blee/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

litten: upgrade channel to 24.11 and service unit for starting open-webui. Remove logseq in favor of using the appimage via desktop application shortcut

Browse Source
This commit is contained in:
Brian Lee 2024-12-01 10:28:35 -08:00
parent 41e150734e
commit 632f85b58d
3 changed files with 108 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
litten.brenise.dev/applications/Logseq.desktop Normal file
View File

@ -0,0 +1,10 @@
# ~/.local/share/applications/Logseq.desktop
[Desktop Entry]
Name=Logseq
Comment=Platform for knowledge management and collaboration
Exec=/home/blee/apps/logseq/Logseq-linux-x64-0.10.9.AppImage
#Icon=/home/yourusername/apps/logseq/logo.png
Type=Application
Categories=Office;Education;
Terminal=false
MimeType=x-scheme-handler/logseq;

235
litten.brenise.dev/configuration.nix
View File

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
# Add nixpkgs-unstable channel with the following command: # Add nixpkgs-unstable channel with the following command:
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update # nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
# 09/15/24: Use nixpkgs-unstable for logseq, see https://github.com/NixOS/nixpkgs/pull/340427
unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; }; unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
host_name = "litten"; host_name = "litten";
host_fqdn = "${host_name}.brenise.dev"; host_fqdn = "${host_name}.brenise.dev";
@ -11,31 +11,21 @@ in
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
nixpkgs = {
config.permittedInsecurePackages = [ nixpkgs.config = {
"electron-27.3.11" # logseq allowUnfreePredicate = pkg:
];
config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"obsidian" # https://github.com/obsidianmd/obsidian-releases "obsidian"
"packer" "packer"
"vscode" "vscode"
"terraform" "terraform"
"zoom" "zoom"
]; ];
overlays = [
(self: super: {
ansible = super.ansible.overrideAttrs (oldAttrs: {
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ super.python311Packages.jmespath ];
});
})
];
}; };
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
systemd-boot.configurationLimit = 20;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
}; };
@ -69,7 +59,7 @@ in
# TODO https://nixos.wiki/wiki/Encrypted_DNS # TODO https://nixos.wiki/wiki/Encrypted_DNS
nameservers = [ "1.1.1.1" "8.8.8.8" ]; nameservers = [ "1.1.1.1" "8.8.8.8" ];
extraHosts = '' extraHosts = ''
192.168.1.1 shinx.brenise.dev 192.168.1.1 shinx.${host_fqdn}
''; '';
}; };
@ -99,6 +89,7 @@ in
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"wheel" "wheel"
# "docker"
"glance" "glance"
]; ];
packages = with pkgs; [ packages = with pkgs; [
@ -111,17 +102,15 @@ in
kate # kwrite kate # kwrite
kdenlive kdenlive
libsForQt5.kcalc libsForQt5.kcalc
# unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
logseq # 0.10.9 # uses insecure electron version 27.3.11 https://github.com/NixOS/nixpkgs/pull/340427
#unstable.logseq # 0.10.9 BUG: https://github.com/logseq/logseq/issues/10851
moonlight-qt moonlight-qt
nmap
obs-studio obs-studio
obsidian obsidian
qbittorrent pavucontrol
# qbittorrent
rtorrent rtorrent
spek # beat saber mapping spek # beat saber mapping
sq
synergy synergy
tenacity tenacity
thunderbird thunderbird
@ -129,7 +118,7 @@ in
via via
vlc vlc
vscode vscode
xcaddy # warning: absolute dumpster fire xcaddy # warning: awfuly hacky
yt-dlp yt-dlp
zoom-us zoom-us
@ -140,20 +129,24 @@ in
awscli2 awscli2
#aws-sam-cli # broken, fails to init. use pip install aws-sam-cli #aws-sam-cli # broken, fails to init. use pip install aws-sam-cli
#unstable.aws-sam-cli
packer packer
terraform terraform
ansible ansible
python3 python311 # Not working in 3.12 yet: openwebui
python311Packages.pip python311Packages.pip
python311Packages.ipython python311Packages.ipython
