dark-firepit
/
dotfiles
5
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

some refactoring 

Co-authored-by: Jill Monoids <oatmealine@disroot.org>
This commit is contained in:
Aether 2022-09-05 18:16:09 +02:00
parent 35452b7be0
commit 9da0a143ae
67 changed files with 1877 additions and 1212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
config/gitea/app.toml Executable file
View File

@ -0,0 +1,40 @@
[security]
INSTALL_LOCK = true
PASSWORD_HASH_ALGO = "argon2"
PASSWORD_CHECK_PWN = true
[repository]
DEFAULT_BRANCH = "main"
[ui]
DEFAULT_THEME = "arc-pink"
THEMES="auto,gitea,arc-green,arc-pink,arc-pink-modern,darkred,gitea-blue,gitea-modern,github"
CUSTOM_EMOJIS = "blurry_eyes,whenyoubigshit,he,ancapistanian,oralpleasure,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_might,soul_of_blight,michael,bottom,spongesad,scripulous_fingore_point,scripulous_fingore,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,rusty50,entropy,peeeh,penis,gloopy,twister,stupib,speed,deadchat,cock,housj,dothejej,b_,trollgecommence,handsl,handsr,face,aiki,nervous,coffee,the_cowboy,dilf,child,closer,feddynite,orang,feddy_glamcock,elonmusk,slugclose,zonkerdoodle,pls,x3,slugloafspin,observer,pickle,zamiel_approves,ohgod,hapykity,i_see_chicory,i_see_pizza,cutely_blushes,gamer_boi,eeeeeeeeee,babytime,sleeby"
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = "noreply.oat.zone"
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[session]
PROVIDER = "file"
[other]
SHOW_FOOTER_BRANDING = true

14
default.nix
View File

@ -1,7 +1,7 @@
{ config, inputs, lib, pkgs, ... }:
let
inherit (lib) _;
inherit (lib) filterAttrs _;
in {
imports =
[ inputs.home-manager.nixosModules.home-manager ]
@ -15,18 +15,18 @@ in {
boot.loader.systemd-boot.configurationLimit = 10;
nix = let
registry = lib.mapAttrs (_: v: { flake = v; }) (_.filterSelf inputs);
registry = lib.mapAttrs (name: value: { flake = value; }) (filterAttrs (name: value: name != "attrs") inputs);
in {
package = pkgs.nixFlakes;
autoOptimiseStore = true;
extraOptions = "experimental-features = nix-command flakes";
binaryCaches = [
registry = registry // { dotfiles.flake = inputs.self; };
settings.auto-optimise-store = true;
settings.experimental-features = [ "nix-command" "flakes"];
settings.substituters = [
"https://nix-community.cachix.org"
];
binaryCachePublicKeys = [
settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
registry = registry // { dotfiles.flake = inputs.self; };
};
environment.systemPackages = with pkgs; [

338
flake.lock
View File

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1641576265,
"narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
"lastModified": 1652712410,
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
"owner": "ryantm",
"repo": "agenix",
"rev": "08b9c96878b2f9974fc8bde048273265ad632357",
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
"type": "github"
},
"original": {
@ -20,29 +20,58 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1641205782,
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@ -58,43 +87,86 @@
]
},
"locked": {
"lastModified": 1649887911,
"narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
"lastModified": 1656169755,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.11",
"ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
"libnbtplusplus": {
"flake": false,
"jillo": {
"inputs": {
"mkNodePackage": "mkNodePackage",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1591558203,
"narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=",
"owner": "multimc",
"repo": "libnbtplusplus",
"rev": "dc72a20b7efd304d12af2025223fad07b4b78464",
"lastModified": 1659775351,
"narHash": "sha256-W1vRnGF4+JCr8BSempyaB2rNFlkUAzSR7RjXiF+5GnQ=",
"ref": "main",
"rev": "55476dce96057b62d8ff4ae666a5084c709e06d8",
"revCount": 19,
"type": "git",
"url": "file:///home/oatmealine/jillo"
},
"original": {
"type": "git",
"url": "file:///home/oatmealine/jillo"
}
},
"mkNodePackage": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"npmlock2nix": "npmlock2nix",
"pnpm2nix": "pnpm2nix"
},
"locked": {
"lastModified": 1633790997,
"narHash": "sha256-1mk4EwNkWtTNpeRivZmJTzB+92g07maeFRVUMnnRh1U=",
"owner": "winston0410",
"repo": "mkNodePackage",
"rev": "a7eca5e027c8b260dca4ece7d8dd187f92420611",
"type": "github"
},
"original": {
"owner": "multimc",
"repo": "libnbtplusplus",
"owner": "winston0410",
"repo": "mkNodePackage",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1661267391,
"narHash": "sha256-5u33JsRQCq6Fotjj3/+JbQNmDujLVX8i/82ruFsDbMc=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "3442139e21642082000271849abb1209484e8909",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1639986101,
"narHash": "sha256-Ow0+pkY7qMw6lMAvR1mEdUT9svJnrkbaRoqp4bkMTpg=",
"lastModified": 1660407119,
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3f92db38374b2977aea8daf4c4fe2fa0eddbd60c",
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
"type": "github"
},
"original": {
@ -105,26 +177,43 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1650501692,
"narHash": "sha256-ApKf0/dc0SyB7zZ6yiiOQgcXAhCXxbSDyihHfRDIzx0=",
"owner": "NixOS",
"lastModified": 1633351077,
"narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9887f024766aa27704d1f89f623efd1d063da92a",
"rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.11",
"type": "indirect"
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1661278267,
"narHash": "sha256-eqJH9nHQrFsAGpG7YRfUipAT0mG8ZW0AusI5MeX716s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1ded9c47d54c1fcd3a9e6a4ed4e2bb65984ca691",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1640139330,
"narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=",
"lastModified": 1661239211,
"narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d",
"rev": "5e804cd8a27f835a402b22e086e36e797716ef8b",
"type": "github"
},
"original": {
@ -135,11 +224,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1641528457,
"narHash": "sha256-FyU9E63n1W7Ql4pMnhW2/rO9OftWZ37pLppn/c1aisY=",
"lastModified": 1659153955,
"narHash": "sha256-BAdA1WBHi/TBSaeyDjsVIqe62r0w/5ZvsaglXivOLLM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ff377a78794d412a35245e05428c8f95fef3951f",
"rev": "1e5d0fbd82f0f1370c70026d255deda2d9c8a585",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1650161686,
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
"type": "github"
},
"original": {
@ -149,41 +254,83 @@
"type": "github"
}
},
"polymc": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"libnbtplusplus": "libnbtplusplus",
"nixpkgs": "nixpkgs_2",
"quazip": "quazip"
},
"nixpkgs_4": {
"locked": {
"lastModified": 1641930261,
"narHash": "sha256-3RR/rjMFDYoA7qJHXLHdw1sauBCdO9kqMEGUpuxB1Sw=",
"owner": "PolyMC",
"repo": "PolyMC",
"rev": "3b524e99cceb734fa9f2433e3738ce0d185a75aa",
"lastModified": 1661187878,
"narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "52527082ea267fe486f0648582d57c85486b2031",
"type": "github"
},
"original": {
"owner": "PolyMC",
"repo": "PolyMC",
"id": "nixpkgs",
"ref": "nixos-22.05",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1659219666,
"narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1659102345,
"narHash": "sha256-Vbzlz254EMZvn28BhpN8JOi5EuKqnHZ3ujFYgFcSGvk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "11b60e4f80d87794a2a4a8a256391b37c59a1ea7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"quazip": {
"npmlock2nix": {
"flake": false,
"locked": {
"lastModified": 1633895098,
"narHash": "sha256-+Of0M2IAoTf1CyC0teCpsyurv6xfqiBo84V49dSeNTA=",
"owner": "multimc",
"repo": "quazip",
"rev": "b1a72ac0bb5a732bf887a535ab75c6f9bedb6b6b",
"lastModified": 1633729941,
"narHash": "sha256-v2YPcEWI1Wz8ErivorubgLcDT06H6YzFT7uhp1ymqnE=",
"owner": "winston0410",
"repo": "npmlock2nix",
"rev": "6ade47a330b6919defb45c0eb984a64234aa8468",
"type": "github"
},
"original": {
"owner": "multimc",
"repo": "quazip",
"owner": "winston0410",
"ref": "issue113",
"repo": "npmlock2nix",
"type": "github"
}
},
"pnpm2nix": {
"flake": false,
"locked": {
"lastModified": 1594396611,
"narHash": "sha256-UXOUQ+2A89/zaxYhTHiRrRBU5exbUWrg+FoJYMcNwuI=",
"owner": "nix-community",
"repo": "pnpm2nix",
"rev": "f67be0925a91b92f54d99dbdead7a06920b979ac",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "pnpm2nix",
"type": "github"
}
},
@ -191,10 +338,49 @@
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager",
"jillo": "jillo",
"nix-minecraft": "nix-minecraft",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable",
"polymc": "polymc"
"watch-party": "watch-party"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1659179790,
"narHash": "sha256-HhCjnO20QbJFJExExiwAslpx0YpB0qpovKejE+HpSQ4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "cc3c93a28de41ac38b93cdf075a6776c6e42d2a1",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"watch-party": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1657657296,
"narHash": "sha256-eJnE1a3EiVM2EFhJ7nQvkTyEZ6/fOWYsnb6GYOSfizg=",
"type": "git",
"url": "file:///home/oatmealine/watch-party"
},
"original": {
"type": "git",
"url": "file:///home/oatmealine/watch-party"
}
}
},

