diff --git a/flake.nix b/flake.nix index bb05b10..4219e6d 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,7 @@ rec { pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; }; matrix-appservices = { @@ -81,7 +82,7 @@ rec { csharp-language-server = { url = "github:SofusA/csharp-language-server"; - # inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; }; @@ -102,7 +103,6 @@ rec { ./pkgs/flake-module.nix ./lib/flake-module.nix ./hosts/flake-module.nix - ./home/flake-module.nix ./overlays.nix ]; flake = { @@ -113,6 +113,13 @@ rec { systemdNotify = import ./modules/systemdNotify.nix; inadyn = import ./modules/inadyn.nix; }; + + homeManagerModules = { + git = import ./home/modules/git.nix; + firefox = import ./home/modules/firefox/firefox.nix; + tor-browser = import ./home/modules/firefox/tor-browser.nix; + mullvad-browser = import ./home/modules/firefox/mullvad-browser.nix; + }; }; perSystem = { diff --git a/home/flake-module.nix b/home/flake-module.nix deleted file mode 100644 index 6722451..0000000 --- a/home/flake-module.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - self, - inputs, - pkgs, - ... -}: - -let - createHomeConfig = - name: args: - inputs.home-manager.lib.homeManagerConfiguration ( - { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - } - // args - ); -in -{ - flake = { - homeModules = { - git = import ./modules/git.nix; - firefox = import ./modules/firefox/firefox.nix; - tor-browser = import ./modules/firefox/tor-browser.nix; - mullvad-browser = import ./modules/firefox/mullvad-browser.nix; - - # users - felschr = import ./felschr.nix; - felschr-server = import ./felschr-server.nix; - felschr-work = import ./felschr-work.nix; - }; - homeConfigurations = { - felschr = createHomeConfig { - modules = [ - self.homeModules.git - self.homeModules.felschr - ]; - }; - felschr-server = createHomeConfig { - modules = [ - self.homeModules.git - self.homeModules.felschr-server - ]; - }; - felschr-work = createHomeConfig { - modules = [ - self.homeModules.git - self.homeModules.felschr-work - ]; - }; - }; - # HINT alias for deprecated output - homeManagerModules = self.homeModules; - }; -} diff --git a/hosts/flake-module.nix b/hosts/flake-module.nix index 218e42f..1a4387f 100644 --- a/hosts/flake-module.nix +++ b/hosts/flake-module.nix @@ -10,13 +10,12 @@ inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate inputs.nixos-hardware.nixosModules.common-gpu-amd - (self.lib.createSystemModule "home-pc" { + (self.lib.createSystem "home-pc" { hardwareConfig = ../hardware/home-pc.nix; config = ../hosts/home-pc.nix; }) self.lib.createMediaGroup - (self.lib.createUserModule "felschr" { - homeModule = self.homeModules.felschr; + (self.lib.createUser "felschr" { user.extraGroups = [ "wheel" "networkmanager" @@ -27,6 +26,8 @@ "gamemode" "media" ]; + modules = [ self.homeManagerModules.git ]; + config = ../home/felschr.nix; usesContainers = true; }) ( @@ -47,17 +48,18 @@ inputs.nixos-hardware.nixosModules.common-pc inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-cpu-intel - (self.lib.createSystemModule "pilot1" { + (self.lib.createSystem "pilot1" { hardwareConfig = ../hardware/pilot1.nix; config = ../hosts/work-pc.nix; }) - (self.lib.createUserModule "felschr" { - homeModule = self.homeModules.felschr-work; + (self.lib.createUser "felschr" { user.extraGroups = [ "wheel" "audio" "disk" ]; + modules = [ self.homeManagerModules.git ]; + config = ../home/felschr-work.nix; usesContainers = true; }) ]; @@ -74,13 +76,12 @@ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-gpu-intel-kaby-lake inputs.matrix-appservices.nixosModule - (self.lib.createSystemModule "home-server" { + (self.lib.createSystem "home-server" { hardwareConfig = ../hardware/lattepanda.nix; config = ../hosts/home-server.nix; }) self.lib.createMediaGroup - (self.lib.createUserModule "felschr" { - homeModule = self.homeModules.felschr-server; + (self.lib.createUser "felschr" { user = { extraGroups = [ "wheel" @@ -92,6 +93,8 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP751vlJUnB7Pfe1KNr6weWkx/rkP4J3lTYpAekHdOgV" ]; }; + modules = [ self.homeManagerModules.git ]; + config = ../home/felschr-server.nix; }) ]; specialArgs = { diff --git a/lib/createUser.nix b/lib/createUser.nix index 56f68d3..ada8dcc 100644 --- a/lib/createUser.nix +++ b/lib/createUser.nix @@ -1,53 +1,52 @@ -{ self, ... }: +name: +{ + user ? { }, + hm ? { }, + modules ? [ ], + config, + usesContainers ? false, + ... +}: { - flake.lib.createUserModule = - name: - { - homeModule, - user ? { }, - usesContainers ? false, - ... - }: - { - inputs, - pkgs, - lib, - ... - }: - { - imports = [ inputs.home-manager.nixosModules.home-manager ]; + inputs, + pkgs, + lib, + home-manager, + ... +}: +{ + imports = [ home-manager.nixosModules.home-manager ]; - users.users."${name}" = { - isNormalUser = true; - shell = pkgs.zsh; + users.users."${name}" = { + isNormalUser = true; + shell = pkgs.zsh; - # increase sub{u,g}id range for container user namespaces - subUidRanges = lib.optionals usesContainers [ - { - startUid = 100000; - count = 60000000; - } - ]; - subGidRanges = lib.optionals usesContainers [ - { - startGid = 100000; - count = 60000000; - } - ]; - } // user; + # increase sub{u,g}id range for container user namespaces + subUidRanges = lib.optionals usesContainers [ + { + startUid = 100000; + count = 60000000; + } + ]; + subGidRanges = lib.optionals usesContainers [ + { + startGid = 100000; + count = 60000000; + } + ]; + } // user; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - backupFileExtension = "backup"; - users."${name}" = { - imports = [ - self.homeModules.git - homeModule - ]; - }; - extraSpecialArgs = { inherit inputs; }; - }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "backup"; + users."${name}" = lib.mkMerge [ + { imports = modules; } + (import config) + ]; + extraSpecialArgs = { + inherit inputs; }; + } // hm; } diff --git a/lib/flake-module.nix b/lib/flake-module.nix index 843786a..9a1cb3f 100644 --- a/lib/flake-module.nix +++ b/lib/flake-module.nix @@ -1,13 +1,13 @@ -{ lib, ... }: +{ inputs, lib, ... }: +let + createUser' = import ./createUser.nix; +in { - imports = [ - ./createUser.nix - ./openwrt.nix - ]; + imports = [ ./openwrt.nix ]; options.flake.lib = lib.mkOption { type = with lib.types; lazyAttrsOf raw; }; config.flake.lib = { - createSystemModule = + createSystem = hostName: { hardwareConfig, config }: ( @@ -22,6 +22,9 @@ ]; } ); + createUser = + name: args: + ({ pkgs, ... }@args2: (createUser' name args) ({ inherit (inputs) home-manager; } // args2)); createMediaGroup = _: { users.groups.media.gid = 600; }; }; } diff --git a/services/collabora-office.nix b/services/collabora-office.nix index a634136..354c2f4 100644 --- a/services/collabora-office.nix +++ b/services/collabora-office.nix @@ -1,34 +1,57 @@ { config, ... }: let - cfg = config.services.collabora-office; + inherit (config.users.users.collabora-office) uid; + inherit (config.users.groups.collabora-office) gid; in { - services.collabora-online = { - enable = true; - aliasGroups = [ + virtualisation.oci-containers.containers.collabora-office = { + image = "docker.io/collabora/code"; + ports = [ "9980:9980" ]; + environment = + let + mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443"; + in { - host = "https://office.felschr.com"; - aliases = [ "https://cloud.felschr.com" ]; - } - ]; - settings = { - ssl = { - enable = false; - termination = true; + server_name = "office.felschr.com"; + aliasgroup1 = mkAlias "office.felschr.com"; + aliasgroup2 = mkAlias "cloud.felschr.com"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; - }; + extraOptions = [ + "--runtime=crun" + "--uidmap=0:65534:1" + "--gidmap=0:65534:1" + "--uidmap=100:${toString uid}:1" + "--gidmap=101:${toString gid}:1" + "--network=host" + "--cap-add=MKNOD" + "--cap-add=CHOWN" + "--cap-add=FOWNER" + "--cap-add=SYS_CHROOT" + "--label=io.containers.autoupdate=registry" + ]; }; services.nginx.virtualHosts."office.felschr.com" = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyPass = "http://127.0.0.1:9980"; proxyWebsockets = true; extraConfig = '' proxy_read_timeout 36000s; ''; }; }; + + users.users.collabora-office = { + isSystemUser = true; + group = "collabora-office"; + uid = 982; + }; + + users.groups.collabora-office = { + gid = 982; + }; }