fleaz/overlay
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

added stuff from morph

Browse source
This commit is contained in:
fleaz 2023-10-04 23:08:14 +02:00
commit cdf9817bc8
No known key found for this signature in database
GPG key ID: AED15F8FDD04D083
9 changed files with 395 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
cpthook/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib
, buildGoModule
, pkgs
, fetchFromGitHub
}:
buildGoModule rec {
pname = "cpthook";
version = "0.7.1";
src = fetchFromGitHub {
owner = "fleaz";
repo = "CptHook";
hash = "sha256-SfqybLrTF9TDz4t/zPDojlZngVDxKGLTlNs9T34LfMU=";
rev = "v${version}";
};
vendorSha256 = "sha256-iKIH36pYK6x5ReCz6wiw5SWoiyMBfmr2K4ToWI/V6xQ=";
}

13
default.nix Normal file
View file

@ -0,0 +1,13 @@
self: super: {
hacompanion = super.callPackage ./hacompanion { };
cpthook = super.callPackage ./cpthook { };
python3 = super.python3.override {
packageOverrides = python-self: python-super: {
pytapo = python-super.callPackage ./pytapo { };
};
};
gotosocial = super.callPackage ./gotosocial { };
pulse-secure = super.callPackage ./pulse-secure { };
}

0
gotosocial/gotosocial.nix Normal file
View file

19
hacompanion/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib
, buildGoModule
, pkgs
, fetchFromGitHub
}:
buildGoModule rec {
pname = "hacompanion";
version = "1.0.5";
src = fetchFromGitHub {
owner = "tobias-kuendig";
repo = "hacompanion";
hash = "sha256-wNxE2TrO/TPVzwyn+LRfu6v9mUf3CeB5vdNNJM4rMAI=";
rev = "v${version}";
};
vendorSha256 = "sha256-ZZ8nxN+zUeFhSXyoHLMgzeFllnIkKdoVnbVK5KjrLEQ=";
}

5
modules/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./gotosocial.nix
];
}

169
modules/gotosocial.nix Normal file
View file

@ -0,0 +1,169 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.gotosocial;
settingsFormat = pkgs.formats.yaml { };
configFile = settingsFormat.generate "config.yml" cfg.settings;
defaultSettings = {
application-name = "gotosocial";
protocol = "https";
bind-address = "127.0.0.1";
port = 8080;
storage-local-base-path = "/var/lib/gotosocial/storage";
db-type = "sqlite";
db-address = "/var/lib/gotosocial/database.sqlite";
};
gotosocial-admin = pkgs.writeShellScriptBin "gotosocial-admin" ''
exec systemd-run \
-u gotosocial-admin.service \
-p Group=gotosocial \
-p User=gotosocial \
-q -t -G --wait --service-type=exec \
${cfg.package}/bin/gotosocial --config-path ${configFile} admin "$@"
'';
in
{
meta.doc = ./gotosocial.md;
meta.maintainers = with lib.maintainers; [ misuzu ];
options.services.gotosocial = {
enable = lib.mkEnableOption (lib.mdDoc "ActivityPub social network server");
package = lib.mkPackageOptionMD pkgs "gotosocial" { };
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Open the configured port in the firewall.
Using a reverse proxy instead is highly recommended.
'';
};
setupPostgresqlDB = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Whether to setup a local postgres database and populate the
`db-type` fields in `services.gotosocial.settings`.
'';
};
settings = lib.mkOption {
type = settingsFormat.type;
default = defaultSettings;
example = {
application-name = "My GoToSocial";
host = "gotosocial.example.com";
};
description = lib.mdDoc ''
Contents of the GoToSocial YAML config.
Please refer to the
[documentation](https://docs.gotosocial.org/en/latest/configuration/)
and
[example config](https://github.com/superseriousbusiness/gotosocial/blob/main/example/config.yaml).
Please note that the `host` option cannot be changed later so it is important to configure this correctly before you start GoToSocial.
'';
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = lib.mdDoc ''
File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5).
This option could be used to pass sensitive configuration to the GoToSocial daemon.
Please refer to the Environment Variables section in the
[documentation](https://docs.gotosocial.org/en/latest/configuration/).
'';
default = null;
example = "/root/nixos/secrets/gotosocial.env";
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings.host or null != null;
message = ''
You have to define a hostname for GoToSocial (`services.gotosocial.settings.host`), it cannot be changed later without starting over!
'';
}
];
services.gotosocial.settings = (lib.mapAttrs (name: lib.mkDefault) (
defaultSettings // {
web-asset-base-dir = "${cfg.package}/share/gotosocial/web/assets/";
web-template-base-dir = "${cfg.package}/share/gotosocial/web/template/";
}
)) // (lib.optionalAttrs cfg.setupPostgresqlDB {
db-type = "postgres";
db-address = "/run/postgresql";
db-database = "gotosocial";
db-user = "gotosocial";
});
environment.systemPackages = [ gotosocial-admin ];
users.groups.gotosocial = { };
users.users.gotosocial = {
group = "gotosocial";
isSystemUser = true;
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.port ];
};
services.postgresql = lib.mkIf cfg.setupPostgresqlDB {
enable = true;
ensureDatabases = [ "gotosocial" ];
ensureUsers = [
{
name = "gotosocial";
ensurePermissions = {
"DATABASE gotosocial" = "ALL PRIVILEGES";
};
}
];
};
systemd.services.gotosocial = {
description = "ActivityPub social network server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]
++ lib.optional cfg.setupPostgresqlDB "postgresql.service";
requires = lib.optional cfg.setupPostgresqlDB "postgresql.service";
restartTriggers = [ configFile ];
serviceConfig = {
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} server start";
Restart = "on-failure";
Group = "gotosocial";
User = "gotosocial";
StateDirectory = "gotosocial";
WorkingDirectory = "/var/lib/gotosocial";
# Security options:
# Based on https://github.com/superseriousbusiness/gotosocial/blob/v0.8.1/example/gotosocial.service
AmbientCapabilities = lib.optional (cfg.settings.port < 1024) "CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = true;
RestrictRealtime = true;
DevicePolicy = "closed";
ProtectSystem = "full";
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
LockPersonality = true;
};
};
};
}

