starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-18 23:19:46 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: update nixpkgs-patched & nixpaks-common

Browse Source
This commit is contained in:
Ryan Yin
2025-11-01 20:01:22 +08:00
parent 2f47f7dc76
commit 0c2dcc0734
4 changed files with 153 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Justfile
View File

@@ -100,7 +100,7 @@ repair-store *paths:
# Update all Nixpkgs inputs # Update all Nixpkgs inputs
[group('nix')] [group('nix')]
up-nix: up-nix:
nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-ollama nix flake update nixpkgs nixpkgs-stable nixpkgs-unstable nixpkgs-darwin nixpkgs-patched
############################################################################ ############################################################################
# #

2
flake.nix
View File

@@ -39,8 +39,6 @@
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-ollama.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched"; nixpkgs-patched.url = "github:ryan4yin/nixpkgs/nixos-unstable-patched";
# for macos # for macos

306
hardening/nixpaks/modules/common.nix
View File

@@ -1,191 +1,183 @@
# https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix # https://github.com/mnixry/nixos-config/blob/74913c2b90d06e31170bbbaa0074f915721da224/desktop/packages/nixpaks-common.nix
# https://github.com/Kraftland/portable/blob/09c4a4227538a3f42de208a6ecbdc938ac9c00dd/portable.sh
{ {
lib, lib,
pkgs,
sloth, sloth,
config, config,
... ...
}: }:
let
inherit (config.flatpak) appId;
in
{ {
config = { config = {
dbus = dbus = {
let # `--see`: The bus name can be enumerated by the application.
inherit (config.flatpak) appId; # `--talk`: The application can send messages to, and receive replies and signals from, the bus name.
in # `--own`: The application can own the bus name
{ policies = {
# same usage as --see, --talk, --own "${appId}" = "own";
policies = { "${appId}.*" = "own";
"${appId}" = "own"; "org.freedesktop.DBus" = "talk";
"${appId}.*" = "own"; "ca.desrt.dconf" = "talk";
"org.freedesktop.DBus" = "talk"; "org.freedesktop.appearance" = "talk";
"ca.desrt.dconf" = "talk"; "org.freedesktop.appearance.*" = "talk";
"org.gtk.vfs" = "talk"; }
"org.gtk.vfs.*" = "talk"; // (builtins.listToAttrs (
"org.freedesktop.appearance" = "talk"; map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") (
"org.freedesktop.appearance.*" = "talk"; lib.lists.range 2 29
} )
// (builtins.listToAttrs ( ))
map (id: lib.nameValuePair "org.kde.StatusNotifierItem-${toString id}-1" "own") ( // {
lib.lists.range 2 11 # --- MPRIS Media Control ---
) # Allows the app to register as a media player. These are derived from the appID.
)) "org.mpris.MediaPlayer2.${appId}" = "own";
// { "org.mpris.MediaPlayer2.${appId}.*" = "own";
# --- MPRIS Media Control --- "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
# Allows the app to register as a media player. These are derived from the appID. "org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
"org.mpris.MediaPlayer2.${appId}" = "own";
"org.mpris.MediaPlayer2.${appId}.*" = "own";
"org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}" = "own";
"org.mpris.MediaPlayer2.${lib.lists.last (lib.strings.splitString "." appId)}.*" = "own";
