Compare commits

...

1525 Commits

Author SHA1 Message Date
c45898f903 WIP: wg-dev 2024-01-15 04:15:17 +00:00
0efec20904 hosts/common/net/vpn: remove unused "extraOptions" argument 2024-01-15 03:52:31 +00:00
2f04b563d1 nixpkgs: 2024-01-11 -> 2024-01-14
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/06797d4df4baaa51b229081083a88b92dac3ff7c' (2024-01-11)
  → 'github:nixos/nixpkgs/724e39ebb9b8eda97f17d423f66fbc5a991f4f8d' (2024-01-14)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/51f399ec47c082d678261883095bb8ad552e6500' (2024-01-11)
  → 'github:nixos/nixpkgs/6c08fe3ccf437d8b26bec010fd925ddd6bb0d0d5' (2024-01-14)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c0b3a5af90fae3ba95645bbf85d2b64880addd76' (2024-01-10)
  → 'github:Mic92/sops-nix/70dd0d521f7849338e487a219c1a07c429a66d77' (2024-01-14)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
  → 'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
```
2024-01-15 01:32:07 +00:00
5b9c58dbc6 hosts/common: use servo-style dns on all machines
it'll be handy as i want to place individual applications inside VPNs/namespaces
2024-01-15 01:16:22 +00:00
a7964c4f0c hosts/common: net: split upnp config into own file 2024-01-15 01:12:09 +00:00
006a7e9f72 consolidate net-related stuff into hosts/common/net/ directory 2024-01-15 01:11:13 +00:00
3856710faf net: annotate the UPNP rule 2024-01-15 01:08:10 +00:00
6cbc0bedf3 ddns-he (HurricaneElectric): remove
it's unused for a year
2024-01-15 00:55:10 +00:00
fbc0c7615a ddns-afraid (afraid.org): remove
it's unused for a year
2024-01-15 00:54:41 +00:00
34bcdb5128 firefox: disable kinetic scrolling 2024-01-14 20:34:14 +00:00
a5c6e41622 feeds: subscribe to POD OF JAKE 2024-01-14 05:20:28 +00:00
02e03227d8 servo: try to integrate peerswap with clightning, but it fails 2024-01-14 04:33:12 +00:00
faa0a7c9ea peerswap: init at unstable-20240111 2024-01-14 02:55:32 +00:00
812a02bc6b feeds: add The Dollop podcast 2024-01-14 00:49:29 +00:00
27898ecdc8 feeds: unsubscribe from Louis Rossman
his channel is kinda just the same idea  played over and over
2024-01-14 00:36:52 +00:00
1c2324cca4 servo: clightning-sane: status command: show profits from fees 2024-01-13 16:43:49 +00:00
70f059eaac feeds: subscribe to Jack Stauber 2024-01-13 16:43:41 +00:00
bac72be730 servo: clightning-sane: status command: show in/out payment sums 2024-01-13 15:53:48 +00:00
99858c1384 servo: clightning-sane: centralize metric reporting, fix so we blacklist our own channels less frequently 2024-01-13 04:47:20 +00:00
103a300e77 servo: clightning-sane: implement an autobalance subcommand 2024-01-13 03:04:24 +00:00
6b5cdd7508 servo: clightning-sane: log before we give up 2024-01-13 01:10:52 +00:00
2f1e354400 servo: clightning-sane: drop caches after so many failures 2024-01-12 23:54:06 +00:00
585a87130c servo: clightning-sane: remove unused loop_once_with_retries method 2024-01-12 23:31:30 +00:00
0e68533776 servo: clightning-sane: introduce parallelism 2024-01-12 23:30:52 +00:00
882cc5bfd0 servo: clightning-sane: rename Balancer -> LoopRouter 2024-01-12 21:36:20 +00:00
91847a9a8e servo: clightning-sane: factor "loop" action into own subroutine 2024-01-12 21:28:20 +00:00
5c649ff216 servo: clightning-sane: include peer_id in status --full 2024-01-12 20:56:00 +00:00
abdd224211 servo: clightning-sane: increase CLTV 9->18 2024-01-12 20:55:32 +00:00
0c72c59190 servo: clightning-sane: handle closed channels in status listing 2024-01-12 20:28:57 +00:00
432170a69e servo: clightning-sane: rename ppm in/out to theirs/mine 2024-01-12 19:31:39 +00:00
805b37a9a5 servo: clightning-sane: add a --full option for more info 2024-01-12 19:24:50 +00:00
87a0bda011 servo: clightning-sane: perform rebalance operation in a loop 2024-01-12 19:17:07 +00:00
5d2c6e1978 servo: clightning-sane: mark channels which cant be rebalanced freely 2024-01-12 18:43:58 +00:00
abafbd811b servo: clightning-sane: minor bugfixes 2024-01-12 18:30:49 +00:00
aca50d9946 servo: clightning-sane: add a "status" subcommand 2024-01-12 17:42:44 +00:00
bd4f4dab81 servo: clightning-sane: factor out a subcommands interface 2024-01-12 15:42:12 +00:00
aebd11ea82 alacritty: port config: yaml to toml 2024-01-12 03:24:55 +00:00
fa6906fdf9 cross: fix appstream/eyed3 failures from nixpkgs update 2024-01-12 03:24:55 +00:00
cec21375a5 servo: disable mautrix-signal 2024-01-12 03:24:55 +00:00
0428f64afa nixpkgs: 2024-01-10 -> 2024-01-11
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/2f9e98ccf3283a34ce9301c7ee4ca18d219d829d' (2024-01-10)
  → 'github:nixos/nixpkgs/06797d4df4baaa51b229081083a88b92dac3ff7c' (2024-01-11)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/32afa5e024e45885dacadf1c8ad65e9ebc51a901' (2024-01-10)
  → 'github:nixos/nixpkgs/51f399ec47c082d678261883095bb8ad552e6500' (2024-01-11)
```
2024-01-12 03:24:55 +00:00
e0864edefc nixpkgs: 2024-01-10 -> 2024-01-10
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/0231e3ccf485b7b110f0e0e55be6a711cb0093fb' (2024-01-10)
  → 'github:nixos/nixpkgs/2f9e98ccf3283a34ce9301c7ee4ca18d219d829d' (2024-01-10)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/a962df01db9bff000df83733bf6d7ef60a855057' (2024-01-10)
  → 'github:nixos/nixpkgs/32afa5e024e45885dacadf1c8ad65e9ebc51a901' (2024-01-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0ded57412079011f1210c2fcc10e112427d4c0e6' (2024-01-08)
  → 'github:Mic92/sops-nix/c0b3a5af90fae3ba95645bbf85d2b64880addd76' (2024-01-10)
```
2024-01-12 03:24:55 +00:00
7460fd283c nixpkgs: 2024-01-09 -> 2024-01-10
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/fcff3d7883a38ef71832899085ba365658c96867' (2024-01-09)
  → 'github:nixos/nixpkgs/0231e3ccf485b7b110f0e0e55be6a711cb0093fb' (2024-01-10)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/519c93eda20a7c361e6159d853bf33b1e6236141' (2024-01-09)
  → 'github:nixos/nixpkgs/a962df01db9bff000df83733bf6d7ef60a855057' (2024-01-10)
```
2024-01-12 03:24:55 +00:00
7a7dee1630 nixpkgs: 2023-12-29 -> 2024-01-09; sops-nix; uninsane-dot-org
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/f50aae4fb10dd51bd6ffcce0eb96d02b608a9595' (2023-12-29)
  → 'github:nixos/nixpkgs/fcff3d7883a38ef71832899085ba365658c96867' (2024-01-09)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/04df6aa7bad237aeeb69f603e1f4ec1a2c28a4da' (2023-12-29)
  → 'github:nixos/nixpkgs/519c93eda20a7c361e6159d853bf33b1e6236141' (2024-01-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
  → 'github:Mic92/sops-nix/0ded57412079011f1210c2fcc10e112427d4c0e6' (2024-01-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
  → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=b21e6899490f25fa450fb9e3efa0c8774bcee0d3' (2023-12-31)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=4a1fa488e64e6c87c6c951e3fafb2684692f64d3' (2024-01-01)
```
2024-01-12 03:24:55 +00:00
913403aac6 servo: clightning-sane: tidy 2024-01-12 01:25:56 +00:00
432a66bf5f servo: clightning: initialize a script for rebalancing with peers 2024-01-11 23:11:33 +00:00
e2a43ddfa0 servo: clightning: allow group members to run lightning-cli 2024-01-11 15:59:32 +00:00
b2ba204ca1 nixpatches: update hashes (?) 2024-01-11 15:58:44 +00:00
892b045342 pyln-client: init at 23.11.2 2024-01-11 00:38:08 +00:00
8644e6705a servo: decrease ZFS cache size 2024-01-11 00:20:52 +00:00
3f60206eef servo: clightning: tune config 2024-01-10 23:40:17 +00:00
568ead4bd7 servo: lightning: tune config 2024-01-10 21:01:36 +00:00
14241d54c9 flake: fix packages output to eval (even though its dumb and i just use hostPkgs.<machine>.<xyz>) 2024-01-10 11:48:20 +00:00
e4d75c5f38 servo: clightning: disable features which are incompatible with lnd 2024-01-10 11:18:54 +00:00
c42dda1bab servo: clightning: document more parts of the config 2024-01-09 16:19:48 +00:00
3295ae3b74 servo: clightning: update config 2024-01-09 16:13:08 +00:00
e63438bedf feeds: disable The Linux Experience 2024-01-09 00:45:18 +00:00
25422da9ba servo: tune clightning config 2024-01-09 00:42:37 +00:00
37583d8c9c clightning: tune fees, logging 2024-01-06 18:08:51 +00:00
62b3863722 servo: clightning: enable experimental features 2024-01-06 09:13:17 +00:00
b11f03bd18 servo: clightning: docs 2024-01-05 22:09:32 +00:00
63620fa058 servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00
cecb114810 clightning: harden 2024-01-04 18:47:40 +00:00
4ce93f74c6 wob: add debug logging 2024-01-04 17:07:47 +00:00
09b806d7a7 go2tv: document youtube workarounds 2024-01-04 16:26:25 +00:00
2f31100c3f servo: ship go2tv 2024-01-04 16:25:50 +00:00
ca3f97ec51 docs: go2tv: elaborate seeking limitations 2024-01-04 16:25:49 +00:00
7378d6c5b2 bitcoind: host behind tor 2024-01-04 16:25:49 +00:00
276de5d662 tor: fix /var/lib/tor directory permissions 2024-01-04 16:25:49 +00:00
6f449cf35f clightning: document some places to find nodes for channels 2024-01-04 16:25:49 +00:00
daf046861c wob: implement as part of sway instead of exclusive to sxmo 2024-01-04 13:08:20 +00:00
43498c62f9 clightning: integrate with tor 2024-01-03 18:29:16 +00:00
22f5853741 firefox: remove unused functions 2024-01-03 14:59:59 +00:00
fe217f6667 firefox: disable ctrl+shift+c shortcut more broadly 2024-01-03 14:59:27 +00:00
41ae86f40f servo: enable clightning 2024-01-03 13:56:42 +00:00
6d52c8ecf8 servo: split tor/i2p into own files 2024-01-03 13:56:14 +00:00
75b649543a firefox: enable ctrl-shift-c-should-copy extension 2024-01-03 13:42:58 +00:00
1261a6f452 firefox-extensions.ctrl-shift-c-should-copy: init at unstable-2023-03-04 2024-01-03 13:33:32 +00:00
041855dbc7 zsh: fix broken <del> and <ctrl>+<arrow> keybindings 2024-01-03 13:07:29 +00:00
3e52956a3a servo: clightning: integrate, but do not enable 2024-01-02 18:32:34 +00:00
d8f4158bc6 servo: consolidate blockchains under cryptocurrencies directory 2024-01-02 18:16:58 +00:00
36638e80a3 bitcoin: add myself as an authenticated rpcuser 2024-01-02 18:11:46 +00:00
28d0a72c62 define (but dont activate) a clighting bitcoin service 2024-01-02 14:29:52 +00:00
6471524f4a programs: zecwallet-lite: move to own file 2024-01-01 15:17:51 +00:00
61b2b8f2cd nixpatches: cleanup 2024-01-01 14:46:37 +00:00
02aae4bb8b conky: start upstreaming it 2024-01-01 14:38:08 +00:00
3efecb9560 sxmo_hook_block_suspend: re-introduce exponential backoff 2024-01-01 13:03:26 +00:00
8d0707699c mpv/vlc: associate with flv video type 2024-01-01 11:48:18 +00:00
318774a2a0 sxmo_suspend: fix that "sxmo_jobs periodic_blink" would hang post-wakeup 2024-01-01 11:48:03 +00:00
b14e997a43 sxmo: remove sxmo_hook_screenoff.sh override
generally, i can get away with the defaults and patch my alternative into sxmo_suspend.sh more reliably/simply
2024-01-01 10:33:24 +00:00
b949438be5 sxmo_suspend.sh: stop, and resume, the sxmo LED blinking
then later i can remove the custom screenoff hook
2024-01-01 10:01:48 +00:00
6ee9e8e405 sxmo_hook_screenoff: decrease the blink frequency even more
if i was smarter i'd just disable the periodic blinking right before entering sleep
2024-01-01 07:24:08 +00:00
09ee8e6efc sxmo_hook_block_suspend: forward only to the next script, not all next scripts 2024-01-01 07:01:09 +00:00
49527edaa9 sxmo_suspend.sh: fix rtcwake to use sudo 2024-01-01 06:38:43 +00:00
92d193ffe3 sxmo_hook_block_suspend: fix recursion counter 2024-01-01 06:19:30 +00:00
4805510073 sxmo-utils: ship with gojq 2024-01-01 06:15:31 +00:00
6fe195e2dd sxmo: block suspend if go2tv is active 2024-01-01 04:56:39 +00:00
c54df8d9c4 hare-ev: 2023-10-31 -> 2023-12-04 2024-01-01 03:56:45 +00:00
6d8b6c61a2 feeds: sort 2024-01-01 03:56:25 +00:00
822653ec10 feeds: vitalik.ca -> vitalik.eth.limo 2024-01-01 03:48:06 +00:00
68502ca944 feeds: add webcurious.co.uk link aggregator 2024-01-01 03:46:52 +00:00
103d11a87c net: fix broken firewall/ipset setup 2023-12-31 14:25:36 +00:00
0028c41bdc uninsane-dot-org: update 2023-12-31 12:22:23 +00:00
a4fe002607 sway: always render KOReader titlebar 2023-12-30 11:57:33 +00:00
b54ab9391b sxmo-utils: add Notejot app 2023-12-30 11:41:36 +00:00
0c7612c83f sxmo-utils: 2023-12-17 -> 2023-12-28
this should fix spurious screenoff -> unlock transitions (thanks Aren!)
2023-12-30 11:31:36 +00:00
f9361af41c go2tv: remove firewall fix and allow SSDP at the iptables layer 2023-12-30 06:16:17 +00:00
3cd3ebed51 nixpkgs -> latest 2023-12-30 05:34:23 +00:00
4ad209020a disable chatty (doesnt cross compile) 2023-12-30 05:34:02 +00:00
556327740b nixpkgs: 2023-12-26 -> 2023-12-29
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/0db7618e46243d3710ff2b8040aca5f6e0102900' (2023-12-26)
  → 'github:nixos/nixpkgs/bd7fd36fe22e0de1162f1623f1736517c1506164' (2023-12-29)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/d956588517edbcde71781bd8ac3a9947a9fc55a6' (2023-12-26)
  → 'github:nixos/nixpkgs/f46c267fc63f01c75fa9f6d9fb8345e6a1ed0063' (2023-12-29)
```
2023-12-29 15:52:32 +00:00
b0ddb1b31c conky: use the same percent symbol even in battery_estimate 2023-12-28 17:43:34 +00:00
70ee98736a conky/battery_estimate: handle the static state better 2023-12-28 17:35:33 +00:00
5de06cef35 conky: fix text substitutions 2023-12-28 17:07:29 +00:00
4f3706622c conky/battery_estimate: render stylized 2023-12-28 03:05:27 +00:00
104e76de47 conky/battery_estimate: render h/m indicators as superscript 2023-12-28 01:53:43 +00:00
1df99978bb conky/battery_estimte: select icon based on battery percentage 2023-12-28 01:11:51 +00:00
3846322f12 conky/battery_estimate: support new-style Thinkpad batteries 2023-12-28 00:41:23 +00:00
623b2c6611 conky/battery_estimate: add debugging 2023-12-28 00:35:48 +00:00
cb4d73f959 nixpkgs: 2023-12-23 -> 2023-12-26
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/2125288b9266cde9e3333a6787525bc151918742' (2023-12-23)
  → 'github:nixos/nixpkgs/0db7618e46243d3710ff2b8040aca5f6e0102900' (2023-12-26)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/d8aba6fe4067abdd8b1a7f398f2b90f21c608530' (2023-12-23)
  → 'github:nixos/nixpkgs/d956588517edbcde71781bd8ac3a9947a9fc55a6' (2023-12-26)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f7db64b88dabc95e4f7bee20455f418e7ab805d4' (2023-12-18)
  → 'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
  → 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
```
2023-12-27 00:34:48 +00:00
58febf51bd remove most useDHCP=false settings
networking.useDHCP was deprecated, and then later undeprecated: it's safe to keep it defaulted
2023-12-24 02:17:06 +00:00
b254379fb1 firefox-extensions: update to latest 2023-12-23 21:31:13 +00:00
835d933719 nixpkgs: 2023-12-22 -> 2023-12-23
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/21e572254ecbbb9d55be98841b279d21ee5754b6' (2023-12-22)
  → 'github:nixos/nixpkgs/2125288b9266cde9e3333a6787525bc151918742' (2023-12-23)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/66bda599f409f9834c6fd6abc602e452a5c16b61' (2023-12-22)
  → 'github:nixos/nixpkgs/d8aba6fe4067abdd8b1a7f398f2b90f21c608530' (2023-12-23)
```
2023-12-23 21:18:25 +00:00
31130d90bc nixpatches: fix broken hash 2023-12-23 12:44:17 +00:00
237c493252 slskd: fix Restart option 2023-12-23 10:23:17 +00:00
18e7acd9e7 slskd: restart even on non-failure exit 2023-12-23 05:39:22 +00:00
906026e333 nixpkgs: 2023-12-21 -> 2023-12-22
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/63fbe1a992e6030fbf444ac9d6b629ec76ab86ad' (2023-12-21)
  → 'github:nixos/nixpkgs/21e572254ecbbb9d55be98841b279d21ee5754b6' (2023-12-22)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/490828bce1b0cdfe328adc7f6280a519d7e68ed4' (2023-12-21)
  → 'github:nixos/nixpkgs/66bda599f409f9834c6fd6abc602e452a5c16b61' (2023-12-22)
```
2023-12-22 19:07:32 +00:00
9e24fba5ee document that loupe is an image viewer 2023-12-21 22:58:23 +00:00
12edd60969 nixpkgs: bump 2023-12-21
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/459873d8d6492b492ca7f9b03d5a50117099abfa' (2023-12-21)
  → 'github:nixos/nixpkgs/63fbe1a992e6030fbf444ac9d6b629ec76ab86ad' (2023-12-21)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/38bbf09b10659db891af01288bd99a5e8e8d7861' (2023-12-21)
  → 'github:nixos/nixpkgs/490828bce1b0cdfe328adc7f6280a519d7e68ed4' (2023-12-21)
```
2023-12-21 20:03:06 +00:00
0f429caaca nixpkgs: 2023-12-20 -> 2023-12-21
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/7749fa1e8c5e2f6a003fd4d3a2ed52924c4a7217' (2023-12-20)
  → 'github:nixos/nixpkgs/459873d8d6492b492ca7f9b03d5a50117099abfa' (2023-12-21)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/9ee63abe2cbeea5bf15f319a0a5aaf0919fe22e8' (2023-12-20)
  → 'github:nixos/nixpkgs/38bbf09b10659db891af01288bd99a5e8e8d7861' (2023-12-21)
```
2023-12-21 18:41:55 +00:00
940f1140a3 disable webkit for erlang 2023-12-21 05:22:45 +00:00
dbb6773634 audacity: disable first-run splashscreen 2023-12-21 04:08:05 +00:00
245a0544bc audacity: ship w/o the webkitgtk dependency 2023-12-21 03:10:38 +00:00
cbd65f0816 argyllcms: build without qemu 2023-12-21 01:44:36 +00:00
f8ea711f6a cross compilation: remove dead code 2023-12-21 00:20:42 +00:00
ace94cf4d6 cross: use newer jbig2dec fix; send dconf upstream 2023-12-20 22:32:07 +00:00
829fde4336 bonsai: grab from upstream PR 2023-12-20 09:24:41 +00:00
ba8774d6e5 hare-ev: remove (upstreamed) 2023-12-20 09:21:11 +00:00
7597853cda nixpkgs: 2023-12-19 -> 2023-12-20
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/7467ab39493e17abc28c7f66179feb0a69a3dbd4' (2023-12-19)
  → 'github:nixos/nixpkgs/7749fa1e8c5e2f6a003fd4d3a2ed52924c4a7217' (2023-12-20)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/63dd8e1d2e81aaecb7de9b70ca143a607b19a3b9' (2023-12-19)
  → 'github:nixos/nixpkgs/9ee63abe2cbeea5bf15f319a0a5aaf0919fe22e8' (2023-12-20)
```
2023-12-20 09:08:42 +00:00
21077c0e34 cross: document rustPlatform cross compilation woes 2023-12-20 08:00:40 +00:00
b6a45656af gui: add planify app 2023-12-19 22:31:14 +00:00
33d2f0895f signal-desktop-from-src: 6.40.0 -> 6.42.0 2023-12-19 20:53:33 +00:00
5cd92279b7 firefox-extensions: update to latest 2023-12-19 19:40:24 +00:00
4085f60018 firefox-extensions.bypass-paywalls-clean: 3.4.6.0 -> 3.4.7.0 2023-12-19 19:40:08 +00:00
3faee78717 docs: cross: update upstreaming status 2023-12-19 19:39:38 +00:00
e96e07ac21 lemoa: todo: fold 2023-12-19 19:39:11 +00:00
0c34aec8ec lemoa: 0.4.0 -> 0.5.0 2023-12-19 18:08:16 +00:00
9d04037bec hare-ev: remove unnecessary rec 2023-12-19 17:44:04 +00:00
6af44bfd86 delfin: add an updateScript 2023-12-19 17:43:07 +00:00
5ceefa4d6d nixpkgs: 2023-12-18 -> 2023-12-19; uninsane-dot-org -> 2023-12-18
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/ab47e6046f991dc98641ffbd9f881afcd304cfca' (2023-12-18)
  → 'github:nixos/nixpkgs/7467ab39493e17abc28c7f66179feb0a69a3dbd4' (2023-12-19)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/f61b7ce80fcc95be72c5c4fea19fba928072af8b' (2023-12-18)
  → 'github:nixos/nixpkgs/63dd8e1d2e81aaecb7de9b70ca143a607b19a3b9' (2023-12-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/21f2b8f123a1601fef3cf6bbbdf5171257290a77' (2023-12-17)
  → 'github:Mic92/sops-nix/f7db64b88dabc95e4f7bee20455f418e7ab805d4' (2023-12-18)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=ee722a13732b8d03bae56be8147333d144a02126' (2023-12-10)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=41354f754107376f5c9265eae89d07275f0305de' (2023-12-18)
• Removed input 'uninsane-dot-org/flake-utils'
• Removed input 'uninsane-dot-org/flake-utils/systems'
```
2023-12-19 16:44:22 +00:00
f618925190 gui: ship openscad 2023-12-19 08:04:20 +00:00
68ae723543 nixos-prebuild: disable 2023-12-19 01:58:59 +00:00
e4123759f5 nginx: only auto-index /share 2023-12-19 00:12:27 +00:00
5e727a83b3 slskd: disable debug logging 2023-12-18 18:09:58 +00:00
dc288d9aa7 sane_ssdp: reduce verbosity 2023-12-18 18:00:12 +00:00
8d49c423ca transmission: disable debug logging 2023-12-18 17:58:04 +00:00
c056564c9c nixpkgs: 2023-12-17 -> 2023-12-18
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/ec02adf37f19c5dcd891ebf9f175ebb1c4fba80a' (2023-12-17)
  → 'github:nixos/nixpkgs/ab47e6046f991dc98641ffbd9f881afcd304cfca' (2023-12-18)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/91a00709aebb3602f172a0bf47ba1ef013e34835' (2023-12-17)
  → 'github:nixos/nixpkgs/f61b7ce80fcc95be72c5c4fea19fba928072af8b' (2023-12-18)
```
2023-12-18 16:39:25 +00:00
efb2815fa5 uninsane.org: simplify the /share routing (and generalize it to other subdirectories) 2023-12-18 06:03:49 +00:00
577d149728 sxmo-utils: 2023-12-09 -> 2023-12-17 2023-12-18 00:05:14 +00:00
45c2bfaaeb nixpkgs: 2023-12-16 -> 2023-12-17
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/029c707186e2b00f9e98f590b9a019320ccc21d7' (2023-12-16)
  → 'github:nixos/nixpkgs/ec02adf37f19c5dcd891ebf9f175ebb1c4fba80a' (2023-12-17)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/ceb8e4efd95627c0a86f106ba2afcd207ad5c6b3' (2023-12-16)
  → 'github:nixos/nixpkgs/91a00709aebb3602f172a0bf47ba1ef013e34835' (2023-12-17)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/d806e546f96c88cd9f7d91c1c19ebc99ba6277d9' (2023-12-10)
  → 'github:Mic92/sops-nix/21f2b8f123a1601fef3cf6bbbdf5171257290a77' (2023-12-17)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
  → 'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
```
2023-12-18 00:02:23 +00:00
16d4c9cdf2 nixpkgs: 2023-12-15 -> 2023-12-16
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/9ad53b7aaf2b9e9e0d7e36ff4f8a779bf9b0195f' (2023-12-15)
  → 'github:nixos/nixpkgs/029c707186e2b00f9e98f590b9a019320ccc21d7' (2023-12-16)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8a205497ba6f6938b7b516c184b7cf326ab15548' (2023-12-15)
  → 'github:nixos/nixpkgs/ceb8e4efd95627c0a86f106ba2afcd207ad5c6b3' (2023-12-16)
```
2023-12-17 21:26:41 +00:00
1063a89541 powerbutton/lid-switch: tune the desired actions 2023-12-17 21:08:16 +00:00
fd0f709d50 git: remove a/ b/ prefixes from diffs 2023-12-17 20:48:31 +00:00
5edd10c332 move kiwix data to /var/lib/kiwix and persist 2023-12-16 03:05:15 +00:00
5c36ee79be kiwix: wikipedia snapshot: 2022-05 -> 2023-11 2023-12-16 01:54:34 +00:00
b2bf9d63a3 mpv: don't assume xdg-terminal-exec is on PATH 2023-12-16 00:43:43 +00:00
e297df011d xdg-terminal-exec: remove (it exists upstream now) 2023-12-16 00:41:51 +00:00
bcac00d766 mpv: uosc: add a "cast" option to the menu 2023-12-16 00:39:36 +00:00
c256d7ded5 koreader: implement copy-to-clipboard 2023-12-15 20:53:04 +00:00
7ba39ea831 koreader: document how to configure 2023-12-15 20:05:06 +00:00
28f90e4421 sxmo: lengthen voldown hold time before revealing terminal 2023-12-15 19:12:26 +00:00
5d66a1e6a5 hare-json: remove. it's been upstreamed as hareThirdParty.hare-json 2023-12-15 17:59:09 +00:00
1522eccfb3 nixpkgs: 2023-12-14 -> 2023-12-15
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/248d12a902bfc36134176f31beba87b1fe30a3c1' (2023-12-14)
  → 'github:nixos/nixpkgs/9ad53b7aaf2b9e9e0d7e36ff4f8a779bf9b0195f' (2023-12-15)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/fd7914c96f7c006047e0154dd239aa2396478094' (2023-12-14)
  → 'github:nixos/nixpkgs/8a205497ba6f6938b7b516c184b7cf326ab15548' (2023-12-15)
```
2023-12-15 17:40:44 +00:00
728604e036 gui hosts: ship delfin 2023-12-15 08:44:32 +00:00
58d4f0d512 delfin: fix cross build 2023-12-15 08:43:10 +00:00
1f7fc8700e delfin: fix icons 2023-12-15 08:30:20 +00:00
a933f8b512 delfin: persist server settings 2023-12-15 08:17:07 +00:00
83b83841d6 delfin: init at 0.2.1 2023-12-15 08:08:11 +00:00
ef8a8bc246 go2tv: document known-good format matrix 2023-12-15 03:22:03 +00:00
136ddda055 nautilus: enable the A/V pane 2023-12-15 02:57:25 +00:00
5fbf2166f1 moby: enable go2tv/catt 2023-12-15 02:33:18 +00:00
ba7bc3bd03 go2tv: docs: show that some mp4s work w/o transcoding 2023-12-15 02:32:44 +00:00
311412c5ee go2tv: configure firewall as needed 2023-12-15 00:50:58 +00:00
d18e94ea87 feeds: subscribe to linmob.net 2023-12-14 22:20:30 +00:00
6a548366cd sway: enable gvfs to support remote filesystems 2023-12-14 21:59:42 +00:00
54d2e875f6 koreader: disable image-based feeds; text only 2023-12-14 20:51:09 +00:00
c5cc0e90a3 wob: theme 2023-12-14 20:49:48 +00:00
50ce8da68c sxmo: remove sxmo-set-permissions job. upstream refactored it to not exist and they use doas now instead 2023-12-14 19:17:38 +00:00
3449bfc2a9 sxmo: bonsai: tune timings: powerhold: 1000ms -> 900ms; volhold: 400ms -> 600ms
this should improve: (1) awkwardly long power hold until window is killed, (2) accidentally seeking the media player when i meant to only adjust volume
2023-12-14 19:12:08 +00:00
18d301d9dd cross: dino: remove patch which has been upstreame into nixpkgs 2023-12-14 19:08:08 +00:00
357bf7f4ca nixpkgs: 2023-12-13 -> 2023-12-14
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/022a4231437548b719eb9e5b8bae1a7f6117fa93' (2023-12-13)
  → 'github:nixos/nixpkgs/1aca249f1846b6bb7a156b809c312de58945c85a' (2023-12-14)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8556109c1f04574ad59dcb0c4882f44eb27ea581' (2023-12-13)
  → 'github:nixos/nixpkgs/8e23dec5ac5ebc36057e980d4e6a3eb6a44da74b' (2023-12-14)
```
2023-12-14 18:50:36 +00:00
f763448d6f go2tv: docs: firewall 2023-12-14 10:56:07 +00:00
deb828e98a programs: enable go2tv 2023-12-14 10:39:33 +00:00
cbca41accf permit moby to ssh into my devices 2023-12-14 10:35:36 +00:00
ac22e07388 sxmo: bring wob service in-house 2023-12-14 10:33:33 +00:00
cb0d9e077b programs: enable catt 2023-12-14 08:41:16 +00:00
58105e9b62 fix open-in-mpv extension 2023-12-14 07:26:50 +00:00
32fb79d43d dino: auto-start 2023-12-14 01:57:32 +00:00
f129afdae8 flare-signal: document linking/registration issue 2023-12-14 01:56:54 +00:00
29cde5e724 firefox: support Element and Nheko URIs 2023-12-13 23:14:04 +00:00
3467a5df48 feeds: subscribe Origin Stories 2023-12-13 22:31:58 +00:00
694dd59e27 feeds: subscribe bitsaboutmoney 2023-12-13 22:29:22 +00:00
540b3e4af2 firefox: auto-dispatch mpv:// URI handlers 2023-12-13 21:41:06 +00:00
e0211646b2 firefox: extraNativeMessagingHosts -> nativeMessagingHosts 2023-12-13 21:34:59 +00:00
94dcb0f08a firefox: ship open-in-mpv extension 2023-12-13 21:34:34 +00:00
0b38ed2f2a firefox: docs: clarify fxCast behavior 2023-12-13 20:58:45 +00:00
15622251ef firefox: define the fx_cast addon 2023-12-13 20:51:57 +00:00
4eb79a4a5c gui: ship pwvucontrol 2023-12-13 20:43:16 +00:00
9f54413d46 pwvucontrol: support cross compilation 2023-12-13 20:02:48 +00:00
f467898a04 sync TODO 2023-12-13 17:41:31 +00:00
413c8a4fef sponsorblock: re-disable the first-launch nag 2023-12-13 17:37:48 +00:00
d4440736dd nixpkgs: 2023-12-12 -> 2023-12-13
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/a3eee1a84ec0aadb7f567175d79574d63dcecff2' (2023-12-12)
  → 'github:nixos/nixpkgs/022a4231437548b719eb9e5b8bae1a7f6117fa93' (2023-12-13)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/47bca5bb0209496389f3a70d2e388c5531831d60' (2023-12-12)
  → 'github:nixos/nixpkgs/8556109c1f04574ad59dcb0c4882f44eb27ea581' (2023-12-13)
```
2023-12-13 16:27:18 +00:00
bb1ceaed12 gui: disable newsflash
it doesn't cross compile. also, gnome-feeds would be a better implementation if i can get the package updated
2023-12-13 16:27:18 +00:00
51a90136ea sxmo-utils: default preferSystemd to true
this probably removes some duplicate sxmo-utils packages from my install
2023-12-13 16:27:18 +00:00
e7cfa19897 sxmo-utils: use xdg-open in sxmo_open.sh 2023-12-13 16:27:18 +00:00
41411e005f flare-signal-nixified: document experience with 10.1-xx seies 2023-12-13 08:10:50 +00:00
c22119f69b flare-signal-nixified: enable primary device registration 2023-12-13 07:17:17 +00:00
354a4e523b flare-signal-nixified: 0.10.1-beta.4 -> 0.10.1-beta.6 2023-12-13 07:01:16 +00:00
b34b8a249c nixpatches: link but dont apply gnome-feeds update 2023-12-13 03:47:20 +00:00
508257da87 newsflash: enable podcasts/videos; document 2023-12-13 03:45:07 +00:00
fadcf7d7c1 mpv: youtube: associate with another URL variant 2023-12-13 03:44:57 +00:00
7f43360120 newsflash: enable 2023-12-13 03:06:08 +00:00
f9a8389f58 gui: switch from gthumb to loupe for image viewing 2023-12-13 02:29:43 +00:00
f77a18a655 cross: enable Loupe for cross compilation 2023-12-13 02:00:43 +00:00
7e4d6853f5 cross: glycin-loaders: simplify 2023-12-13 01:48:26 +00:00
5615c7cf6e cross: glycin-loader: fix compilation 2023-12-13 01:40:36 +00:00
54c51a5636 fractal-latest: remove old comments 2023-12-12 21:02:09 +00:00
1119726c64 docs: koreader: dictionary installation 2023-12-12 20:56:46 +00:00
101a2bc3af hare-ev: 2023-10-30 -> 2023-12-04 2023-12-12 20:45:46 +00:00
f4bfaf3581 firefox-extensions: update to latest 2023-12-12 20:44:56 +00:00
e8dfc1dc71 sxmo-utils: 2023-11-26 -> 2023-12-09 2023-12-12 20:44:27 +00:00
ef26b9085c nixpatches: remove merged numpy patch 2023-12-12 20:37:55 +00:00
85d9c11733 sxmo: add an option to disable wob 2023-12-12 19:00:43 +00:00
6d41f1f1db sxmo: re-enable audio
SXMO_NO_AUDIO disables too much. i just want to not launch the daemons, and customizing sxmo_hook_start is enough for that
2023-12-12 18:59:31 +00:00
f9434215db nixpkgs: 2023-12-11 -> 2023-12-12
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/43f7188eba3bc2eb73031bf8f9ad1a02224b6be1' (2023-12-12)
  → 'github:nixos/nixpkgs/a3eee1a84ec0aadb7f567175d79574d63dcecff2' (2023-12-12)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/a8dac2fa64af92360f126d2e20f47cd4ccf1c905' (2023-12-11)
  → 'github:nixos/nixpkgs/47bca5bb0209496389f3a70d2e388c5531831d60' (2023-12-12)
```
2023-12-12 18:40:06 +00:00
83d402eb77 nixos-prebuild: fix typo 2023-12-12 18:39:46 +00:00
cec48e0270 nixpkgs: 2023-12-11 -> 2023-12-12
```
• Updated input 'nixpkgs-next-unpatched':
    'github:nixos/nixpkgs/f81605387c494a302c16901ac6459e877c45f913' (2023-12-11)
  → 'github:nixos/nixpkgs/43f7188eba3bc2eb73031bf8f9ad1a02224b6be1' (2023-12-12)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d' (2023-12-11)
  → 'github:nixos/nixpkgs/a59c7364955e5f32798d0314fbb6aae347ff064d' (2023-12-12)
```
2023-12-12 09:34:52 +00:00
322038ca21 flake.nix: expose the patched nixpkgs as an output, for debugging 2023-12-12 09:34:28 +00:00
6395e60f17 nixpatches: fix date check to be based on when upstream nixpkgs was updated, not this repo 2023-12-12 09:34:28 +00:00
7969eb12d6 cross: partially fix glycin-loaders 2023-12-12 09:34:28 +00:00
f942e2c5a9 nixpatches: revise numpy master merge date 2023-12-12 09:34:28 +00:00
089f676c4a gui: switch back to gthumb; loupe does not cross compile yet 2023-12-12 08:44:08 +00:00
d2012b4e40 notejot: fix store typo 2023-12-12 07:55:18 +00:00
a319017567 gui: switch from gthumb to loupe 2023-12-12 07:38:13 +00:00
a669c9c88b gui: add Loupe image viewer specialization 2023-12-12 07:36:21 +00:00
8391e500c9 gui: handheld: ship notejot 2023-12-12 07:31:00 +00:00
5f27c8fddf servo: nixos-prebuild: cleanup garbage better 2023-12-12 06:47:47 +00:00
a4ae41e627 servo: nixos-prebuild: dont ship jobs to other builders 2023-12-12 06:44:08 +00:00
a5126ae8fb cross: re-enable jbig2dec fix (turns out it is necessary) 2023-12-12 06:20:43 +00:00
f33776e0ed flake: check.nur: simplify nixpkgs path 2023-12-12 03:53:54 +00:00
189eccb01e nixpatches: improve patch conditionality 2023-12-12 03:22:25 +00:00
4336d68e6f flake: fix CLI argument quoting 2023-12-12 02:16:06 +00:00
4f45adb063 gui: disable slic3r 2023-12-12 02:16:06 +00:00
e6b16624c3 ntfy-waiter: fix port typo in service description 2023-12-12 02:15:01 +00:00
e87d2f545c sftpgo: fix systemd after/wants typo 2023-12-12 02:14:45 +00:00
69bc219efa ports: fix systemd RandomizedDelaySec typo 2023-12-12 02:14:27 +00:00
e4f1cfb53f servo: deploy a service which periodically rebuilds my nix config to populate the cache 2023-12-12 02:13:59 +00:00
f1e59061d7 flake: check.hostConfigs: build *-light first even for -next 2023-12-11 23:00:15 +00:00
cd312e41d4 flake: remove check.hostConfigs variants 2023-12-11 22:51:58 +00:00
1bd2d0dfc1 flake: remove separate nixpkgs-staging and staging-next 2023-12-11 22:33:38 +00:00
49235a4d83 flake: add check.hostConfigsNext 2023-12-11 22:23:14 +00:00
e7826e0648 flake: add host outputs for nixpkgs-staging and nixpkgs-staging-next 2023-12-11 22:15:35 +00:00
e7edb4739f flake.nix: fix for better caching on non-cross builds 2023-12-11 21:24:33 +00:00
4a622c558e signal-desktop-from-src: fix nodejs to 18.x 2023-12-11 21:07:42 +00:00
bfe69a4708 flake: fix patching process to assume less about nixpkgs internals 2023-12-11 21:07:17 +00:00
688b4edf13 mpv: handle shorthand youtu.be URLs too 2023-12-11 16:19:51 +00:00
7ca2e5f539 nixpkgs: 2023-12-10 -> 2023-12-11; uninsane-dot-org
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/64292b08dc5d1538d7ab88817a90b2713c34c8a0' (2023-12-10)
  → 'github:nixos/nixpkgs/e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d' (2023-12-11)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=8f7a3f3f7ce95f21131f94418c522062a8dc2055' (2023-12-09)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=ee722a13732b8d03bae56be8147333d144a02126' (2023-12-10)
```
2023-12-11 06:23:43 +00:00
4c5fb74c7d feeds: subscribe to kosmosghost 2023-12-11 04:55:47 +00:00
ad82bb2630 mimeo: fix infinite loop when dispatching non-specialized http/s URLs 2023-12-11 04:52:49 +00:00
008a6192d4 mpv: associate with https://youtube.com/... 2023-12-11 04:52:49 +00:00
f4d4c7a92a sxmo-utils: remove gojq and just use normal jq 2023-12-11 04:44:45 +00:00
0a41192eb1 sxmo-utils: remove gojq requirement 2023-12-11 03:27:58 +00:00
f044fcb584 gnome-frog: fix cross compilation 2023-12-11 03:27:46 +00:00
9e2c0a7112 megapixels: simplify zbar fix 2023-12-11 03:27:29 +00:00
d2e1441d1f sane-clone: grab package data from ~/nixos instead of nixpkgs
this way i can clone my own packages
2023-12-10 17:28:30 +00:00
abbd28a634 git: add an "amend" alias 2023-12-10 17:01:58 +00:00
b309402784 nixpkgs: update; sops-nix: 2023-12-04 -> 2023-12-10
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/852e0ea0e8e1bd174bf1af9706f6b855319a5f1d' (2023-12-10)
  → 'github:nixos/nixpkgs/64292b08dc5d1538d7ab88817a90b2713c34c8a0' (2023-12-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e91ece6d2cf5a0ae729796b8f0dedceab5107c3d' (2023-12-04)
  → 'github:Mic92/sops-nix/d806e546f96c88cd9f7d91c1c19ebc99ba6277d9' (2023-12-10)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
  → 'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
```
2023-12-10 16:50:24 +00:00
a7d3ac95aa nginx: uninsane.org: redirect common feed URIs to the canonical feed 2023-12-10 16:31:30 +00:00
255da2b976 docs: gtkcord4: explain how to disable notif sounds 2023-12-10 16:26:26 +00:00
8cdb4aa53d docs: feedbackd: show how to trigger a sound 2023-12-10 16:25:13 +00:00
4d5b462b2c swaync: add rules to help with debugging 2023-12-10 16:18:55 +00:00
f7a318c937 modules/users: fix services to specify PATH with correct precedence 2023-12-10 15:18:26 +00:00
eb5b9b083c mpv-uosc-latest: remove (no longer needed)
nixpkgs mpv-uosc was recently updated, seems to work well out-of-the-box
2023-12-10 02:32:33 +00:00
e0d9a59d10 nixpkgs: 2023-12-09 -> 2023-12-10
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/61b691834e5ce9590c44690e73392ee7e001d45a' (2023-12-09)
  → 'github:nixos/nixpkgs/852e0ea0e8e1bd174bf1af9706f6b855319a5f1d' (2023-12-10)
```
2023-12-10 02:13:59 +00:00
119ac4cf95 cross: start upstreaming wob patch 2023-12-09 20:20:10 +00:00
f53d0e16ff cross: start upstreaming dino patch 2023-12-09 20:11:36 +00:00
5321ccc980 uninsane-dot-org: mobile-linux-push-notifications: fix src-port -> dest-port typo 2023-12-09 18:28:28 +00:00
e8a6fa3506 uninsane-dot-org: mobile-linux-push-notifications: fix link typo 2023-12-09 18:22:58 +00:00
26e1cc2a7a uninsane-dot-org: revise linux-mobile-notifications for sxmo integration 2023-12-09 18:16:32 +00:00
cec4b4b78e sway: fix app_id for gtkcord4 2023-12-09 16:48:17 +00:00
7ce3cb79c9 switch from abaddon -> gtkcord4 as default discord client 2023-12-09 16:45:40 +00:00
4c553b1525 gtkcord4: fix to Default_keyring instead of login.keyring 2023-12-09 16:42:27 +00:00
84ec809fb5 gui: ship gnome.seahorse 2023-12-09 15:02:00 +00:00
f49e466ce8 flake: add a "hostSystems" target 2023-12-09 14:11:37 +00:00
402baa1011 uninsane-dot-org: 2023-12-03 -> 2023-12-09; nixpkgs 2023-12-09 14:01:51 +00:00
01de6f84cf feeds: subscribe to Louis Rossmann 2023-12-09 08:14:16 +00:00
e1e9047664 nixpkgs: 2023-12-08 -> 2023-12-09
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/c89d45747b4ba510caa6b2704b574484b6f93e96' (2023-12-08)
  → 'github:nixos/nixpkgs/d02151974acd5d2e1a47cee3245d97e130c3ecfa' (2023-12-09)
```
2023-12-09 05:51:01 +00:00
0be9831b0c cross: update upstreaming status 2023-12-08 22:49:18 +00:00
1db9d4d10b roles/build-machine: re-enable big-parallel 2023-12-08 20:20:55 +00:00
ccef9d1414 nixpkgs: update
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/f63903a90faf6cce169eb2bcc93fb45c457b1d31' (2023-12-08)
  → 'github:nixos/nixpkgs/c89d45747b4ba510caa6b2704b574484b6f93e96' (2023-12-08)
```
2023-12-08 20:14:44 +00:00
8b09599c5e sane-sync-music: update files if mtime differs
*presumably* most tagging software updates the mtime when tags change, but i didn't actually check
2023-12-08 15:07:12 +00:00
368099e95a cross: ostree: apply Mindavi's PR feedback 2023-12-08 15:00:29 +00:00
34342b7f48 sync.moby: reduce job count 2023-12-08 14:52:11 +00:00
fcc7ebf5c1 sync.desko: fix mountpoint typo 2023-12-08 12:24:00 +00:00
114bdb30e8 flake: sync-*: refactor 2023-12-08 10:25:01 +00:00
4caf61387e sane-sync-music: add --compress and --compat options 2023-12-08 10:24:48 +00:00
ab020327f4 nixpkgs: 2023-12-07 -> 2023-12-08
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/449c6fb06be60edd4233bb9fe748a0754df185b1' (2023-12-07)
  → 'github:nixos/nixpkgs/f63903a90faf6cce169eb2bcc93fb45c457b1d31' (2023-12-08)
```
2023-12-08 04:26:09 +00:00
bacad0f111 sane-sync-music: add a --force-copy flag 2023-12-07 19:00:51 +00:00
9619c6d2e1 sane-sync-music: refactor to facilitate future tweaks 2023-12-07 18:49:01 +00:00
07c7050335 docs: sane-sync-music: document a bug 2023-12-07 18:17:21 +00:00
24a6fba008 sane-tag-music: remove prefer-path flag to force 2023-12-07 18:08:41 +00:00
51c53b2103 sane-tag-music: allow manually specifying tags via CLI 2023-12-07 18:08:41 +00:00
4ae01aa353 sane-tag-music: auto-create id3 tags for MP3 files 2023-12-07 18:08:41 +00:00
0db1e3728a sway: dont ship custom gtk icons
the GNOME 45 update makes it so default adwaita icons are reliable on moby
2023-12-07 17:56:56 +00:00
83c7657951 sane-tag-music: better handle track names for compilation albums 2023-12-07 17:29:10 +00:00
e20386299f sane-tag-music: add a --force flag 2023-12-07 17:29:10 +00:00
d6e43effde sane-tag-music: better handle verbose track names 2023-12-07 17:29:10 +00:00
bbe8f4a852 sane-tag-music: support opus, aac (limited) 2023-12-07 17:29:10 +00:00
8c98e38053 sane-tag-music: better handling of "Various Artists" 2023-12-07 17:29:10 +00:00
96a36d4d6b sane-tag-music: support ogg files 2023-12-07 17:29:10 +00:00
366a9cea0d fractal: ship optimized build 2023-12-07 16:39:36 +00:00
e810774202 fractal,flare: note that release is incompatible with cross compilation 2023-12-07 16:39:36 +00:00
f2de781cbc nixpkgs: update
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/17411d69e415b5f4910f9a66f89dc6a1866cb410' (2023-12-07)
  → 'github:nixos/nixpkgs/449c6fb06be60edd4233bb9fe748a0754df185b1' (2023-12-07)
```
2023-12-07 16:39:36 +00:00
7f08ad01db sane-tag-music: handle more character encoding edgecases 2023-12-07 15:52:28 +00:00
2c66d8cad0 sane-tag-music: don't crash when file opening fails 2023-12-07 15:51:51 +00:00
fc4803f3fd sane-tag-music: fix bug that song would be extracted into a list of chars 2023-12-07 15:51:17 +00:00
5a6d1dd3c2 sane-tag-music: don't write empty tags 2023-12-07 13:55:45 +00:00
ba42ff7469 sane-tag-music: support mp3 2023-12-07 13:55:45 +00:00
a6cc698c69 signal-desktop-from-src: simplify build process 2023-12-07 13:49:07 +00:00
19b0a62fee flake: support cross deployments from non-binfmt machines 2023-12-07 13:49:07 +00:00
1a6ce11b07 disable binfmt emulation on my build machines 2023-12-07 13:49:07 +00:00
49d8578b83 signal-desktop-from-src: build without emulation 2023-12-07 13:49:07 +00:00
53c0cd570a update todos: moby: install games 2023-12-07 13:49:07 +00:00
4d84bdafed koreader: cross-compile without binfmt 2023-12-07 13:49:07 +00:00
059cd38e7b cross: comment out the firefox hacks
they're unused and broken anyway
2023-12-07 13:49:07 +00:00
8f89d11435 cross: fix wob compilation 2023-12-07 13:49:07 +00:00
243f78ff0e nixpkgs: 2023-12-06 -> 2023-12-07
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/2bea1bc0f98bb316e26d1a5a17df58fce54ca8c4' (2023-12-06)
  → 'github:nixos/nixpkgs/17411d69e415b5f4910f9a66f89dc6a1866cb410' (2023-12-07)

```
2023-12-07 13:49:07 +00:00
21be1b392e servo: switch external storage to zfs pool 2023-12-07 08:57:26 +00:00
8b71e6ac5a sane-stop-all-servo: update with newer services 2023-12-07 05:36:09 +00:00
f5f6298284 re-enable flare-signal 2023-12-06 19:27:47 +00:00
c8370bc290 cross: tried to get cinny to cross-compile, not quite there 2023-12-06 19:26:18 +00:00
abc0ac88d3 flare-signal-nixified: cross-compile without emulation 2023-12-06 19:25:09 +00:00
9da604c0af fractal-nixified: fix build 2023-12-06 19:22:45 +00:00
801da9d321 cross: add a cantBinfmt option to force a package to be built on a non-binfmt machine 2023-12-06 19:20:39 +00:00
ac3b0b873b transmission: increase speed limits 2023-12-06 18:03:08 +00:00
9beee146f2 feeds: sort Youtube feeds 2023-12-06 16:49:40 +00:00
2d06401f3c feeds: subscribe to Tom Scott 2023-12-06 16:19:37 +00:00
2db56f2499 feeds: subscribe to TheB1M 2023-12-06 16:18:03 +00:00
63ea6d7002 feeds: subscribe to Exurb1a 2023-12-06 16:16:29 +00:00
3e2523cc2c feeds: subscribe to Cold Fusion 2023-12-06 16:15:25 +00:00
ad3f5e305e feeds: subscribe to Vox
don't @ me
2023-12-06 16:13:08 +00:00
aa5b9e3db3 user services: wrap with user PATH
notably, this alllows Fractal to open links with the preferred browser
2023-12-06 16:09:07 +00:00
46123719e9 feeds: subscribe to Vihart 2023-12-06 16:09:07 +00:00
16bce990c6 feeds: subscribe to PolyMatter 2023-12-06 16:09:07 +00:00
d55e387187 feeds: subscribe to Vsauce 2023-12-06 16:09:06 +00:00
e75c3375dc feeds: subscribe to Channel5 News 2023-12-06 16:08:50 +00:00
b1c7cb367a feeds: subcsribe to hbomberguy 2023-12-06 15:47:39 +00:00
d63d660ec2 feeds: subscribe to ContraPoints 2023-12-06 15:45:43 +00:00
f24a0a84b5 gpodder: ship on all systems
it's more useful on desko/lappy now that i can ship Youtube feeds.
2023-12-06 15:36:41 +00:00
9704dcc997 feeds: add support for video; subscribe to videos in gpodder 2023-12-06 15:36:05 +00:00
80875d6312 feeds: subscribe to Technology Connections 2023-12-06 15:35:38 +00:00
79f4c9f98c flare-signal-nixified: support defaultCrateOverrides 2023-12-06 14:22:16 +00:00
e2735e151e cross: make buildInQemu more flexible to non-stdenv builders 2023-12-06 14:08:46 +00:00
afb4a88830 moby: enable dialect 2023-12-06 14:00:34 +00:00
84dc8cfd23 cross: build dialect so that it doesn't depend on build binaries at runtime 2023-12-06 13:56:39 +00:00
6ef52677ee nixpkgs: 2023-12-05 -> 2023-12-06
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/3532bd963c2a1417e7d5d9a13b90f3ab8e6b6538' (2023-12-05)
  → 'github:nixos/nixpkgs/2bea1bc0f98bb316e26d1a5a17df58fce54ca8c4' (2023-12-06)
```
2023-12-06 01:45:09 +00:00
73c0e9a742 cross: update error message for fractal 2023-12-05 17:02:33 +00:00
7ff259073e swaync: decrease mpris icon size 64 -> 48px 2023-12-05 17:01:57 +00:00
2bf10c60ee swaynotificationcenter: fix mpris icon height even when it fails to load an icon 2023-12-05 16:57:24 +00:00
72f4b43b54 sxmo: better input mappings 2023-12-05 15:12:08 +00:00
e1ced7a7fe sxmo_hook_inputhandler.sh: remove unused VOL_INCR_2 variable 2023-12-05 10:08:16 +00:00
f41b1cf3b5 sxmo: enable powertoggle -> volup/down for seeking even when screen is on
it's not currently mapped to anything else, so...
2023-12-05 10:04:01 +00:00
70693c2052 sxmo: simplify shortcuts
remove power -> volup DE menu map -- it's accessible via sysmenu now

replace power -> voldown terminal map with just voldown hold
2023-12-05 10:02:19 +00:00
f61d7d0f7d sxmo: decrease power-button timeout 2023-12-05 08:54:18 +00:00
3d7ea75bfc sxmo: simplify XDG_SESSION_TYPE fix 2023-12-05 08:50:19 +00:00
f350d7949c sxmo: fix missing XDG_SESSION_TYPE env var 2023-12-05 08:06:14 +00:00
10c21714ef tangram: build without emulation 2023-12-05 06:02:38 +00:00
2dbae69d50 komikku: build without emulation 2023-12-05 05:16:40 +00:00
4cc5eed884 feeds: subscribe to srslywrong.com 2023-12-05 04:25:25 +00:00
9967868e80 nixpkgs: update
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/d90955124ff3af2d469bf10000b09b9d7dfc5240' (2023-12-04)
  → 'github:nixos/nixpkgs/3532bd963c2a1417e7d5d9a13b90f3ab8e6b6538'
```
2023-12-05 02:04:40 +00:00
bb79752101 cross: gnome-online-accounts: disable unnecessary needsBinfmt
perhaps this was fixed in gnome 44 -> gnome 45
2023-12-04 17:50:12 +00:00
ebd24e5999 cross: evolution-data-server: build w/o binfmt/qemu 2023-12-04 17:50:12 +00:00
7a3fa88559 cross: gnome.mutter: build without binfmt/qemu 2023-12-04 17:50:12 +00:00
cff4fdc5f5 feeds: unsubscribe from Daniel Huberman 2023-12-04 12:36:10 +00:00
e7fc52ff20 cross: build neovim w/o binfmt/qemu 2023-12-04 11:26:28 +00:00
b061aff76e IOCTL_... errrors: track mesa 23.3.1 PR which SHOULD fix them? 2023-12-04 11:07:59 +00:00
b14214761b cross: get jbig2dec to build without binfmt/qemu 2023-12-04 11:07:53 +00:00
9bd684a971 cross: waybar: build without binfmt/qemu 2023-12-04 08:57:57 +00:00
89286be9e1 cross: tidy: remove explicit "final." 2023-12-04 07:42:11 +00:00
991a6a7552 cross: build libpanel w/o binfmt/qemu 2023-12-04 07:26:56 +00:00
04af5558b5 ibus: cross compile without binfmt/qemu 2023-12-04 06:59:00 +00:00
3ee487ca94 cross: fix flatpak to not require binfmt/qemu 2023-12-04 05:05:26 +00:00
20352ff170 calls: cross compile without binfmt/qemu 2023-12-04 04:24:53 +00:00
819894ccbf dino: compile without binfmt/qemu 2023-12-04 04:02:07 +00:00
aa46c4cb8f chatty: remove redundant evolution-data-server override: its done in overlays/preferences.nix 2023-12-04 02:09:52 +00:00
1c75977da7 firefox-extensions: update bypass-paywalls-clean, ublacklist, ublock-origin 2023-12-04 01:47:35 +00:00
c099483305 cross: mark as needsBinfmtOrQemu those packages which can build in either 2023-12-04 01:47:35 +00:00
959e200837 cross: remove upstreamed vulkan-tools fix 2023-12-04 00:38:54 +00:00
d9f0bdb089 nixpkgs, sops-nix, uninsane-dot-org -> 2023-12-04
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/0616776a5e4072e9455e3966d1fce58feefa7a58' (2023-12-03)
  → 'github:nixos/nixpkgs/d90955124ff3af2d469bf10000b09b9d7dfc5240' (2023-12-04)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
  → 'github:Mic92/sops-nix/8bca48cb9a12bbd8766f359ad00336924e91b7f7' (2023-12-03)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
  → 'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=8a4273489d945f21d7e0ca6aac952460c7d4c391' (2023-11-09)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=f865fdd262e249bb1b829900f99cbb67f21a0365' (2023-12-03)
```
2023-12-04 00:34:27 +00:00
b50d723158 servo: nginx: remove "root" in uninsane share path 2023-12-03 15:53:29 +00:00
14739af1b9 servo: nginx: dont follow symlinks in the /share directory 2023-12-03 15:51:01 +00:00
747511c6a8 waybar: link to a better playerctl integration 2023-12-03 15:19:55 +00:00
c96f9cd4de ibus: 1.5.29-rc1 -> 1.5.29
TODO: cleanup this patch and then send to nixpkgs :)
2023-12-03 14:41:56 +00:00
31da2f10c9 sane-wipe: support dino 2023-12-03 14:40:14 +00:00
9e51d7f150 sane-wipe-*: consolidate into one sane-wipe binary 2023-12-03 14:25:35 +00:00
b1b1f8d659 cross: vulkan-tools: link to upstream PR 2023-12-03 14:02:57 +00:00
0c0e7881b1 signal-desktop: document a known bug 2023-12-03 13:58:30 +00:00
6c2f07aab1 cross: disable gnome-2048 fix in light of vala fix being upstreamed (still in staging) 2023-12-03 13:46:01 +00:00
84d2b31c51 cross: fix vulkan-tools compilation 2023-12-03 13:29:44 +00:00
2f23d916f5 sxmo: disable xwayland 2023-12-03 13:03:57 +00:00
d413f4a782 gtkcord4: partially re-enable 2023-12-03 13:01:52 +00:00
c2080cfe1e sway: position Signal on the correct desktop even when run without Xwayland 2023-12-03 13:00:29 +00:00
c687d059c5 signal-desktop: support wayland even when running as a service 2023-12-03 13:00:29 +00:00
a131358c36 signal-desktop: support wayland 2023-12-03 13:00:29 +00:00
0ba012fd7c guis: ship vulkan-tools 2023-12-03 13:00:29 +00:00
b43a693a1e nginx: render directory listings for uninsane.org/share 2023-12-03 09:00:45 +00:00
6f4072efdd servo: enable bitcoind 2023-12-03 08:49:24 +00:00
908984c285 cross: mark mutter as needs binfmt 2023-12-03 02:10:34 +00:00
8772aaec65 zfs: dont ship on moby 2023-12-03 00:58:49 +00:00
f3d605bb63 cross: fix fractal-nixified dep which needs binfmt 2023-12-03 00:40:08 +00:00
6741e0b9e1 nixpkgs: -> tip; sops-nix: 2023-11-27 -> 2023-12-02
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/eb18da27b9cb7e2006574cd962f8a22baf2955f1' (2023-12-02)
  → 'github:nixos/nixpkgs/0616776a5e4072e9455e3966d1fce58feefa7a58' (2023-12-03)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b1edbf5c0464b4cced90a3ba6f999e671f0af631' (2023-11-27)
  → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
```
2023-12-03 00:22:07 +00:00
a9f932408c servo: add zfs dataset 2023-12-02 17:38:00 +00:00
a00e6984d9 nixpkgs: 2023-12-01 -> 2023-12-02
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/7c12c8615307e2677a5f769e27ddb0ab4e36a940' (2023-12-01)
  → 'github:nixos/nixpkgs/eb18da27b9cb7e2006574cd962f8a22baf2955f1' (2023-12-02)
```
2023-12-02 00:12:16 +00:00
b4738438b1 nixpkgs: 2023-11-30 -> 2023-12-01
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8d0f0ca32319439fe9940b1de917dbbdcb8e6f3d' (2023-11-30)
  → 'github:nixos/nixpkgs/7c12c8615307e2677a5f769e27ddb0ab4e36a940' (2023-12-01)
```
2023-12-01 16:19:05 +00:00
416c2f2f39 feeds: remove Hard Fork 2023-12-01 15:35:15 +00:00
589f86010f fix that servo had too low of a inotify watch limit for wan.txt path unit to work 2023-12-01 13:18:05 +00:00
76a7c19996 waybar-sxmo-status: fix volume 2023-12-01 12:51:55 +00:00
3fa676e169 sxmo: waybar: include the volume sxmo status (i.e. microphone/headphones) 2023-12-01 08:45:31 +00:00
3193028c48 sxmo_hook_start: dont start the statusbar items 2023-12-01 07:56:43 +00:00
ba823e8283 sxmo: waybar: provide status more granularly 2023-12-01 07:43:20 +00:00
55f4ef9a4f firefox-extensions.metamask: 11.6.2 -> 11.6.3 2023-12-01 04:33:03 +00:00
200b0dcf7c sxmo: better integrate the status components into waybar
maybe i'll remove all the sxmo-specific logic eventually: it seems generalizable
2023-12-01 03:28:32 +00:00
181f9597c2 Merge branch 'dev' 2023-12-01 01:52:12 +00:00
e55c264c29 activationScripts: fix error messages which would occur on boot, for scripts which only want to run during upgrades 2023-12-01 01:51:37 +00:00
dfbae7e7b5 notify user when nixos deploy/activation completes 2023-12-01 01:29:37 +00:00
98fa50d0eb nixpkgs: 2023-11-29 -> 2023-11-30
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/6711380ae7874005d707d7d03830bd5eee40b43b' (2023-11-29)
  → 'github:nixos/nixpkgs/8d0f0ca32319439fe9940b1de917dbbdcb8e6f3d' (2023-11-30)
```
2023-11-30 23:53:17 +00:00
9503658dec sane-tag-music: handle tracks with soundcloud ID at end of title 2023-11-30 13:59:08 +00:00
3c9bf681b2 sane-tag-music: better handle compilation albums 2023-11-30 13:23:55 +00:00
c1b20675c1 sane-tag-music: handle more path schemas 2023-11-30 12:53:04 +00:00
5703caac19 remove unused scripts/ensure-perms script 2023-11-30 12:53:04 +00:00
7abf7459f9 signal-desktop-from-src: 6.38.0 -> 6.40.0 2023-11-30 09:58:25 +00:00
b14c6ecd5b firefox-extensions: update to latest 2023-11-30 09:47:09 +00:00
455127219d flake: rename check.host-configs -> check.hostConfigs 2023-11-30 01:40:50 +00:00
e235014bde cross: lift defaultCrateOverrides patches to toplevel 2023-11-30 01:40:02 +00:00
ed1bf899b6 fractal: annotate crates which require binfmt for cross compilation 2023-11-30 01:36:53 +00:00
36c7f77a98 nixpkgs: 2023-11-28 -> 2023-11-29
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/c9702bf40b036c0f1d3d5b0aaf3eee2bf920124c' (2023-11-28)
  → 'github:nixos/nixpkgs/6711380ae7874005d707d7d03830bd5eee40b43b' (2023-11-29)
```
2023-11-30 00:50:35 +00:00
996b4f8366 sane-tag-music: update tags even if file had no existing tags 2023-11-29 13:05:05 +00:00
39d94b34d7 sane-tag-music: better handle singles 2023-11-29 12:57:16 +00:00
6edc6841bf sane-tag-music: support directory/tree operations 2023-11-29 12:52:35 +00:00
b2806bd649 sxmo: ship codemadness-frontends 0.6 2023-11-29 12:31:36 +00:00
936118b8cb sane-tag-music: init 2023-11-29 12:29:58 +00:00
120f251590 sxmo-utils: enable sxmo_youtube.sh script 2023-11-29 10:16:00 +00:00
d9962e1b03 codemadness-frontends: fix cross compilation 2023-11-29 10:15:39 +00:00
1396eb2c58 codemadness-frontends: init at 0.8 2023-11-29 09:51:42 +00:00
12daa9830e pkgs/default.nix: fix sorting 2023-11-29 04:29:40 +00:00
3e5e1477b9 pipeline: init at 1.14.1
note that this doesn't cross compile, because of stupid fucking rust build.rs scripts

