diff --git a/SwarselSystems.org b/SwarselSystems.org index 11724c8..b8d9d03 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1396,6 +1396,7 @@ My work machine. Built for more security, this is the gold standard of my config isLaptop = true; isNixos = true; isBtrfs = true; + flakePath = "/home/swarsel/.dotfiles"; # temperatureHwmon = { # isAbsolutePath = true; # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; @@ -1596,6 +1597,7 @@ My work machine. Built for more security, this is the gold standard of my config transmission = true; syncthing = true; monitoring = true; + freshrss = true; }; }; @@ -2842,6 +2844,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; + options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; } #+end_src @@ -3130,6 +3133,10 @@ These are some extra options that will be used if the machine also runs NixOS. F #+begin_src nix :noweb yes :tangle modules/home/nixos.nix { lib, config, ... }: { + options.swarselsystems.flakePath = lib.mkOption { + type = lib.types.str; + default = ""; + }; options.swarselsystems.isNixos = lib.mkEnableOption "nixos host"; config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [ { @@ -6606,20 +6613,43 @@ Here we just define some aliases for rebuilding the system, and we allow some in startWithGraphical = false; }; + }; + + } +#+end_src + +**** FreshRSS + +#+begin_src nix :tangle profiles/server/nixos/freshrss.nix + { lib, config, ... }: + { + config = lib.mkIf config.swarselsystems.server.freshrss { + + users.users.freshrss = { + extraGroups = [ "users" ]; + group = "freshrss"; + isSystemUser = true; + }; + + users.groups.freshrss = {}; + + sops.secrets.fresh = { owner = "freshrss"; }; + + services.freshrss = { + enable = true; + virtualHost = "signpost.swarsel.win"; + baseUrl = "https://signpost.swarsel.win"; + dataDir = "/Vault/data/tt-rss"; + defaultUser = "Swarsel"; + passwordFile = config.sops.secrets.fresh.path; + }; + services.nginx = { virtualHosts = { "signpost.swarsel.win" = { - enableACME = false; - forceSSL = false; + enableACME = true; + forceSSL = true; acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:9812"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; }; }; }; @@ -7744,13 +7774,16 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var This section is for programs that require no further configuration. zsh Integration is enabled by default for these. #+begin_src nix :tangle profiles/common/home/programs.nix - _: + { pkgs, ... }: { programs = { bottom.enable = true; imv.enable = true; sioyek.enable = true; - bat.enable = true; + bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + }; carapace.enable = true; wlogout.enable = true; swayr.enable = true; @@ -8085,10 +8118,9 @@ Here we set some aliases (some of them should be shellApplications instead) as w shellAliases = lib.recursiveUpdate { hg = "history | grep"; - hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; - nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch-stay = "cd ~/.dotfiles; git restore flake.lock; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - edithome = "e -w ~/.dotfiles/SwarselSystems.org"; + hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch"; + nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch"; + nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -8097,6 +8129,8 @@ Here we set some aliases (some of them should be shellApplications instead) as w passpull = "cd ~/.local/share/password-store; git pull; cd -;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; cd = "z"; + cd-orig = "cd"; + cat-orig = "cat"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 5c26295..dede7ab 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -90,6 +90,7 @@ in isLaptop = true; isNixos = true; isBtrfs = true; + flakePath = "/home/swarsel/.dotfiles"; # temperatureHwmon = { # isAbsolutePath = true; # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 6215b88..725adf9 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -63,6 +63,7 @@ in transmission = true; syncthing = true; monitoring = true; + freshrss = true; }; }; diff --git a/modules/home/nixos.nix b/modules/home/nixos.nix index f4cbd9d..b5bbd59 100644 --- a/modules/home/nixos.nix +++ b/modules/home/nixos.nix @@ -1,5 +1,9 @@ { lib, config, ... }: { + options.swarselsystems.flakePath = lib.mkOption { + type = lib.types.str; + default = ""; + }; options.swarselsystems.isNixos = lib.mkEnableOption "nixos host"; config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [ { diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix index 7f7fa56..46b63e2 100644 --- a/modules/nixos/setup.nix +++ b/modules/nixos/setup.nix @@ -31,4 +31,5 @@ in options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; + options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; } diff --git a/profiles/common/home/programs.nix b/profiles/common/home/programs.nix index 2d8fe84..be8bac8 100644 --- a/profiles/common/home/programs.nix +++ b/profiles/common/home/programs.nix @@ -1,10 +1,13 @@ -_: +{ pkgs, ... }: { programs = { bottom.enable = true; imv.enable = true; sioyek.enable = true; - bat.enable = true; + bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + }; carapace.enable = true; wlogout.enable = true; swayr.enable = true; diff --git a/profiles/common/home/zsh.nix b/profiles/common/home/zsh.nix index 0189c0c..7e342e0 100644 --- a/profiles/common/home/zsh.nix +++ b/profiles/common/home/zsh.nix @@ -5,10 +5,9 @@ shellAliases = lib.recursiveUpdate { hg = "history | grep"; - hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; - nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch-stay = "cd ~/.dotfiles; git restore flake.lock; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - edithome = "e -w ~/.dotfiles/SwarselSystems.org"; + hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch"; + nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch"; + nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -17,6 +16,8 @@ passpull = "cd ~/.local/share/password-store; git pull; cd -;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; cd = "z"; + cd-orig = "cd"; + cat-orig = "cat"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; diff --git a/profiles/server/nixos/emacs.nix b/profiles/server/nixos/emacs.nix index 1e12342..88201a6 100644 --- a/profiles/server/nixos/emacs.nix +++ b/profiles/server/nixos/emacs.nix @@ -10,23 +10,6 @@ startWithGraphical = false; }; - services.nginx = { - virtualHosts = { - "signpost.swarsel.win" = { - enableACME = false; - forceSSL = false; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:9812"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - }; - }; }; } diff --git a/profiles/server/nixos/freshrss.nix b/profiles/server/nixos/freshrss.nix new file mode 100644 index 0000000..b6570d8 --- /dev/null +++ b/profiles/server/nixos/freshrss.nix @@ -0,0 +1,35 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselsystems.server.freshrss { + + users.users.freshrss = { + extraGroups = [ "users" ]; + group = "freshrss"; + isSystemUser = true; + }; + + users.groups.freshrss = { }; + + sops.secrets.fresh = { owner = "freshrss"; }; + + services.freshrss = { + enable = true; + virtualHost = "signpost.swarsel.win"; + baseUrl = "https://signpost.swarsel.win"; + dataDir = "/Vault/data/tt-rss"; + defaultUser = "Swarsel"; + passwordFile = config.sops.secrets.fresh.path; + }; + + services.nginx = { + virtualHosts = { + "signpost.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + }; + }; + }; + }; + +} diff --git a/secrets/sync/secrets.yaml b/secrets/sync/secrets.yaml index 38e0069..9c37d73 100644 --- a/secrets/sync/secrets.yaml +++ b/secrets/sync/secrets.yaml @@ -1,6 +1,7 @@ swarsel: ENC[AES256_GCM,data:WzMlNzg5iAu823s=,iv:U8ZutlrzBqq7z445kSnvluejtta4X/0YMIIOdcQuftg=,tag:IE0WMuXlNwnBHzXtrbVHKA==,type:str] dnstokenfull: ENC[AES256_GCM,data:hxgxSm6pcXOEHZHdSwQkfZryFccQXrCu9idULJhWK/tQ44FyRIU4Yg==,iv:ObKf1M1qkgCltkKJX+URaPSiK5Itd3xlfBXPjf1iVak=,tag:PASR0pgBdcDYjdTZ2eEUCg==,type:str] swarseluser: ENC[AES256_GCM,data:e/p76dBuM7eLIrO0HBeJMs8eMCAGAklGcA==,iv:r+e9GGMDCCjh1eWnB4AJMFdMuXbVXxoLMefooq0SOlE=,tag:auRo+JnwH+EardJQbKek0A==,type:str] +fresh: ENC[AES256_GCM,data:nBOGgSKPh1SgdJc=,iv:y3eX0UfB0bWvETbS4sieSdTbrHZIQajXNxEjewGqdG4=,tag:6zCtZxuFAxT7qof4v1FhUw==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: ckc3MmZZTVFyRGFaTVlVM29ra3JkbzQKNYhBd9oMS/jn2Oqyx9LpqJjQUx2mEZ/B aUNbenlCRr8KCc+yBXuTyI31LPXJ3YHsI1cfp1K/LGzCY2F0uk4rSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-15T16:12:07Z" - mac: ENC[AES256_GCM,data:hMx5qjmUgTS6cOzO2e0tFB3DwJzbruwPn0J1TIa6XbmgvcDThiOAxsfKRQUrc/uWd/1Ehke+VPdt77d8hgUoe+NuUQY592Lx78DhfdaVQkwR62MfKf1Y3unRjjGjILIK935qcesTPXm10hRUenxf8r0eXGMlYnFn3pLTTVOD7mw=,iv:FGdr2xJCRYGAlNt0r0Zkt/Abre/pCXebM6o+VkTcB7I=,tag:aeRgsVSNH4QE6S69sgUXCQ==,type:str] + lastmodified: "2024-12-16T14:19:00Z" + mac: ENC[AES256_GCM,data:muRO5vJFFgsj1b12pDrrqM1ddydpKl87OIgXPWfU6hBOu4ddo5h1alr1zd5i8T4x0FcrJ0Yb5FiPVa54Dv/nDvhY0q/+I/gaNMreMDtwSdtm50vMutU4zWTCKkO6gs7ca9m8QajbLyDmiwFWUdLyd9rbgPdiGm6Wxsq6GoH7GJo=,iv:nLuHlLzxKGHznuiW7hwzYFzc3l7kCzbT1/KsloOGT9k=,tag:nEOFQfmNOrSf+68d6+wFbg==,type:str] pgp: - created_at: "2024-02-01T01:06:36Z" enc: |-