mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

chore: update flake

Browse source
This commit is contained in:
oddlama 2025-01-05 15:24:57 +01:00
parent a9854dc474
commit d8e2c81593
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
4 changed files with 146 additions and 278 deletions
Download patch file Download diff file Expand all files Collapse all files

258
flake.lock generated
View file

@ -36,11 +36,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1734208773,
"narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=",
"lastModified": 1735993832,
"narHash": "sha256-gmleUygegZHWfyzgLUSgj9rVe2iUCoAUB0iUkKzQYN4=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "1472730015a2b3da0de09d9f1538bab3a816f618",
"rev": "57e286831e3581800178b310c0110c244f2e2469",
"type": "github"
},
"original": {
@ -220,11 +220,11 @@
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"lastModified": 1735644329,
"narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"type": "github"
},
"original": {
@ -326,11 +326,11 @@
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"lastModified": 1735644329,
"narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"type": "github"
},
"original": {
@ -368,11 +368,11 @@
]
},
"locked": {
"lastModified": 1735048446,
"narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=",
"lastModified": 1735468753,
"narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=",
"owner": "nix-community",
"repo": "disko",
"rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21",
"rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21",
"type": "github"
},
"original": {
@ -630,14 +630,17 @@
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
"nixpkgs-lib": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@ -648,7 +651,7 @@
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
@ -666,14 +669,14 @@
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1735774679,
"narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
"type": "github"
},
"original": {
@ -684,7 +687,7 @@
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_4"
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1730504689,
@ -708,11 +711,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1735774679,
"narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
"type": "github"
},
"original": {
@ -723,7 +726,7 @@
},
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_5"
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1717285511,
@ -741,7 +744,7 @@
},
"flake-parts_7": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_6"
"nixpkgs-lib": "nixpkgs-lib_5"
},
"locked": {
"lastModified": 1727826117,
@ -894,18 +897,45 @@
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks_2": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_8",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734797603,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
@ -1068,6 +1098,28 @@
}
},
"gitignore_8": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_9": {
"inputs": {
"nixpkgs": [
"whisper-overlay",
@ -1113,11 +1165,11 @@
]
},
"locked": {
"lastModified": 1735053786,
"narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=",
"lastModified": 1736013363,
"narHash": "sha256-P4lsS2Y5GzBfC8OfXtD/xWEucX6oHGTjOzjEjEJbXfc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84",
"rev": "0d7908bd09165db6699908b7e3970f137327cbf0",
"type": "github"
},
"original": {
@ -1134,11 +1186,11 @@
]
},
"locked": {
"lastModified": 1734862405,
"narHash": "sha256-bXZJvUMJ2A6sIpYcCUAGjYCD5UDzmpmQCdmJSkPhleU=",
"lastModified": 1735979091,
"narHash": "sha256-WpFjt6+8UD81EP386c269ZTqpEmlGJgcPw+OB4b7EBs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cb27edb5221d2f2920a03155f8becc502cf60e35",
"rev": "11ab08541e61ac3bbf2ab27229f68622629401df",
"type": "github"
},
"original": {
@ -1344,11 +1396,11 @@
]
},
"locked": {
"lastModified": 1733570843,
"narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
"lastModified": 1735956190,
"narHash": "sha256-svzx3yVXD5tbBJZCn3Lt1RriH8GHo6CyVUPTHejf7sU=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "a35b08d09efda83625bef267eb24347b446c80b8",
"rev": "3feaf376d75d3d58ebf7e9a4f584d00628548ad9",
"type": "github"
},
"original": {
@ -1364,11 +1416,11 @@
]
},
"locked": {
"lastModified": 1734838217,
"narHash": "sha256-zvMLS8BGn+kMG7tLLT3PJ67/S9yqZ9B7V8hKBa9cRRY=",
"lastModified": 1735443188,
"narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "d583b2d142f0428313df099f4a2dcf2a0496aa78",
"rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544",
"type": "github"
},
"original": {
@ -1387,11 +1439,11 @@
"pre-commit-hooks": "pre-commit-hooks_4"
},
"locked": {
"lastModified": 1734639503,
"narHash": "sha256-Z58HeNQpfbi94Cw8VxdF1GtU1S5AoWO0hfJTxA6wu78=",
"lastModified": 1735927098,
"narHash": "sha256-bRAtYb+o9/kFrUDZt5pFD0ET+rG0g5nYM0qNKaRiv2g=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "d6edd49bac68dc70e19b5e91617b9f04e8ac1c43",