thanks, openssl-sys
2023-11-29 04:28:19 +00:00
c100f55f1c mpv: associate with opus mimetype 2023-11-29 01:14:15 +00:00
5a0c0dff41 nixpkgs: 2023-11-27 -> 2023-11-28, sops-nix -> 2023-11-27
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/927a9655a267b2b92ece7363efc4f74bf7b2612d' (2023-11-27)
  → 'github:nixos/nixpkgs/c9702bf40b036c0f1d3d5b0aaf3eee2bf920124c' (2023-11-28)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/4be58d802693d7def8622ff34d36714f8db40371' (2023-11-26)
  → 'github:Mic92/sops-nix/b1edbf5c0464b4cced90a3ba6f999e671f0af631' (2023-11-27)
```
2023-11-28 14:16:22 +00:00
8fc5e3611e slskd: fix that the nixos module unconditionall enables nginx 2023-11-28 14:08:08 +00:00
3c3fe16569 servo: enable Soulseek 2023-11-28 11:46:47 +00:00
8eb83bb283 sane-ssl-dump: remove
i never used it
2023-11-28 09:12:39 +00:00
e559f1b960 docs: comment nixpkgs.config options 2023-11-28 08:05:19 +00:00
24a485c213 ripgrep: send cross compilation patch upstream 2023-11-28 00:33:13 +00:00
413669d118 cross: avoid building samba
i was already trying to avoid it, just missed some spots
2023-11-28 00:33:13 +00:00
1729f29374 cross: fix ripgrep 2023-11-28 00:33:13 +00:00
e58833da3b nixpkgs: 2023-11-27 -> 2023-11-27
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/494d8bcc83c99f1c5668cfd5f042b11a0d753749' (2023-11-27)
  → 'github:nixos/nixpkgs/927a9655a267b2b92ece7363efc4f74bf7b2612d' (2023-11-27)
```
2023-11-28 00:33:13 +00:00
e5d4b57d9e overlays/cross: remove dead commented out code 2023-11-28 00:33:13 +00:00
1d61834a95 cross: remove upstreamed mpv patch 2023-11-28 00:33:13 +00:00
b74f55cf54 nixpkgs: 2023-11-26 -> 2023-11-27
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/013f0a99e56eeb1cfb44764fc0d419306b84bbe4' (2023-11-26)
  → 'github:nixos/nixpkgs/494d8bcc83c99f1c5668cfd5f042b11a0d753749' (2023-11-27)
```
2023-11-28 00:33:13 +00:00
eb07a416b4 nixcache: disable big-parallel for servo 2023-11-28 00:33:13 +00:00
ca277567f4 snippets.txt: remove double-spaces 2023-11-27 11:31:52 +00:00
68c2f8f333 fetchFromGitLab: passthru owner and repo 2023-11-27 10:26:44 +00:00
ae5dee394c sane-clone: simplify to not use jq 2023-11-27 10:22:45 +00:00
a94c460a95 sane-clone: note that fetchFromGitLab doesnt pass attrs through in quite the same way 2023-11-27 09:48:59 +00:00
78bf5caf00 cross: fix iotas
i don't know if it's actually runnable. it complains about aspell/gtkspellcheck not finding any dictionary, when i emulate it. but if this is a problem on non-emulated host, i expect it's not specific to cross compilation
2023-11-27 09:48:37 +00:00
c5dbda67ad bonsai: fix cross compilation 2023-11-27 09:19:13 +00:00
2260fbaec5 bonsai/hare-ev/hare-json: sync with nixpkgs PR 2023-11-27 09:19:13 +00:00
4d2fecec13 geary: add my other email account 2023-11-27 07:56:26 +00:00
101677688e trust-dns: note that --debug doesnt act as expected 2023-11-27 06:53:48 +00:00
ca8fefe0c6 sxmo: persist SMS messages 2023-11-27 06:46:57 +00:00
3e8d7ef8e3 sane-wipe-browser: also wipe Brave 2023-11-27 06:45:41 +00:00
71aed74e20 nixcache: disable supercap 2023-11-27 01:48:19 +00:00
712e2c2d12 monero: forward port 18080 2023-11-27 01:48:19 +00:00
892ba7d63e sxmo: disable sway-autoscaler
1: gnome-maps 45 scales way better. 2: the autoscaler seems to not be working anymore (app_id changed?)
2023-11-26 22:03:57 +00:00
96ca2a6585 sxmo-utils: 2023-11-07 -> 2023-11-26 2023-11-26 22:02:47 +00:00
3ebf6470c1 nixpkgs: 2023-11-26 -> 2023-11-26
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/c6c20c63b4c1f715f602ecc46e21521e7825c2fb' (2023-11-26)
  → 'github:nixos/nixpkgs/013f0a99e56eeb1cfb44764fc0d419306b84bbe4' (2023-11-26)
```
2023-11-26 21:58:03 +00:00
f8db994129 nixpkgs: 2023-11-25 -> 2023-11-26; sops-nix -> 2023-11-26
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e6e261526ebe0762e1fb7a80cd320d09602ade5a' (2023-11-25)
  → 'github:nixos/nixpkgs/c6c20c63b4c1f715f602ecc46e21521e7825c2fb' (2023-11-26)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
  → 'github:Mic92/sops-nix/4be58d802693d7def8622ff34d36714f8db40371' (2023-11-26)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
```
2023-11-26 12:33:32 +00:00
dcb74234a6 wine: persist pb powerbomber 2023-11-26 12:18:08 +00:00
ac7c0709e8 monero: enable i2p/tor 2023-11-26 10:11:52 +00:00
7d8595233c servo: enable monero service 2023-11-26 10:11:52 +00:00
5452286493 games: ship hitori 2023-11-26 09:22:40 +00:00
5528b6d87d games: ship wine
launch games with `wine some-game.exe`
2023-11-26 09:20:48 +00:00
6ae3e61d1d sxmo: doc: dedupe_lisgd 2023-11-26 07:01:13 +00:00
a9093a6a69 snippets: fix comment formatting 2023-11-26 06:35:49 +00:00
3dcf7a1204 snippets: add link 2023-11-26 06:35:31 +00:00
c2c63d400f sxmo: bonsai: dont ship service file if sxmo isnt enabled 2023-11-26 02:31:59 +00:00
8f9c9efca1 feeds: econlib: update feed URL 2023-11-26 02:17:36 +00:00
1cb83032a1 feeds: postmarketOS: update feed url 2023-11-26 02:17:23 +00:00
eba9253efe firefox-extensions: bump 2023-11-26 02:16:55 +00:00
9bd0537854 flake: fix "update" for my newer overlay schema 2023-11-26 02:16:25 +00:00
9491190ce4 bonsai: 1.0.0 -> 1.0.2; hare-json/hare-ev deps also updated
nixpkgs has a new version of hare which supports these
2023-11-26 01:21:02 +00:00
9b70d8884d refactor: expose "pkgs.sane.*" even for pkgs which wouldnt be visible in the toplevel scope 2023-11-26 01:20:17 +00:00
9824094fdc nixpkgs: 2023-11-24 -> 2023-11-25
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/869da636fea368dccc4331355894778f64c4a9bb' (2023-11-24)
  → 'github:nixos/nixpkgs/e6e261526ebe0762e1fb7a80cd320d09602ade5a' (2023-11-25)
```
2023-11-25 10:41:25 +00:00
361be1e5d1 fractal-latest: 2023-09-14 -> 2023-11-24 2023-11-25 09:01:41 +00:00
1d38aa62de fractal: persist the new(est) state dir
hope it stops moving around soon lol
2023-11-25 08:57:50 +00:00
d8a4702f1e bonsai: disable auto-updater 2023-11-25 08:57:50 +00:00
75124f18c0 firefox-extensions: update 2023-11-25 08:57:50 +00:00
f54df71d2a fractal-nixified: unstable-2023-09-14 (350a65cb0) -> 5 (2023-11-24)
this gets me the libadwaita/gtk4 updates from gnome 45.
2023-11-25 08:57:50 +00:00
b40b29350a linux-megous: orange-pi-6.5-20230914-1327 -> orange-pi-6.6-20231103-1422 2023-11-25 08:57:42 +00:00
6a9b8b558a cross: mark tangram, gnome-online-accounts as needs binfmt 2023-11-25 06:27:20 +00:00
58f17eac2d cross: mark calls as needs binfmt 2023-11-25 05:55:17 +00:00
41709b6eac cross: mark fractal-nixified as needs binfmt 2023-11-25 05:54:06 +00:00
f9f247df39 cross: annotate which packages require binfmt 2023-11-25 05:05:05 +00:00
4c4a8a0897 neovim: port to wrapNeovimUnstable 2023-11-25 05:02:48 +00:00
10aea555dd neovim: simplify implementation 2023-11-25 04:46:24 +00:00
43f7f07d0e cross: mark argyllcms, jbig2dec as needsBinfmt 2023-11-25 00:13:49 +00:00
3bde4a70ca docs: nix store ping when user doesnt have perms 2023-11-24 22:38:58 +00:00
b9fefdab80 nixcache: fix so supercap can be used as a remote builder w/o any of the others 2023-11-24 22:21:08 +00:00
2ac2aa4e6c tuba: 0.4.1 -> 0.5.0 2023-11-24 21:57:29 +00:00
8f526cd2b5 tuba: remove workaround (fixed via gnome 45 update) 2023-11-24 21:41:07 +00:00
6382ac22cb zsh: new alias to aid cloning an OS package 2023-11-24 21:40:16 +00:00
e1845d37da zsh: order aliases alphabetically 2023-11-24 21:39:52 +00:00
9ccbfd8bf0 sane-clone: init
script to "git clone" a nix packages source code
2023-11-24 21:29:15 +00:00
37a95b97f6 nixpkgs: 2023-11-21 -> 2023-11-24
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/72edcc748a92377d0568c9536ece114dbabb948c' (2023-11-21)
  → 'github:nixos/nixpkgs/869da636fea368dccc4331355894778f64c4a9bb' (2023-11-24)
```
2023-11-24 09:17:21 +00:00
4e0845eb9c cross: koreader-from-src: mark as needsBinfmt 2023-11-24 09:17:17 +00:00
dc8b79b721 sync todo.md 2023-11-24 08:20:03 +00:00
dd0ab41396 refactor: move builders-user-substitutes to be near the other nix extraOptions 2023-11-24 08:13:37 +00:00
c3c3cff6ca enable supercap as remote builder 2023-11-24 08:06:17 +00:00
1f26b36fb8 hosts/modules/hostnames.nix -> hosts/common/hostnames.nix 2023-11-24 07:37:14 +00:00
e990d5a645 hosts: add supercap 2023-11-24 07:35:58 +00:00
121e86013e feeds: add Hard Fork podcast 2023-11-23 05:57:23 +00:00
e0a1dcd51f refactor: remove modules/data/keys.nix 2023-11-23 03:56:00 +00:00
758281f772 modules/feeds: remove unused parameter 2023-11-23 03:37:18 +00:00
fe19065a6a rename working -> .working 2023-11-23 03:29:04 +00:00
a9ba9b77ad enable servo as a remote builder 2023-11-23 02:21:01 +00:00
23f4b2e2e4 nixserve: dependency-inject the pubkey
this is in modules/ dir; shouldn't have that kind of data in it
2023-11-23 02:14:18 +00:00
2d65282643 nixremote: define the user as part of the nixserve module 2023-11-23 02:08:45 +00:00
0bd9125484 remote builder: simplify auth 2023-11-23 02:06:54 +00:00
175144663d desko: dont use ourself as remote substituter/builder 2023-11-23 02:02:19 +00:00
77a0a36bb8 enable remote-building for lappy/moby 2023-11-23 01:59:37 +00:00
f26b64c660 nixremote: fix up perms 2023-11-23 01:44:27 +00:00
3ff9c0ad0c add a "nixremote" user for remote bulding (experimental; builds arent actually enabled yet) 2023-11-23 01:27:28 +00:00
3eb6ce6ff6 cross: apply vala targetOffset fix 2023-11-22 22:11:27 +00:00
845b4b219d cross: update upstreaming status 2023-11-22 22:03:34 +00:00
ffe53086fb cross: update upstreaming notes 2023-11-22 10:22:11 +00:00
5c34c807c5 cross: remove unused networkmanager-fortisslvpn 2023-11-22 09:52:30 +00:00
de2a33580a cross: update upstreaming/blocker notes 2023-11-22 08:33:09 +00:00
08a875d862 cross: remove workaround for obex_data_server, which cross compiles cleanly now 2023-11-22 08:05:14 +00:00
7eeebd632d cross: libpanel: annotate with upstreaming status 2023-11-22 05:02:43 +00:00
a72e9b1a3e cross: remove fixes for packages i dont use 2023-11-22 05:01:34 +00:00
56808821da overlays/cross: disable the unused qt5 stuff; it's not clear it even still works 2023-11-22 03:53:27 +00:00
b53eca6323 cross: annotate xdg-desktop-portal upstreaming status 2023-11-22 03:52:36 +00:00
5a1edb51ef preferences: re-enable pipewire patch. it's still needed 2023-11-22 03:52:15 +00:00
b03328b54f chatty-latest: fix build
evolution-data-server no longer propagates libsecret: upstream nixpkgs applied this patch as well
2023-11-22 03:50:39 +00:00
4e2615f321 xdg-desktop-portal: fix cross compilation 2023-11-22 03:36:50 +00:00
1e14654d95 libpanel: fix cross compilation 2023-11-22 03:36:36 +00:00
0519db4d2c overlays/preferences: disable python stuff no longer needed by komikku 2023-11-22 02:21:23 +00:00
5b9e4df03b overlays/cross: remove upstreamed dead-code 2023-11-22 02:21:00 +00:00
2dbde57f46 overlays/disable-flakey-tests: remove unneeded libwacom patch 2023-11-22 01:42:33 +00:00
d51b7eb124 overlays/disable-flakey-tests: remove unneeded gupnp patch 2023-11-22 01:30:06 +00:00
bfcc071d94 overlays/disable-flakey-tests: remove unnecessary visidata patch 2023-11-22 01:26:38 +00:00
72e1ab6ad6 nixpatches: remove dead mepo patch (merged upstream) 2023-11-22 01:11:49 +00:00
d54efbaacf overlays/preferences: remove unneeded pipewire specialization 2023-11-22 00:54:05 +00:00
7d2f166d67 prefs: remove unnecessary electrum patch 2023-11-22 00:36:48 +00:00
aff3e1aee8 disable gtkcord4 2023-11-22 00:25:14 +00:00
9343447c03 nixpkgs: 2023-11-19 -> 2023-11-21
switch to `master` branch for the GNOME changes

