diff options
| l--------- | .pre-commit-config.yaml | 2 | ||||
| -rw-r--r-- | README.org | 2 | ||||
| -rw-r--r-- | blog/acausal.org | 7 | ||||
| -rw-r--r-- | blog/automation.org | 7 | ||||
| -rw-r--r-- | blog/cognition.org | 8 | ||||
| -rw-r--r-- | blog/crypto.org | 9 | ||||
| -rw-r--r-- | blog/horses.org | 7 | ||||
| -rw-r--r-- | blog/manifesto-1.org | 7 | ||||
| -rw-r--r-- | blog/monorepo.org | 8 | ||||
| -rw-r--r-- | blog/nixos.org | 7 | ||||
| -rw-r--r-- | blog/private_keys.org | 7 | ||||
| -rw-r--r-- | blog/tech-bros.org | 7 | ||||
| -rw-r--r-- | blog/voting.org | 7 | ||||
| -rw-r--r-- | blog/you_dont_matter.org | 7 | ||||
| -rw-r--r-- | config/emacs.org | 45 | ||||
| -rw-r--r-- | config/nix.org | 257 | ||||
| -rw-r--r-- | flake.nix | 129 | ||||
| -rw-r--r-- | index.org | 5 | ||||
| -rw-r--r-- | mindmap/LRC circuit.org | 2 | ||||
| -rw-r--r-- | mindmap/Laplace Transform.org | 1 | ||||
| -rw-r--r-- | mindmap/philosophy.org | 1 | ||||
| -rw-r--r-- | mindmap/physics.org | 1 | ||||
| -rw-r--r-- | mindmap/prv_LRC_circuit.org.log | 35 | ||||
| -rw-r--r-- | mindmap/special relativity.org | 1 | ||||
| m--------- | nix | 0 | ||||
| -rw-r--r-- | style.scss | 27 | ||||
| -rw-r--r-- | tests/test-csp-hash.py | 10 |
27 files changed, 297 insertions, 309 deletions
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7e1b138..f1e91f2 120000 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1 +1 @@ -/nix/store/j3mz2szdrll59q7blqhiy70j1dij3wnq-pre-commit-config.json
\ No newline at end of file +/nix/store/b6fyx6fvys0p5r1q237l8kppwwzh1868-pre-commit-config.json
\ No newline at end of file @@ -29,7 +29,7 @@ then reboot, and run: #+end_src That's all! ** Post-setup -In emacs, run ~M-x all-the-icons-install-fonts, ~~M-x nerd-icons-install-fonts~, and ~M-x org-roam-db-sync~. Install your music to ~$HOME/music~ for +In emacs, run ~M-x all-the-icons-install-fonts~, ~M-x nerd-icons-install-fonts~, and ~M-x org-roam-db-sync~. Install your music to ~$HOME/music~ for emms. In firefox, go to the three-bar menu and enable all the add-ons that were automatically installed. Set up the ~mu~ program in order to send and receive email, along with modifying the corresponding mbsync and msmtp commands. Change ~nix/flakevars.nix~ to your liking. * License diff --git a/blog/acausal.org b/blog/acausal.org index 4550d8e..e6165c2 100644 --- a/blog/acausal.org +++ b/blog/acausal.org @@ -4,13 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: Narrative is the only real construction. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/automation.org b/blog/automation.org index 820e562..89dbeb8 100644 --- a/blog/automation.org +++ b/blog/automation.org @@ -4,13 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: Is automation taking jobs? Is capitalism causing all the world's problems? -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t * Introduction diff --git a/blog/cognition.org b/blog/cognition.org index 5d56e7f..5e6a9c2 100644 --- a/blog/cognition.org +++ b/blog/cognition.org @@ -4,14 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: Other languages are inflexible and broken. Let's fix that. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> -#+html_head: <meta name="viewport" content="width=1000; user-scalable=0;" /> #+language: en #+OPTIONS: broken-links:t * The problem diff --git a/blog/crypto.org b/blog/crypto.org index aa197cc..01c8d94 100644 --- a/blog/crypto.org +++ b/blog/crypto.org @@ -2,17 +2,8 @@ #+author: Preston Pan #+date: [2024-01-01] #+subtitle: By {{{author}}}, 2024 - #+description: Are cryptocurrencies useful in economic transactions? As technologies? -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> -#+html_head: <meta name="viewport" content="width=1000; user-scalable=0;" /> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/horses.org b/blog/horses.org index 66c38ac..41cc1c9 100644 --- a/blog/horses.org +++ b/blog/horses.org @@ -4,13 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: It doesn't happen instantly. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/manifesto-1.org b/blog/manifesto-1.org index 185796f..087299e 100644 --- a/blog/manifesto-1.org +++ b/blog/manifesto-1.org @@ -5,13 +5,6 @@ #+description: A system built on illusions will always decay. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/monorepo.org b/blog/monorepo.org index 0f830e5..e4d1e64 100644 --- a/blog/monorepo.org +++ b/blog/monorepo.org @@ -4,14 +4,6 @@ #+subtitle: By {{{author}}}, 2025 #+description: NixOS configurations for infrastructure, workstations, and laptops -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> -#+html_head: <meta name="viewport" content="width=1000; user-scalable=0;" /> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/nixos.org b/blog/nixos.org index 718d139..e8ebb1f 100644 --- a/blog/nixos.org +++ b/blog/nixos.org @@ -4,13 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: You can run a system from the 2040s, today. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t * Introduction diff --git a/blog/private_keys.org b/blog/private_keys.org index 61cad10..7cedd0d 100644 --- a/blog/private_keys.org +++ b/blog/private_keys.org @@ -4,13 +4,6 @@ #+subtitle: By {{{author}}}, 2024 #+description: Why haven't we switched to asymmetric cryptography? -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t diff --git a/blog/tech-bros.org b/blog/tech-bros.org index 9a56491..e6af1fb 100644 --- a/blog/tech-bros.org +++ b/blog/tech-bros.org @@ -5,13 +5,6 @@ #+description: and other people that other people hate. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t * Introduction diff --git a/blog/voting.org b/blog/voting.org index bb27b8a..6b8739a 100644 --- a/blog/voting.org +++ b/blog/voting.org @@ -5,13 +5,6 @@ #+description: What do we do about voter turnout? Voting demographics? Polarization? -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t * Introduction diff --git a/blog/you_dont_matter.org b/blog/you_dont_matter.org index 1cd750e..1d69935 100644 --- a/blog/you_dont_matter.org +++ b/blog/you_dont_matter.org @@ -5,13 +5,6 @@ #+description: Ideas aren't real, and morality is a spook. -#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> -#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> -#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> -#+html_head: <link rel="manifest" href="/site.webmanifest"> -#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> -#+html_head: <meta name="msapplication-TileColor" content="#da532c"> -#+html_head: <meta name="theme-color" content="#ffffff"> #+language: en #+OPTIONS: broken-links:t * Introduction diff --git a/config/emacs.org b/config/emacs.org index 2d87907..d262138 100644 --- a/config/emacs.org +++ b/config/emacs.org @@ -104,9 +104,10 @@ Emacs is self documenting, after all! (prettify-symbols-mode)))) :config (require 'tex-site) + (require 'subr-x) (server-start) - ;; start wiith sane defaults + ;; start with sane defaults (pixel-scroll-precision-mode 1) (display-battery-mode 1) (display-time-mode 1) @@ -164,22 +165,20 @@ This is my org mode configuration, which also configures latex. (org-pretty-entities t "prettify org mode") (org-agenda-files (list "~/monorepo/agenda.org" "~/org/notes.org" "~/org/agenda.org") "set default org files") (org-default-notes-file (concat org-directory "/notes.org") "Notes file") - (org-html-with-latex 'html) - (org-html-mathjax-options nil) - (org-html-mathjax-template "") - (org-html-head-include-default-style nil) ; Clear Org's default CSS - (org-html-head-include-scripts nil) ; Clear Org's default JS + (org-html-with-latex 'html "let my html handler handle latex") + (org-html-mathjax-options nil "disable mathjax, use MathML") + (org-html-mathjax-template "" "disable mathjax, use MathML") + (org-html-head-include-default-style nil "use my own css for everything") + (org-html-head-include-scripts nil "use my own js for everything") (org-html-divs '((preamble "header" "preamble") (content "main" "content") - (postamble "footer" "postamble"))) + (postamble "footer" "postamble")) "semantic html exports") (org-html-head-extra (concat "<meta name=\"theme-color\" content=\"#ffffff\">\n<link rel=\"preload\" href=\"/fonts/Inconsolata-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<link rel=\"preload\" href=\"/fonts/Lora-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"preload\" href=\"/fonts/CormorantGaramond-Bold.