Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

extract hardware config

Browse source
This commit is contained in:
DashieTM 2024-08-24 18:05:37 +02:00
parent 252fcce589
commit effb6e6397
22 changed files with 31 additions and 1158 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.gitignore vendored
View file

@ -1,12 +0,0 @@
/nvim/plugged/*
gtk-3.0/bookmarks
gtk-3.0/servers
gtk-4.0/servers
/fish/fish_variables
fish/fish_variables
fish/*.tmp.*
copyq/copyq.lock
copyq/copyq_geometry.*
copyq/copyq_tab*
nvim/lazy-lock.json
ncspot/*.cbor

6
flake.lock generated
View file

@ -218,11 +218,11 @@
"nixvim": "nixvim"
},
"locked": {
"lastModified": 1724498597,
"narHash": "sha256-rq3CS7CpkC5lLn/eDqmftyA2C7McUm+sYGUMpH2oJU4=",
"lastModified": 1724509876,
"narHash": "sha256-SvtppTW041MCVGmhKu8lsEbzVXwerLEIDcizdY0ZqEI=",
"owner": "DashieTM",
"repo": "DashVim",
"rev": "02e646467e4454633a7d248dfda7a7a7ecb4bf6b",
"rev": "309544615a01e9aa242ca71bff58f503273345ea",
"type": "github"
},
"original": {

20
flake.nix
View file

@ -61,22 +61,12 @@
allowUnfree = true;
};
};
dashielib = import ./lib { inherit inputs pkgs; };
in {
nixosConfigurations =
(dashielib.build_systems [ "marmo" "overheating" "spaceship" ]) // {
server = inputs.stable.lib.nixosSystem {
specialArgs = {
inherit inputs;
pkgs = stable;
};
modules = [
inputs.sops-nix.nixosModules.sops
inputs.dashvim.nixosModules.dashvim
./hardware/server/configuration.nix
];
};
};
dashNixLib = import ./lib { inherit inputs pkgs; };
dashNixInputs = inputs;
stablePkgs = stable;
unstablePkgs = pkgs;
modules = ./modules;
};
nixConfig = {

33
hardware/marmo/configuration.nix
View file

@ -1,33 +0,0 @@
{ config, ... }: {
imports = [ ../../modules ];
# variables for system
conf = {
monitor = "DP-1";
hostname = "marmo";
cpu = "intel";
};
mods = {
gaming = {
enable = true;
gpu_device = 1;
};
stylix.colorscheme = "catppuccin-mocha";
hyprland.monitor = [
# default
"DP-1,1920x1080@144,0x0,1"
# all others
",highrr,auto,1"
];
amdgpu.enable = true;
kde_connect.enable = true;
xone.enable = true;
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [{
name = "pw_sync";
remote = "/PWs";
local = "/home/${config.conf.username}/Music";
}];
};
};
}

50
hardware/overheating/configuration.nix
View file

@ -1,50 +0,0 @@
{ config, ... }: {
imports = [ ../../modules ];
conf = {
monitor = "eDP-1";
scale = "2.0";
hostname = "overheating";
boot_params = [ "rtc_cmos.use_acpi_alarm=1" ];
ironbar.modules = [{
type = "upower";
class = "memory-usage";
}];
};
mods = {
stylix.colorscheme = "catppuccin-mocha";
hyprland = {
monitor = [
# default
"eDP-1,2944x1840@90,0x0,2"
# all others
",highres,auto,1"
];
extra_autostart = [ "hyprdock --server" ];
};
amdgpu.enable = true;
kde_connect.enable = true;
bluetooth.enable = true;
acpid.enable = true;
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [
{
name = "document_sync";
remote = "/Documents";
local = "/home/${config.conf.username}/Documents";
}
{
name = "picture_sync";
remote = "/Pictures";
local = "/home/${config.conf.username}/Pictures";
}
{
name = "pw_sync";
remote = "PWs";
local = "/home/${config.conf.username}/Music";
}
];
};
};
}