"rev": "2113ac865a077a7487268d6f1fe27400271ecd19",
"type": "github"
},
"original": {
@ -1426,11 +1478,11 @@
"pre-commit-hooks": "pre-commit-hooks_5"
},
"locked": {
"lastModified": 1734643696,
"narHash": "sha256-W5JSWhhThI9erzhZmpHy1gZGwSxEGPKYmOUBEXH/WGA=",
"lastModified": 1735860340,
"narHash": "sha256-8bgRXOHpLmgUHmg6CKFnm6LJzIdInDzE6wO+OotedCI=",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"rev": "6a4736e0773a1852b0b6c5f71cbe96dd39c3caf1",
"rev": "2502ff50abc8e29606824ac4e67d4a5279b1cb0d",
"type": "github"
},
"original": {
@ -1462,11 +1514,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1734954597,
"narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=",
"lastModified": 1735388221,
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "def1d472c832d77885f174089b0d34854b007198",
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
"type": "github"
},
"original": {
@ -1498,11 +1550,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734649271,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
"lastModified": 1735834308,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github"
},
"original": {
@ -1526,29 +1578,17 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1733096140,
"narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
}
},
"nixpkgs-lib_4": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
@ -1560,7 +1600,7 @@
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-lib_5": {
"nixpkgs-lib_4": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
@ -1572,7 +1612,7 @@
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-lib_6": {
"nixpkgs-lib_5": {
"locked": {
"lastModified": 1727825735,
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
@ -1649,22 +1689,6 @@
}
},
"nixpkgs-stable_5": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_6": {
"locked": {
"lastModified": 1718447546,
"narHash": "sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM=",
@ -1711,11 +1735,11 @@
"treefmt-nix": "treefmt-nix_4"
},
"locked": {
"lastModified": 1735124172,
"narHash": "sha256-2X2yCslRVWAmD/2IuiGGRJxEX+CMM7uuI81VZz+WJMU=",
"lastModified": 1735980252,
"narHash": "sha256-aVFpRYFmLP6jECp9SwsoJkSBTOSOJKYOjHgsR0RcbCQ=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "ca3c7e29a857084c4b311aa714b88ab789760fe0",
"rev": "9fec10597383c024a2a1a8b71fb58d6b1f30ebb9",
"type": "github"
},
"original": {
@ -1734,11 +1758,11 @@
]
},
"locked": {
"lastModified": 1733773348,
"narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
"lastModified": 1735854821,
"narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=",
"owner": "NuschtOS",
"repo": "search",
"rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
"rev": "836908e3bddd837ae0f13e215dd48767aee355f0",
"type": "github"
},
"original": {
@ -1802,11 +1826,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"lastModified": 1734797603,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"type": "github"
},
"original": {
@ -1924,15 +1948,14 @@
"gitignore": "gitignore_7",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_5"
]
},
"locked": {
"lastModified": 1734797603,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
@ -1944,12 +1967,12 @@
"pre-commit-hooks_7": {
"inputs": {
"flake-compat": "flake-compat_11",
"gitignore": "gitignore_8",
"gitignore": "gitignore_9",
"nixpkgs": [
"whisper-overlay",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_6"
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
"lastModified": 1718879355,
@ -2210,6 +2233,7 @@
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_10",
"flake-utils": "flake-utils_5",
"git-hooks": "git-hooks_2",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
@ -2223,11 +2247,11 @@
"tinted-tmux": "tinted-tmux"
},
"locked": {
"lastModified": 1735151068,
"narHash": "sha256-sJ1/y4aXAZ22trJjY+nH/bJ+pydaDKf3wZtafM+Yjcs=",
"lastModified": 1736011580,
"narHash": "sha256-8gmk/i9ZA5C6LGRnqHb5sZ8UKaqT5GnS6XxeSPMSz+s=",
"owner": "danth",
"repo": "stylix",
"rev": "079fecebad5f616561726359c89cedd811c8a722",
"rev": "7dfcdb410118dcd02ba1d85a2179a6f1c877403f",
"type": "github"
},
"original": {
@ -2436,11 +2460,11 @@
]
},
"locked": {
"lastModified": 1732292307,
"narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=",
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "705df92694af7093dfbb27109ce16d828a79155f",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
@ -2499,11 +2523,11 @@
]
},
"locked": {
"lastModified": 1734704479,
"narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
"lastModified": 1735905407,
"narHash": "sha256-1hKMRIT+QZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
"rev": "29806abab803e498df96d82dd6f34b32eb8dd2c8",
"type": "github"
},
"original": {
@ -2519,11 +2543,11 @@
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"lastModified": 1735905407,
"narHash": "sha256-1hKMRIT+QZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"rev": "29806abab803e498df96d82dd6f34b32eb8dd2c8",
"type": "github"
},
"original": {

