diff --git a/.forgejo/workflows/build_nixos_configs.yml b/.forgejo/workflows/build_nixos_configs.yml index 579e3cd..650718e 100644 --- a/.forgejo/workflows/build_nixos_configs.yml +++ b/.forgejo/workflows/build_nixos_configs.yml @@ -1,4 +1,4 @@ -name: Build NixOS Configurations +name: Buill NixOS Configurations on: [push] jobs: @@ -27,4 +27,4 @@ jobs: nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ -- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }} nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ - -- push --ignore-upstream-cache-filter gospel:nixosConfigs ./result + -- push gospel:nixosConfigs ./result diff --git a/flake.lock b/flake.lock index 11ba4d8..0f4d688 100644 --- a/flake.lock +++ b/flake.lock @@ -63,11 +63,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772153824, - "narHash": "sha256-T65qXmlcD9qFpPTi+mOXsn4dIkO2N8Ls67nqmuzepv0=", + "lastModified": 1770551880, + "narHash": "sha256-+cS5yXWsSLiK36+PP/+dcQdxpXSclx2d65p7l6Dis+A=", "owner": "catppuccin", "repo": "nix", - "rev": "4b0f5b7bf7b3eeb484d49524f3c9791864ab9362", + "rev": "db4dfe3f2a80e9c33492d839accd49f75c7324c2", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1772320113, - "narHash": "sha256-F/yM6SAAtCkG4NVOWap70CcAiPP+EIR5rb2zI3XlHDw=", + "lastModified": 1770744655, + "narHash": "sha256-n8U5fggqvdAUJ6Ydd7uEG1aEsZBuRgUJnA++dtsmpYQ=", "owner": "cachix", "repo": "devenv", - "rev": "65c59037d2dba83876ec9da8d22584d604553f16", + "rev": "d8bd7b74d0604227220074ac0bc934c4efb2b8fb", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1772330611, - "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=", + "lastModified": 1770779995, + "narHash": "sha256-Evbc+u49wYQ5uyEi/HHxVFEt3g/w4MZxkMXMe7McjRM=", "owner": "nix-community", "repo": "home-manager", - "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400", + "rev": "b3f43db171474132528be57610bfa5fb3b766879", "type": "github" }, "original": { @@ -401,11 +401,11 @@ ] }, "locked": { - "lastModified": 1771532737, - "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", + "lastModified": 1770395975, + "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", "owner": "cachix", "repo": "nix", - "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", + "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", "type": "github" }, "original": { @@ -480,11 +480,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1770631810, + "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "2889685785848de940375bf7fea5e7c5a3c8d502", "type": "github" }, "original": { @@ -496,11 +496,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "type": "github" }, "original": { @@ -527,11 +527,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", + "lastModified": 1770617025, + "narHash": "sha256-1jZvgZoAagZZB6NwGRv2T2ezPy+X6EFDsJm+YSlsvEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", + "rev": "2db38e08fdadcc0ce3232f7279bab59a15b94482", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1770835587, - "narHash": "sha256-D0LVQRMGA0xJpdpykxXaoHC3vGrkYG461jbJ5TfUzEM=", + "lastModified": 1770233182, + "narHash": "sha256-p6AN4IoRzITMYHt4OlPqWE9L80bbEHOh60Ek3OgMSJ4=", "ref": "main", - "rev": "72767c9aee71b0e5cec6dde7c2de92d3edb93dc4", - "revCount": 59, + "rev": "5a55725bd5de3f0640ccfcbf38600fc79b3f92fd", + "revCount": 58, "type": "git", "url": "https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config" }, diff --git a/homes/x86_64-linux/alejandro@carbon/default.nix b/homes/x86_64-linux/alejandro@carbon/default.nix index 1356707..2f502d4 100644 --- a/homes/x86_64-linux/alejandro@carbon/default.nix +++ b/homes/x86_64-linux/alejandro@carbon/default.nix @@ -4,6 +4,7 @@ let internal_display_settings = "eDP-1,preferred,auto,1.6"; clamshell_script = pkgs.writeShellScriptBin "clamshell" '' if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then + echo "Detected external monitor..." if [[ "$1" == "open" ]]; then ${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings} else @@ -24,14 +25,10 @@ in ",preferred,auto,1" ]; }; - aa.services.hypridle.suspendInhibitWhenPluggedIn = true; aa.windowManagers.sway.enable = lib.mkForce false; wayland.windowManager.hyprland.settings.bindl = [ ", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open" ", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close" ]; - - catppuccin.zathura.enable = true; - programs.zathura.enable = true; } diff --git a/modules/home/apps/tmux/default.nix b/modules/home/apps/tmux/default.nix index fb8ac52..63120c4 100644 --- a/modules/home/apps/tmux/default.nix +++ b/modules/home/apps/tmux/default.nix @@ -75,53 +75,44 @@ in tmuxPlugins.vim-tmux-navigator ]; - extraConfig = '' - # Scrolling with mouse wheel scrolls output instead of previous commands - setw -g mouse on + extraConfig = + '' + # Scrolling with mouse wheel scrolls output instead of previous commands + setw -g mouse on - # Open panes in the same directory - bind c new-window -c "#{pane_current_path}" - bind '"' split-window -c "#{pane_current_path}" - bind % split-window -h -c "#{pane_current_path}" + # Open panes in the same directory + bind c new-window -c "#{pane_current_path}" + bind '"' split-window -c "#{pane_current_path}" + bind % split-window -h -c "#{pane_current_path}" - # sessionizer - bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms" - bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch" - bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows" - bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'" + # sessionizer + bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms" + bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch" + bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows" + bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'" - '' - + lib.strings.optionalString config.programs.lazygit.enable '' - # Open lazygit in a popup - # Spins up a new session with a '-lg' suffix (hitting the shortcut - # toggles between attaching and detaching) - bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit" - } - '' - + lib.strings.optionalString config.programs.btop.enable '' - # Open btop in a popup - # Spins up a new session named `btop` (hitting the shortcut - # toggles between attaching and detaching) - # NOTE: This overrides the default C-t shortcut (shows time by default) - bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop" - } - '' - + lib.strings.optionalString config.programs.yazi.enable '' - # Open yazi in a popup - # Spins up a new session with a '-yazi' suffix (hitting the shortcut - # toggles between attaching and detaching) - bind C-y if-shell "[[ $(tmux display-message -p '#S') == *-yazi ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-yazi ${pkgs.yazi}/bin/yazi" - } - ''; + '' + + lib.strings.optionalString config.programs.lazygit.enable '' + # Open lazygit in a popup + # Spins up a new session with a '-lg' suffix (hitting the shortcut + # toggles between attaching and detaching) + bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" { + detach-client + } { + display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit" + } + '' + + lib.strings.optionalString config.programs.btop.enable '' + # Open btop in a popup + # Spins up a new session named `btop` (hitting the shortcut + # toggles between attaching and detaching) + # NOTE: This overrides the default C-t shortcut (shows time by default) + bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" { + detach-client + } { + display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop" + } + ''; }; xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig; diff --git a/modules/home/programs/yazi/default.nix b/modules/home/programs/yazi/default.nix index 4867baf..c44c998 100644 --- a/modules/home/programs/yazi/default.nix +++ b/modules/home/programs/yazi/default.nix @@ -13,10 +13,7 @@ in }; config = lib.mkIf cfg.enable { - programs.yazi = { - enable = true; - shellWrapperName = "y"; - }; + programs.yazi.enable = true; catppuccin.yazi.enable = true; }; } diff --git a/modules/home/services/hypridle/default.nix b/modules/home/services/hypridle/default.nix index 6e7dfe9..50e792d 100644 --- a/modules/home/services/hypridle/default.nix +++ b/modules/home/services/hypridle/default.nix @@ -14,18 +14,6 @@ let ; cfg = config.