```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19)
  → 'github:nixos/nixpkgs/72edcc748a92377d0568c9536ece114dbabb948c' (2023-11-21)
```
2023-11-22 00:00:52 +00:00
beb13b8f84 gnome 44 -> 45 2023-11-21 23:12:19 +00:00
70b273a0d2 sxmo: include WM menu in the system menu 2023-11-21 22:39:31 +00:00
fc2bf35588 sway-autoscaler: tune gnome-maps scale 2023-11-21 08:59:34 +00:00
05893ad661 moby: auto-start Signal 2023-11-21 08:28:15 +00:00
fdc9df6b91 sway-autoscaler: cleanup 2023-11-21 08:25:01 +00:00
c6d68e1450 sway: reposition displays 2023-11-21 08:18:35 +00:00
d294be9f35 sxmo: auto-scale the environment to accomodate non-mobile-friendly apps
this is hacky, but it hopefully makes gnome-maps usable, quickly.
an alternative fix would be to theme gnome-maps.
it's likely also that it becomes more mobile-friendly in the gnome 45
release.
2023-11-21 08:14:52 +00:00
98ea4d2dfe abaddon: depend on gnome-keyring 2023-11-21 06:05:52 +00:00
6a950b4e97 abaddon: integrate with swaync services buttons 2023-11-21 03:32:59 +00:00
70292e4f8e abaddon: dont show the "view members" pane, by default 2023-11-21 03:06:58 +00:00
67f8b82740 gitea: track upstream auth fix PR 2023-11-21 02:44:42 +00:00
e9eb139b80 gitea: fix database permissions 2023-11-21 02:27:00 +00:00
61d5b9f048 abaddon: disable platform override (upstream has merged support for aarch64) 2023-11-21 00:37:02 +00:00
c5c86c3964 abaddon: configure for autoconnect 2023-11-21 00:36:43 +00:00
0f233f3a22 gitea: fix database creation error (from latest nixpkgs update) 2023-11-20 10:48:27 +00:00
166bd70a1f nixpkgs: 2023-11-17 -> 2023-11-19; sops-nix -> 2023-11-19
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0e3a94167dcd10a47b89141f35b2ff9e04b34c46' (2023-11-14)
  → 'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/9502d0245983bb233da8083b55d60d96fd3c29ff' (2023-11-12)
  → 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
```
2023-11-20 10:02:56 +00:00
776b4a6c02 doc: consider ideal input mapping a bit more 2023-11-20 09:21:44 +00:00
75dcc60be5 sxmo/bonsai: simplify bindings: remove power x 3 in favor of powerhold 2023-11-20 09:12:43 +00:00
53034a6ff4 bonsai: simplify the nix code for volume handling 2023-11-20 09:07:51 +00:00
1ea6df9e6c sxmo/bonsai: rework mappings so vol-up/vol-down (app menu/keyboard) trigger instantly w/o timeout 2023-11-20 08:44:10 +00:00
a98a14da3d sxmo: map power hold to just a single power press
less risky than accidentally killing a window (power x3)
2023-11-20 07:36:46 +00:00
629cb8776e sxmo: map volup_three/voldown_three to seek controls when screenoff 2023-11-20 07:35:23 +00:00
96a63d0e89 sxmo: friendly format with which to define bonsai map 2023-11-20 07:25:21 +00:00
c7b065eed9 sxmo_hook_inputhandler: set volume directly
now that i'm using SXMO_NO_AUDIO, i can't use sxmo_audio.sh
2023-11-20 06:57:51 +00:00
89b0b8884b sxmo: set SXMO_STATES=unlock screenoff 2023-11-20 06:53:59 +00:00
644983d27a bonsaid: configure via nix 2023-11-20 06:46:44 +00:00
04d3ea97f3 flake: add a hostConfigs output 2023-11-20 06:29:51 +00:00
11baf471a4 desko: open firewall for nix-serve 2023-11-20 04:58:13 +00:00
505c2d83f2 sxmo-utils: add missing upower dependency 2023-11-20 04:49:38 +00:00
f84ab9a4d1 sxmo: fix that sxmo_state_switch.sh was renamed upstream 2023-11-20 02:36:42 +00:00
0127b61901 sxmo: fix that upstream renamed sxmo_dameons.sh -> sxmo_jobs.sh 2023-11-20 02:31:55 +00:00
b7247f6082 sxmo.bonsaid: make it a proper nix module 2023-11-20 02:31:23 +00:00
9cc72c09dc sxmo: split bonsai out to own file 2023-11-20 01:55:15 +00:00
d763f3b912 nix.extraOptions: tune 2023-11-20 01:37:26 +00:00
f8899aada0 sane.programs.animatch: move to own file 2023-11-19 23:58:00 +00:00
2e983267d4 sxmo-utils: 2023-10-10 -> 2023-11-07 2023-11-19 23:55:41 +00:00
df0c63b300 sxmo-utils: obtain via fetchFromSourcehut 2023-11-19 23:53:37 +00:00
1db2031b76 sxmo-utils: rename from sxmo-utils-latest 2023-11-19 23:44:48 +00:00
2720ccc1fc sxmo-utils.stable: remove
i don't use this. upstream doesn't tag releases enough for it to be useful.
2023-11-19 23:40:56 +00:00
f2aea2c201 phog: 0.1.5 -> 0.1.6 2023-11-19 23:35:00 +00:00
6b9c5f518e koreader-from-src: 2023-10-18 -> 2023.10 (i.e. end-of-month commit) 2023-11-19 23:04:39 +00:00
6d6d2320bd cross: fix mutter build 2023-11-19 11:06:51 +00:00
a1298d6cda nixpkgs 2023-11-14 -> 2023-11-17
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/bf744fe90419885eefced41b3e5ae442d732712d' (2023-11-14)
  → 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
```
2023-11-19 10:57:50 +00:00
52b59bcde8 feeds: add Mic92 (nix dev) 2023-11-19 10:55:51 +00:00
256c85ba5c abaddon: refer to upstream PR for platforms fix 2023-11-19 03:24:46 +00:00
5e484719c2 swaync: sound alerts for abaddon (discord) 2023-11-19 03:14:22 +00:00
6b88379b01 abaddon: 0.1.12 -> 0.1.13
this resolves the warning on launch about the build id not being found
2023-11-19 03:13:44 +00:00
7b29624776 abaddon: force to workspace 1 2023-11-19 03:02:14 +00:00
18f8825cd5 flake: fix deploy so the -light and -test variants work 2023-11-19 02:53:38 +00:00
3d94d02960 flake: fix deploy script map 2023-11-19 02:41:00 +00:00
1f8886684f ship abaddon discord client 2023-11-19 02:37:51 +00:00
29f1da873b sane-weather: enable alternate NWS provider (metar API has changed) 2023-11-19 02:07:07 +00:00
97ec517a1e conky: battery_estimate: fix formatting 2023-11-19 01:51:15 +00:00
2fccaf684c conky: show battery on lappy, and not on desko 2023-11-19 01:50:14 +00:00
008063e645 flake: check target builds hosts in a specific order 2023-11-19 01:36:34 +00:00
867c949604 todo: removed x86GuiApps 2023-11-19 01:36:29 +00:00
7a1af6ee5c firefox: mark as *not* slow to build
this ensures it's always in the base desktop build. otherwise, i never build any browser for desko-light
2023-11-18 23:00:40 +00:00
0893c90c51 refactor how i decide which programs go on which machine (leverage "roles" like pc and handheld) 2023-11-18 22:56:53 +00:00
3c7ebb5385 hosts/modules/gui: refactor package sets 2023-11-18 22:20:38 +00:00
91c2f6fc95 implement sane.programs.slowToBuild and {moby,desko,lappy}-light targets
i'm not sure this is the exact right abstraction, but it's a starting point
2023-11-18 22:06:42 +00:00
ead08fbb5d disable nheko 2023-11-18 22:06:37 +00:00
3ad6a15f56 firefox: reduce scrollbar size :-( 2023-11-18 22:06:34 +00:00
12adb9f10a element-desktop: use electron-bin instead of from-source electron 2023-11-18 22:06:30 +00:00
7b2932b02b firefox-extensions: update to latest 2023-11-18 22:06:26 +00:00
57a47da12c swaync: audibly notify on gtkcord4 notification 2023-11-18 19:19:33 +00:00
84a51faa70 todo.md: document some nix-related bugs 2023-11-18 00:24:16 +00:00
ad495301c0 feeds: add Jeff Geerling 2023-11-18 00:23:58 +00:00
43bd745228 sway: fix broken brightness_down_cmd 2023-11-17 22:46:44 +00:00
fea056d9be todo.md: fix swaync mpris art 2023-11-17 09:36:07 +00:00
2f320db5e2 gtkcord4: add swaync icon and user service 2023-11-17 09:18:14 +00:00
130268491c ship gtkcord4 2023-11-17 08:27:19 +00:00
caf95675d6 packages: persist data for unofficial discord clients 2023-11-17 08:26:36 +00:00
b23281e9dc swaync: make the service buttons more compact 2023-11-17 04:06:26 +00:00
850354b7d7 integrate Signal into swaync and sway/autostart 2023-11-17 04:05:59 +00:00
5c7851e4d9 signal-desktop-from-src: fix SOURCE_EPOCH_DATE to prevent "build to old" runtime error 2023-11-17 03:22:27 +00:00
d85dbf1d33 animatch: correctly persist progress (?) 2023-11-17 01:24:04 +00:00
93ea668db3 install more desktop games 2023-11-17 00:13:34 +00:00
5f426b3efd ship vvvvvv game 2023-11-16 20:50:40 +00:00
4b6a18e4e7 programs: split games into own category; re-enable shattered-pixel-dungeon 2023-11-16 20:26:37 +00:00
35629a2a07 nixpkgs: 2023-11-12 -> 2023-11-14
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e44462d6021bfe23dfb24b775cc7c390844f773d' (2023-11-12)
  → 'github:nixos/nixpkgs/bf744fe90419885eefced41b3e5ae442d732712d' (2023-11-14)
```
2023-11-16 20:17:30 +00:00
50651d1c03 animatch: provide via upstream 2023-11-16 20:17:20 +00:00
412667dd0e nixpatches: remove gnustep patch (invalid ref) 2023-11-16 20:12:53 +00:00
c46a5089a6 animatch: simplify build 2023-11-16 07:39:49 +00:00
1b3f902dc2 signal-desktop-from-src: use non-builtins fetchurl to fix purity (and NUR build) 2023-11-16 07:24:39 +00:00
bfcb4f92e8 add todo item: remove x86GuiApps 2023-11-16 00:38:06 +00:00
13dda2e533 programs: ship animatch 2023-11-16 00:36:31 +00:00
29c5811b68 animatch: init at 1.0.3 2023-11-16 00:32:02 +00:00
8111757357 firefox-extensions: update (bypass-paywalls-clean, ublacklist, ether-metamask) 2023-11-15 23:20:40 +00:00
93ff8f25a1 signal-desktop-from-src: 6.36.0 -> 6.38.0
apparently after pairing, both versions give the message that they're 'too old'
2023-11-15 23:12:55 +00:00
bb810ac75a signal-desktop: fix directory persistence 2023-11-15 23:07:25 +00:00
87b78d1c89 signal-desktop-from-src: remove unused package.json 2023-11-15 22:41:05 +00:00
bc56f78fd2 signal-desktop-from-src: clean up the package 2023-11-15 22:40:13 +00:00
41ac63f445 signal-desktop-from-src: remove lockfile from repo 2023-11-15 21:41:29 +00:00
b538044d9a nvme-cli: dont ship on moby 2023-11-15 20:41:41 +00:00
02882dd781 nixpkgs: 2023-10-29 -> 2023-11-12; sops-nix -> 2023-11-14; uninsane-dot-org
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29)
  → 'github:nixos/nixpkgs/e44462d6021bfe23dfb24b775cc7c390844f773d' (2023-11-12)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/632c3161a6cc24142c8e3f5529f5d81042571165' (2023-10-29)
  → 'github:Mic92/sops-nix/0e3a94167dcd10a47b89141f35b2ff9e04b34c46' (2023-11-14)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/d87c5d8c41c9b3b39592563242f3a448b5cc4bc9' (2023-10-29)
  → 'github:NixOS/nixpkgs/9502d0245983bb233da8083b55d60d96fd3c29ff' (2023-11-12)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=2419750ca98fc04af42c91e50c49a29c68d465d2' (2023-10-30)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=8a4273489d945f21d7e0ca6aac952460c7d4c391' (2023-11-09)
• Updated input 'uninsane-dot-org/flake-utils':
    'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25)
  → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
```
2023-11-15 07:16:20 +00:00
a24d5581f1 nixpatches: build latest zcash 2023-11-15 07:13:33 +00:00
3125acc95c nixpatches: assorted minor updates 2023-11-15 07:12:46 +00:00
d4c7cfcdf8 ship signal-desktop-from-src 2023-11-15 07:07:58 +00:00
6ff01649d6 signal-desktop-from-src: build with electron_27-bin 2023-11-15 07:07:44 +00:00
dfe724ff52 shattered-pixel-dungeon: persist save file 2023-11-15 05:53:14 +00:00
6c759c226a cross: docs: mention that libgnome-games-support has been merged 2023-11-15 05:52:46 +00:00
d22c2ea56a sxmo: re-enable xwayland
this fixes signal-desktop :)
2023-11-15 05:51:32 +00:00
319bfe205d signal-desktop-from-src: support cross compilation 2023-11-15 05:50:23 +00:00
c4367644dd sane-vpn: add usage/help 2023-11-14 23:29:34 +00:00
69464c2405 snippets: update dead links 2023-11-14 22:43:09 +00:00
1da78d093f ship gnome-2048 game 2023-11-14 03:36:15 +00:00
70ccbb3f59 signal-desktop-from-src: working build 2023-11-14 02:18:28 +00:00
214f24805e swaync: disable vpn::hn action 2023-11-14 01:31:30 +00:00
37f6c9c3bf swaync: improve service icons slightly more 2023-11-14 00:46:39 +00:00
c0ba6dc9f5 swaync: change GPS icon to an actual icon 2023-11-14 00:39:24 +00:00
92159f2a3d dino: simplify service description 2023-11-14 00:39:24 +00:00
3855fb5eb6 geary: integrate with swaync and auto-start 2023-11-14 00:39:24 +00:00
5b3a716819 todo.md: add more apps to install 2023-11-14 00:39:24 +00:00
48b6045ba3 gui: ship superTux, superTuxKart 2023-11-14 00:39:24 +00:00
fd965177ff gui: ship gnome-calendar 2023-11-14 00:39:24 +00:00
b34d332a32 gui: ship gnome-clocks 2023-11-14 00:39:24 +00:00
23db2bf1bf gui: ship gnome-calculator 2023-11-14 00:39:24 +00:00
5996e1f301 servo: fix sane.persist ext store 2023-11-13 05:27:14 +00:00
70a61386b8 add todo for biblioteca doc viewer 2023-11-13 00:14:21 +00:00
53df000ba6 zsh: increase history size 2023-11-12 22:16:33 +00:00
802294ec9c moby: disable dialect program 2023-11-11 02:07:36 +00:00
ed4e289209 moby: fix cross-compilation of dialect/wike 2023-11-10 23:05:12 +00:00
796977713d cross compilation: fix spot build 2023-11-10 22:12:00 +00:00
1f0f84f2f0 programs: add dialect, spot, wike, xq 2023-11-10 19:29:43 +00:00
4e328ae0a3 todo: fix fractal link opener 2023-11-10 18:52:03 +00:00
b572d6d27b new todo: RSS paywall bypass 2023-11-10 17:34:15 +00:00
cd79be5414 feeds: remove unused fields 2023-11-10 17:27:51 +00:00
28dbf10a30 todo.md: remove completed items 2023-11-10 16:25:51 +00:00
96cabc30bc move /etc/nix/source -> /etc/nixos 2023-11-09 17:29:41 +00:00
f5376f2dbb desko: update disk UUIDs 2023-11-09 16:10:11 +00:00
8b25bc96a4 rescue: enable root-on-tmpfs, and consolidate those definitions 2023-11-09 00:15:30 +00:00
6acd363f55 sane.persist.root-on-tmpfs -> sane.root-on-tmpfs 2023-11-09 00:15:04 +00:00
539ee010ab hosts: ship a copy of this repo in /etc/nix/source 2023-11-08 23:56:31 +00:00
5202c572fb firefox-extensions: update to latest 2023-11-08 23:44:27 +00:00
5630b6d8d7 swaync: fix build (github patch changed) 2023-11-08 21:56:46 +00:00
23c46079a9 image: allow configuring the sector size 2023-11-08 16:42:25 +00:00
df9ffcb7b1 zsh: auto-detect guiIntegrations feature 2023-11-08 15:33:15 +00:00
f4f1917ed6 rescue: remove extraneous generic-extlinux-compatible option 2023-11-08 15:33:15 +00:00
851b2cec88 rescue: disable persistence 2023-11-08 15:33:15 +00:00
28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
7c5f5bd604 programs: add nvme, e2fsprogs to sysadminTools 2023-11-08 14:36:27 +00:00
7e4899832d wg-home: fix type error 2023-11-08 13:24:10 +00:00
226c4ba818 rescue: auto-login user 2023-11-08 13:18:30 +00:00
76b6b71879 mobile-nixos: pin to 2023-09-15 2023-11-08 12:13:50 +00:00
4951520584 flake: integrate rescue image building into the "check" target 2023-11-08 11:39:45 +00:00
e30d452254 flake: add help for building the rescue image 2023-11-08 11:35:32 +00:00
18a7598f62 programs: xdg-terminal-exec: move to gui programs 2023-11-08 11:31:49 +00:00
4d3e482174 zsh: remove vteIntegration from rescue image 2023-11-08 11:26:55 +00:00
68556222e2 fix rescue host build 2023-11-08 11:16:56 +00:00
2275fc20cd nixpatches: update hashes 2023-11-08 10:56:18 +00:00
7c247a6d39 initrd: add more helper (debugging) tools 2023-11-08 10:55:47 +00:00
1483dac941 cross: explain the webkitgtk situation better 2023-11-08 10:55:13 +00:00
e1a8c94ab9 programs: ship ddrescue 2023-11-06 23:57:48 +00:00
b0e66056ec WIP: signal-desktop-from-src: use node headers from electron.bin 2023-11-05 20:03:38 +00:00
08dd4ca641 sane-bt-add: leave a TODO for fixing InvalidSchema exceptions 2023-11-05 20:03:03 +00:00
f6eadd3696 devPkgs: add requests to python 2023-11-05 20:02:40 +00:00
b59685cc9d signal-desktop-from-src: get more working
no longer complains about ABI mismatches
2023-11-05 14:49:40 +00:00
c30e131aa7 signal-desktop-from-src: closer to working 2023-11-04 14:52:09 +00:00
5adf6c0194 snippets.txt: add billshare 2023-11-03 12:26:57 +00:00
6b7507384c sftpo: restart on failure (e.g. when it fails to bind address 2023-11-03 07:21:21 +00:00
e97d844380 signal-desktop-from-src: link in ringrtc, better-sqlite3
now it launches, but hangs at splashscreen
2023-11-02 15:52:23 +00:00
0628bd7880 ublock-origin: 1.52.3b17 -> 1.53.1b1 2023-11-02 10:35:54 +00:00
bee3b664c9 signal-desktop-from-src: remove comments which are no longer helpful 2023-11-02 10:25:49 +00:00
15cade99e7 signal-desktop-from-src: clean up a bit
still doesn't run, but the build process is cleaner
2023-11-02 10:24:23 +00:00
4150fab10b signal-desktop-from-src: get building (but it crashes at launch) 2023-11-02 09:10:08 +00:00
25e314c02e blogs: follow artemis.sh 2023-11-01 04:38:04 +00:00
ed0528fafa firefox: enable oversized scrollbars 2023-11-01 04:32:59 +00:00
c5ad11a243 nixpkgs: 2023-10-26 -> 2023-10-29; sops-nix; uninsane-dot-org
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/63678e9f3d3afecfeafa0acead6239cdb447574c' (2023-10-26)
  → 'github:nixos/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/014e44d334a39481223a5d163530d4c4ca2e75cb' (2023-10-25)
  → 'github:Mic92/sops-nix/632c3161a6cc24142c8e3f5529f5d81042571165' (2023-10-29)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/fb000224952bf7749a9e8b3779104ef7ea4465c8' (2023-10-21)
  → 'github:NixOS/nixpkgs/d87c5d8c41c9b3b39592563242f3a448b5cc4bc9' (2023-10-29)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=dea3e5cdd747ac321447ef00fa1e51423676aeda' (2023-10-08)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=2419750ca98fc04af42c91e50c49a29c68d465d2' (2023-10-30)
```
2023-10-31 14:24:39 +00:00
68de71084b flare-signal: leave more notes; disable 2023-10-31 07:57:30 +00:00
713bbffd7d new script: sane-wipe-flare 2023-10-31 06:54:53 +00:00
028689cf86 flakey tests: dont check gjs or tracker when emulating 2023-10-31 06:30:45 +00:00
5d34139da6 sane-deadlines: ceil the day countdown 2023-10-31 04:22:54 +00:00
626fe1946d flare-signal: get a better cross-compiled build (via emulation) 2023-10-31 01:33:42 +00:00
6d8f9edfd0 flare-signal: document problems 2023-10-30 14:02:24 +00:00
745362e05e ship flare-signal on all GUI platforms 2023-10-30 11:02:51 +00:00
000bae364e flare-signal: support cross compilation 2023-10-30 11:02:01 +00:00
3667484e80 fractal-nixified: doc: explain postPatch purpose 2023-10-30 10:48:22 +00:00
c459eb0118 flare-signal-nixified: working build 2023-10-30 10:47:58 +00:00
1c483992da flare-signal-nixified: init at 0.10.0 (deps build; flare itself does not) 2023-10-30 08:04:07 +00:00
55680b68b2 configure new program: flare (Signal GTK4 client) 2023-10-30 04:40:55 +00:00
b3f5bf4e80 koreader: disable isConnected patch 2023-10-30 01:52:47 +00:00
51995a7d95 update firefox-extension 2023-10-28 21:19:08 +00:00
462f9d3ab3 swaync: tune style and add 5g toggle to moby 2023-10-28 11:43:26 +00:00
fd00eaede8 net: add LTE connection details 2023-10-28 10:34:36 +00:00
85421f82c1 koreader: add a symlink for easier RSS browsing 2023-10-28 01:49:16 +00:00
e86d6934fd nixpkgs: 2023-10-24 -> 2023-10-26
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8efd5d1e283604f75a808a20e6cde0ef313d07d4' (2023-10-24)
  → 'github:nixos/nixpkgs/63678e9f3d3afecfeafa0acead6239cdb447574c' (2023-10-26)
```
2023-10-28 00:14:39 +00:00
db028dcfe2 fix servo build (IFD in iproute2) 2023-10-27 13:50:11 +00:00
ad2fef5b48 fix build from earlier nixpkgs update 2023-10-27 13:29:26 +00:00
66524685a9 koreader-from-src: build without emulation 2023-10-27 11:37:40 +00:00
1d7c54b20e todo.md: remove obsolete sxmo PATH task 2023-10-27 08:42:00 +00:00
d68cc761cc koreader-from-src: don't interrupt RSS sync on image DL failure 2023-10-27 08:41:02 +00:00
25c13705cd sane-bt-add: trim trailing space from the input URL 2023-10-26 10:38:28 +00:00
55e2aaf3a1 nixpkgs: 2023-10-19 -> 2023-10-24; sops-nix -> 2023-10-25; mobile-nixos
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3' (2023-10-01)
  → 'github:nixos/mobile-nixos/0251d0ae920a9882fd8527dc3fd9e3e54f122b2e' (2023-10-25)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/7c9cc5a6e5d38010801741ac830a3f8fd667a7a0' (2023-10-19)
  → 'github:nixos/nixpkgs/8efd5d1e283604f75a808a20e6cde0ef313d07d4' (2023-10-24)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/51186b8012068c417dac7c31fb12861726577898' (2023-10-15)
  → 'github:Mic92/sops-nix/014e44d334a39481223a5d163530d4c4ca2e75cb' (2023-10-25)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/0e1cff585c1a85aeab059d3109f66134a8f76935' (2023-10-15)
  → 'github:NixOS/nixpkgs/fb000224952bf7749a9e8b3779104ef7ea4465c8' (2023-10-21)
```
2023-10-25 23:41:46 +00:00
94f2096219 remove outdated overlays which fixed tests which are no longer flakey 2023-10-25 14:44:20 +00:00
8f5f3933c1 cross: gvfs: update patch 2023-10-25 08:25:38 +00:00
e2d72f9e54 cross: snapper: push patches upstream 2023-10-24 17:01:08 +00:00
fc84aa88ee cross: remove upstreamed spdlog; add notes for upstream status of more packages 2023-10-24 16:53:55 +00:00
841fb4bf7a cross: hspell: push upstream 2023-10-24 16:53:24 +00:00
5f789b3db2 cross: gvfs: push upstream 2023-10-24 16:17:31 +00:00
49fbe5f4fa cross: gcr: push upstream 2023-10-24 15:28:48 +00:00
ec4b974f3d matrix-synapse: auto-register the ntfy-sh push gateway at launch 2023-10-24 14:47:59 +00:00
84ad85a81e mpv: types.string -> types.str 2023-10-24 13:07:16 +00:00
1af7450610 cross: gspell: push upstream 2023-10-24 13:06:52 +00:00
21912f0c4f overlays: gupnp: re-enable tests on x86 2023-10-24 12:32:05 +00:00
05513da298 rename host-pkgs -> hostPkgs 2023-10-24 12:25:39 +00:00
30486f4b4e geary: fix a typo 2023-10-24 10:29:40 +00:00
974ca87983 cross: remove upstreamed overlays 2023-10-24 10:28:01 +00:00
bb217ecd7b gsound: push cross compilation patch upstream 2023-10-24 10:27:33 +00:00
ed92fafdf6 todo.md: dont sleep when phone is ringing 2023-10-24 09:53:09 +00:00
228fd2353a cross compilation: support gnome.geary 2023-10-24 09:47:10 +00:00
69ac75131c apps: add geary 2023-10-24 04:50:31 +00:00
275f1ba49f trust-dns: 0.23.0 -> 0.24.0 2023-10-24 02:36:08 +00:00
501e79006c new script: sane-wipe-fractal 2023-10-24 00:41:05 +00:00
1ced3db806 moby: document more DRM_IOCTL_MODE_CREATE_DUMB 2023-10-24 00:15:13 +00:00
d1513b5816 moby: try out a scale of 1.6 2023-10-23 10:21:04 +00:00
a225b7e5f5 mpv: switch to wlshm vo backend on moby; default for desko 2023-10-23 08:36:43 +00:00
e7768572e5 fractal: update docs for fixing broken cache 2023-10-22 23:21:35 +00:00
a26a398181 todo.md: matrix/ntfy integrations 2023-10-22 23:21:20 +00:00
c59e9b09fc matrix: document push notification configuration 2023-10-22 14:47:52 +00:00
81c8af54a1 sxmo_suspend: deploy with verbose until i know its all working well 2023-10-22 13:01:33 +00:00
2d9ac4ca1e todo.md: remove stale items 2023-10-22 13:00:36 +00:00
a9f56d9216 sxmo_suspend.sh: be precise about which IP address we listen to for notifications 2023-10-22 12:53:32 +00:00
fb33ac6d1b sxmo_suspend: fix reversed getpeername -> getsockname 2023-10-22 12:36:57 +00:00
eaed914c8b sxmo_suspend: fix typo in getpeername 2023-10-22 12:14:57 +00:00
b10425f6b6 ntfy-waiter: never drop notifications, but rather sleep until client is ready to receive them 2023-10-22 12:10:52 +00:00
7541d5466e ntfy-waiter: add a todo for not dropping notifications (!) 2023-10-22 11:48:01 +00:00
644084f176 moby: disable ntfy-sh now that i've got a less racy notification method 2023-10-22 11:46:58 +00:00
baca7931ad static-nix-shell: add extraMakeWrapperArgs option 2023-10-22 11:45:44 +00:00
2ee7af064d sxmo_suspend.sh: be more precise in the wake condition 2023-10-22 11:28:10 +00:00
e1a80d6752 ntfy-waiter: forbid duplicate connections from the same IP
this is sort of a bandaid; it's still a bit iffy
2023-10-22 11:18:54 +00:00
523e859ee4 ntfy-waiter: more verbosity/debugging 2023-10-22 11:08:48 +00:00
230ca20017 sxmo_suspend.sh: explicitly shutdown the socket 2023-10-22 11:00:21 +00:00
30529182b0 sxmo_suspend.sh: allow mocking enough at runtime to run on desko 2023-10-22 10:28:17 +00:00
2947e6635d ntfy-waiter: move target from network -> default 2023-10-22 10:11:45 +00:00
3e1e7d49f8 sxmo_suspend.sh: open a ntfy socket 2023-10-22 10:08:59 +00:00
4894a68c62 sxmo_suspend: refactor 2023-10-22 09:45:38 +00:00
bd2775ded2 sxmo_suspend.sh: make the suspend time configurable 2023-10-22 09:41:36 +00:00
88ea557cd5 sxmo_suspend.sh: port to Python 2023-10-22 09:36:08 +00:00
3e8ad5b899 ntfy: implement a wrapper which converts ntfy subscriptions into a more specific wakeup signal 2023-10-22 06:11:49 +00:00
fafe7242f7 ntfy: refactor into multiple files 2023-10-22 04:16:24 +00:00
1a01a40e85 ntfy: move to own directory 2023-10-22 04:13:37 +00:00
f2f721234d nginx: link to docs 2023-10-22 04:12:34 +00:00
ea19eac1c9 update firefox-extensions: ether-metamask 11.2.0 -> 11.3.0; i2p 1.52.3b16 -> 1.52.3b17 2023-10-21 21:49:21 +00:00
ed1d4398a1 nixpkgs: 2023-10-16 -> 2023-10-19
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/ca012a02bf8327be9e488546faecae5e05d7d749' (2023-10-16)
  → 'github:nixos/nixpkgs/7c9cc5a6e5d38010801741ac830a3f8fd667a7a0' (2023-10-19)
```
2023-10-21 11:50:37 +00:00
12e106ee2a moby: test a lima GPU timeout bugfix 2023-10-21 11:49:43 +00:00
d13007fc12 moby: migrate boot args from default.nix -> kernel.nix 2023-10-21 11:49:43 +00:00
2fa00b4c73 postfix: fix connectivity issues 2023-10-21 11:48:45 +00:00
c1e17a0693 nixpatches: try & abandon trust-dns updates 2023-10-21 10:15:03 +00:00
cd617cc034 coturn: document routability concerns 2023-10-20 23:22:34 +00:00
5607bae49b devPkgs: add lua 2023-10-20 23:07:02 +00:00
f70c467971 prosody: push to ntfy on incoming call 2023-10-20 23:06:44 +00:00
6cb5edbfff prosody: mod_sane_ntfy: hook to detect jingle calls 2023-10-20 10:39:57 +00:00
5a844762c2 prosody: ship a proof-of-concept hello world module 2023-10-20 10:25:42 +00:00
de9b1e6197 prosody: docs: not about watch:stanzas 2023-10-20 10:17:20 +00:00
f43bb446c8 prosody: move to own directory 2023-10-20 10:16:23 +00:00
fa8e014eae nixcache: fix typo 2023-10-20 06:22:59 +00:00
6191542805 nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000 2023-10-20 04:48:30 +00:00
b8f13cd965 prosody/coturn: debugging (this config works with JMP.chat) 2023-10-20 03:14:36 +00:00
ee2b1f245e koreader-from-src: 2023.06 -> unstable-2023-10-18 2023-10-20 00:44:03 +00:00
f11f91b9fc sane-bt-search: increase default result count 5 -> 12 2023-10-19 00:35:55 +00:00
296a48caf1 podcasts: unsub Trash Future (sorry, Cory) 2023-10-19 00:26:54 +00:00
f58bfb3c42 fractal: document a state corruption bug/fix 2023-10-18 22:16:28 +00:00
cbaaa984b6 phog: 0.1.4 -> 0.1.5 2023-10-18 22:11:26 +00:00
6e4f0af012 gpodder-adaptive: 3.11.3+1 -> 3.11.4+1 2023-10-18 22:11:07 +00:00
3942ae0f1b feeds: subscribe to Benjamin Mako 2023-10-18 21:57:56 +00:00
fa65b0b92e feeds: add Samana Harihareswara 2023-10-18 21:53:51 +00:00
ca998dc2be firefox-extensions: update (bypass-paywalls-clean, ether-metamask, sponsorblock, ublacklist 2023-10-18 21:46:48 +00:00
b6a2107b1c sane-bt-search: support filtering for books, in general 2023-10-18 21:46:11 +00:00
697ae02797 podcasts: The Daily: port to db 2023-10-18 21:37:12 +00:00
ab35a46e5f podcasts: sub Tech Wont Save Us, Trash Future 2023-10-18 21:35:36 +00:00
a6179b8234 feeds: unsub Emerge, Lateral, Witch Trials 2023-10-18 21:18:52 +00:00
d90aa693f9 podcasts: sort 2023-10-18 21:17:35 +00:00
b23c3cbf61 podcasts: move comments to the same line as the definition
this will facilitate sorting
2023-10-18 21:17:11 +00:00
55ad5dcc01 flake: check.host-configs: be more verbose 2023-10-18 06:00:07 +00:00
90b1215a89 s/types.string/types.str/ 2023-10-17 22:46:02 +00:00
a218ddb202 nixpkgs: 2023-10-11 -> 2023-10-16; sops-nix -> 2023-10-15
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/5e4c2ada4fcd54b99d56d7bd62f384511a7e2593' (2023-10-11)
  → 'github:nixos/nixpkgs/ca012a02bf8327be9e488546faecae5e05d7d749' (2023-10-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f995ea159252a53b25fa99824f2891e3b479d511' (2023-10-11)
  → 'github:Mic92/sops-nix/51186b8012068c417dac7c31fb12861726577898' (2023-10-15)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/2f3b6b3fcd9fa0a4e6b544180c058a70890a7cc1' (2023-10-07)
  → 'github:NixOS/nixpkgs/0e1cff585c1a85aeab059d3109f66134a8f76935' (2023-10-15)
```
2023-10-17 22:43:07 +00:00
8dc7eff545 epiphany: mention WEBKIT_USE_SINGLE_WEB_PROCESS envvar 2023-10-17 22:42:15 +00:00
77b4e7ff09 slightly better prosody + coturn integration
still not able to receive incoming calls, but i pass more prosody self-checks
2023-10-17 09:43:55 +00:00
827d9626d6 ports: actually forward ovpns ports into the root namespace 2023-10-17 09:42:13 +00:00
cdfcf1a46d sftpgo: dont activate until we have network 2023-10-17 09:41:07 +00:00
e8c4555be7 prosody: partial integration with coturn
still missing something, which breaks inbound calls
2023-10-17 01:16:59 +00:00
0092ccacbe ejabberd: ensure coturn isnt running 2023-10-17 01:16:36 +00:00
184e37e2dc derived-secrets: make the mode configurable
this should probably be moved into sane.fs proper at some point
2023-10-17 01:16:08 +00:00
8859b4cf8a programs: persist data better for spotify, brave, tor 2023-10-16 19:18:47 +00:00
5a2382f61c prosody: remove dead code 2023-10-16 08:05:00 +00:00
f6c56969bc xmpp: switch from ejabberd to prosody 2023-10-16 07:56:47 +00:00
1f0fad62a7 fractal-nixified: add missing "gst-plugins-good" dependency
this is necessary to play mp4. should be sent to upstream nixpkgs fractal-next package too
2023-10-16 00:40:14 +00:00
5b633d20bc fractal-nixified: add convenient "optimized" and "unoptimized" passthru attributes
override isn't exposed to 'nix build ...', so this gives a way to build the variants from CLI
2023-10-16 00:21:18 +00:00
a918aa0c2f sxmo: suspend: dont wake on ARP unless absolutely necessary
it *should* be handled by the WiFi chip's ARP offload
2023-10-15 06:52:41 +00:00
93a265f34a sxmo: fix typo: avoid wakelock if wowlan_bits are 0x0 2023-10-14 21:54:44 +00:00
b818972597 sxmo: decrease the LED blink frequency further, to 8s 2023-10-14 10:24:35 +00:00
476b481fd7 moby: dont ship the rtl8723cs *bluetooth* firmware
it seems to conflict with Wake on Lan
2023-10-14 10:20:47 +00:00
631235e56b moby: sxmo_suspend: comment for future work to wake on Dino activity 2023-10-14 10:19:57 +00:00
ea4063340d moby: prioritize headset audio out 2023-10-14 10:19:31 +00:00
f2ad69af1f linux-megous: disable keep-power-in-suspend patch 2023-10-14 09:44:57 +00:00
e34ca0fec9 rtl8723cs-wowlan: support wake on UDP 2023-10-14 02:59:22 +00:00
43464e658f rtl8723cs-wowlan: factor the Ip frame out of Tcp frame
that'll make it easier to support UDP in future
2023-10-14 02:56:02 +00:00
56070547b1 nixpkgs: 2023-10-09 -> 2023-10-11
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/f99e5f03cc0aa231ab5950a15ed02afec45ed51a' (2023-10-09)
  → 'github:nixos/nixpkgs/5e4c2ada4fcd54b99d56d7bd62f384511a7e2593' (2023-10-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/6b32358c22d2718a5407d39a8236c7bd9608f447' (2023-10-09)
  → 'github:Mic92/sops-nix/f995ea159252a53b25fa99824f2891e3b479d511' (2023-10-11)
```
2023-10-13 19:10:44 +00:00
0593971917 linux-megous: test some wowlan patches 2023-10-13 10:29:16 +00:00
b77650219a sxmo_suspend: wake on a broadcast ARP query 2023-10-13 06:15:51 +00:00
ad1ebc0ed3 rtl8723cs-wowlan: implement --dest-mac flag 2023-10-13 06:13:19 +00:00
ae64493564 sxmo_suspend: match packet destination IP for TCP packets 2023-10-13 05:56:26 +00:00
1272b941c2 rtl8723cs-wowlan: tcp: add dest-ip option 2023-10-13 05:55:10 +00:00
3d63c33669 rtl8723cs-wowlan: fix get_ipaddrs to handle multiple "hostname" binaries on PATH 2023-10-13 05:45:40 +00:00
fcbc558de9 sxmo_suspend.sh: fix "time_start" typo 2023-10-13 05:43:30 +00:00
b180adcf48 RealtimeKit: disable 2023-10-13 03:35:00 +00:00
342c9bbbef sxmo_suspend: track wifi IRQ count 2023-10-13 02:28:29 +00:00
233faaadac zsh: better l/ll aliases with eza 2023-10-12 22:11:05 +00:00
aaf9dbac1e ship gdb, mercurial 2023-10-12 01:59:28 +00:00
b7d90c3b6d cross: graphicsmagick: remove reference to build coreutils 2023-10-12 01:11:27 +00:00
a4b54cd9c1 rpm: 4.18.1 -> 4.19.0 2023-10-12 00:00:54 +00:00
d6c5580fc3 rtl8723cs-wowlan: remove dependency on moreutils 2023-10-11 22:36:47 +00:00
7d63960e6f cross: doc: clarify that moreutils isnt ever going to cross 2023-10-11 22:32:01 +00:00
8dc1cbbbd2 programs: ship binutils-unwrapped instead of binutils
it has better cross compilation properties
2023-10-11 22:15:28 +00:00
6253995f6c moby: cross: avoid runtime dependency on binutils wrapper via dtrx 2023-10-11 22:06:59 +00:00
835397ad29 hspell: remove references to build perl from the output 2023-10-11 20:58:09 +00:00
042e6ae3f9 sxmo-utils-latest: 2023-10-10 -> 2023-10-11 2023-10-11 20:31:43 +00:00
5b5cfc40a8 cross: fix broken refs in snapper build 2023-10-11 20:24:49 +00:00
3cf636f681 cross: remove dated libavif hack
it builds upstream now
2023-10-11 19:44:44 +00:00
a5281c7f98 cross: document more runtime closure problems 2023-10-11 19:41:49 +00:00
30c7fd8b09 nixpatches: assign a version so that "nixpatches-patched-uninsane" package formats friendlier 2023-10-11 19:12:29 +00:00
710e4cc066 nixpkgs: 2023-10-06 -> 2023-10-09
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06)
  → 'github:nixos/nixpkgs/f99e5f03cc0aa231ab5950a15ed02afec45ed51a' (2023-10-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/d7380c38d407eaf06d111832f4368ba3486b800e' (2023-10-08)
  → 'github:Mic92/sops-nix/6b32358c22d2718a5407d39a8236c7bd9608f447' (2023-10-09)
```
2023-10-11 10:08:11 +00:00
8b4a0a916b noop: test but dont actually enable pre-emption 2023-10-11 10:08:11 +00:00
5cfde63d5d wowlan: document theory on wake failure 2023-10-11 10:01:15 +00:00
1cf442dffd sway: build without wrapperFeatures.gtk 2023-10-11 09:59:10 +00:00
6cda5cf49b moby: remove some build artifacts from the host/runtime closure 2023-10-11 09:58:44 +00:00
0a3e6b34c7 sxmo_hook_postwake.sh: prevent rapid re-entry into sleep 2023-10-11 07:53:41 +00:00
322ef2c333 mpv: fix cross compilation to have no build deps in closure 2023-10-11 06:46:32 +00:00
6ff72c83ae patch: mesa: dont depend on build python 2023-10-11 06:19:06 +00:00
dc40395136 linux-megous: build with SCHED_DEBUG=y 2023-10-11 05:39:47 +00:00
28a2042664 gPodder: store data in ~/.local/share/gPodder, not ~/gPodder 2023-10-11 05:14:20 +00:00
7aa3f1f989 cross: fix moreutils build 2023-10-11 02:55:33 +00:00
08c92151eb rtl8723cs-wowlan: automatically derive the IP address to watch for ARP packets on 2023-10-11 02:44:34 +00:00
5a753583bf sxmo: reduce the screenoff LED frequency 2s -> 5s
this should hopefully allow entering sleep more reliably
2023-10-11 02:41:12 +00:00
c3d0b6b486 sxmo-utils-latest: 2023-10-05 -> 2023-10-10 2023-10-11 01:30:43 +00:00
ff89819940 sxmo_suspend.sh: notes about wowlan and blocking suspend here 2023-10-11 00:58:49 +00:00
9a69d8bd0d ship eza (ls substitute) 2023-10-10 22:08:58 +00:00
091e525846 enable rtkit/RealtimeKit 2023-10-10 21:45:19 +00:00
6dd1d5759b wowlan: document a new failure mode/workaround 2023-10-10 21:33:34 +00:00
f3162544f7 firefox-extensions: update 2023-10-10 20:51:06 +00:00
1bf829dcf0 sxmo_suspend: rework time accounting to be more similar to upstream 2023-10-10 10:05:09 +00:00
760326b38b sxmo_suspend.sh: switch from sudo -> doas
idk, some path problem with sudo ending up in /etc/profiles/per-user/colin/bin/sudo
2023-10-10 09:50:13 +00:00
0293773e64 sxmo_suspend.sh: output formatting improvements 2023-10-10 09:47:41 +00:00
6b6a9504e4 sxmo_suspend.sh: invoke rtl8723cs-wowlan with expected permissions 2023-10-10 09:39:38 +00:00
2de947d96e wowlan: move the implementation into sxmo_suspend.sh instead of a systemd service 2023-10-10 09:26:48 +00:00
c493fcfd7f rtl8723cs-wowlan: iwprv -> iwpriv typo fix 2023-10-10 08:38:40 +00:00
85e5d30b0f wowlan module: port to rtl8723cs-wowlan python script 2023-10-10 08:34:02 +00:00
330864c866 moby: ship rtl8723cs-wowlan script 2023-10-10 08:03:45 +00:00
29dde0240b wowlan: define a script which can set the patterns at runtime
this will be a little easier to debug on the device itself
2023-10-10 08:03:45 +00:00
114df5efab wowlan: enable CONFIG_ARP_KEEP_ALIVE (experimental) 2023-10-10 05:24:57 +00:00
e28e60769a sxmo: postwake: show the human-readable wakeup reason 2023-10-10 03:21:23 +00:00
bc8cf58b5a sxmo: inputhandler: map powerx3 from screenoff state 2023-10-10 00:02:31 +00:00
d740dbe049 sxmo-utils: fix some forgotten superd users to systemd 2023-10-09 22:18:07 +00:00
0eb8244897 sxmo: doc: link to Aren's SXMO fork 2023-10-09 22:05:37 +00:00
69fe55961f sxmo: link poweroff/reboot hooks into user hooks dir 2023-10-09 20:37:51 +00:00
aa18af8635 sxmo-utils: apply documentation-related patches 2023-10-09 20:25:48 +00:00
d47ed3dec9 nixpkgs: 2023-10-03 -> 2023-10-06; sops-nix -> 2023-10-08; uninsane-dot-org
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/81e8f48ebdecf07aab321182011b067aafc78896' (2023-10-03)
  → 'github:nixos/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/746c7fa1a64c1671a4bf287737c27fdc7101c4c2' (2023-10-03)
  → 'github:Mic92/sops-nix/d7380c38d407eaf06d111832f4368ba3486b800e' (2023-10-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dbe90e63a36762f1fbde546e26a84af774a32455' (2023-10-01)
  → 'github:NixOS/nixpkgs/2f3b6b3fcd9fa0a4e6b544180c058a70890a7cc1' (2023-10-07)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=1f588493031168d92a1e60705f26aaf4b2cdc07e' (2023-10-03)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=dea3e5cdd747ac321447ef00fa1e51423676aeda' (2023-10-08)
```
2023-10-09 08:21:41 +00:00
045b5f0294 sxmo: finish porting to systemd (everything tested works now) 2023-10-09 00:25:03 +00:00
45e5752a05 journald: dont compress the journal 2023-10-09 00:25:03 +00:00
2b39cfb57e sxmo-utils: add deps via PATH suffix, not prefix
that makes them overridable by the user, more easily
2023-10-09 00:25:03 +00:00
1ffaa232d8 sxmo: bemenu: configure via package override, not profile
this is just easier to integrate, rather than ensuring everywhere gets
the env var
2023-10-09 00:25:03 +00:00
a9ddfb2752 WIP: sxmo: port to systemd 2023-10-09 00:25:03 +00:00
4682ca32e2 wowlan: document another failure 2023-10-09 00:25:03 +00:00
b8ae4a284d linux-megous: revert LPS patch until i know its really an improvement 2023-10-09 00:25:03 +00:00
f3c60ad136 sxmo: revert the sxmo_log patch: tee is good enough 2023-10-09 00:25:03 +00:00
3c6c70ba9f sxmo: suspend: dump wowlan_last_wake_reason on wakeup 2023-10-09 00:25:03 +00:00
c0feffef1e sxmo: simplify suspend hook and cap suspend time to just 5min 2023-10-09 00:25:03 +00:00
6e80d4dfdf sxmo: inline the sxmo_suspend.sh script
this is exactly how it presently appears upstream (less shebang/comment changes)
2023-10-09 00:25:03 +00:00
1f73573fe3 stepmania: include link to nix definition in the game dir 2023-10-08 02:41:00 +00:00
b6d2fbdf6d sxmo-utils-latest: 2023-09-22 -> 2023-10-05 2023-10-08 01:45:11 +00:00
cf553b1386 wowlan: more documentation 2023-10-08 00:00:26 +00:00
e40cbaf1cf wowlan: document more about disconnections detection 2023-10-07 21:51:33 +00:00
19b8c0c923 wowlan: document known issues 2023-10-07 21:29:55 +00:00
22e9a48edc gpodder-adaptive: 3.11.2+1 -> 3.11.3+1 2023-10-07 21:29:36 +00:00
a6b1c23e2b remove no-longer-needed qemu override 2023-10-07 21:10:29 +00:00
4a498ef1a9 dino: docs: leave myself a TODO about niceness/priority 2023-10-07 08:27:35 +00:00
4909127ec7 nixpkgs: 2023-10-01 -> 2023-10-03
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/fdd898f8f79e8d2f99ed2ab6b3751811ef683242' (2023-10-01)
  → 'github:nixos/nixpkgs/81e8f48ebdecf07aab321182011b067aafc78896' (2023-10-03)
```
2023-10-07 08:24:13 +00:00
7a75cad65f Dino: bump input latency to 20ms 2023-10-07 08:09:50 +00:00
168fcce157 stepmania: configure directories 2023-10-07 05:50:58 +00:00
03d3ea4965 moby: ship the geoclue where-am-i helper on PATH 2023-10-07 04:34:15 +00:00
e5125065d6 eg25-control: add a timeout to how long a power-on can take 2023-10-07 04:27:14 +00:00
bc3ad7dfa5 moby: gps: restrict geoclue to only my user 2023-10-07 04:27:14 +00:00
2097c3ad77 moby: gps: document some findings 2023-10-07 04:25:44 +00:00
56838a4867 swaync: don't show GPS on non-gps-enabled devices (i.e. desktop/laptop) 2023-10-07 04:14:42 +00:00
d35fe126e3 doc: dino: document findings in adjusting Dino mic buffer 2023-10-07 01:30:45 +00:00
a6ea5da7a1 moby: disable legacy PulseAudio stuff 2023-10-07 01:27:16 +00:00
98a6671e95 moby: decrease the amount of samples Dino drops while in a call 2023-10-07 00:58:11 +00:00
243a4c6f0d moby: gps: document some maps programs 2023-10-07 00:21:40 +00:00
e84be3a7b2 sxmo: link all default hooks into user dir 2023-10-07 00:21:13 +00:00
5fdd6881a0 sxmo-utils: update Dino suspend blocker patch 2023-10-07 00:20:49 +00:00
67192d89a9 sxmo-utils: suspend: block if Dino is in a call 2023-10-06 20:42:49 +00:00
b6c8b1948b bypass-paywalls-clean: don't show options on first launch
this is apparently a thing firefox does when it sees the `options_ui`
key in manifest.json?
2023-10-05 19:02:51 +00:00
3a71d26638 nixpkgs: 2023-09-29 -> 2023-10-01, sops-nix, uninsane-dot-org
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/f5892ddac112a1e9b3612c39af1b72987ee5783a' (2023-09-29)
  → 'github:nixos/nixpkgs/fdd898f8f79e8d2f99ed2ab6b3751811ef683242' (2023-10-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
  → 'github:Mic92/sops-nix/746c7fa1a64c1671a4bf287737c27fdc7101c4c2' (2023-10-03)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
  → 'github:NixOS/nixpkgs/dbe90e63a36762f1fbde546e26a84af774a32455' (2023-10-01)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=6f06c3a2ecf36ba7f5a4845b1d30a5d9894ca76c' (2023-09-27)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=1f588493031168d92a1e60705f26aaf4b2cdc07e' (2023-10-03)
```
2023-10-05 08:06:08 +00:00
a586611aa0 docs: moby: gps: link to geoclue/gnome-maps support channels 2023-10-05 08:05:35 +00:00
d7120a14f4 moby: gps: fixup geoclue notes 2023-10-04 05:36:22 +00:00
7db8dabf8f theming: ship HighContrast icon theme as default
current gnome.adwaita-icon-theme doesn't generate all icons when cross-compiled

this may be fixed in GNOME 45.

until then, HighContrast gets us *most* icons
2023-10-04 01:01:29 +00:00
d89287af11 switch icon theme to Pop 2023-10-03 20:21:20 +00:00
b14daac0f8 komikku: 1.23.0 -> 1.24.2 2023-10-03 20:11:19 +00:00
f65aaf8852 gtk: add a bunch more icon theme options 2023-10-03 20:10:09 +00:00
5a84c9a585 fractal-nixified: plumb an "optimize" argument to toggle between slow and fast build 2023-10-03 16:31:28 +00:00
464fca9679 eg25-control: actually, dont dump /dev/ttyUSB1 2023-10-03 01:13:37 +00:00
6c6e1ee84b moby: add gps-related services to the "dialout" group 2023-10-03 01:01:06 +00:00
41d8c6681f sway: disable --debug flag 2023-10-03 00:47:33 +00:00
4dbb656a34 eg25-control: dump fix data as part of --dump-debug-info 2023-10-03 00:40:32 +00:00
8c4caab995 linux-megous: 6.4.15 -> 6.5.3 2023-10-03 00:29:42 +00:00
83586ce483 trust-dns: cleanup some typos 2023-10-02 22:33:54 +00:00
e20c4d01e6 trust-dns: fix missing "mkdir" during service startup 2023-10-02 22:12:09 +00:00
01cad7b702 trust-dns: perform more specialization via structured config instead of sed 2023-10-02 22:02:46 +00:00
48715546e2 trust-dns: split into separate (restartable) services 2023-10-02 21:30:51 +00:00
00b59f6985 firefox-extensions: update ublacklist, sponsorblock, ether-metamask 2023-10-02 07:49:21 +00:00
d82d3e55cb firefox-extensions.bypass-paywalls-clean: 3.3.5.0 -> 3.3.6.0 2023-10-02 07:48:01 +00:00
f2c3f9fe52 nixpkgs 2023-09-27 -> 2023-09-29; mobile-nixos -> 2023-10-01
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/fa12ebaa98ce18e30cbdaf58a71b9ec56984e38f' (2023-09-19)
  → 'github:nixos/mobile-nixos/7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3' (2023-10-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2' (2023-09-27)
  → 'github:nixos/nixpkgs/f5892ddac112a1e9b3612c39af1b72987ee5783a' (2023-09-29)
```
2023-10-02 07:36:14 +00:00
2de6c01262 fractal: launch on boot 2023-10-02 06:12:24 +00:00
bbdc6f3aa9 eg25-control: treat some GPS config failures as non-fatal 2023-10-02 06:12:12 +00:00
16ee30b696 sxmo-utils: kill-window patch: fetch from mail list 2023-10-02 05:39:58 +00:00
9c341c87d8 gnome-maps: fix missing gapplication runtime dep 2023-10-02 05:30:09 +00:00
67a9134130 moby: switch default browser back to epiphany 2023-10-02 05:10:00 +00:00
fe6d2f04c5 sxmo-utils: add a Kill Window option to the wmmenu 2023-10-02 04:53:00 +00:00
d138c99c61 sxmo-utils: fix j4-dmenu-desktop not found when trying to view all apps 2023-10-02 04:37:50 +00:00
290d6a8da5 gnome-maps: ship on lappy/desko/moby 2023-10-02 04:07:21 +00:00
09ed98c973 cross: support gnome-maps 2023-10-02 04:06:34 +00:00
bc7dee6a80 swaync: enable audible notifications for Fractal Matrix client 2023-10-02 03:48:20 +00:00
4c708baf63 remove Videos/servo-incomplete symlink 2023-10-02 03:23:44 +00:00
cc16fe85b0 fractal: ship the nixified build by default 2023-10-02 03:20:55 +00:00
7d63132c48 fractal-nixified: massively reduce build time (via unoptimized build) 2023-10-02 03:20:43 +00:00
5acd704ae7 docs: overlays/cross: mention cdylib fractal workaround 2023-10-01 22:43:14 +00:00
0c0948e8e1 fractal-nixified: tidy up 2023-10-01 22:40:56 +00:00
6283384522 fractal-nixified: sort dependencies 2023-10-01 22:19:37 +00:00
b70fc6841f fractal-nixified: support cross compilation 2023-10-01 22:17:25 +00:00
97dd84ed71 tuba: document an alternative fix 2023-10-01 18:47:47 +00:00
7a6981253b fractal-nixified: remove some unecessary dependencies 2023-10-01 05:02:50 +00:00
9e78ec221b fractal-nixified: avoid double meson build 2023-10-01 04:42:29 +00:00
4a8d7ca1c3 alsa-ucm-conf-sane: route audio to the internal speaker by default 2023-10-01 04:26:54 +00:00
b9f31c6f4b devPkgs: add cargo, rustc 2023-10-01 03:47:45 +00:00
cd3bed023a fractal-nixified: it builds! 2023-10-01 03:15:53 +00:00
0ad6b2bc1b fractal-nixified: get gst-plugin-gtk4 to cross build 2023-09-30 23:42:01 +00:00
54b0c1bfcf fractal-nixified: get pipewire to compile
that's all the dependencies now, except for the special case of gst-plugin-gtk4 on cross
2023-09-30 21:07:20 +00:00
285dd6a1c9 fractal-nixified: get libshumate-sys and sourceview5-sys to compile 2023-09-30 20:28:31 +00:00
1c5e2843a1 fractal-nixified: get libspa crate to build 2023-09-30 20:19:28 +00:00
ce9b30767f fractal-nixified: add a bunch of crateOverrides to get *closer* to a complete build 2023-09-30 07:07:40 +00:00
d26fa5bec1 fractal-nixified: pin serde_derive at 1.0.171 to overcome build failure
https://discourse.nixos.org/t/errors-using-serde-derive-with-buildrustcrate/31398
2023-09-30 04:44:49 +00:00
832ca52ccf fractal-nixified: regenerate with more recent crate2nix 2023-09-30 03:57:03 +00:00
c70176bfb2 WIP: fractal: build with crate2nix 2023-09-30 02:57:52 +00:00
cb3cf57465 cargo: when enabled, persist ~/.cargo 2023-09-30 02:57:30 +00:00
dfaeb7b7de sxmo_hook_inputhandler: document proposed input changes 2023-09-30 01:42:45 +00:00
d3818b5e44 fractal: enable, and persist the right directories 2023-09-29 22:08:13 +00:00
5b8850404b fractal-latest: support cross compilation (this method takes about 60minutes. 45m for deps and 15m for fractal itself) 2023-09-29 21:42:36 +00:00
38fa73cfb7 feeds: unsubscribe from Michael Malice 2023-09-29 18:25:08 +00:00
43fc050eed feeds: subscribe to FasterThanLime 2023-09-29 18:23:14 +00:00
f3423d45bd fractal-latest: reduce build time from 2hr+ to 5 minutes 2023-09-29 18:21:59 +00:00
56866c1ac1 servo: fix lemmy-ui build 2023-09-29 15:39:27 +00:00
99ea6a59c5 remove unused GUI apps: cantata, gajim, dconf-editor, obsidian, rhythmbox 2023-09-29 02:04:06 +00:00
eb5ebf94a7 nixpkgs: 2023-09-25 -> 2023-09-27; uninsane-dot-org -> 2023-09-27
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/6500b4580c2a1f3d0f980d32d285739d8e156d92' (2023-09-25)
  → 'github:nixos/nixpkgs/8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2' (2023-09-27)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=9952b69003eb7397cadf1df0b5d696cea1833248' (2023-09-20)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=6f06c3a2ecf36ba7f5a4845b1d30a5d9894ca76c' (2023-09-27)
```
2023-09-28 22:26:15 +00:00
bdf049d9e4 moby: wowlan: also wake on ARP requests (experimental) 2023-09-28 20:55:18 +00:00
9205e076c5 modules/wowlan: move options to "ipv4" attrset for future protocol expansion 2023-09-28 20:09:04 +00:00
60e5f6b41b fractal-latest: 2023-07-28 -> unstable-2023-09-14 2023-09-28 06:52:56 +00:00
3aa85c96b2 sxmo_hook_rotate.sh: fix bash syntax error 2023-09-28 00:18:43 +00:00
2f71d80c38 firefox-extensions: repeat myself less when wrapping 2023-09-27 23:25:07 +00:00
558a9f4cd0 todo.md: sync 2023-09-27 22:54:04 +00:00
9a6915a0ed firefox-extensions: deprecate "fetchAddon" 2023-09-27 22:30:28 +00:00
d0feca0d57 firefox-extensions: ether-metamask: port to fetchVersionedAddon 2023-09-27 22:26:55 +00:00
36e9f0bcde firefox-extensions: i2p-in-private-browsing: port to fetchVersionedAddon 2023-09-27 22:24:46 +00:00
a17fc1c76e firefox-extensions.ublock-origin: 1.52.0 -> 1.52.3b0 2023-09-27 22:22:14 +00:00
84d8fb5339 firefox-extensions: ublock-origin: port to fetchVersionedAddon 2023-09-27 22:21:42 +00:00
2b9373e0fc firefox-extensions: sidebery: port to fetchVersionedAddon 2023-09-27 22:17:02 +00:00
2992d0db6b firefox-extensions: ublacklist: port to github release fetcher 2023-09-27 22:13:43 +00:00
71b70712f8 firefox-extensions: factor out the github addon fetcher 2023-09-27 22:06:38 +00:00
10c7fc8e91 sxmo: exit fullscreen on screen rotation 2023-09-27 21:42:55 +00:00
48971bb237 sponsorblock: 5.4.19 -> 5.4.21 2023-09-27 19:10:14 +00:00
387b49a8b5 flake.nix: support list-type updateScripts (e.g. nix-update-script {}) 2023-09-27 19:10:14 +00:00
bc9bacb08f sponsorblock: fetch from github instead of Mozilla store 2023-09-27 19:10:14 +00:00
d44cf620c1 firefox-extensions: remove completed TODO 2023-09-27 18:48:16 +00:00
14cef8eb6c bypass-paywalls-clean: 3.3.4.0 -> 3.3.5.0 2023-09-27 18:40:25 +00:00
0bbe3e14c1 flake: show flake targets as part of "help" 2023-09-27 18:38:06 +00:00
6df63d825a sane-bt-search: clean up the jackett URLs 2023-09-27 18:34:04 +00:00
10e6436c34 sane-bt-add: accept https:// urls and extract actual torrents from them 2023-09-27 18:34:04 +00:00
aa3ee802d2 nixpkgs: 2023-09-22 -> 2023-09-25
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e35dcc04a3853da485a396bdd332217d0ac9054f' (2023-09-22)
  → 'github:nixos/nixpkgs/6500b4580c2a1f3d0f980d32d285739d8e156d92' (2023-09-25)
```
2023-09-27 18:34:04 +00:00
9a16b1cda7 ntfy: add a lengthy proxy_read_timeout to prevent hangups 2023-09-27 18:25:36 +00:00
ebbef901c1 wowlan: document VPN shortcomings 2023-09-27 01:32:50 +00:00
1ef203ee07 wowlan: docs: caveats 2023-09-27 01:30:06 +00:00
ca645ed23d wowlan: remove the version/ip header length match 2023-09-27 01:26:51 +00:00
742ed50960 moby: configure wake-on-lan 2023-09-27 01:04:53 +00:00
a60af4990a sway: hide window bar when only one window on workspace 2023-09-26 20:36:30 +00:00
d2890ecbba ntfy-sh: dont autostart except on moby
it's easier to troubleshoot when there's only one subscriber...
2023-09-26 14:48:54 +00:00
36d8158414 zsh: alias annoying lsof/tcpdump defaults 2023-09-26 14:38:06 +00:00
642afd6f34 ntfy: subscribe to the non-443 port 2023-09-26 13:52:10 +00:00
fad9c8f483 ntfy: run on a non-443 port 2023-09-26 13:51:27 +00:00
40a8fc50d9 sxmo-utils: apply patch to launch apps via swaymsg exec 2023-09-26 00:15:28 +00:00
21838afc0d feeds: subscribe to turnoff.us 2023-09-25 23:09:56 +00:00
8821c4edd7 sxmo-timer: connect to swaync so that it alerts on completion 2023-09-25 20:56:22 +00:00
a265dd28dd ntfy-sh: configure auth, simplify proxying 2023-09-25 17:34:50 +00:00
14bc8a1732 ship a trivial service which subscribes to push notifications (ntfy-sh) 2023-09-25 16:56:41 +00:00
10dd18a42a flake: remove nix-serve
even though upstream issue remains open, i observe a successful build via the nix-serve cache
2023-09-25 14:37:58 +00:00
691f009656 clean up documentation 2023-09-25 13:35:50 +00:00
68f1af090e have nix flake .#check do both NUR and system builds 2023-09-25 13:09:02 +00:00
6412778b98 feeds: unsubscribe from The Register 2023-09-25 12:09:56 +00:00
de12a2200e feeds: add amosbbatto 2023-09-25 12:09:38 +00:00
2600d6223c tuba: fix FileDialog 2023-09-24 23:36:05 +00:00
1ed1d8403d tuba: ship a friendly alias 2023-09-24 21:38:20 +00:00
5e34d9e44d sane-scripts.sane-deadlines: fix missing sed dependency 2023-09-24 20:21:13 +00:00
4f49c86d73 sxmo-utils: separate the DWM and Sway dependencies; only ship those we need
also, remove mepo
2023-09-24 19:49:59 +00:00
74309f8fa4 sxmo: fix missing bin/ typo 2023-09-24 18:13:49 +00:00
699c4301b4 static-nix-shell: avoid wrapping when not necessary
i guess this would be a minor perf gain in places
2023-09-24 17:51:19 +00:00
c7c90a9fa3 sxmo-utils: doc: why we include xdg-user-dirs 2023-09-24 17:48:35 +00:00
e5d843b21f sxmo: add missing deps to custom hooks 2023-09-24 17:48:18 +00:00
3ab943ab0b phog: remove DesktopNames==null workaround 2023-09-24 17:24:29 +00:00
e8d2aeb3a6 phog: 0.1.3 -> 0.1.4 2023-09-24 17:16:01 +00:00
28220ea8b4 flake: plumb date/rev into built nixos system images 2023-09-24 15:30:12 +00:00
9f47a29b43 mpv: update watch_later dir
see: <https://github.com/mpv-player/mpv/pull/10838>
2023-09-24 13:15:45 +00:00
46bb39332f lemoa: add an updateScript 2023-09-24 13:02:57 +00:00
e8bf83274f flake: have update.pkgs not update the feeds by default 2023-09-24 12:36:17 +00:00
083bdad88f feeds: update metadata for all
this should fix a couple broken feeds whose URL changed, but most changes here are inconsequential
2023-09-24 12:25:04 +00:00
0e238ff2dd fix pkgs.feeds update scripts 2023-09-24 12:11:28 +00:00
d0cbfaed44 flake: add aliases for bulk package updating 2023-09-24 10:50:02 +00:00
791dc59ba2 flake: expose update script for every package that has one 2023-09-24 10:27:32 +00:00
457197f85b gpodder-adaptive: 3.11.1+1 -> 3.11.2+1 and add an updateScript 2023-09-24 08:16:19 +00:00
07ee54af3a nixpkgs: 2023-09-19 -> 2023-09-22
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19)
  → 'github:nixos/nixpkgs/e35dcc04a3853da485a396bdd332217d0ac9054f' (2023-09-22)
```
2023-09-24 07:40:06 +00:00
865777b7ba enable ntfy (and manually integrate with matrix) 2023-09-23 21:09:04 +00:00
7b38ec3f8f docs: irc: mention mnt-reform channel location 2023-09-23 11:20:45 +00:00
f8448d7d2f sxmo: fix sxmo_init ordering so my hooks are loaded and scale set properly 2023-09-23 11:20:20 +00:00
ba638c1533 sxmo-utils: 2023-09-09 -> 2023-09-22 2023-09-23 10:11:49 +00:00
130901d7f7 sxmo: fix inputhandler hook loic errors 2023-09-23 09:36:16 +00:00
07c3fd8941 sxmo: override the postwake handler 2023-09-23 09:17:21 +00:00
2d98bbf4d6 sxmo: ship a custom inputhandler 2023-09-23 09:13:26 +00:00
08acd9714f swaync: fix perms for jingle toggle 2023-09-22 23:10:50 +00:00
57c3abf2e1 cozy: disable reporting/telemetry 2023-09-22 22:51:05 +00:00
2f12fd8ae7 ejabberd: port config to structured nix attrs 2023-09-22 22:50:51 +00:00
69ab1c1b8f servo-vpn: resolve DNS through the VPN 2023-09-22 19:49:35 +00:00
a2f4dc0b6c nfs4 patch: fix so moby can still build 2023-09-22 19:48:51 +00:00
6d7ff7ea86 fix trust-dns to resolve when invoked from VPN 2023-09-22 18:54:12 +00:00
00d831e755 wg-home: fix DNS forwarding
ugh, this is a mess, but it seems to work
2023-09-22 14:36:56 +00:00
63d65a453c trust-dns: spin up a separate server to wg-home requests, also forwarding them to upstream 2023-09-22 12:36:48 +00:00
68e3bc932f bypass-paywalls-clean: 3.2.5.0 -> 3.3.4.0; lay the foundation for updateScripts in this repo
note that the hash produced by the updateScript wasn't actually correct
(failed once i attempted to build it). hmm.
2023-09-22 10:13:56 +00:00
6222998303 firefox-extensions: update all binary extensions 2023-09-22 09:45:24 +00:00
8d0678457e patch broken NFS mounting 2023-09-22 09:33:05 +00:00
c7c669b8d4 nixpkgs: 2023-09-17 -> 2023-09-19; sops-nix; uninsane-dot-org 2023-08-03 -> 2023-09-20
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/970a59bd19eff3752ce552935687100c46e820a5' (2023-09-17)
  → 'github:nixos/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b' (2023-09-19)
  → 'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=f4d91aa201b6e49af690f250d4786bd1d8b4dcfd' (2023-08-03)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs/heads/master&rev=9952b69003eb7397cadf1df0b5d696cea1833248' (2023-09-20)
```
2023-09-21 20:59:56 +00:00
e28cf3ebb5 swaync: fix SIP/jingle indicators to use systemctl --user 2023-09-21 20:37:11 +00:00
4ea0256c56 swaync: ignore "Modem crashed!" notifications/warnings 2023-09-21 20:21:38 +00:00
bf52b65dd5 Dino: fix to workspace 1 2023-09-21 20:03:19 +00:00
6de9b87f16 swaync: add entry for SIP/jingle call receiving 2023-09-21 19:53:02 +00:00
2b48adfbef gnome-calls: don't auto-start 2023-09-21 19:44:11 +00:00
7f944ad4a1 dino: autostart (on moby) 2023-09-21 19:40:12 +00:00
50045432fa libkiwix: 12.0.0 -> 12.1.1 2023-09-20 09:41:18 +00:00
cd4b700962 wg-home: docs: link to Arch wiki on wireguard docs 2023-09-20 09:34:26 +00:00
b98934693c programs: ship binutils (for "strings") 2023-09-20 06:42:23 +00:00
e22fb7c6b7 nixpkgs: 2023-09-15 -> 2023-09-17; mobile-nixos; sops-nix
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/7564347ef8bc2b96c72abbfaf158e3fd1e47efd6' (2023-09-15)
  → 'github:nixos/mobile-nixos/fa12ebaa98ce18e30cbdaf58a71b9ec56984e38f' (2023-09-19)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/ace5093e36ab1e95cb9463863491bee90d5a4183' (2023-09-15)
  → 'github:nixos/nixpkgs/970a59bd19eff3752ce552935687100c46e820a5' (2023-09-17)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
  → 'github:Mic92/sops-nix/4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b' (2023-09-19)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
  → 'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
```
2023-09-19 16:43:30 +00:00
dfbe5c5210 swaync: add a button to toggle VPN 2023-09-19 16:25:17 +00:00
f3ed9a3452 sane-vpn: support "vpn-servo" 2023-09-19 16:09:56 +00:00
57e35eeab1 vpn-servo: allow coexistence with wg-home 2023-09-19 16:03:20 +00:00
e3e2af46a1 define a new "vpn-servo" which allows routing all traffic out of servo, via wireguard 2023-09-19 15:52:24 +00:00
3a30b891be sane-vpn-{up,down}: consolidate 2023-09-19 15:41:54 +00:00
b69424983f hosts.nix: split the data out of modules/ and into common/ 2023-09-19 15:32:31 +00:00
37313183f5 engrampa: fix eval error
note that the package doesn't actually build correctly. :s
2023-09-19 14:37:03 +00:00
86453b6873 todo.md: new item to prettify sane-bt-search 2023-09-19 14:23:32 +00:00
c1d62bdbc2 wg-quick: allow clients to contact the internet 2023-09-19 12:36:57 +00:00
bbe633ef2e wg-home: refactor: don't 'use' lib/builtins 2023-09-19 12:09:21 +00:00
201bfb922d WIP: wake-on-lan: use own patch since peetz0r doesnt apply
this patch might not actually be necessary
2023-09-19 11:40:15 +00:00
9d1ebd38ce wg-home: don't infer role from ip address, but set it explicitly 2023-09-19 11:38:51 +00:00
9dfcacf8a3 todo.md: add some apps to install on moby 2023-09-19 10:10:22 +00:00
247b272986 ship nm-connection-editor 2023-09-19 10:09:24 +00:00
072506c5d9 ship ethtool 2023-09-19 10:09:24 +00:00
05bbc5d18f moby: switch to linux-megous-firmware for firmware 2023-09-19 10:09:24 +00:00
e51ca61bfe rtl8723cs-firmware: leave note about mobile-nixos approach 2023-09-19 10:09:24 +00:00
d3ad280731 package megi's linux firmware 2023-09-19 10:09:24 +00:00
85b043af37 WIP: enable wake on wlan 2023-09-19 10:09:24 +00:00
0342594728 programs: ship iw 2023-09-19 10:09:24 +00:00
56e7484721 nixpatches: update g4music/font-manager hashes 2023-09-18 10:10:23 +00:00
cd61a530cb sxmo: fix multi-user.service -> multi-user.target typo 2023-09-17 08:44:31 +00:00
f4c0e06b62 docs: gnome-calls: mention ~/.cache/folks dir 2023-09-17 05:57:21 +00:00
b4d748d87f gnome-calls: run as daemon after log-on 2023-09-17 05:53:05 +00:00
107c07915e ship gnome-calls 2023-09-17 05:00:15 +00:00
f493f005a9 lappy: switch back to sway 2023-09-16 15:11:01 +00:00
fbafbd0d52 todo.md: new item for reducing phog closure 2023-09-16 15:01:49 +00:00
9215da61a3 todo.md: remove completed eg25-control items 2023-09-16 15:00:17 +00:00
61428a5c8b unify fonts across sway and sxmo 2023-09-16 14:59:12 +00:00
77906fb58b font-manager: re-enable 2023-09-16 12:44:31 +00:00
a79d021123 font-manager: build without webkit 2023-09-16 12:44:09 +00:00
d85f5d88cd docs: cross: fractal-next: leave notes about present failure mode 2023-09-16 12:04:31 +00:00
518d63c08d tokodon: remove
this is upstream now; my own build file was already a no-op
2023-09-16 09:23:08 +00:00
b254f0716b engrampa: add a warning to make sure i tend this once upstream updates 2023-09-16 09:21:57 +00:00
9e93a4cdce chatty-latest: unstable-2023-08-01 -> v0.8.0_rc0
this actually is an update, despite the dates (merge order/commit timestamps/timezones)
2023-09-16 09:21:36 +00:00
38f839fb60 servo: fix over-broad "passwordFile" fix 2023-09-16 08:42:05 +00:00
09cee559eb mpv: improve MIME priority; re-enable youtube support 2023-09-16 08:36:08 +00:00
f64af6675b p10k/powerlevel10k: remove (unused)
i use starship now
2023-09-16 08:33:02 +00:00
9d71a08841 kitty: remove configs (unused)
i use alacritty now
2023-09-16 08:26:39 +00:00
321cc62ca0 passwordFile -> hashedPasswordFile to fix deprecation warning 2023-09-16 08:17:48 +00:00
92bf5c3be2 fix g4music build 2023-09-16 08:15:00 +00:00
43db1fed84 nixpkgs: 2023-09-14 -> 2023-09-15
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/d25d3b87e7f300d8066e31d792337d9cd7ecd23b' (2023-09-15)
  → 'github:nixos/mobile-nixos/7564347ef8bc2b96c72abbfaf158e3fd1e47efd6' (2023-09-15)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14)
  → 'github:nixos/nixpkgs/ace5093e36ab1e95cb9463863491bee90d5a4183' (2023-09-15)
```
2023-09-16 08:15:00 +00:00
f81b76a975 nixpkgs: 2023-09-11 -> 2023-09-14; mobile-nixos -> 2023-09-15
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/d22c60e8d4d21f0197c1cac88c34dcc366b7a16c' (2023-09-10)
  → 'github:nixos/mobile-nixos/d25d3b87e7f300d8066e31d792337d9cd7ecd23b' (2023-09-15)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
  → 'github:nixos/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14)
```
2023-09-16 08:15:00 +00:00
81c16ec479 swaync/feedbackd: activate ringer on incoming dino call 2023-09-16 05:06:41 +00:00
254da7e17b swaync: document env vars 2023-09-16 02:55:36 +00:00
400739cd83 feedbackd: add debug logging 2023-09-16 02:55:23 +00:00
2f7655e1c1 eg25-control: don't auto-start GPS on boot
this also means we don't power the modem on boot

this is OK to do now that i have a toggle in swaync for GPS
2023-09-15 16:55:27 +00:00
c3a6943b7e swaync: replace feedbackd button with gps button 2023-09-15 16:51:43 +00:00
fdc37c9f53 swaync: add button to toggle feedbackd
this is just a proof of concept: will toggle GPS later
2023-09-15 16:09:28 +00:00
c73246d7c6 sane-bt-search: fix tracker typos 2023-09-15 11:14:29 +00:00
e03ae48ef6 docs: feedbackd: note about default.json 2023-09-15 10:44:29 +00:00
cd1cfdd5db swaync: fix to also proxy notifs from Purisms Chatty app 2023-09-15 10:35:30 +00:00
d87015836e swaync: integrate with feedbackd for notification sounds 2023-09-15 10:20:18 +00:00
71c01795f4 moby: eg25-control-freshen-agps: fix to actually run hourly 2023-09-15 07:35:05 +00:00
2291c89dbc moby: eg25-control: fixup perms & add service that DLs new agps data when stale 2023-09-15 04:47:12 +00:00
1546304b4e eg25-control: run as own user
its perms might still need adjustment so that it can control modem power and write to mmcli
2023-09-15 03:54:01 +00:00
a0e6efb409 eg25-control: better cache timestamp handling (just use os.stat) 2023-09-15 03:37:18 +00:00
bd18a6871c eg25-control: add --ensure-agps-cache operation 2023-09-15 03:33:00 +00:00
0f3f566d25 eg25-control: use fs timestamp when caching 2023-09-15 02:53:35 +00:00
92451d1e28 eg25-control: cache the location assistance data 2023-09-15 02:35:31 +00:00
a0c2ed38e6 eg25-control: allow finer-grained service control 2023-09-15 01:38:50 +00:00
649e5a2cab sway: persist pipewire/wireplumber audio volumes 2023-09-13 12:57:18 +00:00
f2e51ef742 todo.md: swaync: theme 2023-09-13 10:14:07 +00:00
cf4c27a74c swaynotificationcenter: support pulseaudio even on cross builds 2023-09-13 10:11:11 +00:00
4cff9f99cb alsa-ucm-conf-sane: reduce Internal Speaker playback priority 2023-09-13 09:35:01 +00:00
741264ec48 nixpkgs: 2023-09-08 -> 2023-09-11
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b' (2023-09-08)
  → 'github:nixos/nixpkgs/3a2786eea085f040a66ecde1bc3ddc7099f6dbeb' (2023-09-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/faf21ac162173c2deb54e5fdeed002a9bd6e8623' (2023-09-05)
  → 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
```
2023-09-13 06:07:19 +00:00
9ad1be40b2 persist: stores: crypt: remove unrecognized nodev flag 2023-09-13 06:07:04 +00:00
910d0fa59e persist: remove the nosuid flag since gocryptfs cant parse it here 2023-09-13 05:13:43 +00:00
f54d5a68ff trust-dns: 0.22.1 -> 0.23.0 2023-09-13 02:53:06 +00:00
a359350d7e sxmo-utils.latest: 2023-08-29 -> 2023-09-09 2023-09-12 10:29:10 +00:00
7bef6b4089 modules: users/programs: cleaner option passthrough 2023-09-12 05:44:53 +00:00
8011e78e21 persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy 2023-09-12 04:58:56 +00:00
8a6fcd92ae programs: port to programs.services interface 2023-09-12 04:45:38 +00:00
3e33313bf0 programs: add a "services" option which forwards into the user config 2023-09-12 04:44:07 +00:00
6138291a8d users: add a "services" option via which to configure per-user systemd services 2023-09-12 04:43:23 +00:00
6addf5a3b2 fs: symlink: add an option by which to control the symlink target name 2023-09-12 04:41:32 +00:00
2ead0201ab todo.md: add task for moby battery readout 2023-09-12 00:07:34 +00:00
56ad2370dc colin: add to systemd-journal group 2023-09-12 00:06:00 +00:00
3157ceb88b swaync: dont ship dbus files 2023-09-11 23:03:57 +00:00
df2a2fe427 mako: simplify with a rmDbusServices helper 2023-09-11 22:56:54 +00:00
c55ea59c4f ship unzip, for when dtrx fails 2023-09-11 22:31:54 +00:00
9cb28e037d firefox: sponsorblock: fix to really not show popup on first-run 2023-09-11 22:30:28 +00:00
90eeb380ef firefox-extensions: upadte sponsorblock, ublacklist 2023-09-11 22:21:25 +00:00
9472a5c5d4 todo.md: sort moby tasks 2023-09-11 01:30:29 +00:00
d7884a9c8a nixpkgs: 2023-09-06 -> 2023-09-08
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/56fc9f9619f305f0865354975a98d22410eed127' (2023-07-22)
  → 'github:nixos/mobile-nixos/d22c60e8d4d21f0197c1cac88c34dcc366b7a16c' (2023-09-10)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/0bffda19b8af722f8069d09d8b6a24594c80b352' (2023-09-06)
  → 'github:nixos/nixpkgs/db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b' (2023-09-08)
```
2023-09-10 12:57:14 +00:00
3f10fbdf4d sway: remove deprecated "types.string" 2023-09-10 12:57:10 +00:00
c5ccc0ab34 eg25-control: mention atinout as a way to send AT commands 2023-09-10 12:56:56 +00:00
664bd473c3 linux-megous: try making more modules be builtin 2023-09-10 12:56:37 +00:00
8ef0926614 cross: build in qemu using stock linux
this allows faster iteration of linux-megous kernel
2023-09-10 11:59:47 +00:00
2298d1bfaa linux-megous: 6.4.7 -> 6.4.15 2023-09-10 11:47:05 +00:00
08857dd143 sane-bt-search: rank miobt/subsplease 2023-09-10 11:46:39 +00:00
b26f7a5d2b sysadminUtils: ship dtc (device tree de/compiler) 2023-09-10 09:49:31 +00:00
4e997591dd snippets: update 2023-09-10 00:49:02 +00:00
fad3972554 sway: waybar: fix media to better handle multiple players 2023-09-10 00:01:39 +00:00
755f844294 doc: sway/wlroots patch: explain the xdg_activation_v1 situation 2023-09-09 10:52:07 +00:00
fd18da52a8 overlays/preferences: remove dead dino code (it never worked) 2023-09-09 09:32:21 +00:00
cc78c3c36e sway: patch to temporarily allow any window to request activation (fix for notifications) 2023-09-09 09:32:00 +00:00
75009f6816 doc: sxmo: explain why we need nerdfonts 2023-09-09 07:44:31 +00:00
59f82cea27 doc: element: leave notes for if element fails to render, again 2023-09-09 07:11:25 +00:00
0da8d282fe feeds: add Andrew Heaton - Political Orphanage 2023-09-09 02:33:48 +00:00
6b4bd5ea28 feeds: remove Useful Idiots
the only ungated content is just idle chitchat
2023-09-09 02:20:02 +00:00
93ceef0163 sane-bt-search: fix bakabt URIs 2023-09-09 00:05:22 +00:00
eab0d656d3 docs: cpuFreqGovernor: explain which hardware this config affects 2023-09-08 23:37:21 +00:00
c2d99603a8 nixpkgs: 2023-09-04 -> 2023-09-06
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/3c15feef7770eb5500a4b8792623e2d6f598c9c1' (2023-09-04)
  → 'github:nixos/nixpkgs/0bffda19b8af722f8069d09d8b6a24594c80b352' (2023-09-06)
```
2023-09-08 21:16:12 +00:00
f73b6b56a9 nixpkgs: 2023-09-02 -> 2023-09-04
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e56990880811a451abd32515698c712788be5720' (2023-09-02)
  → 'github:nixos/nixpkgs/3c15feef7770eb5500a4b8792623e2d6f598c9c1' (2023-09-04)
```
2023-09-08 20:48:56 +00:00
b65eca7dcf sxmo: fix so the sway session launched via phog includes debug logging 2023-09-08 10:59:31 +00:00
dec5826be8 all: switch powerManagement from powersave -> ondemand
how did i end up on powersave?

powersave is unusable on moby
2023-09-08 05:37:56 +00:00
b2393d4715 opengl: enable more broadly
this reduces the amount of sxmo-specific config
2023-09-07 10:47:17 +00:00
c86037e5d0 sway: don't enable greetd by default 2023-09-07 10:45:23 +00:00
d7751fb300 sway: remove unused installConfigs option 2023-09-07 10:33:28 +00:00
9582ea2e0a refactor: hosts/modules/hardware -> hosts/common/hardware
the config here didn't have any options; doesn't really make sense as a module
2023-09-07 10:29:25 +00:00
d92b393f01 hardware/x86_64.nix: split these options into more relevant files
also makes it so we dont ship opengl on platforms where we dont need it (servo)
2023-09-07 10:24:20 +00:00
ea26899735 docs: swaync: show how to view interactive style 2023-09-07 09:09:47 +00:00
f8d807225f swaync: fix backlight controls for moby 2023-09-07 08:54:43 +00:00
4c08609824 swaync: ship as own service 2023-09-07 07:34:22 +00:00
ccb11a4ecf swaync: fix broken black-on-black text 2023-09-07 07:33:15 +00:00
7f8ce68182 transmission: disable the incomplete dir 2023-09-07 06:14:11 +00:00
edf936820a transmission: fix permission-related errors 2023-09-07 06:14:11 +00:00
c6ab274dcf sxmo: waybar: add swaync 2023-09-07 01:27:30 +00:00
4d0c1811a3 neovim: associate with json/txt/md 2023-09-07 00:11:33 +00:00
ccb6f33b2f swaync: tune config; ignore certain sxmo notifications 2023-09-07 00:11:14 +00:00
4484fd243e docs: swaynotificationcenter: show how to reveal the notification center 2023-09-06 10:22:56 +00:00
7f1cdae91a sxmo: remove mako & other programs which are managed by sway now 2023-09-06 10:14:59 +00:00
b763009821 cross: fix swaynotificationcenter compilation 2023-09-06 09:56:46 +00:00
f392c0c02b swaync: tune parameters a bit 2023-09-06 09:20:00 +00:00
027086dd48 waybar: add divider to swaync 2023-09-06 09:19:50 +00:00
6eeca57694 waybar: add swaync notifications center 2023-09-06 09:13:34 +00:00
cc9ff2a2b0 swaynotificationcenter: port text blob to structured nix config 2023-09-06 09:03:19 +00:00
507753b3dc .gitignore: ignore some more things 2023-09-06 08:59:58 +00:00
eaecb395cd sway: switch from mako to swaynotificationcenter
mako's not working great on moby; hoping this will be better
2023-09-06 08:57:25 +00:00
6f5132633f sway: disable unused status_cmd 2023-09-06 08:19:52 +00:00
1076289490 sway: enable xwayland (but not for sxmo) 2023-09-06 08:19:52 +00:00
743f669b8c mako: disable the dbus service so our systemd service can take control 2023-09-06 08:19:52 +00:00
c12fc4bd57 todo.md: remove completed mpv item 2023-09-06 08:19:52 +00:00
9ab82904e6 mpv: remove power-button -> close mpv mapping 2023-09-06 08:19:51 +00:00
45df0954f4 sway: improve waybar text size 2023-09-06 08:19:51 +00:00
de685236a0 sway: waybar: fix default min-width setting (to aid moby) 2023-09-06 01:55:14 +00:00
2aa8033a5f sway: remove defaulted bar options 2023-09-06 01:18:35 +00:00
12b2fb6dfd mako: deploy as systemd service 2023-09-06 00:57:47 +00:00
aa5eb3988d sway: fix broken @status@ substitution 2023-09-06 00:51:13 +00:00
5efeb6ca50 lappy: sxmo: set noidle 2023-09-06 00:46:08 +00:00
18eaebb7fc mako: don't dismiss notifications when touched 2023-09-05 18:21:26 +00:00
9ed3dd4f22 sxmo: let mako be started via normal dbus activation
note that sxmo still installs its own, custom, mako theme
2023-09-05 17:46:01 +00:00
51ecf1b54b sxmo: fix sxmo_hook_init.sh -> sxmo_hook_start.sh 2023-09-05 17:31:33 +00:00
d1741c60dc sxmo: clean up our hook injections 2023-09-05 17:21:02 +00:00
f62c844aaf modules: fs: allow symlink target to be a path 2023-09-05 17:21:02 +00:00
409baf0321 moby: lift background into sway config 2023-09-05 16:13:23 +00:00
c3e37f7864 sops-nix: 2023-08-30 -> 2023-09-05
```
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a' (2023-08-30)
  → 'github:Mic92/sops-nix/faf21ac162173c2deb54e5fdeed002a9bd6e8623' (2023-09-05)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/9117c4e9dc117a6cd0319cca40f2349ed333669d' (2023-08-27)
  → 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
```
2023-09-05 09:26:59 +00:00
233a81c7d8 sxmo: more logging around power_button/volume_button 2023-09-05 09:14:32 +00:00
aca67b997a sxmo: dont start conky manually (let sway do it) 2023-09-05 08:48:18 +00:00
cddba3d35f conky: ship on sway
this probably causes double conky on sxmo, but i can fix in future patch
2023-09-05 08:31:50 +00:00
14b0d1bd37 sway: tidy up media key handling to not interfere with sxmo hooks 2023-09-05 04:51:12 +00:00
578162a266 sxmo: fix waybar height 2023-09-05 04:32:00 +00:00
ab776d7fc8 sxmo: fold the sway config fully into sane.gui.sway 2023-09-05 04:25:58 +00:00
cd9f05b8e1 sxmo: merge waybar configs into sway 2023-09-05 03:43:32 +00:00
2bf978f845 sway: waybar: disable sway/mode (it doesnt seem to do anything...) 2023-09-05 03:09:32 +00:00
b89212bcbd refactor: waybar: sort these items 2023-09-05 01:19:06 +00:00
5498694729 sway: tidy waybar items and add memory 2023-09-05 01:18:55 +00:00
7b5bf2969a sway: switch theming to be consistent with SXMO, for future merging 2023-09-05 01:05:59 +00:00
e198c49a96 refactor: sway: make snip_cmd be an actual shell script 2023-09-05 00:29:38 +00:00
7f5811db9a refactor: sway: split config template into own file 2023-09-05 00:28:38 +00:00
5c3bb2293c sway: consolidate the nix substitutions into mostly just one area and use sway-native variables after 2023-09-04 23:30:40 +00:00
59ac2061af sxmo: minor docs improvement 2023-09-04 11:33:14 +00:00
905934cad2 moby: disable blueberry app, since it doesnt compile 2023-09-04 11:31:07 +00:00
e89805cd17 sxmo: have sway launch sxmo -- not the other way around
this lets me treat sxmo as just some nice scripts which run atop an existing DE (sway), rather than the opposite

can share more code with my desktop/laptop
2023-09-04 11:10:30 +00:00
680ab2c189 lappy: fix sxmo polyfill 2023-09-04 10:01:29 +00:00
10095e3ce5 sxmo: rename greeter option: {,->greetd-}sway-gtkgreet 2023-09-04 01:06:57 +00:00
a2b8e23eee nixpkgs: 2023-09-01 -> 2023-09-02
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/aa8aa7e2ea35ce655297e8322dc82bf77a31d04b' (2023-09-01)
  → 'github:nixos/nixpkgs/e56990880811a451abd32515698c712788be5720' (2023-09-02)
```
2023-09-03 20:13:07 +00:00
0587c14af5 nixpkgs: 2023-08-31 -> 2023-09-01
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/3e52e76b70d5508f3cec70b882a29199f4d1ee85' (2023-08-31)
  → 'github:nixos/nixpkgs/aa8aa7e2ea35ce655297e8322dc82bf77a31d04b' (2023-09-01)
```
2023-09-03 08:49:56 +00:00
6a83e0ce6c WIP: sxmo: ship notifications-related dependencies 2023-09-03 08:48:43 +00:00
72960aa963 cross: fix flatpak compilation 2023-09-03 08:46:50 +00:00
5f4f047769 cross: fix ostree compilation 2023-09-03 07:45:21 +00:00
a880ba254b sway: remove some unneeded config options 2023-09-02 10:37:09 +00:00
4d75c3d97a ejabberd: document more compat & how to admin 2023-09-02 08:36:32 +00:00
90511ed765 ejabberd: support matrix: clarify client support 2023-09-02 08:36:32 +00:00
aa3b85511f ejabberd: docs: update federation/support matrix 2023-09-02 08:36:32 +00:00
5d90cbcc98 programs: ship gajim on desko 2023-09-02 07:21:16 +00:00
0525f99813 moby: ship dino 2023-09-02 05:13:01 +00:00
769019f2f5 greetd: types.string -> types.str 2023-09-02 01:36:11 +00:00
dcaba0f0ee secrets: fix build when host has no secrets 2023-09-02 01:34:32 +00:00
d33b6eec59 flake: add a check-host-configs target to ensure all hosts are buildable 2023-09-02 01:25:20 +00:00
20aef83496 greetd: refactor: session{Name,Cmd,User} into session attrset 2023-09-02 00:54:05 +00:00
3cc4a1ea19 sxmo: port to greetd abstraction 2023-09-02 00:49:44 +00:00
a41fefa906 consolidate greetd stuff out of sway 2023-09-02 00:07:46 +00:00
c00bba3fcf nixpkgs: 2023-08-30 -> 2023-08-31
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/e7f38be3775bab9659575f192ece011c033655f0' (2023-08-30)
  → 'github:nixos/nixpkgs/3e52e76b70d5508f3cec70b882a29199f4d1ee85' (2023-08-31)
```
2023-09-01 20:03:55 +00:00
63fab5899b common: mount /mnt/servo-nfs/playground 2023-09-01 10:10:28 +00:00
357b6ef06e nfs: expose playground as a read/write dir 2023-09-01 10:08:29 +00:00
4fdf74fdbe export: enforce a quota 2023-09-01 03:37:33 +00:00
15e09573d5 exports: consolidate nfs and sftpgo mounts into /var/export 2023-09-01 01:23:35 +00:00
d6479ca148 nfs/sftpgo: combine into "exports" nix directory 2023-09-01 00:39:22 +00:00
cf9558f166 WIP: sftp: define playground as a btrfs subvolume 2023-09-01 00:35:43 +00:00
68bce9c8b7 ports: if they fail to forward, retry after some interval 2023-09-01 00:30:32 +00:00
913201b9cd sane-bt-search: add TPB to TRACKER_RANKS 2023-08-31 23:38:29 +00:00
3f748164e4 ftp: add a playground directory 2023-08-31 12:56:30 +00:00
ded5d94d69 modules: fs: add a "text" type to populate static text files when symlinks wont do 2023-08-31 12:56:30 +00:00
815a8b52b6 refactor: sftpgo: define permissions via nix config 2023-08-31 12:56:30 +00:00
639a4cfe50 ftp: grant read access to LAN 2023-08-31 12:56:30 +00:00
b2af4e8983 nixpkgs: disable phog patch 2023-08-31 12:56:09 +00:00
ff39fc5d95 ports: make upnp service files more human-readable 2023-08-31 01:02:48 +00:00
9fea007d4f cross: support gnome "calls" package 2023-08-31 00:52:28 +00:00
f44a094d1d nixpkgs: 2023-08-28 -> 2023-08-30; sops-nix -> 2023-08-30
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/3efb0f6f404ec8dae31bdb1a9b17705ce0d6986e' (2023-08-28)
  → 'github:nixos/nixpkgs/e7f38be3775bab9659575f192ece011c033655f0' (2023-08-30)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c89ee06488706b587a22085b1844bf9ca6ba5687' (2023-08-28)
  → 'github:Mic92/sops-nix/d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a' (2023-08-30)
```
2023-08-30 20:45:57 +00:00
ec6f90eb44 mpv: fix "DRM_IOCTL_MODE_CREATE_DUMB failed" bug 2023-08-30 10:32:31 +00:00
bbe583637f mpv: uosc: 2023-07-26 -> 2023-08-29 2023-08-30 06:33:09 +00:00
29eab151a1 lemoa: 0.3 -> 0.4 2023-08-30 05:34:04 +00:00
a7c5daf8a5 sxmo: sway-config: leave a todo for deploying via /etc/sway/config.d 2023-08-30 01:56:32 +00:00
a23dea03a9 sxmo: sway config: pull defaults from upstream sxmo-utils 2023-08-30 01:54:30 +00:00
45e5f3ecca dino: document how to start calls 2023-08-30 01:50:06 +00:00
8bcba8802f sxmo-utils: 2023-08-22 -> 2023-08-29 2023-08-30 01:49:48 +00:00
3e2e0ccc1c nixpatches: note to split xdg-utils patch 2023-08-29 21:26:43 +00:00
c14d88f1ea nixpkgs: 2023-08-27 -> 2023-08-28
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/a999c1cc0c9eb2095729d5aa03e0d8f7ed256780' (2023-08-27)
  → 'github:nixos/nixpkgs/3efb0f6f404ec8dae31bdb1a9b17705ce0d6986e' (2023-08-28)
```
2023-08-29 21:26:43 +00:00
e72e847147 sops-nix: 2023-08-27 -> 2023-08-28 2023-08-29 21:26:43 +00:00
073879e523 nixpkgs: 2023-08-25 -> 2023-08-27
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/5690c4271f2998c304a45c91a0aeb8fb69feaea7' (2023-08-25)
  → 'github:nixos/nixpkgs/a999c1cc0c9eb2095729d5aa03e0d8f7ed256780' (2023-08-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45' (2023-08-22)
  → 'github:Mic92/sops-nix/0618c8f0ed5255ad74ee08d1618841ff5af85c86' (2023-08-27)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/5e63e8bbc46bc4fc22254da1edaf42fc7549c18a' (2023-08-20)
  → 'github:NixOS/nixpkgs/9117c4e9dc117a6cd0319cca40f2349ed333669d' (2023-08-27)
```
2023-08-29 21:26:43 +00:00
bf302f70f1 servo: ejabberd: give each TURN port a unique upnp description
i think some impls expect the description to be unique?
2023-08-29 11:46:40 +00:00
a045eaa181 sxmo: persist the fontconfig and mesa_shader_cache directories for faster boot 2023-08-29 10:35:14 +00:00
b83b2ce0cc sxmo-utils: begin to push Makefile patches upstream 2023-08-29 10:32:56 +00:00
377aec7e07 sxmo-utils: re-add lost patch to the stable variant 2023-08-29 10:09:30 +00:00
9d50a6669a sxmo-utils-latest: 2023-08-11 -> 2023-08-22 2023-08-29 10:00:42 +00:00
bded6c9562 todo.md: new entry for getting sxmo youtube script working 2023-08-29 09:44:52 +00:00
5520c74921 sxmo-utils: add missing wl-clipboard dependency (for sxmo_screenshot.sh) 2023-08-29 09:44:30 +00:00
589c005bc4 sxmo-utils: add missing slurp dependency 2023-08-29 09:17:09 +00:00
d64a213ec2 sxmo-utils: add missing wtype package 2023-08-29 08:49:25 +00:00
18c940962e sxmo-utils: fix incorrect PREFIX
this should help the appscripts (screenshotting and the like)
2023-08-29 07:59:43 +00:00
e01b1f35fc sxmo-utils: simplifiy the install phase 2023-08-29 07:35:42 +00:00
60030860e5 todo.md: sxmo: better dependency/PATH handling 2023-08-29 07:35:42 +00:00
90894087e5 sxmo: apply SXMO_DISABLE_CONFIGVERSION_CHECK earlier 2023-08-29 07:35:42 +00:00
bdcccbd894 ejabberd: forward TURN ports over UPnP 2023-08-29 07:22:48 +00:00
b64cf408fb chatty: persist all of ~/.purple 2023-08-29 06:13:24 +00:00
eaca5b9889 cross: record more upstreaming status 2023-08-29 00:18:07 +00:00
1c265b2073 cross: update upstreaming status 2023-08-28 23:33:42 +00:00
fa98ba86bc sxmo: default SXMO_DISABLE_CONFIGVERSION_CHECK to on 2023-08-28 21:53:43 +00:00
53aee9e651 cross: libgweather/tuba: grab from upstream PRs 2023-08-28 12:04:03 +00:00
d4a305f5bb cross: tuba: grab from nixpkgs fork 2023-08-28 11:52:39 +00:00
fd39efe31f sxmo-utils: sxmo_hook_apps: fix some typod apps 2023-08-28 11:15:25 +00:00
3b2f4b6f72 preferences: phog: fix eval typo 2023-08-28 11:15:05 +00:00
9a16942b16 cross: send brightnessctl, libgweather (partially) upstream 2023-08-28 11:14:51 +00:00
fe47d68fd3 sxmo-utils: disable configversion checking
this is not yet deployed -- might not work 100%
2023-08-28 10:32:37 +00:00
deaee833cf cross: move phog patch to preferences.nix 2023-08-28 10:08:50 +00:00
8d03881109 cross compilation: disable kitty patch (no longer needed) 2023-08-28 10:06:24 +00:00
e476adfdf5 todo.md: add entry for fixing fonts in wvkbd 2023-08-28 09:56:24 +00:00
4201aa7466 gui: sxmo: default to sxmo-utils-latest variant of the package 2023-08-28 09:56:02 +00:00
a85d594c89 sxmo-utils: add a few more apps i use 2023-08-28 09:55:34 +00:00
7b98cd3d50 todo.md: remove completed phog item 2023-08-28 09:37:01 +00:00
d256a0b647 todo.md: upstreaming to non-nixpkgs 2023-08-28 09:36:11 +00:00
c87ba7f670 snippets: add link to sxmo-devel maillist 2023-08-28 09:26:41 +00:00
e4e5df80f1 sxmo-utils: factor out commons and create a package for sxmo-utils-latest 2023-08-28 09:26:30 +00:00
02f409451d chatty: persist .purple/chatty 2023-08-28 09:01:29 +00:00
9f2c7b90ce snippets.txt: more uninsane services; Johoe mempool 2023-08-28 08:52:33 +00:00
559c551752 re-enable dino XMPP client 2023-08-28 08:48:35 +00:00
304482cc9b moby: ModemManager: make quieter 2023-08-28 08:09:19 +00:00
ad9db91812 moby: ship eg25-control on user profile 2023-08-28 08:03:27 +00:00
1c7997e1ef rename eg25-control-defaults.service -> eg25-control 2023-08-28 08:03:14 +00:00
deefcaae9a nixpkgs: 2023-08-24 -> 2023-08-25
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/18324978d632ffc55ef1d928e81630c620f4f447' (2023-08-24)
  → 'github:nixos/nixpkgs/5690c4271f2998c304a45c91a0aeb8fb69feaea7' (2023-08-25)
```
2023-08-26 20:07:04 +00:00
562008f3c0 sxmo: default to greetd + sway + phog greeter 2023-08-26 19:57:43 +00:00
2584d62b28 sxmo: enable hardware opengl
this fixes the awful perf i was seeing when not using lightdm-mobile-greeter

