patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: netbird/firefly upstream

Browse source
This commit is contained in:
Patrick 2024-04-24 01:00:57 +02:00
parent 538dd51b69
commit 3ea4c5a864
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
19 changed files with 200 additions and 903 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
config/services/firefly.nix
View file

@ -1,24 +1,31 @@
{
config,
nodes,
lib,
...
}: {
imports = [../../modules/fireflyIII.nix];
wireguard.elisabeth = {
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [80];
};
age.secrets.appKey = {
generator.script = _: ''
echo "base64:$(head -c 32 /dev/urandom | base64)"
'';
owner = "firefly-iii";
};
services.firefly-iii = {
enable = true;
enableNginx = true;
virtualHost = "money.${config.secrets.secrets.global.domains.web}";
settings = {
APP_URL = "https://money.${config.secrets.secrets.global.domains.web}";
APP_URL = lib.mkForce "https://money.${config.secrets.secrets.global.domains.web}";
TZ = "Europe/Berlin";
TRUSTED_PROXIES = lib.trace "fix" "*";
TRUSTED_PROXIES = nodes.elisabeth.config.wireguard.elisabeth.ipv4;
SITE_OWNER = "firefly-admin@${config.secrets.secrets.global.domains.mail_public}";
APP_KEY = lib.trace "fix" "ctiectiectiectctiectiectiectieie";
APP_KEY_FILE = config.age.secrets.appKey.path;
};
};

74
config/services/netbird.nix
View file

@ -1,30 +1,68 @@
{config, ...}: {
imports = [
../../modules/netbird-server.nix
../../modules/netbird-dashboard.nix
];
{
config,
lib,
...
}: {
wireguard.elisabeth = {
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [80 3000 3001];
};
age.secrets.coturnPassword = {
generator.script = "alnum";
group = "netbird";
};
age.secrets.coturnSecret = {
generator.script = "alnum";
group = "netbird";
};
age.secrets.dataEnc = {
generator.script = "alnum";
group = "netbird";
};
networking.firewall.allowedTCPPorts = [80 3000 3001];
networking.firewall.allowedUDPPorts = [3478];
services.netbird-dashboard = {
enable = true;
enableNginx = true;
domain = "netbird.${config.secrets.secrets.global.domains.web}";
settings = {
AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
services.netbird = {
server = {
enable = true;
domain = "netbird.${config.secrets.secrets.global.domains.web}";
dashboard = {
enableNginx = lib.mkForce true;
settings = {
AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
};
};
coturn = {
enable = true;
passwordFile = config.age.secrets.coturnPassword.path;
};
management = {
port = 3000;
dnsDomain = "internal.${config.secrets.secrets.global.domains.web}";
singleAccountModeDomain = "netbird.patrick";
oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
TURNConfig = {
Secret._secret = config.age.secrets.coturnSecret.path;
# TODO I think this is broken
Turns = [
{
Password._secret = config.age.secrets.coturnPassword.path;
}
];
};
DataStoreEncryptionKey._secret = config.age.secrets.dataEnc.path;
};
};
};
};
services.netbird-server = {
enableCoturn = true;
enable = true;
domain = "netbird.${config.secrets.secrets.global.domains.web}";
oidcConfigEndpoint = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird/.well-known/openid-configuration";
singleAccountModeDomain = "netbird.patrick";
};
security.acme.certs = lib.mkForce {};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/netbird-mgmt";

