sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:3c29f101ab848b82c5bd5ca7721cb1c2cba1ed9a
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
...
compare: sorceress:518c89795b3a0522994945bf21f2bb694c1ce752
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

5 Commits
3c29f101ab ... 518c89795b

Author SHA1 Message Date
Agatha Lovelace 518c89795b
Nix-darwin + Lix init 2024-09-05 19:55:42 +02:00
Agatha Lovelace 3ede14dc65
Init Watchtower 2024-09-05 19:31:28 +02:00
Agatha Lovelace 1a94f63496
The Mastodon Update Torment Nexus 2024-09-05 19:31:27 +02:00
Agatha Lovelace 63ec6c841c
Deploy Hedgedoc 2024-09-05 19:31:27 +02:00
Agatha Lovelace a1c618448b
NixOS 24.05 2024-09-05 19:31:27 +02:00
21 changed files with 618 additions and 227 deletions
Show Stats Expand all files Collapse all files

55
common/default.nix
View File

@ -1,39 +1,28 @@
{ pkgs, ... }: { { pkgs, ... }:
imports = [ ./users ]; {
## Optimizations ## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Link identical files # Link identical files
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Garbage collection # Garbage collection
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
## Other ## Other
# Flakes # Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Enable fish (needed for nix completions) # Enable fish (needed for nix completions)
programs.fish.enable = true; programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Packages used on all systems # Packages used on all systems
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ccase ccase
@ -52,38 +41,6 @@
xclip xclip
]; ];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
# 🥺 # 🥺
# security.please.enable = true; # security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
} }

2
common/fragments/graphical/mail.nix
View File

@ -9,5 +9,5 @@
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ];
}; };
users.users.agatha.packages = [ pkgs.unstable.protonmail-bridge-gui ]; users.users.agatha.packages = [ pkgs.protonmail-bridge-gui ];
} }

11
common/fragments/hedgedoc.nix Normal file
View File

@ -0,0 +1,11 @@
{
services.hedgedoc = {
enable = true;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
allowEmailRegister = false;
};
};
}

55
common/fragments/home-assistant.nix Normal file
View File

@ -0,0 +1,55 @@
{
networking.firewall.allowedTCPPorts = [
8123
1883
1884
];
networking.firewall.allowedTCPPortRanges = [
{
from = 21063;
to = 21070;
}
];
networking.firewall.allowedUDPPorts = [
53
67
5353
];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [ "--network=host" ];
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}
];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
# TODO: Replace placeholder password after switching to sops-nix
PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
}

10
common/fragments/sponsorblock.nix Normal file
View File

@ -0,0 +1,10 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

2
common/fragments/yubikey.nix
View File

@ -4,7 +4,7 @@
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "gnome3"; pinentryPackage = pkgs.pinentry-gnome3;
enableExtraSocket = true; enableExtraSocket = true;
}; };

5
common/home_manager/common.nix
View File

@ -4,8 +4,9 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.users.agatha = { home-manager.users.agatha = {
home.username = "agatha"; home.username = "agatha";
home.homeDirectory = "/home/agatha"; home.homeDirectory = lib.mkDefault "/home/agatha";
home.stateVersion = config.system.stateVersion; # Fallback for nix-darwin
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "24.05";
home.packages = with pkgs; [ home.packages = with pkgs; [
bat bat
btop btop

2
common/home_manager/helix.nix
View File

@ -4,7 +4,7 @@
home-manager.users.agatha = { home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses # Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt ]; home.packages = with pkgs; [ nixfmt-rfc-style ];
programs = { programs = {
helix = { helix = {

