Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of git.lillianviolet.dev:Lillian-Violet/NixOS-Config

Browse source
This commit is contained in:
Lillian Violet 2024-04-05 23:05:47 +02:00
commit a49e8c5332
39 changed files with 2069 additions and 845 deletions
Download patch file Download diff file Expand all files Collapse all files

247
pkgs/auto-mount/default.nix Normal file
View file

@ -0,0 +1,247 @@
{
lib,
stdenv,
system,
pkgs,
jq,
coreutils,
udisks,
toybox,
util-linux,
writeShellApplication,
}:
writeShellApplication
{
# Originally from: https://github.com/scawp/Steam-Deck.Mount-External-Drive/
name = "auto-mount";
runtimeInputs = [jq coreutils udisks util-linux toybox pkgs.steam pkgs.extest];
text = ''
set -euo pipefail
# Originally from https://serverfault.com/a/767079
# This script is called from our systemd unit file to mount or unmount
# a USB drive.
usage()
{
echo "Usage: $0 {add|remove} device_name (e.g. sdb1)"
exit 1
}
if [[ $# -ne 2 ]]; then
usage
fi
ACTION=$1
DEVBASE=$2
DEVICE="/dev/''${DEVBASE}"
# Shared between this and the auto-mount script to ensure we're not double-triggering nor automounting while formatting
# or vice-versa.
MOUNT_LOCK="/home/lillian/lock/jupiter-automount-''${DEVBASE//\/_}.lock"
# Obtain lock
exec 9<>"$MOUNT_LOCK"
if ! flock -n 9; then
echo "$MOUNT_LOCK is active: ignoring action $ACTION"
# Do not return a success exit code: it could end up putting the service in 'started' state without doing the mount
# work (further start commands will be ignored after that)
exit 1
fi
# Wait N seconds for steam
wait_steam()
{
local i=0
local wait=$1
echo "Waiting up to $wait seconds for steam to load"
while ! pgrep -x steamwebhelper &>/dev/null && (( i++ < wait )); do
sleep 1
done
}
send_steam_url()
{
local command
command="$1"
local arg
arg="$2"
local encoded
encoded=$(urlencode "$arg")
if pgrep -x "steam" > /dev/null; then
# TODO use -ifrunning and check return value - if there was a steam process and it returns -1, the message wasn't sent
# need to retry until either steam process is gone or -ifrunning returns 0, or timeout i guess
echo "Sent URL to steam: steam://''${command}/''${arg} (steam://''${command}/''${encoded})" >> /home/lillian/steam.txt
systemd-run -M 1000@ --user --collect --wait sh -c "export LD_PRELOAD=${pkgs.extest}/lib/libextest.so:$LD_PRELOAD ${pkgs.steam}/bin/steam steam://''${command}/''${encoded@Q}"
else
echo "Could not send steam URL steam://''${command}/''${arg} (steam://''${command}/''${encoded}) -- steam not running"
fi
}
# From https://gist.github.com/HazCod/da9ec610c3d50ebff7dd5e7cac76de05
urlencode()
{
[ -z "$1" ] || echo -n "$@" | hexdump -v -e '/1 "%02x"' | sed 's/\(..\)/%\1/g'
}
do_mount()
{
declare -i ret
# NOTE: these values are ABI, since they are sent to the Steam client
# shellcheck disable=SC2034
readonly FSCK_ERROR=1
# shellcheck disable=SC2034
readonly MOUNT_ERROR=2
# Get info for this drive: $ID_FS_LABEL, and $ID_FS_TYPE
dev_json=$(lsblk -o PATH,LABEL,FSTYPE --json -- "$DEVICE" | jq '.blockdevices[0]')
ID_FS_LABEL=$(jq -r '.label | select(type == "string")' <<< "$dev_json")
ID_FS_TYPE=$(jq -r '.fstype | select(type == "string")' <<< "$dev_json")
# Global mount options
OPTS="rw,noatime"
# File system type specific mount options
#if [[ ''${ID_FS_TYPE} == "vfat" ]]; then
# OPTS+=",users,gid=100,umask=000,shortname=mixed,utf8=1,flush"
#fi
case "''${ID_FS_TYPE}" in
"ntfs")
echo "FSType is NTFS"
#Extra Opts don't seem necessary anymore? add if required