239
flake.lock
View file

@ -37,11 +37,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1712180480,
"narHash": "sha256-fmjbIcYT4Hj/Tow004I9FKz/DbIYRjTDOPDRXaddt08=",
"lastModified": 1713903302,
"narHash": "sha256-qPy0BYFTenmyG4EU+oXej0V/i4jSsVvWbGGrv9Sb0kQ=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "85df729446fca1b9f22097b03e0ae2427c3246e2",
"rev": "8da0392e75373711604a07907de25ec9d5277384",
"type": "github"
},
"original": {
@ -68,39 +68,6 @@
"type": "github"
}
},
"base16-alacritty": {
"flake": false,
"locked": {
"lastModified": 1703982197,
"narHash": "sha256-TNxKbwdiUXGi4Z4chT72l3mt3GSvOcz6NZsUH8bQU/k=",
"owner": "aarowill",
"repo": "base16-alacritty",
"rev": "c95c200b3af739708455a03b5d185d3d2d263c6e",
"type": "github"
},
"original": {
"owner": "aarowill",
"repo": "base16-alacritty",
"type": "github"
}
},
"base16-alacritty-yaml": {
"flake": false,
"locked": {
"lastModified": 1674275109,
"narHash": "sha256-Adwx9yP70I6mJrjjODOgZJjt4OPPe8gJu7UuBboXO4M=",
"owner": "aarowill",
"repo": "base16-alacritty",
"rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7",
"type": "github"
},
"original": {
"owner": "aarowill",
"repo": "base16-alacritty",
"rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
@ -303,11 +270,11 @@
]
},
"locked": {
"lastModified": 1711099426,
"narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
@ -369,11 +336,11 @@
]
},
"locked": {
"lastModified": 1711099426,
"narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
@ -389,11 +356,11 @@
]
},
"locked": {
"lastModified": 1712318811,
"narHash": "sha256-6T5sM2Vdg1xr8nbaI4gFKcp7P6AX5HSsPRs0Nl+QThU=",
"lastModified": 1713875178,
"narHash": "sha256-FFJ4dojuziC6HLxugW+2YJ1P+m5veDq0WZSpZRSm/SY=",
"owner": "nix-community",
"repo": "disko",
"rev": "9fd80a030b8aaae1619c805aa092556cbe328f96",
"rev": "dea314155a9b8a4de242bdd4c005ba8a5dce8385",
"type": "github"
},
"original": {
@ -573,11 +540,11 @@
]
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
@ -594,11 +561,11 @@
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
@ -960,11 +927,11 @@
]
},
"locked": {
"lastModified": 1712317700,
"narHash": "sha256-rnkQ6qMhlxfjpCECkTMlFXHU/88QvC5KpdJWq5H6F1E=",
"lastModified": 1713894582,
"narHash": "sha256-pHJYZIVFmzPAwyTfcMGJwlfz18nOsS4p0CuDnI1EDL4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "782eed8bb64b27acaeb7c17be4a095c85e65717f",
"rev": "33a20182e3164f451b6a4ac2ecadcab5c2c36703",
"type": "github"
},
"original": {
@ -981,11 +948,11 @@
]
},
"locked": {
"lastModified": 1711625603,
"narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
"lastModified": 1713732794,
"narHash": "sha256-AYCofb8Zu4Mbc1lHDtju/uxeARawRijmOueAqEMEfMU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
"rev": "670d9ecc3e46a6e3265c203c2d136031a3d3548e",
"type": "github"
},
"original": {
@ -1002,11 +969,11 @@
]
},
"locked": {
"lastModified": 1706001011,
"narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=",
"lastModified": 1711915616,
"narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084",
"rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
"type": "github"
},
"original": {
@ -1063,11 +1030,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1711886936,
"narHash": "sha256-D2WENp9GuaCostvNcQ7vElekk0V5cuMdnFZ7NfRhVrQ=",
"lastModified": 1713701427,
"narHash": "sha256-v6z8hz/UDaC/rbnkH+hxGFUxlNyseVntRetVpSxLU6c=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9c06929b83e57c18d125f1105ba6a423f24083d2",
"rev": "3b32a98eb3053f8c8ca55497d1881443ef2996e6",
"type": "github"
},
"original": {
@ -1100,11 +1067,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1712322624,
"narHash": "sha256-mq9oLUqteBMCxhv4TFASiqZN/O9OfpPRyoziNnRlr+Y=",
"lastModified": 1713463636,
"narHash": "sha256-IPdnR0Rs7XoffnCn6rExYDlft/GHD/UFgQ11lTVEK48=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "d0ac4be743b4fdb5bdafd6f9f230e3c20801d527",
"rev": "6a4f822a817180be03fcdceb654088d002c9ec5e",
"type": "github"
},
"original": {
@ -1121,11 +1088,11 @@
]
},
"locked": {
"lastModified": 1711763326,
"narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=",
"lastModified": 1713543876,
"narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083",
"rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed",
"type": "github"
},
"original": {
@ -1142,11 +1109,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1705242886,
"narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=",
"lastModified": 1713858845,
"narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "6b03a93296faf174b97546fd573c8b379f523a8d",
"rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c",
"type": "github"
},
"original": {
@ -1164,11 +1131,11 @@
]
},
"locked": {
"lastModified": 1701208414,
"narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
@ -1184,11 +1151,11 @@
]
},
"locked": {
"lastModified": 1711854532,
"narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=",
"lastModified": 1713869268,
"narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7",
"rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
"type": "github"
},
"original": {
@ -1205,11 +1172,11 @@
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1712920175,
"narHash": "sha256-9Tx06/vDa8rk674G8+ySSMqvF3lV7pV4GDbswkFB1O8=",
"lastModified": 1713783363,
"narHash": "sha256-4nSK8+QrCabGTINrQNucPm60Mq9GCuImgMGSVUTtCj4=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "eb12c632505b724a4752fd5317481350d47ef61d",
"rev": "d54cacc0ee6c53ae696c954c7105980d9c944c9b",
"type": "github"
},
"original": {
@ -1220,11 +1187,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1711846064,
"narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=",
"lastModified": 1712450863,
"narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "90b1a963ff84dc532db92f678296ff2499a60a87",
"rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
"type": "github"
},
"original": {
@ -1244,12 +1211,12 @@
"pre-commit-hooks": "pre-commit-hooks_3"
},
"locked": {
"dirtyRev": "3ade74f7616458c38f00ee6fed73794e1a79bbf3-dirty",