19
hardware/overheating/dsdt.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
let
# credit to benley: https://github.com/benley/dotfiles/commit/325748c3a8553d55c9fab08654a77b252aa0fde7
patched_ssdt = pkgs.stdenv.mkDerivation {
name = "patched_ssdt";
src = ./.;
buildInputs = [ pkgs.libarchive ];
installPhase = ''
mkdir -p kernel/firmware/acpi
cp ${./ssdt6.aml} kernel/firmware/acpi/ssdt6.aml
mkdir -p $out
echo kernel/firmware/acpi/ssdt6.aml | bsdcpio -v -o -H newc -R 0:0 > $out/lenotrolli-ssdt.img
'';
};
in {
boot.kernelParams = [ "mem_sleep_default=deep" ];
boot.initrd.prepend = [ "${patched_ssdt}/lenotrolli-ssdt.img" ];
}

16
hardware/overheating/firmware.nix
View file

@ -1,16 +0,0 @@
{ pkgs, ... }: {
hardware.firmware = [
(
# lenovo is such a good manufacturer!!1!11!
# credit for the binary files: https://github.com/darinpp/yoga-slim-7
pkgs.stdenv.mkDerivation {
name = "firmware-lenotrolli";
src = ./firmware;
installPhase = ''
mkdir -p $out/lib/firmware
cp ${./firmware/TAS2XXX38BB.bin} $out/lib/firmware/TAS2XXX38BB.bin
cp ${./firmware/TIAS2781RCA4.bin} $out/lib/firmware/TIAS2781RCA4.bin
'';
})
];
}

BIN
hardware/overheating/firmware/TAS2XXX38BB.bin
View file

Binary file not shown.

BIN
hardware/overheating/firmware/TIAS2781RCA4.bin
View file

Binary file not shown.

BIN
hardware/overheating/firmware/TIAS2781RCA4.bin.orig
View file

Binary file not shown.

5
hardware/overheating/overheating.nix
View file

@ -1,5 +0,0 @@
{
# special hardware modules
# mostly to fix firmare and dsts
imports = [ ./dsdt.nix ./firmware.nix ];
}

BIN
hardware/overheating/ssdt6.aml
View file

Binary file not shown.