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"preload\" href=\"/fonts/CormorantGaramond-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"manifest\" href=\"/site.webmanifest\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"16x16\" href=\"/favicon-16x16.png\">\n<link rel=\"mask-icon\" href=\"/safari-pinned-tab.svg\" color=\"#5bbad5\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"32x32\" href=\"/favicon-32x32.png\">\n<link rel=\"apple-touch-icon\" sizes=\"180x180\" href=\"/apple-touch-icon.png\"><meta name=\"msapplication-TileColor\" content=\"#da532c\">\n" - "<style>\n" - (with-temp-buffer (insert-file-contents "~/monorepo/style.css") (buffer-string)) - "\n" - (with-temp-buffer (insert-file-contents "~/monorepo/syntax.css") (buffer-string)) - "\n</style>")) + "<style>" + (with-temp-buffer (insert-file-contents-literally "~/monorepo/combined.css") (buffer-substring-no-properties (point-min) (point-max))) + "</style>") "add all these different headers for performance and compliance") (org-latex-to-html-convert-command - "printf '%%s' %i | pandoc -f latex -t html --mathml | tr -d '\\n' | sed -e 's/^<p>//' -e 's/<\\/p>$//'") + "printf '%%s' %i | pandoc -f latex -t html --mathml | tr -d '\\n' | sed -e 's/^<p>//' -e 's/<\\/p>$//'" "latex to MathML with special character handling") (org-html-viewport '((width "device-width") (initial-scale "1.0") (minimum-scale "1.0")) "Prevent zooming out past default size") @@ -198,7 +197,7 @@ This is my org mode configuration, which also configures latex. :html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>"))) ("website-static" :base-directory "~/monorepo" - :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg\\|txt\\|webp" + :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg\\|txt\\|webp\\|conf" :publishing-directory "~/website_html/" :recursive t :publishing-function org-publish-attachment) @@ -327,7 +326,6 @@ First, some small configurations and some evil-mode initilaization because I lik (define-key evil-motion-state-map (kbd "TAB") nil)) (evil-collection-init)) - (use-package evil-commentary :after (evil) :config @@ -410,13 +408,6 @@ Org superstar adds those nice looking utf-8 bullets: ** LSP We set up eglot, the LSP manager for emacs, now built in: #+begin_src emacs-lisp :tangle ../nix/init.el - ;; (use-package eglot - ;; :hook - ;; (prog-mode . eglot-ensure) - ;; (nix-mode . eglot-ensure) - ;; :config - ;; (add-to-list 'eglot-server-programs '(nix-mode . ("nil")))) - (use-package lsp :hook (prog-mode . lsp)) @@ -647,16 +638,6 @@ emacs keybindings. ** LLM I use LLMs in order to help me come up with ideas. I use a local LLM so that I can have a competitive LLM that doesn't cost money. -#+begin_src emacs-lisp :tangle ../nix/init.el - ;; (use-package ellama - ;; :custom - ;; (ellama-sessions-directory "~/org/ellama/" "Set org directory for LLM sessions") - ;; :init - ;; (require 'llm-ollama) - ;; (setopt ellama-provider (make-llm-ollama - ;; :host "localhost" - ;; :chat-model "qwen2.5:14b"))) -#+end_src *** Minuet Minuet does my code completion, showing the potential code completion as a ghost and automatically completing the code when my cursor is still. It is kind of like copilot but it works with local LLMs, which is better. Though, it's obviously not always the most accurate. diff --git a/config/nix.org b/config/nix.org index a32c14d..c355ba5 100644 --- a/config/nix.org +++ b/config/nix.org @@ -202,7 +202,7 @@ and now for the main flake: fi echo "Merge to main detected. Building VM for ${hostname}..." if nix build .#nixosConfigurations.${hostname}.config.system.build.vm --no-link; then - echo "Build succeeded. Proceeding with merge." + echo "Build succeeded." exit 0 else echo "Build failed! Aborting." @@ -227,10 +227,6 @@ and now for the main flake: serviceName = "sshd"; enabled = super.services.openssh.enable; } - # { - # serviceName = "conduit"; - # enabled = super.services.matrix-conduit.enable; - # } { serviceName = "git-daemon"; enabled = super.services.gitDaemon.enable; @@ -312,6 +308,10 @@ and now for the main flake: }; in { + lib = { + inherit mkHostModules; + }; + checks."${system}" = integrationTests // { inherit pre-commit-check; }; @@ -333,14 +333,35 @@ and now for the main flake: devShell."${system}" = with pkgs; mkShell { buildInputs = [ fira-code - python3 - poetry statix deadnix + (python3.withPackages (ps: with ps; [ + octodns + octodns-providers.cloudflare + octodns-providers.bind + ])) ]; shellHook = '' ${pre-commit-check.shellHook} git config branch.main.mergeoptions "--no-ff" + + CURRENT_HOST="$(hostname)" + + TARGET_USER_RAW=$(nix eval .