From 827217da51fa55eda69f4c405e88e9c365f05a32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Mon, 28 Apr 2025 17:02:09 +0200
Subject: [PATCH 1/2] feat: expose home-manager configurations
---
flake.nix | 8 +---
home/flake-module.nix | 55 +++++++++++++++++++++++++
hosts/flake-module.nix | 21 +++++-----
lib/createUser.nix | 91 +++++++++++++++++++++---------------------
lib/flake-module.nix | 15 +++----
5 files changed, 117 insertions(+), 73 deletions(-)
create mode 100644 home/flake-module.nix
diff --git a/flake.nix b/flake.nix
index 4219e6d..fd02c7a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -103,6 +103,7 @@ rec {
./pkgs/flake-module.nix
./lib/flake-module.nix
./hosts/flake-module.nix
+ ./home/flake-module.nix
./overlays.nix
];
flake = {
@@ -113,13 +114,6 @@ rec {
systemdNotify = import ./modules/systemdNotify.nix;
inadyn = import ./modules/inadyn.nix;
};
-
- homeManagerModules = {
- git = import ./home/modules/git.nix;
- firefox = import ./home/modules/firefox/firefox.nix;
- tor-browser = import ./home/modules/firefox/tor-browser.nix;
- mullvad-browser = import ./home/modules/firefox/mullvad-browser.nix;
- };
};
perSystem =
{
diff --git a/home/flake-module.nix b/home/flake-module.nix
new file mode 100644
index 0000000..6722451
--- /dev/null
+++ b/home/flake-module.nix
@@ -0,0 +1,55 @@
+{
+ self,
+ inputs,
+ pkgs,
+ ...
+}:
+
+let
+ createHomeConfig =
+ name: args:
+ inputs.home-manager.lib.homeManagerConfiguration (
+ {
+ inherit pkgs;
+ extraSpecialArgs = { inherit inputs; };
+ }
+ // args
+ );
+in
+{
+ flake = {
+ homeModules = {
+ git = import ./modules/git.nix;
+ firefox = import ./modules/firefox/firefox.nix;
+ tor-browser = import ./modules/firefox/tor-browser.nix;
+ mullvad-browser = import ./modules/firefox/mullvad-browser.nix;
+
+ # users
+ felschr = import ./felschr.nix;
+ felschr-server = import ./felschr-server.nix;
+ felschr-work = import ./felschr-work.nix;
+ };
+ homeConfigurations = {
+ felschr = createHomeConfig {
+ modules = [
+ self.homeModules.git
+ self.homeModules.felschr
+ ];
+ };
+ felschr-server = createHomeConfig {
+ modules = [
+ self.homeModules.git
+ self.homeModules.felschr-server
+ ];
+ };
+ felschr-work = createHomeConfig {
+ modules = [
+ self.homeModules.git
+ self.homeModules.felschr-work
+ ];
+ };
+ };
+ # HINT alias for deprecated output
+ homeManagerModules = self.homeModules;
+ };
+}
diff --git a/hosts/flake-module.nix b/hosts/flake-module.nix
index 1a4387f..218e42f 100644
--- a/hosts/flake-module.nix
+++ b/hosts/flake-module.nix
@@ -10,12 +10,13 @@
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-gpu-amd
- (self.lib.createSystem "home-pc" {
+ (self.lib.createSystemModule "home-pc" {
hardwareConfig = ../hardware/home-pc.nix;
config = ../hosts/home-pc.nix;
})
self.lib.createMediaGroup
- (self.lib.createUser "felschr" {
+ (self.lib.createUserModule "felschr" {
+ homeModule = self.homeModules.felschr;
user.extraGroups = [
"wheel"
"networkmanager"
@@ -26,8 +27,6 @@
"gamemode"
"media"
];
- modules = [ self.homeManagerModules.git ];
- config = ../home/felschr.nix;
usesContainers = true;
})
(
@@ -48,18 +47,17 @@
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-cpu-intel
- (self.lib.createSystem "pilot1" {
+ (self.lib.createSystemModule "pilot1" {
hardwareConfig = ../hardware/pilot1.nix;
config = ../hosts/work-pc.nix;
})
- (self.lib.createUser "felschr" {
+ (self.lib.createUserModule "felschr" {
+ homeModule = self.homeModules.felschr-work;
user.extraGroups = [
"wheel"
"audio"
"disk"
];
- modules = [ self.homeManagerModules.git ];
- config = ../home/felschr-work.nix;
usesContainers = true;
})
];
@@ -76,12 +74,13 @@
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel-kaby-lake
inputs.matrix-appservices.nixosModule
- (self.lib.createSystem "home-server" {
+ (self.lib.createSystemModule "home-server" {
hardwareConfig = ../hardware/lattepanda.nix;
config = ../hosts/home-server.nix;
})
self.lib.createMediaGroup
- (self.lib.createUser "felschr" {
+ (self.lib.createUserModule "felschr" {
+ homeModule = self.homeModules.felschr-server;
user = {
extraGroups = [
"wheel"
@@ -93,8 +92,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP751vlJUnB7Pfe1KNr6weWkx/rkP4J3lTYpAekHdOgV"
];
};
- modules = [ self.homeManagerModules.git ];
- config = ../home/felschr-server.nix;
})
];
specialArgs = {
diff --git a/lib/createUser.nix b/lib/createUser.nix
index ada8dcc..56f68d3 100644
--- a/lib/createUser.nix
+++ b/lib/createUser.nix
@@ -1,52 +1,53 @@
-name:
-{
- user ? { },
- hm ? { },
- modules ? [ ],
- config,
- usesContainers ? false,
- ...
