dark-firepit
/
dotfiles
5
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: dark-firepit:main
Branches Tags
dark-firepit:main
dark-firepit:nixos-23
dark-firepit:lucent-firepit-crystal-gauntlet
aether:main
..
compare: aether:main
Branches Tags
aether:main
dark-firepit:main
dark-firepit:nixos-23
dark-firepit:lucent-firepit-crystal-gauntlet

1 Commits
main ... main

Author SHA1 Message Date
Aether 468d77619d update certain configs and remove various hardcoded dependencies 2023-02-15 16:39:54 +00:00
61 changed files with 835 additions and 2491 deletions
Show Stats Expand all files Collapse all files

16
README.md
View File

@ -1,23 +1,23 @@
# Frosted Flakes
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`lucent-firepit`](https://dark-firepit.cloud/) host, however.
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`dark-firepit`](https://dark-firepit.cloud/) host, however.
## Development
_Commands here will use `lucent-firepit`-based paths and names as an example_
_Commands here will use `dark-firepit`-based paths and names as an example_
- To build the system (doesn't apply changes):
```sh
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#lucent-firepit
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#dark-firepit
```
- To build & switch to a new system (applies changes):
```sh
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#lucent-firepit
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#dark-firepit
```
### `lucent-firepit`
### `dark-firepit`
Things here mostly only apply to the [`lucent-firepit`](https://dark-firepit.cloud/) host.
Things here mostly only apply to the [`dark-firepit`](https://dark-firepit.cloud/) host.
#### Adding modules
@ -26,7 +26,7 @@ Generally when adding modules (even those pulled from `nixpkgs`) you'd want to:
1. Create a new module under `modules/services/`; `gitea.nix` and `nitter.nix` are pretty okay examples of what to do
2. **`git add .`** or else Nix will act clueless about everything you've just done
3. Set it to enabled, set port, domain, etc. in `hosts/.../default.nix` or wherever else is more appropriate
- For webapps, follow what's done in `hosts/lucent-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
- For webapps, follow what's done in `hosts/dark-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
4. Rebuild/switch to the new system (as described [above](#development))
#### `yugoslavia-best.nix`
@ -43,4 +43,4 @@ This can be done directly on the server (as long as you have the `dotfiles` grou
If you encounter permission funnies, don't hesitate to `doas` your way into `chmod`dding/`chown`ing files as necessary; directories should be `775` and files should be `664`, however we've yet to figure out how to consistently enforce this across the directory.
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.

4
config/forgejo/app.toml → config/gitea/app.toml Normal file → Executable file
View File

@ -7,8 +7,8 @@ PASSWORD_CHECK_PWN = true
DEFAULT_BRANCH = "main"
[ui]
DEFAULT_THEME = "forgejo-auto"
THEMES="forgejo-auto,forgejo-light,forgejo-dark"
DEFAULT_THEME = "arc-pink"
THEMES="auto,gitea,arc-green,arc-pink,arc-pink-modern,darkred,gitea-blue,gitea-modern,github"
CUSTOM_EMOJIS = "blurry_eyes,horny,acab,tastymilk,gluttony,soul_of_fright,soul_of_night,soul_of_blight,bottom,spongesad,Tainted_John_F_Kennedy,John_F_Kennedy_Tainted,John_F_Kennedy,plumspin,despair,ihaveyourip,peeeh,penis,twister,speed,deadchat,housj,dothejej,b_,trollgecommence,nervous,coffee,dilf,closer,slugclose,pls,x3,observer,zamiel_approves,i_see_pizza,cutely_blushes,babytime,sleeby,zonkerdoodle,whenyoubigshit,the_cowboy,stupib,soul_of_might,scripulous_fingore_point,scripulous_fingore,rusty50,pickle,orang,oralpleasure,ohgod,michael,i_see_chicory,he,hapykity,handsr,handsl,slugloafspin,gamer_boi,feddynite,cock,feddy_glamcock,face,entropy,elonmusk,eeeeeeeeee,child,ancapistanian,aiki,gloopy,lamb,YOU,slightYOU,citat,ionn,eede,ed,blank,michael,BABAXD,BABA,EyesPepe,spamdance,pickledance,BABA_IS_OO,wieldr,wieldl,cinnamon,jillo,she,hydrogenperoxide,ObedientCitizen,misinformation,maenod,Snowsgiving22_AnimatedEmojis_mal"
[mailer]

724
flake.lock
View File

@ -1,229 +1,22 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"cohost-blogger": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1692493363,
"narHash": "sha256-Y/nefO52W64AtXdEGFVMMBwXw+3m1SswOaO7Dq8b5UA=",
"ref": "refs/heads/main",
"rev": "5fd335bbf5026e81e9dd3b4dacc13e93eb980112",
"revCount": 21,
"type": "git",
"url": "https://git.oat.zone/oat/cohost-blogger"
},
"original": {
"type": "git",
"url": "https://git.oat.zone/oat/cohost-blogger"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1708679224,
"narHash": "sha256-V66NAQSTakocPST2GYv4SKK+ALBg3sgCNq0jIOpNkpc=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "841abef01afbd293aa80130bcbd811e4102d5770",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"lastModified": 1667907331,
"narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
@ -231,18 +24,18 @@
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_5",
"systems": "systems_4",
"nixpkgs": [
"nixpkgs"
],
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1708650152,
"narHash": "sha256-OZUS5FED7KKAPpNaJYQr4BPGXQzGrDFgkKVg9U2aZh8=",
"lastModified": 1674296335,
"narHash": "sha256-jUvjOqKGuEk1XfZNPXU3hcPtIJKkSNzwUm5yN1EFYZA=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "8c3613632a6ccebf9fb797ec756ecfce99514eec",
"rev": "fcbfd193930dd146b141531a9cf5301d55f26907",
"type": "github"
},
"original": {
@ -256,18 +49,14 @@
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1691753796,
"narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
"lastModified": 1671839510,
"narHash": "sha256-+PY1qqJfmZzzROgcIY4I7AkCwpnC+qBIYk2eFoA9RWc=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
"rev": "b8f55e02a328c47ed373133c52483bbfa20a1b75",
"type": "github"
},
"original": {
@ -276,78 +65,18 @@
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1708005943,
"narHash": "sha256-9TT3xk++LI5/SPYgjYX34xZ4ebR93c1uerIq+SE/ues=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "aeb3e012adc7b3235335c540b214b82267c2b983",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_2": {
"inputs": {
"nixpkgs": [
"hyprland",
"xdph",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704287638,
"narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "6624f2bb66d4d27975766e81f77174adbe58ec97",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprlang_3": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1704230242,
"narHash": "sha256-S8DM+frECqmAdaUb3y5n3RjY73ajZcL5rnmx5YO+CkY=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "db5e1399b90d5a339330bdd49c5bca6fe58d6f60",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprpaper": {
"inputs": {
"hyprlang": "hyprlang_3",
"nixpkgs": "nixpkgs_7"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1708532919,
"narHash": "sha256-G4PX7NlRLIlBYTDisbWx/Sif01SLSVzLThGU6v6Wrgg=",
"lastModified": 1673799209,
"narHash": "sha256-GMRM1IyIuDEzjEw5E4zWI/TCg3zWs65v86NuR+BAtW0=",
"owner": "hyprwm",
"repo": "hyprpaper",
"rev": "897cf0ae26c7c54ce15c4946efe63970be75dadb",
"rev": "f77a664e9d168fb7b332ede9db4a3e35a46dd6c5",
"type": "github"
},
"original": {
@ -358,14 +87,16 @@
},
"hyprpicker": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703987863,
"narHash": "sha256-MHhAk74uk0qHVwSkLCcXLXMe4478M2oZEFPXwjSoo2E=",
"lastModified": 1673270158,
"narHash": "sha256-22VKnL4PT3CSy0IErOkL1U85jq8sXmI7VPhcPtRYSko=",
"owner": "hyprwm",
"repo": "hyprpicker",
"rev": "2ef703474fb96e97e03e66e8820f213359f29382",
"rev": "fe4535a27389624445b96450a7c338136c619c95",
"type": "github"
},
"original": {
@ -374,33 +105,13 @@
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1708650820,
"narHash": "sha256-O6nq8oHT4iPrWuBoKH0/9B7QC91N/zPnns8QYxPJniY=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "fe3753b7025fd7f3a302be698a0896e70ea24450",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1708594753,
"narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=",
"lastModified": 1673803274,
"narHash": "sha256-zaJDlHFXewT4KUsidMpRcPE+REymGH1Y3Eoc3Pjv4Xs=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958",
"rev": "7bd6b87b3712e68007823e8dd5c37ee9b114fee3",
"type": "github"
},
"original": {
@ -411,43 +122,26 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1674211260,
"narHash": "sha256-xU6Rv9sgnwaWK7tgCPadV6HhI2Y/fl4lKxJoG2+m9qs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "5ed481943351e9fd354aeb557679624224de38d5",
"type": "github"
},
"original": {
"owner": "NixOS",
"id": "nixpkgs",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1708566995,
"narHash": "sha256-e/THimsoxxMAHSbwMKov5f5Yg+utTj6XVGEo24Lhx+0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3cb4ae6689d2aa3f363516234572613b31212b78",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1708475490,
"narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
"lastModified": 1674211260,
"narHash": "sha256-xU6Rv9sgnwaWK7tgCPadV6HhI2Y/fl4lKxJoG2+m9qs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e74ca98a74bc7270d28838369593635a5db3260",
"rev": "5ed481943351e9fd354aeb557679624224de38d5",
"type": "github"
},
"original": {
@ -456,355 +150,32 @@
"type": "indirect"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1708566995,
"narHash": "sha256-e/THimsoxxMAHSbwMKov5f5Yg+utTj6XVGEo24Lhx+0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3cb4ae6689d2aa3f363516234572613b31212b78",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1706826059,
"narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1685533922,
"narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1708475490,
"narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e74ca98a74bc7270d28838369593635a5db3260",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1705331948,
"narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b8dd8be3c790215716e7c12b247f45ca525867e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1707546158,
"narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1702645756,
"narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1703637592,
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1683014792,
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1698318101,
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nlw-api": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1708639350,
"narHash": "sha256-g7LL658p4deIme0fPq+WceTNGigXcN6uPNrVraZN3RY=",
"ref": "refs/heads/main",
"rev": "704581d013b9d16fda5dc8e30d448b358c4e127d",
"revCount": 23,
"type": "git",
"url": "https://git.oat.zone/oat/nlw-api"
},
"original": {
"type": "git",
"url": "https://git.oat.zone/oat/nlw-api"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"cohost-blogger": "cohost-blogger",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"hyprland": "hyprland",
"hyprpaper": "hyprpaper",
"hyprpicker": "hyprpicker",
"nix-minecraft": "nix-minecraft",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_10",
"nixpkgs-unstable": "nixpkgs-unstable",
"nlw-api": "nlw-api",
"vscode-server": "vscode-server"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1684517665,
"narHash": "sha256-SaAr66uCQ8CF75jIr23FZjk1+9Kfwm5sQnwV25206Gs=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "1e1358493df6529d4c7bc4cc3066f76fd16d4ae6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1708558866,
"narHash": "sha256-Mz6hCtommq7RQfcPnxLINigO4RYSNt23HeJHC6mVmWI=",
"lastModified": 1672824257,
"narHash": "sha256-SbYoZj57VlopTzI+OSW9jlgYxN1gI1KLg/s/HV+87eE=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "0cb091f1a2d345f37d2ee445f4ffd04f7f4ec9e5",
"rev": "5f264a7d6c8af27d41ff440c05262b022c055593",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "0cb091f1a2d345f37d2ee445f4ffd04f7f4ec9e5",
"type": "gitlab"
}
},
@ -814,22 +185,17 @@
"hyprland",
"hyprland-protocols"
],
"hyprlang": "hyprlang_2",
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1706521509,
"narHash": "sha256-AInZ50acOJ3wzUwGzNr1TmxGTMx+8j6oSTzz4E7Vbp8=",
"lastModified": 1673116118,
"narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "c06fd88b3da492b8f9067be021b9184f7012b5a8",
"rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2",
"type": "github"
},
"original": {

