, - "webdriver": { - "dependency": "transitive", - "description": { - "name": "webdriver", - "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.0" - }, - "webrtc_interface": { - "dependency": "transitive", - "description": { - "name": "webrtc_interface", - "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2+hotfix.2" - }, - "win32": { - "dependency": "transitive", - "description": { - "name": "win32", - "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.14.0" - }, - "xdg_directories": { - "dependency": "transitive", - "description": { - "name": "xdg_directories", - "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "xml": { - "dependency": "transitive", - "description": { - "name": "xml", - "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.5.0" - }, - "yaml": { - "dependency": "transitive", - "description": { - "name": "yaml", - "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.3" - } - }, - "sdks": { - "dart": ">=3.8.0 <4.0.0", - "flutter": ">=3.29.0" - } -} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 3fff489..c164c44 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -43,7 +43,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix - ./polycule.nix ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix deleted file mode 100644 index d0aea2a..0000000 --- a/modules/home-manager-modules/programs/polycule.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.polycule = { - enable = lib.mkEnableOption "enable polycule matrix client"; - package = lib.mkPackageOption pkgs "polycule" {}; - }; - - config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ - { - home.packages = [ - config.programs.polycule.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - # TODO: check that these are actually the correct folders - # directories = [ - # "${config.xdg.configHome}/polycule" - # "${config.xdg.dataHome}/polycule" - # "${config.xdg.cacheHome}/polycule" - # ]; - }; - } - ) - ]); -} From 1ed8a2b8abec16fc41f5c72e28027fe4a0384759 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Nov 2025 14:21:09 -0600 Subject: [PATCH 278/374] feat: added cyberia matrix to leyla's bookmarks --- .../home-manager/leyla/packages/firefox/bookmarks.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix index 8435d45..4210d1e 100644 --- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -135,6 +135,12 @@ keyword = ""; tags = [""]; } + { + name = "Cyberia Matrix"; + url = "https://chat.cyberia.club"; + keyword = ""; + tags = [""]; + } # Template # { # name = ""; From e0ad443188af8b8c4450a74b344ece65663afb9b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 11:44:45 -0600 Subject: [PATCH 279/374] refactor: fixed deprecation warning for pkgs.system --- configurations/home-manager/leyla/packages/firefox/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index 1678353..6b58768 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,7 +49,7 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers From e3a8ddbf32f761a4b93563d3b0c642975394a18d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 11:53:12 -0600 Subject: [PATCH 280/374] feat: fixed install of firefox language pack --- .../leyla/packages/firefox/firefox.nix | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index 6b58768..f1097a1 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,7 +49,9 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; + in [ bitwarden terms-of-service-didnt-read multi-account-containers @@ -73,38 +75,36 @@ tab-session-manager - # (\ - # buildFirefoxXpiAddon rec {\ - # pname = "italiano-it-language-pack";\ - # version = "132.0.20241110.231641";\ - # addonId = "langpack-it@firefox.mozilla.org";\ - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\ - # sha256 = "";\ - # meta = with lib;\ - # {\ - # description = "Firefox Language Pack for Italiano (it) – Italian";\ - # license = licenses.mpl20;\ - # mozPermissions = [];\ - # platforms = platforms.all;\ - # };\ - # }\ - # )\ - # (\ - # buildFirefoxXpiAddon rec {\ - # pname = "dizionario-italiano";\ - # version = "5.1";\ - # addonId = "it-IT@dictionaries.addons.mozilla.org";\ - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\ - # sha256 = "";\ - # meta = with lib;\ - # {\ - # description = "Add support for Italian to spellchecking";\ - # license = licenses.gpl3;\ - # mozPermissions = [];\ - # platforms = platforms.all;\ - # };\ - # }\ - # )\ + ( + buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "132.0.20241110.231641"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; + } + ) + ( + buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; + } + ) ]; settings = { From c33121e3480823f63bc6fae461de5cbcde227739 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 12:06:11 -0600 Subject: [PATCH 281/374] refactor: moved firefox configs to the common modules packages folder --- .../leyla/packages/firefox/firefox.nix | 36 ++----------------- modules/common-modules/pkgs/default.nix | 11 +++++- .../pkgs/firefox-extensions/default.nix | 14 ++++++++ .../dizionario-italiano.nix | 18 ++++++++++ .../italiano-it-language-pack.nix | 18 ++++++++++ 5 files changed, 63 insertions(+), 34 deletions(-) create mode 100644 modules/common-modules/pkgs/firefox-extensions/default.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index f1097a1..fecb038 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,9 +49,7 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; let - inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; - in [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers @@ -75,36 +73,8 @@ tab-session-manager - ( - buildFirefoxXpiAddon rec { - pname = "italiano-it-language-pack"; - version = "132.0.20241110.231641"; - addonId = "langpack-it@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; - meta = with lib; { - description = "Firefox Language Pack for Italiano (it) – Italian"; - license = licenses.mpl20; - mozPermissions = []; - platforms = platforms.all; - }; - } - ) - ( - buildFirefoxXpiAddon rec { - pname = "dizionario-italiano"; - version = "5.1"; - addonId = "it-IT@dictionaries.addons.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; - meta = with lib; { - description = "Add support for Italian to spellchecking"; - license = licenses.gpl3; - mozPermissions = []; - platforms = platforms.all; - }; - } - ) + pkgs.firefox-extensions.italiano-it-language-pack + pkgs.firefox-extensions.dizionario-italiano ]; settings = { diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index c97f97c..612dd08 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ./python ]; @@ -25,6 +29,11 @@ (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + firefox-extensions = pkgs.callPackage ./firefox-extensions { + inherit inputs; + }; + }) (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix new file mode 100644 index 0000000..5e3e70c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -0,0 +1,14 @@ +{ + pkgs, + inputs, + ... +}: let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; +in { + italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; + dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { + inherit buildFirefoxXpiAddon; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix new file mode 100644 index 0000000..6fb793c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix new file mode 100644 index 0000000..765368c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "132.0.20241110.231641"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} From f031a20d11d0f3a5281fbae0f567376153175a55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 12:57:05 -0600 Subject: [PATCH 282/374] build: updated firefox language extension versions --- .../leyla/packages/firefox/firefox.nix | 2 +- .../pkgs/firefox-extensions/default.nix | 3 +++ .../deutsch-de-language-pack.nix | 18 ++++++++++++++++++ .../firefox-extensions/dizionario-italiano.nix | 4 ++-- .../italiano-it-language-pack.nix | 6 +++--- 5 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index fecb038..ef6d202 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -68,7 +68,7 @@ snowflake - deutsch-de-language-pack + pkgs.firefox-extensions.deutsch-de-language-pack dictionary-german tab-session-manager diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix index 5e3e70c..922dfc7 100644 --- a/modules/common-modules/pkgs/firefox-extensions/default.nix +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -11,4 +11,7 @@ in { dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { inherit buildFirefoxXpiAddon; }; + deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; } diff --git a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix new file mode 100644 index 0000000..b769bfd --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "deutsch-de-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-de@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi"; + sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299"; + meta = with lib; { + description = "Firefox Language Pack for Deutsch (de) – German"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix index 6fb793c..4bfca14 100644 --- a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -7,8 +7,8 @@ buildFirefoxXpiAddon rec { pname = "dizionario-italiano"; version = "5.1"; addonId = "it-IT@dictionaries.addons.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi"; + sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53"; meta = with lib; { description = "Add support for Italian to spellchecking"; license = licenses.gpl3; diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix index 765368c..35f4243 100644 --- a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -5,10 +5,10 @@ }: buildFirefoxXpiAddon rec { pname = "italiano-it-language-pack"; - version = "132.0.20241110.231641"; + version = "145.0.20251106.194447"; addonId = "langpack-it@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi"; + sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038"; meta = with lib; { description = "Firefox Language Pack for Italiano (it) – Italian"; license = licenses.mpl20; From adc6b90c93dd402ec2fb4c77d94bfa4fc8ab5f33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 16:29:56 -0600 Subject: [PATCH 283/374] feat: made impermanence create datasets for zfs and persistence --- .../nixos-modules/storage/impermanence.nix | 101 ++++++++++++++---- modules/nixos-modules/storage/storage.nix | 73 +++++++++++++ .../submodules/impermanenceDataset.nix | 23 ++-- modules/nixos-modules/storage/zfs.nix | 34 +++--- 4 files changed, 188 insertions(+), 43 deletions(-) create mode 100644 modules/nixos-modules/storage/storage.nix diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index b1fd6b5..c5f53a3 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -1,33 +1,90 @@ -args @ {lib, ...}: let - impermanenceDatasetSubmodules = (import ./submodules/impermanenceDataset.nix) args; +args @ { + lib, + config, + ... +}: let + datasetSubmodules = (import ./submodules/dataset.nix) args; + impermanenceDatasetSubmodule = (import ./submodules/impermanenceDataset.nix) args; + + permissionsToMode = permissions: let + permSetToDigit = permSet: + ( + if permSet.read + then 4 + else 0 + ) + + ( + if permSet.write + then 2 + else 0 + ) + + ( + if permSet.execute + then 1 + else 0 + ); + + ownerDigit = permSetToDigit permissions.owner.permissions; + groupDigit = permSetToDigit permissions.group.permissions; + otherDigit = permSetToDigit permissions.other.permissions; + in + toString ownerDigit + toString groupDigit + toString otherDigit; + + # Get the option names from both submodules to automatically determine which are impermanence-specific + regularDatasetEval = lib.evalModules { + modules = [datasetSubmodules]; + specialArgs = args; + }; + impermanenceDatasetEval = lib.evalModules { + modules = [impermanenceDatasetSubmodule]; + specialArgs = args; + }; + + regularDatasetOptions = builtins.attrNames regularDatasetEval.options; + impermanenceDatasetOptions = builtins.attrNames impermanenceDatasetEval.options; + + # Find options that are only in impermanence datasets (not in regular ZFS datasets) + impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; in { options.storage = { impermanence = { enable = lib.mkEnableOption "should impermanence be enabled for this system"; - # TODO: enable option implementation - - # TODO: assertion that zfs needs to be enabled when impermanence is enabled - - # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # We should also create datasets for systemd modules that have have impermanence enabled for them datasets = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); default = {}; }; - - # TODO: this should just live under home-manager.users..storage.impermanence - home-manager = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - enable = lib.mkEnableOption "should impermanence be enabled for this user"; - # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets - datasets = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - default = {}; - }; - })); - }; }; }; + + config = lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ + { + environment.persistence = + lib.mapAttrs (datasetName: dataset: { + enable = true; + hideMounts = true; + directories = lib.mapAttrsToList (path: dirConfig: { + directory = path; + user = dirConfig.owner.name; + group = dirConfig.group.name; + mode = permissionsToMode dirConfig; + }) (lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories); + files = lib.mapAttrsToList (path: fileConfig: { + file = path; + user = fileConfig.owner.name; + group = fileConfig.group.name; + mode = permissionsToMode fileConfig; + }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); + }) + config.storage.impermanence.datasets; + } + (lib.mkIf config.storage.zfs.enable { + storage.zfs.datasets = + lib.mapAttrs ( + datasetName: dataset: + builtins.removeAttrs dataset impermanenceOnlyOptions + ) + config.storage.impermanence.datasets; + }) + ]); } diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix new file mode 100644 index 0000000..1c1986a --- /dev/null +++ b/modules/nixos-modules/storage/storage.nix @@ -0,0 +1,73 @@ +{ + lib, + config, + util, + ... +}: { + # TODO: create all of the datasets from option and home-manager datasets + # TODO: set up datasets for systemd services that want a dataset created + config = lib.mkMerge [ + ( + lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + storage.zfs.datasets = { + "persist/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + "com.sun:auto-snapshot" = "false"; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mountpoint = "/persist/system/var/log"; + options = { + "com.sun:auto-snapshot" = "false"; + }; + }; + }; + } + (util.mkUnless config.storage.impermanence.enable { + # TODO: configure datasets for normal zfs + # TODO: create datasets for systemd.services..storage.impermanence.datasets + storage.zfs.datasets = { + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + canmount = "on"; + }; + }; + }) + (lib.mkIf config.storage.impermanence.enable { + storage.impermanence.datasets = { + "persist/system/root" = { + type = "zfs_fs"; + }; + }; + storage.zfs.datasets = { + # TODO: is there a way that we can link these two folders in configs via storage.impermanence.datasets + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + + # TODO: home-manager.users..storage.impermanence.enable + # is false then persist the entire directory of the user + # if true persist home-manager.users..storage.impermanence.datasets + # TODO: systemd.services..storage.datasets persists + }) + ]) + ) + # TODO: configure other needed storage modes here + ]; +} diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 193ab80..2169ec1 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,4 +1,10 @@ -{lib, ...}: {...}: let +args @ { + lib, + name, + ... +}: {...}: let + datasetSubmodule = (import ./dataset.nix) args; + pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; @@ -11,14 +17,14 @@ default = true; }; owner = { - user = lib.mkOption { + name = lib.mkOption { type = lib.types.str; default = "nouser"; }; permissions = pathPermissions; }; group = { - group = lib.mkOption { + name = lib.mkOption { type = lib.types.str; default = "nogroup"; }; @@ -31,16 +37,21 @@ }; in { imports = [ - ./dataset.nix + datasetSubmodule ]; + options = { - files = lib.types.mkOption { + files = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; - directories = { + directories = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; }; + + config = { + mountpoint = "/${name}"; + }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 20e41ae..bf0c609 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -9,18 +9,21 @@ args @ { # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - poolVdevs = [ - (builtins.map ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) - config.storage.zfs.pool.vdevs) - ]; + poolVdevs = + builtins.map ( + vdev: + builtins.map ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) + vdev + ) + config.storage.zfs.pool.vdevs; poolCache = builtins.map ( name: let @@ -45,7 +48,7 @@ args @ { then false else device.boot ) - config.storage.zfs.pool.vdevs); + (lib.lists.flatten config.storage.zfs.pool.vdevs)); allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { @@ -113,8 +116,9 @@ in { description = "Size of the boot partition on boot drives"; }; vdevs = lib.mkOption { - type = lib.types.listOf deviceType; + type = lib.types.listOf (lib.types.listOf deviceType); default = []; + description = "List of vdevs, where each vdev is a list of devices"; }; cache = lib.mkOption { type = lib.types.attrsOf deviceType; @@ -359,7 +363,7 @@ in { fi '' ) - config.storage.zfs.pool.vdevs} + (lib.lists.flatten config.storage.zfs.pool.vdevs)} # Check pool mode matches configuration if ! echo "$pool_status" | grep -q "$expected_mode"; then From 0e5ebb37f1ce8f93dd7316156567094f1aba788b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 16:53:05 -0600 Subject: [PATCH 284/374] build: update flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 6a4736b..3c1f2ad 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1762162438, - "narHash": "sha256-GPnRGcVck+TPiQl6Rqj0i57c8hAa34RsQWVqQAW0OVY=", + "lastModified": 1762488230, + "narHash": "sha256-b7FFUa+bQ8m5din6ylspTTeQvhTf7NNDwC3fPOwCkx4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2cf91d46e558b29f9f9bbdd23408f62e8423aa00", + "rev": "05e744e2e2d174b2fd445e51ad38fb8356001a18", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1762183399, - "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", + "lastModified": 1762463325, + "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", + "rev": "0562fef070a1027325dd4ea10813d64d2c967b39", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1762186368, - "narHash": "sha256-dzLBZKccS0jMefj+WAYwsk7gKDluqavC7I4KfFwVh8k=", + "lastModified": 1762501326, + "narHash": "sha256-QbhsksHaIN6qU3oXhwUFbYycKX1GRxObpQSWAM5fhRY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "69921864a70b58787abf5ba189095566c3f0ffd3", + "rev": "e2b82ebd0f990a5d1b68fcc761b3d6383c86ccfd", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1762135163, - "narHash": "sha256-gP8SCvsYSfi4olYZcrZ4P1IGMzYJSFe1FuO8RL3xpEc=", + "lastModified": 1762480525, + "narHash": "sha256-7akzuLV8uKP3ym67TJoSIT5hTeC5FG8H745Y/7/7J+8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5d6525e4d5372973da1777b9ebdb01f033db1395", + "rev": "b8b0b207dc13cb7b004f9d0c1d2b76a85e9494c8", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762179181, - "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", + "lastModified": 1762463231, + "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "256770618502d2eda892af3ae91da5e386ce9586", + "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { From 761246a4a486a9f94a4e8cac64a7022737625ccf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 17:01:21 -0600 Subject: [PATCH 285/374] chore: removed installerConfigurations --- flake.nix | 7 ------- util/default.nix | 10 ---------- 2 files changed, 17 deletions(-) diff --git a/flake.nix b/flake.nix index ddf92ce..ee41728 100644 --- a/flake.nix +++ b/flake.nix @@ -91,16 +91,11 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; syncthingConfiguration = util.syncthingConfiguration; - installerSystems = { - basic = mkNixosInstaller "basic" []; - }; - nixosSystems = { horizon = mkNixosSystem "horizon"; twilight = mkNixosSystem "twilight"; @@ -170,8 +165,6 @@ }; }); - installerConfigurations = installerSystems; - nixosConfigurations = nixosSystems; darwinConfigurations = darwinSystems; diff --git a/util/default.nix b/util/default.nix index fb2f83d..1b89169 100644 --- a/util/default.nix +++ b/util/default.nix @@ -62,16 +62,6 @@ in { (lib.mkUnless condition no) ]; - mkNixosInstaller = host: userKeys: - nixpkgs.lib.nixosSystem { - modules = [ - { - # TODO: authorized keys for all users and hosts - } - ../configurations/nixos/${host} - ]; - }; - mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; From d613dee36414595ce3f49c72a0d546d086a7e027 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 17:11:41 -0600 Subject: [PATCH 286/374] refactor: move syncthing configs out of flake file --- flake.nix | 3 --- modules/nixos-modules/sync.nix | 4 ++-- util/default.nix | 14 +++++++------- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index ee41728..6f85fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -94,7 +94,6 @@ mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; - syncthingConfiguration = util.syncthingConfiguration; nixosSystems = { horizon = mkNixosSystem "horizon"; @@ -170,7 +169,5 @@ darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; - - syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index bf43041..96f54d5 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,7 +1,7 @@ { config, lib, - outputs, + syncthingConfiguration, ... }: let mountDir = "/mnt/sync"; @@ -27,7 +27,7 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - configuration = outputs.syncthingConfiguration; + configuration = syncthingConfiguration; deviceName = config.networking.hostName; }; } diff --git a/util/default.nix b/util/default.nix index 1b89169..97bfa49 100644 --- a/util/default.nix +++ b/util/default.nix @@ -52,6 +52,12 @@ home-manager-config ../modules/system-modules ]; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; in { forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); @@ -64,7 +70,7 @@ in { mkNixosSystem = host: nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs util;}; + specialArgs = {inherit inputs outputs util syncthingConfiguration;}; modules = system-modules ++ [ @@ -109,10 +115,4 @@ in { ../configurations/home-manager/${user} ]; }; - - syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { - modules = [ - (import ../configurations/syncthing) - ]; - }; } From 0de97fa4a2869bbce5954ee6ab21867b232a231a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 18:14:00 -0600 Subject: [PATCH 287/374] feat: added more development notes --- modules/nixos-modules/storage/impermanence.nix | 11 +++++++++++ modules/nixos-modules/storage/storage.nix | 12 +++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index c5f53a3..470ce48 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -59,6 +59,13 @@ in { config = lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ { + assertions = [ + { + assertion = config.storage.zfs.enable; + message = "storage.impermanence can not be used without storage.zfs."; + } + ]; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -77,8 +84,12 @@ in { }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; + # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { + # TODO: activationScripts config for private folders + # TODO: rollback post resume + # TODO: fuse userAllowOther storage.zfs.datasets = lib.mapAttrs ( datasetName: dataset: diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 1c1986a..e1f013d 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -23,7 +23,7 @@ }; "persist/system/var/log" = { type = "zfs_fs"; - mountpoint = "/persist/system/var/log"; + mountpoint = "/var/log"; options = { "com.sun:auto-snapshot" = "false"; }; @@ -31,7 +31,6 @@ }; } (util.mkUnless config.storage.impermanence.enable { - # TODO: configure datasets for normal zfs # TODO: create datasets for systemd.services..storage.impermanence.datasets storage.zfs.datasets = { "persist/system/root" = { @@ -48,7 +47,6 @@ }; }; storage.zfs.datasets = { - # TODO: is there a way that we can link these two folders in configs via storage.impermanence.datasets "local/system/root" = { type = "zfs_fs"; mountpoint = "/"; @@ -58,6 +56,14 @@ postCreateHook = '' zfs snapshot rpool/local/system/root@blank ''; + + directories = { + "/var/lib/nixos".enable = true; + "/var/lib/systemd/coredump".enable = true; + }; + files = { + "/etc/machine-id".enable = true; + }; }; }; From 5dedf4f314911d7c834c531fa98be05f61f1587b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 11:39:17 -0600 Subject: [PATCH 288/374] chore: service to list of services that need to be added --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d6911b..7f49aa8 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Services - [ ] ntfy service for unified push +- [ ] signal socket server - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file From 9df29cc07f5592e3c61e924856ceb872f30db2b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 13:21:01 -0600 Subject: [PATCH 289/374] feat: refined options for datasets --- .../nixos/defiant/configuration.nix | 85 +++--- modules/nixos-modules/storage/default.nix | 1 + modules/nixos-modules/storage/storage.nix | 64 ++-- .../storage/submodules/dataset.nix | 117 +++---- .../submodules/impermanenceDataset.nix | 11 +- modules/nixos-modules/storage/zfs.nix | 288 +++++++++--------- 6 files changed, 295 insertions(+), 271 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e2f9401..11a6f9d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -33,44 +33,6 @@ isPrincipleUser = true; }; }; - impermanence.enable = true; - storage = { - enable = true; - encryption = true; - notifications = { - enable = true; - host = "smtp.protonmail.ch"; - port = 587; - to = "leyla@jan-leila.com"; - user = "noreply@jan-leila.com"; - tokenFile = config.sops.secrets."services/zfs_smtp_token".path; - }; - pool = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; - vdevs = [ - [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" - ] - [ - "ata-ST4000NE001-2MA101_WS2275P3" - "ata-ST4000NE001-2MA101_WS227B9F" - "ata-ST4000NE001-2MA101_WS227CEW" - "ata-ST4000NE001-2MA101_WS227CYN" - "ata-ST4000NE001-2MA101_WS23TBWV" - "ata-ST4000NE001-2MA101_WS23TC5F" - ] - ]; - cache = [ - "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" - ]; - }; - }; network_storage = { enable = true; directories = [ @@ -104,6 +66,53 @@ }; }; + storage = { + zfs = { + enable = true; + notifications = { + enable = true; + host = "smtp.protonmail.ch"; + port = 587; + to = "leyla@jan-leila.com"; + user = "noreply@jan-leila.com"; + tokenFile = config.sops.secrets."services/zfs_smtp_token".path; + }; + pool = { + encryption = { + enable = true; + }; + vdevs = [ + [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NE000-3G6101_ZVTJ7359" + ] + [ + "ata-ST4000NE001-2MA101_WS2275P3" + "ata-ST4000NE001-2MA101_WS227B9F" + "ata-ST4000NE001-2MA101_WS227CEW" + "ata-ST4000NE001-2MA101_WS227CYN" + "ata-ST4000NE001-2MA101_WS23TBWV" + "ata-ST4000NE001-2MA101_WS23TC5F" + ] + ]; + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + cache = { + cache0 = { + device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; + boot = true; + }; + }; + }; + }; + impermanence = { + enable = true; + }; + }; + systemd.network = { enable = true; diff --git a/modules/nixos-modules/storage/default.nix b/modules/nixos-modules/storage/default.nix index 02f7fb9..ebf990a 100644 --- a/modules/nixos-modules/storage/default.nix +++ b/modules/nixos-modules/storage/default.nix @@ -8,5 +8,6 @@ imports = [ ./impermanence.nix ./zfs.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index e1f013d..06e29f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -1,7 +1,6 @@ { lib, config, - util, ... }: { # TODO: create all of the datasets from option and home-manager datasets @@ -13,50 +12,49 @@ storage.zfs.datasets = { "persist/system/nix" = { type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - "com.sun:auto-snapshot" = "false"; + mount = { + enable = true; + mountPoint = "/nix"; }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; }; "persist/system/var/log" = { type = "zfs_fs"; - mountpoint = "/var/log"; - options = { - "com.sun:auto-snapshot" = "false"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + snapshot = { + autoSnapshot = false; + }; + }; + "persist/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; }; }; }; } - (util.mkUnless config.storage.impermanence.enable { + (lib.mkIf (!config.storage.impermanence.enable) { # TODO: create datasets for systemd.services..storage.impermanence.datasets storage.zfs.datasets = { "persist/system/root" = { type = "zfs_fs"; - mountpoint = "/"; - canmount = "on"; + snapshot = { + autoSnapshot = true; + }; }; }; }) (lib.mkIf config.storage.impermanence.enable { storage.impermanence.datasets = { "persist/system/root" = { - type = "zfs_fs"; - }; - }; - storage.zfs.datasets = { - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - directories = { "/var/lib/nixos".enable = true; "/var/lib/systemd/coredump".enable = true; @@ -66,6 +64,18 @@ }; }; }; + storage.zfs.datasets = { + "local/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + snapshot = { + blankSnapshot = true; + }; + }; + }; # TODO: home-manager.users..storage.impermanence.enable # is false then persist the entire directory of the user diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 482671e..a3102fc 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -6,25 +6,6 @@ description = "Type of ZFS dataset (filesystem or volume)"; }; - # ZFS dataset options that match what's currently hardcoded in rootFsOptions - canmount = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "noauto"]); - default = null; - description = "Controls whether the file system can be mounted"; - }; - - mountpoint = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Controls the mount point used for this file system"; - }; - - xattr = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); - default = null; - description = "Extended attribute storage method"; - }; - acltype = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["off" "nfsv4" "posixacl"]); default = null; @@ -37,56 +18,82 @@ description = "Controls when access time is updated"; }; + atime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls whether access time is updated"; + }; + + xattr = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); + default = null; + description = "Extended attribute storage method"; + }; + compression = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["on" "off" "lz4" "gzip" "zstd" "lzjb" "zle"]); default = null; description = "Compression algorithm to use"; }; - encryption = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); - default = null; - description = "Encryption algorithm to use"; - }; - - keyformat = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); - default = null; - description = "Format of the encryption key"; - }; - - keylocation = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Location of the encryption key"; - }; - - autoSnapshot = lib.mkOption { - type = lib.types.nullOr lib.types.bool; - default = null; - description = "Enable automatic snapshots for this dataset"; - }; - - # Additional common ZFS options - recordsize = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Suggested block size for files in the file system"; - }; - sync = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["standard" "always" "disabled"]); default = null; description = "Synchronous write behavior"; }; - atime = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off"]); - default = null; - description = "Controls whether access time is updated"; + mount = { + enable = lib.mkOption { + type = lib.types.nullOr (lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"])); + default = null; + }; + mountPoint = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Controls the mount point used for this file system"; + }; + }; + + encryption = { + enable = lib.mkEnableOption "should encryption be enabled"; + type = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); + default = null; + description = "What encryption type to use"; + }; + keyformat = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); + default = null; + description = "Format of the encryption key"; + }; + keylocation = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Location of the encryption key"; + }; + }; + + snapshot = { + # This option should set this option flag + # "com.sun:auto-snapshot" = "false"; + autoSnapshot = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = "Enable automatic snapshots for this dataset"; + }; + # TODO: this is what blank snapshot should set + # postCreateHook = '' + # zfs snapshot rpool/local/system/root@blank + # ''; + blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; + }; + + recordSize = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Suggested block size for files in the file system"; }; - # Custom options for disko integration postCreateHook = lib.mkOption { type = lib.types.str; default = ""; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 2169ec1..5f47c18 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,10 +1,5 @@ -args @ { - lib, - name, - ... -}: {...}: let +args @ {lib, ...}: {name, ...}: let datasetSubmodule = (import ./dataset.nix) args; - pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; @@ -52,6 +47,8 @@ in { }; config = { - mountpoint = "/${name}"; + mount = { + mountPoint = lib.mkDefault "/${name}"; + }; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index bf0c609..fb69f2e 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -171,153 +171,153 @@ in { }; # Disko configuration based on pool settings - disko.devices = { - disk = ( - builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value bootDrives) { - size = config.storage.zfs.pool.bootPartitionSize; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - allDrives - ) - ); - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = ( - builtins.map (disks: { - mode = config.storage.zfs.pool.mode; - members = - builtins.map (disk: disk.name) disks; - }) - poolVdevs - ); - cache = builtins.map (disk: disk.name) poolCache; - }; - }; + # disko.devices = { + # disk = ( + # builtins.listToAttrs ( + # builtins.map + # (drive: + # lib.attrsets.nameValuePair (drive.name) { + # type = "disk"; + # device = "/dev/disk/by-id/${drive.value}"; + # content = { + # type = "gpt"; + # partitions = { + # ESP = lib.mkIf (builtins.elem drive.value bootDrives) { + # size = config.storage.zfs.pool.bootPartitionSize; + # type = "EF00"; + # content = { + # type = "filesystem"; + # format = "vfat"; + # mountpoint = "/boot"; + # mountOptions = ["umask=0077"]; + # }; + # }; + # zfs = { + # size = "100%"; + # content = { + # type = "zfs"; + # pool = "rpool"; + # }; + # }; + # }; + # }; + # }) + # allDrives + # ) + # ); + # zpool = { + # rpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = ( + # builtins.map (disks: { + # mode = config.storage.zfs.pool.mode; + # members = + # builtins.map (disk: disk.name) disks; + # }) + # poolVdevs + # ); + # cache = builtins.map (disk: disk.name) poolCache; + # }; + # }; - options = { - ashift = "12"; - autotrim = "on"; - }; + # options = { + # ashift = "12"; + # autotrim = "on"; + # }; - rootFsOptions = let - rootDataset = config.storage.zfs.rootDataset; - # Start with defaults that match the original hardcoded values - defaults = { - canmount = "off"; - mountpoint = "none"; - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - compression = "lz4"; - "com.sun:auto-snapshot" = "false"; - }; - # Override defaults with non-null values from rootDataset - userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - canmount = rootDataset.canmount; - mountpoint = rootDataset.mountpoint; - xattr = rootDataset.xattr; - acltype = rootDataset.acltype; - relatime = rootDataset.relatime; - compression = rootDataset.compression; - encryption = rootDataset.encryption; - keyformat = rootDataset.keyformat; - keylocation = rootDataset.keylocation; - recordsize = rootDataset.recordsize; - sync = rootDataset.sync; - atime = rootDataset.atime; - "com.sun:auto-snapshot" = - if rootDataset.autoSnapshot == null - then null - else - ( - if rootDataset.autoSnapshot - then "true" - else "false" - ); - }; - # Only apply pool encryption if user hasn't set encryption options in rootDataset - poolEncryptionOptions = - lib.attrsets.optionalAttrs ( - config.storage.zfs.pool.encryption.enable - && rootDataset.encryption == null - && rootDataset.keyformat == null - && rootDataset.keylocation == null - ) { - encryption = "on"; - keyformat = config.storage.zfs.pool.encryption.keyformat; - keylocation = config.storage.zfs.pool.encryption.keylocation; - }; - in - defaults // userOptions // rootDataset.options // poolEncryptionOptions; + # rootFsOptions = let + # rootDataset = config.storage.zfs.rootDataset; + # # Start with defaults that match the original hardcoded values + # defaults = { + # canmount = "off"; + # mountpoint = "none"; + # xattr = "sa"; + # acltype = "posixacl"; + # relatime = "on"; + # compression = "lz4"; + # "com.sun:auto-snapshot" = "false"; + # }; + # # Override defaults with non-null values from rootDataset + # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + # canmount = rootDataset.canmount; + # mountpoint = rootDataset.mountpoint; + # xattr = rootDataset.xattr; + # acltype = rootDataset.acltype; + # relatime = rootDataset.relatime; + # compression = rootDataset.compression; + # encryption = rootDataset.encryption; + # keyformat = rootDataset.keyformat; + # keylocation = rootDataset.keylocation; + # recordsize = rootDataset.recordsize; + # sync = rootDataset.sync; + # atime = rootDataset.atime; + # "com.sun:auto-snapshot" = + # if rootDataset.autoSnapshot == null + # then null + # else + # ( + # if rootDataset.autoSnapshot + # then "true" + # else "false" + # ); + # }; + # # Only apply pool encryption if user hasn't set encryption options in rootDataset + # poolEncryptionOptions = + # lib.attrsets.optionalAttrs ( + # config.storage.zfs.pool.encryption.enable + # && rootDataset.encryption == null + # && rootDataset.keyformat == null + # && rootDataset.keylocation == null + # ) { + # encryption = "on"; + # keyformat = config.storage.zfs.pool.encryption.keyformat; + # keylocation = config.storage.zfs.pool.encryption.keylocation; + # }; + # in + # defaults // userOptions // rootDataset.options // poolEncryptionOptions; - datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { - type = value.type; - options = let - # For datasets, only include non-null user-specified values - userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - canmount = value.canmount; - xattr = value.xattr; - acltype = value.acltype; - relatime = value.relatime; - compression = value.compression; - encryption = value.encryption; - keyformat = value.keyformat; - keylocation = value.keylocation; - recordsize = value.recordsize; - sync = value.sync; - atime = value.atime; - "com.sun:auto-snapshot" = - if value.autoSnapshot == null - then null - else - ( - if value.autoSnapshot - then "true" - else "false" - ); - }; - in - userOptions // (value.options or {}); - mountpoint = value.mountpoint; - postCreateHook = value.postCreateHook or ""; - }) - config.storage.zfs.datasets - ) - ]; - }; - }; - }; + # datasets = lib.mkMerge [ + # ( + # lib.attrsets.mapAttrs (name: value: { + # type = value.type; + # options = let + # # For datasets, only include non-null user-specified values + # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + # canmount = value.canmount; + # xattr = value.xattr; + # acltype = value.acltype; + # relatime = value.relatime; + # compression = value.compression; + # encryption = value.encryption; + # keyformat = value.keyformat; + # keylocation = value.keylocation; + # recordsize = value.recordsize; + # sync = value.sync; + # atime = value.atime; + # "com.sun:auto-snapshot" = + # if value.autoSnapshot == null + # then null + # else + # ( + # if value.autoSnapshot + # then "true" + # else "false" + # ); + # }; + # in + # userOptions // (value.options or {}); + # mountpoint = value.mountpoint; + # postCreateHook = value.postCreateHook or ""; + # }) + # config.storage.zfs.datasets + # ) + # ]; + # }; + # }; + # }; # Post-activation scripts for validation system.activationScripts = { From 39edb655390fc1f6ca43c28082a0171abf33ea3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 14:21:22 -0600 Subject: [PATCH 290/374] feat: removed broken disko config --- modules/nixos-modules/storage/zfs.nix | 428 +------------------------- 1 file changed, 4 insertions(+), 424 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index fb69f2e..65ddbd0 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,52 +5,6 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; - - # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that - hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - - poolVdevs = - builtins.map ( - vdev: - builtins.map ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) - vdev - ) - config.storage.zfs.pool.vdevs; - - poolCache = builtins.map ( - name: let - device = config.storage.zfs.pool.cache.${name}; - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) (builtins.attrNames config.storage.zfs.pool.cache); - - bootDrives = - builtins.map ( - device: - if builtins.isString device - then device - else device.device - ) (builtins.filter ( - device: - if builtins.isString device - then false - else device.boot - ) - (lib.lists.flatten config.storage.zfs.pool.vdevs)); - - allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { options.storage = { zfs = { @@ -142,389 +96,15 @@ in { config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { - assertions = [ - { - assertion = builtins.length bootDrives > 0; - message = '' - ZFS configuration requires at least one boot drive. Please configure at least one device with boot = true in storage.zfs.pool.vdevs. - ''; - } - { - assertion = - !( - config.storage.zfs.pool.encryption.enable - && (config.storage.zfs.rootDataset.encryption - != null - || config.storage.zfs.rootDataset.keyformat != null - || config.storage.zfs.rootDataset.keylocation != null) - ); - message = '' - Cannot set encryption options in both pool.encryption and rootDataset. - Use either pool.encryption for default settings or rootDataset encryption options for explicit control, but not both. - ''; - } - ]; - services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; - # Disko configuration based on pool settings - # disko.devices = { - # disk = ( - # builtins.listToAttrs ( - # builtins.map - # (drive: - # lib.attrsets.nameValuePair (drive.name) { - # type = "disk"; - # device = "/dev/disk/by-id/${drive.value}"; - # content = { - # type = "gpt"; - # partitions = { - # ESP = lib.mkIf (builtins.elem drive.value bootDrives) { - # size = config.storage.zfs.pool.bootPartitionSize; - # type = "EF00"; - # content = { - # type = "filesystem"; - # format = "vfat"; - # mountpoint = "/boot"; - # mountOptions = ["umask=0077"]; - # }; - # }; - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "rpool"; - # }; - # }; - # }; - # }; - # }) - # allDrives - # ) - # ); - # zpool = { - # rpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = ( - # builtins.map (disks: { - # mode = config.storage.zfs.pool.mode; - # members = - # builtins.map (disk: disk.name) disks; - # }) - # poolVdevs - # ); - # cache = builtins.map (disk: disk.name) poolCache; - # }; - # }; - - # options = { - # ashift = "12"; - # autotrim = "on"; - # }; - - # rootFsOptions = let - # rootDataset = config.storage.zfs.rootDataset; - # # Start with defaults that match the original hardcoded values - # defaults = { - # canmount = "off"; - # mountpoint = "none"; - # xattr = "sa"; - # acltype = "posixacl"; - # relatime = "on"; - # compression = "lz4"; - # "com.sun:auto-snapshot" = "false"; - # }; - # # Override defaults with non-null values from rootDataset - # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - # canmount = rootDataset.canmount; - # mountpoint = rootDataset.mountpoint; - # xattr = rootDataset.xattr; - # acltype = rootDataset.acltype; - # relatime = rootDataset.relatime; - # compression = rootDataset.compression; - # encryption = rootDataset.encryption; - # keyformat = rootDataset.keyformat; - # keylocation = rootDataset.keylocation; - # recordsize = rootDataset.recordsize; - # sync = rootDataset.sync; - # atime = rootDataset.atime; - # "com.sun:auto-snapshot" = - # if rootDataset.autoSnapshot == null - # then null - # else - # ( - # if rootDataset.autoSnapshot - # then "true" - # else "false" - # ); - # }; - # # Only apply pool encryption if user hasn't set encryption options in rootDataset - # poolEncryptionOptions = - # lib.attrsets.optionalAttrs ( - # config.storage.zfs.pool.encryption.enable - # && rootDataset.encryption == null - # && rootDataset.keyformat == null - # && rootDataset.keylocation == null - # ) { - # encryption = "on"; - # keyformat = config.storage.zfs.pool.encryption.keyformat; - # keylocation = config.storage.zfs.pool.encryption.keylocation; - # }; - # in - # defaults // userOptions // rootDataset.options // poolEncryptionOptions; - - # datasets = lib.mkMerge [ - # ( - # lib.attrsets.mapAttrs (name: value: { - # type = value.type; - # options = let - # # For datasets, only include non-null user-specified values - # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - # canmount = value.canmount; - # xattr = value.xattr; - # acltype = value.acltype; - # relatime = value.relatime; - # compression = value.compression; - # encryption = value.encryption; - # keyformat = value.keyformat; - # keylocation = value.keylocation; - # recordsize = value.recordsize; - # sync = value.sync; - # atime = value.atime; - # "com.sun:auto-snapshot" = - # if value.autoSnapshot == null - # then null - # else - # ( - # if value.autoSnapshot - # then "true" - # else "false" - # ); - # }; - # in - # userOptions // (value.options or {}); - # mountpoint = value.mountpoint; - # postCreateHook = value.postCreateHook or ""; - # }) - # config.storage.zfs.datasets - # ) - # ]; - # }; - # }; - # }; - - # Post-activation scripts for validation - system.activationScripts = { - # Script 1: Validate pool, cache devices, and vdevs - zfs-pool-validation = { - text = '' - echo "Running ZFS pool validation..." - - # Function to check if a device exists in a vdev or cache - check_device_in_pool() { - local device_id="$1" - local device_type="$2" # "cache" or "vdev" - - if ! zpool status rpool | grep -q "$device_id"; then - echo "ERROR: Device $device_id not found in pool rpool ($device_type)" - return 1 - fi - return 0 - } - - # Function to validate vdev configuration - validate_vdevs() { - local expected_mode="${config.storage.zfs.pool.mode}" - local pool_status=$(zpool status rpool) - - # Check if pool exists - if ! zpool list rpool >/dev/null 2>&1; then - echo "ERROR: ZFS pool 'rpool' does not exist" - return 1 - fi - - # Validate each configured vdev device - ${lib.concatMapStringsSep "\n" ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in '' - if ! check_device_in_pool "${deviceStr}" "vdev"; then - echo "ERROR: Vdev device ${deviceStr} not found in pool" - exit 1 - fi - '' - ) - (lib.lists.flatten config.storage.zfs.pool.vdevs)} - - # Check pool mode matches configuration - if ! echo "$pool_status" | grep -q "$expected_mode"; then - echo "WARNING: Pool mode may not match expected configuration ($expected_mode)" - fi - - echo "✓ All vdev devices validated successfully" - return 0 - } - - # Function to validate cache configuration - validate_cache() { - ${lib.concatMapStringsSep "\n" ( - name: let - device = config.storage.zfs.pool.cache.${name}; - deviceStr = - if builtins.isString device - then device - else device.device; - in '' - if ! check_device_in_pool "${deviceStr}" "cache"; then - echo "ERROR: Cache device ${deviceStr} (${name}) not found in pool" - exit 1 - fi - '' - ) (builtins.attrNames config.storage.zfs.pool.cache)} - - echo "✓ All cache devices validated successfully" - return 0 - } - - # Run validations - if validate_vdevs && validate_cache; then - echo "✓ ZFS pool validation completed successfully" - else - echo "✗ ZFS pool validation failed" - exit 1 - fi - ''; - deps = ["zfs"]; - }; - - # Script 2: Validate datasets and their options - zfs-dataset-validation = { - text = '' - echo "Running ZFS dataset validation..." - - # Function to check if dataset exists - check_dataset_exists() { - local dataset="$1" - if ! zfs list "$dataset" >/dev/null 2>&1; then - echo "ERROR: Dataset $dataset does not exist" - return 1 - fi - return 0 - } - - # Function to validate dataset options - validate_dataset_options() { - local dataset="$1" - local expected_options="$2" - - # Parse expected options (format: "option=value option2=value2") - echo "$expected_options" | tr ' ' '\n' | while IFS='=' read -r option expected_value; do - if [ -n "$option" ] && [ -n "$expected_value" ]; then - local actual_value=$(zfs get -H -o value "$option" "$dataset" 2>/dev/null) - if [ "$actual_value" != "$expected_value" ]; then - echo "ERROR: Dataset $dataset option $option is '$actual_value', expected '$expected_value'" - return 1 - fi - fi - done - return 0 - } - - # Validate root dataset - echo "Validating root dataset..." - if check_dataset_exists "rpool"; then - root_options="" - ${lib.concatMapStringsSep "\n" ( - option: let - value = config.storage.zfs.rootDataset.${option}; - in - lib.optionalString (value != null) '' - root_options="$root_options ${option}=${toString value}" - '' - ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} - - # Add autoSnapshot option - ${lib.optionalString (config.storage.zfs.rootDataset.autoSnapshot != null) '' - root_options="$root_options com.sun:auto-snapshot=${ - if config.storage.zfs.rootDataset.autoSnapshot - then "true" - else "false" - }" - ''} - - if validate_dataset_options "rpool" "$root_options"; then - echo "✓ Root dataset options validated" - else - echo "✗ Root dataset validation failed" - exit 1 - fi - else - echo "✗ Root dataset validation failed" - exit 1 - fi - - # Validate configured datasets - ${lib.concatMapStringsSep "\n" ( - name: let - dataset = config.storage.zfs.datasets.${name}; - in '' - echo "Validating dataset: rpool/${name}" - if check_dataset_exists "rpool/${name}"; then - dataset_options="" - ${lib.concatMapStringsSep "\n" ( - option: let - value = dataset.${option}; - in - lib.optionalString (value != null) '' - dataset_options="$dataset_options ${option}=${toString value}" - '' - ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} - - # Add autoSnapshot option - ${lib.optionalString (dataset.autoSnapshot != null) '' - dataset_options="$dataset_options com.sun:auto-snapshot=${ - if dataset.autoSnapshot - then "true" - else "false" - }" - ''} - - # Add custom options - ${lib.concatMapStringsSep "\n" ( - optName: let - optValue = dataset.options.${optName}; - in '' - dataset_options="$dataset_options ${optName}=${toString optValue}" - '' - ) (builtins.attrNames (dataset.options or {}))} - - if validate_dataset_options "rpool/${name}" "$dataset_options"; then - echo "✓ Dataset rpool/${name} options validated" - else - echo "✗ Dataset rpool/${name} validation failed" - exit 1 - fi - else - echo "✗ Dataset rpool/${name} validation failed" - exit 1 - fi - '' - ) (builtins.attrNames config.storage.zfs.datasets)} - - echo "✓ ZFS dataset validation completed successfully" - ''; - deps = ["zfs" "zfs-pool-validation"]; - }; - }; + # TODO: configure disko + # TODO: assertion that we have a boot device + # TODO: check that disks on system match configuration and warn user if they don't + # TODO: check that datasets on system match configuration and warn user if they don't } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From 3ca0e9bf0a3166741c634b0e6d0ba300769d9317 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 17:04:53 -0600 Subject: [PATCH 291/374] fix: fixed generation of disko configuration --- .../nixos-modules/storage/impermanence.nix | 9 +- modules/nixos-modules/storage/storage.nix | 15 +- .../storage/submodules/dataset.nix | 26 +-- .../submodules/impermanenceDataset.nix | 1 + modules/nixos-modules/storage/zfs.nix | 220 ++++++++++++++++-- 5 files changed, 229 insertions(+), 42 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 470ce48..6619bc5 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -70,6 +70,7 @@ in { lib.mapAttrs (datasetName: dataset: { enable = true; hideMounts = true; + persistentStoragePath = "/${datasetName}"; directories = lib.mapAttrsToList (path: dirConfig: { directory = path; user = dirConfig.owner.name; @@ -78,9 +79,11 @@ in { }) (lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories); files = lib.mapAttrsToList (path: fileConfig: { file = path; - user = fileConfig.owner.name; - group = fileConfig.group.name; - mode = permissionsToMode fileConfig; + parentDirectory = { + user = fileConfig.owner.name; + group = fileConfig.group.name; + mode = permissionsToMode fileConfig; + }; }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 06e29f1..b6428f6 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -32,13 +32,6 @@ autoSnapshot = false; }; }; - "persist/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - }; }; } (lib.mkIf (!config.storage.impermanence.enable) { @@ -46,6 +39,10 @@ storage.zfs.datasets = { "persist/system/root" = { type = "zfs_fs"; + mount = { + enable = false; + mountPoint = "/"; + }; snapshot = { autoSnapshot = true; }; @@ -55,6 +52,10 @@ (lib.mkIf config.storage.impermanence.enable { storage.impermanence.datasets = { "persist/system/root" = { + mount = { + enable = false; + mountPoint = "/"; + }; directories = { "/var/lib/nixos".enable = true; "/var/lib/systemd/coredump".enable = true; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index a3102fc..3de7719 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -44,12 +44,12 @@ mount = { enable = lib.mkOption { - type = lib.types.nullOr (lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"])); - default = null; + type = lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"]); + default = true; + description = "Whether and how the dataset should be mounted"; }; mountPoint = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; + type = lib.types.str; description = "Controls the mount point used for this file system"; }; }; @@ -57,18 +57,15 @@ encryption = { enable = lib.mkEnableOption "should encryption be enabled"; type = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); - default = null; + type = lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]; description = "What encryption type to use"; }; keyformat = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); - default = null; + type = lib.types.enum ["raw" "hex" "passphrase"]; description = "Format of the encryption key"; }; keylocation = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; + type = lib.types.str; description = "Location of the encryption key"; }; }; @@ -77,14 +74,11 @@ # This option should set this option flag # "com.sun:auto-snapshot" = "false"; autoSnapshot = lib.mkOption { - type = lib.types.nullOr lib.types.bool; - default = null; + type = lib.types.bool; + default = false; description = "Enable automatic snapshots for this dataset"; }; - # TODO: this is what blank snapshot should set - # postCreateHook = '' - # zfs snapshot rpool/local/system/root@blank - # ''; + # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; }; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 5f47c18..7154e90 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -49,6 +49,7 @@ in { config = { mount = { mountPoint = lib.mkDefault "/${name}"; + enable = lib.mkDefault true; }; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 65ddbd0..451e226 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,6 +5,98 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; + + # Hash function for disk names (max 27 chars to fit GPT limitations) + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + # Helper to flatten vdevs into list of devices with names + allVdevDevices = lib.lists.flatten (builtins.map ( + vdev: + builtins.map ( + device: + lib.attrsets.nameValuePair (hashDisk device.device) device + ) + vdev + ) + config.storage.zfs.pool.vdevs); + + # Cache devices with names + allCacheDevices = builtins.map ( + device: + lib.attrsets.nameValuePair (hashDisk device.device) device + ) (config.storage.zfs.pool.cache); + + # All devices (vdevs + cache) + allDevices = allVdevDevices ++ allCacheDevices; + + # Boot devices - filter devices that have boot = true + bootDevices = builtins.filter (device: device.value.boot) allDevices; + + # Helper function to convert dataset options to ZFS properties + datasetToZfsOptions = dataset: let + baseOptions = + (lib.attrsets.optionalAttrs (dataset.acltype != null) {acltype = dataset.acltype;}) + // (lib.attrsets.optionalAttrs (dataset.relatime != null) {relatime = dataset.relatime;}) + // (lib.attrsets.optionalAttrs (dataset.atime != null) {atime = dataset.atime;}) + // (lib.attrsets.optionalAttrs (dataset.xattr != null) {xattr = dataset.xattr;}) + // (lib.attrsets.optionalAttrs (dataset.compression != null) {compression = dataset.compression;}) + // (lib.attrsets.optionalAttrs (dataset.sync != null) {sync = dataset.sync;}) + // (lib.attrsets.optionalAttrs (dataset.recordSize != null) {recordSize = dataset.recordSize;}); + + encryptionOptions = lib.attrsets.optionalAttrs (dataset.encryption.enable) ( + (lib.attrsets.optionalAttrs (dataset.encryption ? type) {encryption = dataset.encryption.type;}) + // (lib.attrsets.optionalAttrs (dataset.encryption ? keyformat) {keyformat = dataset.encryption.keyformat;}) + // (lib.attrsets.optionalAttrs (dataset.encryption ? keylocation) {keylocation = dataset.encryption.keylocation;}) + ); + + mountOptions = lib.attrsets.optionalAttrs (dataset ? mount && dataset.mount ? enable) ( + if builtins.isBool dataset.mount.enable + then { + canmount = + if dataset.mount.enable + then "on" + else "off"; + } + else {canmount = dataset.mount.enable;} + ); + + snapshotOptions = lib.attrsets.optionalAttrs (dataset ? snapshot && dataset.snapshot ? autoSnapshot) { + "com.sun:auto-snapshot" = + if dataset.snapshot.autoSnapshot + then "true" + else "false"; + }; + in + baseOptions // encryptionOptions // mountOptions // snapshotOptions; + + # Helper to generate post create hooks + generatePostCreateHook = name: dataset: + dataset.postCreateHook + + (lib.optionalString dataset.snapshot.blankSnapshot '' + zfs snapshot rpool/${name}@blank + ''); + + # Convert datasets to disko format + convertedDatasets = builtins.listToAttrs ( + (lib.attrsets.mapAttrsToList ( + name: dataset: + lib.attrsets.nameValuePair name { + type = dataset.type; + options = datasetToZfsOptions dataset; + mountpoint = dataset.mount.mountPoint or null; + postCreateHook = generatePostCreateHook name dataset; + } + ) + config.storage.zfs.datasets) + ++ (lib.optional (config.storage.zfs.rootDataset != null) ( + lib.attrsets.nameValuePair "" { + type = config.storage.zfs.rootDataset.type; + options = datasetToZfsOptions config.storage.zfs.rootDataset; + mountpoint = config.storage.zfs.rootDataset.mount.mountPoint or null; + postCreateHook = generatePostCreateHook "" config.storage.zfs.rootDataset; + } + )) + ); in { options.storage = { zfs = { @@ -39,12 +131,14 @@ in { lib.types.coercedTo lib.types.str (device: { device = device; boot = false; - }) { - device = lib.mkOption { - type = lib.types.str; + }) (lib.types.submodule { + options = { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; }; - boot = lib.mkEnableOption "should this device be a boot device"; - }; + }); in { encryption = { enable = lib.mkEnableOption "Should encryption be enabled on this pool."; @@ -75,15 +169,15 @@ in { description = "List of vdevs, where each vdev is a list of devices"; }; cache = lib.mkOption { - type = lib.types.attrsOf deviceType; + type = lib.types.listOf deviceType; default = {}; }; }; rootDataset = lib.mkOption { - type = lib.types.submodule datasetSubmodule; + type = lib.types.nullOr (lib.types.submodule datasetSubmodule); description = "Root ZFS dataset to create"; - default = {}; + default = null; }; datasets = lib.mkOption { @@ -96,15 +190,109 @@ in { config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { - services.zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - }; + # Assertion that we have at least one boot device + assertions = [ + { + assertion = (builtins.length bootDevices) > 0; + message = "ZFS configuration requires at least one boot device. Set boot = true for at least one device in your vdevs or cache."; + } + ]; - # TODO: configure disko - # TODO: assertion that we have a boot device - # TODO: check that disks on system match configuration and warn user if they don't - # TODO: check that datasets on system match configuration and warn user if they don't + # # Warning about disk/dataset mismatches - these would be runtime checks + # warnings = let + # configuredDisks = builtins.map (device: device.device) (builtins.map (dev: dev.value) allDevices); + # diskWarnings = + # lib.optional (config.storage.zfs.enable) + # "ZFS: Please ensure the following disks are available on your system: ${builtins.concatStringsSep ", " configuredDisks}"; + + # configuredDatasets = builtins.attrNames config.storage.zfs.datasets; + # datasetWarnings = + # lib.optional (config.storage.zfs.enable && (builtins.length configuredDatasets) > 0) + # "ZFS: Configured datasets: ${builtins.concatStringsSep ", " configuredDatasets}. Ensure these match your intended ZFS layout."; + # in + # diskWarnings ++ datasetWarnings; + + # services.zfs = { + # autoScrub.enable = true; + # autoSnapshot.enable = true; + # }; + + # # Configure disko for ZFS setup + disko.devices = { + disk = builtins.listToAttrs ( + builtins.map ( + drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value.device}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf drive.value.boot { + size = config.storage.zfs.pool.bootPartitionSize; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + } + ) + allDevices + ); + + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = + builtins.map (vdev: { + mode = config.storage.zfs.pool.mode; + members = builtins.map (device: hashDisk device.device) vdev; + }) + config.storage.zfs.pool.vdevs; + cache = builtins.map (device: hashDisk device.device) (builtins.attrValues config.storage.zfs.pool.cache); + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; + } + // (lib.attrsets.optionalAttrs config.storage.zfs.pool.encryption.enable { + encryption = "on"; + keyformat = config.storage.zfs.pool.encryption.keyformat; + keylocation = config.storage.zfs.pool.encryption.keylocation; + }); + + datasets = convertedDatasets; + }; + }; + }; } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From b67be1472a1b4552b57b1672129899ef8475dd41 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:17:22 -0600 Subject: [PATCH 292/374] feat: refactored impermanence modules to follow new pattern --- .../nixos-modules/server/actual/default.nix | 2 +- .../server/actual/impermanence.nix | 37 --------- .../nixos-modules/server/actual/storage.nix | 41 ++++++++++ .../nixos-modules/server/bazarr/default.nix | 2 +- .../server/bazarr/impermanence.nix | 33 -------- .../nixos-modules/server/bazarr/storage.nix | 36 +++++++++ .../server/crab-hole/default.nix | 2 +- .../server/crab-hole/impermanence.nix | 33 -------- .../server/crab-hole/storage.nix | 37 +++++++++ .../nixos-modules/server/fail2ban/default.nix | 2 +- .../server/fail2ban/impermanence.nix | 34 --------- .../nixos-modules/server/fail2ban/storage.nix | 37 +++++++++ .../server/flaresolverr/default.nix | 2 +- .../server/flaresolverr/impermanence.nix | 26 ------- .../server/flaresolverr/storage.nix | 26 +++++++ .../nixos-modules/server/forgejo/default.nix | 2 +- .../server/forgejo/impermanence.nix | 35 --------- .../nixos-modules/server/forgejo/storage.nix | 36 +++++++++ .../server/home-assistant/default.nix | 2 +- .../server/home-assistant/impermanence.nix | 26 ------- .../server/home-assistant/storage.nix | 36 +++++++++ .../nixos-modules/server/immich/default.nix | 2 +- .../server/immich/impermanence.nix | 32 -------- .../nixos-modules/server/immich/storage.nix | 36 +++++++++ .../nixos-modules/server/jackett/default.nix | 2 +- .../server/jackett/impermanence.nix | 33 -------- .../nixos-modules/server/jackett/storage.nix | 36 +++++++++ .../nixos-modules/server/jellyfin/default.nix | 2 +- .../server/jellyfin/impermanence.nix | 73 ------------------ .../nixos-modules/server/jellyfin/storage.nix | 76 +++++++++++++++++++ .../nixos-modules/server/lidarr/default.nix | 2 +- .../server/lidarr/impermanence.nix | 33 -------- .../nixos-modules/server/lidarr/storage.nix | 36 +++++++++ .../server/panoramax/default.nix | 2 +- .../server/panoramax/impermanence.nix | 20 ----- .../server/panoramax/storage.nix | 33 ++++++++ .../server/paperless/default.nix | 2 +- .../server/paperless/impermanence.nix | 32 -------- .../server/paperless/storage.nix | 36 +++++++++ .../nixos-modules/server/postgres/default.nix | 2 +- .../server/postgres/impermanence.nix | 27 ------- .../nixos-modules/server/postgres/storage.nix | 36 +++++++++ .../server/qbittorent/default.nix | 2 +- .../server/qbittorent/impermanence.nix | 61 --------------- .../server/qbittorent/storage.nix | 62 +++++++++++++++ .../nixos-modules/server/radarr/default.nix | 2 +- .../server/radarr/impermanence.nix | 33 -------- .../nixos-modules/server/radarr/storage.nix | 36 +++++++++ .../server/reverseProxy/default.nix | 2 +- .../server/reverseProxy/impermanence.nix | 21 ----- .../server/reverseProxy/storage.nix | 28 +++++++ .../nixos-modules/server/sonarr/default.nix | 2 +- .../server/sonarr/impermanence.nix | 33 -------- .../nixos-modules/server/sonarr/storage.nix | 36 +++++++++ 54 files changed, 718 insertions(+), 640 deletions(-) delete mode 100644 modules/nixos-modules/server/actual/impermanence.nix create mode 100644 modules/nixos-modules/server/actual/storage.nix delete mode 100644 modules/nixos-modules/server/bazarr/impermanence.nix create mode 100644 modules/nixos-modules/server/bazarr/storage.nix delete mode 100644 modules/nixos-modules/server/crab-hole/impermanence.nix create mode 100644 modules/nixos-modules/server/crab-hole/storage.nix delete mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix create mode 100644 modules/nixos-modules/server/fail2ban/storage.