"dirtyShortRev": "3ade74f-dirty",
"lastModified": 1712851738,
"narHash": "sha256-fy4D8OlrkEmJILhvWw+O7+frgtHRfbHSnhps2o6177U=",
"type": "git",
"url": "file:///home/patrick/repos/nix/nixos-extra-modules"
"lastModified": 1712921831,
"narHash": "sha256-5WVeVRFoO0QziYNeM+Wcxj12F2H8siNlQ0ueDZBD/e4=",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"rev": "fc2cef598dcf0f407d91cc2cde96144199fd1dca",
"type": "github"
},
"original": {
"owner": "oddlama",
@ -1265,11 +1232,11 @@
]
},
"locked": {
"lastModified": 1712191720,
"narHash": "sha256-xXtSSnVHURHsxLQO30dzCKW5NJVGV/umdQPmFjPFMVA=",
"lastModified": 1713783234,
"narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "0c15e76bed5432d7775a22e8d22059511f59d23a",
"rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e",
"type": "github"
},
"original": {
@ -1280,11 +1247,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1711352745,
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
"lastModified": 1713864415,
"narHash": "sha256-/BPDMJEkrsFAFOsQWhwm31wezlgshPFlLBn34KEUdVA=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
"rev": "797f8d8082c7cc3259cba7275c699d4991b09ecc",
"type": "github"
},
"original": {
@ -1332,11 +1299,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1711846064,
"narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=",
"lastModified": 1713660444,
"narHash": "sha256-2bVnrEGyWJhRNKspzfTJmVD/fsH9HQURD4cWpz79Ulw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "90b1a963ff84dc532db92f678296ff2499a60a87",
"rev": "6882347415e352cfc9c277cc01f73e0f5cb7b93c",
"type": "github"
},
"original": {
@ -1435,11 +1402,11 @@
]
},
"locked": {
"lastModified": 1712237761,
"narHash": "sha256-NoMBBCADTms3yx5BL+sbc7vfDivNiYULO6t9GBAsPt0=",
"lastModified": 1713889202,
"narHash": "sha256-cQdLbp8JedDOULe9jXMbL20H526O8OTWkvOPh4ZGpyY=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "9b77653338f52da4b498abdf4835efb6ff6e453e",
"rev": "f3b71af6d8503e427e81321f49bc823303a84b10",
"type": "github"
},
"original": {
@ -1450,11 +1417,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"lastModified": 1713714899,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
"type": "github"
},
"original": {
@ -1466,11 +1433,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
"lastModified": 1713805509,
"narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
"rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4",
"type": "github"
},
"original": {
@ -1498,11 +1465,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1700856099,
"narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=",
"lastModified": 1713596654,
"narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1",
"rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be",
"type": "github"
},
"original": {
@ -1525,11 +1492,11 @@
"pre-commit-hooks": "pre-commit-hooks_4"
},
"locked": {
"lastModified": 1712299511,
"narHash": "sha256-yrBK6Jq0UuJjP+nc01OFNoKRRJgPNkbmwPpE4mD2Bis=",
"lastModified": 1713856119,
"narHash": "sha256-TfNc8vxF7IaRhTlMgOeUN01y7QoBx50MYmGU1sSU6Vw=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "f285a958c089ccbca9c5710d4a075683fa1af654",
"rev": "c826d146c65bfa8164f31931cf54278b99f5a3a0",
"type": "github"
},
"original": {
@ -1668,11 +1635,11 @@
]
},
"locked": {
"lastModified": 1711760932,
"narHash": "sha256-DqUTQ2iAAqSDwMhKBqvi24v0Oc7pD3LCK/0FCG//TdA=",
"lastModified": 1713775815,
"narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "c11e43aed6f17336c25cd120eac886b96c455731",
"rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4",
"type": "github"
},
"original": {
@ -1694,11 +1661,11 @@
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
"lastModified": 1712055707,
"narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
"lastModified": 1713775815,
"narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
"rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4",
"type": "github"
},
"original": {
@ -1730,7 +1697,8 @@
"pre-commit-hooks": "pre-commit-hooks_5",
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"systems": "systems_13"
"systems": "systems_13",
"templates": "templates"
}
},
"rust-overlay": {
@ -1796,8 +1764,6 @@
"stylix": {
"inputs": {
"base16": "base16",
"base16-alacritty": "base16-alacritty",
"base16-alacritty-yaml": "base16-alacritty-yaml",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
@ -1810,11 +1776,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1712154372,
"narHash": "sha256-2HFQm/gpmxtMokn6pInHlTlU7mBONLb3Y1aN8SlY0tc=",
"lastModified": 1713821140,
"narHash": "sha256-/kGc9R01h8mTmZKhrVyGWaK/w9zgettmHIE3GZW8Khs=",
"owner": "danth",
"repo": "stylix",
"rev": "f9b9bc7c8e69942cd2583a3309f86fc5260f1275",
"rev": "0fe277a3641a849478a94c7900c2d5a90609a306",
"type": "github"
},
"original": {
@ -2018,6 +1984,21 @@
"type": "github"
}
},
"templates": {
"locked": {
"lastModified": 1696855554,
"narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=",
"ref": "refs/heads/main",
"rev": "a6c35c2af9f26599e81002630329054b99efbe79",
"revCount": 11,
"type": "git",
"url": "https://forge.lel.lol/patrick/nix-templates.git"
},
"original": {
"type": "git",
"url": "https://forge.lel.lol/patrick/nix-templates.git"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -2027,11 +2008,11 @@
]
},
"locked": {
"lastModified": 1702979157,
"narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=",
"lastModified": 1711963903,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2961375283668d867e64129c22af532de8e77734",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -66,7 +66,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
#templates.url = "git+https://forge.lel.lol/patrick/nix-templates.git";
templates.url = "git+https://forge.lel.lol/patrick/nix-templates.git";
nix-topology.url = "github:oddlama/nix-topology";
@ -115,7 +115,7 @@
inherit (nixpkgs) lib;
stateVersion = "23.05";
in
rec {
{
secretsConfig = {
# This should be a link to one of the age public keys is './keys'
masterIdentities = ["/run/decrypt.key.pub"];