53
common/linux-specific.nix Normal file
View File

@ -0,0 +1,53 @@
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
}

18
common/pkgs/mastodon/source.nix
View File

@ -1,5 +1,6 @@
# This file was generated by pkgs.mastodon.updateScript. # This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [ ] }: { lib, fetchFromGitHub, applyPatches, postPatch ? "", patches ? [ ], gawk
, gnused, yarn-berry }:
let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef"; let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef";
in (applyPatches { in (applyPatches {
src = fetchFromGitHub { src = fetchFromGitHub {
@ -8,8 +9,19 @@ in (applyPatches {
rev = "${version}"; rev = "${version}";
sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4="; sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4=";
}; };
patches = patches ++ [ ./yarn-typescript.patch ]; inherit patches;
nativeBuildInputs = [ gawk gnused ];
postPatch = postPatch
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
# this is for yarn starting with 4.1.0 because fuck everything amirite
# see also https://github.com/yarnpkg/berry/pull/6083
echo "patching cachekey in yarn.lock"
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
'';
}) // { }) // {
inherit version; inherit version;
yarnHash = "sha256-qE1TBqa3BSEu1MC3Qw/k3h7QEicWd3AwJdA+U1v8924="; yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
} }

13
common/pkgs/mastodon/update.sh
View File

@ -66,7 +66,7 @@ trap cleanup EXIT
echo "Fetching source code $REVISION" echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out) JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .hash) HASH=$(echo "$JSON" | jq -r .sha256)
cat > source.nix << EOF cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript. # This file was generated by pkgs.mastodon.updateScript.
@ -80,7 +80,7 @@ in
owner = "$OWNER"; owner = "$OWNER";
repo = "$REPO"; repo = "$REPO";
rev = "\${version}"; rev = "\${version}";
hash = "$HASH"; sha256 = "$HASH";
}; };
patches = patches ++ [$PATCHES]; patches = patches ++ [$PATCHES];
}) // { }) // {
@ -94,7 +94,8 @@ echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile" bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
echo "Creating yarn-hash.nix" # echo "Creating yarn-hash.nix"
YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")" # YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")" # YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix # sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

15
common/pkgs/mastodon/yarn-typescript.patch
View File

@ -1,15 +0,0 @@
--- a/yarn.lock
+++ b/yarn.lock
@@ -16483,11 +16483,11 @@
"typescript@patch:typescript@npm%3A5#optional!builtin<compat/typescript>, typescript@patch:typescript@npm%3A^5.0.4#optional!builtin<compat/typescript>":
version: 5.3.3
- resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=e012d7"
+ resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=29ae49"
bin:
tsc: bin/tsc
tsserver: bin/tsserver
- checksum: 1d0a5f4ce496c42caa9a30e659c467c5686eae15d54b027ee7866744952547f1be1262f2d40de911618c242b510029d51d43ff605dba8fb740ec85ca2d3f9500
+ checksum: e22df47df9b2b2f2617b8bf511a29aea3d177f9f7a0756818230a76b01cbd7da988bf55f9463aaa1a4c1ff90b80f8dc5676460d4e9dfc010572cbba59b822b0c
languageName: node
linkType: hard

9
common/pkgs/mastodon/yarn.nix
View File

@ -20,7 +20,14 @@ stdenvNoCC.mkDerivation {
export YARN_COMPRESSION_LEVEL=0 export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)" cache="$(yarn config get cacheFolder)"
yarn install --immutable --mode skip-build if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/ cp -r $cache/* $out/
''; '';

9
common/users/default.nix
View File

@ -1,9 +1,14 @@
{ config, pkgs, ... }: { { config, pkgs, ... }:
{
users.users = { users.users = {
agatha = { agatha = {
isNormalUser = true; isNormalUser = true;
description = "Agatha Valentine Lovelace"; description = "Agatha Valentine Lovelace";
extraGroups = [ "networkmanager" "wheel" "docker" ]; extraGroups = [
"networkmanager"
"wheel"
"docker"
];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

