From 9dabfa7771d1ed535ad26c9d5e2d1ccca46fae00 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:16:22 +0200 Subject: [PATCH 01/16] Delete/rename modules --- modules/immich/env | 5 - modules/immich/module.nix | 584 ------------------ .../{mount-rock5b => mount-sisko}/default.nix | 0 .../{rock5b-proxy => sisko-proxy}/default.nix | 13 +- .../{rock5b-samba => sisko-samba}/default.nix | 0 5 files changed, 8 insertions(+), 594 deletions(-) delete mode 100644 modules/immich/env delete mode 100644 modules/immich/module.nix rename modules/{mount-rock5b => mount-sisko}/default.nix (100%) rename modules/{rock5b-proxy => sisko-proxy}/default.nix (92%) rename modules/{rock5b-samba => sisko-samba}/default.nix (100%) diff --git a/modules/immich/env b/modules/immich/env deleted file mode 100644 index 5c8b109..0000000 --- a/modules/immich/env +++ /dev/null @@ -1,5 +0,0 @@ -PUBLIC_LOGIN_PAGE_MESSAGE= - -IMMICH_WEB_URL=http://immich-web:3000 -IMMICH_SERVER_URL=http://immich-server:3001 -IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 \ No newline at end of file diff --git a/modules/immich/module.nix b/modules/immich/module.nix deleted file mode 100644 index 230691a..0000000 --- a/modules/immich/module.nix +++ /dev/null @@ -1,584 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) - hasAttr - hasPrefix - maintainers - mapAttrs - mkDefault - mkEnableOption - mkIf - mkMerge - mkOption - mkPackageOption - optional - optionalAttrs - optionalString - types - ; - - cfg = config.services.immich; - serverCfg = config.services.immich.server; - backendCfg = serverCfg.backend; - microservicesCfg = serverCfg.microservices; - webCfg = cfg.web; - mlCfg = cfg.machineLearning; - - isServerPostgresUnix = hasPrefix "/" serverCfg.postgres.host; - postgresEnv = - if isServerPostgresUnix then - { - # If passwordFile is given, this will be overwritten in ExecStart - DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; - } - else - { - DB_HOSTNAME = serverCfg.postgres.host; - DB_PORT = toString serverCfg.postgres.port; - DB_DATABASE_NAME = serverCfg.postgres.database; - DB_USERNAME = serverCfg.postgres.username; - }; - - typesenseEnv = - { - TYPESENSE_ENABLED = toString serverCfg.typesense.enable; - } - // optionalAttrs serverCfg.typesense.enable { - TYPESENSE_HOST = serverCfg.typesense.host; - TYPESENSE_PORT = toString serverCfg.typesense.port; - TYPESENSE_PROTOCOL = serverCfg.typesense.protocol; - }; - - # Don't start a redis instance if the user sets a custom redis connection - enableRedis = - !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; - redisServerCfg = config.services.redis.servers.immich; - redisEnv = optionalAttrs enableRedis { - REDIS_SOCKET = redisServerCfg.unixSocket; - }; - - serverEnv = - postgresEnv - // typesenseEnv - // redisEnv - // { - NODE_ENV = "production"; - - IMMICH_MEDIA_LOCATION = serverCfg.mediaDir; - IMMICH_MACHINE_LEARNING_URL = - if serverCfg.machineLearningUrl != null then serverCfg.machineLearningUrl else "false"; - }; - - serverStartWrapper = program: '' - set -euo pipefail - mkdir -p ${serverCfg.mediaDir} - - ${optionalString (serverCfg.postgres.passwordFile != null) ( - if isServerPostgresUnix then - ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' - else - "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" - )} - - ${optionalString serverCfg.typesense.enable '' - export TYPESENSE_API_KEY=$(cat ${serverCfg.typesense.apiKeyFile}) - ''} - - exec ${program} - ''; - - commonServiceConfig = { - Restart = "on-failure"; - - # Hardening - CapabilityBoundingSet = ""; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateUsers = true; - PrivateTmp = true; - PrivateDevices = true; - PrivateMounts = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProcSubset = "pid"; - # Would re-mount paths ignored by temporary root - # TODO ProtectSystem = "strict"; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "@pkey" - ]; - UMask = "0077"; - }; - - serverServiceConfig = { - DynamicUser = true; - User = "immich"; - Group = "immich"; - SupplementaryGroups = optional enableRedis redisServerCfg.user; - - StateDirectory = "immich"; - StateDirectoryMode = "0750"; - WorkingDirectory = "/var/lib/immich"; - - MemoryDenyWriteExecute = false; # nodejs requires this. - EnvironmentFile = mkIf (serverCfg.environmentFile != null) serverCfg.environmentFile; - - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - "-/run/postgresql" - ] ++ optional enableRedis redisServerCfg.unixSocket; - }; -in -{ - options.services.immich = { - enable = mkEnableOption "immich" // { - description = '' - Enables immich which consists of a backend server, microservices, - machine-learning and web ui. You can disable or reconfigure components - individually using the subsections. - ''; - }; - - package = mkPackageOption pkgs "immich" { }; - - server = { - mediaDir = mkOption { - type = types.str; - default = "/var/lib/immich/media"; - description = "Directory used to store media files."; - }; - - backend = { - enable = mkEnableOption "immich backend server" // { - default = true; - }; - port = mkOption { - type = types.port; - default = 3001; - description = "Port to bind to."; - }; - - openFirewall = mkOption { - default = false; - type = types.bool; - description = "Whether to open the firewall for the specified port."; - }; - - extraConfig = mkOption { - type = types.attrs; - default = { }; - example = { - LOG_LEVEL = "debug"; - }; - description = '' - Extra configuration options (environment variables). - Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'server' for available options. - ''; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Environment file as defined in systemd.exec(5). May be used to provide - additional secret variables to the service without adding them to the - world-readable Nix store. - ''; - }; - }; - - microservices = { - enable = mkEnableOption "immich microservices" // { - default = true; - }; - - port = mkOption { - type = types.port; - default = 3002; - description = "Port to bind to."; - }; - - openFirewall = mkOption { - default = false; - type = types.bool; - description = "Whether to open the firewall for the specified port."; - }; - - extraConfig = mkOption { - type = types.attrs; - default = { }; - example = { - REVERSE_GEOCODING_PRECISION = 1; - }; - description = '' - Extra configuration options (environment variables). - Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'microservices' for available options. - ''; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Environment file as defined in systemd.exec(5). May be used to provide - additional secret variables to the service without adding them to the - world-readable Nix store. - ''; - }; - }; - - typesense = { - enable = mkEnableOption "typesense" // { - default = true; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - example = "typesense.example.com"; - description = "Hostname/address of the typesense server to use."; - }; - - port = mkOption { - type = types.port; - default = 8108; - description = "The port of the typesense server to use."; - }; - - protocol = mkOption { - type = types.str; - default = "http"; - description = "The protocol to use when connecting to the typesense server."; - }; - - apiKeyFile = mkOption { - type = types.path; - description = "Sets the api key for authentication with typesense."; - }; - }; - - postgres = { - host = mkOption { - type = types.str; - default = "/run/postgresql"; - description = "Hostname/address of the postgres server to use. If an absolute path is given here, it will be interpreted as a unix socket path."; - }; - - port = mkOption { - type = types.port; - default = 5432; - description = "The port of the postgres server to use."; - }; - - username = mkOption { - type = types.str; - default = "immich"; - description = "The postgres username to use."; - }; - - passwordFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Sets the password for authentication with postgres. - May be unset when using socket authentication. - ''; - }; - - database = mkOption { - type = types.str; - default = "immich"; - description = "The postgres database to use."; - }; - }; - - useMachineLearning = mkOption { - description = "Use the given machine learning server endpoint to enable ML functionality in immich."; - default = true; - type = types.bool; - }; - - machineLearningUrl = mkOption { - type = types.str; - default = "http://127.0.0.1:3003"; - example = "https://immich-ml.internal.example.com"; - description = "The machine learning server endpoint to use."; - }; - - extraConfig = mkOption { - type = types.attrs; - default = { }; - example = { - REDIS_SOCKET = "/run/custom-redis"; - }; - description = '' - Extra configuration options (environment variables) for both backend and microservices. - Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with both 'server' and 'microservices' for available options. - ''; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Environment file as defined in systemd.exec(5). May be used to provide - additional secret variables to the backend and microservices servers without - adding them to the world-readable Nix store. - ''; - }; - }; - - web = { - enable = mkEnableOption "immich web frontend" // { - default = true; - }; - - port = mkOption { - type = types.port; - default = 3000; - description = "Port to bind to."; - }; - - openFirewall = mkOption { - default = false; - type = types.bool; - description = "Whether to open the firewall for the specified port."; - }; - - serverUrl = mkOption { - type = types.str; - default = "http://127.0.0.1:3001"; - example = "https://immich-backend.internal.example.com"; - description = "The backend server url to use."; - }; - - apiUrlExternal = mkOption { - type = types.str; - default = "/web"; - description = "The api url to use for external requests."; - }; - - extraConfig = mkOption { - type = types.attrs; - default = { }; - example = { - PUBLIC_LOGIN_PAGE_MESSAGE = "My awesome Immich instance!"; - }; - description = '' - Extra configuration options (environment variables). - Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'web' for available options. - ''; - }; - }; - - machineLearning = { - enable = mkEnableOption "immich machine-learning server" // { - default = true; - }; - - port = mkOption { - type = types.port; - default = 3003; - description = "Port to bind to."; - }; - - openFirewall = mkOption { - default = false; - type = types.bool; - description = "Whether to open the firewall for the specified port."; - }; - - extraConfig = mkOption { - type = types.attrs; - default = { }; - example = { - MACHINE_LEARNING_MODEL_TTL = 600; - }; - description = '' - Extra configuration options (environment variables). - Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'machine learning' for available options. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = !isServerPostgresUnix -> serverCfg.postgres.passwordFile != null; - message = "A database password must be provided when unix sockets are not used."; - } - ]; - - networking.firewall.allowedTCPPorts = mkMerge [ - (mkIf (backendCfg.enable && backendCfg.openFirewall) [ backendCfg.port ]) - (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [ microservicesCfg.port ]) - (mkIf (webCfg.enable && webCfg.openFirewall) [ webCfg.port ]) - (mkIf (mlCfg.enable && mlCfg.openFirewall) [ mlCfg.port ]) - ]; - - services.redis.servers.immich.enable = mkIf enableRedis true; - services.redis.vmOverCommit = mkIf enableRedis (mkDefault true); - - systemd.services.immich-server = mkIf backendCfg.enable { - description = "Immich backend server (Self-hosted photo and video backup solution)"; - after = [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] ++ optional enableRedis "redis-immich.service"; - wantedBy = [ "multi-user.target" ]; - - environment = - serverEnv - // { - SERVER_PORT = toString backendCfg.port; - } - // mapAttrs (_: toString) serverCfg.extraConfig - // mapAttrs (_: toString) backendCfg.extraConfig; - - script = serverStartWrapper "${cfg.package}/bin/server"; - serviceConfig = mkMerge [ - (commonServiceConfig // serverServiceConfig) - { - EnvironmentFile = mkIf (backendCfg.environmentFile != null) backendCfg.environmentFile; - } - ]; - }; - - systemd.services.immich-microservices = mkIf microservicesCfg.enable { - description = "Immich microservices (Self-hosted photo and video backup solution)"; - after = [ - "network.target" - "typesense.service" - "postgresql.service" - "immich-machine-learning.service" - ] ++ optional enableRedis "redis-immich.service"; - wantedBy = [ "multi-user.target" ]; - - environment = - serverEnv - // { - MICROSERVICES_PORT = toString microservicesCfg.port; - } - // mapAttrs (_: toString) serverCfg.extraConfig - // mapAttrs (_: toString) microservicesCfg.extraConfig; - - script = serverStartWrapper "${cfg.package}/bin/microservices"; - serviceConfig = mkMerge [ - (commonServiceConfig // serverServiceConfig) - { - EnvironmentFile = mkIf (microservicesCfg.environmentFile != null) microservicesCfg.environmentFile; - } - ]; - }; - - systemd.services.immich-web = mkIf webCfg.enable { - description = "Immich web (Self-hosted photo and video backup solution)"; - after = [ - "network.target" - "immich-server.service" - ]; - wantedBy = [ "multi-user.target" ]; - - environment = { - NODE_ENV = "production"; - PORT = toString webCfg.port; - IMMICH_SERVER_URL = webCfg.serverUrl; - IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; - } // mapAttrs (_: toString) webCfg.extraConfig; - - script = '' - set -euo pipefail - export PUBLIC_IMMICH_SERVER_URL=$IMMICH_SERVER_URL - export PUBLIC_IMMICH_API_URL_EXTERNAL=$IMMICH_API_URL_EXTERNAL - exec ${cfg.package.web}/bin/web - ''; - serviceConfig = commonServiceConfig // { - DynamicUser = true; - User = "immich-web"; - Group = "immich-web"; - - MemoryDenyWriteExecute = false; # nodejs requires this. - - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; - }; - - systemd.services.immich-machine-learning = mkIf mlCfg.enable { - description = "Immich machine learning (Self-hosted photo and video backup solution)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - environment = { - NODE_ENV = "production"; - MACHINE_LEARNING_PORT = toString mlCfg.port; - - MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; - TRANSFORMERS_CACHE = "/var/cache/immich-ml"; - } // mapAttrs (_: toString) mlCfg.extraConfig; - - serviceConfig = commonServiceConfig // { - ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; - DynamicUser = true; - User = "immich-ml"; - Group = "immich-ml"; - - MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. - ProcSubset = "all"; # Needs /proc/cpuinfo - - CacheDirectory = "immich-ml"; - CacheDirectoryMode = "0700"; - - # TODO gpu access - - TemporaryFileSystem = "/:ro"; - BindReadOnlyPaths = [ - "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" - "-/etc/hosts" - "-/etc/localtime" - ]; - }; - }; - - meta.maintainers = with maintainers; [ oddlama ]; - }; -} diff --git a/modules/mount-rock5b/default.nix b/modules/mount-sisko/default.nix similarity index 100% rename from modules/mount-rock5b/default.nix rename to modules/mount-sisko/default.nix diff --git a/modules/rock5b-proxy/default.nix b/modules/sisko-proxy/default.nix similarity index 92% rename from modules/rock5b-proxy/default.nix rename to modules/sisko-proxy/default.nix index 3a324ef..c6c1a7b 100644 --- a/modules/rock5b-proxy/default.nix +++ b/modules/sisko-proxy/default.nix @@ -47,13 +47,16 @@ proxyWebsockets = true; }; }; - - # "jellyfin.aciceri.dev" = { + "paper.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}"; + }; + }; + # "${config.services.nextcloud.hostName}" = { # forceSSL = true; # enableACME = true; - # locations."/" = { - # proxyPass = "http://localhost:8096"; - # }; # }; # "sevenofnix.aciceri.dev" = { # forceSSL = true; diff --git a/modules/rock5b-samba/default.nix b/modules/sisko-samba/default.nix similarity index 100% rename from modules/rock5b-samba/default.nix rename to modules/sisko-samba/default.nix From 2874437ab968e2ce57acabe3002548ad4bf89029 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:17:41 +0200 Subject: [PATCH 02/16] Remove unused `pkgsStable` argument and add a more useful `inputs` --- packages/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/default.nix b/packages/default.nix index ace7ede..258985d 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -54,10 +54,10 @@ (name: value: { inherit name; value = pkgs.callPackage "${self}/packages/${name}" { - pkgsStable = inputs.nixpkgsStable.legacyPackages.${system}; dream2nix = inputs.dream2nix; projectRoot = self.outPath; packagePath = "packages/${name}"; + inherit inputs; }; }) (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/packages")) From a8cc32d0e068a40970580eb00f0e1f66cd34f4a3 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:20:28 +0200 Subject: [PATCH 03/16] Enable `syncthing` on `sisko` --- hosts/kirk/default.nix | 1 + modules/syncthing/default.nix | 23 ++++++++++++----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index 7838975..aaf03b0 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -34,6 +34,7 @@ "adb" "binfmt" "prometheus-exporters" + "syncthing" ] ++ [ ./disko.nix diff --git a/modules/syncthing/default.nix b/modules/syncthing/default.nix index b857df4..eb25947 100644 --- a/modules/syncthing/default.nix +++ b/modules/syncthing/default.nix @@ -4,12 +4,13 @@ syncthing = { enable = true; guiAddress = "${config.networking.hostName}.fleet:8434"; - user = config.ccr.username; - dataDir = "/home/${config.ccr.username}"; + # TODO Use the home-manager module instead of the following conditions + user = if config.networking.hostName == "sisko" then "syncthing" else "ccr"; + dataDir = if config.networking.hostName == "sisko" then "/mnt/hd/syncthing" else "/home/ccr"; settings = { options = { urAccepted = 1; # anonymous usage data report - globalAnnounceEnabled = false; # Only sync on the VPN + globalAnnounceEnabled = false; # Only sync when connected to the VPN }; devices = { picard = { @@ -19,7 +20,7 @@ ]; }; sisko = { - id = "L5RAQXR-6U3ANNK-UJJ5AVN-37VKQRB-UK6HXSU-NN3V6HF-JNZEVA5-NI6UEAP"; + id = "5JYQLMP-KNBMSOE-I452UDU-UTKPXJI-K27X2DI-MSCSRCG-6V54Q6U-NVGXPQA"; addresses = [ "tcp://sisko.fleet" ]; @@ -31,7 +32,7 @@ ]; }; oneplus8t = { - id = "76BJ2ZE-FPFDWUZ-3UZIENZ-TS6YBGG-EZSF6UE-GLHRBQ2-KTHTRMI-3JWNRAT"; + id = "KMB2YRF-DGTWU24-SLITU23-5TN7BMQ-6PFAQQZ-CZ7J2QL-PIGVBTU-VRFRMQV"; addresses = [ "tcp://oneplus8t.fleet" ]; @@ -41,9 +42,9 @@ org = { path = { - picard = "/home/${config.ccr.username}/org"; - sisko = "/home/${config.ccr.username}/org"; - kirk = "/home/${config.ccr.username}/org"; + picard = "/home/ccr/org"; + sisko = "/mnt/hd/syncthing/org"; + kirk = "/home/ccr/org"; } .${config.networking.hostName}; devices = [ @@ -56,9 +57,9 @@ sync = { path = { - picard = "/home/${config.ccr.username}/sync"; - sisko = "/home/${config.ccr.username}/sync"; - kirk = "/home/${config.ccr.username}/sync"; + picard = "/home/ccr/sync"; + sisko = "/mnt/hd/syncthing/sync"; + kirk = "/home/ccr/sync"; } .${config.networking.hostName}; devices = [ From 4ffc9224198882c3794181cfd0e7a3d6a713bd5b Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:21:58 +0200 Subject: [PATCH 04/16] Backup also the postgres db and paperless --- modules/restic/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 3edb52d..c3ba948 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -25,10 +25,21 @@ in host }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; + services.postgresqlBackup = { + enable = true; + backupAll = true; + location = "/var/backup/postgresql"; + }; + + environment.persistence."