342
hardware/server/configuration.nix
View file

@ -1,342 +0,0 @@
{ config, pkgs, inputs, ... }:
let
nextcloud_pw = (builtins.readFile /etc/nixos/nextcloud);
forgejo_pw = (builtins.readFile /etc/nixos/dbpw/forgejo);
matrix_pw = (builtins.readFile /etc/nixos/dbpw/matrix-synapse);
mautrix_signal_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_signal);
mautrix_whatsapp_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_whatsapp);
mautrix_discord_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_discord);
fqdn = "matrix.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
networking.hostName = "server";
networking.domain = "dashie.org";
imports = [
./hardware-configuration.nix
./mautrix-whatsapp.nix
./mautrix-discord.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "ntfs" ];
# Set your time zone.
time.timeZone = "Europe/Zurich";
# Define a user account. Don't forget to set a password with passwd.
users.users.root.hashedPassword = "!";
users.users.dashie = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [
inputs.dashvim.nixosModules.packages."x86_64-linux".default
pkgs.fuse
pkgs.ntfs3g
pkgs.rsync
];
openssh.authorizedKeys.keyFiles = [ /home/dashie/server.pub ];
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
services.mautrix-whatsapp-dashie.enable = true;
services.mautrix-discord-dashie.enable = true;
services.matrix-synapse.enable = true;
services.mautrix-signal.enable = true;
services.matrix-synapse.settings = {
server_name = "matrix.dashie.org";
database.name = "psycopg2";
database.args.user = "matrix-synapse";
database.args.password = "${matrix_pw}";
public_baseurl = "https://matrix.dashie.org";
enable_registration = true;
enable_registration_without_verification = true;
suppress_key_server_warning = true;
max_upload_size = "1G";
listeners = [{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = true;
}];
}];
};
services.mautrix-whatsapp-dashie.settings = {
appservice = {
id = "whatsapp";
database = {
type = "postgres";
uri =
"postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}";
};
};
bridge = {
encryption = {
allow = true;
default = true;
required = true;
};
displayname_template =
"{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}}";
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
};
};
};
services.mautrix-signal.settings = {
appservice = {
id = "signal";
database = {
type = "postgres";
uri =
"postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}";
};
};
bridge = {
encryption = {
allow = true;
default = true;
required = true;
};
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
};
};
};
services.mautrix-discord-dashie.settings = {
appservice = {
id = "discord";
database = {
type = "postgres";
uri =
"postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}";
};
};
bridge = {
displayname_template =
"{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}";
permissions = {
"@fabio.lenherr:matrix.org" = "admin";
"@dashie:matrix.dashie.org" = "admin";
};
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
services.nginx.virtualHosts."dashie.org" = {
addSSL = true;
enableACME = true;
root = "/var/www/dashie.org/";
};
security.acme.certs."dashie.org".extraDomainNames = [
"cloud.dashie.org"
"matrix.dashie.org"
"git.dashie.org"
"navi.dashie.org"
];
services.nginx.virtualHosts."cloud.dashie.org" = {
addSSL = true;
enableACME = true;
locations."/*".proxyPass = "http://127.0.0.1:12002";
};
services.nginx.virtualHosts."git.dashie.org" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:3000";