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/impermanence.nix create mode 100644 modules/nixos-modules/server/flaresolverr/storage.nix delete mode 100644 modules/nixos-modules/server/forgejo/impermanence.nix create mode 100644 modules/nixos-modules/server/forgejo/storage.nix delete mode 100644 modules/nixos-modules/server/home-assistant/impermanence.nix create mode 100644 modules/nixos-modules/server/home-assistant/storage.nix delete mode 100644 modules/nixos-modules/server/immich/impermanence.nix create mode 100644 modules/nixos-modules/server/immich/storage.nix delete mode 100644 modules/nixos-modules/server/jackett/impermanence.nix create mode 100644 modules/nixos-modules/server/jackett/storage.nix delete mode 100644 modules/nixos-modules/server/jellyfin/impermanence.nix create mode 100644 modules/nixos-modules/server/jellyfin/storage.nix delete mode 100644 modules/nixos-modules/server/lidarr/impermanence.nix create mode 100644 modules/nixos-modules/server/lidarr/storage.nix delete mode 100644 modules/nixos-modules/server/panoramax/impermanence.nix create mode 100644 modules/nixos-modules/server/panoramax/storage.nix delete mode 100644 modules/nixos-modules/server/paperless/impermanence.nix create mode 100644 modules/nixos-modules/server/paperless/storage.nix delete mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/storage.nix delete mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/storage.nix delete mode 100644 modules/nixos-modules/server/radarr/impermanence.nix create mode 100644 modules/nixos-modules/server/radarr/storage.nix delete mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/storage.nix delete mode 100644 modules/nixos-modules/server/sonarr/impermanence.nix create mode 100644 modules/nixos-modules/server/sonarr/storage.nix diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index b59517b..99778af 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -3,6 +3,6 @@ ./actual.nix ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix deleted file mode 100644 index d870789..0000000 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { - options.services.actual = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.actual.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.actual.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix new file mode 100644 index 0000000..eab0817 --- /dev/null +++ b/modules/nixos-modules/server/actual/storage.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + options.services.actual.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; + } + ]; + } + (lib.mkIf (!config.services.actual.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.actual.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDirectory}" = { + owner.name = "actual"; + group.name = "actual"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix deleted file mode 100644 index 70a45d1..0000000 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - bazarr_data_directory = "/var/lib/bazarr"; -in { - options.services.bazarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.bazarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.bazarr.impermanence.enable { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = bazarr_data_directory; - user = "bazarr"; - group = "bazarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix new file mode 100644 index 0000000..53a9d9c --- /dev/null +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + bazarr_data_directory = "/var/lib/bazarr"; +in { + options.services.bazarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.bazarr.dataDir == bazarr_data_directory; + message = "bazarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.bazarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.bazarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${bazarr_data_directory}" = { + owner.name = "bazarr"; + group.name = "bazarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix index 158a851..9f990c5 100644 --- a/modules/nixos-modules/server/crab-hole/default.nix +++ b/modules/nixos-modules/server/crab-hole/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./crab-hole.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix deleted file mode 100644 index 51efc0c..0000000 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - workingDirectory = "/var/lib/private/crab-hole"; -in { - options.services.crab-hole = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.crab-hole.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.crab-hole.impermanence.enable { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = workingDirectory; - user = "crab-hole"; - group = "crab-hole"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix new file mode 100644 index 0000000..ec38846 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + ... +}: let + workingDirectory = "/var/lib/private/crab-hole"; +in { + options.services.crab-hole.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = + config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); + message = "crab-hole working directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.crab-hole.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.crab-hole.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${workingDirectory}" = { + owner.name = "crab-hole"; + group.name = "crab-hole"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix index 30fca99..84a46d4 100644 --- a/modules/nixos-modules/server/fail2ban/default.nix +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix deleted file mode 100644 index 6e214b3..0000000 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - options.services.fail2ban = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.fail2ban.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.fail2ban.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix new file mode 100644 index 0000000..6c1f227 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + options.services.fail2ban.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.fail2ban.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.fail2ban.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataFolder}" = { + owner.name = "fail2ban"; + group.name = "fail2ban"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix deleted file mode 100644 index 4544e75..0000000 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.flaresolverr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.flaresolverr.impermanence.enable { - # FlareSolverr typically doesn't need persistent storage as it's a proxy service - # but we'll add basic structure in case it's needed for logs or configuration - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = "/var/lib/flaresolverr"; - user = "flaresolverr"; - group = "flaresolverr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix new file mode 100644 index 0000000..657bcc6 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: { + options.services.flaresolverr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + (lib.mkIf (!config.services.flaresolverr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.flaresolverr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/flaresolverr" = { + owner.name = "flaresolverr"; + group.name = "flaresolverr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 4333f69..c990e57 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -4,6 +4,6 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix deleted file mode 100644 index 6fe3de8..0000000 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - config, - ... -}: let - stateDir = "/var/lib/forgejo"; -in { - options.services.forgejo = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.forgejo.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.forgejo.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix new file mode 100644 index 0000000..31304e7 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + stateDir = "/var/lib/forgejo"; +in { + options.services.forgejo.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.forgejo.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.forgejo.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${stateDir}" = { + owner.name = "forgejo"; + group.name = "forgejo"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index b6f9356..d213964 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -4,7 +4,7 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ./extensions ]; } diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix deleted file mode 100644 index 8c056a1..0000000 --- a/modules/nixos-modules/server/home-assistant/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: let - configDir = "/var/lib/hass"; -in - lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - } diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix new file mode 100644 index 0000000..231387b --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in { + options.services.home-assistant.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.home-assistant.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.home-assistant.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.home-assistant.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${configDir}" = { + owner.name = "hass"; + group.name = "hass"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix index 4d93c0b..75ae2fd 100644 --- a/modules/nixos-modules/server/immich/default.nix +++ b/modules/nixos-modules/server/immich/default.nix @@ -3,7 +3,7 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; # NOTE: This shouldn't be needed now that we are out of testing diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix deleted file mode 100644 index 56e51d0..0000000 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.immich.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.immich.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix new file mode 100644 index 0000000..65b4bed --- /dev/null +++ b/modules/nixos-modules/server/immich/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.services.immich.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.immich.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.immich.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${mediaLocation}" = { + owner.name = "immich"; + group.name = "immich"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix deleted file mode 100644 index 24fc5e6..0000000 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - jackett_data_directory = "/var/lib/jackett/.config/Jackett"; -in { - options.services.jackett = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jackett.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jackett.impermanence.enable { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = jackett_data_directory; - user = "jackett"; - group = "jackett"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix new file mode 100644 index 0000000..6056c9c --- /dev/null +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + jackett_data_directory = "/var/lib/jackett/.config/Jackett"; +in { + options.services.jackett.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.jackett.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.jackett.dataDir == jackett_data_directory; + message = "jackett data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.jackett.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.jackett.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${jackett_data_directory}" = { + owner.name = "jackett"; + group.name = "jackett"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 2dbdcfd..4770ae1 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -3,6 +3,6 @@ ./jellyfin.nix ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix deleted file mode 100644 index cbcb54f..0000000 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: let - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jellyfin.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jellyfin.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix new file mode 100644 index 0000000..867b936 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -0,0 +1,76 @@ +{ + lib, + config, + ... +}: let + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; +in { + options.services.jellyfin.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.jellyfin.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.jellyfin.impermanence.enable { + storage.impermanence.datasets = { + "persist/system/root" = { + directories = { + "${jellyfin_data_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; + }; + "${jellyfin_cache_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; + }; + }; + }; + "persist/system/jellyfin" = { + atime = "off"; + relatime = "off"; + + directories."${config.services.jellyfin.media_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin_media"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix deleted file mode 100644 index 5d3aa3f..0000000 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; -in { - options.services.lidarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.lidarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.lidarr.impermanence.enable { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = lidarr_data_directory; - user = "lidarr"; - group = "lidarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix new file mode 100644 index 0000000..9d818ff --- /dev/null +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; +in { + options.services.lidarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.lidarr.dataDir == lidarr_data_directory; + message = "lidarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.lidarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.lidarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${lidarr_data_directory}" = { + owner.name = "lidarr"; + group.name = "lidarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index 4c6b9ea..f5a514f 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -2,7 +2,7 @@ imports = [ ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ./panoramax.nix ./database.nix ]; diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix deleted file mode 100644 index e25ef92..0000000 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.panoramax = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.panoramax.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.panoramax.impermanence.enable { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - }; -} diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix new file mode 100644 index 0000000..52d9d74 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + ... +}: { + options.services.panoramax.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # TODO: configure impermanence for panoramax data + # This would typically include directories like: + # - /var/lib/panoramax + # - panoramax storage directories + # - any cache or temporary directories that need to persist + } + (lib.mkIf (!config.services.panoramax.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.panoramax.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/panoramax" = { + owner.name = "panoramax"; + group.name = "panoramax"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index 7e5e16b..f7a5aa7 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -4,6 +4,6 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix deleted file mode 100644 index fc87ea7..0000000 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.paperless.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.paperless.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix new file mode 100644 index 0000000..6f74441 --- /dev/null +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.paperless.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.paperless.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "paperless"; + group.name = "paperless"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix index abf4ade..50d90d4 100644 --- a/modules/nixos-modules/server/postgres/default.nix +++ b/modules/nixos-modules/server/postgres/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./postgres.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix deleted file mode 100644 index a67fb1a..0000000 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/postgresql/16"; -in { - config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix new file mode 100644 index 0000000..0ec0eb2 --- /dev/null +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + options.services.postgresql.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.postgresql.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.postgresql.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.postgresql.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "postgres"; + group.name = "postgres"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix index f7511e6..11cc449 100644 --- a/modules/nixos-modules/server/qbittorent/default.nix +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./qbittorent.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix deleted file mode 100644 index 1489e7d..0000000 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.qbittorrent.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.qbittorrent.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix new file mode 100644 index 0000000..02d4757 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -0,0 +1,62 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + options.services.qbittorrent.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.qbittorrent.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + ( + lib.mkIf config.services.qbittorrent.impermanence.enable + { + storage.impermanence.datasets = { + "persist/system/root" = { + directories."${qbittorent_profile_directory}" = { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + }; + }; + "persist/system/qbittorrent" = { + directories."${config.services.qbittorrent.mediaDir}" = { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = true; + write = false; + execute = true; + }; + }; + }; + }; + } + ) + ])) + ]); +} diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix deleted file mode 100644 index c948e3a..0000000 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - radarr_data_directory = "/var/lib/radarr/.config/Radarr"; -in { - options.services.radarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.radarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.radarr.impermanence.enable { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = radarr_data_directory; - user = "radarr"; - group = "radarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix new file mode 100644 index 0000000..82d2bf8 --- /dev/null +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + radarr_data_directory = "/var/lib/radarr/.config/Radarr"; +in { + options.services.radarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.radarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.radarr.dataDir == radarr_data_directory; + message = "radarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.radarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.radarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${radarr_data_directory}" = { + owner.name = "radarr"; + group.name = "radarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix index 5d57175..336e28b 100644 --- a/modules/nixos-modules/server/reverseProxy/default.nix +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./reverseProxy.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix deleted file mode 100644 index 7af55df..0000000 --- a/modules/nixos-modules/server/reverseProxy/impermanence.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; -in { - config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix new file mode 100644 index 0000000..c4ee04a --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + options.services.reverseProxy.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + (lib.mkIf (!config.services.reverseProxy.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.reverseProxy.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "acme"; + group.name = "acme"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix deleted file mode 100644 index 5b90ee9..0000000 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; -in { - options.services.sonarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.sonarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.sonarr.impermanence.enable { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = sonarr_data_directory; - user = "sonarr"; - group = "sonarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix new file mode 100644 index 0000000..c74a7b8 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; +in { + options.services.sonarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.sonarr.dataDir == sonarr_data_directory; + message = "sonarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.sonarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.sonarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${sonarr_data_directory}" = { + owner.name = "sonarr"; + group.name = "sonarr"; + }; + }; + }) + ])) + ]); +} From d283f881604027bb6f51d0ac8556a8cb7e394c37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:28:34 -0600 Subject: [PATCH 293/374] feat: moved ollama, tailscale, and sync into folders following the new storage pattern --- modules/nixos-modules/ollama/default.nix | 6 ++ modules/nixos-modules/{ => ollama}/ollama.nix | 14 ---- modules/nixos-modules/ollama/storage.nix | 49 +++++++++++++ modules/nixos-modules/sync.nix | 69 ------------------- modules/nixos-modules/sync/default.nix | 6 ++ modules/nixos-modules/sync/storage.nix | 57 +++++++++++++++ modules/nixos-modules/sync/sync.nix | 36 ++++++++++ modules/nixos-modules/tailscale.nix | 34 --------- modules/nixos-modules/tailscale/default.nix | 6 ++ modules/nixos-modules/tailscale/storage.nix | 36 ++++++++++ modules/nixos-modules/tailscale/tailscale.nix | 19 +++++ 11 files changed, 215 insertions(+), 117 deletions(-) create mode 100644 modules/nixos-modules/ollama/default.nix rename modules/nixos-modules/{ => ollama}/ollama.nix (63%) create mode 100644 modules/nixos-modules/ollama/storage.nix delete mode 100644 modules/nixos-modules/sync.nix create mode 100644 modules/nixos-modules/sync/default.nix create mode 100644 modules/nixos-modules/sync/storage.nix create mode 100644 modules/nixos-modules/sync/sync.nix delete mode 100644 modules/nixos-modules/tailscale.nix create mode 100644 modules/nixos-modules/tailscale/default.nix create mode 100644 modules/nixos-modules/tailscale/storage.nix create mode 100644 modules/nixos-modules/tailscale/tailscale.nix diff --git a/modules/nixos-modules/ollama/default.nix b/modules/nixos-modules/ollama/default.nix new file mode 100644 index 0000000..896526a --- /dev/null +++ b/modules/nixos-modules/ollama/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./ollama.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama/ollama.nix similarity index 63% rename from modules/nixos-modules/ollama.nix rename to modules/nixos-modules/ollama/ollama.nix index 99819bf..dc7cdd9 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama/ollama.nix @@ -27,20 +27,6 @@ allowedUDPPorts = ports; }; })) - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = "/var/lib/private/ollama"; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - } - ]; - }; - }) ] ); } diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix new file mode 100644 index 0000000..ff2348e --- /dev/null +++ b/modules/nixos-modules/ollama/storage.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: { + options = { + services.ollama.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.ollama.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Ollama needs persistent storage for models and configuration + } + (lib.mkIf (!config.services.ollama.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.ollama.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/private/ollama" = { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix deleted file mode 100644 index 96f54d5..0000000 --- a/modules/nixos-modules/sync.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - syncthingConfiguration, - ... -}: let - mountDir = "/mnt/sync"; - configDir = "/etc/syncthing"; -in { - config = lib.mkMerge [ - { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" - "d ${mountDir} 2755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - } - (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ - { - services.syncthing = { - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = configDir; - overrideDevices = true; - overrideFolders = true; - configuration = syncthingConfiguration; - deviceName = config.networking.hostName; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = mountDir; - user = "syncthing"; - group = "syncthing"; - } - { - directory = configDir; - user = "syncthing"; - group = "syncthing"; - } - ]; - }; - }; - }) - ])) - ]; -} diff --git a/modules/nixos-modules/sync/default.nix b/modules/nixos-modules/sync/default.nix new file mode 100644 index 0000000..5640417 --- /dev/null +++ b/modules/nixos-modules/sync/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./sync.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix new file mode 100644 index 0000000..a58a49f --- /dev/null +++ b/modules/nixos-modules/sync/storage.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + options = { + services.syncthing.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.syncthing.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.syncthing.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Syncthing needs persistent storage for configuration and data + } + (lib.mkIf (!config.services.syncthing.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.syncthing.impermanence.enable { + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.settings.folders; + + storage.impermanence.datasets."persist/system/root" = { + directories = { + "${mountDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync/sync.nix b/modules/nixos-modules/sync/sync.nix new file mode 100644 index 0000000..28b6e38 --- /dev/null +++ b/modules/nixos-modules/sync/sync.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + syncthingConfiguration, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + } + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ + { + services.syncthing = { + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = configDir; + overrideDevices = true; + overrideFolders = true; + configuration = syncthingConfiguration; + deviceName = config.networking.hostName; + }; + } + ])) + ]; +} diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix deleted file mode 100644 index db664e8..0000000 --- a/modules/nixos-modules/tailscale.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - tailscale_data_directory = "/var/lib/tailscale"; -in { - options.host.tailscale = { - enable = lib.mkEnableOption "should tailscale be enabled on this computer"; - }; - - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - { - # any configs we want shared between all machines - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = tailscale_data_directory; - user = "root"; - group = "root"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/tailscale/default.nix b/modules/nixos-modules/tailscale/default.nix new file mode 100644 index 0000000..7a283e8 --- /dev/null +++ b/modules/nixos-modules/tailscale/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./tailscale.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix new file mode 100644 index 0000000..9533aef --- /dev/null +++ b/modules/nixos-modules/tailscale/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options = { + services.tailscale.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.tailscale.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Tailscale needs persistent storage for keys and configuration + } + (lib.mkIf (!config.services.tailscale.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.tailscale.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${tailscale_data_directory}" = { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/tailscale/tailscale.nix b/modules/nixos-modules/tailscale/tailscale.nix new file mode 100644 index 0000000..06899b1 --- /dev/null +++ b/modules/nixos-modules/tailscale/tailscale.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: { + options = { + host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + ] + ); +} From ab555f50ff118a4f90720723671ad45c0c44b91e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:30:49 -0600 Subject: [PATCH 294/374] fix: defiant config cache drive converted to correct format --- configurations/nixos/defiant/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 11a6f9d..182b8c0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -100,12 +100,12 @@ ] ]; # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - cache = { - cache0 = { + cache = [ + { device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; boot = true; - }; - }; + } + ]; }; }; impermanence = { From 703530ddfe22c61f475a1f9a3ada43264993fa2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:48:41 -0600 Subject: [PATCH 295/374] feat: updated storage config for emergent --- configurations/nixos/emergent/configuration.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 6121069..781d66b 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -59,12 +59,22 @@ hardware = { piperMouse.enable = true; }; + }; - storage = { + storage = { + zfs = { enable = true; pool = { - mode = ""; - drives = ["wwn-0x5000039fd0cf05eb"]; + mode = "stripe"; + vdevs = [ + [ + { + device = "wwn-0x5000039fd0cf05eb"; + boot = true; + } + ] + ]; + cache = []; }; }; }; From 5acf060e9e9e874acfe7cdecd75e9ff67afa53b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:49:19 -0600 Subject: [PATCH 296/374] feat: updated imports to use new storage module only --- modules/nixos-modules/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 77bfe93..34e041e 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,12 +8,10 @@ ./desktop.nix ./ssh.nix ./i18n.nix - ./sync.nix - ./impermanence.nix - ./disko.nix - ./ollama.nix + ./sync + ./ollama ./ai.nix - ./tailscale.nix + ./tailscale ./steam.nix ./server ./storage From 1310b50794cc8261ea129695814f270ce8df056b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 19:04:59 -0600 Subject: [PATCH 297/374] feat: moved ssh config to use new storage config --- modules/nixos-modules/ssh.nix | 41 +++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..20e7881 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -3,6 +3,13 @@ config, ... }: { + options = { + services.openssh.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.openssh.enable && config.storage.impermanence.enable; + }; + }; + config = lib.mkMerge [ { services = { @@ -17,12 +24,32 @@ }; }; } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys - ); - }; - }) + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # SSH host keys need to be persisted to maintain server identity + } + (lib.mkIf (!config.services.openssh.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.openssh.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + files = builtins.listToAttrs ( + lib.lists.flatten ( + builtins.map (hostKey: [ + { + name = hostKey.path; + value = {enable = true;}; + } + { + name = "${hostKey.path}.pub"; + value = {enable = true;}; + } + ]) + config.services.openssh.hostKeys + ) + ); + }; + }) + ])) ]; } From 4da5d65d8f81e4add37ed0ddda014515e324f29f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 21:10:18 -0600 Subject: [PATCH 298/374] feat: added activation and resume scripts to storage and impermanence --- .../nixos-modules/storage/impermanence.nix | 17 +++++++++-- modules/nixos-modules/storage/storage.nix | 29 +++++++++++-------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 6619bc5..33b4706 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -66,6 +66,20 @@ in { } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + + programs.fuse.userAllowOther = true; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -90,9 +104,6 @@ in { # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { - # TODO: activationScripts config for private folders - # TODO: rollback post resume - # TODO: fuse userAllowOther storage.zfs.datasets = lib.mapAttrs ( datasetName: dataset: diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index b6428f6..d6a2a2b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -50,6 +50,23 @@ }; }) (lib.mkIf config.storage.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + ''; + + storage.zfs.datasets = { + "local/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + snapshot = { + blankSnapshot = true; + }; + }; + }; + storage.impermanence.datasets = { "persist/system/root" = { mount = { @@ -65,18 +82,6 @@ }; }; }; - storage.zfs.datasets = { - "local/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - snapshot = { - blankSnapshot = true; - }; - }; - }; # TODO: home-manager.users..storage.impermanence.enable # is false then persist the entire directory of the user From 4d7d11e0c886ebb0a7e252f30eb57cf6fdc9b7f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 21:19:54 -0600 Subject: [PATCH 299/374] feat: removed now unneeded disko and impermanence modules --- modules/nixos-modules/disko.nix | 267 ------------------------- modules/nixos-modules/impermanence.nix | 101 ---------- 2 files changed, 368 deletions(-) delete mode 100644 modules/nixos-modules/disko.nix delete mode 100644 modules/nixos-modules/impermanence.nix diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix deleted file mode 100644 index a962689..0000000 --- a/modules/nixos-modules/disko.nix +++ /dev/null @@ -1,267 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to - # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that - hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - - vdevs = - builtins.map ( - disks: - builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks - ) - config.host.storage.pool.vdevs; - cache = - builtins.map ( - disk: lib.attrsets.nameValuePair (hashDisk disk) disk - ) - config.host.storage.pool.cache; - - datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; -in { - options.host.storage = { - enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; - encryption = lib.mkEnableOption "is the vdev going to be encrypted"; - notifications = { - enable = lib.mkEnableOption "are notifications enabled"; - host = lib.mkOption { - type = lib.types.str; - description = "what is the host that we are going to send the email to"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "what port is the host using to receive mail on"; - }; - to = lib.mkOption { - type = lib.types.str; - description = "what account is the email going to be sent to"; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user is the email going to be set from"; - }; - tokenFile = lib.mkOption { - type = lib.types.str; - description = "file containing the password to be used by msmtp for notifications"; - }; - }; - pool = { - mode = lib.mkOption { - type = lib.types.str; - default = "raidz2"; - description = "what level of redundancy should this pool have"; - }; - # list of drives in pool that will have a boot partition put onto them - bootDrives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of disks that are going to have a boot partition installed on them"; - default = lib.lists.flatten config.host.storage.pool.vdevs; - }; - # shorthand for vdevs if you only have 1 vdev - drives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be in the vdev"; - default = []; - }; - # list of all drives in each vdev - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; - }; - # list of cache drives for pool - cache = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be used as cache"; - default = []; - }; - # Default datasets that are needed to make a functioning system - datasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - default = { - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - }; - }; - extraDatasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - description = "List of datasets to define"; - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.storage.enable { - programs.msmtp = lib.mkIf config.host.storage.notifications.enable { - enable = true; - setSendmail = true; - defaults = { - aliases = "/etc/aliases"; - port = config.host.storage.notifications.port; - tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; - tls = "on"; - auth = "login"; - tls_starttls = "off"; - }; - accounts = { - zfs_notifications = { - auth = true; - tls = true; - host = config.host.storage.notifications.host; - passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; - user = config.host.storage.notifications.user; - from = config.host.storage.notifications.user; - }; - }; - }; - - services.zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - - zed = lib.mkIf config.host.storage.notifications.enable { - enableMail = true; - - settings = { - ZED_DEBUG_LOG = "/tmp/zed.debug.log"; - ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; - ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; - - ZED_NOTIFY_INTERVAL_SECS = 3600; - ZED_NOTIFY_VERBOSE = true; - - ZED_USE_ENCLOSURE_LEDS = true; - ZED_SCRUB_AFTER_RESILVER = true; - }; - }; - }; - - disko.devices = { - disk = ( - builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { - # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - ( - (lib.lists.flatten vdevs) ++ cache - ) - ) - ); - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = ( - builtins.map (disks: { - mode = config.host.storage.pool.mode; - members = - builtins.map (disk: disk.name) disks; - }) - vdevs - ); - cache = builtins.map (disk: disk.name) cache; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - // ( - lib.attrsets.optionalAttrs config.host.storage.encryption { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - } - ); - - datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { - type = value.type; - options = value.options; - mountpoint = value.mountpoint; - postCreateHook = value.postCreateHook; - }) - datasets - ) - ]; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix deleted file mode 100644 index 4cdcd00..0000000 --- a/modules/nixos-modules/impermanence.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ - config, - lib, - ... -}: { - options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - - config = lib.mkMerge [ - { - assertions = [ - { - assertion = !(config.host.impermanence.enable && !config.host.storage.enable); - message = '' - Disko storage must be enabled to use impermanence. - ''; - } - ]; - } - ( - lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.host.impermanence.enable && config.host.storage.enable; - message = "Impermanence can not be used without managed host storage."; - } - ]; - - # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 - system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; - system.activationScripts = { - "var-lib-private-permissions" = { - deps = ["specialfs"]; - text = '' - mkdir -p /persist/system/root/var/lib/private - chmod 0700 /persist/system/root/var/lib/private - ''; - }; - }; - - programs.fuse.userAllowOther = true; - - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - ''; - - fileSystems = { - "/".neededForBoot = true; - "/persist/system/root".neededForBoot = true; - "/persist/system/var/log".neededForBoot = true; - }; - - host.storage.pool.extraDatasets = { - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - options = { - "com.sun:auto-snapshot" = "true"; - }; - }; - # this is where root data actually lives - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - }; - "persist/system/var/log" = { - type = "zfs_fs"; - mountpoint = "/persist/system/var/log"; - # logs should be append only so we shouldn't need to snapshot them - options = { - "com.sun:auto-snapshot" = "false"; - }; - }; - }; - - environment.persistence."/persist/system/var/log" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - ]; - }; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/var/lib/nixos" - "/var/lib/systemd/coredump" - ]; - files = [ - "/etc/machine-id" - ]; - }; - - # TODO: this should live in leylas home manager configuration - security.sudo.extraConfig = "Defaults lecture=never"; - } - ) - ]; -} From 318a0a974884ce803d7bd5517c56692b822f9a56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 22:37:19 -0600 Subject: [PATCH 300/374] feat: added sops dataset to users.nix --- modules/nixos-modules/users.nix | 138 ++++++++++++++++---------------- 1 file changed, 67 insertions(+), 71 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 987e080..3385a83 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -399,79 +399,75 @@ in { }; }; } - (lib.mkIf config.host.impermanence.enable { - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - normalUsers) - ); + (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable { + storage.zfs.datasets."persist/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; + }; + atime = "off"; + relatime = "off"; + }; + }) + ])) + # (lib.mkIf config.host.impermanence.enable { + # boot.initrd.postResumeCommands = lib.mkAfter ( + # lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + # normalUsers) + # ); - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; - }; + # systemd = { + # tmpfiles.rules = + # builtins.map ( + # user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + # ) + # normalUsers; + # }; - fileSystems = lib.mkMerge [ - { - ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; - } - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/persist/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ]; + # fileSystems = lib.mkMerge [ + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/persist/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ]; - host.storage.pool.extraDatasets = lib.mkMerge ( - [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - } - ] - ++ ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; - }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - }; - }) - normalUsers - ) - ); - }) + # host.storage.pool.extraDatasets = lib.mkMerge ( + # ( + # builtins.map (user: { + # "local/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/home/${user.name}"; + # options = { + # canmount = "on"; + # }; + # postCreateHook = '' + # zfs snapshot rpool/local/home/${user.name}@blank + # ''; + # }; + # "persist/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/persist/home/${user.name}"; + # }; + # }) + # normalUsers + # ) + # ); + # }) ]; } From 81a9ed31548c9842f4f051b6c19656c4cd032382 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:21:08 -0600 Subject: [PATCH 301/374] doc: added documentation tasks to README.md --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 2d6911b..e16fe0e 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,20 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: +## Documentation +- [ ] project layout +- [ ] users file structure +- [ ] reverse proxy design + - public service compatibility + - vpn based services compatibility +- [ ] the choice of impermanence +- [ ] storage module design + - base impermanence compatibility and structure reason + - plans for home manager datasets + - plans for auto systemd service datasets +- [ ] plans to migrate to some kind of acl structure for user management +- [ ] plans to migrate from flakes to npins + ## Chores: - [ ] test out crab hole service From 46cd54e9bac9c0fd975f0ecbcf6a2dd90d648e3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:27:00 -0600 Subject: [PATCH 302/374] feat: added option for prompt footer in conventional commit plugin --- .../programs/vscode/conventionalCommits.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 5bc8124..b667c27 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -19,6 +19,10 @@ in { gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; + + promptFooter = lib.mkEnableOption "prompting for footer in conventional commits"; + + showNewVersionNotes = lib.mkEnableOption "showing new version notes for conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { @@ -27,6 +31,8 @@ in { userSettings = { "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + "conventionalCommits.promptFooter" = config.extraExtensions.conventionalCommits.promptFooter; + "conventionalCommits.showNewVersionNotes" = config.extraExtensions.conventionalCommits.showNewVersionNotes; }; }; })); From 8ddaa1c9dd45c62dd810597aa6d0abe6c7770169 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:39:43 -0600 Subject: [PATCH 303/374] doc: added more notes to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7d13298..a50813e 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] the choice of impermanence - [ ] storage module design - base impermanence compatibility and structure reason + - what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?)) + - plans to possibly support btrfs in the future - plans for home manager datasets - plans for auto systemd service datasets - [ ] plans to migrate to some kind of acl structure for user management From d06c25f33f07e198d00da6331ed26cf470deb9ff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 02:38:28 -0600 Subject: [PATCH 304/374] feat: migrated users over to new persistence structure --- configurations/home-manager/leyla/default.nix | 2 +- .../home-manager/leyla/impermanence.nix | 1 - modules/home-manager-modules/impermanence.nix | 5 +- .../home-manager-modules/programs/anki.nix | 4 +- .../programs/bitwarden.nix | 1 - .../home-manager-modules/programs/bruno.nix | 1 - .../home-manager-modules/programs/calibre.nix | 1 - .../programs/davinci-resolve.nix | 1 - .../home-manager-modules/programs/dbeaver.nix | 1 - .../home-manager-modules/programs/discord.nix | 1 - .../home-manager-modules/programs/firefox.nix | 1 - .../home-manager-modules/programs/freecad.nix | 1 - .../home-manager-modules/programs/gimp.nix | 1 - .../programs/inkscape.nix | 1 - .../programs/kdenlive.nix | 1 - .../home-manager-modules/programs/krita.nix | 1 - .../programs/libreoffice.nix | 1 - .../programs/mapillary-uploader.nix | 1 - modules/home-manager-modules/programs/obs.nix | 1 - .../home-manager-modules/programs/olympus.nix | 1 - .../home-manager-modules/programs/openrgb.nix | 1 - .../home-manager-modules/programs/picard.nix | 1 - .../programs/qflipper.nix | 1 - .../home-manager-modules/programs/steam.nix | 1 - .../programs/tor-browser.nix | 1 - .../programs/ungoogled-chromium.nix | 1 - modules/home-manager-modules/programs/via.nix | 1 - .../programs/vmware-workstation.nix | 1 - modules/nixos-modules/users.nix | 120 ++++++++---------- 29 files changed, 57 insertions(+), 99 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 8a37754..20b04c7 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,7 +12,7 @@ ]; config = { - impermanence.enable = osConfig.host.impermanence.enable; + impermanence.enable = osConfig.storage.impermanence.enable; # Home Manager needs a bit of information about you and the paths it should # manage. diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ce81c81..ea64d56 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -14,7 +14,6 @@ ".bash_history" # keep shell history around "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; - allowOther = true; }; }; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 6c75edd..402cccd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -18,17 +18,16 @@ in { (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.host.impermanence.enable; + assertion = osConfig.storage.impermanence.enable; message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback - (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; - allowOther = true; }; }) ]; diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index c2f93ea..2e3f3fc 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,15 +1,13 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/Anki2/" ]; - allowOther = true; }; }; } diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index e305b6c..040d875 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/Bitwarden" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 8ad5e63..871cca0 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/bruno/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index dbe6e2b..9219f31 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/calibre" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 6c4526f..c5fed5a 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -21,7 +21,6 @@ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 8b6c41a..87786a7 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..cc06bca 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/discord/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 8841887..e50217a 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -22,7 +22,6 @@ # Extension configuration ".mozilla/firefox/${profile}/extension-settings.json" ]; - allowOther = true; }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 89668de..553de9e 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/FreeCAD" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 925a2d9..6ec4a6f 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/GIMP" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index a26ddec..b5f5dbf 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/inkscape" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 05327d1..6773b19 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -28,7 +28,6 @@ in { "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 3ba5560..bbf9416 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -21,7 +21,6 @@ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 93163e7..618acc3 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/libreoffice" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index df1f093..f5cbb0e 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -22,7 +22,6 @@ in { "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index bfdba90..84d49b1 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -10,7 +10,6 @@ directories = [ "${config.xdg.configHome}/obs-studio" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 0e38eec..b3cfd21 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -28,7 +28,6 @@ in { "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index c9d5e14..2372f54 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/OpenRGB" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index bc37b86..b61dd8c 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/MusicBrainz" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 8b42766..6963acb 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/qFlipper" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index fd98cb6..6262eac 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -25,7 +25,6 @@ method = "symlink"; } ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index c3b085d..bc7eddc 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.dataHome}/torbrowser" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index ef6a881..8b0ade8 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/chromium" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 0aa58e4..524576d 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -21,7 +21,6 @@ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 8e9d406..f6a3ce1 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -28,7 +28,6 @@ method = "symlink"; } ]; - allowOther = true; }; } ) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 3385a83..040261a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -400,74 +400,60 @@ in { }; } (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable { - storage.zfs.datasets."persist/system/sops" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + storage.zfs.datasets = lib.mkMerge [ + { + "local/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; + }; + atime = "off"; + relatime = "off"; + }; + } + # Create ZFS datasets for each normal user + (lib.mkMerge ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.blankSnapshot = true; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/persist/home/${user.name}"; + }; + }; + }) + normalUsers + )) + ]; + + # Post resume commands to rollback user home datasets to blank snapshots + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + normalUsers) + ); + + # Create persist home directories with proper permissions + systemd = { + tmpfiles.rules = + builtins.map ( + user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + ) + normalUsers; }; - atime = "off"; - relatime = "off"; - }; - }) + } + ])) ])) - # (lib.mkIf config.host.impermanence.enable { - # boot.initrd.postResumeCommands = lib.mkAfter ( - # lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - # normalUsers) - # ); - - # systemd = { - # tmpfiles.rules = - # builtins.map ( - # user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - # ) - # normalUsers; - # }; - - # fileSystems = lib.mkMerge [ - # ( - # builtins.listToAttrs ( - # builtins.map (user: - # lib.attrsets.nameValuePair "/persist/home/${user.name}" { - # neededForBoot = true; - # }) - # normalUsers - # ) - # ) - # ( - # builtins.listToAttrs ( - # builtins.map (user: - # lib.attrsets.nameValuePair "/home/${user.name}" { - # neededForBoot = true; - # }) - # normalUsers - # ) - # ) - # ]; - - # host.storage.pool.extraDatasets = lib.mkMerge ( - # ( - # builtins.map (user: { - # "local/home/${user.name}" = { - # type = "zfs_fs"; - # mountpoint = "/home/${user.name}"; - # options = { - # canmount = "on"; - # }; - # postCreateHook = '' - # zfs snapshot rpool/local/home/${user.name}@blank - # ''; - # }; - # "persist/home/${user.name}" = { - # type = "zfs_fs"; - # mountpoint = "/persist/home/${user.name}"; - # }; - # }) - # normalUsers - # ) - # ); - # }) ]; } From 61eef3067e36c187b4615b2ad9d1d7101fe4027f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:42:25 -0600 Subject: [PATCH 305/374] feat: made persist build with new impermanence system --- configurations/home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 2 +- modules/home-manager-modules/openssh.nix | 2 +- modules/home-manager-modules/programs/anki.nix | 4 ++-- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/davinci-resolve.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/firefox.nix | 2 +- modules/home-manager-modules/programs/freecad.nix | 2 +- modules/home-manager-modules/programs/gimp.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 2 +- modules/home-manager-modules/programs/inkscape.nix | 2 +- modules/home-manager-modules/programs/kdenlive.nix | 2 +- modules/home-manager-modules/programs/krita.nix | 2 +- modules/home-manager-modules/programs/libreoffice.nix | 2 +- modules/home-manager-modules/programs/makemkv.nix | 2 +- modules/home-manager-modules/programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- modules/home-manager-modules/programs/obsidian.nix | 2 +- modules/home-manager-modules/programs/olympus.nix | 2 +- modules/home-manager-modules/programs/openrgb.nix | 2 +- modules/home-manager-modules/programs/picard.nix | 2 +- modules/home-manager-modules/programs/prostudiomasters.nix | 2 +- modules/home-manager-modules/programs/protonvpn.nix | 2 +- modules/home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/qflipper.