46
flake.nix
View File

@ -2,63 +2,39 @@
description = "Frosted Flakes";
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs.url = "nixpkgs/nixos-unstable";
# WARNING: Where possible, prefer the stable branch of nixpkgs as nixpkgs-unstable may have incompatable or vulnerable software.
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-23.11";
#home-manager.inputs.nixpkgs.follows = "nixpkgs";
# agenix - age-encrypted secrets
agenix = {
url = "github:ryantm/agenix";
#inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager/release-22.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware = {
url = "github:nixos/nixos-hardware";
#inputs.nixpkgs.follows = "nixpkgs";
};
nix-minecraft = {
url = "github:Infinidoge/nix-minecraft";
#inputs.nixpkgs.follows = "nixpkgs";
};
cohost-blogger = {
url = "git+https://git.oat.zone/oat/cohost-blogger";
#inputs.nixpkgs.follows = "nixpkgs";
};
nlw-api.url = "git+https://git.oat.zone/oat/nlw-api";
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "github:hyprwm/Hyprland";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprpaper = {
url = "github:hyprwm/hyprpaper";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprpicker = {
url = "github:hyprwm/hyprpicker";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-server.url = "github:nix-community/nixos-vscode-server";
};
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nix-minecraft, /* hyprland, hyprpaper, hyprpicker, */ ... }:
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, hyprland, hyprpaper, hyprpicker, ... }:
let
system = "x86_64-linux";
system = "aarch64-linux";
lib = import ./lib { inherit pkgs inputs; lib = nixpkgs.lib; };
inherit (lib._) mapModules mapModulesRec mkHost;
@ -69,7 +45,7 @@
overlays = overlays ++ (lib.attrValues self.overlays);
};
pkgs = mkPkgs nixpkgs [ self.overlay nix-minecraft.overlay ];
pkgs = mkPkgs nixpkgs [ self.overlay ];
in {
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
overlay = final: prev: {
@ -78,7 +54,7 @@
};
overlays = mapModules ./overlays import;
nixosModules = (mapModulesRec ./modules import) ++ [
#hyprland.nixosModules.default
hyprland.nixosModules.default
];
nixosConfigurations = mapModules ./hosts (host: mkHost host { inherit system; });
devShell."${system}" = import ./shell.nix { inherit pkgs; };

53
hosts/lucent-firepit/authorizedKeys.nix → hosts/dark-firepit/authorizedKeys.nix
View File

@ -1,52 +1,33 @@
[
# Aether
{ hostname = "aether@subsurface";
{
hostname = "aether@subsurface";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
}
{ hostname = "aether@Aethers-Mini.station";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmy7rPZky0M8p5+d9smUnSTjG25CIsQPYibKsBxgvdw aether@Aethers-Mini.station";
}
{ hostname = "aether@phone";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5LPWVgsFAH9XErXGZB+lzwb/+7EiEb6eatNWoJag5i JuiceSSH";
}
# oatmealine
{ hostname = "oatmealine@void-defragmented";
{
hostname = "oatmealine@void-defragmented";
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
}
{ hostname = "oatmealine@beppy-phone";
{
hostname = "oatmealine@beppy-phone";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
wg = "ubIo/l7llVx8HDIqcBPebPsneCBunZUM6cQS7SaXn2Y=";
wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";
}
{ hostname = "oatmealine@dark-firepit";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKz3Zkhrht1EX32LIbkSvql1p15EXqxTy/4xQKlj0CUx oatmealine@disroot.org";
}
{ hostname = "oatmealine@boykisser";
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhgwhNQuM+iozuHk4OH+s5xS7U93W6hVtkpgF6arKPsWM6CUIUCyOwpNnGGH/HpBlFwYf4jN+NapVZ3bL8YHLUDayNO6uTfLLNvtaGeE65U/S0xGXhTyE0+bn7KWBFUlbO8CdjuBGGym0JVa0SMH4ppFBNJVR4HCe9fC83fD0T7gDZc5koApgxZfCyCu3bE03ulhRc5P8cKnTZAG0pVqK0doOIO7ociCbh4HhjTC83xRbfI9tlf52Y3xo14odpQhfXsPNNqxP0FzkC3zAOyT7iyrpQk1bgSLx/GzWh0KkljjJYGdMiiY6cVBxVYxjgrG7vDh/h3xMwBEhue4L9jmD4K4Eb5RZTxMyK83eHcomqZYigZjFKJ75TKdL17HbKgFGmfs9P0VhZUDUMp5Xm1yTVJqm6cQEhot1mT0F8FRYDiEadjw6vFZqz5dPzh2FRXsectNf60AiPRqF5HbitntgYvsLKZWAViOojbBc9gdQutu2AyuivteTEVG6Uq/LwE70= oatmealine@boykisser";
wg = "MPZLxzy+rvDvgZiaCwWjb+5hhhvWC3PH6cWLDv1Ga0U=";
}
{ hostname = "oatmealine@seven-red-suns";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVBLBD/JrGFMvPNiiX/QFixSWXyGjDT6vDHVWg9cE5D oatmealine@seven-red-suns";
wg = "HQfsS+DUdgmDvliIv7yNnf4T9Q3YIN9ObSXhrNuQUi8=";
}
# mayflower
{ hostname = "mayflower@BMW-M550d-xDrive";
{
hostname = "mayflower@BMW-M550d-xDrive"; # car 5
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCIeoFll8XBRwu6vbQHUj4LNbvRvLMTdqUP1su9hGxow8olGKIZf/nINkt+/B5w4UumLFnOOROIWVhSH/04oxGVCWdk29ibPo3yYJIAoQrqOXYWCrGpMDd0z2n/0CwyXRAqmQ4rubnUZtnlabYCLh0eWMu9ZRSsSrQ+MiaUHES/vv1MxlLWHoEGfhLzoq7SyIsK88Mirgu9lSeHd/+2JybkQ9kNEWTxnzUPKwOMT0zLGo7vNLmfPhJ1WilQoV4F8skDbbgFNRuLO13ZDn6W2jqZ+zjf3H9khzPivG+oaKfHLMDD/zCwHM3rm3JyJzX7GF9EV73AqbNkzzsf54vKhYRT";
}
{ hostname = "swag@BMW-M550d-xDrive";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1fJn2ZY9fhBr4E1Gc91uRWS5r+EZ4OHy3RmuAjx7kr swag@BMW-M550d-xDrive";
{
hostname = "aether@phone";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5LPWVgsFAH9XErXGZB+lzwb/+7EiEb6eatNWoJag5i JuiceSSH";
}
# winter
{ hostname = "lilith@bms-cab";
{
hostname = "lilith@bms-cab";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab";
}
# marco
{ hostname = "marco@the-flesh-portal";
wg = "mttUSatpYdEOmHqnzo7HdhuvTkMpz1Np8kMtsIz6nTY=";
{
hostname = "swag@BMW-M550d-xDrive"; # mayflower 2
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1fJn2ZY9fhBr4E1Gc91uRWS5r+EZ4OHy3RmuAjx7kr swag@BMW-M550d-xDrive";
}
]

