From 506c560315a0fb416395ed5e1efea850d2e829be Mon Sep 17 00:00:00 2001 From: Noa Aarts Date: Tue, 9 Sep 2025 08:29:58 +0200 Subject: [PATCH] host Qubit-Quilt on nuOS --- flake.lock | 68 +++++++++++++++++++++++- flake.nix | 3 ++ hosts/lambdaos/configuration.nix | 1 + hosts/nuos/configuration.nix | 91 ++------------------------------ hosts/nuos/nginx.nix | 91 ++++++++++++++++++++++++++++++++ hosts/nuos/toggles.nix | 4 ++ 6 files changed, 169 insertions(+), 89 deletions(-) create mode 100644 hosts/nuos/nginx.nix create mode 100644 hosts/nuos/toggles.nix diff --git a/flake.lock b/flake.lock index ce0ca4a..dd30f45 100644 --- a/flake.lock +++ b/flake.lock @@ -216,6 +216,22 @@ "type": "github" } }, + "booktheme": { + "flake": false, + "locked": { + "lastModified": 1741979577, + "narHash": "sha256-SECuhWk5pDEgERURb78QrzSyKINV62fLXladfPA5q9w=", + "owner": "getzola", + "repo": "book", + "rev": "4ee06ce568e1c9f6d19f53bf521fb267603bc6c4", + "type": "github" + }, + "original": { + "owner": "getzola", + "repo": "book", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1748047550, @@ -340,6 +356,18 @@ "type": "github" } }, + "export_templates": { + "flake": false, + "locked": { + "narHash": "sha256-rtBhRkzwg9imC8WSr4AsuQnMcfv3n/jB8+/mPRPGzzk=", + "type": "file", + "url": "https://github.com/godotengine/godot/releases/download/4.4.1-stable/Godot_v4.4.1-stable_export_templates.tpz" + }, + "original": { + "type": "file", + "url": "https://github.com/godotengine/godot/releases/download/4.4.1-stable/Godot_v4.4.1-stable_export_templates.tpz" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -1036,6 +1064,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1756911493, + "narHash": "sha256-6n/n1GZQ/vi+LhFXMSyoseKdNfc2QQaSBXJdgamrbkE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c6a788f552b7b7af703b1a29802a7233c0067908", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1756819007, "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", @@ -1289,6 +1333,27 @@ "type": "github" } }, + "qubit-quilt": { + "inputs": { + "booktheme": "booktheme", + "export_templates": "export_templates", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1757398682, + "narHash": "sha256-kdvzQkhEpv1Vog+DehW1ZaGC8zlp8fheF7i1BC7Npeg=", + "owner": "itepastra", + "repo": "Quantum-surface-application", + "rev": "375a658a480e6b79b52f05ab5764f4d0cc7c66cc", + "type": "github" + }, + "original": { + "owner": "itepastra", + "ref": "init-website", + "repo": "Quantum-surface-application", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -1305,6 +1370,7 @@ "nixcord": "nixcord", "nixpkgs": "nixpkgs_8", "nixsg": "nixsg", + "qubit-quilt": "qubit-quilt", "stylix": "stylix", "tsunami": "tsunami_2" } @@ -1339,7 +1405,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", diff --git a/flake.nix b/flake.nix index 596cff3..0c236e1 100644 --- a/flake.nix +++ b/flake.nix @@ -56,6 +56,9 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.lix.follows = "lix"; }; + qubit-quilt = { + url = "github:itepastra/Quantum-surface-application/init-website"; + }; # declarative vencord client nixcord.url = "github:kaylorben/nixcord"; # for styling apps etc in a consistent theme diff --git a/hosts/lambdaos/configuration.nix b/hosts/lambdaos/configuration.nix index b7d23cb..6b7a21c 100644 --- a/hosts/lambdaos/configuration.nix +++ b/hosts/lambdaos/configuration.nix @@ -96,6 +96,7 @@ enable = true; libraries = with pkgs; [ libc + icu ]; }; }; diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix index ebddbde..66bb234 100644 --- a/hosts/nuos/configuration.nix +++ b/hosts/nuos/configuration.nix @@ -10,9 +10,6 @@ config, ... }: -let - enableFlurry = true; -in { imports = [ # Include the results of the hardware scan. @@ -23,6 +20,7 @@ in (modulesPath + "/profiles/qemu-guest.nix") ./home-assistant.nix + ./nginx.nix ../../common ]; @@ -216,7 +214,7 @@ in }; "flurry" = { - enable = enableFlurry; + enable = (import ./toggles.nix).enableFlurry; description = "Pixelflut server"; serviceConfig = { ExecStart = "${ @@ -337,19 +335,6 @@ in }; services = { - authentik = { - enable = true; - environmentFile = config.age.secrets."authentik/env".path; - nginx = { - enable = true; - enableACME = true; - host = "auth.itepastra.nl"; - }; - settings = { - disable_startup_analytics = true; - avatars = "initials"; - }; - }; factorio = { enable = false; # package = pkgs.factorio-headless.override { @@ -404,76 +389,6 @@ in }; }; }; - nginx = - let - - extra = '' - client_max_body_size 50000M; - - proxy_redirect off; - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s;''; - proxy = name: url: { - forceSSL = true; - useACMEHost = name; - extraConfig = extra; - locations."