# Conditionally allows a custom, friendlier MPRIS name if 'mprisName' is set.
# "org.mpris.MediaPlayer2.${mprisName}" = "own";
# "org.mpris.MediaPlayer2.${mprisName}.*" = "own";
# --- General Desktop Integration --- # --- General Desktop Integration ---
"com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu "com.canonical.AppMenu.Registrar" = "talk"; # For Ubuntu AppMenu
"org.freedesktop.FileManager1" = "talk"; "org.freedesktop.FileManager1" = "talk";
"org.freedesktop.Notifications" = "talk"; "org.freedesktop.Notifications" = "talk";
"org.kde.StatusNotifierWatcher" = "talk";
# --- Accessibility (a11y) --- # --- Accessibility (a11y) 无障碍服务 ---
"org.a11y.Bus" = "see"; "org.a11y.Bus" = "see";
# --- Portal Access --- # --- Portal Access ---
# "org.freedesktop.portal.*" = "talk"; # "org.freedesktop.portal.*" = "talk";
"org.freedesktop.portal.Documents" = "talk"; "org.freedesktop.portal.Documents" = "talk";
"org.freedesktop.portal.FileTransfer" = "talk"; "org.freedesktop.portal.FileTransfer" = "talk";
"org.freedesktop.portal.FileTransfer.*" = "talk"; "org.freedesktop.portal.FileTransfer.*" = "talk";
"org.freedesktop.portal.Notification" = "talk"; "org.freedesktop.portal.Notification" = "talk";
"org.freedesktop.portal.OpenURI" = "talk"; "org.freedesktop.portal.OpenURI" = "talk";
"org.freedesktop.portal.OpenURI.OpenFile" = "talk"; "org.freedesktop.portal.OpenURI.OpenFile" = "talk";
"org.freedesktop.portal.OpenURI.OpenURI" = "talk"; "org.freedesktop.portal.OpenURI.OpenURI" = "talk";
"org.freedesktop.portal.Print" = "talk"; "org.freedesktop.portal.Print" = "talk";
"org.freedesktop.portal.Request" = "see"; "org.freedesktop.portal.Request" = "see";
# --- Input Method Portals --- # --- Input Method Portals ---
"org.freedesktop.portal.Fcitx" = "talk"; "org.freedesktop.portal.Fcitx" = "talk";
"org.freedesktop.portal.Fcitx.*" = "talk"; "org.freedesktop.portal.Fcitx.*" = "talk";
"org.freedesktop.portal.IBus" = "talk"; "org.freedesktop.portal.IBus" = "talk";
"org.freedesktop.portal.IBus.*" = "talk"; "org.freedesktop.portal.IBus.*" = "talk";
}; };
rules = { # '--call' rules permit specific method calls on D-Bus interfaces.
# 'call' rules permit specific method calls on D-Bus interfaces. rules.call = {
call = { # --- Accessibility (a11y) 无障碍服务 ---
# --- Accessibility --- "org.a11y.Bus" = [
"org.a11y.Bus" = [ "org.a11y.Bus.GetAddress@/org/a11y/bus"
"org.a11y.Bus.GetAddress@/org/a11y/bus" "org.freedesktop.DBus.Properties.Get@/org/a11y/bus"
"org.freedesktop.DBus.Properties.Get@/org/a11y/bus" ];
];
# --- General Portal Rules --- # --- General Portal Rules ---
"org.freedesktop.FileManager1" = [ "*" ]; "org.freedesktop.FileManager1" = [ "*" ];
"org.freedesktop.Notifications.*" = [ "*" ]; "org.freedesktop.Notifications.*" = [ "*" ];
"org.freedesktop.portal.Documents" = [ "*" ]; "org.freedesktop.portal.Documents" = [ "*" ];
"org.freedesktop.portal.FileTransfer" = [ "*" ]; "org.freedesktop.portal.FileTransfer" = [ "*" ];
"org.freedesktop.portal.FileTransfer.*" = [ "*" ]; "org.freedesktop.portal.FileTransfer.*" = [ "*" ];
"org.freedesktop.portal.Fcitx" = [ "*" ]; "org.freedesktop.portal.Fcitx" = [ "*" ];
"org.freedesktop.portal.Fcitx.*" = [ "*" ]; "org.freedesktop.portal.Fcitx.*" = [ "*" ];
"org.freedesktop.portal.IBus" = [ "*" ]; "org.freedesktop.portal.IBus" = [ "*" ];