};
services.nginx.virtualHosts."navi.dashie.org" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:4533";
};
services.nginx.virtualHosts."localhost" = {
listen = [{
addr = "0.0.0.0";
port = 8448;
}];
locations."/".proxyPass = "http://[::1]:8008";
};
services.nginx.virtualHosts."matrix.dashie.org" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
return 404;
'';
locations."/_matrix" = { proxyPass = "http://[::1]:8008"; };
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
locations."= /.well-known/matrix/server".extraConfig =
mkWellKnown serverConfig;
# This is usually needed for homeserver discovery (from e.g. other Matrix clients).
# Further reference can be found in the upstream docs at
# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
locations."= /.well-known/matrix/client".extraConfig =
mkWellKnown clientConfig;
extraConfig = "client_max_body_size 2G;";
};
services.nextcloud.enable = true;
services.nextcloud.hostName = "cloud.dashie.org";
services.nextcloud.https = true;
services.nextcloud.config = {
adminpassFile = "/etc/nixos/file2";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbtype = "pgsql";
dbpassFile = "/etc/nixos/nextcloud";
};
services.nextcloud.settings = {
port = 12001;
trusted_domains = [ "cloud.dashie.org" "192.168.1.23" ];
};
services.forgejo = {
enable = true;
database.passwordFile = /etc/nixos/dbpw/forgejo;
settings = {
server.DOMAIN = "git.dashie.org";
server.SSH_PORT = 12008;
server.SSH_LISTEN_PORT = 12008;
server.START_SSH_SERVER = true;
service.DISABLE_REGISTRATION = true;
};
};
services.navidrome.enable = true;
services.navidrome.settings = {
MusicFolder = "/var/lib/nextcloud/data/DashieTM/files/Share/Music";
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE DATABASE nextcloud;
CREATE USER nextcloud WITH ENCRYPTED PASSWORD '${nextcloud_pw}';
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE DATABASE forgejo;
CREATE USER forgejo WITH ENCRYPTED PASSWORD '${forgejo_pw}';
GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo;
CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD '${matrix_pw}'
SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec
CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD '${mautrix_whatsapp_pw}'
SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec
CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD '${mautrix_signal_pw}'
SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec
CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD '${mautrix_discord_pw}'
SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "fabio.lenherr@gmail.com";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 4534 8448 12002 12004 12006 12008 ];
};
networking.firewall.allowPing = true;
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
max protocol = smb3
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.1. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.cron = {
enable = true;
systemCronJobs = [
"0 4 * * FRI nobody rsync -ato /var/lib/nextcloud/data /mnt/dump3/nextcloud"
"0 4 * * FRI nobody pg_dympall > /mnt/dump3/sqdump.sql"
];
};
hardware.cpu.intel.updateMicrocode = true;
system.stateVersion = "24.05";
nix = {
settings = { experimental-features = "nix-command flakes"; };
extraOptions = ''
!include ${config.sops.secrets.access.path}
'';
};
sops = {
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [ ];
};
defaultSopsFile = ../../secrets/secrets.yaml;
secrets.access = { };
};
}