${namespace}.services.hypridle; - - # Script that suspends only when on battery power. - # When plugged in, uses systemd-inhibit to block suspend. - suspendScript = pkgs.writeShellScript "hypridle-suspend" '' - if [ "$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/AC/online)" = "1" ]; then - # Plugged in - inhibit suspend - ${pkgs.systemd}/bin/systemd-inhibit --what=sleep --who=hypridle --why="AC power connected" --mode=block ${pkgs.coreutils}/bin/sleep infinity & - else - # On battery - suspend - ${pkgs.systemd}/bin/systemctl suspend - fi - ''; in { options.${namespace}.services.hypridle = { @@ -61,14 +49,6 @@ in Whether or not to automatically suspend ''; }; - suspendInhibitWhenPluggedIn = mkOption { - type = types.bool; - default = false; - description = '' - Whether to inhibit suspend when AC power is connected. - Useful for laptops that should only suspend on battery. - ''; - }; brightnessTimeout = mkOption { type = types.int; @@ -128,11 +108,7 @@ in # Suspend system (lib.mkIf cfg.suspendEnable { timeout = cfg.suspendTimeout; - on-timeout = - if cfg.suspendInhibitWhenPluggedIn then - "${suspendScript}" - else - "${pkgs.systemd}/bin/systemctl suspend"; + on-timeout = "systemctl suspend"; }) ]; }; diff --git a/modules/nixos/services/adguardhome/default.nix b/modules/nixos/services/adguardhome/default.nix index 1f1f778..00c369c 100644 --- a/modules/nixos/services/adguardhome/default.nix +++ b/modules/nixos/services/adguardhome/default.nix @@ -38,15 +38,16 @@ in services.nginx = { enable = true; recommendedProxySettings = true; - virtualHosts."adguardhome.kilonull.com" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; + virtualHosts."adguardhome.kilonull.com" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall = { diff --git a/modules/nixos/services/atticd/default.nix b/modules/nixos/services/atticd/default.nix index 1a41dd5..8843c6d 100644 --- a/modules/nixos/services/atticd/default.nix +++ b/modules/nixos/services/atticd/default.nix @@ -37,6 +37,7 @@ in # openssl genrsa -traditional 4096 | base64 -w0 environmentFile = config.age.secrets.atticd.path; settings = { + allowed-hosts = [ "attic.kilonull.com" ]; api-endpoint = "https://attic.kilonull.com/"; listen = "[::]:8080"; garbage-collection.retention-period = "30d"; diff --git a/modules/nixos/services/grafana/default.nix b/modules/nixos/services/grafana/default.nix index 1841cd7..1a83bc2 100644 --- a/modules/nixos/services/grafana/default.nix +++ b/modules/nixos/services/grafana/default.nix @@ -113,17 +113,18 @@ in services.nginx = { enable = true; - virtualHosts."${server_settings.domain}" = { - locations."/" = { - proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; - proxyWebsockets = true; - recommendedProxySettings = true; + virtualHosts."${server_settings.domain}" = + { + locations."/" = { + proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall = { diff --git a/modules/nixos/services/minio/default.nix b/modules/nixos/services/minio/default.nix index a998f4b..074396c 100644 --- a/modules/nixos/services/minio/default.nix +++ b/modules/nixos/services/minio/default.nix @@ -33,62 +33,63 @@ in services.nginx = { enable = true; virtualHosts = { - "minio.kilonull.com" = { - extraConfig = '' - # Allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # Disable buffering - proxy_buffering off; - proxy_request_buffering off; - ''; + "minio.kilonull.com" = + { + extraConfig = '' + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + ''; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; - proxy_pass http://localhost:9000; - ''; - locations."/ui".extraConfig = '' - rewrite ^/ui/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; + proxy_pass http://localhost:9000; + ''; + locations."/ui".extraConfig = '' + rewrite ^/ui/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; - proxy_connect_timeout 300; + proxy_connect_timeout 300; - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - proxy_set_header Origin ""; + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + proxy_set_header Origin ""; - chunked_transfer_encoding off; + chunked_transfer_encoding off; - proxy_pass http://localhost:9001; - ''; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; + proxy_pass http://localhost:9001; + ''; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; }; }; }; diff --git a/modules/nixos/services/nix-serve/default.nix b/modules/nixos/services/nix-serve/default.nix index 3e3b61d..80f0dce 100644 --- a/modules/nixos/services/nix-serve/default.nix +++ b/modules/nixos/services/nix-serve/default.nix @@ -45,19 +45,20 @@ in nginx = { enable = true; - virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = { - serverAliases = [ "${cfg.subdomain_name}" ]; - locations."/".extraConfig = '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; + virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = + { + serverAliases = [ "${cfg.subdomain_name}" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; }; }; diff --git a/modules/nixos/services/octoprint/default.nix b/modules/nixos/services/octoprint/default.nix index 451cfd9..35cde36 100644 --- a/modules/nixos/services/octoprint/default.nix +++ b/modules/nixos/services/octoprint/default.nix @@ -25,19 +25,20 @@ in services.nginx = { enable = true; recommendedProxySettings = true; - virtualHosts."octoprint.kilonull.com" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}"; - proxyWebsockets = true; - extraConfig = '' - client_max_body_size 512m; - ''; + virtualHosts."octoprint.kilonull.com" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 512m; + ''; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos/services/sunshine/default.nix b/modules/nixos/services/sunshine/default.nix index db6afc4..3d73849 100644 --- a/modules/nixos/services/sunshine/default.nix +++ b/modules/nixos/services/sunshine/default.nix @@ -30,22 +30,23 @@ in services.nginx = { enable = true; - virtualHosts."sunshine.kilonull.com" = { - locations."/" = { - recommendedProxySettings = true; - # NOTE: Sunshine is a little weird since it requires multiple - # ports. You configure it with a base port and the web UI +1 from - # the base port. - proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; - extraConfig = '' - proxy_ssl_verify off; - ''; + virtualHosts."sunshine.kilonull.com" = + { + locations."/" = { + recommendedProxySettings = true; + # NOTE: Sunshine is a little weird since it requires multiple + # ports. You configure it with a base port and the web UI +1 from + # the base port. + proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; }; } diff --git a/modules/nixos/services/teslamate/default.nix b/modules/nixos/services/teslamate/default.nix index cb0c188..4c35ff4 100644 --- a/modules/nixos/services/teslamate/default.nix +++ b/modules/nixos/services/teslamate/default.nix @@ -147,18 +147,19 @@ in services.nginx = { enable = true; - virtualHosts."teslamate.kilonull.com" = { - locations."/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - # TODO: Make port configurable. - proxyPass = "http://127.0.0.1:4000"; + virtualHosts."teslamate.kilonull.com" = + { + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + # TODO: Make port configurable. + proxyPass = "http://127.0.0.1:4000"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall.allowedTCPPorts = [ 4000 ]; diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix index 7810ec5..67bea25 100644 --- a/modules/nixos/user/default.nix +++ b/modules/nixos/user/default.nix @@ -58,7 +58,6 @@ in shell = pkgs.zsh; extraGroups = [ "wheel" ] ++ cfg.extraGroups; - } - // cfg.extraOptions; + } // cfg.extraOptions; }; } diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index fa68830..41e05a9 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -82,7 +82,6 @@ nixos-generators vlc signal-desktop-bin - zoom-us ]; environment.pathsToLink = [ "/share/applications" diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 4422494..40a1475 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -47,8 +47,7 @@ services.prometheus.enable = true; services.promtail.enable = true; services.hydra = { - # Intentionally disabled for now - enable = false; + enable = true; acmeCertName = "kilonull.com"; secretKeyPath = "/var/gospelCache"; s3Bucket = "nix-store"; @@ -112,15 +111,6 @@ "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" ]; - settings.container = { - options = '' - ; - -e PATH=:${pkgs.nix}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -e NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels - -e NIX_REMOTE=daemon - ''; - valid_volumes = [ "/nix" ]; - }; }; }; };