Compare commits

..

No commits in common. "5d558c80f4c69fe5f019df684e7141ccca7ca7a1" and "dffabfdcaf415ae1dbfc895b9d04c26bf01d5ff1" have entirely different histories.

16 changed files with 76 additions and 160 deletions

View File

@ -4,7 +4,6 @@ Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts ## Hosts
- `bloodletting`: Main server - `bloodletting`: Main server
- `ritual`: NixOS laptop - `ritual`: NixOS laptop
- `tears`: NixOS desktop
### Manual setup on blank system/migrations ### Manual setup on blank system/migrations
Bloodletting: Bloodletting:
@ -16,6 +15,7 @@ Bloodletting:
- `bin_rs` - `bin_rs`
- `fail2ban` - `fail2ban`
- `grafana` - `grafana`
- `homepage`
- `mastodon` - `mastodon`
- dump and import Postgres and Redis DBs - dump and import Postgres and Redis DBs
- `matterbridge` - `matterbridge`
@ -24,10 +24,9 @@ Bloodletting:
- `mstdn-ebooks` - `mstdn-ebooks`
- `nyandroid` - `nyandroid`
- `prometheus2` - `prometheus2`
- `prosody`
- `/home/ftp` - `/home/ftp`
Ritual/Tears: Ritual:
- `colmena apply[-local]` - deploy config - `colmena apply[-local]` - deploy config
- `mkdir -p ~/.gnupg` - create directory for gnupg - `mkdir -p ~/.gnupg` - create directory for gnupg
- copy `~/.ssh/id_ed25519` - copy `~/.ssh/id_ed25519`
@ -35,7 +34,6 @@ Ritual/Tears:
- Firefox - Firefox
- Copy extension data - Copy extension data
- Element - Element
- Dino
- Telegram Desktop - Telegram Desktop
- Geary - Geary
- Obsidian - Obsidian

View File

@ -13,7 +13,6 @@
startup = startOnce [ startup = startOnce [
"firefox" "firefox"
"element-desktop" "element-desktop"
"dino"
"telegram-desktop" "telegram-desktop"
"spotify" "spotify"
"geary" "geary"

View File

@ -9,7 +9,6 @@
./iosevka.nix ./iosevka.nix
./kitty.nix ./kitty.nix
./lockscreen.nix ./lockscreen.nix
./mail.nix
./picom.nix ./picom.nix
./polybar.nix ./polybar.nix
./rofi.nix ./rofi.nix
@ -30,18 +29,14 @@
# User packages # User packages
users.users.agatha.packages = with pkgs; [ users.users.agatha.packages = with pkgs; [
android-tools
blueberry blueberry
brightnessctl brightnessctl
broot broot
bspm bspm
colmena colmena
darktable darktable
dino
element-desktop element-desktop
exiftool
ffmpeg ffmpeg
flac
flameshot flameshot
gimp gimp
glib glib
@ -52,11 +47,10 @@
gnome.gnome-disk-utility gnome.gnome-disk-utility
gnome.gnome-font-viewer gnome.gnome-font-viewer
gnome.nautilus gnome.nautilus
gnome.totem
hyperfine hyperfine
just just
magic-wormhole magic-wormhole
mpv
mumble
neofetch neofetch
nil nil
nitrogen nitrogen
@ -71,13 +65,10 @@
rofi-calc rofi-calc
rofimoji rofimoji
speechd speechd
sshfs
tdesktop tdesktop
whois
wireguard-tools wireguard-tools
xdg-utils xdg-utils
xdotool xdotool
yt-dlp
yubioath-flutter yubioath-flutter
]; ];
@ -119,9 +110,6 @@
layout = lib.mkForce "eu,de(qwerty),ua,ru"; layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl"; xkbOptions = "ctrl:nocaps,compose:rctrl";
autoRepeatDelay = 200;
autoRepeatInterval = 50;
libinput.enable = true; libinput.enable = true;
}; };
@ -241,21 +229,11 @@
drivers = [ pkgs.hplip ]; drivers = [ pkgs.hplip ];
}; };
services.avahi = {
enable = true;
nssmdns = true;
openFirewall = true;
};
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
settings = { General = { Disable = "Headset"; }; }; settings = { General = { Disable = "Headset"; }; };
}; };
# Virtual Camera config
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
# Fix Wireguard NetworkManager connections # Fix Wireguard NetworkManager connections
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";
} }