-}:
+{ self, ... }:
{
- inputs,
- pkgs,
- lib,
- home-manager,
- ...
-}:
-{
- imports = [ home-manager.nixosModules.home-manager ];
+ flake.lib.createUserModule =
+ name:
+ {
+ homeModule,
+ user ? { },
+ usesContainers ? false,
+ ...
+ }:
+ {
+ inputs,
+ pkgs,
+ lib,
+ ...
+ }:
+ {
+ imports = [ inputs.home-manager.nixosModules.home-manager ];
- users.users."${name}" = {
- isNormalUser = true;
- shell = pkgs.zsh;
+ users.users."${name}" = {
+ isNormalUser = true;
+ shell = pkgs.zsh;
- # increase sub{u,g}id range for container user namespaces
- subUidRanges = lib.optionals usesContainers [
- {
- startUid = 100000;
- count = 60000000;
- }
- ];
- subGidRanges = lib.optionals usesContainers [
- {
- startGid = 100000;
- count = 60000000;
- }
- ];
- } // user;
+ # increase sub{u,g}id range for container user namespaces
+ subUidRanges = lib.optionals usesContainers [
+ {
+ startUid = 100000;
+ count = 60000000;
+ }
+ ];
+ subGidRanges = lib.optionals usesContainers [
+ {
+ startGid = 100000;
+ count = 60000000;
+ }
+ ];
+ } // user;
- home-manager = {
- useUserPackages = true;
- useGlobalPkgs = true;
- backupFileExtension = "backup";
- users."${name}" = lib.mkMerge [
- { imports = modules; }
- (import config)
- ];
- extraSpecialArgs = {
- inherit inputs;
+ home-manager = {
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ backupFileExtension = "backup";
+ users."${name}" = {
+ imports = [
+ self.homeModules.git
+ homeModule
+ ];
+ };
+ extraSpecialArgs = { inherit inputs; };
+ };
};
- } // hm;
}
diff --git a/lib/flake-module.nix b/lib/flake-module.nix
index 9a1cb3f..843786a 100644
--- a/lib/flake-module.nix
+++ b/lib/flake-module.nix
@@ -1,13 +1,13 @@
-{ inputs, lib, ... }:
+{ lib, ... }:
-let
- createUser' = import ./createUser.nix;
-in
{
- imports = [ ./openwrt.nix ];
+ imports = [
+ ./createUser.nix
+ ./openwrt.nix
+ ];
options.flake.lib = lib.mkOption { type = with lib.types; lazyAttrsOf raw; };
config.flake.lib = {
- createSystem =
+ createSystemModule =
hostName:
{ hardwareConfig, config }:
(
@@ -22,9 +22,6 @@ in
];
}
);
- createUser =
- name: args:
- ({ pkgs, ... }@args2: (createUser' name args) ({ inherit (inputs) home-manager; } // args2));
createMediaGroup = _: { users.groups.media.gid = 600; };
};
}
From bafa571dae0e9d56ee0a7c353a0eb856bea420b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 1 May 2025 14:58:21 +0200
Subject: [PATCH 2/2] refactor(collabora-office): switch to NixOS module
Switch from OCI container to NixOS module.
---
flake.nix | 3 +--
services/collabora-office.nix | 51 ++++++++++-------------------------
2 files changed, 15 insertions(+), 39 deletions(-)
diff --git a/flake.nix b/flake.nix
index fd02c7a..bb05b10 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,7 +57,6 @@ rec {
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
- inputs.nixpkgs-stable.follows = "nixpkgs";
};
matrix-appservices = {
@@ -82,7 +81,7 @@ rec {
csharp-language-server = {
url = "github:SofusA/csharp-language-server";
- inputs.nixpkgs.follows = "nixpkgs";
+ # inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
};
diff --git a/services/collabora-office.nix b/services/collabora-office.nix
index 354c2f4..a634136 100644
--- a/services/collabora-office.nix
+++ b/services/collabora-office.nix
@@ -1,57 +1,34 @@
{ config, ... }:
let
- inherit (config.users.users.collabora-office) uid;
- inherit (config.users.groups.collabora-office) gid;
+ cfg = config.services.collabora-office;
in
{
- virtualisation.oci-containers.containers.collabora-office = {
- image = "docker.io/collabora/code";
- ports = [ "9980:9980" ];
- environment =
- let
- mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443";
- in
+ services.collabora-online = {
+ enable = true;
+ aliasGroups = [
{
- server_name = "office.felschr.com";
- aliasgroup1 = mkAlias "office.felschr.com";
- aliasgroup2 = mkAlias "cloud.felschr.com";
- extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
- };
- extraOptions = [
- "--runtime=crun"
- "--uidmap=0:65534:1"
- "--gidmap=0:65534:1"
- "--uidmap=100:${toString uid}:1"
- "--gidmap=101:${toString gid}:1"
- "--network=host"
- "--cap-add=MKNOD"
- "--cap-add=CHOWN"
- "--cap-add=FOWNER"
- "--cap-add=SYS_CHROOT"
- "--label=io.containers.autoupdate=registry"
+ host = "https://office.felschr.com";
+ aliases = [ "https://cloud.felschr.com" ];
+ }
];
+ settings = {
+ ssl = {
+ enable = false;
+ termination = true;
+ };
+ };
};
services.nginx.virtualHosts."office.felschr.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
- proxyPass = "http://127.0.0.1:9980";
+ proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_read_timeout 36000s;
'';
};
};
-
- users.users.collabora-office = {
- isSystemUser = true;
- group = "collabora-office";
- uid = 982;
- };
-
- users.groups.collabora-office = {
- gid = 982;
- };
}