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- modules/home-manager-modules/programs/steam.nix | 2 +- modules/home-manager-modules/programs/tor-browser.nix | 2 +- modules/home-manager-modules/programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- modules/home-manager-modules/programs/vmware-workstation.nix | 2 +- 35 files changed, 36 insertions(+), 36 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ea64d56..c61d693 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home/leyla" = { + home.persistence."/persist/home" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 402cccd..67f0ee4 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,7 +26,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home/${config.home.username}" = { + home.persistence."/persist/home" = { directories = ["."]; }; }) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index afc98dd..213ad67 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 2e3f3fc..739245e 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,9 +4,9 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ - "${config.xdg.dataHome}/Anki2/" + ".local/share/Anki2" ]; }; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 040d875..c752669 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 871cca0..768299b 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 9219f31..14e48dc 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index c5fed5a..49c7c47 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 87786a7..abc7c29 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index cc06bca..c62de57 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index e50217a..282c022 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( + home.persistence."/persist/home" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 553de9e..c546794 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 6ec4a6f..c127234 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index e59e7b2..438e345 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index b5f5dbf..8cef5cb 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 6773b19..a130fb8 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index bbf9416..869b10b 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 618acc3..924d2a1 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index e92c3d3..e158c07 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index f5cbb0e..7fb416e 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 84d49b1..5e226cc 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 824563d..91b59b3 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index b3cfd21..2be0084 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 2372f54..94636fc 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index b61dd8c..a6a7887 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 5345169..3653ae4 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 513a610..d04c012 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 61d13c0..37fd464 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 6963acb..8261f5e 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 7db23a7..3dae867 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 6262eac..98b970f 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index bc7eddc..e13dd4c 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 8b0ade8..8ca8ec0 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 524576d..acf2d8c 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index f6a3ce1..30ae692 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ { directory = ".vmware"; From 8aa984a389b949ca4e0fad20c32af931341b2083 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:49:12 -0600 Subject: [PATCH 306/374] feat: made datasets build --- .../nixos-modules/storage/impermanence.nix | 10 +++++- modules/nixos-modules/storage/storage.nix | 34 ++++++++++++------- .../submodules/impermanenceDataset.nix | 4 +-- modules/nixos-modules/users.nix | 8 ----- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 33b4706..4f231bf 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -80,6 +80,15 @@ in { programs.fuse.userAllowOther = true; + fileSystems = + lib.mapAttrs' ( + datasetName: dataset: + lib.nameValuePair "/${datasetName}" { + neededForBoot = true; + } + ) + config.storage.impermanence.datasets; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -101,7 +110,6 @@ in { }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; - # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index d6a2a2b..e9f740b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -35,17 +35,19 @@ }; } (lib.mkIf (!config.storage.impermanence.enable) { - # TODO: create datasets for systemd.services..storage.impermanence.datasets - storage.zfs.datasets = { - "persist/system/root" = { - type = "zfs_fs"; - mount = { - enable = false; - mountPoint = "/"; - }; - snapshot = { - autoSnapshot = true; - }; + storage.zfs.rootDataset = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + compression = "lz4"; + acltype = "posixacl"; + relatime = "on"; + xattr = "sa"; + snapshot = { + autoSnapshot = true; + blankSnapshot = true; }; }; }) @@ -70,8 +72,8 @@ storage.impermanence.datasets = { "persist/system/root" = { mount = { - enable = false; - mountPoint = "/"; + enable = true; + mountPoint = "/persist/system/root"; }; directories = { "/var/lib/nixos".enable = true; @@ -81,6 +83,12 @@ "/etc/machine-id".enable = true; }; }; + "persist/home" = { + mount = { + enable = true; + mountPoint = "/persist/home"; + }; + }; }; # TODO: home-manager.users..storage.impermanence.enable diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 7154e90..0104b88 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -14,14 +14,14 @@ args @ {lib, ...}: {name, ...}: let owner = { name = lib.mkOption { type = lib.types.str; - default = "nouser"; + default = "root"; }; permissions = pathPermissions; }; group = { name = lib.mkOption { type = lib.types.str; - default = "nogroup"; + default = "root"; }; permissions = pathPermissions; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 040261a..bf45ac9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -415,7 +415,6 @@ in { relatime = "off"; }; } - # Create ZFS datasets for each normal user (lib.mkMerge ( builtins.map (user: { "local/home/${user.name}" = { @@ -426,13 +425,6 @@ in { }; snapshot.blankSnapshot = true; }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/persist/home/${user.name}"; - }; - }; }) normalUsers )) From ac0f1ce2e69c3da050f44eb1ed93e54b213de353 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:51:28 -0600 Subject: [PATCH 307/374] feat: updated flake input to use fork --- flake.lock | 19 ++++++++++++++----- flake.nix | 4 +++- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 3c1f2ad..6b33266 100644 --- a/flake.lock +++ b/flake.lock @@ -147,16 +147,25 @@ } }, "impermanence": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", - "owner": "nix-community", + "lastModified": 1762761176, + "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=", + "owner": "jan-leila", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "jan-leila", + "ref": "home-manager-v2", "repo": "impermanence", "type": "github" } diff --git a/flake.nix b/flake.nix index 6f85fa3..f0b9d67 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,9 @@ # delete your darlings impermanence = { - url = "github:nix-community/impermanence"; + url = "github:jan-leila/impermanence/home-manager-v2"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; }; nix-darwin = { From 1eb66d1c31e5dbd8471aa2652b0db11115389444 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Nov 2025 19:27:12 -0600 Subject: [PATCH 308/374] feat: updated pool names --- .../home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 2 +- modules/home-manager-modules/openssh.nix | 2 +- .../home-manager-modules/programs/anki.nix | 2 +- .../programs/bitwarden.nix | 2 +- .../home-manager-modules/programs/bruno.nix | 2 +- .../home-manager-modules/programs/calibre.nix | 2 +- .../programs/davinci-resolve.nix | 2 +- .../home-manager-modules/programs/dbeaver.nix | 2 +- .../home-manager-modules/programs/discord.nix | 2 +- .../home-manager-modules/programs/firefox.nix | 2 +- .../home-manager-modules/programs/freecad.nix | 2 +- .../home-manager-modules/programs/gimp.nix | 2 +- .../home-manager-modules/programs/idea.nix | 2 +- .../programs/inkscape.nix | 2 +- .../programs/kdenlive.nix | 2 +- .../home-manager-modules/programs/krita.nix | 2 +- .../programs/libreoffice.nix | 2 +- .../home-manager-modules/programs/makemkv.nix | 2 +- .../programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- .../programs/obsidian.nix | 2 +- .../home-manager-modules/programs/olympus.nix | 2 +- .../home-manager-modules/programs/openrgb.nix | 2 +- .../home-manager-modules/programs/picard.nix | 2 +- .../programs/prostudiomasters.nix | 2 +- .../programs/protonvpn.nix | 2 +- .../programs/qbittorrent.nix | 2 +- .../programs/qflipper.nix | 2 +- .../home-manager-modules/programs/signal.nix | 2 +- .../home-manager-modules/programs/steam.nix | 2 +- .../programs/tor-browser.nix | 2 +- .../programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- .../programs/vmware-workstation.nix | 2 +- modules/nixos-modules/ollama/storage.nix | 2 +- .../nixos-modules/server/actual/storage.nix | 2 +- .../nixos-modules/server/bazarr/storage.nix | 2 +- .../server/crab-hole/storage.nix | 2 +- .../nixos-modules/server/fail2ban/storage.nix | 2 +- .../server/flaresolverr/storage.nix | 2 +- .../nixos-modules/server/forgejo/storage.nix | 2 +- .../server/home-assistant/storage.nix | 2 +- .../nixos-modules/server/immich/storage.nix | 2 +- .../nixos-modules/server/jackett/storage.nix | 2 +- .../nixos-modules/server/jellyfin/storage.nix | 2 +- .../nixos-modules/server/lidarr/storage.nix | 2 +- .../network_storage/network_storage.nix | 2 +- .../server/panoramax/storage.nix | 2 +- .../server/paperless/storage.nix | 2 +- .../nixos-modules/server/postgres/storage.nix | 2 +- .../server/qbittorent/storage.nix | 2 +- .../nixos-modules/server/radarr/storage.nix | 2 +- .../server/reverseProxy/storage.nix | 2 +- .../nixos-modules/server/sonarr/storage.nix | 2 +- modules/nixos-modules/server/wyoming.nix | 2 +- modules/nixos-modules/ssh.nix | 2 +- .../nixos-modules/storage/impermanence.nix | 4 +-- modules/nixos-modules/storage/storage.nix | 25 +++++++++++-------- modules/nixos-modules/storage/zfs.nix | 4 +-- modules/nixos-modules/sync/storage.nix | 2 +- modules/nixos-modules/tailscale/storage.nix | 2 +- modules/nixos-modules/users.nix | 8 +++--- 63 files changed, 81 insertions(+), 78 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c61d693..4a58cbb 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 67f0ee4..f5e9869 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,7 +26,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = ["."]; }; }) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 213ad67..3e723c9 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 739245e..c54feac 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ ".local/share/Anki2" ]; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index c752669..ade24b6 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 768299b..ced1998 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 14e48dc..74a0cf4 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 49c7c47..c17c8b0 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index abc7c29..f509646 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index c62de57..3f5d72c 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 282c022..e100200 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist/home" = lib.mkMerge ( + home.persistence."/persist/replicate/home" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index c546794..19e08fa 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index c127234..fbe4471 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 438e345..ec9d7d6 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index 8cef5cb..67e5f80 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index a130fb8..2bec5b3 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 869b10b..88d1de9 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 924d2a1..9c3537f 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index e158c07..9fcde8b 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 7fb416e..09894c9 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5e226cc..3a099f7 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 91b59b3..e07beab 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 2be0084..3223d62 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 94636fc..64d6229 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index a6a7887..5d197f8 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 3653ae4..5256f26 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index d04c012..57e50ab 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 37fd464..ee098e0 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 8261f5e..0c7d242 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 3dae867..962a139 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 98b970f..3dd6504 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index e13dd4c..92484ae 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 8ca8ec0..e76eeeb 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index acf2d8c..3a638aa 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 30ae692..277e4bd 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ { directory = ".vmware"; diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix index ff2348e..65bbe26 100644 --- a/modules/nixos-modules/ollama/storage.nix +++ b/modules/nixos-modules/ollama/storage.nix @@ -20,7 +20,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.ollama.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/private/ollama" = { enable = true; owner.name = config.services.ollama.user; diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix index eab0817..cec2eab 100644 --- a/modules/nixos-modules/server/actual/storage.nix +++ b/modules/nixos-modules/server/actual/storage.nix @@ -29,7 +29,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.actual.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDirectory}" = { owner.name = "actual"; group.name = "actual"; diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix index 53a9d9c..c8c7d1d 100644 --- a/modules/nixos-modules/server/bazarr/storage.nix +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.bazarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${bazarr_data_directory}" = { owner.name = "bazarr"; group.name = "bazarr"; diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix index ec38846..caacdf8 100644 --- a/modules/nixos-modules/server/crab-hole/storage.nix +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -25,7 +25,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.crab-hole.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${workingDirectory}" = { owner.name = "crab-hole"; group.name = "crab-hole"; diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix index 6c1f227..02ad3f0 100644 --- a/modules/nixos-modules/server/fail2ban/storage.nix +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -25,7 +25,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.fail2ban.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataFolder}" = { owner.name = "fail2ban"; group.name = "fail2ban"; diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix index 657bcc6..da52480 100644 --- a/modules/nixos-modules/server/flaresolverr/storage.nix +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -14,7 +14,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.flaresolverr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/flaresolverr" = { owner.name = "flaresolverr"; group.name = "flaresolverr"; diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix index 31304e7..d7b54b9 100644 --- a/modules/nixos-modules/server/forgejo/storage.nix +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.forgejo.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${stateDir}" = { owner.name = "forgejo"; group.name = "forgejo"; diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix index 231387b..00831c4 100644 --- a/modules/nixos-modules/server/home-assistant/storage.nix +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.home-assistant.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${configDir}" = { owner.name = "hass"; group.name = "hass"; diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix index 65b4bed..cd9f935 100644 --- a/modules/nixos-modules/server/immich/storage.nix +++ b/modules/nixos-modules/server/immich/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.immich.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${mediaLocation}" = { owner.name = "immich"; group.name = "immich"; diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix index 6056c9c..eaa0bc9 100644 --- a/modules/nixos-modules/server/jackett/storage.nix +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.jackett.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${jackett_data_directory}" = { owner.name = "jackett"; group.name = "jackett"; diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 867b936..2854cb8 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -30,7 +30,7 @@ in { }) (lib.mkIf config.services.jellyfin.impermanence.enable { storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { directories = { "${jellyfin_data_directory}" = { enable = true; diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix index 9d818ff..57c568c 100644 --- a/modules/nixos-modules/server/lidarr/storage.nix +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.lidarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${lidarr_data_directory}" = { owner.name = "lidarr"; group.name = "lidarr"; diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix index ebc3bee..b9d0446 100644 --- a/modules/nixos-modules/server/network_storage/network_storage.nix +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -74,7 +74,7 @@ in { ); } # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { + # environment.persistence."/persist/replicate/system/root" = { # enable = true; # hideMounts = true; # directories = [ diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix index 52d9d74..164c9bb 100644 --- a/modules/nixos-modules/server/panoramax/storage.nix +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -21,7 +21,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.panoramax.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/panoramax" = { owner.name = "panoramax"; group.name = "panoramax"; diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix index 6f74441..381e45b 100644 --- a/modules/nixos-modules/server/paperless/storage.nix +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.paperless.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "paperless"; group.name = "paperless"; diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix index 0ec0eb2..068c93f 100644 --- a/modules/nixos-modules/server/postgres/storage.nix +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.postgresql.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "postgres"; group.name = "postgres"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 02d4757..0bb01e3 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -27,7 +27,7 @@ in { lib.mkIf config.services.qbittorrent.impermanence.enable { storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { directories."${qbittorent_profile_directory}" = { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix index 82d2bf8..a9b4901 100644 --- a/modules/nixos-modules/server/radarr/storage.nix +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.radarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${radarr_data_directory}" = { owner.name = "radarr"; group.name = "radarr"; diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix index c4ee04a..29a3120 100644 --- a/modules/nixos-modules/server/reverseProxy/storage.nix +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -16,7 +16,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.reverseProxy.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "acme"; group.name = "acme"; diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix index c74a7b8..aebd0a9 100644 --- a/modules/nixos-modules/server/sonarr/storage.nix +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.sonarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${sonarr_data_directory}" = { owner.name = "sonarr"; group.name = "sonarr"; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index c9a1474..1df6877 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -48,7 +48,7 @@ systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; } (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { + environment.persistence."/persist/replicate/system/root" = { enable = true; hideMounts = true; directories = [ diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 20e7881..dd70918 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -32,7 +32,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.openssh.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { files = builtins.listToAttrs ( lib.lists.flatten ( builtins.map (hostKey: [ diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 4f231bf..db0deb0 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -72,8 +72,8 @@ in { "var-lib-private-permissions" = { deps = ["specialfs"]; text = '' - mkdir -p /persist/system/root/var/lib/private - chmod 0700 /persist/system/root/var/lib/private + mkdir -p /persist/replicate/system/root/var/lib/private + chmod 0700 /persist/replicate/system/root/var/lib/private ''; }; }; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index e9f740b..2708f6b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -10,7 +10,7 @@ lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { storage.zfs.datasets = { - "persist/system/nix" = { + "persist/local/nix" = { type = "zfs_fs"; mount = { enable = true; @@ -22,15 +22,12 @@ atime = "off"; relatime = "off"; }; - "persist/system/var/log" = { + "persist/replicate/system/var/log" = { type = "zfs_fs"; mount = { enable = true; mountPoint = "/var/log"; }; - snapshot = { - autoSnapshot = false; - }; }; }; } @@ -53,11 +50,11 @@ }) (lib.mkIf config.storage.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/ephemeral/system/root@blank ''; storage.zfs.datasets = { - "local/system/root" = { + "ephemeral/system/root" = { type = "zfs_fs"; mount = { enable = true; @@ -70,10 +67,13 @@ }; storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { mount = { enable = true; - mountPoint = "/persist/system/root"; + mountPoint = "/persist/replicate/system/root"; + }; + snapshot = { + autoSnapshot = true; }; directories = { "/var/lib/nixos".enable = true; @@ -83,10 +83,13 @@ "/etc/machine-id".enable = true; }; }; - "persist/home" = { + "persist/replicate/home" = { mount = { enable = true; - mountPoint = "/persist/home"; + mountPoint = "/persist/replicate/home"; + }; + snapshot = { + autoSnapshot = true; }; }; }; diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 451e226..1942e8d 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -170,7 +170,7 @@ in { }; cache = lib.mkOption { type = lib.types.listOf deviceType; - default = {}; + default = []; }; }; @@ -264,7 +264,7 @@ in { members = builtins.map (device: hashDisk device.device) vdev; }) config.storage.zfs.pool.vdevs; - cache = builtins.map (device: hashDisk device.device) (builtins.attrValues config.storage.zfs.pool.cache); + cache = builtins.map (device: hashDisk device.device) config.storage.zfs.pool.cache; }; }; diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix index a58a49f..7532045 100644 --- a/modules/nixos-modules/sync/storage.nix +++ b/modules/nixos-modules/sync/storage.nix @@ -36,7 +36,7 @@ in { }) config.services.syncthing.settings.folders; - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories = { "${mountDir}" = { enable = true; diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix index 9533aef..a417aaf 100644 --- a/modules/nixos-modules/tailscale/storage.nix +++ b/modules/nixos-modules/tailscale/storage.nix @@ -22,7 +22,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.tailscale.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${tailscale_data_directory}" = { enable = true; owner.name = "root"; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index bf45ac9..241ab6c 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -405,7 +405,7 @@ in { # sops age key needs to be available to pre persist for user generation storage.zfs.datasets = lib.mkMerge [ { - "local/system/sops" = { + "persist/local/system/sops" = { type = "zfs_fs"; mount = { enable = true; @@ -417,7 +417,7 @@ in { } (lib.mkMerge ( builtins.map (user: { - "local/home/${user.name}" = { + "ephemeral/home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; @@ -432,7 +432,7 @@ in { # Post resume commands to rollback user home datasets to blank snapshots boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") normalUsers) ); @@ -440,7 +440,7 @@ in { systemd = { tmpfiles.rules = builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" ) normalUsers; }; From eb379816adc758207c4decdead031a56508002ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Nov 2025 22:15:22 -0600 Subject: [PATCH 309/374] chore: added research note to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a50813e..d29ba58 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ - proton mail now has an smtp server we could use that for our zfs and SMART test emails +- VR https://lvra.gitlab.io/docs/distros/nixos/ # Tasks: From f8edad75bf526a819a698a6df813bcecc2c06b4f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Nov 2025 22:06:32 -0600 Subject: [PATCH 310/374] feat: updated user configs to better match original config --- modules/nixos-modules/storage/storage.nix | 14 +++ .../storage/submodules/dataset.nix | 6 +- modules/nixos-modules/users.nix | 104 ++++++++++-------- 3 files changed, 73 insertions(+), 51 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 2708f6b..be514d7 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -10,6 +10,16 @@ lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { storage.zfs.datasets = { + "persist" = { + type = "zfs_fs"; + }; + "persist/local" = { + type = "zfs_fs"; + }; + "persist/replicate" = { + type = "zfs_fs"; + }; + "persist/local/nix" = { type = "zfs_fs"; mount = { @@ -22,6 +32,7 @@ atime = "off"; relatime = "off"; }; + "persist/replicate/system/var/log" = { type = "zfs_fs"; mount = { @@ -54,6 +65,9 @@ ''; storage.zfs.datasets = { + "ephemeral" = { + type = "zfs_fs"; + }; "ephemeral/system/root" = { type = "zfs_fs"; mount = { diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 3de7719..5199f98 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -73,11 +73,7 @@ snapshot = { # This option should set this option flag # "com.sun:auto-snapshot" = "false"; - autoSnapshot = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable automatic snapshots for this dataset"; - }; + autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset"; # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 241ab6c..ab123b9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -399,53 +399,65 @@ in { }; }; } - (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets = lib.mkMerge [ - { - "persist/local/system/sops" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; - }; - atime = "off"; - relatime = "off"; - }; - } - (lib.mkMerge ( - builtins.map (user: { - "ephemeral/home/${user.name}" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; - snapshot.blankSnapshot = true; - }; - }) - normalUsers - )) - ]; - - # Post resume commands to rollback user home datasets to blank snapshots - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") - normalUsers) - ); - - # Create persist home directories with proper permissions - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + storage.zfs.datasets."persist/local/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; }; - } - ])) + atime = "off"; + relatime = "off"; + }; + } + (lib.mkIf (!config.storage.impermanence.enable) { + storage.zfs.datasets = lib.mkMerge ( + builtins.map (user: { + "persist/replicate/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.autoSnapshot = true; + }; + }) + normalUsers + ); + }) + (lib.mkIf config.storage.impermanence.enable { + storage.zfs.datasets = lib.mkMerge ( + builtins.map (user: { + "ephemeral/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.blankSnapshot = true; + }; + }) + normalUsers + ); + + # Post resume commands to rollback user home datasets to blank snapshots + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") + normalUsers) + ); + + # TODO: I don't think we need this anymore but I have not tested it + # Create persist home directories with proper permissions + # systemd = { + # tmpfiles.rules = + # builtins.map ( + # user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" + # ) + # normalUsers; + # }; + }) ])) ]; } From 69a60155885b267619346be662f9181b2c6a2f6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Nov 2025 22:36:31 -0600 Subject: [PATCH 311/374] feat: added friture package to eve --- configurations/home-manager/eve/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index fb8d8a4..f650a70 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ gnomeExtensions.dash-to-panel claude-code + friture ] ); From 757a3892e12f58ab078341c19e1d6172ef318e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Nov 2025 13:39:53 -0600 Subject: [PATCH 312/374] feat: updated interface for storage --- .../nixos-modules/server/jellyfin/storage.nix | 2 +- .../server/qbittorent/storage.nix | 2 +- modules/nixos-modules/storage/storage.nix | 287 ++++++++++++------ .../storage/submodules/dataset.nix | 1 - 4 files changed, 196 insertions(+), 96 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 2854cb8..79d0605 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -44,7 +44,7 @@ in { }; }; }; - "persist/system/jellyfin" = { + "persist/replicate/system/jellyfin" = { atime = "off"; relatime = "off"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 0bb01e3..32244ca 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -33,7 +33,7 @@ in { group.name = "qbittorrent"; }; }; - "persist/system/qbittorrent" = { + "persist/replicate/system/qbittorrent" = { directories."${config.services.qbittorrent.mediaDir}" = { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index be514d7..7d14dd7 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -1,49 +1,155 @@ -{ +args @ { lib, config, ... -}: { - # TODO: create all of the datasets from option and home-manager datasets - # TODO: set up datasets for systemd services that want a dataset created +}: let + datasetSubmodule = (import ./submodules/dataset.nix) args; + impermanenceDatasetSubmodule = (import ./submodules/impermanenceDataset.nix) args; + + # Get the option names from both submodules to automatically determine which are impermanence-specific + regularDatasetEval = lib.evalModules { + modules = [datasetSubmodule]; + specialArgs = args; + }; + impermanenceDatasetEval = lib.evalModules { + modules = [impermanenceDatasetSubmodule]; + specialArgs = args; + }; + + regularDatasetOptions = builtins.attrNames regularDatasetEval.options; + impermanenceDatasetOptions = builtins.attrNames impermanenceDatasetEval.options; + + # Find options that are only in impermanence datasets (not in regular ZFS datasets) + impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; +in { + options.storage.datasets = { + ephemeral = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + default = {}; + }; + local = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + replicate = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + }; + config = lib.mkMerge [ - ( - lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - storage.zfs.datasets = { - "persist" = { - type = "zfs_fs"; + (lib.mkIf config.storage.zfs.enable { + # Create ZFS datasets based on storage.datasets configuration + }) + (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { + storage.datasets = { + ephemeral = { + "" = { + type = "zfs_fs"; + }; + "system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; }; - "persist/local" = { - type = "zfs_fs"; - }; - "persist/replicate" = { - type = "zfs_fs"; - }; - - "persist/local/nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; - - "persist/replicate/system/var/log" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + snapshot = { + blankSnapshot = true; }; }; - } - (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.rootDataset = { + }; + local = { + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; + }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + }; + "system/root" = { + mount = { + enable = true; + mountPoint = "/persist/replicate/system/root"; + }; + snapshot = { + autoSnapshot = true; + }; + directories = { + "/var/lib/nixos".enable = true; + "/var/lib/systemd/coredump".enable = true; + }; + files = { + "/etc/machine-id".enable = true; + }; + }; + "home" = { + mount = { + enable = true; + mountPoint = "/persist/replicate/home"; + }; + snapshot = { + autoSnapshot = true; + }; + }; + }; + }; + + storage.zfs.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "ephemeral" + else "ephemeral/${name}"; + value = dataset; + }) + config.storage.datasets.ephemeral) + ]; + + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/ephemeral/system/root@blank + ''; + + storage.impermanence.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/local" + else "persist/local/${name}"; + value = dataset; + }) + config.storage.datasets.local) + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/replicate" + else "persist/replicate/${name}"; + value = dataset; + }) + config.storage.datasets.replicate) + ]; + }) + (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable) { + storage.datasets = { + # Base organizational datasets (only needed when impermanence is disabled) + local = { + "" = { + type = "zfs_fs"; + }; + "root" = { type = "zfs_fs"; mount = { enable = true; @@ -58,63 +164,58 @@ blankSnapshot = true; }; }; - }) - (lib.mkIf config.storage.impermanence.enable { - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/ephemeral/system/root@blank - ''; - - storage.zfs.datasets = { - "ephemeral" = { - type = "zfs_fs"; + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; }; - "ephemeral/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - snapshot = { - blankSnapshot = true; - }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "" = { + type = "zfs_fs"; + }; + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; }; }; + }; + }; - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/system/root"; - }; - snapshot = { - autoSnapshot = true; - }; - directories = { - "/var/lib/nixos".enable = true; - "/var/lib/systemd/coredump".enable = true; - }; - files = { - "/etc/machine-id".enable = true; - }; - }; - "persist/replicate/home" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/home"; - }; - snapshot = { - autoSnapshot = true; - }; - }; - }; - - # TODO: home-manager.users..storage.impermanence.enable - # is false then persist the entire directory of the user - # if true persist home-manager.users..storage.impermanence.datasets - # TODO: systemd.services..storage.datasets persists - }) - ]) - ) - # TODO: configure other needed storage modes here + storage.zfs.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/local" + else "persist/local/${name}"; + value = builtins.removeAttrs dataset impermanenceOnlyOptions; + }) + config.storage.datasets.local) + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/replicate" + else "persist/replicate/${name}"; + value = builtins.removeAttrs dataset impermanenceOnlyOptions; + }) + config.storage.datasets.replicate) + ]; + }) ]; + + # TODO: set up datasets for systemd services that want a dataset created + # TODO: home-manager.users..storage.impermanence.enable + # is false then persist the entire directory of the user + # if true persist home-manager.users..storage.impermanence.datasets + # TODO: systemd.services..storage.datasets persists + # TODO: configure other needed storage modes here } diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 5199f98..0b57886 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -72,7 +72,6 @@ snapshot = { # This option should set this option flag - # "com.sun:auto-snapshot" = "false"; autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset"; # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; From c2701ea8f0605cb8744ab53bf206a756685bc396 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Nov 2025 16:37:10 -0600 Subject: [PATCH 313/374] feat: moved services over to using the new storage datasets --- modules/nixos-modules/ollama/storage.nix | 60 +++++------ .../nixos-modules/server/actual/storage.nix | 35 ++----- .../nixos-modules/server/bazarr/storage.nix | 31 ++---- .../server/crab-hole/storage.nix | 32 ++---- .../nixos-modules/server/fail2ban/storage.nix | 31 ++---- .../server/flaresolverr/storage.nix | 23 ++--- .../nixos-modules/server/forgejo/storage.nix | 31 ++---- .../server/home-assistant/storage.nix | 31 ++---- .../nixos-modules/server/immich/storage.nix | 31 ++---- .../nixos-modules/server/jackett/storage.nix | 31 ++---- .../nixos-modules/server/jellyfin/storage.nix | 99 ++++++++----------- .../nixos-modules/server/lidarr/storage.nix | 31 ++---- .../server/panoramax/storage.nix | 30 ++---- .../server/paperless/storage.nix | 31 ++---- .../nixos-modules/server/postgres/storage.nix | 31 ++---- .../server/qbittorent/storage.nix | 78 ++++++--------- .../nixos-modules/server/radarr/storage.nix | 31 ++---- .../server/reverseProxy/storage.nix | 23 ++--- .../nixos-modules/server/sonarr/storage.nix | 31 ++---- modules/nixos-modules/ssh.nix | 69 ++++++------- modules/nixos-modules/sync/storage.nix | 57 +++-------- modules/nixos-modules/tailscale/storage.nix | 30 ++---- modules/nixos-modules/users.nix | 10 +- 23 files changed, 281 insertions(+), 606 deletions(-) diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix index 65bbe26..6ab0fc8 100644 --- a/modules/nixos-modules/ollama/storage.nix +++ b/modules/nixos-modules/ollama/storage.nix @@ -10,40 +10,28 @@ }; }; - config = lib.mkIf config.services.ollama.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Ollama needs persistent storage for models and configuration - } - (lib.mkIf (!config.services.ollama.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.ollama.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/private/ollama" = { - enable = true; - owner.name = config.services.ollama.user; - group.name = config.services.ollama.group; - owner.permissions = { - read = true; - write = true; - execute = false; - }; - group.permissions = { - read = false; - write = false; - execute = false; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf (config.services.ollama.enable) { + storage.datasets.replicate."system/root" = { + directories."/var/lib/private/ollama" = lib.mkIf config.services.ollama.impermanence.enable { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix index cec2eab..d6b904e 100644 --- a/modules/nixos-modules/server/actual/storage.nix +++ b/modules/nixos-modules/server/actual/storage.nix @@ -11,31 +11,12 @@ in { default = config.services.actual.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - } - (lib.mkIf (!config.services.actual.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.actual.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDirectory}" = { - owner.name = "actual"; - group.name = "actual"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.actual.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDirectory}" = lib.mkIf config.services.actual.impermanence.enable { + owner.name = "actual"; + group.name = "actual"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix index c8c7d1d..a243d4c 100644 --- a/modules/nixos-modules/server/bazarr/storage.nix +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.bazarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.bazarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.bazarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${bazarr_data_directory}" = { - owner.name = "bazarr"; - group.name = "bazarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.bazarr.enable { + storage.datasets.replicate."system/root" = { + directories."${bazarr_data_directory}" = lib.mkIf config.services.bazarr.impermanence.enable { + owner.name = "bazarr"; + group.name = "bazarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix index caacdf8..827fb25 100644 --- a/modules/nixos-modules/server/crab-hole/storage.nix +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -10,28 +10,12 @@ in { default = config.services.crab-hole.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.crab-hole.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.crab-hole.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${workingDirectory}" = { - owner.name = "crab-hole"; - group.name = "crab-hole"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.crab-hole.enable { + storage.datasets.replicate."system/root" = { + directories."${workingDirectory}" = lib.mkIf config.services.crab-hole.impermanence.enable { + owner.name = "crab-hole"; + group.name = "crab-hole"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix index 02ad3f0..1ef02c7 100644 --- a/modules/nixos-modules/server/fail2ban/storage.nix +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -11,27 +11,12 @@ in { default = config.services.fail2ban.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.fail2ban.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.fail2ban.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataFolder}" = { - owner.name = "fail2ban"; - group.name = "fail2ban"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.fail2ban.enable { + storage.datasets.replicate."system/root" = { + directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable { + owner.name = "fail2ban"; + group.name = "fail2ban"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix index da52480..919318c 100644 --- a/modules/nixos-modules/server/flaresolverr/storage.nix +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -8,19 +8,12 @@ default = config.services.flaresolverr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.flaresolverr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.flaresolverr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/flaresolverr" = { - owner.name = "flaresolverr"; - group.name = "flaresolverr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.flaresolverr.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/flaresolverr" = lib.mkIf config.services.flaresolverr.impermanence.enable { + owner.name = "flaresolverr"; + group.name = "flaresolverr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix index d7b54b9..da30ed9 100644 --- a/modules/nixos-modules/server/forgejo/storage.nix +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.forgejo.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.forgejo.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.forgejo.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${stateDir}" = { - owner.name = "forgejo"; - group.name = "forgejo"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.forgejo.enable { + storage.datasets.replicate."system/root" = { + directories."${stateDir}" = lib.mkIf config.services.forgejo.impermanence.enable { + owner.name = "forgejo"; + group.name = "forgejo"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix index 00831c4..60e5085 100644 --- a/modules/nixos-modules/server/home-assistant/storage.nix +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.home-assistant.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.home-assistant.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.home-assistant.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${configDir}" = { - owner.name = "hass"; - group.name = "hass"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.home-assistant.enable { + storage.datasets.replicate."system/root" = { + directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable { + owner.name = "hass"; + group.name = "hass"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix index cd9f935..de24329 100644 --- a/modules/nixos-modules/server/immich/storage.nix +++ b/modules/nixos-modules/server/immich/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.immich.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.immich.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.immich.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${mediaLocation}" = { - owner.name = "immich"; - group.name = "immich"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.immich.enable { + storage.datasets.replicate."system/root" = { + directories."${mediaLocation}" = lib.mkIf config.services.immich.impermanence.enable { + owner.name = "immich"; + group.name = "immich"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix index eaa0bc9..5f202e6 100644 --- a/modules/nixos-modules/server/jackett/storage.nix +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.jackett.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jackett.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jackett.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jackett.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${jackett_data_directory}" = { - owner.name = "jackett"; - group.name = "jackett"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.jackett.enable { + storage.datasets.replicate."system/root" = { + directories."${jackett_data_directory}" = lib.mkIf config.services.jackett.impermanence.enable { + owner.name = "jackett"; + group.name = "jackett"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 79d0605..98f7a8c 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -11,66 +11,47 @@ in { default = config.services.jellyfin.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jellyfin.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jellyfin.impermanence.enable { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories = { - "${jellyfin_data_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - "${jellyfin_cache_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - }; + config = lib.mkIf config.services.jellyfin.enable { + storage.datasets.replicate = { + "system/root" = { + directories = { + "${jellyfin_data_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; - "persist/replicate/system/jellyfin" = { - atime = "off"; - relatime = "off"; - - directories."${config.services.jellyfin.media_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin_media"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; + "${jellyfin_cache_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; }; - }) - ])) - ]); + }; + "system/jellyfin" = { + atime = "off"; + relatime = "off"; + + directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin_media"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix index 57c568c..c4c020e 100644 --- a/modules/nixos-modules/server/lidarr/storage.nix +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.lidarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.lidarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.lidarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${lidarr_data_directory}" = { - owner.name = "lidarr"; - group.name = "lidarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.lidarr.enable { + storage.datasets.replicate."system/root" = { + directories."${lidarr_data_directory}" = lib.mkIf config.services.lidarr.impermanence.enable { + owner.name = "lidarr"; + group.name = "lidarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix index 164c9bb..b36e087 100644 --- a/modules/nixos-modules/server/panoramax/storage.nix +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -8,26 +8,12 @@ default = config.services.panoramax.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - } - (lib.mkIf (!config.services.panoramax.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.panoramax.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/panoramax" = { - owner.name = "panoramax"; - group.name = "panoramax"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.panoramax.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/panoramax" = lib.mkIf config.services.panoramax.impermanence.enable { + owner.name = "panoramax"; + group.name = "panoramax"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix index 381e45b..6e17bc2 100644 --- a/modules/nixos-modules/server/paperless/storage.nix +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.paperless.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.paperless.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.paperless.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "paperless"; - group.name = "paperless"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.paperless.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable { + owner.name = "paperless"; + group.name = "paperless"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix index 068c93f..58a84a6 100644 --- a/modules/nixos-modules/server/postgres/storage.nix +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.postgresql.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.postgresql.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.postgresql.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "postgres"; - group.name = "postgres"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.postgresql.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.postgresql.impermanence.enable { + owner.name = "postgres"; + group.name = "postgres"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 32244ca..8dabab8 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -10,53 +10,35 @@ in { default = config.services.qbittorrent.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.qbittorrent.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - ( - lib.mkIf config.services.qbittorrent.impermanence.enable - { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories."${qbittorent_profile_directory}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - }; - }; - "persist/replicate/system/qbittorrent" = { - directories."${config.services.qbittorrent.mediaDir}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = true; - write = false; - execute = true; - }; - }; - }; + config = lib.mkIf config.services.qbittorrent.enable { + storage.datasets.replicate = { + "system/root" = { + directories."${qbittorent_profile_directory}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + }; + }; + "system/qbittorrent" = { + directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + owner.permissions = { + read = true; + write = true; + execute = true; }; - } - ) - ])) - ]); + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = true; + write = false; + execute = true; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix index a9b4901..8f991c0 100644 --- a/modules/nixos-modules/server/radarr/storage.nix +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.radarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.radarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.radarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.radarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${radarr_data_directory}" = { - owner.name = "radarr"; - group.name = "radarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.radarr.enable { + storage.datasets.replicate."system/root" = { + directories."${radarr_data_directory}" = lib.mkIf config.services.radarr.impermanence.enable { + owner.name = "radarr"; + group.name = "radarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix index 29a3120..62b5451 100644 --- a/modules/nixos-modules/server/reverseProxy/storage.nix +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -10,19 +10,12 @@ in { default = config.services.reverseProxy.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.reverseProxy.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.reverseProxy.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "acme"; - group.name = "acme"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.reverseProxy.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.reverseProxy.impermanence.enable { + owner.name = "acme"; + group.name = "acme"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix index aebd0a9..8587751 100644 --- a/modules/nixos-modules/server/sonarr/storage.nix +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.sonarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.sonarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.sonarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${sonarr_data_directory}" = { - owner.name = "sonarr"; - group.name = "sonarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.sonarr.enable { + storage.datasets.replicate."system/root" = { + directories."${sonarr_data_directory}" = lib.mkIf config.services.sonarr.impermanence.enable { + owner.name = "sonarr"; + group.name = "sonarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index dd70918..6fe8e5c 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -10,46 +10,35 @@ }; }; - config = lib.mkMerge [ - { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; + config = { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; }; }; - } - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # SSH host keys need to be persisted to maintain server identity - } - (lib.mkIf (!config.services.openssh.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.openssh.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - files = builtins.listToAttrs ( - lib.lists.flatten ( - builtins.map (hostKey: [ - { - name = hostKey.path; - value = {enable = true;}; - } - { - name = "${hostKey.path}.pub"; - value = {enable = true;}; - } - ]) - config.services.openssh.hostKeys - ) - ); - }; - }) - ])) - ]; + }; + + storage.datasets.replicate."system/root" = { + files = lib.mkIf config.services.openssh.impermanence.enable (builtins.listToAttrs ( + lib.lists.flatten ( + builtins.map (hostKey: [ + { + name = hostKey.path; + value = {enable = true;}; + } + { + name = "${hostKey.path}.pub"; + value = {enable = true;}; + } + ]) + config.services.openssh.hostKeys + ) + )); + }; + }; } diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix index 7532045..61bf855 100644 --- a/modules/nixos-modules/sync/storage.nix +++ b/modules/nixos-modules/sync/storage.nix @@ -13,45 +13,20 @@ in { }; }; - config = lib.mkIf config.services.syncthing.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Syncthing needs persistent storage for configuration and data - } - (lib.mkIf (!config.services.syncthing.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.syncthing.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - - storage.impermanence.datasets."persist/replicate/system/root" = { - directories = { - "${mountDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - "${configDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.syncthing.enable { + storage.datasets.replicate."system/root" = { + directories = { + "${mountDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix index a417aaf..7ac7e9a 100644 --- a/modules/nixos-modules/tailscale/storage.nix +++ b/modules/nixos-modules/tailscale/storage.nix @@ -12,25 +12,13 @@ in { }; }; - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Tailscale needs persistent storage for keys and configuration - } - (lib.mkIf (!config.services.tailscale.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.tailscale.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${tailscale_data_directory}" = { - enable = true; - owner.name = "root"; - group.name = "root"; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.tailscale.enable { + storage.datasets.replicate."system/root" = { + directories."${tailscale_data_directory}" = lib.mkIf config.services.tailscale.impermanence.enable { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ab123b9..4018db5 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -402,7 +402,7 @@ in { (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets."persist/local/system/sops" = { + storage.datasets.local."system/sops" = { type = "zfs_fs"; mount = { enable = true; @@ -413,9 +413,9 @@ in { }; } (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.replicate = lib.mkMerge ( builtins.map (user: { - "persist/replicate/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; @@ -428,9 +428,9 @@ in { ); }) (lib.mkIf config.storage.impermanence.enable { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.ephemeral = lib.mkMerge ( builtins.map (user: { - "ephemeral/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; From dfcacdc6fbcb028395b834972d36f4ca461c9fa7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Nov 2025 00:04:03 -0600 Subject: [PATCH 314/374] feat: moved some datasets to common zfs storage config --- modules/nixos-modules/storage/storage.nix | 58 ++++++++++++----------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 7d14dd7..1b85010 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -40,6 +40,37 @@ in { config = lib.mkMerge [ (lib.mkIf config.storage.zfs.enable { # Create ZFS datasets based on storage.datasets configuration + storage.datasets = { + local = { + "" = { + type = "zfs_fs"; + }; + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; + }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "" = { + type = "zfs_fs"; + }; + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + }; + }; + }; }) (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { storage.datasets = { @@ -58,28 +89,7 @@ in { }; }; }; - local = { - "nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; - }; replicate = { - "system/var/log" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; - }; "system/root" = { mount = { enable = true; @@ -146,9 +156,6 @@ in { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { - "" = { - type = "zfs_fs"; - }; "root" = { type = "zfs_fs"; mount = { @@ -178,9 +185,6 @@ in { }; }; replicate = { - "" = { - type = "zfs_fs"; - }; "system/var/log" = { type = "zfs_fs"; mount = { From e196541f2a0544569709b046877e946add3a3ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Nov 2025 00:12:29 -0600 Subject: [PATCH 315/374] feat: filter out impermanence datasets that dont do anything --- modules/nixos-modules/storage/impermanence.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index db0deb0..8f6d6d8 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -109,7 +109,14 @@ in { }; }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) - config.storage.impermanence.datasets; + (lib.filterAttrs ( + datasetName: dataset: let + enabledDirectories = lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories; + enabledFiles = lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files; + in + (enabledDirectories != {}) || (enabledFiles != {}) + ) + config.storage.impermanence.datasets); } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = From ecdd407abe8b5b3e2559977589fb935f112b1e37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Nov 2025 17:56:31 -0600 Subject: [PATCH 316/374] feat: switched jellyfin media and qbittorent media to being the same dataset --- modules/nixos-modules/server/jellyfin/storage.nix | 2 +- modules/nixos-modules/server/qbittorent/storage.