From 1fdbb44df1c3b8c0bab9e36cee3e8167e102efc3 Mon Sep 17 00:00:00 2001 From: Quentin Aristote Date: Fri, 17 Feb 2023 21:22:14 +0100 Subject: add filtron and rss-bridge modules --- modules/nixos/boot.nix | 17 ------- modules/nixos/default.nix | 10 +--- modules/nixos/environment.nix | 31 ------------ modules/nixos/filtron.nix | 86 ++++++++++++++++++++++++++++++++++ modules/nixos/gui.nix | 54 --------------------- modules/nixos/hardware.nix | 70 --------------------------- modules/nixos/networking.nix | 60 ------------------------ modules/nixos/nix.nix | 52 -------------------- modules/nixos/personal/boot.nix | 17 +++++++ modules/nixos/personal/default.nix | 13 +++++ modules/nixos/personal/environment.nix | 31 ++++++++++++ modules/nixos/personal/gui.nix | 54 +++++++++++++++++++++ modules/nixos/personal/hardware.nix | 70 +++++++++++++++++++++++++++ modules/nixos/personal/networking.nix | 60 ++++++++++++++++++++++++ modules/nixos/personal/nix.nix | 52 ++++++++++++++++++++ modules/nixos/personal/user.nix | 22 +++++++++ modules/nixos/rss-bridge.nix | 56 ++++++++++++++++++++++ modules/nixos/user.nix | 22 --------- 18 files changed, 462 insertions(+), 315 deletions(-) delete mode 100644 modules/nixos/boot.nix delete mode 100644 modules/nixos/environment.nix create mode 100644 modules/nixos/filtron.nix delete mode 100644 modules/nixos/gui.nix delete mode 100644 modules/nixos/hardware.nix delete mode 100644 modules/nixos/networking.nix delete mode 100644 modules/nixos/nix.nix create mode 100644 modules/nixos/personal/boot.nix create mode 100644 modules/nixos/personal/default.nix create mode 100644 modules/nixos/personal/environment.nix create mode 100644 modules/nixos/personal/gui.nix create mode 100644 modules/nixos/personal/hardware.nix create mode 100644 modules/nixos/personal/networking.nix create mode 100644 modules/nixos/personal/nix.nix create mode 100644 modules/nixos/personal/user.nix create mode 100644 modules/nixos/rss-bridge.nix delete mode 100644 modules/nixos/user.nix (limited to 'modules/nixos') diff --git a/modules/nixos/boot.nix b/modules/nixos/boot.nix deleted file mode 100644 index b3f36aa..0000000 --- a/modules/nixos/boot.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, ... }: - -let cfg = config.personal.boot; -in { - options.personal.boot = { grub.enable = lib.mkEnableOption "grub"; }; - - config.boot.loader = lib.mkIf cfg.grub.enable { - efi = { canTouchEfiVariables = true; }; - grub = { - enable = true; - version = 2; - efiSupport = true; - enableCryptodisk = config.boot.initrd.luks.devices != { }; - device = "nodev"; - }; - }; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 9485a9d..d5f15a2 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,13 +1,5 @@ { ... }: { - imports = [ - ./boot.nix - ./environment.nix - ./gui.nix - ./hardware.nix - ./networking.nix - ./nix.nix - ./user.nix - ]; + imports = [ ./filtron.nix ./personal ./rss-bridge.nix ]; } diff --git a/modules/nixos/environment.nix b/modules/nixos/environment.nix deleted file mode 100644 index 5c84037..0000000 --- a/modules/nixos/environment.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -let cfg = config.personal.environment; -in { - options.personal.environment = { - enable = lib.mkEnableOption "basic environment"; - locale.enable = lib.mkEnableOption "French locale"; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - environment.systemPackages = with pkgs; [ - vim - gitMinimal - busybox - coreutils - ]; - } - (lib.mkIf cfg.locale.enable { - time.timeZone = "Europe/Paris"; - i18n = { - defaultLocale = "fr_FR.utf8"; - extraLocaleSettings.LANG = "en_US.utf8"; - }; - console = { - font = "Lat2-Terminus16"; - keyMap = config.personal.hardware.keyboard.keyMap; - }; - }) - ]); -} diff --git a/modules/nixos/filtron.nix b/modules/nixos/filtron.nix new file mode 100644 index 0000000..31d77e9 --- /dev/null +++ b/modules/nixos/filtron.