39
flake.nix
View File

@ -2,41 +2,31 @@
description = "Frosted Flakes";
inputs = {
# NixOS unstable
# nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs.url = "nixpkgs/nixos-21.11";
nixpkgs.url = "nixpkgs/nixos-22.05";
# WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software.
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# home-manager
# home-manager.url = "github:nix-community/home-manager/master";
home-manager.url = "github:nix-community/home-manager/release-21.11";
# WARNING: The master branch of nixpkgs is unsafe to use and software may break or contain various security vulnerabilities. Use at your own discretion.
nixpkgs-master.url = "github:nixos/nixpkgs/master";
home-manager.url = "github:nix-community/home-manager/release-22.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# agenix - age-encrypted secrets
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
# nixos-hardware
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-hardware.inputs.nixpkgs.follows = "nixpkgs";
/*
# fzf-hoogle
fzf-hoogle-vim.url = "github:monkoose/fzf-hoogle.vim";
fzf-hoogle-vim.flake = false;
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
# asyncrun-vim
asyncrun-vim.url = "github:skywind3000/asyncrun.vim";
asyncrun-vim.flake = false;
*/
# blender-30.url = "github:blender/blender/blender-v3.0-release";
# blender-30.flake = false;
polymc.url = "github:PolyMC/PolyMC";
jillo.url = "/home/oatmealine/jillo";
watch-party.url = "/home/oatmealine/watch-party";
};
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }:
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nix-minecraft, ... }:
let
system = "x86_64-linux";
@ -49,16 +39,19 @@
overlays = overlays ++ (lib.attrValues self.overlays);
};
pkgs = mkPkgs nixpkgs [ self.overlay inputs.polymc.overlay.${system} ];
pkgs = mkPkgs nixpkgs [ self.overlay nix-minecraft.overlay ];
in {
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
overlay = final: prev: {
_ = self.packages."${system}";
unstable = mkPkgs nixpkgs-unstable [];
master = mkPkgs nixpkgs-master [];
};
overlays = mapModules ./overlays import;
nixosModules = mapModulesRec ./modules import;
nixosConfigurations = mapModules ./hosts (mkHost system);
nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; });
devShell."${system}" = import ./shell.nix { inherit pkgs; };
};
}

10
hosts/dark-firepit/authorizedKeys.nix
View File

@ -1,14 +1,14 @@
{
"aether@subsurface" = {
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4lh7dN9Ohh2/WoGiZ4WlpVb01YPNto/9ungOAk6TH+65wkxMjY4a+1OsO8Znguj46tXVErn8xv2ZVX0K7ql0hzypPkP2Dvvim99tz6FKSf9Nwj6RRtIKPoYkJjtGYAqLJl8JPy50HkFXkDVQ/z4d4iwpneSODIJdkUFSzZR91jz9FX+4t2h+2xtuuRDI43+gHRqvwPP8XaE0srtMzZoQDUBKhwOynoo2vZnyd3O7kkpD9T+jzYEeLKppHdaoYN5UxZ4L0xnig0WFZiBH36/YGXA8gT56FHRw5GKhwWwfSvliEw63/6IxiVZBuM1Mj7syg2Ndhhmmay05QqvyTrdHA9veyzJG5l0HlnCmXe7ss9lVQnxxPfbHbnDZUhH1ax01sQUeTK3Bs3AvbsTLyXBbd4NCY5ovz85MqzM/Q84B1zX1i8KbFEBh0xkumNsPAXzY8ar+tq5rFa23bY9qF4s6CMv++JEXSJJufcf3BS2dBlw0lTGBn7UEO9FHHsU3xKCc= aether@subsurface";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
};
"oatmealine@beppy" = {
"oatmealine@void-defragmented" = {
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
};
"skye@DESKTOP-VB4940J" = {
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGPFAyr1zYL5+/VIUVhT5sIfikhlj37tuTHVSfW/xbHfBqvR/Ga21j2k6HAa6acpHBa3+Ri1DZIjIkzjco447ZP7ahwOF3Ci6Cv9oSXxmw43hUMypfMTLu9+v9sjFJFPg7F39X2ngZzzLxO1/fPMuQm3kK6T3WyVqpNUMaenXhnT2i641lo2tRjs1LeGIk6h3Ermp4V3WQo+exbf+nc1Lqt5Yos/jWn1HnsjxI2N1SQDiT9J+MpNN7wUz4Q57+aDKeXH2oBsnRjNGU90qudwZIdUUJunfVaFXZHuVopLv1DlY1rcjtTP/8P9WcFXsnqb4yiA4uon0fbo7IZISt+ffw+TDjPaDH/8TsfgeT36Dd2mKZ/Z9XdzdWiez4fZxExR9MZcJafxnnw6Bfsfb4sSw52VRE2R65apasDTHTE3toRr7JWDNOg35ULDuGiQMnWhbr1c/0aHOtxoIIjOTtWUAl1LqemAELq/sJhKc/B/ywN1421FCcyivn8meZUII0Ccc= skye@DESKTOP-VB4940J";
wg = "";
"oatmealine@beppy-phone" = {
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";
};
}

265
hosts/dark-firepit/default.nix
View File

@ -1,12 +1,18 @@
{ pkgs, inputs, lib, ... }:
let
keys = import ./authorizedKeys;
keys = import ./authorizedKeys.nix;
in {
imports = [
./hardware-configuration.nix
inputs.nix-minecraft.nixosModules.minecraft-servers
#inputs.watch-party.nixosModules.watch-party
(fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
];
# services.auto-fix-vscode-server.enable = true;
services.vscode-server.enable = true;
user = {
packages = with pkgs; [
git
@ -14,27 +20,39 @@ in {
];
};
defaultUsers = {
normalUsers = {
aether = {
packages = [ ];
shell = "fish";
extraGroups = [ "wheel" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
conf = {
packages = with pkgs; [ bat duf broot nftables tmux ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = [ keys."aether@subsurface".ssh ];
};
homeConf.home = {
sessionVariables = {
EDITOR = "nvim";
NIX_REMOTE = "daemon";
};
};
};
oatmealine = {
packages = [ ];
shell = "zsh";
extraGroups = [ "wheel" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = [ keys."oatmealine@beppy".shh ];
};
skye = {
packages = [ ];
shell = "fish";
extraGroups = [ "wheel" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = [ keys."skye@DESKTOP-VB4940J".shh ];
conf = {
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = [ keys."oatmealine@void-defragmented".ssh keys."oatmealine@beppy-phone".ssh ];
};
homeConf.home = {
sessionVariables = {
EDITOR = "micro";
NIX_REMOTE = "daemon";
};
};
};
};
@ -44,41 +62,220 @@ in {
};
modules = {
# theme.active = "still";
shell.zsh.enable = true;
shell.fish.enable = true;
security = {
isLocalMachine = false;
};
desktop = {
editors = {
neovim.enable = true;
};
};
dev = {
security.isLocalMachine = false;
editors.neovim.enable = true;
remote = {
enable = true;
keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
keys."oatmealine@void-defragmented".ssh
keys."oatmealine@beppy-phone".ssh
];
packages = with pkgs; [ tmux ];
shell = pkgs.unstable.fish;
};
services = {
ssh.enable = true;
ssh = {
enable = true;
requirePassword = false;
};
postgres.enable = true;
nextcloud = {
enable = true;
domain = "cloud.aether.gay";
};
gitea = {
enable = true;
site = "git.oat.zone";
domain = "git.oat.zone";
port = 3000;
};
matrix.conduit = {
enable = false;
domain = "matrix.aether.gay";
};
minecraft = {
enable = true;
servers = {
"dark-firepit" = {
enable = true;
autoStart = true;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = 0;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
};
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx6G";
};
};
};
wireguard = {
enable = true;
server = true;
externalInterface = "eno1";
interfaces."wg0" = import ./wireguardInterface.nix;
};
webapps = lib.mkMerge (import ./webapps);
vaultwarden = {
enable = true;
domain = "vault.aether.gay";
};
jillo = {
enable = false;
dataDir = "/var/lib/jillo";
};
# not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
# prevents other domains from "stealing" content by settings their dns to our ip
# this has happened before by the way on the vps. i have no clue how or why
# update: also optimizes gzip and tls stuff
nginx-config = {
enable = true;
};
staticSites = {
"aether.gay".dataDir = "/var/www/aether.gay";
"dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone";
"va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone";
"giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing";
"modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone";
"shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best";
"tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone";
"tesco-underground-dev.oat.zone".auth = { tesco = "Jn2DVTM7yVZtRKKyz3b2Tjj7Ss8vpuLB"; };
"oat.zone".dataDir = "/var/www/oat.zone";
"oat.zone".php = true;
"yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing";
"yugoslavia.fishing".php = true;
};
nitter = {
enable = true;
lightweight = false; # enable if shit gets wild; check config for more info
port = 3005;
domain = "nitter.oat.zone";
};
#watch-party = {
# enable = true;
# port = 1984;
#};
terraria = {
enable = false;
port = 7777; # port-forwarded
messageOfTheDay = "hi";
openFirewall = true;
worldPath = "/var/lib/terraria/gbj.wld";
autoCreatedWorldSize = "large";
dataDir = "/var/lib/terraria";
};
matomo = {
enable = true;
};
isso = {
enable = true;
port = 1995;
};
yugoslavia-best = {
enable = true;
domain = "yugoslavia.best";
};
};
};
services.nginx.virtualHosts."oat.zone" = {
locations."/f/".extraConfig = ''
add_header Access-Control-Allow-Origin "*";
'';
};
security.doas = {
extraRules = [
{ users = [ "aether" "oatmealine" "skye" ]; noPass = false; keepEnv = true; }
{ users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; }
{ users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
];
};
time.timeZone = "Europe/Amsterdam";
# If you uncomment this, I will uncomment the spores in your body
# mmm spores ymmnu.uyyy.., :)
networking.useDHCP = false;
networking = {
# for docs, start here
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
enableIPv6 = true; # true by default, but better safe than sorry
interfaces.eno1.ipv4.addresses = [
{ address = "51.89.98.8";
prefixLength = 24;
}
];
defaultGateway = "51.89.98.254";
nameservers = [ "8.8.8.8" "1.1.1.1" ];
interfaces.eno1.ipv6.addresses = [
{ address = "2001:41d0:0700:3308::";
prefixLength = 64;
}
];
defaultGateway6 = {
address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
# address = "33ff::1";
# address = "2001::1";
interface = "eno1";
};
/*
dhcpcd.persistent = true;
dhcpcd.extraConfig = ''
clientid d0:50:99:d4:04:68:d0:50:99:d4:04:68
noipv6rs
interface eno1
ia_pd 1/2001:41d0:700:3308::/56 eno1
static ip6_address=2001:41d0:700:3308::1/56
'';
*/
firewall.allowPing = true;
# minecraft proximity voice chat
firewall.allowedTCPPorts = [ 24454 ];
firewall.allowedUDPPorts = [ 24454 ];
};
# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";
}