173
flake.lock
View File

@ -153,6 +153,24 @@
} }
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -167,21 +185,18 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flakey-profile": {
"inputs": {
"systems": "systems_6"
},
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1712898590,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "numtide", "owner": "lf-",
"repo": "flake-utils", "repo": "flakey-profile",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "lf-",
"repo": "flake-utils", "repo": "flakey-profile",
"type": "github" "type": "github"
} }
}, },
@ -217,11 +232,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1714732742, "lastModified": 1725452565,
"narHash": "sha256-tvZiMfL0TEiZGe5lOAk0Qrmsigc5UNRDootbEGUV58o=", "narHash": "sha256-kxduxKvEBSEhoxYHQbMCbxHT0t14kRF4zT6ZmWaqH6M=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "7e13213e7430c95cbad210994cecbfadc52c0714", "rev": "41db5d735eae03be9a69b1136844dac642484ed8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,20 +252,55 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1714043624, "lastModified": 1720042825,
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lowdown-src": { "lowdown-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -292,7 +342,7 @@
"mms": { "mms": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nix": "nix", "nix": "nix",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -411,6 +461,26 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1725544312,
"narHash": "sha256-ETyDNLOF5YvFO2lVlKttXgdHTqSGdp9ZCRRCjv2gaoM=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "a55b3f1ab41bb6d5025ebeebb4da5fd240b9b3b3",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1696234590, "lastModified": 1696234590,
@ -425,6 +495,22 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-darwin": {
"locked": {
"lastModified": 1725140114,
"narHash": "sha256-tlRqsd84YFI7dL8Lz/Sm+M9Bm+Mh7kUs+5ArJbZsuy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4927f77b7a68615ce99678086cd3dcd0eda34fdd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-24.05-darwin",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": { "nixpkgs-regression": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1643052045,
@ -443,11 +529,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1714656196, "lastModified": 1725369773,
"narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", "narHash": "sha256-gT+rUDbw+TQuszQEzMUJWTW7QYtccZ5xxWmKOSrPvEw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", "rev": "8b4061fd60ccc3b3f44b73faa7c983eacf7a6f7b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,16 +588,16 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1714531828, "lastModified": 1725407940,
"narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"type": "indirect" "type": "indirect"
} }
}, },
@ -539,11 +625,13 @@
"frq-friend": "frq-friend", "frq-friend": "frq-friend",
"helix": "helix", "helix": "helix",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module",
"matrix-ril100": "matrix-ril100", "matrix-ril100": "matrix-ril100",
"mms": "mms", "mms": "mms",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"spicetify-nix": "spicetify-nix",
"url-eater": "url-eater", "url-eater": "url-eater",
"vampysite": "vampysite" "vampysite": "vampysite"
} }
@ -573,27 +661,6 @@
"type": "github" "type": "github"
} }
}, },
"spicetify-nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1704167711,
"narHash": "sha256-kFDq+kf/Di/P8bq5sUP8pVwRkrSVrABksBjMPmLic3s=",
"owner": "the-argus",
"repo": "spicetify-nix",
"rev": "1325416f951d6a82cfddb1289864ad782e2b87c4",
"type": "github"
},
"original": {
"owner": "the-argus",
"repo": "spicetify-nix",
"type": "github"
}
},
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1669735802, "lastModified": 1669735802,
@ -808,7 +875,7 @@
}, },
"utils_4": { "utils_4": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1687709756, "lastModified": 1687709756,
@ -866,11 +933,11 @@
"utils": "utils_6" "utils": "utils_6"
}, },
"locked": { "locked": {
"lastModified": 1704387018, "lastModified": 1717180338,
"narHash": "sha256-ng+S3lDHgAu0FApVV74omIkYOQft1Vgh2rHpYxnhV6A=", "narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress", "ref": "refs/heads/mistress",
"rev": "bd6a6777ad2faf3779caaeb359354dff047066a4", "rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 20, "revCount": 21,
"type": "git", "type": "git",
"url": "https://git.lain.faith/sorceress/vampysite" "url": "https://git.lain.faith/sorceress/vampysite"
}, },