1
hosts/elisabeth/guests.nix
View file

@ -230,7 +230,6 @@ in {
];
};
#deadnix: skip
mkMicrovm = guestName: cfg: {
${guestName} =
mkGuest guestName cfg

BIN
hosts/elisabeth/secrets/firefly/generated/appKey.age Normal file
View file

Binary file not shown.

15
hosts/elisabeth/secrets/netbird/generated/coturnPassword.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 MeYJjzQMjRwPh8EFqiGeorYdWehfCS71htIQhK5o2nM
LJgMpOnjNBqYwPB4mL3FEGlUnIap5AGfr/e9z7O5dpI
-> piv-p256 XTQkUA A8jLlK5Oec/xxduaGJou2CSZ8eYTnVu5jhjiJL/BJ6fS
RSt3pbvdPPfclk3Gtt0OYkHZ/kAYjKjEQcsjir3cUtI
-> piv-p256 ZFgiIw AhdUtYJ+Nw07WaE5eSXg1F9MyivwmkfdCburxobwZeVD
GbvesLFDdGz4iwMC7a7qse8twlVewqBYgGRrLMGtjnk
-> piv-p256 5vmPtQ An4wYxzXJlnk1gQmXQkF1oixlA2wEz82KD9vyBAc25rn
tD6dUznwI2przLOvVSK4lB5CBKmxkdOrfvtyLYY9ZuM
-> piv-p256 ZFgiIw A5cJyQ++Uq97VsMSt2O9XFtZ+j9FsOVgTUfu9RT/IBsn
XJlU8biGUQEoK/5u6Z+FZX7y0MCfA0NITxtRNuH+dyI
-> sS#fxj8|-grease m7Z $
xPy1jk5euWH0L/pIV/PWdoVJRsmMUVa1MecxzOqqYrP8qqp5My0Gdb44
--- eAewnJjC+jcQ0JRKf+va3B5PFFxubrbpiah8x8oGyt0
'æC!ª:•Í•dwsç ¼Œ8ɇÉÇ[ÿ-¯E74bD€2…z½²§ˆà`<60>ûk34¼ÑŸìT@k)Sä Š#¡sy¨ì¸a»ù»b¤

BIN
hosts/elisabeth/secrets/netbird/generated/coturnSecret.age Normal file
View file

Binary file not shown.

BIN
hosts/elisabeth/secrets/netbird/generated/dataEnc.age Normal file
View file

Binary file not shown.

