flake.lock

@@ -40,24 +40,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "flakey-profile": {
       "locked": {
         "lastModified": 1712898590,
@@ -110,7 +92,9 @@
     },
     "lix-module": {
       "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": [
+          "flake-utils"
+        ],
         "flakey-profile": "flakey-profile",
         "lix": "lix",
         "nixpkgs": [
@@ -225,24 +209,11 @@
         "type": "github"
       }
     },
-    "nix-filter_2": {
-      "locked": {
-        "lastModified": 1731533336,
-        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
-        "owner": "numtide",
-        "repo": "nix-filter",
-        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "nix-filter",
-        "type": "github"
-      }
-    },
     "nix-vscode-extensions": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": [
+          "flake-utils"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -295,10 +266,12 @@
     },
     "root": {
       "inputs": {
+        "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "lix-module": "lix-module",
         "naersk": "naersk",
         "niri": "niri",
+        "nix-filter": "nix-filter",
         "nix-vscode-extensions": "nix-vscode-extensions",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
@@ -329,7 +302,9 @@
         "naersk": [
           "naersk"
         ],
-        "nix-filter": "nix-filter",
+        "nix-filter": [
+          "nix-filter"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -353,7 +328,9 @@
         "naersk": [
           "naersk"
         ],
-        "nix-filter": "nix-filter_2",
+        "nix-filter": [
+          "nix-filter"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ]
@@ -387,21 +364,6 @@
         "type": "github"
       }
     },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "xwayland-satellite-stable": {
       "flake": false,
       "locked": {

flake.nix

@@ -13,6 +13,7 @@
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
       inputs = {
         nixpkgs.follows = "nixpkgs";
+        flake-utils.follows = "flake-utils";
       };
     };
 
@@ -37,6 +38,7 @@
       inputs = {
         nixpkgs.follows = "nixpkgs";
         naersk.follows = "naersk";
+        nix-filter.follows = "nix-filter";
       };
     };
 
@@ -45,6 +47,7 @@
       inputs = {
         nixpkgs.follows = "nixpkgs";
         naersk.follows = "naersk";
+        nix-filter.follows = "nix-filter";
       };
     };
 
@@ -52,8 +55,13 @@
       url = "github:nix-community/nix-vscode-extensions";
       inputs = {
         nixpkgs.follows = "nixpkgs";
+        flake-utils.follows = "flake-utils";
       };
     };
+
+    # this is used to pin transitive dependencies to the same version
+    flake-utils.url = "github:numtide/flake-utils";
+    nix-filter.url = "github:numtide/nix-filter";
   };
 
   outputs =
@@ -96,7 +104,8 @@
         in
         nixpkgs.lib.nixosSystem {
           inherit system specialArgs;
-          modules = [
+          modules =
+            [
               lix-module.nixosModules.default
 
               { networking.hostName = device; }

home/vinzenz/default.nix

@@ -30,7 +30,7 @@
       ./fuzzel.nix
       ./git.nix
       ./gnome.nix
-      #./niri.nix
+      ./niri.nix
       ./ssh.nix
       ./swaylock.nix
       ./vscode.nix

home/vinzenz/niri.nix

@@ -1,5 +1,7 @@
 {
   pkgs,
+  lib,
+  devices,
   config,
   ...
 }:

hosts/hetzner-vpn2/nginx.nix

@@ -1,8 +1,4 @@
-{ inputs, pkgs, ... }:
+{ pkgs, inputs, ... }:
-let
-  blog-domain-socket = "/run/nginx/blog.sock";
-  anubis-domain-socket = "/run/anubis/anubis-blog.sock";
-in
 {
   security.acme = {
     acceptTerms = true;
@@ -10,16 +6,8 @@ in
   };
 
   security.pam.services.nginx.setEnvironment = false;
-  systemd.services = {
+  systemd.services.nginx.serviceConfig = {
-    nginx.serviceConfig = {
+    SupplementaryGroups = [ "shadow" ];
-      SupplementaryGroups = [
-        "shadow"
-        "anubis"
-      ];
-    };
-    anubis-main.serviceConfig = {
-      SupplementaryGroups = [ "nginx" ];
-    };
   };
 
   services.nginx = {
@@ -70,27 +58,7 @@ in
         "zerforschen.plus" = {
           addSSL = true;
           enableACME = true;
-          locations."/" = {
-            proxyPass = ("http://unix:" + anubis-domain-socket);
-          };
-        };
-
-        "vinzenz-lpt2-in-anubis" = {
           root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
-          listen = [
-            {
-              addr = ("unix:" + blog-domain-socket);
-            }
-          ];
-        };
-      };
-
-    anubis = {
-      instances.main = {
-        enable = true;
-        settings = {
-          BIND = anubis-domain-socket;
-          TARGET = "unix://" + blog-domain-socket;
         };
       };
   };
@@ -99,5 +67,4 @@ in
     80
     443
   ];
-  };
 }

hosts/vinzenz-lpt2/imports.nix

@@ -4,7 +4,7 @@
     ../../modules/gaming.nix
     ../../modules/printing.nix
     ../../modules/podman.nix
-    #../../modules/niri.nix
+    ../../modules/niri.nix
     ../../modules/desktop-environment.nix
     ../../modules/desktop-hardware.nix
 

hosts/vinzenz-lpt2/nginx.nix

@@ -1,15 +1,5 @@
-{ inputs, pkgs, ... }:
+_: {
-let
+  services.nginx = {
-  blog-domain-socket = "/run/nginx/blog.sock";
-  anubis-domain-socket = "/run/anubis/anubis-blog.sock";
-in
-{
-  users.groups = {
-    anubis.members = [ "nginx" ];
-    nginx.members = [ "anubis" ];
-  };
-  services = {
-    nginx = {
     enable = true;
 
     recommendedProxySettings = true;
@@ -18,49 +8,23 @@ in
     recommendedOptimisation = true;
 
     virtualHosts = {
-        #"vinzenz-lpt2" = {
-        #  locations."/" = {
-        #    proxyPass = "http://127.0.0.1:3000/";
-        #    proxyWebsockets = true;
-        #  };
-        #
-        #  serverAliases = [ "172.23.42.96" ];
-        #};
-
       "vinzenz-lpt2" = {
         locations."/" = {
-            proxyPass = ("http://unix:" + anubis-domain-socket);
+          proxyPass = "http://127.0.0.1:3000/";
+          proxyWebsockets = true;
+        };
+
+        serverAliases = [ "172.23.42.96" ];
+      };
     };
   };
 
-        "vinzenz-lpt2-in-anubis" = {
+  networking.firewall = {
-          root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
+    allowedTCPPorts = [
-          listen = [
+      80
-            {
+      8001
-              addr = ("unix:" + blog-domain-socket);
+      3000
-            }
     ];
-        };
+    allowedUDPPorts = [ 2342 ];
-      };
-    };
-
-    #networking.firewall = {
-    #  allowedTCPPorts = [
-    #    80
-    #    8001
-    #    3000
-    #  ];
-    #  allowedUDPPorts = [ 2342 ];
-    #};
-
-    anubis = {
-      instances.main = {
-        enable = true;
-        settings = {
-          BIND = anubis-domain-socket;
-          TARGET = "unix://" + blog-domain-socket;
-        };
-      };
-    };
   };
 }