#nixosConfigurations."$CURRENT_HOST".config.home-manager.users --apply "u: builtins.head (builtins.attrNames u)" --raw 2>/dev/null) + + TARGET_USER=$(echo "$TARGET_USER_RAW" | xargs) + SOPS_BASE=$(nix eval .#nixosConfigurations."$CURRENT_HOST".config.home-manager.users."$TARGET_USER".sops.defaultSymlinkPath --raw 2>/dev/null) + + if [ -n "$SOPS_BASE" ] && [ -f "$SOPS_BASE/cloudflare-dns" ]; then + export CLOUDFLARE_TOKEN="$(cat "$SOPS_BASE/cloudflare-dns" | tr -d '\n')" + echo "Authenticated via sops-nix for host: $CURRENT_HOST" + else + echo "Could not resolve sops path for $CURRENT_HOST or secret is missing. Set CLOUDFLARE_TOKEN manually." + fi + + alias update-dns="octodns-sync --config-file ${self.packages."${system}".octodns} --doit --force" + alias fake-update-dns="octodns-sync --config-file ${self.packages."${system}".octodns} --force " + alias gprune='git branch --merged | grep -v -E "^\*|main|master|dev" | xargs -r git branch -d' ''; }; @@ -468,7 +489,7 @@ graph by running ~nix build .#topology.x86_64-linux.config.output~. Variables used for regular configuration in your system ~default.nix~ file. The options are largely self-documenting. #+begin_src nix :tangle ../nix/modules/vars.nix - { lib, ... }: + { config, lib, ... }: let vars = import ../flakevars.nix; in @@ -591,6 +612,13 @@ largely self-documenting. description = "Name of Ntfy secret for notification handling"; }; + ntfyUrl = lib.mkOption { + type = lib.types.str; + default = "ntfy.${config.monorepo.vars.remoteHost}"; + example = "ntfy.nullring.xyz"; + description = "Name of ntfy server"; + }; + monitors = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ @@ -612,11 +640,12 @@ Again, these are self documenting variables that you may see used below. These a under ~default.nix~ in the ~systems~ folder. #+begin_src nix :tangle ../nix/modules/default.nix { lib, config, pkgs, ... }: + let + dirContents = builtins.readDir ./.; + files = lib.filterAttrs (name: type: type == "regular" && lib.hasSuffix ".nix" name && name != "default.nix") dirContents; + in { - imports = [ - ./configuration.nix - ./vars.nix - ]; + imports = lib.mapAttrsToList (name: _: ./. + "/${name}") files; options = { monorepo = { @@ -708,14 +737,6 @@ to relevant places. templates = if config.monorepo.profiles.server.enable then { - "public-inbox-netrc" = { - owner = "public-inbox"; - group = "public-inbox"; - mode = "0400"; - content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' - machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; - }; - "matterbridge" = { owner = "matterbridge"; content = '' @@ -1017,7 +1038,6 @@ This is an internet radio which will host a ton of music. </mount> ''; }; - admin.password = "changeme"; } #+end_src ** IRC @@ -1356,15 +1376,15 @@ This is a basic ActivityPub server. #+end_src ** TODO matrix-appservice-irc #+begin_src nix :tangle ../nix/modules/matrix-appservice-irc.nix - { lib, config, ... }: + { ... }: { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - registrationUrl = "localhost"; + # enable = lib.mkDefault config.monorepo.profiles.server.enable; + # registrationUrl = "localhost"; - settings = { - homeserver.url = "https://matrix.nullring.xyz"; - homserver.domain = "matrix.nullring.xyz"; - }; + # settings = { + # homeserver.url = "https://matrix.nullring.xyz"; + # homserver.domain = "matrix.nullring.xyz"; + # }; } #+end_src ** Gitolite @@ -1598,7 +1618,7 @@ I want to have notifications on my phone, and run my own server to do this. #+begin_src nix :tangle ../nix/modules/ntfy-sh.nix { pkgs, lib, config, ... }: let - serverName = "ntfy.${config.monorepo.vars.remoteHost}"; + serverName = "${config.monorepo.vars.ntfyUrl}"; port = 2586; ntfySecret = config.monorepo.vars.ntfySecret; in @@ -1701,16 +1721,21 @@ to the outside world under a domain. enableACME = true; locations."/" = { extraConfig = '' - add_header Cache-Control "no-cache, must-revalidate"; - expires off; + add_header Cache-Control "no-cache, must-revalidate"; + expires off; ''; }; + locations."~* \\.