182
modules/fireflyIII.nix
View file

@ -1,182 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.services.firefly-iii;
inherit
(lib)
mkIf
types
mkEnableOption
mkOption
mkPackageOption
mapAttrs
mkDefault
;
package = "${cfg.package.override {
inherit (cfg) dataDir;
}}/share/php/firefly-iii";
in {
options.services.firefly-iii = {
enable = mkEnableOption "firefly-iii";
dataDir = mkOption {
description = "The firefly-iii data directory.";
default = "/var/lib/firefly-iii";
type = types.path;
};
package =
mkPackageOption pkgs "firefly-iii" {
};
phpPackage = mkPackageOption pkgs "php" {
example = "php82";
default = "php83";
};
database = mkOption {
description = "Which database to use";
default = "sqlite";
type = types.enum ["sqlite" "mysql" "pgsql"];
};
dbCreateLocally = mkOption {
type = types.bool;
default = false;
description = "Create the database locally.";
};
virtualHost = mkOption {
description = "The nginx virtualHost under which firefly-iii will be reachable";
type = types.str;
};
settings = mkOption {
type = with types; attrsOf (nullOr (oneOf [str path package]));
description = ''
The environment used by firefly-iii while running.
See [example](https://github.com/firefly-iii/firefly-iii/blob/main/.env.example) for value definitions.
'';
default = {
LOG_CHANNEL = "syslog";
};
example = {
ALLOW_WEBHOOKS = false;
};
};
};
config = mkIf cfg.enable {
services.firefly-iii.settings = {
DB_CONNECTION = cfg.database;
};
assertions = [
{
assertion = cfg.dbCreateLocally -> cfg.database == "sqlite";
message = "services.firefly-iii.dbCreateLocally is currently only supported for sqlite.";
}
];
services.phpfpm = {
settings = {
error_log = "syslog";
};
pools.firefly-iii = {
inherit (cfg) phpPackage;
phpOptions = ''
log_errors = yes
error_reporting = E_ALL
'';
user = "firefly-iii";
group = "firefly-iii";
phpEnv = cfg.settings;
settings = mapAttrs (_: mkDefault) {
catch_workers_output = "yes";
"listen.mode" = "0660";
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
};
};
users.users.firefly-iii = {
group = "firefly-iii";
isSystemUser = true;
};
users.groups.firefly-iii.members = ["firefly-iii" config.services.nginx.user];
systemd.services.firefly-iii-setup = {
environment = cfg.settings;
description = "Preparation tasks for Firefly III";
before = ["phpfpm-firefly-iii.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "firefly-iii";
WorkingDirectory = package;
};
script = ''
set -euo pipefail
umask 077
${lib.optionalString cfg.dbCreateLocally ''
mkdir -p ${package}/storage/database/
touch ${package}/storage/database/database.sqlite
''}
# migrate db
${lib.getExe cfg.phpPackage} artisan migrate --force
${lib.getExe cfg.phpPackage} artisan firefly-iii:upgrade-database
${lib.getExe cfg.phpPackage} artisan firefly-iii:correct-database
${lib.getExe cfg.phpPackage} artisan firefly-iii:report-integrity
${lib.getExe cfg.phpPackage} artisan firefly-iii:laravel-passport-keys
'';
};
# Data dir
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0750 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/bootstrap 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/bootstrap/cache 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/app 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/database 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/export 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/framework 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/framework/cache 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/framework/sessions 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/framework/views 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/logs 0700 firefly-iii firefly-iii - -"
"d ${cfg.dataDir}/storage/upload 0700 firefly-iii firefly-iii - -"
];
services.nginx = {
enable = mkDefault true;
recommendedTlsSettings = mkDefault true;
recommendedOptimisation = mkDefault true;
recommendedGzipSettings = mkDefault true;
virtualHosts.${cfg.virtualHost} = {
root = "${package}/public";
locations = {
"/" = {
tryFiles = "$uri $uri/ /index.php?$query_string";