121
pulse-secure/default.nix Normal file
View file

@ -0,0 +1,121 @@
{ lib
, stdenv
, buildFHSEnv
# Required for handling RPM package
, fetchurl
, rpmextract
# Runtime dependencies
, gcc
, openssl
, gtk4
, gtk3
, gtkmm3
, libsoup
, cairomm
, webkitgtk
, libbsd
, libuuid
, glib
, atkmm
, glibmm
, pangomm
, pango
, at-spi2-atk
, cairo
, libsigcxx
, gdk-pixbuf
, procps
, logger
}:
let
pname = "pulse-secure";
version = "22.3r1.0-b18209";
meta = with lib; {
description = "Ivanti Pulse-Secure VPN client";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
};
pulse-secure = stdenv.mkDerivation {
inherit pname version meta;
src = fetchurl {
#url = "https://dl.sva.de/pulsesecure/linux/ps-pulse-linux-${version}-64bit-installer.rpm";
url = "https://gml.noaa.gov/aftp/pub/cornwall/VPN%20Client/old/ps-pulse-linux-${version}-64bit-installer.rpm";
hash = "sha256-COKhB7+W1ridXF86O3309b5u1FgxukAfGYMf16Ie4Rs=";
};
unpackPhase = ''
${rpmextract}/bin/rpmextract $src
'';
installPhase = ''
runHook preInstall
mkdir -p $out
# executables
cp -rv ./opt/pulsesecure/bin $out/bin
# libs
cp -rv ./opt/pulsesecure/lib/dispatch/ $out/lib/
cp -rv ./opt/pulsesecure/lib/JUNS/ $out/lib/
cp -rv ./opt/pulsesecure/lib/dsOpenSSL/ $out/lib/
ls -la $out
ls -la $out/lib
# documentation
cp -rv ./usr/share/man $out/
# Desktop file
mkdir -p $out/share/applications
cp -v ./opt/pulsesecure/resource/pulse.desktop $out/share/applications/
cp -rv ./opt/pulsesecure/resource $out/
# DBUS
mkdir -p $out/share/dbus-1/system.d
cp ./opt/pulsesecure/lib/JUNS/net.psecure.pulse.conf $out/share/dbus-1/system.d/net.psecure.pulse.conf
runHook postInstall
'';
};
in
buildFHSEnv {
inherit meta;
name = pname;
targetPkgs = pkgs: [
pulse-secure
];
multiPkgs = pkgs: [
gcc
openssl
gtk3
gtkmm3
gtk4
libsoup
cairomm
webkitgtk
libbsd
libuuid
glib
atkmm
glibmm
pangomm
pango
at-spi2-atk
cairo
libsigcxx
gdk-pixbuf
];
runScript = "pulseUI";
}

40
pytapo/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib
, buildPythonPackage
, fetchPypi
# propagates
, pycryptodome
, requests
, urllib3
}:
buildPythonPackage rec {
pname = "pytapo";
version = "2.9.2";
format = "setuptools";
src = fetchPypi {
inherit pname version;
hash = "sha256-LW14uDQBqIVsigOzO0bNTpjY7Fk0IWAeDMPEuWM/nOo=";
};
propagatedBuildInputs = [
pycryptodome
requests
urllib3
];
pythonImportsCheck = [
"pytapo"
];
# Tests require actual hardware
doCheck = false;
meta = with lib; {
description = "Python library for communication with Tapo Cameras ";
homepage = "https://github.com/JurajNyiri/pytapo";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fleaz ];
};
}

9
test.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs ? import <nixpkgs> { overlays = [ (import ./default.nix) ]; } }:
pkgs.mkShell {
buildInputs = with pkgs; [
cpthook
hacompanion
pulse-secure
];
}