python311Packages.jmespath # for Ansible playbooks with json_query (grafana, caddy)
libreoffice-qt libreoffice-qt
hunspell hunspell
hunspellDicts.uk_UA hunspellDicts.uk_UA
hunspellDicts.th_TH hunspellDicts.th_TH
# postman # nope, auth is broken
nodejs_20 nodejs_20
yarn yarn
deno deno
nix-init
nix-tree
nurl
]; ];
}; };
@ -228,37 +221,14 @@ in
plasma5.excludePackages = with pkgs.libsForQt5; [ plasma5.excludePackages = with pkgs.libsForQt5; [
plasma-browser-integration plasma-browser-integration
]; ];
etc."gitconfig".text = ''
etc = lib.mkMerge [ [init]
defaultBranch = main
# Generate KDE config files '';
(lib.attrsets.mapAttrs' (name: value: # vscode on Wayland
lib.attrsets.nameValuePair #sessionVariables.NIXOS_OZONE_WL = "1";
( "xdg/${name}" )
{
source = (pkgs.formats.ini {}).generate name value;
}
) {
"baloofilerc" = {
"Basic Settings" = {
"Indexing-Enabled" = false;
};
};
})
{ # normal environment.etc block
gitconfig = {
text = ''
[init]
defaultBranch = main
'';
};
}
];
}; };
programs = { programs = {
appimage = { appimage = {
enable = true; enable = true;
@ -269,6 +239,11 @@ in
]; ];
}; };
}; };
# hyprland = {
# enable = true;
# xwayland.enable = true;
# };
fish.enable = true; fish.enable = true;
vim.defaultEditor = true; vim.defaultEditor = true;
bash = { bash = {
@ -295,11 +270,6 @@ in
enable = true; enable = true;
extraOpts = { extraOpts = {
"SpellcheckEnabled" = false; "SpellcheckEnabled" = false;
"DefaultSearchProviderEnabled" = true;
"DefaultSearchProviderName" = "Kagi";
"DefaultSearchProviderSearchURL" = "https://kagi.com/search?q={searchTerms}";
"SearchSuggestEnabled" = false;
"DefaultSearchProviderSuggestURL" = "";
}; };
}; };
}; };
@ -315,10 +285,10 @@ in
} }
]; ];
}; };
# pki.certificateFiles = [ # self-signed CA trust for start9 pki.certificateFiles = [
# "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
# # "/etc/ssl/certs/dotted-turbans.pem" # "/etc/ssl/certs/dotted-turbans.pem"
# ]; ];
}; };
services = { services = {
@ -330,11 +300,12 @@ in
pipewire = { pipewire = {
enable = true; enable = true;
pulse.enable = true; pulse.enable = true;
alsa.enable = true; # for tenacity
};
avahi = { # for resolving start9 hostname
enable = true;
nssmdns4 = true; # Enable NSS support for mDNS
}; };
# avahi = { # for resolving start9 hostname
# enable = true;
# nssmdns4 = true; # Enable NSS support for mDNS
# };
syncthing = { syncthing = {
enable = true; enable = true;
@ -347,6 +318,7 @@ in
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
port = 8030; port = 8030;
# openFirewall = true;
enabledCollectors = [ enabledCollectors = [
"cpu.info" "cpu.info"
"interrupts" "interrupts"
@ -376,16 +348,11 @@ in
${tlsConfig} ${tlsConfig}
reverse_proxy http://127.0.0.1:8080 reverse_proxy http://127.0.0.1:8080
# BUG: assets are all on root path
# handle /changedetection/* {
# uri strip_prefix /changedetection
# reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
# }
# handle /files/* { # handle /files/* {
# root /mnt/usb/ # root /mnt/usb/
# file_server browse # file_server browse
# } # }
} }
${host_fqdn}:4430 { # node_exporter ${host_fqdn}:4430 { # node_exporter
@ -403,30 +370,10 @@ in
reverse_proxy http://127.0.0.1:8032 reverse_proxy http://127.0.0.1:8032
} }
# BUG: POST messages throw missing referrer error
${host_fqdn}:4433 { # changedetection-io
${tlsConfig}
reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
header Referrer-Policy "strict-origin-when-cross-origin"
}
${host_fqdn}:4434 { # home-assistant
${tlsConfig}
reverse_proxy http://127.0.0.1:8034
}
''; '';
}; };
changedetection-io = {
enable = true;
port = 8033;
behindProxy = true;
# baseURL = "https://${host_fqdn}/changedetection/";
baseURL = "https://${host_fqdn}:4433/";
environmentFile = "/var/src/env_vars/changedetection-io";
};
displayManager = { displayManager = {