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.filtron; + addressType = lib.types.submodule { + options = { + address = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + }; + port = lib.mkOption { type = lib.types.port; }; + }; + }; +in { + options.services.filtron = { + enable = lib.mkEnableOption "filtron"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.personal.filtron; + defaultText = lib.literalExample "pkgs.personal.filtron"; + description = '' + The package containing the filtron executable. + ''; + }; + api = lib.mkOption { + type = addressType; + default = { address = "localhost"; port = 4005; }; + description = '' + API listen address and port. + ''; + }; + listen = lib.mkOption { + type = addressType; + default = { port = 4004; }; + description = '' + Proxy listen address and port. + ''; + }; + target = lib.mkOption { + type = addressType; + default = { port = 8888; }; + description = '' + Target address and port for reverse proxy. + ''; + }; + rules = lib.mkOption { + type = with lib.types; listOf (attrsOf anything); + description = '' + Rule list. + ''; + }; + readBufferSize = lib.mkOption { + type = lib.types.int; + default = 16384; + description = '' + Size of the buffer used for reading. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.filtron = { + description = "Filtron daemon user"; + group = "filtron"; + isSystemUser = true; + }; + users.groups.filtron = { }; + + systemd.services.filtron = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Start a filtron instance."; + serviceConfig = { + User = "filtron"; + ExecStart = with builtins; '' + ${cfg.package}/bin/filtron \ + -rules ${toFile "filtron-rules.json" (toJSON cfg.rules)} \ + -api "${cfg.api.address}:${toString cfg.api.port}" \ + -listen "${cfg.listen.address}:${toString cfg.listen.port}" \ + -target "${cfg.target.address}:${toString cfg.target.port}" \ + -read-buffer-size ${toString cfg.readBufferSize} + ''; + }; + }; + }; +} diff --git a/modules/nixos/gui.nix b/modules/nixos/gui.nix deleted file mode 100644 index d4de375..0000000 --- a/modules/nixos/gui.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -let cfg = config.personal.gui; -in { - options.personal.gui = { - enable = lib.mkEnableOption "GUI"; - xserver.enable = lib.mkEnableOption "X server"; - i3.enable = lib.mkEnableOption "i3"; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - services.xserver = lib.mkIf cfg.xserver.enable { - enable = true; - desktopManager.xfce.enable = true; - displayManager = { - lightdm = { - enable = true; - # background = background-image; - greeters.gtk = { - enable = true; - # extraConfig = '' - # user-background = false - # ''; - theme = { - name = "Arc-Dark"; - package = pkgs.arc-theme; - }; - iconTheme = { - name = "Breeze-dark"; - package = pkgs.breeze-icons; - }; - }; - }; - }; - # Hardware - libinput.enable = true; - layout = config.personal.hardware.keyboard.keyMap; - autoRepeatDelay = 200; - }; - services.blueman.enable = config.hardware.bluetooth.enable; - } - (lib.mkIf cfg.i3.enable { - services.xserver = { - desktopManager.xfce = { - noDesktop = true; - enableXfwm = false; - }; - windowManager.i3.enable = true; - displayManager.defaultSession = "xfce+i3"; - }; - }) - ]); -} diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix deleted file mode 100644 index 71d48a4..0000000 --- a/modules/nixos/hardware.