diff options
Diffstat (limited to 'host')
| -rw-r--r-- | host/Rory-desktop/configuration.nix | 97 | ||||
| -rw-r--r-- | host/Rory-desktop/mariadb.nix | 10 | ||||
| -rw-r--r-- | host/Rory-desktop/nginx.nix | 39 | ||||
| -rwxr-xr-x | host/Rory-desktop/nginx/discord.localhost.nix | 37 | ||||
| -rwxr-xr-x | host/Rory-desktop/postgres.nix | 34 |
5 files changed, 172 insertions, 45 deletions
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix index be7f4b2..a34fc1c 100644 --- a/host/Rory-desktop/configuration.nix +++ b/host/Rory-desktop/configuration.nix @@ -7,6 +7,9 @@ ../../modules/packages/vim.nix # ../../modules/environments/home.nix ../../modules/software-templates/profilers.nix + ./postgres.nix + ./mariadb.nix + ./nginx.nix ]; boot = { @@ -50,42 +53,40 @@ enable = true; updateDbusEnvironment = true; videoDrivers = ["nvidia"]; - #videoDrivers = [ "intel" ]; - #desktopManager.gnome.enable = true; + desktopManager.gnome.enable = true; libinput.enable = true; layout = "us"; - #modules = [ pkgs.xorg.xf86videointel ]; windowManager.i3.enable = true; - #windowManager.i3.extraPackages = with pkgs; [ ]; windowManager.i3.extraSessionCommands = '' - xrandr --output DP-5 --auto --pos -1920x1080 - xrandr --output HDMI-0 --auto --primary --pos 1920x0 - polybar & - dunst & + # output from arandr: + xrandr --output DP-0 --off --output DP-1 --off --output DP-2 --off --output DP-3 --off --output HDMI-0 --primary --mode 3840x2160 --pos 0x0 --rotate normal --output DP-4 --off --output DP-5 --mode 1920x1080 --pos 3840x1080 --rotate normal + ${pkgs.polybarFull}/bin/polybar & + ${pkgs.dunst}/bin/dunst & + ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../modules/users/Rory/wallpaper.webp} ''; wacom.enable = true; }; picom.enable = true; picom.vSync = false; picom.backend = "glx"; - #gnome = { - # core-developer-tools.enable = false; - # core-utilities.enable = false; - # tracker-miners.enable = false; - # tracker.enable = false; - # sushi.enable = false; - # rygel.enable = false; - # gnome-user-share.enable = false; - # gnome-remote-desktop.enable = false; - # gnome-online-miners.enable = lib.mkForce false; - # gnome-online-accounts.enable = false; - # gnome-initial-setup.enable = false; - # gnome-browser-connector.enable = false; - # games.enable = false; - # gnome-keyring.enable = lib.mkForce false; - # evolution-data-server.enable = lib.mkForce false; - # at-spi2-core.enable = lib.mkForce false; - #}; + gnome = { + core-developer-tools.enable = false; + core-utilities.enable = false; + tracker-miners.enable = false; + tracker.enable = false; + sushi.enable = false; + rygel.enable = false; + gnome-user-share.enable = false; + gnome-remote-desktop.enable = false; + gnome-online-miners.enable = lib.mkForce false; + gnome-online-accounts.enable = false; + gnome-initial-setup.enable = false; + gnome-browser-connector.enable = false; + games.enable = false; + gnome-keyring.enable = lib.mkForce false; + evolution-data-server.enable = lib.mkForce false; + at-spi2-core.enable = lib.mkForce false; + }; openssh = { enable = true; extraConfig = '' @@ -120,6 +121,7 @@ }; environment.systemPackages = with pkgs; [ + qt6.qtwayland gnome-console feh @@ -130,6 +132,7 @@ # - IDEs jetbrains-toolbox jetbrains.rider + jetbrains.webstorm github-copilot-intellij-agent @@ -154,9 +157,6 @@ # extra packages dmenu - i3status - polybarFull - dunst cinnamon.nemo gnome.file-roller @@ -171,10 +171,11 @@ unrar-wrapper - (schildichat-desktop.override { electron = electron; }) + #(schildichat-desktop.override { electron = electron; }) (callPackage ../../modules/packages/nheko-git.nix { inherit nhekoSrc; inherit mtxclientSrc; voipSupport = false; }) #(callPackage ../../modules/packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { }) ]; + programs.steam.enable = true; programs.steam.gamescopeSession.enable = true; @@ -183,20 +184,20 @@ # pkgs.gnome-tour # pkgs.gnome-user-docs #]; - xdg = { - portal = { - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - xdgOpenUsePortal = true; - }; - sounds.enable = true; - mime.enable = true; - menus.enable = true; - icons.enable = true; - autostart.enable = true; - }; + #xdg = { + # portal = { + # enable = true; + # extraPortals = with pkgs; [ + # xdg-desktop-portal-gtk + # ]; + # xdgOpenUsePortal = true; + # }; + # sounds.enable = true; + # mime.enable = true; + # menus.enable = true; + # icons.enable = true; + # autostart.enable = true; + #}; fonts = { fonts = with pkgs; [ (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) @@ -224,7 +225,13 @@ }; }; nixpkgs = { - config.allowUnfree = true; + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "electron-25.9.0" + ]; + }; + }; security = { polkit.enable = true; diff --git a/host/Rory-desktop/mariadb.nix b/host/Rory-desktop/mariadb.nix new file mode 100644 index 0000000..3ebbb0b --- /dev/null +++ b/host/Rory-desktop/mariadb.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: + +{ + services.mysql = { + enable = true; + package = pkgs.mariadb; + }; + +} + diff --git a/host/Rory-desktop/nginx.nix b/host/Rory-desktop/nginx.nix new file mode 100644 index 0000000..fc2adca --- /dev/null +++ b/host/Rory-desktop/nginx.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: + +{ + services = { + nginx = { + enable = true; + #package = pkgs.nginxQuic; + recommendedProxySettings = true; + #recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + #defaultMimeTypes = ../../../../modules/packages/nginx/mime.types; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; }; + + }; + }; + }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + +} diff --git a/host/Rory-desktop/nginx/discord.localhost.nix b/host/Rory-desktop/nginx/discord.localhost.nix new file mode 100755 index 0000000..149d2b1 --- /dev/null +++ b/host/Rory-desktop/nginx/discord.localhost.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: + +{ + root = "/www/discord"; + addSSL = true; + enableACME = false; + + # We don't care about certificates around here... + sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem"; + sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem"; + + + extraConfig = '' + autoindex on; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + ''; + + locations = { + "/" = { + index = "index.html"; + extraConfig = '' + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + more_set_headers 'Access-Control-Allow-Headers: *'; + more_set_headers 'Access-Control-Expose-Headers: *'; + more_set_headers 'Access-Control-Max-Age' 1728000; + + # default to /index.html if file not found + try_files $uri $uri/ /index.html; + ''; + }; + }; +} diff --git a/host/Rory-desktop/postgres.nix b/host/Rory-desktop/postgres.nix new file mode 100755 index 0000000..e1e4432 --- /dev/null +++ b/host/Rory-desktop/postgres.nix @@ -0,0 +1,34 @@ +{ config, pkgs, lib, ... }: + +{ + #systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_16; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host discordbots discordbots 192.168.1.2/32 trust + host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust + host all all 0.0.0.0/0 md5 + ''; + # initialScript = pkgs.writeText "backend-initScript" '' + # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB; + # CREATE DATABASE nixcloud; + # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud; + # ''; + #dataDir = "/mnt/postgres/data"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; + +} + |