Merge branch 'main' of codeberg.org:muon/home

hosts/muon/home.nix

@@ -1,5 +1,11 @@
-{ pkgs, lib, osConfig,... }:
-let cfg = osConfig.mods; in {
+{
+  pkgs,
+  lib,
+  osConfig,
+  ...
+}: let
+  cfg = osConfig.mods;
+in {
   # Modules
   mods.xdg.enable = true;
   mods.social.enable = true;
@@ -11,17 +17,22 @@ let cfg = osConfig.mods; in {
   mods.desktop.development.enable = true;
   mods.desktop.productivity.enable = true;
   mods.desktop.media.enable = true;
+  mods.zen.enable = true;
+  mods.obsidian.enable = true;
 
   # Hardware preferences
 
   ## Monitors
-  xsession.windowManager.i3.config.workspaceOutputAssign = [{
+  xsession.windowManager.i3.config.workspaceOutputAssign = [
+    {
       workspace = "1";
       output = "${cfg.monitors.primary.name}";
-  } {
+    }
+    {
       workspace = "2";
       output = "${cfg.monitors.secondary.name}";
-  }];
+    }
+  ];
   services.autorandr.enable = true;
   programs.autorandr = {
     enable = true;

modules/home/desktop/media.nix

@@ -14,7 +14,7 @@
       pavucontrol
 
       # Video
-      (callPackage ./packages/stremio-linux-shell.nix {})
+      # (callPackage ./packages/stremio-linux-shell.nix {})
 
       # Podcasts
       gpodder

modules/home/desktop/productivity.nix

@@ -17,8 +17,8 @@ in
       home.packages = with pkgs; [
         # ISO downloader
         qbittorrent
-        xd
-        biglybt
+        # xd
+        # biglybt
         # transmission_4-gtk
 
         # email

modules/nixos/core/network.nix

@@ -1,10 +1,13 @@
-{ pkgs, lib, config, ... }:
-
-let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
   cfg = config.mods;
   wg = cfg.wireguard;
-
-in with lib; {
+in
+  with lib; {
     options.mods = {
       i2p.enable = mkEnableOption "enables i2p network";
       tailscale.enable = mkEnableOption "enables tailscale";
@@ -19,7 +22,8 @@ in with lib; {
         username = "${config.mods.user.name}";
         folder = "${config.users.users.${username}.home}/documents/openvpn/";
         file = "${config.mods.user.name}.ovpn";
-    in mkOption {
+      in
+        mkOption {
           description = "the config location";
           default = "${folder}${file}";
         };
@@ -28,7 +32,7 @@ in with lib; {
     config = {
       networking.networkmanager.enable = true;
       # networking.nameservers = [ "45.90.28.97" "45.90.30.97" ];
-    networking.nameservers = [ "194.242.2.4#base.dns.mullvad.net" ];
+      networking.nameservers = ["194.242.2.4#base.dns.mullvad.net"];
       # services.resolved = {
       #   enable = true;
       #   dnssec = "false";
@@ -65,27 +69,28 @@ in with lib; {
         };
       };
 
-    networking.firewall.allowedUDPPorts = [ 51820 16261 ];
+      networking.firewall.allowedUDPPorts = [51820 16261];
       networking.wg-quick.interfaces = lib.mkIf (wg.id != null) {
         wg0 = {
           address = [
             "10.0.0.${toString wg.id}/24"
             "fdc9:281f:04d7:9ee9::${toString wg.id}/64"
           ];
-        dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
+          # dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
           mtu = 1500;
           privateKeyFile = "/home/muon/wireguard-keys/private";
 
-        peers = [{
+          peers = [
+            {
               publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
-          presharedKeyFile =
-            "/home/muon/wireguard-keys/psk-${config.networking.hostName}";
-          allowedIPs = [ "10.0.0.${toString wg.id}/24" ];
+              presharedKeyFile = "/home/muon/wireguard-keys/psk-${config.networking.hostName}";
+              allowedIPs = ["10.0.0.${toString wg.id}/24"];
               # allowedIPs = [ "0.0.0.0/0" ];
               # ip route add 93.95.230.11 via 192.168.0.1
               endpoint = "93.95.230.11:51820";
               persistentKeepalive = 25;
-        }];
+            }
+          ];
         };
       };
 
@@ -98,6 +103,5 @@ in with lib; {
 
       # gateway =
       # "${pkgs.networkmanager}/bin/nmcli dev show ${interface} | ${pkgs.gnugrep}/bin/fgrep IP4.GATEWAY | ${pkgs.awk}/bin/awk {print $2}";
-
     };
-}
+  }

modules/nixos/server/audio.nix

@@ -40,6 +40,7 @@ in with lib; {
       openFirewall = true;
       openRPCPort = true;
       port = arr.torrent.port;
+      package = pkgs.transmission_4;
       settings = {
         download-dir = "/storage1/download";
         rpc-port = arr.torrent.port;

modules/nixos/server/grav/default.nix

@@ -23,7 +23,7 @@ in with lib; {
       inherit port;
       enable = true;
       root = cfg.grav.location;
-      phpPackage = pkgs.php81;
+      phpPackage = pkgs.php83;
     };
     users.users.${config.mods.user.name}.extraGroups = lib.mkAfter [ "grav" ];
   };

modules/nixos/server/nginx.nix

@@ -82,7 +82,7 @@ in
             add_header X-XSS-Protection          "1; mode=block" always;
             add_header X-Content-Type-Options    "nosniff" always;
             add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self'; object-src 'none'; base-uri 'none';"; always;
             add_header Permissions-Policy        "interest-cohort=()" always;
             # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
           '';
@@ -99,6 +99,14 @@ in
               "/" = {
                 proxyPass = "http://${cfg.ip}:${toString port}/";
                 proxyWebsockets = true;
+                extraConfig =
+                  # sh
+                  ''
+                    client_max_body_size 50000M;
+                    proxy_read_timeout   600s;
+                    proxy_send_timeout   600s;
+                    send_timeout         600s;
+                  '';
               };
             };
         in