xserver enables hardware opengl, i'm just copying that behavior to non-X greeters
2023-08-26 19:57:43 +00:00
dc64193a62 moby: generalize sun4i init failure to displayManager *and* greetd 2023-08-26 19:57:43 +00:00
a7f8089ed8 sane-bt-search: link to jargon definitions 2023-08-26 19:25:23 +00:00
e8e63167d2 phog: bring in-tree and patch to allow launching via sway
it looses the bar functionality (oh well)
2023-08-26 13:04:07 +00:00
c056191de1 sxmo: try some alternate greeters 2023-08-26 12:28:25 +00:00
f2a597f698 moby: sxmo: phog: provide an identifier in the syslog 2023-08-26 10:06:36 +00:00
7b637f976b moby: sxmo: fix phog to log its output 2023-08-26 09:40:07 +00:00
39a378c517 nixpkgs: 2023-08-22 -> 2023-08-24
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/b85ed9dcbf187b909ef7964774f8847d554fab3b' (2023-08-22)
  → 'github:nixos/nixpkgs/18324978d632ffc55ef1d928e81630c620f4f447' (2023-08-24)
```
2023-08-26 01:26:33 +00:00
0f9dfb9f8a sxmo-utils: add missing xrdb dependency 2023-08-25 23:37:05 +00:00
ab7f2fb1ec sxmo: switch back to lightdm-mobile greeter 2023-08-25 23:36:47 +00:00
a892c364c6 sxmo-utils: cherry-pick upstream light -> brightnessctl patch 2023-08-25 22:33:48 +00:00
a5c829fa96 moby: switch to phog by default 2023-08-25 13:29:49 +00:00
e844cf5970 phog: fix hardcoded paths 2023-08-25 13:29:29 +00:00
999c6fd880 preferences: remove a dead todo 2023-08-25 12:14:03 +00:00
2aa4bdd5a6 cross compilation: fix brightnessctl 2023-08-25 12:13:39 +00:00
05801f298f phog: add missing gnome-shell dependency
oof, that's a massive dep to pull in just for the schema files...
2023-08-25 12:05:15 +00:00
0fd1ec861b sxmo-utils: add missing brightnessctl dep 2023-08-25 12:04:28 +00:00
37d0473b7f cross: enable gnome-clocks, gnome-shell, squeekboard, better libgweather 2023-08-25 12:03:35 +00:00
aaca46c485 cross: get ibus to cross-compile 2023-08-25 12:01:49 +00:00
30a6a1c1c2 new todo: fix mpv blank UI bug 2023-08-25 01:34:19 +00:00
2c39ac3015 phoc: remove patches; they've been upstreamed 2023-08-25 01:33:34 +00:00
cc6a0dd8b3 phoc: fix patching style to be better overridable 2023-08-25 01:32:45 +00:00
fbf62f0531 moby: add experimental support for phog greeter 2023-08-25 01:25:07 +00:00
c96b951895 todo.md: moby: switch to phog greeter 2023-08-24 21:31:28 +00:00
34294341d7 libgweather: update nws patch with PR feedback 2023-08-24 11:41:31 +00:00
cdc8885e60 sane-weather: leave notes for future work 2023-08-24 11:23:33 +00:00
41416cd184 moby: conky: tune weather display 2023-08-24 11:17:36 +00:00
3c32246d9a sane-weather: default to METAR only 2023-08-24 11:06:24 +00:00
6862d084ac sane-weather: format the temperature better 2023-08-24 11:06:05 +00:00
6eb3626203 ship gnome-weather to all GUI platforms 2023-08-24 11:00:38 +00:00
5f808eab5c libgweather: push NWS segfault fix upstream 2023-08-24 10:35:54 +00:00
fe15c0b097 sane-weather: switch to METAR + NWS
NWS gets us hourly forecasts
2023-08-24 09:20:36 +00:00
e4fbe9d03c sane-weather: reoder the operations list 2023-08-24 09:20:36 +00:00
de09d54c64 sane-weather: make the location configurable 2023-08-24 09:20:36 +00:00
5bf117fc05 sane-weather: document some functions/classes 2023-08-24 09:20:36 +00:00
f734797628 libgweather: fix null string comparison in nws backend 2023-08-24 09:20:36 +00:00
236470dc33 cross compilation fixes for previous nixpkgs update 2023-08-24 05:56:47 +00:00
555627dad5 nixpkgs: 2023-08-21 -> 2023-08-22
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/91a22f76cd1716f9d0149e8a5c68424bb691de15' (2023-08-21)
  → 'github:nixos/nixpkgs/b85ed9dcbf187b909ef7964774f8847d554fab3b' (2023-08-22)
```
2023-08-24 02:04:25 +00:00
49c5ddd9f3 nixpkgs: 2023-08-19 -> 2023-08-21
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/d680ded26da5cf104dd2735a51e88d2d8f487b4d' (2023-08-19)
  → 'github:nixos/nixpkgs/91a22f76cd1716f9d0149e8a5c68424bb691de15' (2023-08-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
  → 'github:Mic92/sops-nix/1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45' (2023-08-22)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
  → 'github:NixOS/nixpkgs/5e63e8bbc46bc4fc22254da1edaf42fc7549c18a' (2023-08-20)
```
2023-08-23 13:40:45 +00:00
a43ccaac64 conky: display temperature 2023-08-23 13:38:11 +00:00
91c02aec9a sane-weather: enable cross compilation 2023-08-23 13:31:45 +00:00
681d3d5520 sane-weather: more diagnostics 2023-08-23 11:55:30 +00:00
f945dc42fa sane-weather: init
for now, all it does is print the current temperature; no caching
2023-08-23 11:14:13 +00:00
cc6f33b928 sxmo-utils: add missing curl, libxml2 deps 2023-08-23 06:18:24 +00:00
2f83e73139 sxmo: sway: default to tabbed workspaces 2023-08-22 10:03:07 +00:00
53ccb96234 sxmo: sway: theme "urgent" titlebars to match mpv colors 2023-08-22 10:00:13 +00:00
a0d6139e50 add todos around moby GPS 2023-08-22 08:53:55 +00:00
90abadf7c4 eg25-control: document typical jitter 2023-08-22 08:51:10 +00:00
7f1e959ece moby: gps: grant geoclue access to all users 2023-08-22 08:49:04 +00:00
794df4d762 moby: geoclue: restrict to just "colin" user 2023-08-22 07:20:31 +00:00
d6b262a28e moby: enable geoclue service 2023-08-22 07:15:14 +00:00
0cc518e523 todo.md: reflow 4-space tabs to 2-space 2023-08-22 06:41:26 +00:00
8780dff794 add lemonade, new-server-as-remote-builder to todo 2023-08-22 06:40:46 +00:00
0f881006e7 eg25-control: don't abort when AGPS download fails 2023-08-22 04:59:30 +00:00
5d349ce042 moby: init GPS during boot 2023-08-22 04:53:40 +00:00
940711878b eg25-control: make own package 2023-08-22 04:41:54 +00:00
75048efcf3 eg25_gps_init.py: allow CLI config of modem control points 2023-08-22 04:36:37 +00:00
8cc5199d9b FIXUP 2023-08-22 04:35:51 +00:00
3f60bacd38 eg25_gps_init: allow finer CLI control 2023-08-22 04:32:11 +00:00
8fb705dde4 eg25-gps-init: document the SIM requirement 2023-08-21 19:39:55 +00:00
79777cd4ae eg25-gps-init: improve docs 2023-08-21 11:14:16 +00:00
fabd1e3b64 eg25-gps-init: fixup docs 2023-08-21 10:42:27 +00:00
bcb6beef05 check in a script to initialize the eg25 gps
not part of the deployed system: has to be run manually
2023-08-21 10:33:39 +00:00
34336e4ade linux-megous: 6.4.0-rc7 -> 6.4.7
this is the version currently deployed by postmarketOS
2023-08-21 04:49:46 +00:00
a518e56cf1 feeds: leave note to where to find podcasts that have a lemmy community 2023-08-21 01:14:55 +00:00
6cc7655180 feeds: add Tom Scott's podcast 2023-08-21 01:13:19 +00:00
0a15aad6d7 sane-bt-search: rename "source" sort to "tracker" 2023-08-20 09:14:45 +00:00
1d8bee2856 sane-bt-search: add a flag to sort by tracker reputation 2023-08-20 09:14:19 +00:00
6894d5828b sane-bt-search: refactor: move filter logic off of Torrent class 2023-08-20 08:53:06 +00:00
35bc222552 sane-bt-search: allow showing only videos 2023-08-20 08:49:04 +00:00
16b5b6840f sane-bt-search: refactor: make filtering easier to extend 2023-08-20 08:45:10 +00:00
1a7837d740 flake: add a sync-lappy command 2023-08-20 07:46:55 +00:00
607bfbe452 fs: add /mnt/lappy-home 2023-08-20 06:26:20 +00:00
c2b85bd6b8 refactor: break out a helper in fs.nix for mounting remote home dirs 2023-08-20 06:20:28 +00:00
c3bc0ec645 fs: remove desko-root mount
i don't use it in practice
2023-08-20 06:11:17 +00:00
89b5e8145d lemmy: pict-rs: remove unused options 2023-08-20 05:01:24 +00:00
0edab7ed64 lemmy: port to new pict-rs and enable video 2023-08-20 05:00:35 +00:00
c8a3814f6a nixpkgs: 2023-08-18 -> 2023-08-19
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8ecc900b2f695d74dea35a92f8a9f9b32c8ea33d' (2023-08-18)
  → 'github:nixos/nixpkgs/d680ded26da5cf104dd2735a51e88d2d8f487b4d' (2023-08-19)
```
2023-08-20 00:47:38 +00:00
9ddac508e2 sane-bt-search: port to argparse 2023-08-19 23:32:11 +00:00
3245f8f94c nixpkgs: 2023-08-17 -> 2023-08-18
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/42c25608aa2ad4e5d3716d8d63c606063513ba33' (2023-08-17)
  → 'github:nixos/nixpkgs/8ecc900b2f695d74dea35a92f8a9f9b32c8ea33d' (2023-08-18)
```
2023-08-19 11:30:18 +00:00
8be1f43c23 g4music: m4a support: acquire from upstream PR 2023-08-18 20:07:26 +00:00
e29e26605b nixpkgs: 2023-08-16 -> 2023-08-17
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
  → 'github:nixos/nixpkgs/42c25608aa2ad4e5d3716d8d63c606063513ba33' (2023-08-17)
```
2023-08-18 10:07:17 +00:00
7bd6c0c14d WIP: moby: launch ModemManager in debug mode
this lets me use mmcli --command=...
2023-08-18 10:05:32 +00:00
d7c912386f linux-megous: re-enable modem-power
it's likely i won't be using eg25-manager after all and will have to manually boot the modem, so may as well use Megi's driver for that
2023-08-18 04:08:32 +00:00
e7e86cae95 modemmanager: undo patching
once i insert a SIM, it's able to understand the modem...
2023-08-18 02:17:09 +00:00
b083ce87be eg25-manager: disable 2023-08-17 10:56:32 +00:00
17b90fc697 eg25-manager: configure without modemmanager support 2023-08-17 08:34:32 +00:00
4fc59fa2ac modemmanager: experimental patch to not fail the whole modem if there's no sim 2023-08-17 08:34:18 +00:00
e87cda2e55 g4music: add mp4 support 2023-08-17 01:51:25 +00:00
2c4d30b5ec postgresql: tune db parameters
fixes pleroma timeouts
2023-08-17 01:28:37 +00:00
d0af645af8 pleroma: add missing "prepare: :named" config 2023-08-17 01:28:33 +00:00
a1f79dc18a komikku: use unpatched upstream now that my fix is in a release 2023-08-17 00:01:15 +00:00
ff65a697a9 nixpatches: apply outstanding komikku, komga update PRs 2023-08-16 22:49:45 +00:00
ef881b1392 podcasts: subscribe to Useful Idiots 2023-08-16 22:03:40 +00:00
debea8fa5b podcasts: subscribe to Behind the Bastards 2023-08-16 21:58:51 +00:00
8a9acbaeea podcasts: subscribe to We're Not Wrong 2023-08-16 21:58:07 +00:00
8869ec7bca podcasts: subscribe to omegatau 2023-08-16 21:54:55 +00:00
dc0268736a g4music: remove (use upstream) 2023-08-16 21:25:25 +00:00
6f9c2a846e nixpkgs: 2023-08-15 -> 2023-08-16
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/8353344d3236d3fda429bb471c1ee008857d3b7c' (2023-08-15)
  → 'github:nixos/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16)
```
2023-08-16 21:24:51 +00:00
3cb00840de nixpkgs: 2023-08-14 -> 2023-08-15
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14)
  → 'github:nixos/nixpkgs/8353344d3236d3fda429bb471c1ee008857d3b7c' (2023-08-15)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/32603de0dc988d60a7b80774dd7aed1083cd9629' (2023-08-13)
  → 'github:Mic92/sops-nix/f81e73cf9a4ef4b949b9225be3daa1e586c096da' (2023-08-15)
```
2023-08-16 11:31:04 +00:00
6a2603a4ea dev-machine: disable zeal (requires qtwebengine) 2023-08-16 11:29:43 +00:00
69efecb2ef postgresql: update 13 -> 15 2023-08-16 11:09:22 +00:00
056e6d358e moby: switch back to megi kernel (manjaro kernel has graphical glitches) 2023-08-16 10:59:58 +00:00
793baf0e0f cross: remove upstreamed tracker patches 2023-08-16 10:54:36 +00:00
721899258a cross: point playerctl patch to upstream PR 2023-08-16 10:54:07 +00:00
4f9d84cd82 cross: fix playerctl build 2023-08-16 10:34:13 +00:00
a462180d3c sane-stop-all-servo: add signald, pict-rs 2023-08-16 10:34:13 +00:00
58f2d87959 sane-stop-all-servo: add missing mautrix-signal and lemmy-ui services 2023-08-16 10:34:13 +00:00
a50b8e6373 moby: split the old linux-manjaro config into its own package & update it 2023-08-16 10:10:42 +00:00
4ec947d549 eg25-manager: set RestartSec to make the restart loops less painful 2023-08-16 09:09:13 +00:00
6751a74063 moby: kernel: better docs 2023-08-16 09:08:35 +00:00
6118a18200 gthumb: associate with gif and webp 2023-08-15 20:48:51 +00:00
d223d4be06 cross: try to fix webkitgtk build 2023-08-15 10:56:07 +00:00
ab7ec9bd74 cross: remove dead overrides for upstreamed packages 2023-08-15 10:55:18 +00:00
7b70b5ec86 linux-megous: build WITHOUT modem_power module, for better eg25-manager compatibility 2023-08-15 10:49:07 +00:00
db99043753 eg25-manager.service: remove modem_power module & point to the right UART 2023-08-15 10:46:18 +00:00
8f87e49606 cross: fix comment typos 2023-08-15 05:38:11 +00:00
5557107259 nixpkgs: 2023-08-13 -> 2023-08-14
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/100a1550b0e7a64b960c625b656f9229bdef5f87' (2023-08-13)
  → 'github:nixos/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14)
```
2023-08-15 04:32:49 +00:00
1b5c870798 sane-scripts.sync-music: add to a package set (sane-scripts.sys-utils) 2023-08-15 01:47:45 +00:00
a5162651b7 zsh: re-enable lost keybindings like ctrl+r and ctrl+a 2023-08-15 01:47:12 +00:00
b9868512d6 switch TERMINAL from kitty -> alacritty 2023-08-15 01:46:57 +00:00
8432d9c9ed sway: be terminal agnostic 2023-08-15 01:46:40 +00:00
5d4f94f218 add alacritty program/config 2023-08-15 01:46:22 +00:00
7e9d5d99c7 g4music: obtain via nixpkgs PR 2023-08-14 20:19:22 +00:00
487e64b09b nixos/dconf patch: point to upstream PR 2023-08-14 20:13:19 +00:00
5e350b810f nixpkgs: 2023-08-10 -> 2023-08-13; sops-nix 2023-07-24 -> 2023-08-13
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10)
  → 'github:nixos/nixpkgs/100a1550b0e7a64b960c625b656f9229bdef5f87' (2023-08-13)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c36df4fe4bf4bb87759b1891cab21e7a05219500' (2023-07-24)
  → 'github:Mic92/sops-nix/32603de0dc988d60a7b80774dd7aed1083cd9629' (2023-08-13)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/ce45b591975d070044ca24e3003c830d26fea1c8' (2023-07-22)
  → 'github:NixOS/nixpkgs/efeed708ece1a9f4ae0506ae4a4d7da264a74102' (2023-08-12)
```
2023-08-14 20:12:01 +00:00
5fb3a6be81 desko: disable jellyfin (just use mounted fs, avoid qtwebengine...) 2023-08-14 10:27:10 +00:00
dbec4b8f32 cross: expand buildInQemu to support a few more packages (e.g. g4music, but i didnt need it in the end) 2023-08-14 10:23:23 +00:00
f8b559bef1 g4music: docs on how to get it rendering correctly 2023-08-14 10:21:13 +00:00
7d9d0ce8b5 g4music: wrapGAppsHook -> wrapGAppsHook4 2023-08-14 10:20:54 +00:00
7857f123a4 new nix run '.#sync-moby' command to synchronize music onto my mobile phone 2023-08-14 08:20:06 +00:00
e3ba156fe1 fs: define /mnt/moby-home 2023-08-14 08:10:17 +00:00
c824751682 ~: don't symlink ~/Music/servo
it gets in the way for devices that have a full copy of their music
2023-08-14 08:10:06 +00:00
e5520437a5 sane-sync-music: init 2023-08-14 08:02:29 +00:00
c6211fe48f ship g4music 2023-08-14 06:17:22 +00:00
54d6c9008d g4music: init at 3.2 2023-08-14 06:13:22 +00:00
05e5edcce3 mpv: fix bug where GUI would be missing for some podcasts 2023-08-14 05:52:16 +00:00
3249baccfa mopidy: remove dead service code 2023-08-13 10:20:50 +00:00
274682cf85 mopidy: comment for how to disable spotify backend 2023-08-13 10:17:43 +00:00
31a700f6a7 mcg: support cross compilation 2023-08-13 09:39:04 +00:00
91a6fc32ef desktop: ship rhythmbox music player 2023-08-13 09:27:01 +00:00
135b87a091 mcg: init at 3.2.1 2023-08-13 09:24:17 +00:00
6b9484f611 cross: re-enable qt5 override. i dont actively use it but it is nice for testing 2023-08-13 07:49:29 +00:00
7a612b701d cross: emulateBuildMachine -> buildInQemu 2023-08-13 07:41:45 +00:00
c69fb690f1 cantata: fix to be in desktopGuiApps (because it needs qt) 2023-08-12 09:05:27 +00:00
1ef73dd69d mopidy: get spotify, jellyfin working 2023-08-12 09:00:33 +00:00
54afa1aec5 cross compiling: update status/notes 2023-08-12 08:26:18 +00:00
72c3c939e2 programs: ship cantata & mopidy for music playing (desktop) 2023-08-12 08:26:18 +00:00
67d8e89556 WIP: enable mopidy music server 2023-08-12 08:26:18 +00:00
07408813db python310Packages.keyring: re-enable cryptography dependency (it cross compiles now) 2023-08-12 08:03:16 +00:00
436760a592 python310Packages.keyring: fix cross compilation 2023-08-12 07:58:15 +00:00
5c758df032 gpodder-adaptive: fix cross compilation 2023-08-12 04:14:47 +00:00
d12a41bfa9 gpodder-adaptive: fix pname 2023-08-12 03:51:22 +00:00
8ec22b6320 mepo: fix autoPatchelfHook placement so it cross compiles 2023-08-12 02:44:14 +00:00
95d04467a8 cross: delete binfmt experiment (it will never work); comment out broken proot attempt 2023-08-11 23:28:37 +00:00
dd53de96fe cross: tune linuxMinimal 2023-08-11 23:25:26 +00:00
8089334ea9 cross: fix dconf-system-config 2023-08-11 23:06:25 +00:00
5bbb3678ed helix: support cross compilation 2023-08-11 23:01:46 +00:00
4e7ffe3140 cross compilation: simplify emulateBuilderQemu & use linux-megous as kernel when available 2023-08-11 22:27:35 +00:00
d2842484fd cross: do emulation with a smaller linux image (experimental) 2023-08-11 22:27:35 +00:00
a8932b5a72 WIP: try to cross-compile using proot instead of binfmt
but it doesn't seem to be emulating child processes...
2023-08-11 22:27:35 +00:00
a283d1ee21 linux-megous: simplify the package definition & build w/o debug info 2023-08-11 21:34:19 +00:00
504 changed files with 60279 additions and 11677 deletions

2
.gitignore vendored
View File

@@ -1,2 +1,4 @@
.working
result
result-*
/secrets/local.nix

View File

@@ -4,17 +4,35 @@ this is the top-level repo from which i configure/deploy all my NixOS machines:
- desktop
- laptop
- server
- mobile phone
- mobile phone (Pinephone)
i enjoy a monorepo approach. this repo references [nixpkgs][nixpkgs], a couple 3rd party
nix modules like [sops][sops], the sources for [uninsane.org][uninsane-org], and that's
about it. custom derivations and modules (some of which i try to upstream) live
directly here; even the sources for those packages is often kept here too.
everything outside of <./hosts/> and <./secrets/> is intended for export, to be importable for use by 3rd parties.
the only hard dependency for my exported pkgs/modules should be [nixpkgs][nixpkgs].
building <./hosts/> will require [sops][sops].
you might specifically be interested in these files (elaborated further in #key-points-of-interest):
- [`sxmo-utils`](./pkgs/additional/sxmo-utils/default.nix)
- [example SXMO deployment](./hosts/modules/gui/sxmo/default.nix)
- [my implementation of impermanence](./modules/persist/default.nix)
- my way of deploying dotfiles/configuring programs per-user:
- <./modules/fs/default.nix>
- <./modules/programs.nix>
- <./modules/users.nix>
[nixpkgs]: https://github.com/NixOS/nixpkgs
[sops]: https://github.com/Mic92/sops-nix
[uninsane-org]: https://uninsane.org
## Using This Repo In Your Own Config
this should be a pretty "standard" flake. just reference it, and import either
- `nixosModules.sane` (for the modules)
- `overlays.pkgs` (for the packages)
or follow the instructions [here][NUR] to use it via the Nix User Repositories.
[NUR]: https://nur.nix-community.org/
## Layout
- `doc/`
- instructions for tasks i find myself doing semi-occasionally in this repo.
@@ -90,12 +108,6 @@ them being factored out of my config, message me and we could work to make that
[home-manager]: https://github.com/nix-community/home-manager
## Using This Repo In Your Own Config
this should be a pretty "standard" flake. just reference it, and import either
- `nixosModules.sane` (for the modules)
- `overlays.pkgs` (for the packages)
## Mirrors
this repo exists in a few known locations:

72
TODO.md
View File

@@ -1,10 +1,13 @@
## BUGS
- why i need to manually restart `wireguard-wg-ovpns` on servo periodically
- else DNS fails
- fix epiphany URL bar input on moby
- nixpkgs date is incorrect (1970.01.01...)
- ringer (i.e. dino incoming call) doesn't prevent moby from sleeping
- `nix` operations from lappy hang when `desko` is unreachable
- could at least direct the cache to `http://desko-hn:5001`
## REFACTORING:
- fold hosts/common/home/ssh.nix -> hosts/common/users/colin.nix
### sops/secrets
- attach secrets to the thing they're used by (sane.programs)
- rework secrets to leverage `sane.fs`
@@ -21,7 +24,9 @@
- fix lightdm-mobile-greeter for newer libhandy
- port zecwallet-lite to a from-source build
- REVIEW/integrate jellyfin dataDir config: <https://github.com/NixOS/nixpkgs/pull/233617>
- remove `libsForQt5.callPackage` broadly: <https://github.com/NixOS/nixpkgs/issues/180841>
#### upstreaming to non-nixpkgs repos
- gtk: build schemas even on cross compilation: <https://github.com/NixOS/nixpkgs/pull/247844>
## IMPROVEMENTS:
@@ -43,21 +48,63 @@
- e.g. daily email checks; daily backup checks
- integrate `nix check` into Gitea actions?
### faster/better deployments
- remove audacity's dependency on webkitgtk (via wxwidgets)
### user experience
- neovim: set up language server (lsp; rnix-lsp; nvim-lspconfig)
- Helix: make copy-to-system clipboard be the default
- firefox/librewolf: persist history
- just not cookies or tabs
- install apps:
- display QR codes for WiFi endpoints: <https://linuxphoneapps.org/apps/noappid.wisperwind.wifi2qr/>
- shopping list (not in nixpkgs): <https://linuxphoneapps.org/apps/ro.hume.cosmin.shoppinglist/>
- offline Wikipedia (or, add to `wike`)
- offline docs viewer (gtk): <https://github.com/workbenchdev/Biblioteca>
- some type of games manager/launcher
- Gnome Highscore (retro games)?: <https://gitlab.gnome.org/World/highscore>
- better maps for mobile (Osmin (QtQuick)? Pure Maps (Qt/Kirigami)? Gnome Maps is improved in 45)
- note-taking app: <https://linuxphoneapps.org/categories/note-taking/>
- OSK overlay specifically for mobile gaming
- i.e. mock joysticks, for use with SuperTux and SuperTuxKart
- install mobile-friendly games:
- Shattered Pixel Dungeon (nixpkgs `shattered-pixel-dungeon`; doesn't cross-compile b/c openjdk/libIDL) <https://github.com/ebolalex/shattered-pixel-dungeon>
- UnCiv (Civ V clone; nixpkgs `unciv`; doesn't cross-compile): <https://github.com/yairm210/UnCiv>
- Simon Tatham's Puzzle Collection (not in nixpkgs) <https://git.tartarus.org/?p=simon/puzzles.git>
- Shootin Stars (Godot; not in nixpkgs) <https://gitlab.com/greenbeast/shootin-stars>
- numberlink (generic name for Flow Free). not packaged in Nix
- Neverball (https://neverball.org/screenshots.php). nix: as `neverball`
#### moby
- fix cpuidle (gets better power consumption): <https://xnux.eu/log/077.html>
- SwayNC:
- don't show MPRIS if no players detected
- this is a problem of playerctld, i guess
- add option to change audio output
- fix colors (red alert) to match overall theme
- moby: tune GPS
- run only geoclue, and not gpsd, to save power?
- tune QGPS setting in eg25-control, for less jitter?
- direct mepo to prefer gpsd, with fallback to geoclue, for better accuracy?
- configure geoclue to do some smoothing?
- manually do smoothing, as some layer between mepo and geoclue/gpsd?
- moby: show battery state on ssh login
- moby: improve gPodder launch time
- moby: theme GTK apps (i.e. non-adwaita styles)
- especially, make the menubar collapsible
- try Gradience tool specifically for theming adwaita? <https://linuxphoneapps.org/apps/com.github.gradienceteam.gradience/>
- phog: remove the gnome-shell runtime dependency to save hella closure size
#### non-moby
- RSS: integrate a paywall bypass
- e.g. self-hosted [ladder](https://github.com/everywall/ladder) (like 12ft.io)
- neovim: set up language server (lsp; rnix-lsp; nvim-lspconfig)
- Helix: make copy-to-system clipboard be the default
- firefox/librewolf: persist history
- just not cookies or tabs
- package Nix/NixOS docs for Zeal
- install [doc-browser](https://github.com/qwfy/doc-browser)
- this supports both dash (zeal) *and* the datasets from <https://devdocs.io> (which includes nix!)
- install [devhelp](https://wiki.gnome.org/Apps/Devhelp) (gnome)
- have xdg-open parse `<repo:...> URIs (or adjust them so that it _can_ parse)
- sane-bt-search: show details like 5.1 vs stereo, h264 vs h265
- maybe just color these "keywords" in all search results?
- uninsane.org: make URLs relative to allow local use (and as offline homepage)
- email: fix so that local mail doesn't go to junk
- git sendmail flow adds the DKIM signatures, but gets delivered locally w/o having the sig checked, so goes into Junk
@@ -67,15 +114,10 @@
- add `pkgs.impure-cached.<foo>` package set to build things with ccache enabled
- every package here can be auto-generated, and marked with some env var so that it doesn't pollute the pure package set
- would be super handy for package prototyping!
- why does nixos-rebuild switch take 5 minutes when net is flakey?
- trying to auto-mount servo?
- something to do with systemd services restarting/stalling
- maybe wireguard & its refresh operation, specifically?
- get moby to build without binfmt emulation (i.e. make all emulation explicit)
- then i can distribute builds across servo + desko, and also allow servo to pull packages from desko w/o worrying about purity
- fix desko so it doesn't dispatch so many build jobs to servo by default
## NEW FEATURES:
- migrate MAME cabinet to nix
- boot it from PXE from servo?
- enable IPv6
- package lemonade lemmy app: <https://linuxphoneapps.org/apps/ml.mdwalters.lemonade/>

9
default.nix Normal file
View File

@@ -0,0 +1,9 @@
# limited, non-flake interface to this repo.
# this file exposes the same view into `pkgs` which the flake would see when evaluated.
#
# the primary purpose of this file is so i can run `updateScript`s which expect
# the root to be `default.nix`
{ pkgs ? import <nixpkgs> {} }:
pkgs.appendOverlays [
(import ./overlays/all.nix)
]

106
flake.lock generated
View File

@@ -1,79 +1,45 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1690059310,
"narHash": "sha256-4zcoDp8wwZVfGSzXltC5x+eH4kDWC/eJpyQNgr7shAA=",
"lastModified": 1694749521,
"narHash": "sha256-MiVokKlpcJmfoGuWAMeW1En7gZ5hk0rCQArYm6P9XCc=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "56fc9f9619f305f0865354975a98d22410eed127",
"rev": "d25d3b87e7f300d8066e31d792337d9cd7ecd23b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "d25d3b87e7f300d8066e31d792337d9cd7ecd23b",
"repo": "mobile-nixos",
"type": "github"
}
},
"nix-serve": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"nixpkgs-next-unpatched": {
"locked": {
"lastModified": 1687251388,
"narHash": "sha256-E9cVlgeCvzPbA/G3mCDCzz8TdRwXyGYzIjmwcvIfghg=",
"owner": "edolstra",
"repo": "nix-serve",
"rev": "d6df5bd8584f37e22cff627db2fc4058a4aab5ee",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "nix-serve",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1606086654,
"narHash": "sha256-VFl+3eGIMqNp7cyOMJ6TjM/+UcsLKtodKoYexrlTJMI=",
"owner": "NixOS",
"lastModified": 1705233677,
"narHash": "sha256-eq3VE8QGJsunqqF/BlLslWE1gASp4Hlgp0c78coxat0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "19db3e5ea2777daa874563b5986288151f502e27",
"rev": "724e39ebb9b8eda97f17d423f66fbc5a991f4f8d",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.09",
"type": "indirect"
"owner": "nixos",
"ref": "staging-next",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1690066826,
"narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=",
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce45b591975d070044ca24e3003c830d26fea1c8",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
@@ -85,16 +51,16 @@
},
"nixpkgs-unpatched": {
"locked": {
"lastModified": 1691654369,
"narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=",
"lastModified": 1705254014,
"narHash": "sha256-4RrVNEqxeji4vqDgzSl7JoCD6a0ag5LF9zXFndtqrpE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e",
"rev": "6c08fe3ccf437d8b26bec010fd925ddd6bb0d0d5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
@@ -102,7 +68,7 @@
"root": {
"inputs": {
"mobile-nixos": "mobile-nixos",
"nix-serve": "nix-serve",
"nixpkgs-next-unpatched": "nixpkgs-next-unpatched",
"nixpkgs-unpatched": "nixpkgs-unpatched",
"sops-nix": "sops-nix",
"uninsane-dot-org": "uninsane-dot-org"
@@ -116,11 +82,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1690199016,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
"lastModified": 1705201153,
"narHash": "sha256-y0/a4IMDZrc7lAkR7Gcm5R3W2iCBiARHnYZe6vkmiNE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
"rev": "70dd0d521f7849338e487a219c1a07c429a66d77",
"type": "github"
},
"original": {
@@ -129,34 +95,18 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"uninsane-dot-org": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unpatched"
]
},
"locked": {
"lastModified": 1691106178,
"narHash": "sha256-3mZ9gTvMpbZA9ea9ovoQpn2wKuQY0QZ7MDdEjArYdAQ=",
"lastModified": 1704082841,
"narHash": "sha256-4g3lePnUALb8B1m3rEDD6rrZAq2pTN4qaSnStbd676U=",
"ref": "refs/heads/master",
"rev": "f4d91aa201b6e49af690f250d4786bd1d8b4dcfd",
"revCount": 205,
"rev": "4a1fa488e64e6c87c6c951e3fafb2684692f64d3",
"revCount": 234,
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
},

395
flake.nix
View File

@@ -4,6 +4,8 @@
# - this is marginally the case with schemes like `github:nixos/nixpkgs`.
# - given the *existing* `git+https://` scheme, i propose expressing github URLs similarly:
# - `github+https://github.com/nixos/nixpkgs/tree/nixos-22.11`
# - this would allow for the same optimizations as today's `github:nixos/nixpkgs`, but without obscuring the source.
# a code reader could view the source being referenced simply by clicking the https:// portion of that URI.
# - need some way to apply local patches to inputs.
#
#
@@ -27,83 +29,107 @@
# - daily:
# - nixos-unstable cut from master after enough packages have been built in caches.
# - every 6 hours:
# - master auto-merged into staging.
# - master auto-merged into staging and staging-next
# - staging-next auto-merged into staging.
# - manually, approximately once per month:
# - staging-next is cut from staging.
# - staging-next merged into master.
#
# which branch to source from?
# - for everyday development, prefer `nixos-unstable` branch, as it provides good caching.
# - if need to test bleeding updates (e.g. if submitting code into staging):
# - use `staging-next` if it's been cut (i.e. if there's an active staging-next -> master PR)
# - use `staging` if no staging-next branch has been cut.
# - nixos-unstable: for everyday development; it provides good caching
# - master: temporarily if i'm otherwise cherry-picking lots of already-applied patches
# - staging-next: if testing stuff that's been PR'd into staging, i.e. base library updates.
# - staging: maybe if no staging-next -> master PR has been cut yet?
#
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=staging-next";
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=staging";
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=master";
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-staging";
# nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-staging-next";
nixpkgs-next-unpatched.url = "github:nixos/nixpkgs?ref=staging-next";
mobile-nixos = {
# <https://github.com/nixos/mobile-nixos>
url = "github:nixos/mobile-nixos";
# only used for building disk images, not relevant after deployment
# TODO: replace with something else. commit `0f3ac0bef1aea70254a3bae35e3cc2561623f4c1`
# replaces the imageBuilder with a "new implementation from celun" and wildly breaks my use.
# pinning to d25d3b... is equivalent to holding at 2023-09-15
url = "github:nixos/mobile-nixos?ref=d25d3b87e7f300d8066e31d792337d9cd7ecd23b";
flake = false;
};
sops-nix = {
# <https://github.com/Mic92/sops-nix>
# used to distribute secrets to my hosts
url = "github:Mic92/sops-nix";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
uninsane-dot-org = {
# provides the package to deploy <https://uninsane.org>, used only when building the servo host
url = "git+https://git.uninsane.org/colin/uninsane";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
nix-serve = {
# <https://github.com/edolstra/nix-serve>
url = "github:edolstra/nix-serve";
};
};
outputs = {
self,
nixpkgs-unpatched,
nixpkgs-next-unpatched ? nixpkgs-unpatched,
mobile-nixos,
sops-nix,
uninsane-dot-org,
nix-serve,
...
}@inputs:
let
inherit (builtins) attrNames elem listToAttrs map mapAttrs;
# redefine some nixpkgs `lib` functions to avoid the infinite recursion
# of if we tried to use patched `nixpkgs.lib` as part of the patching process.
mapAttrs' = f: set:
listToAttrs (map (attr: f attr set.${attr}) (attrNames set));
optionalAttrs = cond: attrs: if cond then attrs else {};
# mapAttrs but without the `name` argument
mapAttrValues = f: mapAttrs (_: f);
# rather than apply our nixpkgs patches as a flake input, do that here instead.
# this (temporarily?) resolves the bad UX wherein a subflake residing in the same git
# repo as the main flake causes the main flake to have an unstable hash.
nixpkgs = (import ./nixpatches/flake.nix).outputs {
self = nixpkgs;
nixpkgs = nixpkgs-unpatched;
patchNixpkgs = variant: nixpkgs: (import ./nixpatches/flake.nix).outputs {
inherit variant nixpkgs;
self = patchNixpkgs variant nixpkgs;
} // {
# provide values that nixpkgs ordinarily sources from the flake.lock file,
# inaccessible to it here because of the import-from-derivation.
# rev and shortRev seem to not always exist (e.g. if the working tree is dirty),
# so those are made conditional.
#
# these values impact the name of a produced nixos system. having date/rev in the
# `readlink /run/current-system` store path helps debuggability.
inherit (self) lastModifiedDate lastModified;
} // optionalAttrs (self ? rev) {
inherit (self) rev;
} // optionalAttrs (self ? shortRev) {
inherit (self) shortRev;
};
nixpkgsCompiledBy = system: nixpkgs.legacyPackages."${system}";
nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched;
nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}";
evalHost = { name, local, target }: nixpkgs.lib.nixosSystem {
evalHost = { name, local, target, light ? false, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
system = target;
modules = [
{
nixpkgs = (if (local != null) then {
buildPlatform = local;
} else {}) // {
# TODO: does the earlier `system` arg to nixosSystem make its way here?
hostPlatform.system = target;
};
# nixpkgs.buildPlatform = local; # set by instantiate.nix instead
nixpkgs.buildPlatform.system = local;
# nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
}
(optionalAttrs (local != target) {
# XXX(2023/12/11): cache.nixos.org uses `system = ...` instead of `hostPlatform.system`, and that choice impacts the closure of every package.
# so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches.
nixpkgs.hostPlatform.system = target;
})
(optionalAttrs light {
sane.enableSlowPrograms = false;
})
(import ./hosts/instantiate.nix { hostName = name; })
self.nixosModules.default
self.nixosModules.passthru
@@ -116,39 +142,24 @@
];
};
in {
nixosConfigurations =
let
nixosConfigurations = let
hosts = {
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; light = true; };
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
};
# cross-compiled builds: instead of emulating the host, build using a cross-compiler.
# - these are faster to *build* than the emulated variants (useful when tweaking packages),
# - but fewer of their packages can be found in upstream caches.
cross = mapAttrValues evalHost hosts;
emulated = mapAttrValues
({name, local, target}: evalHost {
inherit name target;
local = null;
})
hosts;
prefixAttrs = prefix: attrs: mapAttrs'
(name: value: {
name = prefix + name;
inherit value;
})
attrs;
in
(prefixAttrs "cross-" cross) //
(prefixAttrs "emulated-" emulated) // {
# prefer native builds for these machines:
inherit (emulated) servo desko lappy rescue;
# prefer cross-compiled builds for these machines:
inherit (cross) moby;
};
hostsNext = mapAttrs' (h: v: {
name = "${h}-next";
value = v // { nixpkgs = patchNixpkgs "staging-next" nixpkgs-next-unpatched; };
}) hosts;
in mapAttrValues evalHost (
hosts // hostsNext
);
# unofficial output
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
@@ -167,8 +178,12 @@
imgs = mapAttrValues (host: host.config.system.build.img) self.nixosConfigurations;
# unofficial output
host-pkgs = mapAttrValues (host: host.config.system.build.pkgs) self.nixosConfigurations;
host-programs = mapAttrValues (host: mapAttrValues (p: p.package) host.config.sane.programs) self.nixosConfigurations;
hostConfigs = mapAttrValues (host: host.config) self.nixosConfigurations;
hostSystems = mapAttrValues (host: host.config.system.build.toplevel) self.nixosConfigurations;
hostPkgs = mapAttrValues (host: host.config.system.build.pkgs) self.nixosConfigurations;
hostPrograms = mapAttrValues (host: mapAttrValues (p: p.package) host.config.sane.programs) self.nixosConfigurations;
patched.nixpkgs = nixpkgs';
overlays = {
# N.B.: `nix flake check` requires every overlay to take `final: prev:` at defn site,
@@ -183,18 +198,10 @@
passthru = final: prev:
let
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;
# nix-serve' = nix-serve.overlay;
nix-serve' = next: prev: {
# XXX(2023/03/02): upstream isn't compatible with modern `nix`. probably the perl bindings.
# - we use the package built against `nixpkgs` specified in its flake rather than use its overlay,
# to get around this.
inherit (nix-serve.packages."${next.system}") nix-serve;
};
uninsane = uninsane-dot-org.overlays.default;
in
(mobile final prev)
// (uninsane final prev)
// (nix-serve' final prev)
;
};
@@ -222,37 +229,106 @@
# extract only our own packages from the full set.
# because of `nix flake check`, we flatten the package set and only surface x86_64-linux packages.
packages = mapAttrs
(system: allPkgs:
allPkgs.lib.filterAttrs (name: pkg:
(system: passthruPkgs: passthruPkgs.lib.filterAttrs
(name: pkg:
# keep only packages which will pass `nix flake check`, i.e. keep only:
# - derivations (not package sets)
# - packages that build for the given platform
(! elem name [ "feeds" "pythonPackagesExtensions" ])
&& (allPkgs.lib.meta.availableOn allPkgs.stdenv.hostPlatform pkg)
&& (passthruPkgs.lib.meta.availableOn passthruPkgs.stdenv.hostPlatform pkg)
)
(
# expose sane packages and chosen inputs (uninsane.org)
(import ./pkgs { pkgs = allPkgs; }) // {
inherit (allPkgs) uninsane-dot-org;
(import ./pkgs { pkgs = passthruPkgs; }) // {
inherit (passthruPkgs) uninsane-dot-org;
}
)
)
# self.legacyPackages;
{ inherit (self.legacyPackages) x86_64-linux; }
{
x86_64-linux = (nixpkgsCompiledBy "x86_64-linux").appendOverlays [
self.overlays.passthru
];
}
;
apps."x86_64-linux" =
let
pkgs = self.legacyPackages."x86_64-linux";
sanePkgs = import ./pkgs { inherit pkgs; };
deployScript = host: addr: action: pkgs.writeShellScript "deploy-${host}" ''
nix build '.#nixosConfigurations.${host}.config.system.build.toplevel' --out-link ./result-${host} $@
nix build '.#nixosConfigurations.${host}.config.system.build.toplevel' --out-link ./result-${host} "$@"
sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result-${host})
# XXX: this triggers another config eval & (potentially) build.
# if the config changed between these invocations, the above signatures might not apply to the deployed config.
# let the user handle that edge case by re-running this whole command
nixos-rebuild --flake '.#${host}' ${action} --target-host colin@${addr} --use-remote-sudo $@
# let the user handle that edge case by re-running this whole command.
# N.B.: `--fast` option here is critical to cross-compiled deployments: without it the build machine will try to invoke the host machine's `nix` binary.
# TODO: solve this by replacing the nixos-build invocation with:
# - nix-copy-closure --to $host $result
# - on target: nix-env set -p /nix/var/nix/profiles/system $result
# - on target: $result/bin/switch-to-configuration
nixos-rebuild --flake '.#${host}' ${action} --target-host colin@${addr} --use-remote-sudo "$@" --fast
'';
deployApp = host: addr: action: {
type = "app";
program = ''${deployScript host addr action}'';
};
# pkg updating.
# a cleaner alternative lives here: <https://discourse.nixos.org/t/how-can-i-run-the-updatescript-of-personal-packages/25274/2>
# mkUpdater :: [ String ] -> { type = "app"; program = path; }
mkUpdater = attrPath: {
type = "app";
program = let
pkg = pkgs.lib.getAttrFromPath attrPath sanePkgs;
strAttrPath = pkgs.lib.concatStringsSep "." attrPath;
commandArgv = pkg.updateScript.command or pkg.updateScript;
command = pkgs.lib.escapeShellArgs commandArgv;
in builtins.toString (pkgs.writeShellScript "update-${strAttrPath}" ''
export UPDATE_NIX_NAME=${pkg.name}
export UPDATE_NIX_PNAME=${pkg.pname}
export UPDATE_NIX_OLD_VERSION=${pkg.version}
export UPDATE_NIX_ATTR_PATH=${strAttrPath}
${command}
'');
};
mkUpdatersNoAliases = opts: basePath: pkgs.lib.concatMapAttrs
(name: pkg:
if pkg.recurseForDerivations or false then {
"${name}" = mkUpdaters opts (basePath ++ [ name ]);
} else if pkg.updateScript or null != null then {
"${name}" = mkUpdater (basePath ++ [ name ]);
} else {}
)
(pkgs.lib.getAttrFromPath basePath sanePkgs);
mkUpdaters = { ignore ? [], flakePrefix ? [] }@opts: basePath:
let
updaters = mkUpdatersNoAliases opts basePath;
invokeUpdater = name: pkg:
let
fullPath = basePath ++ [ name ];
doUpdateByDefault = !builtins.elem fullPath ignore;
# in case `name` has a `.` in it, we have to quote it
escapedPath = builtins.map (p: ''"${p}"'') fullPath;
updatePath = builtins.concatStringsSep "." (flakePrefix ++ escapedPath);
in pkgs.lib.optionalString doUpdateByDefault (
pkgs.lib.escapeShellArgs [
"nix" "run" ".#${updatePath}"
]
);
in {
type = "app";
# top-level app just invokes the updater of everything one layer below it
program = builtins.toString (pkgs.writeShellScript
(builtins.concatStringsSep "-" (flakePrefix ++ basePath))
(builtins.concatStringsSep
"\n"
(pkgs.lib.mapAttrsToList invokeUpdater updaters)
)
);
} // updaters;
in {
help = {
type = "app";
@@ -261,44 +337,109 @@
commands:
- `nix run '.#help'`
- show this message
- `nix run '.#update-feeds'`
- `nix run '.#update.pkgs'`
- updates every package
- `nix run '.#update.feeds'`
- updates metadata for all feeds
- `nix run '.#init-feed' <url>`
- `nix run '.#deploy-{lappy,moby,moby-test,servo}' [nixos-rebuild args ...]`
- `nix run '.#check-nur'`
- `nix run '.#deploy.{desko,lappy,moby,servo}[-light][.test]' [nixos-rebuild args ...]`
- `nix run '.#check'`
- make sure all systems build; NUR evaluates
specific build targets of interest:
- `nix build '.#imgs.rescue'`
'';
in builtins.toString (pkgs.writeShellScript "nixos-config-help" ''
cat ${helpMsg}
echo ""
echo "complete flake structure:"
nix flake show --option allow-import-from-derivation true
'');
};
update-feeds = {
type = "app";
program = "${pkgs.feeds.updateScript}";
# wrangle some names to get package updaters which refer back into the flake, but also conditionally ignore certain paths (e.g. sane.feeds).
# TODO: better design
update = rec {
_impl.pkgs.sane = mkUpdaters { flakePrefix = [ "update" "_impl" "pkgs" ]; ignore = [ [ "sane" "feeds" ] ]; } [ "sane" ];
pkgs = _impl.pkgs.sane;
_impl.feeds.sane.feeds = mkUpdaters { flakePrefix = [ "update" "_impl" "feeds" ]; } [ "sane" "feeds" ];
feeds = _impl.feeds.sane.feeds;
};
init-feed = {
type = "app";
program = "${pkgs.feeds.initFeedScript}";
program = "${pkgs.feeds.init-feed}";
};
deploy-lappy = {
type = "app";
program = ''${deployScript "lappy" "lappy" "switch"}'';
};
deploy-moby-test = {
type = "app";
program = ''${deployScript "moby" "moby-hn" "test"}'';
};
deploy-moby = {
type = "app";
program = ''${deployScript "moby" "moby-hn" "switch"}'';
};
deploy-servo = {
type = "app";
program = ''${deployScript "servo" "servo" "switch"}'';
deploy = {
lappy = deployApp "lappy" "lappy" "switch";
lappy-light = deployApp "lappy-light" "lappy" "switch";
moby = deployApp "moby" "moby" "switch";
moby-light = deployApp "moby-light" "moby" "switch";
moby-test = deployApp "moby" "moby" "test";
servo = deployApp "servo" "servo" "switch";
};
check-nur = {
sync = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "sync-all" ''
RC_lappy=$(nix run '.#sync.lappy' -- "$@")
RC_moby=$(nix run '.#sync.moby' -- "$@")
RC_desko=$(nix run '.#sync.desko' -- "$@")
echo "lappy: $RC_lappy"
echo "moby: $RC_moby"
echo "desko: $RC_desko"
'');
};
sync.desko = {
# copy music from servo to desko
# can run this from any device that has ssh access to desko and servo
type = "app";
program = builtins.toString (pkgs.writeShellScript "sync-to-desko" ''
sudo mount /mnt/desko-home
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compat /mnt/servo-media/Music /mnt/desko-home/Music "$@"
'');
};
sync.lappy = {
# copy music from servo to lappy
# can run this from any device that has ssh access to lappy and servo
type = "app";
program = builtins.toString (pkgs.writeShellScript "sync-to-lappy" ''
sudo mount /mnt/lappy-home
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat /mnt/servo-media/Music /mnt/lappy-home/Music "$@"
'');
};
sync.moby = {
# copy music from servo to moby
# can run this from any device that has ssh access to moby and servo
type = "app";
program = builtins.toString (pkgs.writeShellScript "sync-to-moby" ''
sudo mount /mnt/moby-home
# N.B.: limited by network/disk -> reduce job count to improve pause/resume behavior
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat --jobs 4 /mnt/servo-media/Music /mnt/moby-home/Music "$@"
'');
};
check = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "check-all" ''
nix run '.#check.nur'
RC0=$?
nix run '.#check.hostConfigs'
RC1=$?
nix run '.#check.rescue'
RC2=$?
echo "nur: $RC0"
echo "hostConfigs: $RC1"
echo "rescue: $RC2"
exit $(($RC0 | $RC1 | $RC2))
'');
};
check.nur = {
# `nix run '.#check-nur'`
# validates that my repo can be included in the Nix User Repository
type = "app";
@@ -309,8 +450,68 @@
--option restrict-eval true \
--option allow-import-from-derivation true \
--drv-path --show-trace \
-I nixpkgs=$(nix-instantiate --find-file nixpkgs) \
-I ../../
-I nixpkgs=${nixpkgs-unpatched} \
-I ../../ \
| tee # tee to prevent interactive mode
'');
};
check.hostConfigs = {
type = "app";
program = let
checkHost = host: let
shellHost = pkgs.lib.replaceStrings [ "-" ] [ "_" ] host;
in ''
nix build -v '.#nixosConfigurations.${host}.config.system.build.toplevel' --out-link ./result-${host} -j2 "$@"
RC_${shellHost}=$?
'';
in builtins.toString (pkgs.writeShellScript
"check-host-configs"
''
# build minimally-usable hosts first, then their full image.
# this gives me a minimal image i can deploy or copy over, early.
${checkHost "desko-light"}
${checkHost "moby-light"}
${checkHost "lappy-light"}
${checkHost "desko"}
${checkHost "lappy"}
${checkHost "servo"}
${checkHost "moby"}
${checkHost "rescue"}
# still want to build the -light variants first so as to avoid multiple simultaneous webkitgtk builds
${checkHost "desko-light-next"}
${checkHost "moby-light-next"}
${checkHost "desko-next"}
${checkHost "lappy-next"}
${checkHost "servo-next"}
${checkHost "moby-next"}
${checkHost "rescue-next"}
echo "desko: $RC_desko"
echo "lappy: $RC_lappy"
echo "servo: $RC_servo"
echo "moby: $RC_moby"
echo "rescue: $RC_rescue"
echo "desko-next: $RC_desko_next"
echo "lappy-next: $RC_lappy_next"
echo "servo-next: $RC_servo_next"
echo "moby-next: $RC_moby_next"
echo "rescue-next: $RC_rescue_next"
# i don't really care if the -next hosts fail. i build them mostly to keep the cache fresh/ready
exit $(($RC_desko | $RC_lappy | $RC_servo | $RC_moby | $RC_rescue))
''
);
};
check.rescue = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "check-rescue" ''
nix build -v '.#imgs.rescue' --out-link ./result-rescue-img -j2
'');
};
};

View File

@@ -9,25 +9,34 @@
# services.distccd.enable = true;
# sane.programs.distcc.enableFor.user.guest = true;
# TODO: remove emulation, but need to fix nixos-rebuild to moby for that.
# sane.roles.build-machine.emulation = true;
sops.secrets.colin-passwd.neededForUsers = true;
sane.ports.openFirewall = true; # for e.g. nix-serve
sane.roles.build-machine.enable = true;
sane.roles.ac = true;
sane.roles.client = true;
sane.roles.dev-machine = true;
sane.roles.pc = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
sane.services.duplicity.enable = true;
sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
sane.nixcache.substituters.desko = false;
sane.nixcache.remote-builders.desko = false;
sane.gui.sway.enable = true;
sane.programs.iphoneUtils.enableFor.user.colin = true;
sane.programs.steam.enableFor.user.colin = true;
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" "desktopConsoleUtils" ];
# sane.programs.devPkgs.enableFor.user.colin = true;
sane.programs.signal-desktop.config.autostart = true;
sane.programs."gnome.geary".config.autostart = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];

View File

@@ -1,14 +1,13 @@
{ ... }:
{
sane.persist.root-on-tmpfs = true;
# increase /tmp space (defaults to 50% of RAM) for building large nix things.
# a cross-compiled kernel, particularly, will easily use 30+GB of tmp
fileSystems."/tmp".options = [ "size=64G" ];
fileSystems."/nix" = {
# device = "/dev/disk/by-uuid/985a0a32-da52-4043-9df7-615adec2e4ff";
device = "/dev/disk/by-uuid/0ab0770b-7734-4167-88d9-6e4e20bb2a56";
# device = "/dev/disk/by-uuid/0ab0770b-7734-4167-88d9-6e4e20bb2a56";
device = "/dev/disk/by-uuid/845d85bf-761d-431b-a406-e6f20909154f";
fsType = "btrfs";
options = [
"compress=zstd"
@@ -17,8 +16,8 @@
};
fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/CAA7-E7D2";
device = "/dev/disk/by-uuid/41B6-BAEF";
# device = "/dev/disk/by-uuid/41B6-BAEF";
device = "/dev/disk/by-uuid/5049-9AFD";
fsType = "vfat";
};
}

View File

@@ -7,6 +7,7 @@
sane.roles.client = true;
sane.roles.dev-machine = true;
sane.roles.pc = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
@@ -15,11 +16,7 @@
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.programs.guiApps.suggestedPrograms = [
"desktopGuiApps"
"stepmania"
];
sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" "desktopConsoleUtils" ];
sane.programs.stepmania.enableFor.user.colin = true;
sops.secrets.colin-passwd.neededForUsers = true;

View File

@@ -1,8 +1,6 @@
{ ... }:
{
sane.persist.root-on-tmpfs = true;
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
fsType = "btrfs";

View File

@@ -3,13 +3,15 @@
{ pkgs, ... }:
{
sane.gui.sxmo = {
greeter = "sway";
greeter = "greetd-sway-gtkgreet";
noidle = true; #< power button requires 1s hold, which makes it impractical to be dealing with.
settings = {
# XXX: make sure the user is part of the `input` group!
SXMO_LISGD_INPUT_DEVICE = "/dev/input/by-id/usb-Wacom_Co._Ltd._Pen_and_multitouch_sensor-event-if00";
# these identifiers are from `swaymsg -t get_inputs`
SXMO_VOLUME_BUTTON = "1:1:AT_Translated_Set_2_keyboard";
# SXMO_VOLUME_BUTTON = "none";
# N.B.: thinkpad's power button requires a full second press to do anything
SXMO_POWER_BUTTON = "0:1:Power_Button";
# SXMO_POWER_BUTTON = "none";
SXMO_DISABLE_LEDS = "1";
@@ -20,15 +22,17 @@
# the device type informs (at least):
# - SXMO_WIFI_MODULE
# - SXMO_RTW_SCAN_INTERVAL
# - SXMO_SYS_FILES
# - SXMO_TOUCHSCREEN_ID
# - SXMO_MONITOR
# - SXMO_ALSA_CONTROL_NAME
# - SXMO_SWAY_SCALE
# see <repo:mil/sxmo-utils:scripts/deviceprofiles>
# SXMO_DEVICE_NAME = "pine64,pinephone-1.2";
# if sxmo doesn't know the device, it can't decide whether to use one_button or three_button mode
# and so it just wouldn't handle any button inputs (sxmo_hook_inputhandler.sh not on path)
SXMO_DEVICE_NAME = "three_button_touchscreen";
};
package = pkgs.sxmo-utils.overrideAttrs (base: {
package = (pkgs.sxmo-utils.override { preferSystemd = true; }).overrideAttrs (base: {
postPatch = (base.postPatch or "") + ''
# after volume-button navigation mode, restore full keyboard functionality
cp ${./xkb_mobile_normal_buttons} ./configs/xkb/xkb_mobile_normal_buttons

View File

@@ -20,6 +20,7 @@
];
sane.roles.client = true;
sane.roles.handheld = true;
sane.zsh.showDeadlines = false; # unlikely to act on them when in shell
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
@@ -31,28 +32,55 @@
sops.secrets.colin-passwd.neededForUsers = true;
sane.user.persist.plaintext = [
# TODO: make this just generally conditional upon pulse being enabled?
".config/pulse" # persist pulseaudio volume
];
sane.gui.sxmo.enable = true;
sane.services.eg25-manager.enable = true;
sane.programs.guiApps.suggestedPrograms = [ "handheldGuiApps" ];
# sane.programs.consoleUtils.enableFor.user.colin = false;
# sane.programs.guiApps.enableFor.user.colin = false;
sane.programs.sequoia.enableFor.user.colin = false;
sane.programs.tuiApps.enableFor.user.colin = false; # visidata, others, don't compile well
# disabled for faster deploys
sane.programs.soundconverter.enableFor.user.colin = false;
sane.programs.blueberry.enableFor.user.colin = false; # bluetooth manager: doesn't cross compile!
sane.programs.mercurial.enableFor.user.colin = false; # does not cross compile
sane.programs.nvme-cli.enableFor.system = false; # does not cross compile (libhugetlbfs)
# sane.programs.firefox.mime.priority = 300; # prefer other browsers when possible
# enabled for easier debugging
sane.programs.eg25-control.enableFor.user.colin = true;
sane.programs.rtl8723cs-wowlan.enableFor.user.colin = true;
# sane.programs.ntfy-sh.config.autostart = true;
sane.programs.dino.config.autostart = true;
sane.programs.signal-desktop.config.autostart = true;
# sane.programs."gnome.geary".config.autostart = true;
# sane.programs.calls.config.autostart = true;
sane.programs.mpv.config.vo = "wlshm"; #< see hosts/common/programs/mpv.nix for details
sane.programs.firefox.mime.priority = 300; # prefer other browsers when possible
# HACK/TODO: make `programs.P.env.VAR` behave according to `mime.priority`
# sane.programs.firefox.env = lib.mkForce {};
# sane.programs.epiphany.env.BROWSER = "epiphany";
# sane.programs.firefox.enableFor.user.colin = false; # use epiphany instead
sane.programs.firefox.env = lib.mkForce {};
sane.programs.epiphany.env.BROWSER = "epiphany";
# sane.programs.mpv.enableFor.user.colin = true;
# note the .conf.d approach: using ~/.config/pipewire/pipewire.conf directly breaks all audio,
# presumably because that deletes the defaults entirely whereas the .conf.d approach selectively overrides defaults
sane.user.fs.".config/pipewire/pipewire.conf.d/10-fix-dino-mic-cutout.conf".symlink.text = ''
# config docs: <https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Config-PipeWire#properties>
# useful to run `pw-top` to see that these settings are actually having effect,
# and `pw-metadata` to see if any settings conflict (e.g. max-quantum < min-quantum)
#
# restart pipewire after editing these files:
# - `systemctl --user restart pipewire`
# - pipewire users will likely stop outputting audio until they are also restarted
#
# there's seemingly two buffers for the mic (see: <https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/FAQ#pipewire-buffering-explained>)
# 1. Pipewire buffering out of the driver and into its own member.
# 2. Pipewire buffering into Dino.
# the latter is fixed at 10ms by Dino, difficult to override via runtime config.
# the former defaults low (e.g. 512 samples)
# this default configuration causes the mic to regularly drop out entirely for a couple seconds at a time during a call,
# presumably because the system can't keep up (pw-top shows incrementing counter in ERR column).
# `pw-metadata -n settings 0 clock.force-quantum 1024` reduces to about 1 error per second.
# `pw-metadata -n settings 0 clock.force-quantum 2048` reduces to 1 error every < 10s.
# pipewire default config includes `clock.power-of-two-quantum = true`
context.properties = {
default.clock.min-quantum = 2048
default.clock.max-quantum = 8192
}
'';
boot.loader.efi.canTouchEfiVariables = false;
# /boot space is at a premium. default was 20.
@@ -62,23 +90,24 @@
# mobile.boot.stage-1.enable = false;
# boot.initrd.systemd.enable = false;
# boot.initrd.services.swraid.enable = false; # attempt to fix dm_mod stuff
# disable proximity sensor.
# the filtering/calibration is bad that it causes the screen to go fully dark at times.
boot.blacklistedKernelModules = [ "stk3310" ];
# without this some GUI apps fail: `DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory`
# this is because they can't allocate enough video ram.
# the default CMA seems to be 32M.
# i was running fine with 256MB from 2022/07-ish through 2022/12-ish, but then the phone quit reliably coming back from sleep: maybe a memory leak?
# `cat /proc/meminfo` to see CmaTotal/CmaFree if interested in tuning this.
boot.kernelParams = [ "cma=512M" ];
# hardware.firmware makes the referenced files visible to the kernel, for whenever a driver explicitly asks for them.
# these files are visible from userspace by following `/sys/module/firmware_class/parameters/path`
#
# mobile-nixos' /lib/firmware includes:
# rtl_bt (bluetooth)
# anx7688-fw.bin (USB-C -> HDMI bridge)
# anx7688-fw.bin (USB-C chip: power negotiation, HDMI/dock)
# ov5640_af.bin (camera module)
# hardware.firmware = [ config.mobile.device.firmware ];
hardware.firmware = [ pkgs.rtl8723cs-firmware ];
# hardware.firmware = [ pkgs.rtl8723cs-firmware ];
hardware.firmware = [
(pkgs.linux-firmware-megous.override {
# rtl_bt = false probably means no bluetooth connectivity.
# N.B.: DON'T RE-ENABLE without first confirming that wake-on-lan works during suspend (rtcwake).
# it seems the rtl_bt stuff ("bluetooth coexist") might make wake-on-LAN radically more flaky.
rtl_bt = false;
})
];
system.stateVersion = "21.11";
@@ -96,16 +125,17 @@
# see pkgs/patched/alsa-ucm-conf for more info.
environment.variables.ALSA_CONFIG_UCM2 = "/run/current-system/sw/share/alsa/ucm2";
environment.pathsToLink = [ "/share/alsa/ucm2" ];
environment.systemPackages = [ pkgs.alsa-ucm-conf-sane ];
systemd =
let ucm-env = config.environment.variables.ALSA_CONFIG_UCM2;
environment.systemPackages = [
(pkgs.alsa-ucm-conf-sane.override {
# internal speaker has a tendency to break :(
preferEarpiece = true;
})
];
systemd = let
ucm-env = config.environment.variables.ALSA_CONFIG_UCM2;
in {
# cribbed from <repo:nixos/mobile-nixos:modules/quirks/audio.nix>
# pulseaudio
user.services.pulseaudio.environment.ALSA_CONFIG_UCM2 = ucm-env;
services.pulseaudio.environment.ALSA_CONFIG_UCM2 = ucm-env;
# pipewire
user.services.pipewire.environment.ALSA_CONFIG_UCM2 = ucm-env;
user.services.pipewire-pulse.environment.ALSA_CONFIG_UCM2 = ucm-env;
@@ -113,6 +143,19 @@
services.pipewire.environment.ALSA_CONFIG_UCM2 = ucm-env;
services.pipewire-pulse.environment.ALSA_CONFIG_UCM2 = ucm-env;
services.wireplumber.environment.ALSA_CONFIG_UCM2 = ucm-env;
# pulseaudio
# user.services.pulseaudio.environment.ALSA_CONFIG_UCM2 = ucm-env;
# services.pulseaudio.environment.ALSA_CONFIG_UCM2 = ucm-env;
# TODO: move elsewhere...
services.ModemManager.serviceConfig = {
# N.B.: the extra "" in ExecStart serves to force upstream ExecStart to be ignored
ExecStart = [ "" "${pkgs.modemmanager}/bin/ModemManager --debug" ];
# --debug sets DEBUG level logging: so reset
ExecStartPost = [ "${pkgs.modemmanager}/bin/mmcli --set-logging=INFO" ];
};
};
services.udev.extraRules = let
@@ -126,46 +169,4 @@
# make Pinephone front LEDs writable by user.
SUBSYSTEM=="leds", DEVPATH=="*/*:indicator", RUN+="${chmod} g+w /sys%p/brightness", RUN+="${chown} :video /sys%p/brightness"
'';
hardware.opengl.driSupport = true;
services.xserver.displayManager.job.preStart = let
dmesg = "${pkgs.util-linux}/bin/dmesg";
grep = "${pkgs.gnugrep}/bin/grep";
modprobe = "${pkgs.kmod}/bin/modprobe";
in ''
# common boot failure:
# blank screen (no backlight even), with the following log:
# ```syslog
# sun8i-dw-hdmi 1ee0000.hdmi: Couldn't get the HDMI PHY
# ...
# sun4i-drm display-engine: Couldn't bind all pipelines components
# ...
# sun8i-dw-hdmi: probe of 1ee0000.hdmi failed with error -17
# ```
#
# in particular, that `probe ... failed` occurs *only* on failed boots
# (the other messages might sometimes occur even on successful runs?)
#
# reloading the sun8i hdmi driver usually gets the screen on, showing boot text.
# then restarting display-manager.service gets us to the login.
#
# NB: the above log is default level. though less specific, there's a `err` level message that also signals this:
# sun4i-drm display-engine: failed to bind 1ee0000.hdmi (ops sun8i_dw_hdmi_ops [sun8i_drm_hdmi]): -17
# NB: this is the most common, but not the only, failure mode for `display-manager`.
# another error seems characterized by these dmesg logs, in which reprobing sun8i_drm_hdmi does not fix:
# ```syslog
# sun6i-mipi-dsi 1ca0000.dsi: Couldn't get the MIPI D-PHY
# sun4i-drm display-engine: Couldn't bind all pipelines components
# sun6i-mipi-dsi 1ca0000.dsi: Couldn't register our component
# ```
if (${dmesg} --kernel --level err --color=never --notime | ${grep} -q 'sun4i-drm display-engine: failed to bind 1ee0000.hdmi')
then
echo "reprobing sun8i_drm_hdmi"
# if a command here fails it errors the whole service, so prefer to log instead
${modprobe} -r sun8i_drm_hdmi || echo "failed to unload sun8i_drm_hdmi"
${modprobe} sun8i_drm_hdmi || echo "failed to load sub8i_drm_hdmi"
fi
'';
}

