mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

chore: update flake and make necessary changes, disable immich for now

Browse source
This commit is contained in:
oddlama 2025-09-05 20:48:22 +02:00
parent 20477ecdc5
commit 3c322bbdbf
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
13 changed files with 228 additions and 156 deletions
Download patch file Download diff file Expand all files Collapse all files

28
config/optional/laptop.nix
View file

@ -1,21 +1,17 @@
{ {
systemd.network.wait-online.anyInterface = true; systemd.network.wait-online.anyInterface = true;
services = { # services.tlp.enable = true;
# tlp.enable = true; services.physlock.enable = true;
physlock.enable = true; services.logind.settings.Login = {
logind = { LidSwitch = "ignore";
lidSwitch = "ignore"; LidSwitchDocked = "ignore";
lidSwitchDocked = "ignore"; LidSwitchExternalPower = "ignore";
lidSwitchExternalPower = "ignore"; HandlePowerKey = "suspend";
extraConfig = '' HandleSuspendKey = "suspend";
HandlePowerKey=suspend HandleHibernateKey = "suspend";
HandleSuspendKey=suspend PowerKeyIgnoreInhibited = "yes";
HandleHibernateKey=suspend SuspendKeyIgnoreInhibited = "yes";
PowerKeyIgnoreInhibited=yes HibernateKeyIgnoreInhibited = "yes";
SuspendKeyIgnoreInhibited=yes
HibernateKeyIgnoreInhibited=yes
'';
};
}; };
} }

146
flake.lock generated
View file

@ -12,11 +12,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1750173260, "lastModified": 1754433428,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,12 +36,12 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1752094135, "dirtyRev": "647162ded97dd656efa95951a76bf694559618a0-dirty",
"narHash": "sha256-kd5/x5SshFVFHWUf/7rRqXQ06aUaD6VJdUYRCDUHHo0=", "dirtyShortRev": "647162d-dirty",
"owner": "oddlama", "lastModified": 1757081179,
"repo": "agenix-rekey", "narHash": "sha256-ITukwc/nWVjn8bEZ/iBMAhbuwHFnm+zfP+C6UyFiFrA=",
"rev": "395cdb1631e9715e37d0e859a2b1da63f0ae333b", "type": "git",
"type": "github" "url": "file:///home/malte/projects/agenix-rekey"
}, },
"original": { "original": {
"owner": "oddlama", "owner": "oddlama",
@ -85,11 +85,11 @@
}, },
"crane_3": { "crane_3": {
"locked": { "locked": {
"lastModified": 1753316655, "lastModified": 1754269165,
"narHash": "sha256-tzWa2kmTEN69OEMhxFy+J2oWSvZP5QhEgXp3TROOzl0=", "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "f35a3372d070c9e9ccb63ba7ce347f0634ddf3d2", "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -273,11 +273,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753140376, "lastModified": 1756733629,
"narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -490,11 +490,11 @@
"flake-compat_9": { "flake-compat_9": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1747046372,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -547,11 +547,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1753121425, "lastModified": 1756770412,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -586,11 +586,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753121425, "lastModified": 1754091436,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -607,11 +607,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753121425, "lastModified": 1754487366,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -852,15 +852,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749289734, "lastModified": 1757075491,
"narHash": "sha256-noC2IBKVH4NHJ3m59rqtdWNYUQY9Q98SC7K5RDw+3aw=", "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
"owner": "oddlama", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a7a0101db4bdef8da592ba5804e7c7444baa0493", "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oddlama", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -919,16 +919,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748294338, "lastModified": 1754860581,
"narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "ixx", "repo": "ixx",
"rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "NuschtOS",
"ref": "v0.0.8", "ref": "v0.1.1",
"repo": "ixx", "repo": "ixx",
"type": "github" "type": "github"
} }
@ -945,11 +945,11 @@
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1753693791, "lastModified": 1756744479,
"narHash": "sha256-pZQyCkqIFwGA77np+vqVQZgg2P0qPAI6x6kC3w6+PjE=", "narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "785a5701b22259b85735301b1aad19c2bee15498", "rev": "747b7912f49e2885090c83364d88cf853a020ac1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -980,11 +980,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1753388547, "lastModified": 1756913421,
"narHash": "sha256-zbjlS9sa2BbtE80YA9C9DMXwCADba3NjUROw/7Rpt7Y=", "narHash": "sha256-bApi+D4wQJe4tG03VySlb4lJOBWqpl8DK8niSfKT87U=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "9694139d7c761e857ac9d025f9110a92cd8f7686", "rev": "2ba6697616834ff8c58ebc6180e4833c6d781b82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1086,11 +1086,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753589988, "lastModified": 1756612744,
"narHash": "sha256-y1JlcMB2dKFkrr6g+Ucmj8L//IY09BtSKTH/A7OU7mU=", "narHash": "sha256-/glV6VAq8Va3ghIbmhET3S1dzkbZqicsk5h+FtvwiPE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "f0736b09c43028fd726fb70c3eb3d1f0795454cf", "rev": "3fe768e1f058961095b4a0d7a2ba15dc9736bdc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1184,11 +1184,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1753122741, "lastModified": 1756925795,
"narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "rev": "ba6fab29768007e9f2657014a6e134637100c57d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1220,11 +1220,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1753939845, "lastModified": 1756787288,
"narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "94def634a20494ee057c76998843c015909d6311", "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1248,11 +1248,11 @@
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": { "locked": {
"lastModified": 1751159883, "lastModified": 1754788789,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1299,11 +1299,11 @@
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1753977315, "lastModified": 1756946299,
"narHash": "sha256-AM3CZh+Emk/cr5Gf6RUf2xzkWdRB+yewP1YWoRxUbYQ=", "narHash": "sha256-N4PjGA0rittpNZGscKPel+mr/dMcKF73j0yr4rbG3T0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "a16c89c175277309fd3dd065fb5bc4eab450ae07", "rev": "63496f00c681b3e200bd17878a43ec68b7139a66",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1322,11 +1322,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753450833, "lastModified": 1755555503,
"narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", "narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "40987cc1a24feba378438d691f87c52819f7bd75", "rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1534,11 +1534,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750779888, "lastModified": 1755960406,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1708,11 +1708,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753584741, "lastModified": 1754189623,
"narHash": "sha256-i147iFSy4K4PJvID+zoszLbRi2o+YV8AyG4TUiDQ3+I=", "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "69dfe029679e73b8d159011c9547f6148a85ca6b", "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1772,11 +1772,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751265943, "lastModified": 1754675037,
"narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=", "narHash": "sha256-afS08F7lfMUBR4qrBxinN1kuxu+DoHQ5TPNVp9VS/OA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "37c8663fab86fdb202fece339ef7ac7177ffc201", "rev": "586577f3015397afacd83bc185454f4cc3c8028f",
"revCount": 904, "revCount": 955,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@ -1967,11 +1967,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754061284, "lastModified": 1756662192,
"narHash": "sha256-ONcNxdSiPyJ9qavMPJYAXDNBzYobHRxw0WbT38lKbwU=", "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "58bd4da459f0a39e506847109a2a5cfceb837796", "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View file

