litten: upgrade channel to 24.11 and service unit for starting open-webui. Remove logseq in favor of using the appimage via desktop application shortcut
This commit is contained in:
parent
41e150734e
commit
632f85b58d
10
litten.brenise.dev/applications/Logseq.desktop
Normal file
10
litten.brenise.dev/applications/Logseq.desktop
Normal file
@ -0,0 +1,10 @@
|
||||
# ~/.local/share/applications/Logseq.desktop
|
||||
[Desktop Entry]
|
||||
Name=Logseq
|
||||
Comment=Platform for knowledge management and collaboration
|
||||
Exec=/home/blee/apps/logseq/Logseq-linux-x64-0.10.9.AppImage
|
||||
#Icon=/home/yourusername/apps/logseq/logo.png
|
||||
Type=Application
|
||||
Categories=Office;Education;
|
||||
Terminal=false
|
||||
MimeType=x-scheme-handler/logseq;
|
@ -1,8 +1,8 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
# Add nixpkgs-unstable channel with the following command:
|
||||
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
|
||||
# 09/15/24: Use nixpkgs-unstable for logseq, see https://github.com/NixOS/nixpkgs/pull/340427
|
||||
unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
|
||||
host_name = "litten";
|
||||
host_fqdn = "${host_name}.brenise.dev";
|
||||
@ -11,31 +11,21 @@ in
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
nixpkgs = {
|
||||
config.permittedInsecurePackages = [
|
||||
"electron-27.3.11" # logseq
|
||||
];
|
||||
config.allowUnfreePredicate = pkg:
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"obsidian" # https://github.com/obsidianmd/obsidian-releases
|
||||
"obsidian"
|
||||
"packer"
|
||||
"vscode"
|
||||
"terraform"
|
||||
"zoom"
|
||||
];
|
||||
overlays = [
|
||||
(self: super: {
|
||||
ansible = super.ansible.overrideAttrs (oldAttrs: {
|
||||
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ super.python311Packages.jmespath ];
|
||||
});
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
systemd-boot.configurationLimit = 20;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
@ -69,7 +59,7 @@ in
|
||||
# TODO https://nixos.wiki/wiki/Encrypted_DNS
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
extraHosts = ''
|
||||
192.168.1.1 shinx.brenise.dev
|
||||
192.168.1.1 shinx.${host_fqdn}
|
||||
'';
|
||||
};
|
||||
|
||||
@ -99,6 +89,7 @@ in
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
# "docker"
|
||||
"glance"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
@ -111,17 +102,15 @@ in
|
||||
kate # kwrite
|
||||
kdenlive
|
||||
libsForQt5.kcalc
|
||||
|
||||
logseq # 0.10.9 # uses insecure electron version 27.3.11 https://github.com/NixOS/nixpkgs/pull/340427
|
||||
#unstable.logseq # 0.10.9 BUG: https://github.com/logseq/logseq/issues/10851
|
||||
|
||||
# unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
|
||||
moonlight-qt
|
||||
nmap
|
||||
obs-studio
|
||||
obsidian
|
||||
qbittorrent
|
||||
pavucontrol
|
||||
# qbittorrent
|
||||
rtorrent
|
||||
spek # beat saber mapping
|
||||
sq
|
||||
synergy
|
||||
tenacity
|
||||
thunderbird
|
||||
@ -129,7 +118,7 @@ in
|
||||
via
|
||||
vlc
|
||||
vscode
|
||||
xcaddy # warning: absolute dumpster fire
|
||||
xcaddy # warning: awfuly hacky
|
||||
yt-dlp
|
||||
zoom-us
|
||||
|
||||
@ -140,20 +129,24 @@ in
|
||||
|
||||
awscli2
|
||||
#aws-sam-cli # broken, fails to init. use pip install aws-sam-cli
|
||||
#unstable.aws-sam-cli
|
||||
packer
|
||||
terraform
|
||||
ansible
|
||||
python3
|
||||
python311 # Not working in 3.12 yet: openwebui
|
||||
python311Packages.pip
|
||||
python311Packages.ipython
|
||||
python311Packages.jmespath # for Ansible playbooks with json_query (grafana, caddy)
|
||||
libreoffice-qt
|
||||
hunspell
|
||||
hunspellDicts.uk_UA
|
||||
hunspellDicts.th_TH
|
||||
# postman # nope, auth is broken
|
||||
nodejs_20
|
||||
yarn
|
||||
deno
|
||||
nix-init
|
||||
nix-tree
|
||||
nurl
|
||||
];
|
||||
};
|
||||
|
||||
@ -228,37 +221,14 @@ in
|
||||
plasma5.excludePackages = with pkgs.libsForQt5; [
|
||||
plasma-browser-integration
|
||||
];
|
||||
|
||||
etc = lib.mkMerge [
|
||||
|
||||
# Generate KDE config files
|
||||
(lib.attrsets.mapAttrs' (name: value:
|
||||
lib.attrsets.nameValuePair
|
||||
( "xdg/${name}" )
|
||||
{
|
||||
source = (pkgs.formats.ini {}).generate name value;
|
||||
}
|
||||
) {
|
||||
"baloofilerc" = {
|
||||
"Basic Settings" = {
|
||||
"Indexing-Enabled" = false;
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
{ # normal environment.etc block
|
||||
gitconfig = {
|
||||
text = ''
|
||||
[init]
|
||||
defaultBranch = main
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
etc."gitconfig".text = ''
|
||||
[init]
|
||||
defaultBranch = main
|
||||
'';
|
||||
# vscode on Wayland
|
||||
#sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
};
|
||||
|
||||
|
||||
programs = {
|
||||
appimage = {
|
||||
enable = true;
|
||||
@ -269,6 +239,11 @@ in
|
||||
];
|
||||
};
|
||||
};
|
||||
# hyprland = {
|
||||
# enable = true;
|
||||
# xwayland.enable = true;
|
||||
# };
|
||||
|
||||
fish.enable = true;
|
||||
vim.defaultEditor = true;
|
||||
bash = {
|
||||
@ -295,11 +270,6 @@ in
|
||||
enable = true;
|
||||
extraOpts = {
|
||||
"SpellcheckEnabled" = false;
|
||||
"DefaultSearchProviderEnabled" = true;
|
||||
"DefaultSearchProviderName" = "Kagi";
|
||||
"DefaultSearchProviderSearchURL" = "https://kagi.com/search?q={searchTerms}";
|
||||
"SearchSuggestEnabled" = false;
|
||||
"DefaultSearchProviderSuggestURL" = "";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -315,10 +285,10 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
# pki.certificateFiles = [ # self-signed CA trust for start9
|
||||
# "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
# # "/etc/ssl/certs/dotted-turbans.pem"
|
||||
# ];
|
||||
pki.certificateFiles = [
|
||||
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
# "/etc/ssl/certs/dotted-turbans.pem"
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
@ -330,11 +300,12 @@ in
|
||||
pipewire = {
|
||||
enable = true;
|
||||
pulse.enable = true;
|
||||
alsa.enable = true; # for tenacity
|
||||
};
|
||||
avahi = { # for resolving start9 hostname
|
||||
enable = true;
|
||||
nssmdns4 = true; # Enable NSS support for mDNS
|
||||
};
|
||||
# avahi = { # for resolving start9 hostname
|
||||
# enable = true;
|
||||
# nssmdns4 = true; # Enable NSS support for mDNS
|
||||
# };
|
||||
|
||||
syncthing = {
|
||||
enable = true;
|
||||
@ -347,6 +318,7 @@ in
|
||||
prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 8030;
|
||||
# openFirewall = true;
|
||||
enabledCollectors = [
|
||||
"cpu.info"
|
||||
"interrupts"
|
||||
@ -376,16 +348,11 @@ in
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8080
|
||||
|
||||
# BUG: assets are all on root path
|
||||
# handle /changedetection/* {
|
||||
# uri strip_prefix /changedetection
|
||||
# reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
|
||||
# }
|
||||
|
||||
# handle /files/* {
|
||||
# root /mnt/usb/
|
||||
# file_server browse
|
||||
# }
|
||||
|
||||
}
|
||||
|
||||
${host_fqdn}:4430 { # node_exporter
|
||||
@ -403,30 +370,10 @@ in
|
||||
reverse_proxy http://127.0.0.1:8032
|
||||
}
|
||||
|
||||
# BUG: POST messages throw missing referrer error
|
||||
${host_fqdn}:4433 { # changedetection-io
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
|
||||
header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
}
|
||||
|
||||
${host_fqdn}:4434 { # home-assistant
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8034
|
||||
}
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
changedetection-io = {
|
||||
enable = true;
|
||||
port = 8033;
|
||||
behindProxy = true;
|
||||
# baseURL = "https://${host_fqdn}/changedetection/";
|
||||
baseURL = "https://${host_fqdn}:4433/";
|
||||
environmentFile = "/var/src/env_vars/changedetection-io";
|
||||
};
|
||||
|
||||
displayManager = {
|
||||
sddm.enable = true;
|
||||
#defaultSession = "plasmawayland";
|
||||
@ -435,52 +382,37 @@ in
|
||||
enable = true;
|
||||
desktopManager.plasma5.enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
caddy = {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = "/var/src/secrets/namecheap";
|
||||
ExecStart = [
|
||||