167
hosts/lucent-firepit/default.nix → hosts/dark-firepit/default.nix
View File

@ -4,23 +4,20 @@ let
keys = import ./authorizedKeys.nix;
fetchSSH = (host: lib._.getSSH host keys);
fetchSSHKeys = map fetchSSH;
agenixPkg = inputs.agenix.packages.${pkgs.system}.default;
in {
imports = [
./hardware-configuration.nix
./minecraft
./minecraft.nix
./srb2k.nix
./yugoslavia-best.nix
./webapps/default.nix
inputs.nix-minecraft.nixosModules.minecraft-servers
#inputs.watch-party.nixosModules.watch-party
inputs.cohost-blogger.nixosModules.cohost-blogger
inputs.nlw-api.nixosModules.nlw-api
inputs.vscode-server.nixosModules.default
(fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master")
];
services.vscode-server.enable = true;
# services.auto-fix-vscode-server.enable = true;
# services.vscode-server.enable = true;
user = {
packages = with pkgs; [
@ -29,8 +26,6 @@ in {
];
};
services.logrotate.checkConfig = false;
users.groups.dotfiles = {};
users.groups.yugoslavia = {};
@ -38,20 +33,19 @@ in {
# aether??? is that... reference.../.??? aether https://www.curseforge.com/minecraft/mc-mods/aether mod Curseforge minecraft Forge Patreon Chat twitter code license Assets license All rights reserved categories Last Updated apr 17 2021 Game Version 1.12.2 aether
aether = {
conf = {
packages = with pkgs; [ bat duf broot helix nil packwiz ];
packages = with pkgs; [ bat duf broot nftables tmux bottom writefreely helix ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"aether@subsurface"
"aether@phone"
"aether@Aethers-Mini.station"
];
};
homeConf.home = {
sessionVariables = {
EDITOR = "hx";
EDITOR = "nvim";
NIX_REMOTE = "daemon";
};
};
@ -60,27 +54,24 @@ in {
# oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft???????
oatmealine = {
conf = {
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep agenixPkg ];
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"oatmealine@void-defragmented"
"oatmealine@beppy-phone"
"oatmealine@boykisser"
"oatmealine@seven-red-suns"
];
};
homeConf.home = {
sessionVariables = {
#EDITOR = lib.trace (lib.readFile age.secrets.huge-furry-cock.path) "micro";
EDITOR = "micro";
NIX_REMOTE = "daemon";
};
};
};
# i yearn for the day this name ceases to mean
mayflower = {
conf = {
packages = with pkgs; [ micro tmux ];
@ -101,17 +92,17 @@ in {
};
};
#winter = {
# conf = {
# packages = with pkgs; [ micro ];
# shell = pkgs.unstable.fish;
# extraGroups = [ "wheel" "nix-users" "dotfiles" ];
# initialHashedPassword = "!";
# openssh.authorizedKeys.keys = fetchSSHKeys [
# "lilith@bms-cab"
# ];
# };
#};
winter = {
conf = {
packages = with pkgs; [ micro ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" ];
initialHashedPassword = "!";
openssh.authorizedKeys.keys = fetchSSHKeys [
"lilith@bms-cab"
];
};
};
};
keyboard = {
@ -119,6 +110,8 @@ in {
variant = "qwerty";
};
services.vscode-server.enable = true;
modules = {
shell.fish.enable = true;
security.isLocalMachine = false;
@ -131,10 +124,8 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt mayflower"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrlqH2OShvXdzq1sV5IDuWQzeC9OHBVvwj0+Y0XXwi7 mayflower-thinkpad"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBKMXTLBJ5iIPiO9jiN+AHWxpgG1kcdI0h23+G1FLMnK+xhkmaP9Vjr9QbqQ4mmRqfGERfJW5H2/OvTEUXnrkAp1Jc8oPrc14/auwKivtbMC5tsWzioDMbcAYKrcP37D3Kw1P7nzSyAz3QsRXBRx26OE5NeTo4YfGl/TOkQnoBCDTt8kcziWEvUVeOgnHf3hnszs2H4P6RAyOqjuOH6BWhtbKsCHThTHaAadLgeH5nB1WXLYqG2N1KEzAhj8WBBzPmeZcMMRr5xkqYVj14cd+9syEaenV+wXapoPyDtOb6YtOKArN9RkT0OOqQk17OzxvGqHUEXQ4eGmNgc8BLsGJn rsa-key-20230402"
#fetchSSH "oatmealine@void-defragmented"
#fetchSSH "oatmealine@beppy-phone"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAIphRdy+g7zfj+KxfONoD24lzk+/mGhQ0EnOe8QGf8 oatmealine@disroot.org" # gh actions
];
packages = with pkgs; [ tmux micro ];
shell = pkgs.unstable.fish;
@ -158,9 +149,9 @@ in {
interfaces."wg0" = import ./wireguardInterface.nix;
};
dendrite = {
enable = true;
hostDomain = "dark-firepit.cloud";
jillo = {
enable = false;
dataDir = "/var/lib/jillo";
};
terraria = {
@ -172,74 +163,13 @@ in {
autoCreatedWorldSize = "large";
dataDir = "/var/lib/terraria";
};
nextcloud = {
enable = false;
domain = "nextcloud.dark-firepit.cloud";
};
jmusicbot = let
baseOptions = {
owner = 276416332894044160;
game = "Listening to your heartbeat :heart";
status = "ONLINE";
songinstatus = true;
success = "<:observer:1004408859831586907>";
warning = "<:slugclose:1000202980403974144>";
error = "🚫!!!!! 🚫🚫🚫 >:((((";
loading = "<:handsl:966010145698086993><:handsr:966010145886830692>";
searching = "<:scripulous_fingore_point:1012777703323222087><:scripulous_fingore:1012777704455667754>";
npimages = true;
stayinchannel = true;
updatealerts = false;
aliases = {
nowplaying = [ "np" "current" ];
play = [ "p" ];
queue = [ "list" "q" ];
remove = [ "delete" "d" ];
skip = [ "s" ];
forceskip = [ "fs" ];
movetrack = [ "move" "m" ];
};
queuetype = "REGULAR";
};
in {
enable = true;
instances = {
"jomble" = {
enable = true;
package = pkgs._.gmusicbot;
options = baseOptions // {
token = lib.removeSuffix "\n" (builtins.readFile /etc/jomble_token);
prefix = ";";
};
};
"jillo" = {
enable = true;
package = pkgs._.gmusicbot;
options = baseOptions // {
token = lib.removeSuffix "\n" (builtins.readFile /etc/jillo_token);
prefix = ":";
};
};
};
};
};
};
programs.fish.enable = true;
security.doas = {
extraRules = [
{ users = [ "aether" ]; noPass = false; persist = true; keepEnv = true; }
{ users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
{ users = [ "remote" ]; noPass = true; persist = false; keepEnv = true; }
];
};
@ -254,37 +184,38 @@ in {
# https://nixos.org/manual/nixos/stable/options.html#opt-networking.enableB43Firmware
# temporarily disabled
# enableIPv6 = true;
enableIPv6 = false;
usePredictableInterfaceNames = false;
interfaces.eth0 = {
ipv4.addresses = [{
address = "46.4.96.113";
# prefixLength = 27;
interfaces.eno1.ipv4.addresses = [
{ address = "51.89.98.8";
prefixLength = 24;
}];
}
];
/*
ipv6.addresses = [{
address = "2a01:4f8:140::1";
prefixLength = 64;
}];
*/
};
defaultGateway = "46.4.96.97";
/*
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
*/
defaultGateway = "51.89.98.254";
nameservers = [ "8.8.8.8" "1.1.1.1" ];
#interfaces.eno1.ipv6.addresses = [
# { address = "2001:41d0:0700:3308::";
# prefixLength = 64;
# }
#
# { address = "2001:41d0:0700:33ff::";
# prefixLength = 64;
# }
#];
#defaultGateway6 = {
# address = "2001:41d0:0700:33ff:00ff:00ff:00ff:00ff";
# address = "33ff::1";
# address = "2001::1";
# interface = "eno1";
#};
firewall.allowPing = true;
# minecraft proximity voice chat
firewall.allowedTCPPorts = [ 24454 24464 25567 25577 4499 21025 21027 ];
firewall.allowedUDPPorts = [ 24454 24464 25567 25577 4499 21025 21027 ];
firewall.allowedTCPPorts = [ 24454 25567 4499 ];
firewall.allowedUDPPorts = [ 24454 25567 4499 ];
};
# environment.etc."dhcpcd.duid".text = "d0:50:99:d4:04:68:d0:50:99:d4:04:68";

33
hosts/lucent-firepit/hardware-configuration.nix → hosts/dark-firepit/hardware-configuration.nix
View File

@ -9,12 +9,12 @@
initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelPackages = pkgs.linuxPackages_hardened;
kernelModules = [ "kvm-amd" ];
kernelModules = [ "kvm-intel" ];
loader = {
# and them squiggles steady shifting in the wind
grub.enable = lib.mkForce false;
systemd-boot.enable = true;
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
};
};
@ -29,10 +29,7 @@
# i don't know of a cleaner way to do this, and i
# don't want to deal with ghost any longer than i
# already have, so This Will Do
#
# edit: ghost is now dead! we're going back to true.
# rest in piss ghost, you will be forgotten
nix.settings.sandbox = true;
nix.settings.sandbox = false;
modules.hardware.fs = {
enable = true;
@ -42,25 +39,21 @@
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2fb43a32-d7c2-4ed1-97c6-4588d731a132";
device = "/dev/disk/by-uuid/819f03bb-73d2-4ae1-9fd2-01099e8efae6";
fsType = "xfs";
options = [
"noatime"
"nodiratime"
"discard"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/7192-FE7C";
device = "/dev/disk/by-uuid/D018-F9AF";
fsType = "vfat";
};
};
swapDevices = [ ];
swapDevices = [
{ device = "/dev/disk/by-uuid/01ba93e4-71e3-404d-9549-351e22130185"; }
{ device = "/dev/disk/by-uuid/dee63218-1666-4035-8d63-b9e0e0b2cd28"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

113
hosts/dark-firepit/minecraft.nix Normal file
View File

@ -0,0 +1,113 @@
{ config, lib, pkgs, ... }:
with lib;
let
in {
config = {
modules.services.minecraft = {
enable = true;
servers = {
"dark-firepit" = {
enable = false;
#autoStart = false;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = 0;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
};
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx6G";
};
"n3ko-test" = {
enable = true;
autoStart = true;
openFirewall = true;
serverProperties = {
server-port = 25595;
gamemode = 1;
motd = "N3KO SMP Testing server";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
#level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d";
};
package = pkgs.fabricServers.fabric-1_18_2;
jvmOpts = "-Xmx4G";
};
"gbj" = {
enable = true;
autoStart = true;
openFirewall = true;
serverProperties = {
server-port = 25585;
gamemode = 0;
motd = "gay baby jail";
max-players = 16;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
level-type = "terra:overworld/overworld";
white-list = true;
view-distance = 32;
};
whitelist = {
UnderSunandSky = "b788f46e-50a2-4af3-a668-15ae393c59d8";
PianoBoyBenini = "042d6cef-6194-46b4-9bfc-87b3c4cdf94a";
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
Starblazerz128 = "d45eb172-8360-42fd-a185-ab2197b71f9a";
Chevreau = "b594ba84-f10c-42ff-83a6-8046f90ad0b8";
Yarn01 = "40fee73f-d4b3-47c6-adf7-fe7c717a1f55";
"1C3doggo" = "48c3a077-9e3b-47a6-b17b-4ed0b1bc33b2";
CosmicCats = "32148b79-12a8-48f1-b158-3c97c45e39e5";
m3bo = "6e33434c-1ec0-4c69-9dad-b32b1197496e";
SomewhatSyl = "d8bac1ef-27d5-4c94-a9e7-e2d079edef22";
Nightmare_Tank = "92840daa-823e-4b8e-9741-be296147e823";
JDavisBro = "e8529c4b-701e-46c5-a8d7-0dfb0e0b642d";
Ironic_queen = "443fe20d-77e0-4a4a-8bb7-a4b9ad654550";
azurehaiku = "fd7aba33-4307-4eba-aa63-70bc3e38a2d7";
TryHardGamerTV = "8273b84d-a687-49fb-98de-a3e626e26c3b";
"_AtlasFox_" = "0ce1bbe0-ea57-463c-8df3-4c046dc6eff2";
};
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx4G";
};
};
};
systemd.services.minecraft-server-dark-firepit.serviceConfig = {
# packwiz workaround
# https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072
# TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate
#ExecStartPre = [
# ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"''
#];
};
};
}

6
hosts/dark-firepit/secrets/secrets.nix Normal file
View File

@ -0,0 +1,6 @@
let
keys = import ../authorizedKeys.nix;
"subsurface.aether" = keys."aether@subsurface".ssh;
in
{}

0
hosts/lucent-firepit/srb2k.nix → hosts/dark-firepit/srb2k.nix
View File

127
hosts/lucent-firepit/webapps/default.nix → hosts/dark-firepit/webapps/default.nix
View File