@ -29,8 +29,7 @@
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
home-manager = { home-manager = {
# FIXME: only using a fork to fix https://github.com/nix-community/home-manager/issues/6638 url = "github:nix-community/home-manager";
url = "github:oddlama/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };

2
hosts/sentinel/firezone.nix
View file

@ -19,7 +19,7 @@ let
"photos.${globals.domains.me}" "photos.${globals.domains.me}"
"s3.photos.${globals.domains.me}" "s3.photos.${globals.domains.me}"
globals.services.mealie.domain globals.services.mealie.domain
globals.services.immich.domain # globals.services.immich.domain
globals.services.influxdb.domain globals.services.influxdb.domain
globals.services.loki.domain globals.services.loki.domain
globals.services.paperless.domain globals.services.paperless.domain

6
hosts/sire/default.nix
View file

@ -145,9 +145,9 @@
// mkMicrovm "paperless" { // mkMicrovm "paperless" {
enablePaperlessDataset = true; enablePaperlessDataset = true;
} }
// mkMicrovm "immich" { # // mkMicrovm "immich" {
enableStorageDataset = true; # enableStorageDataset = true;
} # }
// mkMicrovm "ai" { } // mkMicrovm "ai" { }
// mkMicrovm "minecraft" { } // mkMicrovm "minecraft" { }
// mkMicrovm "ente" { // mkMicrovm "ente" {

2
hosts/ward/default.nix
View file

@ -21,7 +21,7 @@ let
"photos.${globals.domains.me}" "photos.${globals.domains.me}"
"s3.photos.${globals.domains.me}" "s3.photos.${globals.domains.me}"
globals.services.mealie.domain globals.services.mealie.domain
globals.services.immich.domain # globals.services.immich.domain
globals.services.influxdb.domain globals.services.influxdb.domain
globals.services.loki.domain globals.services.loki.domain
globals.services.paperless.domain globals.services.paperless.domain

