From 0fe3308ef695004d66ab6c6813314218388375f4 Mon Sep 17 00:00:00 2001 From: Myned Date: Sun, 6 Oct 2024 10:16:52 -0500 Subject: [PATCH] nix: move settings.containers to top-level custom Signed-off-by: Myned --- .../containers/actualbudget.nix | 6 +-- .../{settings => }/containers/coturn.nix | 8 +-- .../{settings => }/containers/default.nix | 6 +-- .../{settings => }/containers/forgejo.nix | 8 +-- .../{settings => }/containers/foundryvtt.nix | 6 +-- .../{settings => }/containers/headscale.nix | 8 +-- .../containers/homeassistant.nix | 6 +-- .../{settings => }/containers/mastodon.nix | 10 ++-- .../{settings => }/containers/nextcloud.nix | 12 ++--- .../{settings => }/containers/redlib.nix | 4 +- .../containers/searxng/default.nix | 4 +- .../containers/searxng/limiter.toml | 0 .../containers/searxng/settings.yml | 0 options/custom/desktops/hyprland/binds.nix | 2 +- options/custom/programs/vscode.nix | 4 +- options/custom/services/samba.nix | 51 ++++++++++--------- options/custom/settings/default.nix | 1 - profiles/sbc/default.nix | 12 ++--- profiles/server/default.nix | 29 ++++++----- 19 files changed, 90 insertions(+), 87 deletions(-) rename options/custom/{settings => }/containers/actualbudget.nix (73%) rename options/custom/{settings => }/containers/coturn.nix (79%) rename options/custom/{settings => }/containers/default.nix (94%) rename options/custom/{settings => }/containers/forgejo.nix (83%) rename options/custom/{settings => }/containers/foundryvtt.nix (80%) rename options/custom/{settings => }/containers/headscale.nix (83%) rename options/custom/{settings => }/containers/homeassistant.nix (72%) rename options/custom/{settings => }/containers/mastodon.nix (78%) rename options/custom/{settings => }/containers/nextcloud.nix (79%) rename options/custom/{settings => }/containers/redlib.nix (86%) rename options/custom/{settings => }/containers/searxng/default.nix (91%) rename options/custom/{settings => }/containers/searxng/limiter.toml (100%) rename options/custom/{settings => }/containers/searxng/settings.yml (100%) diff --git a/options/custom/settings/containers/actualbudget.nix b/options/custom/containers/actualbudget.nix similarity index 73% rename from options/custom/settings/containers/actualbudget.nix rename to options/custom/containers/actualbudget.nix index b38a32c..b987214 100644 --- a/options/custom/settings/containers/actualbudget.nix +++ b/options/custom/containers/actualbudget.nix @@ -4,9 +4,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.actualbudget; + cfg = config.custom.containers.actualbudget; in { - options.custom.settings.containers.actualbudget.enable = mkOption {default = false;}; + options.custom.containers.actualbudget.enable = mkOption {default = false;}; config = mkIf cfg.enable { #?? arion-actualbudget pull @@ -21,7 +21,7 @@ in { image = "actualbudget/actual-server:24.9.0"; ports = ["5006:5006"]; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/actualbudget/data:/data"]; + volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"]; # TODO: Set up trusted proxies }; }; diff --git a/options/custom/settings/containers/coturn.nix b/options/custom/containers/coturn.nix similarity index 79% rename from options/custom/settings/containers/coturn.nix rename to options/custom/containers/coturn.nix index 28b952c..ba33596 100644 --- a/options/custom/settings/containers/coturn.nix +++ b/options/custom/containers/coturn.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.coturn; + cfg = config.custom.containers.coturn; in { - options.custom.settings.containers.coturn.enable = mkOption {default = false;}; + options.custom.containers.coturn.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -33,7 +33,7 @@ in { restart = "unless-stopped"; volumes = [ - "${config.custom.settings.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf" + "${config.custom.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf" ]; }; }; @@ -43,7 +43,7 @@ in { # HACK: Copy with global read-only permissions in container directory which is assumed to be locked down # https://github.com/moby/moby/issues/2259 systemd.tmpfiles.rules = [ - "C ${config.custom.settings.containers.directory}/coturn/coturn.conf 0444 - - - ${ + "C ${config.custom.containers.directory}/coturn/coturn.conf 0444 - - - ${ config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path }" ]; diff --git a/options/custom/settings/containers/default.nix b/options/custom/containers/default.nix similarity index 94% rename from options/custom/settings/containers/default.nix rename to options/custom/containers/default.nix index 8205f59..3ee5a13 100644 --- a/options/custom/settings/containers/default.nix +++ b/options/custom/containers/default.nix @@ -6,10 +6,10 @@ ... }: with lib; let - cfg = config.custom.settings.containers; + cfg = config.custom.containers; in { - options.custom.settings.containers = { - enable = mkOption {default = false;}; + options.custom.containers = { + enable = mkOption {default = config.custom.full;}; boot = mkOption {default = false;}; directory = mkOption {default = "/containers";}; docker = mkOption {default = true;}; diff --git a/options/custom/settings/containers/forgejo.nix b/options/custom/containers/forgejo.nix similarity index 83% rename from options/custom/settings/containers/forgejo.nix rename to options/custom/containers/forgejo.nix index b163ff9..37f59a1 100644 --- a/options/custom/settings/containers/forgejo.nix +++ b/options/custom/containers/forgejo.