@ -4,28 +4,6 @@ with lib;
let
in {
config = {
services.cohost-blogger = {
enable = true;
domain = "blog.oat.zone";
port = 3500;
};
services.nlw-api = {
enable = true;
domain = "nlw.oat.zone";
apiKey = builtins.readFile /etc/sheets-api-key;
#apiKey = "";
port = 1995;
};
services.cardgen = {
enable = true;
port = 25290;
};
services.gd-icon-renderer-web = {
enable = true;
port = 3435;
domain = "gdicon.oat.zone";
};
modules = {
services = {
#nextcloud = {
@ -40,11 +18,10 @@ in {
# domain = "blog.dark-firepit.cloud";
#};
forgejo = {
gitea = {
enable = true;
domain = "git.oat.zone";
port = 3000;
enableActions = true;
};
matrix.conduit = {
@ -54,7 +31,7 @@ in {
vaultwarden = {
enable = true;
domain = "vault.dark-firepit.cloud";
domain = "vault.aether.gay";
};
# not entirely necessary but makes it so that invalid domains and/or direct ip access aborts connection
@ -73,12 +50,10 @@ in {
"giger.yugoslavia.fishing".dataDir = "/var/www/giger.yugoslavia.fishing";
"modfiles.oat.zone".dataDir = "/var/www/modfiles.oat.zone";
"shop.yugoslavia.best".dataDir = "/var/www/shop.yugoslavia.best";
"shop.yugoslavia.best".forceSSL = false;
"tesco-underground-dev.oat.zone".dataDir = "/var/www/tesco-underground-dev.oat.zone";
"tesco-underground-dev.oat.zone".auth = { tesco = builtins.readFile /etc/tesco; };
"oat.zone".dataDir = "/var/www/oat.zone";
"oat.zone".php = true;
#"beta-blog.oat.zone".dataDir = "/var/www/beta.blog.oat.zone";
"yugoslavia.fishing".dataDir = "/var/www/yugoslavia.fishing";
"yugoslavia.fishing".php = true;
"educationmath.oat.zone".dataDir = "/var/www/proxy.oat.zone";
@ -86,26 +61,16 @@ in {
"educationmath.oat.zone".auth = { twh = builtins.readFile /etc/proxy_twh; };
"rivervalleychocolate.com".dataDir = "/var/www/rivervalleychocolate.com";
"rivervalleychocolate.com".php = true;
"play.mayf.pink".dataDir = "/var/www/play.mayf.pink/";
"play.mayf.pink".php = true;
"play.mayf.pink".phpHandlePathing = true;
"tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public";
"tac.yugoslavia.best".php = true;
"tac.yugoslavia.best".phpHandlePathing = true;
"pjsk.oat.zone".dataDir = "/var/www/pjsk.oat.zone";
"mayf.pink".dataDir = "/var/www/mayf.pink";
"mayf.pink".dataDir = "/var/www/mayf.pink/public";
"mayf.pink".php = true;
"mayf.pink".phpHandlePathing = true;
"promotion.yugoslavia.best".dataDir = "/var/www/promotion.yugoslavia.best/public";
"promotion.yugoslavia.best".php = true;
"promotion.yugoslavia.best".phpHandlePathing = true;
"promotion.yugoslavia.best".forceSSL = false;
"star.yugoslavia.best".dataDir = "/var/www/star.yugoslavia.best";
"star.yugoslavia.best".forceSSL = false;
#"wint0r.zone".dataDir = "/var/www/wint0r.zone";
#"puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone";
"femboy.industries".dataDir = "/var/www/femboy.industries";
} // (listToAttrs (map (value: {
name = "${value}.femboy.industries";
value = { dataDir = "/var/www/femboy.industries/_subdomains/${value}/"; };
}) ["sage"]));
"wint0r.zone".dataDir = "/var/www/wint0r.zone";
"puzzle.wint0r.zone".dataDir = "/var/www/puzzle.wint0r.zone";
};
nitter = {
enable = true;
@ -114,12 +79,6 @@ in {
domain = "nitter.oat.zone";
};
libreddit = {
enable = true;
domain = "libreddit.oat.zone";
port = 1950;
};
#watch-party = {
# enable = true;
# port = 1984;
@ -129,10 +88,23 @@ in {
enable = true;
};
metrics = {
code-server = {
enable = true;
domain = "grafana.dark-firepit.cloud";
port = 2342;
domain = "dev-firepit.oat.zone";
port = 4444;
};
ghost = {
enable = true;
domain = "blog.oat.zone";
port = 1357;
};
isso = {
enable = true;
port = 1995;
domain = "comments.oat.zone";
target = "blog.oat.zone";
};
};
};
@ -143,21 +115,6 @@ in {
locations."/f/".extraConfig = ''
add_header Access-Control-Allow-Origin "*";
'';
locations."/f/cards/gen".extraConfig = ''
rewrite /f/cards/gen/(.*) /$1 break;
proxy_pass http://127.0.0.1:25290;
proxy_redirect off;
'';
extraConfig = ''
error_page 404 /404.html;
error_page 403 /403.html;
'';
};
"femboy.industries" = {
locations."/_subdomains".extraConfig = ''
deny all;
return 404;
'';
};
# todo: move to flake
"gdpstest.oat.zone" = {
@ -172,25 +129,31 @@ in {
'';
};
# todo: move to flake
"jillo.oat.zone" = {
"gdicon.oat.zone" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:15385/";
proxyPass = "http://127.0.0.1:3436/";
};
};
"drawdog.oat.zone" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:33363/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
'';
};
# https://www.edwinwenink.xyz/posts/47-tilde_server/
# todo: fix this
"dark-firepit.cloud" = {
locations."~ ^/~([^/\\s]+?)(/[^\\s]*)?$".extraConfig = ''
add_header X-debug-message "/home/$1/www$2" always;
alias /home/$1/www$2;
index index.html index.htm;
autoindex on;
'';
};
"nitter.oat.zone" = {
locations."/".extraConfig = ''
if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') {
return 302 $scheme://fxtwitter.com$request_uri;
}
'';
};
#"git.oat.zone" = {

0
hosts/lucent-firepit/wireguardInterface.nix → hosts/dark-firepit/wireguardInterface.nix
View File

0
hosts/lucent-firepit/yugoslavia-best.nix → hosts/dark-firepit/yugoslavia-best.nix
View File

51
hosts/evolution/default.nix Normal file
View File

@ -0,0 +1,51 @@
{ pkgs, inputs, lib, ... }:
{
imports = [
./hardware-configuration.nix
];
user = {
packages = with pkgs; [
git
curl
helix
];
};
users.groups.dotfiles = {};
normalUsers = {
aether = {
conf = {
packages = with pkgs; [ bat duf broot bottom ];
shell = pkgs.fish;
extraGroups = [ "wheel" /* "nix-users" */ "dotfiles" ];
initialHashedPassword = "!";
};
homeConf.home = {
sessionVariables = {
EDITOR = "hx";
# NIX_REMOTE = "daemon";
};
};
};
};
keyboard = {
locale = "en_US.UTF-8";
variant = "qwerty";
};
time.timeZone = "Europe/Dublin";
modules = {
shell.fish.enable = true;
security.isLocalMachine = true;
hyprland.enable = true;
dev.zig.enable = true;
};
}

65
hosts/evolution/hardware-configuration.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, lib, pkgs, inputs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
# kernelPackages = pkgs.linuxPackages_hardened;
# kernelModules = [ "kvm-intel" ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
};
};
nix.settings.cores = 3;
nix.settings.max-jobs = 6;
# disabling this is what's considered a "Bad Idea"
# however it is required by packages/ghost.nix, which
# is borrowed from https://notes.abhinavsarkar.net/2022/ghost-on-nixos
#
# i don't know of a cleaner way to do this, and i
# don't want to deal with ghost any longer than i
# already have, so This Will Do
nix.settings.sandbox = false;
modules.hardware.fs = {
enable = true;
ssd.enable = true;
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a4278811-e227-4dea-b7a2-5eaaab003679";
fsType = "f2fs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/688D-5046";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a3611c1a-5d34-484d-9fda-e9af0806b13a"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

21
hosts/lucent-firepit/minecraft/dark-firepit.nix
View File

@ -1,21 +0,0 @@
"dark-firepit" = {
enable = false;
#autoStart = false;
openFirewall = true;
serverProperties = {
server-port = 25565;
gamemode = 0;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = darkFirepitWhitelist;
package = pkgs.minecraftServers.fabric-1_19_2;
jvmOpts = "-Xmx6G";
};

144
hosts/lucent-firepit/minecraft/default.nix
View File

@ -1,144 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
# https://git.sleeping.town/unascribed/unsup/releases
unsup = pkgs.fetchurl {
url = "https://git.sleeping.town/unascribed/unsup/releases/download/v0.2.3/unsup-0.2.3.jar";
hash = "sha256-DBMxiZwfUUiLqXYOMD8EUz4HubAZIEjAPmk32T0NYtA=";
};
mkUnsupINI = { url, extraConfig ? "" }: pkgs.writeTextFile {
name = "unsup.ini";
text = ''
version=1
preset=minecraft
source_format=packwiz
source=${url}
force_env=server
no_gui=true
'' + extraConfig;
};
gayrats = {
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
RustyMyHabibi = "e20305fa-a44c-44c9-b62e-6918e7c779d6";
Dj_Afganistan = "1f879917-1ad4-49c3-9908-90769ee73f85";
DumbDogDoodles = "d33e5e3b-85ab-4c93-a61b-605e2673fbe8";
SuneFoxie = "82e82ef9-ea17-4794-9051-928b5b8629c1";
FuzziestRedMoth = "21e1adf8-93f7-4173-a087-b3a9c02edec5";
hewoicvewse = "98e715cf-b1a4-4d50-9ed0-7d20fbdf240e";
numpad_7 = "44e6e6d7-770d-4afc-96b1-9999b61ced1d";
_Zydra = "0af7b31f-63a5-426d-8cee-6c54385856b6";
};
unsupINI = mkUnsupINI { url = "https://oat.zone/f/gayrats/pack.toml"; };
};
in {
config = {
modules.services.minecraft.enable = true;
modules.services.minecraft.servers = {
"gayrats" = import ./gayrats.nix {
inherit pkgs;
enable = false;
server-port = 25565;
inherit unsup;
inherit (gayrats) whitelist;
unsupINI = mkUnsupINI { url = "https://oat.zone/f/gayrats/pack.toml"; };
};
"gayrats-creative" = import ./gayrats-creative.nix {
inherit pkgs;
enable = false;
server-port = 25575;
inherit unsup;
inherit (gayrats) whitelist;
unsupINI = mkUnsupINI { url = "https://oat.zone/f/gayrats-creative/pack.toml"; };
};
"gay-capybaras" = import ./gay-capybaras.nix {
inherit pkgs;
enable = true;
server-port = 25505;
inherit unsup;
inherit (gayrats) whitelist;
unsupINI = mkUnsupINI { url = "https://aether.gay/f/gay-capybaras/pack.toml"; };
};
"n3ko-test" = import ./n3ko-test.nix {
inherit pkgs;
enable = false;
server-port = 25595;
};
"wafflecraft" = import ./wafflecraft.nix {
inherit pkgs;
inherit lib;
enable = false;
server-port = 25535;
inherit unsup;
unsupINI = mkUnsupINI {
url = "https://oat.zone/f/wafflecraft/pack.toml";
extraConfig = ''
[flavors]
shaders=no_shaders
minimap=no_minimap
barrel_roll=no_barrel_roll
'';
};
};
"modfest-build" = let
unsupINI = mkUnsupINI {
url = "https://raw.githack.com/ModFest/modfest-1-20/main/pack/pack.toml";
};
in {
enable = false;
package = pkgs.fabricServers."fabric-1_20_4".override { loaderVersion = "0.15.3"; };
jvmOpts = ((import ./mc-flags.nix) "4G") + " -javaagent:${unsup}";
openFirewall = true;
serverProperties = {
server-port = 25525;
gamemode = 1;
motd = "modfest build server !";
white-list = true;
max-players = 128;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
};
symlinks = {
"unsup.ini" = unsupINI;
};
};
};
systemd.services.minecraft-server-dark-firepit.serviceConfig = {
# packwiz workaround
# https://github.com/Infinidoge/nix-minecraft/issues/12#issuecomment-1235999072
# TODO: this doesn't work!!! it just goes "error code 1" and refuses to elaborate
#ExecStartPre = [
# ''cd "/srv/minecraft/dark-firepit"; nix-shell -p adoptopenjdk-hotspot-bin-16 --run "java -jar /srv/minecraft/dark-firepit/packwiz-installer-bootstrap.jar -g 'https://dark-firepit.oat.zone/Fire Pit 1.19.2/pack.toml'"''
#];
};
};
}