View File

@@ -1,7 +1,6 @@
{ ... }:
{
sane.persist.root-on-tmpfs = true;
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/1f1271f8-53ce-4081-8a29-60a4a6b5d6f9";
fsType = "btrfs";

View File

@@ -7,18 +7,63 @@
# - `screen /dev/ttyUSB2 115200`
# - `AT+QGPSCFG="nmeasrc",1`
# - `AT+QGPS=1`
# this process is automated by my `eg25-control` program and services (`eg25-control-powered`, `eg25-control-gps`)
# - see the `modules/` directory further up this repository.
#
# now, something like `gpsd` can directly read from /dev/ttyUSB1.
# now, something like `gpsd` can directly read from /dev/ttyUSB1,
# or geoclue can query the GPS directly through modem-manager
#
# initial GPS fix can take 15+ minutes.
# meanwhile, services like eg25-manager can speed this up by uploading assisted GPS data to the modem.
# meanwhile, services like eg25-manager or eg25-control-freshen-agps can speed this up by uploading assisted GPS data to the modem.
#
# geoclue somehow fits in here as a geospatial provider that leverages GPS and also other sources like radio towers
# support/help:
# - geoclue, gnome-maps
# - irc: #gnome-maps on irc.gimp.org
# - Matrix: #gnome-maps:gnome.org (unclear if bridged to IRC)
#
# programs to pair this with:
# - `satellite-gtk`: <https://codeberg.org/tpikonen/satellite>
# - shows/tracks which satellites the GPS is connected to; useful to understand fix characteristics
# - `gnome-maps`: uses geoclue, has route planning
# - `mepo`: uses gpsd, minimalist, flaky, and buttons are kinda hard to activate on mobile
# - puremaps?
# - osmin?
#
# known/outstanding bugs:
# - `systemctl start eg25-control-gps` can the hang the whole system (2023/10/06)
# - i think it's actually `eg25-control-powered` which does this (started by the gps)
# - best guess is modem draws so much power at launch that other parts of the system see undervoltage
# - workaround is to hard power-cycle the system. the modem may not bring up after reboot: leave unpowered for 60s and boot again.
#
# future work:
# - integrate with [wigle](https://www.wigle.net/) for offline equivalent to Mozilla Location Services
{ ... }:
{ config, lib, ... }:
{
# test gpsd with `gpspipe -w -n 10 2> /dev/null | grep -m 1 TPV | jq '.lat, .lon' | tr '\n' ' '`
# ^ should return <lat> <long>
services.gpsd.enable = true;
services.gpsd.devices = [ "/dev/ttyUSB1" ];
# TODO: enable eg25-manager, and bring online both the modem and GPS on boot
# test geoclue2 by building `geoclue2-with-demo-agent`
# and running "${geoclue2-with-demo-agent}/libexec/geoclue-2.0/demos/where-am-i"
# note that geoclue is dbus-activated, and auto-stops after 60s with no caller
services.geoclue2.enable = true;
services.geoclue2.appConfig.where-am-i = {
# this is the default "agent", shipped by geoclue package: allow it to use location
isAllowed = true;
isSystem = false;
# XXX: setting users != [] might be causing `where-am-i` to time out
users = [
# restrict to only one set of users. empty array (default) means "allow any user to access geolocation".
(builtins.toString config.users.users.colin.uid)
];
};
systemd.services.geoclue.after = lib.mkForce []; #< defaults to network-online, but not all my sources require network
users.users.geoclue.extraGroups = [
"dialout" # TODO: figure out if dialout is required. that's for /dev/ttyUSB1, but geoclue probably doesn't read that?
];
sane.services.eg25-control.enable = true;
sane.programs.where-am-i.enableFor.user.colin = true;
}

View File

@@ -1,71 +1,56 @@
{ lib, pkgs, ... }:
{ pkgs, ... }:
let
# use the last commit on the 5.18 branch (5.18.14)
# manjaro's changes between kernel patch versions tend to be minimal if any.
manjaroBase = "https://gitlab.manjaro.org/manjaro-arm/packages/core/linux/-/raw/25bd828cd47b1c6e09fcbcf394a649b89d2876dd";
manjaroPatch = name: sha256: {
inherit name;
patch = pkgs.fetchpatch {
inherit name;
url = "${manjaroBase}/${name}?inline=false";
inherit sha256;
};
};
dmesg = "${pkgs.util-linux}/bin/dmesg";
grep = "${pkgs.gnugrep}/bin/grep";
modprobe = "${pkgs.kmod}/bin/modprobe";
ensureHWReady = ''
# common boot failure:
# blank screen (no backlight even), with the following log:
# ```syslog
# sun8i-dw-hdmi 1ee0000.hdmi: Couldn't get the HDMI PHY
# ...
# sun4i-drm display-engine: Couldn't bind all pipelines components
# ...
# sun8i-dw-hdmi: probe of 1ee0000.hdmi failed with error -17
# ```
#
# in particular, that `probe ... failed` occurs *only* on failed boots
# (the other messages might sometimes occur even on successful runs?)
#
# reloading the sun8i hdmi driver usually gets the screen on, showing boot text.
# then restarting display-manager.service gets us to the login.
#
# NB: the above log is default level. though less specific, there's a `err` level message that also signals this:
# sun4i-drm display-engine: failed to bind 1ee0000.hdmi (ops sun8i_dw_hdmi_ops [sun8i_drm_hdmi]): -17
# NB: this is the most common, but not the only, failure mode for `display-manager`.
# another error seems characterized by these dmesg logs, in which reprobing sun8i_drm_hdmi does not fix:
# ```syslog
# sun6i-mipi-dsi 1ca0000.dsi: Couldn't get the MIPI D-PHY
# sun4i-drm display-engine: Couldn't bind all pipelines components
# sun6i-mipi-dsi 1ca0000.dsi: Couldn't register our component
# ```
# the idea for patching off Manjaro's kernel comes from jakewaksbaum:
# - https://git.sr.ht/~jakewaksbaum/pi/tree/af20aae5653545d6e67a459b59ee3e1ca8a680b0/item/kernel/default.nix
# - he later abandoned this, i think because he's using the Pinephone Pro which received mainline support.
manjaroPatches = [
(manjaroPatch
"1001-arm64-dts-allwinner-add-hdmi-sound-to-pine-devices.patch"
"sha256-DApd791A+AxB28Ven/MVAyuyVphdo8KQDx8O7oxVPnc="
)
# these patches below are critical to enable wifi (RTL8723CS)
# - the alternative is a wholly forked kernel by megi/megous:
# - https://xnux.eu/howtos/build-pinephone-kernel.html#toc-how-to-build-megi-s-pinehpone-kernel
# - i don't know if these patches are based on megi's or original
(manjaroPatch
"2001-Bluetooth-Add-new-quirk-for-broken-local-ext-features.patch"
"sha256-CExhJuUWivegxPdnzKINEsKrMFx/m/1kOZFmlZ2SEOc="
)
(manjaroPatch
"2002-Bluetooth-btrtl-add-support-for-the-RTL8723CS.patch"
"sha256-dDdvOphTcP/Aog93HyH+L9m55laTgtjndPSE4/rnzUA="
)
(manjaroPatch
"2004-arm64-dts-allwinner-enable-bluetooth-pinetab-pinepho.patch"
"sha256-o43P3WzXyHK1PF+Kdter4asuyGAEKO6wf5ixcco2kCQ="
)
# XXX: this one has a Makefile, which hardcodes /sbin/depmod:
# - drivers/staging/rtl8723cs/Makefile
# - not sure if this is problematic?
(manjaroPatch
"2005-staging-add-rtl8723cs-driver.patch"
"sha256-6ywm3dQQ5JYl60CLKarxlSUukwi4QzqctCj3tVgzFbo="
)
];
if (${dmesg} --kernel --level err --color=never --notime | ${grep} -q 'sun4i-drm display-engine: failed to bind 1ee0000.hdmi')
then
echo "reprobing sun8i_drm_hdmi"
# if a command here fails it errors the whole service, so prefer to log instead
${modprobe} -r sun8i_drm_hdmi || echo "failed to unload sun8i_drm_hdmi"
${modprobe} sun8i_drm_hdmi || echo "failed to load sub8i_drm_hdmi"
fi
'';
in
{
# use Megi's kernel:
# even with the Manjaro patches, stock 5.18 has a few issues on Pinephone:
# - no battery charging
# - phone rotation sensor is off by 90 degrees
# - ambient light sensor causes screen brightness to be shakey
# - phosh greeter may not appear after wake from sleep
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-megous;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-manjaro;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
# alternatively, use nixos' kernel and add the stuff we want:
# # cross-compilation optimization:
# boot.kernelPackages =
# let p = (import nixpkgs { localSystem = "x86_64-linux"; });
# in p.pkgsCross.aarch64-multiplatform.linuxPackages_5_18;
# # non-cross:
# # boot.kernelPackages = pkgs.linuxPackages_5_18;
# alternatively, apply patches directly to stock nixos kernel:
# boot.kernelPatches = manjaroPatches ++ [
# (patchDefconfig kernelConfig)
# ];
# configure nixos to build a compressed kernel image, since it doesn't usually do that for aarch64 target.
# without this i run out of /boot space in < 10 generations
nixpkgs.hostPlatform.linux-kernel = {
# defaults:
name = "aarch64-multiplatform";
@@ -80,4 +65,26 @@ in
target = "Image.gz"; # <-- compress the kernel image
# target = "zImage"; # <-- confuses other parts of nixos :-(
};
# disable proximity sensor.
# the filtering/calibration is bad that it causes the screen to go fully dark at times.
boot.blacklistedKernelModules = [ "stk3310" ];
boot.kernelParams = [
# without this some GUI apps fail: `DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory`
# this is because they can't allocate enough video ram.
# see related nixpkgs issue: <https://github.com/NixOS/nixpkgs/issues/260222>
# TODO(2023/12/03): remove once mesa 23.3.1 lands: <https://github.com/NixOS/nixpkgs/pull/265740>
#
# the default CMA seems to be 32M.
# i was running fine with 256MB from 2022/07-ish through 2022/12-ish, but then the phone quit reliably coming back from sleep (phosh): maybe a memory leak?
# `cat /proc/meminfo` to see CmaTotal/CmaFree if interested in tuning this.
"cma=512M"
# 2023/10/20: potential fix for the lima (GPU) timeout bugs:
# - <https://gitlab.com/postmarketOS/pmaports/-/issues/805#note_890467824>
"lima.sched_timeout_ms=2000"
];
services.xserver.displayManager.job.preStart = ensureHWReady;
systemd.services.greetd.preStart = ensureHWReady;
}

View File

@@ -9,13 +9,6 @@
# - <https://itsfoss.com/content/images/2023/04/nixos-tutorials.png>
{ lib, pkgs, sane-lib, ... }:
let
# TODO: generate this from the .svg
# bg = ./nixos-bg-02.png;
bg = pkgs.runCommand "nixos-bg.png" { nativeBuildInputs = [ pkgs.inkscape ]; } ''
inkscape ${./nixos-bg-02.svg} -o $out
'';
in
{
sane.programs.firefox.config = {
# compromise impermanence for the sake of usability
@@ -27,6 +20,9 @@ in
# sidebery UX doesn't make sense on small screen
addons.sidebery.enable = false;
};
sane.programs.swaynotificationcenter.config = {
backlight = "backlight"; # /sys/class/backlight/*backlight*/brightness
};
sane.gui.sxmo = {
nogesture = true;
@@ -35,94 +31,11 @@ in
SXMO_LISGD_INPUT_DEVICE = "/dev/input/by-path/platform-1c2ac00.i2c-event";
# vol and power are detected correctly by upstream
### preferences
# notable bemenu options:
# - see `bemenu --help` for all
# -P, --prefix text to show before highlighted item.
# --scrollbar display scrollbar. (none (default), always, autohide)
# -H, --line-height defines the height to make each menu line (0 = default height). (wx)
# -M, --margin defines the empty space on either side of the menu. (wx)
# -W, --width-factor defines the relative width factor of the menu (from 0 to 1). (wx)
# -B, --border defines the width of the border in pixels around the menu. (wx)
# -R --border-radius defines the radius of the border around the menu (0 = no curved borders).
# --ch defines the height of the cursor (0 = scales with line height). (wx)
# --cw defines the width of the cursor. (wx)
# --hp defines the horizontal padding for the entries in single line mode. (wx)
# --fn defines the font to be used ('name [size]'). (wx)
# --tb defines the title background color. (wx)
# --tf defines the title foreground color. (wx)
# --fb defines the filter background color. (wx)
# --ff defines the filter foreground color. (wx)
# --nb defines the normal background color. (wx)
# --nf defines the normal foreground color. (wx)
# --hb defines the highlighted background color. (wx)
# --hf defines the highlighted foreground color. (wx)
# --fbb defines the feedback background color. (wx)
# --fbf defines the feedback foreground color. (wx)
# --sb defines the selected background color. (wx)
# --sf defines the selected foreground color. (wx)
# --ab defines the alternating background color. (wx)
# --af defines the alternating foreground color. (wx)
# --scb defines the scrollbar background color. (wx)
# --scf defines the scrollbar foreground color. (wx)
# --bdr defines the border color. (wx)
#
# colors are specified as `#RRGGBB`
# defaults:
# --ab "#222222"
# --af "#bbbbbb"
# --bdr "#005577"
# --border 3
# --cb "#222222"
# --center
# --cf "#bbbbbb"
# --fb "#222222"
# --fbb "#eeeeee"
# --fbf "#222222"
# --ff "#bbbbbb"
# --fixed-height
# --fn 'Sxmo 14'
# --hb "#005577"
# --hf "#eeeeee"
# --line-height 20
# --list 16
# --margin 40
# --nb "#222222"
# --nf "#bbbbbb"
# --no-overlap
# --no-spacing
# --sb "#323232"
# --scb "#005577"
# --scf "#eeeeee"
# --scrollbar autohide
# --tb "#005577"
# --tf "#eeeeee"
# --wrap
BEMENU_OPTS = let
bg = "#1d1721"; # slight purple
fg0 = "#d8d8d8"; # inactive text (light grey)
fg1 = "#ffffff"; # active text (white)
accent0 = "#1f5e54"; # darker but saturated teal
accent1 = "#418379"; # teal (matches nixos-bg)
accent2 = "#5b938a"; # brighter but muted teal
in lib.concatStringsSep " " [
"--wrap --scrollbar autohide --fixed-height"
"--center --margin 45"
"--no-spacing"
# XXX: font size doesn't seem to take effect (would prefer larger)
"--fn 'Sxmo 14' --line-height 22 --border 3"
"--bdr '${accent0}'" # border
"--scf '${accent2}' --scb '${accent0}'" # scrollbar
"--tb '${accent0}' --tf '${fg0}'" # title
"--fb '${accent0}' --ff '${fg1}'" # filter (i.e. text that's been entered)
"--hb '${accent1}' --hf '${fg1}'" # selected item
"--nb '${bg}' --nf '${fg0}'" # normal lines (even)
"--ab '${bg}' --af '${fg0}'" # alternated lines (odd)
"--cf '${accent0}' --cb '${accent0}'" # cursor (not very useful)
];
DEFAULT_COUNTRY = "US";
SXMO_AUTOROTATE = "1"; # enable auto-rotation at launch. has no meaning in stock/upstream sxmo-utils
# BEMENU lines (wayland DMENU):
# - camera is 9th entry
# - flashlight is 10th entry
@@ -134,7 +47,6 @@ in
# - close is 16th entry
SXMO_BEMENU_LANDSCAPE_LINES = "11"; # default 8
SXMO_BEMENU_PORTRAIT_LINES = "16"; # default 16
SXMO_BG_IMG = "${bg}";
SXMO_LOCK_IDLE_TIME = "15"; # how long between screenoff -> lock -> back to screenoff (default: 8)
# gravity: how far to tilt the device before the screen rotates
# for a given setting, normal <-> invert requires more movement then left <-> right
@@ -144,9 +56,22 @@ in
# SXMO_ROTATION_GRAVITY = "12500"; # kinda uncomfortable when walking
SXMO_ROTATION_GRAVITY = "12000";
SXMO_SCREENSHOT_DIR = "/home/colin/Pictures"; # default: "$HOME"
# test new scales by running `swaymsg -- output DSI-1 scale x.y`
# sway/wayland scaling:
# - conflicting info out there on how scaling actually works
# at the least, for things where it matters (mpv), it seems like scale settings have 0 effect on perf
# ways to enforce scaling:
# - <https://wiki.archlinux.org/title/HiDPI>
# - `swaymsg -- output DSI-1 scale 2.0` (scales everything)
# - `dconf write /org/gnome/desktop/interface/text-scaling-factor 2.0` (scales ONLY TEXT)
# - `GDK_DPI_SCALE=2.0` (scales ONLY TEXT)
#
# application notes:
# - cozy: in landscape, playback position is not visible unless scale <= 1.7
# - if in a tab, then scale 1.6 is the max
# SXMO_SWAY_SCALE = "1.5"; # hard to press gPodder icons
SXMO_SWAY_SCALE = "1.8";
SXMO_SWAY_SCALE = "1.6";
# SXMO_SWAY_SCALE = "1.8";
# SXMO_SWAY_SCALE = "2";
SXMO_WORKSPACE_WRAPPING = "5"; # how many workspaces. default: 4
@@ -167,13 +92,5 @@ in
WVKBD_LANDSCAPE_LAYERS = "landscape,special,emoji";
WVKBD_LAYERS = "full,special,emoji";
};
package = pkgs.sxmo-utils.overrideAttrs (base: {
postPatch = (base.postPatch or "") + ''
cat <<EOF >> ./configs/default_hooks/sxmo_hook_start.sh
# rotate UI based on physical display angle by default
sxmo_daemons.sh start autorotate sxmo_autorotate.sh
EOF
'';
});
};
}

View File

@@ -4,12 +4,15 @@
./fs.nix
];
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
# sane.persist.enable = false; # TODO: disable (but run `nix flake check` to ensure it works!)
sane.persist.enable = false;
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
# auto-login at shell
services.getty.autologinUser = "colin";
# users.users.colin.initialPassword = "colin";
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
system.stateVersion = "21.05";
}

View File

@@ -1,7 +1,7 @@
{ ... }:
{
fileSystems."/" = {
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/44445555-6666-7777-8888-999900001111";
fsType = "ext4";
};

View File

@@ -14,20 +14,23 @@
signaldctl.enableFor.user.colin = true;
};
sane.roles.ac = true;
sane.roles.build-machine.enable = true;
sane.roles.build-machine.emulation = false;
sane.zsh.showDeadlines = false; # ~/knowledge doesn't always exist
sane.programs.consoleUtils.suggestedPrograms = [
"desktopConsoleUtils"
"consoleMediaUtils" # notably, for go2tv / casting
"pcConsoleUtils"
"sane-scripts.stop-all-servo"
];
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.enableWan = true;
sane.services.wg-home.visibleToWan = true;
sane.services.wg-home.forwardToWan = true;
sane.services.wg-home.routeThroughServo = false;
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
sane.nixcache.substituters.servo = false;
sane.nixcache.substituters.desko = false;
sane.nixcache.remote-builders.desko = false;
sane.nixcache.remote-builders.servo = false;
# sane.services.duplicity.enable = true; # TODO: re-enable after HW upgrade
# automatically log in at the virtual consoles.

View File

@@ -1,7 +1,57 @@
# zfs docs:
# - <https://nixos.wiki/wiki/ZFS>
# - <repo:nixos/nixpkgs:nixos/modules/tasks/filesystems/zfs.nix>
#
# zfs check health: `zpool status`
#
# zfs pool creation (requires `boot.supportedFilesystems = [ "zfs" ];`
# - 1. identify disk IDs: `ls -l /dev/disk/by-id`
# - 2. pool these disks: `zpool create -f -m legacy pool raidz ata-ST4000VN008-2DR166_WDH0VB45 ata-ST4000VN008-2DR166_WDH17616 ata-ST4000VN008-2DR166_WDH0VC8Q ata-ST4000VN008-2DR166_WDH17680`
# - legacy documented: <https://superuser.com/questions/790036/what-is-a-zfs-legacy-mount-point>
#
# import pools: `zpool import pool`
# show zfs datasets: `zfs list` (will be empty if haven't imported)
# show zfs properties (e.g. compression): `zfs get all pool`
# set zfs properties: `zfs set compression=on pool`
{ ... }:
{
sane.persist.root-on-tmpfs = true;
# hostId: not used for anything except zfs guardrail?
# [hex(ord(x)) for x in 'serv']
networking.hostId = "73657276";
boot.supportedFilesystems = [ "zfs" ];
# boot.zfs.enabled = true;
boot.zfs.forceImportRoot = false;
# scrub all zfs pools weekly:
services.zfs.autoScrub.enable = true;
boot.extraModprobeConfig = ''
# ZFS likes to use half the ram for its own cache and let the kernel push everything else to swap.
# so, reduce its cache size
# see: <https://askubuntu.com/a/1290387>
# see: <https://serverfault.com/a/1119083>
# see: <https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Module%20Parameters.html#zfs-arc-max>
# for all tunables, see: `man 4 zfs`
# to update these parameters without rebooting:
# - `echo '4294967296' | sane-sudo-redirect /sys/module/zfs/parameters/zfs_arc_max`
options zfs zfs_arc_max=4294967296
'';
# to be able to mount the pool like this, make sure to tell zfs to NOT manage it itself.
# otherwise local-fs.target will FAIL and you will be dropped into a rescue shell.
# - `zfs set mountpoint=legacy pool`
# if done correctly, the pool can be mounted before this `fileSystems` entry is created:
# - `sudo mount -t zfs pool /mnt/persist/pool`
fileSystems."/mnt/pool" = {
device = "pool";
fsType = "zfs";
};
# services.zfs.zed = ... # TODO: zfs can send me emails when disks fail
sane.programs.sysadminUtils.suggestedPrograms = [ "zfs" ];
sane.persist.stores."ext" = {
origin = "/mnt/pool/persist";
storeDescription = "external HDD storage";
};
# increase /tmp space (defaults to 50% of RAM) for building large nix things.
# even the stock `nixpkgs.linux` consumes > 16 GB of tmp
fileSystems."/tmp".options = [ "size=32G" ];
@@ -21,7 +71,7 @@
};
# slow, external storage (for archiving, etc)
fileSystems."/mnt/persist/ext" = {
fileSystems."/mnt/usb-hdd" = {
device = "/dev/disk/by-uuid/aa272cff-0fcc-498e-a4cb-0d95fb60631b";
fsType = "btrfs";
options = [
@@ -29,19 +79,42 @@
"defaults"
];
};
sane.fs."/mnt/usb-hdd".mount = {};
sane.persist.stores."ext" = {
origin = "/mnt/persist/ext/persist";
storeDescription = "external HDD storage";
};
sane.fs."/mnt/persist/ext".mount = {};
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: this is overly broad; only need media and share directories to be persisted
{ user = "colin"; group = "users"; path = "/var/lib/uninsane"; }
];
# force some problematic directories to always get correct permissions:
sane.fs."/var/lib/uninsane/media".dir.acl = {
user = "colin"; group = "media"; mode = "0775";
};
sane.fs."/var/lib/uninsane/media/archive".dir = {};
sane.fs."/var/lib/uninsane/media/archive/README.md".file.text = ''
this directory is for media i wish to remove from my library,
but keep for a short time in case i reverse my decision.
treat it like a system trash can.
'';
sane.fs."/var/lib/uninsane/media/Books".dir = {};
sane.fs."/var/lib/uninsane/media/Books/Audiobooks".dir = {};
sane.fs."/var/lib/uninsane/media/Books/Books".dir = {};
sane.fs."/var/lib/uninsane/media/Books/Visual".dir = {};
sane.fs."/var/lib/uninsane/media/collections".dir = {};
sane.fs."/var/lib/uninsane/media/datasets".dir = {};
sane.fs."/var/lib/uninsane/media/freeleech".dir = {};
sane.fs."/var/lib/uninsane/media/Music".dir = {};
sane.fs."/var/lib/uninsane/media/Pictures".dir = {};
sane.fs."/var/lib/uninsane/media/Videos".dir = {};
sane.fs."/var/lib/uninsane/media/Videos/Film".dir = {};
sane.fs."/var/lib/uninsane/media/Videos/Shows".dir = {};
sane.fs."/var/lib/uninsane/media/Videos/Talks".dir = {};
sane.fs."/var/lib/uninsane/datasets/README.md".file.text = ''
this directory may seem redundant with ../media/datasets. it isn't.
this directory exists on SSD, allowing for speedy access to specific datasets when necessary.
the contents should be a subset of what's in ../media/datasets.
'';
# make sure large media is stored to the HDD
sane.persist.sys.ext = [
sane.persist.sys.byStore.ext = [
{
user = "colin";
group = "users";

View File

@@ -1,6 +1,24 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
portOpts = with lib; types.submodule {
options = {
visibleTo.ovpn = mkOption {
type = types.bool;
default = false;
};
};
};
in
{
options = with lib; {
sane.ports.ports = mkOption {
# add the `visibleTo.ovpn` option
type = types.attrsOf portOpts;
};
};
config = {
networking.domain = "uninsane.org";
sane.ports.openFirewall = true;
@@ -9,9 +27,7 @@
# view refused packets with: `sudo journalctl -k`
# networking.firewall.logRefusedPackets = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
# these useDHCP lines are legacy from the auto-generated config. might be safe to remove now?
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
# XXX colin: probably don't need this. wlan0 won't be populated unless i touch a value in networking.interfaces.wlan0
@@ -26,41 +42,6 @@
# "9.9.9.9"
# ];
# use systemd's stub resolver.
# /etc/resolv.conf isn't sophisticated enough to use different servers per net namespace (or link).
# instead, running the stub resolver on a known address in the root ns lets us rewrite packets
# in the ovnps namespace to use the provider's DNS resolvers.
# a weakness is we can only query 1 NS at a time (unless we were to clone the packets?)
# there also seems to be some cache somewhere that's shared between the two namespaces.
# i think this is a libc thing. might need to leverage proper cgroups to _really_ kill it.
# - getent ahostsv4 www.google.com
# - try fix: <https://serverfault.com/questions/765989/connect-to-3rd-party-vpn-server-but-dont-use-it-as-the-default-route/766290#766290>
services.resolved.enable = true;
# without DNSSEC:
# - dig matrix.org => works
# - curl https://matrix.org => works
# with default DNSSEC:
# - dig matrix.org => works
# - curl https://matrix.org => fails
# i don't know why. this might somehow be interfering with the DNS run on this device (trust-dns)
services.resolved.dnssec = "false";
networking.nameservers = [
# use systemd-resolved resolver
# full resolver (which understands /etc/hosts) lives on 127.0.0.53
# stub resolver (just forwards upstream) lives on 127.0.0.54
"127.0.0.53"
];
# nscd -- the Name Service Caching Daemon -- caches DNS query responses
# in a way that's unaware of my VPN routing, so routes are frequently poor against
# services which advertise different IPs based on geolocation.
# nscd claims to be usable without a cache, but in practice i can't get it to not cache!
# nsncd is the Name Service NON-Caching Daemon. it's a drop-in that doesn't cache;
# this is OK on the host -- because systemd-resolved caches. it's probably sub-optimal
# in the netns and we query upstream DNS more often than needed. hm.
# TODO: run a separate recursive resolver in each namespace.
services.nscd.enableNsncd = true;
# services.resolved.extraConfig = ''
# # docs: `man resolved.conf`
# # DNS servers to use via the `wg-ovpns` interface.
@@ -83,6 +64,14 @@
vpn-ip = "185.157.162.178";
# DNS = 46.227.67.134, 192.165.9.158, 2a07:a880:4601:10f0:cd45::1, 2001:67c:750:1:cafe:cd45::1
vpn-dns = "46.227.67.134";
bridgePort = port: proto: ''
${in-ns} ${iptables} -A PREROUTING -t nat -p ${proto} --dport ${port} -m iprange --dst-range ${vpn-ip} \
-j DNAT --to-destination ${veth-host-ip}
'';
bridgeStatements = lib.foldlAttrs
(acc: port: portCfg: acc ++ (builtins.map (bridgePort port) portCfg.protocol))
[]
config.sane.ports.ports;
in {
privateKeyFile = config.sops.secrets.wg_ovpns_privkey.path;
# wg is active only in this namespace.
@@ -109,10 +98,10 @@
# dynamicEndpointRefreshRestartSeconds = 5;
}
];
preSetup = "" + ''
preSetup = ''
${ip} netns add ovpns || echo "ovpns already exists"
'';
postShutdown = "" + ''
postShutdown = ''
${in-ns} ip link del ovpns-veth-b || echo "couldn't delete ovpns-veth-b"
${ip} link del ovpns-veth-a || echo "couldn't delete ovpns-veth-a"
${ip} netns delete ovpns || echo "couldn't delete ovpns"
@@ -122,7 +111,7 @@
${ip} rule add from all lookup local pref 0
${ip} rule del from all lookup local pref 100
'';
postSetup = "" + ''
postSetup = ''
# DOCS:
# - some of this approach is described here: <https://josephmuia.ca/2018-05-16-net-namespaces-veth-nat/>
# - iptables primer: <https://danielmiessler.com/study/iptables/>
@@ -146,25 +135,11 @@
${ip} rule add from all lookup local pref 100
${ip} rule del from all lookup local pref 0
# bridge HTTP traffic:
# any external port-80 request sent to the VPN addr will be forwarded to the rootns.
# this exists so LetsEncrypt can procure a cert for the MX over http.
# TODO: we could use _acme_challence.mx.uninsane.org CNAME to avoid this forwarding
# - <https://community.letsencrypt.org/t/where-does-letsencrypt-resolve-dns-from/37607/8>
${in-ns} ${iptables} -A PREROUTING -t nat -p tcp --dport 80 -m iprange --dst-range ${vpn-ip} \
-j DNAT --to-destination ${veth-host-ip}:80
# we also bridge DNS traffic
${in-ns} ${iptables} -A PREROUTING -t nat -p udp --dport 53 -m iprange --dst-range ${vpn-ip} \
-j DNAT --to-destination ${veth-host-ip}
${in-ns} ${iptables} -A PREROUTING -t nat -p tcp --dport 53 -m iprange --dst-range ${vpn-ip} \
-j DNAT --to-destination ${veth-host-ip}
# in order to access DNS in this netns, we need to route it to the VPN's nameservers
# - alternatively, we could fix DNS servers like 1.1.1.1.
${in-ns} ${iptables} -A OUTPUT -t nat -p udp --dport 53 -m iprange --dst-range 127.0.0.53 \
-j DNAT --to-destination ${vpn-dns}:53
'';
'' + (lib.concatStringsSep "\n" bridgeStatements);
};
# create a new routing table that we can use to proxy traffic out of the root namespace
@@ -217,4 +192,5 @@
# # test with:
# # curl --interface hurricane http://[2607:f8b0:400a:80b::2004]
# # ping 2607:f8b0:400a:80b::2004
};
}

View File

@@ -12,7 +12,7 @@ in
# > AttributeError: 'NoneType' object has no attribute 'query'
lib.mkIf false
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ inherit user group; mode = "0700"; path = svc-dir; }
];

View File

@@ -0,0 +1,124 @@
# TURN/STUN NAT traversal service
# commonly used to establish realtime calls with prosody, or possibly matrix/synapse
#
# - <https://github.com/coturn/coturn/>
# - `man turnserver`
# - config docs: <https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf>
#
# N.B. during operation it's NORMAL to see "error 401".
# during session creation:
# - client sends Allocate request
# - server replies error 401, providing a realm and nonce
# - client uses realm + nonce + shared secret to construct an auth key & call Allocate again
# - server replies Allocate Success Response
# - source: <https://stackoverflow.com/a/66643135>
#
# N.B. this safest implementation routes all traffic THROUGH A VPN
# - that adds a lot of latency, but in practice turns out to be inconsequential.
# i guess ICE allows clients to prefer the other party's lower-latency server, in practice?
# - still, this is the "safe" implementation because STUN works with IP addresses instead of domain names:
# 1. client A queries the STUN server to determine its own IP address/port.
# 2. client A tells client B which IP address/port client A is visible on.
# 3. client B contacts that IP address/port
# this only works so long as the IP address/port which STUN server sees client A on is publicly routable.
# that is NOT the case when the STUN server and client A are on the same LAN
# even if client A contacts the STUN server via its WAN address with port reflection enabled.
# hence, there's no obvious way to put the STUN server on the same LAN as either client and expect the rest to work.
{ lib, ... }:
let
# TODO: this range could be larger, but right now that's costly because each element is its own UPnP forward
# TURN port range (inclusive)
turnPortLow = 49152;
turnPortHigh = 49167;
turnPortRange = lib.range turnPortLow turnPortHigh;
in
{
sane.ports.ports = lib.mkMerge ([
{
"3478" = {
# this is the "control" port.
# i.e. no client data is forwarded through it, but it's where clients request tunnels.
protocol = [ "tcp" "udp" ];
# visibleTo.lan = true;
# visibleTo.wan = true;
visibleTo.ovpn = true;
description = "colin-stun-turn";
};
"5349" = {
# the other port 3478 also supports TLS/DTLS, but presumably clients wanting TLS will default 5349
protocol = [ "tcp" ];
# visibleTo.lan = true;
# visibleTo.wan = true;
visibleTo.ovpn = true;
description = "colin-stun-turn-over-tls";
};
}
] ++ (builtins.map
(port: {
"${builtins.toString port}" = let
count = port - turnPortLow + 1;
numPorts = turnPortHigh - turnPortLow + 1;
in {
protocol = [ "tcp" "udp" ];
# visibleTo.lan = true;
# visibleTo.wan = true;
visibleTo.ovpn = true;
description = "colin-turn-${builtins.toString count}-of-${builtins.toString numPorts}";
};
})
turnPortRange
));
services.nginx.virtualHosts."turn.uninsane.org" = {
# allow ACME to procure a cert via nginx for this domain
enableACME = true;
};
sane.dns.zones."uninsane.org".inet = {
# CNAME."turn" = "servo.wan";
# CNAME."turn" = "ovpns";
# CNAME."turn" = "native";
# XXX: SRV records have to point to something with a A/AAAA record; no CNAMEs
A."turn" = "%AOVPNS%";
# A."turn" = "%AWAN%";
SRV."_stun._udp" = "5 50 3478 turn";
SRV."_stun._tcp" = "5 50 3478 turn";
SRV."_stuns._tcp" = "5 50 5349 turn";
SRV."_turn._udp" = "5 50 3478 turn";
SRV."_turn._tcp" = "5 50 3478 turn";
SRV."_turns._tcp" = "5 50 5349 turn";
};
sane.derived-secrets."/var/lib/coturn/shared_secret.bin" = {
encoding = "base64";
# TODO: make this not globally readable
acl.mode = "0644";
};
sane.fs."/var/lib/coturn/shared_secret.bin".wantedBeforeBy = [ "coturn.service" ];
# provide access to certs
users.users.turnserver.extraGroups = [ "nginx" ];
services.coturn.enable = true;
services.coturn.realm = "turn.uninsane.org";
services.coturn.cert = "/var/lib/acme/turn.uninsane.org/fullchain.pem";
services.coturn.pkey = "/var/lib/acme/turn.uninsane.org/key.pem";
services.coturn.use-auth-secret = true;
services.coturn.static-auth-secret-file = "/var/lib/coturn/shared_secret.bin";
services.coturn.lt-cred-mech = true;
services.coturn.min-port = turnPortLow;
services.coturn.max-port = turnPortHigh;
# services.coturn.secure-stun = true;
services.coturn.extraConfig = lib.concatStringsSep "\n" [
"verbose"
# "Verbose" #< even MORE verbosity than "verbose"
# "no-multicast-peers" # disables sending to IPv4 broadcast addresses (e.g. 224.0.0.0/3)
"listening-ip=10.0.1.5"
# "external-ip=185.157.162.178/10.0.1.5"
"external-ip=185.157.162.178"
# "listening-ip=10.78.79.51" # can be specified multiple times; omit for *
# "external-ip=97.113.128.229/10.78.79.51"
# "external-ip=97.113.128.229"
# "mobility" # "mobility with ICE (MICE) specs support" (?)
];
}

View File

@@ -0,0 +1,84 @@
# as of 2023/12/02: complete blockchain is 530 GiB (on-disk size may be larger)
#
# ports:
# - 8333: for node-to-node communications
# - 8332: rpc (client-to-node)
#
# rpc setup:
# - generate a password
# - use: <https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py>
# (rpcauth.py is not included in the `'.#bitcoin'` package result)
# - `wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py`
# - `python ./rpcauth.py colin`
# - copy the hash here. it's SHA-256, so safe to be public.
# - add "rpcuser=colin" and "rpcpassword=<output>" to secrets/servo/bitcoin.conf (i.e. ~/.bitcoin/bitcoin.conf)
# - bitcoin.conf docs: <https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md>
# - validate with `bitcoin-cli -netinfo`
{ config, lib, pkgs, sane-lib, ... }:
let
# wrapper to run bitcoind with the tor onion address as externalip (computed at runtime)
_bitcoindWithExternalIp = with pkgs; writeShellScriptBin "bitcoind" ''
externalip="$(cat /var/lib/tor/onion/bitcoind/hostname)"
exec ${bitcoind}/bin/bitcoind "-externalip=$externalip" "$@"
'';
# the package i provide to services.bitcoind ends up on system PATH, and used by other tools like clightning.
# therefore, even though services.bitcoind only needs `bitcoind` binary, provide all the other bitcoin-related binaries (notably `bitcoin-cli`) as well:
bitcoindWithExternalIp = with pkgs; symlinkJoin {
name = "bitcoind-with-external-ip";
paths = [ _bitcoindWithExternalIp bitcoind ];
};
in
{
sane.persist.sys.byStore.ext = [
# /var/lib/monero/lmdb is what consumes most of the space
{ user = "bitcoind-mainnet"; group = "bitcoind-mainnet"; path = "/var/lib/bitcoind-mainnet"; }
];
# sane.ports.ports."8333" = {
# # this allows other nodes and clients to download blocks from me.
# protocol = [ "tcp" ];
# visibleTo.wan = true;
# description = "colin-bitcoin";
# };
services.tor.relay.onionServices.bitcoind = {
version = 3;
map = [{
# by default tor will route public tor port P to 127.0.0.1:P.
# so if this port is the same as clightning would natively use, then no further config is needed here.
# see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>
port = 8333;
# target.port; target.addr; #< set if tor port != clightning port
}];
# allow "tor" group (i.e. bitcoind-mainnet) to read /var/lib/tor/onion/bitcoind/hostname
settings.HiddenServiceDirGroupReadable = true;
};
services.bitcoind.mainnet = {
enable = true;
package = bitcoindWithExternalIp;
rpc.users.colin = {
# see docs at top of file for how to generate this
passwordHMAC = "30002c05d82daa210550e17a182db3f3$6071444151281e1aa8a2729f75e3e2d224e9d7cac3974810dab60e7c28ffaae4";
};
extraConfig = ''
# don't load the wallet, and disable wallet RPC calls
disablewallet=1
# proxy all outbound traffic through Tor
proxy=127.0.0.1:9050
'';
};
users.users.bitcoind-mainnet.extraGroups = [ "tor" ];
systemd.services.bitcoind-mainnet.serviceConfig.RestartSec = "30s"; #< default is 0
sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path;
sops.secrets."bitcoin.conf" = {
mode = "0600";
owner = "colin";
group = "users";
};
sane.programs.bitcoind.enableFor.user.colin = true; # for debugging/administration: `bitcoin-cli`
}

View File

@@ -0,0 +1,766 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.pyln-client ])"
# pyln-client docs: <https://github.com/ElementsProject/lightning/tree/master/contrib/pyln-client>
# terminology:
# - "scid": "Short Channel ID", e.g. 123456x7890x0
# from this id, we can locate the actual channel, its peers, and its parameters
import argparse
import logging
import math
import sys
import time
from concurrent.futures import ThreadPoolExecutor
from dataclasses import dataclass
from enum import Enum
from pyln.client import LightningRpc, Millisatoshi, RpcError
logger = logging.getLogger(__name__)
RPC_FILE = "/var/lib/clightning/bitcoin/lightning-rpc"
# CLTV (HLTC delta) of the final hop
# set this too low and you might get inadvertent channel closures (?)
CLTV = 18
# for every sequentally failed transaction, delay this much before trying again.
# note that the initial route building process can involve 10-20 "transient" failures, as it discovers dead channels.
TX_FAIL_BACKOFF = 0.8
MAX_SEQUENTIAL_JOB_FAILURES = 200
class LoopError(Enum):
""" error when trying to loop sats, or when unable to calculate a route for the loop """
TRANSIENT = "TRANSIENT" # try again, we'll maybe find a different route
NO_ROUTE = "NO_ROUTE"
class RouteError(Enum):
""" error when calculated a route """
HAS_BASE_FEE = "HAS_BASE_FEE"
NO_ROUTE = "NO_ROUTE"
class Metrics:
looped_msat: int = 0
sendpay_fail: int = 0
sendpay_succeed: int = 0
own_bad_channel: int = 0
no_route: int = 0
in_ch_unsatisfiable: int = 0
def __repr__(self) -> str:
return f"looped:{self.looped_msat}, tx:{self.sendpay_succeed}, tx_fail:{self.sendpay_fail}, own_bad_ch:{self.own_bad_channel}, no_route:{self.no_route}, in_ch_restricted:{self.in_ch_unsatisfiable}"
@dataclass
class TxBounds:
max_msat: int
min_msat: int = 0
def __repr__(self) -> str:
return f"TxBounds({self.min_msat} <= msat <= {self.max_msat})"
def is_satisfiable(self) -> bool:
return self.min_msat <= self.max_msat
def raise_max_to_be_satisfiable(self) -> "Self":
if self.max_msat < self.min_msat:
logger.debug(f"raising max_msat to be consistent: {self.max_msat} -> {self.min_msat}")
return TxBounds(self.min_msat, self.min_msat)
return TxBounds(min_msat=self.min_msat, max_msat=self.max_msat)
def intersect(self, other: "TxBounds") -> "Self":
return TxBounds(
min_msat=max(self.min_msat, other.min_msat),
max_msat=min(self.max_msat, other.max_msat),
)
def restrict_to_htlc(self, ch: "LocalChannel", why: str = "") -> "Self":
"""
apply min/max HTLC size restrictions of the given channel.
"""
if ch:
why = why or ch.directed_scid_to_me
if why: why = f"{why}: "
new_min, new_max = self.min_msat, self.max_msat
if ch.htlc_minimum_to_me > self.min_msat:
new_min = ch.htlc_minimum_to_me
logger.debug(f"{why}raising min_msat due to HTLC requirements: {self.min_msat} -> {new_min}")
if ch.htlc_maximum_to_me < self.max_msat:
new_max = ch.htlc_maximum_to_me
logger.debug(f"{why}lowering max_msat due to HTLC requirements: {self.max_msat} -> {new_max}")
return TxBounds(min_msat=new_min, max_msat=new_max)
def restrict_to_zero_fees(self, ch: "LocalChannel"=None, base: int=0, ppm: int=0, why:str = "") -> "Self":
"""
restrict tx size such that PPM fees are zero.
if the channel has a base fee, then `max_msat` is forced to 0.
"""
if ch:
why = why or ch.directed_scid_to_me
self = self.restrict_to_zero_fees(base=ch.to_me["base_fee_millisatoshi"], ppm=ch.to_me["fee_per_millionth"], why=why)
if why: why = f"{why}: "
new_max = self.max_msat
ppm_max = math.ceil(1000000 / ppm) - 1 if ppm != 0 else new_max
if ppm_max < new_max:
logger.debug(f"{why}decreasing max_msat due to fee ppm: {new_max} -> {ppm_max}")
new_max = ppm_max
if base != 0:
logger.debug(f"{why}free route impossible: channel has base fees")
new_max = 0
return TxBounds(min_msat=self.min_msat, max_msat=new_max)
class LocalChannel:
def __init__(self, channels: list, rpc: "RpcHelper"):
assert 0 < len(channels) <= 2, f"unexpected: channel count: {channels}"
out = None
in_ = None
for c in channels:
if c["source"] == rpc.self_id:
assert out is None, f"unexpected: multiple channels from self: {channels}"
out = c
if c["destination"] == rpc.self_id:
assert in_ is None, f"unexpected: multiple channels to self: {channels}"
in_ = c
# assert out is not None, f"no channel from self: {channels}"
# assert in_ is not None, f"no channel to self: {channels}"
if out and in_:
assert out["destination"] == in_["source"], f"channel peers are asymmetric?! {channels}"
assert out["short_channel_id"] == in_["short_channel_id"], f"channel ids differ?! {channels}"
self.from_me = out
self.to_me = in_
self.remote_node = rpc.node(self.remote_peer)
self.peer_ch = rpc.peerchannel(self.scid, self.remote_peer)
self.forwards_from_me = rpc.rpc.listforwards(out_channel=self.scid, status="settled")["forwards"]
def __repr__(self) -> str:
return self.to_str(with_scid=True, with_bal_ratio=True, with_cost=False, with_ppm_theirs=False)
def to_str(
self,
with_peer_id:bool = False,
with_scid:bool = False,
with_bal_msat:bool = False,
with_bal_ratio:bool = False,
with_cost:bool = False,
with_ppm_theirs:bool = False,
with_ppm_mine:bool = False,
with_profits:bool = True,
with_payments:bool = False,
) -> str:
base_flag = "*" if not self.online or self.base_fee_to_me != 0 else ""
alias = f"({self.remote_alias}){base_flag}"
peerid = f" {self.remote_peer}" if with_peer_id else ""
scid = f" scid:{self.scid:>13}" if with_scid else ""
bal = f" S:{int(self.sendable):11}/R:{int(self.receivable):11}" if with_bal_msat else ""
ratio = f" MINE:{(100*self.send_ratio):>8.4f}%" if with_bal_ratio else ""
payments = f" OUT:{int(self.out_fulfilled_msat):>11}/IN:{int(self.in_fulfilled_msat):>11}" if with_payments else ""
profits = f" P$:{int(self.fees_lifetime_mine):>8}" if with_profits else ""
cost = f" COST:{self.opportunity_cost_lent:>8}" if with_cost else ""
ppm_theirs = self.ppm_to_me if self.to_me else "N/A"
ppm_theirs = f" PPM_THEIRS:{ppm_theirs:>6}" if with_ppm_theirs else ""
ppm_mine = self.ppm_from_me if self.from_me else "N/A"
ppm_mine = f" PPM_MINE:{ppm_mine:>6}" if with_ppm_mine else ""
return f"channel{alias:30}{peerid}{scid}{bal}{ratio}{payments}{profits}{cost}{ppm_theirs}{ppm_mine}"
@property
def online(self) -> bool:
return self.from_me and self.to_me
@property
def remote_peer(self) -> str:
if self.from_me:
return self.from_me["destination"]
else:
return self.to_me["source"]
@property
def remote_alias(self) -> str:
return self.remote_node["alias"]
@property
def scid(self) -> str:
if self.from_me:
return self.from_me["short_channel_id"]
else:
return self.to_me["short_channel_id"]
@property
def htlc_minimum_to_me(self) -> Millisatoshi:
return self.to_me["htlc_minimum_msat"]
@property
def htlc_minimum_from_me(self) -> Millisatoshi:
return self.from_me["htlc_minimum_msat"]
@property
def htlc_minimum(self) -> Millisatoshi:
return max(self.htlc_minimum_to_me, self.htlc_minimum_from_me)
@property
def htlc_maximum_to_me(self) -> Millisatoshi:
return self.to_me["htlc_maximum_msat"]
@property
def htlc_maximum_from_me(self) -> Millisatoshi:
return self.from_me["htlc_maximum_msat"]
@property
def htlc_maximum(self) -> Millisatoshi:
return min(self.htlc_maximum_to_me, self.htlc_maximum_from_me)
@property
def direction_to_me(self) -> int:
return self.to_me["direction"]
@property
def direction_from_me(self) -> int:
return self.from_me["direction"]
@property
def directed_scid_to_me(self) -> str:
return f"{self.scid}/{self.direction_to_me}"
@property
def directed_scid_from_me(self) -> str:
return f"{self.scid}/{self.direction_from_me}"
@property
def delay_them(self) -> str:
return self.to_me["delay"]
@property
def delay_me(self) -> str:
return self.from_me["delay"]
@property
def ppm_to_me(self) -> int:
return self.to_me["fee_per_millionth"]
@property
def ppm_from_me(self) -> int:
return self.from_me["fee_per_millionth"]
# return self.peer_ch["fee_proportional_millionths"]
@property
def base_fee_to_me(self) -> int:
return self.to_me["base_fee_millisatoshi"]
@property
def receivable(self) -> int:
return self.peer_ch["receivable_msat"]
@property
def sendable(self) -> int:
return self.peer_ch["spendable_msat"]
@property
def in_fulfilled_msat(self) -> Millisatoshi:
return self.peer_ch["in_fulfilled_msat"]
@property
def out_fulfilled_msat(self) -> Millisatoshi:
return self.peer_ch["out_fulfilled_msat"]
@property
def fees_lifetime_mine(self) -> Millisatoshi:
return sum(fwd["fee_msat"] for fwd in self.forwards_from_me)
@property
def send_ratio(self) -> float:
cap = self.receivable + self.sendable
return self.sendable / cap
@property
def opportunity_cost_lent(self) -> int:
""" how much msat did we gain by pushing their channel to its current balance? """
return int(self.receivable * self.ppm_from_me / 1000000)
class RpcHelper:
def __init__(self, rpc: LightningRpc):
self.rpc = rpc
self.self_id = rpc.getinfo()["id"]
def localchannel(self, scid: str) -> LocalChannel:
listchan = self.rpc.listchannels(scid)
# this assertion would probably indicate a typo in the scid
assert listchan and listchan.get("channels", []) != [], f"bad listchannels for {scid}: {listchan}"
return LocalChannel(listchan["channels"], self)
def node(self, id: str) -> dict:
nodes = self.rpc.listnodes(id)["nodes"]
assert len(nodes) == 1, f"unexpected: multiple nodes for {id}: {nodes}"
return nodes[0]
def peerchannel(self, scid: str, peer_id: str) -> dict:
peerchannels = self.rpc.listpeerchannels(peer_id)["channels"]
channels = [c for c in peerchannels if c["short_channel_id"] == scid]
assert len(channels) == 1, f"expected exactly 1 channel, got: {channels}"
return channels[0]
def try_getroute(self, *args, **kwargs) -> dict | None:
""" wrapper for getroute which returns None instead of error if no route exists """
try:
route = self.rpc.getroute(*args, **kwargs)
except RpcError as e:
logger.debug(f"rpc failed: {e}")
return None
else:
route = route["route"]
if route == []: return None
return route
class LoopRouter:
def __init__(self, rpc: RpcHelper, metrics: Metrics = None):
self.rpc = rpc
self.metrics = metrics or Metrics()
self.bad_channels = [] # list of directed scid
self.nonzero_base_channels = [] # list of directed scid
def drop_caches(self) -> None:
logger.info("LoopRouter.drop_caches()")
self.bad_channels = []
def _get_directed_scid(self, scid: str, direction: int) -> dict:
channels = self.rpc.rpc.listchannels(scid)["channels"]
channels = [c for c in channels if c["direction"] == direction]
assert len(channels) == 1, f"expected exactly 1 channel: {channels}"
return channels[0]
def loop_once(self, out_scid: str, in_scid: str, bounds: TxBounds) -> LoopError|int:
out_ch = self.rpc.localchannel(out_scid)
in_ch = self.rpc.localchannel(in_scid)
if out_ch.directed_scid_from_me in self.bad_channels or in_ch.directed_scid_to_me in self.bad_channels:
logger.info(f"loop {out_scid} -> {in_scid} failed in our own channel")
self.metrics.own_bad_channel += 1
return LoopError.TRANSIENT
# bounds = bounds.restrict_to_htlc(out_ch) # htlc bounds seem to be enforced only in the outward direction
bounds = bounds.restrict_to_htlc(in_ch)
bounds = bounds.restrict_to_zero_fees(in_ch)
if not bounds.is_satisfiable():
self.metrics.in_ch_unsatisfiable += 1
return LoopError.NO_ROUTE
logger.debug(f"route with bounds {bounds}")
route = self.route(out_ch, in_ch, bounds)
logger.debug(f"route: {route}")
if route == RouteError.NO_ROUTE:
self.metrics.no_route += 1
return LoopError.NO_ROUTE
elif route == RouteError.HAS_BASE_FEE:
# try again with a different route
return LoopError.TRANSIENT
amount_msat = route[0]["amount_msat"]
invoice_id = f"loop-{time.time():.6f}".replace(".", "_")
invoice_desc = f"bal {out_scid}:{in_scid}"
invoice = self.rpc.rpc.invoice("any", invoice_id, invoice_desc)
logger.debug(f"invoice: {invoice}")
payment = self.rpc.rpc.sendpay(route, invoice["payment_hash"], invoice_id, amount_msat, invoice["bolt11"], invoice["payment_secret"])
logger.debug(f"sent: {payment}")
try:
wait = self.rpc.rpc.waitsendpay(invoice["payment_hash"])
logger.debug(f"result: {wait}")
except RpcError as e:
self.metrics.sendpay_fail += 1
err_data = e.error["data"]
err_scid, err_dir = err_data["erring_channel"], err_data["erring_direction"]
err_directed_scid = f"{err_scid}/{err_dir}"
logger.debug(f"ch failed, adding to excludes: {err_directed_scid}; {e.error}")
self.bad_channels.append(err_directed_scid)
return LoopError.TRANSIENT
else:
self.metrics.sendpay_succeed += 1
self.metrics.looped_msat += int(amount_msat)
return int(amount_msat)
def route(self, out_ch: LocalChannel, in_ch: LocalChannel, bounds: TxBounds) -> list[dict] | RouteError:
exclude = [
# ensure the payment doesn't cross either channel in reverse.
# note that this doesn't preclude it from taking additional trips through self, with other peers.
# out_ch.directed_scid_to_me,
# in_ch.directed_scid_from_me,
# alternatively, never route through self. this avoids a class of logic error, like what to do with fees i charge "myself".
self.rpc.self_id
] + self.bad_channels + self.nonzero_base_channels
out_peer = out_ch.remote_peer
in_peer = in_ch.remote_peer
route_or_bounds = bounds
while isinstance(route_or_bounds, TxBounds):
old_bounds = route_or_bounds
route_or_bounds = self._find_partial_route(out_peer, in_peer, old_bounds, exclude=exclude)
if route_or_bounds == old_bounds:
return RouteError.NO_ROUTE
if isinstance(route_or_bounds, RouteError):
return route_or_bounds
route = self._add_route_endpoints(route_or_bounds, out_ch, in_ch)
return route
def _find_partial_route(self, out_peer: str, in_peer: str, bounds: TxBounds, exclude: list[str]=[]) -> list[dict] | RouteError | TxBounds:
route = self.rpc.try_getroute(in_peer, amount_msat=bounds.max_msat, riskfactor=0, fromid=out_peer, exclude=exclude, cltv=CLTV)
if route is None:
logger.debug(f"no route for {bounds.max_msat}msat {out_peer} -> {in_peer}")
return RouteError.NO_ROUTE
send_msat = route[0]["amount_msat"]
if send_msat != Millisatoshi(bounds.max_msat):
logger.debug(f"found route with non-zero fee: {send_msat} -> {bounds.max_msat}. {route}")
error = None
for hop in route:
hop_scid = hop["channel"]
hop_dir = hop["direction"]
directed_scid = f"{hop_scid}/{hop_dir}"
ch = self._get_directed_scid(hop_scid, hop_dir)
if ch["base_fee_millisatoshi"] != 0:
self.nonzero_base_channels.append(directed_scid)
error = RouteError.HAS_BASE_FEE
bounds = bounds.restrict_to_zero_fees(ppm=ch["fee_per_millionth"], why=directed_scid)
return bounds.raise_max_to_be_satisfiable() if error is None else error
return route
def _add_route_endpoints(self, route, out_ch: LocalChannel, in_ch: LocalChannel):
inbound_hop = dict(
id=self.rpc.self_id,
channel=in_ch.scid,
direction=in_ch.direction_to_me,
amount_msat=route[-1]["amount_msat"],
delay=route[-1]["delay"],
style="tlv",
)
route = self._add_route_delay(route, in_ch.delay_them) + [ inbound_hop ]
outbound_hop = dict(
id=out_ch.remote_peer,
channel=out_ch.scid,
direction=out_ch.direction_from_me,
amount_msat=route[0]["amount_msat"],
delay=route[0]["delay"] + out_ch.delay_them,
style="tlv",
)
route = [ outbound_hop ] + route
return route
def _add_route_delay(self, route: list[dict], delay: int) -> list[dict]:
return [ dict(hop, delay=hop["delay"] + delay) for hop in route ]
@dataclass
class LoopJob:
out: str # scid
in_: str # scid
amount: int
@dataclass
class LoopJobIdle:
sec: int = 10
class LoopJobDone(Enum):
COMPLETED = "COMPLETED"
ABORTED = "ABORTED"
class AbstractLoopRunner:
def __init__(self, looper: LoopRouter, bounds: TxBounds, parallelism: int):
self.looper = looper
self.bounds = bounds
self.parallelism = parallelism
self.bounds_map = {} # map (out:str, in_:str) -> TxBounds. it's a cache so we don't have to try 10 routes every time.
def pop_job(self) -> LoopJob | LoopJobIdle | LoopJobDone:
raise NotImplemented # abstract method
def finished_job(self, job: LoopJob, progress: int|LoopError) -> None:
raise NotImplemented # abstract method
def run_to_completion(self, exit_on_any_completed:bool = False) -> None:
self.exiting = False
self.exit_on_any_completed = exit_on_any_completed
if self.parallelism == 1:
# run inline to aid debugging
self._worker_thread()
else:
with ThreadPoolExecutor(max_workers=self.parallelism) as executor:
_ = list(executor.map(lambda _i: self._try_invoke(self._worker_thread), range(self.parallelism)))
def drop_caches(self) -> None:
logger.info("AbstractLoopRunner.drop_caches()")
self.looper.drop_caches()
self.bounds_map = {}
def _try_invoke(self, f, *args) -> None:
"""
try to invoke `f` with the provided `args`, and log if it fails.
this overcomes the issue that background tasks which fail via Exception otherwise do so silently.
"""
try:
f(*args)
except Exception as e:
logger.error(f"task failed: {e}")
def _worker_thread(self) -> None:
while not self.exiting:
job = self.pop_job()
logger.debug(f"popped job: {job}")
if isinstance(job, LoopJobDone):
return self._worker_finished(job)
if isinstance(job, LoopJobIdle):
logger.debug(f"idling for {job.sec}")
time.sleep(job.sec)
continue
result = self._execute_job(job)
logger.debug(f"finishing job {job} with {result}")
self.finished_job(job, result)
def _execute_job(self, job: LoopJob) -> LoopError|int:
bounds = self.bounds_map.get((job.out, job.in_), self.bounds)
bounds = bounds.intersect(TxBounds(max_msat=job.amount))
if not bounds.is_satisfiable():
logger.debug(f"TxBounds for job are unsatisfiable; skipping: {bounds} {job}")
return LoopError.NO_ROUTE
amt_looped = self.looper.loop_once(job.out, job.in_, bounds)
if amt_looped in (0, LoopError.NO_ROUTE, LoopError.TRANSIENT):
return amt_looped
logger.info(f"looped {amt_looped} from {job.out} -> {job.in_}")
bounds = bounds.intersect(TxBounds(max_msat=amt_looped))
self.bounds_map[(job.out, job.in_)] = bounds
return amt_looped
def _worker_finished(self, job: LoopJobDone) -> None:
if job == LoopJobDone.COMPLETED and self.exit_on_any_completed:
logger.debug(f"worker completed -> exiting pool")
self.exiting = True
class LoopPairState:
# TODO: use this in MultiLoopBalancer, or stop shoving state in here and put it on LoopBalancer instead.
def __init__(self, out: str, in_: str, amount: int):
self.out = out
self.in_ = in_
self.amount_target = amount
self.amount_looped = 0
self.amount_outstanding = 0
self.tx_fail_count = 0
self.route_fail_count = 0
self.last_job_start_time = None
self.failed_tx_throttler = 0 # increase by one every time we fail, decreases more gradually, when we succeed
class LoopBalancer(AbstractLoopRunner):
def __init__(self, out: str, in_: str, amount: int, looper: LoopRouter, bounds: TxBounds, parallelism: int=1):
super().__init__(looper, bounds, parallelism)
self.state = LoopPairState(out, in_, amount)
def pop_job(self) -> LoopJob | LoopJobIdle | LoopJobDone:
if self.state.tx_fail_count + 10*self.state.route_fail_count >= MAX_SEQUENTIAL_JOB_FAILURES:
logger.info(f"giving up ({self.state.out} -> {self.state.in_}): {self.state.tx_fail_count} tx failures, {self.state.route_fail_count} route failures")
return LoopJobDone.ABORTED
if self.state.tx_fail_count + self.state.route_fail_count > 0:
# N.B.: last_job_start_time is guaranteed to have been set by now
idle_until = self.state.last_job_start_time + TX_FAIL_BACKOFF*self.state.failed_tx_throttler
idle_for = idle_until - time.time()
if self.state.amount_outstanding != 0 or idle_for > 0:
# when we hit transient failures, restrict to just one job in flight at a time.
# this is aimed for the initial route building, where multiple jobs in flight is just useless,
# but it's not a bad idea for network blips, etc, either.
logger.info(f"throttling ({self.state.out} -> {self.state.in_}) for {idle_for:.0f}: {self.state.tx_fail_count} tx failures, {self.state.route_fail_count} route failures")
return LoopJobIdle(idle_for) if idle_for > 0 else LoopJobIdle()
amount_avail = self.state.amount_target - self.state.amount_looped - self.state.amount_outstanding
if amount_avail < self.bounds.min_msat:
if self.state.amount_outstanding == 0: return LoopJobDone.COMPLETED
return LoopJobIdle() # sending out another job would risk over-transferring
amount_this_job = min(amount_avail, self.bounds.max_msat)
self.state.amount_outstanding += amount_this_job
self.state.last_job_start_time = time.time()
return LoopJob(out=self.state.out, in_=self.state.in_, amount=amount_this_job)
def finished_job(self, job: LoopJob, progress: int) -> None:
self.state.amount_outstanding -= job.amount
if progress == LoopError.NO_ROUTE:
self.state.route_fail_count += 1
self.state.failed_tx_throttler += 10
elif progress == LoopError.TRANSIENT:
self.state.tx_fail_count += 1
self.state.failed_tx_throttler += 1
else:
self.state.amount_looped += progress
self.state.tx_fail_count = 0
self.state.route_fail_count = 0
self.state.failed_tx_throttler = max(0, self.state.failed_tx_throttler - 0.2)
logger.info(f"loop progressed ({job.out} -> {job.in_}) {progress}: {self.state.amount_looped} of {self.state.amount_target}")
class MultiLoopBalancer(AbstractLoopRunner):
"""
multiplexes jobs between multiple LoopBalancers.
note that the child LoopBalancers don't actually execute the jobs -- just produce them.
"""
def __init__(self, looper: LoopRouter, bounds: TxBounds, parallelism: int=1):
super().__init__(looper, bounds, parallelism)
self.loops = []
# job_index: increments on every job so we can grab jobs evenly from each LoopBalancer.
# in that event that producers are idling, it can actually increment more than once,
# so don't take this too literally
self.job_index = 0
def add_loop(self, out: LocalChannel, in_: LocalChannel, amount: int) -> None:
"""
start looping sats from out -> in_
"""
assert not any(l.state.out == out.scid and l.state.in_ == in_.scid for l in self.loops), f"tried to add duplicate loops from {out} -> {in_}"
logger.info(f"looping from ({out}) to ({in_})")
self.loops.append(LoopBalancer(out.scid, in_.scid, amount, self.looper, self.bounds, self.parallelism))
def pop_job(self) -> LoopJob | LoopJobIdle | LoopJobDone:
# N.B.: this can be called in parallel, so try to be consistent enough to not crash
idle_job = None
abort_job = None
for i, _ in enumerate(self.loops):
loop = self.loops[(self.job_index + i) % len(self.loops)]
self.job_index += 1
job = loop.pop_job()
if isinstance(job, LoopJob):
return job
if isinstance(job, LoopJobIdle):
idle_job = LoopJobIdle(min(job.sec, idle_job.sec)) if idle_job is not None else job
if job == LoopJobDone.ABORTED:
abort_job = job
# either there's a task to idle, or we have to terminate.
# if terminating, terminate ABORTED if any job aborted, else COMPLETED
if idle_job is not None: return idle_job
if abort_job is not None: return abort_job
return LoopJobDone.COMPLETED
def finished_job(self, job: LoopJob, progress: int) -> None:
# this assumes (enforced externally) that we have only one loop for a given out/in_ pair
for l in self.loops:
if l.state.out == job.out and l.state.in_ == job.in_:
l.finished_job(job, progress)
logger.info(f"total: {self.looper.metrics}")
def balance_loop(rpc: RpcHelper, out: str, in_: str, amount_msat: int, min_msat: int, max_msat: int, parallelism: int):
looper = LoopRouter(rpc)
bounds = TxBounds(min_msat=min_msat, max_msat=max_msat)
balancer = LoopBalancer(out, in_, amount_msat, looper, bounds, parallelism)
balancer.run_to_completion()
def autobalance_once(rpc: RpcHelper, metrics: Metrics, bounds: TxBounds, parallelism: int) -> bool:
"""
autobalances all channels.
returns True if channels are balanced (or as balanced as can be); False if in need of further balancing
"""
looper = LoopRouter(rpc, metrics)
balancer = MultiLoopBalancer(looper, bounds, parallelism)
channels = []
for peerch in rpc.rpc.listpeerchannels()["channels"]:
try:
channels.append(rpc.localchannel(peerch["short_channel_id"]))
except:
logger.info(f"NO CHANNELS for {peerch['peer_id']}")
channels = [ch for ch in channels if ch.online and ch.base_fee_to_me == 0]
give_to = [ ch for ch in channels if ch.send_ratio > 0.95 ]
take_from = [ ch for ch in channels if ch.send_ratio < 0.20 ]
if give_to == [] and take_from == []:
return True
for to in give_to:
for from_ in take_from:
balancer.add_loop(to, from_, 10000000)
balancer.run_to_completion(exit_on_any_completed=True)
return False
def autobalance(rpc: RpcHelper, min_msat: int, max_msat: int, parallelism: int):
bounds = TxBounds(min_msat=min_msat, max_msat=max_msat)
metrics = Metrics()
while not autobalance_once(rpc, metrics, bounds, parallelism):
pass
def show_status(rpc: RpcHelper, full: bool=False):
"""
show a table of channel balances between peers.
"""
for peerch in rpc.rpc.listpeerchannels()["channels"]:
try:
ch = rpc.localchannel(peerch["short_channel_id"])
except:
print(f"{peerch['peer_id']} scid:{peerch['short_channel_id']} state:{peerch['state']} NO CHANNELS")
else:
print(ch.to_str(with_scid=True, with_bal_ratio=True, with_payments=True, with_cost=full, with_ppm_theirs=True, with_ppm_mine=True, with_peer_id=full))
def main():
logging.basicConfig()
logger.setLevel(logging.INFO)
parser = argparse.ArgumentParser(description="rebalance lightning channel balances")
parser.add_argument("--verbose", action="store_true", help="more logging")
parser.add_argument("--min-msat", default="999", help="min transaction size")
parser.add_argument("--max-msat", default="1000000", help="max transaction size")
parser.add_argument("--jobs", default="1", help="how many HTLCs to keep in-flight at once")
subparsers = parser.add_subparsers(help="action")
status_parser = subparsers.add_parser("status")
status_parser.set_defaults(action="status")
status_parser.add_argument("--full", action="store_true", help="more info per channel")
loop_parser = subparsers.add_parser("loop")
loop_parser.set_defaults(action="loop")
loop_parser.add_argument("out", help="peer id to send tx through")
loop_parser.add_argument("in_", help="peer id to receive tx through")
loop_parser.add_argument("amount", help="total amount of msat to loop")
autobal_parser = subparsers.add_parser("autobalance")
autobal_parser.set_defaults(action="autobalance")
args = parser.parse_args()
if args.verbose:
logger.setLevel(logging.DEBUG)
rpc = RpcHelper(LightningRpc(RPC_FILE))
if args.action == "status":
show_status(rpc, full=args.full)
if args.action == "loop":
balance_loop(rpc, out=args.out, in_=args.in_, amount_msat=int(args.amount), min_msat=int(args.min_msat), max_msat=int(args.max_msat), parallelism=int(args.jobs))
if args.action == "autobalance":
autobalance(rpc, min_msat=int(args.min_msat), max_msat=int(args.max_msat), parallelism=int(args.jobs))
if __name__ == '__main__':
main()