71
hosts/ward/guests/adguardhome.nix
View file

@ -91,42 +91,41 @@ in
]; ];
dhcp.enabled = false; dhcp.enabled = false;
}; };
filtering.rewrites = filtering.rewrites = [
[ # Undo the /etc/hosts entry so we don't answer with the internal
# Undo the /etc/hosts entry so we don't answer with the internal # wireguard address for influxdb
# wireguard address for influxdb {
{ inherit (globals.services.influxdb) domain;
inherit (globals.services.influxdb) domain; answer = globals.domains.me;
answer = globals.domains.me; }
} ]
] # Use the local mirror-proxy for some services (not necessary, just for speed)
# Use the local mirror-proxy for some services (not necessary, just for speed) ++
++ map
map (domain: {
(domain: { inherit domain;
inherit domain; answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4;
answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4; })
}) [
[ # FIXME: dont hardcode, filter global service domains by internal state
# FIXME: dont hardcode, filter global service domains by internal state # FIXME: new entry here? make new firezone entry too.
# FIXME: new entry here? make new firezone entry too. # FIXME: new entry here? make new firezone gateway on ward entry too.
# FIXME: new entry here? make new firezone gateway on ward entry too. globals.services.grafana.domain
globals.services.grafana.domain "accounts.photos.${globals.domains.me}"
"accounts.photos.${globals.domains.me}" "albums.photos.${globals.domains.me}"
"albums.photos.${globals.domains.me}" "api.photos.${globals.domains.me}"
"api.photos.${globals.domains.me}" "cast.photos.${globals.domains.me}"
"cast.photos.${globals.domains.me}" "photos.${globals.domains.me}"
"photos.${globals.domains.me}" "s3.photos.${globals.domains.me}"
"s3.photos.${globals.domains.me}" globals.services.mealie.domain
globals.services.mealie.domain # globals.services.immich.domain
globals.services.immich.domain globals.services.influxdb.domain
globals.services.influxdb.domain globals.services.loki.domain
globals.services.loki.domain globals.services.paperless.domain
globals.services.paperless.domain globals.services.esphome.domain
globals.services.esphome.domain globals.services.home-assistant.domain
globals.services.home-assistant.domain "fritzbox.${globals.domains.personal}"
"fritzbox.${globals.domains.personal}" ];
];
filters = [ filters = [
{ {
name = "AdGuard DNS filter"; name = "AdGuard DNS filter";

44
hosts/ward/guests/kanidm.nix
View file

@ -37,7 +37,7 @@ in
age.secrets.kanidm-oauth2-forgejo = mkRandomSecret; age.secrets.kanidm-oauth2-forgejo = mkRandomSecret;
age.secrets.kanidm-oauth2-grafana = mkRandomSecret; age.secrets.kanidm-oauth2-grafana = mkRandomSecret;
age.secrets.kanidm-oauth2-immich = mkRandomSecret; # age.secrets.kanidm-oauth2-immich = mkRandomSecret;
age.secrets.kanidm-oauth2-firezone = mkRandomSecret; age.secrets.kanidm-oauth2-firezone = mkRandomSecret;
age.secrets.kanidm-oauth2-mealie = mkRandomSecret; age.secrets.kanidm-oauth2-mealie = mkRandomSecret;
age.secrets.kanidm-oauth2-paperless = mkRandomSecret; age.secrets.kanidm-oauth2-paperless = mkRandomSecret;
@ -115,27 +115,27 @@ in
inherit (globals.kanidm) persons; inherit (globals.kanidm) persons;
# Immich # # Immich
groups."immich.access" = { }; # groups."immich.access" = { };
systems.oauth2.immich = { # systems.oauth2.immich = {
displayName = "Immich"; # displayName = "Immich";
originUrl = [ # originUrl = [
"https://${globals.services.immich.domain}/auth/login" # "https://${globals.services.immich.domain}/auth/login"
"https://${globals.services.immich.domain}/api/oauth/mobile-redirect" # "https://${globals.services.immich.domain}/api/oauth/mobile-redirect"
]; # ];
originLanding = "https://${globals.services.immich.domain}/"; # originLanding = "https://${globals.services.immich.domain}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path; # basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path;
preferShortUsername = true; # preferShortUsername = true;
# XXX: PKCE is currently not supported by immich # # XXX: PKCE is currently not supported by immich
allowInsecureClientDisablePkce = true; # allowInsecureClientDisablePkce = true;
# XXX: RS256 is used instead of ES256 so additionally we need legacy crypto # # XXX: RS256 is used instead of ES256 so additionally we need legacy crypto
enableLegacyCrypto = true; # enableLegacyCrypto = true;
scopeMaps."immich.access" = [ # scopeMaps."immich.access" = [
"openid" # "openid"
"email" # "email"
"profile" # "profile"
]; # ];
}; # };
# Firezone # Firezone
groups."firezone.access" = { }; groups."firezone.access" = { };