213
flake.nix
View File

@ -1,15 +1,26 @@
{ {
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11"; nixpkgs.url = "nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite"; vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = { mms = {
url = "github:mkaito/nixos-modded-minecraft-servers"; url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -51,76 +62,108 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
}; };
outputs = { nixpkgs, nixpkgs-unstable, home-manager, mms, helix, url-eater outputs =
, colorpickle, matrix-ril100, frq-friend, colmena, vampysite, ccase, ... {
}: { nixpkgs,
colmena = let nixpkgs-unstable,
mkDesktop = hostname: { lix-module,
imports = [ home-manager,
./common nix-darwin,
./hosts/${hostname}/configuration.nix mms,
./common/options.nix helix,
(import "${home-manager}/nixos") url-eater,
url-eater.nixosModules.default colorpickle,
colorpickle.nixosModules.default matrix-ril100,
]; frq-friend,
colmena,
vampysite,
ccase,
...
}:
let
overlays = system: config: [
(final: prev: {
helix =
let
helix-pkgs = helix.packages.${final.system};
in
helix-pkgs.helix.passthru.wrapper (
helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
}
);
colorpickle = colorpickle.packages.${final.system}.default;
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
deployment = { # Unstable packages
targetUser = "root"; unstable = import nixpkgs-unstable { inherit system config; };
targetHost = hostname; })
colmena.overlay
];
mkDesktop = hostname: {
imports = [
./common
./common/linux-specific.nix
./hosts/${hostname}/configuration.nix
./common/options.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos")
url-eater.nixosModules.default
colorpickle.nixosModules.default
];
tags = [ "home" ]; deployment = {
targetUser = "root";
targetHost = hostname;
allowLocalDeployment = true; tags = [ "home" ];
keys = { allowLocalDeployment = true;
"restic-password" = {
keyCommand = [ "cat" "./secrets/restic-password" ]; keys = {
destDir = "/var/lib/secrets/"; "restic-password" = {
}; keyCommand = [
"restic-env" = { "cat"
keyCommand = [ "cat" "./secrets/restic-env" ]; "./secrets/restic-password"
destDir = "/var/lib/secrets/"; ];
}; destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [
"cat"
"./secrets/restic-env"
];
destDir = "/var/lib/secrets/";
}; };
}; };
}; };
in { };
in
{
colmena = {
network = { network = {
description = "Agatha's Nix Infra"; description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs rec { nixpkgs = import nixpkgs rec {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ overlays = overlays system config;
(final: prev: {
helix = let helix-pkgs = helix.packages.${final.system};
in helix-pkgs.helix.passthru.wrapper
(helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
});
colorpickle = colorpickle.packages.${final.system}.default;
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
];
}; };
}; };
bloodletting = { bloodletting = {
imports = [ imports = [
./common ./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix ./hosts/bloodletting/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
mms.module mms.module
]; ];
@ -133,23 +176,38 @@
keys = { keys = {
"nyandroid-token" = { "nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ]; keyCommand = [
"cat"
"./secrets/nyandroid-token"
];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"hurricane-tokens" = { "hurricane-tokens" = {
keyCommand = [ "cat" "./secrets/hurricane-tokens" ]; keyCommand = [
"cat"
"./secrets/hurricane-tokens"
];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"mc-status-bot-env" = { "mc-status-bot-env" = {
keyCommand = [ "cat" "./secrets/mc-status-bot-env" ]; keyCommand = [
"cat"
"./secrets/mc-status-bot-env"
];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
"fedi-data.toml" = { "fedi-data.toml" = {
keyCommand = [ "cat" "./secrets/frq-friend-fedi-data.toml" ]; keyCommand = [
"cat"
"./secrets/frq-friend-fedi-data.toml"
];
destDir = "/var/lib/frq-friend"; destDir = "/var/lib/frq-friend";
}; };
"ril100-bot-secrets" = { "ril100-bot-secrets" = {
keyCommand = [ "cat" "./secrets/ril100-bot-secrets" ]; keyCommand = [
"cat"
"./secrets/ril100-bot-secrets"
];
destDir = "/var/lib/matrix-ril100"; destDir = "/var/lib/matrix-ril100";
name = ".env"; name = ".env";
}; };
@ -157,17 +215,48 @@
}; };
}; };
watchtower = {
imports = [
./common
./common/linux-specific.nix
./hosts/watchtower/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos")
];
deployment = {
targetUser = "root";
targetHost = "watchtower";
tags = [ "prod" ];
};
};
ritual = mkDesktop "ritual"; ritual = mkDesktop "ritual";
tears = mkDesktop "tears"; tears = mkDesktop "tears";
}; };
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
modules = [
./common
./hosts/Agathas-Mac-mini/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nix-darwin")
(
{ config, ... }:
{
nixpkgs.overlays = overlays nixpkgs.system config;
}
)
];
};
devShells."x86_64-linux".default = devShells."x86_64-linux".default =
let pkgs = import nixpkgs { system = "x86_64-linux"; }; let
in pkgs.mkShell { pkgs = import nixpkgs { system = "x86_64-linux"; };
in
pkgs.mkShell {
buildInputs = [ buildInputs = [
(pkgs.writeShellScriptBin "colmena" '' (pkgs.writeShellScriptBin "colmena" ''
${ ${colmena.defaultPackage.${pkgs.system}}/bin/colmena --disable-emoji $@
colmena.defaultPackage.${pkgs.system}
}/bin/colmena --disable-emoji $@
'') '')
]; ];
}; };

