diff options
| author | Preston Pan <ret2pop@gmail.com> | 2025-09-18 22:33:36 -0700 |
|---|---|---|
| committer | Preston Pan <ret2pop@gmail.com> | 2025-09-18 22:33:36 -0700 |
| commit | bb31a5a879154432e11a75e69070b58004ddc07b (patch) | |
| tree | 4bd092f8808e32947629b75e708830699d4773dc /nix | |
| parent | cae70df061d9fc4f33a2da66a21c86eb3eb1fa3b (diff) | |
big refactor
Diffstat (limited to 'nix')
36 files changed, 607 insertions, 203 deletions
diff --git a/nix/add-system.sh b/nix/add-system.sh deleted file mode 100755 index bd7d0cf..0000000 --- a/nix/add-system.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix" -sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/config/nix.org" - -mkdir -p "$HOME/monorepo/nix/systems/$1" - -cat > "$HOME/monorepo/nix/systems/$1/default.nix" <<EOF -{ ... }: -{ - imports = [ - ../includes.nix - ../../disko/drive-simple.nix - ]; - # CHANGEME - config.monorepo.vars.drive = "/dev/sda"; -} -EOF - -cp "$HOME/monorepo/nix/systems/continuity/home.nix" "$HOME/monorepo/nix/systems/$1/home.nix" diff --git a/nix/disko/btrfs-simple.nix b/nix/disko/btrfs-simple.nix index 08fafd4..b49558d 100644 --- a/nix/disko/btrfs-simple.nix +++ b/nix/disko/btrfs-simple.nix @@ -1,37 +1,68 @@ { lib, config, ... }: let spec = { - disko.devices = { - disk = { - main = { - type = "disk"; - device = config.monorepo.vars.device; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1M"; - end = "128M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; + disko.devices = { + disk = { + main = { + type = "disk"; + device = config.monorepo.vars.device; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # Override existing partition - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + passwordFile = "/tmp/secret.key"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + + "/persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; }; }; }; @@ -39,7 +70,6 @@ let }; }; }; -}; in { monorepo.vars.diskoSpec = spec; diff --git a/nix/flake.lock b/nix/flake.lock index 7f2b3b2..2baf2b2 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -271,6 +271,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -502,6 +517,7 @@ "deep-research": "deep-research", "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nix-topology": "nix-topology", "nixos-dns": "nixos-dns", diff --git a/nix/flake.nix b/nix/flake.nix index 326809b..795ab4b 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -5,48 +5,58 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; sops-nix.url = "github:Mic92/sops-nix"; + scripts.url = "github:ret2pop/scripts"; wallpapers.url = "github:ret2pop/wallpapers"; sounds.url = "github:ret2pop/sounds"; + deep-research.url = "github:ret2pop/ollama-deep-researcher"; + impermanence.url = "github:nix-community/impermanence"; + nix-topology = { url = "github:oddlama/nix-topology"; inputs.nixpkgs.follows = "nixpkgs"; }; - deep-research = { - url = "github:ret2pop/ollama-deep-researcher"; - }; + home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-dns = { url = "github:Janik-Haag/nixos-dns"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, nix-topology, nixos-dns, deep-research, ... }@attrs: + outputs = { + self, + nixpkgs, + home-manager, + nur, + disko, + lanzaboote, + sops-nix, + nix-topology, + nixos-dns, + deep-research, + impermanence, + ... + } + @attrs: let - hostnames = [ - "affinity" - "continuity" - "installer" - "spontaneity" - # add hostnames here - ]; - + vars = import ./flakevars.nix; system = "x86_64-linux"; - pkgs = import nixpkgs { inherit system; }; - generate = nixos-dns.utils.generate nixpkgs.legacyPackages."${system}"; dnsConfig = { @@ -56,87 +66,88 @@ # function that generates all systems from hostnames mkConfigs = map (hostname: {name = "${hostname}"; - value = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = if (hostname == "installer") then [ - (./. + "/systems/${hostname}/default.nix") - { networking.hostName = "${hostname}"; } - nix-topology.nixosModules.default - ] else [ - { - environment.systemPackages = with nixpkgs.lib; [ - deep-research.packages."