View File

@@ -0,0 +1,135 @@
# clightning is an implementation of Bitcoin's Lightning Network.
# as such, this assumes that `services.bitcoin` is enabled.
# docs:
# - tor clightning config: <https://docs.corelightning.org/docs/tor>
# - `lightning-cli` and subcommands: <https://docs.corelightning.org/reference/lightning-cli>
# - `man lightningd-config`
#
# management/setup/use:
# - guide: <https://github.com/ElementsProject/lightning>
#
# debugging:
# - `lightning-cli getlog debug`
# - `lightning-cli listpays` -> show payments this node sent
# - `lightning-cli listinvoices` -> show payments this node received
#
# first, acquire peers:
# - `lightning-cli connect id@host`
# where `id` is the node's pubkey, and `host` is perhaps an ip:port tuple, or a hash.onion:port tuple.
# for testing, choose any node listed on <https://1ml.com>
# - `lightning-cli listpeers`
# should show the new peer, with `connected: true`
#
# then, fund the clightning wallet
# - `lightning-cli newaddr`
#
# then, open channels
# - `lightning-cli connect ...`
# - `lightning-cli fundchannel <node_id> <amount_in_satoshis>`
#
# who to federate with?
# - a lot of the larger nodes allow hands-free channel creation
# - either inbound or outbound, sometimes paid
# - find nodes on:
# - <https://terminal.lightning.engineering/>
# - <https://1ml.com>
# - tor nodes: <https://1ml.com/node?order=capacity&iponionservice=true>
# - <https://lightningnetwork.plus>
# - <https://mempool.space/lightning>
# - <https://amboss.space>
# - a few tor-capable nodes which allow channel creation:
# - <https://c-otto.de/>
# - <https://cyberdyne.sh/>
# - <https://yalls.org/about/>
# - <https://coincept.com/>
# - more resources: <https://www.lopp.net/lightning-information.html>
# - node routability: https://hashxp.org/lightning/node/<id>
# - especially, acquire inbound liquidity via lightningnetwork.plus's swap feature
# - most of the opportunities are gated behind a minimum connection or capacity requirement
#
# tune payment parameters
# - `lightning-cli setchannel <id> [feebase] [feeppm] [htlcmin] [htlcmax] [enforcedelay] [ignorefeelimits]`
# - e.g. `lightning-cli setchannel all 0 10`
# - it's suggested that feebase=0 simplifies routing.
#
# teardown:
# - `lightning-cli withdraw <bc1... dest addr> <amount in satoshis> [feerate]`
#
# sanity:
# - `lightning-cli listfunds`
#
# to receive a payment (do as `clightning` user):
# - `lightning-cli invoice <amount in millisatoshi> <label> <description>`
# - specify amount as `any` if undetermined
# - then give the resulting bolt11 URI to the payer
# to send a payment:
# - `lightning-cli pay <bolt11 URI>`
# - or `lightning-cli pay <bolt11 URI> [amount_msat] [label] [riskfactor] [maxfeepercent] ...`
# - amount_msat must be "null" if the bolt11 URI specifies a value
# - riskfactor defaults to 10
# - maxfeepercent defaults to 0.5
# - label is a human-friendly label for my records
{ config, pkgs, ... }:
{
sane.persist.sys.byStore.ext = [
{ user = "clightning"; group = "clightning"; mode = "0710"; path = "/var/lib/clightning"; }
];
# `lightning-cli` finds its RPC file via `~/.lightning/bitcoin/lightning-rpc`, to message the daemon
sane.user.fs.".lightning".symlink.target = "/var/lib/clightning";
# see bitcoin.nix for how to generate this
services.bitcoind.mainnet.rpc.users.clightning.passwordHMAC =
"befcb82d9821049164db5217beb85439$2c31ac7db3124612e43893ae13b9527dbe464ab2d992e814602e7cb07dc28985";
sane.services.clightning.enable = true;
sane.services.clightning.proxy = "127.0.0.1:9050"; # proxy outgoing traffic through tor
# sane.services.clightning.publicAddress = "statictor:127.0.0.1:9051";
sane.services.clightning.getPublicAddressCmd = "cat /var/lib/tor/onion/clightning/hostname";
services.tor.relay.onionServices.clightning = {
version = 3;
map = [{
# by default tor will route public tor port P to 127.0.0.1:P.
# so if this port is the same as clightning would natively use, then no further config is needed here.
# see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>
port = 9735;
# target.port; target.addr; #< set if tor port != clightning port
}];
# allow "tor" group (i.e. clightning) to read /var/lib/tor/onion/clightning/hostname
settings.HiddenServiceDirGroupReadable = true;
};
# must be in "tor" group to read /var/lib/tor/onion/*/hostname
users.users.clightning.extraGroups = [ "tor" ];
systemd.services.clightning.after = [ "tor.service" ];
# lightning-config contains fields from here:
# - <https://docs.corelightning.org/docs/configuration>
# secret config includes:
# - bitcoin-rpcpassword
# - alias=nodename
# - rgb=rrggbb
# - fee-base=<millisatoshi>
# - fee-per-satoshi=<ppm>
# - feature configs (i.e. experimental-xyz options)
sane.services.clightning.extraConfig = ''
log-level=debug:lightningd
# peerswap:
# - config example: <https://github.com/fort-nix/nix-bitcoin/pull/462/files#diff-b357d832705b8ce8df1f41934d613f79adb77c4cd5cd9e9eb12a163fca3e16c6>
# XXX: peerswap crashes clightning on launch. stacktrace is useless.
# plugin=${pkgs.peerswap}/bin/peerswap
# peerswap-db-path=/var/lib/clightning/peerswap/swaps
# peerswap-policy-path=...
'';
sane.services.clightning.extraConfigFiles = [ config.sops.secrets."lightning-config".path ];
sops.secrets."lightning-config" = {
mode = "0640";
owner = "clightning";
group = "clightning";
};
sane.programs.clightning.enableFor.user.colin = true; # for debugging/admin: `lightning-cli`
}

View File

@@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./bitcoin.nix
./clightning.nix
./i2p.nix
./monero.nix
./tor.nix
];
}

View File

@@ -0,0 +1,4 @@
{ ... }:
{
services.i2p.enable = true;
}

View File

@@ -0,0 +1,31 @@
# as of 2023/11/26: complete downloaded blockchain should be 200GiB on disk, give or take.
{ ... }:
{
sane.persist.sys.byStore.ext = [
# /var/lib/monero/lmdb is what consumes most of the space
{ user = "monero"; group = "monero"; path = "/var/lib/monero"; }
];
services.monero.enable = true;
services.monero.limits.upload = 5000; # in kB/s
services.monero.extraConfig = ''
# see: monero doc/ANONYMITY_NETWORKS.md
#
# "If any anonymity network is enabled, transactions being broadcast that lack a valid 'context'
# (i.e. the transaction did not come from a P2P connection) will only be sent to peers on anonymity networks."
#
# i think this means that setting tx-proxy here ensures any transactions sent locally to my node (via RPC)
# will be sent over an anonymity network.
tx-proxy=i2p,127.0.0.1:9000
tx-proxy=tor,127.0.0.1:9050
'';
# monero ports: <https://monero.stackexchange.com/questions/604/what-ports-does-monero-use-rpc-p2p-etc>
# - 18080 = "P2P" monero node <-> monero node connections
# - 18081 = "RPC" monero client -> monero node connections
sane.ports.ports."18080" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-monero-p2p";
};
}

View File

@@ -0,0 +1,25 @@
# tor settings: <https://2019.www.torproject.org/docs/tor-manual.html.en>
{ lib, ... }:
{
# tor hidden service hostnames aren't deterministic, so persist.
# might be able to get away with just persisting /var/lib/tor/onion, not sure.
sane.persist.sys.byStore.plaintext = [
{ user = "tor"; group = "tor"; mode = "0710"; path = "/var/lib/tor"; }
];
# tor: `tor.enable` doesn't start a relay, exit node, proxy, etc. it's minimal.
# tor.client.enable configures a torsocks proxy, accessible *only* to localhost.
# at 127.0.0.1:9050
services.tor.enable = true;
services.tor.client.enable = true;
# in order for services to read /var/lib/tor/onion/*/hostname, they must be able to traverse /var/lib/tor,
# and /var/lib/tor must have g+x.
# DataDirectoryGroupReadable causes tor to use g+rx, technically more than we need, but all the files are 600 so it's fine.
services.tor.settings.DataDirectoryGroupReadable = true;
# StateDirectoryMode defaults to 0700, and thereby prevents the onion hostnames from being group readable
systemd.services.tor.serviceConfig.StateDirectoryMode = lib.mkForce "0710";
users.users.tor.homeMode = "0710"; # home mode defaults to 0700, causing readability problems, enforced by nixos "users" activation script
services.tor.settings.SafeLogging = false; # show actual .onion names in the syslog, else debugging is impossible
}

View File

@@ -1,27 +0,0 @@
{ config, lib, pkgs, ... }:
# using manual ddns now
lib.mkIf false
{
systemd.services.ddns-afraid = {
description = "update dynamic DNS entries for freedns.afraid.org";
serviceConfig = {
EnvironmentFile = config.sops.secrets."ddns_afraid.env".path;
# TODO: ProtectSystem = "strict";
# TODO: ProtectHome = "full";
# TODO: PrivateTmp = true;
};
script = let
curl = "${pkgs.curl}/bin/curl -4";
in ''
${curl} "https://freedns.afraid.org/dynamic/update.php?$AFRAID_KEY"
'';
};
systemd.timers.ddns-afraid = {
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnStartupSec = "2min";
OnUnitActiveSec = "10min";
};
};
}

View File

@@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }:
# we use manual DDNS now
lib.mkIf false
{
systemd.services.ddns-he = {
description = "update dynamic DNS entries for HurricaneElectric";
serviceConfig = {
EnvironmentFile = config.sops.secrets."ddns_he.env".path;
# TODO: ProtectSystem = "strict";
# TODO: ProtectHome = "full";
# TODO: PrivateTmp = true;
};
# HE DDNS API is documented: https://dns.he.net/docs.html
script = let
crl = "${pkgs.curl}/bin/curl -4";
in ''
${crl} "https://he.uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=he.uninsane.org"
${crl} "https://native.uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=native.uninsane.org"
${crl} "https://uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=uninsane.org"
'';
};
systemd.timers.ddns-he = {
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnStartupSec = "2min";
OnUnitActiveSec = "10min";
};
};
}

View File

@@ -2,12 +2,12 @@
{
imports = [
./calibre.nix
./ddns-afraid.nix
./ddns-he.nix
./coturn.nix
./cryptocurrencies
./email
./ejabberd.nix
./freshrss.nix
./ftp
./export
./gitea.nix
./goaccess.nix
./ipfs.nix
@@ -18,13 +18,15 @@
./lemmy.nix
./matrix
./navidrome.nix
./nfs.nix
./nixserve.nix
./nginx.nix
./nixos-prebuild.nix
./nixserve.nix
./ntfy
./pict-rs.nix
./pleroma.nix
./postgres.nix
./prosody.nix
./prosody
./slskd.nix
./transmission.nix
./trust-dns.nix
./wikipedia.nix

View File

@@ -14,76 +14,111 @@
#
# compliance tests:
# - <https://compliance.conversations.im/server/uninsane.org/#xep0352>
#
# administration:
# - `sudo -u ejabberd ejabberdctl help`
#
# federation/support matrix:
# - avatars
# - nixnet.services + dino: works in MUCs but not DMs (as of 2023 H1)
# - movim.eu + dino: works in DMs, MUCs untested (as of 2023/08/29)
# - calls
# - local + dino: audio, video, works in DMs (as of 2023/08/29)
# - movim.eu + dino: audio, video, works in DMs, no matter which side initiates (as of 2023/08/30)
# - +native-cell-number@cheogram.com + dino: audio works in DMs, no matter which side initiates (as of 2023/09/01)
# - can receive calls even if sender isn't in my roster
# - this is presumably using JMP.chat's SIP servers, which then convert it to XMPP call
#
# bugs:
# - 2023/09/01: will randomly stop federating. `systemctl restart ejabberd` fixes, but takes 10 minutes.
{ config, lib, pkgs, ... }:
# XXX: avatar support works in MUCs but not DMs
# lib.mkIf false
let
# TODO: this range could be larger, but right now that's costly because each element is its own UPnP forward
# TURN port range (inclusive)
turnPortLow = 49152;
turnPortHigh = 49167;
turnPortRange = lib.range turnPortLow turnPortHigh;
in
# XXX(2023/10/15): disabled in favor of Prosody.
# everything configured below was fine: used ejabberd for several months.
lib.mkIf false
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "ejabberd"; group = "ejabberd"; path = "/var/lib/ejabberd"; }
];
sane.ports.ports."3478" = {
sane.ports.ports = lib.mkMerge ([
{
"3478" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-stun-turn";
};
sane.ports.ports."5222" = {
"5222" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-client-to-server";
};
sane.ports.ports."5223" = {
"5223" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpps-client-to-server"; # XMPP over TLS
};
sane.ports.ports."5269" = {
"5269" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-xmpp-server-to-server";
};
sane.ports.ports."5270" = {
"5270" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-xmpps-server-to-server"; # XMPP over TLS
};
sane.ports.ports."5280" = {
"5280" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-bosh";
};
sane.ports.ports."5281" = {
"5281" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-bosh-https";
};
sane.ports.ports."5349" = {
"5349" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-stun-turn-over-tls";
};
sane.ports.ports."5443" = {
"5443" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-web-services"; # file uploads, websockets, admin
};
}
] ++ (builtins.map
(port: {
"${builtins.toString port}" = let
count = port - turnPortLow + 1;
numPorts = turnPortHigh - turnPortLow + 1;
in {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-turn-${builtins.toString count}-of-${builtins.toString numPorts}";
};
})
turnPortRange
));
# TODO: forward these TURN ports!
networking.firewall.allowedTCPPortRanges = [{
from = 49152; # TURN
to = 49408;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 49152; # TURN
to = 49408;
}];
# this ejabberd config uses builtin STUN/TURN server, so hack to ensure no other implementation fights for ports
services.coturn.enable = false;
# provide access to certs
# TODO: this should just be `acme`. then we also add nginx to the `acme` group.
@@ -150,284 +185,285 @@
services.ejabberd.enable = true;
services.ejabberd.configFile = "/var/lib/ejabberd/ejabberd.yaml";
systemd.services.ejabberd.preStart = let
config-in = pkgs.writeTextFile {
name = "ejabberd.yaml.in";
text = ''
hosts:
- uninsane.org
config-in = pkgs.writeText "ejabberd.yaml.in" (lib.generators.toYAML {} {
hosts = [ "uninsane.org" ];
# none | emergency | alert | critical | error | warning | notice | info | debug
loglevel: debug
# loglevel: info
# loglevel: notice
loglevel = "debug";
acme.auto = false;
certfiles = [ "/var/lib/acme/uninsane.org/full.pem" ];
# ca_file = "${pkgs.cacert.unbundled}/etc/ssl/certs/";
# ca_file = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
acme:
auto: false
certfiles:
- /var/lib/acme/uninsane.org/full.pem
# ca_file: ${pkgs.cacert.unbundled}/etc/ssl/certs/
# ca_file: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
pam_userinfotype = "jid";
acl = {
admin.user = [ "colin@uninsane.org" ];
local.user_regexp = "";
loopback.ip = [ "127.0.0.0/8" "::1/128" ];
};
pam_userinfotype: jid
acl:
admin:
user:
- "colin@uninsane.org"
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
access_rules:
local:
allow: local
c2s_access:
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode_access:
allow: all
trusted_network:
allow: loopback
access_rules = {
local.allow = "local";
c2s_access.allow = "all";
announce.allow = "admin";
configure.allow = "admin";
muc_create.allow = "local";
pubsub_createnode_access.allow = "all";
trusted_network.allow = "loopback";
};
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
shaper_rules:
shaper_rules = {
# setting this to above 1 may break outgoing messages
# - maybe some servers rate limit? or just don't understand simultaneous connections?
max_s2s_connections: 1
max_user_sessions: 10
max_user_offline_messages: 5000
c2s_shaper:
fast: all
s2s_shaper:
med: all
max_s2s_connections = 1;
max_user_sessions = 10;
max_user_offline_messages = 5000;
c2s_shaper.fast = "all";
s2s_shaper.med = "all";
};
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shapers>
# this limits the bytes/sec.
# for example, burst: 3_000_000 and rate: 100_000 means:
# - each client has a BW budget that accumulates 100kB/sec and is capped at 3 MB
shaper:
fast: 1000000
med: 500000
# fast:
# - rate: 1000000
# - burst_size: 10000000
# med:
# - rate: 500000
# - burst_size: 5000000
shaper.fast = 1000000;
shaper.med = 500000;
# shaper.fast.rate = 1000000;
# shaper.fast.burst_size = 10000000;
# shaper.med.rate = 500000;
# shaper.med.burst_size = 5000000;
# see: <https://docs.ejabberd.im/admin/configuration/listen/>
# s2s_use_starttls: true
s2s_use_starttls: optional
# s2s_use_starttls = true;
s2s_use_starttls = "optional";
# lessens 504: remote-server-timeout errors
# see: <https://github.com/processone/ejabberd/issues/3105#issuecomment-562182967>
negotiation_timeout: 60
negotiation_timeout = 60;
listen:
-
port: 5222
module: ejabberd_c2s
shaper: c2s_shaper
starttls: true
access: c2s_access
-
port: 5223
module: ejabberd_c2s
shaper: c2s_shaper
tls: true
access: c2s_access
-
port: 5269
module: ejabberd_s2s_in
shaper: s2s_shaper
-
port: 5270
module: ejabberd_s2s_in
shaper: s2s_shaper
tls: true
-
port: 5443
module: ejabberd_http
tls: true
request_handlers:
/admin: ejabberd_web_admin # TODO: ensure this actually works
/api: mod_http_api # ejabberd API endpoint (to control server)
/bosh: mod_bosh
/upload: mod_http_upload
/ws: ejabberd_http_ws
# /.well-known/host-meta: mod_host_meta
# /.well-known/host-meta.json: mod_host_meta
-
listen = [
{
port = 5222;
module = "ejabberd_c2s";
shaper = "c2s_shaper";
starttls = true;
access = "c2s_access";
}
{
port = 5223;
module = "ejabberd_c2s";
shaper = "c2s_shaper";
tls = true;
access = "c2s_access";
}
{
port = 5269;
module = "ejabberd_s2s_in";
shaper = "s2s_shaper";
}
{
port = 5270;
module = "ejabberd_s2s_in";
shaper = "s2s_shaper";
tls = true;
}
{
port = 5443;
module = "ejabberd_http";
tls = true;
request_handlers = {
"/admin" = "ejabberd_web_admin"; # TODO: ensure this actually works
"/api" = "mod_http_api"; # ejabberd API endpoint (to control server)
"/bosh" = "mod_bosh";
"/upload" = "mod_http_upload";
"/ws" = "ejabberd_http_ws";
# "/.well-known/host-meta" = "mod_host_meta";
# "/.well-known/host-meta.json" = "mod_host_meta";
};
}
{
# STUN+TURN TCP
# note that the full port range should be forwarded ("not NAT'd")
# `use_turn=true` enables both TURN *and* STUN
port: 3478
module: ejabberd_stun
transport: tcp
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
turn_ipv4_address: %ANATIVE%
-
port = 3478;
module = "ejabberd_stun";
transport = "tcp";
use_turn = true;
turn_min_port = turnPortLow;
turn_max_port = turnPortHigh;
turn_ipv4_address = "%ANATIVE%";
}
{
# STUN+TURN UDP
port: 3478
module: ejabberd_stun
transport: udp
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
turn_ipv4_address: %ANATIVE%
-
port = 3478;
module = "ejabberd_stun";
transport = "udp";
use_turn = true;
turn_min_port = turnPortLow;
turn_max_port = turnPortHigh;
turn_ipv4_address = "%ANATIVE%";
}
{
# STUN+TURN TLS over TCP
port: 5349
module: ejabberd_stun
transport: tcp
tls: true
certfile: /var/lib/acme/uninsane.org/full.pem
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
turn_ipv4_address: %ANATIVE%
port = 5349;
module = "ejabberd_stun";
transport = "tcp";
tls = true;
certfile = "/var/lib/acme/uninsane.org/full.pem";
use_turn = true;
turn_min_port = turnPortLow;
turn_max_port = turnPortHigh;
turn_ipv4_address = "%ANATIVE%";
}
];
# TODO: enable mod_fail2ban
# TODO(low): look into mod_http_fileserver for serving macros?
modules:
# mod_adhoc: {}
# mod_announce:
# access: admin
modules = {
# mod_adhoc = {};
# mod_announce = {
# access = "admin";
# };
# allows users to set avatars in vCard
# - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
mod_avatar: {}
mod_caps: {} # for mod_pubsub
mod_carboncopy: {} # allows multiple clients to receive a user's message
mod_avatar = {};
mod_caps = {}; # for mod_pubsub
mod_carboncopy = {}; # allows multiple clients to receive a user's message
# queues messages when recipient is offline, including PEP and presence messages.
# compliance test suggests this be enabled
mod_client_state: {}
mod_client_state = {};
# mod_conversejs: TODO: enable once on 21.12
# allows clients like Dino to discover where to upload files
mod_disco:
server_info:
-
modules: all
name: abuse-addresses
urls:
- "mailto:admin.xmpp@uninsane.org"
- "xmpp:colin@uninsane.org"
-
modules: all
name: admin-addresses
urls:
- "mailto:admin.xmpp@uninsane.org"
- "xmpp:colin@uninsane.org"
mod_http_upload:
host: upload.xmpp.uninsane.org
hosts:
- upload.xmpp.uninsane.org
put_url: "https://@HOST@:5443/upload"
dir_mode: "0750"
file_mode: "0750"
rm_on_unregister: false
mod_disco.server_info = [
{
modules = "all";
name = "abuse-addresses";
urls = [
"mailto:admin.xmpp@uninsane.org"
"xmpp:colin@uninsane.org"
];
}
{
modules = "all";
name = "admin-addresses";
urls = [
"mailto:admin.xmpp@uninsane.org"
"xmpp:colin@uninsane.org"
];
}
];
mod_http_upload = {
host = "upload.xmpp.uninsane.org";
hosts = [ "upload.xmpp.uninsane.org" ];
put_url = "https://@HOST@:5443/upload";
dir_mode = "0750";
file_mode = "0750";
rm_on_unregister = false;
};
# allow discoverability of BOSH and websocket endpoints
# TODO: enable once on ejabberd 22.05 (presently 21.04)
# mod_host_meta: {}
mod_jidprep: {} # probably not needed: lets clients normalize jids
mod_last: {} # allow other users to know when i was last online
mod_mam:
# mod_host_meta = {};
mod_jidprep = {}; # probably not needed: lets clients normalize jids
mod_last = {}; # allow other users to know when i was last online
mod_mam = {
# Mnesia is limited to 2GB, better to use an SQL backend
# For small servers SQLite is a good fit and is very easy
# to configure. Uncomment this when you have SQL configured:
# db_type: sql
assume_mam_usage: true
default: always
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
history_size: 100 # messages to show new participants
host: muc.xmpp.uninsane.org
hosts:
- muc.xmpp.uninsane.org
default_room_options:
anonymous: false
lang: en
persistent: true
mam: true
mod_muc_admin: {}
mod_offline: # store messages for a user when they're offline (TODO: understand multi-client workflow?)
access_max_user_messages: max_user_offline_messages
store_groupchat: true
mod_ping: {}
mod_privacy: {} # deprecated, but required for `ejabberctl export_piefxis`
mod_private: {} # allow local clients to persist arbitrary data on my server
assume_mam_usage = true;
default = "always";
};
mod_muc = {
access = [ "allow" ];
access_admin = { allow = "admin"; };
access_create = "muc_create";
access_persistent = "muc_create";
access_mam = [ "allow" ];
history_size = 100; # messages to show new participants
host = "muc.xmpp.uninsane.org";
hosts = [ "muc.xmpp.uninsane.org" ];
default_room_options = {
anonymous = false;
lang = "en";
persistent = true;
mam = true;
};
};
mod_muc_admin = {};
mod_offline = {
# store messages for a user when they're offline (TODO: understand multi-client workflow?)
access_max_user_messages = "max_user_offline_messages";
store_groupchat = true;
};
mod_ping = {};
mod_privacy = {}; # deprecated, but required for `ejabberctl export_piefxis`
mod_private = {}; # allow local clients to persist arbitrary data on my server
# push notifications to services integrated with e.g. Apple/Android.
# default is for a maximum amount of PII to be withheld, since these push notifs
# generally traverse 3rd party services. can opt to include message body, etc, though.
mod_push: {}
mod_push = {};
# i don't fully understand what this does, but it seems aimed at making push notifs more reliable.
mod_push_keepalive: {}
mod_roster:
versioning: true
mod_push_keepalive = {};
mod_roster = {
versioning = true;
};
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-s2s-dialback>
# s2s dialback to verify inbound messages
# unclear to what degree the XMPP network requires this
mod_s2s_dialback: {}
mod_shared_roster: {} # creates groups for @all, @online, and anything manually administered?
mod_stream_mgmt:
resend_on_timeout: if_offline # resend undelivered messages if the origin client is offline
mod_s2s_dialback = {};
mod_shared_roster = {}; # creates groups for @all, @online, and anything manually administered?
mod_stream_mgmt = {
# resend undelivered messages if the origin client is offline
resend_on_timeout = "if_offline";
};
# fallback for when DNS-based STUN discovery is unsupported.
# - see: <https://xmpp.org/extensions/xep-0215.html>
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-stun-disco>
# people say to just keep this defaulted (i guess ejabberd knows to return its `host` option of uninsane.org?)
mod_stun_disco: {}
mod_stun_disco = {};
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-vcard>
mod_vcard:
allow_return_all: true # all users are discoverable (?)
host: vjid.xmpp.uninsane.org
hosts:
- vjid.xmpp.uninsane.org
search: true
mod_vcard_xupdate: {} # needed for avatars
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-pubsub>
mod_pubsub: # needed for avatars
access_createnode: pubsub_createnode_access
host: pubsub.xmpp.uninsane.org
hosts:
- pubsub.xmpp.uninsane.org
ignore_pep_from_offline: false
last_item_cache: true
plugins:
- pep
- flat
force_node_config:
# ensure client bookmarks are private
storage:bookmarks:
access_model: whitelist
urn:xmpp:avatar:data:
access_model: open
urn:xmpp:avatar:metadata:
access_model: open
mod_version: {}
'';
mod_vcard = {
allow_return_all = true; # all users are discoverable (?)
host = "vjid.xmpp.uninsane.org";
hosts = [ "vjid.xmpp.uninsane.org" ];
search = true;
};
mod_vcard_xupdate = {}; # needed for avatars
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-pubsub>
mod_pubsub = {
#^ needed for avatars
access_createnode = "pubsub_createnode_access";
host = "pubsub.xmpp.uninsane.org";
hosts = [ "pubsub.xmpp.uninsane.org" ];
ignore_pep_from_offline = false;
last_item_cache = true;
plugins = [
"pep"
"flat"
];
force_node_config = {
# ensure client bookmarks are private
"storage:bookmarks:" = {
"access_model" = "whitelist";
};
"urn:xmpp:avatar:data" = {
"access_model" = "open";
};
"urn:xmpp:avatar:metadata" = {
"access_model" = "open";
};
};
};
mod_version = {};
};
});
sed = "${pkgs.gnused}/bin/sed";
in ''
ip=$(cat '${config.sane.services.dyn-dns.ipPath}')
# config is 444 (not 644), so we want to write out-of-place and then atomically move
# TODO: factor this out into `sane-woop` helper?
rm -f /var/lib/ejabberd/ejabberd.yaml.new
${sed} "s/%ANATIVE%/$ip/" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
${sed} "s/%ANATIVE%/$ip/g" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
mv /var/lib/ejabberd/ejabberd.yaml{.new,}
'';

View File

@@ -22,6 +22,13 @@
# - but postfix delegates authorization of that outgoing mail to dovecot, on the server side
#
# - local clients (i.e. sendmail) interact only with postfix
#
# debugging: general connectivity issues
# - test that inbound port 25 is unblocked:
# - `curl https://canyouseeme.org/ --data 'port=25&IP=185.157.162.178' | grep 'see your service'`
# - and retry with port 465, 587
# - i think this API requires the queried IP match the source IP
# - if necessary, `systemctl stop postfix` and `sudo nc -l 185.157.162.178 25`, then try https://canyouseeme.org
{ ... }:
{

View File

@@ -18,7 +18,7 @@ let
};
in
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode? could be more granular
{ user = "opendkim"; group = "opendkim"; path = "/var/lib/opendkim"; }
{ user = "root"; group = "root"; path = "/var/lib/postfix"; }
@@ -28,21 +28,25 @@ in
# "/var/lib/dovecot"
];
sane.ports.ports."25" = {
protocol = [ "tcp" ];
visibleTo.ovpn = true;
description = "colin-smtp-mx.uninsane.org";
};
sane.ports.ports."465" = {
protocol = [ "tcp" ];
visibleTo.ovpn = true;
description = "colin-smtps-mx.uninsane.org";
};
sane.ports.ports."587" = {
protocol = [ "tcp" ];
visibleTo.ovpn = true;
description = "colin-smtps-submission-mx.uninsane.org";
};
# XXX(2023/10/20): opening these ports in the firewall has the OPPOSITE effect as intended.
# these ports are only routable so long as they AREN'T opened.
# probably some cursed interaction with network namespaces introduced after 2023/10/10.
# sane.ports.ports."25" = {
# protocol = [ "tcp" ];
# # XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
# visibleTo.lan = true;
# description = "colin-smtp-mx.uninsane.org";
# };
# sane.ports.ports."465" = {
# protocol = [ "tcp" ];
# visibleTo.lan = true;
# description = "colin-smtps-mx.uninsane.org";
# };
# sane.ports.ports."587" = {
# protocol = [ "tcp" ];
# visibleTo.lan = true;
# description = "colin-smtps-submission-mx.uninsane.org";
# };
# exists only to manage certs for Postfix
services.nginx.virtualHosts."mx.uninsane.org" = {

View File

@@ -0,0 +1,53 @@
{ config, ... }:
{
imports = [
./nfs.nix
./sftpgo.nix
];
users.groups.export = {};
fileSystems."/var/export/media" = {
# everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
device = "/var/lib/uninsane/media";
options = [ "rbind" ];
};
# fileSystems."/var/export/playground" = {
# device = config.fileSystems."/mnt/persist/ext".device;
# fsType = "btrfs";
# options = [
# "subvol=export-playground"
# "compress=zstd"
# "defaults"
# ];
# };
# N.B.: the backing directory should be manually created here **as a btrfs subvolume** and with a quota.
# - `sudo btrfs subvolume create /mnt/persist/ext/persist/var/export/playground`
# - `sudo btrfs quota enable /mnt/persist/ext/persist/var/export/playground`
# - `sudo btrfs quota rescan -sw /mnt/persist/ext/persist/var/export/playground`
# to adjust the limits (which apply at the block layer, i.e. post-compression):
# - `sudo btrfs qgroup limit 20G /mnt/persist/ext/persist/var/export/playground`
# to query the quota/status:
# - `sudo btrfs qgroup show -re /var/export/playground`
sane.persist.sys.byStore.ext = [
{ user = "root"; group = "export"; mode = "0775"; path = "/var/export/playground"; }
];
sane.fs."/var/export/README.md" = {
wantedBy = [ "nfs.service" "sftpgo.service" ];
file.text = ''
- media/ read-only: Videos, Music, Books, etc
- playground/ read-write: use it to share files with other users of this server
'';
};
sane.fs."/var/export/playground/README.md" = {
wantedBy = [ "nfs.service" "sftpgo.service" ];
file.text = ''
this directory is intentionally read+write by anyone with access (i.e. on the LAN).
- share files
- write poetry
- be a friendly troll
'';
};
}

View File

@@ -0,0 +1,110 @@
# docs:
# - <https://nixos.wiki/wiki/NFS>
# - <https://wiki.gentoo.org/wiki/Nfs-utils>
# system files:
# - /etc/exports
# system services:
# - nfs-server.service
# - nfs-idmapd.service
# - nfs-mountd.service
# - nfsdcld.service
# - rpc-statd.service
# - rpcbind.service
#
# TODO: force files to be 755, or 750.
# - could maybe be done with some mount option?
{ config, lib, ... }:
{
services.nfs.server.enable = true;
# see which ports NFS uses with:
# - `rpcinfo -p`
sane.ports.ports."111" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server portmapper";
};
sane.ports.ports."2049" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "NFS server";
};
sane.ports.ports."4000" = {
protocol = [ "udp" ];
visibleTo.lan = true;
description = "NFS server status daemon";
};
sane.ports.ports."4001" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server lock daemon";
};
sane.ports.ports."4002" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server mount daemon";
};
# NFS4 allows these to float, but NFS3 mandates specific ports, so fix them for backwards compat.
services.nfs.server.lockdPort = 4001;
services.nfs.server.mountdPort = 4002;
services.nfs.server.statdPort = 4000;
# format:
# fspoint visibility(options)
# options:
# - see: <https://wiki.gentoo.org/wiki/Nfs-utils#Exports>
# - see [man 5 exports](https://linux.die.net/man/5/exports)
# - insecure: require clients use src port > 1024
# - rw, ro (default)
# - async, sync (default)
# - no_subtree_check (default), subtree_check: verify not just that files requested by the client live
# in the expected fs, but also that they live under whatever subdirectory of that fs is exported.
# - no_root_squash, root_squash (default): map requests from uid 0 to user `nobody`.
# - crossmnt: reveal filesystems that are mounted under this endpoint
# - fsid: must be zero for the root export
# - fsid=root is alias for fsid=0
# - mountpoint[=/path]: only export the directory if it's a mountpoint. used to avoid exporting failed mounts.
# - all_squash: rewrite all client requests such that they come from anonuid/anongid
# - any files a user creates are owned by local anonuid/anongid.
# - users can read any local file which anonuid/anongid would be able to read.
# - users can't chown to/away from anonuid/anongid.
# - users can chmod files they own, to anything (making them unreadable to non-`nfsuser` export users, like FTP).
# - `stat` remains unchanged, returning the real UIDs/GIDs to the client.
# - thus programs which check `uid` or `gid` before trying an operation may incorrectly conclude they can't perform some op.
#
# 10.0.0.0/8 to export both to LAN (readonly, unencrypted) and wg vpn (read-write, encrypted)
services.nfs.server.exports =
let
fmtExport = { export, baseOpts, extraLanOpts ? [], extraVpnOpts ? [] }:
let
always = [ "subtree_check" ];
lanOpts = always ++ baseOpts ++ extraLanOpts;
vpnOpts = always ++ baseOpts ++ extraVpnOpts;
in "${export} 10.78.79.0/22(${lib.concatStringsSep "," lanOpts}) 10.0.10.0/24(${lib.concatStringsSep "," vpnOpts})";
in lib.concatStringsSep "\n" [
(fmtExport {
export = "/var/export";
baseOpts = [ "crossmnt" "fsid=root" ];
extraLanOpts = [ "ro" ];
extraVpnOpts = [ "rw" "no_root_squash" ];
})
(fmtExport {
export = "/var/export/playground";
baseOpts = [
"mountpoint"
"all_squash"
"rw"
"anonuid=${builtins.toString config.users.users.nfsuser.uid}"
"anongid=${builtins.toString config.users.groups.export.gid}"
];
})
];
users.users.nfsuser = {
description = "virtual user for anonymous NFS operations";
group = "export";
isSystemUser = true;
};
}

View File

@@ -0,0 +1,186 @@
# docs:
# - <https://github.com/drakkan/sftpgo>
# - config options: <https://github.com/drakkan/sftpgo/blob/main/docs/full-configuration.md>
# - config defaults: <https://github.com/drakkan/sftpgo/blob/main/sftpgo.json>
# - nixos options: <repo:nixos/nixpkgs:nixos/modules/services/web-apps/sftpgo.nix>
# - nixos example: <repo:nixos/nixpkgs:nixos/tests/sftpgo.nix>
#
# sftpgo is a FTP server that also supports WebDAV, SFTP, and web clients.
#
# TODO: change umask so sftpgo-created files default to 644.
# - it does indeed appear that the 600 is not something sftpgo is explicitly doing.
{ config, lib, pkgs, sane-lib, ... }:
let
# user permissions:
# - see <repo:drakkan/sftpgo:internal/dataprovider/user.go>
# - "*" = grant all permissions
# - read-only perms:
# - "list" = list files and directories
# - "download"
# - rw perms:
# - "upload"
# - "overwrite" = allow uploads to replace existing files
# - "delete" = delete files and directories
# - "delete_files"
# - "delete_dirs"
# - "rename" = rename files and directories
# - "rename_files"
# - "rename_dirs"
# - "create_dirs"
# - "create_symlinks"
# - "chmod"
# - "chown"
# - "chtimes" = change atime/mtime (access and modification times)
#
# home_dir:
# - it seems (empirically) that a user can't cd above their home directory.
# though i don't have a reference for that in the docs.
authResponseSuccess = {
status = 1;
username = "anonymous";
expiration_date = 0;
home_dir = "/var/export";
# uid/gid 0 means to inherit sftpgo uid.
# - i.e. users can't read files which Linux user `sftpgo` can't read
# - uploaded files belong to Linux user `sftpgo`
# other uid/gid values aren't possible for localfs backend, unless i let sftpgo use `sudo`.
uid = 0;
gid = 0;
# uid = 65534;
# gid = 65534;
max_sessions = 0;
# quota_*: 0 means to not use SFTP's quota system
quota_size = 0;
quota_files = 0;
permissions = {
"/" = [ "list" "download" ];
"/playground" = [
# read-only:
"list"
"download"
# write:
"upload"
"overwrite"
"delete"
"rename"
"create_dirs"
"create_symlinks"
# intentionally omitted:
# "chmod"
# "chown"
# "chtimes"
];
};
upload_bandwidth = 0;
download_bandwidth = 0;
filters = {
allowed_ip = [];
denied_ip = [];
};
public_keys = [];
# other fields:
# ? groups
# ? virtual_folders
};
authResponseFail = {
username = "";
};
authSuccessJson = pkgs.writeText "sftp-auth-success.json" (builtins.toJSON authResponseSuccess);
authFailJson = pkgs.writeText "sftp-auth-fail.json" (builtins.toJSON authResponseFail);
unwrappedAuthProgram = pkgs.static-nix-shell.mkBash {
pname = "sftpgo_external_auth_hook";
src = ./.;
pkgs = [ "coreutils" ];
};
authProgram = pkgs.writeShellScript "sftpgo-auth-hook" ''
${unwrappedAuthProgram}/bin/sftpgo_external_auth_hook ${authFailJson} ${authSuccessJson}
'';
in
{
# Client initiates a FTP "control connection" on port 21.
# - this handles the client -> server commands, and the server -> client status, but not the actual data
# - file data, directory listings, etc need to be transferred on an ephemeral "data port".
# - 50000-50100 is a common port range for this.
sane.ports.ports = {
"21" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "colin-FTP server";
};
} // (sane-lib.mapToAttrs
(port: {
name = builtins.toString port;
value = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "colin-FTP server data port range";
};
})
(lib.range 50000 50100)
);
services.sftpgo = {
enable = true;
group = "export";
settings = {
ftpd = {
bindings = [
{
# binding this means any wireguard client can connect
address = "10.0.10.5";
port = 21;
debug = true;
}
{
# binding this means any LAN client can connect
address = "10.78.79.51";
port = 21;
debug = true;
}
];
# active mode is susceptible to "bounce attacks", without much benefit over passive mode
disable_active_mode = true;
hash_support = true;
passive_port_range = {
start = 50000;
end = 50100;
};
banner = ''
Welcome, friends, to Colin's read-only FTP server! Also available via NFS on the same host.
Username: "anonymous"
Password: "anonymous"
CONFIGURE YOUR CLIENT FOR "PASSIVE" mode, e.g. `ftp --passive uninsane.org`
Please let me know if anything's broken or not as it should be. Otherwise, browse and DL freely :)
'';
};
data_provider = {
driver = "memory";
external_auth_hook = "${authProgram}";
# track_quota:
# - 0: disable quota tracking
# - 1: quota is updated on every upload/delete, even if user has no quota restriction
# - 2: quota is updated on every upload/delete, but only if user/folder has a quota restriction (default, i think)
# track_quota = 2;
};
};
};
users.users.sftpgo.extraGroups = [ "export" ];
systemd.services.sftpgo = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
ReadOnlyPaths = [ "/var/export" ];
ReadWritePaths = [ "/var/export/playground" ];
Restart = "always";
RestartSec = "20s";
};
};
}

View File

@@ -0,0 +1,23 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p coreutils
# vim: set filetype=bash :
#
# available environment variables:
# - SFTPGO_AUTHD_USERNAME
# - SFTPGO_AUTHD_USER
# - SFTPGO_AUTHD_IP
# - SFTPGO_AUTHD_PROTOCOL = { "DAV", "FTP", "HTTP", "SSH" }
# - SFTPGO_AUTHD_PASSWORD
# - SFTPGO_AUTHD_PUBLIC_KEY
# - SFTPGO_AUTHD_KEYBOARD_INTERACTIVE
# - SFTPGO_AUTHD_TLS_CERT
#
#
# call with <script_name> /path/to/fail/response.json /path/to/success/response.json
if [ "$SFTPGO_AUTHD_USERNAME" = "anonymous" ]; then
cat "$2"
else
cat "$1"
fi

View File

@@ -15,7 +15,7 @@
owner = config.users.users.freshrss.name;
mode = "0400";
};
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "freshrss"; group = "freshrss"; path = "/var/lib/freshrss"; }
];

View File

@@ -1,70 +0,0 @@
# docs:
# - <https://github.com/drakkan/sftpgo>
# - config options: <https://github.com/drakkan/sftpgo/blob/main/docs/full-configuration.md>
# - config defaults: <https://github.com/drakkan/sftpgo/blob/main/sftpgo.json>
# - nixos options: <repo:nixos/nixpkgs:nixos/modules/services/web-apps/sftpgo.nix>
#
# sftpgo is a FTP server that also supports WebDAV, SFTP, and web clients.
{ lib, pkgs, sane-lib, ... }:
let
authProgram = pkgs.static-nix-shell.mkBash {
pname = "sftpgo_external_auth_hook";
src = ./.;
};
in
{
# Client initiates a FTP "control connection" on port 21.
# - this handles the client -> server commands, and the server -> client status, but not the actual data
# - file data, directory listings, etc need to be transferred on an ephemeral "data port".
# - 50000-50100 is a common port range for this.
sane.ports.ports = {
"21" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "colin-FTP server";
};
} // (sane-lib.mapToAttrs
(port: {
name = builtins.toString port;
value = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "colin-FTP server data port range";
};
})
(lib.range 50000 50100)
);
services.sftpgo = {
enable = true;
settings = {
ftpd = {
bindings = [{
address = "10.0.10.5";
port = 21;
debug = true;
}];
# active mode is susceptible to "bounce attacks", without much benefit over passive mode
disable_active_mode = true;
hash_support = true;
passive_port_range = {
start = 50000;
end = 50100;
};
banner = ''
Welcome, friends, to Colin's read-only FTP server! Also available via NFS on the same host.
Please let me know if anything's broken or not as it should be. Otherwise, browse and DL freely :)
'';
};
data_provider = {
driver = "memory";
external_auth_hook = "${authProgram}/bin/sftpgo_external_auth_hook";
};
};
};
}

View File

@@ -1,55 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash
# vim: set filetype=bash :
#
# available environment variables:
# - SFTPGO_AUTHD_USERNAME
# - SFTPGO_AUTHD_USER
# - SFTPGO_AUTHD_IP
# - SFTPGO_AUTHD_PROTOCOL = { "DAV", "FTP", "HTTP", "SSH" }
# - SFTPGO_AUTHD_PASSWORD
# - SFTPGO_AUTHD_PUBLIC_KEY
# - SFTPGO_AUTHD_KEYBOARD_INTERACTIVE
# - SFTPGO_AUTHD_TLS_CERT
#
# user permissions:
# - see <repo:drakkan/sftpgo:internal/dataprovider/user.go>
# - "*" = grant all permissions
# - read-only perms:
# - "list" = list files and directories
# - "download"
# - rw perms:
# - "upload"
# - "overwrite" = allow uploads to replace existing files
# - "delete" = delete files and directories
# - "delete_files"
# - "delete_dirs"
# - "rename" = rename files and directories
# - "rename_files"
# - "rename_dirs"
# - "create_dirs"
# - "create_symlinks"
# - "chmod"
# - "chown"
# - "chtimes" = change atime/mtime (access and modification times)
#
# home_dir:
# - it seems (empirically) that a user can't cd above their home directory.
# though i don't have a reference for that in the docs.
# TODO: don't reuse /var/nfs/export here. formalize this some other way.
if [ "$SFTPGO_AUTHD_USERNAME" = "anonymous" ]; then
echo '{'
echo ' "status":1,'
echo ' "username":"anonymous","expiration_date":0,'
echo ' "home_dir":"/var/nfs/export","uid":65534,"gid":65534,"max_sessions":0,"quota_size":0,"quota_files":100000,'
echo ' "permissions":{'
echo ' "/":["list", "download"]'
echo ' },'
echo ' "upload_bandwidth":0,"download_bandwidth":0,'
echo ' "filters":{"allowed_ip":[],"denied_ip":[]},"public_keys":[]'
echo '}'
else
echo '{"username":""}'
fi

View File

@@ -2,7 +2,7 @@
{ config, pkgs, lib, ... }:
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode? could be more granular
{ user = "git"; group = "gitea"; path = "/var/lib/gitea"; }
];
@@ -13,6 +13,10 @@
services.gitea.appName = "Perfectly Sane Git";
# services.gitea.disableRegistration = true;
services.gitea.database.createDatabase = false; #< silence warning which wants db user and name to be equal
# TODO: remove this after merge: <https://github.com/NixOS/nixpkgs/pull/268849>
services.gitea.database.socket = "/run/postgresql"; #< would have been set if createDatabase = true
# gitea doesn't create the git user
users.users.git = {
description = "Gitea Service";

View File

@@ -10,7 +10,7 @@
lib.mkIf false # i don't actively use ipfs anymore
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode? could be more granular
{ user = "261"; group = "261"; path = "/var/lib/ipfs"; }
];

View File

@@ -1,7 +1,7 @@
{ ... }:
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode? we only need this to save Indexer creds ==> migrate to config?
{ user = "root"; group = "root"; path = "/var/lib/jackett"; }
];

View File

@@ -40,7 +40,7 @@
description = "colin-jellyfin-https-lan";
};
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "jellyfin"; group = "jellyfin"; mode = "0700"; path = "/var/lib/jellyfin"; }
];
sane.fs."/var/lib/jellyfin/config/logging.json" = {

View File

@@ -1,9 +1,19 @@
# how to update wikipedia snapshot:
# - browse for later snapshots:
# - <https://mirror.accum.se/mirror/wikimedia.org/other/kiwix/zim/wikipedia>
# - DL directly, or via rsync (resumable):
# - `rsync --progress --append-verify rsync://mirror.accum.se/mirror/wikimedia.org/other/kiwix/zim/wikipedia/wikipedia_en_all_maxi_2022-05.zim .`
{ ... }:
{
sane.persist.sys.byStore.ext = [
{ user = "colin"; group = "users"; path = "/var/lib/kiwix"; }
];
sane.services.kiwix-serve = {
enable = true;
port = 8013;
zimPaths = [ "/var/lib/uninsane/www-archive/wikipedia_en_all_maxi_2022-05.zim" ];
zimPaths = [ "/var/lib/kiwix/wikipedia_en_all_maxi_2023-11.zim" ];
};
services.nginx.virtualHosts."w.uninsane.org" = {

View File

@@ -4,7 +4,7 @@ let
inherit (svc-cfg) user group port stateDir;
in
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ inherit user group; mode = "0700"; path = stateDir; }
];

View File

@@ -3,13 +3,23 @@
# - <repo:LemmyNet/lemmy:docker/nginx.conf>
# - <repo:LemmyNet/lemmy-ansible:templates/nginx.conf>
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
inherit (builtins) toString;
inherit (lib) mkForce;
uiPort = 1234; # default ui port is 1234
backendPort = 8536; # default backend port is 8536
# - i guess the "backend" port is used for federation?
#^ i guess the "backend" port is used for federation?
pict-rs = pkgs.pict-rs.overrideAttrs (upstream: {
# as of v 0.4.2, all non-GIF video is forcibly transcoded.
# that breaks lemmy, because of the request latency.
# and it eats up hella CPU.
# pict-rs is iffy around video altogether: mp4 seems the best supported.
postPatch = (upstream.postPatch or "") + ''
substituteInPlace src/validate.rs \
--replace 'if transcode_options.needs_reencode() {' 'if false {'
'';
});
in {
services.lemmy = {
enable = true;
@@ -56,4 +66,20 @@ in {
};
sane.dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
#v DO NOT REMOVE: defaults to 0.3, instead of latest, so always need to explicitly set this.
services.pict-rs.package = pict-rs;
# pict-rs configuration is applied in this order:
# - via toml
# - via env vars (overrides everything above)
# - via CLI flags (overrides everything above)
# some of the CLI flags have defaults, making it the only actual way to configure certain things even when docs claim otherwise.
# CLI args: <https://git.asonix.dog/asonix/pict-rs#user-content-running>
systemd.services.pict-rs.serviceConfig.ExecStart = lib.mkForce (lib.concatStringsSep " " [
"${lib.getBin pict-rs}/bin/pict-rs run"
"--media-max-frame-count" (builtins.toString (30*60*60))
"--media-process-timeout 120"
"--media-enable-full-video true" # allow audio
]);
}

