From a8f93d755566013f570c0949d8e2a826fcb4b965 Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Fri, 21 Apr 2023 15:40:27 +0200 Subject: [PATCH] lucent-firepit shenanigans!! --- flake.lock | 100 ++++--- flake.nix | 10 +- hosts/lucent-firepit/authorizedKeys.nix | 39 +++ hosts/lucent-firepit/default.nix | 279 ++++++++++++++++++ .../lucent-firepit/hardware-configuration.nix | 63 ++++ hosts/lucent-firepit/minecraft.nix | 134 +++++++++ hosts/lucent-firepit/og/configuration.nix | 115 ++++++++ .../og/hardware-configuration.nix | 63 ++++ hosts/lucent-firepit/secrets/secrets.nix | 6 + hosts/lucent-firepit/srb2k.nix | 116 ++++++++ hosts/lucent-firepit/webapps/default.nix | 193 ++++++++++++ hosts/lucent-firepit/wireguardInterface.nix | 22 ++ hosts/lucent-firepit/yugoslavia-best.nix | 131 ++++++++ modules/editors/helix.nix | 6 +- modules/hyprland.nix | 8 +- modules/services/libreddit.nix | 2 + modules/services/ssh.nix | 5 + 17 files changed, 1237 insertions(+), 55 deletions(-) create mode 100644 hosts/lucent-firepit/authorizedKeys.nix create mode 100644 hosts/lucent-firepit/default.nix create mode 100644 hosts/lucent-firepit/hardware-configuration.nix create mode 100644 hosts/lucent-firepit/minecraft.nix create mode 100644 hosts/lucent-firepit/og/configuration.nix create mode 100644 hosts/lucent-firepit/og/hardware-configuration.nix create mode 100644 hosts/lucent-firepit/secrets/secrets.nix create mode 100644 hosts/lucent-firepit/srb2k.nix create mode 100644 hosts/lucent-firepit/webapps/default.nix create mode 100644 hosts/lucent-firepit/wireguardInterface.nix create mode 100644 hosts/lucent-firepit/yugoslavia-best.nix diff --git a/flake.lock b/flake.lock index 9e99cd4..c61ab3d 100755 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1677969766, - "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", + "lastModified": 1680281360, + "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", "owner": "ryantm", "repo": "agenix", - "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", + "rev": "e64961977f60388dd0b49572bb0fc453b871f896", "type": "github" }, "original": { @@ -51,11 +51,11 @@ ] }, "locked": { - "lastModified": 1679283474, - "narHash": "sha256-vlJOZZ07XURH8ZZG6Eg/pOuUKhul5bcWkvd+nwrY0Yw=", + "lastModified": 1681376791, + "narHash": "sha256-vIhbKlSLiJuy3Zx5w8Pp7cPEuftLXn6fX8VPEkiEfzk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "794b5765f0dcab8a80d0875d1ee04aad9e220cb8", + "rev": "7606cc4b272b55d800c5b62adff217e5833db045", "type": "github" }, "original": { @@ -98,19 +98,20 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "utils": "utils" }, "locked": { - "lastModified": 1667907331, - "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", + "lastModified": 1681092193, + "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", "owner": "nix-community", "repo": "home-manager", - "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", + "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.05", + "ref": "release-22.11", "repo": "home-manager", "type": "github" } @@ -125,11 +126,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1679277046, - "narHash": "sha256-5E/Cd1PdYwN0bfR3dyyTQ2Wu5ADK3pg/Z+viAtfaP70=", + "lastModified": 1681395658, + "narHash": "sha256-ObDYZHUG3wmJfzISVRJ3VXqqYc8GRsOKC1qybJ/OIj0=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "d23bbd1687a5413fb7f2c08b67692d4e64f8efef", + "rev": "33d06fb0e5033412638edec5a8d78cbec844132a", "type": "github" }, "original": { @@ -146,11 +147,11 @@ ] }, "locked": { - "lastModified": 1671839510, - "narHash": "sha256-+PY1qqJfmZzzROgcIY4I7AkCwpnC+qBIYk2eFoA9RWc=", + "lastModified": 1681065697, + "narHash": "sha256-QPzwwlGKX95tl6ZEshboZbEwwAXww6lNLdVYd6T9Mrc=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "b8f55e02a328c47ed373133c52483bbfa20a1b75", + "rev": "4d29e48433270a2af06b8bc711ca1fe5109746cd", "type": "github" }, "original": { @@ -166,11 +167,11 @@ ] }, "locked": { - "lastModified": 1678893556, - "narHash": "sha256-FHhBetkV/S7M9BMpbCzUWX/P5E7tGE4mZIpj/2m0K2M=", + "lastModified": 1681308705, + "narHash": "sha256-Iy1NVydzM04OqBLeD96zDmg1HMilUqa2vFeaOJFOp8o=", "owner": "hyprwm", "repo": "hyprpaper", - "rev": "61961973cfd10853b32c7f904cdb88f9ab6d84dd", + "rev": "10fd31a5444d25ab81c8105f2df1b4cb0cba68e5", "type": "github" }, "original": { @@ -186,11 +187,11 @@ ] }, "locked": { - "lastModified": 1678372307, - "narHash": "sha256-wb1oXsaM0AkThPJGjn0Ytxt8vbBQG+mg2AGY0uxhUJ0=", + "lastModified": 1680280900, + "narHash": "sha256-8Tc8am5+iQvzRdnTYIpD3Ewge6TIctrm8tr0H+RvcsE=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "234c2da51a71941c0cd2ee380f42de365f90dd6f", + "rev": "cc6b3234b2966acd61c8a2e5caae947774666601", "type": "github" }, "original": { @@ -207,11 +208,11 @@ ] }, "locked": { - "lastModified": 1679276580, - "narHash": "sha256-3+YDy2BQuIWauD7oHZZDU0uRC2c0cOWdyRZW3ss76VY=", + "lastModified": 1681262808, + "narHash": "sha256-A4CCPgNUDTLnu7WNdcE0GD/IhcIdV9fmNvWl6bC5f8Q=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "710b88f976c522deb1306b0310429b4bef3cff39", + "rev": "2d5c4d090c759b7cf9ef6292f33d0702dab21d09", "type": "github" }, "original": { @@ -222,11 +223,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1679224149, - "narHash": "sha256-TSY37Zv0icF/aijR3/KWGLVBlnKKHlG9QTj7vHbF/UU=", + "lastModified": 1680876084, + "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "a4bc66709604ab78abc575b60baa6d23ae027a59", + "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", "type": "github" }, "original": { @@ -237,26 +238,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1679172431, - "narHash": "sha256-XEh5gIt5otaUbEAPUY5DILUTyWe1goAyeqQtmwaFPyI=", + "lastModified": 1681269223, + "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1603d11595a232205f03d46e635d919d1e1ec5b9", + "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable", + "ref": "nixos-22.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1679172431, - "narHash": "sha256-XEh5gIt5otaUbEAPUY5DILUTyWe1goAyeqQtmwaFPyI=", + "lastModified": 1681303793, + "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1603d11595a232205f03d46e635d919d1e1ec5b9", + "rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc", "type": "github" }, "original": { @@ -294,6 +295,21 @@ "vscode-server": "vscode-server" } }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "vscode-server": { "inputs": { "nixpkgs": "nixpkgs_2" @@ -316,11 +332,11 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1677789111, - "narHash": "sha256-dWrk+Q3bLdtFe5rkyaAKWCQJCeE/KFNllcu1DvBC38c=", + "lastModified": 1680810405, + "narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=", "owner": "wlroots", "repo": "wlroots", - "rev": "5ae17de23f5fd9bb252a698f3771c840280e2c05", + "rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5", "type": "gitlab" }, "original": { @@ -342,11 +358,11 @@ ] }, "locked": { - "lastModified": 1673116118, - "narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=", + "lastModified": 1681127512, + "narHash": "sha256-vklOOhBj5W8fii6yN4L2WY5ZeifBmsq3+mJ2wC1Pk9U=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2", + "rev": "04f579377a32781ce57c9cf4ba2a5bcb7f53fa97", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0b00571..2895239 100755 --- a/flake.nix +++ b/flake.nix @@ -4,13 +4,13 @@ inputs = { # temporary forgejo workaround # TODO: remove when https://github.com/NixOS/nixpkgs/pull/218269 gets pushed to stable - #nixpkgs.url = "nixpkgs/nixos-22.05"; - nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "nixpkgs/nixos-22.11"; + #nixpkgs.url = "nixpkgs/nixos-unstable"; # WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software. nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-22.05"; + home-manager.url = "github:nix-community/home-manager/release-22.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; # agenix - age-encrypted secrets @@ -52,7 +52,7 @@ vscode-server.url = "github:msteen/nixos-vscode-server"; }; - outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, vscode-server, nix-minecraft, hyprland, hyprpaper, hyprpicker, ... }: + outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, vscode-server, nix-minecraft, /* hyprland, hyprpaper, hyprpicker, */ ... }: let system = "x86_64-linux"; @@ -74,7 +74,7 @@ }; overlays = mapModules ./overlays import; nixosModules = (mapModulesRec ./modules import) ++ [ - hyprland.nixosModules.default +# hyprland.nixosModules.default vscode-server.nixosModule ]; nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; }); diff --git a/hosts/lucent-firepit/authorizedKeys.nix b/hosts/lucent-firepit/authorizedKeys.nix new file mode 100644 index 0000000..59fc7dd --- /dev/null +++ b/hosts/lucent-firepit/authorizedKeys.nix @@ -0,0 +1,39 @@ +[ + # Aether + { hostname = "aether@subsurface"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface"; + wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw="; + } + { hostname = "aether@Aethers-Mini.station"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmy7rPZky0M8p5+d9smUnSTjG25CIsQPYibKsBxgvdw aether@Aethers-Mini.station"; + } + { hostname = "aether@phone"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5LPWVgsFAH9XErXGZB+lzwb/+7EiEb6eatNWoJag5i JuiceSSH"; + } + + # oatmealine + { hostname = "oatmealine@void-defragmented"; + ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy"; + wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg="; + } + { hostname = "oatmealine@beppy-phone"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH"; + wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4="; + } + { hostname = "oatmealine@dark-firepit"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKz3Zkhrht1EX32LIbkSvql1p15EXqxTy/4xQKlj0CUx oatmealine@disroot.org"; + } + + # mayflower + { hostname = "mayflower@BMW-M550d-xDrive"; + ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCIeoFll8XBRwu6vbQHUj4LNbvRvLMTdqUP1su9hGxow8olGKIZf/nINkt+/B5w4UumLFnOOROIWVhSH/04oxGVCWdk29ibPo3yYJIAoQrqOXYWCrGpMDd0z2n/0CwyXRAqmQ4rubnUZtnlabYCLh0eWMu9ZRSsSrQ+MiaUHES/vv1MxlLWHoEGfhLzoq7SyIsK88Mirgu9lSeHd/+2JybkQ9kNEWTxnzUPKwOMT0zLGo7vNLmfPhJ1WilQoV4F8skDbbgFNRuLO13ZDn6W2jqZ+zjf3H9khzPivG+oaKfHLMDD/zCwHM3rm3JyJzX7GF9EV73AqbNkzzsf54vKhYRT"; + } + { hostname = "swag@BMW-M550d-xDrive"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1fJn2ZY9fhBr4E1Gc91uRWS5r+EZ4OHy3RmuAjx7kr swag@BMW-M550d-xDrive"; + } + + # winter + { hostname = "lilith@bms-cab"; + ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab"; + } +] diff --git a/hosts/lucent-firepit/default.nix b/hosts/lucent-firepit/default.nix new file mode 100644 index 0000000..d99e8a2 --- /dev/null +++ b/hosts/lucent-firepit/default.nix @@ -0,0 +1,279 @@ +{ pkgs, inputs, lib, ... }: + +let + keys = import ./authorizedKeys.nix; + SSHKeys = map (pack: pack.ssh) keys; + fetchSSH = (host: lib._.getSSH host keys); + fetchSSHKeys = map fetchSSH; +in { + imports = [ + ./hardware-configuration.nix +# ./minecraft.nix +# ./srb2k.nix +# ./yugoslavia-best.nix + ./webapps/default.nix + inputs.nix-minecraft.nixosModules.minecraft-servers + #inputs.watch-party.nixosModules.watch-party + (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master") + ]; + +# services.auto-fix-vscode-server.enable = true; +# services.vscode-server.enable = true; + + user = { + packages = with pkgs; [ + git + curl + ]; + }; + + users.groups.dotfiles = {}; + users.groups.yugoslavia = {}; + + normalUsers = { + # aether??? is that... reference.../.??? aether https://www.curseforge.com/minecraft/mc-mods/aether mod Curseforge minecraft Forge Patreon Chat twitter code license Assets license All rights reserved categories Last Updated apr 17 2021 Game Version 1.12.2 aether + aether = { + conf = { + packages = with pkgs; [ bat duf broot helix nil ]; + shell = pkgs.unstable.fish; + extraGroups = [ "wheel" "nix-users" "dotfiles" ]; + initialHashedPassword = "!"; + openssh.authorizedKeys.keys = fetchSSHKeys [ + "aether@subsurface" + "aether@phone" + "aether@Aethers-Mini.station" + ]; + }; + + homeConf.home = { + sessionVariables = { + EDITOR = "hx"; + NIX_REMOTE = "daemon"; + }; + }; + }; + + # oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft??????? + oatmealine = { + conf = { + packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ]; + shell = pkgs.unstable.fish; + extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ]; + initialHashedPassword = "!"; + openssh.authorizedKeys.keys = fetchSSHKeys [ + "oatmealine@void-defragmented" + "oatmealine@beppy-phone" + ]; + }; + + homeConf.home = { + sessionVariables = { + EDITOR = "micro"; + NIX_REMOTE = "daemon"; + }; + }; + }; + + # i yearn for the day this name ceases to mean + mayflower = { + conf = { + packages = with pkgs; [ micro tmux ]; + shell = pkgs.unstable.fish; + extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ]; + initialHashedPassword = "!"; + openssh.authorizedKeys.keys = fetchSSHKeys [ + "mayflower@BMW-M550d-xDrive" + "swag@BMW-M550d-xDrive" + ]; + }; + + homeConf.home = { + sessionVariables = { + EDITOR = "micro"; + NIX_REMOTE = "daemon"; + }; + }; + }; + + winter = { + conf = { + packages = with pkgs; [ micro ]; + shell = pkgs.unstable.fish; + extraGroups = [ "wheel" "nix-users" "dotfiles" ]; + initialHashedPassword = "!"; + openssh.authorizedKeys.keys = fetchSSHKeys [ + "lilith@bms-cab" + ]; + }; + }; + }; + + keyboard = { + locale = "en_US.UTF-8"; + variant = "qwerty"; + }; + + services.vscode-server.enable = true; + + modules = { + shell.fish.enable = true; + security.isLocalMachine = false; + editors.neovim.enable = true; + remote = { + enable = true; + keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoV7ymOtfC8SYvv31/GGso8DoHKE/KOfoEZ0hjmYtaQg7dyi5ijfDikLZUux8aWivvRofa7SqyaK0Ea+s9KuTX/dreJKz/RKG+QHLjw6U0FSoJ765q56pUy0j0TZoVy4PjSb38of56urg1UmHkK13WQXrvjwdHUjAcVx6PurHAxsbmxhYkJO9Jmvr8CB+PZFKIHjewkgBWkBxD97WFNwDfmBmvh1F5xRn8WhgT+2DVdQ2coN4Eqwc4NWzBUSfrro0gARsJsUvQxdx8f1kJDQKy2lQWCnlgRiD+pK5ocf1wCZfJMs0NQ6xqCZDKDJTcyGNLWH/L57Pg5U5t7BWRTTPmQ== yugoslavia" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX2uRTaL1Nu4KzsSJSVc7R2yCIa4Mw3KuJAMluQO746eXBFeTmRN6Pqc+H0Rpz9nkQ/fB8tYl70FfrYy4suM0QCY1IDbPWaUBmLQYCt6nzCfFY8PTpLoJmeQW3jzG7VqSjjl+uG2KLQqPtzxmvukIJRovhrKcUnPzw4tU4BLy2uGWgJN9sGofWczmtxdijADyOYtasVIr6/Hca5IwMCldbqQ9B1k+VIE87Kv2k5n+LVRVMsVHaVSubIMYZFbZFDW2/oRVg2ainewO0e9XPbtBREVraPnuf7s4uBByk4goQfLhz3B6L4JLbYYijw25+SmeJcesDxJUIIKMCuZChNcyb aura@LAPTOP-MEN8UH6Q" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt mayflower" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrlqH2OShvXdzq1sV5IDuWQzeC9OHBVvwj0+Y0XXwi7 mayflower-thinkpad" + #fetchSSH "oatmealine@void-defragmented" + #fetchSSH "oatmealine@beppy-phone" + ]; + packages = with pkgs; [ tmux micro ]; + shell = pkgs.unstable.fish; + }; + services = { + ssh = { + enable = true; + requirePassword = false; + }; + + mosh = { + enable = true; + }; + +/* + postgres.enable = true; + + wireguard = { + enable = true; + server = true; + externalInterface = "eno1"; + interfaces."wg0" = import ./wireguardInterface.nix; + }; + + terraria = { + enable = false; + port = 7777; # port-forwarded + messageOfTheDay = "hi"; + openFirewall = true; + worldPath = "/var/lib/terraria/gbj.wld"; + autoCreatedWorldSize = "large"; + dataDir = "/var/lib/terraria"; + }; + + jmusicbot = let + baseOptions = { + owner = 276416332894044160; + game = "Listening to your heartbeat :heart"; + status = "ONLINE"; + songinstatus = true; + + success = "<:observer:1004408859831586907>"; + warning = "<:slugclose:1000202980403974144>"; + error = "🚫!!!!! 🚫🚫🚫 >:(((("; + loading = "<:handsl:966010145698086993><:handsr:966010145886830692>"; + searching = "<:scripulous_fingore_point:1012777703323222087><:scripulous_fingore:1012777704455667754>"; + + npimages = true; + stayinchannel = true; + + aliases = { + nowplaying = [ "np" "current" ]; + play = [ "p" ]; + queue = [ "list" "q" ]; + remove = [ "delete" "d" ]; + skip = [ "s" ]; + forceskip = [ "fs" ]; + movetrack = [ "move" "m" ]; + }; + }; + in { + enable = true; + instances = { + "jomble" = { + enable = true; + package = pkgs.unstable.jmusicbot; + + options = baseOptions // { + token = lib.removeSuffix "\n" (builtins.readFile /etc/jomble_token); + prefix = ";"; + }; + }; + "jillo" = { + enable = true; + package = pkgs.unstable.jmusicbot; + + options = baseOptions // { + token = lib.removeSuffix "\n" (builtins.readFile /etc/jillo_token); + prefix = ":"; + }; + }; + }; + }; +*/ + }; + }; + + programs.fish.enable = true; + + security.doas = { + extraRules = [ + { users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; } + { users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; } + ]; + }; + + time.timeZone = "Europe/Amsterdam"; + +# If you uncomment this, I will uncomment the spores in your body +# mmm spores ymmnu.uyyy.., :) + networking.useDHCP = false; + + networking = { + # for docs, start here + # https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware + + # temporarily disabled + enableIPv6 = false; + + usePredictableInterfaceNames = false; + interfaces.eth0.ipv4.addresses = [ + { address = "46.4.96.113"; + prefixLength = 24; + } + ]; + + defaultGateway = "46.4.96.97"; + nameservers = [ "8.8.8.8" "1.1.1.1" ]; + +/* + interfaces.eno1.ipv6.addresses = [ + { address = "2001:41d0:0700:3308::"; + prefixLength = 64; + } + + { address = "2001:41d0:0700:33ff::"; + prefixLength = 64; + } + ]; +*/ + +/* + defaultGateway6 = { + address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff"; + address = "33ff::1"; + address = "2001::1"; + interface = "eno1"; + }; +*/ + + firewall.allowPing = true; + # minecraft proximity voice chat + firewall.allowedTCPPorts = [ 24454 25567 4499 ]; + firewall.allowedUDPPorts = [ 24454 25567 4499 ]; + }; + +# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68"; +} diff --git a/hosts/lucent-firepit/hardware-configuration.nix b/hosts/lucent-firepit/hardware-configuration.nix new file mode 100644 index 0000000..8e3f0d8 --- /dev/null +++ b/hosts/lucent-firepit/hardware-configuration.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, inputs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelPackages = pkgs.linuxPackages_hardened; + kernelModules = [ "kvm-amd" ]; + loader = { + # and them squiggles steady shifting in the wind + grub.enable = lib.mkForce false; + + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + nix.settings.cores = 3; + nix.settings.max-jobs = 6; + + # disabling this is what's considered a "Bad Idea" + # however it is required by packages/ghost.nix, which + # is borrowed from https://notes.abhinavsarkar.net/2022/ghost-on-nixos + # + # i don't know of a cleaner way to do this, and i + # don't want to deal with ghost any longer than i + # already have, so This Will Do + #nix.settings.sandbox = false; + + modules.hardware.fs = { + enable = true; + ssd.enable = true; + xfs.enable = true; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/2fb43a32-d7c2-4ed1-97c6-4588d731a132"; + fsType = "xfs"; + options = [ + "noatime" + "nodiratime" + "discard" + ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/7192-FE7C"; + fsType = "vfat"; + }; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/lucent-firepit/minecraft.nix b/hosts/lucent-firepit/minecraft.nix new file mode 100644 index 0000000..ef56ad4 --- /dev/null +++ b/hosts/lucent-firepit/minecraft.nix @@ -0,0 +1,134 @@ +{ config, lib, pkgs, ... }: + +with lib; +let +in { + config = { + modules.services.minecraft = { + enable = true; + servers = { + "dark-firepit" = { + enable = false; + #autoStart = false; + openFirewall = true; + serverProperties = { + server-port = 25565; + gamemode = 0; + motd = "dark-firepit, 1.19.2 Fabric"; + white-list = true; + max-players = 8; + allow-flight = true; + enable-command-block = true; + enforce-secure-profile = false; + level-type = "terra:overworld/overworld"; + snooper-enabled = false; + spawn-protection = 0; + }; + whitelist = { + oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; + RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6"; + Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85"; + DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8"; + SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1"; + FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5"; + }; + package = pkgs.minecraftServers.fabric-1_19_2; + jvmOpts = "-Xmx6G"; + }; + "n3ko-test" = { + enable = true; + autoStart = true; + openFirewall = true; + serverProperties = { + server-port = 25595; + gamemode = 1; + motd = "N3KO SMP Testing server"; + white-list = true; + max-players = 8; + allow-flight = true; + enable-command-block = true; + enforce-secure-profile = false; + #level-type = "terra:overworld/overworld"; + snooper-enabled = false; + spawn-protection = 0; + }; + whitelist = { + oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; + Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d"; + }; + package = pkgs.fabricServers.fabric-1_18_2; + jvmOpts = "-Xmx4G"; + }; + "wafflecraft" = let + packURL = "https://oat.zone/f/wafflecraft/pack.toml"; + + # https://git.sleeping.town/unascribed/unsup/releases + unsup = pkgs.fetchurl { + url = "https://git.sleeping.town/attachments/c521d178-8938-40a5-b21b-0333eef4099e"; + sha256 = "c5bd49784392b651e4bc71fe57976f5b4fb14f09e0e23183ae5b94a821ae4756"; + }; + unsupIni = '' + version=1 + preset=minecraft + + source_format=packwiz + source=${packURL} + + force_env=server + no_gui=true + + [flavors] + shaders=no_shaders + ''; + in { + enable = true; + autoStart = true; + openFirewall = true; + serverProperties = { + server-port = 25535; + gamemode = 1; + motd = "wafflecraft Real"; + max-players = 32; + allow-flight = true; + enable-command-block = false; + enforce-secure-profile = false; + snooper-enabled = false; + spawn-protection = 0; + white-list = true; + view-distance = 16; + }; + whitelist = { + oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e"; + plightshift = "de87f3e6-d44f-40af-8bff-48828694b616"; + mangoafterdawn = "840ad485-1060-4bcf-8730-c552e5c8d62a"; + drazilspirits = "1d912f45-978b-4edc-b026-26bd5ed6ce31"; + segaskullll = "e6d510e6-a1d3-4801-8a5e-52d2c75b2446"; + Tetaes = "4b149260-d56e-4835-b3f6-2dce173a92a5"; + sorae_ = "9639d272-4c20-459d-adea-4aa89ee3cdc1"; + GelloISMello = "a2883a99-fe5d-454d-98b9-d65e4cec7e7e"; + triplej2000 = "8441715c-6aef-497c-9a43-cbcfce887219"; + }; + symlinks = { + "unsup.ini" = pkgs.writeTextFile { + name = "unsup.ini"; + text = unsupIni; + }; + }; + # this is UGLY as FUCK; but unfortunately https://github.com/Infinidoge/nix-minecraft/issues/15 + package = pkgs.jdk17; + jvmOpts = "-Xmx6G -javaagent:${unsup} " + + lib.replaceStrings ["\n"] [" "] (lib.readFile "/srv/minecraft/wafflecraft/libraries/net/minecraftforge/forge/1.18.2-40.2.1/unix_args.txt"); + }; + }; + }; + + systemd.services.minecraft-server-dark-firepit.serviceConfig = { + # packwiz workaround + # https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072 + # TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate + #ExecStartPre = [ + # ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"'' + #]; + }; + }; +} diff --git a/hosts/lucent-firepit/og/configuration.nix b/hosts/lucent-firepit/og/configuration.nix new file mode 100644 index 0000000..2d30297 --- /dev/null +++ b/hosts/lucent-firepit/og/configuration.nix @@ -0,0 +1,115 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkbOptions in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = { + # "eurosign:e"; + # "caps:escape" # map caps to escape. + # }; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It’s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} + diff --git a/hosts/lucent-firepit/og/hardware-configuration.nix b/hosts/lucent-firepit/og/hardware-configuration.nix new file mode 100644 index 0000000..c837328 --- /dev/null +++ b/hosts/lucent-firepit/og/hardware-configuration.nix @@ -0,0 +1,63 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/nix/.ro-store" = + { device = "/nix/store/bg6n34zcsz3vil02fjf7lk35xli2ssd6-squashfs.img (deleted)"; + fsType = "squashfs"; + options = [ "loop" ]; + }; + + fileSystems."/nix/.rw-store" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/nix/store" = + { device = "overlay"; + fsType = "overlay"; + }; + + fileSystems."/mnt" = + { device = "/dev/disk/by-uuid/2fb43a32-d7c2-4ed1-97c6-4588d731a132"; + fsType = "xfs"; + }; + + fileSystems."/mnt/boot" = + { device = "/dev/disk/by-uuid/ABFD-C238"; + fsType = "vfat"; + }; + + fileSystems."/mnt/mnt" = + { device = "/dev/disk/by-uuid/b5adde13-80af-4314-b0d5-ab79b10cc078"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/lucent-firepit/secrets/secrets.nix b/hosts/lucent-firepit/secrets/secrets.nix new file mode 100644 index 0000000..2ab9ede --- /dev/null +++ b/hosts/lucent-firepit/secrets/secrets.nix @@ -0,0 +1,6 @@ +let + keys = import ../authorizedKeys.nix; + + "subsurface.aether" = keys."aether@subsurface".ssh; +in + {} diff --git a/hosts/lucent-firepit/srb2k.nix b/hosts/lucent-firepit/srb2k.nix new file mode 100644 index 0000000..092fd44 --- /dev/null +++ b/hosts/lucent-firepit/srb2k.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + colors = builtins.fromJSON ''{ + "white": "\u0080", + "purple": "\u0081", + "yellow": "\u0082", + "green": "\u0083", + "blue": "\u0084", + "red": "\u0085", + "gray": "\u0086", + "orange": "\u0087", + "cyan": "\u0088", + "lavender": "\u0089", + "gold": "\u008a", + "lime": "\u008b", + "steel": "\u008c", + "pink": "\u008d", + "brown": "\u008e", + "peach": "\u008f" + }''; + colorsLua = { + white = "\\128"; + purple = "\\129"; + yellow = "\\130"; + green = "\\131"; + blue = "\\132"; + red = "\\133"; + gray = "\\134"; + orange = "\\135"; + cyan = "\\136"; + lavender = "\\137"; + gold = "\\138"; + lime = "\\139"; + steel = "\\140"; + pink = "\\141"; + brown = "\\142"; + peach = "\\143"; + }; +in { + config = { + modules.services.srb2k = with lib; with builtins; let + addonDir = "/var/lib/srb2k/firepit/"; + fileNames = attrNames (readDir (/. + addonDir)); + addonFileNames = filter (n: hasSuffix ".lua" n || hasSuffix ".kart" n || hasSuffix ".pk3" n || hasSuffix ".wad" n) fileNames; + in { + enable = true; + advertise = true; + addons = map (n: "${addonDir}${n}") addonFileNames; + config = { + maxplayers = 16; + http_source = "https://yugoslavia.best/srb2kaddons/"; + maxsend = "max"; + servername = with colors; "${white}[${cyan}EU${white}] ${lime}yugoslavia.best"; + server_contact = "oat.zone||home of bar"; + }; + serv = with colorsLua; '' + kmp_hardsneakers on + kmp_extendflashtics on + kmp_floatingitemfuse on + kmp_hyudoro on + kmp_haste on + kmp_respawnpoints on + kmp_battleaccel on + maxsend max + fr_enabled off + khaos enable off + + wait 1 + + fd_finishkill off + fd_hitkill off + + wait 1 + + nametag_star on + + wait 1 + + hm_bail on + hm_timelimit 8 + hm_motd on + hm_motd_nag on + hm_motd_name "${lime}yugoslavia.best" + hm_motd_tagline "home of bar" + hm_motd_contact "oat.zone" + hm_restat on + hm_restat_notify on + hm_votable exitlevel + hm_vote_timer 20 + + wait 1 + + hm_specbomb on + + hm_scoreboard on + hm_scoreboard_humor on + wait 1 + hm_scoreboard_addline "${lime}yugoslavia.best${white}: home of bar" + wait 1 + hm_scoreboard_addline " hosted by ${lime}oat.zone" + wait 1 + hm_scoreboard_addline "casual server, anything goes," + hm_scoreboard_addline "feel free to suggest mods to" + wait 1 + hm_scoreboard_addline "${pink}oatmealine#5397 ${white}/ ${pink}oatmealine@disroot.org" + //hm_scoreboard_addline "${white}80${purple}81${yellow}82${green}83${blue}84${red}85${gray}86${orange}87${cyan}88${lavender}89${gold}8a${lime}8b${steel}8c${pink}8d${brown}8e${peach}8f" + + wait 1 + + hf_displaymode 3 + ''; #" + }; + }; +} diff --git a/hosts/lucent-firepit/webapps/default.nix b/hosts/lucent-firepit/webapps/default.nix new file mode 100644 index 0000000..67dd199 --- /dev/null +++ b/hosts/lucent-firepit/webapps/default.nix @@ -0,0 +1,193 @@ +{ config, lib, pkgs, ... }: + +with lib; +let +in { + config = { + modules = { + services = { + #nextcloud = { + # enable = true; + # domain = "nextcloud.dark-firepit.cloud"; + # settings.app.federation = true; + #}; + + #writefreely = { + # enable = true; + # name = "Corruption Biome"; + # domain = "blog.dark-firepit.cloud"; + #}; + + /*forgejo = { + enable = true; + domain = "git.oat.zone"; + port = 3000; + };*/ + + /*matrix.conduit = { + enable = false; + domain = "matrix.dark-firepit.cloud"; + };*/ + + /*vaultwarden = { + enable = true; + domain = "vault.aether.gay"; + };*/ + + # not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection + # prevents other domains from "stealing" content by settings their dns to our ip + # this has happened before by the way on the vps. i have no clue how or why + # update: also optimizes gzip and tls stuff + nginx-config = { + enable = true; + }; + + staticSites = { + /*"aether.gay".dataDir = "/var/www/aether.gay"; + "dark-firepit.cloud".dataDir = "/var/www/dark-firepit.cloud"; + #"dark-firepit.oat.zone".dataDir = "/var/www/dark-firepit.oat.zone"; + "va11halla.oat.zone".dataDir = "/var/www/va11halla.oat.zone"; + "giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing"; + "modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone"; + "shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best"; + "tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone"; + "tesco-underground-dev.oat.zone".auth = { tesco = builtins.readFile /etc/tesco; };*/ + "oat.zone".dataDir = "/var/www/oat.zone"; + "oat.zone".php = true; + /*"yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing"; + "yugoslavia.fishing".php = true; + "educationmath.oat.zone".dataDir = "/var/www/proxy.oat.zone"; + "educationmath.oat.zone".php = true; + "educationmath.oat.zone".auth = { twh = builtins.readFile /etc/proxy_twh; }; + "rivervalleychocolate.com".dataDir = "/var/www/rivervalleychocolate.com"; + "rivervalleychocolate.com".php = true; + "tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public"; + "tac.yugoslavia.best".php = true; + "tac.yugoslavia.best".phpHandlePathing = true; + "pjsk.oat.zone".dataDir = "/var/www/pjsk.oat.zone"; + "mayf.pink".dataDir = "/var/www/mayf.pink"; + "mayf.pink".php = true; + "mayf.pink".phpHandlePathing = true; + "mayf.pink".forceSSL = false; + "wint0r.zone".dataDir = "/var/www/wint0r.zone"; + "puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone";*/ + }; + + /*nitter = { + enable = true; + lightweight = false; # enable if shit gets wild; check config for more info + port = 3005; + domain = "nitter.oat.zone"; + }; + + libreddit = { + enable = true; + domain = "libreddit.oat.zone"; + port = 1950; + };*/ + + #watch-party = { + # enable = true; + # port = 1984; + #}; + + /*matomo = { + enable = true; + }; + + code-server = { + enable = true; + domain = "dev-firepit.oat.zone"; + port = 4444; + }; + + ghost = { + enable = true; + domain = "blog.oat.zone"; + port = 1357; + }; + + isso = { + enable = true; + port = 1995; + domain = "comments.oat.zone"; + target = "blog.oat.zone"; + };*/ + }; + }; + + services = { + nginx.virtualHosts = { + "oat.zone" = { + locations."/f/".extraConfig = '' + add_header Access-Control-Allow-Origin "*"; + ''; + extraConfig = '' + error_page 404 /404.html; + error_page 403 /403.html; + ''; + };/* + # todo: move to flake + "gdpstest.oat.zone" = { + enableACME = true; + forceSSL = false; + addSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:1982/"; + }; + extraConfig = '' + client_max_body_size 500M; + ''; + }; + # todo: move to flake + "gdicon.oat.zone" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3436/"; + }; + }; + + # https://www.edwinwenink.xyz/posts/47-tilde_server/ + # todo: fix this + "dark-firepit.cloud" = { + locations."~ ^/~([^/\\s]+?)(/[^\\s]*)?$".extraConfig = '' + add_header X-debug-message "/home/$1/www$2" always; + alias /home/$1/www$2; + index index.html index.htm; + autoindex on; + ''; + }; + + "nitter.oat.zone" = { + locations."/".extraConfig = '' + if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') { + return 302 $scheme://fxtwitter.com$request_uri; + } + ''; + }; + + "libreddit.oat.zone" = { + locations."/".extraConfig = '' + if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') { + return 302 $scheme://proxy.knotty.dev$request_uri; + } + ''; + };*/ + + #"git.oat.zone" = { + # forceSSL = true; + # enableACME = true; + # root = "/var/www/temporarily-down"; + # extraConfig = '' + # error_page 503 /index.html; + # ''; + # locations."/".extraConfig = '' + # return 503; + # try_files /index.html =404; + # ''; + #}; + }; + }; + }; +} diff --git a/hosts/lucent-firepit/wireguardInterface.nix b/hosts/lucent-firepit/wireguardInterface.nix new file mode 100644 index 0000000..bc354aa --- /dev/null +++ b/hosts/lucent-firepit/wireguardInterface.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + peerKeys = import ./authorizedKeys.nix; + wgKeys = filter (hasAttr "wg") peerKeys; +in { + ips = [ "10.100.0.1/24" ]; + + privateKeyFile = "/etc/wg0.keys/wg0"; + + listenPort = 51820; + + peers = genList (n: + let + keychain = elemAt wgKeys n; + ip = "10.100.0.${toString (n+2)}/32"; + in { + publicKey = trace "${keychain.hostname}: ${ip}" keychain.wg; + allowedIPs = [ ip ]; + }) (length wgKeys); +} diff --git a/hosts/lucent-firepit/yugoslavia-best.nix b/hosts/lucent-firepit/yugoslavia-best.nix new file mode 100644 index 0000000..35b347c --- /dev/null +++ b/hosts/lucent-firepit/yugoslavia-best.nix @@ -0,0 +1,131 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + domain = "yugoslavia.best"; + root = "/var/www/${domain}"; +in { + config = { + modules.services.staticSites.${domain} = { + dataDir = root; + php = true; + forceSSL = false; + }; + + services = { + nginx.virtualHosts.${domain} = { + locations."/" = { + extraConfig = '' + error_page 404 /error.php; + ''; + }; + + locations."= /brackets2.html" = { + extraConfig = '' + return 451; + ''; + }; + + locations."/modding-txts/" = { + extraConfig = '' + autoindex on; + sub_filter + ''; + sub_filter 
 ' ';
+            sub_filter
' '; + sub_filter '' ''; + sub_filter '' '
'; + sub_filter '
'; + sub_filter
'
'; + sub_filter_once off; + ''; + }; + + locations."/srb2kaddons/" = { + extraConfig = '' + autoindex on; + alias /var/lib/srb2k/firepit/; + sub_filter + ''; + sub_filter 
 ' ';
+            sub_filter
' '; + sub_filter '' ''; + sub_filter '' '
'; + sub_filter '
'; + sub_filter
'
'; + sub_filter_once off; + ''; + }; + + locations."/__special" = { + extraConfig = '' + internal; + allow all; + root ${root}/nginx/html/__special; + ''; + }; + + locations."= /__md_file" = { + extraConfig = '' + internal; + allow all; + + add_header 'Vary' 'Accept'; + + # redefining + add_header Strict-Transport-Security $hsts_header; + add_header Referrer-Policy origin-when-cross-origin; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + sub_filter + '$request_filename - yugoslavia.best'; + sub_filter_once on; + + default_type text/html; + alias ${root}/nginx/html/__special/md-renderer.html; + ''; + }; + + locations."~* \\.md" = { + extraConfig = '' + error_page 418 = /__md_file; + + add_header 'Vary' 'Accept'; + + # redefining + add_header Strict-Transport-Security $hsts_header; + add_header Referrer-Policy origin-when-cross-origin; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + if (!-f $request_filename) { + break; + } + + # if no "text/markdown" in "accept" header: + # redirect to /__md_file to serve html renderer + if ($http_accept !~* "text/markdown") { + return 418; + } + ''; + }; + + extraConfig = '' + types { + text/plain md; + text/html html; + text/plain txt; + text/css css; + application/javascript js; + image/x-icon ico; + image/png png; + image/gif gif; + } + ''; + }; + }; + }; +} diff --git a/modules/editors/helix.nix b/modules/editors/helix.nix index ecdfb8b..cd93899 100644 --- a/modules/editors/helix.nix +++ b/modules/editors/helix.nix @@ -11,7 +11,7 @@ in { }; }; - #config = mkIf cfg.enable { - # - #}; + config = mkIf cfg.enable { + + }; } diff --git a/modules/hyprland.nix b/modules/hyprland.nix index 64ad325..4e4b7a8 100644 --- a/modules/hyprland.nix +++ b/modules/hyprland.nix @@ -4,10 +4,6 @@ with lib; let cfg = config.modules.hyprland; in { - imports = [ - inputs.hyprland.nixosModules.default - ]; - options.modules.hyprland = { enable = mkOption { type = types.bool; @@ -15,6 +11,7 @@ in { }; }; +/* config = mkIf cfg.enable { programs.hyprland = { enable = true; @@ -128,4 +125,5 @@ in { ''; }; }; -} +*/ +} \ No newline at end of file diff --git a/modules/services/libreddit.nix b/modules/services/libreddit.nix index acf48ed..e31bee5 100644 --- a/modules/services/libreddit.nix +++ b/modules/services/libreddit.nix @@ -19,6 +19,7 @@ in { }; }; +/* config = mkIf cfg.enable { services = { libreddit = { @@ -37,4 +38,5 @@ in { }; }; }; +*/ } diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index 82372c9..f057b54 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -11,6 +11,7 @@ in { default = false; description = "Provide system SSH support though OpenSSH."; }; + requirePassword = mkOption { type = types.bool; default = true; @@ -21,10 +22,14 @@ in { services.openssh = { enable = true; + permitRootLogin = "no"; + passwordAuthentication = cfg.requirePassword; +/* settings = { PasswordAuthentication = cfg.requirePassword; PermitRootLogin = "no"; }; +*/ }; programs.gnupg.agent = { enable = true;