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.forgejo; + cfg = config.custom.containers.forgejo; in { - options.custom.settings.containers.forgejo.enable = mkOption {default = false;}; + options.custom.containers.forgejo.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -38,7 +38,7 @@ in { env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path]; image = "codeberg.org/forgejo/forgejo:8"; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/forgejo/data:/data"]; + volumes = ["${config.custom.containers.directory}/forgejo/data:/data"]; ports = [ "127.0.0.1:3333:3000" @@ -51,7 +51,7 @@ in { env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path]; image = "postgres:15"; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/forgejo/db:/var/lib/postgresql/data"]; + volumes = ["${config.custom.containers.directory}/forgejo/db:/var/lib/postgresql/data"]; }; }; }; diff --git a/options/custom/settings/containers/foundryvtt.nix b/options/custom/containers/foundryvtt.nix similarity index 80% rename from options/custom/settings/containers/foundryvtt.nix rename to options/custom/containers/foundryvtt.nix index f3fcc5e..3d960f7 100644 --- a/options/custom/settings/containers/foundryvtt.nix +++ b/options/custom/containers/foundryvtt.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.foundryvtt; + cfg = config.custom.containers.foundryvtt; in { - options.custom.settings.containers.foundryvtt.enable = mkOption {default = false;}; + options.custom.containers.foundryvtt.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -31,7 +31,7 @@ in { image = "felddy/foundryvtt:12"; ports = ["127.0.0.1:30000:30000"]; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/foundryvtt/data:/data"]; + volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"]; }; }; }; diff --git a/options/custom/settings/containers/headscale.nix b/options/custom/containers/headscale.nix similarity index 83% rename from options/custom/settings/containers/headscale.nix rename to options/custom/containers/headscale.nix index 6ffb517..efc53a7 100644 --- a/options/custom/settings/containers/headscale.nix +++ b/options/custom/containers/headscale.nix @@ -6,9 +6,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.headscale; + cfg = config.custom.containers.headscale; in { - options.custom.settings.containers.headscale.enable = mkOption {default = false;}; + options.custom.containers.headscale.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -43,8 +43,8 @@ in { ]; volumes = [ - "${config.custom.settings.containers.directory}/headscale/config:/etc/headscale" - "${config.custom.settings.containers.directory}/headscale/data:/var/lib/headscale" + "${config.custom.containers.directory}/headscale/config:/etc/headscale" + "${config.custom.containers.directory}/headscale/data:/var/lib/headscale" # Minimum config.yaml # https://github.com/juanfont/headscale/blob/main/config-example.yaml diff --git a/options/custom/settings/containers/homeassistant.nix b/options/custom/containers/homeassistant.nix similarity index 72% rename from options/custom/settings/containers/homeassistant.nix rename to options/custom/containers/homeassistant.nix index c6fd403..8199b0d 100644 --- a/options/custom/settings/containers/homeassistant.nix +++ b/options/custom/containers/homeassistant.nix @@ -4,9 +4,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.homeassistant; + cfg = config.custom.containers.homeassistant; in { - options.custom.settings.containers.homeassistant.enable = mkOption {default = false;}; + options.custom.containers.homeassistant.enable = mkOption {default = false;}; config = mkIf cfg.enable { #?? arion-homeassistant pull @@ -21,7 +21,7 @@ in { image = "homeassistant/home-assistant:2024.9.1"; ports = ["8123:8123"]; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/homeassistant/config:/config"]; + volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"]; }; }; }; diff --git a/options/custom/settings/containers/mastodon.nix b/options/custom/containers/mastodon.nix similarity index 78% rename from options/custom/settings/containers/mastodon.nix rename to options/custom/containers/mastodon.nix index 2155bfb..2f7052d 100644 --- a/options/custom/settings/containers/mastodon.nix +++ b/options/custom/containers/mastodon.