index = "index.php";
extraConfig = ''
sendfile off;
'';
};
"~ \.php$" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params ;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket};
'';
};
};
};
};
};
}

118
modules/netbird-dashboard.nix
View file

@ -1,118 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
inherit
(lib)
mkPackageOption
mkIf
mkEnableOption
mkOption
types
isBool
boolToString
;
toStringEnv = value:
if isBool value
then boolToString value
else toString value;
cfg = config.services.netbird-dashboard;
in {
options.services.netbird-dashboard = {
enable = mkEnableOption "the static netbird dashboard frontend";
package = mkPackageOption pkgs "netbird-dashboard" {};
enableNginx = mkEnableOption "Nginx as a webserver serving the backend";
domain = mkOption {
type = types.str;
description = "The domain under which the dashboard runs.";
default = "localhost";
};
settings = mkOption {
description = ''
An attr set that will be used as environment to build the dashboard.
Any values that you set here will be templated into the frontend
and thas be freely available for anyone that can reach your website.
The exact values sadly aren't documented anywhere. An starting point
when searching for valid values is this [script](https://github.com/netbirdio/dashboard/blob/main/docker/init_react_envs.sh)
The only mandatory value is 'AUTH_AUTHORITY' as we cannot set a default value here.
'';
type = types.submodule {
freeformType = types.attrsOf (types.oneOf [types.str types.bool]);
config = {
# Due to how the backend and frontend work this secret will be templated into the backend
# and then served statically from your website
# This enables you to login without the normally needed indirection through the backend
# but this also means anyone that can reach your website can
# fetch this secret, which is why there is no real need to put it into
# special options as its public anyway
# As far as I know leaking this secret is just
# an information leak as one can fetch some basic app
# informations from the IDP
# To actually do something one still needs to have login
# data and this secret so this being public will not
# suffice for anything just decreasing security
AUTH_CLIENT_SECRET = "";
AUTH_CLIENT_ID = "netbird";
# AUTH_AUDIENCE must be set for your devices to be able to log in
AUTH_AUDIENCE = "netbird";
USE_AUTH0 = false;
AUTH_SUPPORTED_SCOPES = "openid profile email";
# While you could override this to use http I would recommend to not do that
# as it will greatly impact the security of your application
NETBIRD_MGMT_API_ENDPOINT = "https://${config.services.netbird-server.domain}";
NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://${config.services.netbird-server.domain}";
NETBIRD_TOKEN_SOURCE = "idToken";
};
};
};
};
config = let
deriv = pkgs.runCommand "template-netbird-dashboard" {} ''
cp -r ${cfg.package} ./temp
${
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: ''export "${name}"="${toStringEnv value}"'') cfg.settings)
}
# replace ENVs in the config
ENV_STR="\$\$USE_AUTH0 \$\$AUTH_AUDIENCE \$\$AUTH_AUTHORITY \$\$AUTH_CLIENT_ID \$\$AUTH_CLIENT_SECRET \$\$AUTH_SUPPORTED_SCOPES \$\$NETBIRD_MGMT_API_ENDPOINT \$\$NETBIRD_MGMT_GRPC_API_ENDPOINT \$\$NETBIRD_HOTJAR_TRACK_ID \$\$NETBIRD_GOOGLE_ANALYTICS_ID \$\$AUTH_REDIRECT_URI \$\$AUTH_SILENT_REDIRECT_URI \$\$NETBIRD_TOKEN_SOURCE \$\$NETBIRD_DRAG_QUERY_PARAMS"
find temp -type d -exec chmod 755 {} \;
OIDC_TRUSTED_DOMAINS="./temp/OidcTrustedDomains.js"
${pkgs.gettext}/bin/envsubst "$ENV_STR" < "$OIDC_TRUSTED_DOMAINS".tmpl > "$OIDC_TRUSTED_DOMAINS"
for f in $(grep -R -l AUTH_SUPPORTED_SCOPES ./); do
${pkgs.gettext}/bin/envsubst "$ENV_STR" < "$f" > "$f".copy
mv -f "$f".copy "$f"
done
mkdir -p $out
cp -r ./temp/. $out/
'';
in
mkIf cfg.enable
{
services.nginx = mkIf cfg.enableNginx {
enable = true;
virtualHosts = {
${cfg.domain} = {
locations = {
"/" = {
root = "${deriv}/";
tryFiles = "$uri $uri.html $uri/ =404";
};
};
extraConfig = ''
error_page 404 /404.html;
location = /404.html {
internal;
}
'';
};
};
};
};
}