View File

@@ -1,6 +1,16 @@
# docs: <https://nixos.wiki/wiki/Matrix>
# docs: <https://nixos.org/manual/nixos/stable/index.html#module-services-matrix-synapse>
# example config: <https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml>
#
# ENABLING PUSH NOTIFICATIONS (with UnifiedPush/ntfy):
# - Matrix "pushers" API spec: <https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3pushersset>
# - first, view notification settings:
# - obtain your client's auth token. e.g. Element -> profile -> help/about -> access token.
# - `curl --header 'Authorization: Bearer <your_access_token>' localhost:8008/_matrix/client/v3/pushers | jq .`
# - enable a new notification destination:
# - `curl --header "Authorization: Bearer <your_access_token>" --data '{ "app_display_name": "<topic>", "app_id": "ntfy.uninsane.org", "data": { "url": "https://ntfy.uninsane.org/_matrix/push/v1/notify", "format": "event_id_only" }, "device_display_name": "<topic>", "kind": "http", "lang": "en-US", "profile_tag": "", "pushkey": "<topic>" }' localhost:8008/_matrix/client/v3/pushers/set`
# - delete a notification destination by setting `kind` to `null` (otherwise, request is identical to above)
#
{ config, lib, pkgs, ... }:
{
@@ -10,23 +20,24 @@
./signal.nix
];
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; path = "/var/lib/matrix-synapse"; }
];
services.matrix-synapse.enable = true;
services.matrix-synapse.settings = {
# this changes the default log level from INFO to WARN.
# maybe there's an easier way?
services.matrix-synapse.settings.log_config = ./synapse-log_level.yaml;
services.matrix-synapse.settings.server_name = "uninsane.org";
log_config = ./synapse-log_level.yaml;
server_name = "uninsane.org";
# services.matrix-synapse.enable_registration_captcha = true;
# services.matrix-synapse.enable_registration_without_verification = true;
services.matrix-synapse.settings.enable_registration = true;
enable_registration = true;
# services.matrix-synapse.registration_shared_secret = "<shared key goes here>";
# default for listeners is port = 8448, tls = true, x_forwarded = false.
# we change this because the server is situated behind nginx.
services.matrix-synapse.settings.listeners = [
listeners = [
{
port = 8008;
bind_addresses = [ "127.0.0.1" ];
@@ -42,35 +53,40 @@
}
];
services.matrix-synapse.settings.x_forwarded = true; # because we proxy matrix behind nginx
services.matrix-synapse.settings.max_upload_size = "100M"; # default is "50M"
ip_range_whitelist = [
# to communicate with ntfy.uninsane.org push notifs.
# TODO: move this to some non-shared loopback device: we don't want Matrix spouting http requests to *anything* on this machine
"10.78.79.51"
];
services.matrix-synapse.settings.admin_contact = "admin.matrix@uninsane.org";
services.matrix-synapse.settings.registrations_require_3pid = [ "email" ];
x_forwarded = true; # because we proxy matrix behind nginx
max_upload_size = "100M"; # default is "50M"
admin_contact = "admin.matrix@uninsane.org";
registrations_require_3pid = [ "email" ];
};
services.matrix-synapse.extraConfigFiles = [
config.sops.secrets."matrix_synapse_secrets.yaml".path
];
# services.matrix-synapse.extraConfigFiles = [builtins.toFile "matrix-synapse-extra-config" ''
# admin_contact: "admin.matrix@uninsane.org"
# registrations_require_3pid:
# - email
# email:
# smtp_host: "mx.uninsane.org"
# smtp_port: 587
# smtp_user: "matrix-synapse"
# smtp_pass: "${secrets.matrix-synapse.smtp_pass}"
# require_transport_security: true
# enable_tls: true
# notif_from: "%(app)s <notify.matrix@uninsane.org>"
# app_name: "Uninsane Matrix"
# enable_notifs: true
# validation_token_lifetime: 96h
# invite_client_location: "https://web.matrix.uninsane.org"
# subjects:
# email_validation: "[%(server_name)s] Validate your email"
# ''];
systemd.services.matrix-synapse.postStart = ''
ACCESS_TOKEN=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.matrix_access_token.path})
TOPIC=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.ntfy-sh-topic.path})
echo "ensuring ntfy push gateway"
${pkgs.curl}/bin/curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
--data "{ \"app_display_name\": \"ntfy-adapter\", \"app_id\": \"ntfy.uninsane.org\", \"data\": { \"url\": \"https://ntfy.uninsane.org/_matrix/push/v1/notify\", \"format\": \"event_id_only\" }, \"device_display_name\": \"ntfy-adapter\", \"kind\": \"http\", \"lang\": \"en-US\", \"profile_tag\": \"\", \"pushkey\": \"$TOPIC\" }" \
localhost:8008/_matrix/client/v3/pushers/set
echo "registered push gateways:"
${pkgs.curl}/bin/curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
localhost:8008/_matrix/client/v3/pushers \
| ${pkgs.jq}/bin/jq .
'';
# new users may be registered on the CLI:
# register_new_matrix_user -c /nix/store/8n6kcka37jhmi4qpd2r03aj71pkyh21s-homeserver.yaml http://localhost:8008
@@ -141,4 +157,9 @@
sops.secrets."matrix_synapse_secrets.yaml" = {
owner = config.users.users.matrix-synapse.name;
};
sops.secrets."matrix_access_token" = {
owner = config.users.users.matrix-synapse.name;
};
# provide access to ntfy-sh-topic secret
users.users.matrix-synapse.extraGroups = [ "ntfy-sh" ];
}

View File

@@ -5,7 +5,7 @@
# - recommended to use mautrix-discord: <https://github.com/NixOS/nixpkgs/pull/200462>
lib.mkIf false
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; path = "/var/lib/mx-puppet-discord"; }
];

View File

@@ -101,7 +101,7 @@ in
})
];
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode?
{ user = "matrix-appservice-irc"; group = "matrix-appservice-irc"; path = "/var/lib/matrix-appservice-irc"; }
];
@@ -141,6 +141,7 @@ in
sasl = false;
# notable channels:
# - #hare
# - #mnt-reform
};
"irc.myanonamouse.net" = ircServer {
name = "MyAnonamouse";

View File

@@ -1,8 +1,10 @@
# config options:
# - <https://github.com/mautrix/signal/blob/master/mautrix_signal/example-config.yaml>
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
lib.mkIf false # disabled 2024/01/11: i don't use it, and pkgs.mautrix-signal had some API changes
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "mautrix-signal"; group = "mautrix-signal"; path = "/var/lib/mautrix-signal"; }
{ user = "signald"; group = "signald"; path = "/var/lib/signald"; }
];

View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "navidrome"; group = "navidrome"; path = "/var/lib/navidrome"; }
];
services.navidrome.enable = true;

View File

@@ -1,67 +0,0 @@
# docs:
# - <https://nixos.wiki/wiki/NFS>
# - <https://wiki.gentoo.org/wiki/Nfs-utils>
{ ... }:
{
services.nfs.server.enable = true;
# see which ports NFS uses with:
# - `rpcinfo -p`
sane.ports.ports."111" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server portmapper";
};
sane.ports.ports."2049" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
description = "NFS server";
};
sane.ports.ports."4000" = {
protocol = [ "udp" ];
visibleTo.lan = true;
description = "NFS server status daemon";
};
sane.ports.ports."4001" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server lock daemon";
};
sane.ports.ports."4002" = {
protocol = [ "tcp" "udp" ];
visibleTo.lan = true;
description = "NFS server mount daemon";
};
# NFS4 allows these to float, but NFS3 mandates specific ports, so fix them for backwards compat.
services.nfs.server.lockdPort = 4001;
services.nfs.server.mountdPort = 4002;
services.nfs.server.statdPort = 4000;
# format:
# fspoint visibility(options)
# options:
# - see: <https://wiki.gentoo.org/wiki/Nfs-utils#Exports>
# - see [man 5 exports](https://linux.die.net/man/5/exports)
# - insecure: require clients use src port > 1024
# - rw, ro (default)
# - async, sync (default)
# - no_subtree_check (default), subtree_check: verify not just that files requested by the client live
# in the expected fs, but also that they live under whatever subdirectory of that fs is exported.
# - no_root_squash, root_squash (default): map requests from uid 0 to user `nobody`.
# - crossmnt: reveal filesystems that are mounted under this endpoint
# - fsid: must be zero for the root export
# - mountpoint[=/path]: only export the directory if it's a mountpoint. used to avoid exporting failed mounts.
#
# 10.0.0.0/8 to export (readonly) both to LAN (unencrypted) and wg vpn (encrypted)
services.nfs.server.exports = ''
/var/nfs/export 10.78.79.0/22(ro,crossmnt,fsid=0,subtree_check) 10.0.10.0/24(rw,no_root_squash,crossmnt,fsid=0,subtree_check)
'';
fileSystems."/var/nfs/export/media" = {
# everything in here could be considered publicly readable (based on the viewer's legal jurisdiction)
device = "/var/lib/uninsane/media";
options = [ "rbind" ];
};
}

View File

@@ -1,4 +1,5 @@
# docs: https://nixos.wiki/wiki/Nginx
# docs: <https://nixos.wiki/wiki/Nginx>
# docs: <https://nginx.org/en/docs/>
{ config, lib, pkgs, ... }:
let
@@ -53,8 +54,10 @@ in
services.nginx.recommendedOptimisation = true;
# web blog/personal site
# alternative way to link stuff into the share:
# sane.fs."/var/lib/uninsane/share/Ubunchu".mount.bind = "/var/lib/uninsane/media/Books/Visual/HiroshiSeo/Ubunchu";
# sane.fs."/var/lib/uninsane/media/Books/Visual/HiroshiSeo/Ubunchu".dir = {};
services.nginx.virtualHosts."uninsane.org" = publog {
root = "${pkgs.uninsane-dot-org}/share/uninsane-dot-org";
# a lot of places hardcode https://uninsane.org,
# and then when we mix http + non-https, we get CORS violations
# and things don't look right. so force SSL.
@@ -64,9 +67,28 @@ in
# for OCSP stapling
sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
# uninsane.org/share/foo => /var/lib/uninsane/root/share/foo.
# yes, nginx does not strip the prefix when evaluating against the root.
locations."/share".root = "/var/lib/uninsane/root";
locations."/" = {
root = "${pkgs.uninsane-dot-org}/share/uninsane-dot-org";
tryFiles = "$uri $uri/ @fallback";
};
# unversioned files
locations."@fallback" = {
root = "/var/www/sites/uninsane.org";
};
# uninsane.org/share/foo => /var/www/sites/uninsane.org/share/foo.
# special-cased to enable directory listings
locations."/share" = {
root = "/var/www/sites/uninsane.org";
extraConfig = ''
# autoindex => render directory listings
autoindex on;
# don't follow any symlinks when serving files
# otherwise it allows a directory escape
disable_symlinks on;
'';
};
# allow matrix users to discover that @user:uninsane.org is reachable via matrix.uninsane.org
locations."= /.well-known/matrix/server".extraConfig =
@@ -107,6 +129,19 @@ in
# proxyPass = "http://127.0.0.1:4000";
# extraConfig = pleromaExtraConfig;
# };
# redirect common feed URIs to the canonical feed
locations."= /atom".extraConfig = "return 301 /atom.xml;";
locations."= /feed".extraConfig = "return 301 /atom.xml;";
locations."= /feed.xml".extraConfig = "return 301 /atom.xml;";
locations."= /rss".extraConfig = "return 301 /atom.xml;";
locations."= /rss.xml".extraConfig = "return 301 /atom.xml;";
locations."= /blog/atom".extraConfig = "return 301 /atom.xml;";
locations."= /blog/atom.xml".extraConfig = "return 301 /atom.xml;";
locations."= /blog/feed".extraConfig = "return 301 /atom.xml;";
locations."= /blog/feed.xml".extraConfig = "return 301 /atom.xml;";
locations."= /blog/rss".extraConfig = "return 301 /atom.xml;";
locations."= /blog/rss.xml".extraConfig = "return 301 /atom.xml;";
};
@@ -133,8 +168,7 @@ in
security.acme.acceptTerms = true;
security.acme.defaults.email = "admin.acme@uninsane.org";
sane.persist.sys.plaintext = [
# TODO: mode?
sane.persist.sys.byStore.plaintext = [
{ user = "acme"; group = "acme"; path = "/var/lib/acme"; }
{ user = "colin"; group = "users"; path = "/var/www/sites"; }
];

View File

@@ -0,0 +1,26 @@
{ lib, pkgs, ... }:
lib.optionalAttrs false # disabled until i can be sure it's not gonna OOM my server in the middle of the night
{
systemd.services.nixos-prebuild = {
description = "build a nixos image with all updated deps";
path = with pkgs; [ coreutils git nix ];
script = ''
working=$(mktemp -d /tmp/nixos-prebuild.XXXXXX)
pushd "$working"
git clone https://git.uninsane.org/colin/nix-files.git \
&& cd nix-files \
&& nix flake update \
|| true
RC=$(nix run "$working/nix-files#check" -- -j1 --cores 5 --builders "")
popd
rm -rf "$working"
exit "$RC"
'';
};
systemd.timers.nixos-prebuild = {
wantedBy = [ "multi-user.target" ];
timerConfig.OnCalendar = "11,23:00:00";
};
}

View File

@@ -0,0 +1,14 @@
# ntfy: UnifiedPush notification delivery system
# - used to get push notifications out of Matrix and onto a Phone (iOS, Android, or a custom client)
{ config, ... }:
{
imports = [
./ntfy-waiter.nix
./ntfy-sh.nix
];
sops.secrets."ntfy-sh-topic" = {
mode = "0440";
owner = config.users.users.ntfy-sh.name;
group = config.users.users.ntfy-sh.name;
};
}

View File

@@ -0,0 +1,92 @@
# ntfy: UnifiedPush notification delivery system
# - used to get push notifications out of Matrix and onto a Phone (iOS, Android, or a custom client)
#
# config options:
# - <https://docs.ntfy.sh/config/#config-options>
#
# usage:
# - ntfy sub https://ntfy.uninsane.org/TOPIC
# - ntfy pub https://ntfy.uninsane.org/TOPIC "my message"
# in production, TOPIC is a shared secret between the publisher (Matrix homeserver) and the subscriber (phone)
#
# administering:
# - sudo -u ntfy-sh ntfy access
#
# debugging:
# - make sure that the keepalives are good:
# - on the subscriber machine, run `lsof -i4` to find the port being used
# - `sudo tcpdump tcp port <p>`
# - shouldn't be too spammy
#
# matrix integration:
# - the user must manually point synapse to the ntfy endpoint:
# - `curl --header "Authorization: <your_token>" --data '{ "app_display_name": "sane-nix moby", "app_id": "ntfy.uninsane.org", "data": { "url": "https://ntfy.uninsane.org/_matrix/push/v1/notify", "format": "event_id_only" }, "device_display_name": "sane-nix moby", "kind": "http", "lang": "en-US", "profile_tag": "", "pushkey": "https://ntfy.uninsane.org/TOPIC" }' localhost:8008/_matrix/client/v3/pushers/set`
# where the token is grabbed from Element's help&about page when logged in
# - to remove, send this `curl` with `"kind": null`
{ config, lib, pkgs, ... }:
let
# subscribers need a non-443 public port to listen on as a way to easily differentiate this traffic
# at the IP layer, to enable e.g. wake-on-lan.
altPort = 2587;
in
{
sane.persist.sys.byStore.plaintext = [
# not 100% necessary to persist this, but ntfy does keep a 12hr (by default) cache
# for pushing notifications to users who become offline.
# ACLs also live here.
{ user = "ntfy-sh"; group ="ntfy-sh"; path = "/var/lib/ntfy-sh"; }
];
services.ntfy-sh.enable = true;
services.ntfy-sh.settings = {
base-url = "https://ntfy.uninsane.org";
behind-proxy = true; # not sure if needed
# keepalive interval is a ntfy-specific keepalive thing, where it sends actual data down the wire.
# it's not simple TCP keepalive.
# defaults to 45s.
# note that the client may still do its own TCP-level keepalives, typically every 30s
keepalive-interval = "15m";
log-level = "trace"; # trace, debug, info (default), warn, error
auth-default-access = "deny-all";
};
systemd.services.ntfy-sh.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.ntfy-sh.preStart = ''
# make this specific topic read-write by world
# it would be better to use the token system, but that's extra complexity for e.g.
# how do i plumb a secret into the Matrix notification pusher
#
# note that this will fail upon first run, i.e. before ntfy has created its db.
# just restart the service.
topic=$(cat ${config.sops.secrets.ntfy-sh-topic.path})
${pkgs.ntfy-sh}/bin/ntfy access everyone "$topic" read-write
'';
services.nginx.virtualHosts."ntfy.uninsane.org" = {
forceSSL = true;
enableACME = true;
listen = [
{ addr = "0.0.0.0"; port = altPort; ssl = true; }
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
];
locations."/" = {
proxyPass = "http://127.0.0.1:2586";
proxyWebsockets = true; #< support websocket upgrades. without that, `ntfy sub` hangs silently
recommendedProxySettings = true; #< adds headers so ntfy logs include the real IP
extraConfig = ''
# absurdly long timeout (86400s=24h) so that we never hang up on clients.
# make sure the client is smart enough to detect a broken proxy though!
proxy_read_timeout 86400s;
'';
};
};
sane.dns.zones."uninsane.org".inet.CNAME."ntfy" = "native";
sane.ports.ports."${builtins.toString altPort}" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-ntfy.uninsane.org";
};
}

View File

@@ -0,0 +1,151 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages (ps: [ ])" -p ntfy-sh
import argparse
import logging
import os
import socket
import subprocess
import sys
import threading
import time
logger = logging.getLogger(__name__)
LISTEN_QUEUE = 3
WAKE_MESSAGE = b'notification\n'
class Client:
def __init__(self, sock, addr_info, live_after: float):
self.live_after = live_after
self.sock = sock
self.addr_info = addr_info
def __cmp__(self, other: 'Client'):
return cmp(self.addr_info, other.addr_info)
def try_notify(self, message: bytes) -> bool:
"""
returns true if we send a packet to notify client.
fals otherwise (e.g. the socket is dead).
"""
ttl = self.live_after - time.time()
if ttl > 0:
logger.debug(f"sleeping {ttl:.2f}s until client {self.addr_info} is ready to receive notification")
time.sleep(ttl)
try:
self.sock.sendall(message)
except Exception as e:
logger.warning(f"failed to notify client {self.addr_info} {e}")
return False
else:
logger.info(f"successfully notified {self.addr_info}: {message}")
return True
class Adapter:
def __init__(self, host: str, port: int, silence: int, topic: str):
self.host = host
self.port = port
self.silence = silence
self.topic = topic
self.clients = set()
def log_clients(self):
clients_str = '\n'.join(f' {c.addr_info}' for c in self.clients)
logger.debug(f"clients alive ({len(self.clients)}):\n{clients_str}")
def add_client(self, client: Client):
# it's a little bit risky to keep more than one client at the same IP address,
# because it's possible a notification comes in and we ring the old connection,
# even when the new connection says "don't ring yet".
for c in set(self.clients):
if c.addr_info[0] == client.addr_info[0]:
logger.info(f"purging old client before adding new one at same address: {c.addr_info} -> {client.addr_info}")
self.clients.remove(c)
logger.info(f"accepted client at {client.addr_info}")
self.clients.add(client)
def listener_loop(self):
logger.info(f"listening for connections on {self.host}:{self.port}")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((self.host, self.port))
s.listen(LISTEN_QUEUE)
while True:
conn, addr_info = s.accept()
self.add_client(Client(conn, addr_info, live_after = time.time() + self.silence))
def notify_clients(self, message: bytes = WAKE_MESSAGE):
# notify every client, and drop any which have disconnected.
# note that we notify based on age (oldest -> youngest)
# because notifying young clients might entail sleeping until they're ready.
clients = sorted(self.clients, key=lambda c: (c.live_after, c.addr_info))
dead_clients = [
c for c in clients if not c.try_notify(message)
]
for c in dead_clients:
self.clients.remove(c)
self.log_clients()
def notify_loop(self):
logger.info("waiting for notification events")
ntfy_proc = subprocess.Popen(
[
"ntfy",
"sub",
f"https://ntfy.uninsane.org/{self.topic}"
],
stdout=subprocess.PIPE
)
for line in iter(ntfy_proc.stdout.readline, b''):
logger.debug(f"received notification: {line}")
self.notify_clients()
def get_topic() -> str:
return open('/run/secrets/ntfy-sh-topic', 'rt').read().strip()
def run_forever(callable):
try:
callable()
except Exception as e:
logger.error(f"{callable} failed: {e}")
else:
logger.error(f"{callable} unexpectedly returned")
# sys.exit(1)
os._exit(1) # sometimes `sys.exit()` doesn't actually exit...
def main():
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
parser = argparse.ArgumentParser(description="accept connections and notify the other end upon ntfy activity, with a guaranteed amount of silence")
parser.add_argument('--verbose', action='store_true')
parser.add_argument('--host', type=str, default='')
parser.add_argument('--port', type=int)
parser.add_argument('--silence', type=int, help="number of seconds to remain silent upon accepting a connection")
args = parser.parse_args()
if args.verbose:
logging.getLogger().setLevel(logging.DEBUG)
else:
logging.getLogger().setLevel(logging.INFO)
adapter = Adapter(args.host, args.port, args.silence, get_topic())
listener_loop = threading.Thread(target=run_forever, name="listener_loop", args=(adapter.listener_loop,))
notify_loop = threading.Thread(target=run_forever, name="notify_loop", args=(adapter.notify_loop,))
# TODO: this method of exiting seems to sometimes leave the listener behind (?)
# preventing anyone else from re-binding the port.
listener_loop.start()
notify_loop.start()
listener_loop.join()
notify_loop.join()
if __name__ == '__main__':
main()

View File

@@ -0,0 +1,72 @@
# service which adapts ntfy-sh into something suitable specifically for the Pinephone's
# wake-on-lan (WoL) feature.
# notably, it provides a mechanism by which the caller can be confident of an interval in which
# zero traffic will occur on the TCP connection, thus allowing it to enter sleep w/o fear of hitting
# race conditions in the Pinephone WoL feature.
{ config, lib, pkgs, ... }:
let
cfg = config.sane.ntfy-waiter;
portLow = 5550;
portHigh = 5559;
portRange = lib.range portLow portHigh;
numPorts = portHigh - portLow + 1;
mkService = port: let
silence = port - portLow;
flags = lib.optional cfg.verbose "--verbose";
cli = [
"${cfg.package}/bin/ntfy-waiter"
"--port"
"${builtins.toString port}"
"--silence"
"${builtins.toString silence}"
] ++ flags;
in {
"ntfy-waiter-${builtins.toString silence}" = {
# TODO: run not as root (e.g. as ntfy-sh)
description = "wait for notification, with ${builtins.toString silence} seconds of guaranteed silence";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "5s";
ExecStart = lib.concatStringsSep " " cli;
};
after = [ "network.target" ];
wantedBy = [ "default.target" ];
};
};
in
{
options = with lib; {
sane.ntfy-waiter.enable = mkOption {
type = types.bool;
default = true;
};
sane.ntfy-waiter.verbose = mkOption {
type = types.bool;
default = true;
};
sane.ntfy-waiter.package = mkOption {
type = types.package;
default = pkgs.static-nix-shell.mkPython3Bin {
pname = "ntfy-waiter";
src = ./.;
pkgs = [ "ntfy-sh" ];
};
description = ''
exposed to provide an attr-path by which one may build the package for manual testing.
'';
};
};
config = lib.mkIf cfg.enable {
sane.ports.ports = lib.mkMerge (lib.forEach portRange (port: {
"${builtins.toString port}" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-notification-waiter-${builtins.toString (port - portLow + 1)}-of-${builtins.toString numPorts}";
};
}));
systemd.services = lib.mkMerge (builtins.map mkService portRange);
};
}

View File

@@ -5,7 +5,7 @@ let
cfg = config.services.pict-rs;
in
{
sane.persist.sys.plaintext = lib.mkIf cfg.enable [
sane.persist.sys.byStore.plaintext = lib.mkIf cfg.enable [
{ user = "pict-rs"; group = "pict-rs"; path = cfg.dataDir; }
];

View File

@@ -14,7 +14,7 @@ let
# logLevel = "debug";
in
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
{ user = "pleroma"; group = "pleroma"; path = "/var/lib/pleroma"; }
];
services.pleroma.enable = true;
@@ -63,6 +63,7 @@ in
database: "pleroma",
hostname: "localhost",
pool_size: 10,
prepare: :named,
parameters: [
plan_cache_mode: "force_custom_plan"
]

View File

@@ -1,12 +1,39 @@
{ ... }:
{ pkgs, ... }:
let
GiB = n: MiB 1024*n;
MiB = n: KiB 1024*n;
KiB = n: 1024*n;
in
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode?
{ user = "postgres"; group = "postgres"; path = "/var/lib/postgresql"; }
];
services.postgresql.enable = true;
# services.postgresql.dataDir = "/opt/postgresql/13";
# HOW TO UPDATE:
# postgres version updates are manual and require intervention.
# - `sane-stop-all-servo`
# - `systemctl start postgresql`
# - as `sudo su postgres`:
# - `cd /var/log/postgresql`
# - `pg_dumpall > state.sql`
# - `echo placeholder > <new_version>` # to prevent state from being created earlier than we want
# - then, atomically:
# - update the `services.postgresql.package` here
# - `dataDir` is atomically updated to match package; don't touch
# - `nixos-rebuild --flake . switch ; sane-stop-all-servo`
# - `sudo rm -rf /var/lib/postgresql/<new_version>`
# - `systemctl start postgresql`
# - as `sudo su postgres`:
# - `cd /var/lib/postgreql`
# - `psql -f state.sql`
# - restart dependent services (maybe test one at a time)
services.postgresql.package = pkgs.postgresql_15;
# XXX colin: for a proper deploy, we'd want to include something for Pleroma here too.
# services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
# CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '<password goes here>';
@@ -17,10 +44,33 @@
# LC_CTYPE = "C";
# '';
# TODO: perf tuning
# perf tuning
# - for recommended values see: <https://pgtune.leopard.in.ua/>
# - for official docs (sparse), see: <https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE>
# services.postgresql.settings = { ... }
services.postgresql.settings = {
# DB Version: 15
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 32 GB
# CPUs num: 12
# Data Storage: ssd
max_connections = 200;
shared_buffers = "8GB";
effective_cache_size = "24GB";
maintenance_work_mem = "2GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "10485kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 12;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 12;
max_parallel_maintenance_workers = 4;
};
# daily backups to /var/backup
services.postgresqlBackup.enable = true;

View File

@@ -1,81 +0,0 @@
# example configs:
# - <https://github.com/kittywitch/nixfiles/blob/main/services/prosody.nix>
# create users with:
# - `sudo -u prosody prosodyctl adduser colin@uninsane.org`
{ lib, ... }:
# XXX disabled: doesn't send messages to nixnet.social (only receives them).
# nixnet runs ejabberd, so revisiting that.
lib.mkIf false
{
sane.persist.sys.plaintext = [
{ user = "prosody"; group = "prosody"; path = "/var/lib/prosody"; }
];
sane.ports.ports."5222" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-client-to-server";
};
sane.ports.ports."5269" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-xmpp-server-to-server";
};
sane.ports.ports."5280" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-bosh";
};
sane.ports.ports."5281" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-prosody-https"; # necessary?
};
# provide access to certs
users.users.prosody.extraGroups = [ "nginx" ];
security.acme.certs."uninsane.org".extraDomainNames = [
"conference.xmpp.uninsane.org"
"upload.xmpp.uninsane.org"
];
services.prosody = {
enable = true;
admins = [ "colin@uninsane.org" ];
# allowRegistration = false;
# extraConfig = ''
# s2s_require_encryption = true
# c2s_require_encryption = true
# '';
extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"];
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
ssl.key = "/var/lib/acme/uninsane.org/key.pem";
muc = [
{
domain = "conference.xmpp.uninsane.org";
}
];
uploadHttp.domain = "upload.xmpp.uninsane.org";
virtualHosts = {
localhost = {
domain = "localhost";
enabled = true;
};
"xmpp.uninsane.org" = {
domain = "uninsane.org";
enabled = true;
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
ssl.key = "/var/lib/acme/uninsane.org/key.pem";
};
};
};
}

View File

@@ -0,0 +1,289 @@
# example configs:
# - official: <https://prosody.im/doc/example_config>
# - nixos: <https://github.com/kittywitch/nixfiles/blob/main/services/prosody.nix>
# config options:
# - <https://prosody.im/doc/configure>
#
# modules:
# - main: <https://prosody.im/doc/modules>
# - community: <https://modules.prosody.im/index.html>
#
# debugging:
# - logging:
# - enable `stanza_debug` module
# - enable `log.debug = "*syslog"` in extraConfig
# - interactive:
# - `telnet localhost 5582` (this is equal to `prosodyctl shell` -- but doesn't hang)
# - `watch:stanzas(target_spec, filter)` -> to log stanzas, for version > 0.12
# - console docs: <https://prosody.im/doc/console>
# - can modify/inspect arbitrary internals (lua) by prefixing line with `> `
# - e.g. `> _G` to print all globals
#
# sanity checks:
# - `sudo -u prosody -g prosody prosodyctl check connectivity`
# - `sudo -u prosody -g prosody prosodyctl check turn`
# - `sudo -u prosody -g prosody prosodyctl check turn -v --ping=stun.conversations.im`
# - checks that my stun/turn server is usable by clients of conversations.im (?)
# - `sudo -u prosody -g prosody prosodyctl check` (dns, config, certs)
#
#
# create users with:
# - `sudo -u prosody prosodyctl adduser colin@uninsane.org`
#
#
# federation/support matrix:
# - nixnet.services (runs ejabberd):
# - WORKS: sending and receiving PMs and calls (2023/10/15)
# - N.B.: it didn't originally work; was solved by disabling the lua-unbound DNS option & forcing the system/local resolver
# - cheogram (XMPP <-> SMS gateway):
# - WORKS: sending and receiving PMs, images (2023/10/15)
# - PARTIAL: calls (xmpp -> tel works; tel -> xmpp fails)
# - maybe i need to setup stun/turn
#
# TODO:
# - enable push notifications (mod_cloud_notify)
# - optimize coturn (e.g. move off of the VPN!)
# - ensure muc is working
# - enable file uploads
# - "upload.xmpp.uninsane.org:http_upload: URL: <https://upload.xmpp.uninsane.org:5281/upload> - Ensure this can be reached by users"
# - disable or fix bosh (jabber over http):
# - "certmanager: No certificate/key found for client_https port 0"
{ lib, pkgs, ... }:
let
# enables very verbose logging
enableDebug = false;
in
{
sane.persist.sys.byStore.plaintext = [
{ user = "prosody"; group = "prosody"; path = "/var/lib/prosody"; }
];
sane.ports.ports."5000" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-prosody-fileshare-proxy65";
};
sane.ports.ports."5222" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-client-to-server";
};
sane.ports.ports."5223" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpps-client-to-server"; # XMPP over TLS
};
sane.ports.ports."5269" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-xmpp-server-to-server";
};
sane.ports.ports."5270" = {
protocol = [ "tcp" ];
visibleTo.wan = true;
description = "colin-xmpps-server-to-server"; # XMPP over TLS
};
sane.ports.ports."5280" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-bosh";
};
sane.ports.ports."5281" = {
protocol = [ "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-xmpp-prosody-https"; # necessary?
};
users.users.prosody.extraGroups = [
"nginx" # provide access to certs
"ntfy-sh" # access to secret ntfy topic
];
security.acme.certs."uninsane.org".extraDomainNames = [
"xmpp.uninsane.org"
"conference.xmpp.uninsane.org"
"upload.xmpp.uninsane.org"
];
# exists so the XMPP server's cert can obtain altNames for all its resources
services.nginx.virtualHosts."xmpp.uninsane.org" = {
useACMEHost = "uninsane.org";
};
services.nginx.virtualHosts."conference.xmpp.uninsane.org" = {
useACMEHost = "uninsane.org";
};
services.nginx.virtualHosts."upload.xmpp.uninsane.org" = {
useACMEHost = "uninsane.org";
};
sane.dns.zones."uninsane.org".inet = {
# XXX: SRV records have to point to something with a A/AAAA record; no CNAMEs
A."xmpp" = "%ANATIVE%";
CNAME."conference.xmpp" = "xmpp";
CNAME."upload.xmpp" = "xmpp";
# _Service._Proto.Name TTL Class SRV Priority Weight Port Target
# - <https://xmpp.org/extensions/xep-0368.html>
# something's requesting the SRV records for conference.xmpp, so let's include it
# nothing seems to request XMPP SRVs for the other records (except @)
# lower numerical priority field tells clients to prefer this method
SRV."_xmpps-client._tcp.conference.xmpp" = "3 50 5223 xmpp";
SRV."_xmpps-server._tcp.conference.xmpp" = "3 50 5270 xmpp";
SRV."_xmpp-client._tcp.conference.xmpp" = "5 50 5222 xmpp";
SRV."_xmpp-server._tcp.conference.xmpp" = "5 50 5269 xmpp";
SRV."_xmpps-client._tcp" = "3 50 5223 xmpp";
SRV."_xmpps-server._tcp" = "3 50 5270 xmpp";
SRV."_xmpp-client._tcp" = "5 50 5222 xmpp";
SRV."_xmpp-server._tcp" = "5 50 5269 xmpp";
};
# help Prosody find its certificates.
# pointing it to /var/lib/acme doesn't quite work because it expects the private key
# to be named `privkey.pem` instead of acme's `key.pem`
# <https://prosody.im/doc/certificates#automatic_location>
sane.fs."/etc/prosody/certs/uninsane.org/fullchain.pem" = {
symlink.target = "/var/lib/acme/uninsane.org/fullchain.pem";
wantedBeforeBy = [ "prosody.service" ];
};
sane.fs."/etc/prosody/certs/uninsane.org/privkey.pem" = {
symlink.target = "/var/lib/acme/uninsane.org/key.pem";
wantedBeforeBy = [ "prosody.service" ];
};
services.prosody = {
enable = true;
package = pkgs.prosody.override {
# XXX(2023/10/15): build without lua-unbound support.
# this forces Prosody to fall back to the default Lua DNS resolver, which seems more reliable.
# fixes errors like "unbound.queryXYZUV: Resolver error: out of memory"
# related: <https://issues.prosody.im/1737#comment-11>
lua.withPackages = selector: pkgs.lua.withPackages (p:
selector (p // { luaunbound = null; })
);
# withCommunityModules = [ "turncredentials" ];
};
admins = [ "colin@uninsane.org" ];
# allowRegistration = false; # defaults to false
muc = [
{
domain = "conference.xmpp.uninsane.org";
}
];
uploadHttp.domain = "upload.xmpp.uninsane.org";
virtualHosts = {
# "Prosody requires at least one enabled VirtualHost to function. You can
# safely remove or disable 'localhost' once you have added another."
# localhost = {
# domain = "localhost";
# enabled = true;
# };
"xmpp.uninsane.org" = {
domain = "uninsane.org";
enabled = true;
};
};
## modules:
# these are enabled by default, via <repo:nixos/nixpkgs:/pkgs/servers/xmpp/prosody/default.nix>
# - cloud_notify
# - http_upload
# - vcard_muc
# these are enabled by the module defaults (services.prosody.modules.<foo>)
# - admin_adhoc
# - blocklist
# - bookmarks
# - carbons
# - cloud_notify
# - csi
# - dialback
# - disco
# - http_files
# - mam
# - pep
# - ping
# - private
# - XEP-0049: let clients store arbitrary (private) data on the server
# - proxy65
# - XEP-0065: allow server to proxy file transfers between two clients who are behind NAT
# - register
# - roster
# - saslauth
# - smacks
# - time
# - tls
# - uptime
# - vcard_legacy
# - version
extraPluginPaths = [ ./modules ];
extraModules = [
# admin_shell: allows `prosodyctl shell` to work
# see: <https://prosody.im/doc/modules/mod_admin_shell>
# see: <https://prosody.im/doc/console>
"admin_shell"
"admin_telnet" #< needed by admin_shell
# lastactivity: XEP-0012: allow users to query how long another user has been idle for
# - not sure why i enabled this; think it was in someone's config i referenced
"lastactivity"
# allows prosody to share TURN/STUN secrets with XMPP clients to provide them access to the coturn server.
# see: <https://prosody.im/doc/coturn>
"turn_external"
# legacy coturn integration
# see: <https://modules.prosody.im/mod_turncredentials.html>
# "turncredentials"
"sane_ntfy"
] ++ lib.optionals enableDebug [
"stanza_debug" #< logs EVERY stanza as debug: <https://prosody.im/doc/modules/mod_stanza_debug>
];
extraConfig = ''
local function readAll(file)
local f = assert(io.open(file, "rb"))
local content = f:read("*all")
f:close()
-- remove trailing newline
return string.gsub(content, "%s+", "")
end
-- logging docs:
-- - <https://prosody.im/doc/logging>
-- - <https://prosody.im/doc/advanced_logging>
-- levels: debug, info, warn, error
log = {
${if enableDebug then "debug" else "info"} = "*syslog";
}
-- see: <https://prosody.im/doc/certificates#automatic_location>
-- try to solve: "certmanager: Error indexing certificate directory /etc/prosody/certs: cannot open /etc/prosody/certs: No such file or directory"
-- only, this doesn't work because prosody doesn't like acme's naming scheme
-- certificates = "/var/lib/acme"
c2s_direct_tls_ports = { 5223 }
s2s_direct_tls_ports = { 5270 }
turn_external_host = "turn.uninsane.org"
turn_external_secret = readAll("/var/lib/coturn/shared_secret.bin")
-- turn_external_user = "prosody"
-- legacy mod_turncredentials integration
-- turncredentials_host = "turn.uninsane.org"
-- turncredentials_secret = readAll("/var/lib/coturn/shared_secret.bin")
ntfy_binary = "${pkgs.ntfy-sh}/bin/ntfy"
ntfy_topic = readAll("/run/secrets/ntfy-sh-topic")
-- s2s_require_encryption = true
-- c2s_require_encryption = true
'';
};
}

View File

@@ -0,0 +1,52 @@
-- simple proof-of-concept Prosody module
-- module development guide: <https://prosody.im/doc/developers/modules>
-- module API docs: <https://prosody.im/doc/developers/moduleapi>
--
-- much of this code is lifted from Prosody's own `mod_cloud_notify`
local jid = require"util.jid";
local ntfy = module:get_option_string("ntfy_binary", "ntfy");
local ntfy_topic = module:get_option_string("ntfy_topic", "xmpp");
module:log("info", "initialized");
local function is_urgent(stanza)
if stanza.name == "message" then
if stanza:get_child("propose", "urn:xmpp:jingle-message:0") then
return true, "jingle call";
end
end
end
local function publish_ntfy(message)
-- message should be the message to publish
local ntfy_url = string.format("https://ntfy.uninsane.org/%s", ntfy_topic)
local cmd = string.format("%s pub %q %q", ntfy, ntfy_url, message)
module.log("debug", "invoking ntfy: %s", cmd)
local success, reason, code = os.execute(cmd)
if not success then
module:log("warn", "ntfy failed: %s => %s %d", cmd, reason, code)
end
end
local function archive_message_added(event)
-- event is: { origin = origin, stanza = stanza, for_user = store_user, id = id }
local stanza = event.stanza;
local to = stanza.attr.to;
to = to and jid.split(to) or event.origin.username;
-- only notify if the stanza destination is the mam user we store it for
if event.for_user == to then
local is_urgent_stanza, urgent_reason = is_urgent(event.stanza);
if is_urgent_stanza then
module:log("info", "urgent push for %s (%s)", to, urgent_reason);
publish_ntfy(urgent_reason)
end
end
end
module:hook("archive-message-added", archive_message_added);

View File

@@ -0,0 +1,74 @@
# Soulseek daemon (p2p file sharing with an emphasis on Music)
# docs: <https://github.com/slskd/slskd/blob/master/docs/config.md>
#
# config precedence (higher precedence overrules lower precedence):
# - Default Values < Environment Variables < YAML Configuraiton File < Command Line Arguments
{ config, lib, ... }:
{
sane.persist.sys.byStore.plaintext = [
{ user = "slskd"; group = "slskd"; path = "/var/lib/slskd"; }
];
sops.secrets."slskd_env" = {
owner = config.users.users.slskd.name;
mode = "0400";
};
users.users.slskd.extraGroups = [ "media" ];
sane.ports.ports."50000" = {
protocol = [ "tcp" ];
# not visible to WAN: i run this in a separate netns
visibleTo.ovpn = true;
description = "colin-soulseek";
};
sane.dns.zones."uninsane.org".inet.CNAME."soulseek" = "native";
services.nginx.virtualHosts."soulseek.uninsane.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.0.1.6:5001";
proxyWebsockets = true;
};
};
services.slskd.enable = true;
# env file, for auth (SLSKD_SLSK_PASSWORD, SLSKD_SLSK_USERNAME)
services.slskd.environmentFile = config.sops.secrets.slskd_env.path;
services.slskd.settings = {
soulseek.diagnostic_level = "Debug"; # one of "None"|"Warning"|"Info"|"Debug"
shares.directories = [
# folders to share
# syntax: <https://github.com/slskd/slskd/blob/master/docs/config.md#directories>
# [Alias]/path/on/disk
# NOTE: Music library is quick to scan; videos take a solid 10min to scan.
# TODO: re-enable the other libraries
# "[Audioooks]/var/lib/uninsane/media/Books/Audiobooks"
# "[Books]/var/lib/uninsane/media/Books/Books"
# "[Manga]/var/lib/uninsane/media/Books/Visual"
# "[games]/var/lib/uninsane/media/games"
"[Music]/var/lib/uninsane/media/Music"
# "[Film]/var/lib/uninsane/media/Videos/Film"
# "[Shows]/var/lib/uninsane/media/Videos/Shows"
];
# directories.downloads = "..." # TODO
# directories.incomplete = "..." # TODO
# what unit is this? kbps??
global.upload.speed_limit = 32000;
web.logging = true;
# debug = true;
flags.no_logo = true; # don't show logo at start
# flags.volatile = true; # store searches and active transfers in RAM (completed transfers still go to disk). rec for btrfs/zfs
};
systemd.services.slskd = {
serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";
Restart = lib.mkForce "always"; # exits "success" when it fails to connect to soulseek server
RestartSec = "60s";
Group = "media";
};
};
}

View File

@@ -1,12 +1,27 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: mode? we need this specifically for the stats tracking in .config/
{ user = "transmission"; group = "transmission"; path = "/var/lib/transmission"; }
{ user = "transmission"; group = config.users.users.transmission.group; path = "/var/lib/transmission"; }
];
users.users.transmission.extraGroups = [ "media" ];
services.transmission.enable = true;
services.transmission.package = pkgs.transmission_4; #< 2023/09/06: nixpkgs `transmission` defaults to old 3.00
#v setting `group` this way doesn't tell transmission to `chown` the files it creates
# it's a nixpkgs setting which just runs the transmission daemon as this group
services.transmission.group = "media";
# transmission will by default not allow the world to read its files.
services.transmission.downloadDirPermissions = "775";
services.transmission.extraFlags = [
# "--log-level=debug"
];
services.transmission.settings = {
# message-level = 3; #< enable for debug logging. 0-3, default is 2.
# 0.0.0.0 => allow rpc from any host: we gate it via firewall and auth requirement
rpc-bind-address = "0.0.0.0";
#rpc-host-whitelist = "bt.uninsane.org";
#rpc-whitelist = "*.*.*.*";
@@ -17,17 +32,16 @@
rpc-password = "{503fc8928344f495efb8e1f955111ca5c862ce0656SzQnQ5";
rpc-whitelist-enabled = false;
# download-dir = "/opt/uninsane/media/";
# hopefully, make the downloads world-readable
umask = 0;
# umask = 0; #< default is 2: i.e. deny writes from world
# force peer connections to be encrypted
encryption = 2;
# units in kBps
speed-limit-down = 3000;
speed-limit-down = 12000;
speed-limit-down-enabled = true;
speed-limit-up = 600;
speed-limit-up = 800;
speed-limit-up-enabled = true;
# see: https://git.zknt.org/mirror/transmission/commit/cfce6e2e3a9b9d31a9dafedd0bdc8bf2cdb6e876?lang=bg-BG
@@ -35,17 +49,18 @@
download-dir = "/var/lib/uninsane/media";
incomplete-dir = "/var/lib/uninsane/media/incomplete";
# transmission regularly fails to move stuff from the incomplete dir to the main one, so disable:
# TODO: uncomment this line!
incomplete-dir-enabled = false;
};
# transmission will by default not allow the world to read its files.
services.transmission.downloadDirPermissions = "775";
systemd.services.transmission.after = [ "wireguard-wg-ovpns.service" ];
systemd.services.transmission.partOf = [ "wireguard-wg-ovpns.service" ];
systemd.services.transmission.serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";
LogLevelMax = "warning";
Restart = "on-failure";
RestartSec = "30s";
};
# service to automatically backup torrents i add to transmission
@@ -76,5 +91,10 @@
};
sane.dns.zones."uninsane.org".inet.CNAME."bt" = "native";
sane.ports.ports."51413" = {
protocol = [ "tcp" "udp" ];
visibleTo.ovpn = true;
description = "colin-bittorrent";
};
}

View File

@@ -1,23 +1,25 @@
# TODO: split this file apart into smaller files to make it easier to understand
{ config, lib, pkgs, ... }:
let
nativeAddrs = lib.mapAttrs (_name: builtins.head) config.sane.dns.zones."uninsane.org".inet.A;
bindOvpn = "10.0.1.5";
in lib.mkMerge [
{
services.trust-dns.enable = true;
services.trust-dns.settings.listen_addrs_ipv4 = [
# specify each address explicitly, instead of using "*".
# this ensures responses are sent from the address at which the request was received.
config.sane.hosts.by-name."servo".lan-ip
"10.0.1.5"
];
# don't bind to IPv6 until i explicitly test that stack
services.trust-dns.settings.listen_addrs_ipv6 = [];
services.trust-dns.quiet = true;
# FIXME(2023/11/26): services.trust-dns.debug doesn't log requests: use RUST_LOG=debug env for that.
# - see: <https://github.com/hickory-dns/hickory-dns/issues/2082>
# services.trust-dns.debug = true;
sane.ports.ports."53" = {
protocol = [ "udp" "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
visibleTo.ovpn = true;
description = "colin-dns-hosting";
};
@@ -34,18 +36,19 @@
sane.dns.zones."uninsane.org".inet = {
SOA."@" = ''
ns1.uninsane.org. admin-dns.uninsane.org. (
2022122101 ; Serial
2023092101 ; Serial
4h ; Refresh
30m ; Retry
7d ; Expire
5m) ; Negative response TTL
'';
TXT."rev" = "2023052901";
TXT."rev" = "2023092101";
CNAME."native" = "%CNAMENATIVE%";
A."@" = "%ANATIVE%";
A."wan" = "%AWAN%";
A."servo.wan" = "%AWAN%";
A."servo.lan" = config.sane.hosts.by-name."servo".lan-ip;
A."servo.hn" = config.sane.hosts.by-name."servo".wg-home.ip;
# XXX NS records must also not be CNAME
# it's best that we keep this identical, or a superset of, what org. lists as our NS.
@@ -63,55 +66,23 @@
services.trust-dns.settings.zones = [ "uninsane.org" ];
services.trust-dns.package =
let
sed = "${pkgs.gnused}/bin/sed";
zone-dir = "/var/lib/trust-dns";
zone-wan = "${zone-dir}/wan/uninsane.org.zone";
zone-lan = "${zone-dir}/lan/uninsane.org.zone";
zone-template = pkgs.writeText "uninsane.org.zone.in" config.sane.dns.zones."uninsane.org".rendered;
in pkgs.writeShellScriptBin "named" ''
# compute wan/lan values
mkdir -p ${zone-dir}/{ovpn,wan,lan}
wan=$(cat '${config.sane.services.dyn-dns.ipPath}')
lan=${config.sane.hosts.by-name."servo".lan-ip}
# create specializations that resolve native.uninsane.org to different CNAMEs
${sed} s/%AWAN%/$wan/ ${zone-template} \
| ${sed} s/%CNAMENATIVE%/wan/ \
| ${sed} s/%ANATIVE%/$wan/ \
> ${zone-wan}
${sed} s/%AWAN%/$wan/ ${zone-template} \
| ${sed} s/%CNAMENATIVE%/servo.lan/ \
| ${sed} s/%ANATIVE%/$lan/ \
> ${zone-lan}
# launch the different interfaces, separately
${pkgs.trust-dns}/bin/named --port 53 --zonedir ${zone-dir}/wan/ $@ &
WANPID=$!
${pkgs.trust-dns}/bin/named --port 1053 --zonedir ${zone-dir}/lan/ $@ &
LANPID=$!
# wait until any of the processes exits, then kill them all and exit error
while kill -0 $WANPID $LANPID ; do
sleep 5
done
kill $WANPID $LANPID
exit 1
'';
# TODO: can i transform this into some sort of service group?
# have `systemctl restart trust-dns.service` restart all the individual services?
systemd.services.trust-dns.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "trust-dns";
Group = "trust-dns";
wantedBy = lib.mkForce [];
};
systemd.services.trust-dns.enable = false;
users.groups.trust-dns = {};
users.users.trust-dns = {
group = "trust-dns";
isSystemUser = true;
};
sane.services.dyn-dns.restartOnChange = [ "trust-dns.service" ];
# sane.services.dyn-dns.restartOnChange = [ "trust-dns.service" ];
networking.nat.enable = true;
networking.nat.extraCommands = ''
@@ -127,12 +98,113 @@
-m iprange --src-range 10.78.76.0-10.78.79.255 \
-j DNAT --to-destination :1053
'';
sane.ports.ports."1053" = {
# because the NAT above redirects in nixos-nat-pre, LAN requests behave as though they arrived on the external interface at the redirected port.
# TODO: try nixos-nat-post instead?
# TODO: or, don't NAT from port 53 -> port 1053, but rather nat from LAN addr to a loopback addr.
# - this is complicated in that loopback is a different interface than eth0, so rewriting the destination address would cause the packets to just be dropped by the interface
protocol = [ "udp" "tcp" ];
visibleTo.lan = true;
description = "colin-redirected-dns-for-lan-namespace";
};
}
{
systemd.services =
let
sed = "${pkgs.gnused}/bin/sed";
stateDir = "/var/lib/trust-dns";
zoneTemplate = pkgs.writeText "uninsane.org.zone.in" config.sane.dns.zones."uninsane.org".rendered;
zoneDirFor = flavor: "${stateDir}/${flavor}";
zoneFor = flavor: "${zoneDirFor flavor}/uninsane.org.zone";
mkTrustDnsService = opts: flavor: let
flags = let baseCfg = config.services.trust-dns; in
(lib.optional baseCfg.debug "--debug") ++ (lib.optional baseCfg.quiet "--quiet");
flagsStr = builtins.concatStringsSep " " flags;
anative = nativeAddrs."servo.${flavor}";
toml = pkgs.formats.toml { };
configTemplate = opts.config or (toml.generate "trust-dns-${flavor}.toml" (
(
lib.filterAttrsRecursive (_: v: v != null) config.services.trust-dns.settings
) // {
listen_addrs_ipv4 = opts.listen or [ anative ];
}
));
configFile = "${stateDir}/${flavor}-config.toml";
port = opts.port or 53;
in {
description = "trust-dns Domain Name Server (serving ${flavor})";
unitConfig.Documentation = "https://trust-dns.org/";
preStart = ''
wan=$(cat '${config.sane.services.dyn-dns.ipPath}')
${sed} s/%AWAN%/$wan/ ${configTemplate} > ${configFile}
'' + lib.optionalString (!opts ? config) ''
mkdir -p ${zoneDirFor flavor}
${sed} \
-e s/%CNAMENATIVE%/servo.${flavor}/ \
-e s/%ANATIVE%/${anative}/ \
-e s/%AWAN%/$wan/ \
-e s/%AOVPNS%/185.157.162.178/ \
${zoneTemplate} > ${zoneFor flavor}
'';
serviceConfig = config.systemd.services.trust-dns.serviceConfig // {
ExecStart = ''
${pkgs.trust-dns}/bin/${pkgs.trust-dns.meta.mainProgram} \
--port ${builtins.toString port} \
--zonedir ${zoneDirFor flavor}/ \
--config ${configFile} ${flagsStr}
'';
};
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
in {
trust-dns-wan = mkTrustDnsService { listen = [ nativeAddrs."servo.lan" bindOvpn ]; } "wan";
trust-dns-lan = mkTrustDnsService { port = 1053; } "lan";
trust-dns-hn = mkTrustDnsService { port = 1053; } "hn";
trust-dns-hn-resolver = mkTrustDnsService {
config = pkgs.writeText "hn-resolver-config.toml" ''
# i host a resolver in the wireguard VPN so that clients can resolve DNS through the VPN.
# (that's what this file achieves).
#
# one would expect this resolver could host the authoritative zone for `uninsane.org`, and then forward everything else to the system resolver...
# and while that works for `dig`, it breaks for `nslookup` (and so `ssh`, etc).
#
# DNS responses include a flag for if the responding server is the authority of the zone queried.
# it seems that default Linux stub resolvers either:
# - expect DNSSEC when the response includes that bit, or
# - expect A records to be in the `answer` section instead of `additional` section.
# or perhaps something more nuanced. but for `nslookup` to be reliable, it has to talk to an
# instance of trust-dns which is strictly a resolver, with no authority.
# hence, this config: a resolver which forwards to the actual authority.
listen_addrs_ipv4 = ["${nativeAddrs."servo.hn"}"]
listen_addrs_ipv6 = []
[[zones]]
zone = "uninsane.org"
zone_type = "Forward"
stores = { type = "forward", name_servers = [{ socket_addr = "${nativeAddrs."servo.hn"}:1053", protocol = "udp", trust_nx_responses = true }] }
[[zones]]
# forward the root zone to the local DNS resolver
zone = "."
zone_type = "Forward"
stores = { type = "forward", name_servers = [{ socket_addr = "127.0.0.53:53", protocol = "udp", trust_nx_responses = true }] }
'';
} "hn-resolver";
};
sane.services.dyn-dns.restartOnChange = [
"trust-dns-wan.service"
"trust-dns-lan.service"
"trust-dns-hn.service"
# "trust-dns-hn-resolver.service" # doesn't need restart because it doesn't know about WAN IP
];
}
]

View File

@@ -3,42 +3,71 @@
imports = [
./feeds.nix
./fs.nix
./hardware.nix
./hardware
./home
./hosts.nix
./ids.nix
./machine-id.nix
./net.nix
./net
./nix-path
./persist.nix
./programs
./secrets.nix
./ssh.nix
./users
./vpn.nix
];
sane.nixcache.enable-trusted-keys = true;
sane.nixcache.enable = lib.mkDefault true;
sane.persist.enable = lib.mkDefault true;
sane.root-on-tmpfs = lib.mkDefault true;
sane.programs.sysadminUtils.enableFor.system = lib.mkDefault true;
sane.programs.consoleUtils.enableFor.user.colin = lib.mkDefault true;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowBroken = true; # NIXPKGS_ALLOW_BROKEN
nixpkgs.config.allowUnfree = true; # NIXPKGS_ALLOW_UNFREE=1
nixpkgs.config.allowBroken = true; # NIXPKGS_ALLOW_BROKEN=1
# time.timeZone = "America/Los_Angeles";
time.timeZone = "Etc/UTC"; # DST is too confusing for me => use a stable timezone
# allow `nix flake ...` command
# TODO: is this still required?
nix.extraOptions = ''
# see: `man nix.conf`
# useful when a remote builder has a faster internet connection than me
builders-use-substitutes = true # default: false
# maximum seconds to wait when connecting to binary substituter
connect-timeout = 3 # default: 0
# download-attempts = 5 # default: 5
# allow `nix flake ...` command
experimental-features = nix-command flakes
# whether to build from source when binary substitution fails
fallback = true # default: false
# whether to keep building dependencies if any other one fails
keep-going = true # default: false
# whether to keep build-only dependencies of GC roots (e.g. C compiler) when doing GC
keep-outputs = true # default: false
# how many lines to show from failed build
log-lines = 30 # default: 10
# narinfo-cache-negative-ttl = 3600 # default: 3600
# whether to use ~/.local/state/nix/profile instead of ~/.nix-profile, etc
use-xdg-base-directories = true # default: false
# whether to warn if repository has uncommited changes
warn-dirty = false # default: true
'';
# hardlinks identical files in the nix store to save 25-35% disk space.
# unclear _when_ this occurs. it's not a service.
# does the daemon continually scan the nix store?
# does the builder use some content-addressed db to efficiently dedupe?
nix.settings.auto-optimise-store = true;
# TODO: see if i can remove this?
nix.settings.trusted-users = [ "root" ];
services.journald.extraConfig = ''
# docs: `man journald.conf`
# merged journald config is deployed to /etc/systemd/journald.conf
[Journal]
# disable journal compression because the underlying fs is compressed
Compress=no
'';
systemd.services.nix-daemon.serviceConfig = {
# the nix-daemon manages nix builders
@@ -63,7 +92,21 @@
text = ''
# show which packages changed versions or are new/removed in this upgrade
# source: <https://github.com/luishfonseca/dotfiles/blob/32c10e775d9ec7cc55e44592a060c1c9aadf113e/modules/upgrade-diff.nix>
# modified to not error on boot (when /run/current-system doesn't exist)
if [ -d /run/current-system ]; then
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
system.activationScripts.notifyActive = {
text = ''
# send a notification to any sway users logged in, that the system has been activated/upgraded.
# this probably doesn't work if more than one sway session exists on the system.
_notifyActiveSwaySock="$(echo /run/user/*/sway-ipc.*.sock)"
if [ -e "$_notifyActiveSwaySock" ]; then
SWAYSOCK="$_notifyActiveSwaySock" ${pkgs.sway}/bin/swaymsg -- exec \
"${pkgs.libnotify}/bin/notify-send 'nixos activated' 'version: $(cat $systemConfig/nixos-version)'"
fi
'';
};