56
hardware/server/hardware-configuration.nix
View file

@ -1,56 +0,0 @@
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/678ecbd1-a5ce-4530-a959-ffb48f76aa43";
fsType = "btrfs";
};
fileSystems."/var/lib/nextcloud" = {
device = "/dev/disk/by-label/nextcloud";
fsType = "ext4";
};
fileSystems."/mnt/dump3" = {
device = "/dev/disk/by-label/backup";
fsType = "ext4";
};
fileSystems."/mnt/dump1" = {
device = "/dev/disk/by-uuid/CC60532860531912";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/mnt/dump2" = {
device = "/dev/disk/by-uuid/F46896AE68966EDC";
fsType = "ntfs-3g";
options = [ "rw" "uid=1000" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B7BE-AB1C";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/832dce11-b4c4-476c-ab28-bd98275a542c"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

247
hardware/server/mautrix-discord.nix
View file

@ -1,247 +0,0 @@
# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27
{ lib, config, pkgs, ... }:
let
cfg = config.services.mautrix-discord-dashie;
dataDir = "/var/lib/mautrix-discord";
registrationFile = "${dataDir}/discord-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted =
settingsFormat.generate "mautrix-discord-config-unsubstituted.json"
cfg.settings;
settingsFormat = pkgs.formats.json { };
appservicePort = 29334;
# to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
defaultConfig = {
homeserver.address = "http://localhost:8448";
appservice = {
hostname = "[::]";
port = appservicePort;
database.type = "sqlite3";
database.uri = "file:${dataDir}/mautrix-discord.db?_txlock=immediate";
id = "discord";
bot = {
username = "discordbot";
displayname = "Discord Bridge Bot";
};
as_token = "";
hs_token = "";
};
bridge = {
username_template = "discord_{{.}}";
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
double_puppet_server_map = { };
login_shared_secret_map = { };
command_prefix = "!discord";
permissions."*" = "relay";
relay.enabled = true;
};
logging = {
min_level = "info";
writers = lib.singleton {
type = "stdout";
format = "pretty-colored";
time_format = " ";
};
};
};
in {
options.services.mautrix-discord-dashie = {
enable =
lib.mkEnableOption "mautrix-discord, a Matrix-Discord puppeting bridge.";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type;
default = defaultConfig;
description = ''
{file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in
[example-config.yaml](https://github.com/mautrix/discord/blob/master/example-config.yaml).
Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set.
'';
example = {
appservice = {
database = {
type = "postgres";
uri = "postgresql:///mautrix_discord?host=/run/postgresql";
};
id = "discord";
ephemeral_events = false;
};
bridge = {
history_sync = { request_full_sync = true; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = { shared_secret = "disable"; };
permissions = { "example.com" = "user"; };
};
};
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
File containing environment variables to be passed to the mautrix-discord service.
If an environment variable `MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET` is set,
then its value will be used in the configuration file for the option
`login_shared_secret_map` without leaking it to the store, using the configured
`homeserver.domain` as key.
See [here](https://github.com/mautrix/discord/blob/main/example-config.yaml)
for the documentation of `login_shared_secret_map`.
'';
};
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable
config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable
"conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
'';
description = ''
List of systemd units to require and wait for when starting the application service.
'';
};
registerToSynapse = lib.mkOption {
type = lib.types.bool;
default = config.services.matrix-synapse.enable;
defaultText = lib.literalExpression ''
config.services.matrix-synapse.enable
'';
description = ''
Whether to add the bridge's app service registration file to
`services.matrix-synapse.settings.app_service_config_files`.
'';
};
};
config = lib.mkIf cfg.enable {
users.users.mautrix-discord = {
isSystemUser = true;
group = "mautrix-discord";
home = dataDir;
description = "mautrix-discord bridge user";
};
users.groups.mautrix-discord = { };
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-discord" ];
};
# Note: this is defined here to avoid the docs depending on `config`
services.mautrix-discord-dashie.settings.homeserver = optOneOf
(with config.services; [
(lib.mkIf matrix-synapse.enable
(mkDefaults { domain = matrix-synapse.settings.server_name; }))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address =
"http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
systemd.services.mautrix-discord-dashie = {
description = "mautrix-discord, a Matrix-Discord puppeting bridge.";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ];
preStart = ''
# substitute the settings file by environment variables
# in this case read from EnvironmentFile
test -f '${settingsFile}' && rm -f '${settingsFile}'
old_umask=$(umask)
umask 0177
${pkgs.envsubst}/bin/envsubst \
-o '${settingsFile}' \
-i '${settingsFileUnsubstituted}'
umask $old_umask
# generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${pkgs.mautrix-discord}/bin/mautrix-discord \
--generate-registration \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi
chmod 640 ${registrationFile}
umask 0177
# 1. Overwrite registration tokens in config
# 2. If environment variable MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET
# is set, set it as the login shared secret value for the configured
# homeserver domain.
${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
| .[0].appservice.hs_token = .[1].hs_token
| .[0]
| if env.MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_DISCORD_BRIDGE_LOGIN_SHARED_SECRET else . end' \
'${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
mv '${settingsFile}.tmp' '${settingsFile}'
umask $old_umask
'';
serviceConfig = {
User = "mautrix-discord";
Group = "mautrix-discord";
EnvironmentFile = cfg.environmentFile;
StateDirectory = baseNameOf dataDir;
WorkingDirectory = dataDir;
ExecStart = ''
${pkgs.mautrix-discord}/bin/mautrix-discord \
--config='${settingsFile}' \
--registration='${registrationFile}'
'';
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = "30s";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
Type = "simple";
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
};
};
meta.maintainers = with lib.maintainers; [ niklaskorz ];
}