333
modules/netbird-server.nix
View file

@ -1,333 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkOption
types
mkPackageOption
mkIf
;
cfg = config.services.netbird-server;
configFile = formatType.generate "config.json" cfg.settings;
formatType = pkgs.formats.json {};
in {
options.services.netbird-server = {
enable = mkEnableOption "netbird, a self hosted wireguard VPN";
package = mkPackageOption pkgs "netbird" {};
enableCoturn = mkEnableOption "the coturn service for running the TURN/STUN server";
domain = mkOption {
type = types.str;
description = "The domain of your netbird instance";
};
port = mkOption {
description = "The port the management interface will listen on";
type = types.port;
default = 3000;
};
oidcConfigEndpoint = mkOption {
type = types.str;
example = "https://example.eu.auth0.com/.well-known/openid-configuration";
description = "The oidc discovery endpoint";
};
signalPort = mkOption {
description = "The listening port for the signal protocol";
default = 3001;
type = types.port;
};
singleAccountModeDomain = mkOption {
description = "Optional domain for single account mode, set to null to disable singleAccountMode";
type = types.nullOr types.str;
default = "netbird.selfhosted";
example = null;
};
turn = {
domain = mkOption {
description = "The domain under which the TURN server is reachable";
type = types.str;
example = "localhost";
default = cfg.domain;
};
port = mkOption {
description = "The port under which the TURN server is reachable";
type = types.port;
default = 3478;
};
userName = mkOption {
description = "The Username for logging into your turn server";
type = types.str;
default = "netbird";
};
password = mkOption {
description = "The password for logging into your turn server";
type = types.str;
default = lib.trace "should not be part of the final config" "netbird";
};
};
settings = mkOption {
default = {};
description = ''
This will be converted to json and used as the management config.
Sadly the exact configuration is undocumented there only exists
this [template](https://github.com/netbirdio/netbird/blob/main/infrastructure_files/management.json.tmpl)
The default values are usable, for a normal setup you don't need to set anything here.
Be advised that any secret you set in here will be in the nix store
and thus world readable. For compliant setups you don't need these secrets
as you should use a oidc public client, some client, e.g. google do not support
this without a secret, which is why you sometimes need to set a secret here.
This is not a problem as this secret will be exposed on your server publicly and only allows
client to initiate a authorization flow.
Even though the template contains oidc values you don't need to set any except for the
ConfigEndpoint as netbird will fetch the rest.
'';
type = types.submodule {
freeformType = formatType.type;
config = {
Stuns = [
{
Proto = "udp";
Uri = "stun:${cfg.turn.domain}:${toString cfg.turn.port}";
# TODO fairly certain with this config anyone can use your STUN server
Username = "";
Password = null;
}
];
TURNConfig = {
Turns = [
{
Proto = "udp";
Uri = "turn:${cfg.turn.domain}:${toString cfg.turn.port}";
Username = cfg.turn.userName;
Password = cfg.turn.password;
}
];
CredentialsTTL = "12h";
# This is not used with the standard coturn configuration
Secret = "secret";
TimeBasedCredentials = false;
};
Signal = {
Proto = "https";
URI = "${cfg.domain}:443";
Username = "";
Password = null;
};
ReverseProxy = {
TrustedHTTPProxies = [];
TrustedHTTPProxiesCount = 0;
TrustedPeers = [
"0.0.0.0/0"
];
};
Datadir = "/var/lib/netbird-mgmt";
DataStoreEncryptionKey = lib.trace "uppsi wuppsi ich hab mein netbird unsiccccccher gemacht" "X4/obyAolDVhjGsz8NDb4TJqgCfwmCA7lOtJFHt9L3w=";
StoreConfig = {
Engine = "sqlite";
};
HttpConfig = {
Address = "0.0.0.0:${toString cfg.port}";
AuthAudience = "netbird";
AuthUserIDClaim = "preferred_username";
OIDCConfigEndpoint = cfg.oidcConfigEndpoint;
};
IdpManagerConfig = {
ManagerType = "none";
};
DeviceAuthorizationFlow = {
ProviderConfig = {
Audience = "netbird";
Scope = "openid profile email";
};
};
PKCEAuthorizationFlow = {
ProviderConfig = {
Audience = "netbird";
ClientID = "netbird";
ClientSecret = "";
Domain = "";
Scope = "openid profile email";
RedirectURLs = ["http://localhost:53000"];
UseIDToken = true;
};
};
};
};
};
};
config = mkIf cfg.enable {
services.coturn = mkIf cfg.enableCoturn {
enable = true;
realm = cfg.domain;
lt-cred-mech = true;
no-cli = true;
# Official documentation says that external-ip has to be
# an IP which is not true as [this](https://github.com/coturn/coturn/blob/9b1cca1fbe909e7cc7c7ac28865f9c190af3515b/src/client/ns_turn_ioaddr.c#L234)
# will resolve a dns name as well
extraConfig = ''
fingerprint
user=${cfg.turn.userName}:${cfg.turn.password}
no-software-attribute
external-ip=${cfg.domain}
'';
};
systemd.services = {
netbird-signal = {
after = ["network.target"];
wantedBy = ["netbird-management.service"];
restartTriggers = [
configFile
];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/netbird-signal run \
--log-file console \
--port ${builtins.toString cfg.signalPort}
'';
Restart = "always";
RuntimeDirectory = "netbird-mgmt";
StateDirectory = "netbird-mgmt";
WorkingDirectory = "/var/lib/netbird-mgmt";
RestartSec = "60";
# hardening
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = true;
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
# Hardening
#CapabilityBoundingSet = "";
#PrivateUsers = true;
#ProtectProc = "invisible";
#ProcSubset = "pid";
#RestrictAddressFamilies = [
# "AF_INET"
# "AF_INET6"
# "AF_NETLINK"
#];
#SystemCallArchitectures = "native";
#SystemCallFilter = [
# "@system-service"
# "@pkey"
#];
UMask = "0077";
};
unitConfig = {
StartLimitInterval = 5;
StartLimitBurst = 10;
};
stopIfChanged = false;
};
netbird-management = {
description = "The management server for Netbird, a wireguard VPN";
documentation = ["https://netbird.io/docs/"];
after = [
"network.target"
"netbird-setup.service"
];
wantedBy = ["multi-user.target"];
wants = [
"netbird-signal.service"
"netbird-setup.service"
];
restartTriggers = [
configFile
];
serviceConfig = {
# Should we automatically disable metrics?
ExecStart = ''
${cfg.package}/bin/netbird-mgmt management \
--config ${configFile} \
--datadir /var/lib/netbird-mgmt/data \
--disable-anonymous-metrics=true \
${
if cfg.singleAccountModeDomain == null
then "--disable-single-account-mode"
else "--single-account-mode-domain ${cfg.singleAccountModeDomain}"
} \
--idp-sign-key-refresh-enabled \
--port ${builtins.toString cfg.port} \
--log-file console
'';
# TODO add extraCommandLine option
Restart = "always";
RuntimeDirectory = "netbird-mgmt";
StateDirectory = [
"netbird-mgmt"
"netbird-mgmt/data"
];
WorkingDirectory = "/var/lib/netbird-mgmt";
# hardening
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = true;
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
# Hardening
CapabilityBoundingSet = "";
PrivateUsers = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@pkey"
];
UMask = "0077";
};
unitConfig = {
StartLimitInterval = 5;
StartLimitBurst = 10;
};
stopIfChanged = false;
};
};
};
}