#OPTS+=""
;;
"exfat")
echo "FSType is exFat"
#OPTS+=",users,gid=100,umask=000,shortname=mixed,utf8=1,flush"
;;
"btrfs")
echo "FSType is btrfs"
;;
"ext4")
echo "FSType is ext4"
#exit 2
;;
*)
echo "Error mounting ''${DEVICE}: unsupported fstype: ''${ID_FS_TYPE} - ''${dev_json}"
rm "''${MOUNT_LOCK}"
exit 2
;;
esac
# Prior to talking to udisks, we need all udev hooks (we were started by one) to finish, so we know it has knowledge
# of the drive. Our own rule starts us as a service with --no-block, so we can wait for rules to settle here
# safely.
#if ! udevadm settle; then
# echo "Failed to wait for \`udevadm settle\`"
# exit 1
#fi
# Ask udisks to auto-mount. This needs a version of udisks that supports the 'as-user' option.
ret=0
reply=$(busctl call --allow-interactive-authorization=false --expect-reply=true --json=short \
org.freedesktop.UDisks2 \
/org/freedesktop/UDisks2/block_devices/"''${DEVBASE}" \
org.freedesktop.UDisks2.Filesystem \
Mount 'a{sv}' 3 \
as-user s lillian \
auth.no_user_interaction b true \
options s "$OPTS") || ret=$?
if (( ret != 0 )); then
# send_steam_url "system/devicemountresult" "''${DEVBASE}/''${MOUNT_ERROR}"
echo "Error mounting ''${DEVICE} (status = $ret)"
exit 1
fi
# Expected reply is of the format
# {"type":"s","data":["/run/media/lillian/home"]}
mount_point=$(jq -r '.data[0] | select(type == "string")' <<< "$reply" || true)
if [[ -z $mount_point ]]; then
echo "Error when mounting ''${DEVICE}: udisks returned success but could not parse reply:"
echo "---"$'\n'"$reply"$'\n'"---"
exit 1
fi
if [[ ''${ID_FS_TYPE} == "exfat" ]]; then
echo "exFat does not support symlinks, do not add library to Steam"
exit 0
fi
# Create a symlink from /run/media to keep compatibility with apps
# that use the older mount point (for SD cards only).
case "''${DEVBASE}" in
mmcblk0p*)
if [[ -z "''${ID_FS_LABEL}" ]]; then
old_mount_point="/run/media/''${DEVBASE}"
else
old_mount_point="/run/media/''${mount_point##*/}"
fi
if [[ ! -d "''${old_mount_point}" ]]; then
rm -f -- "''${old_mount_point}"
ln -s -- "''${mount_point}" "''${old_mount_point}"
fi
;;
esac
echo "**** Mounted ''${DEVICE} at ''${mount_point} ****"
if [ -f "''${mount_point}/libraryfolder.vdf" ]; then
echo " send_steam_url \"addlibraryfolder\" \"''${mount_point}\""
# send_steam_url "addlibraryfolder" "''${mount_point}"
else
#TODO check permissions are 1000 when creating new SteamLibrary
mkdir -p "''${mount_point}/SteamLibrary"
chown lillian:users "''${mount_point}/SteamLibrary"
# send_steam_url "addlibraryfolder" "''${mount_point}/SteamLibrary"
fi
}
do_unmount()
{
local mount_point
mount_point=$(findmnt -fno TARGET "''${DEVICE}" || true)
if [[ -n $mount_point ]]; then
# Remove symlink to the mount point that we're unmounting
find /run/media -maxdepth 1 -xdev -type l -lname "''${mount_point}" -exec rm -- {} \;
else
# If we don't know the mount point then remove all broken symlinks
find /run/media -maxdepth 1 -xdev -xtype l -exec rm -- {} \;
fi
}
do_retrigger()
{
local mount_point
mount_point=$(findmnt -fno TARGET "''${DEVICE}" || true)
[[ -n $mount_point ]] || return 0
# In retrigger mode, we want to wait a bit for steam as the common pattern is starting in parallel with a retrigger
wait_steam 10
# This is a truly gnarly way to ensure steam is ready for commands.
# TODO literally anything else
sleep 6
# send_steam_url "addlibraryfolder" "''${mount_point}"
}
case "''${ACTION}" in
add)
do_mount
;;
remove)
do_unmount
;;
retrigger)
do_retrigger
;;
*)
usage
;;
esac
'';
}