sddm.enable = true; sddm.enable = true;
#defaultSession = "plasmawayland"; #defaultSession = "plasmawayland";
@ -435,52 +382,37 @@ in
enable = true; enable = true;
desktopManager.plasma5.enable = true; desktopManager.plasma5.enable = true;
}; };
}; };
systemd = { systemd = {
services = { services.caddy = {
caddy = { serviceConfig = {
serviceConfig = { EnvironmentFile = "/var/src/secrets/namecheap";
EnvironmentFile = "/var/src/secrets/namecheap"; ExecStart = [
ExecStart = [ "" # This empty string clears the existing ExecStart commands
"" # This empty string clears the existing ExecStart commands "/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile" ];
]; ExecReload = [
ExecReload = [ "" # This empty string clears the existing ExecReload commands
"" # This empty string clears the existing ExecReload commands "/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force" ];
];
};
};
glance = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
User = "glance";
Group = "glance";
WorkingDirectory = "/var/lib/glance";
# Environment = "LOG_LEVEL=debug"; # https://github.com/glanceapp/glance/issues/196
ExecStart = "${pkgs.glance}/bin/glance --config config.yaml";
};
};
open-webui = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "forking";
User = "blee";
WorkingDirectory = "/opt/open-webui";
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
ExecStart = "${pkgs.nix}/bin/nix-shell";
};
}; };
}; };
services.glance = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "glance";
Group = "glance";
WorkingDirectory = "/var/lib/glance";
# Environment = "LOG_LEVEL=debug"; # https://github.com/glanceapp/glance/issues/196
ExecStart = "${pkgs.glance}/bin/glance --config config.yaml";
};
};
# TODO: fix errors # TODO: fix errors
# systemd.services.nightly-backups = { # services.nightly-backups = {
# description = "Nightly Backup Service"; # description = "Nightly Backup Service";
# wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ]; # after = [ "network.target" ];
@ -503,7 +435,7 @@ in
# }; # };
# }; # };
# systemd.timers.nightly-backups = { # timers.nightly-backups = {
# wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
# partOf = [ "nightly-backups.service" ]; # partOf = [ "nightly-backups.service" ];
# timerConfig = { # timerConfig = {
@ -514,21 +446,30 @@ in
# }; # };
# }; # };
services.ollama-webui = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "forking";
User = "blee";
WorkingDirectory = "/opt/open-webui";
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
# ExecStart = "${pkgs.nix}/bin/nix-shell";
};
script = "${pkgs.nix}/bin/nix-shell";
};
}; };
# virtualisation.oci-containers = { # virtualisation.docker = {
# backend = "podman"; # systemctl status podman-homeassistant # enable = true;
# containers.homeassistant = { # rootless = {
# volumes = [ "home-assistant:/config" ]; # enable = true;
# environment.TZ = "US/Pacific"; # setSocketVariable = true;
# # Note: The image will not be updated on rebuilds, unless the version label changes # };
# image = "ghcr.io/home-assistant/home-assistant:stable"; # autoPrune = {
# ports = [ "8123:8034" ]; # enable = true;
# extraOptions = [ # dates = "monthly";
# "--network=host"
# "--cap-add=NET_ADMIN"
# "--cap-add=NET_RAW"
# ];
# }; # };
# }; # };

11
litten.brenise.dev/glance/config.yaml
View File

@ -11,6 +11,15 @@ pages:
- type: calendar - type: calendar
- type: rss - type: rss
title: changedetection
limit: 10
collapse-after: 3
cache: 1d
feeds:
- url: https://litten.brenise.dev:4433/rss?token=184f164b983ff9cd3ff4b87526c57b54
- type: rss
title: feeds
limit: 10 limit: 10
collapse-after: 3 collapse-after: 3
cache: 1d cache: 1d
@ -94,4 +103,4 @@ pages:
# - immich-app/immich # - immich-app/immich
# - go-gitea/gitea # - go-gitea/gitea
# - dani-garcia/vaultwarden # - dani-garcia/vaultwarden
# - jellyfin/jellyfin # - jellyfin/jellyfin