29
hosts/lucent-firepit/minecraft/gay-capybaras.nix
View File

@ -1,29 +0,0 @@
{ pkgs, enable ? false, server-port, whitelist, unsup, unsupINI, ... }:
{
inherit enable;
autoStart = true;
openFirewall = true;
inherit whitelist;
serverProperties = {
inherit server-port;
gamemode = 0;
motd = "dark-firepit, 1.20.1 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
};
symlinks = { "unsup.ini" = unsupINI; };
package = pkgs.fabricServers."fabric-1_20_1".override { loaderVersion = "0.15.6"; };
# package = pkgs.fabricServers."fabric-1_20_1";
jvmOpts = "-Xmx6G -javaagent:${unsup}";
}

27
hosts/lucent-firepit/minecraft/gayrats-creative.nix
View File

@ -1,27 +0,0 @@
{ pkgs, enable ? false, server-port, whitelist, unsup, unsupINI, ... }:
{
inherit enable;
autoStart = true;
openFirewall = true;
inherit whitelist;
serverProperties = {
inherit server-port;
gamemode = 1;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
};
symlinks = { "unsup.ini" = unsupINI; };
package = pkgs.fabricServers."fabric-1_19_2".override { loaderVersion = "0.14.17"; };
jvmOpts = "-Xmx6G -javaagent:${unsup}";
}

28
hosts/lucent-firepit/minecraft/gayrats.nix
View File

@ -1,28 +0,0 @@
{ pkgs, enable ? false, server-port, whitelist, unsup, unsupINI, ... }:
{
inherit enable;
autoStart = true;
openFirewall = true;
inherit whitelist;
serverProperties = {
inherit server-port;
gamemode = 0;
motd = "dark-firepit, 1.19.2 Fabric";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
};
symlinks = { "unsup.ini" = unsupINI; };
package = pkgs.fabricServers."fabric-1_19_2".override { loaderVersion = "0.14.17"; };
jvmOpts = "-Xmx6G -javaagent:${unsup}";
}

1
hosts/lucent-firepit/minecraft/mc-flags.nix
View File

@ -1 +0,0 @@
memory: "-Xms${memory} -Xmx${memory} -XX:+UseShenandoahGC"

27
hosts/lucent-firepit/minecraft/n3ko-test.nix
View File

@ -1,27 +0,0 @@
{ pkgs, enable ? false, server-port, ... }:
{
inherit enable;
autoStart = true;
openFirewall = true;
serverProperties = {
inherit server-port;
gamemode = 1;
motd = "N3KO SMP Testing server";
white-list = true;
max-players = 8;
allow-flight = true;
enable-command-block = true;
enforce-secure-profile = false;
#level-type = "terra:overworld/overworld";
snooper-enabled = false;
spawn-protection = 0;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
Cardboxneko = "3d406152-008c-4ec9-bf49-44c883baca6d";
};
package = pkgs.fabricServers.fabric-1_18_2;
jvmOpts = "-Xmx4G";
}

45
hosts/lucent-firepit/minecraft/wafflecraft.nix
View File

@ -1,45 +0,0 @@
{ pkgs, lib, enable ? false, server-port, unsup, unsupINI, ... }:
{
inherit enable;
autoStart = true;
openFirewall = true;
serverProperties = {
inherit server-port;
gamemode = "survival";
motd = "wafflecraft Real";
max-players = 32;
allow-flight = true;
enable-command-block = false;
enforce-secure-profile = false;
snooper-enabled = false;
spawn-protection = 0;
white-list = true;
view-distance = 16;
};
whitelist = {
oatmealine = "241d7103-4c9d-4c45-9464-83b5365ce48e";
plightshift = "de87f3e6-d44f-40af-8bff-48828694b616";
mangoafterdawn = "840ad485-1060-4bcf-8730-c552e5c8d62a";
drazilspirits = "1d912f45-978b-4edc-b026-26bd5ed6ce31";
segaskullll = "e6d510e6-a1d3-4801-8a5e-52d2c75b2446";
Tetaes = "4b149260-d56e-4835-b3f6-2dce173a92a5";
sorae_ = "9639d272-4c20-459d-adea-4aa89ee3cdc1";
GelloISMello = "a2883a99-fe5d-454d-98b9-d65e4cec7e7e";
Triplejy2k = "dced0fad-3802-4544-aaad-64d8fd12b1e8";
RAKKIIsan = "0706e583-82e3-478c-8769-1131fb9aef5d";
CyberBlue = "151bea19-3d16-45eb-8ae3-3057cde8e8f4";
numpad_7 = "44e6e6d7-770d-4afc-96b1-9999b61ced1d";
CERiNG = "8dd710ce-fd30-45a5-9252-739d3c03df19";
electr1ca = "c18dcc3b-6c11-42e9-b7d8-4b458ea7017d";
bigboyty69 = "ed735421-c22b-467a-9eac-5c08437ea3e8";
};
symlinks = { "unsup.ini" = unsupINI; };
# this is UGLY as FUCK; but unfortunately https://github.com/Infinidoge/nix-minecraft/issues/15
package = pkgs.jdk17;
jvmOpts = "-Xmx6G -javaagent:${unsup} "
+ lib.replaceStrings ["\n"] [" "] (lib.readFile "/srv/minecraft/wafflecraft/libraries/net/minecraftforge/forge/1.18.2-40.2.1/unix_args.txt");
}

115
hosts/lucent-firepit/og/configuration.nix
View File

@ -1,115 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

63
hosts/lucent-firepit/og/hardware-configuration.nix
View File

@ -1,63 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/nix/.ro-store" =
{ device = "/nix/store/bg6n34zcsz3vil02fjf7lk35xli2ssd6-squashfs.img (deleted)";
fsType = "squashfs";
options = [ "loop" ];
};
fileSystems."/nix/.rw-store" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/nix/store" =
{ device = "overlay";
fsType = "overlay";
};
fileSystems."/mnt" =
{ device = "/dev/disk/by-uuid/2fb43a32-d7c2-4ed1-97c6-4588d731a132";
fsType = "xfs";
};
fileSystems."/mnt/boot" =
{ device = "/dev/disk/by-uuid/ABFD-C238";
fsType = "vfat";
};
fileSystems."/mnt/mnt" =
{ device = "/dev/disk/by-uuid/b5adde13-80af-4314-b0d5-ab79b10cc078";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

BIN
hosts/lucent-firepit/secrets/huge-furry-cock.age
View File

Binary file not shown.

9
hosts/lucent-firepit/secrets/secrets.nix
View File

@ -1,9 +0,0 @@
let
userKeys = builtins.catAttrs "ssh" (import ../authorizedKeys.nix);
systemKeys = [
# /etc/ssh/ssh_host_ed25519_key.pub
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHp0gLv1FiavpvnXinySlZsWrNkAzo4c8GWvN2WRhQqn root@lucent-firepit"
];
in {
"huge-furry-cock.age".publicKeys = userKeys ++ systemKeys;
}

31
modules/agenix.nix
View File

@ -1,31 +0,0 @@
{ options, lib, inputs, pkgs, config, ... }:
with builtins;
with lib;
with lib._;
let
inherit (inputs) agenix;
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
secretsFile = "${secretsDir}/secrets.nix";
in {
imports = [ agenix.nixosModules.default ];
age = let
# ugly, lazy, but works
users = map (user: "/home/${user}/.ssh") (attrNames (readDir "/home/"));
usersWithKeys = filter (path: pathExists path) users;
userIdentityPaths = concatLists (map (keysPath:
let
# find all files that are id_* and not *.pub
# todo: maybe make a startsWith / endsWith?
files = map (f: keysPath + "/" + f)
(filter (f: (substring 0 3 f == "id_") && (substring (stringLength f - 4) 4 f != ".pub"))
(attrNames (readDir keysPath)));
in files) usersWithKeys);
in {
secrets = mkMerge (map (x: {"${x}".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
identityPaths = options.age.identityPaths.default ++ userIdentityPaths;
};
}

2
modules/dev/dev.nix
View File

@ -5,6 +5,8 @@ with lib;
config = {
environment.systemPackages = with pkgs; [
valgrind
gcc
musl
# nix-linter
];
};

4
modules/dev/rust.nix
View File

@ -14,7 +14,9 @@ in {
config = mkIf cfg.enable {
user.packages = with pkgs; [
cargo
rustc
rust-analyzer
libiconv
glibc
];
environment.sessionVariables.RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";

1
modules/dev/zig.nix
View File

@ -15,6 +15,7 @@ in {
config = mkIf cfg.enable {
user.packages = with pkgs; [
zig
zls
];
};
}

17
modules/editors/helix.nix
View File

@ -1,17 +0,0 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.editors.helix;
in {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
};
}