3
hosts/dark-firepit/hardware-configuration.nix
View File

@ -19,6 +19,9 @@
};
};
nix.settings.cores = 3;
nix.settings.max-jobs = 6;
modules.hardware.fs = {
enable = true;
ssd.enable = true;

7
hosts/dark-firepit/secrets/secrets.nix
View File

@ -1 +1,6 @@
{}
let
keys = import ../authorizedKeys.nix;
"subsurface.aether" = keys."aether@subsurface".ssh;
in
{}

5
hosts/dark-firepit/webapps/default.nix
View File

@ -1,2 +1,3 @@
[
]
{
# "git.oat.zone" = import ./git-oat-zone;
}

6
hosts/dark-firepit/webapps/git-oat-zone.nix Normal file
View File

@ -0,0 +1,6 @@
{
locations."/" = {
proxy_cache = "simple_cache";
proxy_pass = "http://localhost:3000";
};
}

2
hosts/dark-firepit/webapps/gitea.nix Normal file
View File

@ -0,0 +1,2 @@
{
}

3
hosts/dark-firepit/wireguardInterface.nix
View File

@ -6,7 +6,7 @@ let
in {
ips = [ "10.100.0.1/24" ];
privateKeyFile = readFile "/etc/wg0.keys/wg0";
privateKeyFile = "/etc/wg0.keys/wg0";
listenPort = 51820;
@ -15,3 +15,4 @@ in {
allowedIPs = [ "10.100.0.${toString (n+2)}/32" ];
}) (length (attrValues peerKeys));
}

20
lib/README.md
View File

@ -1,20 +0,0 @@
# Lib
The `default.nix` defines a lib extended with a `_` attribute under which mine
custom lib functions live. The `default.nix` loads every `.nix` file in the
`libs` (current) directory and imports it.
The importing is quite simple:
1. First the `libsInFolder` reads the contents of the `libs` directory, filters
out non `.nix` files and the `default.nix` file and then returns a list of
paths to the individual `.nix` files it found.
2. This list gets passed to `importLibs` which imports the libraries and
merges the individual imported attribute sets together, so that all the
functions are available directly under one attribute set.
3. This attribute then gets bind to the `_` attribute in the `lib` extension.
Individual `.nix` files can use the functions defined in other local library
files normally using the `nix._.someFunctionName`.
## Overview
TODO

129
lib/colors.nix
View File

@ -1,129 +0,0 @@
{ lib, ... }:
let
inherit (builtins) elemAt listToAttrs substring;
inherit (lib) concatStringsSep fixedWidthString nameValuePair
stringToCharacters sublist toInt toUpper zipListsWith;
inherit (lib._) joinWithSep;
in rec {
/* Converts a hex color string to RGB triplet, an array of exactly 3 elements
Type:
toRGB :: String -> [Int]
Example:
toRGB "ffFFff"
=> [ 255 255 255 ]
*/
toRGB = hex: let
chars = stringToCharacters hex;
r = sublist 0 2 chars;
g = sublist 2 2 chars;
b = sublist 4 2 chars;
/* Converts a pair of characters (array of two strings, each of one char
long) in hexadecimal to a number. Expects a valid hexadecimal string.
Type:
hexPairToNum :: [String] -> Int
Example:
hexPairToNum [ "F" "1" ]
=> 241
*/
hexPairToNum = pair: let
c1 = elemAt pair 0; c2 = elemAt pair 1;
hexMapping = {
"A" = 10;
"B" = 11;
"C" = 12;
"D" = 13;
"E" = 14;
"F" = 15;
};
toNum = c: if hexMapping ? ${toUpper c} then hexMapping.${toUpper c} else toInt c;
in 16 * (toNum c1) + (toNum c2);
in [
(hexPairToNum r)
(hexPairToNum g)
(hexPairToNum b)
];
/* Both hexColor and rgbColor accept a color in 6 char long hexadecimal
representation. Their variants hexColor' and rgbaColor accept an
additional parameter opacity specified as an int in range from 0 to 100.
*/
/* Type:
hexColor :: String -> String
Example:
hexColor "FECACA"
=> "#FECACA"
*/
hexColor = color: "#" + color;
/* Type:
hexColor' :: String -> Int -> String
Example:
hexColor' "FECACA" 54
=> "#FECACA54"
*/
hexColor' = color: opacity: "#" + color + toString opacity;
_rgbColor = color: extra: "(" + (joinWithSep ((toRGB color) ++ extra) ", ") + ")";
/* Type:
rgbColor :: String -> String
Example:
rgbColor "FFFFFF"
=> "rgb(255, 255, 255)"
*/
rgbColor = color: "rgb" + _rgbColor color [];
/* Type:
rgbaColor :: String -> Int -> String
Example:
rgbaColor "FFFFFF" 42
=> "rgba(255, 255, 255, 0.42)"
*/
rgbaColor = color: _opacity: let
opacityStr = fixedWidthString 3 "0" (toString _opacity);
opacity = substring 0 1 opacityStr + "." + substring 1 2 opacityStr;
in "rgba" + _rgbColor color [opacity];
/* colors defines a color palette according to the Tailwind colors:
https://tailwindcss.com/docs/customizing-colors#color-palette-reference
Each individual color has 10 variants, for example to access the variant
700 of color red following notation is used: colors.red._700
The _ in front of the variant is there because numbers cannot be
used as keys.
*/
colors = let
scaleDef = [ 50 100 200 300 400 500 600 700 800 900 ];
scale = s: listToAttrs (zipListsWith (variant: color: nameValuePair "_${toString variant}" color) scaleDef s);
in rec {
# Default palette
coolGray = scale [ "F9FAFB" "F3F4F6" "E5E7EB" "D1D5DB" "9CA3AF" "6B7280" "4B5563" "374151" "1F2937" "111827" ];
red = scale [ "FEF2F2" "FEE2E2" "FECACA" "FCA5A5" "F87171" "EF4444" "DC2626" "B91C1C" "991B1B" "7F1D1D" ];
amber = scale [ "FFFBEB" "FEF3C7" "FDE68A" "FCD34D" "FBBF24" "F59E0B" "D97706" "B45309" "92400E" "78350F" ];
emerald = scale [ "ECFDF5" "D1FAE5" "A7F3D0" "6EE7B7" "34D399" "10B981" "059669" "047857" "065F46" "064E3B" ];
blue = scale [ "EFF6FF" "DBEAFE" "BFDBFE" "93C5FD" "60A5FA" "3B82F6" "2563EB" "1D4ED8" "1E40AF" "1E3A8A" ];
indigo = scale [ "EEF2FF" "E0E7FF" "C7D2FE" "A5B4FC" "818CF8" "6366F1" "4F46E5" "4338CA" "3730A3" "312E81" ];
violet = scale [ "F5F3FF" "EDE9FE" "DDD6FE" "C4B5FD" "A78BFA" "8B5CF6" "7C3AED" "6D28D9" "5B21B6" "4C1D95" ];
pink = scale [ "FDF2F8" "FCE7F3" "FBCFE8" "F9A8D4" "F472B6" "EC4899" "DB2777" "BE185D" "9D174D" "831843" ];
# Extra
blueGray = scale [ "F8FAFC" "F1F5F9" "E2E8F0" "CBD5E1" "94A3B8" "64748B" "475569" "334155" "1E293B" "0F172A" ];
# Aliases
gray = coolGray;
yellow = amber;
green = emerald;
purple = violet;
};
}

23
lib/default.nix
View File

@ -1,25 +1,12 @@
# _ _ _
# | (_) |__
# | | | '_ \
# | | | |_) |
# |_|_|_.__/
#
{ inputs, lib, pkgs, ... }:
lib.extend (lib: super:
lib.extend (self: super:
let
inherit (builtins) attrNames map readDir;
inherit (lib) filterAttrs foldr hasSuffix;
inherit (lib) attrValues foldr;
inherit (modules) mapModules;
importLib = file: import file { inherit inputs lib pkgs; };
merge = foldr (a: b: a // b) {};
importLibs = libs: merge (map importLib libs);
isLib = name: type: type == "regular" && name != "default.nix" && hasSuffix ".nix" name;
libPath = name: "${toString ./.}/${name}";
libsInFolder = map libPath (attrNames (filterAttrs isLib (readDir ./.)));
modules = import ./modules.nix { inherit lib; };
in {
_ = importLibs libsInFolder;
_ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file { inherit pkgs inputs; lib = self; })));
}
)