153
modules/actual.nix
View file

@ -1,153 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
inherit (lib)
getExe
mkEnableOption
mkIf
mkOption
mkPackageOption
types
;
cfg = config.services.actual;
configFile = formatType.generate "config.json" cfg.settings;
dataDir = "/var/lib/actual";
formatType = pkgs.formats.json { };
in
{
options.services.actual = {
enable = mkEnableOption "actual, a privacy focused app for managing your finances";
package = mkPackageOption pkgs "actual-server" { };
user = mkOption {
type = types.str;
default = "actual";
description = ''
User to run actual as.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
:::
'';
};
group = mkOption {
type = types.str;
default = "actual";
description = ''
Group under which to run.
::: {.note}
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
:::
'';
};
openFirewall = mkOption {
default = false;
type = types.bool;
description = "Whether to open the firewall for the specified port.";
};
settings = mkOption {
default = { };
type = types.submodule {
freeformType = formatType.type;
options = {
hostname = mkOption {
type = types.str;
description = "The address to listen on";
default = "::";
};
port = mkOption {
type = types.port;
description = "The port to listen on";
default = 3000;
};
};
config = {
serverFiles = "${dataDir}/server-files";
userFiles = "${dataDir}/user-files";
inherit dataDir;
};
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.port ];
users.groups = mkIf (cfg.group == "actual") {
${cfg.group} = { };
};
users.users = mkIf (cfg.user == "actual") {
${cfg.user} = {
isSystemUser = true;
inherit (cfg) group;
home = dataDir;
};
};
systemd.services.actual = {
description = "Actual server, a local-first personal finance app";
after = [ "network.target" ];
environment.ACTUAL_CONFIG_PATH = configFile;
serviceConfig = {
ExecStart = getExe cfg.package;
User = cfg.user;
Group = cfg.group;
StateDirectory = "actual";
WorkingDirectory = dataDir;
LimitNOFILE = "1048576";
PrivateTmp = true;
PrivateDevices = true;
StateDirectoryMode = "0700";
Restart = "always";
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
#MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProtectSystem = "strict";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@pkey"
];
UMask = "0077";
};
wantedBy = [ "multi-user.target" ];
};
};
}

1
modules/default.nix
View file

@ -5,7 +5,6 @@
imports = [
./acme-wildcard.nix
./actual.nix
./backups.nix
./deterministic-ids.nix
./distributed-config.nix

12
users/myuser/graphical/hyprland.nix
View file

@ -193,18 +193,16 @@ in
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-3, default: true"
"7, monitor:DP-3"
"8, monitor:DP-3"
"9, monitor:DP-3"
];
})
(mkIf (nixosConfig.node.name == "nom") {
monitor =
[
];
workspace =
[
];
monitor = [
];
workspace = [
];
})
];