diff --git a/common/users/default.nix b/common/users/default.nix index 2a4c5b3..d9c87e6 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -1,9 +1,3 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkOption types genAttrs; - cfg = config.fountain; -in { # TODO: consider DRY-ing these imports = [ @@ -13,21 +7,5 @@ in ./trungle.nix ]; - options.fountain = { - admins = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "List of users who should have root on this system"; - }; - }; - - config = { - users.mutableUsers = false; - - users.users = genAttrs cfg.admins - (name: { - extraGroups = [ "wheel" ]; - } - ); - }; + users.mutableUsers = false; } diff --git a/flake.lock b/flake.lock index 04db858..5d05a00 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742097805, - "narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=", + "lastModified": 1741379467, + "narHash": "sha256-f314Ke28BGoVh4TK8FCzlPZgOl+oV7PvLyPF++ln9M4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189", + "rev": "0b95936d94ea2a3ce66538f299351cf0b491aa15", "type": "gitlab" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1741378606, + "narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "95711f926676018d279ba09fe7530d03b5d5b3e2", "type": "github" }, "original": { @@ -234,14 +234,14 @@ "flake": false, "locked": { "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" } }, "lix-module": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "ref": "stable", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "revCount": 130, + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "revCount": 127, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1742072093, - "narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=", + "lastModified": 1741318725, + "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f182029bf7f08a57762b4c762d0917b6803ceff4", + "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", "type": "github" }, "original": { @@ -317,11 +317,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1741246872, + "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "type": "github" }, "original": { @@ -333,11 +333,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1742095305, - "narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=", + "lastModified": 1741323510, + "narHash": "sha256-zQL0iErtVTxywxyWc7ajRmRNCncny95uD+2wmBHYOzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d", + "rev": "f104cca31ba6c0403b678ad9428726476b503782", "type": "github" }, "original": { @@ -373,11 +373,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1742090267, - "narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=", + "lastModified": 1741308008, + "narHash": "sha256-J+7n6svwbpvSoUgFfjfYNVAT50SarBYiwLgTIixjYlM=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b", + "rev": "814314b94a4d44197d2708d4b48d9df1d14892e2", "type": "github" }, "original": { diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 97aba67..e4a517a 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -37,7 +37,7 @@ in }; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; + users.users.qenya.extraGroups = [ "wheel" ]; system.stateVersion = "24.11"; } diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 65a0ced..473f587 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -15,7 +15,7 @@ in networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; + users.users.qenya.extraGroups = [ "wheel" ]; fountain.users.randomcat.enable = true; fountain.users.trungle.enable = true; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index c73d439..f9f4600 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -27,10 +27,12 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + qenya.services.pipewire.lowLatency.enable = true; + fountain.users.qenya.enable = true; age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; - fountain.admins = [ "qenya" ]; + users.users.qenya.extraGroups = [ "wheel" ]; home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ obs-studio ]; # For the moment, this hosts some network-accessible services, so we want it on 24/7 diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index f5aa5fd..a6f95ad 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -12,7 +12,7 @@ networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; + users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; qenya.services.distributed-builds = { @@ -57,16 +57,7 @@ }; networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ]; - qenya.services.actual = { - enable = true; - domain = "actual.unspecified.systems"; - }; - fountain.services.web-redirect = { - enable = true; - domains = { - "actual.qenya.tel" = "actual.unspecified.systems"; - }; - }; + qenya.services.actual.enable = true; system.stateVersion = "23.11"; } diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index dd1f21f..3bb4c52 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -31,10 +31,10 @@ in nix.optimise.automatic = mkForce false; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ + "wheel" # sudo "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index b93c14b..e028d11 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -16,7 +16,7 @@ networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; + users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; qenya.services.distributed-builds = { @@ -40,17 +40,20 @@ enable = true; domain = "git.unspecified.systems"; }; - fountain.services.web-redirect = { - enable = true; - domains = { - "git.katherina.rocks" = "git.unspecified.systems"; - "git.qenya.tel" = "git.unspecified.systems"; - }; - }; services.nginx = { enable = true; virtualHosts = { + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.unspecified.systems$request_uri"; + }; + "git.qenya.tel" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.unspecified.systems$request_uri"; + }; "birdsong.network" = { forceSSL = true; enableACME = true; diff --git a/services/actual.nix b/services/actual.nix index b46540e..d5a1599 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: +with lib; let - inherit (lib) mkIf mkOption mkEnableOption types; cfg = config.qenya.services.actual; + domain = "actual.qenya.tel"; in { options.qenya.services.actual = { enable = mkEnableOption "Actual Budget"; - domain = mkOption { - type = types.str; - }; }; config = mkIf cfg.enable { services.nginx = { enable = true; virtualHosts = { - ${cfg.domain} = { + ${domain} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://127.0.0.1:5006/"; diff --git a/services/default.nix b/services/default.nix index 9a3f8cb..f136e92 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,7 +6,7 @@ ./forgejo.nix ./jellyfin.nix ./navidrome.nix + ./pipewire-low-latency.nix ./remote-builder.nix - ./web-redirect.nix ]; -} +} \ No newline at end of file diff --git a/services/pipewire-low-latency.nix b/services/pipewire-low-latency.nix new file mode 100644 index 0000000..0ba2709 --- /dev/null +++ b/services/pipewire-low-latency.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + cfg = config.qenya.services.pipewire.lowLatency; +in +{ + options.qenya.services.pipewire.lowLatency = { + enable = mkEnableOption "config to decrease sound latency (increasing CPU load) for e.g. streaming"; + # TODO: might be an idea to have the numbers be configurable + }; + + config = mkIf cfg.enable { + # TODO: needs more testing + services.pipewire.extraConfig = { + pipewire."92-low-latency" = { + context.properties = { + default.clock.rate = 48000; + default.clock.quantum = 32; + default.clock.min-quantum = 32; + default.clock.max-quantum = 32; + }; + }; + pipewire-pulse."92-low-latency" = { + context.modules = [ + { + name = "libpipewire-module-protocol-pulse"; + args = { + pulse.min.req = "32/48000"; + pulse.default.req = "32/48000"; + pulse.max.req = "32/48000"; + pulse.min.quantum = "32/48000"; + pulse.max.quantum = "32/48000"; + }; + } + ]; + stream.properties = { + node.latency = "32/48000"; + resample.quality = 1; + }; + }; + }; + # Available from NixOS 24.11. Lifted from https://nixos.wiki/wiki/PipeWire - probably need to adjust numbers + # services.pipewire.wireplumber.extraLuaConfig.main."99-alsa-lowlatency" = '' + # alsa_monitor.rules = { + # { + # matches = {{{ "node.name", "matches", "alsa_output.*" }}}; + # apply_properties = { + # ["audio.format"] = "S32LE", + # ["audio.rate"] = "96000", -- for USB soundcards it should be twice your desired rate + # ["api.alsa.period-size"] = 2, -- defaults to 1024, tweak by trial-and-error + # -- ["api.alsa.disable-batch"] = true, -- generally, USB soundcards use the batch mode + # }, + # }, + # } + # ''; + }; +} diff --git a/services/web-redirect.nix b/services/web-redirect.nix deleted file mode 100644 index 92b9c5a..0000000 --- a/services/web-redirect.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkOption mkEnableOption types; - cfg = config.fountain.services.web-redirect; -in -{ - options.fountain.services.web-redirect = { - enable = mkEnableOption "Module to do simple 301 redirects from one domain to another"; - domains = mkOption { - type = types.attrsOf types.str; - description = "Mapping from source domain to destination domain"; - }; - }; - - config = mkIf cfg.enable { - services.nginx = { - enable = true; - virtualHosts = builtins.mapAttrs - (name: value: { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://${value}$request_uri"; - }) - cfg.domains; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - }; -}