(?:woff2|ttf|otf|eot|woff|ico|css|js|gif|jpe?g|png|svg|mp3|mp4|iso|webmanifest)$" = { extraConfig = '' - add_header Cache-Control "public, max-age=31536000, immutable"; - access_log off; + add_header Cache-Control "public, max-age=31536000, immutable"; + access_log off; ''; }; + extraConfig = '' + include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf; + rewrite ^/graph_view/?(.*)$ https://graph.${config.monorepo.vars.remoteHost}/$1 permanent; + ''; }; # the port comes from ssh tunnelling @@ -1738,6 +1763,20 @@ to the outside world under a domain. addSSL = true; enableACME = true; }; + + "graph.${config.monorepo.vars.remoteHost}" = lib.mkIf (monorepoSelf != null) { + serverName = "graph.${config.monorepo.vars.remoteHost}"; + root = "${monorepoSelf.packages.${pkgs.system}.website}"; + addSSL = true; + enableACME = true; + locations."/" = { + extraConfig = "rewrite ^/$ /graph_view/index.html break;"; + }; + + extraConfig = '' + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none';"; + ''; + }; }; }; @@ -1747,6 +1786,8 @@ to the outside world under a domain. "${config.monorepo.vars.remoteHost}" = {}; "${config.monorepo.vars.orgHost}" = {}; "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = {}; + "music.${config.monorepo.vars.remoteHost}" = {}; + "graph.${config.monorepo.vars.remoteHost}" = {}; }; } #+end_src @@ -1837,10 +1878,21 @@ There is a non declarative part of setting dkims and spf. password_path = "mail_monorepo_password"; in { - sops.secrets = lib.mkIf config.services.maddy.enable { - "${password_path}" = lib.mkIf config.services.maddy.enable { - format = "yaml"; - owner = "maddy"; + sops = lib.mkIf config.services.maddy.enable { + secrets = { + "${password_path}" = { + format = "yaml"; + owner = "maddy"; + }; + }; + templates = lib.mkIf config.services.public-inbox.enable { + "public-inbox-netrc" = { + owner = "public-inbox"; + group = "public-inbox"; + mode = "0400"; + content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine ${emailServerName} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' + machine ${emailServerName} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; + }; }; }; @@ -1895,18 +1947,16 @@ There is a non declarative part of setting dkims and spf. ''; serviceConfig = { - # Allow the service to see the file it just created BindPaths = [ "/var/lib/public-inbox" "${config.users.users.git.home}" ]; ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; - # Ensure it can actually write to the directory during preStart ReadWritePaths = [ "/var/lib/public-inbox" ]; }; } else {}; - systemd.services.public-inbox-watch = if config.monorepo.profiles.server.enable then { + systemd.services.public-inbox-watch = if config.services.public-inbox.enable then { after = [ "sops-nix.service" ]; confinement.enable = lib.mkForce false; preStart = '' @@ -1936,7 +1986,7 @@ There is a non declarative part of setting dkims and spf. } else {}; services.public-inbox = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; + enable = lib.mkDefault config.services.maddy.enable; settings = { coderepo = lib.genAttrs config.monorepo.vars.projects (name: { dir = "${config.users.users.git.home}/${name}.git"; @@ -2333,35 +2383,6 @@ because they enhance security. vmHosts = map (dom: "127.0.0.1 ${dom}") allDomains; in { - imports = [ - ./cgit.nix - ./public_inbox.nix - ./matterbridge.nix - ./mautrix.nix - ./xserver.nix - ./ssh.nix - ./pipewire.nix - ./tor.nix - ./kubo.nix - ./nvidia.nix - ./cuda.nix - ./nginx.nix - ./secrets.nix - ./git-daemon.nix - ./ollama.nix - ./i2pd.nix - ./conduit.nix - ./bitcoin.nix - ./ngircd.nix - ./znc.nix - ./docker.nix - ./impermanence.nix - ./maddy.nix - ./ntfy-sh.nix - ./fail2ban.nix - ./nixpkgs-options.nix - ]; - environment.etc."wpa_supplicant.conf".text = '' country=CA ''; @@ -2375,6 +2396,7 @@ because they enhance security. memoryPercent = 50; }; + # Shim for testing virtualisation.vmVariant = { sops.validateSopsFiles = false; disko.devices = lib.mkForce {}; @@ -2403,6 +2425,8 @@ because they enhance security. systemd.services.sops-nix = { unitConfig.RequiresMountsFor = "/home/preston/.config/sops/age"; }; + + security.acme.defaults.server = lib.mkForce "https://127.0.0.1:14000/dir"; }; documentation = { @@ -2717,7 +2741,6 @@ because they enhance security. programs = { nix-ld.enable = true; zsh.enable = true; - light.enable = true; ssh.enableAskPassword = false; }; @@ -2925,10 +2948,13 @@ This is all configuration