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: - -let cfg = config.personal.hardware; -in { - options.personal.hardware = { - usb.enable = lib.mkEnableOption "usb"; - disks.crypted = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - description = "Path to the encrypted disk."; - }; - firmwareNonFree.enable = lib.mkEnableOption "non-free firmwares"; - keyboard = { - keyMap = lib.mkOption { - type = lib.types.str; - default = "fr"; - }; - }; - backlights = let - mkBacklightOption = name: - lib.mkOption { - type = with lib.types; nullOr str; - default = null; - description = - "Whether to allow all users to change hardware the ${name} brightness."; - }; - in { - screen = mkBacklightOption "screen"; - keyboard = mkBacklightOption "keyboard"; - }; - sound.enable = lib.mkEnableOption "sound"; - }; - - config = lib.mkMerge [ - { - hardware.firmware = - lib.optional cfg.firmwareNonFree.enable pkgs.firmwareLinuxNonfree; - boot.initrd = { - availableKernelModules = lib.optional cfg.usb.enable "usb_storage"; - luks.devices = lib.optionalAttrs (cfg.disks.crypted != null) { - crypt = { - name = "crypt"; - device = cfg.disks.crypted; - preLVM = true; - }; - }; - }; - - services.udev.extraRules = - lib.optionalString (cfg.backlights.screen != null) '' - ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="${cfg.backlights.screen}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" - '' + lib.optionalString (cfg.backlights.keyboard != null) '' - ACTION=="add", SUBSYSTEM=="leds", KERNEL=="${cfg.backlights.keyboard}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/brightness" - ''; - } - - (lib.mkIf cfg.sound.enable { - sound.enable = true; - hardware.pulseaudio = { - enable = true; - support32Bit = true; - package = pkgs.pulseaudioFull; - extraConfig = '' - load-module module-dbus-protocol - ''; - }; - nixpkgs.config.pulseaudio = true; - }) - ]; -} diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix deleted file mode 100644 index 2b853de..0000000 --- a/modules/nixos/networking.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.personal.networking; - mkFirewallEnableOption = name: - lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to open ports for ${name}."; - }; -in { - options.personal.networking = { - enable = lib.mkEnableOption "networking"; - bluetooth.enable = lib.mkEnableOption "bluetooth"; - networkmanager.enable = lib.mkEnableOption "NetworkManager"; - ssh.enable = lib.mkEnableOption "SSH server"; - firewall = { - syncthing = mkFirewallEnableOption "Syncthing"; - kdeconnect = mkFirewallEnableOption "KDE Connect"; - http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; - }; - }; - - config = lib.mkIf cfg.enable { - environment.systemPackages = - lib.optional cfg.networkmanager.enable pkgs.networkmanager; - networking = { - networkmanager = lib.mkIf cfg.networkmanager.enable { - enable = true; - unmanaged = [ "interface-name:ve-*" ]; - }; - firewall = { - enable = true; - allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000 - ++ lib.optionals cfg.firewall.http [ 80 443 ]; - allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ]; - allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - }; - }; - services = lib.mkIf cfg.ssh.enable { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - extraConfig = '' - AcceptEnv PS1 - ''; - }; - fail2ban.enable = true; - }; - hardware.bluetooth.enable = cfg.bluetooth.enable; - }; -} diff --git a/modules/nixos/nix.nix b/modules/nixos/nix.nix deleted file mode 100644 index 24b5012..0000000 --- a/modules/nixos/nix.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, ... }: - -let cfg = config.personal.nix; -in { - options.personal.nix = { - enable = lib.mkEnableOption "nix configuration"; - autoUpgrade = lib.mkEnableOption "automatic system and nixpkgs upgrade"; - flake = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - }; - gc.enable = lib.mkEnableOption "garbage collection"; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.config = { allowUnfree = true; }; - nix = { - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - }; - gc = lib.mkIf cfg.gc.enable { - automatic = true; - dates = "daily"; - options = "--delete-old"; - }; - }; - system.autoUpgrade = lib.mkIf cfg.autoUpgrade { - enable = true; - flake = cfg.flake; - flags = if (cfg.flake == null) then - [ "--upgrade-all" ] - else [ - "--update-input" - "nixpkgs" - "--commit-lock-file" - ]; - }; - systemd.services = { - nix-gc.after = - lib.optional (cfg.autoUpgrade && cfg.gc.enable) "nixos-upgrade.service"; - nix-gc-remove-dead-roots = { - enable = cfg.gc.enable; - description = "Remove dead symlinks in /nix/var/nix/gcroots"; - serviceConfig.Type = "oneshot"; - script = "find /nix/var/nix/gcroots -xtype l -delete"; - before = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; - wantedBy = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; - }; - }; - }; -} diff --git a/modules/nixos/personal/boot.nix b/modules/nixos/personal/boot.nix new file mode 100644 index 0000000..b3f36aa --- /dev/null +++ b/modules/nixos/personal/boot.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +let cfg = config.personal.boot; +in { + options.personal.boot = { grub.enable = lib.mkEnableOption "grub"; }; + + config.boot.loader = lib.mkIf cfg.grub.enable { + efi = { canTouchEfiVariables = true; }; + grub = { + enable = true; + version = 2; + efiSupport = true; + enableCryptodisk = config.boot.initrd.luks.devices != { }; + device = "nodev"; + }; + }; +} diff --git a/modules/nixos/personal/default.nix b/modules/nixos/personal/default.nix new file mode 100644 index 0000000..9485a9d --- /dev/null +++ b/modules/nixos/personal/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./environment.nix + ./gui.nix + ./hardware.nix + ./networking.nix + ./nix.nix + ./user.nix + ]; +} diff --git a/modules/nixos/personal/environment.nix b/modules/nixos/personal/environment.nix new file mode 100644 index 0000000..5c84037 --- /dev/null +++ b/modules/nixos/personal/environment.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.environment; +in { + options.personal.environment = { + enable = lib.mkEnableOption "basic environment"; + locale.enable = lib.mkEnableOption "French locale"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + environment.systemPackages = with pkgs; [ + vim + gitMinimal + busybox + coreutils + ]; + } + (lib.mkIf cfg.locale.enable { + time.timeZone = "Europe/Paris"; + i18n = { + defaultLocale = "fr_FR.utf8"; + extraLocaleSettings.LANG = "en_US.utf8"; + }; + console = { + font = "Lat2-Terminus16"; + keyMap = config.personal.hardware.keyboard.keyMap; + }; + }) + ]); +} diff --git a/modules/nixos/personal/gui.nix b/modules/nixos/personal/gui.nix new file mode 100644 index 0000000..d4de375 --- /dev/null +++ b/modules/nixos/personal/gui.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.gui; +in { + options.personal.gui = { + enable = lib.mkEnableOption "GUI"; + xserver.enable = lib.mkEnableOption "X server"; + i3.enable = lib.mkEnableOption "i3"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + services.xserver = lib.mkIf cfg.xserver.enable { + enable = true; + desktopManager.xfce.enable = true; + displayManager = { + lightdm = { + enable = true; + # background = background-image; + greeters.gtk = { + enable = true; + # extraConfig = '' + # user-background = false + # ''; + theme = { + name = "Arc-Dark"; + package = pkgs.arc-theme; + }; + iconTheme = { + name = "Breeze-dark"; + package = pkgs.breeze-icons; + }; + }; + }; + }; + # Hardware + libinput.enable = true; + layout = config.personal.hardware.keyboard.keyMap; + autoRepeatDelay = 200; + }; + services.blueman.enable = config.hardware.bluetooth.enable; + } + (lib.mkIf cfg.i3.enable { + services.xserver = { + desktopManager.xfce = { + noDesktop = true; + enableXfwm = false; + }; + windowManager.i3.enable = true; + displayManager.defaultSession = "xfce+i3"; + }; + }) + ]); +} diff --git a/modules/nixos/personal/hardware.nix b/modules/nixos/personal/hardware.nix new file mode 100644 index 0000000..71d48a4 --- /dev/null +++ b/modules/nixos/personal/hardware.