247
hardware/server/mautrix-whatsapp.nix
View file

@ -1,247 +0,0 @@
# derived from mautrix signal on nixpkgs -> https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/servers/mautrix-signal/default.nix#L27
{ lib, config, pkgs, ... }:
let
cfg = config.services.mautrix-whatsapp-dashie;
dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted =
settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json"
cfg.settings;
settingsFormat = pkgs.formats.json { };
appservicePort = 29318;
# to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
defaultConfig = {
homeserver.address = "http://localhost:8448";
appservice = {
hostname = "[::]";
port = appservicePort;
database.type = "sqlite3";
database.uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
id = "whatsapp";
bot = {
username = "whatsappbot";
displayname = "Whatsapp Bridge Bot";
};
as_token = "";
hs_token = "";
};
bridge = {
username_template = "whatsapp_{{.}}";
displayname_template =
''{{or .ProfileName .PhoneNumber "Unknown user"}}'';
double_puppet_server_map = { };
login_shared_secret_map = { };
command_prefix = "!whatsapp";
permissions."*" = "relay";
relay.enabled = true;
};
logging = {
min_level = "info";
writers = lib.singleton {
type = "stdout";
format = "pretty-colored";
time_format = " ";
};
};
};
in {
options.services.mautrix-whatsapp-dashie = {
enable = lib.mkEnableOption
"mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type;
default = defaultConfig;
description = ''
{file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in
[example-config.yaml](https://github.com/mautrix/whatsapp/blob/master/example-config.yaml).
Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set.
'';
example = {
appservice = {
database = {
type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
};
id = "whatsapp";
ephemeral_events = false;
};
bridge = {
history_sync = { request_full_sync = true; };
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = { shared_secret = "disable"; };
permissions = { "example.com" = "user"; };
};
};
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
File containing environment variables to be passed to the mautrix-whatsapp service.
If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
then its value will be used in the configuration file for the option
`login_shared_secret_map` without leaking it to the store, using the configured
`homeserver.domain` as key.
See [here](https://github.com/mautrix/whatsapp/blob/main/example-config.yaml)
for the documentation of `login_shared_secret_map`.
'';
};
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable
config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable
"conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
'';
description = ''
List of systemd units to require and wait for when starting the application service.
'';
};
registerToSynapse = lib.mkOption {
type = lib.types.bool;
default = config.services.matrix-synapse.enable;
defaultText = lib.literalExpression ''
config.services.matrix-synapse.enable
'';
description = ''
Whether to add the bridge's app service registration file to
`services.matrix-synapse.settings.app_service_config_files`.
'';
};
};
config = lib.mkIf cfg.enable {
users.users.mautrix-whatsapp = {
isSystemUser = true;
group = "mautrix-whatsapp";
home = dataDir;
description = "mautrix-whatsapp bridge user";
};
users.groups.mautrix-whatsapp = { };
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
};
# Note: this is defined here to avoid the docs depending on `config`
services.mautrix-whatsapp-dashie.settings.homeserver = optOneOf
(with config.services; [
(lib.mkIf matrix-synapse.enable
(mkDefaults { domain = matrix-synapse.settings.server_name; }))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address =
"http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]);
systemd.services.mautrix-whatsapp-dashie = {
description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ];
preStart = ''
# substitute the settings file by environment variables
# in this case read from EnvironmentFile
test -f '${settingsFile}' && rm -f '${settingsFile}'
old_umask=$(umask)
umask 0177
${pkgs.envsubst}/bin/envsubst \
-o '${settingsFile}' \
-i '${settingsFileUnsubstituted}'
umask $old_umask
# generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
--generate-registration \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi
chmod 640 ${registrationFile}
umask 0177
# 1. Overwrite registration tokens in config
# 2. If environment variable MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET
# is set, set it as the login shared secret value for the configured
# homeserver domain.
${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
| .[0].appservice.hs_token = .[1].hs_token
| .[0]
| if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
'${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
mv '${settingsFile}.tmp' '${settingsFile}'
umask $old_umask
'';
serviceConfig = {
User = "mautrix-whatsapp";
Group = "mautrix-whatsapp";
EnvironmentFile = cfg.environmentFile;
StateDirectory = baseNameOf dataDir;
WorkingDirectory = dataDir;
ExecStart = ''
${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
--config='${settingsFile}' \
--registration='${registrationFile}'
'';
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = "30s";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
Type = "simple";
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
};
};
meta.maintainers = with lib.maintainers; [ niklaskorz ];
}

