diff --git a/flake.lock b/flake.lock index 3c69b4c..5e80a40 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ ] }, "locked": { - "lastModified": 1696775529, - "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", + "lastModified": 1701216516, + "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", "owner": "ryantm", "repo": "agenix", - "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4", + "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", "type": "github" }, "original": { @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1700847865, - "narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=", + "lastModified": 1701071203, + "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=", "owner": "nix-community", "repo": "home-manager", - "rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe", + "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1698482687, - "narHash": "sha256-M+ycfhVZO/c8rQYvdUxLkNS8Ttqg/dRckVOnKnxiEss=", + "lastModified": 1701132345, + "narHash": "sha256-/b6Ciigl3L+WDrrtRGkJVNv3GU/x4Knhcga75MtwRy0=", "owner": "therealr5", "repo": "TruckSimulatorBot-images", - "rev": "c2eabb6964354a57eb0bc3979dae515fcc3eed32", + "rev": "fe5d665a01da7f36b24387cbb6dbffeed1024a9e", "type": "github" }, "original": { @@ -280,11 +280,11 @@ ] }, "locked": { - "lastModified": 1700363379, - "narHash": "sha256-fBEVPFwSZ6AmBE1s1oT7E9WVuqRghruxTnSQ8UUlMkw=", + "lastModified": 1700968077, + "narHash": "sha256-Lax+2g7G3Fe+ckMrHLYTl+97unbmNDmN1qS9MLBkxr4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "27920146e671a0d565aaa7452907383be14d8d82", + "rev": "bd3aec0ecb0fdde863a7ed2c6caa220c47e22c07", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700794826, - "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { @@ -397,11 +397,11 @@ ] }, "locked": { - "lastModified": 1698828202, - "narHash": "sha256-QjcqU0V5ewwgLfyLg/sUzCkYzr74Ih3UruEoWQ7rGT0=", + "lastModified": 1701419702, + "narHash": "sha256-oyNMUVqnkqaAzI6XKiFAsghXz+VuFNVC5YyuDEBS6Z4=", "owner": "therealr5", "repo": "purge", - "rev": "5820a3d4696ff82ccd45602d25ba6f91bf1d3191", + "rev": "31e7f1f1832f23235c949b0f0f0fc3dd31efd0d7", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1698828178, - "narHash": "sha256-qG++eRZ3Hpxxvif0JMGFEhsz1WETAW5qsAVKScqz/xU=", + "lastModified": 1701419713, + "narHash": "sha256-xG9xu3t8TMvAU0SiwnlS/aoYsWE4A5cBTOafNABABLw=", "owner": "therealr5", "repo": "TruckSimulatorBot", - "rev": "4da79ba1d6df945ebf3bae8f0d6f4847238837b9", + "rev": "a81954714261039d3734ccaff4a3a6a0040ff72b", "type": "github" }, "original": { diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index c3a4108..1d4d18b 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -40,6 +40,8 @@ helix lsof python3 + php + phpPackages.composer ]; programs.git = { enable = true; diff --git a/hosts/falkenstein/modules/nginx/default.nix b/hosts/falkenstein/modules/nginx/default.nix index d68e066..da74cdb 100644 --- a/hosts/falkenstein/modules/nginx/default.nix +++ b/hosts/falkenstein/modules/nginx/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: { # set default options for virtualHosts options = with lib; { @@ -35,8 +35,32 @@ add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; + user = "rfive-web"; + group = "rfive-web"; in { + users.users.${user} = { + group = group; + isSystemUser = true; + }; + users.groups.${group} = { }; + services.phpfpm.pools.rfivede = { + user = user; + group = group; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; + }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; @@ -49,8 +73,27 @@ enableACME = true; forceSSL = true; root = "/srv/web/${config.networking.domain}"; - locations."/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - locations."/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + extraConfig = '' + index index.html index.php; + ''; + locations = { + "/" = { + tryFiles = "$uri $uri/ /index.php?$query_string"; + }; + "~ \.php$" = { + extraConfig = '' + try_files $uri =404; + fastcgi_pass unix:${config.services.phpfpm.pools.rfivede.socket}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + ''; + }; + "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + }; }; }; security.acme = { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 0b9b3c6..bae28e0 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -8,6 +8,7 @@ ./modules/graphics ./modules/greetd ./modules/networks + ./modules/printing ./modules/security ./modules/sound ./modules/virtualisation @@ -15,7 +16,14 @@ # Use the systemd-boot EFI boot loader. boot = { + kernelModules = [ "v4l2loopback" ]; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; + extraModprobeConfig = '' + options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" + ''; tmp.useTmpfs = true; }; systemd.package = pkgs.systemd.override { withHomed = false; }; diff --git a/hosts/thinkpad/modules/backup/default.nix b/hosts/thinkpad/modules/backup/default.nix index 3bd4286..91395e7 100644 --- a/hosts/thinkpad/modules/backup/default.nix +++ b/hosts/thinkpad/modules/backup/default.nix @@ -2,6 +2,7 @@ { age.secrets."borg/passphrase" = { file = ../../../../secrets/thinkpad/borg/passphrase.age; + owner = "rouven"; }; environment.systemPackages = [ pkgs.borgbackup ]; services.borgmatic = { diff --git a/hosts/thinkpad/modules/printing/default.nix b/hosts/thinkpad/modules/printing/default.nix new file mode 100644 index 0000000..e15077f --- /dev/null +++ b/hosts/thinkpad/modules/printing/default.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + services.printing = { + enable = true; + stateless = true; + browsedConf = '' + BrowsePoll cups.agdsn.network + LocalQueueNamingRemoteCUPS RemoteName + ''; + drivers = with pkgs; [ cups-kyocera ]; + }; +} diff --git a/hosts/thinkpad/modules/sound/default.nix b/hosts/thinkpad/modules/sound/default.nix index 5b3b5d3..77d759b 100644 --- a/hosts/thinkpad/modules/sound/default.nix +++ b/hosts/thinkpad/modules/sound/default.nix @@ -8,7 +8,7 @@ pulse.enable = true; }; environment.systemPackages = with pkgs; [ - qpwgraph + helvum easyeffects ]; }