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.personal.hardware; +in { + options.personal.hardware = { + usb.enable = lib.mkEnableOption "usb"; + disks.crypted = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = "Path to the encrypted disk."; + }; + firmwareNonFree.enable = lib.mkEnableOption "non-free firmwares"; + keyboard = { + keyMap = lib.mkOption { + type = lib.types.str; + default = "fr"; + }; + }; + backlights = let + mkBacklightOption = name: + lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = + "Whether to allow all users to change hardware the ${name} brightness."; + }; + in { + screen = mkBacklightOption "screen"; + keyboard = mkBacklightOption "keyboard"; + }; + sound.enable = lib.mkEnableOption "sound"; + }; + + config = lib.mkMerge [ + { + hardware.firmware = + lib.optional cfg.firmwareNonFree.enable pkgs.firmwareLinuxNonfree; + boot.initrd = { + availableKernelModules = lib.optional cfg.usb.enable "usb_storage"; + luks.devices = lib.optionalAttrs (cfg.disks.crypted != null) { + crypt = { + name = "crypt"; + device = cfg.disks.crypted; + preLVM = true; + }; + }; + }; + + services.udev.extraRules = + lib.optionalString (cfg.backlights.screen != null) '' + ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="${cfg.backlights.screen}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" + '' + lib.optionalString (cfg.backlights.keyboard != null) '' + ACTION=="add", SUBSYSTEM=="leds", KERNEL=="${cfg.backlights.keyboard}", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/leds/%k/brightness" + ''; + } + + (lib.mkIf cfg.sound.enable { + sound.enable = true; + hardware.pulseaudio = { + enable = true; + support32Bit = true; + package = pkgs.pulseaudioFull; + extraConfig = '' + load-module module-dbus-protocol + ''; + }; + nixpkgs.config.pulseaudio = true; + }) + ]; +} diff --git a/modules/nixos/personal/networking.nix b/modules/nixos/personal/networking.nix new file mode 100644 index 0000000..2b853de --- /dev/null +++ b/modules/nixos/personal/networking.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.personal.networking; + mkFirewallEnableOption = name: + lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open ports for ${name}."; + }; +in { + options.personal.networking = { + enable = lib.mkEnableOption "networking"; + bluetooth.enable = lib.mkEnableOption "bluetooth"; + networkmanager.enable = lib.mkEnableOption "NetworkManager"; + ssh.enable = lib.mkEnableOption "SSH server"; + firewall = { + syncthing = mkFirewallEnableOption "Syncthing"; + kdeconnect = mkFirewallEnableOption "KDE Connect"; + http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.networkmanager.enable pkgs.networkmanager; + networking = { + networkmanager = lib.mkIf cfg.networkmanager.enable { + enable = true; + unmanaged = [ "interface-name:ve-*" ]; + }; + firewall = { + enable = true; + allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000 + ++ lib.optionals cfg.firewall.http [ 80 443 ]; + allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ]; + allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + }; + }; + services = lib.mkIf cfg.ssh.enable { + openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + extraConfig = '' + AcceptEnv PS1 + ''; + }; + fail2ban.enable = true; + }; + hardware.bluetooth.enable = cfg.bluetooth.enable; + }; +} diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix new file mode 100644 index 0000000..24b5012 --- /dev/null +++ b/modules/nixos/personal/nix.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: + +let cfg = config.personal.nix; +in { + options.personal.nix = { + enable = lib.mkEnableOption "nix configuration"; + autoUpgrade = lib.mkEnableOption "automatic system and nixpkgs upgrade"; + flake = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + }; + gc.enable = lib.mkEnableOption "garbage collection"; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.config = { allowUnfree = true; }; + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + gc = lib.mkIf cfg.gc.enable { + automatic = true; + dates = "daily"; + options = "--delete-old"; + }; + }; + system.autoUpgrade = lib.mkIf cfg.autoUpgrade { + enable = true; + flake = cfg.flake; + flags = if (cfg.flake == null) then + [ "--upgrade-all" ] + else [ + "--update-input" + "nixpkgs" + "--commit-lock-file" + ]; + }; + systemd.services = { + nix-gc.after = + lib.optional (cfg.autoUpgrade && cfg.gc.enable) "nixos-upgrade.service"; + nix-gc-remove-dead-roots = { + enable = cfg.gc.enable; + description = "Remove dead symlinks in /nix/var/nix/gcroots"; + serviceConfig.Type = "oneshot"; + script = "find /nix/var/nix/gcroots -xtype l -delete"; + before = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; + wantedBy = lib.mkIf config.nix.gc.automatic [ "nix-gc.service" ]; + }; + }; + }; +} diff --git a/modules/nixos/personal/user.nix b/modules/nixos/personal/user.nix new file mode 100644 index 0000000..0d1585e --- /dev/null +++ b/modules/nixos/personal/user.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: + +let cfg = config.personal.user; +in { + options.personal.user = { + enable = lib.mkEnableOption "main user"; + name = lib.mkOption { + type = lib.types.str; + default = "qaristote"; + }; + }; + + config.users.users."${cfg.name}" = lib.mkIf cfg.enable { + isNormalUser = true; + extraGroups = [ "wheel" ] ++ lib.optional config.sound.enable "sound" + ++ lib.optional config.networking.networkmanager.enable "networkmanager"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" + ]; + + }; +} diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix new file mode 100644 index 0000000..8974ae6 --- /dev/null +++ b/modules/nixos/rss-bridge.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.services.rss-bridge; +in { + options.services.rss-bridge = { + package = lib.mkOption { + type = lib.types.package; + description = "Which derivation to use."; + default = pkgs.rss-bridge; + defaultText = lib.literalExample "pkgs.rss-bridge"; + }; + debug = lib.mkEnableOption "debug mode"; + extraBridges = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9]*"; + description = '' + The name of the bridge. + It need not include 'Bridge' at the end, unlike required in RSS-Bridge. + ''; + example = "SomeAppWithANewsletter"; + }; + source = lib.mkOption { + type = lib.types.path; + description = '' + The path to a file whose contents is the PHP sourcecode of the bridge. + See also the RSS-Bridge documentation: https://rss-bridge.github.io/rss-bridge/Bridge_API/index.html. + ''; + }; + }; + }); + default = [ ]; + description = '' + A list of additional bridges that aren't already included in RSS-Bridge. + These bridges are automatically whitelisted''; + }; + }; + + config.services.rss-bridge.whitelist = + map (bridge: bridge.name) cfg.extraBridges; + config.services.nginx = lib.mkIf (cfg.virtualHost != null) { + virtualHosts.${cfg.virtualHost}.root = lib.mkIf (cfg.extraBridges != [ ]) + (lib.mkForce (pkgs.runCommand "rss-bridge" { } ('' + mkdir -p $out/bridges + cp -r ${cfg.package}/* $out/ + pushd $out/bridges + '' + lib.concatStrings (map (bridge: '' + ln -sf ${bridge.source} "${bridge.name}Bridge.php" + '') cfg.extraBridges) + '' + popd + '' + lib.optionalString cfg.debug '' + touch $out/DEBUG + ''))); + }; +} diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix deleted file mode 100644 index 0d1585e..0000000 --- a/modules/nixos/user.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: - -let cfg = config.personal.user; -in { - options.personal.user = { - enable = lib.mkEnableOption "main user"; - name = lib.mkOption { - type = lib.types.str; - default = "qaristote"; - }; - }; - - config.users.users."${cfg.name}" = lib.mkIf cfg.enable { - isNormalUser = true; - extraGroups = [ "wheel" ] ++ lib.optional config.sound.enable "sound" - ++ lib.optional config.networking.networkmanager.enable "networkmanager"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" - ]; - - }; -} -- cgit v1.2.3