40
lib/modules.nix
View File

@ -1,29 +1,27 @@
{ lib, ... }:
let
inherit (builtins) attrValues pathExists readDir;
inherit (lib) filterAttrs hasSuffix mapAttrs' mkDefault mkOption
nameValuePair nixosSystem removeSuffix types;
inherit (lib._) mapFilterAttrs attrValuesRec;
inherit (builtins) attrValues readDir pathExists;
inherit (lib) id filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix mapAttrs' trace fix fold isAttrs;
in rec {
mapModules' = dir: fn: dirfn:
mapFilterAttrs
(_: v: v != null)
(name: type:
let
path = "${toString dir}/${name}";
in
if type == "directory" then
nameValuePair name (dirfn path)
else if type == "regular" && name != "default.nix" && hasSuffix ".nix" name then
# else if type == "regular" && hasSuffix ".nix" name then
nameValuePair (removeSuffix ".nix" name) (fn path)
else
nameValuePair "" null
)
(readDir dir);
filterAttrs
(name: type: type != null && !(hasPrefix "_" name))
(mapAttrs'
(name: type:
let path = "${toString dir}/${name}"; in
if type == "directory"
then nameValuePair name (dirfn path)
else if
type == "regular" &&
name != "default.nix" &&
hasSuffix ".nix" name
then nameValuePair (removeSuffix ".nix" name) (fn path)
else nameValuePair "" null
)
(readDir dir));
mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then (fn path) else null);
mapModules = dir: fn: mapModules' dir fn (path: if pathExists "${path}/default.nix" then fn path else null);
mapModulesRec = dir: fn: mapModules' dir fn (path: mapModulesRec path fn);
mapModulesRec' = dir: fn: attrValuesRec (mapModulesRec dir fn);
mapModulesRec' = dir: fn: fix (f: attrs: fold (x: xs: (if isAttrs x then f x else [x]) ++ xs) [] (attrValues attrs)) (mapModulesRec dir fn);
}

12
lib/nixos.nix
View File

@ -1,18 +1,20 @@
{ inputs, lib, pkgs, ... }:
let
inherit (lib) mkDefault nixosSystem;
in {
mkHost = system: path:
with lib;
{
mkHost = path: attrs@{ system, ... }:
nixosSystem {
inherit system;
specialArgs = { inherit lib inputs system; };
modules = [
{
nixpkgs.pkgs = pkgs;
networking.hostName = mkDefault (baseNameOf path);
networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path));
}
(filterAttrs (n: v: !elem n [ "system" ]) attrs)
../.
(import path)
];
};

20
lib/pkgs.nix
View File

@ -1,20 +0,0 @@
{ pkgs, ... }:
let
inherit (pkgs.stdenv) mkDerivation;
in rec {
_buildBinScript = buildInputs: name: mkDerivation {
inherit name buildInputs;
src = builtins.path { path = ../bin; name = "dotfiles"; };
buildCommand = ''
install -Dm755 $src/${name} $out/bin/${name}
patchShebangs $out/bin/${name}
'';
};
buildBinScript = _buildBinScript [];
buildBabashkaBinScript = _buildBinScript [ pkgs.babashka ];
}

88
lib/utils.nix
View File

@ -1,88 +0,0 @@
{ lib, ... }:
let
inherit (builtins) attrValues readFile;
inherit (lib) concatStringsSep filterAttrs fold isAttrs mapAttrs' mkOption types;
in rec {
/* Map over attrs with f and then filter them using pred
Type:
mapFilterAttrs ::
(String -> a -> Bool) -> (String -> b -> AttrSet) -> AttrSet' -> AttrSet
where AttrSet' has a value of type b and AttrSet of type a
Example:
mapFilterAttrs (n: v: n == "foo" || v == "bar") (n: v: nameValuePair n v)
{ foo = "baz"; a = "bar"; b = "foo" };
=> { foo = "baz"; a = "bar"; }
*/
mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs);
/* Recursively generates a list of values of attr even for nested attrs
Type:
attrValuesRec :: AttrSet -> [x]
Example:
attrValuesRec { foo = { bar = "baz"; }; a = "b"; }
=> ["baz" "b"]
*/
attrValuesRec = attr: fold (x: xs: (if isAttrs x then attrValuesRec x else [x]) ++ xs) [] (attrValues attr);
/* Filter the self key from the given attr
Type:
filterSelf :: AttrSet -> AttrSet
Example:
filterSelf { foo = "bar"; self = "baz"; }
=> { foo = "bar"; }
*/
filterSelf = attr: filterAttrs (n: _: n != "self") attr;
/* Maps the items of list to strings and concatenates them with sep in
between the individual items
Type:
joinWithSep :: [a] -> String -> String
a should be a type that is convertable to string using toString
Example:
joinWithSep [ 42 "foo" 0 ] "-"
=> "42-foo-0"
*/
joinWithSep = list: sep: concatStringsSep sep (map toString list);
/* Reads the given path and appends the extras to it
Type:
configWithExtras :: Path -> String -> String
Example:
configWithExtras example.txt "Appended text"
=> "Some text from example\nAppended text"
Given that example.txt contains "Some text from example"
*/
configWithExtras = path: extras: "${readFile path}\n${extras}";
enable = { enable = true; };
/* A simplifiation for creating options
Example:
mkOpt types.str "foobar" "A very important option"
=> mkOption {
type = types.str;
default = "foobar";
description = "A very important option";
}
*/
mkOpt = type: default: description:
mkOption { inherit type default description; };
/* Creates option without description */
mkOpt' = type: default: mkOpt type default null;
/* Alias for mkOpt' types.bool */
mkBoolOpt = default: mkOpt' types.bool default;
}

47
modules/desktop/apps/alacritty.nix
View File

@ -1,47 +0,0 @@
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.modules.desktop.apps.alacritty;
in {
options.modules.desktop.apps.alacritty = {
enable = mkOption {
type = types.bool;
default = false;
};
executable = mkOption {
type = types.str;
default = "${pkgs.alacritty}/bin/alacritty";
};
};
config = mkIf cfg.enable {
/*
user.packages = with pkgs; [
alacritty
];
*/
home._.programs.alacritty = {
enable = true;
/*
settings = {
background_opacity = theme.backgroundOpacity;
font = {
size = 12;
normal.family = theme.font.mono;
bold.family = theme.font.mono;
italic.family = theme.font.mono;
};
colors = {
primary = {
background = theme.colors.background;
foreground = theme.colors.foreground;
};
normal = theme.colors.backgroundScheme;
bright = theme.colors.foregroundScheme;
};
};
*/
};
};
}

22
modules/desktop/apps/firefox.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.desktop.apps.firefox;
wayland = config.modules.desktop.sway.enable;
in {
options.modules.desktop.apps.firefox = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
user.packages = if wayland then (with pkgs; [
firefox-wayland
]) else (with pkgs; [
firefox
]);
};
}

21
modules/desktop/apps/menus/nwggrid.nix
View File

@ -1,21 +0,0 @@
{ config, pkgs, inputs, lib, ... }:
with lib;
let
cfg = config.modules.desktop.apps.menus.nwggrid;
in {
options.modules.desktop.apps.menus.nwggrid = {
enable = mkOption {
type = types.bool;
default = false;
};
executable = mkOption {
type = types.str;
default = "${pkgs.nwg-launchers}/bin/nwggrid";
};
};
config = mkIf cfg.enable {
modules.desktop.apps.nwg-launchers.enable = true;
};
}

24
modules/desktop/apps/menus/wofi.nix
View File

@ -1,24 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.desktop.apps.wofi;
in {
options.modules.desktop.apps.wofi = {
enable = mkOption {
type = types.bool;
default = false;
description = "";
};
executable = mkOption {
type = types.str;
default = "${pkgs.wofi}/bin/wofi";
};
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
wofi
];
};
}

22
modules/desktop/apps/mpc.nix
View File

@ -1,22 +0,0 @@
{ pkgs, config, lib, options, ... }:
with lib;
let
cfg = config.modules.desktop.apps.mpc;
in {
options.modules.desktop.apps.mpc = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
modules.services.mpd.enable = true;
user.packages = with pkgs; [
mpc_cli
];
};
}

17
modules/desktop/apps/nwg-launchers.nix
View File

@ -1,17 +0,0 @@
{ pkgs, lib, options, config, ... }:
with lib;
let
cfg = config.modules.desktop.apps.nwg-launchers;
in {
options.modules.desktop.apps.nwg-launchers = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
user.packages = with pkgs; [ nwg-launchers ];
};
}

19
modules/desktop/apps/obs.nix
View File

@ -1,19 +0,0 @@
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.modules.desktop.apps.obs;
in {
options.modules.desktop.apps.obs = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
obs-studio
];
};
}

18
modules/desktop/desktop.nix
View File

@ -1,18 +0,0 @@
{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.desktop;
in {
options.modules.desktop = {
theme = mkOption {
type = types.str;
default = "still";
description = "Sets a particular styling and wallpaper configuration.";
};
};
config = {
services.dbus.enable = true;
};
}

18
modules/desktop/gaming/minecraft.nix
View File

@ -1,18 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.modules.desktop.gaming.minecraft;
in {
options.modules.desktop.gaming.minecraft = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables Minecraft through the PolyMC launcher";
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ polymc ];
};
}

7
modules/desktop/gaming/srb2k.nix
View File

@ -1,7 +0,0 @@
{ lib, pkgs, options, config, ... }:
with lib;
let
cfg = config.modules.desktop.gaming.srb2k;
in {
}

28
modules/desktop/river.nix
View File

@ -1,28 +0,0 @@
{ options, config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.desktop.river;
audioSupport = config.modules.hardware.audio.enable;
in {
options.modules.desktop.river = {
enable = mkOption {
type = tyoes.bool;
default = false;
description = "Enables the river wayland compositor.";
};
menu = mkOption {
type = types.str;
default = "nwggrid";
description = "Which application launch menu to use. Defaults to nwggrid.";
};
term = mkOption {
type = types.str;
default = "alacritty";
description = "Which terminal river should use. Defaults to alacritty.";
};
};
config = mkIf cfg.enable {
};
}