43
hosts/Agathas-Mac-mini/configuration.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, lib, ... }:
{
imports = [
../../common/home_manager/common.nix
../../common/fragments/graphical/iosevka.nix
];
nixpkgs.hostPlatform = "aarch64-darwin";
services.nix-daemon.enable = true;
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
};
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [
"DaddyTimeMono"
"NerdFontsSymbolsOnly"
];
})
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}

13
hosts/bloodletting/configuration.nix
View File

@ -6,6 +6,7 @@
../../common/fragments/fail2ban.nix ../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix ../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix ../../common/fragments/grafana.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/mastodon-ebooks.nix ../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix ../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix ../../common/fragments/matrix-ril100.nix
@ -212,6 +213,18 @@
extraConfig = "client_max_body_size 64M;"; extraConfig = "client_max_body_size 64M;";
}; };
virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
}; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default

55
hosts/tears/hardware-configuration.nix
View File

@ -66,35 +66,28 @@
}; };
# Creating separate mono sources for Tascam US-4x4HR # Creating separate mono sources for Tascam US-4x4HR
environment.etc."pipewire/pipewire.conf.d/91-us-4x4hr.conf".text = let services.pipewire.extraConfig.pipewire."91-us-4x4hr" = {
name = "US-4x4HR"; "context.modules" = let
target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0"; name = "US-4x4HR";
input = ch: '' target = "alsa_input.usb-TASCAM_US-4x4HR_no_serial_number-00.pro-input-0";
{ input = ch: {
name = libpipewire-module-loopback "name" = "libpipewire-module-loopback";
args = { "args" = {
node.description = "${name} Input ${toString ch} Mono" "node.description" = "${name} Input ${toString ch} Mono";
capture.props = { "capture.props" = {
node.name = "capture.${name}_ch${toString ch}" "node.name" = "capture.${name}_ch${toString ch}";
audio.position = [ AUX${toString ch} ] "audio.position" = [ "AUX${toString ch}" ];
stream.dont-remix = true "stream.dont-remix" = true;
target.object = "${target}" "target.object" = target;
node.passive = true "node.passive" = true;
} };
playback.props = { "playback.props" = {
node.name = "${name}_ch${toString ch}" "node.name" = "${name}_ch${toString ch}";
media.class = "Audio/Source" "media.class" = "Audio/Source";
audio.position = [ MONO ] "audio.position" = [ "MONO" ];
} };
} };
} };
''; in [ (input 0) (input 1) (input 2) (input 3) ];
in '' };
context.modules = [
${input 0}
${input 1}
${input 2}
${input 3}
]
'';
} }

49
hosts/watchtower/configuration.nix Normal file
View File

@ -0,0 +1,49 @@
{
imports = [
./hardware-configuration.nix
../../common/users/julia.nix
../../common/home_manager/common.nix
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device = "/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

40
hosts/watchtower/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device =
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}