From f18654a7a5e7e15b962c61bab7cb2e5ce9ebc638 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Mon, 2 Dec 2024 10:40:53 +0100 Subject: [PATCH 1/2] ooye and update --- authorizedKeys.nix | 2 +- common/firefox.nix | 4 +- custom/ooye/package.nix | 41 ++++++++++++++ flake.lock | 54 +++++++++---------- modules/default.nix | 1 + modules/gitea.nix | 2 +- modules/mjolnir.nix | 4 +- modules/ooye.nix | 4 ++ modules/wireguard.nix | 8 +-- overlays/default.nix | 1 + overlays/ooye.nix | 4 ++ .../hardware-configuration.nix | 2 +- specific/grimm-nixos-ssd/configuration.nix | 2 +- sway/default.nix | 2 +- 14 files changed, 91 insertions(+), 40 deletions(-) create mode 100644 custom/ooye/package.nix create mode 100644 modules/ooye.nix create mode 100644 overlays/ooye.nix diff --git a/authorizedKeys.nix b/authorizedKeys.nix index 764d7ec..06b741d 100644 --- a/authorizedKeys.nix +++ b/authorizedKeys.nix @@ -4,5 +4,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos" - (builtins.readFile ./ssh/id_ed25519_sk.pub ) + (builtins.readFile ./ssh/id_ed25519_sk.pub) ] diff --git a/common/firefox.nix b/common/firefox.nix index f5967ea..85ffd41 100644 --- a/common/firefox.nix +++ b/common/firefox.nix @@ -37,10 +37,10 @@ in ]; policies = { ExtensionSettings = - # (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) // + # (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) // ( mapAttrs (guid: shortId: { - # explicit plugins by config + # explicit plugins by config install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; installation_mode = "force_installed"; }) config.grimmShared.firefox.plugins diff --git a/custom/ooye/package.nix b/custom/ooye/package.nix new file mode 100644 index 0000000..6560fb9 --- /dev/null +++ b/custom/ooye/package.nix @@ -0,0 +1,41 @@ +{ + buildNpmPackage, + lib, + nodejs, + fetchgit, +}: + +buildNpmPackage rec { + pname = "out-of-your-element"; + version = "3.0.5"; + + src = fetchgit { + url = "https://gitdab.com/cadence/out-of-your-element"; + rev = "v3.0-beta5"; + hash = "sha256-3Y6s9pNKKeqF6s4I2Rd4TpxXPCwqizXeil/sTDVnpr0="; + }; + + npmDepsHash = "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk="; + dontNpmBuild = true; + + postInstall = '' + # create wrapper + makeWrapper "${lib.getExe nodejs}" "$out/bin/ooye-setup" \ + --add-flags "$out/lib/node_modules/out-of-your-element/scripts/setup.js" + + makeWrapper "${lib.getExe nodejs}" "$out/bin/ooye-addbot" \ + --add-flags "$out/lib/node_modules/out-of-your-element/addbot.js" + + makeWrapper "${lib.getExe nodejs}" "$out/bin/ooye-start" \ + --add-flags "$out/lib/node_modules/out-of-your-element/start.js" + ''; + + meta = { + description = ""; + homepage = "https://gitdab.com/cadence/out-of-your-element"; + license = lib.licenses.agpl3Only; + maintainers = with lib.maintainers; [ grimmauld ]; + mainProgram = "out-of-your-element"; + platforms = lib.platforms.all; + }; +} diff --git a/flake.lock b/flake.lock index 15836fd..9c98f7a 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1732848312, - "narHash": "sha256-OSkmgBPSmZJlZmZu16S3zav7vbxU7w4p6cwoi4B28PM=", + "lastModified": 1732889580, + "narHash": "sha256-67MC0DhkRPTPy/g76sm/jzMqcmUBIlX5qoSH5B27Twk=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "30492838a20837085045baffc7c796f266a0b6a6", + "rev": "5b6ceba740feaf260ec205e41e3dde8af510a547", "type": "github" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1732715105, - "narHash": "sha256-WGf8bzwNEgbWjM9aTFv9ZCGrBQEfg0fYd4FSoVa2gDs=", + "lastModified": 1733072746, + "narHash": "sha256-Rds19CCMsbT+eo5HoJahl2N/wLrvGZ0Nw6Vlu+hvfmE=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "8f153d013632e6036e8bec6377cc5ed7d2ad14df", + "rev": "36d157737c1682d31721f68c812353225956471b", "type": "github" }, "original": { @@ -134,11 +134,11 @@ }, "crane": { "locked": { - "lastModified": 1732906089, - "narHash": "sha256-NvYSSiKsC0rqn9yY0a9zglLXrFp92EwKhTFZC38voCQ=", + "lastModified": 1725409566, + "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", "owner": "ipetkov", "repo": "crane", - "rev": "9ed3180f45c2d1499e5af98c4ab7ffee8e886f5f", + "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c", "type": "github" }, "original": { @@ -237,11 +237,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -302,11 +302,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -324,11 +324,11 @@ ] }, "locked": { - "lastModified": 1732648910, - "narHash": "sha256-1F83DUfEHnCZpGY4UOlWaamWoDx8eZ9tHaUF51p2hng=", + "lastModified": 