2
pkgs/default.nix
View file

@ -6,9 +6,7 @@
your_spotify = super.callPackage ./your_spotify.nix {};
actual = super.callPackage ./actual.nix {};
deploy = super.callPackage ./deploy.nix {};
netbird-dashboard = super.callPackage ./netbird-dashboard {};
minify = super.callPackage ./minify {};
firefly-iii = super.callPackage ./firefly-iii.nix {};
mongodb-bin = super.callPackage ./mongodb-bin.nix {};
awakened-poe-trade = super.callPackage ./awakened-poe-trade.nix {};
neovim-clean = super.neovim-unwrapped.overrideAttrs (_neovimFinal: neovimPrev: {

47
pkgs/firefly-iii.nix
View file

@ -1,47 +0,0 @@
{
lib,
dataDir ? "/var/lib/firefly-iii",
php83,
fetchFromGitHub,
buildNpmPackage,
}: let
version = "6.1.13";
src = fetchFromGitHub {
owner = "firefly-iii";
repo = "firefly-iii";
rev = "v${version}";
hash = "sha256-85zI8uCyyoCflzxDkvba6FWa9B3kh179DJfQ2Um6MGM=";
};
frontend = buildNpmPackage {
inherit src version;
pname = "firefly-iii";
npmDepsHash = "sha256-wuPUE6XuzzgKjpxZVgwh2wGut15M61WSBFG+YIZwOFM=";
installPhase = ''
mkdir -p $out
rm -rf ./node_modules
cp -r ./ $out
mkdir -p $out/storage
cp -r ./ $out
rm -Rf $out/storage
ln -fs ${dataDir}/storage $out/storage
rm -Rf $out/bootstrap/cache
ln -fs ${dataDir}/bootstrap/cache $out/bootstrap/cache
'';
};
in
php83.buildComposerProject rec {
inherit version;
src = frontend;
pname = "firefly-iii";
vendorHash = "sha256-CVGKyyLp5hjjpEulDNEYfljU4OgPBaFcYQQAUf6GeGs=";
meta = with lib; {
description = "Firefly III: a personal finances manager";
homepage = "https://github.com/firefly-iii/firefly-iii/";
changelog = "https://github.com/firefly-iii/firefly-iii/releases/tag/v${version}";
license = licenses.agpl3Only;
maintainers = with maintainers; [patrickdag];
mainProgram = "firefly-iii";
platforms = platforms.all;
};
}

22
pkgs/netbird-dashboard/0001-remove-buildtime-google-fonts.patch
View file

@ -1,22 +0,0 @@
diff --git a/src/layouts/AppLayout.tsx b/src/layouts/AppLayout.tsx
index 86137fe..0339fb7 100644
--- a/src/layouts/AppLayout.tsx
+++ b/src/layouts/AppLayout.tsx
@@ -6,7 +6,7 @@ import { cn } from "@utils/helpers";
import dayjs from "dayjs";
import relativeTime from "dayjs/plugin/relativeTime";
import { Viewport } from "next/dist/lib/metadata/types/extra-types";
-import { Inter } from "next/font/google";
+import localFont from "next/font/local";
import React from "react";
import { Toaster } from "react-hot-toast";
import OIDCProvider from "@/auth/OIDCProvider";
@@ -17,7 +17,7 @@ import ErrorBoundaryProvider from "@/contexts/ErrorBoundary";
import { GlobalThemeProvider } from "@/contexts/GlobalThemeProvider";
import { NavigationEvents } from "@/contexts/NavigationEvents";
-const inter = Inter({ subsets: ["latin"] });
+const inter = localFont({ src: "./inter.ttf" });
// Extend dayjs with relativeTime plugin
dayjs.extend(relativeTime);

40
pkgs/netbird-dashboard/default.nix
View file

@ -1,40 +0,0 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
inter,
}:
buildNpmPackage rec {
pname = "netbird-dashboard";
version = "2.1.3";
src = fetchFromGitHub {
owner = "netbirdio";
repo = "dashboard";
rev = "v${version}";
hash = "sha256-RxqGNIo7UdcVKz7UmupjsCzDpaSoz9UawiUc+h2tyTU=";
};
patches = [
./0001-remove-buildtime-google-fonts.patch
];
CYPRESS_INSTALL_BINARY = 0;
npmDepsHash = "sha256-ts3UuThIMf+wwSr3DpZ+k1i9RnHi/ltvhD/7lomVxQk=";
npmFlags = ["--legacy-peer-deps"];
preBuild = ''
cp ${inter}/share/fonts/truetype/InterVariable.ttf src/layouts/inter.ttf
'';
installPhase = ''
mkdir -p $out
cp -R out/* $out
'';
meta = with lib; {
description = "NetBird Management Service Web UI Panel";
homepage = "https://github.com/netbirdio/dashboard";
license = licenses.bsd3;
maintainers = with maintainers; [thubrecht];
};
}

3
pkgs/your_spotify.nix
View file

@ -7,6 +7,7 @@
mkYarnPackage,
nodejs,
prefetch-yarn-deps,
fixup-yarn-lock,
yarn,
}: let
version = "1.10.1";
@ -53,7 +54,7 @@ in
runHook postBuild
'';
nativeBuildInputs = [makeWrapper yarn prefetch-yarn-deps];
nativeBuildInputs = [fixup-yarn-lock makeWrapper yarn prefetch-yarn-deps];
installPhase = ''
mkdir -p $out/share/your_spotify
cp -r node_modules $out/share/your_spotify/node_modules

3
pkgs/your_spotify_client.nix
View file

@ -4,6 +4,7 @@
your_spotify,
mkYarnPackage,
prefetch-yarn-deps,
fixup-yarn-lock,
src,
version,
yarn,
@ -42,7 +43,7 @@ mkYarnPackage rec {
popd
runHook postBuild
'';
nativeBuildInputs = [yarn prefetch-yarn-deps];
nativeBuildInputs = [fixup-yarn-lock yarn prefetch-yarn-deps];
installPhase = ''
mkdir -p $out

3
users/common/programs/nvim/nixvim/plugins.nix
View file

@ -54,7 +54,7 @@
indent = true;
nixvimInjections = true;
};
treesitter-context.enable = true;
#treesitter-context.enable = true;
vim-matchup.enable = true;
comment.enable = true;
# Fzf picker for arbitrary stuff
@ -67,7 +67,6 @@
keymaps = {
"<leader>gf" = {
action = "git_files";
desc = "Telescope Git Files";
};
"<leader>gg" = "live_grep";
};