Merge branch 'nixos-23.11' into consensus

This commit is contained in:
Serĉanto de Scio 2024-02-26 22:39:45 +10:00
commit 3974b9c5f1
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
20 changed files with 97 additions and 270 deletions

View file

@ -2,10 +2,11 @@
{ {
config, config,
lib, lib,
modulesPath,
pkgs, pkgs,
... ...
}: { }: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = { boot = {
initrd = { initrd = {
@ -16,26 +17,28 @@
"usbhid" # USB HID transport layer "usbhid" # USB HID transport layer
"usb_storage" # USB Mass Storage support "usb_storage" # USB Mass Storage support
"sd_mod" # SCSI disk support "sd_mod" # SCSI disk support
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon
]; ];
kernelModules = ["dm-snapshot"];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
}; };
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
}; };
fileSystems."/" = { fileSystems = {
device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; "/" = {
fsType = "ext4"; device = "/dev/disk/by-uuid/0bdc11fc-c497-47ff-bcc2-3044f81f40be";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/9c8a9dd1-b234-4a6d-ad62-3962e85d4063";
fsType = "ext4";
};
}; };
fileSystems."/boot" = { swapDevices = [{device = "/dev/disk/by-uuid/05aed0b0-3a79-44f2-aa4d-e5e5724643f2";}];
device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4";
};
swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}]; networking.useDHCP = lib.mkDefault true;
nix.settings.max-jobs = lib.mkDefault 4; nix.settings.max-jobs = lib.mkDefault 4;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View file

@ -17,7 +17,7 @@
}; };
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3) kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
kernelParams = [ kernelParams = [
"cma=32M" # Needed for the virtual console to work on the RPi 3 "cma=320M" # Needed for the virtual console to work on the RPi 3
"console=ttyS0,115200n8" # Enable the serial console "console=ttyS0,115200n8" # Enable the serial console
"console=tty0" "console=tty0"
]; ];
@ -31,9 +31,10 @@
raspberryPi = { raspberryPi = {
enable = false; enable = false;
version = 3; version = 3;
uboot.enable = true;
firmwareConfig = '' firmwareConfig = ''
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
display_auto_detect=1 # Enable auto detection of screen resolution
gpu_mem=128
hdmi_force_hotplug=1 # Enable headless booting hdmi_force_hotplug=1 # Enable headless booting
''; '';
}; };

View file

@ -10,7 +10,6 @@
../networks/linode.nix ../networks/linode.nix
../profiles/coturn.nix ../profiles/coturn.nix
#../profiles/cryptpad.nix #../profiles/cryptpad.nix
../profiles/forgejo.nix
#../profiles/hydra.nix #../profiles/hydra.nix
../profiles/iog.nix ../profiles/iog.nix
../profiles/ipv6.nix ../profiles/ipv6.nix
@ -22,7 +21,6 @@
../profiles/nixpkgs-dev.nix ../profiles/nixpkgs-dev.nix
../profiles/taskserver.nix ../profiles/taskserver.nix
../profiles/tt-rss.nix ../profiles/tt-rss.nix
../secrets/forgejo.nix
../secrets/tt-rss.nix ../secrets/tt-rss.nix
]; ];

View file

@ -16,6 +16,7 @@
loader.grub = { loader.grub = {
enable = true; enable = true;
device = "/dev/nvme0n1"; # or "nodev" for efi only device = "/dev/nvme0n1"; # or "nodev" for efi only
useOSProber = true;
}; };
kernel.sysctl."net.ipv4.ip_forward" = "1"; kernel.sysctl."net.ipv4.ip_forward" = "1";
extraModprobeConfig = "options kvm_intel nested=1"; extraModprobeConfig = "options kvm_intel nested=1";
@ -23,6 +24,11 @@
networking = { networking = {
hostName = "dionach"; # Define your hostname. hostName = "dionach"; # Define your hostname.
firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [15000];
};
}; };
systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = { systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
@ -33,15 +39,9 @@
services.kbfs.enable = true; services.kbfs.enable = true;
networking.firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [15000];
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you
# should. # should.
system.stateVersion = "20.03"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
} }