"" # This empty string clears the existing ExecStart commands
|
||||
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
|
||||
];
|
||||
ExecReload = [
|
||||
"" # This empty string clears the existing ExecReload commands
|
||||
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
|
||||
];
|
||||
};
|
||||
};
|
||||
glance = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
User = "glance";
|
||||
Group = "glance";
|
||||
WorkingDirectory = "/var/lib/glance";
|
||||
# Environment = "LOG_LEVEL=debug"; # https://github.com/glanceapp/glance/issues/196
|
||||
ExecStart = "${pkgs.glance}/bin/glance --config config.yaml";
|
||||
};
|
||||
};
|
||||
services.caddy = {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = "/var/src/secrets/namecheap";
|
||||
ExecStart = [
|
||||
"" # This empty string clears the existing ExecStart commands
|
||||
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
|
||||
];
|
||||
ExecReload = [
|
||||
"" # This empty string clears the existing ExecReload commands
|
||||
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
|
||||
];
|
||||
|
||||
open-webui = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
User = "blee";
|
||||
WorkingDirectory = "/opt/open-webui";
|
||||
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
|
||||
ExecStart = "${pkgs.nix}/bin/nix-shell";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
services.glance = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
User = "glance";
|
||||
Group = "glance";
|
||||
WorkingDirectory = "/var/lib/glance";
|
||||
# Environment = "LOG_LEVEL=debug"; # https://github.com/glanceapp/glance/issues/196
|
||||
ExecStart = "${pkgs.glance}/bin/glance --config config.yaml";
|
||||
};
|
||||
};
|
||||
# TODO: fix errors
|
||||
# systemd.services.nightly-backups = {
|
||||
# services.nightly-backups = {
|
||||
# description = "Nightly Backup Service";
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# after = [ "network.target" ];
|
||||
@ -503,7 +435,7 @@ in
|
||||
# };
|
||||
# };
|
||||
|
||||
# systemd.timers.nightly-backups = {
|
||||
# timers.nightly-backups = {
|
||||
# wantedBy = [ "timers.target" ];
|
||||
# partOf = [ "nightly-backups.service" ];
|
||||
# timerConfig = {
|
||||
@ -514,21 +446,30 @@ in
|
||||
# };
|
||||
# };
|
||||
|
||||
services.ollama-webui = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
User = "blee";
|
||||
WorkingDirectory = "/opt/open-webui";
|
||||
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
|
||||
# ExecStart = "${pkgs.nix}/bin/nix-shell";
|
||||
};
|
||||
script = "${pkgs.nix}/bin/nix-shell";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# virtualisation.oci-containers = {
|
||||
# backend = "podman"; # systemctl status podman-homeassistant
|
||||
# containers.homeassistant = {
|
||||
# volumes = [ "home-assistant:/config" ];
|
||||
# environment.TZ = "US/Pacific";
|
||||
# # Note: The image will not be updated on rebuilds, unless the version label changes
|
||||
# image = "ghcr.io/home-assistant/home-assistant:stable";
|
||||
# ports = [ "8123:8034" ];
|
||||
# extraOptions = [
|
||||
# "--network=host"
|
||||
# "--cap-add=NET_ADMIN"
|
||||
# "--cap-add=NET_RAW"
|
||||
# ];
|
||||
# virtualisation.docker = {
|
||||
# enable = true;
|
||||
# rootless = {
|
||||
# enable = true;
|
||||
# setSocketVariable = true;
|
||||
# };
|
||||
# autoPrune = {
|
||||
# enable = true;
|
||||
# dates = "monthly";
|
||||
# };
|
||||
# };
|
||||
|
||||
|
@ -11,6 +11,15 @@ pages:
|
||||
- type: calendar
|
||||
|
||||
- type: rss
|
||||
title: changedetection
|
||||
limit: 10
|
||||
collapse-after: 3
|
||||
cache: 1d
|
||||
feeds:
|
||||
- url: https://litten.brenise.dev:4433/rss?token=184f164b983ff9cd3ff4b87526c57b54
|
||||
|
||||
- type: rss
|
||||
title: feeds
|
||||
limit: 10
|
||||
collapse-after: 3
|
||||
cache: 1d
|
||||
@ -94,4 +103,4 @@ pages:
|
||||
# - immich-app/immich
|
||||
# - go-gitea/gitea
|
||||
# - dani-garcia/vaultwarden
|
||||
# - jellyfin/jellyfin
|
||||
# - jellyfin/jellyfin
|
||||
|
Loading…
x
Reference in New Issue
Block a user