2
nix/agenix-rekey.nix
View file

@ -12,7 +12,7 @@
# The identities that are used to rekey agenix secrets and to # The identities that are used to rekey agenix secrets and to
# decrypt all repository-wide secrets. # decrypt all repository-wide secrets.
secretsConfig = { secretsConfig = {
masterIdentities = [ ../secrets/yk1-nix-rage.pub ]; masterIdentities = [ "\"$DEVSHELL_DIR\"/secrets/yk1-nix-rage.pub" ];
extraEncryptionPubkeys = [ ../secrets/backup.pub ]; extraEncryptionPubkeys = [ ../secrets/backup.pub ];
}; };
}; };

2
nix/devshell.nix
View file

@ -26,7 +26,7 @@
devshells.default = { devshells.default = {
packages = [ packages = [
(builtins.trace "alarm: we pinned nix_2_24 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_24) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. pkgs.nix # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
]; ];
commands = [ commands = [

3
nix/hosts.nix
View file

@ -34,6 +34,9 @@
modules = [ modules = [
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"qtwebengine-5.15.19" # teamspeak3, whatever I don't visit any untrusted servers
];
nixpkgs.overlays = (import ../pkgs/default.nix inputs) ++ [ nixpkgs.overlays = (import ../pkgs/default.nix inputs) ++ [
inputs.idmail.overlays.default inputs.idmail.overlays.default
# inputs.nixos-cosmic.overlays.default # inputs.nixos-cosmic.overlays.default

1
pkgs/default.nix
View file

@ -5,6 +5,7 @@ _inputs: [
git-fuzzy = prev.callPackage ./git-fuzzy { }; git-fuzzy = prev.callPackage ./git-fuzzy { };
segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix { }; segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix { };
zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix { }; zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix { };
nix-plugins = prev.callPackage ./nix-plugins.nix { };
neovim-clean = prev.neovim-unwrapped.overrideAttrs (old: { neovim-clean = prev.neovim-unwrapped.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ]; nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
postInstall = '' postInstall = ''

74
pkgs/nix-plugins.nix Normal file
View file

@ -0,0 +1,74 @@
{
lib,
stdenv,
fetchFromGitHub,
nix,
cmake,
pkg-config,
capnproto,
boost,
writeText,
}:
let
patch = writeText "patch" ''
diff --git a/extra-builtins.cc b/extra-builtins.cc
index 3a0f90e..bb10f8b 100644
--- a/extra-builtins.cc
+++ b/extra-builtins.cc
@@ -1,10 +1,10 @@
-#include <config.h>
-#include <primops.hh>
-#include <globals.hh>
-#include <config-global.hh>
-#include <eval-settings.hh>
-#include <common-eval-args.hh>
-#include <filtering-source-accessor.hh>
+#include <nix/cmd/common-eval-args.hh>
+#include <nix/expr/eval-settings.hh>
+#include <nix/expr/primops.hh>
+#include <nix/fetchers/filtering-source-accessor.hh>
+#include <nix/store/globals.hh>
+#include <nix/util/configuration.hh>
+#include <nix/util/config-global.hh>
#include "nix-plugins-config.h"
'';
in
stdenv.mkDerivation rec {
pname = "nix-plugins";
version = "15.0.0";
# src = fetchFromGitHub {
# owner = "patrickdag";
# repo = "nix-plugins";
# rev = "c85627e50bf92807091321029fca3f700c3f13e2";
# hash = "sha256-lfQ+tDrNj8+nMw1mUl4ombjxdRpIKmAvcimxN4n1Iyo=";
# };
src = fetchFromGitHub {
owner = "shlevy";
repo = "nix-plugins";
tag = version;
hash = "sha256-C4VqKHi6nVAHuXVhqvTRRyn0Bb619ez4LzgUWPH1cbM=";
};
patches = [ patch ];
nativeBuildInputs = [
cmake
pkg-config
];
buildInputs = [
nix
boost
capnproto
];
meta = {
description = "Collection of miscellaneous plugins for the nix expression language";
homepage = "https://github.com/shlevy/nix-plugins";
license = lib.licenses.mit;
platforms = lib.platforms.all;
};
}