View file

@ -27,8 +27,7 @@
#../secrets/wireless.nix # Hey look! A squirrel! #../secrets/wireless.nix # Hey look! A squirrel!
]; ];
#deployment.targetHost = "10.42.0.180"; deployment.targetHost = "10.42.0.126";
deployment.targetHost = "10.42.0.115";
nixpkgs = { nixpkgs = {
config = { config = {
@ -54,7 +53,7 @@
networkmanager.enable = true; # Enables network support via NetworkManager. networkmanager.enable = true; # Enables network support via NetworkManager.
}; };
fonts.fonts = with pkgs; [ fonts.packages = with pkgs; [
anonymousPro anonymousPro
dejavu_fonts # A typeface family based on the Bitstream Vera fonts dejavu_fonts # A typeface family based on the Bitstream Vera fonts
fira-code # Monospace font with programming ligaturess fira-code # Monospace font with programming ligaturess

View file

@ -55,6 +55,18 @@
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz", "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-23.05": {
"branch": "nixos-23.05",
"description": "Nix Packages collection & NixOS",
"homepage": "",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"sha256": "05cbl1k193c9la9xhlz4y6y8ijpb2mkaqrab30zij6z4kqgclsrd",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/70bdadeb94ffc8806c0570eb5c2695ad29f0e421.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixos2111": { "nixos2111": {
"branch": "nixos-21.11", "branch": "nixos-21.11",
"description": "Nix Packages collection", "description": "Nix Packages collection",
@ -68,16 +80,16 @@
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs": { "nixpkgs": {
"branch": "nixos-23.05", "branch": "nixos-23.11",
"builtin": false, "builtin": false,
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs", "homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
"sha256": "05cbl1k193c9la9xhlz4y6y8ijpb2mkaqrab30zij6z4kqgclsrd", "sha256": "1q0hsllnzm4i6liafx5hql3fahcwv33vzn5vjkgxsvlwpxllxbrp",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/70bdadeb94ffc8806c0570eb5c2695ad29f0e421.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/25e3d4c0d3591c99929b1ec07883177f6ea70c9d.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgsUnstable": { "nixpkgsUnstable": {
@ -86,10 +98,10 @@
"homepage": "", "homepage": "",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", "rev": "e92b6015881907e698782c77641aa49298330223",
"sha256": "00vmgvwic5yip7r9knnv1w3rmwk6ad10p5xxghfwhky5cgk34q97", "sha256": "0vq05559vmj5px94hr148wnq9qbn9whsfpwdbk8wn2myby4knwy7",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370.tar.gz", "url": "https://github.com/nixos/nixpkgs/archive/e92b6015881907e698782c77641aa49298330223.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }

View file

@ -31,6 +31,7 @@
mplayer # A movie player that supports many video formats mplayer # A movie player that supports many video formats
nextcloud-client # Nextcloud desktop client nextcloud-client # Nextcloud desktop client
pwgen # Password generator pwgen # Password generator
rsync
shotwell # Photo organizer shotwell # Photo organizer
signal-desktop # Private, simple, and secure messenger signal-desktop # Private, simple, and secure messenger
usbutils # Tools for working with USB devices, such as lsusb usbutils # Tools for working with USB devices, such as lsusb
@ -69,19 +70,27 @@
}; };
libinput.enable = true; # Enable touchpad support. libinput.enable = true; # Enable touchpad support.
}; };
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
}; };
sound.enable = true; # Enable sound. sound.enable = true; # Enable sound.
security.rtkit.enable = true; # realtime scheduling for sound
# Configure common hardware settings # Configure common hardware settings
hardware = { hardware = {
pulseaudio = { pulseaudio = {
enable = true; enable = false;
package = pkgs.pulseaudioFull;
}; };
bluetooth = { bluetooth = {
enable = true; # Enable bluetooth enable = true; # Enable bluetooth
hsphfpd.enable = true;
settings = { settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";

View file

@ -1,121 +0,0 @@
# NixOps configuration for the hosts running Forgejo
{
config,
pkgs,
lib,
sources,
...
}: let
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in {
services.gitea = {
enable = true; # Enable Forgejo
appName = "mcwhirter.io: Forgejo Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
disableRegistration = true;
domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
package = pkgs.forgejo; # a soft fork of gitea
settings = let
docutils = pkgs.python39.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in {
mailer = {
ENABLED = true;
FROM = "gitea@mcwhirter.io";
};
repository = {DEFAULT_BRANCH = "consensus";};
service = {REGISTER_EMAIL_CONFIRM = true;};
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
ui = {
DEFAULT_THEME = "forgejo-auto"; # Set the default theme
THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
};
};
};
systemd = {
services = {
gitea = {
# Ensure gitea starts after nixops keys are loaded
after = ["gitea-dbpass-key.service"];
wants = ["gitea-dbpass-key.service"];
};
};
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap =
# Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
ensureDatabases = ["gitea"]; # Ensure the database persists
ensureUsers = [
{
name = "gitea"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
services.postgresqlBackup.databases = ["gitea"];
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."source.mcwhirter.io" = {
# Forgejo hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
};
virtualHosts."git.mcwhirter.io" = {
# Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
virtualHosts."code.mcwhirter.io" = {
# Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
};
};
security.acme = {
acceptTerms = true;
certs = {
"code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io";
"source.mcwhirter.io".email = "craige@mcwhirter.io";
};
};
users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
}