22
modules/desktop/services/swayidle.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.desktop.services.swayidle;
in {
options.modules.desktop.services.swayidle = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
/*
user.packages = with pkgs; [
swayidle
];
*/
};
}

20
modules/desktop/services/swaylock.nix
View File

@ -1,20 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.desktop.services.swaylock;
in {
options.modules.desktop.services.swaylock = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
user.packages = with pkgs; [
swaylock
];
};
}

26
modules/desktop/services/waybar.nix
View File

@ -1,26 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.desktop.services.waybar;
in {
options.modules.desktop.services.waybar = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
home._.programs.waybar = with pkgs; {
enable = true;
settings = [{
height = 10;
modules-left = [ "sway/workspaces" "sway/window" ];
modules-center = [ "clock" ];
modules-right = [ "tray" "cpu" "memory" "battery#bat0" ];
}];
style = builtins.readFile "${config.home.configFile.waybar.source}/style.css";
};
};
}

148
modules/desktop/sway.nix
View File

@ -1,148 +0,0 @@
{ options, config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.desktop.sway;
audioSupport = config.modules.hardware.audio.enable;
in {
options.modules.desktop.sway = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables the sway window manager for Wayland.";
};
menu = mkOption {
type = types.str;
default = "nwggrid";
description = "";
};
term = mkOption {
type = types.str;
default = "alacritty";
description = "Which terminal sway should default to.";
};
};
config = mkIf cfg.enable {
modules.hardware.graphics.enable = true;
programs.sway = {
enable = true;
extraPackages = with pkgs; [ xwayland ];
};
user.packages = with pkgs; [
grim
slurp
wl-clipboard
swaybg
autotiling
brightnessctl
wdisplays
gammastep
] ++ (if audioSupport then (with pkgs; [
playerctl
]) else [ ]);
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true;
};
services.xserver = {
enable = true;
autorun = true;
displayManager = {
sddm.enable = true;
defaultSession = "sway";
};
wacom.enable = true;
};
modules.desktop.apps."${cfg.term}".enable = true;
modules.desktop.apps.menus.${cfg.menu}.enable = true;
# modules.desktop.services.swaylock.enable = true;
modules.desktop.services.swayidle.enable = true;
# modules.desktop.services.mako.enable = true;
modules.desktop.services.waybar.enable = true;
home._.wayland.windowManager.sway = {
enable = true;
wrapperFeatures.gtk = true;
config = {
bars = [{ command = "waybar"; }];
modifier = "Mod4";
input."type:keyboard" = let kbcfg = config.keyboard; in {
xkb_layout = toLower (substring 3 2 kbcfg.locale);
xkb_variant = "," + kbcfg.variant;
};
input."type:touchpad" = {
tap = "enabled";
natural_scroll = "enabled";
scroll_method = "two_finger";
};
startup = [
# { command = "lock"; }
{ command = "autotiling"; }
# { command = "mako"; }
];
terminal = config.modules.desktop.apps.${cfg.term}.executable;
menu = config.modules.desktop.apps.menus.${cfg.menu}.executable;
output."eDP-1" = {
bg = "${config.modules.theme.wallpaper} fill";
scale = "1.5";
};
output."DP-4".bg = "${config.modules.theme.wallpaper} fill";
keybindings = let mod = config.home._.wayland.windowManager.sway.config.modifier; scProc = "wl-copy -t image/png && notify-send \"Screenshot Taken\""; in {
# "${mod}+l" = "exec lock";
"${mod}+q" = "reload";
"${mod}+Shift+c" = "kill";
"${mod}+p" = "exec ${config.home._.wayland.windowManager.sway.config.menu}";
"${mod}+Shift+Return" = "exec ${config.home._.wayland.windowManager.sway.config.terminal}";
"${mod}+Shift+e" = "exit";
"${mod}+1" = "workspace 1";
"${mod}+2" = "workspace 2";
"${mod}+3" = "workspace 3";
"${mod}+4" = "workspace 4";
"${mod}+5" = "workspace 5";
"${mod}+6" = "workspace 6";
"${mod}+7" = "workspace 7";
"${mod}+8" = "workspace 8";
"${mod}+9" = "workspace 9";
"${mod}+0" = "workspace 10";
"${mod}+Shift+1" = "move container to workspace 1";
"${mod}+Shift+2" = "move container to workspace 2";
"${mod}+Shift+3" = "move container to workspace 3";
"${mod}+Shift+4" = "move container to workspace 4";
"${mod}+Shift+5" = "move container to workspace 5";
"${mod}+Shift+6" = "move container to workspace 6";
"${mod}+Shift+7" = "move container to workspace 7";
"${mod}+Shift+8" = "move container to workspace 8";
"${mod}+Shift+9" = "move container to workspace 9";
"${mod}+Shift+0" = "move container to workspace 10";
"Print" = "exec grim -g \"$(slurp -d)\" - | ${scProc}";
"XF86AudioPlay" = "playerctl play-pause";
"Shift+XF86AudioPlay" = "playerctl loop";
};
};
extraSessionCommands = ''
export XDG_SESSION_TYPE=wayland
export QT_QPA_PLATFORM=wayland
export XDG_SESSION_DESKTOP=sway
export XDG_CURRENT_DESKTOP=sway
'';
extraConfig = builtins.readFile "${config.home.configFile.sway.source}/config";
};
};
}

17
modules/dev/php.nix Normal file
View File

@ -0,0 +1,17 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.dev.php;
in {
options.modules.dev.php = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.php ];
};
}

4
modules/desktop/editors/codium.nix → modules/editors/codium.nix
View File

@ -2,9 +2,9 @@
with lib;
let
cfg = config.modules.desktop.editors.codium;
cfg = config.modules.editors.codium;
in {
options.modules.desktop.editors.codium = {
options.modules.editors.codium = {
enable = mkOption {
type = types.bool;
default = false;

4
modules/desktop/editors/neovim.nix → modules/editors/neovim.nix
View File

@ -3,9 +3,9 @@
with lib;
let
configDir = config.configDir;
cfg = config.modules.desktop.editors.neovim;
cfg = config.modules.editors.neovim;
in {
options.modules.desktop.editors.neovim = {
options.modules.editors.neovim = {
enable = mkOption {
type = types.bool;
default = false;

48
modules/remote.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.remote;
in {
options.modules.remote = {
enable = mkOption {
type = types.bool;
default = false;
};
keys = mkOption {
type = types.nullOr (types.listOf types.str);
default = [];
};
packages = mkOption {
type = types.nullOr (types.listOf types.package);
default = [];
};
shell = mkOption {
type = types.nullOr types.package;
default = pkgs.bash;
};
};
config = mkIf cfg.enable {
users.users.remote = {
description = "Generic remote server access user";
createHome = true;
#isSystemUser = true;
isNormalUser = true;
group = "remote";
extraGroups = [ "nix-users" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = cfg.keys;
packages = cfg.packages;
shell = cfg.shell;
};
#home-manager.users.remote.home = {
# sessionVariables = {
# NIX_REMOTE = "daemon";
# };
#};
users.groups.remote = {};
};
}

4
modules/security.nix
View File

@ -82,8 +82,8 @@ in {
};
users.users.root = {
packages = [ pkgs.nologin ];
shell = pkgs.nologin;
packages = [ pkgs.shadow ];
shell = pkgs.shadow;
hashedPassword = "!";
};
};

130
modules/services/conduit.nix Normal file
View File

@ -0,0 +1,130 @@
{ pkgs, config, options, lib, ... }:
with lib;
let
cfg = config.modules.services.matrix.conduit;
in {
options.modules.services.matrix.conduit = {
enable = mkOption {
type = types.bool;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs._.matrix-conduit;
};
domain = mkOption {
type = types.str;
default = "localhost";
};
user = mkOption {
type = types.str;
default = "conduit";
description = "User account under which Conduit runs.";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/conduit";
};
httpAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
httpPort = mkOption {
type = types.port;
default = 6167;
};
disableRegistration = mkOption {
type = types.bool;
default = true;
};
disableFederation = mkOption {
type = types.bool;
default = false;
};
settings = mkOption {
type = types.submodule {
freeFormType = format.type;
options = {
server_name = mkOption {
type = types.str;
example = "matrix.aether.gay";
default = config.networking.hostName;
description = "The domain used to be used by the conduit instance for nginx.";
};
database_path = mkOption {
type = types.str;
default = "/var/lib/conduit";
};
database_backend = mkOption {
type = types.str;
default = "postgresql";
example = "rocksdb";
};
port = mkOption {
type = types.int;
default = 6167;
};
max_request_size = mkOption {
type = types.int;
default = 52428800; # 50MiB
};
allow_registration = mkOption {
type = types.bool;
default = false;
};
allow_federation = mkOption {
type = types.bool;
default = true;
};
max_concurrent_requests = mkOption {
type = types.int;
default = 64;
};
trusted_servers = mkOption {
type = types.listOf types.str;
default = [ "matrix.org" ];
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The address used to access the Conduit instance. Setting this to 127.0.0.1 ensures that it is only possible to reach the server via nginx.";
};
};
};
default = {};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
modules.services.matrix.conduit.settings = {
server_name = cfg.domain;
database_dir = cfg.dataDir;
port = cfg.httpPort;
enable_registration = !cfg.disableRegistration;
enable_federation = !cfg.disableFederation;
};
};
}

27
modules/services/dark-firepit-oat-zone.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.dark-firepit-oat-zone;
in {
options.modules.services.dark-firepit-oat-zone = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "dark-firepit.oat.zone";
};
};
config = mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/dark-firepit.oat.zone";
};
};
};
}