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 98f7a8c..f6887b2 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -27,7 +27,7 @@ in { }; }; }; - "system/jellyfin" = { + "system/media" = { atime = "off"; relatime = "off"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 8dabab8..edb9fb1 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -18,7 +18,7 @@ in { group.name = "qbittorrent"; }; }; - "system/qbittorrent" = { + "system/media" = { directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { owner.name = "qbittorrent"; group.name = "qbittorrent"; From c501b1688ea9c7ac955cbf24cf109a620b2f0ecf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Nov 2025 18:15:13 -0600 Subject: [PATCH 317/374] build: updated flake.lock --- flake.lock | 56 +++++++++---------- .../home-manager-modules/programs/discord.nix | 10 ---- util/default.nix | 2 +- 3 files changed, 29 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 3c1f2ad..e9d259b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1762488230, - "narHash": "sha256-b7FFUa+bQ8m5din6ylspTTeQvhTf7NNDwC3fPOwCkx4=", + "lastModified": 1763697825, + "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "05e744e2e2d174b2fd445e51ad38fb8356001a18", + "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1762463325, - "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=", + "lastModified": 1763748372, + "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", "owner": "nix-community", "repo": "home-manager", - "rev": "0562fef070a1027325dd4ea10813d64d2c967b39", + "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1761960361, - "narHash": "sha256-FvuAw56NIVJpS3Kr8Wv9PpU4eehZMcdIVkxjStuYmqc=", + "lastModified": 1763435414, + "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", "ref": "refs/heads/main", - "rev": "c47f62187601ea2991b79a9bacdbfdf76cd29fbe", - "revCount": 167, + "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", + "revCount": 169, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1762501326, - "narHash": "sha256-QbhsksHaIN6qU3oXhwUFbYycKX1GRxObpQSWAM5fhRY=", + "lastModified": 1763505477, + "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e2b82ebd0f990a5d1b68fcc761b3d6383c86ccfd", + "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1762480525, - "narHash": "sha256-7akzuLV8uKP3ym67TJoSIT5hTeC5FG8H745Y/7/7J+8=", + "lastModified": 1763690163, + "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b8b0b207dc13cb7b004f9d0c1d2b76a85e9494c8", + "rev": "590349d9faeb398a037205c2927ffbaede980539", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762463231, - "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..71b09b2 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -1,19 +1,9 @@ { lib, - pkgs, config, ... }: { - options.programs.discord = { - enable = lib.mkEnableOption "enable discord"; - }; - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - discord - ]; - } ( lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/util/default.nix b/util/default.nix index 97bfa49..66e300b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -79,7 +79,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 29221143670076a629dc26c8a541d5b1a3c629d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 11:51:53 -0600 Subject: [PATCH 318/374] fix: fixed file system resolution --- modules/nixos-modules/storage/storage.nix | 72 +++++++------------ .../storage/submodules/dataset.nix | 14 ++-- .../submodules/impermanenceDataset.nix | 5 +- modules/nixos-modules/storage/zfs.nix | 4 +- modules/nixos-modules/users.nix | 15 +--- 5 files changed, 36 insertions(+), 74 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 1b85010..6cff4f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -42,15 +42,9 @@ in { # Create ZFS datasets based on storage.datasets configuration storage.datasets = { local = { - "" = { - type = "zfs_fs"; - }; "nix" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; + mount = "/nix"; snapshot = { autoSnapshot = false; }; @@ -59,15 +53,9 @@ in { }; }; replicate = { - "" = { - type = "zfs_fs"; - }; "system/var/log" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + mount = "/var/log"; }; }; }; @@ -77,24 +65,29 @@ in { ephemeral = { "" = { type = "zfs_fs"; + mount = null; }; "system/root" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; + mount = "/"; snapshot = { blankSnapshot = true; }; }; }; + # TODO: can we auto set the mount points on these to just be `"/persist/local/${name}"` + local = { + "" = { + mount = "/persist/local/"; + }; + }; + # TODO: can we auto set the mount points on these to just be `"/persist/replicate/${name}"` replicate = { + "" = { + mount = "/persist/replicate/"; + }; "system/root" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/system/root"; - }; + mount = "/persist/replicate/system/root"; snapshot = { autoSnapshot = true; }; @@ -107,10 +100,7 @@ in { }; }; "home" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/home"; - }; + mount = "/persist/replicate/home"; snapshot = { autoSnapshot = true; }; @@ -156,12 +146,13 @@ in { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { + "" = { + type = "zfs_fs"; + mount = ""; + }; "root" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; + mount = "/"; compression = "lz4"; acltype = "posixacl"; relatime = "on"; @@ -171,26 +162,15 @@ in { blankSnapshot = true; }; }; - "nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; }; replicate = { + "" = { + type = "zfs_fs"; + mount = null; + }; "system/var/log" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + mount = "/var/log"; }; }; }; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 0b57886..2a45552 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -42,16 +42,10 @@ description = "Synchronous write behavior"; }; - mount = { - enable = lib.mkOption { - type = lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"]); - default = true; - description = "Whether and how the dataset should be mounted"; - }; - mountPoint = lib.mkOption { - type = lib.types.str; - description = "Controls the mount point used for this file system"; - }; + mount = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "Controls the mount point used for this file system"; + default = null; }; encryption = { diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 0104b88..4090b48 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -47,9 +47,6 @@ in { }; config = { - mount = { - mountPoint = lib.mkDefault "/${name}"; - enable = lib.mkDefault true; - }; + mount = lib.mkDefault "/${name}"; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 1942e8d..1d3c1fb 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -83,7 +83,7 @@ args @ { lib.attrsets.nameValuePair name { type = dataset.type; options = datasetToZfsOptions dataset; - mountpoint = dataset.mount.mountPoint or null; + mountpoint = dataset.mount or null; postCreateHook = generatePostCreateHook name dataset; } ) @@ -92,7 +92,7 @@ args @ { lib.attrsets.nameValuePair "" { type = config.storage.zfs.rootDataset.type; options = datasetToZfsOptions config.storage.zfs.rootDataset; - mountpoint = config.storage.zfs.rootDataset.mount.mountPoint or null; + mountpoint = config.storage.zfs.rootDataset.mount or null; postCreateHook = generatePostCreateHook "" config.storage.zfs.rootDataset; } )) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 4018db5..f952861 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -404,10 +404,7 @@ in { # sops age key needs to be available to pre persist for user generation storage.datasets.local."system/sops" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; - }; + mount = SOPS_AGE_KEY_DIRECTORY; atime = "off"; relatime = "off"; }; @@ -417,10 +414,7 @@ in { builtins.map (user: { "home/${user.name}" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; + mount = "/home/${user.name}"; snapshot.autoSnapshot = true; }; }) @@ -432,10 +426,7 @@ in { builtins.map (user: { "home/${user.name}" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; + mount = "/home/${user.name}"; snapshot.blankSnapshot = true; }; }) From a4f3b3141d59a1c73b56512317b644ae5a5df4d6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 15:35:26 -0600 Subject: [PATCH 319/374] fix: fixed trailing mount path issue --- modules/nixos-modules/storage/impermanence.nix | 10 ++++++++-- modules/nixos-modules/storage/storage.nix | 6 ++++-- .../storage/submodules/impermanenceDataset.nix | 4 ++++ modules/nixos-modules/users.nix | 1 + 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 8f6d6d8..9af5681 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -87,7 +87,10 @@ in { neededForBoot = true; } ) - config.storage.impermanence.datasets; + (lib.filterAttrs ( + datasetName: dataset: dataset.impermanence.enable + ) + config.storage.impermanence.datasets); environment.persistence = lib.mapAttrs (datasetName: dataset: { @@ -116,7 +119,10 @@ in { in (enabledDirectories != {}) || (enabledFiles != {}) ) - config.storage.impermanence.datasets); + (lib.filterAttrs ( + datasetName: dataset: dataset.impermanence.enable + ) + config.storage.impermanence.datasets)); } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 6cff4f1..c059733 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -43,6 +43,7 @@ in { storage.datasets = { local = { "nix" = { + impermanence.enable = false; type = "zfs_fs"; mount = "/nix"; snapshot = { @@ -54,6 +55,7 @@ in { }; replicate = { "system/var/log" = { + impermanence.enable = false; type = "zfs_fs"; mount = "/var/log"; }; @@ -78,13 +80,13 @@ in { # TODO: can we auto set the mount points on these to just be `"/persist/local/${name}"` local = { "" = { - mount = "/persist/local/"; + mount = "/persist/local"; }; }; # TODO: can we auto set the mount points on these to just be `"/persist/replicate/${name}"` replicate = { "" = { - mount = "/persist/replicate/"; + mount = "/persist/replicate"; }; "system/root" = { mount = "/persist/replicate/system/root"; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 4090b48..e4d3584 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -44,6 +44,10 @@ in { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index f952861..195d8b6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -407,6 +407,7 @@ in { mount = SOPS_AGE_KEY_DIRECTORY; atime = "off"; relatime = "off"; + impermanence.enable = false; }; } (lib.mkIf (!config.storage.impermanence.enable) { From 3d1750060de1669ce93a1d546ad537848b628ddc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 15:44:59 -0600 Subject: [PATCH 320/374] fix: fixed nix flake check --- modules/nixos-modules/server/jellyfin/storage.nix | 3 +-- modules/nixos-modules/server/qbittorent/storage.nix | 2 ++ modules/nixos-modules/storage/storage.nix | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index f6887b2..5cff3e8 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -28,8 +28,7 @@ in { }; }; "system/media" = { - atime = "off"; - relatime = "off"; + mount = "/persist/replicate/system/media"; directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { enable = true; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index edb9fb1..da82bcc 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -19,6 +19,8 @@ in { }; }; "system/media" = { + mount = "/persist/replicate/system/media"; + directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index c059733..2247559 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -150,7 +150,7 @@ in { local = { "" = { type = "zfs_fs"; - mount = ""; + mount = null; }; "root" = { type = "zfs_fs"; From f660b601e2d7c039509595533e5721736498e19c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Nov 2025 21:42:02 -0600 Subject: [PATCH 321/374] feat: installed noita entangled worlds on horizon --- .../nixos/horizon/configuration.nix | 1 + flake.lock | 75 +++++++++++++++++++ flake.nix | 6 ++ modules/common-modules/overlays/default.nix | 4 + modules/common-modules/pkgs/default.nix | 3 - .../pkgs/noita-entangled-worlds.nix | 46 ------------ 6 files changed, 86 insertions(+), 49 deletions(-) delete mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0e86fe7..0245253 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -88,6 +88,7 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl + noita_entangled_worlds ]; services.cachefilesd.enable = true; diff --git a/flake.lock b/flake.lock index e9d259b..a3c552f 100644 --- a/flake.lock +++ b/flake.lock @@ -329,6 +329,43 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "noita-entangled-worlds": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1764204484, + "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "owner": "IntQuant", + "repo": "noita_entangled_worlds", + "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "type": "github" + }, + "original": { + "owner": "IntQuant", + "ref": "master", + "repo": "noita_entangled_worlds", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -343,10 +380,32 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "noita-entangled-worlds", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "secrets": { "flake": false, "locked": { @@ -412,6 +471,22 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "flake": false, + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6f85fa3..e935688 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,12 @@ url = "github:utensils/mcp-nixos"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Noita Entangled Worlds package + # Not following our nixpkgs so it can use its own rust-overlay configuration + noita-entangled-worlds = { + url = "github:IntQuant/noita_entangled_worlds/master"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 2c0f712..f658e8a 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,9 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.nix-vscode-extensions.overlays.default + # Add noita_entangled_worlds from upstream flake to pkgs + (final: prev: { + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.system}.noita-proxy; + }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 612dd08..2afc9f2 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -20,9 +20,6 @@ ./prostudiomasters.nix {}; }) - (final: prev: { - noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; - }) (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix deleted file mode 100644 index 322ce41..0000000 --- a/modules/common-modules/pkgs/noita-entangled-worlds.nix +++ /dev/null @@ -1,46 +0,0 @@ -# not working yet -{ - pkgs, - rustPlatform, - fetchFromGitHub, - ... -}: let - version = "1.5.3"; - repo = fetchFromGitHub { - owner = "IntQuant"; - repo = "noita_entangled_worlds"; - rev = "v${version}"; - hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; - }; -in - rustPlatform.buildRustPackage { - name = "noita-proxy-${version}"; - src = repo + "/noita-proxy"; - prePatch = '' - substituteInPlace Cargo.toml \ - --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" - ''; - nativeBuildInputs = with pkgs; [ - pkg-config - python3 - cmake - ]; - buildInputs = with pkgs; [ - openssl - openssl.dev - libpulseaudio - libjack2 - alsa-lib - xorg.libxcb - xorg.libxcb.dev - libopus - ]; - propagatedBuildInputs = with pkgs; [ - steamworks-sdk-redist - ]; - runtimeDependencies = with pkgs; [ - steamworks-sdk-redist - ]; - doCheck = false; - cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; - } From 1d5bb9e945b5bf6e49bc54db57d41e903903ade2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Nov 2025 21:52:17 -0600 Subject: [PATCH 322/374] feat: installed noita proxy for eve and leyla users --- configurations/home-manager/eve/packages.nix | 1 + .../home-manager/leyla/packages/default.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - .../home-manager-modules/programs/default.nix | 1 + .../programs/noita-entangled-worlds.nix | 18 ++++++++++++++++++ 5 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/noita-entangled-worlds.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f650a70..6b3c2e2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -73,6 +73,7 @@ in { tor-browser.enable = true; olympus.enable = true; libreoffice.enable = true; + noita-entangled-worlds.enable = true; claude-code.enable = osConfig.host.ai.enable; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index d065739..bc41350 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -68,6 +68,7 @@ in { qflipper.enable = true; openvpn.enable = true; noisetorch.enable = true; + noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; }) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0245253..0e86fe7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -88,7 +88,6 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl - noita_entangled_worlds ]; services.cachefilesd.enable = true; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index c164c44..e70cfc8 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -31,6 +31,7 @@ ./freecad.nix ./onionshare.nix ./mfoc.nix + ./noita-entangled-worlds.nix ./pdfarranger.nix ./picard.nix ./qflipper.nix diff --git a/modules/home-manager-modules/programs/noita-entangled-worlds.nix b/modules/home-manager-modules/programs/noita-entangled-worlds.nix new file mode 100644 index 0000000..3f3af64 --- /dev/null +++ b/modules/home-manager-modules/programs/noita-entangled-worlds.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + config, + ... +}: { + options = { + programs.noita-entangled-worlds = { + enable = lib.mkEnableOption "Noita Entangled Worlds multiplayer mod"; + }; + }; + + config = lib.mkIf config.programs.noita-entangled-worlds.enable { + home.packages = with pkgs; [ + noita_entangled_worlds + ]; + }; +} From 5776640b5d431d9520b8c42d7442ef4b798e4e91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 14:26:33 -0600 Subject: [PATCH 323/374] feat: only allow post quantum crypto --- modules/nixos-modules/ssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..0a82116 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -16,6 +16,8 @@ }; }; }; + + programs.ssh.kexAlgorithms = config.services.openssh.settings.KexAlgorithms; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { From b9251029d57b808af7af130d166a6dd2b282b69a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 14:33:11 -0600 Subject: [PATCH 324/374] feat: fixed deprecation warning --- modules/common-modules/overlays/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index f658e8a..3def9e9 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -4,7 +4,7 @@ inputs.nix-vscode-extensions.overlays.default # Add noita_entangled_worlds from upstream flake to pkgs (final: prev: { - noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.system}.noita-proxy; + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy; }) ]; } From 3a58722815367ca4844a5b4bbac5ad8d5b63b550 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 14:54:24 -0600 Subject: [PATCH 325/374] feat: installed wacom kernal driver --- configurations/nixos/emergent/configuration.nix | 2 +- configurations/nixos/emergent/hardware-configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 6121069..fd27374 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -40,7 +40,7 @@ services.xserver.wacom.enable = true; # installed opentabletdriver - hardware.opentabletdriver.enable = true; + # hardware.opentabletdriver.enable = true; hardware.keyboard.qmk.enable = true; # Enable the GNOME Desktop Environment. diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix index 4e13149..67149df 100644 --- a/configurations/nixos/emergent/hardware-configuration.nix +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -12,7 +12,7 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; From 0a8b3e1496a489240caf344719726d0ea0afb40d Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 14:57:56 -0600 Subject: [PATCH 326/374] merge: merged leyla/main --- .gitignore | 3 +- .hooks/post-commit | 10 +- .hooks/post-merge | 26 +- .hooks/pre-commit | 24 +- .hooks/pre-merge-commit | 4 +- README.md | 39 +- configurations/home-manager/eve/packages.nix | 10 +- configurations/home-manager/git/default.nix | 2 + configurations/home-manager/leyla/default.nix | 2 + .../home-manager/leyla/packages/default.nix | 5 +- .../home-manager/leyla/packages/firefox.nix | 344 --- .../leyla/packages/firefox/bookmarks.nix | 155 ++ .../leyla/packages/firefox/default.nix | 18 + .../leyla/packages/firefox/firefox.nix | 191 ++ .../leyla/packages/firefox/harden.nix | 50 + .../home-manager/leyla/packages/git.nix | 8 +- .../leyla/packages/vscode/default.nix | 3 + .../nixos/defiant/configuration.nix | 51 +- flake.lock | 151 +- flake.nix | 16 +- modules/common-modules/overlays/default.nix | 4 + modules/common-modules/pkgs/default.nix | 17 +- .../pkgs/firefox-extensions/default.nix | 17 + .../deutsch-de-language-pack.nix | 18 + .../dizionario-italiano.nix | 18 + .../italiano-it-language-pack.nix | 18 + .../pkgs/mapillary-uploader.nix | 2 +- .../pkgs/noita-entangled-worlds.nix | 46 - .../common-modules/pkgs/polycule/default.nix | 149 - .../pkgs/polycule/polycule-pubspec.lock.json | 2459 ----------------- modules/home-manager-modules/impermanence.nix | 16 +- .../programs/bitwarden.nix | 2 +- .../home-manager-modules/programs/default.nix | 2 +- .../home-manager-modules/programs/discord.nix | 10 - .../programs/noita-entangled-worlds.nix | 18 + .../programs/polycule.nix | 31 - .../programs/vscode/conventionalCommits.nix | 6 + .../programs/vscode/default.nix | 1 + .../programs/vscode/rustAnalyzer.nix | 27 + modules/nixos-modules/impermanence.nix | 34 + .../nixos-modules/server/actual/actual.nix | 24 + modules/nixos-modules/server/actual/const.nix | 2 +- .../nixos-modules/server/actual/default.nix | 20 +- .../server/actual/impermanence.nix | 17 +- modules/nixos-modules/server/actual/proxy.nix | 27 +- .../nixos-modules/server/bazarr/default.nix | 1 - .../server/bazarr/impermanence.nix | 9 +- modules/nixos-modules/server/bazarr/proxy.nix | 28 - .../server/crab-hole/crab-hole.nix | 65 +- .../server/crab-hole/impermanence.nix | 9 +- modules/nixos-modules/server/default.nix | 9 +- modules/nixos-modules/server/fail2ban.nix | 74 - .../nixos-modules/server/fail2ban/default.nix | 6 + .../server/fail2ban/fail2ban.nix | 51 + .../server/fail2ban/impermanence.nix | 34 + .../server/flaresolverr/default.nix | 1 - .../server/flaresolverr/impermanence.nix | 9 +- .../server/flaresolverr/proxy.nix | 28 - .../nixos-modules/server/forgejo/database.nix | 59 +- .../nixos-modules/server/forgejo/default.nix | 46 +- .../nixos-modules/server/forgejo/fail2ban.nix | 11 +- .../nixos-modules/server/forgejo/forgejo.nix | 46 + .../server/forgejo/impermanence.nix | 9 +- .../nixos-modules/server/forgejo/proxy.nix | 29 +- .../server/home-assistant/database.nix | 91 +- .../server/home-assistant/default.nix | 104 +- .../server/home-assistant/fail2ban.nix | 66 +- .../server/home-assistant/home-assistant.nix | 104 + .../server/home-assistant/proxy.nix | 42 +- .../nixos-modules/server/immich/database.nix | 44 +- .../nixos-modules/server/immich/fail2ban.nix | 11 +- .../server/immich/impermanence.nix | 9 +- modules/nixos-modules/server/immich/proxy.nix | 45 +- .../nixos-modules/server/jackett/default.nix | 1 - .../server/jackett/impermanence.nix | 9 +- .../nixos-modules/server/jackett/proxy.nix | 28 - .../nixos-modules/server/jellyfin/default.nix | 32 +- .../server/jellyfin/impermanence.nix | 9 +- .../server/jellyfin/jellyfin.nix | 32 + .../nixos-modules/server/jellyfin/proxy.nix | 39 +- .../nixos-modules/server/lidarr/default.nix | 1 - .../server/lidarr/impermanence.nix | 9 +- modules/nixos-modules/server/lidarr/proxy.nix | 28 - .../server/network_storage/default.nix | 86 +- .../network_storage/network_storage.nix | 86 + .../server/panoramax/database.nix | 64 +- .../server/panoramax/impermanence.nix | 9 +- .../nixos-modules/server/panoramax/proxy.nix | 42 +- .../server/paperless/database.nix | 50 +- .../server/paperless/default.nix | 28 +- .../server/paperless/impermanence.nix | 9 +- .../server/paperless/paperless.nix | 27 + .../nixos-modules/server/paperless/proxy.nix | 32 +- modules/nixos-modules/server/podman.nix | 73 - modules/nixos-modules/server/postgres.nix | 121 - .../nixos-modules/server/postgres/default.nix | 6 + .../server/postgres/impermanence.nix | 27 + .../server/postgres/postgres.nix | 122 + modules/nixos-modules/server/qbittorent.nix | 65 - .../server/qbittorent/default.nix | 6 + .../server/qbittorent/impermanence.nix | 61 + .../server/qbittorent/qbittorent.nix | 18 + .../nixos-modules/server/radarr/default.nix | 1 - .../server/radarr/impermanence.nix | 9 +- modules/nixos-modules/server/radarr/proxy.nix | 28 - .../server/reverseProxy/default.nix | 6 + .../server/reverseProxy/impermanence.nix | 21 + .../server/reverseProxy/reverseProxy.nix | 176 ++ .../nixos-modules/server/reverse_proxy.nix | 128 - .../nixos-modules/server/searx/default.nix | 59 +- modules/nixos-modules/server/searx/proxy.nix | 27 +- modules/nixos-modules/server/searx/searx.nix | 59 + .../nixos-modules/server/sonarr/default.nix | 1 - .../server/sonarr/impermanence.nix | 9 +- modules/nixos-modules/server/sonarr/proxy.nix | 28 - modules/nixos-modules/server/wyoming.nix | 6 +- modules/nixos-modules/ssh.nix | 2 + modules/nixos-modules/sync.nix | 4 +- rebuild.sh | 68 +- util/default.nix | 26 +- 120 files changed, 2396 insertions(+), 4519 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/bookmarks.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/default.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/harden.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/default.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix delete mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix delete mode 100644 modules/common-modules/pkgs/polycule/default.nix delete mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json create mode 100644 modules/home-manager-modules/programs/noita-entangled-worlds.nix delete mode 100644 modules/home-manager-modules/programs/polycule.nix create mode 100644 modules/home-manager-modules/programs/vscode/rustAnalyzer.nix create mode 100644 modules/nixos-modules/server/actual/actual.nix delete mode 100644 modules/nixos-modules/server/bazarr/proxy.nix delete mode 100644 modules/nixos-modules/server/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/default.nix create mode 100644 modules/nixos-modules/server/fail2ban/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix create mode 100644 modules/nixos-modules/server/forgejo/forgejo.nix create mode 100644 modules/nixos-modules/server/home-assistant/home-assistant.nix delete mode 100644 modules/nixos-modules/server/jackett/proxy.nix create mode 100644 modules/nixos-modules/server/jellyfin/jellyfin.nix delete mode 100644 modules/nixos-modules/server/lidarr/proxy.nix create mode 100644 modules/nixos-modules/server/network_storage/network_storage.nix create mode 100644 modules/nixos-modules/server/paperless/paperless.nix delete mode 100644 modules/nixos-modules/server/podman.nix delete mode 100644 modules/nixos-modules/server/postgres.nix create mode 100644 modules/nixos-modules/server/postgres/default.nix create mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/postgres.nix delete mode 100644 modules/nixos-modules/server/qbittorent.nix create mode 100644 modules/nixos-modules/server/qbittorent/default.nix create mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/qbittorent.nix delete mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/reverseProxy/default.nix create mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/reverseProxy.nix delete mode 100644 modules/nixos-modules/server/reverse_proxy.nix create mode 100644 modules/nixos-modules/server/searx/searx.nix delete mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/.gitignore b/.gitignore index ce2538f..2810727 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ result .direnv .vscode/* -!.vscode/settings.json \ No newline at end of file +!.vscode/settings.json +nixos.qcow2 diff --git a/.hooks/post-commit b/.hooks/post-commit index 56c439d..03a160d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -3,4 +3,12 @@ echo "restoring stashed changes" -git stash pop -q +# Find the most recent pre-commit stash and restore it +recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + +if [ -n "$recent_stash" ]; then + echo "Found recent pre-commit stash: $recent_stash" + git stash pop -q "$recent_stash" +else + echo "No pre-commit stash found to restore" +fi diff --git a/.hooks/post-merge b/.hooks/post-merge index 11fb20c..06fabc3 100755 --- a/.hooks/post-merge +++ b/.hooks/post-merge @@ -4,14 +4,28 @@ # Get current branch name current_branch=$(git branch --show-current) -# Only restore stash if we're on main branch and a merge just completed +# Only perform actions if we're on main branch and a merge just completed if [ "$current_branch" = "main" ]; then - # Check if there are any stashes to restore - if git stash list | grep -q "stash@"; then - echo "Post-merge: restoring stashed changes on main branch" - git stash pop -q + echo "Post-merge on main branch - running nix flake check" + + # Run nix flake check after merge into main + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Warning: nix flake check failed after merge into main" + echo "Please fix the issues as soon as possible" else - echo "Post-merge: no stash to restore on main branch" + echo "nix flake check passed after merge" + fi + + # Check if there are any pre-commit stashes to restore + recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + + if [ -n "$recent_stash" ]; then + echo "Post-merge: restoring pre-commit stash on main branch" + git stash pop -q "$recent_stash" + else + echo "Post-merge: no pre-commit stash to restore on main branch" fi else echo "Post-merge: no action needed on branch '$current_branch'" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index f98c64f..74cbc64 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,14 +1,24 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash ../shell.nix -echo "stashing all uncommitted changes" -git stash -q --keep-index +# Get current branch name +current_branch=$(git branch --show-current) -echo "checking flakes all compile" -nix flake check +echo "stashing all uncommitted changes with named stash (excluding hooks)" +git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' -if [ ! $? -eq 0 ]; then - exit 1 +# Only run nix flake check if we're on main branch +if [ "$current_branch" = "main" ]; then + echo "On main branch - checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed on main branch" + exit 1 + fi + echo "nix flake check passed" +else + echo "Not on main branch - skipping nix flake check" fi echo "running linter" @@ -19,4 +29,4 @@ RESULT=$? echo "adding lint changes to commit" git add -u -exit $RESULT \ No newline at end of file +exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit index 9edaf92..9b7b41d 100755 --- a/.hooks/pre-merge-commit +++ b/.hooks/pre-merge-commit @@ -17,8 +17,8 @@ fi if [ "$target_branch" = "main" ]; then echo "Merging into main branch - running nix flake check..." - echo "stashing all uncommitted changes" - git stash -q --keep-index + echo "stashing all uncommitted changes with named stash (excluding hooks)" + git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' echo "checking flakes all compile" nix flake check diff --git a/README.md b/README.md index f8c7ecf..d29ba58 100644 --- a/README.md +++ b/README.md @@ -43,17 +43,34 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- proton mail now has an smtp server we could use that for our zfs and SMART test emails +- VR https://lvra.gitlab.io/docs/distros/nixos/ # Tasks: +## Documentation +- [ ] project layout +- [ ] users file structure +- [ ] reverse proxy design + - public service compatibility + - vpn based services compatibility +- [ ] the choice of impermanence +- [ ] storage module design + - base impermanence compatibility and structure reason + - what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?)) + - plans to possibly support btrfs in the future + - plans for home manager datasets + - plans for auto systemd service datasets +- [ ] plans to migrate to some kind of acl structure for user management +- [ ] plans to migrate from flakes to npins + ## Chores: - [ ] test out crab hole service -- [ ] learn how to use actual ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins -- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier +- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices ## Broken things - [ ] figure out steam vr things? @@ -66,18 +83,27 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] every service needs to have its own data pool +- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access - [ ] nfs export should be backed by the same values for server and client - [ ] samba mounts - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards -- [ ] make radarr, sonarr, and bazarr accessible over vpn -- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy +- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services +- [ ] ntfy service for unified push +- [ ] signal socket server - [ ] vikunja service for project management +- [ ] Penpot services (need to make this custom) +- [ ] minecraft server with old world file +- [ ] storj server - [ ] Create Tor guard/relay server +- [ ] screeps server - [ ] mastodon instance ## DevOps @@ -98,4 +124,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] postgres db load - [ ] nginx queries - [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization \ No newline at end of file +- [ ] kuma for uptime visualization + +## Packages +- [ ] Custom private fork of MultiMC \ No newline at end of file diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 73195c4..6b3c2e2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ gnomeExtensions.dash-to-panel claude-code + friture ] ); @@ -32,9 +33,11 @@ in { (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { git = { enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Eve"; + user.email = "evesnrobins@gmail.com"; + init.defaultBranch = "main"; + }; }; openssh = { @@ -70,6 +73,7 @@ in { tor-browser.enable = true; olympus.enable = true; libreoffice.enable = true; + noita-entangled-worlds.enable = true; claude-code.enable = osConfig.host.ai.enable; diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix index 2276e7a..1ea29cc 100644 --- a/configurations/home-manager/git/default.nix +++ b/configurations/home-manager/git/default.nix @@ -1,4 +1,6 @@ {osConfig, ...}: { + impermanence.fallbackPersistence.enable = false; + home = { username = osConfig.users.users.git.name; homeDirectory = osConfig.users.users.git.home; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index eba7f7b..8a37754 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,6 +12,8 @@ ]; config = { + impermanence.enable = osConfig.host.impermanence.enable; + # Home Manager needs a bit of information about you and the paths it should # manage. home = { diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5bccad3..bc41350 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -9,7 +9,7 @@ in { imports = [ ./vscode - ./firefox.nix + ./firefox ./direnv.nix ./openssh.nix ./git.nix @@ -68,10 +68,9 @@ in { qflipper.enable = true; openvpn.enable = true; noisetorch.enable = true; + noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is now working with Flutter 3.29 - polycule.enable = true; }) ]; } diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix deleted file mode 100644 index d166eb4..0000000 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ /dev/null @@ -1,344 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - config = { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - deutsch-de-language-pack - dictionary-german - - tab-session-manager - - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix new file mode 100644 index 0000000..4210d1e --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -0,0 +1,155 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + bookmarks = { + force = true; + settings = [ + # Personal Services + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Search"; + url = "https://search.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Budget"; + url = "https://budget.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Documents"; + url = "https://documents.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + + # Defiant Server Services + { + name = "QBittorrent"; + url = "http://defiant:8084"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Sonarr"; + url = "http://defiant:8989"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Radarr"; + url = "http://defiant:7878"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Bazarr"; + url = "http://defiant:6767"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Lidarr"; + url = "http://defiant:8686"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Jackett"; + url = "http://defiant:9117"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Crab-hole DNS"; + url = "http://defiant:8085"; + keyword = ""; + tags = ["defiant"]; + } + + # External Services + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + { + name = "Cyberia Matrix"; + url = "https://chat.cyberia.club"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix new file mode 100644 index 0000000..4246c68 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/default.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./firefox.nix + ./bookmarks.nix + ./harden.nix + ]; + + config = { + programs.firefox = { + enable = true; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix new file mode 100644 index 0000000..ef6d202 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -0,0 +1,191 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + programs.firefox = { + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; + + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes + + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes + + privacy-badger + decentraleyes + clearurls + localcdn + + snowflake + + pkgs.firefox-extensions.deutsch-de-language-pack + dictionary-german + + tab-session-manager + + pkgs.firefox-extensions.italiano-it-language-pack + pkgs.firefox-extensions.dizionario-italiano + ]; + + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix new file mode 100644 index 0000000..66310c2 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/harden.nix @@ -0,0 +1,50 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + settings = { + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Privacy & Data Protection + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + + # Disable telemetry and data collection + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 568cd7a..499e37b 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -2,9 +2,11 @@ config = { programs = { git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Leyla Becker"; + user.email = "git@jan-leila.com"; + init.defaultBranch = "main"; + }; }; }; }; diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index fd72006..36168b2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -69,6 +69,9 @@ in { # go development go.enable = true; + # rust development + rustAnalyzer.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c2b8fc5..e2f9401 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,18 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - reverse_proxy = { - enable = true; - enableACME = true; - hostname = "jan-leila.com"; - }; - postgres = { - extraUsers = { - leyla = { - isAdmin = true; - }; - }; - }; }; systemd.network = { @@ -225,6 +213,12 @@ }; services = { + # PostgreSQL database server + postgresql = { + enable = true; + adminUsers = ["leyla"]; + }; + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; @@ -237,6 +231,16 @@ gnome.enable = true; }; + # Enable new reverse proxy system + reverseProxy = { + enable = true; + openFirewall = true; + acme = { + enable = true; + email = "jan-leila@protonmail.com"; + }; + }; + ollama = { enable = true; exposePort = true; @@ -294,35 +298,35 @@ jellyfin = { enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; + domain = "media.jan-leila.com"; + extraDomains = ["jellyfin.jan-leila.com"]; }; immich = { enable = true; - subdomain = "photos"; + domain = "photos.jan-leila.com"; }; forgejo = { enable = true; - subdomain = "git"; + reverseProxy.domain = "git.jan-leila.com"; }; searx = { enable = true; - subdomain = "search"; + domain = "search.jan-leila.com"; }; actual = { - enable = false; - subdomain = "budget"; + enable = true; + domain = "budget.jan-leila.com"; }; home-assistant = { enable = true; - subdomain = "home"; + domain = "home.jan-leila.com"; openFirewall = true; - database = "postgres"; + postgres.enable = true; extensions = { sonos.enable = true; @@ -333,7 +337,7 @@ paperless = { enable = true; - subdomain = "documents"; + domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; }; @@ -348,12 +352,13 @@ openFirewall = true; show_doc = true; downstreams = { - loopback = { + host = { enable = true; openFirewall = true; }; }; upstreams.cloudFlare.enable = true; + blocklists.ad_malware.enable = true; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index bb7e3a6..a3c552f 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1760673822, - "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", + "lastModified": 1763697825, + "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", + "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1760662441, - "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", + "lastModified": 1763748372, + "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", "owner": "nix-community", "repo": "home-manager", - "rev": "722792af097dff5790f1a66d271a47759f477755", + "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", "type": "github" }, "original": { @@ -164,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1755787066, - "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", - "rev": "ac9721a92e8138d29707824dbedb484c76948493", + "lastModified": 1761937274, + "narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=", + "rev": "91867941fa73afea7869b7c71ede82e5ef8927da", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da" }, "original": { "type": "tarball", @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1759851320, - "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", + "lastModified": 1763435414, + "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", "ref": "refs/heads/main", - "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", - "revCount": 163, + "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", + "revCount": 169, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1759342933, - "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", + "lastModified": 1760821194, + "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", + "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1763505477, + "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1760720017, - "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", + "lastModified": 1763690163, + "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", + "rev": "590349d9faeb398a037205c2927ffbaede980539", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -329,6 +329,43 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "noita-entangled-worlds": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1764204484, + "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "owner": "IntQuant", + "repo": "noita_entangled_worlds", + "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "type": "github" + }, + "original": { + "owner": "IntQuant", + "ref": "master", + "repo": "noita_entangled_worlds", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -343,10 +380,32 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "noita-entangled-worlds", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "secrets": { "flake": false, "locked": { @@ -370,11 +429,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { @@ -412,6 +471,22 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "flake": false, + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ddf92ce..e935688 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,12 @@ url = "github:utensils/mcp-nixos"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Noita Entangled Worlds package + # Not following our nixpkgs so it can use its own rust-overlay configuration + noita-entangled-worlds = { + url = "github:IntQuant/noita_entangled_worlds/master"; + }; }; outputs = { @@ -91,15 +97,9 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; - syncthingConfiguration = util.syncthingConfiguration; - - installerSystems = { - basic = mkNixosInstaller "basic" []; - }; nixosSystems = { horizon = mkNixosSystem "horizon"; @@ -170,14 +170,10 @@ }; }); - installerConfigurations = installerSystems; - nixosConfigurations = nixosSystems; darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; - - syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 2c0f712..3def9e9 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,9 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.nix-vscode-extensions.overlays.default + # Add noita_entangled_worlds from upstream flake to pkgs + (final: prev: { + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy; + }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index a2f61b1..2afc9f2 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ./python ]; @@ -16,15 +20,17 @@ ./prostudiomasters.nix {}; }) - (final: prev: { - noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; - }) (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + firefox-extensions = pkgs.callPackage ./firefox-extensions { + inherit inputs; + }; + }) (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) @@ -38,8 +44,5 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) - (final: prev: { - polycule = pkgs.callPackage ./polycule {}; - }) ]; } diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix new file mode 100644 index 0000000..922dfc7 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -0,0 +1,17 @@ +{ + pkgs, + inputs, + ... +}: let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; +in { + italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; + dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { + inherit buildFirefoxXpiAddon; + }; + deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix new file mode 100644 index 0000000..b769bfd --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "deutsch-de-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-de@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi"; + sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299"; + meta = with lib; { + description = "Firefox Language Pack for Deutsch (de) – German"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix new file mode 100644 index 0000000..4bfca14 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi"; + sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix new file mode 100644 index 0000000..35f4243 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi"; + sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 9ae2ea7..acff772 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; + sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; }; appimageContents = appimageTools.extractType2 { diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix deleted file mode 100644 index 322ce41..0000000 --- a/modules/common-modules/pkgs/noita-entangled-worlds.nix +++ /dev/null @@ -1,46 +0,0 @@ -# not working yet -{ - pkgs, - rustPlatform, - fetchFromGitHub, - ... -}: let - version = "1.5.3"; - repo = fetchFromGitHub { - owner = "IntQuant"; - repo = "noita_entangled_worlds"; - rev = "v${version}"; - hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; - }; -in - rustPlatform.buildRustPackage { - name = "noita-proxy-${version}"; - src = repo + "/noita-proxy"; - prePatch = '' - substituteInPlace Cargo.toml \ - --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" - ''; - nativeBuildInputs = with pkgs; [ - pkg-config - python3 - cmake - ]; - buildInputs = with pkgs; [ - openssl - openssl.dev - libpulseaudio - libjack2 - alsa-lib - xorg.libxcb - xorg.libxcb.dev - libopus - ]; - propagatedBuildInputs = with pkgs; [ - steamworks-sdk-redist - ]; - runtimeDependencies = with pkgs; [ - steamworks-sdk-redist - ]; - doCheck = false; - cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; - } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix deleted file mode 100644 index b463cc5..0000000 --- a/modules/common-modules/pkgs/polycule/default.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - lib, - flutter332, - fetchFromGitLab, - pkg-config, - wrapGAppsHook, - gtk3, - glib, - glib-networking, - webkitgtk_4_1, - libsecret, - libnotify, - dbus, - sqlcipher, - openssl, - mpv, - alsa-lib, - libass, - ffmpeg-full, - libplacebo, - libunwind, - shaderc, - vulkan-headers, - vulkan-loader, - lcms2, - libdovi, - libdvdnav, - libdvdread, - mujs, - libbluray, - lua, - rubberband, - libuchardet, - zimg, - openal, - pipewire, - libpulseaudio, - libcaca, - libdrm, - libdisplay-info, - libgbm, - xorg, - nv-codec-headers-11, - libva, - libvdpau, -}: -flutter332.buildFlutterApplication rec { - pname = "polycule"; - version = "0.3.4"; - - src = fetchFromGitLab { - owner = "polycule_client"; - repo = "polycule"; - rev = "v${version}"; - hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; - }; - - pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; - - gitHashes = { - matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; - media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; - media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; - }; - - nativeBuildInputs = [ - pkg-config - wrapGAppsHook - ]; - - buildInputs = [ - gtk3 - glib - glib-networking - webkitgtk_4_1 - libsecret - libnotify - dbus - sqlcipher - openssl - mpv - alsa-lib - libass - ffmpeg-full - libplacebo - libunwind - shaderc - vulkan-headers - vulkan-loader - lcms2 - libdovi - libdvdnav - libdvdread - mujs - libbluray - lua - rubberband - libuchardet - zimg - openal - pipewire - libpulseaudio - libcaca - libdrm - libdisplay-info - libgbm - xorg.libXScrnSaver - xorg.libXpresent - nv-codec-headers-11 - libva - libvdpau - ]; - - flutterBuildFlags = [ - "--release" - "--target" - "lib/main.dart" - "--dart-define=POLYCULE_VERSION=v${version}" - "--dart-define=POLYCULE_IS_STABLE=true" - "--no-tree-shake-icons" - ]; - - postInstall = '' - # Install desktop files and icons from the source - install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop - install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png - - # Update desktop file to use correct executable name - substituteInPlace $out/share/applications/polycule.desktop \ - --replace 'Exec=business.braid.polycule' 'Exec=polycule' - - # Create a symlink with the expected name - ln -sf $out/bin/polycule $out/bin/business.braid.polycule - ''; - - meta = with lib; { - description = "A geeky and efficient [matrix] client for power users"; - longDescription = '' - Polycule is a modern Matrix client built with Flutter, designed for power users - who want a fast, efficient, and feature-rich Matrix experience. - ''; - homepage = "https://polycule.im/"; - license = licenses.eupl12; - maintainers = []; - platforms = ["x86_64-linux" "aarch64-linux"]; - sourceProvenance = with sourceTypes; [fromSource]; - mainProgram = "polycule"; - }; -} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json deleted file mode 100644 index e119fa2..0000000 --- a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json +++ /dev/null @@ -1,2459 +0,0 @@ -{ - "packages": { - "_fe_analyzer_shared": { - "dependency": "transitive", - "description": { - "name": "_fe_analyzer_shared", - "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "85.0.0" - }, - "analyzer": { - "dependency": "transitive", - "description": { - "name": "analyzer", - "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.7.1" - }, - "animations": { - "dependency": "direct main", - "description": { - "name": "animations", - "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.11" - }, - "app_links": { - "dependency": "direct main", - "description": { - "name": "app_links", - "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.4.0" - }, - "app_links_linux": { - "dependency": "transitive", - "description": { - "name": "app_links_linux", - "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "app_links_platform_interface": { - "dependency": "transitive", - "description": { - "name": "app_links_platform_interface", - "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "app_links_web": { - "dependency": "transitive", - "description": { - "name": "app_links_web", - "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.4" - }, - "archive": { - "dependency": "transitive", - "description": { - "name": "archive", - "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.7" - }, - "args": { - "dependency": "transitive", - "description": { - "name": "args", - "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.7.0" - }, - "async": { - "dependency": "direct main", - "description": { - "name": "async", - "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.13.0" - }, - "audio_session": { - "dependency": "transitive", - "description": { - "name": "audio_session", - "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "barcode": { - "dependency": "transitive", - "description": { - "name": "barcode", - "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.9" - }, - "barcode_widget": { - "dependency": "direct main", - "description": { - "name": "barcode_widget", - "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "base58check": { - "dependency": "transitive", - "description": { - "name": "base58check", - "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "blurhash_dart": { - "dependency": "direct main", - "description": { - "name": "blurhash_dart", - "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "boolean_selector": { - "dependency": "transitive", - "description": { - "name": "boolean_selector", - "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "build_cli_annotations": { - "dependency": "transitive", - "description": { - "name": "build_cli_annotations", - "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "camera": { - "dependency": "transitive", - "description": { - "name": "camera", - "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.2" - }, - "camera_android_camerax": { - "dependency": "transitive", - "description": { - "name": "camera_android_camerax", - "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.19+1" - }, - "camera_avfoundation": { - "dependency": "transitive", - "description": { - "name": "camera_avfoundation", - "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.21+1" - }, - "camera_platform_interface": { - "dependency": "transitive", - "description": { - "name": "camera_platform_interface", - "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "camera_web": { - "dependency": "transitive", - "description": { - "name": "camera_web", - "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.5" - }, - "canonical_json": { - "dependency": "transitive", - "description": { - "name": "canonical_json", - "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "characters": { - "dependency": "transitive", - "description": { - "name": "characters", - "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "checked_yaml": { - "dependency": "transitive", - "description": { - "name": "checked_yaml", - "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "cli_config": { - "dependency": "transitive", - "description": { - "name": "cli_config", - "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "cli_util": { - "dependency": "transitive", - "description": { - "name": "cli_util", - "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.2" - }, - "clock": { - "dependency": "transitive", - "description": { - "name": "clock", - "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "collection": { - "dependency": "direct main", - "description": { - "name": "collection", - "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.19.1" - }, - "convert": { - "dependency": "transitive", - "description": { - "name": "convert", - "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.2" - }, - "coverage": { - "dependency": "transitive", - "description": { - "name": "coverage", - "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.15.0" - }, - "cross_file": { - "dependency": "direct main", - "description": { - "name": "cross_file", - "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.4+2" - }, - "crypto": { - "dependency": "transitive", - "description": { - "name": "crypto", - "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "csslib": { - "dependency": "direct main", - "description": { - "name": "csslib", - "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "cupertino_http": { - "dependency": "direct main", - "description": { - "name": "cupertino_http", - "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "cupertino_icons": { - "dependency": "direct main", - "description": { - "name": "cupertino_icons", - "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.8" - }, - "dart_animated_emoji": { - "dependency": "direct main", - "description": { - "name": "dart_animated_emoji", - "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.2" - }, - "dbus": { - "dependency": "direct main", - "description": { - "name": "dbus", - "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.11" - }, - "diacritic": { - "dependency": "direct main", - "description": { - "name": "diacritic", - "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.6" - }, - "diffutil_dart": { - "dependency": "direct main", - "description": { - "name": "diffutil_dart", - "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.1" - }, - "dynamic_color": { - "dependency": "direct main", - "description": { - "name": "dynamic_color", - "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "emoji_extension": { - "dependency": "direct main", - "description": { - "name": "emoji_extension", - "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.0" - }, - "enhanced_enum": { - "dependency": "transitive", - "description": { - "name": "enhanced_enum", - "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.4" - }, - "equatable": { - "dependency": "transitive", - "description": { - "name": "equatable", - "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.7" - }, - "fake_async": { - "dependency": "transitive", - "description": { - "name": "fake_async", - "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.3" - }, - "fetch_api": { - "dependency": "transitive", - "description": { - "name": "fetch_api", - "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "fetch_client": { - "dependency": "direct main", - "description": { - "name": "fetch_client", - "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "ffi": { - "dependency": "transitive", - "description": { - "name": "ffi", - "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "file": { - "dependency": "transitive", - "description": { - "name": "file", - "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.1" - }, - "file_selector": { - "dependency": "direct main", - "description": { - "name": "file_selector", - "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "file_selector_android": { - "dependency": "transitive", - "description": { - "name": "file_selector_android", - "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1+15" - }, - "file_selector_ios": { - "dependency": "transitive", - "description": { - "name": "file_selector_ios", - "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.3+1" - }, - "file_selector_linux": { - "dependency": "transitive", - "description": { - "name": "file_selector_linux", - "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+2" - }, - "file_selector_macos": { - "dependency": "transitive", - "description": { - "name": "file_selector_macos", - "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+3" - }, - "file_selector_platform_interface": { - "dependency": "transitive", - "description": { - "name": "file_selector_platform_interface", - "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.6.2" - }, - "file_selector_web": { - "dependency": "transitive", - "description": { - "name": "file_selector_web", - "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+2" - }, - "file_selector_windows": { - "dependency": "transitive", - "description": { - "name": "file_selector_windows", - "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+4" - }, - "fixnum": { - "dependency": "transitive", - "description": { - "name": "fixnum", - "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "flutter": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_adaptive_scaffold": { - "dependency": "direct main", - "description": { - "name": "flutter_adaptive_scaffold", - "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.3+1" - }, - "flutter_confetti": { - "dependency": "direct main", - "description": { - "name": "flutter_confetti", - "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1" - }, - "flutter_driver": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_highlighting": { - "dependency": "direct main", - "description": { - "name": "flutter_highlighting", - "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "flutter_html": { - "dependency": "direct main", - "description": { - "name": "flutter_html", - "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_html_svg", - "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_table": { - "dependency": "direct main", - "description": { - "name": "flutter_html_table", - "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_keyboard_visibility": { - "dependency": "direct main", - "description": { - "name": "flutter_keyboard_visibility", - "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_keyboard_visibility_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_linux", - "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_macos": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_macos", - "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_platform_interface", - "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_web": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_web", - "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_windows", - "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_launcher_icons": { - "dependency": "direct