From 021fab40f7f815708d4cf918ec0ac0bd16c0bc8f Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Thu, 19 Jan 2023 00:11:01 +0100 Subject: [PATCH] we all communally keep forgetting to commit things arghhrg --- config/gitea/app.toml | 2 +- flake.lock | 128 ++++++++++++------- flake.nix | 8 +- hosts/dark-firepit/authorizedKeys.nix | 4 + hosts/dark-firepit/default.nix | 79 +++++++++++- hosts/dark-firepit/yugoslavia-best.nix | 7 ++ modules/hyprland.nix | 13 ++ modules/services/staticSites.nix | 12 +- modules/services/wireguard.nix | 1 + modules/services/writefreely.nix | 167 ++++++++++++++++++++++++- packages/glitch-soc/default.nix | 17 ++- 11 files changed, 372 insertions(+), 66 deletions(-) diff --git a/config/gitea/app.toml b/config/gitea/app.toml index 7d15d4c..babd6bc 100755 --- a/config/gitea/app.toml +++ b/config/gitea/app.toml @@ -9,7 +9,7 @@ DEFAULT_BRANCH = "main" [ui] DEFAULT_THEME = "arc-pink" THEMES="auto,gitea,arc-green,arc-pink,arc-pink-modern,darkred,gitea-blue,gitea-modern,github" -CUSTOM_EMOJIS = "blurry_eyes,whenyoubigshit,he,ancapistanian,oralpleasure,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_might,soul_of_blight,michael,bottom,spongesad,scripulous_fingore_point,scripulous_fingore,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,rusty50,entropy,peeeh,penis,gloopy,twister,stupib,speed,deadchat,cock,housj,dothejej,b_,trollgecommence,handsl,handsr,face,aiki,nervous,coffee,the_cowboy,dilf,child,closer,feddynite,orang,feddy_glamcock,elonmusk,slugclose,zonkerdoodle,pls,x3,slugloafspin,observer,pickle,zamiel_approves,ohgod,hapykity,i_see_chicory,i_see_pizza,cutely_blushes,gamer_boi,eeeeeeeeee,babytime,sleeby" +CUSTOM_EMOJIS = "blurry_eyes,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_blight,bottom,spongesad,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,peeeh,penis,twister,speed,deadchat,housj,dothejej,b_,trollgecommence,nervous,coffee,dilf,closer,slugclose,pls,x3,observer,zamiel_approves,i_see_pizza,cutely_blushes,babytime,sleeby,zonkerdoodle,whenyoubigshit,the_cowboy,stupib,soul_of_might,scripulous_fingore_point,scripulous_fingore,rusty50,pickle,orang,oralpleasure,ohgod,michael,i_see_chicory,he,hapykity,handsr,handsl,slugloafspin,gamer_boi,feddynite,cock,feddy_glamcock,face,entropy,elonmusk,eeeeeeeeee,child,ancapistanian,aiki,gloopy,lamb,YOU,slightYOU,citat,ionn,eede,ed,blank,michael,BABAXD,BABA,EyesPepe,spamdance,pickledance,BABA_IS_OO,wieldr,wieldl,cinnamon,jillo,she,hydrogenperoxide,ObedientCitizen,misinformation,maenod,Snowsgiving22_AnimatedEmojis_mal" [mailer] ENABLED = false diff --git a/flake.lock b/flake.lock index 261a439..e4df239 100755 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1666527089, - "narHash": "sha256-FDcMUWaL9XmZKGT+cLTH07sSxm14BJ4+49AYFTpITNI=", + "lastModified": 1670235510, + "narHash": "sha256-f+gUkF9duBRYbQdCMsaVHNFgsxN6R32ZXXOJU3cND3Y=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "92c3c295daea9e71578b2e4f0cbe9906013c1adc", + "rev": "dd60ef06981fec354663054e608bbfcd7f8f1cff", "type": "github" }, "original": { @@ -43,11 +43,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -73,11 +73,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -123,11 +123,11 @@ ] }, "locked": { - "lastModified": 1665996265, - "narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=", + "lastModified": 1667907331, + "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891", + "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", "type": "github" }, "original": { @@ -142,14 +142,15 @@ "nixpkgs": [ "nixpkgs" ], - "wlroots": "wlroots" + "wlroots": "wlroots", + "xdph": "xdph" }, "locked": { - "lastModified": 1667561425, - "narHash": "sha256-StR+7yu1cj72OOPSAYbfWNKkBHTXRsbp743H3k3qm1Y=", + "lastModified": 1670202811, + "narHash": "sha256-/Mj5VQc5fQeY65XfCHHEBjMDCu1pNTeh8mpQz3D8Yvs=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "34ad837fd93a55c2a234381c9077fba1c2fd154c", + "rev": "f71f04db9e13950af4a97ae6c8cd31311f8cb6bd", "type": "github" }, "original": { @@ -158,6 +159,22 @@ "type": "github" } }, + "hyprland-protocols": { + "flake": false, + "locked": { + "lastModified": 1670185345, + "narHash": "sha256-hxWGqlPecqEsE6nOHDV29KFBKePbY2Ipeac6lrChMKY=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "4623a404c091e64743ba310199bb380ec52f1936", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, "hyprpaper": { "inputs": { "nixpkgs": [ @@ -165,11 +182,11 @@ ] }, "locked": { - "lastModified": 1667775402, - "narHash": "sha256-+k/21qDW+RKBKFKkjRmntWemJR8/5bZyyoDTKr/emCU=", + "lastModified": 1669635788, + "narHash": "sha256-xlJ4hbUm3KULq4daqopi+eAv1u57uLlTare04HL3X/c=", "owner": "hyprwm", "repo": "hyprpaper", - "rev": "6d3a15f33cedaa8f01b0f96c8d2a1f8de24bbb33", + "rev": "ab85578dce442b80aa3378fe0304e6cb6f16f593", "type": "github" }, "original": { @@ -185,11 +202,11 @@ ] }, "locked": { - "lastModified": 1666947305, - "narHash": "sha256-jgiDWLwCf6PQhXLUtSk4btaS/jZwJed2XLnlA51ANQk=", + "lastModified": 1668940659, + "narHash": "sha256-m2b+dmeJP/vtObK1cr4RxrXkmlnZjCxPR2efmlRwBrs=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "06be1c9348fdf8ff58fd05f54b62bdd73544db6a", + "rev": "f6c24d90e3d2f33a43593255a684be04e944f60a", "type": "github" }, "original": { @@ -204,11 +221,8 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1666029887, - "narHash": "sha256-QtyGcQ9DFUqXRe5x/BEV4QQQoSaoSfmcW8dHP7CkTgY=", - "ref": "main", - "rev": "72f30e2b8e007751731f8f1dd979f4f2e3ef8f8b", - "revCount": 27, + "lastModified": 1669389833, + "narHash": "sha256-khId6aJCxyeR6jWNNywAqJ+eEoZXSZciH8kkSYG5Jf8=", "type": "git", "url": "file:///home/oatmealine/jillo" }, @@ -246,11 +260,11 @@ ] }, "locked": { - "lastModified": 1666188576, - "narHash": "sha256-cBsCLCxT3V6wo3lJcRZSF4cngXm2VQNKzmr5EbndJrg=", + "lastModified": 1669222807, + "narHash": "sha256-pg5RSijaunmn6v0MF8WstijFCt/lTeiStm4DaeW8WHg=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "75ac91689d19bb4944f4794082d7f13ad99ef40a", + "rev": "fb0c4c18ba3dcb3b5243d555d5afe8943d5425e2", "type": "github" }, "original": { @@ -261,11 +275,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665987993, - "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", + "lastModified": 1670174919, + "narHash": "sha256-XdQr3BUnrvVLRFunLWrZORhwYHDG0+9jUUe0Jv1pths=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "0e6593630071440eb89cd97a52921497482b22c6", + "rev": "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b", "type": "github" }, "original": { @@ -292,11 +306,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1666203765, - "narHash": "sha256-r/wcNaof81uEkd9cx3ijSNMzg84NdT2FI/SI6o+jARk=", + "lastModified": 1670242877, + "narHash": "sha256-jBLh7dRHnbfvPPA9znOC6oQfKrCPJ0El8Zoe0BqnCjQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2df2b52806129828a1dafaa093027f10817e5b3b", + "rev": "6e51c97f1c849efdfd4f3b78a4870e6aa2da4198", "type": "github" }, "original": { @@ -308,11 +322,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1666109165, - "narHash": "sha256-BMLyNVkr0oONuq3lKlFCRVuYqF75CO68Z8EoCh81Zdk=", + "lastModified": 