106
hardware/spaceship/configuration.nix
View file

@ -1,106 +0,0 @@
{ config, ... }:
let username = config.conf.username;
in {
imports = [ ../../modules ];
# config variables
conf = {
monitor = "DP-1";
streamdeck.enable = false;
hostname = "spaceship";
};
mods = {
# f to pay respect
teams.enable = true;
coding = { jetbrains = true; };
gaming = { enable = true; };
stylix.colorscheme = "catppuccin-mocha";
hyprland = {
monitor = [
# default
"DP-2,2560x1440@165,0x0,1"
"DP-1,3440x1440@180,2560x0,1,vrr,0"
"DP-3,1920x1080@144,6000x0,1"
"DP-3,transform,1"
# all others
",highrr,auto,1"
];
workspace = [
# workspaces
# monitor middle
"2,monitor:DP-1, default:true"
"4,monitor:DP-1"
"6,monitor:DP-1"
"8,monitor:DP-1"
"9,monitor:DP-1"
"10,monitor:DP-1"
# monitor left
"1,monitor:DP-2, default:true"
"5,monitor:DP-2"
"7,monitor:DP-2"
# monitor right
"3,monitor:DP-3, default:true"
];
hyprpaper.config = ''
#load
preload = /home/${username}/Pictures/backgrounds/shinobu_2k.jpg
preload = /home/${username}/Pictures/backgrounds/shino_wide.png
preload = /home/${username}/Pictures/backgrounds/shinobu_1080.jpg
#set
wallpaper = DP-2,/home/${username}/Pictures/backgrounds/shinobu_2k.jpg
wallpaper = DP-1,/home/${username}/Pictures/backgrounds/shino_wide.png
wallpaper = DP-3,/home/${username}/Pictures/backgrounds/shinobu_1080.jpg
splash = true
'';
extra_autostart = [ "flatpak run com.core447.StreamController -b" ];
};
extraDrives = [{
name = "drive2";
drive = {
device = "/dev/disk/by-label/DRIVE2";
fsType = "ext4";
options = [ "noatime" "nodiratime" "discard" ];
};
}];
virtualbox.enable = true;
kde_connect.enable = true;
xone.enable = true;
amdgpu.enable = true;
piper.enable = true;
flatpak.additional_packages = [ "com.core447.StreamController" ];
vapi = {
enable = true;
rocm.enable = true;
};
greetd = { resolution = "3440x1440@180"; };
nextcloud = {
synclist = [
{
name = "document_sync";
remote = "/Documents";
local = "/home/${config.conf.username}/Documents";
}
{
name = "picture_sync";
remote = "/Pictures";
local = "/home/${config.conf.username}/Pictures";
}
{
name = "phone_sync";
remote = "Phone/Stuff";
local = "/home/${config.conf.username}/Videos/Phone/Stuff";
}
{
name = "pw_sync";
remote = "PWs";
local = "/home/${config.conf.username}/Music";
}
];
};
};
}

16
lib/default.nix
View file

@ -1,8 +1,12 @@
{ inputs, pkgs, ... }: {
build_systems = systems:
{ inputs, pkgs, ... }:
let
in {
build_systems = systems: root:
builtins.listToAttrs (map (name: {
name = name;
value = let mod = ../hardware/${name}/configuration.nix;
value = let
mod = root + /${name}/configuration.nix;
additionalConfig = root + /${name}/${name}.nix;
in inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs pkgs mod; };
modules = [
@ -10,10 +14,10 @@
inputs.stylix.nixosModules.stylix
../base
../programs
../modules
mod
] ++ inputs.nixpkgs.lib.optional
(builtins.pathExists ../hardware/${name}/${name}.nix)
../hardware/${name}/${name}.nix
] ++ inputs.nixpkgs.lib.optional (builtins.pathExists additionalConfig)
additionalConfig
++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod;
};
}) systems);

10
modules/conf.nix
View file

@ -101,6 +101,16 @@
'';
};
build-command = lib.mkOption {
default =
"sudo nixos-rebuild switch --flake /home/${config.conf.username}/gits/dotFiles/.";
example = "yourpath/.";
type = lib.types.str;
description = ''
The path for your build command, you can then simply type rebuild to switch to a new configuration.
'';
};
nvim-colorscheme = lib.mkOption {
default = { tokyonight = { enable = true; }; };
example = { catppuccin = { enable = true; }; };

1
modules/programs/home_packages.nix
View file

@ -28,6 +28,7 @@
kitty
fish
ripgrep
# TODO add fcp once fixed....
rm-improved
bat
fd

1
programs/default.nix
View file

@ -14,6 +14,7 @@ let
inputs.nix-flatpak.homeManagerModules.nix-flatpak
inputs.sops-nix.homeManagerModules.sops
inputs.dashvim.homeManagerModules.dashvim
../modules
];
in {
xdg = {

2
programs/individual_configs/fish.nix
View file

@ -14,7 +14,7 @@
set EDITOR "neovide --no-fork"
alias rebuild='sudo nixos-rebuild switch --flake /home/${config.conf.username}/gits/dotFiles/.'
alias rebuild='${config.conf.build-command}'
abbr --add ls 'lsd'
abbr --add :q 'exit'
abbr --add gh 'git push origin'