dev", - "description": { - "name": "flutter_launcher_icons", - "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.14.4" - }, - "flutter_layout_grid": { - "dependency": "transitive", - "description": { - "name": "flutter_layout_grid", - "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.8" - }, - "flutter_lints": { - "dependency": "direct dev", - "description": { - "name": "flutter_lints", - "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications": { - "dependency": "direct main", - "description": { - "name": "flutter_local_notifications", - "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "19.4.0" - }, - "flutter_local_notifications_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_linux", - "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_platform_interface", - "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.1.0" - }, - "flutter_local_notifications_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_windows", - "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "flutter_localizations": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_openssl_crypto": { - "dependency": "direct main", - "description": { - "name": "flutter_openssl_crypto", - "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.0" - }, - "flutter_plugin_android_lifecycle": { - "dependency": "transitive", - "description": { - "name": "flutter_plugin_android_lifecycle", - "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.29" - }, - "flutter_rust_bridge": { - "dependency": "transitive", - "description": { - "name": "flutter_rust_bridge", - "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "flutter_secure_storage": { - "dependency": "direct main", - "description": { - "name": "flutter_secure_storage", - "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.0-beta.4" - }, - "flutter_secure_storage_darwin": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_darwin", - "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "flutter_secure_storage_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_linux", - "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_platform_interface", - "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_web": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_web", - "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_secure_storage_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_windows", - "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "flutter_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_svg", - "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "flutter_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_typeahead": { - "dependency": "direct main", - "description": { - "name": "flutter_typeahead", - "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.2.0" - }, - "flutter_vodozemac": { - "dependency": "direct main", - "description": { - "name": "flutter_vodozemac", - "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "flutter_web_plugins": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_zxing": { - "dependency": "direct main", - "description": { - "name": "flutter_zxing", - "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "frontend_server_client": { - "dependency": "transitive", - "description": { - "name": "frontend_server_client", - "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "fuchsia_remote_debug_protocol": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "glob": { - "dependency": "transitive", - "description": { - "name": "glob", - "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.3" - }, - "go_router": { - "dependency": "direct main", - "description": { - "name": "go_router", - "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "16.1.0" - }, - "gtk": { - "dependency": "transitive", - "description": { - "name": "gtk", - "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "highlighting": { - "dependency": "direct main", - "description": { - "name": "highlighting", - "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "html": { - "dependency": "direct main", - "description": { - "name": "html", - "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.15.6" - }, - "html_unescape": { - "dependency": "transitive", - "description": { - "name": "html_unescape", - "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "http": { - "dependency": "direct main", - "description": { - "name": "http", - "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.0" - }, - "http_parser": { - "dependency": "transitive", - "description": { - "name": "http_parser", - "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.1.2" - }, - "http_profile": { - "dependency": "transitive", - "description": { - "name": "http_profile", - "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "image": { - "dependency": "direct main", - "description": { - "name": "image", - "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.4" - }, - "image_picker": { - "dependency": "direct main", - "description": { - "name": "image_picker", - "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "image_picker_android": { - "dependency": "transitive", - "description": { - "name": "image_picker_android", - "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+25" - }, - "image_picker_for_web": { - "dependency": "transitive", - "description": { - "name": "image_picker_for_web", - "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "image_picker_ios": { - "dependency": "transitive", - "description": { - "name": "image_picker_ios", - "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+2" - }, - "image_picker_linux": { - "dependency": "transitive", - "description": { - "name": "image_picker_linux", - "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_macos": { - "dependency": "transitive", - "description": { - "name": "image_picker_macos", - "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_platform_interface": { - "dependency": "transitive", - "description": { - "name": "image_picker_platform_interface", - "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.1" - }, - "image_picker_windows": { - "dependency": "transitive", - "description": { - "name": "image_picker_windows", - "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+1" - }, - "import_sorter": { - "dependency": "direct main", - "description": { - "name": "import_sorter", - "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "integration_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "intl": { - "dependency": "direct main", - "description": { - "name": "intl", - "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.20.2" - }, - "io": { - "dependency": "transitive", - "description": { - "name": "io", - "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.5" - }, - "js": { - "dependency": "transitive", - "description": { - "name": "js", - "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.7" - }, - "json_annotation": { - "dependency": "transitive", - "description": { - "name": "json_annotation", - "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.9.0" - }, - "just_audio": { - "dependency": "direct main", - "description": { - "name": "just_audio", - "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.4" - }, - "just_audio_media_kit": { - "dependency": "direct main", - "description": { - "name": "just_audio_media_kit", - "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "just_audio_platform_interface": { - "dependency": "transitive", - "description": { - "name": "just_audio_platform_interface", - "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "just_audio_web": { - "dependency": "transitive", - "description": { - "name": "just_audio_web", - "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.16" - }, - "just_waveform": { - "dependency": "direct main", - "description": { - "name": "just_waveform", - "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.0.7" - }, - "leak_tracker": { - "dependency": "transitive", - "description": { - "name": "leak_tracker", - "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.9" - }, - "leak_tracker_flutter_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_flutter_testing", - "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.9" - }, - "leak_tracker_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_testing", - "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "linkify": { - "dependency": "direct main", - "description": { - "name": "linkify", - "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.0" - }, - "lints": { - "dependency": "transitive", - "description": { - "name": "lints", - "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "list_counter": { - "dependency": "transitive", - "description": { - "name": "list_counter", - "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "locale_names": { - "dependency": "direct main", - "description": { - "name": "locale_names", - "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "logging": { - "dependency": "transitive", - "description": { - "name": "logging", - "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "lottie": { - "dependency": "direct main", - "description": { - "name": "lottie", - "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.3.1" - }, - "markdown": { - "dependency": "transitive", - "description": { - "name": "markdown", - "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.3.0" - }, - "matcher": { - "dependency": "transitive", - "description": { - "name": "matcher", - "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.12.17" - }, - "material_color_utilities": { - "dependency": "transitive", - "description": { - "name": "material_color_utilities", - "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.1" - }, - "matrix": { - "dependency": "direct main", - "description": { - "path": ".", - "ref": "braid/msc3861-native-oidc", - "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", - "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" - }, - "source": "git", - "version": "1.1.0" - }, - "matrix_homeserver_recommendations": { - "dependency": "direct main", - "description": { - "name": "matrix_homeserver_recommendations", - "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.1" - }, - "media_kit": { - "dependency": "direct main", - "description": { - "path": "media_kit", - "ref": "braid/stub-template", - "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", - "url": "https://github.com/TheOneWithTheBraid/media-kit.git" - }, - "source": "git", - "version": "1.2.0" - }, - "media_kit_libs_android_video": { - "dependency": "direct overridden", - "description": { - "path": "libs/android/media_kit_libs_android_video", - "ref": "main", - "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", - "url": "https://github.com/Predidit/media-kit.git" - }, - "source": "git", - "version": "1.3.6" - }, - "media_kit_libs_ios_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_ios_video", - "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_linux": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_linux", - "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "media_kit_libs_macos_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_macos_video", - "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_libs_video", - "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.6" - }, - "media_kit_libs_windows_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_windows_video", - "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.11" - }, - "media_kit_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_video", - "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "media_store_plus": { - "dependency": "direct main", - "description": { - "name": "media_store_plus", - "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.3" - }, - "meta": { - "dependency": "transitive", - "description": { - "name": "meta", - "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.16.0" - }, - "mime": { - "dependency": "direct main", - "description": { - "name": "mime", - "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "objective_c": { - "dependency": "transitive", - "description": { - "name": "objective_c", - "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.1.0" - }, - "package_config": { - "dependency": "transitive", - "description": { - "name": "package_config", - "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "package_info_plus": { - "dependency": "transitive", - "description": { - "name": "package_info_plus", - "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "8.3.1" - }, - "package_info_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "package_info_plus_platform_interface", - "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "path": { - "dependency": "transitive", - "description": { - "name": "path", - "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.9.1" - }, - "path_parsing": { - "dependency": "transitive", - "description": { - "name": "path_parsing", - "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "path_provider": { - "dependency": "direct main", - "description": { - "name": "path_provider", - "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.5" - }, - "path_provider_android": { - "dependency": "transitive", - "description": { - "name": "path_provider_android", - "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.17" - }, - "path_provider_foundation": { - "dependency": "transitive", - "description": { - "name": "path_provider_foundation", - "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "path_provider_linux": { - "dependency": "transitive", - "description": { - "name": "path_provider_linux", - "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "path_provider_platform_interface": { - "dependency": "transitive", - "description": { - "name": "path_provider_platform_interface", - "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "path_provider_windows": { - "dependency": "transitive", - "description": { - "name": "path_provider_windows", - "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "petitparser": { - "dependency": "transitive", - "description": { - "name": "petitparser", - "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "platform": { - "dependency": "transitive", - "description": { - "name": "platform", - "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.6" - }, - "plugin_platform_interface": { - "dependency": "transitive", - "description": { - "name": "plugin_platform_interface", - "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.8" - }, - "pointer_interceptor": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor", - "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1+2" - }, - "pointer_interceptor_ios": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_ios", - "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "pointer_interceptor_platform_interface": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_platform_interface", - "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.0+1" - }, - "pointer_interceptor_web": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_web", - "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.3" - }, - "pool": { - "dependency": "transitive", - "description": { - "name": "pool", - "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.1" - }, - "posix": { - "dependency": "transitive", - "description": { - "name": "posix", - "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.3" - }, - "process": { - "dependency": "transitive", - "description": { - "name": "process", - "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.3" - }, - "pub_semver": { - "dependency": "transitive", - "description": { - "name": "pub_semver", - "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "qr": { - "dependency": "transitive", - "description": { - "name": "qr", - "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.2" - }, - "quiver": { - "dependency": "transitive", - "description": { - "name": "quiver", - "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "random_string": { - "dependency": "transitive", - "description": { - "name": "random_string", - "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "receive_sharing_intent": { - "dependency": "direct main", - "description": { - "name": "receive_sharing_intent", - "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "rxdart": { - "dependency": "transitive", - "description": { - "name": "rxdart", - "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.28.0" - }, - "safe_local_storage": { - "dependency": "transitive", - "description": { - "name": "safe_local_storage", - "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "screen_brightness_android": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_android", - "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "screen_brightness_platform_interface": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_platform_interface", - "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "sdp_transform": { - "dependency": "transitive", - "description": { - "name": "sdp_transform", - "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.2" - }, - "sentry": { - "dependency": "direct main", - "description": { - "name": "sentry", - "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.6.0" - }, - "share_plus": { - "dependency": "direct main", - "description": { - "name": "share_plus", - "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "11.1.0" - }, - "share_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "share_plus_platform_interface", - "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "sky_engine": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "slugify": { - "dependency": "transitive", - "description": { - "name": "slugify", - "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "source_map_stack_trace": { - "dependency": "transitive", - "description": { - "name": "source_map_stack_trace", - "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "source_maps": { - "dependency": "transitive", - "description": { - "name": "source_maps", - "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.13" - }, - "source_span": { - "dependency": "transitive", - "description": { - "name": "source_span", - "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.10.1" - }, - "sprintf": { - "dependency": "transitive", - "description": { - "name": "sprintf", - "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.0" - }, - "sqflite": { - "dependency": "direct main", - "description": { - "name": "sqflite", - "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_android": { - "dependency": "transitive", - "description": { - "name": "sqflite_android", - "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "sqflite_common": { - "dependency": "transitive", - "description": { - "name": "sqflite_common", - "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.5.6" - }, - "sqflite_common_ffi": { - "dependency": "direct main", - "description": { - "name": "sqflite_common_ffi", - "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.6" - }, - "sqflite_darwin": { - "dependency": "transitive", - "description": { - "name": "sqflite_darwin", - "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_platform_interface": { - "dependency": "transitive", - "description": { - "name": "sqflite_platform_interface", - "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.0" - }, - "sqlcipher_flutter_libs": { - "dependency": "direct main", - "description": { - "name": "sqlcipher_flutter_libs", - "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "sqlite3": { - "dependency": "transitive", - "description": { - "name": "sqlite3", - "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.9.0" - }, - "stack_trace": { - "dependency": "transitive", - "description": { - "name": "stack_trace", - "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.12.1" - }, - "stream_channel": { - "dependency": "transitive", - "description": { - "name": "stream_channel", - "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "stream_transform": { - "dependency": "transitive", - "description": { - "name": "stream_transform", - "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.1" - }, - "string_scanner": { - "dependency": "transitive", - "description": { - "name": "string_scanner", - "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.1" - }, - "sync_http": { - "dependency": "transitive", - "description": { - "name": "sync_http", - "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.1" - }, - "synchronized": { - "dependency": "transitive", - "description": { - "name": "synchronized", - "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "term_glyph": { - "dependency": "transitive", - "description": { - "name": "term_glyph", - "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2" - }, - "test_api": { - "dependency": "transitive", - "description": { - "name": "test_api", - "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.4" - }, - "test_core": { - "dependency": "transitive", - "description": { - "name": "test_core", - "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "timezone": { - "dependency": "transitive", - "description": { - "name": "timezone", - "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "tint": { - "dependency": "transitive", - "description": { - "name": "tint", - "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "tuple": { - "dependency": "transitive", - "description": { - "name": "tuple", - "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "typed_data": { - "dependency": "transitive", - "description": { - "name": "typed_data", - "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "unifiedpush": { - "dependency": "direct main", - "description": { - "name": "unifiedpush", - "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.2" - }, - "unifiedpush_android": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_android", - "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.1" - }, - "unifiedpush_platform_interface": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_platform_interface", - "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "universal_platform": { - "dependency": "transitive", - "description": { - "name": "universal_platform", - "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "unorm_dart": { - "dependency": "direct main", - "description": { - "name": "unorm_dart", - "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "uri_parser": { - "dependency": "transitive", - "description": { - "name": "uri_parser", - "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "url_launcher": { - "dependency": "direct main", - "description": { - "name": "url_launcher", - "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.2" - }, - "url_launcher_android": { - "dependency": "transitive", - "description": { - "name": "url_launcher_android", - "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.17" - }, - "url_launcher_ios": { - "dependency": "transitive", - "description": { - "name": "url_launcher_ios", - "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.3" - }, - "url_launcher_linux": { - "dependency": "transitive", - "description": { - "name": "url_launcher_linux", - "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "url_launcher_macos": { - "dependency": "transitive", - "description": { - "name": "url_launcher_macos", - "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "url_launcher_platform_interface": { - "dependency": "transitive", - "description": { - "name": "url_launcher_platform_interface", - "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.2" - }, - "url_launcher_web": { - "dependency": "transitive", - "description": { - "name": "url_launcher_web", - "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "url_launcher_windows": { - "dependency": "transitive", - "description": { - "name": "url_launcher_windows", - "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.4" - }, - "uuid": { - "dependency": "transitive", - "description": { - "name": "uuid", - "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.1" - }, - "vector_graphics": { - "dependency": "transitive", - "description": { - "name": "vector_graphics", - "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.19" - }, - "vector_graphics_codec": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_codec", - "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.13" - }, - "vector_graphics_compiler": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_compiler", - "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.17" - }, - "vector_math": { - "dependency": "transitive", - "description": { - "name": "vector_math", - "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "visibility_detector": { - "dependency": "direct main", - "description": { - "name": "visibility_detector", - "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.0+2" - }, - "vm_service": { - "dependency": "transitive", - "description": { - "name": "vm_service", - "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "15.0.0" - }, - "vodozemac": { - "dependency": "direct main", - "description": { - "name": "vodozemac", - "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "volume_controller": { - "dependency": "transitive", - "description": { - "name": "volume_controller", - "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "wakelock_plus": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus", - "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.2" - }, - "wakelock_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus_platform_interface", - "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.3" - }, - "watcher": { - "dependency": "transitive", - "description": { - "name": "watcher", - "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "web": { - "dependency": "direct main", - "description": { - "name": "web", - "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "web_multiple_tab_detector": { - "dependency": "direct main", - "description": { - "name": "web_multiple_tab_detector", - "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.0" - }, - "web_socket": { - "dependency": "transitive", - "description": { - "name": "web_socket", - "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.1" - }, - "webdriver": { - "dependency": "transitive", - "description": { - "name": "webdriver", - "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.0" - }, - "webrtc_interface": { - "dependency": "transitive", - "description": { - "name": "webrtc_interface", - "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2+hotfix.2" - }, - "win32": { - "dependency": "transitive", - "description": { - "name": "win32", - "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.14.0" - }, - "xdg_directories": { - "dependency": "transitive", - "description": { - "name": "xdg_directories", - "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "xml": { - "dependency": "transitive", - "description": { - "name": "xml", - "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.5.0" - }, - "yaml": { - "dependency": "transitive", - "description": { - "name": "yaml", - "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.3" - } - }, - "sdks": { - "dart": ">=3.8.0 <4.0.0", - "flutter": ">=3.29.0" - } -} diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index dc9eae9..6c75edd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -8,21 +8,25 @@ in { options.impermanence = { enable = lib.mkEnableOption "impermanence for home directory"; + fallbackPersistence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkMerge [ (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + assertion = osConfig.host.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) - (lib.mkIf osConfig.host.impermanence.enable { - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 5c14068..e305b6c 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ { home.packages = with pkgs; [ - bitwarden + bitwarden-desktop ]; } ( diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 3fff489..e70cfc8 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -31,6 +31,7 @@ ./freecad.nix ./onionshare.nix ./mfoc.nix + ./noita-entangled-worlds.nix ./pdfarranger.nix ./picard.nix ./qflipper.nix @@ -43,7 +44,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix - ./polycule.nix ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..71b09b2 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -1,19 +1,9 @@ { lib, - pkgs, config, ... }: { - options.programs.discord = { - enable = lib.mkEnableOption "enable discord"; - }; - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - discord - ]; - } ( lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/noita-entangled-worlds.nix b/modules/home-manager-modules/programs/noita-entangled-worlds.nix new file mode 100644 index 0000000..3f3af64 --- /dev/null +++ b/modules/home-manager-modules/programs/noita-entangled-worlds.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + config, + ... +}: { + options = { + programs.noita-entangled-worlds = { + enable = lib.mkEnableOption "Noita Entangled Worlds multiplayer mod"; + }; + }; + + config = lib.mkIf config.programs.noita-entangled-worlds.enable { + home.packages = with pkgs; [ + noita_entangled_worlds + ]; + }; +} diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix deleted file mode 100644 index d0aea2a..0000000 --- a/modules/home-manager-modules/programs/polycule.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.polycule = { - enable = lib.mkEnableOption "enable polycule matrix client"; - package = lib.mkPackageOption pkgs "polycule" {}; - }; - - config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ - { - home.packages = [ - config.programs.polycule.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - # TODO: check that these are actually the correct folders - # directories = [ - # "${config.xdg.configHome}/polycule" - # "${config.xdg.dataHome}/polycule" - # "${config.xdg.cacheHome}/polycule" - # ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 5bc8124..b667c27 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -19,6 +19,10 @@ in { gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; + + promptFooter = lib.mkEnableOption "prompting for footer in conventional commits"; + + showNewVersionNotes = lib.mkEnableOption "showing new version notes for conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { @@ -27,6 +31,8 @@ in { userSettings = { "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + "conventionalCommits.promptFooter" = config.extraExtensions.conventionalCommits.promptFooter; + "conventionalCommits.showNewVersionNotes" = config.extraExtensions.conventionalCommits.showNewVersionNotes; }; }; })); diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 8f366fe..f9d83dc 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix ./claudeDev.nix diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix new file mode 100644 index 0000000..66e9ebe --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.rustAnalyzer = { + enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { + default = ["rust-lang" "rust-analyzer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { + extensions = [ + config.extraExtensions.rustAnalyzer.extension + ]; + }; + })); + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 7735e97..60011cb 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,6 +3,39 @@ lib, ... }: { + # options.storage = { + # zfs = { + # # TODO: enable option + # # when this option is enabled we need to configure and enable disko things + + # # TODO: we need some way of managing notifications + + # # TODO: we need options to configure zfs pools + # # we should have warnings when the configured pool is missing drives + + # # TODO: dataset option that is a submodule that adds datasets to the system + # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + + # # TODO: pools and datasets need to be passed to disko + # }; + + # impermanence = { + # # TODO: enable option + + # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # # Then we should make a dataset for user folders local and persist + # # We should also create datasets for systemd modules that have have impermanence enabled for them + # # we need to figure out what options a dataset can have in zfs + # }; + + # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # # TODO: we should have a way of enabling impermanence for a systemd config + # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # # options for features that can be added to the dataset + # }; + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ @@ -93,6 +126,7 @@ ]; }; + # TODO: this should live in leylas home manager configuration security.sudo.extraConfig = "Defaults lecture=never"; } ) diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix new file mode 100644 index 0000000..4cca449 --- /dev/null +++ b/modules/nixos-modules/server/actual/actual.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + options.services.actual = { + port = lib.mkOption { + type = lib.types.port; + description = "The port to listen on"; + default = 5006; + }; + }; + config = lib.mkIf config.services.actual.enable { + services.actual = { + settings = { + port = config.services.actual.port; + dataDir = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix index 13b068e..14b715e 100644 --- a/modules/nixos-modules/server/actual/const.nix +++ b/modules/nixos-modules/server/actual/const.nix @@ -1,3 +1,3 @@ { - dataDirectory = "/var/lib/actual/"; + dataDirectory = "/var/lib/private/actual"; } diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index 546240e..b59517b 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -1,26 +1,8 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { imports = [ + ./actual.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - }; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5eee95a..d870789 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -6,11 +6,22 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { - config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + options.services.actual = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; } ]; environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index 6ca51e4..9d37574 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -4,17 +4,30 @@ ... }: { options.services.actual = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; + description = "domain that actual will be hosted at"; + default = "actual.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for actual"; + default = []; + }; + reverseProxy.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.services.reverseProxy.enable; }; }; - config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; + config = lib.mkIf config.services.actual.reverseProxy.enable { + services.reverseProxy.services.actual = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + domain = config.services.actual.domain; + extraDomains = config.services.actual.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix index 22fb0e6..70a45d1 100644 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -5,7 +5,14 @@ }: let bazarr_data_directory = "/var/lib/bazarr"; in { - config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + options.services.bazarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.bazarr.impermanence.enable { assertions = [ { assertion = config.services.bazarr.dataDir == bazarr_data_directory; diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix deleted file mode 100644 index fe310d8..0000000 --- a/modules/nixos-modules/server/bazarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.bazarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { - host.reverse_proxy.subdomains.bazarr = { - subdomain = config.services.bazarr.subdomain; - extraSubdomains = config.services.bazarr.extraSubdomains; - target = "http://127.0.0.1:6767"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index 58ff660..d76323a 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -27,9 +27,19 @@ in { show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; downstreams = { - loopback = { - enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; - openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + host = { + enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; + port = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for the host downstream DNS server to listen on."; + }; + openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; + disableSystemdResolved = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; + }; }; }; @@ -79,9 +89,44 @@ in { default = []; description = "List of additional upstream DNS server configurations."; }; + + blocklists = { + ad_malware = { + enable = lib.mkEnableOption "Host file for blocking ads and malware"; + url = lib.mkOption { + type = lib.types.str; + default = "http://sbc.io/hosts/hosts"; + description = "URL of the ad and malware blocklist host file"; + }; + }; + }; + + extraBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional blocklist URLs to be added to the configuration"; + }; }; config = lib.mkIf cfg.enable { + # Assertions for proper configuration + assertions = [ + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); + message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; + } + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); + message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; + } + ]; + + # Automatically disable systemd-resolved if using port 53 + services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); + + # Configure DNS nameservers when disabling systemd-resolved + networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); + services.crab-hole.settings = lib.mkMerge [ { api = { @@ -91,13 +136,17 @@ in { }; downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; + blocklist.lists = cfg.extraBlocklists; } - (lib.mkIf cfg.downstreams.loopback.enable { + (lib.mkIf cfg.blocklists.ad_malware.enable { + blocklist.lists = [cfg.blocklists.ad_malware.url]; + }) + (lib.mkIf cfg.downstreams.host.enable { downstream = [ { protocol = "udp"; - listen = "localhost"; - port = 53; + listen = "0.0.0.0"; + port = cfg.downstreams.host.port; } ]; }) @@ -136,8 +185,8 @@ in { (lib.mkIf cfg.openFirewall { allowedTCPPorts = [cfg.port]; }) - (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { - allowedUDPPorts = [53]; + (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { + allowedUDPPorts = [cfg.downstreams.host.port]; }) ]; }; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 455e593..51efc0c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,14 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.crab-hole = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.crab-hole.impermanence.enable { assertions = [ { assertion = diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 57874d5..2b33089 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,10 +1,9 @@ {...}: { imports = [ - ./reverse_proxy.nix - ./fail2ban.nix - ./postgres.nix + ./reverseProxy + ./fail2ban + ./postgres ./network_storage - ./podman.nix ./actual ./bazarr @@ -18,7 +17,7 @@ ./lidarr ./panoramax ./paperless - ./qbittorent.nix + ./qbittorent ./radarr ./searx ./sonarr diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix deleted file mode 100644 index d19aeeb..0000000 --- a/modules/nixos-modules/server/fail2ban.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix new file mode 100644 index 0000000..30fca99 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./fail2ban.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix new file mode 100644 index 0000000..261c68f --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/fail2ban.nix @@ -0,0 +1,51 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + }; + + services.fail2ban = { + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix new file mode 100644 index 0000000..6e214b3 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + options.services.fail2ban = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.fail2ban.impermanence.enable { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix index b568a56..4544e75 100644 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + options.services.flaresolverr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.flaresolverr.impermanence.enable { # FlareSolverr typically doesn't need persistent storage as it's a proxy service # but we'll add basic structure in case it's needed for logs or configuration environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix deleted file mode 100644 index 5b8dd4c..0000000 --- a/modules/nixos-modules/server/flaresolverr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { - host.reverse_proxy.subdomains.flaresolverr = { - subdomain = config.services.flaresolverr.subdomain; - extraSubdomains = config.services.flaresolverr.extraSubdomains; - target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix index 0417aab..bb8781c 100644 --- a/modules/nixos-modules/server/forgejo/database.nix +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -2,40 +2,31 @@ lib, config, ... -}: { - config = lib.mkIf config.services.forgejo.enable ( - lib.mkMerge [ +}: let + usingPostgres = config.services.forgejo.database.type == "postgres"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; - message = "Forgejo database type must be postgres"; - } - ]; + assertion = !usingPostgres || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when Forgejo database type is postgres"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - forgejo = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - forgejo = { - name = "forgejo"; - }; - }; - }; - }; - }) - ] - ); + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); + message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); + message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; + + systemd.services.forgejo = lib.mkIf usingPostgres { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 1fdc8d9..4333f69 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -1,53 +1,9 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { imports = [ + ./forgejo.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix index 213c804..dfe221a 100644 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + options.services.forgejo = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.fail2ban.enable; + }; + }; + }; + + config = lib.mkIf config.services.forgejo.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix new file mode 100644 index 0000000..70d3087 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/forgejo.nix @@ -0,0 +1,46 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.services.forgejo.reverseProxy.domain; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix index 04f21a5..6fe3de8 100644 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -5,7 +5,14 @@ }: let stateDir = "/var/lib/forgejo"; in { - config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + options.services.forgejo = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.forgejo.impermanence.enable { assertions = [ { assertion = config.services.forgejo.stateDir == stateDir; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 51f769d..c2d3131 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -7,16 +7,33 @@ httpPort = const.httpPort; in { options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.reverseProxy.enable; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "domain that forgejo will be hosted at"; + default = "git.jan-leila.com"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for forgejo"; + default = []; + }; }; }; - config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + config = lib.mkIf config.services.forgejo.reverseProxy.enable { + services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; + domain = config.services.forgejo.reverseProxy.domain; + extraDomains = config.services.forgejo.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix index 0ac8002..f1927ed 100644 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -2,55 +2,52 @@ lib, config, ... -}: let - dbUser = "hass"; -in { - config = lib.mkIf config.services.home-assistant.enable ( - lib.mkMerge [ +}: { + options.services.home-assistant = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database name"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.home-assistant.database == "postgres"; - message = "Home Assistant database type must be postgres"; - } - ]; + assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; + ]; - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; + services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + enable = true; + user = config.services.home-assistant.postgres.user; + database = config.services.home-assistant.postgres.database; + }; - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - ] - ); + services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 83d8ba7..b6f9356 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -1,112 +1,10 @@ { - lib, - config, - ... -}: { imports = [ + ./home-assistant.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; - - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); } diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix index 6ac5900..25194ef 100644 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -3,36 +3,46 @@ pkgs, config, ... -}: -lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); +}: { + options.services.home-assistant = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.home-assistant.enable; + }; + }; }; - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; + config = lib.mkIf config.services.home-assistant.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; }; }; }; diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix new file mode 100644 index 0000000..fa58d5e --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/home-assistant.nix @@ -0,0 +1,104 @@ +{ + lib, + config, + ... +}: { + options.services.home-assistant = { + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.domain}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index ba8f20d..b756459 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -4,29 +4,39 @@ ... }: { options.services.home-assistant = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; + description = "domain that home-assistant will be hosted at"; + default = "home-assistant.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for home-assistant"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.services.home-assistant.enable; + }; }; }; - config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + config = lib.mkIf config.services.home-assistant.reverseProxy.enable { + services.reverseProxy.services.home-assistant = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + domain = config.services.home-assistant.domain; + extraDomains = config.services.home-assistant.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 90; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix index 74b1aaa..52af51e 100644 --- a/modules/nixos-modules/server/immich/database.nix +++ b/modules/nixos-modules/server/immich/database.nix @@ -3,24 +3,28 @@ config, ... }: { - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - }) - ]); + config = lib.mkIf config.services.immich.enable { + assertions = [ + { + assertion = !config.services.immich.database.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Immich"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); + message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); + message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency + + systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix index c9ec87b..21593e7 100644 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + options.services.immich = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.immich.enable; + }; + }; + }; + + config = lib.mkIf config.services.immich.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix index f63d178..56e51d0 100644 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -5,7 +5,14 @@ }: let mediaLocation = "/var/lib/immich"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.immich = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.immich.impermanence.enable { assertions = [ { assertion = config.services.immich.mediaLocation == mediaLocation; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index dae2420..9c8c165 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -4,31 +4,40 @@ ... }: { options.services.immich = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; + description = "domain that immich will be hosted at"; + default = "immich.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for immich"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; + config = lib.mkIf config.services.immich.reverseProxy.enable { + services.reverseProxy.services.immich = { + target = "http://localhost:${toString config.services.immich.port}"; + domain = config.services.immich.domain; + extraDomains = config.services.immich.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; + maxBodySize = 50000; - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 600; + }; }; }; }; diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix index 5826a54..24fc5e6 100644 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -5,7 +5,14 @@ }: let jackett_data_directory = "/var/lib/jackett/.config/Jackett"; in { - config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + options.services.jackett = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jackett.impermanence.enable { assertions = [ { assertion = config.services.jackett.dataDir == jackett_data_directory; diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix deleted file mode 100644 index af5fa79..0000000 --- a/modules/nixos-modules/server/jackett/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.jackett = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { - host.reverse_proxy.subdomains.jackett = { - subdomain = config.services.jackett.subdomain; - extraSubdomains = config.services.jackett.extraSubdomains; - target = "http://127.0.0.1:9117"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 0d88481..2dbdcfd 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -1,38 +1,8 @@ { - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { imports = [ + ./jellyfin.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; } diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix index e0b3b5d..cbcb54f 100644 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -6,7 +6,14 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + options.services.jellyfin = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jellyfin.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix new file mode 100644 index 0000000..9bfa921 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/jellyfin.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + options.services.jellyfin = { + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 1020a19..35289e7 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -6,33 +6,36 @@ jellyfinPort = 8096; in { options.services.jellyfin = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; + description = "domain that jellyfin will be hosted at"; + default = "jellyfin.arpa"; }; - extraSubdomains = lib.mkOption { + extraDomains = lib.mkOption { type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; + description = "extra domains that should be configured for jellyfin"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.jellyfin = { + config = lib.mkIf config.services.jellyfin.reverseProxy.enable { + services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; + domain = config.services.jellyfin.domain; + extraDomains = config.services.jellyfin.extraDomains; - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; + settings = { + forwardHeaders.enable = true; + maxBodySize = 20; + noSniff.enable = true; + proxyBuffering.enable = false; + }; }; }; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix index 689b924..5d3aa3f 100644 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -5,7 +5,14 @@ }: let lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; in { - config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + options.services.lidarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.lidarr.impermanence.enable { assertions = [ { assertion = config.services.lidarr.dataDir == lidarr_data_directory; diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix deleted file mode 100644 index 0146ccf..0000000 --- a/modules/nixos-modules/server/lidarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.lidarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { - host.reverse_proxy.subdomains.lidarr = { - subdomain = config.services.lidarr.subdomain; - extraSubdomains = config.services.lidarr.extraSubdomains; - target = "http://127.0.0.1:8686"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index eaac7fe..cd100ab 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -1,90 +1,6 @@ { - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { imports = [ + ./network_storage.nix ./nfs.nix ]; - - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); } diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix new file mode 100644 index 0000000..ebc3bee --- /dev/null +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.str; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.str; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 8679f9a..1721726 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -3,32 +3,46 @@ config, ... }: { - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; + options.services.panoramax = { + database = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database name"; }; }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.panoramax.database.name} = { - name = config.services.panoramax.database.user; - }; - }; - }; - }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable { + assertions = [ + { + assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Panoramax"; } - ) - ]); + ]; + + services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + enable = true; + user = config.services.panoramax.database.postgres.user; + database = config.services.panoramax.database.postgres.database; + }; + + systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 41b1401..e25ef92 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { + options.services.panoramax = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.panoramax.impermanence.enable { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 79f9326..7cd7111 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -4,31 +4,35 @@ ... }: { options.services.panoramax = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; + description = "domain that panoramax will be hosted at"; + default = "panoramax.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for panoramax"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; + config = lib.mkIf config.services.panoramax.reverseProxy.enable { + services.reverseProxy.services.panoramax = { + target = "http://localhost:${toString config.services.panoramax.port}"; + domain = config.services.panoramax.domain; + extraDomains = config.services.panoramax.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; + maxBodySize = 100000; + timeout = 300; }; }; }; diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix index 6f4ce51..c63e59d 100644 --- a/modules/nixos-modules/server/paperless/database.nix +++ b/modules/nixos-modules/server/paperless/database.nix @@ -3,32 +3,28 @@ lib, ... }: { - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; + config = lib.mkIf config.services.paperless.enable { + assertions = [ + { + assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using local postgres database for Paperless"; } - ) - ]); + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); + message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); + message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.paperless.database.createLocally = lib.mkDefault true; + + systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index a6878eb..7e5e16b 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -1,35 +1,9 @@ { - config, - lib, - ... -}: { imports = [ + ./paperless.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; } diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix index d9e17bd..fc87ea7 100644 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -5,7 +5,14 @@ }: let dataDir = "/var/lib/paperless"; in { - config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + options.services.paperless = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.paperless.impermanence.enable { assertions = [ { assertion = config.services.paperless.dataDir == dataDir; diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix new file mode 100644 index 0000000..5bcbfed --- /dev/null +++ b/modules/nixos-modules/server/paperless/paperless.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + options.services.paperless = { + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 2910f07..9d152c9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,29 @@ ... }: { options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + config = lib.mkIf config.services.paperless.reverseProxy.enable { + services.reverseProxy.services.paperless = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + domain = config.services.paperless.domain; + extraDomains = config.services.paperless.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; + maxBodySize = 50000; }; }; }; diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix deleted file mode 100644 index 9301140..0000000 --- a/modules/nixos-modules/server/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: { - options.host.podman = { - enable = lib.mkEnableOption "should podman be enabled on this computer"; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - }; - config = lib.mkIf config.host.podman.enable { - systemd = { - services = { - # "podman-network-macvlan" = { - # path = [pkgs.podman]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # ExecStop = "podman network rm -f macvlan"; - # }; - # script = '' - # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - # ''; - # partOf = ["podman-compose-root.target"]; - # wantedBy = ["podman-compose-root.target"]; - # }; - }; - # disable computer sleeping - targets = { - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; - }; - }; - - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - # defaultNetwork.settings = { - # # Required for container networking to be able to use names. - # dns_enabled = true; - # }; - }; - - oci-containers = { - backend = "podman"; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix deleted file mode 100644 index 71ce44c..0000000 --- a/modules/nixos-modules/server/postgres.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/postgresql/16"; - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; -in { - options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - })); - default = {}; - }; - extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ - { - services = { - postgresql = { - enable = true; - package = pkgs.postgresql_16; - ensureUsers = - [ - { - name = "postgres"; - } - ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix new file mode 100644 index 0000000..abf4ade --- /dev/null +++ b/modules/nixos-modules/server/postgres/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./postgres.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix new file mode 100644 index 0000000..a67fb1a --- /dev/null +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix new file mode 100644 index 0000000..af7d1b4 --- /dev/null +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -0,0 +1,122 @@ +{ + config, + lib, + pkgs, + ... +}: let + enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; + extraDatabasesList = config.services.postgresql.extraDatabases; + + serviceDatabaseUsers = lib.mapAttrsToList (_: db: { + name = db.user; + ensureDBOwnership = true; + }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); + + extraDatabaseUsers = + builtins.map (dbName: { + name = dbName; + ensureDBOwnership = true; + }) + extraDatabasesList; + + serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; + extraDatabaseNames = extraDatabasesList; + + serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; + extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; + + builtinServiceMappings = let + forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; + immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; + paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; + in + forgejoMapping ++ immichMapping ++ paperlessMapping; +in { + options = { + services.postgresql = { + databases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to create this database and user"; + }; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database name"; + }; + ensureUser = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to ensure the user exists"; + }; + }; + })); + default = {}; + description = "Databases to create for services"; + }; + + extraDatabases = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional databases to create (user name will match database name)"; + example = ["custom_db" "test_db"]; + }; + + adminUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "System users who should have PostgreSQL superuser access"; + example = ["leyla" "admin"]; + }; + }; + }; + + config = lib.mkIf config.services.postgresql.enable { + services = { + postgresql = { + package = pkgs.postgresql_16; + + ensureUsers = + [ + {name = "postgres";} + ] + ++ serviceDatabaseUsers ++ extraDatabaseUsers; + + ensureDatabases = serviceDatabases ++ extraDatabaseNames; + + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) + ); + + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=user_map + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 2d54587..0000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix new file mode 100644 index 0000000..f7511e6 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./qbittorent.