Merge branch 'main' of https://github.com/death916/nixconfig

2026-04-10 02:54:39 -07:00 · 2026-03-20 21:24:29 -07:00 · 2026-03-20 21:24:29 -07:00 · ee882c5c48
commit ee882c5c48
parent 0ff355928a 9576e4505b
10 changed files with 360 additions and 187 deletions
--- a/modules/containers/docker/piefed/piefed-docker.nix
+++ b/modules/containers/docker/piefed/piefed-docker.nix
@ -0,0 +1,204 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  piefedAppSrc = pkgs.fetchFromGitea {
+    domain = "codeberg.org";
+    owner = "rimu";
+    repo = "pyfedi";
+    rev = "v1.5.x"; # Replace with target release branch (e.g., v1.5.x or main)
+    hash = lib.fakeHash;
+  };
+
+  pythonEnv = pkgs.python3.withPackages (
+    ps: with ps; [
+      flask
+      gunicorn
+      celery
+      psycopg2
+      redis
+      requests
+      python-dotenv
+      authlib
+      beautifulsoup4
+      pillow
+      flask-migrate
+      flask-sqlalchemy
+    ]
+  );
+
+  piefedImage = pkgs.dockerTools.buildLayeredImage {
+    name = "piefed";
+    tag = "nix-latest";
+    contents = [
+      pythonEnv
+      pkgs.bash
+      pkgs.coreutils
+      pkgs.findutils
+      pkgs.curl
+    ];
+
+    extraCommands = ''
+      mkdir -p app
+      cp -r ${piefedAppSrc}/* app/
+      chmod -R +w app/ # Ensure app directory is writable for setup scripts
+    '';
+
+    config = {
+      Cmd = [
+        "${pythonEnv}/bin/gunicorn"
+        "-w"
+        "4"
+        "-b"
+        "0.0.0.0:5000"
+        "pyfedi:app"
+      ];
+      WorkingDir = "/app";
+      Env = [
+        "FLASK_APP=pyfedi.py"
+        "PYTHONUNBUFFERED=1"
+      ];
+    };
+  };
+
+in
+{
+  virtualisation.oci-containers.backend = "docker";
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/piefed 0755 root root -"
+    "d /var/lib/piefed/pgdata 0700 root root -"
+    "d /var/lib/piefed/redis 0700 root root -"
+    "d /var/lib/piefed/media 0755 root root -"
+    "d /var/lib/piefed/logs 0755 root root -"
+    "d /var/lib/piefed/tmp 0755 root root -"
+  ];
+
+  systemd.services.docker-network-piefed = {
+    description = "Create Docker Network for PieFed";
+    after = [
+      "network.target"
+      "docker.service"
+    ];
+    requires = [ "docker.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      ${pkgs.docker}/bin/docker network inspect piefed-net >/dev/null 2>&1 || \
+      ${pkgs.docker}/bin/docker network create piefed-net
+    '';
+  };
+
+  virtualisation.oci-containers.containers = {
+
+    piefed-db = {
+      image = "postgres:15-alpine";
+      environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE
+      volumes = [ "/var/lib/piefed/pgdata:/var/lib/postgresql/data" ];
+      extraOptions = [ "--network=piefed-net" ];
+    };
+
+    piefed-redis = {
+      image = "redis:7-alpine";
+      volumes = [ "/var/lib/piefed/redis:/data" ];
+      extraOptions = [ "--network=piefed-net" ];
+    };
+
+    piefed-web = {
+      image = "piefed:nix-latest";
+      imageFile = piefedImage; # Nix auto-loads the tarball into Docker!