common to any GPT partitioned drive. I dynamically cho *** ESP Boot Partition #+begin_src nix :tangle ../nix/disko/esp-boot.nix { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; } #+end_src *** Btrfs @@ -2936,10 +2962,8 @@ This is a fully featured drive configuration and the recommended configuration t Btrfs enables you to enable impermanence and also encrypt the drive with ~/tmp/secret.key~. #+begin_src nix :tangle ../nix/disko/btrfs.nix { - ESP = { + ESP = (import ./esp-boot.nix) // { size = "512M"; - type = "EF00"; - content = import ./esp-boot.nix; }; luks = { size = "100%"; @@ -2993,11 +3017,9 @@ This configuration is used for simple partitioning schemes with EFI. A simple ex should be using EFI if you can. #+begin_src nix :tangle ../nix/disko/ext4.nix { - ESP = { - type = "EF00"; + ESP = (import ./esp-boot.nix) // { size = "500M"; priority = 1; - content = import ./esp-boot.nix; }; root = { size = "100%"; @@ -3042,31 +3064,14 @@ As you can see, I have my installed home packages installed based on the profile I have many imports that we'll go through next. #+begin_src nix :tangle ../nix/modules/home/default.nix { lib, config, pkgs, sops-nix, super, ... }: + let + dirContents = builtins.readDir ./.; + files = lib.filterAttrs (name: type: type == "regular" && lib.hasSuffix ".nix" name && name != "default.nix" && name != "emacs-packages.nix") dirContents; + in { imports = [ sops-nix.homeManagerModules.sops - ../vars.nix - ./fcitx.nix - ./emacs.nix - ./firefox.nix - ./git.nix - ./hyprland.nix - ./mpv.nix - ./yt-dlp.nix - ./wofi.nix - ./kitty.nix - ./waybar.nix - ./zsh.nix - ./mbsync.nix - ./msmtp.nix - ./gammastep.nix - ./mpd.nix - ./mako.nix - ./user.nix - ./gtk.nix - ./secrets.nix - ./pantalaimon.nix - ]; + ] ++ lib.mapAttrsToList (name: _: ./. + "/${name}") files; options = { monorepo.profiles = { @@ -3869,15 +3874,15 @@ just set the options to the ones you want in your system ~default.nix~. This mpd configuration uses pipewire by default, and it should just work if you place music in the ~~/music~ directory and then run ~mpc add /~ afterwards. #+begin_src nix :tangle ../nix/modules/home/mpd.nix - { lib, config, ... }: + { lib, config, super, ... }: { services.mpd = { enable = lib.mkDefault config.monorepo.profiles.music.enable; - dbFile = "/home/${config.monorepo.vars.userName}/.config/mpd/db"; - dataDir = "/home/${config.monorepo.vars.userName}/.config/mpd/"; + dbFile = "/home/${super.monorepo.vars.userName}/.config/mpd/db"; + dataDir = "/home/${super.monorepo.vars.userName}/.config/mpd/"; network.port = 6600; - musicDirectory = "/home/${config.monorepo.vars.userName}/music"; - playlistDirectory = "/home/${config.monorepo.vars.userName}/.config/mpd/playlists"; + musicDirectory = "/home/${super.monorepo.vars.userName}/music"; + playlistDirectory = "/home/${super.monorepo.vars.userName}/.config/mpd/playlists"; network.listenAddress = "0.0.0.0"; extraConfig = '' audio_output { @@ -3965,7 +3970,7 @@ here: This is the bar I use for my hyprland configuration. You will need to adjust the monitors field in the ~default.nix~ for it to really appear. #+begin_src nix :tangle ../nix/modules/home/waybar.nix - { lib, config, ... }: + { lib, config, super, ... }: { programs.waybar = { enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; @@ -4221,7 +4226,7 @@ in the ~default.nix~ for it to really appear. position = "top"; height = 50; - output = config.monorepo.vars.monitors; + output = super.monorepo.vars.monitors; modules-left = [ "hyprland/workspaces" ]; modules-center = [ "hyprland/window" ]; @@ -4475,7 +4480,7 @@ A classic program that allows you to download from youtube. Also has integration My zsh config has some useful aliases that one should read through. Otherwise it is pretty standard. #+begin_src nix :tangle ../nix/modules/home/zsh.nix - { config, pkgs, systemHostName, ... }: + { pkgs, systemHostName, super, ... }: { programs.zsh = { enable = true; @@ -4510,9 +4515,9 @@ standard. build-installer = "nix build $HOME/monorepo/nix#nixosConfigurations.installer.config.system.build.isoImage"; rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}"; nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update"; - usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/monorepo/result/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; + usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/monorepo/result/ root@${super.monorepo.vars.remoteHost}:/var/www/${super.monorepo.vars.internetName}-website/"; usite - = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; + = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${super.monorepo.vars.remoteHost}:/var/www/${super.monorepo.vars.internetName}-website/"; sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l"; }; loginExtra = '' @@ -4528,33 +4533,33 @@ This configuration is the backbone configuration for the default user. It specif generally useful packages and something every home should have, as well as some dependencies for these configurations. #+begin_src nix :tangle ../nix/modules/home/user.nix - { lib, config, pkgs, ... }: + { lib, config, pkgs, super, ... }: { home = { activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' - if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/ + if [ ! -d "/home/${super.monorepo.vars.userName}/email/${super.monorepo.vars.internetName}/" ]; then + mkdir -p /home/${super.monorepo.vars.userName}/email/${super.monorepo.vars.internetName}/ fi - if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/music + if [ ! -d "/home/${super.monorepo.vars.userName}/music" ]; then + mkdir -p /home/${super.monorepo.vars.userName}/music fi - if [ ! -d /home/${config.monorepo.vars.userName}/org ]; then - mkdir -p /home/${config.monorepo.vars.userName}/org + if [ ! -d /home/${super.monorepo.vars.userName}/org ]; then + mkdir -p /home/${super.monorepo.vars.userName}/org fi - if [ ! -d /home/${config.monorepo.vars.userName}/src ]; then - mkdir -p /home/${config.monorepo.vars.userName}/src + if [ ! -d /home/${super.monorepo.vars.userName}/src ]; then + mkdir -p /home/${super.monorepo.vars.userName}/src fi - touch /home/${config.monorepo.vars.userName}/org/agenda.org - touch /home/${config.monorepo.vars.userName}/org/notes.org + touch /home/${super.monorepo.vars.userName}/org/agenda.org + touch /home/${super.monorepo.vars.userName}/org/notes.org ''; enableNixpkgsReleaseCheck = false; - username = config.monorepo.vars.userName; - homeDirectory = "/home/${config.monorepo.vars.userName}"; + username = super.monorepo.vars.userName; + homeDirectory = "/home/${super.monorepo.vars.userName}"; stateVersion = "24.11"; packages = with pkgs; (if config.monorepo.profiles.graphics.enable then [ @@ -56,40 +56,94 @@ ntfyFile = affinity.config.monorepo.vars.ntfySecret; + ntfyHost = "https://${spontaneity.config.monorepo.vars.ntfyUrl}"; + topology = nixmacs.topology.x86_64-linux.config.output; + mkNotification = msg: ''curl -H "Priority: max" -u "${internetName}:$(grep ADMIN_PASSWORD "${secretsPath}/${ntfyFile}" | cut -d "\"" -f 2)" -d "${msg}" ${ntfyHost}/ci-build''; + pre-commit-check = git-hooks.lib.${system}.run { src = ./.; hooks = { deadnix.enable = true; + spontaneity-smoke-test = { + enable = true; + name = "Spontaneity smoke test"; + description = "tests if nginx is active/if the config works."; + stages = [ "pre-merge-commit" ]; + entry = "${pkgs.writeShellScript "website-check" '' +set -e +set -o pipefail +trap "echo -e '\nHook interrupted by user. Aborting merge!'; exit 1" INT TERM + +BRANCH=$(git branch --show-current) +if [ "$BRANCH" != "main" ]; then + exit 0 +fi + +set +e +nix build .#checks.${system}.spontaneity-website-test --no-link +BUILD_STATUS=$? +set -e + +if [ $BUILD_STATUS -neq 0 ]; then + echo "Failed to build the website with spontaneity!" + exit $BUILD_STATUS +fi +''}"; + pass_filenames = false; + }; + website-build-check = { enable = true; name = "website-build"; description = "Ensure website can build, and tests links"; stages = [ "pre-merge-commit" ]; entry = "${pkgs.writeShellScript "website-check" '' -set -e -set -o pipefail +set -e +set -o pipefail trap "echo -e '\nHook interrupted by user. Aborting merge!'; exit 1" INT TERM BRANCH=$(git branch --show-current) if [ "$BRANCH" != "main" ]; then exit 0 fi + +set +e RESULT_PATH=$(nix build .