1732739177, + "narHash": "sha256-iL32+TA/8geCzcL1r3uthrH/GPvbUak5QE++WJUkaiI=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "e86d2ad72094354326887bd6fe156f327d63d491", + "rev": "8d7b2149e618696d5100c2683af1ffa893f02a75", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733015953, + "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", "type": "github" }, "original": { @@ -502,11 +502,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730338630, - "narHash": "sha256-rGp0I9m3/nDV70nRXvdCv2QiAGPOaRm92rISXDxNUJM=", + "lastModified": 1732958734, + "narHash": "sha256-DY1Aq+pAU/n0loBjCRfeSbEG/ji2M+mrEkcEnsN/AHk=", "owner": "nix-community", "repo": "nixpkgs-update", - "rev": "525c2e488ad26cd46878fd93337521bf42e598a9", + "rev": "dffb2930904b08ca8d226594b543cbae150b5f67", "type": "github" }, "original": { @@ -610,11 +610,11 @@ ] }, "locked": { - "lastModified": 1732933841, - "narHash": "sha256-dge02pUSe2QeC/B3PriA0R8eAX+EU3aDoXj9FcS3XDw=", + "lastModified": 1725675754, + "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c65e91d4a33abc3bc4a892d3c5b5b378bad64ea1", + "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", "type": "github" }, "original": { diff --git a/modules/default.nix b/modules/default.nix index a3de8be..58c08db 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -18,6 +18,7 @@ in # ./discord-matrix-bridge.nix ./mastodon.nix ./nix_cache.nix + ./ooye.nix # ./auth.nix ./hedgedoc.nix # ./factorio.nix diff --git a/modules/gitea.nix b/modules/gitea.nix index 24e148a..963005c 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -15,7 +15,7 @@ in }; dump.enable = true; - + settings = { service.DISABLE_REGISTRATION = true; server = { diff --git a/modules/mjolnir.nix b/modules/mjolnir.nix index 9a4e6d0..2e38ce4 100644 --- a/modules/mjolnir.nix +++ b/modules/mjolnir.nix @@ -18,7 +18,7 @@ in }; }; - # global mjolnir + # global mjolnir services.mjolnir = { enable = true; homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl; @@ -48,7 +48,7 @@ in { config, ... }: { system.stateVersion = "unstable"; - # tle mjolnir + # tle mjolnir services.logrotate.checkConfig = false; services.mjolnir = { enable = true; diff --git a/modules/ooye.nix b/modules/ooye.nix new file mode 100644 index 0000000..67a9dda --- /dev/null +++ b/modules/ooye.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ ooye ]; +} diff --git a/modules/wireguard.nix b/modules/wireguard.nix index e682c1d..2467d0e 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -9,17 +9,17 @@ }; networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface + # "wg0" is the network interface name. You can name the interface # arbitrarily.} wg0 = { privateKeyFile = "/home/grimmauld/wireguard.priv"; - # Determines the IP address and subnet of the server's end of the tunnel + # Determines the IP address and subnet of the server's end of the tunnel # interface. ips = [ "10.100.0.1/24" ]; # The port that WireGuard listens to. Must be accessible by the client. listenPort = 51820; - # This allows the wireguard server to route your traffic to the internet and - # hence be like a VPN For this to work you have to set the dnsserver IP of + # This allows the wireguard server to route your traffic to the internet and + # hence be like a VPN For this to work you have to set the dnsserver IP of # your router (or dnsserver of choice) in your clients postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE diff --git a/overlays/default.nix b/overlays/default.nix index 78e2a3e..d6c64f1 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -35,6 +35,7 @@ ./searchclip.nix ./confwhich.nix ./rfindup.nix + ./ooye.nix ./factorio.nix ./ranger.nix ./ncspot.nix diff --git a/overlays/ooye.nix b/overlays/ooye.nix new file mode 100644 index 0000000..ea3b36a --- /dev/null +++ b/overlays/ooye.nix @@ -0,0 +1,4 @@ +{ prev, ... }: +{ + ooye = prev.callPackage ../custom/ooye/package.nix { }; +} diff --git a/specific/grimm-nixos-laptop/hardware-configuration.nix b/specific/grimm-nixos-laptop/hardware-configuration.nix index b0f0a18..492f657 100644 --- a/specific/grimm-nixos-laptop/hardware-configuration.nix +++ b/specific/grimm-nixos-laptop/hardware-configuration.nix @@ -14,7 +14,7 @@ in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - # ./modules/nvidia.nix + # ./modules/nvidia.nix ]; boot.initrd.kernelModules = [ ]; diff --git a/specific/grimm-nixos-ssd/configuration.nix b/specific/grimm-nixos-ssd/configuration.nix index 80f5bf3..bb39fbe 