+      ports = [ "8030:5000" ];
+      environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE
+      volumes = [
+        "/var/lib/piefed/media:/app/media"
+        "/var/lib/piefed/logs:/app/logs"
+        "/var/lib/piefed/tmp:/app/tmp"
+      ];
+      dependsOn = [
+        "piefed-db"
+        "piefed-redis"
+      ];
+      extraOptions = [ "--network=piefed-net" ];
+    };
+
+    piefed-worker = {
+      image = "piefed:nix-latest";
+      cmd = [
+        "${pythonEnv}/bin/celery"
+        "-A"
+        "pyfedi.celery"
+        "worker"
+        "-l"
+        "info"
+      ];
+      environmentFiles = [ "/var/lib/piefed/.env.docker" ];
+      volumes = [
+        "/var/lib/piefed/media:/app/media"
+        "/var/lib/piefed/logs:/app/logs"
+        "/var/lib/piefed/tmp:/app/tmp"
+      ];
+      dependsOn = [
+        "piefed-db"
+        "piefed-redis"
+      ];
+      extraOptions = [ "--network=piefed-net" ];
+    };
+  };
+
+  systemd.services."docker-piefed-db".requires = [ "docker-network-piefed.service" ];
+  systemd.services."docker-piefed-redis".requires = [ "docker-network-piefed.service" ];
+  systemd.services."docker-piefed-web".requires = [ "docker-network-piefed.service" ];
+  systemd.services."docker-piefed-worker".requires = [ "docker-network-piefed.service" ];
+
+  systemd.services.piefed-daily = {
+    script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./daily.sh'";
+    serviceConfig.Type = "oneshot";
+  };
+  systemd.timers.piefed-daily = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 02:05:00";
+      Persistent = true;
+    };
+  };
+
+  systemd.services.piefed-orphan-files = {
+    script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./remove_orphan_files.sh'";
+    serviceConfig.Type = "oneshot";
+  };
+  systemd.timers.piefed-orphan-files = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "Mon *-*-* 04:05:00";
+      Persistent = true;
+    };
+  };
+
+  systemd.services.piefed-email-notifs = {
+    script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./email_notifs.sh'";
+    serviceConfig.Type = "oneshot";
+  };
+  systemd.timers.piefed-email-notifs = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 00/6:01:00";
+      Persistent = true;
+    };
+  };
+
+  systemd.services.piefed-send-queue = {
+    script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./send_queue.sh'";
+    serviceConfig.Type = "oneshot";
+  };
+  systemd.timers.piefed-send-queue = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*:0/5";
+      Persistent = true;
+    };
+  };
+}
--- a/modules/home-manager/common.nix
+++ b/modules/home-manager/common.nix
@ -34,20 +34,53 @@
        soft-wrap = {
          enable = true;
        };
+        lsp = {
+          display-inlay-hints = true;
+        };
      };
    };
-    languages.language = [
-      {
-        name = "nix";
-        auto-format = true;
-        formatter.command = lib.getExe pkgs.nixfmt-rfc-style;
-      }
-      {
-        name = "python";
-        language-servers = [ "pylsp" ];
-        auto-format = true;
-      }
-    ];
+    languages = {
+      language-server = {
+        rust-analyzer = {
+          config = {
+            inlayHints = {
+              # bindingModeHints = { enable = true; };
+              # chainingHints = { enable = true; };
+              closingBraceHints = {
+                enable = true;
+              };
+              closureReturnTypeHints = {
+                enable = true;
+              };
+              lifetimeElisionHints = {
+                enable = true;
+              };
+              parameterHints = {
+                enable = true;
+              };
+              # reborrowHints = { enable = true; };
+            };
+          };
+        };
+      };
+      language = [
+        {
+          name = "nix";
+          auto-format = true;
+          formatter.command = lib.getExe pkgs.nixfmt-rfc-style;
+        }
+        {
+          name = "python";
+          language-servers = [ "pylsp" ];
+          auto-format = true;
+        }
+        {
+          name = "rust";
+          language-servers = [ "rust-analyzer" ];
+          auto-format = true;
+        }
+      ];
+    };
    themes = {
      autumn_night_transparent = {
        "inherits" = "autumn_night";
--- a/modules/nixos/desktop/desktop.nix
+++ b/modules/nixos/desktop/desktop.nix
@ -72,6 +72,7 @@
    nil
    nixfmt
    nixd
+    pkgs.heroic  # Using stable to avoid electron-unwrapped-39 build failure in unstable
  ];

  services.snapper.configs.nix = {
@ -118,7 +119,7 @@
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 7d --keep 10";
-    flake = "/home/death916/Documents/nix-config/";
+    flake = "/home/death916/Documents/nixconfig";
  };
  services.fprintd.enable = false;
  programs.direnv.enable = true;