46
modules/services/gitea.nix
View File

@ -9,21 +9,49 @@ in {
type = types.bool;
default = false;
};
site = mkOption {
domain = mkOption {
type = types.str;
default = "git.oat.zone";
};
port = mkOption {
type = types.int;
default = 3000;
};
};
config = mkIf cfg.enable {
modules.services.postgres.enable = true;
services.gitea = {
enable = true;
domain = cfg.site;
rootUrl = "https://${cfg.site}/";
appName = "Gitea: Fire Pit hosted Git";
database = {
type = "postgres";
services = {
gitea = {
enable = true;
package = pkgs.master.gitea;
disableRegistration = true;
domain = cfg.domain;
httpPort = cfg.port;
rootUrl = "https://${cfg.domain}/";
stateDir = "/var/lib/${cfg.domain}";
cookieSecure = true;
appName = "Gitea: dark-firepit hosted Git";
database = {
type = "postgres";
name = "gitea";
};
settings = mkMerge [ (builtins.fromTOML (builtins.readFile "/etc/dotfiles/config/gitea/app.toml")) {
"ui.meta" = {
AUTHOR = "aether & oat";
DESCRIPTION = "dark-firepit's shared git instance";
};
}];
};
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
# using manual extraconfig because else nginx spits out a runtime error????
# thanks nginx
#locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port};";
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:${toString cfg.port};
'';
};
};
};

63
modules/services/isso.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.isso;
in {
options.modules.services.isso = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "comments.oat.zone";
};
port = mkOption {
type = types.port;
default = 1550;
};
};
config = mkIf cfg.enable {
services = {
isso = {
enable = true;
settings = {
general = {
host = "https://blog.oat.zone/";
latest-enabled = true;
};
server = {
listen = "http://localhost:${toString cfg.port}";
samesite = "Lax";
public-endpoint = "https://comments.oat.zone";
};
guard = {
enabled = true;
require-author = true;
ratelimit = 4;
};
admin = {
enabled = true;
password = "a8UYAH7jQQC3LjnG";
};
};
};
nginx.enable = true;
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
};
}

50
modules/services/jillo.nix Normal file
View File

@ -0,0 +1,50 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.services.jillo;
in {
options.modules.services.jillo = {
enable = mkOption {
type = types.bool;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs._.jillo;
};
dataDir = mkOption {
type = types.either [types.path types.str];
};
};
config = mkIf cfg.enable {
users.users.jillo = {
group = "jillo";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
shell = "${pkgs.bash}/bin/bash";
};
users.groups.jillo = {};
environment.systemPackages = [ pkgs.nodejs-18_x ];
systemd.services.jillo = {
description = "Jillo Discord bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "notify";
User = "jillo";
Group = "jillo";
WorkingDirectory = cfg.dataDir;
ExecStart = "${pkgs.nodejs-18_x}/bin/npm run start";
Restart = "on-failure";
};
};
};
}

60
modules/services/matomo.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.matomo;
in {
options.modules.services.matomo = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "analytics.oat.zone";
};
};
config = mkIf cfg.enable {
services = {
matomo = {
enable = true;
package = pkgs.unstable.matomo-beta;
periodicArchiveProcessing = true;
hostname = cfg.domain;
nginx = {
serverAliases = [
cfg.domain
];
enableACME = true;
};
};
mysql = {
enable = true;
package = pkgs.unstable.mariadb;
settings = {
mysqld = {
max_allowed_packet = "128M";
};
client = {
max_allowed_packet = "128M";
};
};
ensureDatabases = [ "matomo" ];
ensureUsers = [
{
name = "matomo";
ensurePermissions = {
"matomo.*" = "ALL PRIVILEGES";
};
}
];
};
};
};
}

22
modules/services/minecraft.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, lib, options, inputs, ... }:
with lib;
let
cfg = config.modules.services.minecraft;
in {
options.modules.services.minecraft = {
enable = mkOption {
type = types.bool;
default = false;
};
servers = options.services.minecraft-servers.servers;
};
config = mkIf cfg.enable {
services.minecraft-servers = {
enable = true;
eula = true;
servers = cfg.servers;
};
};
}

33
modules/services/nextcloud.nix Normal file
View File

@ -0,0 +1,33 @@
{ pkgs, config, lib, options, ... }:
with lib;
let
cfg = config.modules.services.nextcloud;
in {
options.modules.services.nextcloud = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = null;
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.domain != null;
description = "Nextcloud requires a domain.";
}
];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud24;
hostName = cfg.domain;
config.adminpassFile = "/etc/nextcloudpass";
};
};
}

66
modules/services/nginx-config.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.nginx-config;
in {
options.modules.services.nginx-config = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
security.acme = {
acceptTerms = true;
defaults.email = "oatmealine@disroot.org";
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
services.nginx = {
enable = true;
#enable = lib.mkForce false;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
commonHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
#add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame
#add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks)
#add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above)
#add_header X-XSS-Protection "1; mode=block";
# This might create errors
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
# prevent invalid domains from being used
virtualHosts."_".locations."/".return = "444";
virtualHosts."a".locations."/".return = "444";
};
networking.firewall.allowedTCPPorts = [ 443 80 ];
networking.firewall.allowedUDPPorts = [ 443 80 ];
};
}

88
modules/services/nitter.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, lib, pkgs, options, ... }:
# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
with lib;
let
cfg = config.modules.services.nitter;
in {
options.modules.services.nitter = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "nitter.oat.zone";
};
port = mkOption {
type = types.int;
default = 3005;
};
lightweight = mkOption {
type = types.bool;
default = false;
description = ''
Incase shit gets wild, this will make Nitter a lot more lightweight.
Some functionality gets removed (videos are not proxied, etc) in exchange for less RAM usage and CPU usage
'';
};
};
config = mkIf cfg.enable {
services = {
nitter = {
enable = true;
server = {
address = "127.0.0.1";
port = cfg.port;
hostname = cfg.domain;
title = "nitter.oat.zone"; # TODO: make this costumizable? not sure
https = true; # doesn't actually do any encryption, just changes cookie configuration
};
preferences = {
hlsPlayback = true;
proxyVideos = !cfg.lightweight;
theme = "Mastodon";
replaceTwitter = cfg.domain;
};
};
# https://github.com/zedeus/nitter/wiki/Nginx
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options DENY;
#add_header X-XSS-Protection "1; mode=block";
'';
};
locations."= /robots.txt" = {
extraConfig = ''
# re-defining
#add_header Strict-Transport-Security $hsts_header;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
};
# fix for a dumb error
# (this doesn't work or do anything lmfao)
# genuinely no idea how to fix it atm
systemd.services.nitter = {
path = with pkgs; lib.mkForce [ git ];
};
};
}

10
modules/services/ssh.nix
View File

@ -11,13 +11,21 @@ in {
default = false;
description = "Provide system SSH support though OpenSSH.";
};
requirePassword = mkOption {
type = types.bool;
default = true;
};
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
passwordAuthentication = false;
passwordAuthentication = cfg.requirePassword;
permitRootLogin = "no";
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
}

85
modules/services/staticSites.nix Normal file
View File

@ -0,0 +1,85 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
sites = config.modules.services.staticSites;
staticSiteModule.options = {
dataDir = mkOption {
type = types.oneOf [ types.str types.path ];
default = null;
};
auth = mkOption {
type = types.attrsOf types.str;
description = "Basic authentication options. Defines a set of user = password pairs.";
example = literalExpr ''
{
user = "password";
anotherUser = "anotherPassword";
/* ... */
}
'';
default = {};
};
php = mkOption {
type = types.bool;
description = "Does this site use php (phpfpm)?";
default = false;
};
};
in {
options.modules.services.staticSites = mkOption {
type = types.attrsOf (types.submodule staticSiteModule);
example = literalExpression ''
{
"aether.gay".dataDir = /var/www/aether.gay;
"oat.zone".dataDir = "/some/weird/place/oat-zone";
}
'';
default = {};
};
config = {
assertions = mapAttrsToList (domain: _@{dataDir, ...}:
{ assertion = dataDir != null;
description = "${domain} must specify a dataDir.";
}) sites;
services.nginx.virtualHosts = mkMerge (mapAttrsToList (domain: site: {
${domain} = {
locations."/".basicAuth = site.auth;
locations."~ \.php$".extraConfig = mkIf site.php ''
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
fastcgi_index index.php;
'';
locations."/".index = mkIf site.php "index.php index.html";
forceSSL = true;
enableACME = true;
root = site.dataDir;
};
}) sites);
users.users.phpfpm = {
isSystemUser = true;
group = "phpfpm";
};
users.groups.phpfpm = {};
services.phpfpm.pools = mkMerge (mapAttrsToList (domain: site: mkIf site.php {
${domain} = {
user = "phpfpm";
settings = {
pm = "dynamic";
"listen.owner" = config.services.nginx.user;
"pm.max_children" = 200;
"pm.max_requests" = 2000;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 25;
};
phpEnv."PATH" = lib.makeBinPath [ pkgs.unstable.php ];
};
}) sites);
};
}