${system}".deep-research - ]; - } - nix-topology.nixosModules.default - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - nixos-dns.nixosModules.dns - { - nixpkgs.overlays = [ nur.overlays.default ]; - home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; }; - networking.hostName = "${hostname}"; - } - (./. + "/systems/${hostname}/default.nix") - ]; - }; - }); + value = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = attrs; + modules = if (hostname == "installer") then [ + (./. + "/systems/${hostname}/default.nix") + { networking.hostName = "${hostname}"; } + nix-topology.nixosModules.default + ] else [ + { + environment.systemPackages = with nixpkgs.lib; [ + deep-research.packages."${system}".deep-research + ]; + } + impermanence.nixosModules.impermanence + nix-topology.nixosModules.default + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + nixos-dns.nixosModules.dns + { + nixpkgs.overlays = [ nur.overlays.default ]; + home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; }; + networking.hostName = "${hostname}"; + } + (./. + "/systems/${hostname}/default.nix") + ]; + }; + }); mkDiskoFiles = map (hostname: { name = "${hostname}"; value = self.nixosConfigurations."${hostname}".config.monorepo.vars.diskoSpec; }); + in + { + nixosConfigurations = builtins.listToAttrs (mkConfigs vars.hostnames); - in { - nixosConfigurations = builtins.listToAttrs (mkConfigs hostnames); - - evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") hostnames)); + evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") vars.hostnames)); - topology."${system}" = import nix-topology { - pkgs = import nixpkgs { - inherit system; - overlays = [ nix-topology.overlays.default ]; + topology."${system}" = import nix-topology { + pkgs = import nixpkgs { + inherit system; + overlays = [ nix-topology.overlays.default ]; + }; + modules = [ + ./topology/default.nix + { nixosConfigurations = self.nixosConfigurations; } + ]; }; - modules = [ - ./topology/default.nix - { nixosConfigurations = self.nixosConfigurations; } - ]; - }; - devShell."${system}" = with pkgs; mkShell { - buildInputs = [ - fira-code - python3 - poetry - statix - deadnix - ]; - }; + devShell."${system}" = with pkgs; mkShell { + buildInputs = [ + fira-code + python3 + poetry + statix + deadnix + ]; + }; - packages."${system}" = { - zoneFiles = generate.zoneFiles dnsConfig; - octodns = generate.octodnsConfig { - inherit dnsConfig; - - config = { - providers = { - cloudflare = { - class = "octodns_cloudflare.CloudflareProvider"; - token = "env/CLOUDFLARE_TOKEN"; - }; - config = { - check_origin = false; + packages."${system}" = { + zoneFiles = generate.zoneFiles dnsConfig; + octodns = generate.octodnsConfig { + inherit dnsConfig; + + config = { + providers = { + cloudflare = { + class = "octodns_cloudflare.CloudflareProvider"; + token = "env/CLOUDFLARE_TOKEN"; + }; + config = { + check_origin = false; + }; }; }; - }; - zones = { - "ret2pop.net." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; - "nullring.xyz." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; + zones = { + "${vars.remoteHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; + "${vars.orgHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; + }; }; }; }; - }; } diff --git a/nix/flakevars.nix b/nix/flakevars.nix new file mode 100644 index 0000000..dd42616 --- /dev/null +++ b/nix/flakevars.nix @@ -0,0 +1,22 @@ +let + # I'm ret2pop! What's your name? + internetName = "ret2pop"; +in +{ + # Name of spontaneity box + remoteHost = "${internetName}.net"; + + # Your internet name + internetName = internetName; + + # Name of your organization + orgHost = "nullring.xyz"; + + # Hostnames of my systems + hostnames = [ + "affinity" + "continuity" + "spontaneity" + "installer" + ]; +} diff --git a/nix/modules/conduit.nix b/nix/modules/conduit.nix index e47c7a2..dc3ea56 100644 --- a/nix/modules/conduit.nix +++ b/nix/modules/conduit.nix @@ -3,10 +3,11 @@ services.matrix-conduit = { enable = lib.mkDefault config.monorepo.profiles.server.enable; settings.global = { - server_name = "matrix.${config.monorepo.vars.remoteHost}"; + server_name = "matrix.