31
modules/hyprland.nix
View File

@ -11,19 +11,16 @@ in {
};
};
/*
config = mkIf cfg.enable {
programs.hyprland = {
enable = true;
};
#programs.hyprland = {
# enable = true;
#};
# this was failing to build so i removed it. sorry!!!!!!
# -oat
# look outside your window!!!
# -aether
# ok done (i removed it again)
# -oat
# Do not trust the [Flower].
# -aether
user.packages = with pkgs; [
grim
@ -32,8 +29,11 @@ in {
brightnessctl
gammastep
wdisplays
nwg-launchers
wezterm
];
home-manager.sharedModules = [ inputs.hyprland.homeManagerModules.default ];
home._.wayland.windowManager.hyprland = {
enable = true;
extraConfig = ''
@ -49,14 +49,12 @@ in {
}
general {
main_mod = SUPER
gaps_in = 4
gaps_out = 4
border_size = 2
col.active_border = rgba(f7cd23ff)
col.inactive_border = rbga(0f0f0fff)
col.active_border = 0xfff7cd23
col.inactive_border = 0xff0f0f0f
cursor_inactive_timeout = 5
damage_tracking = full
layout = dwindle
}
@ -73,8 +71,8 @@ in {
drop_shadow = true
shadow_range = 4
shadow_render_
col.shadow = rgba(0f0f0f33)
col.shadow_inactive = rgba(0f0f0f1e)
col.shadow = 0x330f0f0f
col.shadow_inactive = 0x1e0f0f0f
}
gestures {
@ -82,19 +80,19 @@ in {
}
animations {
enable = true
enabled = true
bezier = workspacesBezier, 0.1, 0.9, 0.1, 0.9
bezier = fadeBezier, 0, 0, 0.6, 1
animation = fade, 1, 8, fadeBezier
animation = windows, 1, 8, fadeBezier, popin 60%
animation = workspaces, 1, 4, workspacesbezier, slide
animation = workspaces, 1, 4, workspacesBezier, slide
}
$mainMod = SUPER
bind = $mainMod, enter, exec, alacritty
bind = $mainMod, enter, exec, wezterm
bind = $mainMod, C, killactive,
bind = $mainMod, P, exec, nwggrid
@ -125,5 +123,4 @@ in {
'';
};
};
*/
}
}

10
modules/security.nix
View File

@ -35,8 +35,8 @@ in {
}
];
boot.tmp.useTmpfs = lib.mkDefault true;
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
boot.tmpOnTmpfs = lib.mkDefault true;
boot.cleanTmpDir = lib.mkDefault (!config.boot.tmpOnTmpfs);
security.rtkit.enable = true;
@ -51,7 +51,11 @@ in {
security.sudo.enable = false;
security.doas = {
enable = true;
extraRules = if cfg.isLocalMachine then [{ users = builtins.attrNames config.defaultUsers; keepEnv = true; noPass = true; }] else [];
extraRules = if cfg.isLocalMachine then [{
users = builtins.attrNames config.normalUsers;
keepEnv = true;
noPass = true;
}] else [];
};
boot.kernel.sysctl = {

61
modules/services/code-server.nix Normal file
View File

@ -0,0 +1,61 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.code-server;
in {
options.modules.services.code-server = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "dev-firepit.oat.zone";
};
port = mkOption {
type = types.int;
default = 4444;
};
};
config = mkIf cfg.enable {
services = {
code-server = {
enable = true;
port = cfg.port;
# temporary
auth = "password";
# temporary
hashedPassword = removeSuffix "\n" (builtins.readFile /etc/code-server-password);
extraPackages = with pkgs; [ git nix nixpkgs-fmt ];
};
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
'';
};
locations."= /robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
};
users.users.code-server = {
extraGroups = [ "nix-users" "dotfiles" ];
shell = pkgs.unstable.fish;
};
};
}

27
modules/services/dark-firepit-oat-zone.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.dark-firepit-oat-zone;
in {
options.modules.services.dark-firepit-oat-zone = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "dark-firepit.oat.zone";
};
};
config = mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/dark-firepit.oat.zone";
};
};
};
}

108
modules/services/dendrite.nix
View File

@ -1,108 +0,0 @@
{ pkgs, config, lib, options, ... }:
with lib;
let
cfg = config.modules.services.dendrite;
fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
maxUploadMegabytes = 600;
in {
options.modules.services.dendrite = {
enable = mkOption {
type = types.bool;
default = false;
};
hostDomain = mkOption {
type = types.str;
default = null;
};
prefix = mkOption {
type = types.str;
default = "matrix";
};
port = mkOption {
type = types.port;
default = 8008;
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.hostDomain != null;
description = "@config.modules.services.dendrite.hostDomain@ must not equal null";
}
];
services.dendrite = {
enable = true;
httpPort = cfg.port;
# httpsPort = cfg.port;
tlsCert = "/var/lib/dendrite_keys/server.crt";
tlsKey = "/var/lib/dendrite_keys/server.key";
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
environmentFile = "/var/lib/dendrite_keys/registration_secret";
settings = {
global = {
server_name = cfg.hostDomain;
private_key = "/var/lib/dendrite_keys/private/private_key.pem";
presence = {
enable_inbound = true;
enable_outbound = true;
};
};
client_api = {
registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
};
media_api = {
max_file_size_bytes = maxUploadMegabytes;
dynamic_thumbnails = true;
};
};
};
services.nginx.virtualHosts."${fullDomain}" = {
forceSSL = true;
enableACME = true;
#listen = [
# { addr = "0.0.0.0";
# port = 443;
# ssl = true;
# }
# { addr = "[::]";
# port = 443;
# ssl = true;
# }
#];
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-RealIP $remote_addr;
proxy_read_timeout 600;
client_max_body_size ${toString maxUploadMegabytes}M;
'';
};
services.nginx.virtualHosts."${cfg.hostDomain}" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
locations."/.well-known/matrix/client".extraConfig = ''
add_header Access-Control-Allow-Origin '*';
return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
};
}

158
modules/services/ghost.nix Normal file
View File

@ -0,0 +1,158 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.services.ghost;
# user used to run the Ghost service
userName = builtins.replaceStrings [ "." ] [ "_" ] cfg.domain;
in {
options.modules.services.ghost = {
enable = mkOption {
type = types.bool;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs._.ghost;
};
domain = mkOption {
type = types.str;
default = "blog.oat.zone";
};
port = mkOption {
type = types.int;
default = 1357;
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/${userName}";
};
};
config = let
# directory used to save the blog content
dataDir = cfg.dataDir;
# script that sets up the Ghost content directory
setupScript = pkgs.writeScript "${cfg.domain}-setup.sh" ''
#! ${pkgs.stdenv.shell} -e
chmod g+s "${dataDir}"
[[ ! -d "${dataDir}/content" ]] && cp -r "${cfg.package}/content" "${dataDir}/content"
chown -R "${userName}":"${userName}" "${dataDir}/content"
chmod -R +w "${dataDir}/content"
ln -f -s "/etc/${cfg.domain}.json" "${dataDir}/config.production.json"
[[ -d "${dataDir}/current" ]] && rm "${dataDir}/current"
ln -f -s "${cfg.package}/current" "${dataDir}/current"
[[ -d "${dataDir}/content/themes/casper" ]] && rm "${dataDir}/content/themes/casper"
ln -f -s "${cfg.package}/current/content/themes/casper" "${dataDir}/content/themes/casper"
'';
in lib.mkIf cfg.enable {
# Creates the user and group
users.users.${userName} = {
isSystemUser = true;
group = userName;
createHome = true;
home = dataDir;
};
users.groups.${userName} = { };
# Creates the Ghost config
environment.etc."${cfg.domain}.json".text = ''
{
"url": "https://${cfg.domain}",
"server": {
"port": ${toString cfg.port},
"host": "0.0.0.0"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "${userName}",
"database": "${userName}",
"password": "",
"socketPath": "/run/mysqld/mysqld.sock"
}
},
"mail": {
"transport": "sendmail"
},
"logging": {
"transports": ["stdout"]
},
"paths": {
"contentPath": "${dataDir}/content"
}
}
'';
# Sets up the Systemd service
systemd.services."${cfg.domain}" = {
enable = true;
description = "${cfg.domain} ghost blog";
restartIfChanged = true;
restartTriggers =
[ cfg.package config.environment.etc."${cfg.domain}.json".source ];
requires = [ "mysql.service" ];
after = [ "mysql.service" ];
path = [ pkgs.nodejs pkgs.vips ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = userName;
Group = userName;
WorkingDirectory = dataDir;
# Executes the setup script before start
ExecStartPre = setupScript;
# Runs Ghost with node
ExecStart = "${pkgs.nodejs}/bin/node current/index.js";
# Sandboxes the Systemd service
AmbientCapabilities = [ ];
CapabilityBoundingSet = [ ];
KeyringMode = "private";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [ ];
RestrictNamespaces = true;
RestrictRealtime = true;
};
environment = { NODE_ENV = "production"; };
};
# Sets up the blog virtual host on NGINX
services.nginx.virtualHosts.${cfg.domain} = {
# Sets up Lets Encrypt SSL certificates for the blog
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };
extraConfig = ''
charset UTF-8;
add_header Strict-Transport-Security "max-age=2592000; includeSubDomains" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
'';
};
# Sets up MySQL database and user for Ghost
services.mysql = {
ensureDatabases = [ userName ];
ensureUsers = [{
name = userName;
ensurePermissions = { "${userName}.*" = "ALL PRIVILEGES"; };
}];
};
};
}

43
modules/services/forgejo.nix → modules/services/gitea.nix
View File

@ -2,9 +2,9 @@
with lib;
let
cfg = config.modules.services.forgejo;
cfg = config.modules.services.gitea;
in {
options.modules.services.forgejo = {
options.modules.services.gitea = {
enable = mkOption {
type = types.bool;
default = false;
@ -17,55 +17,30 @@ in {
type = types.int;
default = 3000;
};
package = mkOption {
type = types.package;
default = pkgs.unstable.forgejo;
};
enableActions = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
virtualisation.docker.enable = cfg.enableActions;
services = {
gitea = {
enable = true;
package = cfg.package;
package = pkgs.unstable.gitea;
domain = cfg.domain;
httpPort = cfg.port;
rootUrl = "https://${cfg.domain}/";
stateDir = "/var/lib/${cfg.domain}";
appName = "Forgejo: dark-firepit hosted Git";
appName = "Gitea: dark-firepit hosted Git";
database = {
type = "postgres";
name = "gitea";
};
settings = mkMerge [ (builtins.fromTOML (builtins.readFile "/etc/dotfiles/config/forgejo/app.toml")) {
settings = mkMerge [ (builtins.fromTOML (builtins.readFile "/etc/dotfiles/config/gitea/app.toml")) {
"ui.meta" = {
AUTHOR = "dark-firepit.cloud";
AUTHOR = "aether & oat";
DESCRIPTION = "dark-firepit's shared git instance";
};
"server" = {
DOMAIN = cfg.domain;
HTTP_PORT = cfg.port;
ROOT_URL = "https://${cfg.domain}/";
};
"actions" = {
ENABLED = cfg.enableActions;
};
}];
};
gitea-actions-runner = mkIf cfg.enableActions {
instances."${config.networking.hostName}" = {
enable = true;
name = "ci";
url = "https://${cfg.domain}/";
labels = []; # use the packaged instance list
token = removeSuffix "\n" (builtins.readFile "/etc/forgejo-runner-token");
};
};
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;