"org.freedesktop.portal.IBus.*" = [ "*" ]; "org.freedesktop.portal.IBus.*" = [ "*" ];
"org.freedesktop.portal.Notification" = [ "*" ]; "org.freedesktop.portal.Notification" = [ "*" ];
"org.freedesktop.portal.OpenURI" = [ "*" ]; "org.freedesktop.portal.OpenURI" = [ "*" ];
"org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ]; "org.freedesktop.portal.OpenURI.OpenFile" = [ "*" ];
"org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ]; "org.freedesktop.portal.OpenURI.OpenURI" = [ "*" ];
"org.freedesktop.portal.Print" = [ "*" ]; "org.freedesktop.portal.Print" = [ "*" ];
"org.freedesktop.portal.Request" = [ "*" ]; "org.freedesktop.portal.Request" = [ "*" ];
# --- Main Desktop Portal Interface --- # --- Main Desktop Portal Interface ---
# A comprehensive list of permissions for interacting with the desktop environment. # A comprehensive list of permissions for interacting with the desktop environment.
"org.freedesktop.portal.Desktop" = [ "org.freedesktop.portal.Desktop" = [
# Device Access # Properties & Settings
"org.freedesktop.portal.Camera" "org.freedesktop.DBus.Properties.GetAll"
"org.freedesktop.portal.Camera.*" "org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop"
"org.freedesktop.portal.Usb" "org.freedesktop.portal.Session.Close"
"org.freedesktop.portal.Usb.*" "org.freedesktop.portal.Settings.ReadAll"
"org.freedesktop.portal.Settings.Read"
"org.freedesktop.portal.Account.GetUserInformation"
# File Chooser & Documents # Network & Proxy
"org.freedesktop.portal.Documents" "org.freedesktop.portal.NetworkMonitor"
"org.freedesktop.portal.Documents.*" "org.freedesktop.portal.NetworkMonitor.*"
"org.freedesktop.portal.FileChooser" "org.freedesktop.portal.ProxyResolver.Lookup"
"org.freedesktop.portal.FileChooser.*" "org.freedesktop.portal.ProxyResolver.Lookup.*"
"org.freedesktop.portal.FileTransfer"
"org.freedesktop.portal.FileTransfer.*"
# Input Methods # Screenshot / Screen Capture & Sharing
"org.freedesktop.portal.Fcitx" "org.freedesktop.portal.ScreenCast"
"org.freedesktop.portal.Fcitx.*" "org.freedesktop.portal.ScreenCast.*"
"org.freedesktop.portal.IBus" "org.freedesktop.portal.Screenshot"
"org.freedesktop.portal.IBus.*" "org.freedesktop.portal.Screenshot.Screenshot"
# Notifications & Printing # Device Access(Camera / USB)
"org.freedesktop.portal.Notification" "org.freedesktop.portal.Camera"
"org.freedesktop.portal.Notification.*" "org.freedesktop.portal.Camera.*"
"org.freedesktop.portal.Print" "org.freedesktop.portal.Usb"
"org.freedesktop.portal.Print.*" "org.freedesktop.portal.Usb.*"
# Open/Launch Handlers # Remote Desktop
"org.freedesktop.portal.Email.ComposeEmail" "org.freedesktop.portal.RemoteDesktop"
"org.freedesktop.portal.OpenURI" "org.freedesktop.portal.RemoteDesktop.*"
"org.freedesktop.portal.OpenURI.*"
# Properties & Session Management # File Operations
"org.freedesktop.DBus.Properties.GetAll" "org.freedesktop.portal.Documents"
"org.freedesktop.DBus.Properties.Get@/org/freedesktop/portal/desktop" "org.freedesktop.portal.Documents.*"
"org.freedesktop.portal.Session.Close" "org.freedesktop.portal.FileChooser"
"org.freedesktop.portal.FileChooser.*"
"org.freedesktop.portal.FileTransfer"
"org.freedesktop.portal.FileTransfer.*"