View file

@ -1,76 +0,0 @@
# NixOps configuration for the hosts running Gitea
{
config,
pkgs,
lib,
...
}: {
services.gitea = {
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
extraConfig = let
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in ''
[mailer]
ENABLED = true
FROM = "gitea@mcwhirter.io"
[service]
REGISTER_EMAIL_CONFIRM = true
[markup.restructuredtext]
ENABLED = true
FILE_EXTENSIONS = .rst
RENDER_COMMAND = ${docutils}/bin/rst2html.py
IS_INPUT_FILE = false
'';
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap =
# Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
#recommendedTlsSettings = true;
virtualHosts."source.taigh.mcwhirter.io" = {
# Gitea hostname
#enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
};
};
# Configure firewall defaults:
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80];
trustedInterfaces = ["lo"];
};
};
#security.acme.certs = {
# "source.mcwhirter.io".email = "craige@mcwhirter.io";
#};
}

View file

@ -26,7 +26,7 @@
# Set the defaul console properties # Set the defaul console properties
console = { console = {
keyMap = "us"; # Set the default console key map keyMap = "us"; # Set the default console key map
font = "ter-powerline-v16Rv"; # Set the default console font font = "ter-powerline-v32n"; # Set the default console font
}; };
time.timeZone = "Australia/Brisbane"; # Set your preferred timezone: time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
@ -37,12 +37,15 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# Configure and install required fonts # Configure and install required fonts
fonts.enableDefaultFonts = true; fonts = {
fonts.fontDir.enable = true; enableDefaultPackages = true;
fonts.fonts = with pkgs; [ fontDir.enable = true;
powerline-fonts # Required for Powerline prompts packages = with pkgs; [
]; powerline-fonts # Required for Powerline prompts
fonts.fontconfig.includeUserConf = false; powerline-symbols # Powerline symbols
];
fontconfig.includeUserConf = false;
};
# Adapted from gchristensen and clever # Adapted from gchristensen and clever
nix = { nix = {

View file

@ -51,7 +51,6 @@ in {
jq # A lightweight and flexible command-line JSON processor jq # A lightweight and flexible command-line JSON processor
keybase-gui # The Keybase official client keybase-gui # The Keybase official client
magic-wormhole # Securely transfer data between computers magic-wormhole # Securely transfer data between computers
python38Packages.grip # Preview GitHub Markdown files like locally
s3fs # Mount an S3 bucket as filesystem through FUSE s3fs # Mount an S3 bucket as filesystem through FUSE
shellcheck # Shell script analysis tool shellcheck # Shell script analysis tool
slack-dark # Slack desktop client slack-dark # Slack desktop client
@ -66,9 +65,6 @@ in {
services = { services = {
keybase.enable = true; keybase.enable = true;
#postgresql = {
# enable = true; # Ensure postgresql is enabled
# package = pkgs.postgresql_10; # Set the required version, if needed
}; };
users.groups.docker.members = ["craige"]; users.groups.docker.members = ["craige"];

View file

@ -17,6 +17,7 @@
extraConfig = { extraConfig = {
WEB_DOMAIN = "social.mcwhirter.io"; WEB_DOMAIN = "social.mcwhirter.io";
}; };
streamingProcesses = 5;
}; };
}; };

View file

@ -129,11 +129,7 @@
ensureUsers = [ ensureUsers = [
{ {
name = "matrix-synapse"; # Ensure the database user persists name = "matrix-synapse"; # Ensure the database user persists
ensurePermissions = { ensureDBOwnership = true;
# Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
} }
]; ];
# Initial database creation # Initial database creation