82
modules/services/isso.nix Normal file
View File

@ -0,0 +1,82 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.isso;
in {
options.modules.services.isso = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "comments.oat.zone";
};
target = mkOption {
type = types.str;
default = "blog.oat.zone";
};
port = mkOption {
type = types.port;
default = 1550;
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/isso";
};
};
config = mkIf cfg.enable {
services = {
isso = {
enable = true;
settings = {
general = {
dbpath = "${cfg.dataDir}/comments.db";
host = "https://${cfg.target}";
latest-enabled = true;
};
server = {
listen = "http://localhost:${toString cfg.port}";
samesite = "Lax";
public-endpoint = "https://${cfg.domain}";
};
guard = {
enabled = true;
require-author = true;
ratelimit = 4;
};
admin = {
enabled = true;
password = removeSuffix "\n" (builtins.readFile /etc/isso_admin_pass);
};
};
};
nginx.enable = true;
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
systemd.services.isso.serviceConfig = {
preStart = ''
umask u=rwx,g=rwx,o=rx
mkdir -p ${cfg.dataDir}
cd ${cfg.dataDir}
${pkgs.coreutils}/bin/chown -R isso:isso .
${pkgs.coreutils}/bin/chmod -R 775 .
'';
};
};
}

372
modules/services/jmusicbot.nix
View File

@ -1,372 +0,0 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.modules.services.jmusicbot;
in {
options.modules.services.jmusicbot = {
enable = mkOption {
description = ''
JMusicBot is a self-hostable Discord music bot. This service lets
you host multiple instances of it with seperate configurations.
'';
type = types.bool;
default = false;
};
instances = mkOption {
default = {};
type = types.attrsOf (types.submodule {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs.jmusicbot;
};
options = mkOption {
description = ''
The JMusicBot config, see here: https://jmusicbot.com/config/
'';
type = types.submodule {
options = {
token = mkOption {
type = types.str;
description = ''
This sets the token for the bot to log in with
This MUST be a bot token (user tokens will not work)
If you don't know how to get a bot token, please see the guide here:
https://github.com/jagrosh/MusicBot/wiki/Getting-a-Bot-Token
'';
};
owner = mkOption {
type = types.int;
description = ''
This sets the owner of the bot
This needs to be the owner's ID (a 17-18 digit number)
https://github.com/jagrosh/MusicBot/wiki/Finding-Your-User-ID
'';
default = 0;
};
prefix = mkOption {
type = types.str;
description = ''
This sets the prefix for the bot
The prefix is used to control the commands
If you use !!, the play command will be !!play
If you do not set this, the prefix will be a mention of the bot (@Botname play)
'';
default = "@mention";
};
game = mkOption {
type = types.str;
description = ''
If you set this, it modifies the default game of the bot
Set this to NONE to have no game
Set this to DEFAULT to use the default game
You can make the game "Playing X", "Listening to X", or "Watching X"
where X is the title. If you don't include an action, it will use the
default of "Playing"
'';
default = "DEFAULT";
};
status = mkOption {
type = types.enum ["ONLINE" "IDLE" "DND" "INVISIBLE"];
description = ''
If you set this, it will modify the default status of bot
Valid values: ONLINE IDLE DND INVISIBLE
'';
default = "ONLINE";
};
songinstatus = mkOption {
type = types.bool;
description = ''
If you set this to true, the bot will list the title of the song it is currently playing in its
"Playing" status. Note that this will ONLY work if the bot is playing music on ONE guild;
if the bot is playing on multiple guilds, this will not work.
'';
default = false;
};
altprefix = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "NONE";
};
success = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "🎶";
};
warning = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "💡";
};
error = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "🚫";
};
loading = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "";
};
searching = mkOption {
type = types.str;
description = ''
If you set this, the bot will also use this prefix in addition to
the one provided above
'';
default = "🔎";
};
help = mkOption {
type = types.str;
description = ''
If you set this, you change the word used to view the help.
For example, if you set the prefix to !! and the help to cmds, you would type
!!cmds to see the help text
'';
default = "help";
};
npimages = mkOption {
type = types.bool;
description = ''
If you set this, the "nowplaying" command will show youtube thumbnails
Note: If you set this to true, the nowplaying boxes will NOT refresh
This is because refreshing the boxes causes the image to be reloaded
every time it refreshes.
'';
default = false;
};
stayinchannel = mkOption {
type = types.bool;
description = ''
If you set this, the bot will not leave a voice channel after it finishes a queue.
Keep in mind that being connected to a voice channel uses additional bandwith,
so this option is not recommended if bandwidth is a concern.
'';
default = false;
};
maxtime = mkOption {
type = types.int;
description = ''
This sets the maximum amount of seconds any track loaded can be. If not set or set
to any number less than or equal to zero, there is no maximum time length. This time
restriction applies to songs loaded from any source.
'';
default = 0;
};
alonetimeuntilstop = mkOption {
type = types.int;
description = ''
This sets the amount of seconds the bot will stay alone on a voice channel until it
automatically leaves the voice channel and clears the queue. If not set or set
to any number less than or equal to zero, the bot won't leave when alone.
'';
default = 0;
};
playlistsfolder = mkOption {
type = types.str;
description = ''
This sets an alternative folder to be used as the Playlists folder
This can be a relative or absolute path
'';
default = "Playlists";
};
updatealerts = mkOption {
type = types.bool;
description = ''
By default, the bot will DM the owner if the bot is running and a new version of the bot
becomes available. Set this to false to disable this feature.
'';
default = true;
};
"lyrics.default" = mkOption {
type = types.enum ["A-Z Lyrics" "Genius" "MusicMatch" "LyricsFreak"];
description = ''
Changing this changes the lyrics provider
Currently available providers: "A-Z Lyrics", "Genius", "MusicMatch", "LyricsFreak"
At the time of writing, I would recommend sticking with A-Z Lyrics or MusicMatch,
as Genius tends to have a lot of non-song results and you might get something
completely unrelated to what you want.
If you are interested in contributing a provider, please see
https://github.com/jagrosh/JLyrics
'';
default = "A-Z Lyrics";
};
aliases = mkOption {
type = types.attrsOf (types.listOf types.str);
description = ''
These settings allow you to configure custom aliases for all commands.
Multiple aliases may be given, separated by commas.
Example 1: Giving command "play" the alias "p":
play = [ p ]
Example 2: Giving command "search" the aliases "yts" and "find":
search = [ yts, find ]
'';
default = {
settings = [ "status" ];
lyrics = [];
nowplaying = [ "np" "current" ];
play = [];
playlists = [ "pls" ];
queue = [ "list" ];
remove = [ "delete" ];
scsearch = [];
search = [ "ytsearch" ];
shuffle = [];
skip = [ "voteskip" ];
prefix = [ "setprefix" ];
setdj = [];
settc = [];
setvc = [];
forceremove = [ "forcedelete" "modremove" "moddelete" ];
forceskip = [ "modskip" ];
movetrack = [ "move" ];
pause = [];
playnext = [];
repeat = [];
skipto = [ "jumpto" ];
stop = [];
volume = [ "vol" ];
};
};
queuetype = mkOption {
type = types.enum ["FAIR" "REGULAR"];
description = ''
Sets the queue type
FAIR: Each user gets a fair chance at the queue by rearranging it such that no user can fill it up entirely
REGULAR: Queue works as first-come, first-served
'';
default = "FAIR";
};
eval = mkOption {
type = types.bool;
description = ''
If you set this to true, it will enable the eval command for the bot owner. This command
allows the bot owner to run arbitrary code from the bot's account.
WARNING:
This command can be extremely dangerous. If you don't know what you're doing, you could
cause horrific problems on your Discord server or on whatever computer this bot is running
on. Never run this command unless you are completely positive what you are running.
DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT THIS DOES OR HOW TO USE IT
IF SOMEONE ASKS YOU TO ENABLE THIS, THERE IS AN 11/10 CHANCE THEY ARE TRYING TO SCAM YOU
'';
default = false;
};
};
};
};
};
});
};
};
config = let
dataDir = "/var/lib/jmusicbot";
# nabbed from https://github.com/NixOS/nixpkgs/blob/61d8fdca02b4647be8d38a94c6f53a7cf072d717/nixos/modules/services/networking/jitsi-videobridge.nix#L11
toHOCON = x: if isAttrs x && x ? __hocon_envvar then ("\${" + x.__hocon_envvar + "}")
else if isAttrs x then "{${ concatStringsSep "," (mapAttrsToList (k: v: ''"${k}":${toHOCON v}'') x) }}"
else if isList x then "[${ concatMapStringsSep "," toHOCON x }]"
else builtins.toJSON x;
in mkIf cfg.enable {
users.users.jmusicbot = {
group = "jmusicbot";
home = dataDir;
createHome = true;
isSystemUser = true;
shell = "${pkgs.bash}/bin/bash";
};
users.groups.jmusicbot = {};
system.activationScripts.jmusicbot-data-dir.text = ''
mkdir -p ${dataDir}
chown jmusicbot:jmusicbot ${dataDir}
chmod -R 775 ${dataDir}
'';
systemd.services = mapAttrs'
(name: conf:
let
stateDir = "${dataDir}/${name}/";
configFile = builtins.toFile "config.txt" (toHOCON conf.options);
in {
name = "jmusicbot-${name}";
value = {
enable = conf.enable;
# referencing https://jmusicbot.com/running-as-a-service/
description = "JMusicBot instance ${name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network.target" ];
serviceConfig = {
ExecStart = pkgs.writeScript "jmusicbot-start-${name}" ''
#!${pkgs.runtimeShell}
umask u=rwx,g=rwx,o=rx
cd ${stateDir}
${getExe conf.package} -Dconfig=${configFile}
'';
Restart = "always";
RestartSec = 20;
User = "jmusicbot";
};
preStart = ''
umask u=rwx,g=rwx,o=rx
mkdir -p ${stateDir}
cd ${stateDir}
ln -sf ${configFile} config.txt
'';
};
}
) cfg.instances;
};
}

45
modules/services/libreddit.nix
View File

@ -1,45 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.libreddit;
in {
options.modules.services.libreddit = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "libreddit.oat.zone";
};
port = mkOption {
type = types.port;
default = 1590;
};
};
config = mkIf cfg.enable {
services = {
libreddit = {
enable = true;
package = pkgs.libreddit;
port = cfg.port;
};
nginx.enable = true;
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
extraConfig = ''
if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') {
return 302 $scheme://proxy.knotty.dev$request_uri;
}
'';
};
};
};
};
}