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix new file mode 100644 index 0000000..1489e7d --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + options.services.qbittorrent = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.qbittorrent.impermanence.enable { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_profile_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix new file mode 100644 index 0000000..44603c8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/qbittorent.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: { + options.services.qbittorrent = { + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable { + # Main qbittorrent configuration goes here if needed + }; +} diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix index 4a3242c..c948e3a 100644 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -5,7 +5,14 @@ }: let radarr_data_directory = "/var/lib/radarr/.config/Radarr"; in { - config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + options.services.radarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.radarr.impermanence.enable { assertions = [ { assertion = config.services.radarr.dataDir == radarr_data_directory; diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix deleted file mode 100644 index ec5f575..0000000 --- a/modules/nixos-modules/server/radarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.radarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { - host.reverse_proxy.subdomains.radarr = { - subdomain = config.services.radarr.subdomain; - extraSubdomains = config.services.radarr.extraSubdomains; - target = "http://127.0.0.1:7878"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix new file mode 100644 index 0000000..5d57175 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./reverseProxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix new file mode 100644 index 0000000..7af55df --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/impermanence.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix new file mode 100644 index 0000000..eecc9bf --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -0,0 +1,176 @@ +{ + lib, + config, + ... +}: { + options.services.reverseProxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + openFirewall = lib.mkEnableOption "open the firewall"; + refuseUnmatchedDomains = lib.mkOption { + type = lib.types.bool; + description = "refuse connections for domains that don't match any configured virtual hosts"; + default = true; + }; + ports = { + http = lib.mkOption { + type = lib.types.port; + description = "HTTP port for the reverse proxy"; + default = 80; + }; + https = lib.mkOption { + type = lib.types.port; + description = "HTTPS port for the reverse proxy"; + default = 443; + }; + }; + acme = { + enable = lib.mkOption { + type = lib.types.bool; + description = "enable ACME certificate management"; + default = true; + }; + email = lib.mkOption { + type = lib.types.str; + description = "email address for ACME certificate registration"; + }; + }; + services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + target = lib.mkOption { + type = lib.types.str; + description = "what url will all traffic to this application be forwarded to"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + settings = { + certificateRenewal.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + forceSSL.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + proxyHeaders = { + enable = lib.mkEnableOption "should we proxy headers"; + timeout = lib.mkOption { + type = lib.types.int; + default = 60; + }; + }; + proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; + proxyBuffering.enable = lib.mkOption { + type = lib.types.bool; + description = "should proxy buffering be enabled"; + default = true; + }; + maxBodySize = lib.mkOption { + type = lib.types.nullOr lib.types.int; + description = ""; + default = null; + }; + }; + }; + })); + }; + }; + + config = let + httpPort = config.services.reverseProxy.ports.http; + httpsPort = config.services.reverseProxy.ports.https; + in + lib.mkIf config.services.reverseProxy.enable { + security.acme = lib.mkIf config.services.reverseProxy.acme.enable { + acceptTerms = true; + defaults.email = config.services.reverseProxy.acme.email; + }; + + services.nginx = { + enable = true; + virtualHosts = lib.mkMerge ( + (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ + { + "_" = { + default = true; + serverName = "_"; + locations."/" = { + extraConfig = '' + return 444; + ''; + }; + }; + } + ]) + ++ lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: service: let + hostConfig = { + forceSSL = service.settings.forceSSL.enable; + enableACME = service.settings.certificateRenewal.enable; + locations = { + "/" = { + proxyPass = service.target; + proxyWebsockets = service.settings.proxyWebsockets.enable; + recommendedProxySettings = service.settings.forwardHeaders.enable; + extraConfig = let + # Client upload size configuration + maxBodySizeConfig = + lib.optionalString (service.settings.maxBodySize != null) + "client_max_body_size ${toString service.settings.maxBodySize}M;"; + + # Security header configuration + noSniffConfig = + lib.optionalString service.settings.noSniff.enable + "add_header X-Content-Type-Options nosniff;"; + + # Proxy buffering configuration + proxyBufferingConfig = + lib.optionalString (!service.settings.proxyBuffering.enable) + "proxy_buffering off;"; + + # Proxy timeout configuration + proxyTimeoutConfig = + lib.optionalString service.settings.proxyHeaders.enable + '' + proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; + ''; + in + maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; + }; + }; + }; + in ( + [ + { + ${service.domain} = hostConfig; + } + ] + ++ builtins.map (domain: {${domain} = hostConfig;}) + service.extraDomains + ) + ) + config.services.reverseProxy.services + ) + ); + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ + httpPort + httpsPort + ]; + }; +} diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix deleted file mode 100644 index 26b4374..0000000 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; - httpPort = 80; - httpsPort = 443; -in { - options.host.reverse_proxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - hostname = lib.mkOption { - type = lib.types.str; - description = "what host name are we going to be proxying from"; - }; - forceSSL = lib.mkOption { - type = lib.types.bool; - description = "force connections to use https"; - default = config.host.reverse_proxy.enableACME; - }; - enableACME = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - - websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - These lines go to the end of the upstream verbatim. - ''; - }; - }; - })); - }; - }; - - config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ - { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: value: let - hostConfig = { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations = { - "/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets.enable; - recommendedProxySettings = value.forwardHeaders.enable; - extraConfig = - value.extraConfig; - }; - }; - }; - in ( - [ - { - ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; - } - ] - ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) - value.extraSubdomains - ) - ) - config.host.reverse_proxy.subdomains - ) - ); - }; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - # TODO: figure out how to write an assertion for this - # assertions = [ - # { - # assertion = security.acme.certs..directory == dataDir; - # message = "postgres data directory does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index ac84c1d..5426380 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -1,63 +1,6 @@ { - config, - lib, - inputs, - ... -}: { imports = [ + ./searx.nix ./proxy.nix ]; - - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; } diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index 0c1eae1..e994e4a 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,18 +4,27 @@ ... }: { options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.searx.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; + config = lib.mkIf config.services.searx.reverseProxy.enable { + services.reverseProxy.services.searx = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + domain = config.services.searx.domain; + extraDomains = config.services.searx.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix new file mode 100644 index 0000000..d4d4012 --- /dev/null +++ b/modules/nixos-modules/server/searx/searx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: { + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix index abc843c..5b90ee9 100644 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -5,7 +5,14 @@ }: let sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; in { - config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + options.services.sonarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.sonarr.impermanence.enable { assertions = [ { assertion = config.services.sonarr.dataDir == sonarr_data_directory; diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix deleted file mode 100644 index 22b90a6..0000000 --- a/modules/nixos-modules/server/sonarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.sonarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { - host.reverse_proxy.subdomains.sonarr = { - subdomain = config.services.sonarr.subdomain; - extraSubdomains = config.services.sonarr.extraSubdomains; - target = "http://127.0.0.1:8989"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index 4894dd4..c9a1474 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -37,9 +37,9 @@ openwakeword = { enable = true; uri = "tcp://0.0.0.0:10400"; - preloadModels = [ - "ok_nabu" - ]; + # preloadModels = [ + # "ok_nabu" + # ]; # TODO: custom models }; }; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..0a82116 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -16,6 +16,8 @@ }; }; }; + + programs.ssh.kexAlgorithms = config.services.openssh.settings.KexAlgorithms; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index bf43041..96f54d5 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,7 +1,7 @@ { config, lib, - outputs, + syncthingConfiguration, ... }: let mountDir = "/mnt/sync"; @@ -27,7 +27,7 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - configuration = outputs.syncthingConfiguration; + configuration = syncthingConfiguration; deviceName = config.networking.hostName; }; } diff --git a/rebuild.sh b/rebuild.sh index 6750450..48746d9 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -18,6 +18,7 @@ else fi show_trace=false +clean_vm=false while [ $# -gt 0 ]; do case "$1" in @@ -50,6 +51,9 @@ while [ $# -gt 0 ]; do --show-trace) show_trace=true ;; + --clean-vm) + clean_vm=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: defaults to the current system" @@ -58,6 +62,8 @@ while [ $# -gt 0 ]; do echo " currently: ${target:-$default_target}" echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" echo " currently would be: $default_mode" + echo " Available modes: switch, test, build, boot, vm" + echo " 'vm' mode builds and starts a virtual machine" echo "--user -u: defaults to the current user" echo " currently: $default_user" echo "--host: defaults to building on the current machine" @@ -65,6 +71,7 @@ while [ $# -gt 0 ]; do echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "--clean-vm: remove existing VM disk (nixos.qcow2) before building" echo "" echo "Branch-aware behavior:" echo " - On non-main branches: defaults to test mode with warning" @@ -90,6 +97,20 @@ flake=${flake:-$target} mode=${mode:-$default_mode} user=${user:-$default_user} +# Validate mode +valid_modes="switch test build boot vm" +if [[ ! " $valid_modes " =~ " $mode " ]]; then + echo "Error: Invalid mode '$mode'" + echo "Valid modes are: $valid_modes" + exit 1 +fi + +# Clean VM disk if requested +if [[ "$clean_vm" = true ]] && [[ -f "nixos.qcow2" ]]; then + echo "Removing existing VM disk: nixos.qcow2" + rm nixos.qcow2 +fi + # Branch-aware warnings and behavior if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" @@ -101,26 +122,39 @@ elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" ! echo " git checkout -b feature/your-feature-name" fi -command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" +if [[ "$mode" == "vm" ]]; then + command="nix build .#nixosConfigurations.$flake.config.system.build.vm" + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command + + if [[ $? -eq 0 ]] && [[ -d "result" ]]; then + echo "Starting VM..." + QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset + fi +else + command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" + + if [[ $host ]]; then + command="$command --build-host $host" + fi -if [[ $host ]]; -then - command="$command --build-host $host" + if [[ "$target" != "$(hostname)" ]]; then + command="$command --target-host $user@$target" + fi + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command fi -if [[ "$target" != "$(hostname)" ]]; -then - command="$command --target-host $user@$target" -fi - -if [[ "$show_trace" = true ]]; -then - command="$command --show-trace" -fi - -echo $command -$command - if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; diff --git a/util/default.nix b/util/default.nix index fb2f83d..66e300b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -52,6 +52,12 @@ home-manager-config ../modules/system-modules ]; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; in { forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); @@ -62,19 +68,9 @@ in { (lib.mkUnless condition no) ]; - mkNixosInstaller = host: userKeys: - nixpkgs.lib.nixosSystem { - modules = [ - { - # TODO: authorized keys for all users and hosts - } - ../configurations/nixos/${host} - ]; - }; - mkNixosSystem = host: nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs util;}; + specialArgs = {inherit inputs outputs util syncthingConfiguration;}; modules = system-modules ++ [ @@ -83,7 +79,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -119,10 +115,4 @@ in { ../configurations/home-manager/${user} ]; }; - - syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { - modules = [ - (import ../configurations/syncthing) - ]; - }; } From b45d08e30d89dbaa05552d9a650a8957bdf0d781 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 16:07:04 -0600 Subject: [PATCH 327/374] feat: installed gnome-boxes for eve --- configurations/nixos/emergent/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index fd27374..156344e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -109,6 +109,7 @@ # See https://search.nixos.org/packages for all options environment.systemPackages = with pkgs; [ wget + gnome-boxes ]; # Packages that need to be installed with some extra configuration From be8126e2c540c5e8cb7921527fc205351c2f3922 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:21:55 -0600 Subject: [PATCH 328/374] feat: switched to wayland --- .../nixos/twilight/configuration.nix | 4 - configurations/nixos/twilight/monitors.nix | 199 ------------------ .../nixos/twilight/nvidia-drivers.nix | 5 +- 3 files changed, 3 insertions(+), 205 deletions(-) delete mode 100644 configurations/nixos/twilight/monitors.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 477c517..d02af0a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -4,10 +4,6 @@ pkgs, ... }: { - imports = [ - ./monitors.nix - ]; - nixpkgs.config.allowUnfree = true; boot.initrd.availableKernelModules = ["usb_storage"]; diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix deleted file mode 100644 index 1308f50..0000000 --- a/configurations/nixos/twilight/monitors.nix +++ /dev/null @@ -1,199 +0,0 @@ -{pkgs, ...}: { - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; -} diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d875e37..2842d0a 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -4,8 +4,9 @@ # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; }; - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; + # Temporarily enable wayland to fix boot issue + # TODO: Investigate proper X11 session generation for gaming + displayManager.gdm.wayland = true; }; hardware = { From 04777cfb8f0a549576c187c189e0718cf6d89815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:43:03 -0600 Subject: [PATCH 329/374] feat: removed xterm --- modules/nixos-modules/desktop.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 6686ee3..66a2433 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -47,6 +47,9 @@ # Get rid of xTerm desktopManager.xterm.enable = false; + excludePackages = with pkgs; [ + xterm + ]; }; # Enable the GNOME Desktop Environment. From 719a21a95e57476e098f332d0dc9cc7417dfd2fb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:44:49 -0600 Subject: [PATCH 330/374] feat: switched emergent to using wayland --- configurations/nixos/emergent/nvidia-drivers.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b532446..05b7205 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: { +{config, ...}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -16,7 +11,7 @@ videoDrivers = ["nvidia"]; }; # Use X instead of wayland - displayManager.gdm.wayland = false; + displayManager.gdm.wayland = true; }; hardware.nvidia = { From a0807b014c087a03dc585076ff455152af7de82f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 20:29:03 -0600 Subject: [PATCH 331/374] feat: moved logs to impermanence --- modules/nixos-modules/storage/storage.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 2247559..5f9f6f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -53,13 +53,6 @@ in { relatime = "off"; }; }; - replicate = { - "system/var/log" = { - impermanence.enable = false; - type = "zfs_fs"; - mount = "/var/log"; - }; - }; }; }) (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { @@ -107,6 +100,12 @@ in { autoSnapshot = true; }; }; + "system/var/log" = { + type = "zfs_fs"; + directories = { + "/var/log".enable = true; + }; + }; }; }; From e21cfeab94e107e47238702e319543e7c5789289 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 21:31:08 -0600 Subject: [PATCH 332/374] feat: switched emergent to wayland --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b532446..0fc51ac 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -16,7 +16,7 @@ videoDrivers = ["nvidia"]; }; # Use X instead of wayland - displayManager.gdm.wayland = false; + displayManager.gdm.wayland = true; }; hardware.nvidia = { From 765dde3f0fc28a028d2414a5c5f57a46df08afc5 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 21:53:23 -0600 Subject: [PATCH 333/374] fix: fixed gnome boxes --- configurations/nixos/emergent/configuration.nix | 7 +++++++ configurations/nixos/emergent/hardware-configuration.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 156344e..bf6c553 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -69,6 +69,12 @@ }; }; + virtualisation.libvirtd.enable = true; + + users.users.eve = { + extraGroups = [ "libvirtd" ]; + }; + services.tailscale.enable = true; # We were having weird build errors so this is disabled right now # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option @@ -110,6 +116,7 @@ environment.systemPackages = with pkgs; [ wget gnome-boxes + libvirt ]; # Packages that need to be installed with some extra configuration diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix index 67149df..b077f9c 100644 --- a/configurations/nixos/emergent/hardware-configuration.nix +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -12,7 +12,7 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom" "kvm" "kvm_amd"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; From 9ed0958463de57a39a903ee82b65584fb4a003ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 10:05:59 -0600 Subject: [PATCH 334/374] feat: installed android studio for leyla --- .../home-manager/leyla/packages/default.nix | 1 + .../nixos/emergent/configuration.nix | 2 +- .../programs/android-studio.nix | 35 +++++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + 4 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/android-studio.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bc41350..0917d04 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -46,6 +46,7 @@ in { }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; + android-studio.enable = true; makemkv.enable = true; discord.enable = true; signal-desktop-bin.enable = true; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index bf6c553..958b423 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -72,7 +72,7 @@ virtualisation.libvirtd.enable = true; users.users.eve = { - extraGroups = [ "libvirtd" ]; + extraGroups = ["libvirtd"]; }; services.tailscale.enable = true; diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix new file mode 100644 index 0000000..0f76276 --- /dev/null +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -0,0 +1,35 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.android-studio = { + enable = lib.mkEnableOption "enable android-studio"; + }; + + config = lib.mkIf config.programs.android-studio.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + android-studio + ]; + } + # TODO: create this + # ( + # lib.mkIf config.impermanence.enable { + # home.persistence."/persist${config.home.homeDirectory}" = { + # directories = [ + # # configuration + # "${config.xdg.configHome}/Google/AndroidStudio" + # # Android SDK + # ".android" + # # Gradle cache + # ".gradle" + # # Android Studio projects cache + # "${config.xdg.cacheHome}/Google/AndroidStudio" + # ]; + # }; + # } + # ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index e70cfc8..5b3a169 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./android-studio.nix ./firefox.nix ./signal.nix ./bitwarden.nix From dce767403a75902c0a002537cf9f3107296e2835 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 15:12:26 -0600 Subject: [PATCH 335/374] feat: updated flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index a3c552f..607a09c 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1763697825, - "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", + "lastModified": 1764332086, + "narHash": "sha256-sQTS3T4nNU/he+X62q5aflqSLx2zs4A8/cx3QsLc0Vw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", + "rev": "fdc5a0a8a7cf1eb4d134ee42f62c56f293781a0e", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1763748372, - "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1763505477, - "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1763690163, - "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", + "lastModified": 1764294946, + "narHash": "sha256-8BObMeUmCAZW1BTMUQGRGiz9tpNkVt/6/+blpS9Xxgk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "590349d9faeb398a037205c2927ffbaede980539", + "rev": "134c052c3213dc69ed881e41383b8ed29c5ffe72", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1764328224, + "narHash": "sha256-hFyF1XQd+XrRx7WZCrGJp544dykexD8Q5SrJJZpEQYg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "d62603a997438e19182af69d3ce7be07565ecad4", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -352,11 +352,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1764204484, - "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "lastModified": 1764349553, + "narHash": "sha256-ZOWEZK/pZLri/jEK1J8TEbjtwpIjXwCTH9F4gbor9qQ=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "rev": "01aac406df2c6d0a10faa19083d608bdf90cf3a9", "type": "github" }, "original": { @@ -429,11 +429,11 @@ ] }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { From c01ca13fcb1cf5a36b67a5a82d7d3eb66dfc51d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 15:45:38 -0600 Subject: [PATCH 336/374] feat: installed docker on horizon --- configurations/nixos/horizon/configuration.nix | 2 ++ modules/nixos-modules/users.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0e86fe7..dd5975c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -85,6 +85,8 @@ }; }; + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 987e080..127c180 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -113,7 +113,7 @@ in { description = "Leyla"; extraGroups = (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout" "docker"]) ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; isNormalUser = host.users.leyla.isNormalUser; From 1c12c96efe711aac5d1909b3beab661df5276ef1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Nov 2025 12:26:57 -0600 Subject: [PATCH 337/374] feat: fixed disk names for twilight --- configurations/nixos/twilight/hardware-configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 94c83d6..1288343 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -18,12 +18,12 @@ fileSystems = { "/" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part2"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part2"; fsType = "ext4"; }; "/boot" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part1"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part1"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; From 8060e39b1193608d93821c6a27c098000053e7ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Nov 2025 13:46:25 -0600 Subject: [PATCH 338/374] feat: updated android studio config to match new patter --- .../programs/android-studio.nix | 29 ++++++++----------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix index 0f76276..7c60e6e 100644 --- a/modules/home-manager-modules/programs/android-studio.nix +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -14,22 +14,17 @@ android-studio ]; } - # TODO: create this - # ( - # lib.mkIf config.impermanence.enable { - # home.persistence."/persist${config.home.homeDirectory}" = { - # directories = [ - # # configuration - # "${config.xdg.configHome}/Google/AndroidStudio" - # # Android SDK - # ".android" - # # Gradle cache - # ".gradle" - # # Android Studio projects cache - # "${config.xdg.cacheHome}/Google/AndroidStudio" - # ]; - # }; - # } - # ) + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist/replicate/home" = { + directories = [ + "${config.xdg.configHome}/Google/AndroidStudio" + ".android" + ".gradle" + "${config.xdg.cacheHome}/Google/AndroidStudio" + ]; + }; + } + ) ]); } From 8cd453844ab495080a1d153ea4b1320e95115e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Dec 2025 20:15:31 -0600 Subject: [PATCH 339/374] feat: updated flake.lock --- .../nixos/defiant/configuration.nix | 2 - flake.lock | 68 +++++++++---------- .../home-manager-modules/programs/calibre.nix | 4 -- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e2f9401..d204c71 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -245,8 +245,6 @@ enable = true; exposePort = true; - acceleration = false; - environmentVariables = { OLLAMA_KEEP_ALIVE = "24h"; }; diff --git a/flake.lock b/flake.lock index 607a09c..188cb09 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1764350888, - "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1764332086, - "narHash": "sha256-sQTS3T4nNU/he+X62q5aflqSLx2zs4A8/cx3QsLc0Vw=", + "lastModified": 1765253041, + "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fdc5a0a8a7cf1eb4d134ee42f62c56f293781a0e", + "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1765121682, + "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1764361670, - "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", + "lastModified": 1765217760, + "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", "owner": "nix-community", "repo": "home-manager", - "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", + "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1763435414, - "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", + "lastModified": 1764519849, + "narHash": "sha256-XnNABKfIYKSimQVvKc9FnlC2H0LurOhd9MS6l0Z67lE=", "ref": "refs/heads/main", - "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", - "revCount": 169, + "rev": "6c95c0b6f73f831226453fc6905c216ab634c30f", + "revCount": 170, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1765065051, + "narHash": "sha256-b7W9WsvyMOkUScNxbzS45KEJp0iiqRPyJ1I3JBE+oEE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "7e22bf538aa3e0937effcb1cee73d5f1bcc26f79", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1764294946, - "narHash": "sha256-8BObMeUmCAZW1BTMUQGRGiz9tpNkVt/6/+blpS9Xxgk=", + "lastModified": 1765245651, + "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "134c052c3213dc69ed881e41383b8ed29c5ffe72", + "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764328224, - "narHash": "sha256-hFyF1XQd+XrRx7WZCrGJp544dykexD8Q5SrJJZpEQYg=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d62603a997438e19182af69d3ce7be07565ecad4", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -352,11 +352,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1764349553, - "narHash": "sha256-ZOWEZK/pZLri/jEK1J8TEbjtwpIjXwCTH9F4gbor9qQ=", + "lastModified": 1765312847, + "narHash": "sha256-8yHfYUiFYQQrtmHl/5jBcrDLgOM8s5vPkAAVu2fiAk0=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "01aac406df2c6d0a10faa19083d608bdf90cf3a9", + "rev": "2957cdaa49117a613c46739e3c65bf28f0662b20", "type": "github" }, "original": { @@ -429,11 +429,11 @@ ] }, "locked": { - "lastModified": 1764021963, - "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index dbe6e2b..608c75d 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -4,10 +4,6 @@ config, ... }: { - options.programs.calibre = { - enable = lib.mkEnableOption "enable calibre"; - }; - config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ { home.packages = with pkgs; [ From fa0f7b0765d471f3b821c975629b972fe2f36403 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Dec 2025 13:38:46 -0600 Subject: [PATCH 340/374] feat: removed ivy user --- configurations/home-manager/default.nix | 1 - configurations/home-manager/ivy/default.nix | 55 -------------- configurations/home-manager/ivy/packages.nix | 73 ------------------- .../nixos/horizon/configuration.nix | 1 - flake.lock | 8 +- modules/nixos-modules/users.nix | 34 +-------- modules/system-modules/users.nix | 5 -- nix-config-secrets | 2 +- 8 files changed, 9 insertions(+), 170 deletions(-) delete mode 100644 configurations/home-manager/ivy/default.nix delete mode 100644 configurations/home-manager/ivy/packages.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 3f88481..a7fa478 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -8,6 +8,5 @@ in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); - ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix deleted file mode 100644 index 48a3cae..0000000 --- a/configurations/home-manager/ivy/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{osConfig, ...}: let - userConfig = osConfig.host.users.ivy; -in { - imports = [ - ./packages.nix - ]; - - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ivy.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - }; -} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix deleted file mode 100644 index 3c2a3d9..0000000 --- a/configurations/home-manager/ivy/packages.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - config = { - nixpkgs.config = { - allowUnfree = true; - }; - - # Programs that need to be installed with some extra configuration - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - # git = { - # enable = true; - # userName = "Ivy"; - # userEmail = "ivy@example.com"; # Update this with actual email - # extraConfig.init.defaultBranch = "main"; - # }; - - openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }) - (lib.mkIf config.user.isDesktopUser { - vscode = { - enable = true; - package = pkgs.vscodium; - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - extraExtensions = { - # Cline extension (Claude AI assistant) - claudeDev.enable = true; - # Auto Rename Tag - autoRenameTag.enable = true; - # Live Server - liveServer.enable = true; - }; - - extensions = let - extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - in ( - with extension-pkgs.open-vsx; [ - streetsidesoftware.code-spell-checker - ] - ); - }; - }; - - firefox.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - claude-code.enable = true; - }) - ]; - }; -} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index dd5975c..aa15642 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -32,7 +32,6 @@ isPrincipleUser = true; }; eve.isDesktopUser = true; - ivy.isDesktopUser = true; }; hardware = { diff --git a/flake.lock b/flake.lock index 188cb09..fe3dc5f 100644 --- a/flake.lock +++ b/flake.lock @@ -409,11 +409,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1759945215, - "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", + "lastModified": 1765740994, + "narHash": "sha256-aBs7m69yuiixzGzhUlWAAN+zBziBNII+BFEC/5mPcSI=", "ref": "refs/heads/main", - "rev": "444229a105445339fb028d15a8d866063c5f8141", - "revCount": 21, + "rev": "6e90a73ed2e1e81ba37628fc5e5494a80d22b526", + "revCount": 22, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 127c180..bee8ca3 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -15,7 +15,8 @@ uids = { leyla = 1000; eve = 1002; - ivy = 1004; + # ester = 1003; + # ivy = 1004; jellyfin = 2000; forgejo = 2002; hass = 2004; @@ -36,7 +37,8 @@ gids = { leyla = 1000; eve = 1002; - ivy = 1004; + # ester = 1003 + # ivy = 1004; users = 100; jellyfin_media = 2001; jellyfin = 2000; @@ -59,7 +61,6 @@ users = config.users.users; leyla = users.leyla.name; eve = users.eve.name; - ivy = users.ivy.name; in { config = lib.mkMerge [ { @@ -97,10 +98,6 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; - "passwords/ivy" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; }; }; @@ -134,19 +131,6 @@ in { group = config.users.users.eve.name; }; - ivy = { - uid = lib.mkForce uids.ivy; - name = lib.mkForce host.users.ivy.name; - description = "Ivy"; - extraGroups = - lib.optionals host.users.ivy.isNormalUser ["networkmanager"] - ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); - hashedPasswordFile = config.sops.secrets."passwords/ivy".path; - isNormalUser = host.users.ivy.isNormalUser; - isSystemUser = !host.users.ivy.isNormalUser; - group = config.users.users.ivy.name; - }; - jellyfin = { uid = lib.mkForce uids.jellyfin; isSystemUser = true; @@ -254,19 +238,11 @@ in { ]; }; - ivy = { - gid = lib.mkForce gids.ivy; - members = [ - ivy - ]; - }; - users = { gid = lib.mkForce gids.users; members = [ leyla eve - ivy ]; }; @@ -280,7 +256,6 @@ in { users.lidarr.name leyla eve - ivy ]; }; @@ -314,7 +289,6 @@ in { users.syncthing.name leyla eve - ivy ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index dda9ed3..cd9c900 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -89,11 +89,6 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; - ivy = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; }; assertions = diff --git a/nix-config-secrets b/nix-config-secrets index 444229a..6e90a73 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 444229a105445339fb028d15a8d866063c5f8141 +Subproject commit 6e90a73ed2e1e81ba37628fc5e5494a80d22b526 From aab05a8135ea55b5bf6326c08e64b49dc1c0b04d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 20 Dec 2025 10:35:21 -0600 Subject: [PATCH 341/374] feat: created entries to install PWA's --- .../home-manager/leyla/packages/default.nix | 3 ++ .../home-manager-modules/programs/default.nix | 3 ++ .../programs/matrix-cyberia-pwa.nix | 33 +++++++++++++++++++ .../programs/proton-calendar-pwa.nix | 32 ++++++++++++++++++ .../programs/proton-mail-pwa.nix | 32 ++++++++++++++++++ 5 files changed, 103 insertions(+) create mode 100644 modules/home-manager-modules/programs/matrix-cyberia-pwa.nix create mode 100644 modules/home-manager-modules/programs/proton-calendar-pwa.nix create mode 100644 modules/home-manager-modules/programs/proton-mail-pwa.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 0917d04..a3669af 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -72,6 +72,9 @@ in { noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; + proton-mail-pwa.enable = true; + proton-calendar-pwa.enable = true; + matrix-cyberia-pwa.enable = true; }) ]; } diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 5b3a169..916eb31 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -46,5 +46,8 @@ ./gdx-liftoff.nix ./tor-browser.nix ./vmware-workstation.nix + ./proton-mail-pwa.nix + ./proton-calendar-pwa.nix + ./matrix-cyberia-pwa.nix ]; } diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix new file mode 100644 index 0000000..46cb402 --- /dev/null +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -0,0 +1,33 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.matrix-cyberia-pwa = { + enable = lib.mkEnableOption "enable Matrix Cyberia PWA"; + }; + + config = lib.mkIf config.programs.matrix-cyberia-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.matrix-cyberia-pwa = { + name = "Matrix (Cyberia)"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://chat.cyberia.club/"; + icon = "matrix"; + terminal = false; + categories = ["Network" "InstantMessaging"]; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix new file mode 100644 index 0000000..4a52dd8 --- /dev/null +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.proton-calendar-pwa = { + enable = lib.mkEnableOption "enable Proton Calendar PWA"; + }; + + config = lib.mkIf config.programs.proton-calendar-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.proton-calendar-pwa = { + name = "Proton Calendar"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://calendar.proton.me"; + icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; + terminal = false; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix new file mode 100644 index 0000000..7b302d5 --- /dev/null +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.proton-mail-pwa = { + enable = lib.mkEnableOption "enable Proton Mail PWA"; + }; + + config = lib.mkIf config.programs.proton-mail-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.proton-mail-pwa = { + name = "Proton Mail"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://mail.proton.me"; + icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; + terminal = false; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} From b75aaca605b32a6e8bf4ba36d48a3743f2890e2f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Dec 2025 01:42:59 -0600 Subject: [PATCH 342/374] feat: added more options to pwa packages --- .../programs/matrix-cyberia-pwa.nix | 28 ++++++++++++++++--- .../programs/proton-calendar-pwa.nix | 28 ++++++++++++++++--- .../programs/proton-mail-pwa.nix | 28 ++++++++++++++++--- 3 files changed, 72 insertions(+), 12 deletions(-) diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix index 46cb402..666836b 100644 --- a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -3,24 +3,44 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.matrix-cyberia-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.matrix-cyberia-pwa = { enable = lib.mkEnableOption "enable Matrix Cyberia PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.matrix-cyberia-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.matrix-cyberia-pwa = { name = "Matrix (Cyberia)"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://chat.cyberia.club/"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; icon = "matrix"; terminal = false; categories = ["Network" "InstantMessaging"]; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "matrix-cyberia-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix index 4a52dd8..d927452 100644 --- a/modules/home-manager-modules/programs/proton-calendar-pwa.nix +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -3,23 +3,43 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.proton-calendar-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.proton-calendar-pwa = { enable = lib.mkEnableOption "enable Proton Calendar PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.proton-calendar-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.proton-calendar-pwa = { name = "Proton Calendar"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://calendar.proton.me"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; terminal = false; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "proton-calendar-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix index 7b302d5..bbbf3b2 100644 --- a/modules/home-manager-modules/programs/proton-mail-pwa.nix +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -3,23 +3,43 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.proton-mail-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.proton-mail-pwa = { enable = lib.mkEnableOption "enable Proton Mail PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.proton-mail-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.proton-mail-pwa = { name = "Proton Mail"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://mail.proton.me"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; terminal = false; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "proton-mail-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" From cb19c771f50199b47e5bd6171773a57dca3dfa34 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Dec 2025 13:19:49 -0600 Subject: [PATCH 343/374] fix: fixed generation when we manually set the package --- .../programs/matrix-cyberia-pwa.nix | 23 +++++++++++-------- .../programs/proton-calendar-pwa.nix | 21 +++++++++-------- .../programs/proton-mail-pwa.nix | 21 +++++++++-------- 3 files changed, 37 insertions(+), 28 deletions(-) diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix index 666836b..644df92 100644 --- a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -26,19 +26,22 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.matrix-cyberia-pwa = { - name = "Matrix (Cyberia)"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; - icon = "matrix"; - terminal = false; - categories = ["Network" "InstantMessaging"]; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "matrix-cyberia-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "matrix-cyberia-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.matrix-cyberia-pwa = { + name = "Matrix (Cyberia)"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; + icon = "matrix"; + terminal = false; + categories = ["Network" "InstantMessaging"]; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix index d927452..33796e2 100644 --- a/modules/home-manager-modules/programs/proton-calendar-pwa.nix +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -26,18 +26,21 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.proton-calendar-pwa = { - name = "Proton Calendar"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; - icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; - terminal = false; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "proton-calendar-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "proton-calendar-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.proton-calendar-pwa = { + name = "Proton Calendar"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; + icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; + terminal = false; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix index bbbf3b2..3a3fe89 100644 --- a/modules/home-manager-modules/programs/proton-mail-pwa.nix +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -26,18 +26,21 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.proton-mail-pwa = { - name = "Proton Mail"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; - icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; - terminal = false; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "proton-mail-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "proton-mail-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.proton-mail-pwa = { + name = "Proton Mail"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; + icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; + terminal = false; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { From 8df63b30945484541fc91b9ba08473ea4c853477 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 8 Jan 2026 20:09:40 -0600 Subject: [PATCH 344/374] feat: updated flake.lock --- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/horizon/configuration.nix | 5 +- flake.lock | 196 +++++++++--------- .../home-manager-modules/programs/idea.nix | 8 +- 4 files changed, 105 insertions(+), 106 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index a3669af..ae9b1a9 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -52,7 +52,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = true; + jetbrains.idea-oss.enable = true; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index aa15642..b81a895 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -89,13 +89,10 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl + android-tools ]; services.cachefilesd.enable = true; - programs = { - adb.enable = true; - }; - networking = { networkmanager.enable = true; hostName = "horizon"; # Define your hostname. diff --git a/flake.lock b/flake.lock index fe3dc5f..0e0008a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,5 @@ { "nodes": { - "devshell": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -25,11 +7,11 @@ ] }, "locked": { - "lastModified": 1765326679, - "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -46,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1765253041, - "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", + "lastModified": 1767911574, + "narHash": "sha256-JsYIPaTgbJHEb1rgzwS9H+c0hCy/Sr1WaxNgtvu6xro=", "owner": "rycee", "repo": "nur-expressions", - "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", + "rev": "0d02843bec4ca8a16f7f08c25fe4e40cd829de0f", "type": "gitlab" }, "original": { @@ -62,11 +44,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -75,6 +57,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -93,24 +93,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -133,11 +115,32 @@ ] }, "locked": { - "lastModified": 1765217760, - "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", + "lastModified": 1767909183, + "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", + "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -185,11 +188,11 @@ ] }, "locked": { - "lastModified": 1764519849, - "narHash": "sha256-XnNABKfIYKSimQVvKc9FnlC2H0LurOhd9MS6l0Z67lE=", + "lastModified": 1767364176, + "narHash": "sha256-l6YdEBYQxXjD8ujqvc0tKdwWc3K8UQOi+E4Y3DKQ318=", "ref": "refs/heads/main", - "rev": "6c95c0b6f73f831226453fc6905c216ab634c30f", - "revCount": 170, + "rev": "1688100bba140492658d597f6b307c327f35c780", + "revCount": 179, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -200,18 +203,17 @@ }, "mcp-nixos": { "inputs": { - "devshell": "devshell", - "flake-utils": "flake-utils_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1760821194, - "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", + "lastModified": 1767822362, + "narHash": "sha256-rnpIDY/sy/uV+1dsW+MrFwAFE/RHg5K/6aa5k7Yt1Dc=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", + "rev": "9706014c1530ba12ff36ca8d9d1717b1e61d29db", "type": "github" }, "original": { @@ -227,11 +229,11 @@ ] }, "locked": { - "lastModified": 1765065051, - "narHash": "sha256-b7W9WsvyMOkUScNxbzS45KEJp0iiqRPyJ1I3JBE+oEE=", + "lastModified": 1767718503, + "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7e22bf538aa3e0937effcb1cee73d5f1bcc26f79", + "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", "type": "github" }, "original": { @@ -268,11 +270,11 @@ ] }, "locked": { - "lastModified": 1765245651, - "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", + "lastModified": 1767838417, + "narHash": "sha256-UJ6qBXzOh/FMYgP/OlM8QeKolpQYN0198onIu8oB6dM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", + "rev": "4e92639f25e4f530990a99a32da696ee9117eb1e", "type": "github" }, "original": { @@ -283,11 +285,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764440730, - "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", + "lastModified": 1767185284, + "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", + "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", "type": "github" }, "original": { @@ -299,27 +301,42 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722073938, - "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", - "owner": "NixOS", + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { @@ -349,14 +366,14 @@ "inputs": { "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1765312847, - "narHash": "sha256-8yHfYUiFYQQrtmHl/5jBcrDLgOM8s5vPkAAVu2fiAk0=", + "lastModified": 1765628894, + "narHash": "sha256-7q1foPZ6ZlspMNa48oRT7iMl89cvMMaWtdrJweE6B8I=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "2957cdaa49117a613c46739e3c65bf28f0662b20", + "rev": "266c6871b2878cf3b6f180c6d299da88f12c9f8e", "type": "github" }, "original": { @@ -429,11 +446,11 @@ ] }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1767826491, + "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", "type": "github" }, "original": { @@ -458,21 +475,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { "flake": false, "locked": { "lastModified": 1681028828, diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index e59e7b2..b193416 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -4,14 +4,14 @@ config, ... }: { - options.programs.jetbrains.idea-community = { - enable = lib.mkEnableOption "enable idea-community"; + options.programs.jetbrains.idea-oss = { + enable = lib.mkEnableOption "enable idea-oss"; }; - config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ + config = lib.mkIf config.programs.jetbrains.idea-oss.enable (lib.mkMerge [ { home.packages = with pkgs; [ - jetbrains.idea-community + jetbrains.idea-oss ]; } ( From 2868448c2ddc29771dfb10a2e06f1a0cb2699ab6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 8 Jan 2026 20:27:06 -0600 Subject: [PATCH 345/374] fix: disabled build tests for jackett due to failing year rollover tests upstream --- modules/nixos-modules/server/jackett/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index 86dbb4b..e70a929 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -2,4 +2,16 @@ imports = [ ./impermanence.nix ]; + + config = { + nixpkgs.overlays = [ + # Disable jackett tests due to date-related test failures + # (ParseDateTimeGoLangTest expects 2024-09-14 but gets 2025-09-14 due to year rollover logic) + (final: prev: { + jackett = prev.jackett.overrideAttrs (oldAttrs: { + doCheck = false; + }); + }) + ]; + }; } From 3081267b4e3470e0c4b5ad7a0712484e88d716b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:14:06 -0600 Subject: [PATCH 346/374] feat: installed kicad --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/kicad.nix | 23 +++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 modules/home-manager-modules/programs/kicad.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index ae9b1a9..33dd033 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -75,6 +75,7 @@ in { proton-mail-pwa.enable = true; proton-calendar-pwa.enable = true; matrix-cyberia-pwa.enable = true; + kicad.enable = true; }) ]; } diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 916eb31..8a8e8b5 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -14,6 +14,7 @@ ./prostudiomasters.nix ./idea.nix ./kdenlive.nix + ./kicad.nix ./krita.nix ./protonvpn.nix ./calibre.nix diff --git a/modules/home-manager-modules/programs/kicad.nix b/modules/home-manager-modules/programs/kicad.nix new file mode 100644 index 0000000..c2414c1 --- /dev/null +++ b/modules/home-manager-modules/programs/kicad.nix @@ -0,0 +1,23 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.kicad = { + enable = lib.mkEnableOption "enable kicad"; + }; + + config = lib.mkIf config.programs.kicad.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + kicad + ]; + } + ( + lib.mkIf config.impermanence.enable { + # TODO: + } + ) + ]); +} From 629950bc6f0e0460fcf79fd275ca03a4464b267e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:19:36 -0600 Subject: [PATCH 347/374] feat: installed pioarduino for vscode --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/platformIO.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/platformIO.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 36168b2..9d82ef2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,6 +72,9 @@ in { # rust development rustAnalyzer.enable = true; + # arduino development + platformIO.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index f9d83dc..b735e72 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./platformIO.nix ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix diff --git a/modules/home-manager-modules/programs/vscode/platformIO.nix b/modules/home-manager-modules/programs/vscode/platformIO.nix new file mode 100644 index 0000000..ec57ef2 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/platformIO.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.platformIO = { + enable = lib.mkEnableOption "should the platformIO extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "platformIO" { + default = ["pioarduino" "pioarduino-ide"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.platformIO.enable { + extensions = [ + config.extraExtensions.platformIO.extension + ]; + }; + })); + }; +} From 769359d6e9210446335a2935a6a2e440d1bb4fad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:42:34 -0600 Subject: [PATCH 348/374] fix: made platformio not used built in things --- modules/home-manager-modules/programs/vscode/platformIO.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/platformIO.nix b/modules/home-manager-modules/programs/vscode/platformIO.nix index ec57ef2..ace83b7 100644 --- a/modules/home-manager-modules/programs/vscode/platformIO.nix +++ b/modules/home-manager-modules/programs/vscode/platformIO.nix @@ -21,6 +21,9 @@ in { extensions = [ config.extraExtensions.platformIO.extension ]; + userSettings = { + "platformio-ide.useBuiltinPIOCore" = false; + }; }; })); }; From 2a3c5b76eeb8b57c5cf3f473b68f0d30d7fc8fe4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 19:53:27 -0600 Subject: [PATCH 349/374] feat: updated flake.lock --- flake.lock | 77 +++++++++++++++++------------------------------- flake.nix | 2 +- util/default.nix | 2 +- 3 files changed, 29 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index 0e0008a..6116658 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1767911574, - "narHash": "sha256-JsYIPaTgbJHEb1rgzwS9H+c0hCy/Sr1WaxNgtvu6xro=", + "lastModified": 1768500104, + "narHash": "sha256-Xa8XJaydHKAhDCLyjdKcDKjFrGgdahNcVo1boGUdZKY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "0d02843bec4ca8a16f7f08c25fe4e40cd829de0f", + "rev": "7e517454cd248c76046c3157b56662d223de29b1", "type": "gitlab" }, "original": { @@ -115,32 +115,11 @@ ] }, "locked": { - "lastModified": 1767909183, - "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", + "lastModified": 1768512489, + "narHash": "sha256-jZi945d3e6DYhrw3K5Pew+QaL3qSgq3O6xiVaEVLgXs=", "owner": "nix-community", "repo": "home-manager", - "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "bba859cd85b90dd9e4e6fd44b2af4aa64ae801a1", "type": "github" }, "original": { @@ -204,9 +183,7 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1767822362, @@ -229,11 +206,11 @@ ] }, "locked": { - "lastModified": 1767718503, - "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", + "lastModified": 1768220509, + "narHash": "sha256-8wMrJP/Xk5Dkm0TxzaERLt3eGFEhHTWaJKUpK3AoL4o=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", + "rev": "7b1d394e7d9112d4060e12ef3271b38a7c43e83b", "type": "github" }, "original": { @@ -270,11 +247,11 @@ ] }, "locked": { - "lastModified": 1767838417, - "narHash": "sha256-UJ6qBXzOh/FMYgP/OlM8QeKolpQYN0198onIu8oB6dM=", + "lastModified": 1768443224, + "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4e92639f25e4f530990a99a32da696ee9117eb1e", + "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", "type": "github" }, "original": { @@ -285,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1767185284, - "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "lastModified": 1768499669, + "narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46", "type": "github" }, "original": { @@ -301,15 +278,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", - "owner": "nixos", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -332,11 +309,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768305791, + "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", "type": "github" }, "original": { @@ -446,11 +423,11 @@ ] }, "locked": { - "lastModified": 1767826491, - "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", + "lastModified": 1768481291, + "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", + "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e935688..ae110da 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,7 @@ # MCP NixOS server for Claude Dev mcp-nixos = { url = "github:utensils/mcp-nixos"; - inputs.nixpkgs.follows = "nixpkgs"; + # Not following nixpkgs because aws-sam-translator doesn't support Python 3.14 yet }; # Noita Entangled Worlds package diff --git a/util/default.nix b/util/default.nix index 66e300b..246543d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" From e6e53141ce83ef5be528a6eec797ee89334dc338 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 20:09:21 -0600 Subject: [PATCH 350/374] feat: switched back to main for impermanence --- flake.lock | 11 +++++------ flake.nix | 2 +- util/default.nix | 1 - 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fc9272e..0c32755 100644 --- a/flake.lock +++ b/flake.lock @@ -138,16 +138,15 @@ ] }, "locked": { - "lastModified": 1762761176, - "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=", - "owner": "jan-leila", + "lastModified": 1767822991, + "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "owner": "nix-community", "repo": "impermanence", - "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a", + "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", "type": "github" }, "original": { - "owner": "jan-leila", - "ref": "home-manager-v2", + "owner": "nix-community", "repo": "impermanence", "type": "github" } diff --git a/flake.nix b/flake.nix index 5fe65db..df5f6e9 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # delete your darlings impermanence = { - url = "github:jan-leila/impermanence/home-manager-v2"; + url = "github:nix-community/impermanence"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; diff --git a/util/default.nix b/util/default.nix index 246543d..d72d00d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -29,7 +29,6 @@ common-modules ++ [ sops-nix.homeManagerModules.sops - impermanence.homeManagerModules.impermanence ../modules/home-manager-modules ]; From 3370cd7ab305db5f87be1a19b4e12230e39bab81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 21:50:36 -0600 Subject: [PATCH 351/374] feat: bound impermanence filesystem datasets filesystem --- modules/nixos-modules/storage/impermanence.