sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:dffabfdcaf415ae1dbfc895b9d04c26bf01d5ff1
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
..
compare: sorceress:5d558c80f4c69fe5f019df684e7141ccca7ca7a1
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

8 Commits
dffabfdcaf ... 5d558c80f4

Author SHA1 Message Date
Agatha Lovelace 5d558c80f4
Update README 2024-05-22 02:11:27 +02:00
Agatha Lovelace 5c1a303d77
Add minecraft server status bot 2024-05-22 02:11:16 +02:00
Agatha Lovelace 9eca58e0a4
Migrate to Hurricane Electric DNS 2024-05-22 02:10:22 +02:00
Agatha Lovelace 735fe81b03
Misc tweaks 2024-05-22 02:08:36 +02:00
Agatha Lovelace f8db5d7e9a
XMPP setup 2024-05-22 02:06:22 +02:00
Agatha Lovelace 46b52f7aaf
Migrate to Protonmail 2024-05-22 02:03:39 +02:00
Agatha Lovelace efaa8c62a4
Remove unused homepage 2024-05-22 02:01:35 +02:00
Agatha Lovelace 01c61c7495
Properly add various tools from shell history 2024-03-12 22:27:36 +01:00
16 changed files with 160 additions and 76 deletions
Show Stats Expand all files Collapse all files

6
README.md
View File

@ -4,6 +4,7 @@ Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts
- `bloodletting`: Main server
- `ritual`: NixOS laptop
- `tears`: NixOS desktop
### Manual setup on blank system/migrations
Bloodletting:
@ -15,7 +16,6 @@ Bloodletting:
- `bin_rs`
- `fail2ban`
- `grafana`
- `homepage`
- `mastodon`
- dump and import Postgres and Redis DBs
- `matterbridge`
@ -24,9 +24,10 @@ Bloodletting:
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2`
- `prosody`
- `/home/ftp`
Ritual:
Ritual/Tears:
- `colmena apply[-local]` - deploy config
- `mkdir -p ~/.gnupg` - create directory for gnupg
- copy `~/.ssh/id_ed25519`
@ -34,6 +35,7 @@ Ritual:
- Firefox
- Copy extension data
- Element
- Dino
- Telegram Desktop
- Geary
- Obsidian

1
common/fragments/graphical/bspwm.nix
View File

@ -13,6 +13,7 @@
startup = startOnce [
"firefox"
"element-desktop"
"dino"
"telegram-desktop"
"spotify"
"geary"

24
common/fragments/graphical/default.nix
View File

@ -9,6 +9,7 @@
./iosevka.nix
./kitty.nix
./lockscreen.nix
./mail.nix
./picom.nix
./polybar.nix
./rofi.nix
@ -29,14 +30,18 @@
# User packages
users.users.agatha.packages = with pkgs; [
android-tools
blueberry
brightnessctl
broot
bspm
colmena
darktable
dino
element-desktop
exiftool
ffmpeg
flac
flameshot
gimp
glib
@ -47,10 +52,11 @@
gnome.gnome-disk-utility
gnome.gnome-font-viewer
gnome.nautilus
gnome.totem
hyperfine
just
magic-wormhole
mpv
mumble
neofetch
nil
nitrogen
@ -65,10 +71,13 @@
rofi-calc
rofimoji
speechd
sshfs
tdesktop
whois
wireguard-tools
xdg-utils
xdotool
yt-dlp
yubioath-flutter
];
@ -110,6 +119,9 @@
layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl";
autoRepeatDelay = 200;
autoRepeatInterval = 50;
libinput.enable = true;
};
@ -229,11 +241,21 @@
drivers = [ pkgs.hplip ];
};
services.avahi = {
enable = true;
nssmdns = true;
openFirewall = true;
};
hardware.bluetooth = {
enable = true;
settings = { General = { Disable = "Headset"; }; };
};
# Virtual Camera config
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
# Fix Wireguard NetworkManager connections
networking.firewall.checkReversePath = "loose";
}

13
common/fragments/graphical/mail.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
systemd.user.services.protonmail-bridge = {
description = "Protonmail Bridge";
enable = true;
script =
"${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive --log-level info";
path = [ pkgs.gnome3.gnome-keyring ];
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
};
users.users.agatha.packages = [ pkgs.unstable.protonmail-bridge-gui ];
}

13
common/fragments/homepage.nix
View File

@ -1,13 +0,0 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.18";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

16
common/fragments/mc-status-bot.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

2
common/fragments/nyandroid.nix
View File

@ -1,4 +1,4 @@
_: {
{
virtualisation.oci-containers.containers = {
"nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest";

29
common/fragments/prosody.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

4
common/home_manager/common.nix
View File

@ -82,7 +82,7 @@
cmd_duration = { min_time = 10000; };
git_branch = {
format = "$symbol $branch";
symbol = "";
symbol = "󰘬";
};
hostname = {
ssh_only = false;
@ -114,7 +114,7 @@
}
];
shellAliases = {
ls = "eza -lFhT --group-directories-first --level 1";
ls = "eza -lhT --classify=always --group-directories-first --level 1";
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''

21
common/pkgs/mc-status-bot.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

69
flake.lock
View File

@ -74,11 +74,11 @@
]
},
"locked": {
"lastModified": 1701025348,
"narHash": "sha256-42GHmYH+GF7VjwGSt+fVT1CQuNpGanJbNgVHTAZppUM=",
"lastModified": 1709610799,
"narHash": "sha256-5jfLQx0U9hXbi2skYMGodDJkIgffrjIOgMRjZqms2QE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "42afaeb1a0325194a7cdb526332d2cb92fddd07b",
"rev": "81c393c776d5379c030607866afef6406ca1be57",
"type": "github"
},
"original": {
@ -139,11 +139,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@ -217,11 +217,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1707488951,
"narHash": "sha256-xD0e8vLhrxmLKP8mo4kHmfXtDSQ9RZm/dbMmWDdW5WQ=",
"lastModified": 1714732742,
"narHash": "sha256-tvZiMfL0TEiZGe5lOAk0Qrmsigc5UNRDootbEGUV58o=",
"owner": "helix-editor",
"repo": "helix",
"rev": "d570c29ce37ffbb46a9c49708c31dfd81daa27cf",
"rev": "7e13213e7430c95cbad210994cecbfadc52c0714",
"type": "github"
},
"original": {
@ -237,11 +237,11 @@
]
},
"locked": {
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"lastModified": 1714043624,
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
"type": "github"
},
"original": {
@ -371,7 +371,10 @@
},
"naersk_4": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": [
"url-eater",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698420672,
@ -440,11 +443,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1707588924,
"narHash": "sha256-0e1ce6X5ghapv6cAF9rxLZKeNyFHHXsLbGxN2cQQE8U=",
"lastModified": 1714656196,
"narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10b813040df67c4039086db0f6eaf65c536886c6",
"rev": "94035b482d181af0a0f8f77823a790b256b7c3cc",
"type": "github"
},
"original": {
@ -499,11 +502,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1707514827,
"narHash": "sha256-Y+wqFkvikpE1epCx57PsGw+M1hX5aY5q/xgk+ebDwxI=",
"lastModified": 1714531828,
"narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "20f65b86b6485decb43c5498780c223571dd56ef",
"rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1",
"type": "github"
},
"original": {
@ -513,20 +516,6 @@
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1704161960,
"narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63143ac2c9186be6d9da6035fa22620018c85932",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1682092588,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
@ -571,11 +560,11 @@
]
},
"locked": {
"lastModified": 1701137803,
"narHash": "sha256-0LcPAdql5IhQSUXJx3Zna0dYTgdIoYO7zUrsKgiBd04=",
"lastModified": 1709604635,
"narHash": "sha256-le4fwmWmjGRYWwkho0Gr7mnnZndOOe4XGbLw68OvF40=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "9dd940c967502f844eacea52a61e9596268d4f70",
"rev": "e86c0fb5d3a22a5f30d7f64ecad88643fe26449d",
"type": "github"
},
"original": {
@ -750,11 +739,11 @@
"utils": "utils_5"
},
"locked": {
"lastModified": 1705955798,
"narHash": "sha256-lN3AnOCz5thhFhnj8xN7KuuUrAbG9FrvUcNJ3Ys45NU=",
"lastModified": 1710529176,
"narHash": "sha256-TuDrnw1USxWsGQMQuX50D69A3Z555vC0Q0knYcd/qGE=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "3ea3d1363d61654d489f31578994bcb799b683b2",
"rev": "21be820dcd6fa5c91e9a46fb8c72f13db631ed54",
"type": "github"
},
"original": {
@ -873,7 +862,7 @@
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"utils": "utils_6"
},
"locked": {

8
flake.nix
View File

@ -143,10 +143,14 @@
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/";
};
"rfc2136-technogothic-net" = {
keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
"hurricane-tokens" = {
keyCommand = [ "cat" "./secrets/hurricane-tokens" ];
destDir = "/var/lib/secrets/";
};
"mc-status-bot-env" = {
keyCommand = [ "cat" "./secrets/mc-status-bot-env" ];
destDir = "/var/lib/secrets";
};
"fedi-data.toml" = {
keyCommand = [ "cat" "./secrets/frq-friend-fedi-data.toml" ];
destDir = "/var/lib/frq-friend";

23
hosts/bloodletting/configuration.nix
View File

@ -6,15 +6,16 @@
../../common/fragments/fail2ban.nix
../../common/fragments/frq-friend.nix
../../common/fragments/grafana.nix
../../common/fragments/homepage.nix
../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/prosody.nix
../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix
];
@ -84,13 +85,13 @@
security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net";
extraDomainNames = [ "technogothic.net" ];
dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
extraDomainNames = [ "technogothic.net" "*.argent.technogothic.net" ];
dnsProvider = "hurricane";
credentialsFile = "/var/lib/secrets/hurricane-tokens";
group = "nginx";
};
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" "prosody" ];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx
@ -137,6 +138,8 @@
'';
};
locations."=/5idbsp9q8d.txt".return = "200 uwu";
extraConfig = ''
error_page 404 /404.html;
'';
@ -158,16 +161,6 @@
};
};
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;

1
hosts/ritual/configuration.nix
View File

@ -39,6 +39,7 @@
rules = {
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"dino".desktop = "III";
"Spotify".desktop = "IV";
"Geary".desktop = "V";
"firefox" = {

1
hosts/tears/configuration.nix
View File

@ -41,6 +41,7 @@
rules = {
"Element".desktop = "I";
"TelegramDesktop".desktop = "II";
"dino".desktop = "II";
"Spotify".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {

5
hosts/tears/hardware-configuration.nix
View File

@ -60,6 +60,11 @@
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
# Creating separate mono sources for Tascam US-4x4HR
environment.etc."pipewire/pipewire.conf.d/91-us-4x4hr.conf".text = let
name = "US-4x4HR";