55
modules/services/loki-local-config.yml
View File

@ -1,55 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
ingester:
lifecycler:
address: 0.0.0.0
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed
max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h
chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first
chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
max_transfer_retries: 0 # Chunk transfers disabled
schema_config:
configs:
- from: 2023-12-08
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /var/lib/loki/boltdb-shipper-active
cache_location: /var/lib/loki/boltdb-shipper-cache
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
shared_store: filesystem
filesystem:
directory: /var/lib/loki/chunks
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
chunk_store_config:
max_look_back_period: 0s
table_manager:
retention_deletes_enabled: false
retention_period: 0s
compactor:
working_directory: /var/lib/loki
shared_store: filesystem
compactor_ring:
kvstore:
store: inmemory

110
modules/services/metrics.nix
View File

@ -1,110 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.modules.services.metrics;
in {
options.modules.services.metrics = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
# default = "grafana.oat.zone";
default = null;
};
port = mkOption {
type = types.int;
default = 2342;
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.domain != null;
description = "please set the domain for grafana";
}
];
systemd.services.promtail = {
description = "Promtail service for Loki";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.grafana-loki}/bin/promtail --config.file ${./promtail.yml}
'';
};
};
services = {
grafana = {
enable = true;
settings = {
server = {
domain = cfg.domain;
http_port = cfg.port;
http_addr = "127.0.0.1";
};
};
};
prometheus = let
ports = {
base = 9001;
node = 9002;
nginx = 9003;
};
in {
enable = true;
port = ports.base;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = ports.node;
};
nginx = {
enable = true;
port = ports.nginx;
};
};
scrapeConfigs = [
{
job_name = "lucent-firepit";
static_configs = [{
targets = [
"127.0.0.1:${toString ports.node}"
"127.0.0.1:${toString ports.nginx}"
];
}];
}
];
};
loki = {
enable = true;
configFile = ./loki-local-config.yml;
};
nginx.statusPage = true;
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
};
locations."= /robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
};
};
}

22
modules/services/minecraft.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, options, inputs, ... }:
with lib;
let
cfg = config.modules.services.minecraft;
in {
options.modules.services.minecraft = {
enable = mkOption {
type = types.bool;
default = false;
};
servers = options.services.minecraft-servers.servers;
};
config = mkIf cfg.enable {
services.minecraft-servers = {
enable = true;
eula = true;
servers = cfg.servers;
};
};
}

21
modules/services/nextcloud.nix
View File

@ -7,12 +7,12 @@ in {
options.modules.services.nextcloud = {
enable = mkOption {
type = types.bool;
default = mkForce false;
default = false;
};
package = mkOption {
type = types.package;
default = pkgs.nextcloud27;
default = pkgs.nextcloud24;
};
domain = mkOption {
@ -28,22 +28,15 @@ in {
}
];
# vomit inducing
# nixpkgs.config.permittedInsecurePackages = [
# "openssl-1.1.1w"
# ];
services.nextcloud = {
enable = true;
package = cfg.package;
hostName = cfg.domain;
enableBrokenCiphersForSSE = false;
database.createLocally = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud3";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud3";
dbname = "nextcloud";
adminpassFile = "/etc/nextcloudpass";
adminuser = "root";
# "log_type" = "systemd";
@ -60,10 +53,10 @@ in {
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud3" ];
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud3";
ensurePermissions."DATABASE nextcloud3" = "ALL PRIVILEGES";
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};

2
modules/services/nginx-config.nix
View File

@ -39,7 +39,7 @@ in {
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame
#add_header X-Frame-Options DENY;

13
modules/services/nitter-age-check.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/auth.nim b/src/auth.nim
index b288c50..de1b1d8 100644
--- a/src/auth.nim
+++ b/src/auth.nim
@@ -202,7 +202,7 @@ proc initAccountPool*(cfg: Config; path: string) =
quit 1
let accountsPrePurge = accountPool.len
- accountPool.keepItIf(not it.hasExpired)
+ #accountPool.keepItIf(not it.hasExpired)
log "Successfully added ", accountPool.len, " valid accounts."
if accountsPrePurge > accountPool.len:

21
modules/services/nitter.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, options, inputs, ... }:
{ config, lib, pkgs, options, ... }:
# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
@ -29,24 +29,11 @@ in {
};
};
# force unstable
disabledModules = [ "services/misc/nitter.nix" ];
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/nitter.nix"
];
config = mkIf cfg.enable {
services = {
nitter = {
enable = true;
package = pkgs.unstable.nitter.overrideAttrs (old: {
patches = old.patches ++ [
./nitter-age-check.patch
];
});
config = {
proxy = ""; # https://github.com/NixOS/nixpkgs/issues/235359
};
package = pkgs.unstable.nitter;
server = {
address = "127.0.0.1";
port = cfg.port;
@ -74,10 +61,6 @@ in {
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options DENY;
#add_header X-XSS-Protection "1; mode=block";
if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') {
return 302 $scheme://fxtwitter.com$request_uri;
}
'';
};
locations."= /robots.txt" = {

8
modules/services/phpfpm.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs, config, lib, options, ... }:
with lib;
let
cfg = config.modules.services.phpfpm;
in {
}

1
modules/services/postgres.nix
View File

@ -14,7 +14,6 @@ in {
config = mkIf cfg.enable {
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
};
};
}

20
modules/services/promtail.yml
View File

@ -1,20 +0,0 @@
server:
http_listen_port: 28183
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://127.0.0.1:3100/loki/api/v1/push
scrape_configs:
- job_name: journal
journal:
max_age: 12h
labels:
job: systemd-journal
host: lucent-firepit
relabel_configs:
- source_labels: ["__journal__systemd_unit"]
target_label: "unit"

9
modules/services/ssh.nix
View File

@ -11,7 +11,6 @@ in {
default = false;
description = "Provide system SSH support though OpenSSH.";
};
requirePassword = mkOption {
type = types.bool;
default = true;
@ -21,13 +20,9 @@ in {
config = mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = cfg.requirePassword;
PermitRootLogin = "no";
};
passwordAuthentication = cfg.requirePassword;
permitRootLogin = "no";
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;

34
modules/services/update-itl.nix
View File

@ -1,34 +0,0 @@
{ config, lib, pkgs, options, inputs, ... }:
with lib;
let
cfg = config.modules.services.update-idl;
in {
options.modules.services.update-idl = {
enable = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
systemd.timers."update-itl" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "60m";
OnUnitActiveSec = "60m";
Unit = "update-itl.service";
};
};
systemd.services."update-itl" = {
script = ''
${pkgs.curl} -X POST https://mayf.pink/itl/update -H "Connection: Spiritual"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
}

2
modules/services/vaultwarden.nix
View File

@ -55,7 +55,7 @@ in {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [
{ name = "vaultwarden";
ensureDBOwnership = true;
ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
}
];
};

4
modules/shell/fish.nix
View File

@ -15,9 +15,5 @@ in {
home._.programs.fish = {
enable = true;
};
environment.systemPackages = with pkgs; [
fishPlugins.tide
];
};
}

9
packages/ghost/builder.sh Normal file
View File

@ -0,0 +1,9 @@
source "$stdenv"/setup
export HOME=$(mktemp -d)
npm install --loglevel=info --logs-max=0 "ghost-cli@$ghostCliVersion"
mkdir --parents "$out"/
node_modules/ghost-cli/bin/ghost install "$version" --db=sqlite3 \
--no-enable --no-prompt --no-stack --no-setup --no-start --dir "$out"

11
packages/ghost/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs }:
let
pname = "ghost";
version = "5.33.2";
in pkgs.stdenv.mkDerivation {
inherit pname version;
buildInputs = with pkgs; [ nodejs yarn vips ];
ghostCliVersion = "1.24.0";
builder = ./builder.sh;
}

32
packages/gmusicbot.nix
View File

@ -1,32 +0,0 @@
{ stdenv, lib, fetchurl, makeWrapper, jre_headless }:
stdenv.mkDerivation rec {
pname = "GMusicBot";
version = "2023-05-19";
src = fetchurl {
url = "https://oat.zone/f/GMusicBot-2023-05-19.jar?v=3";
sha256 = "sha256-5c36did0kkaeu4Yi9vGIhlqRoeUBBRWKdihbaW9lwk4=";
};
dontUnpack = true;
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/lib
cp $src $out/lib/GMusicBot
makeWrapper ${jre_headless}/bin/java $out/bin/GMusicBot \
--add-flags "-Xmx1G -Dnogui=true -Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -jar $out/lib/GMusicBot"
'';
meta = with lib; {
description = "Discord music bot that's easy to set up and run yourself";
homepage = "https://git.oat.zone/oat/GMusicBot";
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.asl20;
maintainers = with maintainers; [ SuperSandro2000 ];
inherit (jre_headless.meta) platforms;
};
}

36
packages/nidobyte.nix
View File

@ -1,36 +0,0 @@
{ stdenv, lib, fetchpijul
, pijul
, rustc
, cargo
, rustfmt
, postgresql
, sqlx-cli
, libiconv
, xxHash
, zstd
, ... }:
stdenv.mkDerivation rec {
pname = "nidobyte";
src = fetchpijul {
url = "https://nest.pijul.com/zj/nidobyte";
hash = "YZAHAQRQHK24QY2H3AXKCPPDIE2F53H35C5CNYUSXRDSNCWOUJVQC";
};
nativeBuildInputs = [
pijul
rustc
cargo
rustfmt
postgresql
sqlx-cli
libiconv
xxHash
zstd
];
}

10
packages/srb2kart/default.nix
View File

@ -17,23 +17,23 @@
let
releaseTag = "v1.6";
releaseTag = "v1.5";
assets = fetchurl {
url = "https://github.com/STJr/Kart-Public/releases/download/${releaseTag}/AssetsLinuxOnly.zip";
sha256 = "sha256-ejhPuZ1C8M9B0S4+2HN1T5pbormT1eVL3nlivqOszdE=";
sha256 = "sha256-A4HkxnDGQICucsJyHXYc5GCRbMP0M4NjreohhFOQarA=";
};
in stdenv.mkDerivation rec {
pname = "srb2kart";
version = "1.6.0";
version = "1.5.0";
src = fetchFromGitLab {
owner = "KartKrew";
repo = "Kart-Public";
domain = "git.do.srb2.org";
rev = "v1.6";
sha256 = "sha256-5sIHdeenWZjczyYM2q+F8Y1SyLqL+y77yxYDUM3dVA0=";
rev = "a69b3b0260665b8b0acac950a808a68e5a40894c";
sha256 = "sha256-pWnCvBb+XkUjCVmlT3MgqPWICaERFO0POFAItIyA6Ns=";
};
nativeBuildInputs = [