View file

@ -27,8 +27,12 @@
enable = true; # Run regular auto update of all apps installed enable = true; # Run regular auto update of all apps installed
startAt = "01:00:00"; # When to run the update startAt = "01:00:00"; # When to run the update
}; };
enableBrokenCiphersForSSE = false; # force upgrade to SSL v3
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts deck news notes tasks twofactor_webauthn;
};
extraAppsEnable = true;
appstoreEnable = true;
}; };
systemd = { systemd = {
@ -43,15 +47,19 @@
services.postgresql = { services.postgresql = {
enable = true; # Ensure postgresql is enabled enable = true; # Ensure postgresql is enabled
authentication = ''
local nextcloud all ident map=nextcloud-users
'';
identMap =
# Map the nextcloud user to postgresql
''
nextcloud-users nextcloud nextcloud
'';
ensureDatabases = ["nextcloud"]; # Ensure the database persists ensureDatabases = ["nextcloud"]; # Ensure the database persists
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; # Ensure the database user persists name = "nextcloud"; # Ensure the database user persists
ensurePermissions = { ensureDBOwnership = true;
# Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
} }
]; ];
}; };

View file

@ -23,7 +23,7 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
nix-direnv = super.nix-direnv.override {enableFlakes = true;}; #nix-direnv = super.nix-direnv.override {enableFlakes = true;};
}) })
]; ];
} }

View file

@ -18,7 +18,7 @@
nixfmt # An opinionated formatter for Nix nixfmt # An opinionated formatter for Nix
nix-prefetch-github # Prefetch sources from github nix-prefetch-github # Prefetch sources from github
nix-prefetch-git # Prefetch sources from git nix-prefetch-git # Prefetch sources from git
nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs nixpkgs-review # Review pull-requests on https://github.com/NixOS/nixpkgs
nix-top # Tracks what nix is building nix-top # Tracks what nix is building
nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
nodePackages.node2nix # Generate Nix expressions to build NPM packages nodePackages.node2nix # Generate Nix expressions to build NPM packages

View file

@ -6,7 +6,7 @@
... ...
}: let }: let
sources = import ../nix/sources.nix; sources = import ../nix/sources.nix;
nixpkgs2111 = (import sources.nixos2111 {}).pkgs; nixpkgs2305 = (import sources."nixos-23.05" {}).pkgs;
in { in {
imports = [ imports = [
../profiles/openssh.nix ../profiles/openssh.nix
@ -20,7 +20,7 @@ in {
}; };
services.postgresql = { services.postgresql = {
package = pkgs.postgresql_11; package = pkgs.postgresql_16;
}; };
security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit) security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)

View file

@ -34,11 +34,7 @@
ensureUsers = [ ensureUsers = [
{ {
name = "tt_rss"; # Ensure the database user persists name = "tt_rss"; # Ensure the database user persists
ensurePermissions = { ensureDBOwnership = true;
# Ensure the database permissions persist
"DATABASE tt_rss" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
} }
]; ];
}; };

View file

@ -26,8 +26,10 @@
layout = "us"; # Set your preferred keyboard layout. layout = "us"; # Set your preferred keyboard layout.
libinput = { libinput = {
enable = true; # Enable touchpad support. enable = true; # Enable touchpad support.
tapping = true; touchpad = {
tappingButtonMap = "lrm"; # Set the touchpad button mappeing tapping = true;
tappingButtonMap = "lrm"; # Set the touchpad button mappeing
};
}; };
windowManager = { windowManager = {
# Open configuration for the window manager. # Open configuration for the window manager.
@ -53,7 +55,7 @@
}; };
# Install any additional fonts that I require to be used with xmonad # Install any additional fonts that I require to be used with xmonad
fonts.fonts = with pkgs; [ fonts.packages = with pkgs; [
open-sans # Used in in my polybar configuration open-sans # Used in in my polybar configuration
]; ];

View file

@ -40,8 +40,8 @@
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
paperkey # Store OpenPGP or GnuPG on paper paperkey # Store OpenPGP or GnuPG on paper
pinentry_curses # GnuPGs interface to passphrase input pinentry-curses # GnuPGs interface to passphrase input
pinentry_qt # GnuPGs interface to passphrase input pinentry-qt # GnuPGs interface to passphrase input
yubikey-manager # CLI tool for configuring any YubiKey over USB yubikey-manager # CLI tool for configuring any YubiKey over USB
yubikey-manager-qt # Configure any YubiKey over USB interfaces yubikey-manager-qt # Configure any YubiKey over USB interfaces
yubikey-personalization # Lib & CLI tool to personalize YubiKeys yubikey-personalization # Lib & CLI tool to personalize YubiKeys