170
modules/services/terraria.nix Normal file
View File

@ -0,0 +1,170 @@
{ config, lib, pkgs, options, ... }:
# copied from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/games/terraria.nix
# just modified to uhm. not break
with lib;
let
cfg = config.modules.services.terraria;
opt = options.modules.services.terraria;
worldSizeMap = { small = 1; medium = 2; large = 3; };
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
#" (ignore this its for micro)
boolFlag = name: val: optionalString val "-${name}";
flags = [
(valFlag "port" cfg.port)
(valFlag "maxPlayers" cfg.maxPlayers)
(valFlag "password" cfg.password)
(valFlag "motd" cfg.messageOfTheDay)
(valFlag "world" cfg.worldPath)
(valFlag "autocreate" (builtins.getAttr cfg.autoCreatedWorldSize worldSizeMap))
(valFlag "banlist" cfg.banListPath)
(boolFlag "secure" cfg.secure)
(boolFlag "noupnp" cfg.noUPnP)
];
stopScript = pkgs.writeScript "terraria-stop" ''
#!${pkgs.runtimeShell}
if ! [ -d "/proc/$1" ]; then
exit 0
fi
${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock send-keys Enter exit Enter
${getBin pkgs.coreutils}/bin/tail --pid="$1" -f /dev/null
'';
in
{
options = {
modules.services.terraria = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
If enabled, starts a Terraria server. The server can be connected to via `tmux -S ''${config.${opt.dataDir}}/terraria.sock attach`
for administration by users who are a part of the `terraria` group (use `C-b d` shortcut to detach again).
'';
};
port = mkOption {
type = types.port;
default = 7777;
description = lib.mdDoc ''
Specifies the port to listen on.
'';
};
maxPlayers = mkOption {
type = types.ints.u8;
default = 255;
description = lib.mdDoc ''
Sets the max number of players (between 1 and 255).
'';
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Sets the server password. Leave `null` for no password.
'';
};
messageOfTheDay = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Set the server message of the day text.
'';
};
worldPath = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
The path to the world file (`.wld`) which should be loaded.
If no world exists at this path, one will be created with the size
specified by `autoCreatedWorldSize`.
'';
};
autoCreatedWorldSize = mkOption {
type = types.enum [ "small" "medium" "large" ];
default = "medium";
description = lib.mdDoc ''
Specifies the size of the auto-created world if `worldPath` does not
point to an existing world.
'';
};
banListPath = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
The path to the ban list.
'';
};
secure = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Adds additional cheat protection to the server.";
};
noUPnP = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Disables automatic Universal Plug and Play.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Wheter to open ports in the firewall";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/terraria";
example = "/srv/terraria";
description = lib.mdDoc "Path to variable state data directory for terraria.";
};
};
};
#'' (sorry another micro moment)
config = mkIf cfg.enable {
users.users.terraria = {
description = "Terraria server service user";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "terraria";
};
users.groups.terraria = {};
systemd.services.terraria = {
description = "Terraria Server Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "terraria";
Type = "forking";
GuessMainPID = true;
ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
ExecStop = "${stopScript} $MAINPID";
};
postStart = ''
${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/terraria.sock
${pkgs.coreutils}/bin/chgrp terraria ${cfg.dataDir}/terraria.sock
'';
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
}

64
modules/services/vaultwarden.nix Normal file
View File

@ -0,0 +1,64 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.services.vaultwarden;
in {
options.modules.services.vaultwarden = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = null;
};
port = mkOption {
type = types.port;
default = 8222;
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.domain != null;
description = "Vaultwarden requires a domain to be defined";
}
];
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
config = {
DOMAIN = "https://${cfg.domain}";
DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql";
DATA_FOLDER = "/var/lib/bitwarden_rs";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = cfg.port;
ROCKET_LOG = "critical";
};
environmentFile = "${config.services.vaultwarden.config.DATA_FOLDER}/conf.env";
};
nginx.virtualHosts.${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
postgresql = {
enable = true;
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [
{ name = "vaultwarden";
ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
}
];
};
};
};
}

38
modules/services/watch-party.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, lib, pkgs, options, inputs, ... }:
with lib;
let
cfg = config.modules.services.watch-party;
in {
options.modules.services.watch-party = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "watch-party.oat.zone";
};
port = mkOption {
type = types.int;
default = 1984;
};
};
config = mkIf cfg.enable {
services = {
#watch-party = {
# enable = true;
# port = cfg.port;
#};
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
};
};
}

103
modules/services/webapps.nix
View File

@ -1,30 +1,61 @@
{ pkgs, lib, config, options, ... }:
with lib;
# uncomment any of this and i will uncomment the entirety of russia above your house
{ /*
with lib; with types;
let
cfg = config.modules.services.webapps;
in {
options.modules.services.webapps = mkOption {
type = types.attrsOf types.attrs;
default = {};
options.modules.services.webapps = {
enable = mkOption {
type = bool;
default = false;
};
webapps = mkOption {
type = attrsOf (submodule { options = {
nginx = mkOption {
type = submodule { options = options.services.nginx.virtualHosts.type.getSubModules; };
default = {};
};
phpfpm = {
enable = mkOption {
type = bool;
default = false;
};
config = mkOption {
type = submodule { options = options.services.phpfpm.pools.type.getSubModules; };
default = {
settings = {
"pm" = mkDefault "dynamic";
"pm.max_children" = mkDefault 16;
"pm.max_requests" = mkDefault 500;
"pm.start_servers" = mkDefault 1;
"pm.min_spare_servers" = mkDefault 1;
"pm.max_spare_servers" = mkDefault 3;
# "php_admin_value[error_log]" = mkDefault "${app.root}/log";
"php_admin_flag[log_errors]" = mkDefault true;
"catch_workers_output" = mkDefault true;
};
phpEnv."PATH" = makeBinPath [ pkgs.php ];
};
};
};
root = mkOption {
type = path;
default = null;
};
}; });
default = {};
};
};
config = mkMerge (
/*
[{ services.nginx.enable = true; }] ++
# Generic configuration
(mapAttrsToList (appName: app: let username = lib.intersperse "-" (lib.splitString "." appName); in mkMerge [
config = mkIf cfg.enable
(mkMerge (mapAttrsToList (appName: app: let username = concatStringsSep "-" (splitString "." appName); in trace appName (mkMerge [
{
assertions = [{
assertion = (types.enum ["generic" "phpfpm"]).check app.platform;
description = "Please specify a webapp platform for ${appName}. The possible platforms are: \"generic\", \"phpfpm\"";
}];
users.users.${username} = mkMerge [
{
isSystemUser = true;
group = appName;
group = username;
}
(mkIf (app.root != null) {
createHome = true;
@ -32,33 +63,25 @@ in {
})
];
users.groups.${username} = username;
# users.groups.${username} = {};
services.nginx.virtualHosts."${appName}" = app.nginx;
services.nginx = {
enable = true;
virtualHosts.${appName} = mkMerge [
app.nginx
(mkIf (app.root != null) { root = mkDefault app.root; })
];
};
}
# phpfpm-specific configuration
(mkIf (app.platform == "phpfpm") {
(mkIf app.phpfpm.enable {
modules.dev.php.enable = true;
services.phpfpm.pools.${appName} = {
user = appName;
settings = mkMerge [{
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 16;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"php_admin_value[error_log]" = "${app.root}/log";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
} app.phpfpm];
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
services.phpfpm.pools.${appName} = mkMerge [ app.phpfpm.config {
user = username;
default."listen.owner" = config.services.nginx.user;
}];
})
]) cfg)
*/[]
);
])) cfg.webapps
));
}
*/ }

5
modules/services/wireguard.nix
View File

@ -8,7 +8,7 @@ in {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables the wiregyard VPN service.";
description = "Enables wireguard. \"WireGuard\" and the \"WireGuard\" logo are registered trademarks of Jason A. Donenfeld.";
};
server = mkOption {
@ -38,6 +38,8 @@ in {
}
];
environment.systemPackages = [ pkgs.nftables ];
networking = mkMerge (
[{
nat.enable = true;
@ -46,6 +48,7 @@ in {
}] ++
(mapAttrsToList (iname: iattrs: {
firewall.allowedTCPPorts = [ iattrs.listenPort ];
firewall.allowedUDPPorts = [ iattrs.listenPort ];
wireguard.interfaces.${iname} = mkMerge [ iattrs {

132
modules/services/yugoslavia-best.nix Normal file
View File

@ -0,0 +1,132 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.yugoslavia-best;
in {
options.modules.services.yugoslavia-best = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "yugoslavia.best";
};
root = mkOption {
type = types.str;
default = "/var/www/yugoslavia.best";
};
};
config = mkIf cfg.enable {
modules.services.staticSites."${cfg.domain}" = {
dataDir = cfg.root;
php = true;
};
services = {
nginx.virtualHosts."${cfg.domain}" = {
locations."/modding-txts/" = {
extraConfig = ''
autoindex on;
sub_filter </head>
'<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300italic,700,700italic"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/milligram/1.4.1/milligram.css"><style>body {background: #34373c;border-bottom: 0.1rem solid #1b1c1d;padding:20px;} .header {background-color: #141518;} pre {background: #141518;} .prettyprint {color: #f2f2f2;} .prettyprint.lang-md * {color: #f2f2f2 !important;} code {background: #141518;} .prettyprint .atv { color: rgba(73, 158, 223, 1);} .poop {display: flex; width: 100%; flex-direction: row; justify-content: space-between}</style><!-- Matomo --><script>var _paq = window._paq = window._paq || [];/* tracker methods like "setCustomDimension" should be called before "trackPageView" */_paq.push(["trackPageView"]);_paq.push(["enableLinkTracking"]);(function() {var u="//analytics.oat.zone/";_paq.push(["setTrackerUrl", u+"matomo.php"]);_paq.push(["setSiteId", "2"]);var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);})();</script><!-- End Matomo Code --></head>';
sub_filter <pre> ' ';
sub_filter </pre> ' ';
sub_filter '<a ' '</span><span class="poop"><a ';
sub_filter '</a>' '</a>';
sub_filter '<body bgcolor="white">' '<body><div class="container box" style="margin:5rem auto; padding:4rem">';
sub_filter </body> '</div></body>';
sub_filter <hr> '</span><hr>';
sub_filter_once off;
'';
};
locations."/srb2kaddons/" = {
extraConfig = ''
autoindex on;
alias /home/oatmealine/.srb2kart/firepit/;
sub_filter </head>
'<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300italic,700,700italic"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/milligram/1.4.1/milligram.css"><style>body {background: #34373c;border-bottom: 0.1rem solid #1b1c1d;padding:20px;} .header {background-color: #141518;} pre {background: #141518;} .prettyprint {color: #f2f2f2;} .prettyprint.lang-md * {color: #f2f2f2 !important;} code {background: #141518;} .prettyprint .atv { color: rgba(73, 158, 223, 1);} .poop {display: flex; width: 100%; flex-direction: row; justify-content: space-between}</style><!-- Matomo --><script>var _paq = window._paq = window._paq || [];/* tracker methods like "setCustomDimension" should be called before "trackPageView" */_paq.push(["trackPageView"]);_paq.push(["enableLinkTracking"]);(function() {var u="//analytics.oat.zone/";_paq.push(["setTrackerUrl", u+"matomo.php"]);_paq.push(["setSiteId", "2"]);var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);})();</script><!-- End Matomo Code --></head>';
sub_filter <pre> ' ';
sub_filter </pre> ' ';
sub_filter '<a ' '</span><span class="poop"><a ';
sub_filter '</a>' '</a>';
sub_filter '<body bgcolor="white">' '<body><div class="container box" style="margin:5rem auto; padding:4rem">';
sub_filter </body> '</div></body>';
sub_filter <hr> '</span><hr>';
sub_filter_once off;
'';
};
locations."/__special" = {
extraConfig = ''
internal;
allow all;
root ${cfg.root}/nginx/html/__special;
'';
};
locations."= /__md_file" = {
extraConfig = ''
internal;
allow all;
add_header 'Vary' 'Accept';
# redefining
add_header Strict-Transport-Security $hsts_header;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
sub_filter </head>
'<title>$request_filename - yugoslavia.best</title><meta name="description" content="$request_filename - Modding TXTs"><meta name="og:title" content="$request_filename"><meta property="og:type" content="article"><meta property="og:site_name" content="yugoslavia.best"></head>';
sub_filter_once on;
default_type text/html;
alias ${cfg.root}/nginx/html/__special/md-renderer.html;
'';
};
locations."~* \\.md" = {
extraConfig = ''
error_page 418 = /__md_file;
add_header 'Vary' 'Accept';
# redefining
add_header Strict-Transport-Security $hsts_header;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
if (!-f $request_filename) {
break;
}
# if no "text/markdown" in "accept" header:
# redirect to /__md_file to serve html renderer
if ($http_accept !~* "text/markdown") {
return 418;
}
'';
};
extraConfig = ''
types {
text/plain md;
text/html html;
text/plain txt;
text/css css;
application/javascript js;
image/x-icon ico;
image/png png;
image/gif gif;
}
'';
};
};
};
}

41
modules/theme.nix
View File

@ -1,41 +0,0 @@
{ config, pkgs, lib, options, ... }:
with lib;
let
cfg = config.modules.theme;
in {
options.modules.theme = {
active = mkOption {
type = types.str;
default = "still";
description = "Theme defaults";
};
wallpaper = mkOption {
type = types.path;
default = null;
description = "The main wallpaper";
};
/*
gtk = {
theme = mkOption {
type = types.str;
default = "";
description = "The global GTK theme";
};
iconTheme = {
type = types.str;
default = "";
description = "Global GTK icon theme";
};
cursorTheme = {
type = types.str;
default = "";
description = "Global GTK cursor theme";
};
};
*/
};
config = mkIf (cfg.active != "") {
};
}

BIN
modules/themes/still/background.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 MiB

39
modules/themes/still/config/nwggrid/style.css
View File

@ -1,39 +0,0 @@
button, label, image {
background: none;
border-style: none;
box-shadow: none;
color: #999999;
}
button {
padding: 5px;
margin: 5px
}
button:hover {
background-color: rgba(255, 255, 255, 0.1);
}
button:focus {
box-shadow: 0 0 2px;
}
#searchbox {
background: none;
border-color: #999999;
color: #cccccc;
margin-top: 20px;
margin-bottom: 20px
}
#separator {
background-color: rgba(200, 200, 200, 0.5);
margin-left: 500px;
margin-right: 500px;
margin-top: 10px;
margin-bottom: 10px
}
#description {
margin-bottom: 20px
}

3
modules/themes/still/config/sway/config
View File

@ -1,3 +0,0 @@
# font pango:SF Pro Display
gaps inner 10

88
modules/themes/still/config/waybar/style.css
View File

@ -1,88 +0,0 @@
* {
border: none;
border-radius: 0;
font-family: "SF Pro Display";
font-size: 13px;
}
window#waybar {
background-color: rgba(0, 0, 0, 0);
}
window#waybar.hidden {
opacity: 0.2;
}
/* Universal Attributes */
#tray,
#cpu,
#memory,
#pulseaudio,
#battery,
#clock,
#workspaces button,
#window {
background: rgba(40, 50, 80, 0.60);
border-radius: 5px;
color: rgba(240, 240, 240, 1.00);
}
/* Font Sizes */
#workspaces button {
font-size: 15px;
}
/* Padding */
#workspaces button,
#window {
padding: 2px 5px;
}
#clock {
padding: 2px 8px;
}
#cpu,
#memory,
#battery {
padding: 2px 7px;
}
/* Margins */
#workspaces button,
#window {
margin: 10px 0 0 10px;
}
#clock {
margin: 10px 0 0 0;
}
#tray,
#cpu,
#memory,
#pulseaudio,
#battery {
margin: 10px 10px 0 0 ;
}
/* Colours */
#workspaces button.active {
background: rgba(40, 70, 125, 0.40);
}
#workspaces button:hover,
#battery.charging {
background: rgba(45, 80, 140, 1.00);
}
#workspaces button.urgent,
#battery.critical:not(.charging) {
background: rgba(255, 100, 80, 1.00);
}

32
modules/themes/still/theme.nix
View File

@ -1,32 +0,0 @@
{ config, options, lib, pkgs, ... }:
with lib;
let
theme = config.modules.theme;
in {
config = mkIf (theme.active == "still") (mkMerge [
{
modules.theme.wallpaper = ./background.png;
home.configFile = with config.modules; mkMerge [
(mkIf desktop.services.waybar.enable {
"waybar" = { source = ./config/waybar; target = "$HOME.config/waybar"; recursive = true; };
})
/*
(mkIf desktop.apps.alacritty.enable {
"alacritty" = { source = ./config/alacritty; recursive = true; };
})
(mkIf desktop.apps.wofi.enable {
"wofi" = { source = ./config/wofi; recursive = true; };
})
*/
(mkIf desktop.sway.enable {
"sway" = { source = ./config/sway; target = "$HOME.config/sway"; recursive = true; };
})
(mkIf desktop.apps.nwg-launchers.enable {
"nwg-launchers/nwggrid/style.css" = { source = ./config/nwggrid/style.css; };
})
];
}
]);
}

45
modules/users.nix
View File

@ -5,10 +5,23 @@ let
in {
options = {
defaultUsers = mkOption {
user = mkOption {
type = types.attrs;
default = {};
description = "Collection of users";
description = "Defaults to apply to all normal users in the system.";
};
normalUsers = mkOption {
type = types.attrsOf (types.submodule { options = {
conf = mkOption {
type = types.attrs;
default = {};
};
homeConf = mkOption {
type = types.attrs;
default = {};
};
};});
default = {};
};
home = {
_ = mkOption {
@ -18,15 +31,10 @@ in {
};
configFile = mkOption {
type = types.attrs;
default = {};
description = "(XDG) Configuration files managed by home-manager";
default = {};
description = "(XDG) Configuration files managed by home-manager";
};
};
user = mkOption {
type = types.attrs;
default = {};
description = "Universal system-level user configuration";
};
configDir = mkOption {
type = types.path;
default = ../config;
@ -58,22 +66,17 @@ in {
};
};
users.users = mapAttrs (user: prop: mkMerge [
users.groups = mapAttrs (_: _: {}) config.normalUsers;
users.users = mapAttrs (username: user: (mkMerge [
(mkAliasDefinitions options.user)
user.conf
{
packages = prop.packages;
extraGroups = prop.extraGroups;
shell = pkgs."${config.defaultUsers."${user}".shell}";
home = "/home/${user}";
isNormalUser = true;
group = user;
group = username;
}
]) config.defaultUsers;
])) config.normalUsers;
home-manager.users = mapAttrs (user: prop: mkMerge [
(mkAliasDefinitions options.home._)
# (import "${prop.homeDir}/.home/")
]) config.defaultUsers;
home-manager.users = mapAttrs (username: user: (mkMerge [(mkAliasDefinitions options.home._) user.homeConf])) config.normalUsers;
};
}

21
nixos.nix
View File

@ -1,21 +0,0 @@
{ lib, inputs, pkgs, ... }:
let
inherit (lib) nixosSystem mkDefault;
in {
/*
*/
mkHost = system: path:
nixosSystem {
inherit system;
specialArgs = { inherit lib inputs system; };
modules = [
{
nixpkgs.pkgs = pkgs;
networking.hostName = mkDefault (baseNameOf path);
}
../.
(import path)
];
};
}

26
packages/matrix-conduit/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ lib, stdenv, fetchFromGitLab, rustc, cargo, openssl, rustPlatform, ... }: {}
/*
rustPlatform.buildRustPackage rec {
pname = "matrix-conduit";
ver = "v0.4.0";
src = fetchFromGitLab {
owner = "famedly";
repo = "conduit";
rev = "0b926c2a31deff57a3526dd75d8c08775b02241a";
sha256 = lib.fakeSha256;
};
meta = {
name = "conduit";
description = "A Matrix homeserver written in Rust";
license = "Apache-2.0";
homepage = "https://conduit.rs";
};
cargoSha256 = lib.fakeSha256;
buildInputs = [ openssl ];
}
*/

2
result
View File

@ -1 +1 @@
/nix/store/js0sdyhi0319gwr76gj56q52dci2n9y0-nixos-system-dark-firepit-21.11.20220421.9887f02
/nix/store/f5ybdcl8js6wh9w643f1agaxcsfh0i12-nixos-system-dark-firepit-22.05.20220731.ede02b4