1670064435, + "narHash": "sha256-+ELoY30UN+Pl3Yn7RWRPabykwebsVK/kYE9JsIsUMxQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32096899af23d49010bd8cf6a91695888d9d9e73", + "rev": "61a8a98e6d557e6dd7ed0cdb54c3a3e3bbc5e25c", "type": "github" }, "original": { @@ -339,16 +353,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1666164185, - "narHash": "sha256-5v+YB4ijeUfg5LCz9ck4gIpCPhIS+qn02OyPJO48bCE=", + "lastModified": 1670064435, + "narHash": "sha256-+ELoY30UN+Pl3Yn7RWRPabykwebsVK/kYE9JsIsUMxQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5203abb1329f7ea084c04acda330ca75d5b9fb5", + "rev": "61a8a98e6d557e6dd7ed0cdb54c3a3e3bbc5e25c", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-unstable", "type": "indirect" } }, @@ -474,11 +488,11 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1666466001, - "narHash": "sha256-ZjxAnqtcGmHQHKL1Z9sIraDnzIqrJleWcJXfPtzAm74=", + "lastModified": 1669925104, + "narHash": "sha256-xMHfW+/G9MieN/5tXHUA5/ztE8dkE093cNFTEUgcwxI=", "owner": "wlroots", "repo": "wlroots", - "rev": "c2d2773df57750081b16d56da13b5015d752cbd7", + "rev": "c8eb24d30e18c165728b8788a10716611c3b633d", "type": "gitlab" }, "original": { @@ -487,6 +501,28 @@ "repo": "wlroots", "type": "gitlab" } + }, + "xdph": { + "inputs": { + "hyprland-protocols": "hyprland-protocols", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1670202338, + "narHash": "sha256-StTfshdAoSxO+t0wRbq1I3YESLFIQWFjGJse5ICV8rk=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "af840a9e0947a79a37a95a9f62062653721e43fa", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6450505..d3c9ae2 100755 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,9 @@ description = "Frosted Flakes"; inputs = { - nixpkgs.url = "nixpkgs/nixos-22.05"; + # temporary gitea workaround + #nixpkgs.url = "nixpkgs/nixos-22.05"; + nixpkgs.url = "nixpkgs/nixos-unstable"; # WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software. nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; @@ -75,7 +77,9 @@ master = mkPkgs nixpkgs-master []; }; overlays = mapModules ./overlays import; - nixosModules = mapModulesRec ./modules import; + nixosModules = (mapModulesRec ./modules import) ++ [ + hyprland.nixosModules.default + ]; nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; }); devShell."${system}" = import ./shell.nix { inherit pkgs; }; }; diff --git a/hosts/dark-firepit/authorizedKeys.nix b/hosts/dark-firepit/authorizedKeys.nix index d6b4d9a..0881697 100644 --- a/hosts/dark-firepit/authorizedKeys.nix +++ b/hosts/dark-firepit/authorizedKeys.nix @@ -26,4 +26,8 @@ hostname = "lilith@bms-cab"; ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab"; } + { + hostname = "swag@BMW-M550d-xDrive"; # mayflower 2 + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1fJn2ZY9fhBr4E1Gc91uRWS5r+EZ4OHy3RmuAjx7kr swag@BMW-M550d-xDrive"; + } ] diff --git a/hosts/dark-firepit/default.nix b/hosts/dark-firepit/default.nix index f94bc45..2a9f09b 100644 --- a/hosts/dark-firepit/default.nix +++ b/hosts/dark-firepit/default.nix @@ -30,7 +30,7 @@ in { # aether??? is that... reference.../.??? aether https://www.curseforge.com/minecraft/mc-mods/aether mod Curseforge minecraft Forge Patreon Chat twitter code license Assets license All rights reserved categories Last Updated apr 17 2021 Game Version 1.12.2 aether aether = { conf = { - packages = with pkgs; [ bat duf broot nftables tmux bottom ]; + packages = with pkgs; [ bat duf broot nftables tmux bottom writefreely ]; shell = pkgs.unstable.fish; extraGroups = [ "wheel" "nix-users" "dotfiles" ]; initialHashedPassword = "!"; @@ -77,6 +77,7 @@ in { initialHashedPassword = "!"; openssh.authorizedKeys.keys = fetchSSHKeys [ "mayflower@BMW-M550d-xDrive" + "swag@BMW-M550d-xDrive" ]; }; @@ -132,10 +133,17 @@ in { postgres.enable = true; - nextcloud = { - enable = true; - domain = "nextcloud.dark-firepit.cloud"; - }; + #nextcloud = { + # enable = true; + # domain = "nextcloud.dark-firepit.cloud"; + # settings.app.federation = true; + #}; + + #writefreely = { + # enable = true; + # name = "Corruption Biome"; + # domain = "blog.dark-firepit.cloud"; + #}; gitea = { enable = true; @@ -288,6 +296,30 @@ in { package = pkgs.minecraftServers.fabric-1_19_2; jvmOpts = "-Xmx6G"; }; + "n3ko-test" = { + enable = true; + autoStart = true; + openFirewall = true; + serverProperties = { + server-port = 25595; + gamemode = 1; + motd = "N3KO SMP Testing server"; + white-list = true; + max-players = 8; + allow-flight = true; + enable-command-block = true; + enforce-secure-profile = false; + #level-type = "terra:overworld/overworld"; + snooper-enabled = false; + spawn-protection = 0; + }; + whitelist = { + oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; + Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d"; + }; + package = pkgs.fabricServers.fabric-1_18_2; + jvmOpts = "-Xmx4G"; + }; "gbj" = { enable = true; autoStart = true; @@ -321,6 +353,8 @@ in { JDavisBro = "e8529c4b-701e-46c5-a8d7-0dfb0e0b642d"; Ironic_queen = "443fe20d-77e0-4a4a-8bb7-a4b9ad654550"; azurehaiku = "fd7aba33-4307-4eba-aa63-70bc3e38a2d7"; + TryHardGamerTV = "8273b84d-a687-49fb-98de-a3e626e26c3b"; + "_AtlasFox_" = "0ce1bbe0-ea57-463c-8df3-4c046dc6eff2"; }; package = pkgs.minecraftServers.fabric-1_19_2; jvmOpts = "-Xmx4G"; @@ -389,6 +423,7 @@ in { "mayf.pink".php = true; "mayf.pink".phpHandlePathing = true; "wint0r.zone".dataDir = "/var/www/wint0r.zone"; + "puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone"; }; nitter = { @@ -439,6 +474,26 @@ in { ''; }; + services.nginx.virtualHosts."gdpstest.oat.zone" = { + enableACME = true; + forceSSL = false; + addSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:1982/"; + }; + extraConfig = '' + client_max_body_size 500M; + ''; + }; + + services.nginx.virtualHosts."gdicon.oat.zone" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3436/"; + }; + }; + # https://www.edwinwenink.xyz/posts/47-tilde_server/ services.nginx.virtualHosts."dark-firepit.cloud" = { locations."~ ^/~([^/\\s]+?)(/[^\\s]*)?$".extraConfig = '' @@ -457,6 +512,20 @@ in { ''; }; + # temporary + #services.nginx.virtualHosts."git.oat.zone" = { + # forceSSL = true; + # enableACME = true; + # root = "/var/www/temporarily-down"; + # extraConfig = '' + # error_page 503 /index.html; + # ''; + # locations."/".extraConfig = '' + # return 503; + # try_files /index.html =404; + # ''; + #}; + security.doas = { extraRules = [ { users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; } diff --git a/hosts/dark-firepit/yugoslavia-best.nix b/hosts/dark-firepit/yugoslavia-best.nix index fdbc06e..c768f9c 100644 --- a/hosts/dark-firepit/yugoslavia-best.nix +++ b/hosts/dark-firepit/yugoslavia-best.nix @@ -9,6 +9,7 @@ in { modules.services.staticSites.${domain} = { dataDir = root; php = true; + forceSSL = false; }; services = { @@ -19,6 +20,12 @@ in { ''; }; + locations."= /brackets2.html" = { + extraConfig = '' + return 451; + ''; + }; + locations."