View File

@@ -1,4 +1,5 @@
# where to find good stuff?
# - podcasts w/ a community: <https://lemmyverse.net/communities?query=podcast>
# - podcast rec thread: <https://lemmy.ml/post/1565858>
#
# candidates:
@@ -49,6 +50,8 @@ let
else
"infrequent"
));
} // lib.optionalAttrs (lib.hasPrefix "https://www.youtube.com/" raw.url) {
format = "video";
} // lib.optionalAttrs (raw.is_podcast or false) {
format = "podcast";
} // lib.optionalAttrs (raw.title or "" != "") {
@@ -56,201 +59,176 @@ let
};
podcasts = [
(fromDb "lexfridman.com/podcast" // rat)
## Astral Codex Ten
(fromDb "sscpodcast.libsyn.com" // rat)
## Less Wrong Curated
(fromDb "feeds.libsyn.com/421877" // rat)
## Econ Talk
(fromDb "feeds.simplecast.com/wgl4xEgL" // rat)
## Cory Doctorow -- both podcast & text entries
(fromDb "craphound.com" // pol)
## Maggie Killjoy -- referenced by Cory Doctorow
(fromDb "omny.fm/shows/cool-people-who-did-cool-stuff" // pol)
(fromDb "congressionaldish.libsyn.com" // pol)
# (mkPod "https://podcasts.la.utexas.edu/this-is-democracy/feed/podcast/" // pol // weekly)
## Civboot -- https://anchor.fm/civboot
(fromDb "anchor.fm/s/34c7232c/podcast/rss" // tech)
## Emerge: making sense of what's next -- <https://www.whatisemerging.com/emergepodcast>
(mkPod "https://anchor.fm/s/21bc734/podcast/rss" // pol // infrequent)
(fromDb "feeds.feedburner.com/80000HoursPodcast" // rat)
## Daniel Huberman on sleep
(fromDb "feeds.megaphone.fm/hubermanlab" // uncat)
## Multidisciplinary Association for Psychedelic Studies
(fromDb "mapspodcast.libsyn.com" // uncat)
(fromDb "acquiredlpbonussecretsecret.libsyn.com" // tech) # ACQ2 - more "Acquired" episodes
(fromDb "allinchamathjason.libsyn.com" // pol)
(fromDb "feeds.transistor.fm/acquired" // tech)
## ACQ2 - more "Acquired" episodes
(fromDb "acquiredlpbonussecretsecret.libsyn.com" // tech)
# The Intercept - Deconstructed
(fromDb "rss.acast.com/deconstructed")
# (fromDb "rss.prod.firstlook.media/deconstructed/podcast.rss" // pol) #< possible URL rot
## The Daily
(mkPod "https://feeds.simplecast.com/54nAGcIl" // pol // daily)
# The Intercept - Intercepted
(fromDb "rss.acast.com/intercepted-with-jeremy-scahill")
# (fromDb "rss.prod.firstlook.media/intercepted/podcast.rss" // pol) #< possible URL rot
(fromDb "podcast.posttv.com/itunes/post-reports.xml" // pol)
## Eric Weinstein
(fromDb "rss.art19.com/the-portal" // rat)
(fromDb "darknetdiaries.com" // tech)
## Radiolab -- also available here, but ONLY OVER HTTP: <http://feeds.wnyc.org/radiolab>
(fromDb "feeds.feedburner.com/radiolab" // pol)
## Sam Harris
(fromDb "wakingup.libsyn.com" // pol)
## 99% Invisible -- also available here: <https://feeds.simplecast.com/BqbsxVfO>
(fromDb "feeds.99percentinvisible.org/99percentinvisible" // pol)
(fromDb "rss.acast.com/ft-tech-tonic" // tech)
(fromDb "feeds.feedburner.com/dancarlin/history" // rat)
(fromDb "rss.art19.com/60-minutes" // pol)
## The Verge - Decoder
(fromDb "feeds.megaphone.fm/recodedecode" // tech)
## Matrix (chat) Live
(fromDb "feed.podbean.com/matrixlive/feed.xml" // tech)
(fromDb "anchor.fm/s/34c7232c/podcast/rss" // tech) # Civboot -- https://anchor.fm/civboot
(fromDb "anchor.fm/s/2da69154/podcast/rss" // tech) # POD OF JAKE -- https://podofjake.com/
(fromDb "cast.postmarketos.org" // tech)
(fromDb "podcast.thelinuxexp.com" // tech)
## Michael Malice - Your Welcome -- also available here: <https://origin.podcastone.com/podcast?categoryID2=2232>
(fromDb "rss.art19.com/your-welcome" // pol)
(fromDb "congressionaldish.libsyn.com" // pol) # Jennifer Briney
(fromDb "craphound.com" // pol) # Cory Doctorow -- both podcast & text entries
(fromDb "darknetdiaries.com" // tech)
(fromDb "feed.podbean.com/matrixlive/feed.xml" // tech) # Matrix (chat) Live
(fromDb "feeds.99percentinvisible.org/99percentinvisible" // pol) # 99% Invisible -- also available here: <https://feeds.simplecast.com/BqbsxVfO>
(fromDb "feeds.feedburner.com/80000HoursPodcast" // rat)
(fromDb "feeds.feedburner.com/dancarlin/history" // rat)
(fromDb "feeds.feedburner.com/radiolab" // pol) # Radiolab -- also available here, but ONLY OVER HTTP: <http://feeds.wnyc.org/radiolab>
(fromDb "feeds.libsyn.com/421877" // rat) # Less Wrong Curated
(fromDb "feeds.megaphone.fm/behindthebastards" // pol) # also Maggie Killjoy
# (fromDb "feeds.megaphone.fm/hubermanlab" // uncat) # Daniel Huberman on sleep
(fromDb "feeds.megaphone.fm/recodedecode" // tech) # The Verge - Decoder
(fromDb "feeds.simplecast.com/54nAGcIl" // pol) # The Daily
(fromDb "feeds.simplecast.com/82FI35Px" // pol) # Ezra Klein Show
(fromDb "feeds.simplecast.com/wgl4xEgL" // rat) # Econ Talk
(fromDb "feeds.simplecast.com/xKJ93w_w" // uncat) # Atlas Obscura
# (fromDb "feeds.simplecast.com/l2i9YnTd" // tech // pol) # Hard Fork (NYtimes tech)
(fromDb "feeds.transistor.fm/acquired" // tech)
(fromDb "lexfridman.com/podcast" // rat)
(fromDb "mapspodcast.libsyn.com" // uncat) # Multidisciplinary Association for Psychedelic Studies
(fromDb "omegataupodcast.net" // tech) # 3/4 German; 1/4 eps are English
(fromDb "omny.fm/shows/cool-people-who-did-cool-stuff" // pol) # Maggie Killjoy -- referenced by Cory Doctorow
(fromDb "omny.fm/shows/the-dollop-with-dave-anthony-and-gareth-reynolds") # The Dollop history/comedy
(fromDb "originstories.libsyn.com" // uncat)
(fromDb "podcast.posttv.com/itunes/post-reports.xml" // pol)
# (fromDb "podcast.thelinuxexp.com" // tech) # low-brow linux/foss PR announcements
(fromDb "politicalorphanage.libsyn.com" // pol)
(fromDb "reverseengineering.libsyn.com/rss" // tech) # UnNamed Reverse Engineering Podcast
(fromDb "rss.acast.com/deconstructed") # The Intercept - Deconstructed
(fromDb "rss.acast.com/ft-tech-tonic" // tech)
(fromDb "rss.acast.com/intercepted-with-jeremy-scahill") # The Intercept - Intercepted
(fromDb "rss.art19.com/60-minutes" // pol)
(fromDb "rss.art19.com/the-portal" // rat) # Eric Weinstein
(fromDb "seattlenice.buzzsprout.com" // pol)
## Sci-Fi? has Peter Watts; author of No Moods, Ads or Cutesy Fucking Icons (rifters.com)
(fromDb "talesfromthebridge.buzzsprout.com" // tech)
## UnNamed Reverse Engineering Podcast
(fromDb "reverseengineering.libsyn.com/rss" // tech)
## The Witch Trials of J.K. Rowling
## - <https://www.thefp.com/witchtrials>
(mkPod "https://feeds.megaphone.fm/RUNMED9919162779" // pol // infrequent)
## Atlas Obscura
(fromDb "feeds.simplecast.com/xKJ93w_w" // uncat)
## Ezra Klein Show
(fromDb "feeds.simplecast.com/82FI35Px" // pol)
## Wireshark Podcast o_0
(fromDb "sharkbytes.transistor.fm" // tech)
(fromDb "srslywrong.com" // pol)
(fromDb "sharkbytes.transistor.fm" // tech) # Wireshark Podcast o_0
(fromDb "sscpodcast.libsyn.com" // rat) # Astral Codex Ten
(fromDb "talesfromthebridge.buzzsprout.com" // tech) # Sci-Fi? has Peter Watts; author of No Moods, Ads or Cutesy Fucking Icons (rifters.com)
(fromDb "techwontsave.us" // pol) # rec by Cory Doctorow
# (fromDb "trashfuturepodcast.podbean.com" // pol) # rec by Cory Doctorow, but way rambly
(fromDb "wakingup.libsyn.com" // pol) # Sam Harris
(fromDb "werenotwrong.fireside.fm" // pol)
# (fromDb "rss.art19.com/your-welcome" // pol) # Michael Malice - Your Welcome -- also available here: <https://origin.podcastone.com/podcast?categoryID2=2232>
# (fromDb "rss.prod.firstlook.media/deconstructed/podcast.rss" // pol) #< possible URL rot
# (fromDb "rss.prod.firstlook.media/intercepted/podcast.rss" // pol) #< possible URL rot
# (mkPod "https://anchor.fm/s/21bc734/podcast/rss" // pol // infrequent) # Emerge: making sense of what's next -- <https://www.whatisemerging.com/emergepodcast>
# (mkPod "https://audioboom.com/channels/5097784.rss" // tech) # Lateral with Tom Scott
# (mkPod "https://feeds.megaphone.fm/RUNMED9919162779" // pol // infrequent) # The Witch Trials of J.K. Rowling: <https://www.thefp.com/witchtrials>
# (mkPod "https://podcasts.la.utexas.edu/this-is-democracy/feed/podcast/" // pol // weekly)
];
texts = [
# AGGREGATORS (> 1 post/day)
(fromDb "lwn.net" // tech)
# (fromDb "lesswrong.com" // rat)
# (fromDb "econlib.org" // pol)
# AGGREGATORS (< 1 post/day)
(fromDb "palladiummag.com" // uncat)
(fromDb "profectusmag.com" // uncat)
(fromDb "semiaccurate.com" // tech)
(mkText "https://linuxphoneapps.org/blog/atom.xml" // tech // infrequent)
(fromDb "tuxphones.com" // tech)
(fromDb "spectrum.ieee.org" // tech)
(fromDb "theregister.com" // tech)
(fromDb "thisweek.gnome.org" // tech)
# more nixos stuff here, but unclear how to subscribe: <https://nixos.org/blog/categories.html>
(mkText "https://nixos.org/blog/announcements-rss.xml" // tech // infrequent)
(mkText "https://nixos.org/blog/stories-rss.xml" // tech // weekly)
## n.b.: quality RSS list here: <https://forum.merveilles.town/thread/57/share-your-rss-feeds%21-6/>
(mkText "https://forum.merveilles.town/rss.xml" // pol // infrequent)
## No Moods, Ads or Cutesy Fucking Icons
(fromDb "rifters.com/crawl" // uncat)
# DEVELOPERS
(fromDb "blog.jmp.chat" // tech)
(fromDb "uninsane.org" // tech)
(fromDb "amosbbatto.wordpress.com" // tech)
(fromDb "applieddivinitystudies.com" // rat)
(fromDb "artemis.sh" // tech)
(fromDb "ascii.textfiles.com" // tech) # Jason Scott
(fromDb "xn--gckvb8fzb.com" // tech)
(fromDb "mg.lol" // tech)
# (fromDb "drewdevault.com" // tech)
## Ken Shirriff
(fromDb "righto.com" // tech)
## shared blog by a few NixOS devs, notably onny
(fromDb "project-insanity.org" // tech)
## Vitalik Buterin
(fromDb "vitalik.ca" // tech)
## ian (Sanctuary)
(fromDb "sagacioussuricata.com" // tech)
## Bunnie Juang
(fromDb "bunniestudios.com" // tech)
(fromDb "blog.danieljanus.pl" // tech)
(fromDb "ianthehenry.com" // tech)
(fromDb "bitbashing.io" // tech)
(fromDb "idiomdrottning.org" // uncat)
(mkText "http://boginjr.com/feed" // tech // infrequent)
(mkText "https://anish.lakhwara.com/home.html" // tech // weekly)
(fromDb "jefftk.com" // tech)
(fromDb "pomeroyb.com" // tech)
# (mkText "https://til.simonwillison.net/tils/feed.atom" // tech // weekly)
# TECH PROJECTS
(fromDb "blog.rust-lang.org" // tech)
# (TECH; POL) COMMENTATORS
## Matt Webb -- engineering-ish, but dreamy
(fromDb "interconnected.org/home/feed" // rat)
(fromDb "edwardsnowden.substack.com" // pol // text)
## Julia Evans
(mkText "https://jvns.ca/atom.xml" // tech // weekly)
(mkText "http://benjaminrosshoffman.com/feed" // pol // weekly)
## Ben Thompson
(mkText "https://www.stratechery.com/rss" // pol // weekly)
## Balaji
(fromDb "balajis.com" // pol)
(fromDb "ben-evans.com/benedictevans" // pol)
(fromDb "lynalden.com" // pol)
(fromDb "austinvernon.site" // tech)
(mkSubstack "oversharing" // pol // daily)
(fromDb "balajis.com" // pol) # Balaji
(fromDb "ben-evans.com/benedictevans" // pol)
(fromDb "bitbashing.io" // tech)
(fromDb "bitsaboutmoney.com" // uncat)
(fromDb "blog.danieljanus.pl" // tech)
(fromDb "blog.dshr.org" // pol) # David Rosenthal
(fromDb "blog.jmp.chat" // tech)
(fromDb "blog.rust-lang.org" // tech)
(fromDb "blog.thalheim.io" // tech) # Mic92
(fromDb "bunniestudios.com" // tech) # Bunnie Juang
(fromDb "capitolhillseattle.com" // pol)
# (fromDb "drewdevault.com" // tech)
# (fromDb "econlib.org" // pol)
(fromDb "edwardsnowden.substack.com" // pol // text)
(fromDb "fasterthanli.me" // tech)
(fromDb "gwern.net" // rat)
(fromDb "harihareswara.net" // tech // pol) # rec by Cory Doctorow
(fromDb "ianthehenry.com" // tech)
(fromDb "idiomdrottning.org" // uncat)
(fromDb "interconnected.org/home/feed" // rat) # Matt Webb -- engineering-ish, but dreamy
(fromDb "jeffgeerling.com" // tech)
(fromDb "jefftk.com" // tech)
(fromDb "kosmosghost.github.io/index.xml" // tech)
# (fromDb "lesswrong.com" // rat)
(fromDb "linmob.net" // tech)
(fromDb "lwn.net" // tech)
(fromDb "lynalden.com" // pol)
(fromDb "mako.cc/copyrighteous" // tech // pol) # rec by Cory Doctorow
(fromDb "mg.lol" // tech)
(fromDb "mindingourway.com" // rat)
(fromDb "morningbrew.com/feed" // pol)
(fromDb "overcomingbias.com" // rat) # Robin Hanson
(fromDb "palladiummag.com" // uncat)
(fromDb "philosopher.coach" // rat) # Peter Saint-Andre -- side project of stpeter.im
(fromDb "pomeroyb.com" // tech)
(fromDb "preposterousuniverse.com" // rat) # Sean Carroll
(fromDb "profectusmag.com" // uncat)
(fromDb "project-insanity.org" // tech) # shared blog by a few NixOS devs, notably onny
(fromDb "putanumonit.com" // rat) # mostly dating topics. not advice, or humor, but looking through a social lens
(fromDb "richardcarrier.info" // rat)
(fromDb "rifters.com/crawl" // uncat) # No Moods, Ads or Cutesy Fucking Icons
(fromDb "righto.com" // tech) # Ken Shirriff
(fromDb "rootsofprogress.org" // rat) # Jason Crawford
(fromDb "sagacioussuricata.com" // tech) # ian (Sanctuary)
(fromDb "semiaccurate.com" // tech)
(fromDb "sideways-view.com" // rat) # Paul Christiano
(fromDb "slimemoldtimemold.com" // rat)
(fromDb "spectrum.ieee.org" // tech)
(fromDb "stpeter.im/atom.xml" // pol)
# (fromDb "theregister.com" // tech)
(fromDb "thisweek.gnome.org" // tech)
(fromDb "tuxphones.com" // tech)
(fromDb "uninsane.org" // tech)
(fromDb "unintendedconsequenc.es" // rat)
# (fromDb "vitalik.ca" // tech) # moved to vitalik.eth.limo
(fromDb "vitalik.eth.limo" // tech) # Vitalik Buterin
(fromDb "webcurious.co.uk" // uncat)
(fromDb "xn--gckvb8fzb.com" // tech)
(mkSubstack "astralcodexten" // rat // daily) # Scott Alexander
(mkSubstack "byrnehobart" // pol // infrequent)
# (mkSubstack "doomberg" // tech // weekly) # articles are all pay-walled
## David Rosenthal
(fromDb "blog.dshr.org" // pol)
## Matt Levine
(mkText "https://www.bloomberg.com/opinion/authors/ARbTQlRLRjE/matthew-s-levine.rss" // pol // weekly)
(fromDb "stpeter.im/atom.xml" // pol)
## Peter Saint-Andre -- side project of stpeter.im
(fromDb "philosopher.coach" // rat)
(fromDb "morningbrew.com/feed" // pol)
# RATIONALITY/PHILOSOPHY/ETC
(mkSubstack "samkriss" // humor // infrequent)
(fromDb "unintendedconsequenc.es" // rat)
(fromDb "applieddivinitystudies.com" // rat)
(fromDb "slimemoldtimemold.com" // rat)
(fromDb "richardcarrier.info" // rat)
(fromDb "gwern.net" // rat)
## Jason Crawford
(fromDb "rootsofprogress.org" // rat)
## Robin Hanson
(fromDb "overcomingbias.com" // rat)
## Scott Alexander
(mkSubstack "astralcodexten" // rat // daily)
## Paul Christiano
(fromDb "sideways-view.com" // rat)
## Sean Carroll
(fromDb "preposterousuniverse.com" // rat)
(mkSubstack "eliqian" // rat // weekly)
(mkSubstack "oversharing" // pol // daily)
(mkSubstack "samkriss" // humor // infrequent)
(mkText "http://benjaminrosshoffman.com/feed" // pol // weekly)
(mkText "http://boginjr.com/feed" // tech // infrequent)
(mkText "https://acoup.blog/feed" // rat // weekly)
(fromDb "mindingourway.com" // rat)
## mostly dating topics. not advice, or humor, but looking through a social lens
(fromDb "putanumonit.com" // rat)
# LOCAL
(fromDb "capitolhillseattle.com" // pol)
# CODE
(mkText "https://anish.lakhwara.com/home.html" // tech // weekly)
(mkText "https://forum.merveilles.town/rss.xml" // pol // infrequent) #quality RSS list here: <https://forum.merveilles.town/thread/57/share-your-rss-feeds%21-6/>
# (mkText "https://github.com/Kaiteki-Fedi/Kaiteki/commits/master.atom" // tech // infrequent)
(mkText "https://jvns.ca/atom.xml" // tech // weekly) # Julia Evans
(mkText "https://linuxphoneapps.org/blog/atom.xml" // tech // infrequent)
(mkText "https://nixos.org/blog/announcements-rss.xml" // tech // infrequent) # more nixos stuff here, but unclear how to subscribe: <https://nixos.org/blog/categories.html>
(mkText "https://nixos.org/blog/stories-rss.xml" // tech // weekly)
# (mkText "https://til.simonwillison.net/tils/feed.atom" // tech // weekly)
(mkText "https://www.bloomberg.com/opinion/authors/ARbTQlRLRjE/matthew-s-levine.rss" // pol // weekly) # Matt Levine
(mkText "https://www.stratechery.com/rss" // pol // weekly) # Ben Thompson
];
videos = [
(fromDb "youtube.com/@Channel5YouTube" // pol)
(fromDb "youtube.com/@ColdFusion")
(fromDb "youtube.com/@ContraPoints" // pol)
(fromDb "youtube.com/@Exurb1a")
(fromDb "youtube.com/@hbomberguy")
(fromDb "youtube.com/@JackStauber")
(fromDb "youtube.com/@PolyMatter")
# (fromDb "youtube.com/@rossmanngroup" // pol // tech) # Louis Rossmann
(fromDb "youtube.com/@TechnologyConnections" // tech)
(fromDb "youtube.com/@TheB1M")
(fromDb "youtube.com/@TomScottGo")
(fromDb "youtube.com/@Vihart")
(fromDb "youtube.com/@Vox")
(fromDb "youtube.com/@Vsauce")
];
images = [
(fromDb "smbc-comics.com" // img // humor)
(fromDb "xkcd.com" // img // humor)
(fromDb "pbfcomics.com" // img // humor)
# (mkImg "http://dilbert.com/feed" // humor // daily)
(fromDb "poorlydrawnlines.com/feed" // img // humor)
# ART
(fromDb "miniature-calendar.com" // img // art // daily)
(fromDb "pbfcomics.com" // img // humor)
(fromDb "poorlydrawnlines.com/feed" // img // humor)
(fromDb "smbc-comics.com" // img // humor)
(fromDb "turnoff.us" // img // humor)
(fromDb "xkcd.com" // img // humor)
];
in
{
sane.feeds = texts ++ images ++ podcasts;
sane.feeds = texts ++ images ++ podcasts ++ videos;
assertions = builtins.map
(p: {

View File

@@ -1,9 +1,10 @@
# docs
# - x-systemd options: <https://www.freedesktop.org/software/systemd/man/systemd.mount.html>
{ pkgs, sane-lib, ... }:
{ lib, pkgs, sane-lib, ... }:
let fsOpts = rec {
let
fsOpts = rec {
common = [
"_netdev"
"noatime"
@@ -54,9 +55,19 @@ let fsOpts = rec {
"timeo=15"
"nofail" # don't fail remote-fs.target when this mount fails (not an option for sshfs else would be common)
];
};
};
remoteHome = host: {
fileSystems."/mnt/${host}-home" = {
device = "colin@${host}:/home/colin";
fsType = "fuse.sshfs";
options = fsOpts.sshColin ++ fsOpts.noauto;
noCheck = true;
};
sane.fs."/mnt/${host}-home" = sane-lib.fs.wantedDir;
};
in
{
lib.mkMerge [
{
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
sane.fs."/var/lib/private".dir.acl.mode = "0700";
@@ -100,6 +111,12 @@ in
fsType = "nfs";
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
};
fileSystems."/mnt/servo-nfs/playground" = {
device = "servo-hn:/playground";
noCheck = true;
fsType = "nfs";
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
};
# fileSystems."/mnt/servo-media-nfs" = {
# device = "servo-hn:/media";
# noCheck = true;
@@ -108,21 +125,6 @@ in
# };
sane.fs."/mnt/servo-media" = sane-lib.fs.wantedSymlinkTo "/mnt/servo-nfs/media";
fileSystems."/mnt/desko-home" = {
device = "colin@desko:/home/colin";
fsType = "fuse.sshfs";
options = fsOpts.sshColin ++ fsOpts.noauto;
noCheck = true;
};
sane.fs."/mnt/desko-home" = sane-lib.fs.wantedDir;
fileSystems."/mnt/desko-root" = {
device = "colin@desko:/";
fsType = "fuse.sshfs";
options = fsOpts.sshRoot ++ fsOpts.noauto;
noCheck = true;
};
sane.fs."/mnt/desko-root" = sane-lib.fs.wantedDir;
environment.pathsToLink = [
# needed to achieve superuser access for user-mounted filesystems (see optionsRoot above)
# we can only link whole directories here, even though we're only interested in pkgs.openssh
@@ -132,5 +134,10 @@ in
environment.systemPackages = [
pkgs.sshfs-fuse
];
}
}
(remoteHome "desko")
(remoteHome "lappy")
(remoteHome "moby")
]

View File

@@ -1,44 +0,0 @@
{ lib, pkgs, ... }:
{
boot.initrd.supportedFilesystems = [ "ext4" "btrfs" "ext2" "ext3" "vfat" ];
# useful emergency utils
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfstune
'';
boot.kernelParams = [ "boot.shell_on_fail" ];
# other kernelParams:
# "boot.trace"
# "systemd.log_level=debug"
# "systemd.log_target=console"
# hack in the `boot.shell_on_fail` arg since that doesn't always seem to work.
boot.initrd.preFailCommands = "allowShell=1";
# default: 4 (warn). 7 is debug
boot.consoleLogLevel = 7;
boot.loader.grub.enable = lib.mkDefault false;
boot.loader.generic-extlinux-compatible.enable = lib.mkDefault true;
# non-free firmware
hardware.enableRedistributableFirmware = true;
# powertop will default to putting USB devices -- including HID -- to sleep after TWO SECONDS
powerManagement.powertop.enable = false;
services.logind.extraConfig = ''
# dont shutdown when power button is short-pressed
HandlePowerKey=ignore
'';
# services.snapper.configs = {
# root = {
# subvolume = "/";
# extraConfig = {
# ALLOW_USERS = "colin";
# };
# };
# };
# services.snapper.snapshotInterval = "daily";
}

View File

@@ -0,0 +1,89 @@
{ config, lib, pkgs, ... }:
{
imports = [
./x86_64.nix
];
boot.initrd.supportedFilesystems = [ "ext4" "btrfs" "ext2" "ext3" "vfat" ];
# useful emergency utils
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfstune
copy_bin_and_libs ${pkgs.util-linux}/bin/{cfdisk,lsblk,lscpu}
copy_bin_and_libs ${pkgs.gptfdisk}/bin/{cgdisk,gdisk}
copy_bin_and_libs ${pkgs.smartmontools}/bin/smartctl
copy_bin_and_libs ${pkgs.e2fsprogs}/bin/resize2fs
'' + lib.optionalString pkgs.stdenv.hostPlatform.isx86_64 ''
copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme # doesn't cross compile
'';
boot.kernelParams = [
"boot.shell_on_fail"
#v experimental full pre-emption for hopefully better call/audio latency on moby.
# also toggleable at runtime via /sys/kernel/debug/sched/preempt
# defaults to preempt=voluntary
# "preempt=full"
];
# other kernelParams:
# "boot.trace"
# "systemd.log_level=debug"
# "systemd.log_target=console"
# hack in the `boot.shell_on_fail` arg since that doesn't always seem to work.
boot.initrd.preFailCommands = "allowShell=1";
# default: 4 (warn). 7 is debug
boot.consoleLogLevel = 7;
boot.loader.grub.enable = lib.mkDefault false;
boot.loader.generic-extlinux-compatible.enable = lib.mkDefault true;
# non-free firmware
hardware.enableRedistributableFirmware = true;
# default is 252274, which is too low particularly for servo.
# manifests as spurious "No space left on device" when trying to install watches,
# e.g. in dyn-dns by `systemctl start dyn-dns-watcher.path`.
# see: <https://askubuntu.com/questions/828779/failed-to-add-run-systemd-ask-password-to-directory-watch-no-space-left-on-dev>
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
# powertop will default to putting USB devices -- including HID -- to sleep after TWO SECONDS
powerManagement.powertop.enable = false;
# linux CPU governor: <https://www.kernel.org/doc/Documentation/cpu-freq/governors.txt>
# - options:
# - "powersave" => force CPU to always run at lowest supported frequency
# - "performance" => force CPU to always run at highest frequency
# - "ondemand" => adjust frequency based on load
# - "conservative" (ondemand but slower to adjust)
# - "schedutil"
# - "userspace"
# - not all options are available for all platforms
# - intel (intel_pstate) appears to manage scaling w/o intervention/control from the OS.
# - AMD (acpi-cpufreq) appears to manage scaling via the OS *or* HW. but the ondemand defaults never put it to max hardware frequency.
# - qualcomm (cpufreq-dt) appears to manage scaling *only* via the OS. ondemand governor exercises the full range.
# - query details with `sudo cpupower frequency-info`
powerManagement.cpuFreqGovernor = "ondemand";
services.logind.extraConfig = ''
# see: `man logind.conf`
# dont shutdown when power button is short-pressed (commonly done an accident, or by cats).
# but do on long-press: useful to gracefully power-off server.
HandlePowerKey=lock
HandlePowerKeyLongPress=poweroff
HandleLidSwitch=lock
'';
# some packages build only if binfmt *isn't* present
nix.settings.system-features = lib.mkIf (config.boot.binfmt.emulatedSystems == []) [
"no-binfmt"
];
# services.snapper.configs = {
# root = {
# subvolume = "/";
# extraConfig = {
# ALLOW_USERS = "colin";
# };
# };
# };
# services.snapper.snapshotInterval = "daily";
}

View File

@@ -9,12 +9,7 @@
# efi_pstore evivars
];
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.amd.updateMicrocode = true; # desktop
hardware.cpu.intel.updateMicrocode = true; # laptop
hardware.opengl.driSupport = true;
# For 32 bit applications
hardware.opengl.driSupport32Bit = true;
};
}

View File

@@ -7,7 +7,7 @@ let
};
in
{
sane.user.persist.private = [ ".local/share/keyrings" ];
sane.user.persist.byStore.private = [ ".local/share/keyrings" ];
sane.user.fs."private/.local/share/keyrings/default" = {
generated.command = [ "${init-keyring}/bin/init-keyring" ];

View File

@@ -1,19 +1,32 @@
{ config, lib, ...}:
let
# ProgramConfig -> { "<mime-type>" = { priority, desktop }; }
weightedMimes = prog: builtins.mapAttrs (_key: desktop: { priority = prog.mime.priority; desktop = desktop; }) prog.mime.associations;
# [ { "<mime-type>" = { priority, desktop } ]; } ] -> { "<mime-type>" = [ { priority, desktop } ... ]; }
mergeMimes = mimes: lib.foldAttrs (item: acc: [item] ++ acc) [] mimes;
# [ { priority, desktop } ... ] -> Self
sortOneMimeType = associations: builtins.sort (l: r: assert l.priority != r.priority; l.priority < r.priority) associations;
sortMimes = mimes: builtins.mapAttrs (_k: sortOneMimeType) mimes;
removePriorities = mimes: builtins.mapAttrs (_k: associations: builtins.map (a: a.desktop) associations) mimes;
# [ ProgramConfig ]
enabledPrograms = builtins.filter (p: p.enabled) (builtins.attrValues config.sane.programs);
enabledPrograms = builtins.filter
(p: p.enabled)
(builtins.attrValues config.sane.programs);
# [ { "<mime-type>" = { prority, desktop } ]
enabledWeightedMimes = builtins.map weightedMimes enabledPrograms;
# ProgramConfig -> { "<mime-type>" = { priority, desktop }; }
weightedMimes = prog: builtins.mapAttrs
(_key: desktop: {
priority = prog.mime.priority; desktop = desktop;
})
prog.mime.associations;
# [ { "<mime-type>" = { priority, desktop } ]; } ] -> { "<mime-type>" = [ { priority, desktop } ... ]; }
mergeMimes = mimes: lib.foldAttrs (item: acc: [item] ++ acc) [] mimes;
# [ { priority, desktop } ... ] -> Self
sortOneMimeType = associations: builtins.sort
(l: r: assert l.priority != r.priority; l.priority < r.priority)
associations;
sortMimes = mimes: builtins.mapAttrs (_k: sortOneMimeType) mimes;
removePriorities = mimes: builtins.mapAttrs
(_k: associations: builtins.map (a: a.desktop) associations)
mimes;
in
{
# the xdg mime type for a file can be found with:
@@ -25,4 +38,6 @@ in
# there's also options to *remove* [non-default] associations from specific apps
xdg.mime.enable = true;
xdg.mime.defaultApplications = removePriorities (sortMimes (mergeMimes enabledWeightedMimes));
}

View File

@@ -13,7 +13,7 @@ let
in
{
# ssh key is stored in private storage
sane.user.persist.private = [
sane.user.persist.byStore.private = [
{ type = "file"; path = ".ssh/id_ed25519"; }
];
sane.user.fs.".ssh/id_ed25519.pub" = lib.mkIf (user-pubkey != null) {

45
hosts/common/hosts.nix Normal file
View File

@@ -0,0 +1,45 @@
{ lib, ... }:
{
# TODO: this should be populated per-host
sane.hosts.by-name."desko" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
wg-home.pubkey = "17PMZssYi0D4t2d0vbmhjBKe1sGsE8kT8/dod0Q2CXc=";
wg-home.ip = "10.0.10.22";
lan-ip = "10.78.79.52";
};
sane.hosts.by-name."lappy" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
wg-home.pubkey = "FTUWGw2p4/cEcrrIE86PWVnqctbv8OYpw8Gt3+dC/lk=";
wg-home.ip = "10.0.10.20";
lan-ip = "10.78.79.53";
};
sane.hosts.by-name."moby" = {
# ssh.authorized = lib.mkDefault false; # moby's too easy to hijack: don't let it ssh places
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
wg-home.pubkey = "I7XIR1hm8bIzAtcAvbhWOwIAabGkuEvbWH/3kyIB1yA=";
wg-home.ip = "10.0.10.48";
lan-ip = "10.78.79.54";
};
sane.hosts.by-name."servo" = {
ssh.authorized = lib.mkDefault false; # servo presents too many services to the internet: easy atack vector
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
wg-home.pubkey = "roAw+IUFVtdpCcqa4khB385Qcv9l5JAB//730tyK4Wk=";
wg-home.ip = "10.0.10.5";
wg-home.endpoint = "uninsane.org:51820";
lan-ip = "10.78.79.51";
};
sane.hosts.by-name."supercap" = {
ssh.authorized = false;
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf/mqqkX45EWAcquV04MC3SUljTApdclH1gjI19F+PA";
lan-ip = "10.78.79.232";
};
}

View File

@@ -44,6 +44,19 @@
sane.ids.sftpgo.gid = 2410;
sane.ids.trust-dns.uid = 2411;
sane.ids.trust-dns.gid = 2411;
sane.ids.export.gid = 2412;
sane.ids.nfsuser.uid = 2413;
sane.ids.media.gid = 2414;
sane.ids.ntfy-sh.uid = 2415;
sane.ids.ntfy-sh.gid = 2415;
sane.ids.monero.uid = 2416;
sane.ids.monero.gid = 2416;
sane.ids.slskd.uid = 2417;
sane.ids.slskd.gid = 2417;
sane.ids.bitcoind-mainnet.uid = 2418;
sane.ids.bitcoind-mainnet.gid = 2418;
sane.ids.clightning.uid = 2419;
sane.ids.clightning.gid = 2419;
sane.ids.colin.uid = 1000;
sane.ids.guest.uid = 1100;
@@ -58,6 +71,8 @@
sane.ids.systemd-oom.uid = 2005;
sane.ids.systemd-oom.gid = 2005;
sane.ids.wireshark.gid = 2006;
sane.ids.nixremote.uid = 2007;
sane.ids.nixremote.gid = 2007;
# found on graphical hosts
sane.ids.nm-iodine.uid = 2101; # desko/moby/lappy
@@ -81,4 +96,8 @@
sane.ids.rtkit.gid = 2307;
# phosh
sane.ids.feedbackd.gid = 2308;
# new moby users
sane.ids.eg25-control.uid = 2309;
sane.ids.eg25-control.gid = 2309;
}

View File

@@ -1,6 +1,12 @@
{ lib, ... }:
{
imports = [
./dns.nix
./hostnames.nix
./upnp.nix
./vpn.nix
];
# the default backend is "wpa_supplicant".
# wpa_supplicant reliably picks weak APs to connect to.
# see: <https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/474>
@@ -35,10 +41,6 @@
# e.g. openconnect drags in webkitgtk (for SSO)!
networking.networkmanager.plugins = lib.mkForce [];
networking.firewall.allowedUDPPorts = [
1900 # to received UPnP advertisements. required by sane-ip-check-upnp
];
# keyfile.path = where networkmanager should look for connection credentials
networking.networkmanager.extraConfig = ''
[keyfile]

37
hosts/common/net/dns.nix Normal file
View File

@@ -0,0 +1,37 @@
{ ... }:
{
# use systemd's stub resolver.
# /etc/resolv.conf isn't sophisticated enough to use different servers per net namespace (or link).
# instead, running the stub resolver on a known address in the root ns lets us rewrite packets
# in the ovnps namespace to use the provider's DNS resolvers.
# a weakness is we can only query 1 NS at a time (unless we were to clone the packets?)
# there also seems to be some cache somewhere that's shared between the two namespaces.
# i think this is a libc thing. might need to leverage proper cgroups to _really_ kill it.
# - getent ahostsv4 www.google.com
# - try fix: <https://serverfault.com/questions/765989/connect-to-3rd-party-vpn-server-but-dont-use-it-as-the-default-route/766290#766290>
services.resolved.enable = true;
# without DNSSEC:
# - dig matrix.org => works
# - curl https://matrix.org => works
# with default DNSSEC:
# - dig matrix.org => works
# - curl https://matrix.org => fails
# i don't know why. this might somehow be interfering with the DNS run on this device (trust-dns)
services.resolved.dnssec = "false";
networking.nameservers = [
# use systemd-resolved resolver
# full resolver (which understands /etc/hosts) lives on 127.0.0.53
# stub resolver (just forwards upstream) lives on 127.0.0.54
"127.0.0.53"
];
# nscd -- the Name Service Caching Daemon -- caches DNS query responses
# in a way that's unaware of my VPN routing, so routes are frequently poor against
# services which advertise different IPs based on geolocation.
# nscd claims to be usable without a cache, but in practice i can't get it to not cache!
# nsncd is the Name Service NON-Caching Daemon. it's a drop-in that doesn't cache;
# this is OK on the host -- because systemd-resolved caches. it's probably sub-optimal
# in the netns and we query upstream DNS more often than needed. hm.
# TODO: run a separate recursive resolver in each namespace.
services.nscd.enableNsncd = true;
}

View File

@@ -0,0 +1,15 @@
{ config, lib, ... }:
{
# give each host a shortname that all the other hosts know, to allow easy comms.
networking.hosts = lib.mkMerge (builtins.map
(host: let
cfg = config.sane.hosts.by-name."${host}";
in {
"${cfg.lan-ip}" = [ host ];
} // lib.optionalAttrs (cfg.wg-home.ip != null) {
"${cfg.wg-home.ip}" = [ "${host}-hn" ];
})
(builtins.attrNames config.sane.hosts.by-name)
);
}

20
hosts/common/net/upnp.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }:
{
networking.firewall.allowedUDPPorts = [
# to receive UPnP advertisements. required by sane-ip-check.
# N.B. sane-ip-check isn't query/response based. it needs to receive on port 1900 -- not receive responses FROM port 1900.
1900
];
networking.firewall.extraCommands = with pkgs; ''
# after an outgoing SSDP query to the multicast address, open FW for incoming responses.
# necessary for anything DLNA, especially go2tv
# source: <https://serverfault.com/a/911286>
# context: <https://github.com/alexballas/go2tv/issues/72>
# ipset -! means "don't fail if set already exists"
${ipset}/bin/ipset create -! upnp hash:ip,port timeout 10
${iptables}/bin/iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
${iptables}/bin/iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT
'';
}

View File

@@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
# to add a new OVPN VPN:
# - generate a privkey `wg genkey`
@@ -8,26 +8,49 @@
# - copy the Address, PublicKey, Endpoint from OVPN's config
# N.B.: maximum interface name in Linux is 15 characters.
let
def-ovpn = name: { endpoint, publicKey, address }: {
networking.wg-quick.interfaces."ovpnd-${name}" = {
inherit address;
def-wg-vpn = name: { endpoint, publicKey, address, dns, privateKeyFile }: {
# networking.wg-quick.interfaces."${name}" = {
# inherit address privateKeyFile dns;
# peers = [
# {
# allowedIPs = [
# "0.0.0.0/0"
# "::/0"
# ];
# inherit endpoint publicKey;
# }
# ];
# # to start: `systemctl start wg-quick-${name}`
# autostart = false;
# };
systemd.network.netdevs."${name}" = {
# see: `man 5 systemd.netdev`
wireguardConfig = {
PrivateKeyFile = privateKeyFile;
};
wireguardPeers = [{
AllowedIPs = [
"0.0.0.0/0"
"::/0"
];
Endpoint = endpoint;
PublicKey = publicKey;
}];
};
systemd.network.networks."${name}" = {
# see: `man 5 systemd.network`
matchConfig.Name = name;
networkConfig.Address = address;
networkConfig.DNS = dns;
};
};
def-ovpn = name: { endpoint, publicKey, address }: def-wg-vpn "ovpnd-${name}" {
inherit endpoint publicKey address;
privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path;
dns = [
"46.227.67.134"
"192.165.9.158"
];
peers = [
{
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
inherit endpoint publicKey;
}
];
# to start: `systemctl start wg-quick-ovpnd-${name}`
autostart = false;
};
};
in lib.mkMerge [
(def-ovpn "us" {

View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, sane-lib, ... }:
{
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages
@@ -10,4 +10,7 @@
# to avoid switching so much during development
"nixpkgs-overlays=/home/colin/dev/nixos/hosts/common/nix-path/overlay"
];
# ensure new deployments have a source of this repo with which they can bootstrap.
environment.etc."nixos".source = ../../..;
}

View File

@@ -5,12 +5,12 @@
# store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
sane.persist.stores.private.prefix = "/home/colin";
sane.persist.sys.plaintext = [
sane.persist.sys.byStore.plaintext = [
# TODO: these should be private.. somehow
"/var/log"
"/var/backup" # for e.g. postgres dumps
];
sane.persist.sys.cryptClearOnBoot = [
sane.persist.sys.byStore.cryptClearOnBoot = [
"/var/lib/systemd/coredump"
];
}

View File

@@ -0,0 +1,99 @@
# discord gtk3 client
{ config, lib, pkgs, ... }:
let
cfg = config.sane.programs.abaddon;
in
{
sane.programs.abaddon = {
configOption = with lib; mkOption {
default = {};
type = types.submodule {
options.autostart = mkOption {
type = types.bool;
default = false;
};
};
};
package = pkgs.abaddon.overrideAttrs (upstream: {
patches = (upstream.patches or []) ++ [
(pkgs.fetchpatch {
url = "https://git.uninsane.org/colin/abaddon/commit/eb551f188d34679f75adcbc83cb8d5beb4d19fd6.patch";
name = ''"view members" default to false'';
hash = "sha256-9BX8iO86CU1lNrKS1G2BjDR+3IlV9bmhRNTsLrxChwQ=";
})
];
});
suggestedPrograms = [ "gnome-keyring" ];
fs.".config/abaddon/abaddon.ini".symlink.text = ''
# see abaddon README.md for options.
# at time of writing:
# | Setting | Type | Default | Description |
# |[discord]------|---------|---------|--------------------------------------------------------------------------------------------------|
# | `gateway` | string | | override url for Discord gateway. must be json format and use zlib stream compression |
# | `api_base` | string | | override base url for Discord API |
# | `memory_db` | boolean | false | if true, Discord data will be kept in memory as opposed to on disk |
# | `token` | string | | Discord token used to login, this can be set from the menu |
# | `prefetch` | boolean | false | if true, new messages will cause the avatar and image attachments to be automatically downloaded |
# | `autoconnect` | boolean | false | autoconnect to discord |
# |[http]--------|--------|---------|---------------------------------------------------------------------------------------------|
# | `user_agent` | string | | sets the user-agent to use in HTTP requests to the Discord API (not including media/images) |
# | `concurrent` | int | 20 | how many images can be concurrently retrieved |
# |[gui}------------------------|---------|---------|----------------------------------------------------------------------------------------------------------------------------|
# | `member_list_discriminator` | boolean | true | show user discriminators in the member list |
# | `stock_emojis` | boolean | true | allow abaddon to substitute unicode emojis with images from emojis.bin, must be false to allow GTK to render emojis itself |
# | `custom_emojis` | boolean | true | download and use custom Discord emojis |
# | `css` | string | | path to the main CSS file |
# | `animations` | boolean | true | use animated images where available (e.g. server icons, emojis, avatars). false means static images will be used |
# | `animated_guild_hover_only` | boolean | true | only animate guild icons when the guild is being hovered over |
# | `owner_crown` | boolean | true | show a crown next to the owner |
# | `unreads` | boolean | true | show unread indicators and mention badges |
# | `save_state` | boolean | true | save the state of the gui (active channels, tabs, expanded channels) |
# | `alt_menu` | boolean | false | keep the menu hidden unless revealed with alt key |
# | `hide_to_tray` | boolean | false | hide abaddon to the system tray on window close |
# | `show_deleted_indicator` | boolean | true | show \[deleted\] indicator next to deleted messages instead of actually deleting the message |
# | `font_scale` | double | | scale font rendering. 1 is unchanged |
# |[style]------------------|--------|-----------------------------------------------------|
# | `linkcolor` | string | color to use for links in messages |
# | `expandercolor` | string | color to use for the expander in the channel list |
# | `nsfwchannelcolor` | string | color to use for NSFW channels in the channel list |
# | `channelcolor` | string | color to use for SFW channels in the channel list |
# | `mentionbadgecolor` | string | background color for mention badges |
# | `mentionbadgetextcolor` | string | color to use for number displayed on mention badges |
# | `unreadcolor` | string | color to use for the unread indicator |
# |[notifications]|---------|--------------------------|-------------------------------------------------------------------------------|
# | `enabled` | boolean | true (if not on Windows) | Enable desktop notifications |
# | `playsound` | boolean | true | Enable notification sounds. Requires ENABLE_NOTIFICATION_SOUNDS=TRUE in CMake |
# |[voice]--|--------|------------------------------------|------------------------------------------------------------|
# | `vad` | string | rnnoise if enabled, gate otherwise | Method used for voice activity detection. Changeable in UI |
# |[windows]|---------|---------|-------------------------|
# | `hideconsole` | boolean | true | Hide console on startup |
# N.B.: abaddon writes this file itself (and even when i don't change anything internally).
# it prefers no spaces around the equal sign.
[discord]
autoconnect=true
[notifications]
# playsound: i manage sounds via swaync
playsound=false
'';
persist.byStore.private = [
".cache/abaddon"
];
services.abaddon = {
description = "unofficial Discord chat client";
wantedBy = lib.mkIf cfg.config.autostart [ "default.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/abaddon";
Type = "simple";
Restart = "always";
RestartSec = "20s";
};
};
};
}

View File

@@ -0,0 +1,40 @@
# alacritty terminal emulator
# - config options: <https://github.com/alacritty/alacritty/blob/master/extra/man/alacritty.5.scd>
# - `man 5 alacritty`
# - defaults: <https://github.com/alacritty/alacritty/releases> -> alacritty.yml
# - irc: #alacritty on libera.chat
{ lib, ... }:
{
sane.programs.alacritty = {
env.TERMINAL = lib.mkDefault "alacritty";
fs.".config/alacritty/alacritty.toml".symlink.text = ''
[font]
size = 14
[[keyboard.bindings]]
mods = "Control"
key = "N"
action = "CreateNewWindow"
[[keyboard.bindings]]
mods = "Control"
key = "PageUp"
action = "ScrollPageUp"
[[keyboard.bindings]]
mods = "Control"
key = "PageDown"
action = "ScrollPageDown"
[[keyboard.bindings]]
mods = "Control|Shift"
key = "PageUp"
action = "ScrollPageUp"
[[keyboard.bindings]]
mods = "Control|Shift"
key = "PageDown"
action = "ScrollPageDown"
'';
};
}

View File

@@ -0,0 +1,10 @@
{ ... }:
{
sane.programs.animatch = {
persist.byStore.plaintext = [
# game progress
".config/Holy Pangolin/Animatch"
".local/share/Holy Pangolin/Animatch" # i think this one might be wrong
];
};
}

View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, lib, pkgs, ... }:
let
declPackageSet = pkgs: {
@@ -20,6 +20,7 @@ in
"sane-scripts.bt-show"
];
"sane-scripts.dev" = declPackageSet [
"sane-scripts.clone"
"sane-scripts.dev-cargo-loop"
"sane-scripts.git-init"
];
@@ -41,16 +42,16 @@ in
"sane-scripts.secrets-unlock"
"sane-scripts.secrets-update-keys"
"sane-scripts.shutdown"
"sane-scripts.ssl-dump"
"sane-scripts.sudo-redirect"
"sane-scripts.sync-from-servo"
"sane-scripts.vpn-down"
"sane-scripts.vpn-up"
"sane-scripts.tag-music"
"sane-scripts.vpn"
"sane-scripts.which"
"sane-scripts.wipe-browser"
"sane-scripts.wipe"
];
"sane-scripts.sys-utils" = declPackageSet [
"sane-scripts.ip-port-forward"
"sane-scripts.sync-music"
];
@@ -58,21 +59,27 @@ in
"btrfs-progs"
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
"cryptsetup"
"ddrescue"
"dig"
"dtc" # device tree [de]compiler
"e2fsprogs" # resize2fs
"efibootmgr"
"ethtool"
"fatresize"
"fd"
"file"
# "fwupd"
"gawk"
"gdb" # to debug segfaults
"git"
"gptfdisk"
"gptfdisk" # gdisk
"hdparm"
"htop"
"iftop"
"inetutils" # for telnet
"iotop"
"iptables"
"iw"
"jq"
"killall"
"lsof"
@@ -83,6 +90,7 @@ in
"netcat"
"nethogs"
"nmap"
"nvme-cli" # nvme
"openssl"
"parted"
"pciutils"
@@ -90,15 +98,18 @@ in
"pstree"
"ripgrep"
"screen"
"smartmontools"
"smartmontools" # smartctl
"socat"
"strace"
"subversion"
"tcpdump"
"tree"
"usbutils"
"util-linux" # lsblk, lscpu, etc
"wget"
"wirelesstools" # iwlist
"xq" # jq for XML
# "zfs" # doesn't cross-compile (requires samba)
];
sysadminExtraUtils = declPackageSet [
"backblaze-b2"
@@ -114,11 +125,13 @@ in
# - debugging?
consoleUtils = declPackageSet [
"alsaUtils" # for aplay, speaker-test
"binutils-unwrapped" # for strings; though this brings 80MB of unrelated baggage too
# "cdrtools"
"clinfo"
"dmidecode"
"dtrx" # `unar` alternative, "Do The Right eXtraction"
"efivar"
"eza" # a better 'ls'
# "flashrom"
"git" # needed as a user package, for config.
# "gnupg"
@@ -126,11 +139,12 @@ in
# "gopass"
# "gopass-jsonapi"
"helix" # text editor
"kitty" # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
"libsecret" # for managing user keyrings. TODO: what needs this? lift into the consumer
"lm_sensors" # for sensors-detect. TODO: what needs this? lift into the consumer
"lshw"
# "memtester"
"mercurial" # hg
"mimeo" # like xdg-open
"neovim" # needed as a user package, for swap persistence
# "nettools"
# "networkmanager"
@@ -140,7 +154,7 @@ in
# "oathToolkit" # for oathtool
# "ponymix"
"pulsemixer"
"python3"
"python3-repl"
# "python3Packages.eyeD3" # music tagging
"ripgrep" # needed as a user package so that its user-level config file can be installed
"rsync"
@@ -153,14 +167,14 @@ in
"sudo"
# "tageditor" # music tagging
# "unar"
"unzip"
"wireguard-tools"
"xdg-terminal-exec"
"xdg-utils" # for xdg-open
# "yarn"
"zsh"
];
desktopConsoleUtils = declPackageSet [
pcConsoleUtils = declPackageSet [
"gh" # MS GitHub cli
"nix-index"
"nixpkgs-review"
@@ -169,17 +183,19 @@ in
];
consoleMediaUtils = declPackageSet [
"catt" # cast videos to chromecast
"ffmpeg"
"go2tv" # cast videos to UPNP/DLNA device (i.e. tv).
"imagemagick"
"sox"
"yt-dlp"
];
tuiApps = declPackageSet [
pcTuiApps = declPackageSet [
"aerc" # email client
"msmtp" # sendmail
"offlineimap" # email mailbox sync
"sfeed" # RSS fetcher
# "sfeed" # RSS fetcher
"visidata" # TUI spreadsheet viewer/editor
"w3m" # web browser
];
@@ -192,63 +208,83 @@ in
];
devPkgs = declPackageSet [
"cargo"
"clang"
"lua"
"nodejs"
"patchelf"
"rustc"
"tree-sitter"
];
# INDIVIDUAL PACKAGE DEFINITIONS
dino.persist.private = [ ".local/share/dino" ];
cargo.persist.byStore.plaintext = [ ".cargo" ];
# auth token, preferences
delfin.persist.byStore.private = [ ".config/delfin" ];
# creds, but also 200 MB of node modules, etc
discord.persist.private = [ ".config/discord" ];
discord.persist.byStore.private = [ ".config/discord" ];
endless-sky.persist.byStore.plaintext = [ ".local/share/endless-sky" ];
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
emote.persist.plaintext = [ ".local/share/Emote" ];
emote.persist.byStore.plaintext = [ ".local/share/Emote" ];
fluffychat-moby.persist.plaintext = [ ".local/share/chat.fluffy.fluffychat" ];
fluffychat-moby.persist.byStore.plaintext = [ ".local/share/chat.fluffy.fluffychat" ];
font-manager.package = pkgs.font-manager.override {
# build without the "Google Fonts" integration feature, to save closure / avoid webkitgtk_4_0
withWebkit = false;
};
# MS GitHub stores auth token in .config
# TODO: we can populate gh's stuff statically; it even lets us use the same oauth across machines
gh.persist.private = [ ".config/gh" ];
gh.persist.byStore.private = [ ".config/gh" ];
gnome-2048.persist.byStore.plaintext = [ ".local/share/gnome-2048/scores" ];
"gnome.gnome-maps".persist.byStore.plaintext = [ ".cache/shumate" ];
"gnome.gnome-maps".persist.byStore.private = [ ".local/share/maps-places.json" ];
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
# XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
monero-gui.persist.plaintext = [ ".bitmonero" ];
monero-gui.persist.byStore.plaintext = [ ".bitmonero" ];
mumble.persist.private = [ ".local/share/Mumble" ];
mumble.persist.byStore.private = [ ".local/share/Mumble" ];
# settings (electron app)
obsidian.persist.plaintext = [ ".config/obsidian" ];
obsidian.persist.byStore.plaintext = [ ".config/obsidian" ];
# creds, media
signal-desktop.persist.private = [ ".config/Signal" ];
python3-repl.package = pkgs.python3.withPackages (ps: with ps; [
requests
]);
shattered-pixel-dungeon.persist.byStore.plaintext = [ ".local/share/.shatteredpixel/shattered-pixel-dungeon" ];
# printer/filament settings
slic3r.persist.plaintext = [ ".Slic3r" ];
slic3r.persist.byStore.plaintext = [ ".Slic3r" ];
# creds, widevine .so download. TODO: could easily manage these statically.
spotify.persist.plaintext = [ ".config/spotify" ];
space-cadet-pinball.persist.byStore.plaintext = [ ".local/share/SpaceCadetPinball" ];
tdesktop.persist.private = [ ".local/share/TelegramDesktop" ];
superTux.persist.byStore.plaintext = [ ".local/share/supertux2" ];
tokodon.persist.private = [ ".cache/KDE/tokodon" ];
tdesktop.persist.byStore.private = [ ".local/share/TelegramDesktop" ];
# hardenedMalloc solves an "unable to connect to Tor" error when pressing the "connect" button
# - still required as of 2023/07/14
tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
useHardenedMalloc = false;
tokodon.persist.byStore.private = [ ".cache/KDE/tokodon" ];
vvvvvv.persist.byStore.plaintext = [ ".local/share/VVVVVV" ];
whalebird.persist.byStore.private = [ ".config/Whalebird" ];
yarn.persist.byStore.plaintext = [ ".cache/yarn" ];
};
whalebird.persist.private = [ ".config/Whalebird" ];
yarn.persist.plaintext = [ ".cache/yarn" ];
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
zecwallet-lite.persist.private = [ ".zcash" ];
programs.feedbackd = lib.mkIf config.sane.programs.feedbackd.enabled {
enable = true;
};
}

View File

@@ -0,0 +1,22 @@
{ pkgs, ... }:
{
sane.programs.audacity = {
package = pkgs.audacity.override {
# wxGTK32 uses webkitgtk-4.0.
# audacity doesn't actually need webkit though, so diable to reduce closure
wxGTK32 = pkgs.wxGTK32.override {
withWebKit = false;
};
};
# disable first-run splash screen
fs.".config/audacity/audacity.cfg".file.text = ''
PrefsVersion=1.1.1r1
[GUI]
ShowSplashScreen=0
[Version]
Major=3
Minor=4
'';
};
}

View File

@@ -0,0 +1,103 @@
{ lib, pkgs, ... }:
# notable bemenu options:
# - see `bemenu --help` for all
# -P, --prefix text to show before highlighted item.
# --scrollbar display scrollbar. (none (default), always, autohide)
# -H, --line-height defines the height to make each menu line (0 = default height). (wx)
# -M, --margin defines the empty space on either side of the menu. (wx)
# -W, --width-factor defines the relative width factor of the menu (from 0 to 1). (wx)
# -B, --border defines the width of the border in pixels around the menu. (wx)
# -R --border-radius defines the radius of the border around the menu (0 = no curved borders).
# --ch defines the height of the cursor (0 = scales with line height). (wx)
# --cw defines the width of the cursor. (wx)
# --hp defines the horizontal padding for the entries in single line mode. (wx)
# --fn defines the font to be used ('name [size]'). (wx)
# --tb defines the title background color. (wx)
# --tf defines the title foreground color. (wx)
# --fb defines the filter background color. (wx)
# --ff defines the filter foreground color. (wx)
# --nb defines the normal background color. (wx)
# --nf defines the normal foreground color. (wx)
# --hb defines the highlighted background color. (wx)
# --hf defines the highlighted foreground color. (wx)
# --fbb defines the feedback background color. (wx)
# --fbf defines the feedback foreground color. (wx)
# --sb defines the selected background color. (wx)
# --sf defines the selected foreground color. (wx)
# --ab defines the alternating background color. (wx)
# --af defines the alternating foreground color. (wx)
# --scb defines the scrollbar background color. (wx)
# --scf defines the scrollbar foreground color. (wx)
# --bdr defines the border color. (wx)
#
# colors are specified as `#RRGGBB`
# defaults:
# --ab "#222222"
# --af "#bbbbbb"
# --bdr "#005577"
# --border 3
# --cb "#222222"
# --center
# --cf "#bbbbbb"
# --fb "#222222"
# --fbb "#eeeeee"
# --fbf "#222222"
# --ff "#bbbbbb"
# --fixed-height
# --fn 'Sxmo 14'
# --hb "#005577"
# --hf "#eeeeee"
# --line-height 20
# --list 16
# --margin 40
# --nb "#222222"
# --nf "#bbbbbb"
# --no-overlap
# --no-spacing
# --sb "#323232"
# --scb "#005577"
# --scf "#eeeeee"
# --scrollbar autohide
# --tb "#005577"
# --tf "#eeeeee"
# --wrap
let
bg = "#1d1721"; # slight purple
fg0 = "#d8d8d8"; # inactive text (light grey)
fg1 = "#ffffff"; # active text (white)
accent0 = "#1f5e54"; # darker but saturated teal
accent1 = "#418379"; # teal (matches nixos-bg)
accent2 = "#5b938a"; # brighter but muted teal
bemenuArgs = [
"--wrap --scrollbar autohide --fixed-height"
"--center --margin 45"
"--no-spacing"
# XXX: font size doesn't seem to take effect (would prefer larger)
"--fn 'monospace 14' --line-height 22 --border 3"
"--bdr '${accent0}'" # border
"--scf '${accent2}' --scb '${accent0}'" # scrollbar
"--tb '${accent0}' --tf '${fg0}'" # title
"--fb '${accent0}' --ff '${fg1}'" # filter (i.e. text that's been entered)
"--hb '${accent1}' --hf '${fg1}'" # selected item
"--nb '${bg}' --nf '${fg0}'" # normal lines (even)
"--ab '${bg}' --af '${fg0}'" # alternated lines (odd)
"--cf '${accent0}' --cb '${accent0}'" # cursor (not very useful)
];
bemenuOpts = lib.concatStringsSep " " bemenuArgs;
in
{
sane.programs.bemenu = {
package = pkgs.bemenu.overrideAttrs (upstream: {
nativeBuildInputs = (upstream.nativeBuildInputs or []) ++ [
pkgs.makeWrapper
];
# can alternatively be specified as CLI flags
postInstall = (upstream.postInstall or "") + ''
wrapProgram $out/bin/bemenu \
--set BEMENU_OPTS "${bemenuOpts}"
wrapProgram $out/bin/bemenu-run \
--set BEMENU_OPTS "${bemenuOpts}"
'';
});
};
}

View File

@@ -0,0 +1,9 @@
{ ... }:
{
sane.programs.brave = {
persist.byStore.cryptClearOnBoot = [
".cache/BraveSoftware"
".config/BraveSoftware"
];
};
}

View File

@@ -0,0 +1,61 @@
# GNOME calls
# - <https://gitlab.gnome.org/GNOME/calls>
# - both a dialer and a call handler.
# - uses callaudiod dbus package.
#
# initial JMP.chat configuration:
# - message @cheogram.com "reset sip account" (this is not destructive, despite the name)
# - the bot will reply with auto-generated username/password plus a SIP server endpoint.
# just copy those into gnome-calls' GUI configurator
# - now gnome-calls can do outbound calls. inbound calls requires more chatting with the help bot
#
# my setup here is still very WIP.
# open questions:
# - can i receive calls even with GUI closed?
# - e.g. activated by callaudiod?
# - looks like `gnome-calls --daemon` does that?
{ config, lib, ... }:
let
cfg = config.sane.programs.calls;
in
{
sane.programs.calls = {
configOption = with lib; mkOption {
default = {};
type = types.submodule {
options.autostart = mkOption {
type = types.bool;
default = false;
};
};
};
persist.byStore.private = [
# ".cache/folks" # contact avatars?
# ".config/calls"
".local/share/calls" # call "records"
# .local/share/folks # contacts?
];
secrets.".config/calls/sip-account.cfg" = ../../../secrets/common/gnome_calls_sip-account.cfg.bin;
suggestedPrograms = [
"feedbackd" # needs `phone-incoming-call`, in particular
];
services.gnome-calls = {
# TODO: prevent gnome-calls from daemonizing when started manually
description = "gnome-calls daemon to monitor incoming SIP calls";
wantedBy = lib.mkIf cfg.config.autostart [ "default.target" ];
serviceConfig = {
# add --verbose for more debugging
ExecStart = "${cfg.package}/bin/gnome-calls --daemon";
Type = "simple";
Restart = "always";
RestartSec = "10s";
};
environment.G_MESSAGES_DEBUG = "all";
};
};
programs.calls = lib.mkIf cfg.enabled {
enable = true;
};
}

View File

@@ -0,0 +1,36 @@
# cantata is a mpd frontend.
# before launching it, run `mopidy` in some tab
# TODO: auto-launch mopidy when cantata launches?
{ ... }:
{
sane.programs.cantata = {
persist.byStore.plaintext = [
".cache/cantata" # album art
".local/share/cantata/library" # library index (?)
];
fs.".config/cantata/cantata.conf".symlink.text = ''
[General]
fetchCovers=true
storeCoversInMpdDir=false
version=2.5.0
[Connection]
allowLocalStreaming=true
applyReplayGain=true
autoUpdate=false
dir=~/Music
host=localhost
partition=
passwd=
port=6600
replayGain=off
streamUrl=
[LibraryPage]
artist\gridZoom=100
artist\searchActive=false
artist\viewMode=detailedtree
'';
suggestedPrograms = [ "mopidy" ];
};
}

View File

@@ -0,0 +1,29 @@
# use like:
# - catt -d lgtv_chrome cast ./path/to.mp4
#
# support matrix:
# - webm: audio only
# - mp4: audio + video
{ config, lib, ... }:
let
cfg = config.sane.programs.catt;
in
{
sane.programs.catt = {
fs.".config/catt/catt.cfg".symlink.text = ''
[options]
device = lgtv_chrome
[aliases]
lgtv_chrome = 10.78.79.106
'';
};
# necessary to cast local files
networking.firewall.allowedTCPPortRanges = lib.mkIf cfg.enabled [
{
from = 45000;
to = 47000;
}
];
}

View File

@@ -1,44 +1,14 @@
{ pkgs, ... }:
let
chattyNoOauth = pkgs.chatty.override {
# the OAuth feature (presumably used for web-based logins) pulls a full webkitgtk.
# especially when using the gtk3 version of evolution-data-server, it's an ancient webkitgtk_4_1.
# disable OAuth for a faster build & smaller closure
evolution-data-server = pkgs.evolution-data-server.override {
enableOAuth2 = false;
gnome-online-accounts = pkgs.gnome-online-accounts.override {
# disables the upstream "goabackend" feature -- presumably "Gnome Online Accounts Backend"
# frees us from webkit_4_1, in turn.
enableBackend = false;
gvfs = pkgs.gvfs.override {
# saves 20 minutes of build time, for unused feature
samba = null;
};
};
};
};
chatty-latest = pkgs.chatty-latest.override {
evolution-data-server-gtk4 = pkgs.evolution-data-server-gtk4.override {
gnome-online-accounts = pkgs.gnome-online-accounts.override {
# disables the upstream "goabackend" feature -- presumably "Gnome Online Accounts Backend"
# frees us from webkit_4_1, in turn.
enableBackend = false;
gvfs = pkgs.gvfs.override {
# saves 20 minutes of build time, for unused feature
samba = null;
};
};
};
};
in
{
sane.programs.chatty = {
# package = chattyNoOauth;
package = chatty-latest;
package = pkgs.chatty-latest;
suggestedPrograms = [ "gnome-keyring" ];
persist.private = [
persist.byStore.private = [
".local/share/chatty" # matrix avatars and files
# ".purple" # XMPP stuff
# not just XMPP; without this Chatty will regenerate its device-id every boot.
# .purple/ contains XMPP *and* Matrix auth, logs, avatar cache, and a bit more
".purple"
];
};
}

Some files were not shown because too many files have changed in this diff Show More