1
pkgs/default.nix
View file

@ -12,4 +12,5 @@ pkgs: {
upgrade = pkgs.callPackage ./upgrade {};
restart = pkgs.callPackage ./restart {};
phanpy = pkgs.callPackage ./phanpy {};
auto-mount = pkgs.callPackage ./auto-mount {};
}

202
pkgs/fcast/default.nix Normal file
View file

@ -0,0 +1,202 @@
{
lib,
buildNpmPackage,
cargo,
copyDesktopItems,
dbus,
electron_28,
fetchFromGitLab,
glib,
gnome,
gtk3,
jq,
libsecret,
makeDesktopItem,
makeWrapper,
moreutils,
napi-rs-cli,
nodejs_18,
patchutils_0_4_2,
pkg-config,
python3,
runCommand,
rustc,
rustPlatform,
}: let
description = "A secure and free password manager for all of your devices";
icon = "bitwarden";
electron = electron_28;
in
buildNpmPackage rec {
pname = "bitwarden-desktop";
version = "2024.3.0";
src = fetchFromGitLab {
owner = "videostreaming";
repo = "fcast";
rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539";
hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g=";
};
patches = [
./electron-builder-package-lock.patch
];
# The nested package-lock.json from upstream is out-of-date, so copy the
# lock metadata from the root package-lock.json.
postPatch = ''
cat {,apps/desktop/src/}package-lock.json \
| ${lib.getExe jq} -s '
.[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2
| .[0].packages."" = .[1].packages.""
| .[1].packages = .[0].packages
| .[1]
' \
| ${moreutils}/bin/sponge apps/desktop/src/package-lock.json
'';
nodejs = nodejs_18;
makeCacheWritable = true;
npmFlags = ["--legacy-peer-deps"];
npmWorkspace = "apps/desktop";
npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc=";
cargoDeps = rustPlatform.fetchCargoTarball {
name = "${pname}-${version}";
inherit src;
patches =
map
(
patch:
runCommand
(builtins.baseNameOf patch)
{nativeBuildInputs = [patchutils_0_4_2];}
''
< ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out
''
)
patches;
patchFlags = ["-p4"];
sourceRoot = "${src.name}/${cargoRoot}";
hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI=";
};
cargoRoot = "apps/desktop/desktop_native";
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
nativeBuildInputs = [
cargo
copyDesktopItems
jq
makeWrapper
moreutils
napi-rs-cli
pkg-config
python3
rustc
rustPlatform.cargoCheckHook
rustPlatform.cargoSetupHook
];
buildInputs = [
glib
gtk3
libsecret
];
preBuild = ''
if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then
echo 'ERROR: electron version mismatch'
exit 1
fi
'';
postBuild = ''
pushd apps/desktop
# desktop_native/index.js loads a file of that name regarldess of the libc being used
mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node
npm exec electron-builder -- \
--dir \
-c.electronDist=${electron}/libexec/electron \
-c.electronVersion=${electron.version}
popd
'';
doCheck = true;
nativeCheckInputs = [
dbus
(gnome.gnome-keyring.override {useWrappedDaemon = false;})
];
checkFlags = [
"--skip=password::password::tests::test"
];
checkPhase = ''
runHook preCheck
pushd ${cargoRoot}
export HOME=$(mktemp -d)
export -f cargoCheckHook runHook _eval _callImplicitHook
export cargoCheckType=release
dbus-run-session \
--config-file=${dbus}/share/dbus-1/session.conf \
-- bash -e -c cargoCheckHook
popd
runHook postCheck
'';
installPhase = ''
runHook preInstall
mkdir $out
pushd apps/desktop/dist/linux-unpacked
mkdir -p $out/opt/Bitwarden
cp -r locales resources{,.pak} $out/opt/Bitwarden
popd
makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \
--add-flags $out/opt/Bitwarden/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default ELECTRON_IS_DEV 0 \
--inherit-argv0
pushd apps/desktop/resources/icons
for icon in *.png; do
dir=$out/share/icons/hicolor/"''${icon%.png}"/apps
mkdir -p "$dir"
cp "$icon" "$dir"/${icon}.png
done
popd
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "bitwarden";
exec = "bitwarden %U";
inherit icon;
comment = description;
desktopName = "Bitwarden";
categories = ["Utility"];
})
];
meta = {
changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}";
inherit description;
homepage = "https://bitwarden.com";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [amarshall kiwi];
platforms = ["x86_64-linux"];
mainProgram = "bitwarden";
};
}

22
pkgs/install-nix-no-inhibit/default.nix
View file

@ -1,20 +1,22 @@
{
lib,
stdenv,
git,
gum,
writeShellApplication,
}:
writeShellApplication
{
name = "install-nix-no-inhibit";
runtimeInputs = [];
runtimeInputs = [git gum];
text = ''
# An install script for NixOS installation to /tmp
set -e
pushd /tmp > /dev/null
systemd-inhibit --what=idle rm -rf ./install-nix
systemd-inhibit --what=idle git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./install-nix
rm -rf ./install-nix
git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./install-nix
pushd ./install-nix/nixos/hosts > /dev/null
echo "Please choose the hostname you are installing to from the following list:"
i=1
@ -25,11 +27,21 @@ writeShellApplication
select dir in "''${dirs[@]}"; do echo "you selected ''${dir}"; break; done
popd > /dev/null
pushd ./install-nix > /dev/null
gum confirm --default=false \
"🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk for ''${dir}. Are you sure you want to continue?"
echo "Partitioning Disks"
sudo nix run github:nix-community/disko \
--extra-experimental-features "nix-command flakes" \
--no-write-lock-file \
-- \
--mode zap_create_mount \
"./disko/''${dir}/default.nix"
echo "NixOS Installing..."
systemd-inhibit --what=idle sudo nixos-install --flake .#"''${dir}"
sudo nixos-install --flake .#"''${dir}"
popd > /dev/null
echo "Cleaning up repository in '/tmp/install-nix'..."
systemd-inhibit --what=idle rm -rf ./install-nix
rm -rf ./install-nix
popd > /dev/null
echo "NixOS Install Succeeded!"
'';

4
pkgs/update/default.nix
View file

@ -18,9 +18,9 @@ writeShellApplication
pushd ./update > /dev/null
echo "Updating flake lock..."
nix flake update
git add flake.lock
sudo nix flake check
git stage ./flake.lock
git commit -m "update flake lock"
sudo nix flake check
git push
popd > /dev/null
echo "Cleaning up repository in '/tmp/update'..."