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 9af5681..cb20295 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -84,6 +84,8 @@ in { lib.mapAttrs' ( datasetName: dataset: lib.nameValuePair "/${datasetName}" { + device = "rpool/${datasetName}"; + fsType = "zfs"; neededForBoot = true; } ) From 66ed7e75ba73fbf8f0a6383bd470f1f55f7ee2d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Feb 2026 17:40:31 -0600 Subject: [PATCH 352/374] fix: disabled IdentityFile config for ssh --- modules/home-manager-modules/openssh.nix | 6 +++--- nix-config-secrets | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index afc98dd..5f07491 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -52,9 +52,9 @@ addKeysToAgent = "confirm"; }; }; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); }; systemd.user.services = builtins.listToAttrs ( diff --git a/nix-config-secrets b/nix-config-secrets index 6e90a73..22be815 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 6e90a73ed2e1e81ba37628fc5e5494a80d22b526 +Subproject commit 22be81505a49cd205e9b5c91f51af69c0b885ed3 From d7301886c6e42bda4fbb25cd1342d8cde1e8d4a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 12:12:51 -0600 Subject: [PATCH 353/374] chore: added tasks to README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d29ba58..3ffeac8 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins - [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices +- [ ] Home manager impermanence is preventing updates to the latest version of the module ## Broken things - [ ] figure out steam vr things? @@ -102,7 +103,9 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file - [ ] storj server +- [ ] XMR miner used to heat home based on smart thermostat - [ ] Create Tor guard/relay server +- [ ] Create i2P node - [ ] screeps server - [ ] mastodon instance From f86cba6d021c49f8b249884a9879eed4007528b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 12:14:49 -0600 Subject: [PATCH 354/374] chore: added tasks to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3ffeac8..15ea0a3 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Broken things - [ ] figure out steam vr things? - [ ] whisper was having issues +- [ ] auto loading of ssh agent keys that we auto generate per system ## Data Integrity - [ ] zfs email after scrubbing # TODO: test this From 468f1cb40f74ef062387593102d94ca3126f9c7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 14:17:08 -0600 Subject: [PATCH 355/374] feat: added bookmark for Cyberia git --- .../home-manager/leyla/packages/firefox/bookmarks.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix index 4210d1e..bd172e7 100644 --- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -141,6 +141,12 @@ keyword = ""; tags = [""]; } + { + name = "Cyberia Git"; + url = "https://git.cyberia.club"; + keyword = ""; + tags = [""]; + } # Template # { # name = ""; From b9a746a98980998429eca5ac92af0e45e870944e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 14:31:51 -0600 Subject: [PATCH 356/374] feat: added Cyberia to leyla words --- configurations/home-manager/leyla/packages/vscode/user-words.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index bb99bbc..112269e 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -6,6 +6,7 @@ config.programs.vscode.profiles.default.userSettings = { "cSpell.userWords" = [ "leyla" + "Cyberia" ]; "cSpell.languageSettings" = [ From 18c738cc2f0d59c104ca4b73a8df4db5d56df65e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 12:37:42 -0600 Subject: [PATCH 357/374] feat: disabled impermanence for all the needed services --- .../nixos/defiant/configuration.nix | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9aa2e34..52eb452 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -226,6 +226,7 @@ postgresql = { enable = true; adminUsers = ["leyla"]; + impermanence.enable = false; }; # temp enable desktop environment for setup @@ -244,6 +245,7 @@ reverseProxy = { enable = true; openFirewall = true; + impermanence.enable = false; acme = { enable = true; email = "jan-leila@protonmail.com"; @@ -253,6 +255,7 @@ ollama = { enable = true; exposePort = true; + impermanence.enable = false; environmentVariables = { OLLAMA_KEEP_ALIVE = "24h"; @@ -287,6 +290,7 @@ enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; + impermanence.enable = false; extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" @@ -299,24 +303,33 @@ ]; }; - syncthing.enable = true; + syncthing = { + enable = true; + impermanence.enable = false; + }; - fail2ban.enable = true; + fail2ban = { + enable = true; + impermanence.enable = false; + }; jellyfin = { enable = true; domain = "media.jan-leila.com"; extraDomains = ["jellyfin.jan-leila.com"]; + impermanence.enable = false; }; immich = { enable = true; domain = "photos.jan-leila.com"; + impermanence.enable = false; }; forgejo = { enable = true; reverseProxy.domain = "git.jan-leila.com"; + impermanence.enable = false; }; searx = { @@ -327,6 +340,7 @@ actual = { enable = true; domain = "budget.jan-leila.com"; + impermanence.enable = false; }; home-assistant = { @@ -334,6 +348,7 @@ domain = "home.jan-leila.com"; openFirewall = true; postgres.enable = true; + impermanence.enable = false; extensions = { sonos.enable = true; @@ -346,11 +361,13 @@ enable = true; domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; + impermanence.enable = false; }; panoramax = { enable = false; openFirewall = true; + impermanence.enable = false; }; crab-hole = { @@ -358,6 +375,7 @@ port = 8085; openFirewall = true; show_doc = true; + impermanence.enable = false; downstreams = { host = { enable = true; @@ -373,31 +391,38 @@ mediaDir = "/srv/qbittorent"; openFirewall = true; webuiPort = 8084; + impermanence.enable = false; }; sonarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; radarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; bazarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; lidarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; jackett = { enable = true; openFirewall = true; + impermanence.enable = false; }; flaresolverr = { enable = true; openFirewall = true; + impermanence.enable = false; }; }; From 3302af38b38ab61ea9de9f065ac213da3d8d2e58 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 12:50:58 -0600 Subject: [PATCH 358/374] feat: moved legacy datasets from main into defiant configuration --- configurations/nixos/defiant/default.nix | 1 + .../nixos/defiant/legacy-impermanence.nix | 214 ++++++++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 configurations/nixos/defiant/legacy-impermanence.nix diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 3013946..d53f9cc 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,5 +4,6 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./legacy-impermanence.nix ]; } diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix new file mode 100644 index 0000000..5d6081c --- /dev/null +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -0,0 +1,214 @@ +# Legacy impermanence module for defiant +# This module contains all the impermanence configurations that were previously +# handled by individual service modules on the main branch. It allows us to +# merge the storage-refactor branch into main while keeping current functionality, +# and then migrate services one at a time to the new automated impermanence system. +# +# To migrate a service to the new system: +# 1. Remove the service's configuration from this file +# 2. Set `impermanence.enable = true` for that service in configuration.nix +# 3. Remove `impermanence.enable = false` from the service configuration +{ + config, + lib, + ... +}: { + config = lib.mkIf config.storage.impermanence.enable { + environment.persistence."/persist/replicate/system/root" = { + enable = true; + hideMounts = true; + directories = lib.mkMerge [ + # PostgreSQL + (lib.mkIf config.services.postgresql.enable [ + { + directory = "/var/lib/postgresql/16"; + user = "postgres"; + group = "postgres"; + } + ]) + + # Reverse Proxy (ACME) + (lib.mkIf config.services.reverseProxy.enable [ + { + directory = "/var/lib/acme"; + user = "acme"; + group = "acme"; + } + ]) + + # Ollama + (lib.mkIf config.services.ollama.enable [ + { + directory = "/var/lib/private/ollama"; + user = config.services.ollama.user; + group = config.services.ollama.group; + mode = "0700"; + } + ]) + + # Tailscale + (lib.mkIf config.services.tailscale.enable [ + { + directory = "/var/lib/tailscale"; + user = "root"; + group = "root"; + } + ]) + + # Syncthing + (lib.mkIf config.services.syncthing.enable [ + { + directory = "/mnt/sync"; + user = "syncthing"; + group = "syncthing"; + } + { + directory = "/etc/syncthing"; + user = "syncthing"; + group = "syncthing"; + } + ]) + + # Fail2ban + (lib.mkIf config.services.fail2ban.enable [ + { + directory = "/var/lib/fail2ban"; + user = "fail2ban"; + group = "fail2ban"; + } + ]) + + # Jellyfin + (lib.mkIf config.services.jellyfin.enable [ + { + directory = "/var/lib/jellyfin"; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = "/var/cache/jellyfin"; + user = "jellyfin"; + group = "jellyfin"; + } + ]) + + # Immich + (lib.mkIf config.services.immich.enable [ + { + directory = "/var/lib/immich"; + user = "immich"; + group = "immich"; + } + ]) + + # Forgejo + (lib.mkIf config.services.forgejo.enable [ + { + directory = "/var/lib/forgejo"; + user = "forgejo"; + group = "forgejo"; + } + ]) + + # Actual + (lib.mkIf config.services.actual.enable [ + { + directory = "/var/lib/private/actual"; + user = "actual"; + group = "actual"; + } + ]) + + # Home Assistant + (lib.mkIf config.services.home-assistant.enable [ + { + directory = "/var/lib/hass"; + user = "hass"; + group = "hass"; + } + ]) + + # Paperless + (lib.mkIf config.services.paperless.enable [ + { + directory = "/var/lib/paperless"; + user = "paperless"; + group = "paperless"; + } + ]) + + # Crab-hole + (lib.mkIf config.services.crab-hole.enable [ + { + directory = "/var/lib/private/crab-hole"; + user = "crab-hole"; + group = "crab-hole"; + } + ]) + + # qBittorrent + (lib.mkIf config.services.qbittorrent.enable [ + { + directory = "/var/lib/qBittorrent/"; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]) + + # Sonarr + (lib.mkIf config.services.sonarr.enable [ + { + directory = "/var/lib/sonarr/.config/NzbDrone"; + user = "sonarr"; + group = "sonarr"; + } + ]) + + # Radarr + (lib.mkIf config.services.radarr.enable [ + { + directory = "/var/lib/radarr/.config/Radarr"; + user = "radarr"; + group = "radarr"; + } + ]) + + # Bazarr + (lib.mkIf config.services.bazarr.enable [ + { + directory = "/var/lib/bazarr"; + user = "bazarr"; + group = "bazarr"; + } + ]) + + # Lidarr + (lib.mkIf config.services.lidarr.enable [ + { + directory = "/var/lib/lidarr/.config/Lidarr"; + user = "lidarr"; + group = "lidarr"; + } + ]) + + # Jackett + (lib.mkIf config.services.jackett.enable [ + { + directory = "/var/lib/jackett/.config/Jackett"; + user = "jackett"; + group = "jackett"; + } + ]) + + # FlareSolverr + (lib.mkIf config.services.flaresolverr.enable [ + { + directory = "/var/lib/flaresolverr"; + user = "flaresolverr"; + group = "flaresolverr"; + } + ]) + ]; + }; + }; +} From 6ce567a53b7df1cdfb1a54907b1addd297efda47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 13:03:05 -0600 Subject: [PATCH 359/374] fix: added missing impermanence configs --- configurations/nixos/defiant/legacy-impermanence.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index 5d6081c..27d0813 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -90,6 +90,12 @@ user = "jellyfin"; group = "jellyfin"; } + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } ]) # Immich @@ -153,6 +159,12 @@ user = "qbittorrent"; group = "qbittorrent"; } + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } ]) # Sonarr From 65e0c6e0e5e8c22de2e2eeadb4c92a9fc7361ac7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 18:01:31 -0600 Subject: [PATCH 360/374] fix: added missing datasets to config --- .../nixos/defiant/configuration.nix | 1 + configurations/nixos/defiant/default.nix | 1 + .../nixos/defiant/legacy-impermanence.nix | 65 ++++++++--- .../nixos/defiant/legacy-storage.nix | 103 ++++++++++++++++++ flake.lock | 14 +-- .../nixos-modules/storage/impermanence.nix | 7 +- modules/nixos-modules/storage/storage.nix | 36 +++--- 7 files changed, 185 insertions(+), 42 deletions(-) create mode 100644 configurations/nixos/defiant/legacy-storage.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 52eb452..390ae71 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,6 +67,7 @@ }; storage = { + generateBase = false; zfs = { enable = true; notifications = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index d53f9cc..dd2383f 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,6 +4,7 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./legacy-storage.nix ./legacy-impermanence.nix ]; } diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index 27d0813..b272fb8 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -14,7 +14,17 @@ ... }: { config = lib.mkIf config.storage.impermanence.enable { - environment.persistence."/persist/replicate/system/root" = { + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = lib.mkMerge [ @@ -78,7 +88,7 @@ } ]) - # Jellyfin + # Jellyfin (data/cache only - media is on separate dataset) (lib.mkIf config.services.jellyfin.enable [ { directory = "/var/lib/jellyfin"; @@ -90,12 +100,6 @@ user = "jellyfin"; group = "jellyfin"; } - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } ]) # Immich @@ -152,19 +156,13 @@ } ]) - # qBittorrent + # qBittorrent (config only - media is on separate dataset) (lib.mkIf config.services.qbittorrent.enable [ { directory = "/var/lib/qBittorrent/"; user = "qbittorrent"; group = "qbittorrent"; } - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } ]) # Sonarr @@ -222,5 +220,42 @@ ]) ]; }; + + # Jellyfin media on separate dataset (matching main) + environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + + # qBittorrent media on separate dataset (matching main) + environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + + # /var/log persistence (matching main) + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; }; } diff --git a/configurations/nixos/defiant/legacy-storage.nix b/configurations/nixos/defiant/legacy-storage.nix new file mode 100644 index 0000000..b998e2c --- /dev/null +++ b/configurations/nixos/defiant/legacy-storage.nix @@ -0,0 +1,103 @@ +# Legacy storage configuration for defiant +# This file manually defines ZFS datasets matching the main branch structure +# to allow incremental migration to the new storage module. +# +# Datasets from main branch: +# - local/ - ephemeral parent +# - local/home/leyla - ephemeral user home +# - local/system/nix - nix store +# - local/system/root - root filesystem (rolled back on boot) +# - local/system/sops - sops age key +# - persist/ - persistent parent +# - persist/home/leyla - persistent user home +# - persist/system/jellyfin - jellyfin media +# - persist/system/qbittorrent - qbittorrent media +# - persist/system/root - persistent root data +# - persist/system/var/log - log persistence +{lib, ...}: { + # Manually define ZFS datasets matching main's structure + storage.zfs.datasets = { + # Ephemeral datasets (local/) + "local" = { + type = "zfs_fs"; + mount = null; + }; + "local/home/leyla" = { + type = "zfs_fs"; + mount = "/home/leyla"; + snapshot = { + blankSnapshot = true; + }; + }; + "local/system/nix" = { + type = "zfs_fs"; + mount = "/nix"; + atime = "off"; + relatime = "off"; + snapshot = { + autoSnapshot = false; + }; + }; + "local/system/root" = { + type = "zfs_fs"; + mount = "/"; + snapshot = { + blankSnapshot = true; + }; + }; + "local/system/sops" = { + type = "zfs_fs"; + mount = "/persist/sops"; + }; + + # Persistent datasets (persist/) + "persist" = { + type = "zfs_fs"; + mount = null; + }; + "persist/home/leyla" = { + type = "zfs_fs"; + mount = "/persist/home/leyla"; + snapshot = { + autoSnapshot = true; + }; + }; + "persist/system/jellyfin" = { + type = "zfs_fs"; + mount = "/persist/system/jellyfin"; + atime = "off"; + relatime = "off"; + }; + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mount = "/persist/system/qbittorrent"; + atime = "off"; + relatime = "off"; + }; + "persist/system/root" = { + type = "zfs_fs"; + mount = "/persist/system/root"; + snapshot = { + autoSnapshot = true; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mount = "/persist/system/var/log"; + }; + }; + + # Boot commands to rollback ephemeral root on boot + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + ''; + + # FileSystems needed for boot + fileSystems = { + "/".neededForBoot = true; + "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; + "/persist/system/jellyfin".neededForBoot = true; + "/persist/system/qbittorrent".neededForBoot = true; + }; +} diff --git a/flake.lock b/flake.lock index 0c32755..6116658 100644 --- a/flake.lock +++ b/flake.lock @@ -129,20 +129,12 @@ } }, "impermanence": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index cb20295..637e882 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -66,10 +66,11 @@ in { } ]; - # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 - system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; system.activationScripts = { - "var-lib-private-permissions" = { + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + "createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + + "var-lib-private-permissions" = lib.mkIf config.storage.generateBase { deps = ["specialfs"]; text = '' mkdir -p /persist/replicate/system/root/var/lib/private diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 5f9f6f1..a0b4fc9 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -22,23 +22,33 @@ args @ { # Find options that are only in impermanence datasets (not in regular ZFS datasets) impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; in { - options.storage.datasets = { - ephemeral = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); - default = {}; + options.storage = { + generateBase = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + When enabled, enables automatic generation of base datasets (ephemeral, local, replicate roots). + This allows manual definition of datasets matching an existing system layout for migration purposes. + ''; }; - local = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); - default = {}; - }; - replicate = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); - default = {}; + datasets = { + ephemeral = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + default = {}; + }; + local = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + replicate = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; }; }; config = lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable { + (lib.mkIf (config.storage.zfs.enable && config.storage.generateBase) { # Create ZFS datasets based on storage.datasets configuration storage.datasets = { local = { @@ -55,7 +65,7 @@ in { }; }; }) - (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { + (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable && config.storage.generateBase) { storage.datasets = { ephemeral = { "" = { From 08e3ec3d7461bdd4a1d0a2907f76d837df88503a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Feb 2026 20:02:10 -0600 Subject: [PATCH 361/374] feat: updated flake lock --- flake.lock | 123 +++++++++++++------- modules/common-modules/pkgs/gdx-liftoff.nix | 16 ++- 2 files changed, 90 insertions(+), 49 deletions(-) diff --git a/flake.lock b/flake.lock index 6116658..21af562 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1771469470, + "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1768500104, - "narHash": "sha256-Xa8XJaydHKAhDCLyjdKcDKjFrGgdahNcVo1boGUdZKY=", + "lastModified": 1771616655, + "narHash": "sha256-APFEjtfQf18WsP7wJRuda2dmz9W7Ur/xGyTBlWuvlgk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7e517454cd248c76046c3157b56662d223de29b1", + "rev": "55dba96bd37209fc595049a435284acbb79a5df2", "type": "gitlab" }, "original": { @@ -115,11 +115,32 @@ ] }, "locked": { - "lastModified": 1768512489, - "narHash": "sha256-jZi945d3e6DYhrw3K5Pew+QaL3qSgq3O6xiVaEVLgXs=", + "lastModified": 1771625283, + "narHash": "sha256-1T88/PSNKpRNtaiXATTae0hpRnBpjmIL0b1QfGO6HBA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bba859cd85b90dd9e4e6fd44b2af4aa64ae801a1", + "rev": "a913ae61bf3b9f4312f6097b68cdf0a0fa699279", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -183,14 +204,14 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1767822362, - "narHash": "sha256-rnpIDY/sy/uV+1dsW+MrFwAFE/RHg5K/6aa5k7Yt1Dc=", + "lastModified": 1769804089, + "narHash": "sha256-Wkot1j0cTx64xxjmLXzPubTckaZBSUJFhESEdOzPYas=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "9706014c1530ba12ff36ca8d9d1717b1e61d29db", + "rev": "37a691ea4ea9c8bdcccfe174c6127847b8213fd3", "type": "github" }, "original": { @@ -206,11 +227,11 @@ ] }, "locked": { - "lastModified": 1768220509, - "narHash": "sha256-8wMrJP/Xk5Dkm0TxzaERLt3eGFEhHTWaJKUpK3AoL4o=", + "lastModified": 1771520882, + "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7b1d394e7d9112d4060e12ef3271b38a7c43e83b", + "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", "type": "github" }, "original": { @@ -247,11 +268,11 @@ ] }, "locked": { - "lastModified": 1768443224, - "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", + "lastModified": 1771555311, + "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", + "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", "type": "github" }, "original": { @@ -262,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1768499669, - "narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=", + "lastModified": 1771423359, + "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46", + "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", "type": "github" }, "original": { @@ -278,15 +299,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1767640445, - "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", - "owner": "NixOS", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -309,11 +330,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768305791, - "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -323,7 +360,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -341,16 +378,16 @@ }, "noita-entangled-worlds": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay", "systems": "systems_2" }, "locked": { - "lastModified": 1765628894, - "narHash": "sha256-7q1foPZ6ZlspMNa48oRT7iMl89cvMMaWtdrJweE6B8I=", + "lastModified": 1771445312, + "narHash": "sha256-8uOcu+ZurGx0LmGFCf87Zbj4ikhVPQtP+PuBscEBCv0=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "266c6871b2878cf3b6f180c6d299da88f12c9f8e", + "rev": "4a842f29d0e5fb8dc6df73d87f7bb8d2a16f0fc8", "type": "github" }, "original": { @@ -373,7 +410,7 @@ "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" @@ -403,11 +440,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1765740994, - "narHash": "sha256-aBs7m69yuiixzGzhUlWAAN+zBziBNII+BFEC/5mPcSI=", + "lastModified": 1768867162, + "narHash": "sha256-NiW2gUcdhnUbYQw476HzgBz+uVjyLnz151hzCQbWBX8=", "ref": "refs/heads/main", - "rev": "6e90a73ed2e1e81ba37628fc5e5494a80d22b526", - "revCount": 22, + "rev": "22be81505a49cd205e9b5c91f51af69c0b885ed3", + "revCount": 23, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -423,11 +460,11 @@ ] }, "locked": { - "lastModified": 1768481291, - "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", + "lastModified": 1771524872, + "narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", + "rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7", "type": "github" }, "original": { diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index d2e9424..da7d51f 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -4,8 +4,12 @@ makeWrapper, jdk, lib, - xorg, libGL, + libx11, + libxcursor, + libxext, + libxrandr, + libxxf86vm, ... }: stdenv.mkDerivation rec { @@ -24,11 +28,11 @@ stdenv.mkDerivation rec { runtimeDependencies = lib.makeLibraryPath [ # glfw libGL - xorg.libX11 - xorg.libXcursor - xorg.libXext - xorg.libXrandr - xorg.libXxf86vm + libx11 + libxcursor + libxext + libxrandr + libxxf86vm ]; installPhase = '' From 0e1c8d0d4f7b8a9287eff9f257a92e68130b4077 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Feb 2026 17:24:11 -0600 Subject: [PATCH 362/374] feat: installed cline package --- .../pkgs/cline/cline-package-lock.json | 4102 +++++++++++++++++ modules/common-modules/pkgs/cline/default.nix | 53 + modules/common-modules/pkgs/default.nix | 3 + .../programs/vscode/claudeDev.nix | 30 + 4 files changed, 4188 insertions(+) create mode 100644 modules/common-modules/pkgs/cline/cline-package-lock.json create mode 100644 modules/common-modules/pkgs/cline/default.nix diff --git a/modules/common-modules/pkgs/cline/cline-package-lock.json b/modules/common-modules/pkgs/cline/cline-package-lock.json new file mode 100644 index 0000000..b8d0d6e --- /dev/null +++ b/modules/common-modules/pkgs/cline/cline-package-lock.json @@ -0,0 +1,4102 @@ +{ + "name": "cline", + "version": "2.4.2", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "cline", + "version": "2.4.2", + "cpu": [ + "x64", + "arm64" + ], + "license": "Apache-2.0", + "os": [ + "darwin", + "linux", + "win32" + ], + "dependencies": { + "@agentclientprotocol/sdk": "^0.13.1", + "aws4fetch": "^1.0.20", + "chalk": "^5.3.0", + "commander": "^12.1.0", + "ink": "npm:@jrichman/ink@6.4.7", + "ink-picture": "^1.3.3", + "ink-spinner": "^5.0.0", + "nanoid": "^5.1.6", + "ora": "^8.0.1", + "pino": "^10.0.0", + "pino-roll": "^4.0.0", + "prompts": "^2.4.2", + "react": "^19.2.3" + }, + "bin": { + "cline": "dist/cli.mjs" + }, + "devDependencies": { + "@types/node": "20.x", + "@types/prompts": "^2.4.9", + "@types/react": "^19.2.9", + "dotenv": "^16.4.5", + "esbuild": "^0.25.0", + "ink-testing-library": "^4.0.0", + "rimraf": "^6.0.1", + "typescript": "^5.4.5", + "vitest": "^4.0.17" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@agentclientprotocol/sdk": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/@agentclientprotocol/sdk/-/sdk-0.13.1.tgz", + "integrity": "sha512-6byvu+F/xc96GBkdAx4hq6/tB3vT63DSBO4i3gYCz8nuyZMerVFna2Gkhm8EHNpZX0J9DjUxzZCW+rnHXUg0FA==", + "license": "Apache-2.0", + "peerDependencies": { + "zod": "^3.25.0 || ^4.0.0" + } + }, + "node_modules/@alcalzone/ansi-tokenize": { + "version": "0.2.5", + "resolved": "https://registry.npmjs.org/@alcalzone/ansi-tokenize/-/ansi-tokenize-0.2.5.tgz", + "integrity": "sha512-3NX/MpTdroi0aKz134A6RC2Gb2iXVECN4QaAXnvCIxxIm3C3AVB1mkUe8NaaiyvOpDfsrqWhYtj+Q6a62RrTsw==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "is-fullwidth-code-point": "^5.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@emnapi/runtime": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz", + "integrity": "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==", + "license": "MIT", + "optional": true, + "dependencies": { + "tslib": "^2.4.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.12.tgz", + "integrity": "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.12.tgz", + "integrity": "sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.12.tgz", + "integrity": "sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.12.tgz", + "integrity": "sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.12.tgz", + "integrity": "sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.12.tgz", + "integrity": "sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.12.tgz", + "integrity": "sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.12.tgz", + "integrity": "sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.12.tgz", + "integrity": "sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.12.tgz", + "integrity": "sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.12.tgz", + "integrity": "sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.12.tgz", + "integrity": "sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.12.tgz", + "integrity": "sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.12.tgz", + "integrity": "sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.12.tgz", + "integrity": "sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.12.tgz", + "integrity": "sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.12.tgz", + "integrity": "sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.12.tgz", + "integrity": "sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.12.tgz", + "integrity": "sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.12.tgz", + "integrity": "sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.12.tgz", + "integrity": "sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.12.tgz", + "integrity": "sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.12.tgz", + "integrity": "sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.12.tgz", + "integrity": "sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.12.tgz", + "integrity": "sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.12.tgz", + "integrity": "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@img/colour": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.0.0.tgz", + "integrity": "sha512-A5P/LfWGFSl6nsckYtjw9da+19jB8hkJ6ACTGcDfEJ0aE+l2n2El7dsVM7UVHZQ9s2lmYMWlrS21YLy2IR1LUw==", + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/@img/sharp-darwin-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz", + "integrity": "sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-darwin-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-darwin-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz", + "integrity": "sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-darwin-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-libvips-darwin-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz", + "integrity": "sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "darwin" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-darwin-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz", + "integrity": "sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "darwin" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-arm": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz", + "integrity": "sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==", + "cpu": [ + "arm" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz", + "integrity": "sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-ppc64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz", + "integrity": "sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==", + "cpu": [ + "ppc64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-riscv64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz", + "integrity": "sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==", + "cpu": [ + "riscv64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-s390x": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz", + "integrity": "sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==", + "cpu": [ + "s390x" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz", + "integrity": "sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linuxmusl-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz", + "integrity": "sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linuxmusl-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz", + "integrity": "sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-linux-arm": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz", + "integrity": "sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==", + "cpu": [ + "arm" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-arm": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz", + "integrity": "sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-ppc64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz", + "integrity": "sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==", + "cpu": [ + "ppc64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-ppc64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-riscv64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz", + "integrity": "sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==", + "cpu": [ + "riscv64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-riscv64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-s390x": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz", + "integrity": "sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==", + "cpu": [ + "s390x" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-s390x": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz", + "integrity": "sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-linuxmusl-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz", + "integrity": "sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linuxmusl-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-linuxmusl-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz", + "integrity": "sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linuxmusl-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-wasm32": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz", + "integrity": "sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==", + "cpu": [ + "wasm32" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT", + "optional": true, + "dependencies": { + "@emnapi/runtime": "^1.7.0" + }, + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz", + "integrity": "sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-ia32": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz", + "integrity": "sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==", + "cpu": [ + "ia32" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz", + "integrity": "sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dev": true, + "license": "MIT" + }, + "node_modules/@pinojs/redact": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz", + "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==", + "license": "MIT" + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.58.0.tgz", + "integrity": "sha512-mr0tmS/4FoVk1cnaeN244A/wjvGDNItZKR8hRhnmCzygyRXYtKF5jVDSIILR1U97CTzAYmbgIj/Dukg62ggG5w==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.58.0.tgz", + "integrity": "sha512-+s++dbp+/RTte62mQD9wLSbiMTV+xr/PeRJEc/sFZFSBRlHPNPVaf5FXlzAL77Mr8FtSfQqCN+I598M8U41ccQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.58.0.tgz", + "integrity": "sha512-MFWBwTcYs0jZbINQBXHfSrpSQJq3IUOakcKPzfeSznONop14Pxuqa0Kg19GD0rNBMPQI2tFtu3UzapZpH0Uc1Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.58.0.tgz", + "integrity": "sha512-yiKJY7pj9c9JwzuKYLFaDZw5gma3fI9bkPEIyofvVfsPqjCWPglSHdpdwXpKGvDeYDms3Qal8qGMEHZ1M/4Udg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.58.0.tgz", + "integrity": "sha512-x97kCoBh5MOevpn/CNK9W1x8BEzO238541BGWBc315uOlN0AD/ifZ1msg+ZQB05Ux+VF6EcYqpiagfLJ8U3LvQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.58.0.tgz", + "integrity": "sha512-Aa8jPoZ6IQAG2eIrcXPpjRcMjROMFxCt1UYPZZtCxRV68WkuSigYtQ/7Zwrcr2IvtNJo7T2JfDXyMLxq5L4Jlg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.58.0.tgz", + "integrity": "sha512-Ob8YgT5kD/lSIYW2Rcngs5kNB/44Q2RzBSPz9brf2WEtcGR7/f/E9HeHn1wYaAwKBni+bdXEwgHvUd0x12lQSA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.58.0.tgz", + "integrity": "sha512-K+RI5oP1ceqoadvNt1FecL17Qtw/n9BgRSzxif3rTL2QlIu88ccvY+Y9nnHe/cmT5zbH9+bpiJuG1mGHRVwF4Q==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.58.0.tgz", + "integrity": "sha512-T+17JAsCKUjmbopcKepJjHWHXSjeW7O5PL7lEFaeQmiVyw4kkc5/lyYKzrv6ElWRX/MrEWfPiJWqbTvfIvjM1Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.58.0.tgz", + "integrity": "sha512-cCePktb9+6R9itIJdeCFF9txPU7pQeEHB5AbHu/MKsfH/k70ZtOeq1k4YAtBv9Z7mmKI5/wOLYjQ+B9QdxR6LA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.58.0.tgz", + "integrity": "sha512-iekUaLkfliAsDl4/xSdoCJ1gnnIXvoNz85C8U8+ZxknM5pBStfZjeXgB8lXobDQvvPRCN8FPmmuTtH+z95HTmg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.58.0.tgz", + "integrity": "sha512-68ofRgJNl/jYJbxFjCKE7IwhbfxOl1muPN4KbIqAIe32lm22KmU7E8OPvyy68HTNkI2iV/c8y2kSPSm2mW/Q9Q==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.58.0.tgz", + "integrity": "sha512-dpz8vT0i+JqUKuSNPCP5SYyIV2Lh0sNL1+FhM7eLC457d5B9/BC3kDPp5BBftMmTNsBarcPcoz5UGSsnCiw4XQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.58.0.tgz", + "integrity": "sha512-4gdkkf9UJ7tafnweBCR/mk4jf3Jfl0cKX9Np80t5i78kjIH0ZdezUv/JDI2VtruE5lunfACqftJ8dIMGN4oHew==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.58.0.tgz", + "integrity": "sha512-YFS4vPnOkDTD/JriUeeZurFYoJhPf9GQQEF/v4lltp3mVcBmnsAdjEWhr2cjUCZzZNzxCG0HZOvJU44UGHSdzw==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.58.0.tgz", + "integrity": "sha512-x2xgZlFne+QVNKV8b4wwaCS8pwq3y14zedZ5DqLzjdRITvreBk//4Knbcvm7+lWmms9V9qFp60MtUd0/t/PXPw==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.58.0.tgz", + "integrity": "sha512-jIhrujyn4UnWF8S+DHSkAkDEO3hLX0cjzxJZPLF80xFyzyUIYgSMRcYQ3+uqEoyDD2beGq7Dj7edi8OnJcS/hg==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.58.0.tgz", + "integrity": "sha512-+410Srdoh78MKSJxTQ+hZ/Mx+ajd6RjjPwBPNd0R3J9FtL6ZA0GqiiyNjCO9In0IzZkCNrpGymSfn+kgyPQocg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.58.0.tgz", + "integrity": "sha512-ZjMyby5SICi227y1MTR3VYBpFTdZs823Rs/hpakufleBoufoOIB6jtm9FEoxn/cgO7l6PM2rCEl5Kre5vX0QrQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.58.0.tgz", + "integrity": "sha512-ds4iwfYkSQ0k1nb8LTcyXw//ToHOnNTJtceySpL3fa7tc/AsE+UpUFphW126A6fKBGJD5dhRvg8zw1rvoGFxmw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.58.0.tgz", + "integrity": "sha512-fd/zpJniln4ICdPkjWFhZYeY/bpnaN9pGa6ko+5WD38I0tTqk9lXMgXZg09MNdhpARngmxiCg0B0XUamNw/5BQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.58.0.tgz", + "integrity": "sha512-YpG8dUOip7DCz3nr/JUfPbIUo+2d/dy++5bFzgi4ugOGBIox+qMbbqt/JoORwvI/C9Kn2tz6+Bieoqd5+B1CjA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.58.0.tgz", + "integrity": "sha512-b9DI8jpFQVh4hIXFr0/+N/TzLdpBIoPzjt0Rt4xJbW3mzguV3mduR9cNgiuFcuL/TeORejJhCWiAXe3E/6PxWA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.58.0.tgz", + "integrity": "sha512-CSrVpmoRJFN06LL9xhkitkwUcTZtIotYAF5p6XOR2zW0Zz5mzb3IPpcoPhB02frzMHFNo1reQ9xSF5fFm3hUsQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.58.0.tgz", + "integrity": "sha512-QFsBgQNTnh5K0t/sBsjJLq24YVqEIVkGpfN2VHsnN90soZyhaiA9UUHufcctVNL4ypJY0wrwad0wslx2KJQ1/w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@standard-schema/spec": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz", + "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/chai": { + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz", + "integrity": "sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/deep-eql": "*", + "assertion-error": "^2.0.1" + } + }, + "node_modules/@types/deep-eql": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz", + "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "20.19.33", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.33.tgz", + "integrity": "sha512-Rs1bVAIdBs5gbTIKza/tgpMuG1k3U/UMJLWecIMxNdJFDMzcM5LOiLVRYh3PilWEYDIeUDv7bpiHPLPsbydGcw==", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~6.21.0" + } + }, + "node_modules/@types/prompts": { + "version": "2.4.9", + "resolved": "https://registry.npmjs.org/@types/prompts/-/prompts-2.4.9.tgz", + "integrity": "sha512-qTxFi6Buiu8+50/+3DGIWLHM6QuWsEKugJnnP6iv2Mc4ncxE4A/OJkjuVOA+5X0X1S/nq5VJRa8Lu+nwcvbrKA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "kleur": "^3.0.3" + } + }, + "node_modules/@types/react": { + "version": "19.2.14", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", + "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", + "devOptional": true, + "license": "MIT", + "peer": true, + "dependencies": { + "csstype": "^3.2.2" + } + }, + "node_modules/@vitest/expect": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz", + "integrity": "sha512-8sCWUyckXXYvx4opfzVY03EOiYVxyNrHS5QxX3DAIi5dpJAAkyJezHCP77VMX4HKA2LDT/Jpfo8i2r5BE3GnQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@standard-schema/spec": "^1.0.0", + "@types/chai": "^5.2.2", + "@vitest/spy": "4.0.18", + "@vitest/utils": "4.0.18", + "chai": "^6.2.1", + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/mocker": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.18.tgz", + "integrity": "sha512-HhVd0MDnzzsgevnOWCBj5Otnzobjy5wLBe4EdeeFGv8luMsGcYqDuFRMcttKWZA5vVO8RFjexVovXvAM4JoJDQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/spy": "4.0.18", + "estree-walker": "^3.0.3", + "magic-string": "^0.30.21" + }, + "funding": { + "url": "https://opencollective.com/vitest" + }, + "peerDependencies": { + "msw": "^2.4.9", + "vite": "^6.0.0 || ^7.0.0-0" + }, + "peerDependenciesMeta": { + "msw": { + "optional": true + }, + "vite": { + "optional": true + } + } + }, + "node_modules/@vitest/pretty-format": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.18.tgz", + "integrity": "sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==", + "dev": true, + "license": "MIT", + "dependencies": { + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/runner": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.18.tgz", + "integrity": "sha512-rpk9y12PGa22Jg6g5M3UVVnTS7+zycIGk9ZNGN+m6tZHKQb7jrP7/77WfZy13Y/EUDd52NDsLRQhYKtv7XfPQw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/utils": "4.0.18", + "pathe": "^2.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/snapshot": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.18.tgz", + "integrity": "sha512-PCiV0rcl7jKQjbgYqjtakly6T1uwv/5BQ9SwBLekVg/EaYeQFPiXcgrC2Y7vDMA8dM1SUEAEV82kgSQIlXNMvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/pretty-format": "4.0.18", + "magic-string": "^0.30.21", + "pathe": "^2.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/spy": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.18.tgz", + "integrity": "sha512-cbQt3PTSD7P2OARdVW3qWER5EGq7PHlvE+QfzSC0lbwO+xnt7+XH06ZzFjFRgzUX//JmpxrCu92VdwvEPlWSNw==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/utils": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.18.tgz", + "integrity": "sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/pretty-format": "4.0.18", + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@xmldom/xmldom": { + "version": "0.8.11", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.11.tgz", + "integrity": "sha512-cQzWCtO6C8TQiYl1ruKNn2U6Ao4o4WBBcbL61yJl84x+j5sOWWFU9X7DpND8XZG3daDppSsigMdfAIl2upQBRw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/ansi-escapes": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-7.3.0.tgz", + "integrity": "sha512-BvU8nYgGQBxcmMuEeUEmNTvrMVjJNSH7RgW24vXexN4Ven6qCvy4TntnvlnwnMLTVlcRQQdbRY8NKnaIoeWDNg==", + "license": "MIT", + "dependencies": { + "environment": "^1.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/ansi-styles": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/app-path": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/app-path/-/app-path-4.0.0.tgz", + "integrity": "sha512-mgBO9PZJ3MpbKbwFTljTi36ZKBvG5X/fkVR1F85ANsVcVllEb+C0LGNdJfGUm84GpC4xxgN6HFkmkMU8VEO4mA==", + "license": "MIT", + "dependencies": { + "execa": "^5.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/assertion-error": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz", + "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/atomic-sleep": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz", + "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==", + "license": "MIT", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/auto-bind": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/auto-bind/-/auto-bind-5.0.1.tgz", + "integrity": "sha512-ooviqdwwgfIfNmDwo94wlshcdzfO64XV0Cg6oDsDYBJfITDz1EngD2z7DkbvCWn+XIMsIqW27sEVF6qcpJrRcg==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/aws4fetch": { + "version": "1.0.20", + "resolved": "https://registry.npmjs.org/aws4fetch/-/aws4fetch-1.0.20.tgz", + "integrity": "sha512-/djoAN709iY65ETD6LKCtyyEI04XIBP5xVvfmNxsEP0uJB5tyaGBztSryRr4HqMStr9R06PisQE7m9zDTXKu6g==", + "license": "MIT" + }, + "node_modules/balanced-match": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz", + "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz", + "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/chai": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/chai/-/chai-6.2.2.tgz", + "integrity": "sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/chalk": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", + "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/cli-boxes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cli-boxes/-/cli-boxes-3.0.0.tgz", + "integrity": "sha512-/lzGpEWL/8PfI0BmBOPRwp0c/wFNX1RdUML3jK/RcSBA9T8mZDdQpqYBKtCFTOfQbwPqWEOpjqW+Fnayc0969g==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-cursor": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-4.0.0.tgz", + "integrity": "sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==", + "license": "MIT", + "dependencies": { + "restore-cursor": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-spinners": { + "version": "2.9.2", + "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==", + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz", + "integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==", + "license": "MIT", + "dependencies": { + "slice-ansi": "^5.0.0", + "string-width": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate/node_modules/is-fullwidth-code-point": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz", + "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate/node_modules/slice-ansi": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz", + "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.0.0", + "is-fullwidth-code-point": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/cli-truncate/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/code-excerpt": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/code-excerpt/-/code-excerpt-4.0.0.tgz", + "integrity": "sha512-xxodCmBen3iy2i0WtAK8FlFNrRzjUqjRsMfho58xT/wvZU1YTM3fCnRjcy1gJPMepaRlgm/0e6w8SpWHpn3/cA==", + "license": "MIT", + "dependencies": { + "convert-to-spaces": "^2.0.1" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/commander": { + "version": "12.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", + "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/convert-to-spaces": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/convert-to-spaces/-/convert-to-spaces-2.0.1.tgz", + "integrity": "sha512-rcQ1bsQO9799wq24uE5AM2tAILy4gXGIK/njFWcVQkGNZ96edlpY+A7bjwvzjYvLDyzmG1MmMLZhpcsb+klNMQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/csstype": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "devOptional": true, + "license": "MIT" + }, + "node_modules/data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/date-fns": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz", + "integrity": "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/kossnocorp" + } + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/dotenv": { + "version": "16.6.1", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz", + "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/emoji-regex": { + "version": "10.6.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz", + "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==", + "license": "MIT" + }, + "node_modules/environment": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/environment/-/environment-1.1.0.tgz", + "integrity": "sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/es-module-lexer": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz", + "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==", + "dev": true, + "license": "MIT" + }, + "node_modules/es-toolkit": { + "version": "1.44.0", + "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.44.0.tgz", + "integrity": "sha512-6penXeZalaV88MM3cGkFZZfOoLGWshWWfdy0tWw/RlVVyhvMaWSBTOvXNeiW3e5FwdS5ePW0LGEu17zT139ktg==", + "license": "MIT", + "workspaces": [ + "docs", + "benchmarks" + ] + }, + "node_modules/esbuild": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.12.tgz", + "integrity": "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.25.12", + "@esbuild/android-arm": "0.25.12", + "@esbuild/android-arm64": "0.25.12", + "@esbuild/android-x64": "0.25.12", + "@esbuild/darwin-arm64": "0.25.12", + "@esbuild/darwin-x64": "0.25.12", + "@esbuild/freebsd-arm64": "0.25.12", + "@esbuild/freebsd-x64": "0.25.12", + "@esbuild/linux-arm": "0.25.12", + "@esbuild/linux-arm64": "0.25.12", + "@esbuild/linux-ia32": "0.25.12", + "@esbuild/linux-loong64": "0.25.12", + "@esbuild/linux-mips64el": "0.25.12", + "@esbuild/linux-ppc64": "0.25.12", + "@esbuild/linux-riscv64": "0.25.12", + "@esbuild/linux-s390x": "0.25.12", + "@esbuild/linux-x64": "0.25.12", + "@esbuild/netbsd-arm64": "0.25.12", + "@esbuild/netbsd-x64": "0.25.12", + "@esbuild/openbsd-arm64": "0.25.12", + "@esbuild/openbsd-x64": "0.25.12", + "@esbuild/openharmony-arm64": "0.25.12", + "@esbuild/sunos-x64": "0.25.12", + "@esbuild/win32-arm64": "0.25.12", + "@esbuild/win32-ia32": "0.25.12", + "@esbuild/win32-x64": "0.25.12" + } + }, + "node_modules/escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/estree-walker": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", + "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/expect-type": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz", + "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/fdir": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "picomatch": "^3 || ^4" + }, + "peerDependenciesMeta": { + "picomatch": { + "optional": true + } + } + }, + "node_modules/fetch-blob": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz", + "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "paypal", + "url": "https://paypal.me/jimmywarting" + } + ], + "license": "MIT", + "dependencies": { + "node-domexception": "^1.0.0", + "web-streams-polyfill": "^3.0.3" + }, + "engines": { + "node": "^12.20 || >= 14.13" + } + }, + "node_modules/formdata-polyfill": { + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", + "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", + "license": "MIT", + "dependencies": { + "fetch-blob": "^3.1.2" + }, + "engines": { + "node": ">=12.20.0" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-east-asian-width": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz", + "integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/glob": { + "version": "13.0.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", + "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "minimatch": "^10.2.2", + "minipass": "^7.1.3", + "path-scurry": "^2.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/indent-string": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-5.0.0.tgz", + "integrity": "sha512-m6FAo/spmsW2Ab2fU35JTYwtOKa2yAwXSwgjSv1TJzh4Mh7mC3lzAOVLBprb72XsTrgkEIsl7YrFNAiDiRhIGg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ink": { + "name": "@jrichman/ink", + "version": "6.4.7", + "resolved": "https://registry.npmjs.org/@jrichman/ink/-/ink-6.4.7.tgz", + "integrity": "sha512-QHyxhNF5VonF5cRmdAJD/UPucB9nRx3FozWMjQrDGfBxfAL9lpyu72/MlFPgloS1TMTGsOt7YN6dTPPA6mh0Aw==", + "license": "MIT", + "peer": true, + "dependencies": { + "@alcalzone/ansi-tokenize": "^0.2.1", + "ansi-escapes": "^7.0.0", + "ansi-styles": "^6.2.1", + "auto-bind": "^5.0.1", + "chalk": "^5.6.0", + "cli-boxes": "^3.0.0", + "cli-cursor": "^4.0.0", + "cli-truncate": "^4.0.0", + "code-excerpt": "^4.0.0", + "es-toolkit": "^1.39.10", + "indent-string": "^5.0.0", + "is-in-ci": "^2.0.0", + "mnemonist": "^0.40.3", + "patch-console": "^2.0.0", + "react-reconciler": "^0.32.0", + "signal-exit": "^3.0.7", + "slice-ansi": "^7.1.0", + "stack-utils": "^2.0.6", + "string-width": "^8.1.0", + "type-fest": "^4.27.0", + "wrap-ansi": "^9.0.0", + "ws": "^8.18.0", + "yoga-layout": "~3.2.1" + }, + "engines": { + "node": ">=20" + }, + "peerDependencies": { + "@types/react": ">=19.0.0", + "react": ">=19.0.0", + "react-devtools-core": "^6.1.2" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "react-devtools-core": { + "optional": true + } + } + }, + "node_modules/ink-picture": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/ink-picture/-/ink-picture-1.3.3.tgz", + "integrity": "sha512-kFDZaiqnvbM2cU46ptIHFeh4RJkfsZfQUh657JmbOmD/swANdCkUvcb8c3Qv6270qFWKwRehf04fghMwtHwEGw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.6.0", + "is-unicode-supported": "^2.1.0", + "iterm2-version": "^5.0.0", + "node-fetch": "^3.3.2", + "sharp": "^0.34.3", + "sixel": "^0.16.0", + "supports-color": "^10.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "ink": ">=5", + "react": ">=18" + } + }, + "node_modules/ink-spinner": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/ink-spinner/-/ink-spinner-5.0.0.tgz", + "integrity": "sha512-EYEasbEjkqLGyPOUc8hBJZNuC5GvXGMLu0w5gdTNskPc7Izc5vO3tdQEYnzvshucyGCBXc86ig0ujXPMWaQCdA==", + "license": "MIT", + "dependencies": { + "cli-spinners": "^2.7.0" + }, + "engines": { + "node": ">=14.16" + }, + "peerDependencies": { + "ink": ">=4.0.0", + "react": ">=18.0.0" + } + }, + "node_modules/ink-testing-library": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/ink-testing-library/-/ink-testing-library-4.0.0.tgz", + "integrity": "sha512-yF92kj3pmBvk7oKbSq5vEALO//o7Z9Ck/OaLNlkzXNeYdwfpxMQkSowGTFUCS5MSu9bWfSZMewGpp7bFc66D7Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@types/react": ">=18.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.1.0.tgz", + "integrity": "sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==", + "license": "MIT", + "dependencies": { + "get-east-asian-width": "^1.3.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-in-ci": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-in-ci/-/is-in-ci-2.0.0.tgz", + "integrity": "sha512-cFeerHriAnhrQSbpAxL37W1wcJKUUX07HyLWZCW1URJT/ra3GyUTzBgUnh24TMVfNTV2Hij2HLxkPHFZfOZy5w==", + "license": "MIT", + "bin": { + "is-in-ci": "cli.js" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-interactive": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-2.0.0.tgz", + "integrity": "sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-unicode-supported": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-2.1.0.tgz", + "integrity": "sha512-mE00Gnza5EEB3Ds0HfMyllZzbBrmLOX3vfWoj9A9PEnTfratQ/BcaJOuMhnkhjXvb2+FkY3VuHqtAGpTPmglFQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/iterm2-version": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/iterm2-version/-/iterm2-version-5.0.0.tgz", + "integrity": "sha512-WdLXcMYvN3SXT6vEtuW78vnZs4pVWm2nBnb4VKjOPPXmdlR1xTHmBgqKacOzAe4RXOiY/V+0u/0zsU3LoGQoBg==", + "license": "MIT", + "dependencies": { + "app-path": "^4.0.0", + "plist": "^3.0.2" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/log-symbols": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-6.0.0.tgz", + "integrity": "sha512-i24m8rpwhmPIS4zscNzK6MSEhk0DUWa/8iYQWxhffV8jkI4Phvs3F+quL5xvS0gdQR0FyTCMMH33Y78dDTzzIw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.3.0", + "is-unicode-supported": "^1.3.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/log-symbols/node_modules/is-unicode-supported": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz", + "integrity": "sha512-43r2mRvz+8JRIKnWJ+3j8JtjRKZ6GmjzfaE/qiBJnikNnYv/6bagRJ1kUhNk8R5EX/GkobD+r+sfxCPJsiKBLQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lru-cache": { + "version": "11.2.6", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz", + "integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/magic-string": { + "version": "0.30.21", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz", + "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "license": "MIT" + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/mimic-function": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/mimic-function/-/mimic-function-5.0.1.tgz", + "integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/minimatch": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.2.tgz", + "integrity": "sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/minipass": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz", + "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/mnemonist": { + "version": "0.40.3", + "resolved": "https://registry.npmjs.org/mnemonist/-/mnemonist-0.40.3.tgz", + "integrity": "sha512-Vjyr90sJ23CKKH/qPAgUKicw/v6pRoamxIEDFOF8uSgFME7DqPRpHgRTejWVjkdGg5dXj0/NyxZHZ9bcjH+2uQ==", + "license": "MIT", + "dependencies": { + "obliterator": "^2.0.4" + } + }, + "node_modules/nanoid": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.6.tgz", + "integrity": "sha512-c7+7RQ+dMB5dPwwCp4ee1/iV/q2P6aK1mTZcfr1BTuVlyW9hJYiMPybJCcnBlQtuSmTIWNeazm/zqNoZSSElBg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.js" + }, + "engines": { + "node": "^18 || >=20" + } + }, + "node_modules/node-domexception": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", + "deprecated": "Use your platform's native DOMException instead", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "github", + "url": "https://paypal.me/jimmywarting" + } + ], + "license": "MIT", + "engines": { + "node": ">=10.5.0" + } + }, + "node_modules/node-fetch": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "license": "MIT", + "dependencies": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/node-fetch" + } + }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/obliterator": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/obliterator/-/obliterator-2.0.5.tgz", + "integrity": "sha512-42CPE9AhahZRsMNslczq0ctAEtqk8Eka26QofnqC346BZdHDySk3LWka23LI7ULIw11NmltpiLagIq8gBozxTw==", + "license": "MIT" + }, + "node_modules/obug": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/obug/-/obug-2.1.1.tgz", + "integrity": "sha512-uTqF9MuPraAQ+IsnPf366RG4cP9RtUi7MLO1N3KEc+wb0a6yKpeL0lmk2IB1jY5KHPAlTc6T/JRdC/YqxHNwkQ==", + "dev": true, + "funding": [ + "https://github.com/sponsors/sxzz", + "https://opencollective.com/debug" + ], + "license": "MIT" + }, + "node_modules/on-exit-leak-free": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz", + "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==", + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/ora/-/ora-8.2.0.tgz", + "integrity": "sha512-weP+BZ8MVNnlCm8c0Qdc1WSWq4Qn7I+9CJGm7Qali6g44e/PUzbjNqJX5NJ9ljlNMosfJvg1fKEGILklK9cwnw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.3.0", + "cli-cursor": "^5.0.0", + "cli-spinners": "^2.9.2", + "is-interactive": "^2.0.0", + "is-unicode-supported": "^2.0.0", + "log-symbols": "^6.0.0", + "stdin-discarder": "^0.2.2", + "string-width": "^7.2.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/cli-cursor": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-5.0.0.tgz", + "integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==", + "license": "MIT", + "dependencies": { + "restore-cursor": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/onetime": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-7.0.0.tgz", + "integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==", + "license": "MIT", + "dependencies": { + "mimic-function": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/restore-cursor": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz", + "integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==", + "license": "MIT", + "dependencies": { + "onetime": "^7.0.0", + "signal-exit": "^4.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "license": "ISC", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/ora/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/package-json-from-dist": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", + "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", + "dev": true, + "license": "BlueOak-1.0.0" + }, + "node_modules/patch-console": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/patch-console/-/patch-console-2.0.0.tgz", + "integrity": "sha512-0YNdUceMdaQwoKce1gatDScmMo5pu/tfABfnzEqeG0gtTmd7mh/WcwgUjtAeOU7N8nFFlbQBnFK2gXW5fGvmMA==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-scurry": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.2.tgz", + "integrity": "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "lru-cache": "^11.0.0", + "minipass": "^7.1.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/pathe": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz", + "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", + "dev": true, + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", + "dev": true, + "license": "MIT", + "peer": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pino": { + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/pino/-/pino-10.3.1.tgz", + "integrity": "sha512-r34yH/GlQpKZbU1BvFFqOjhISRo1MNx1tWYsYvmj6KIRHSPMT2+yHOEb1SG6NMvRoHRF0a07kCOox/9yakl1vg==", + "license": "MIT", + "dependencies": { + "@pinojs/redact": "^0.4.0", + "atomic-sleep": "^1.0.0", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^3.0.0", + "pino-std-serializers": "^7.0.0", + "process-warning": "^5.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^4.0.1", + "thread-stream": "^4.0.0" + }, + "bin": { + "pino": "bin.js" + } + }, + "node_modules/pino-abstract-transport": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-3.0.0.tgz", + "integrity": "sha512-wlfUczU+n7Hy/Ha5j9a/gZNy7We5+cXp8YL+X+PG8S0KXxw7n/JXA3c46Y0zQznIJ83URJiwy7Lh56WLokNuxg==", + "license": "MIT", + "dependencies": { + "split2": "^4.0.0" + } + }, + "node_modules/pino-roll": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/pino-roll/-/pino-roll-4.0.0.tgz", + "integrity": "sha512-axI1aQaIxXdw1F4OFFli1EDxIrdYNGLowkw/ZoZogX8oCSLHUghzwVVXUS8U+xD/Savwa5IXpiXmsSGKFX/7Sg==", + "license": "MIT", + "dependencies": { + "date-fns": "^4.1.0", + "sonic-boom": "^4.0.1" + } + }, + "node_modules/pino-std-serializers": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.1.0.tgz", + "integrity": "sha512-BndPH67/JxGExRgiX1dX0w1FvZck5Wa4aal9198SrRhZjH3GxKQUKIBnYJTdj2HDN3UQAS06HlfcSbQj2OHmaw==", + "license": "MIT" + }, + "node_modules/plist": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/plist/-/plist-3.1.0.tgz", + "integrity": "sha512-uysumyrvkUX0rX/dEVqt8gC3sTBzd4zoWfLeS29nb53imdaXVvLINYXTI2GNqzaMuvacNx4uJQ8+b3zXR0pkgQ==", + "license": "MIT", + "dependencies": { + "@xmldom/xmldom": "^0.8.8", + "base64-js": "^1.5.1", + "xmlbuilder": "^15.1.1" + }, + "engines": { + "node": ">=10.4.0" + } + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss/node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/process-warning": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-5.0.0.tgz", + "integrity": "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "MIT" + }, + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "license": "MIT", + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/quick-format-unescaped": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz", + "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==", + "license": "MIT" + }, + "node_modules/react": { + "version": "19.2.4", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.4.tgz", + "integrity": "sha512-9nfp2hYpCwOjAN+8TZFGhtWEwgvWHXqESH8qT89AT/lWklpLON22Lc8pEtnpsZz7VmawabSU0gCjnj8aC0euHQ==", + "license": "MIT", + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-reconciler": { + "version": "0.32.0", + "resolved": "https://registry.npmjs.org/react-reconciler/-/react-reconciler-0.32.0.tgz", + "integrity": "sha512-2NPMOzgTlG0ZWdIf3qG+dcbLSoAc/uLfOwckc3ofy5sSK0pLJqnQLpUFxvGcN2rlXSjnVtGeeFLNimCQEj5gOQ==", + "license": "MIT", + "dependencies": { + "scheduler": "^0.26.