${config.monorepo.vars.orgHost}"; trusted_servers = [ "matrix.org" "nixos.org" + "conduit.rs" ]; address = "0.0.0.0"; port = 6167; diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 27002ff..a2912ea 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -2,6 +2,7 @@ { imports = [ ./matterbridge.nix + ./mautrix.nix ./xserver.nix ./ssh.nix ./pipewire.nix @@ -20,6 +21,7 @@ ./ngircd.nix ./znc.nix ./docker.nix + ./impermanence.nix ]; documentation = { @@ -162,7 +164,7 @@ "kernel.kptr_restrict" = 2; # madaidan - "kernel.smtcontrol" = "on"; + "kernel.smtcontrol" = "on"; "vm.swappiness" = 1; "vm.unprivileged_userfaultfd" = 0; "dev.tty.ldisc_autoload" = 0; diff --git a/nix/modules/default.nix b/nix/modules/default.nix index becaac8..adf54b9 100644 --- a/nix/modules/default.nix +++ b/nix/modules/default.nix @@ -18,19 +18,27 @@ ttyonly.enable = lib.mkEnableOption "TTY only, no xserver"; grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot"; workstation.enable = lib.mkEnableOption "Enables workstation services"; + impermanence.enable = lib.mkEnableOption "Enables imperamanence"; }; }; }; config = { - environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [ + environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable ((with pkgs; [ linux-manual man-pages man-pages-posix iproute2 silver-searcher ripgrep - ]); + ]) ++ + (if (config.monorepo.vars.fileSystem == "btrfs") then with pkgs; [ + btrfs-progs + btrfs-snap + btrfs-list + btrfs-heatmap + ] else [])); + boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable { enable = true; }; @@ -41,6 +49,7 @@ pipewire.enable = lib.mkDefault true; tor.enable = lib.mkDefault true; home.enable = lib.mkDefault true; + impermanence.enable = lib.mkDefault false; }; }; }; diff --git a/nix/modules/heisenbridge.nix b/nix/modules/heisenbridge.nix new file mode 100644 index 0000000..f3b88fc --- /dev/null +++ b/nix/modules/heisenbridge.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + services.heisenbridge = { + enable = true; + registrationUrl = "http://localhost:6167"; + owner = "@ret2pop:matrix.nullring.xyz"; + homeserver = "http://localhost:6167"; + }; +} diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix index a522872..f5f8d34 100644 --- a/nix/modules/home/default.nix +++ b/nix/modules/home/default.nix @@ -36,6 +36,8 @@ lang-openscad.enable = lib.mkEnableOption "Enables openscad language support"; lang-js.enable = lib.mkEnableOption "Enables javascript language support"; lang-nix.enable = lib.mkEnableOption "Enables nix language support"; + lang-idris.enable = lib.mkEnableOption "Enables idris language support"; + lang-agda.enable = lib.mkEnableOption "Enables agda language support"; lang-coq.enable = lib.mkEnableOption "Enables coq language support"; lang-lean.enable = lib.mkEnableOption "Enables lean language support"; lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; @@ -81,6 +83,7 @@ gnumake bear clang-tools + autotools-language-server ]) else []) ++ (if config.monorepo.profiles.workstation.enable then (with pkgs; [ @@ -135,6 +138,15 @@ lean4 ]) else []) ++ + (if config.monorepo.profiles.lang-agda.enable then (with pkgs; [ + agda + ]) else []) + ++ + (if config.monorepo.profiles.lang-idris.enable then (with pkgs; [ + idris + idris2Packages.idris2Lsp + ]) else []) + ++ (if config.monorepo.profiles.lang-nix.enable then (with pkgs; [ nil nixd @@ -197,6 +209,8 @@ lang-coq.enable = lib.mkDefault config.monorepo.profiles.enable; lang-lean.enable = lib.mkDefault config.monorepo.profiles.enable; lang-haskell.enable = lib.mkDefault config.monorepo.profiles.enable; + lang-idris.enable = lib.mkDefault config.monorepo.profiles.enable; + lang-agda.enable = lib.mkDefault config.monorepo.profiles.enable; crypto.enable = lib.mkDefault config.monorepo.profiles.enable; art.enable = lib.mkDefault config.monorepo.profiles.enable; diff --git a/nix/modules/home/emacs.nix b/nix/modules/home/emacs.nix index e44db8d..c5bd383 100644 --- a/nix/modules/home/emacs.nix +++ b/nix/modules/home/emacs.nix @@ -5,10 +5,14 @@ enable = lib.mkDefault config.monorepo.profiles.graphics.enable; package = pkgs.emacs-pgtk; extraConfig = '' - (setq debug-on-error t) - (org-babel-load-file - (expand-file-name "~/monorepo/config/emacs.org"))''; +(setq debug-on-error t) +(setq system-email "${config.monorepo.profiles.email.email}") +(setq system-username "${config.monorepo.vars.internetName}") +(setq system-fullname "${config.monorepo.vars.fullName}") +(org-babel-load-file + (expand-file-name "~/${config.monorepo.vars.repoName}/config/emacs.org"))''; extraPackages = epkgs: [ + epkgs.agda2-mode epkgs.all-the-icons epkgs.auctex epkgs.catppuccin-theme @@ -17,6 +21,7 @@ epkgs.company-solidity epkgs.counsel epkgs.dashboard + epkgs.doom-themes epkgs.doom-modeline epkgs.elfeed epkgs.elfeed-org @@ -39,6 +44,7 @@ epkgs.gruvbox-theme epkgs.haskell-mode epkgs.htmlize + epkgs.idris-mode epkgs.irony-eldoc epkgs.ivy epkgs.ivy-pass @@ -48,6 +54,7 @@ epkgs.lsp-mode epkgs.lsp-haskell epkgs.lyrics-fetcher + epkgs.mastodon epkgs.magit epkgs.magit-delta epkgs.mu4e diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix index 819f1fa..dbe0b39 100644 --- a/nix/modules/home/hyprland.nix +++ b/nix/modules/home/hyprland.nix @@ -64,6 +64,7 @@ "$mod, B, exec, bitcoin-qt" "$mod, M, exec, monero-wallet-gui" "$mod, V, exec, vesktop" + "$mod, C, exec, fluffychat" "$mod, D, exec, wofi --show run" "$mod, P, exec, bash ${scripts}/powermenu.sh" "$mod, Q, killactive" diff --git a/nix/modules/home/mbsync.nix b/nix/modules/home/mbsync.nix index 67d971a..b7c7424 100644 --- a/nix/modules/home/mbsync.nix +++ b/nix/modules/home/mbsync.nix @@ -3,7 +3,7 @@ programs.mbsync = { enable = lib.mkDefault config.monorepo.profiles.email.enable; extraConfig = '' - IMAPAccount ret2pop + IMAPAccount ${config.monorepo.vars.internetName} Host ${config.monorepo.profiles.email.imapsServer} User ${config.monorepo.profiles.email.email} PassCmd "cat ${config.sops.secrets.mail.path}" @@ -12,17 +12,17 @@ AuthMechs * CertificateFile /etc/ssl/certs/ca-certificates.crt - IMAPStore ret2pop-remote - Account ret2pop + IMAPStore ${config.monorepo.vars.internetName}-remote + Account ${config.monorepo.vars.internetName} - MaildirStore ret2pop-local - Path ~/email/ret2pop/ - Inbox ~/email/ret2pop/INBOX + MaildirStore ${config.monorepo.vars.internetName}-local + Path ~/email/${config.monorepo.vars.internetName}/ + Inbox ~/email/${config.monorepo.vars.internetName}/INBOX SubFolders Verbatim - Channel ret2pop - Far :ret2pop-remote: - Near :ret2pop-local: + Channel ${config.monorepo.vars.internetName} + Far :${config.monorepo.vars.internetName}-remote: + Near :${config.monorepo.vars.internetName}-local: Patterns * Create Near Sync All diff --git a/nix/modules/home/pantalaimon.nix b/nix/modules/home/pantalaimon.nix index 4645687..b523865 100644 --- a/nix/modules/home/pantalaimon.nix +++ b/nix/modules/home/pantalaimon.nix @@ -8,7 +8,7 @@ SSL = true; }; local-matrix = { - Homeserver = "https://social.nullring.xyz"; + Homeserver = "https://matrix.${config.monorepo.vars.orgHost}"; ListenAddress = "127.0.0.1"; ListenPort = "8008"; }; diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index 24b61da..c02d9a0 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -2,8 +2,8 @@ { home = { activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' - if [ ! -d "/home/${config.monorepo.vars.userName}/email/ret2pop/" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/email/ret2pop/ + if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then + mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/ fi if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then mkdir -p /home/${config.monorepo.vars.userName}/music @@ -41,7 +41,7 @@ # Apps # octaveFull - vesktop grim swww vim telegram-desktop qwen-code + vesktop grim swww vim telegram-desktop qwen-code fluffychat # Sound/media pavucontrol alsa-utils imagemagick ffmpeg helvum @@ -53,7 +53,7 @@ torsocks tor-browser # fonts - nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 + nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 victor-mono (aspellWithDicts (dicts: with dicts; [ en en-computers en-science ])) diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix index cb4f1b0..574e6ac 100644 --- a/nix/modules/home/zsh.nix +++ b/nix/modules/home/zsh.nix @@ -21,6 +21,7 @@ }; shellAliases = { + get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\""; se = "sops edit"; f = "vim $(fzf)"; e = "cd $(find . -type d -print | fzf)"; @@ -30,9 +31,9 @@ py = "python3"; rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}"; nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update"; - usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/"; + usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; usite - = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/"; + = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l"; i3 = "exec ${pkgs.i3-gaps}/bin/i3"; }; diff --git a/nix/modules/honk.nix b/nix/modules/honk.nix new file mode 100644 index 0000000..b13a9dc --- /dev/null +++ b/nix/modules/honk.nix @@ -0,0 +1,8 @@ +{ lib, config, ... }: +{ + services.honk = { + enable = config.monorepo.vars.ttyonly; + servername = "ret2pop.net"; + username = "ret2pop"; + }; +} diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix new file mode 100644 index 0000000..73bccdc --- /dev/null +++ b/nix/modules/impermanence.nix @@ -0,0 +1,85 @@ +{ lib, config, ... }: +{ + assertions = [ + { + assertion = ! (config.monorepo.profiles.impermanence.enable && (! (config.monorepo.vars.filesystem == "btrfs"))); + message = "Impermanence requires btrfs filesystem."; + } + ]; + + boot.initrd.postResumeCommands = (if config.monorepo.profiles.impermanence.enable then lib.mkAfter '' + mkdir /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + '' else ""); + + environment.persistence."/persistent" = { + enable = config.monorepo.profiles.impermanence.enable; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/matterbridge.toml" + { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + ]; + users."${config.monorepo.vars.userName}" = { + directories = [ + "Downloads" + "music" + "Pictures" + "Documents" + "Videos" + "Monero" + "org" + "monorepo" + "soundfont" + "website_html" + "ardour" + "audacity" + "img" + "email" + "projects" + "secrets" + + ".emacs.d" + ".elfeed" + ".electrum" + ".mozilla" + ".bitmonero" + ".config" + { directory = ".gnupg"; mode = "0700"; } + { directory = ".ssh"; mode = "0700"; } + { directory = ".local/share/keyrings"; mode = "0700"; } + ".local/share/direnv" + ]; + files = [ + ".emacs" + ]; + }; + }; +} diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix index f97ba05..c84b59c 100644 --- a/nix/modules/maddy.nix +++ b/nix/modules/maddy.nix @@ -3,7 +3,8 @@ services.maddy = { enable = lib.mkDefault config.monorepo.profiles.server.enable; openFirewall = true; - primaryDomain = "${config.monorepo.vars.remoteHost}"; + hostName = "${config.monorepo.vars.remoteHost}"; + primaryDomain = "mail.${config.monorepo.vars.remoteHost}"; tls = { loader = "acme"; }; @@ -14,5 +15,10 @@ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; + ensureCredentials = { + "${config.monorepo.vars.userName}@localhost" = { + passwordFile = "/secrets/${config.monorepo.vars.userName}-localhost"; + }; + }; }; } diff --git a/nix/modules/mautrix.nix b/nix/modules/mautrix.nix new file mode 100644 index 0000000..5eacb4a --- /dev/null +++ b/nix/modules/mautrix.nix @@ -0,0 +1,150 @@ +{ lib, config, ... }: +{ + services.mautrix-discord = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + environmentFile = "/etc/mautrix"; + settings = { + bridge = { + animated_sticker = { + args = { + fps = 25; + height = 320; + width = 320; + }; + target = "webp"; + }; + autojoin_thread_on_open = true; + avatar_proxy_key = "generate"; + backfill = { + forward_limits = { + initial = { + channel = 0; + dm = 0; + thread = 0; + }; + max_guild_members = -1; + missed = { + channel = 0; + dm = 0; + thread = 0; + }; + }; + }; + cache_media = "unencrypted"; + channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}"; + command_prefix = "!discord"; + custom_emoji_reactions = true; + delete_guild_on_leave = true; + delete_portal_on_channel_delete = false; + delivery_receipts = false; + direct_media = { + allow_proxy = true; + enabled = false; + server_key = "generate"; + }; + displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}}"; + double_puppet_allow_discovery = true; + double_puppet_server_map = { }; + embed_fields_as_tables = true; + enable_webhook_avatars = true; + encryption = { + allow = false; + allow_key_sharing = false; + appservice = false; + default = false; + delete_keys = { + delete_fully_used_on_decrypt = false; + delete_on_device_delete = false; + delete_outbound_on_ack = false; + delete_outdated_inbound = false; + delete_prev_on_new_session = false; + dont_store_outbound = false; + periodically_delete_expired = false; + ratchet_on_decrypt = false; + }; + msc4190 = false; + plaintext_mentions = false; + require = false; + rotation = { + disable_device_change_key_rotation = false; + enable_custom = false; + messages = 100; + milliseconds = 604800000; + }; + verification_levels = { + receive = "unverified"; + send = "unverified"; + share = "cross-signed-tofu"; + }; + }; + federate_rooms = true; + guild_name_template = "{{.Name}}"; + login_shared_secret_map = { }; + management_room_text = { + additional_help = ""; + welcome = "Hello, I'm a Discord bridge bot."; + welcome_connected = "Use `help` for help."; + welcome_unconnected = "Use `help` for help or `login` to log in."; + }; + message_error_notices = true; + message_status_events = false; + mute_channels_on_create = false; + permissions = { + "@${config.monorepo.vars.internetName}:matrix.${config.monorepo.vars.orgHost}" = "admin"; + "*" = "user"; + }; + portal_message_buffer = 128; + prefix_webhook_messages = true; + private_chat_portal_meta = "default"; + provisioning = { + debug_endpoints = false; + prefix = "/_matrix/provision"; + shared_secret = "generate"; + }; + public_address = null; + resend_bridge_info = false; + restricted_rooms = false; + startup_private_channel_create_limit = 5; + sync_direct_chat_list = false; + use_discord_cdn_upload = true; + username_template = "discord_{{.}}"; + }; + + appservice = { + address = "http://localhost:29334"; + hostname = "0.0.0.0"; + port = 29334; + id = "discord"; + bot = { + username = "discordbot"; + displayname = "Discord bridge bot"; + avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC"; + }; + ephemeral_events = true; + async_transactions = false; + database = { + type = "sqlite3"; + uri = "file:${config.services.mautrix-discord.dataDir}/mautrix-discord.db?_txlock=immediate"; + max_open_conns = 20; + max_idle_conns = 2; + max_conn_idle_time = null; + max_conn_lifetime = null; + }; + as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN"; + hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN"; + }; + + dataDir = "/var/lib/mautrix-discord"; + homeserver = { + async_media = false; + message_send_checkpoint_endpoint = null; + ping_interval_seconds = 0; + software = "standard"; + status_endpoint = null; + websocket = false; + domain = "matrix.${config.monorepo.vars.orgHost}"; + address = "http://localhost:6167"; + }; + }; + }; +} diff --git a/nix/modules/murmur.nix b/nix/modules/murmur.nix index 7595520..b809fc7 100644 --- a/nix/modules/murmur.nix +++ b/nix/modules/murmur.nix @@ -7,8 +7,8 @@ hostName = "0.0.0.0"; welcometext = "Wecome to the Null Murmur instance!"; registerName = "nullring"; - registerHostname = "nullring.xyz"; - sslCert = "/var/lib/acme/nullring.xyz/fullchain.pem"; - sslKey = "/var/lib/acme/nullring.xyz/sslKey.pem"; + registerHostname = "${config.monorepo.vars.orgHost}"; + sslCert = "/var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem"; + sslKey = "/var/lib/acme/${config.monorepo.vars.orgHost}/sslKey.pem"; }; } diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix index bb87fce..9337774 100644 --- a/nix/modules/nginx.nix +++ b/nix/modules/nginx.nix @@ -16,7 +16,7 @@ }; virtualHosts = { - "matrix.${config.monorepo.vars.remoteHost}" = { + "matrix.${config.monorepo.vars.orgHost}" = { enableACME = true; forceSSL = true; listen = [ @@ -55,14 +55,14 @@ }; "${config.monorepo.vars.remoteHost}" = { serverName = "${config.monorepo.vars.remoteHost}"; - serverAliases = [ "ret2pop.nullring.xyz" ]; - root = "/var/www/ret2pop-website/"; + serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; + root = "/var/www/${config.monorepo.vars.internetName}-website/"; addSSL = true; enableACME = true; }; - "nullring.xyz" = { - serverName = "nullring.xyz"; + "${config.monorepo.vars.orgHost}" = { + serverName = "${config.monorepo.vars.orgHost}"; root = "/var/www/nullring/"; addSSL = true; enableACME = true; diff --git a/nix/modules/ngircd.nix b/nix/modules/ngircd.nix index 0900017..c8348bf 100644 --- a/nix/modules/ngircd.nix +++ b/nix/modules/ngircd.nix @@ -4,7 +4,7 @@ enable = lib.mkDefault config.monorepo.profiles.server.enable; config = '' [Global] - Name = nullring.xyz + Name = ${config.monorepo.vars.orgHost} Info = NullRing IRC Instance Listen = 0.0.0.0 MotdFile = /etc/motd.txt @@ -13,9 +13,9 @@ [Options] PAM = no [SSL] - CertFile = /var/lib/acme/nullring.xyz/fullchain.pem + CertFile = /var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 - KeyFile = /var/lib/acme/nullring.xyz/key.pem + KeyFile = /var/lib/acme/${config.monorepo.vars.orgHost}/key.pem Ports = 6697 ''; }; diff --git a/nix/modules/ollama.nix b/nix/modules/ollama.nix index 33c41c9..bfa0cf3 100644 --- a/nix/modules/ollama.nix +++ b/nix/modules/ollama.nix @@ -1,14 +1,16 @@ { config, lib, ... }: { services.ollama = { - enable = lib.mkDefault (!config.monorepo.profiles.ttyonly.enable); + enable = lib.mkDefault (!config.monorepo.profiles.server.enable); acceleration = if (config.monorepo.profiles.workstation.enable) then "cuda" else null; - loadModels = [ + loadModels = if (config.monorepo.profiles.workstation.enable) then [ "qwen3:30b" "qwen3-coder:latest" "qwen2.5-coder:latest" - "qwen2.5-coder:3b" "gemma3:12b-it-qat" + ] else [ + "qwen3:0.6b" + "qwen2.5-coder:0.5b" ]; host = "0.0.0.0"; openFirewall = true; diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix index de9736e..c991588 100644 --- a/nix/modules/vars.nix +++ b/nix/modules/vars.nix @@ -1,4 +1,7 @@ { lib, ... }: +let + vars = import ../flakevars.nix; +in { options.monorepo.vars = { device = lib.mkOption { @@ -8,6 +11,20 @@ description = "device that NixOS is installed to"; }; + internetName = lib.mkOption { + type = lib.types.str; + default = "${vars.internetName}"; + example = "myinternetname"; + description = "Internet name to be used for internet usernames"; + }; + + repoName = lib.mkOption { + type = lib.types.str; + default = "monorepo"; + example = "myreponame"; + description = "Name of this repository"; + }; + fileSystem = lib.mkOption { type = lib.types.str; default = "ext4"; @@ -43,11 +60,18 @@ remoteHost = lib.mkOption { type = lib.types.str; - default = "ret2pop.net"; + default = "${vars.remoteHost}"; example = "example.com"; description = "Address to push to and pull from for website and git repos"; }; + orgHost = lib.mkOption { + type = lib.types.str; + default = "${vars.orgHost}"; + example = "orgname.org"; + description = "Domain name of your organization"; + }; + timeZone = lib.mkOption { type = lib.types.str; default = "America/Vancouver"; diff --git a/nix/systems/affinity/default.nix b/nix/systems/affinity/default.nix index 17f140a..72057dd 100644 --- a/nix/systems/affinity/default.nix +++ b/nix/systems/affinity/default.nix @@ -1,7 +1,7 @@ { config, lib, home-manager, ... }: { imports = [ - ../includes.nix + ../common.nix ../../disko/drive-simple.nix ]; config = { diff --git a/nix/systems/affinity/home.nix b/nix/systems/affinity/home.nix index 7b08138..7c8a119 100644 --- a/nix/systems/affinity/home.nix +++ b/nix/systems/affinity/home.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { imports = [ - ../../modules/home/default.nix + ../home-common.nix ]; config.monorepo = { profiles.cuda.enable = true; diff --git a/nix/systems/common.nix b/nix/systems/common.nix new file mode 100644 index 0000000..c122b0d --- /dev/null +++ b/nix/systems/common.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: +{ + imports = [ + ./home.nix + ../modules/default.nix + ]; + # Put configuration (e.g. monorepo variable configuration) common to all configs here +} diff --git a/nix/systems/continuity/default.nix b/nix/systems/continuity/default.nix index 5bd6517..e9efd34 100644 --- a/nix/systems/continuity/default.nix +++ b/nix/systems/continuity/default.nix @@ -2,10 +2,15 @@ { imports = [ ../../disko/drive-simple.nix - ../includes.nix + ../common.nix ]; config = { - # drive to install to - monorepo.vars.device = "/dev/sda"; + monorepo = { + profiles.impermanence.enable = true; + vars = { + device = "/dev/sda"; + fileSystem = "btrfs"; + }; + }; }; } diff --git a/nix/systems/continuity/home.nix b/nix/systems/continuity/home.nix index fb4a0a7..2b133a5 100644 --- a/nix/systems/continuity/home.nix +++ b/nix/systems/continuity/home.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { imports = [ - ../../modules/home/default.nix + ../home-common.nix ]; config.monorepo.profiles.workstation.enable = false; } diff --git a/nix/systems/home-common.nix b/nix/systems/home-common.nix new file mode 100644 index 0000000..ba0e6f2 --- /dev/null +++ b/nix/systems/home-common.nix @@ -0,0 +1,7 @@ +{ lib, config, ... }: +{ + imports = [ + ../modules/home/default.nix + ]; + # Put configuration (e.g. monorepo variable configuration) common to all configs here +} diff --git a/nix/systems/home.nix b/nix/systems/home.nix index 63c4150..c1252df 100644 --- a/nix/systems/home.nix +++ b/nix/systems/home.nix @@ -1,7 +1,6 @@ { config, sops-nix, ... }: { home-manager = { - sharedModules = [ sops-nix.homeManagerModules.sops ]; diff --git a/nix/systems/includes.nix b/nix/systems/includes.nix deleted file mode 100644 index 5122fb2..0000000 --- a/nix/systems/includes.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -{ - imports = [ - ./home.nix - ../modules/default.nix - ]; -} diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix index 4bda0d6..8fb9dfd 100644 --- a/nix/systems/installer/default.nix +++ b/nix/systems/installer/default.nix @@ -50,6 +50,10 @@ if [ "$(id -u)" -eq 0 ]; then exit 1 fi +gum style --border normal --margin "1" --padding "1 2" "Notice: if using full disk encryption, write to /tmp/secret.key first with your password." + +sleep 3 + cd "$HOME" ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui @@ -102,7 +106,7 @@ EOF gum input --placeholder "Press Enter to continue" >/dev/null vim "$HOME/monorepo/nix/systems/$SYSTEM/home.nix" - sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix" + sed -i "/hostnames = \[/,/];/ s/];/ \"$1\"\n ];/" "$HOME/monorepo/nix/flake.nix" if [ ! -f "$HOME/monorepo/nix/disko/$DRIVE" ]; then cp "$HOME/monorepo/nix/disko/drive-simple.nix" "$HOME/monorepo/nix/disko/$DRIVE" diff --git a/nix/systems/spontaneity/default.nix b/nix/systems/spontaneity/default.nix index 3ab7a9e..5f3dc36 100644 --- a/nix/systems/spontaneity/default.nix +++ b/nix/systems/spontaneity/default.nix @@ -1,10 +1,15 @@ { config, lib, ... }: +let + ipv4addr = "66.42.84.130"; + ipv6addr = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; +in { imports = [ - ../includes.nix + ../common.nix + ../../disko/drive-bios.nix + # nixos-anywhere generates this file ./hardware-configuration.nix - ../../disko/drive-bios.nix ]; config = { monorepo = { @@ -20,43 +25,47 @@ networking = { interfaces.ens3.ipv6.addresses = [ { - address = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; + address = ipv6addr; prefixLength = 64; } ]; firewall.allowedTCPPorts = [ 80 + 143 443 465 + 587 993 - 8448 6697 6667 + 8448 ]; domains = { enable = true; baseDomains = { "${config.monorepo.vars.remoteHost}" = { - a.data = "66.42.84.130"; - aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; + a.data = ipv4addr; + aaaa.data = ipv6addr; }; - "nullring.xyz" = { - a.data = "66.42.84.130"; - aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; + "${config.monorepo.vars.orgHost}" = { + a.data = ipv4addr; + aaaa.data = ipv6addr; }; }; subDomains = { "${config.monorepo.vars.remoteHost}" = {}; "matrix.${config.monorepo.vars.remoteHost}" = {}; "www.${config.monorepo.vars.remoteHost}" = {}; - "mail.${config.monorepo.vars.remoteHost}" = {}; + "mail.${config.monorepo.vars.remoteHost}" = { + mx.data = "10 mail.${config.monorepo.vars.remoteHost}."; + }; - "nullring.xyz" = {}; - "git.nullring.xyz" = {}; - "matrix.nullring.xyz" = {}; - "talk.nullring.xyz" = {}; - "mail.nullring.xyz" = {}; - "ret2pop.nullring.xyz" = {}; + "${config.monorepo.vars.orgHost}" = {}; + "git.${config.monorepo.vars.orgHost}" = {}; + "matrix.${config.monorepo.vars.orgHost}" = {}; + "talk.${config.monorepo.vars.orgHost}" = {}; + "mail.${config.monorepo.vars.orgHost}" = {}; + "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = {}; }; }; }; diff --git a/nix/systems/spontaneity/home.nix b/nix/systems/spontaneity/home.nix index cc93b5d..205ea02 100644 --- a/nix/systems/spontaneity/home.nix +++ b/nix/systems/spontaneity/home.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { imports = [ - ../../modules/home/default.nix + ../home-common.nix ]; config.monorepo.profiles.enable = false; } |