100644 --- a/specific/grimm-nixos-ssd/configuration.nix +++ b/specific/grimm-nixos-ssd/configuration.nix @@ -16,7 +16,7 @@ boot.supportedFilesystems.zfs = true; # security.pam.yubico.control = "required"; - + services.printing.cups-pdf.enable = true; # implies printing enable # services.printing.enable = true; security.apparmor.enable = true; diff --git a/sway/default.nix b/sway/default.nix index cc6c0d3..f6cedea 100644 --- a/sway/default.nix +++ b/sway/default.nix @@ -197,7 +197,7 @@ pkgs.swaynotificationcenter pkgs.networkmanagerapplet aw-bundle - # (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart + # (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart ]; extraConfig = '' output * bg ${./wallpapers/switzerland.jpg} fill From a8b165e9573e68cc69d6ca6c742949cfe4d81ddb Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Mon, 2 Dec 2024 10:58:45 +0100 Subject: [PATCH 2/2] fix aa patch --- aa_mod.patch | 76 ---------------------------------------------------- flake.nix | 5 +++- 2 files changed, 4 insertions(+), 77 deletions(-) delete mode 100644 aa_mod.patch diff --git a/aa_mod.patch b/aa_mod.patch deleted file mode 100644 index b9a43b9..0000000 --- a/aa_mod.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix -index a4b3807e4e0f..87a2c2c81feb 100644 ---- a/nixos/modules/security/apparmor.nix -+++ b/nixos/modules/security/apparmor.nix -@@ -3,15 +3,11 @@ - with lib; - - let -- inherit (builtins) attrNames head map match readFile; -+ inherit (builtins) attrNames map match; - inherit (lib) types; - inherit (config.environment) etc; - cfg = config.security.apparmor; -- mkDisableOption = name: mkEnableOption name // { -- default = true; -- example = false; -- }; -- enabledPolicies = filterAttrs (n: p: p.enable) cfg.policies; -+ enabledPolicies = filterAttrs (n: p: p.state != "disable") cfg.policies; - in - - { -@@ -45,15 +41,30 @@ in - description = '' - AppArmor policies. - ''; -- type = types.attrsOf (types.submodule ({ name, config, ... }: { -+ type = types.attrsOf (types.submodule ({ name, config, options, ... }: { - options = { -- enable = mkDisableOption "loading of the profile into the kernel"; -- enforce = mkDisableOption "enforcing of the policy or only complain in the logs"; -+ state = mkOption { -+ description = -+ "The state of the profile as applied to the system by nix"; -+ type = types.enum [ "disable" "complain" "enforce" ]; -+ # should enforce really be the default? -+ # the docs state that this should only be used once one is REALLY sure nothing's gonna break -+ default = "enforce"; -+ }; -+ - profile = mkOption { -- description = "The policy of the profile."; -+ description = "The policy of the profile. Incompatible with path."; - type = types.lines; -- apply = pkgs.writeText name; - }; -+ -+ path = mkOption { -+ type = types.nullOr types.path; -+ default = null; -+ description = "A path of a profile to include. Incompatible with profile."; -+ apply = p: assert (assertMsg ((p != null && !options.profile.isDefined) || (p == null && options.profile.isDefined)) -+ "`security.apparmor.policies.\"${name}\"` must define exactly one of either path or profile."); -+ (if (p != null) then p else (pkgs.writeText name config.profile)); -+ }; - }; - })); - default = {}; -@@ -108,7 +119,7 @@ in - environment.etc."apparmor.d".source = pkgs.linkFarm "apparmor.d" ( - # It's important to put only enabledPolicies here and not all cfg.policies - # because aa-remove-unknown reads profiles from all /etc/apparmor.d/* -- mapAttrsToList (name: p: { inherit name; path = p.profile; }) enabledPolicies ++ -+ mapAttrsToList (name: p: { inherit name; path = p.path; }) enabledPolicies ++ - mapAttrsToList (name: path: { inherit name path; }) cfg.includes - ); - environment.etc."apparmor/parser.conf".text = '' -@@ -187,7 +198,7 @@ in - xargs --verbose --no-run-if-empty --delimiter='\n' \ - kill - ''; -- commonOpts = p: "--verbose --show-cache ${optionalString (!p.enforce) "--complain "}${p.profile}"; -+ commonOpts = p: "--verbose --show-cache ${optionalString (p.state == "complain") "--complain "}${p.path}"; - in { - Type = "oneshot"; - RemainAfterExit = "yes"; diff --git a/flake.nix b/flake.nix index 568c31e..5a703ba 100644 --- a/flake.nix +++ b/flake.nix @@ -53,7 +53,10 @@ }: let patches = [ - ./aa_mod.patch + { + url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/356796.patch"; + hash = "sha256-nlyqFxvD6O7MDNJxs/9pCRWzo4XvG++Znc3HvDFkiiY="; + } ]; customNixosSystem =