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "peerDependencies": { + "react": "^19.1.0" + } + }, + "node_modules/real-require": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz", + "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==", + "license": "MIT", + "engines": { + "node": ">= 12.13.0" + } + }, + "node_modules/restore-cursor": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz", + "integrity": "sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==", + "license": "MIT", + "dependencies": { + "onetime": "^5.1.0", + "signal-exit": "^3.0.2" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/rimraf": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.3.tgz", + "integrity": "sha512-LKg+Cr2ZF61fkcaK1UdkH2yEBBKnYjTyWzTJT6KNPcSPaiT7HSdhtMXQuN5wkTX0Xu72KQ1l8S42rlmexS2hSA==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "glob": "^13.0.3", + "package-json-from-dist": "^1.0.1" + }, + "bin": { + "rimraf": "dist/esm/bin.mjs" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rollup": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.58.0.tgz", + "integrity": "sha512-wbT0mBmWbIvvq8NeEYWWvevvxnOyhKChir47S66WCxw1SXqhw7ssIYejnQEVt7XYQpsj2y8F9PM+Cr3SNEa0gw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.58.0", + "@rollup/rollup-android-arm64": "4.58.0", + "@rollup/rollup-darwin-arm64": "4.58.0", + "@rollup/rollup-darwin-x64": "4.58.0", + "@rollup/rollup-freebsd-arm64": "4.58.0", + "@rollup/rollup-freebsd-x64": "4.58.0", + "@rollup/rollup-linux-arm-gnueabihf": "4.58.0", + "@rollup/rollup-linux-arm-musleabihf": "4.58.0", + "@rollup/rollup-linux-arm64-gnu": "4.58.0", + "@rollup/rollup-linux-arm64-musl": "4.58.0", + "@rollup/rollup-linux-loong64-gnu": "4.58.0", + "@rollup/rollup-linux-loong64-musl": "4.58.0", + "@rollup/rollup-linux-ppc64-gnu": "4.58.0", + "@rollup/rollup-linux-ppc64-musl": "4.58.0", + "@rollup/rollup-linux-riscv64-gnu": "4.58.0", + "@rollup/rollup-linux-riscv64-musl": "4.58.0", + "@rollup/rollup-linux-s390x-gnu": "4.58.0", + "@rollup/rollup-linux-x64-gnu": "4.58.0", + "@rollup/rollup-linux-x64-musl": "4.58.0", + "@rollup/rollup-openbsd-x64": "4.58.0", + "@rollup/rollup-openharmony-arm64": "4.58.0", + "@rollup/rollup-win32-arm64-msvc": "4.58.0", + "@rollup/rollup-win32-ia32-msvc": "4.58.0", + "@rollup/rollup-win32-x64-gnu": "4.58.0", + "@rollup/rollup-win32-x64-msvc": "4.58.0", + "fsevents": "~2.3.2" + } + }, + "node_modules/safe-stable-stringify": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz", + "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/scheduler": { + "version": "0.26.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.26.0.tgz", + "integrity": "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", + "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/sharp": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz", + "integrity": "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==", + "hasInstallScript": true, + "license": "Apache-2.0", + "dependencies": { + "@img/colour": "^1.0.0", + "detect-libc": "^2.1.2", + "semver": "^7.7.3" + }, + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-darwin-arm64": "0.34.5", + "@img/sharp-darwin-x64": "0.34.5", + "@img/sharp-libvips-darwin-arm64": "1.2.4", + "@img/sharp-libvips-darwin-x64": "1.2.4", + "@img/sharp-libvips-linux-arm": "1.2.4", + "@img/sharp-libvips-linux-arm64": "1.2.4", + "@img/sharp-libvips-linux-ppc64": "1.2.4", + "@img/sharp-libvips-linux-riscv64": "1.2.4", + "@img/sharp-libvips-linux-s390x": "1.2.4", + "@img/sharp-libvips-linux-x64": "1.2.4", + "@img/sharp-libvips-linuxmusl-arm64": "1.2.4", + "@img/sharp-libvips-linuxmusl-x64": "1.2.4", + "@img/sharp-linux-arm": "0.34.5", + "@img/sharp-linux-arm64": "0.34.5", + "@img/sharp-linux-ppc64": "0.34.5", + "@img/sharp-linux-riscv64": "0.34.5", + "@img/sharp-linux-s390x": "0.34.5", + "@img/sharp-linux-x64": "0.34.5", + "@img/sharp-linuxmusl-arm64": "0.34.5", + "@img/sharp-linuxmusl-x64": "0.34.5", + "@img/sharp-wasm32": "0.34.5", + "@img/sharp-win32-arm64": "0.34.5", + "@img/sharp-win32-ia32": "0.34.5", + "@img/sharp-win32-x64": "0.34.5" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/siginfo": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", + "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==", + "dev": true, + "license": "ISC" + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "license": "ISC" + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "license": "MIT" + }, + "node_modules/sixel": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/sixel/-/sixel-0.16.0.tgz", + "integrity": "sha512-xicu6Y6Cyhmv5rjyHxq2r5RnKerlL/nyZEGjOU5bLCshXkZryc9JFJThTCKPOAtWXCfeWquEKFVFfMPcTD25PA==", + "license": "MIT" + }, + "node_modules/slice-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.2.tgz", + "integrity": "sha512-iOBWFgUX7caIZiuutICxVgX1SdxwAVFFKwt1EvMYYec/NWO5meOJ6K5uQxhrYBdQJne4KxiqZc+KptFOWFSI9w==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "is-fullwidth-code-point": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/sonic-boom": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.1.tgz", + "integrity": "sha512-w6AxtubXa2wTXAUsZMMWERrsIRAdrK0Sc+FUytWvYAhBJLyuI4llrMIC1DtlNSdI99EI86KZum2MMq3EAZlF9Q==", + "license": "MIT", + "dependencies": { + "atomic-sleep": "^1.0.0" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/split2": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", + "license": "ISC", + "engines": { + "node": ">= 10.x" + } + }, + "node_modules/stack-utils": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "integrity": "sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==", + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/stackback": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz", + "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==", + "dev": true, + "license": "MIT" + }, + "node_modules/std-env": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz", + "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", + "dev": true, + "license": "MIT" + }, + "node_modules/stdin-discarder": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/stdin-discarder/-/stdin-discarder-0.2.2.tgz", + "integrity": "sha512-UhDfHmA92YAlNnCfhmq0VeNL5bDbiZGg7sZ2IvPsXubGkiNa9EC+tUTsjBRsYUAz87btI6/1wf4XoVvQ3uRnmQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.0.tgz", + "integrity": "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw==", + "license": "MIT", + "dependencies": { + "get-east-asian-width": "^1.5.0", + "strip-ansi": "^7.1.2" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/strip-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/supports-color": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-10.2.2.tgz", + "integrity": "sha512-SS+jx45GF1QjgEXQx4NJZV9ImqmO2NPz5FNsIHrsDjh2YsHnawpan7SNQ1o8NuhrbHZy9AZhIoCUiCeaW/C80g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/thread-stream": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.0.0.tgz", + "integrity": "sha512-4iMVL6HAINXWf1ZKZjIPcz5wYaOdPhtO8ATvZ+Xqp3BTdaqtAwQkNmKORqcIo5YkQqGXq5cwfswDwMqqQNrpJA==", + "license": "MIT", + "dependencies": { + "real-require": "^0.2.0" + }, + "engines": { + "node": ">=20" + } + }, + "node_modules/tinybench": { + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz", + "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==", + "dev": true, + "license": "MIT" + }, + "node_modules/tinyexec": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.2.tgz", + "integrity": "sha512-W/KYk+NFhkmsYpuHq5JykngiOCnxeVL8v8dFnqxSD8qEEdRfXk1SDM6JzNqcERbcGYj9tMrDQBYV9cjgnunFIg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/tinyglobby": { + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.3" + }, + "engines": { + "node": ">=12.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/SuperchupuDev" + } + }, + "node_modules/tinyrainbow": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.0.3.tgz", + "integrity": "sha512-PSkbLUoxOFRzJYjjxHJt9xro7D+iilgMX/C9lawzVuYiIdcihh9DXmVibBe8lmcFrRi/VzlPjBxbN7rH24q8/Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD", + "optional": true + }, + "node_modules/type-fest": { + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", + "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/undici-types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/vite": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz", + "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "esbuild": "^0.27.0", + "fdir": "^6.5.0", + "picomatch": "^4.0.3", + "postcss": "^8.5.6", + "rollup": "^4.43.0", + "tinyglobby": "^0.2.15" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^20.19.0 || >=22.12.0", + "jiti": ">=1.21.0", + "less": "^4.0.0", + "lightningcss": "^1.21.0", + "sass": "^1.70.0", + "sass-embedded": "^1.70.0", + "stylus": ">=0.54.8", + "sugarss": "^5.0.0", + "terser": "^5.16.0", + "tsx": "^4.8.1", + "yaml": "^2.4.2" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "jiti": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + }, + "tsx": { + "optional": true + }, + "yaml": { + "optional": true + } + } + }, + "node_modules/vite/node_modules/@esbuild/aix-ppc64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz", + "integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-arm": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz", + "integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz", + "integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz", + "integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/darwin-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz", + "integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/darwin-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz", + "integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/freebsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz", + "integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/freebsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz", + "integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-arm": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz", + "integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz", + "integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-ia32": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz", + "integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-loong64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz", + "integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-mips64el": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz", + "integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-ppc64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz", + "integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-riscv64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz", + "integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-s390x": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz", + "integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz", + "integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/netbsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz", + "integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/netbsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz", + "integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openbsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz", + "integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openbsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz", + "integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openharmony-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz", + "integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/sunos-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz", + "integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz", + "integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-ia32": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz", + "integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz", + "integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/esbuild": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz", + "integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.27.3", + "@esbuild/android-arm": "0.27.3", + "@esbuild/android-arm64": "0.27.3", + "@esbuild/android-x64": "0.27.3", + "@esbuild/darwin-arm64": "0.27.3", + "@esbuild/darwin-x64": "0.27.3", + "@esbuild/freebsd-arm64": "0.27.3", + "@esbuild/freebsd-x64": "0.27.3", + "@esbuild/linux-arm": "0.27.3", + "@esbuild/linux-arm64": "0.27.3", + "@esbuild/linux-ia32": "0.27.3", + "@esbuild/linux-loong64": "0.27.3", + "@esbuild/linux-mips64el": "0.27.3", + "@esbuild/linux-ppc64": "0.27.3", + "@esbuild/linux-riscv64": "0.27.3", + "@esbuild/linux-s390x": "0.27.3", + "@esbuild/linux-x64": "0.27.3", + "@esbuild/netbsd-arm64": "0.27.3", + "@esbuild/netbsd-x64": "0.27.3", + "@esbuild/openbsd-arm64": "0.27.3", + "@esbuild/openbsd-x64": "0.27.3", + "@esbuild/openharmony-arm64": "0.27.3", + "@esbuild/sunos-x64": "0.27.3", + "@esbuild/win32-arm64": "0.27.3", + "@esbuild/win32-ia32": "0.27.3", + "@esbuild/win32-x64": "0.27.3" + } + }, + "node_modules/vitest": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.18.tgz", + "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/expect": "4.0.18", + "@vitest/mocker": "4.0.18", + "@vitest/pretty-format": "4.0.18", + "@vitest/runner": "4.0.18", + "@vitest/snapshot": "4.0.18", + "@vitest/spy": "4.0.18", + "@vitest/utils": "4.0.18", + "es-module-lexer": "^1.7.0", + "expect-type": "^1.2.2", + "magic-string": "^0.30.21", + "obug": "^2.1.1", + "pathe": "^2.0.3", + "picomatch": "^4.0.3", + "std-env": "^3.10.0", + "tinybench": "^2.9.0", + "tinyexec": "^1.0.2", + "tinyglobby": "^0.2.15", + "tinyrainbow": "^3.0.3", + "vite": "^6.0.0 || ^7.0.0", + "why-is-node-running": "^2.3.0" + }, + "bin": { + "vitest": "vitest.mjs" + }, + "engines": { + "node": "^20.0.0 || ^22.0.0 || >=24.0.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + }, + "peerDependencies": { + "@edge-runtime/vm": "*", + "@opentelemetry/api": "^1.9.0", + "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", + "@vitest/browser-playwright": "4.0.18", + "@vitest/browser-preview": "4.0.18", + "@vitest/browser-webdriverio": "4.0.18", + "@vitest/ui": "4.0.18", + "happy-dom": "*", + "jsdom": "*" + }, + "peerDependenciesMeta": { + "@edge-runtime/vm": { + "optional": true + }, + "@opentelemetry/api": { + "optional": true + }, + "@types/node": { + "optional": true + }, + "@vitest/browser-playwright": { + "optional": true + }, + "@vitest/browser-preview": { + "optional": true + }, + "@vitest/browser-webdriverio": { + "optional": true + }, + "@vitest/ui": { + "optional": true + }, + "happy-dom": { + "optional": true + }, + "jsdom": { + "optional": true + } + } + }, + "node_modules/web-streams-polyfill": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz", + "integrity": "sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/why-is-node-running": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", + "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==", + "dev": true, + "license": "MIT", + "dependencies": { + "siginfo": "^2.0.0", + "stackback": "0.0.2" + }, + "bin": { + "why-is-node-running": "cli.js" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz", + "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "string-width": "^7.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ws": { + "version": "8.19.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz", + "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/xmlbuilder": { + "version": "15.1.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-15.1.1.tgz", + "integrity": "sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg==", + "license": "MIT", + "engines": { + "node": ">=8.0" + } + }, + "node_modules/yoga-layout": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/yoga-layout/-/yoga-layout-3.2.1.tgz", + "integrity": "sha512-0LPOt3AxKqMdFBZA3HBAt/t/8vIKq7VaQYbuA8WxCgung+p9TVyKRYdpvCb80HcdTN2NkbIKbhNwKUfm3tQywQ==", + "license": "MIT" + }, + "node_modules/zod": { + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.3.6.tgz", + "integrity": "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==", + "license": "MIT", + "peer": true, + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + } + } +} diff --git a/modules/common-modules/pkgs/cline/default.nix b/modules/common-modules/pkgs/cline/default.nix new file mode 100644 index 0000000..05dbf48 --- /dev/null +++ b/modules/common-modules/pkgs/cline/default.nix @@ -0,0 +1,53 @@ +{ + lib, + buildNpmPackage, + fetchurl, + ripgrep, + makeWrapper, + jq, + ... +}: +buildNpmPackage rec { + pname = "cline"; + version = "2.4.2"; + + src = fetchurl { + url = "https://registry.npmjs.org/cline/-/cline-${version}.tgz"; + hash = "sha256-2utOBC0vhoj5fR+cG+Vdo3N6+i/pNW1E4mESF/dZS/c="; + }; + + sourceRoot = "package"; + + postPatch = '' + cp ${./cline-package-lock.json} package-lock.json + + # Remove @vscode/ripgrep from package.json since it tries to download + # a binary from GitHub during install, which fails in the nix sandbox. + # We provide ripgrep from nixpkgs instead via PATH wrapping. + # Also remove the man field since the man page is not included in the npm tarball. + ${jq}/bin/jq 'del(.dependencies["@vscode/ripgrep"]) | del(.man)' package.json > package.json.tmp + mv package.json.tmp package.json + ''; + + npmDepsHash = "sha256-oHo60ghR7A4SUT0cLmIe7glPDYBK3twJ0F71RKVrxQc="; + + dontNpmBuild = true; + + # Skip post-install scripts to be safe + npmFlags = ["--ignore-scripts"]; + + nativeBuildInputs = [makeWrapper jq]; + + # Provide ripgrep from nixpkgs since @vscode/ripgrep was removed + postInstall = '' + wrapProgram $out/bin/cline \ + --prefix PATH : ${lib.makeBinPath [ripgrep]} + ''; + + meta = with lib; { + description = "Autonomous coding agent CLI - capable of creating/editing files, running commands, using the browser, and more"; + homepage = "https://cline.bot"; + license = licenses.asl20; + mainProgram = "cline"; + }; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 2afc9f2..81af054 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -44,5 +44,8 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) + (final: prev: { + cline = pkgs.callPackage ./cline/default.nix {}; + }) ]; } diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index ffeaff3..c4d2dd7 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,6 +10,19 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + anyProfileHasInstallTool = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.installTool + ) (lib.attrValues config.programs.vscode.profiles); + + getInstallToolPackage = lib.findFirst (package: package != null) pkgs.cline (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.installTool + then profile.extraExtensions.claudeDev.package + else null + ) (lib.attrValues config.programs.vscode.profiles)); + anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable @@ -69,6 +82,17 @@ in { default = ["saoudrizwan" "claude-dev"]; }; + installTool = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to install the cline CLI tool for subagent support when the extension is enabled"; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.cline; + description = "The package to install for the cline CLI tool"; + }; + mcp = { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; @@ -145,6 +169,12 @@ in { }; config = lib.mkMerge [ + (lib.mkIf anyProfileHasInstallTool { + home.packages = [ + getInstallToolPackage + ]; + }) + (lib.mkIf anyProfileHasMcpNixos { home.packages = [ mcp-nixos From 81680932be2baae4188261c7de62b252dbc2a2e8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Feb 2026 22:03:25 -0600 Subject: [PATCH 363/374] feat: disabled actual --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d204c71..2cadfd5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -316,7 +316,7 @@ }; actual = { - enable = true; + enable = false; domain = "budget.jan-leila.com"; }; From 50cc74833025aa901274fd24d018f21e16f97dd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Feb 2026 22:44:23 -0600 Subject: [PATCH 364/374] feat: updated flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 21af562..1403bb4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771469470, - "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", + "lastModified": 1771881364, + "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", "owner": "nix-community", "repo": "disko", - "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", + "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1771616655, - "narHash": "sha256-APFEjtfQf18WsP7wJRuda2dmz9W7Ur/xGyTBlWuvlgk=", + "lastModified": 1771888219, + "narHash": "sha256-XlA/l99y1Qilmd8ttYJ9y5BSse9GKoQlt9hnY8H+EHM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "55dba96bd37209fc595049a435284acbb79a5df2", + "rev": "a347c1da78da64eeb78a0c9005bdaadace33e83c", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1771625283, - "narHash": "sha256-1T88/PSNKpRNtaiXATTae0hpRnBpjmIL0b1QfGO6HBA=", + "lastModified": 1771851181, + "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "a913ae61bf3b9f4312f6097b68cdf0a0fa699279", + "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1771555311, - "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", + "lastModified": 1771901087, + "narHash": "sha256-b5eSke+C8UeR5Er+TZOzHCDStBJ68yyFlqAUc6fNBX0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", + "rev": "c22e7adea9adec98b3dc79be954ee17d56a232bd", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1771524872, - "narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=", + "lastModified": 1771889317, + "narHash": "sha256-YV17Q5lEU0S9ppw08Y+cs4eEQJBuc79AzblFoHORLMU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7", + "rev": "b027513c32e5b39b59f64626b87fbe168ae02094", "type": "github" }, "original": { From 1b5c62f2e69b56d49876b93bcf4306ab54ba2db4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Feb 2026 21:37:13 -0600 Subject: [PATCH 365/374] feat: added open code to packages --- configurations/home-manager/leyla/packages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 33dd033..475269d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -41,6 +41,7 @@ in { openrgb.enable = hardware.openRGB.enable; via.enable = hardware.viaKeyboard.enable; claude-code.enable = osConfig.host.ai.enable; + opencode.enable = osConfig.host.ai.enable; davinci-resolve.enable = hardware.graphicsAcceleration.enable; mfoc.enable = true; }) From 64e29f793fa905a82bce9a2046de98c0680d65c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 26 Feb 2026 08:15:28 -0600 Subject: [PATCH 366/374] feat: instealled graphql plugin for leyla vscode --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/graphql.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/graphql.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9d82ef2..41e025a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -58,6 +58,9 @@ in { nearley.enable = true; + # graphql + graphql.enable = true; + # astro development vscodeMdx.enable = true; astroVscode.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index b735e72..6b7fbb9 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -26,5 +26,6 @@ ./direnv.nix ./conventionalCommits.nix ./openDyslexicFont.nix + ./graphql.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/graphql.nix b/modules/home-manager-modules/programs/vscode/graphql.nix new file mode 100644 index 0000000..fde08f3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/graphql.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.graphql = { + enable = lib.mkEnableOption "should the graphql highlighting extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-graphql" { + default = ["graphql" "vscode-graphql-syntax"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.graphql.enable { + extensions = [ + config.extraExtensions.graphql.extension + ]; + }; + })); + }; +} From c4f4276680512b9d06093e530e317f56fa78d7fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Feb 2026 20:19:42 -0600 Subject: [PATCH 367/374] feat: disabled cline --- configurations/home-manager/leyla/packages/vscode/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 41e025a..469c4ad 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -80,7 +80,7 @@ in { # claude development claudeDev = lib.mkIf ai-tooling-enabled { - enable = true; + enable = false; mcp = { nixos = { enable = true; From 12d746804db7d7890041457fef0714823f01b0b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Mar 2026 01:42:21 -0600 Subject: [PATCH 368/374] feat: updated vscode extensions config --- .../home-manager/leyla/packages/vscode/default.nix | 2 +- modules/home-manager-modules/programs/vscode/go.nix | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 469c4ad..e0b2d98 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -76,7 +76,7 @@ in { rustAnalyzer.enable = true; # arduino development - platformIO.enable = true; + platformIO.enable = false; # claude development claudeDev = lib.mkIf ai-tooling-enabled { diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix index 02ffe5d..bd9b771 100644 --- a/modules/home-manager-modules/programs/vscode/go.nix +++ b/modules/home-manager-modules/programs/vscode/go.nix @@ -21,6 +21,13 @@ in { extensions = [ config.extraExtensions.go.extension ]; + userSettings = { + "go.alternateTools" = { + "gopls" = "gopls"; + }; + "go.toolsManagement.autoUpdate" = false; + "go.useLanguageServer" = true; + }; }; })); }; From 58bacc46357eccf63ecd9c3c283fb2938840f03b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 6 Mar 2026 15:33:19 -0600 Subject: [PATCH 369/374] feat: added keep alive to wg on defiant --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2cadfd5..19252a5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -134,6 +134,7 @@ Endpoint = "185.230.126.146:51820"; # Allow all traffic but use policy routing to prevent system-wide VPN AllowedIPs = ["0.0.0.0/0"]; + PersistentKeepalive = 25; } ]; }; From fa0adaa51145653b7bbce6404cd54f2d62cc50e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 11:15:45 -0600 Subject: [PATCH 370/374] feat: reenabled auto snapshot/scrubbing --- modules/nixos-modules/storage/zfs.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 1d3c1fb..0d6ca18 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -212,10 +212,10 @@ in { # in # diskWarnings ++ datasetWarnings; - # services.zfs = { - # autoScrub.enable = true; - # autoSnapshot.enable = true; - # }; + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; # # Configure disko for ZFS setup disko.devices = { From 1145703cfe30700ed12cbda894e5b3fda361fcff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 12:03:09 -0600 Subject: [PATCH 371/374] feat: fixed merge incompatibilities --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/defiant/configuration.nix | 1 - .../nixos/defiant/legacy-impermanence.nix | 97 ++++++++---- .../nixos/defiant/legacy-storage.nix | 147 ++++++++++++++++-- flake.lock | 125 ++++++--------- modules/home-manager-modules/impermanence.nix | 7 +- .../home-manager-modules/programs/signal.nix | 6 +- .../nixos-modules/storage/impermanence.nix | 3 + 9 files changed, 259 insertions(+), 131 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6b3c2e2..ac24fa2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -60,7 +60,7 @@ in { bitwarden.enable = true; discord.enable = true; makemkv.enable = true; - signal-desktop-bin.enable = true; + signal-desktop.enable = true; steam.enable = true; piper.enable = hardware.piperMouse.enable; krita.enable = true; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 475269d..5f64742 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -50,7 +50,7 @@ in { android-studio.enable = true; makemkv.enable = true; discord.enable = true; - signal-desktop-bin.enable = true; + signal-desktop.enable = true; calibre.enable = true; obsidian.enable = true; jetbrains.idea-oss.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5885264..40adbd5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,7 +67,6 @@ }; storage = { - generateBase = false; zfs = { enable = true; notifications = { diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index b272fb8..4cfe18b 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -1,19 +1,32 @@ # Legacy impermanence module for defiant -# This module contains all the impermanence configurations that were previously -# handled by individual service modules on the main branch. It allows us to -# merge the storage-refactor branch into main while keeping current functionality, -# and then migrate services one at a time to the new automated impermanence system. +# See legacy-storage.nix for the full incremental migration plan. # -# To migrate a service to the new system: -# 1. Remove the service's configuration from this file -# 2. Set `impermanence.enable = true` for that service in configuration.nix -# 3. Remove `impermanence.enable = false` from the service configuration +# This file is consumed in two phases: +# +# Phase 3 (after generateBase is enabled): +# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be +# handled automatically by storage.nix, ssh.nix, and the impermanence module: +# - var-lib-private-permissions activation script +# - /etc/machine-id +# - SSH host keys +# - /var/lib/nixos +# - /var/lib/systemd/coredump +# - /persist/system/var/log persistence block +# +# Phase 4 (migrate services one at a time, any order): +# For each service: +# 1. Remove the service's section marked [PHASE 4] from this file +# 2. Remove `impermanence.enable = false` for that service in configuration.nix +# For jellyfin/qbittorrent, also remove the separate media persistence blocks. +# +# Phase 5: Delete this file once empty. { config, lib, ... }: { config = lib.mkIf config.storage.impermanence.enable { + # [PHASE 3] Remove this activation script after enabling generateBase system.activationScripts = { "var-lib-private-permissions" = { deps = ["specialfs"]; @@ -27,8 +40,28 @@ environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; + # [PHASE 3] Remove this files block after enabling generateBase + files = lib.mkMerge [ + ["/etc/machine-id"] + # SSH host keys + (lib.mkIf config.services.openssh.enable ( + lib.lists.flatten ( + builtins.map (hostKey: [ + hostKey.path + "${hostKey.path}.pub" + ]) + config.services.openssh.hostKeys + ) + )) + ]; directories = lib.mkMerge [ - # PostgreSQL + # [PHASE 3] Remove these system directories after enabling generateBase + [ + "/var/lib/nixos" + "/var/lib/systemd/coredump" + ] + + # [PHASE 4] PostgreSQL (lib.mkIf config.services.postgresql.enable [ { directory = "/var/lib/postgresql/16"; @@ -37,7 +70,7 @@ } ]) - # Reverse Proxy (ACME) + # [PHASE 4] Reverse Proxy (ACME) (lib.mkIf config.services.reverseProxy.enable [ { directory = "/var/lib/acme"; @@ -46,7 +79,7 @@ } ]) - # Ollama + # [PHASE 4] Ollama (lib.mkIf config.services.ollama.enable [ { directory = "/var/lib/private/ollama"; @@ -56,7 +89,7 @@ } ]) - # Tailscale + # [PHASE 4] Tailscale (lib.mkIf config.services.tailscale.enable [ { directory = "/var/lib/tailscale"; @@ -65,7 +98,7 @@ } ]) - # Syncthing + # [PHASE 4] Syncthing (lib.mkIf config.services.syncthing.enable [ { directory = "/mnt/sync"; @@ -79,7 +112,7 @@ } ]) - # Fail2ban + # [PHASE 4] Fail2ban (lib.mkIf config.services.fail2ban.enable [ { directory = "/var/lib/fail2ban"; @@ -88,7 +121,7 @@ } ]) - # Jellyfin (data/cache only - media is on separate dataset) + # [PHASE 4] Jellyfin (data/cache only - media is on separate dataset) (lib.mkIf config.services.jellyfin.enable [ { directory = "/var/lib/jellyfin"; @@ -102,7 +135,7 @@ } ]) - # Immich + # [PHASE 4] Immich (lib.mkIf config.services.immich.enable [ { directory = "/var/lib/immich"; @@ -111,7 +144,7 @@ } ]) - # Forgejo + # [PHASE 4] Forgejo (lib.mkIf config.services.forgejo.enable [ { directory = "/var/lib/forgejo"; @@ -120,7 +153,7 @@ } ]) - # Actual + # [PHASE 4] Actual (lib.mkIf config.services.actual.enable [ { directory = "/var/lib/private/actual"; @@ -129,7 +162,7 @@ } ]) - # Home Assistant + # [PHASE 4] Home Assistant (lib.mkIf config.services.home-assistant.enable [ { directory = "/var/lib/hass"; @@ -138,7 +171,7 @@ } ]) - # Paperless + # [PHASE 4] Paperless (lib.mkIf config.services.paperless.enable [ { directory = "/var/lib/paperless"; @@ -147,7 +180,7 @@ } ]) - # Crab-hole + # [PHASE 4] Crab-hole (lib.mkIf config.services.crab-hole.enable [ { directory = "/var/lib/private/crab-hole"; @@ -156,7 +189,7 @@ } ]) - # qBittorrent (config only - media is on separate dataset) + # [PHASE 4] qBittorrent (config only - media is on separate dataset) (lib.mkIf config.services.qbittorrent.enable [ { directory = "/var/lib/qBittorrent/"; @@ -165,7 +198,7 @@ } ]) - # Sonarr + # [PHASE 4] Sonarr (lib.mkIf config.services.sonarr.enable [ { directory = "/var/lib/sonarr/.config/NzbDrone"; @@ -174,7 +207,7 @@ } ]) - # Radarr + # [PHASE 4] Radarr (lib.mkIf config.services.radarr.enable [ { directory = "/var/lib/radarr/.config/Radarr"; @@ -183,7 +216,7 @@ } ]) - # Bazarr + # [PHASE 4] Bazarr (lib.mkIf config.services.bazarr.enable [ { directory = "/var/lib/bazarr"; @@ -192,7 +225,7 @@ } ]) - # Lidarr + # [PHASE 4] Lidarr (lib.mkIf config.services.lidarr.enable [ { directory = "/var/lib/lidarr/.config/Lidarr"; @@ -201,7 +234,7 @@ } ]) - # Jackett + # [PHASE 4] Jackett (lib.mkIf config.services.jackett.enable [ { directory = "/var/lib/jackett/.config/Jackett"; @@ -210,7 +243,7 @@ } ]) - # FlareSolverr + # [PHASE 4] FlareSolverr (lib.mkIf config.services.flaresolverr.enable [ { directory = "/var/lib/flaresolverr"; @@ -221,7 +254,8 @@ ]; }; - # Jellyfin media on separate dataset (matching main) + # [PHASE 4 - LAST] Jellyfin media on separate dataset + # Requires Phase 2 media dataset merge before migrating (several days of data copy) environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { enable = true; hideMounts = true; @@ -235,7 +269,8 @@ ]; }; - # qBittorrent media on separate dataset (matching main) + # [PHASE 4 - LAST] qBittorrent media on separate dataset + # Requires Phase 2 media dataset merge before migrating (several days of data copy) environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { enable = true; hideMounts = true; @@ -249,7 +284,7 @@ ]; }; - # /var/log persistence (matching main) + # [PHASE 3] /var/log persistence - handled by storage.nix after generateBase environment.persistence."/persist/system/var/log" = { enable = true; hideMounts = true; diff --git a/configurations/nixos/defiant/legacy-storage.nix b/configurations/nixos/defiant/legacy-storage.nix index b998e2c..9ab79a6 100644 --- a/configurations/nixos/defiant/legacy-storage.nix +++ b/configurations/nixos/defiant/legacy-storage.nix @@ -1,20 +1,131 @@ # Legacy storage configuration for defiant -# This file manually defines ZFS datasets matching the main branch structure -# to allow incremental migration to the new storage module. +# This file manually defines ZFS datasets matching the existing on-disk layout +# to allow incremental migration to the new storage module (generateBase = true). # -# Datasets from main branch: -# - local/ - ephemeral parent -# - local/home/leyla - ephemeral user home -# - local/system/nix - nix store -# - local/system/root - root filesystem (rolled back on boot) -# - local/system/sops - sops age key -# - persist/ - persistent parent -# - persist/home/leyla - persistent user home -# - persist/system/jellyfin - jellyfin media -# - persist/system/qbittorrent - qbittorrent media -# - persist/system/root - persistent root data -# - persist/system/var/log - log persistence +# ============================================================================ +# INCREMENTAL MIGRATION PLAN +# ============================================================================ +# +# Current disk usage (for reference): +# rpool/local/system/nix ~26G (renamed in place, no copy) +# rpool/local/system/sops ~328K (renamed in place, no copy) +# rpool/persist/system/jellyfin ~32T (renamed in place, no copy) +# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp) +# rpool free space ~30T +# +# Phase 1: Migrate base datasets on disk (boot from live USB or rescue) +# All operations in this phase are instant renames -- no data is copied. +# +# Unlock the pool: +# zfs load-key -a +# +# Step 1a: Move nix and sops out of local/ (they go to persist/local/) +# The -p flag auto-creates the parent datasets. +# +# zfs rename -p rpool/local/system/nix rpool/persist/local/nix +# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops +# +# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it) +# zfs rename rpool/local rpool/ephemeral +# # This moves: local/system/root -> ephemeral/system/root +# # local/home/leyla -> ephemeral/home/leyla +# +# Step 1c: Recreate blank snapshots on ephemeral datasets +# zfs destroy rpool/ephemeral/system/root@blank +# zfs snapshot rpool/ephemeral/system/root@blank +# zfs destroy rpool/ephemeral/home/leyla@blank +# zfs snapshot rpool/ephemeral/home/leyla@blank +# +# Step 1d: Move persist/ children under persist/replicate/ +# zfs create -o canmount=off rpool/persist/replicate +# zfs create -o canmount=off rpool/persist/replicate/system +# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root +# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var +# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home +# # Clean up the now-empty home parent +# zfs destroy rpool/persist/home +# # NOTE: Do NOT destroy rpool/persist/system -- it still contains +# # persist/system/jellyfin and persist/system/qbittorrent which are +# # migrated in Phase 2. +# +# Verify the new layout: +# zfs list -r rpool -o name,used,mountpoint +# +# Phase 2: Merge media into a single dataset (do this last) +# Strategy: Rename the jellyfin dataset to become the shared media dataset +# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy). +# This avoids duplicating the 32T jellyfin dataset. +# +# Step 2a: Rename jellyfin dataset to the shared media name +# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media +# +# Step 2b: Copy qbittorrent data into the media dataset +# This copies ~6.5T and may take several hours/days depending on disk speed. +# The qbittorrent data is not critical to back up so no snapshot needed. +# +# systemctl stop qbittorrent +# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/ +# +# Step 2c: Verify the data and clean up +# ls -la /persist/replicate/system/media/ +# zfs destroy rpool/persist/system/qbittorrent +# # persist/system should now be empty, clean it up: +# zfs destroy rpool/persist/system +# +# Phase 3: Enable generateBase +# In the nix config: +# - Delete this file (legacy-storage.nix) and remove its import from default.nix +# - Remove [PHASE 3] entries from legacy-impermanence.nix: +# - var-lib-private-permissions activation script +# - /etc/machine-id, SSH host keys (files block) +# - /var/lib/nixos, /var/lib/systemd/coredump (directories) +# - /persist/system/var/log persistence block +# These are now handled automatically by storage.nix and ssh.nix. +# Rebuild and verify: +# sudo nixos-rebuild switch --flake .#defiant +# # Verify mounts: findmnt -t fuse.bindfs,fuse +# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos +# # Verify boot: reboot and confirm system comes up cleanly +# +# Phase 4: Migrate services (one at a time, any order) +# For each service (except jellyfin/qbittorrent): +# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix +# 2. Remove `impermanence.enable = false` for that service in configuration.nix +# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant +# 4. Verify: systemctl status , check the service's data is intact +# No data migration is needed -- the data already lives on the renamed +# dataset at the new path. +# +# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge): +# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix +# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix +# 3. Remove `impermanence.enable = false` for both in configuration.nix +# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant +# 5. Verify: systemctl status jellyfin qbittorrent +# +# Phase 5: Cleanup +# Once all services are migrated and legacy-impermanence.nix is empty: +# - Delete legacy-impermanence.nix and remove its import from default.nix +# - Rebuild: sudo nixos-rebuild switch --flake .#defiant +# +# ============================================================================ +# +# Current on-disk dataset layout: +# rpool/local/ - ephemeral parent +# rpool/local/home/leyla - ephemeral user home (rolled back on boot) +# rpool/local/system/nix - nix store +# rpool/local/system/root - root filesystem (rolled back on boot) +# rpool/local/system/sops - sops age key +# rpool/persist/ - persistent parent +# rpool/persist/home/leyla - persistent user home +# rpool/persist/system/jellyfin - jellyfin media +# rpool/persist/system/qbittorrent - qbittorrent media +# rpool/persist/system/root - persistent root data +# rpool/persist/system/var/log - log persistence {lib, ...}: { + # Disable automatic base dataset generation so we can define them manually + storage.generateBase = false; + # Manually define ZFS datasets matching main's structure storage.zfs.datasets = { # Ephemeral datasets (local/) @@ -47,7 +158,7 @@ }; "local/system/sops" = { type = "zfs_fs"; - mount = "/persist/sops"; + mount = "/var/lib/sops-nix"; }; # Persistent datasets (persist/) @@ -87,9 +198,10 @@ }; }; - # Boot commands to rollback ephemeral root on boot + # Boot commands to rollback ephemeral root and user homes on boot boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/local/home/leyla@blank ''; # FileSystems needed for boot @@ -99,5 +211,8 @@ "/persist/system/var/log".neededForBoot = true; "/persist/system/jellyfin".neededForBoot = true; "/persist/system/qbittorrent".neededForBoot = true; + "/var/lib/sops-nix".neededForBoot = true; + "/persist/home/leyla".neededForBoot = true; + "/home/leyla".neededForBoot = true; }; } diff --git a/flake.lock b/flake.lock index 1403bb4..14c8561 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771881364, - "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", + "lastModified": 1772867152, + "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", "owner": "nix-community", "repo": "disko", - "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", + "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1771888219, - "narHash": "sha256-XlA/l99y1Qilmd8ttYJ9y5BSse9GKoQlt9hnY8H+EHM=", + "lastModified": 1772856163, + "narHash": "sha256-xD+d1+FVhKJ+oFYMTWOdVSBoXS4yeMyVZyDjMXqWEJE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a347c1da78da64eeb78a0c9005bdaadace33e83c", + "rev": "d358a550c7beac5f04fbc5a786e14af079606689", "type": "gitlab" }, "original": { @@ -115,32 +115,11 @@ ] }, "locked": { - "lastModified": 1771851181, - "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", + "lastModified": 1772845525, + "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", "owner": "nix-community", "repo": "home-manager", - "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768598210, - "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", "type": "github" }, "original": { @@ -150,12 +129,20 @@ } }, "impermanence": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -204,14 +191,14 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1769804089, - "narHash": "sha256-Wkot1j0cTx64xxjmLXzPubTckaZBSUJFhESEdOzPYas=", + "lastModified": 1772769318, + "narHash": "sha256-RAyOW5JMXRhiREqxFPOzw80fVsYVBnOPFgBSjnJ6gbY=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "37a691ea4ea9c8bdcccfe174c6127847b8213fd3", + "rev": "60c1efbba0de1268b42f1144c904e6c8a9627dde", "type": "github" }, "original": { @@ -227,11 +214,11 @@ ] }, "locked": { - "lastModified": 1771520882, - "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", + "lastModified": 1772379624, + "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", + "rev": "52d061516108769656a8bd9c6e811c677ec5b462", "type": "github" }, "original": { @@ -268,11 +255,11 @@ ] }, "locked": { - "lastModified": 1771901087, - "narHash": "sha256-b5eSke+C8UeR5Er+TZOzHCDStBJ68yyFlqAUc6fNBX0=", + "lastModified": 1772850876, + "narHash": "sha256-Ga19zlfMpakCY4GMwBSOljNLOF0nEYrYBXv0hP/d4rw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c22e7adea9adec98b3dc79be954ee17d56a232bd", + "rev": "22f084d4c280dfc8a9d764f7b85af38e5d69c3dc", "type": "github" }, "original": { @@ -283,11 +270,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771423359, - "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", + "lastModified": 1771969195, + "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", + "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "type": "github" }, "original": { @@ -299,15 +286,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -330,37 +317,21 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767640445, - "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", - "owner": "NixOS", + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { - "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -378,7 +349,7 @@ }, "noita-entangled-worlds": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay", "systems": "systems_2" }, @@ -410,7 +381,7 @@ "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" @@ -460,11 +431,11 @@ ] }, "locked": { - "lastModified": 1771889317, - "narHash": "sha256-YV17Q5lEU0S9ppw08Y+cs4eEQJBuc79AzblFoHORLMU=", + "lastModified": 1772495394, + "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b027513c32e5b39b59f64626b87fbe168ae02094", + "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index f5e9869..fcc130d 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,8 +26,13 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${ + if osConfig.storage.generateBase + then "/persist/replicate/home" + else "/persist/home/${config.home.username}" + }" = { directories = ["."]; + allowOther = true; }; }) ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 962a139..bf5205e 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -4,14 +4,14 @@ config, ... }: { - options.programs.signal-desktop-bin = { + options.programs.signal-desktop = { enable = lib.mkEnableOption "enable signal"; }; - config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ + config = lib.mkIf config.programs.signal-desktop.enable (lib.mkMerge [ { home.packages = with pkgs; [ - signal-desktop-bin + signal-desktop ]; } ( diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 637e882..4fdf803 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -81,6 +81,9 @@ in { programs.fuse.userAllowOther = true; + # Suppress sudo lecture on every boot since impermanence wipes the lecture status file + security.sudo.extraConfig = "Defaults lecture=never"; + fileSystems = lib.mapAttrs' ( datasetName: dataset: From 2f7bbf3e1c8a8d7aa5a34aedd5ee033cef58efc4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 14:33:08 -0600 Subject: [PATCH 372/374] feat: fixed more missing datasets --- configurations/nixos/emergent/default.nix | 1 + .../nixos/emergent/legacy-storage.nix | 51 +++++++++++++++++++ modules/nixos-modules/storage/storage.nix | 2 +- modules/nixos-modules/storage/zfs.nix | 8 ++- modules/nixos-modules/users.nix | 7 ++- 5 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 configurations/nixos/emergent/legacy-storage.nix diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 452334a..3acaeda 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./legacy-storage.nix ]; } diff --git a/configurations/nixos/emergent/legacy-storage.nix b/configurations/nixos/emergent/legacy-storage.nix new file mode 100644 index 0000000..2b24729 --- /dev/null +++ b/configurations/nixos/emergent/legacy-storage.nix @@ -0,0 +1,51 @@ +# Legacy storage configuration for emergent +# This file manually defines ZFS datasets matching the existing on-disk layout +# to allow incremental migration to the new storage module (generateBase = true). +# +# Current on-disk dataset layout: +# rpool/local/ - parent (canmount=off) +# rpool/local/system/nix - nix store +# rpool/local/system/root - root filesystem +# +# Migration plan: +# Phase 1: Rename datasets on disk (boot from live USB) +# zfs rename -p rpool/local/system/nix rpool/persist/local/nix +# zfs rename rpool/local rpool/persist/local +# # This moves: local/system/root -> persist/local/root (need to rename after) +# # Actually, since local/system/root needs to become persist/local/root: +# zfs rename rpool/persist/local/system/root rpool/persist/local/root +# zfs destroy rpool/persist/local/system # now empty +# # Recreate blank snapshot: +# zfs destroy rpool/persist/local/root@blank +# zfs snapshot rpool/persist/local/root@blank +# +# Phase 2: Delete this file, remove its import from default.nix, rebuild. +{...}: { + # Disable automatic base dataset generation so we can define them manually + storage.generateBase = false; + + # Manually define ZFS datasets matching the existing on-disk layout + storage.zfs.datasets = { + "local" = { + type = "zfs_fs"; + mount = null; + }; + "local/system/nix" = { + type = "zfs_fs"; + mount = "/nix"; + atime = "off"; + relatime = "off"; + snapshot = { + autoSnapshot = false; + }; + }; + "local/system/root" = { + type = "zfs_fs"; + mount = "/"; + snapshot = { + blankSnapshot = true; + autoSnapshot = true; + }; + }; + }; +} diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index a0b4fc9..771d661 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -153,7 +153,7 @@ in { config.storage.datasets.replicate) ]; }) - (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable) { + (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable && config.storage.generateBase) { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 0d6ca18..2fc6cb4 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -9,6 +9,12 @@ args @ { # Hash function for disk names (max 27 chars to fit GPT limitations) hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + # Map "stripe" to "" for disko compatibility (disko uses "" for stripe mode) + diskoPoolMode = + if config.storage.zfs.pool.mode == "stripe" + then "" + else config.storage.zfs.pool.mode; + # Helper to flatten vdevs into list of devices with names allVdevDevices = lib.lists.flatten (builtins.map ( vdev: @@ -260,7 +266,7 @@ in { type = "topology"; vdev = builtins.map (vdev: { - mode = config.storage.zfs.pool.mode; + mode = diskoPoolMode; members = builtins.map (device: hashDisk device.device) vdev; }) config.storage.zfs.pool.vdevs; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 8a384e3..9cef952 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -409,10 +409,13 @@ in { ); # Post resume commands to rollback user home datasets to blank snapshots - boot.initrd.postResumeCommands = lib.mkAfter ( + # Only add these when generateBase is true -- when false, the legacy + # storage config is responsible for providing rollback commands with + # the correct (old) dataset paths. + boot.initrd.postResumeCommands = lib.mkIf config.storage.generateBase (lib.mkAfter ( lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") normalUsers) - ); + )); # TODO: I don't think we need this anymore but I have not tested it # Create persist home directories with proper permissions From 16089e0371c2d4fed5f463baf9653c57211220e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 19:00:01 -0600 Subject: [PATCH 373/374] fix: fixed more datasets --- configurations/home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 14 +++++++++----- modules/home-manager-modules/openssh.nix | 2 +- .../programs/android-studio.nix | 2 +- modules/home-manager-modules/programs/anki.nix | 2 +- .../home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- .../programs/davinci-resolve.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/firefox.nix | 2 +- modules/home-manager-modules/programs/freecad.nix | 2 +- modules/home-manager-modules/programs/gimp.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 2 +- modules/home-manager-modules/programs/inkscape.nix | 2 +- modules/home-manager-modules/programs/kdenlive.nix | 2 +- modules/home-manager-modules/programs/krita.nix | 2 +- .../home-manager-modules/programs/libreoffice.nix | 2 +- modules/home-manager-modules/programs/makemkv.nix | 2 +- .../programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- modules/home-manager-modules/programs/obsidian.nix | 2 +- modules/home-manager-modules/programs/olympus.nix | 2 +- modules/home-manager-modules/programs/openrgb.nix | 2 +- modules/home-manager-modules/programs/picard.nix | 2 +- .../programs/prostudiomasters.nix | 2 +- .../home-manager-modules/programs/protonvpn.nix | 2 +- .../home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/qflipper.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- modules/home-manager-modules/programs/steam.nix | 2 +- .../home-manager-modules/programs/tor-browser.nix | 2 +- .../programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- .../programs/vmware-workstation.nix | 2 +- 36 files changed, 44 insertions(+), 40 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 4a58cbb..8fbff41 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index fcc130d..e8b3ec4 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -12,6 +12,14 @@ in { type = lib.types.bool; default = true; }; + persistencePath = lib.mkOption { + type = lib.types.str; + default = + if osConfig.storage.generateBase + then "/persist/replicate/home" + else "/persist"; + description = "The base path for user home persistence. The impermanence module will automatically append the user's home directory path. Automatically adapts based on whether the system uses the new dataset layout or the legacy one."; + }; }; config = lib.mkMerge [ @@ -26,11 +34,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."${ - if osConfig.storage.generateBase - then "/persist/replicate/home" - else "/persist/home/${config.home.username}" - }" = { + home.persistence."${cfg.persistencePath}" = { directories = ["."]; allowOther = true; }; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index cbe7d8d..2f44957 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix index 7c60e6e..8d1e28c 100644 --- a/modules/home-manager-modules/programs/android-studio.nix +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Google/AndroidStudio" ".android" diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index c54feac..dcabce8 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ ".local/share/Anki2" ]; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index ade24b6..bbd2086 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index ced1998..7bc64b6 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index f41ced7..7174b43 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -12,7 +12,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index c17c8b0..5956578 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index f509646..1595a02 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index 0b0588e..e42367b 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index e100200..2756e31 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist/replicate/home" = lib.mkMerge ( + home.persistence."${config.impermanence.persistencePath}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 19e08fa..50600db 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index fbe4471..95c87e6 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index b195096..a1aebda 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index 67e5f80..28eb334 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 2bec5b3..2c4bac8 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 88d1de9..dd7bb12 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 9c3537f..283c8db 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index 9fcde8b..f748f68 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 09894c9..0d9ad5f 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 3a099f7..0a4caf7 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index e07beab..6676ecd 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 3223d62..2d5adb6 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 64d6229..c350b1e 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index 5d197f8..ffc4289 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 5256f26..d61b7e5 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 57e50ab..5742948 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index ee098e0..b2e0f50 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 0c7d242..bb141a4 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index bf5205e..a50a49e 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 3dd6504..4e0644e 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index 92484ae..c108805 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index e76eeeb..32f4b40 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 3a638aa..ad6f45a 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 277e4bd..76f260b 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ { directory = ".vmware"; From 69c10a87b643c7f40f0a07b1c80d6687e50dfb89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Mar 2026 22:41:48 -0500 Subject: [PATCH 374/374] feat: instealled e621-downloader --- configurations/home-manager/eve/packages.nix | 4 ++- modules/common-modules/pkgs/default.nix | 3 ++ .../common-modules/pkgs/e621-downloader.nix | 36 +++++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + .../programs/e621-downloader.nix | 16 +++++++++ 5 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 modules/common-modules/pkgs/e621-downloader.nix create mode 100644 modules/home-manager-modules/programs/e621-downloader.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index ac24fa2..c87f786 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -75,7 +75,9 @@ in { libreoffice.enable = true; noita-entangled-worlds.enable = true; - claude-code.enable = osConfig.host.ai.enable; + opencode.enable = osConfig.host.ai.enable; + + e621-downloader.enable = true; # Windows applications that we need to figure out how to install guild-wars-2.enable = false; diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 81af054..c1e5e80 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -47,5 +47,8 @@ (final: prev: { cline = pkgs.callPackage ./cline/default.nix {}; }) + (final: prev: { + e621-downloader = pkgs.callPackage ./e621-downloader.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/e621-downloader.nix b/modules/common-modules/pkgs/e621-downloader.nix new file mode 100644 index 0000000..3e7c546 --- /dev/null +++ b/modules/common-modules/pkgs/e621-downloader.nix @@ -0,0 +1,36 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, + ... +}: +rustPlatform.buildRustPackage rec { + pname = "e621-downloader"; + version = "1.7.2"; + + src = fetchFromGitHub { + owner = "McSib"; + repo = "e621_downloader"; + rev = version; + hash = "sha256-4z+PrCv8Mlp0VOJ5Akv1TXrJir1Ws/+45a6VCZGuCtk="; + }; + + cargoHash = "sha256-/yqNYjP7BuFQWilL2Ty+E5rd8qXj30twteptHx7cLRo="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + openssl + ]; + + meta = with lib; { + description = "E621 and E926 downloader made in Rust"; + homepage = "https://github.com/McSib/e621_downloader"; + license = licenses.asl20; + mainProgram = "e621_downloader"; + }; +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 8a8e8b5..044d076 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -50,5 +50,6 @@ ./proton-mail-pwa.nix ./proton-calendar-pwa.nix ./matrix-cyberia-pwa.nix + ./e621-downloader.nix ]; } diff --git a/modules/home-manager-modules/programs/e621-downloader.nix b/modules/home-manager-modules/programs/e621-downloader.nix new file mode 100644 index 0000000..2cb32a9 --- /dev/null +++ b/modules/home-manager-modules/programs/e621-downloader.nix @@ -0,0 +1,16 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.e621-downloader = { + enable = lib.mkEnableOption "enable e621-downloader"; + }; + + config = lib.mkIf config.programs.e621-downloader.enable { + home.packages = with pkgs; [ + e621-downloader + ]; + }; +}