/persist".directories = [ + config.services.postgresqlBackup.location + ]; + services.restic.backups.sisko = { paths = [ "/persist" "/mnt/hd/immich" + "/mnt/hd/paperless" ]; exclude = [ " /persist/var/lib/containers" ]; passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path; From 494542e1d216a62535fa5d8e32899ef499c368d2 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:22:34 +0200 Subject: [PATCH 05/16] Re-enable `paperless` on `sisko` --- hosts/sisko/default.nix | 1 + modules/paperless/default.nix | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 298eb78..9e97a42 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -29,6 +29,7 @@ "restic" "atuin" "immich" + "paperless" ] ++ [ ./disko.nix diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index 6770ce5..4918ed7 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -4,8 +4,7 @@ enable = true; address = "0.0.0.0"; passwordFile = builtins.toFile "paperless-initial-password" "paperless"; - mediaDir = "/mnt/hd/paperless/media"; - consumptionDir = "/mnt/hd/paperless/consume"; + mediaDir = "/mnt/hd/paperless/"; settings = { PAPERLESS_OCR_LANGUAGE = "ita+eng"; PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ @@ -15,11 +14,12 @@ PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; + invalidate_digital_signatures = true; }; }; }; - backup.paths = [ + environment.persistence."/persist".directories = [ config.services.paperless.dataDir ]; } From 688ec82cafb2ff812ee9f3442d6c3182fb9f8e4e Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:23:13 +0200 Subject: [PATCH 06/16] Migrate CIFS to NFS --- modules/mount-sisko/default.nix | 32 +++++++++++++++++++------------- modules/sisko-nfs/default.nix | 20 ++++++++++++++++++++ 2 files changed, 39 insertions(+), 13 deletions(-) create mode 100644 modules/sisko-nfs/default.nix diff --git a/modules/mount-sisko/default.nix b/modules/mount-sisko/default.nix index 5ae34a0..61671a5 100644 --- a/modules/mount-sisko/default.nix +++ b/modules/mount-sisko/default.nix @@ -4,18 +4,24 @@ ... }: { - fileSystems."/home/${config.ccr.username}/torrent" = { - device = "//sisko.fleet/torrent"; - fsType = "cifs"; - options = - let - credentials = pkgs.writeText "credentials" '' - username=guest - password= - ''; - in - [ - "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=1000,gid=1000" - ]; + environment.systemPackages = with pkgs; [ nfs-utils ]; + boot.supportedFilesystems = [ "nfs" ]; + services.rpcbind.enable = true; + + security.wrappers."mount.nfs" = { + setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.nfs-utils.out}/bin/mount.nfs"; + }; + + fileSystems."/home/${config.ccr.username}/nas" = { + device = "sisko.fleet:/hd"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + ]; }; } diff --git a/modules/sisko-nfs/default.nix b/modules/sisko-nfs/default.nix new file mode 100644 index 0000000..7e9b82b --- /dev/null +++ b/modules/sisko-nfs/default.nix @@ -0,0 +1,20 @@ +{ + systemd.tmpfiles.rules = [ + "d /export 770 nobody nogroup" + ]; + + fileSystems."/export/hd" = { + device = "/mnt/hd"; + options = [ "bind" ]; + }; + + services.nfs.server = { + enable = true; + exports = '' + /export 10.100.0.1/24(rw,fsid=0,no_subtree_check) + /export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash) + ''; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; +} From 13ac723ec03ffbf6a15b08aa7d9058b788e3f63c Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:23:26 +0200 Subject: [PATCH 07/16] Reminder to migrate forgejo to a postgres backend It's easier to backup --- modules/forgejo/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index ae7f0c4..d67ccc5 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -4,6 +4,7 @@ }: { services.forgejo = { + # TODO migrate to Postgres enable = true; settings = { DEFAULT = { From 5edc79b504eb0bcf41570774765be6584c8c4cbd Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:23:48 +0200 Subject: [PATCH 08/16] Remove unused domains add new ones --- modules/cloudflare-dyndns/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index b70c98d..e86c6b6 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -12,12 +12,10 @@ "search.aciceri.dev" "invidious.aciceri.dev" "vpn.aciceri.dev" - "cache.aciceri.dev" - "matrix.aciceri.dev" - "syncv3.matrix.aciceri.dev" - "jellyfin.aciceri.dev" "photos.aciceri.dev" "status.aciceri.dev" + "paper.aciceri.dev" + "cloud.