/modding-txts/" = { extraConfig = '' autoindex on; diff --git a/modules/hyprland.nix b/modules/hyprland.nix index ebc69be..5b25e6f 100644 --- a/modules/hyprland.nix +++ b/modules/hyprland.nix @@ -17,6 +17,19 @@ in { #}; # this was failing to build so i removed it. sorry!!!!!! # -oat + # look outside your window!!! + # -aether + # ok done (i removed it again) + # -oat + + user.packages = with pkgs; [ + grim + slurp + wl-clipboard + brightnessctl + gammastep + wdisplays + ]; home._.wayland.windowManager.hyprland = { enable = true; diff --git a/modules/services/staticSites.nix b/modules/services/staticSites.nix index 1696d65..1fae6fb 100644 --- a/modules/services/staticSites.nix +++ b/modules/services/staticSites.nix @@ -45,6 +45,12 @@ let description = "Disables access to paths starting with a . (except well-known) to prevent leaking potentially sensitive data"; default = true; }; + + forceSSL = mkOption { + type = types.bool; + description = "Redirects HTTP requests to HTTPS."; + default = true; + }; }; in { options.modules.services.staticSites = mkOption { @@ -110,7 +116,8 @@ in { } ) ]; - forceSSL = true; + forceSSL = site.forceSSL; + addSSL = !site.forceSSL; enableACME = true; root = site.dataDir; }; @@ -134,6 +141,9 @@ in { "pm.min_spare_servers" = 1; "pm.max_spare_servers" = 25; }; + phpOptions = '' + display_errors = on; + ''; phpEnv."PATH" = lib.makeBinPath [ pkgs.unstable.php ]; phpPackage = pkgs.unstable.php; }; diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index 1b15a31..924d2ee 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -61,6 +61,7 @@ in { ''; }]; }) cfg.interfaces) +# }) {}) ); }) diff --git a/modules/services/writefreely.nix b/modules/services/writefreely.nix index 6ca0a7b..067cb33 100644 --- a/modules/services/writefreely.nix +++ b/modules/services/writefreely.nix @@ -3,6 +3,9 @@ with lib; let cfg = config.modules.services.writefreely; + configFile = pkgs.writeText "config.ini" '' + ${generators.toINI {} cfg.settings} + ''; in { options.modules.services.writefreely = { enable = mkOption { @@ -15,12 +18,172 @@ in { default = pkgs.writefreely; }; - user = mkOption { + name = mkOption { type = types.str; - default = "writefreely"; + default = null; + }; + + description = mkOption { + type = types.str; + default = ""; + }; + + domain = mkOption { + type = types.str; + default = null; + }; + + port = mkOption { + type = types.port; + default = 5824; + }; + + openRegistration = mkOption { + type = types.bool; + default = false; + }; + + settings = mkOption { + type = types.attrsOf types.attrs; + default = {}; }; }; config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.name != null; + description = "Writefreely instance name unset"; + } + + { assertion = cfg.domain != null; + description = "Writefreely domain unset"; + } + ]; + + environment.systemPackages = with pkgs; [ tmux ]; + + users.users.writefreely = { + home = cfg.dataDir; + createHome = true; + isSystemUser = true; + group = "writefreely"; + }; + + users.groups.writefreely = {}; + + modules.services.writefreely.settings = { + server = { + port = cfg.port; + bind = "localhost"; + autocert = mkDefault false; + gopher_port = mkDefault 0; + }; + + database = { + type = "postgresql"; + username = "writefreely"; +# password = ""; + database = "writefreely"; + host = "localhost"; + port = 3306; + tls = mkDefault false; + }; + + app = { + site_name = cfg.name; + site_description = cfg.description; + host = "https://${cfg.domain}:${cfg.port}"; + theme = mkDefault "write"; + disable_js = mkDefault false; + webfonts = mkDefault true; + simple_nav = mkDefault false; + wf_modesty = mkDefault false; + chorus = mkDefault false; + forest = mkDefault false; + disable_drafts = mkDefault false; + single_user = mkDefault false; + open_registration = cfg.openRegistration; + open_deletion = mkDefault false; + min_username_len = mkDefault 3; + max_blogs = mkDefault 100; + federation = mkDefault false; + public_stats = mkDefault true; + monetization = mkDefault false; + notes_only = mkDefault false; + private = mkDefault false; + local_timeline = mkDefault false; + update_chekcs = mkDefault false; + disable_password_auth = mkDefault false; + }; + + "oath.generic".allow_disconnect = mkDefault false; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "writefreely" ]; + ensureUsers = [ + { name = "writefreely"; + ensurePermissions."DATABASE writefreely" = "ALL PRIVELAGES"; + } + ]; + }; + + services.nginx.virtualHosts.${cfg.domain} = { + forceSSL = true; + enableACME = true; + + location."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:${toString cfg.port}; + proxy_redirect off; + ''; + + locations."~ ^/.well-known/(webfinger|nodeinfo|host-meta)".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:${toString cfg.port}; + proxy_redirect off; + ''; + + locations."~ ^/(css|img|js|fonts)/".extraConfig = '' + root /var/www/example.com/static; + ''; + }; + + systemd.services.writefreely = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = [ cfg.package ]; + + preStart = '' + cp -f ${configFile} ${cfg.dataDir} + + if [ ! -s ${cfg.dataDir}/keys ]; + ${cfg.package}/bin/writefreely keys generate + cp -f ./keys ${cfg.dataDir} + fi + ''; + + serviceConfig = { + User = "writefreely"; + Type = "forking"; + GuessMainPID = true; + ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/writefreely.sock new -d ${cfg.package}/bin/writefreely"; + }; + + postStart = '' + ${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/writefreely.sock + ${pkgs.coreutils}/bin/chgrp writefreely ${cfg.dataDir}/writefreely.sock + ''; + }; + + networking.firewall = { + allowedTCPPorts = [ cfg.port ]; + allowedUDPPorts = [ cfg.port ]; + }; }; } diff --git a/packages/glitch-soc/default.nix b/packages/glitch-soc/default.nix index f693143..7d3493e 100644 --- a/packages/glitch-soc/default.nix +++ b/packages/glitch-soc/default.nix @@ -1,17 +1,16 @@ { lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv, nixosTests, pkgs , yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript -, fetchYarnDeps, fixup_yarn_lock +, fetchYarnDeps, fixup_yarn_lock, fetchgit # Allow building a fork or custom version of Mastodon: , pname ? "glitch-soc" , version ? import ./version.nix -, srcOverride ? #pkgs.fetchFromGitHub { - #owner = "glitch-soc"; - #repo = "mastodon"; - #rev = "3f15326a05a926e9f001800a48ac2addbd3aa833"; - #sha256 = "1m1agij9i2byiml02yq0h9w6f64jvy2y2ayjm880pg5xm638nqmk"; - #} - /home/oatmealine/mastodon +, srcOverride ? fetchgit { + url = "https://git.oat.zone/dark-firepit/mastodon"; + rev = "7cb3b3f2df99e7df6b3a94bb90e4b4bee632a103"; + sha256 = "sha256-6Y+nDS/Gh/v6ixOa4utqNy+ETw7AdYDTAEFjpQrkunU="; + } + #/home/oatmealine/mastodon , dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json. }: @@ -60,7 +59,7 @@ stdenv.mkDerivation rec { export HOME=$PWD # This option is needed for openssl-3 compatibility # Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924 - #export NODE_OPTIONS=--openssl-legacy-provider + export NODE_OPTIONS=--openssl-legacy-provider fixup_yarn_lock ~/yarn.lock yarn config --offline set yarn-offline-mirror $yarnOfflineCache yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress