dark-firepit
/
dotfiles
2
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: dark-firepit:1d5c3758418f68916cfc81c377c87d50a2d04a49
Branches Tags
dark-firepit:main
dark-firepit:nixos-23
dark-firepit:lucent-firepit-crystal-gauntlet
..
compare: dark-firepit:ce57ed6732b66df0e0697fcbcb7bdfe036b60493
Branches Tags
dark-firepit:main
dark-firepit:nixos-23
dark-firepit:lucent-firepit-crystal-gauntlet

6 Commits
1d5c375841 ... ce57ed6732

Author SHA1 Message Date
Jill ce57ed6732 isso: fix; now it works :) 4 months ago
Jill ce5607c49e temporarily disable ipv6 4 months ago
Jill 4e92a5eae8 ghost: init 4 months ago
Jill 639d9a864d isso: temporarily disable; will fix later 5 months ago
Jill 213f11c31c update flake 5 months ago
Jill b16a1a7a19 actually switch nitter to unstable 5 months ago
10 changed files with 263 additions and 45 deletions
Show Stats

37
flake.lock
Unescape Escape View File

@ -28,11 +28,11 @@
]
},
"locked": {
"lastModified": 1674151952,
"narHash": "sha256-c0dwSGWi8LH2uBsv7ZJK11To1w8oFjTs+d2dtiusGug=",
"lastModified": 1674359560,
"narHash": "sha256-gobqd75ujP/zFH6kSZNB3bA3YS4NMXWpZgMo1RAFEdk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "fa7dedfa5e1171a76ff78a1260064e1b20ec93bb",
"rev": "184ae9c371a6251564e0b07391f7e9aaf310f002",
"type": "github"
},
"original": {
@ -147,11 +147,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1674143063,
"narHash": "sha256-CfP6ZYjxLeC1Q6W4f+RCd2sokIX8RnyTA8wYzYmx9XE=",
"lastModified": 1674296335,
"narHash": "sha256-jUvjOqKGuEk1XfZNPXU3hcPtIJKkSNzwUm5yN1EFYZA=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "5112056fdbda989191310364444f328240bbf6f1",
"rev": "fcbfd193930dd146b141531a9cf5301d55f26907",
"type": "github"
},
"original": {
@ -227,8 +227,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1669389833,
"narHash": "sha256-khId6aJCxyeR6jWNNywAqJ+eEoZXSZciH8kkSYG5Jf8=",
"lastModified": 1674248483,
"narHash": "sha256-2kjUS6LPN7bmxKsUrUwLwuzpF4IxxBweiO+8G1PKGKc=",
"ref": "refs/heads/main",
"rev": "a97f774ce46dcef5dd36b1f3fbf2711ceba24d6b",
"revCount": 29,
"type": "git",
"url": "file:///home/oatmealine/jillo"
},
@ -266,11 +269,11 @@
]
},
"locked": {
"lastModified": 1674092998,
"narHash": "sha256-NYB/PjEJ9W9VDVWScVFqooK20gDsNyPhCqQIP1Nn+AU=",
"lastModified": 1674352074,
"narHash": "sha256-IQxf+CCjuETu6psq6F9gxPBISf2RLwGL0MmlCgY1aX0=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "a55757a572e115459bbad449d2fde514d11a76e1",
"rev": "acfd27fd83e9c3d56e649b98aef17974f29e7830",
"type": "github"
},
"original": {
@ -312,11 +315,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1673796341,
"narHash": "sha256-1kZi9OkukpNmOaPY7S5/+SlCDOuYnP3HkXHvNDyLQcc=",
"lastModified": 1674211260,
"narHash": "sha256-xU6Rv9sgnwaWK7tgCPadV6HhI2Y/fl4lKxJoG2+m9qs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6dccdc458512abce8d19f74195bb20fdb067df50",
"rev": "5ed481943351e9fd354aeb557679624224de38d5",
"type": "github"
},
"original": {
@ -343,11 +346,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1673796341,
"narHash": "sha256-1kZi9OkukpNmOaPY7S5/+SlCDOuYnP3HkXHvNDyLQcc=",
"lastModified": 1674211260,
"narHash": "sha256-xU6Rv9sgnwaWK7tgCPadV6HhI2Y/fl4lKxJoG2+m9qs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6dccdc458512abce8d19f74195bb20fdb067df50",
"rev": "5ed481943351e9fd354aeb557679624224de38d5",
"type": "github"
},
"original": {

35
hosts/dark-firepit/default.nix
Unescape Escape View File

@ -183,7 +183,8 @@ in {
# for docs, start here
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
enableIPv6 = true; # true by default, but better safe than sorry
# temporarily disabled
enableIPv6 = false;
interfaces.eno1.ipv4.addresses = [
{ address = "51.89.98.8";
@ -194,22 +195,22 @@ in {
defaultGateway = "51.89.98.254";
nameservers = [ "8.8.8.8" "1.1.1.1" ];
interfaces.eno1.ipv6.addresses = [
{ address = "2001:41d0:0700:3308::";
prefixLength = 64;
}
{ address = "2001:41d0:0700:33ff::";
prefixLength = 64;
}
];
defaultGateway6 = {
address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
# address = "33ff::1";
# address = "2001::1";
interface = "eno1";
};
#interfaces.eno1.ipv6.addresses = [
# { address = "2001:41d0:0700:3308::";
# prefixLength = 64;
# }
#
# { address = "2001:41d0:0700:33ff::";
# prefixLength = 64;
# }
#];
#defaultGateway6 = {
# address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
# address = "33ff::1";
# address = "2001::1";
# interface = "eno1";
#};
firewall.allowPing = true;
# minecraft proximity voice chat

9
hosts/dark-firepit/hardware-configuration.nix
Unescape Escape View File

@ -22,6 +22,15 @@
nix.settings.cores = 3;
nix.settings.max-jobs = 6;
# disabling this is what's considered a "Bad Idea"
# however it is required by packages/ghost.nix, which
# is borrowed from https://notes.abhinavsarkar.net/2022/ghost-on-nixos
#
# i don't know of a cleaner way to do this, and i
# don't want to deal with ghost any longer than i
# already have, so This Will Do
nix.settings.sandbox = false;
modules.hardware.fs = {
enable = true;
ssd.enable = true;

18
hosts/dark-firepit/webapps/default.nix
Unescape Escape View File

@ -88,16 +88,24 @@ in {
enable = true;
};
isso = {
enable = true;
port = 1995;
};
code-server = {
enable = true;
domain = "dev-firepit.oat.zone";
port = 4444;
};
ghost = {
enable = true;
domain = "blog.oat.zone";
port = 1357;
};
isso = {
enable = true;
port = 1995;
domain = "comments.oat.zone";
target = "blog.oat.zone";
};
};
};

4
modules/services/code-server.nix
Unescape Escape View File

@ -26,8 +26,8 @@ in {
port = cfg.port;
# temporary
auth = "password";
# temporary; be sure to remove trailing newline
hashedPassword = builtins.readFile /etc/code-server-password;
# temporary
hashedPassword = removeSuffix "\n" (builtins.readFile /etc/code-server-password);
extraPackages = with pkgs; [ git nix nixpkgs-fmt ];
};

158
modules/services/ghost.nix
Unescape Escape View File

@ -0,0 +1,158 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.services.ghost;
# user used to run the Ghost service
userName = builtins.replaceStrings [ "." ] [ "_" ] cfg.domain;
in {
options.modules.services.ghost = {
enable = mkOption {
type = types.bool;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs._.ghost;
};
domain = mkOption {
type = types.str;
default = "blog.oat.zone";
};
port = mkOption {
type = types.int;
default = 1357;
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/${userName}";
};
};
config = let
# directory used to save the blog content
dataDir = cfg.dataDir;
# script that sets up the Ghost content directory
setupScript = pkgs.writeScript "${cfg.domain}-setup.sh" ''
#! ${pkgs.stdenv.shell} -e
chmod g+s "${dataDir}"
[[ ! -d "${dataDir}/content" ]] && cp -r "${cfg.package}/content" "${dataDir}/content"
chown -R "${userName}":"${userName}" "${dataDir}/content"
chmod -R +w "${dataDir}/content"
ln -f -s "/etc/${cfg.domain}.json" "${dataDir}/config.production.json"
[[ -d "${dataDir}/current" ]] && rm "${dataDir}/current"
ln -f -s "${cfg.package}/current" "${dataDir}/current"
[[ -d "${dataDir}/content/themes/casper" ]] && rm "${dataDir}/content/themes/casper"
ln -f -s "${cfg.package}/current/content/themes/casper" "${dataDir}/content/themes/casper"
'';
in lib.mkIf cfg.enable {
# Creates the user and group
users.users.${userName} = {
isSystemUser = true;
group = userName;
createHome = true;
home = dataDir;
};
users.groups.${userName} = { };
# Creates the Ghost config
environment.etc."${cfg.domain}.json".text = ''
{
"url": "https://${cfg.domain}",
"server": {
"port": ${toString cfg.port},
"host": "0.0.0.0"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "${userName}",
"database": "${userName}",
"password": "",
"socketPath": "/run/mysqld/mysqld.sock"
}
},
"mail": {
"transport": "sendmail"
},
"logging": {
"transports": ["stdout"]
},
"paths": {
"contentPath": "${dataDir}/content"
}
}
'';
# Sets up the Systemd service
systemd.services."${cfg.domain}" = {
enable = true;
description = "${cfg.domain} ghost blog";
restartIfChanged = true;
restartTriggers =
[ cfg.package config.environment.etc."${cfg.domain}.json".source ];
requires = [ "mysql.service" ];
after = [ "mysql.service" ];
path = [ pkgs.nodejs pkgs.vips ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = userName;
Group = userName;
WorkingDirectory = dataDir;
# Executes the setup script before start
ExecStartPre = setupScript;
# Runs Ghost with node
ExecStart = "${pkgs.nodejs}/bin/node current/index.js";
# Sandboxes the Systemd service
AmbientCapabilities = [ ];
CapabilityBoundingSet = [ ];
KeyringMode = "private";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [ ];
RestrictNamespaces = true;
RestrictRealtime = true;
};
environment = { NODE_ENV = "production"; };
};
# Sets up the blog virtual host on NGINX
services.nginx.virtualHosts.${cfg.domain} = {
# Sets up Lets Encrypt SSL certificates for the blog
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };
extraConfig = ''
charset UTF-8;
add_header Strict-Transport-Security "max-age=2592000; includeSubDomains" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
'';
};
# Sets up MySQL database and user for Ghost
services.mysql = {
ensureDatabases = [ userName ];
ensureUsers = [{
name = userName;
ensurePermissions = { "${userName}.*" = "ALL PRIVILEGES"; };
}];
};
};
}

25
modules/services/isso.nix
Unescape Escape View File

@ -13,10 +13,18 @@ in {
type = types.str;
default = "comments.oat.zone";
};
target = mkOption {
type = types.str;
default = "blog.oat.zone";
};
port = mkOption {
type = types.port;
default = 1550;
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/isso";
};
};
config = mkIf cfg.enable {
@ -25,13 +33,14 @@ in {
enable = true;
settings = {
general = {
host = "https://blog.oat.zone/";
dbpath = "${cfg.dataDir}/comments.db";
host = "https://${cfg.target}";
latest-enabled = true;
};
server = {
listen = "http://localhost:${toString cfg.port}";
samesite = "Lax";
public-endpoint = "https://comments.oat.zone";
public-endpoint = "https://${cfg.domain}";
};
guard = {
enabled = true;
@ -40,7 +49,7 @@ in {
};
admin = {
enabled = true;
password = "a8UYAH7jQQC3LjnG";
password = removeSuffix "\n" (builtins.readFile /etc/isso_admin_pass);
};
};
};
@ -59,5 +68,15 @@ in {
};
};
};
systemd.services.isso.serviceConfig = {
preStart = ''
umask u=rwx,g=rwx,o=rx
mkdir -p ${cfg.dataDir}
cd ${cfg.dataDir}
${pkgs.coreutils}/bin/chown -R isso:isso .
${pkgs.coreutils}/bin/chmod -R 775 .
'';
};
};
}

2
modules/services/nitter.nix
Unescape Escape View File

@ -11,7 +11,6 @@ in {
type = types.bool;
default = false;
};
package = pkgs.unstable.nitter;
domain = mkOption {
type = types.str;
default = "nitter.oat.zone";
@ -34,6 +33,7 @@ in {
services = {
nitter = {
enable = true;
package = pkgs.unstable.nitter;
server = {
address = "127.0.0.1";
port = cfg.port;

9
packages/ghost/builder.sh
Unescape Escape View File

@ -0,0 +1,9 @@
source "$stdenv"/setup
export HOME=$(mktemp -d)
npm install --loglevel=info --logs-max=0 "ghost-cli@$ghostCliVersion"
mkdir --parents "$out"/
node_modules/ghost-cli/bin/ghost install "$version" --db=sqlite3 \
--no-enable --no-prompt --no-stack --no-setup --no-start --dir "$out"

11
packages/ghost/default.nix
Unescape Escape View File

@ -0,0 +1,11 @@
{ pkgs }:
let
pname = "ghost";
version = "5.33.2";
in pkgs.stdenv.mkDerivation {
inherit pname version;
buildInputs = with pkgs; [ nodejs yarn vips ];
ghostCliVersion = "1.24.0";
builder = ./builder.sh;
}
Write Preview
Loading…
Cancel
Save