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; From 00580c2c1feadc03dd983336ec0b5c169dbca779 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:24:36 +0200 Subject: [PATCH 09/16] Remove warning about missing meta attribute --- hmModules/logseq/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hmModules/logseq/default.nix b/hmModules/logseq/default.nix index f8ff624..dffb462 100644 --- a/hmModules/logseq/default.nix +++ b/hmModules/logseq/default.nix @@ -8,7 +8,7 @@ let hash = "sha256-Hy/zk8ZCkWajsMRUMsewLvkKpMpsBZYnFootPU9y6Z0="; }; }; - logseq-wayland = pkgs.writeScriptBin "logseq" "${lib.getExe logseq} --enable-features=UseOzonePlatform --ozone-platform=wayland"; + logseq-wayland = pkgs.writeScriptBin "logseq" "${lib.getExe' logseq "logseq"} --enable-features=UseOzonePlatform --ozone-platform=wayland"; in { home.packages = [ logseq-wayland ]; From ce0732941758651fa42dacd089383129e25f5f31 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:24:58 +0200 Subject: [PATCH 10/16] Re-enable shortcut for Emacs --- hmModules/hyprland/hyprland.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/hmModules/hyprland/hyprland.conf b/hmModules/hyprland/hyprland.conf index c8c20af..543355b 100644 --- a/hmModules/hyprland/hyprland.conf +++ b/hmModules/hyprland/hyprland.conf @@ -36,6 +36,7 @@ bind = $mod, m, exec, footclient $SHELL -C "aerc" bind = $mod, d, exec, fuzzel --background-color=253559cc --border-radius=5 --border-width=0 bind = $mod, s, exec, screenshot.sh bind = $mod, n, exec, logseq +bind = $mod, x, exec, emacsclient -c bind = , XF86MonBrightnessUp, exec, brightnessctl s +5% bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%- bind = $mod, code:60, exec, brightnessctl s +5% From a0f9a2b55d273f71ff9a8b315244c924bd081c77 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:25:19 +0200 Subject: [PATCH 11/16] Improve email --- hmModules/email/default.nix | 68 ++++++++++++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-) diff --git a/hmModules/email/default.nix b/hmModules/email/default.nix index 829f6c7..5ae160a 100644 --- a/hmModules/email/default.nix +++ b/hmModules/email/default.nix @@ -8,7 +8,19 @@ { programs.mbsync.enable = true; programs.msmtp.enable = true; - services.mbsync.enable = true; + services.mbsync = { + enable = true; + postExec = lib.getExe ( + pkgs.writeShellScriptBin "mbsync-post-exec" '' + ${lib.getExe pkgs.notmuch} new + for _ in _ _ + do + afew -C ~/.config/notmuch/default/config --tag --new -vv + afew -C ~/.config/notmuch/default/config --move --new -vv + done + '' + ); + }; home.file.".config/aerc/stylesets" = let @@ -188,6 +200,58 @@ }; }; + programs.notmuch = { + enable = true; + new.tags = [ "new" ]; + search.excludeTags = [ + "trash" + "deleted" + "spam" + ]; + maildir.synchronizeFlags = true; + }; + + programs.afew = { + enable = true; + extraConfig = '' + [Filter.1] + message = "Tag GitHub notifications" + tags = +github + query = from:noreply@github.com OR from:notifications@github.com + + [Filter.2] + query = "folder:autistici/Inbox" + tags = +autistici + message = "Tag personal autistici emails" + + [Filter.3] + query = "not folder:autistici/Inbox" + tag = -new + message = "Sanity check: remove the new tag for emails moved out from Inbox" + + [Filter.4] + query = "not folder:autistici/Inbox" + tag = -new + message = "Sanity check: remove the new tag for emails moved out from Inbox" + + [Filter.5] + query = "not folder:autistici/Sent" + tag = +sent + message = "Sanity check: add the sent tag for emails in Sent" + + [Filter.6] + query = "not folder:autistici/Drafts" + tag = +draft + message = "Sanity check: add the draft tag for emails in Draft" + + [MailMover] + folders = autistici/Inbox + rename = true + + autistici/Inbox = 'tag:archive':autistici/Archive 'tag:github':autistici/GitHub 'NOT tag:new':autistici/Trash + ''; + }; + systemd.user.services.emails-watcher = { Unit.Description = "Send notifications when new emails arrive"; Install = { @@ -214,6 +278,8 @@ mbsync = { enable = true; create = "maildir"; + expunge = "both"; + remove = "both"; }; msmtp.enable = true; notmuch.enable = true; From 6ead1cbc6e5fa63c70e0c4cc2ab7f23dabcd4121 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:26:07 +0200 Subject: [PATCH 12/16] New modules used on `sisko` and `picard` --- hosts/kirk/default.nix | 20 ++++++++++++++------ hosts/picard/default.nix | 5 +++-- hosts/sisko/default.nix | 5 +++-- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index aaf03b0..272dd30 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -1,7 +1,7 @@ { fleetModules, lib, - config, + pkgs, ... }: { @@ -27,13 +27,13 @@ "printing" "pam" "wireguard-client" - "restic" "greetd" "syncthing" - "mount-rock5b" + "mount-sisko" "adb" "binfmt" "prometheus-exporters" + "promtail" "syncthing" ] ++ [ @@ -72,6 +72,9 @@ "zathura" "imv" "catppuccin" + "libreoffice" + "logseq" + "emacs" ]; extraGroups = [ ]; backupPaths = [ ]; @@ -88,7 +91,7 @@ "kvm-intel" ]; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_10; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot = { @@ -102,8 +105,13 @@ powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil"; hardware.enableRedistributableFirmware = lib.mkDefault true; - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport32Bit = true; + enable32Bit = true; + }; + + zramSwap = { + enable = true; + algorithm = "zstd"; }; } diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index c4128f7..faa6571 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -31,13 +31,13 @@ "wireguard-client" "binfmt" "greetd" - # "syncthing" + "syncthing" "hass-poweroff" "forgejo-runners" "teamviewer" "macos-ventura" "sunshine" - "mount-rock5b" + "mount-sisko" "adb" "guix" "prometheus-exporters" @@ -91,6 +91,7 @@ "imv" "libreoffice" "logseq" + "emacs" ]; extraGroups = [ ]; backupPaths = [ ]; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 9e97a42..6295c63 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -15,10 +15,10 @@ "home-assistant" "adguard-home" "cloudflare-dyndns" - "rock5b-proxy" + "sisko-proxy" "invidious" "searx" - "rock5b-samba" + "sisko-nfs" "forgejo" "prometheus" "grafana" @@ -30,6 +30,7 @@ "atuin" "immich" "paperless" + "syncthing" ] ++ [ ./disko.nix From 7e210d325f4fb61b6d613db1ecc27be7740e4b9e Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:26:58 +0200 Subject: [PATCH 13/16] Add `emacs-overlay` flake input --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index bc75454..72b2a1f 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; catppuccin.url = "github:catppuccin/nix"; + emacs-overlay.url = "github:nix-community/emacs-overlay"; }; outputs = From 74880599ea5d4b7b2016aa694fc1e76db0c0fe70 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:27:41 +0200 Subject: [PATCH 14/16] Update inputs --- flake.lock | 124 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 105 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index c270768..8a2a579 100644 --- a/flake.lock +++ b/flake.lock @@ -119,6 +119,26 @@ "type": "github" } }, + "emacs-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1728638138, + "narHash": "sha256-9BNhvMzh/bQmm0VhhRrl3fmiIjQnvRrVUwXIM5mtYY4=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "b3101a3a0f3883f97fa867ef56b0f29fa2b2b7f1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, "fan-control": { "flake": false, "locked": { @@ -267,6 +287,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -321,7 +359,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1726745158, @@ -383,7 +421,7 @@ "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1701009247, @@ -557,7 +595,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": [ "lix" @@ -626,7 +664,7 @@ "inputs": { "home-manager": "home-manager_2", "nix-formatter-pack": "nix-formatter-pack", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nmd": "nmd" @@ -647,7 +685,7 @@ }, "nixDarwin": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1727003835, @@ -814,6 +852,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1720386169, "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", @@ -829,7 +883,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1720386169, "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", @@ -862,6 +916,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1708172716, "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", @@ -876,7 +946,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 0, "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", @@ -888,7 +958,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1697723726, "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", @@ -904,13 +974,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -920,7 +990,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1678470307, "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=", @@ -936,7 +1006,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -1031,7 +1101,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1721042469, @@ -1091,7 +1161,7 @@ "fan-control": "fan-control", "flake-parts": "flake-parts_4", "kernel-src": "kernel-src", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-kernel": "nixpkgs-kernel", "panfork": "panfork", "tow-boot": "tow-boot", @@ -1117,6 +1187,7 @@ "catppuccin": "catppuccin", "disko": "disko", "dream2nix": "dream2nix", + "emacs-overlay": "emacs-overlay", "flakeParts": "flakeParts", "git-hooks-nix": "git-hooks-nix", "homeManager": "homeManager", @@ -1130,7 +1201,7 @@ "nixDarwin": "nixDarwin", "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "rock5b": "rock5b", "treefmt-nix": "treefmt-nix_2", "vscode-server": "vscode-server" @@ -1240,6 +1311,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tow-boot": { "flake": false, "locked": { @@ -1300,8 +1386,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1713958148, From 87b886bfb07f40946f6aecc5b6e710634944ae5d Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:32:00 +0200 Subject: [PATCH 15/16] Disable deadnix check It's too annoying --- checks/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index d4de7c0..1ea5427 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -17,13 +17,13 @@ projectRootFile = ".git/config"; programs = { nixfmt-rfc-style.enable = true; - deadnix.enable = true; + deadnix.enable = false; }; }; pre-commit.settings.hooks = { nixfmt-rfc-style.enable = true; - deadnix.enable = true; + deadnix.enable = false; }; }; From 911cc18e6594fc1bc9c40b319fcc54ee9fb3fcbe Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 17 Oct 2024 23:32:16 +0200 Subject: [PATCH 16/16] Vendor emacs --- hmModules/emacs/default.nix | 47 ++++++++++++++-- packages/emacs/default.nix | 35 ++++++++++++ packages/emacs/packages.nix | 108 ++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+), 4 deletions(-) create mode 100644 packages/emacs/default.nix create mode 100644 packages/emacs/packages.nix diff --git a/hmModules/emacs/default.nix b/hmModules/emacs/default.nix index 98463cc..fa8d312 100644 --- a/hmModules/emacs/default.nix +++ b/hmModules/emacs/default.nix @@ -1,10 +1,49 @@ { lib, - age, + fleetFlake, + pkgs, ... }: +let + emacs = fleetFlake.packages.${pkgs.system}.emacs; +in { - ccrEmacs.enable = true; - home.sessionVariables.EDITOR = lib.mkForce "emacsclient"; - systemd.user.services.emacs.Service.EnvironmentFile = age.secrets.chatgpt-token.path; + home.sessionVariables.EDITOR = lib.mkForce "emacsclient -c"; + programs.emacs = { + enable = true; + package = emacs; + }; + services.emacs = { + enable = true; + client.enable = true; + defaultEditor = true; + socketActivation.enable = false; + startWithUserSession = true; + package = emacs; + }; + home.packages = + with pkgs; + [ + binutils + delta + (ripgrep.override { withPCRE2 = true; }) + gnutls + fd + hunspell + python3 + imagemagick + ghostscript_headless + mupdf-headless + poppler_utils + ffmpegthumbnailer + mediainfo + unzipNLS + nodejs_20 + pkgs.qadwaitadecorations + pkgs.kdePackages.qtwayland + ] + ++ (with hunspellDicts; [ + en_US-large + it_IT + ]); } diff --git a/packages/emacs/default.nix b/packages/emacs/default.nix new file mode 100644 index 0000000..fe77b46 --- /dev/null +++ b/packages/emacs/default.nix @@ -0,0 +1,35 @@ +{ + lib, + inputs, + pkgs, + ... +}: +let + pkgs' = pkgs.extend ( + lib.composeManyExtensions [ + inputs.emacs-overlay.overlays.package + inputs.emacs-overlay.overlays.emacs + ] + ); + all-grammars = pkgs'.tree-sitter.withPlugins builtins.attrValues; + treesitGrammars = pkgs'.runCommand "treesit-grammars" { } '' + mkdir $out + for f in ${all-grammars}/* + do + cp $f $out/"libtree-sitter-$(basename $f)" + done + ''; + emacsWithoutPackages = pkgs'.emacs-git.override { + withSQLite3 = true; + withWebP = true; + withPgtk = true; + }; + emacs = (pkgs'.emacsPackagesFor emacsWithoutPackages).emacsWithPackages ( + import ./packages.nix pkgs' + ); +in +emacs.overrideAttrs { + passthru = { + inherit treesitGrammars; + }; +} diff --git a/packages/emacs/packages.nix b/packages/emacs/packages.nix new file mode 100644 index 0000000..7baa25f --- /dev/null +++ b/packages/emacs/packages.nix @@ -0,0 +1,108 @@ +pkgs: epkgs: +let + inherit (epkgs) melpaPackages nongnuPackages elpaPackages; + + # *Attrset* containig extra emacs packages from flake inputs + + # *List* containing emacs packages from (M)ELPA + mainPackages = + # builtins.filter + # if an extra package has the same name then give precedence to it + # (package: ! builtins.elem package.pname (builtins.attrNames extraPackages)) + (with melpaPackages; [ + meow + meow-tree-sitter + dracula-theme + nord-theme + catppuccin-theme + modus-themes + # solaire-mode + nerd-icons + nerd-icons-completion + nerd-icons-ibuffer + nerd-icons-dired + ligature + treemacs-nerd-icons + eshell-syntax-highlighting + fish-completion # fish completion for eshell + eshell-prompt-extras + eshell-atuin + eshell-command-not-found + clipetty + sideline + consult-eglot + # sideline-flymake + rainbow-delimiters + vertico + marginalia + consult + orderless + embark + embark-consult + magit + magit-delta + magit-todos + difftastic + with-editor + diff-hl + corfu + cape + which-key + nix-mode + nix-ts-mode + agenix + zig-mode + unisonlang-mode + purescript-mode + dhall-mode + envrc + inheritenv + popper + paredit + yaml-mode + hl-todo + markdown-mode + haskell-mode + terraform-mode + diredfl + org-modern + org-roam + org-roam-ql + visual-fill-column + consult-org-roam + pass + password-store-otp + eldoc-box + go-translate + notmuch + consult-notmuch + poly-org + casual-calc + gptel + agenix + solidity-mode + # org-re-reveal # FIXME very not nice hash mismatch when building + # gptel # TODO uncomment when there will be a new release including GPT-4o + ]) + ++ (with elpaPackages; [ + delight + kind-icon + ef-themes + indent-bars + ]) + ++ (with nongnuPackages; [ + eat + corfu-terminal + haskell-ts-mode + ]); +in +mainPackages +# ++ (builtins.attrValues extraPackages) +# Playing with EAF +++ [ + # Disabled because pymupdf was broken + # (pkgs.callPackage ./eaf.nix { + # inherit (epkgs) melpaBuild; + # inherit (melpaPackages) ctable deferred epc s; + # }) +]