# Screen Capture & Sharing # Notifications & Printing
"org.freedesktop.portal.RemoteDesktop" "org.freedesktop.portal.Notification"
"org.freedesktop.portal.RemoteDesktop.*" "org.freedesktop.portal.Notification.*"
"org.freedesktop.portal.ScreenCast" "org.freedesktop.portal.Print"
"org.freedesktop.portal.ScreenCast.*" "org.freedesktop.portal.Print.*"
"org.freedesktop.portal.Screenshot"
"org.freedesktop.portal.Screenshot.Screenshot"
# Secrets (Keyring) # Open/Launch Handlers
"org.freedesktop.portal.Secret" "org.freedesktop.portal.OpenURI"
"org.freedesktop.portal.Secret.RetrieveSecret" "org.freedesktop.portal.OpenURI.*"
"org.freedesktop.portal.Email.ComposeEmail"
# Settings # Input Methods
"org.freedesktop.portal.Settings.Read" "org.freedesktop.portal.Fcitx"
"org.freedesktop.portal.Settings.ReadAll" "org.freedesktop.portal.Fcitx.*"
"org.freedesktop.portal.IBus"
"org.freedesktop.portal.IBus.*"
# System Information # Secrets (Keyring)
"org.freedesktop.portal.Account.GetUserInformation" "org.freedesktop.portal.Secret"
"org.freedesktop.portal.NetworkMonitor" "org.freedesktop.portal.Secret.RetrieveSecret"
"org.freedesktop.portal.NetworkMonitor.*"
"org.freedesktop.portal.ProxyResolver.Lookup"
"org.freedesktop.portal.ProxyResolver.Lookup.*"
# Generic Request Fallback # Get/Update GlobalShortcuts
"org.freedesktop.portal.Request" # "org.freedesktop.portal.GlobalShortcuts"
# "org.freedesktop.portal.GlobalShortcuts.*"
# --- Conditional Portal Rules --- # -- get the user's location
# These would be enabled based on config flags in a real implementation. # "org.freedesktop.portal.Location"
# "org.freedesktop.portal.Location.*"
# Enabled if 'allowGlobalShortcuts = true' # -- inhibit the user session from ending, suspending, idling or getting switched away.
"org.freedesktop.portal.GlobalShortcuts" "org.freedesktop.portal.Inhibit"
"org.freedesktop.portal.GlobalShortcuts.*" "org.freedesktop.portal.Inhibit.*"
# Enabled if 'allowInhibit = true' # Generic Request Fallback
"org.freedesktop.portal.Inhibit" "org.freedesktop.portal.Request"
"org.freedesktop.portal.Inhibit.*"
# Enabled if 'XDG_CURRENT_DESKTOP = "GNOME"'
"org.freedesktop.portal.Location"
"org.freedesktop.portal.Location.*"
];
};
# 'broadcast' rules permit receiving signals from D-Bus names.
broadcast = {
"org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
};
};
args = [
"--filter"
"--sloppy-names"
"--log"
]; ];
}; };
# 'broadcast' rules permit receiving signals from D-Bus names.
rules.broadcast = {
"org.freedesktop.portal.*" = [ "@/org/freedesktop/portal/*" ];
};
args = [
"--filter"
"--sloppy-names"
"--log"
];
};
etc.sslCertificates.enable = true; etc.sslCertificates.enable = true;
bubblewrap = { bubblewrap = {
network = lib.mkDefault true; network = lib.mkDefault true;

11
hosts/idols-ai/ai/ollama.nix
View File

@@ -1,19 +1,14 @@
{ {
pkgs, pkgs-patched,
nixpkgs-ollama,
... ...
}: }:
let let
pkgs-ollama = import nixpkgs-ollama {
inherit (pkgs) system;
# To use cuda, we need to allow the installation of non-free software
config.allowUnfree = true;
};
in in
{ {
services.ollama = rec { services.ollama = rec {
enable = true; enable = true;
package = pkgs-ollama.ollama; package = pkgs-patched.ollama;
acceleration = "cuda"; acceleration = "cuda";
host = "0.0.0.0"; host = "0.0.0.0";
port = 11434; port = 11434;