/" = { - proxyWebsockets = true; - proxyPass = url; - }; - }; - in - { - enable = true; - package = pkgs.nginx.override { - modules = [ pkgs.nginxModules.brotli ]; - }; - - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedBrotliSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - virtualHosts = lib.mkMerge [ - ({ - "noa.voorwaarts.nl" = { - forceSSL = true; - enableACME = true; - extraConfig = extra; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://192.168.42.5:8000"; - }; - }; - - "images.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:2283/"; - "maintenance.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:5000/"; - "map.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://127.0.0.1:8123/"; - - "itepastra.nl" = { - forceSSL = true; - enableACME = true; - extraConfig = extra; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://192.168.42.5:9001/"; - }; - }; - - "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341"; - - # home-assistant proxy - "home.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:8123"; - }) - - (lib.mkIf enableFlurry { - "flurry.itepastra.nl" = proxy "itepastra.nl" "http://127.0.0.1:3000"; - }) - ]; - }; }; security.acme = { @@ -491,7 +406,7 @@ in "home.itepastra.nl" ] ++ [ - (lib.mkIf enableFlurry "flurry.itepastra.nl") + (lib.mkIf (import ./toggles.nix).enableFlurry "flurry.itepastra.nl") ]; }; }; diff --git a/hosts/nuos/nginx.nix b/hosts/nuos/nginx.nix new file mode 100644 index 0000000..01a3dff --- /dev/null +++ b/hosts/nuos/nginx.nix @@ -0,0 +1,91 @@ +{ + pkgs, + lib, + inputs, + ... +}: +let + enableFlurry = true; + enableQubitQuilt = true; +in +{ + services.nginx = + let + + extra = '' + client_max_body_size 50000M; + + proxy_redirect off; + + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s;''; + proxy = name: url: { + forceSSL = true; + useACMEHost = name; + extraConfig = extra; + locations."/" = { + proxyWebsockets = true; + proxyPass = url; + }; + }; + in + { + enable = true; + package = pkgs.nginx.override { + modules = [ pkgs.nginxModules.brotli ]; + }; + + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedBrotliSettings = true; + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + virtualHosts = lib.mkMerge [ + ({ + "noa.voorwaarts.nl" = { + forceSSL = true; + enableACME = true; + extraConfig = extra; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://192.168.42.5:8000"; + }; + }; + + "images.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:2283/"; + "maintenance.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:5000/"; + "map.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://127.0.0.1:8123/"; + + "itepastra.nl" = { + forceSSL = true; + enableACME = true; + extraConfig = extra; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://192.168.42.5:9001/"; + }; + }; + + "geenit.nl" = { + forceSSL = true; + enableACME = true; + extraConfig = extra; + locations."/" = { + root = inputs.qubit-quilt.packages."x86_64-linux".default; + }; + }; + + "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341"; + + # home-assistant proxy + "home.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:8123"; + }) + + (lib.mkIf (import ./toggles.nix).enableFlurry { + "flurry.itepastra.nl" = proxy "itepastra.nl" "http://127.0.0.1:3000"; + }) + ]; + }; +} diff --git a/hosts/nuos/toggles.nix b/hosts/nuos/toggles.nix new file mode 100644 index 0000000..19a7a6b --- /dev/null +++ b/hosts/nuos/toggles.nix @@ -0,0 +1,4 @@ +{ + enableFlurry = true; + enableQubitQuilt = true; +}