View File

@ -1,13 +0,0 @@
{ pkgs, ... }: {
systemd.user.services.protonmail-bridge = {
description = "Protonmail Bridge";
enable = true;
script =
"${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive --log-level info";
path = [ pkgs.gnome3.gnome-keyring ];
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
};
users.users.agatha.packages = [ pkgs.unstable.protonmail-bridge-gui ];
}

View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.18";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

View File

@ -1,16 +0,0 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

View File

@ -1,4 +1,4 @@
{ _: {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"nyandroid" = { "nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest"; image = "registry.gitlab.com/xenua/nyandroid:latest";

View File

@ -1,29 +0,0 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

View File

@ -82,7 +82,7 @@
cmd_duration = { min_time = 10000; }; cmd_duration = { min_time = 10000; };
git_branch = { git_branch = {
format = "$symbol $branch"; format = "$symbol $branch";
symbol = "󰘬"; symbol = "";
}; };
hostname = { hostname = {
ssh_only = false; ssh_only = false;
@ -114,7 +114,7 @@
} }
]; ];
shellAliases = { shellAliases = {
ls = "eza -lhT --classify=always --group-directories-first --level 1"; ls = "eza -lFhT --group-directories-first --level 1";
cat = "bat"; cat = "bat";
ip = "ip -color=always"; ip = "ip -color=always";
youtube-dl-audio = '' youtube-dl-audio = ''

View File

@ -1,21 +0,0 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

View File

@ -74,11 +74,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709610799, "lastModified": 1701025348,
"narHash": "sha256-5jfLQx0U9hXbi2skYMGodDJkIgffrjIOgMRjZqms2QE=", "narHash": "sha256-42GHmYH+GF7VjwGSt+fVT1CQuNpGanJbNgVHTAZppUM=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "81c393c776d5379c030607866afef6406ca1be57", "rev": "42afaeb1a0325194a7cdb526332d2cb92fddd07b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -139,11 +139,11 @@
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1694529238,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -217,11 +217,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1714732742, "lastModified": 1707488951,
"narHash": "sha256-tvZiMfL0TEiZGe5lOAk0Qrmsigc5UNRDootbEGUV58o=", "narHash": "sha256-xD0e8vLhrxmLKP8mo4kHmfXtDSQ9RZm/dbMmWDdW5WQ=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "7e13213e7430c95cbad210994cecbfadc52c0714", "rev": "d570c29ce37ffbb46a9c49708c31dfd81daa27cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1714043624, "lastModified": 1706981411,
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -371,10 +371,7 @@
}, },
"naersk_4": { "naersk_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": "nixpkgs_6"
"url-eater",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1698420672, "lastModified": 1698420672,
@ -443,11 +440,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1714656196, "lastModified": 1707588924,
"narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", "narHash": "sha256-0e1ce6X5ghapv6cAF9rxLZKeNyFHHXsLbGxN2cQQE8U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", "rev": "10b813040df67c4039086db0f6eaf65c536886c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,11 +499,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1714531828, "lastModified": 1707514827,
"narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", "narHash": "sha256-Y+wqFkvikpE1epCx57PsGw+M1hX5aY5q/xgk+ebDwxI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", "rev": "20f65b86b6485decb43c5498780c223571dd56ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -516,6 +513,20 @@
} }
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": {
"lastModified": 1704161960,
"narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63143ac2c9186be6d9da6035fa22620018c85932",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1682092588, "lastModified": 1682092588,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=", "narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
@ -560,11 +571,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709604635, "lastModified": 1701137803,
"narHash": "sha256-le4fwmWmjGRYWwkho0Gr7mnnZndOOe4XGbLw68OvF40=", "narHash": "sha256-0LcPAdql5IhQSUXJx3Zna0dYTgdIoYO7zUrsKgiBd04=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "e86c0fb5d3a22a5f30d7f64ecad88643fe26449d", "rev": "9dd940c967502f844eacea52a61e9596268d4f70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -739,11 +750,11 @@
"utils": "utils_5" "utils": "utils_5"
}, },
"locked": { "locked": {
"lastModified": 1710529176, "lastModified": 1705955798,
"narHash": "sha256-TuDrnw1USxWsGQMQuX50D69A3Z555vC0Q0knYcd/qGE=", "narHash": "sha256-lN3AnOCz5thhFhnj8xN7KuuUrAbG9FrvUcNJ3Ys45NU=",
"owner": "AgathaSorceress", "owner": "AgathaSorceress",
"repo": "url-eater", "repo": "url-eater",
"rev": "21be820dcd6fa5c91e9a46fb8c72f13db631ed54", "rev": "3ea3d1363d61654d489f31578994bcb799b683b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -862,7 +873,7 @@
}, },
"vampysite": { "vampysite": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"utils": "utils_6" "utils": "utils_6"
}, },
"locked": { "locked": {

View File

@ -143,14 +143,10 @@
keyCommand = [ "cat" "./secrets/nyandroid-token" ]; keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"hurricane-tokens" = { "rfc2136-technogothic-net" = {
keyCommand = [ "cat" "./secrets/hurricane-tokens" ]; keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
destDir = "/var/lib/secrets/"; destDir = "/var/lib/secrets/";
}; };
"mc-status-bot-env" = {
keyCommand = [ "cat" "./secrets/mc-status-bot-env" ];
destDir = "/var/lib/secrets";
};
"fedi-data.toml" = { "fedi-data.toml" = {
keyCommand = [ "cat" "./secrets/frq-friend-fedi-data.toml" ]; keyCommand = [ "cat" "./secrets/frq-friend-fedi-data.toml" ];
destDir = "/var/lib/frq-friend"; destDir = "/var/lib/frq-friend";

View File

@ -6,16 +6,15 @@
../../common/fragments/fail2ban.nix ../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix ../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix ../../common/fragments/grafana.nix
../../common/fragments/homepage.nix
../../common/fragments/mastodon-ebooks.nix ../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix ../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix ../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix ../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix ../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix ../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix ../../common/fragments/postgres.nix
../../common/fragments/prometheus_exporters.nix ../../common/fragments/prometheus_exporters.nix
../../common/fragments/prosody.nix
../../common/fragments/vsftpd.nix ../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix ../../common/home_manager/common.nix
]; ];
@ -85,13 +84,13 @@
security.acme.certs."technogothic.net" = { security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net"; domain = "*.technogothic.net";
extraDomainNames = [ "technogothic.net" "*.argent.technogothic.net" ]; extraDomainNames = [ "technogothic.net" ];
dnsProvider = "hurricane"; dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/hurricane-tokens"; credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
group = "nginx"; group = "nginx";
}; };
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" "prosody" ]; security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx # Nginx
@ -138,8 +137,6 @@
''; '';
}; };
locations."=/5idbsp9q8d.txt".return = "200 uwu";
extraConfig = '' extraConfig = ''
error_page 404 /404.html; error_page 404 /404.html;
''; '';
@ -161,6 +158,16 @@
}; };
}; };
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = { virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;

View File

@ -39,7 +39,6 @@
rules = { rules = {
"Element".desktop = "II"; "Element".desktop = "II";
"TelegramDesktop".desktop = "III"; "TelegramDesktop".desktop = "III";
"dino".desktop = "III";
"Spotify".desktop = "IV"; "Spotify".desktop = "IV";
"Geary".desktop = "V"; "Geary".desktop = "V";
"firefox" = { "firefox" = {

View File

@ -41,7 +41,6 @@
rules = { rules = {
"Element".desktop = "I"; "Element".desktop = "I";
"TelegramDesktop".desktop = "II"; "TelegramDesktop".desktop = "II";
"dino".desktop = "II";
"Spotify".desktop = "III"; "Spotify".desktop = "III";
"Geary".desktop = "IV"; "Geary".desktop = "IV";
"firefox" = { "firefox" = {

View File

@ -60,11 +60,6 @@
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
# Creating separate mono sources for Tascam US-4x4HR # Creating separate mono sources for Tascam US-4x4HR
environment.etc."pipewire/pipewire.conf.d/91-us-4x4hr.conf".text = let environment.etc."pipewire/pipewire.conf.d/91-us-4x4hr.conf".text = let
name = "US-4x4HR"; name = "US-4x4HR";