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.mastodon; + cfg = config.custom.containers.mastodon; in { - options.custom.settings.containers.mastodon.enable = mkOption {default = false;}; + options.custom.containers.mastodon.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -34,7 +34,7 @@ in { image = "lscr.io/linuxserver/mastodon:4.2.12"; ports = ["3000:443"]; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/mastodon/config:/config"]; + volumes = ["${config.custom.containers.directory}/mastodon/config:/config"]; depends_on = [ "cache" @@ -46,7 +46,7 @@ in { container_name = "mastodon-cache"; image = "redis:latest"; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/mastodon/cache:/data"]; + volumes = ["${config.custom.containers.directory}/mastodon/cache:/data"]; }; db.service = { @@ -54,7 +54,7 @@ in { env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path]; image = "postgres:15"; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/mastodon/db:/var/lib/postgresql/data"]; + volumes = ["${config.custom.containers.directory}/mastodon/db:/var/lib/postgresql/data"]; }; }; }; diff --git a/options/custom/settings/containers/nextcloud.nix b/options/custom/containers/nextcloud.nix similarity index 79% rename from options/custom/settings/containers/nextcloud.nix rename to options/custom/containers/nextcloud.nix index 56ba278..613cbe2 100644 --- a/options/custom/settings/containers/nextcloud.nix +++ b/options/custom/containers/nextcloud.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.nextcloud; + cfg = config.custom.containers.nextcloud; in { - options.custom.settings.containers.nextcloud.enable = mkOption {default = false;}; + options.custom.containers.nextcloud.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let @@ -35,8 +35,8 @@ in { restart = "unless-stopped"; volumes = [ - "${config.custom.settings.containers.directory}/nextcloud/app:/var/www/html" - "${config.custom.settings.containers.directory}/nextcloud/data:/var/www/html/data" + "${config.custom.containers.directory}/nextcloud/app:/var/www/html" + "${config.custom.containers.directory}/nextcloud/data:/var/www/html/data" ]; depends_on = [ @@ -63,7 +63,7 @@ in { container_name = "nextcloud-cache"; image = "redis:latest"; restart = "unless-stopped"; - volumes = ["${config.custom.settings.containers.directory}/nextcloud/cache:/data"]; + volumes = ["${config.custom.containers.directory}/nextcloud/cache:/data"]; }; db.service = { @@ -73,7 +73,7 @@ in { restart = "unless-stopped"; volumes = [ - "${config.custom.settings.containers.directory}/nextcloud/db:/var/lib/postgresql/data" + "${config.custom.containers.directory}/nextcloud/db:/var/lib/postgresql/data" ]; }; }; diff --git a/options/custom/settings/containers/redlib.nix b/options/custom/containers/redlib.nix similarity index 86% rename from options/custom/settings/containers/redlib.nix rename to options/custom/containers/redlib.nix index 34dd852..be1f439 100644 --- a/options/custom/settings/containers/redlib.nix +++ b/options/custom/containers/redlib.nix @@ -4,9 +4,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.redlib; + cfg = config.custom.containers.redlib; in { - options.custom.settings.containers.redlib.enable = mkOption {default = false;}; + options.custom.containers.redlib.enable = mkOption {default = false;}; config = mkIf cfg.enable { #?? arion-redlib pull diff --git a/options/custom/settings/containers/searxng/default.nix b/options/custom/containers/searxng/default.nix similarity index 91% rename from options/custom/settings/containers/searxng/default.nix rename to options/custom/containers/searxng/default.nix index 3e1b7bd..eae7edb 100644 --- a/options/custom/settings/containers/searxng/default.nix +++ b/options/custom/containers/searxng/default.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.custom.settings.containers.searxng; + cfg = config.custom.containers.searxng; in { - options.custom.settings.containers.searxng.enable = mkOption {default = false;}; + options.custom.containers.searxng.enable = mkOption {default = false;}; config = mkIf cfg.enable { age.secrets = let diff --git a/options/custom/settings/containers/searxng/limiter.toml b/options/custom/containers/searxng/limiter.toml similarity index 100% rename from options/custom/settings/containers/searxng/limiter.toml rename to options/custom/containers/searxng/limiter.toml diff --git a/options/custom/settings/containers/searxng/settings.yml b/options/custom/containers/searxng/settings.yml similarity index 100% rename from options/custom/settings/containers/searxng/settings.yml rename to options/custom/containers/searxng/settings.yml diff --git a/options/custom/desktops/hyprland/binds.nix b/options/custom/desktops/hyprland/binds.nix index 7cc3dca..7b6e397 100644 --- a/options/custom/desktops/hyprland/binds.nix +++ b/options/custom/desktops/hyprland/binds.nix @@ -191,7 +191,7 @@ in { (key "Up" "Super" "movewindow" "u") (key "Up" "Super+Shift" "movewindoworgroup" "u") - (key "0" "Super" "exec" "${audio} --bypass") + (key "0" "Super" "exec" "${audio}") (key "0" "Super+Shift" "exec" "${zoom}") (key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01") (key "1" "Super" "workspace" "1") diff --git a/options/custom/programs/vscode.nix b/options/custom/programs/vscode.nix index 5e2075b..1c3ad03 100644 --- a/options/custom/programs/vscode.nix +++ b/options/custom/programs/vscode.nix @@ -62,7 +62,6 @@ in { ms-python.black-formatter ms-python.debugpy ms-python.isort - ms-python.python natizyskunk.sftp pkief.material-icon-theme pkief.material-product-icons @@ -72,10 +71,11 @@ in { vincaslt.highlight-matching-tag ] ++ (with (repo "vscode-marketplace"); [ - # Some extensions go missing from open-vsx, so use official marketplace as fallback + #!! Some extensions go missing from open-vsx, so use official marketplace as fallback # https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note bodil.blueprint-gtk cormoran.disable-default-keybinding + ms-python.python sirmspencer.vscode-autohide ]); }; diff --git a/options/custom/services/samba.nix b/options/custom/services/samba.nix index af2676b..77ea898 100644 --- a/options/custom/services/samba.nix +++ b/options/custom/services/samba.nix @@ -13,32 +13,35 @@ in { # https://gitlab.com/samba-team/samba #!! User configuration is imperative #?? sudo smbpasswd -a $USER - services.samba = { - enable = true; - openFirewall = true; - nmbd.enable = false; - nsswins = false; + services.samba = + if (versionAtLeast version "24.11") + then { + enable = true; + nmbd.enable = false; + nsswins = false; + openFirewall = true; - # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html - settings = { - Public.path = "/home/${config.custom.username}/Public"; - SYNC.path = "/home/${config.custom.username}/SYNC"; + # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html + settings = { + Public.path = "/home/${config.custom.username}/Public"; + SYNC.path = "/home/${config.custom.username}/SYNC"; - global = { - "allow insecure wide links" = "yes"; - "browseable" = "no"; - "follow symlinks" = "yes"; - "force user" = config.custom.username; - "hostname lookups" = "yes"; - "hosts allow" = "192.168.111."; - "inherit owner" = "unix only"; - "inherit permissions" = "yes"; - "logging" = "systemd"; - "map to guest" = "bad password"; - "wide links" = "yes"; - "writeable" = "yes"; + global = { + "allow insecure wide links" = "yes"; + "browseable" = "no"; + "follow symlinks" = "yes"; + "force user" = config.custom.username; + "hostname lookups" = "yes"; + "hosts allow" = "192.168.111."; + "inherit owner" = "unix only"; + "inherit permissions" = "yes"; + "logging" = "systemd"; + "map to guest" = "bad password"; + "wide links" = "yes"; + "writeable" = "yes"; + }; }; - }; - }; + } + else {}; }; } diff --git a/options/custom/settings/default.nix b/options/custom/settings/default.nix index e15b016..656923a 100644 --- a/options/custom/settings/default.nix +++ b/options/custom/settings/default.nix @@ -25,7 +25,6 @@ with lib; { (mkIf config.custom.full { accounts.enable = true; - containers.enable = true; vm.enable = true; waydroid.enable = true; }) diff --git a/profiles/sbc/default.nix b/profiles/sbc/default.nix index eb02294..eb97537 100644 --- a/profiles/sbc/default.nix +++ b/profiles/sbc/default.nix @@ -3,6 +3,12 @@ profile = "sbc"; programs.fastfetch.greet = true; + containers = { + enable = true; + boot = true; + homeassistant.enable = true; + }; + services = { tailscale.cert = true; @@ -27,12 +33,6 @@ settings = { boot.u-boot = true; networking.wifi = true; - - containers = { - enable = true; - boot = true; - homeassistant.enable = true; - }; }; }; } diff --git a/profiles/server/default.nix b/profiles/server/default.nix index 9cf39a6..8723a57 100644 --- a/profiles/server/default.nix +++ b/profiles/server/default.nix @@ -3,6 +3,21 @@ profile = "server"; programs.fastfetch.greet = true; + containers = { + enable = true; + boot = true; + actualbudget.enable = true; + coturn.enable = true; + forgejo.enable = true; + foundryvtt.enable = true; + #// headscale.enable = true; + mastodon.enable = true; + netbox.enable = true; + nextcloud.enable = true; + redlib.enable = true; + searxng.enable = true; + }; + services = { caddy.enable = true; matrix-conduit.enable = true; @@ -47,20 +62,6 @@ boot.systemd-boot = true; mounts.enable = true; users.myned.linger = true; - - containers = { - enable = true; - boot = true; - actualbudget.enable = true; - coturn.enable = true; - forgejo.enable = true; - foundryvtt.enable = true; - #// headscale.enable = true; - mastodon.enable = true; - nextcloud.enable = true; - redlib.enable = true; - searxng.enable = true; - }; }; }; }