diff --git a/nix/deployments/hive.nix b/nix/deployments/hive.nix index ab1eb1d..fcf64a6 100644 --- a/nix/deployments/hive.nix +++ b/nix/deployments/hive.nix @@ -59,8 +59,8 @@ in ../system/xps11/configuration.nix ../home/programs/nginx ../home/programs/jellyfin + ../home/programs/calibre-web ../home/programs/forgejo/webserver.nix - ../home/programs/immich ]; fileSystems."/storage" = { diff --git a/nix/home/programs/beets/default.nix b/nix/home/programs/beets/default.nix index a3af9b9..547bb1f 100644 --- a/nix/home/programs/beets/default.nix +++ b/nix/home/programs/beets/default.nix @@ -1,8 +1,6 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - beets - ]; + environment.systemPackages = with pkgs; [ beets-unstable ]; # If using home-manager, we could the beets settings in a more in-nix way. As # it is, here's the YAML that's currently on the NAS. If being serious, we diff --git a/nix/home/programs/immich/default.nix b/nix/home/programs/immich/default.nix deleted file mode 100644 index c2c8ccc..0000000 --- a/nix/home/programs/immich/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, config, ... }: - -let - immichDomain = lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/immichdomain; -in -{ - services.immich = { - enable = true; - port = 2283; - mediaLocation = "/storage/organized/photos"; - - ## Enable hardware acceleration for video - # `null` will give access to all devices. -# You may want to restrict this by using something like `[ "/dev/dri/renderD128" ]` - accelerationDevices = null; - - settings.server.externalDomain = "https://${immichDomain}"; -}; - - hardware.graphics = { - enable = true; - # Maybe we need more here, hard to say... - }; - - users.users.immich.extraGroups = [ "video" "render" "multimedia" - # something strange here about remote file-system groups... - "jellyfin" ]; - - ## Expose immich to "the world" - networking.firewall = { - allowedTCPPorts = [ - #nginx - 80 - 443 - ]; - }; - - services.nginx = { - - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts."${immichDomain}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - - locations."/" = { - proxyPass = "http://[::1]:${toString config.services.immich.port}"; - proxyWebsockets = true; - }; - }; - }; -} - diff --git a/nix/home/programs/jellyfin/default.nix b/nix/home/programs/jellyfin/default.nix index d0c09db..50fadbc 100644 --- a/nix/home/programs/jellyfin/default.nix +++ b/nix/home/programs/jellyfin/default.nix @@ -3,6 +3,9 @@ { networking.firewall = { allowedTCPPorts = [ + # jellyfin frontend + 8096 + 8920 #nginx 80 443 @@ -19,7 +22,6 @@ # 2. override default hardening measure from NixOS - this is default since 22.05 systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false; - ## Expose jelly to "the world" services.nginx = { virtualHosts."${lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/domain}" = { forceSSL = true; diff --git a/nix/home/programs/mangadex-downloader/default.nix b/nix/home/programs/mangadex-downloader/default.nix deleted file mode 100644 index 6b14982..0000000 --- a/nix/home/programs/mangadex-downloader/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ pkgs, ... }: - -let - - buildPythonPackage = pkgs.python311Packages.buildPythonPackage; - fetchPypi = pkgs.python311Packages.fetchPypi; - requests_doh = buildPythonPackage rec { - pname = "requests_doh"; - version = "1.0.0"; - format = "setuptools"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-bOi8liRQMKGY7yDSEAtNyzsSCgWljfcD+L4SGnn48vs="; - }; - - doCheck = false; - - propagatedBuildInputs = with pkgs.python311Packages; [ - requests - dnspython - ] ++ requests.optional-dependencies.socks ++ dnspython.optional-dependencies.doh; - }; - - mangadex-downloader = buildPythonPackage - rec { - pname = "mangadex_downloader"; - version = "3.1.4"; - format = "setuptools"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-653lHYQPFZ3I9+bqMRxGcSyJv1MEqPvYbbX0j/SATyo="; - }; - - doCheck = false; - - propagatedBuildInputs = with pkgs.python311Packages; [ - pysocks - requests_doh - requests - beautifulsoup4 - chardet - packaging - requests - tqdm - pyjwt - pillow - pathvalidate - ]++ requests.optional-dependencies.socks; - }; -in -{ - environment.systemPackages = [ - (pkgs.python311.withPackages (p: [ - mangadex-downloader - ])) - ]; -} diff --git a/nix/home/programs/nvim/default.nix b/nix/home/programs/nvim/default.nix index 60cd79d..d8bafd0 100644 --- a/nix/home/programs/nvim/default.nix +++ b/nix/home/programs/nvim/default.nix @@ -127,7 +127,7 @@ with builtins; pkgs.replaceVars ./nvim-lspconfig.lua { # since both of these are used for actually configuring the system, # we'll probably always want them around. - lua_ls = pkgs.lua-language-server; + lua_ls = pkgs.sumneko-lua-language-server; nixd = pkgs.nixd; ts_server = pkgs.nodePackages.typescript-language-server; diagnostic_server = pkgs.nodePackages.diagnostic-languageserver; diff --git a/nix/home/programs/nvim/init.vim b/nix/home/programs/nvim/init.vim index a3c9351..854bfd8 100644 --- a/nix/home/programs/nvim/init.vim +++ b/nix/home/programs/nvim/init.vim @@ -6,6 +6,7 @@ filetype plugin indent on let g:netrw_liststyle = 3 set nobackup set noswapfile +set pastetoggle= set nowrap set background=dark diff --git a/nix/home/programs/zsh/default.nix b/nix/home/programs/zsh/default.nix index 53c4ad1..355cde6 100644 --- a/nix/home/programs/zsh/default.nix +++ b/nix/home/programs/zsh/default.nix @@ -12,7 +12,7 @@ with builtins; { enableCompletion = true; defaultKeymap = "viins"; - initContent = readFile ./zshrc; + initExtra = readFile ./zshrc; oh-my-zsh = { enable = true; diff --git a/nix/system/framework/configuration.nix b/nix/system/framework/configuration.nix index 0bccf23..a602dab 100644 --- a/nix/system/framework/configuration.nix +++ b/nix/system/framework/configuration.nix @@ -15,7 +15,6 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ../common/users.nix - (import ../../home/programs/mangadex-downloader) ]; # enable nix-flakes diff --git a/nix/system/svalbard/configuration.nix b/nix/system/svalbard/configuration.nix index 57b0e51..323bc50 100644 --- a/nix/system/svalbard/configuration.nix +++ b/nix/system/svalbard/configuration.nix @@ -42,7 +42,7 @@ (pkgs.writeTextFile { name = "dev-device-no-auto-name"; text = '' - SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0" ''; destination = "/etc/udev/rules.d/70-persistent-net.rules"; @@ -50,12 +50,12 @@ ]; # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; + i18n.defaultLocale = "en_US.utf8"; # Configure keymap in X11 services.xserver = { - xkb.layout = "us"; - xkb.variant = ""; + layout = "us"; + xkbVariant = ""; }; # Allow unfree packages @@ -94,4 +94,5 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? + } diff --git a/nix/system/xps11/configuration.nix b/nix/system/xps11/configuration.nix index bf3ca8f..e274c57 100644 --- a/nix/system/xps11/configuration.nix +++ b/nix/system/xps11/configuration.nix @@ -82,7 +82,7 @@ name = "dev-device-no-auto-name"; # xps11 uses a usb device as an ethernet port text = '' - SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0" ''; destination = "/etc/udev/rules.d/70-persistent-net.rules"; @@ -116,6 +116,4 @@ # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.03"; # Did you read the comment? - # postgres 11 has EOL'd - services.postgresql.package = pkgs.postgresql_15; }