#website --no-link --print-out-paths) -if [ -d "$RESULT_PATH" ]; then - echo "Running lychee link check..." - ${pkgs.lychee}/bin/lychee --root-dir "$RESULT_PATH" \ - --offline \ - --verbose \ - --no-progress \ - "$RESULT_PATH/**/*.html" +BUILD_STATUS=$? +set -e - curl -H "Priority: max" -u "${internetName}:$(grep ADMIN_PASSWORD "${secretsPath}/${ntfyFile}" | cut -d "\"" -f 2)" -d "CI checks done!" https://ntfy.ret2pop.net/ci-build -else - echo "Website build failed, skipping lychee." +if [ $BUILD_STATUS -eq 0 ] && [ -d "$RESULT_PATH" ]; then + echo "Running lychee link check..." + set +e + ${pkgs.lychee}/bin/lychee --root-dir "$RESULT_PATH" \ + --offline \ + --verbose \ + --no-progress \ + "$RESULT_PATH/**/*.html" + LYCHEE_STATUS=$? + set -e + + if [ $LYCHEE_STATUS -ne 0 ]; then + echo "Lychee found broken links!" + ${mkNotification "CI checks failed: Broken links!"} + exit 1 + fi - curl -H "Priority: max" -u "${internetName}:$(grep ADMIN_PASSWORD "${secretsPath}/${ntfyFile}" | cut -d "\"" -f 2)" -d "CI checks failed!" https://ntfy.ret2pop.net/ci-build + INJECT_HASH="$(python3 tests/test-csp-hash.py "$RESULT_PATH/index.html")" + CSS_HASH="$(openssl dgst -sha256 -binary "$RESULT_PATH/combined.css" | openssl base64)" + + if [ "$INJECT_HASH" != "$CSS_HASH" ]; then + echo "Security headers test failed!" + ${mkNotification "CI checks failed: CSP hash mismatch!"} + exit 1 + fi + + ${mkNotification "CI checks done!"} +else + echo "Website build failed, skipping lychee and CSP tests." + ${mkNotification "CI checks failed!"} exit 1 fi ''}"; @@ -162,6 +216,7 @@ fi pkgs.rsass pkgs.minify pkgs.woff2 + pkgs.openssl (pkgs.texlive.combine { inherit (pkgs.texlive) @@ -185,9 +240,18 @@ mkdir -p $HOME/monorepo cp -a . $HOME/monorepo/ cd $HOME/monorepo mkdir -p mindmap/img + rsass style.scss | minify --type=css > style.css minify --type=css -o syntax.css syntax.css +# I want to do this so I can generate the CSP policy carefully +cat style.css syntax.css > combined.css + +CSS_HASH=$(openssl dgst -sha256 -binary combined.css | openssl base64) +cat <<EOF > csp_header.conf +add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'sha256-$CSS_HASH'; font-src 'self';"; +EOF + cat <<EOF > $TMPDIR/policy.xml <policymap> <policy domain="coder" rights="read|write" pattern="{PDF,PS,EPS,GS}" /> @@ -282,6 +346,39 @@ sha256sum installer.iso > installer.iso.sha256 checks."${system}" = { build-website = website; + spontaneity-website-test = nixmacs.inputs.nixpkgs.legacyPackages."${system}".testers.runNixOSTest { + name = "spontaneity-website-test"; + + node.specialArgs = { + monorepoSelf = self; + isIntegrationTest = true; + } // nixmacs.inputs; + + nodes."spontaneity" = { lib, ... }: { + imports = nixmacs.lib.mkHostModules "spontaneity" ++ [ + "${nixmacs.inputs.nixpkgs}/nixos/modules/misc/nixpkgs/read-only.nix" + { + nixpkgs.pkgs = lib.mkVMOverride self.nixosConfigurations.spontaneity.pkgs; + nixpkgs.config = lib.mkForce {}; + systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false; + systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; + nixpkgs.overlays = lib.mkForce []; + } + ]; + disabledModules = [ + "${self}/nix/modules/nixpkgs-options.nix" + "${self}/nix/systems/spontaneity/hardware-configuration.nix" + ]; + }; + + testScript = '' +spontaneity.start() +spontaneity.succeed('printf "smoke"') +spontaneity.wait_for_unit("default.target") +spontaneity.succeed("systemctl is-active nginx") +spontaneity.succeed('printf "smoke again"') + ''; + }; }; packages."${system}" = { @@ -296,7 +393,8 @@ ${pre-commit-check.shellHook} git config branch.main.mergeoptions "--no-ff" alias gprune='git branch --merged | grep -v -E "^\*|main|master|dev" | xargs -r git branch -d' alias serve='cd result; python3 -m http.server 10005' -alias build='nix build .#website && curl -H "Priority: max" -u "${internetName}:$(grep ADMIN_PASSWORD "${secretsPath}/${ntfyFile}" | cut -d "\"" -f 2)" -d "Website build done!" https://ntfy.ret2pop.net/ci-build' +alias build='nix build .#website && ${mkNotification "CI build done!"} ' +alias check='nix flake check; ${mkNotification "flake checks done!"} ' ''; buildInputs = [ deadnix @@ -305,6 +403,9 @@ alias build='nix build .#website && curl -H "Priority: max" -u "${internetName}: miniserve rsass imagemagickBig + google-lighthouse + openssl + git ]; }; }; @@ -8,6 +8,7 @@ #+HTML_HEAD: <link rel="preload" fetchpriority="high" as="image" href="/img/logo.webp" type="image/webp"> #+attr_html: :width 595 :height 746 +#+attr_html: :alt My ret2pop logo #+caption: All Hope Abandon, Ye Who Enter Here [[./img/logo.webp]] @@ -35,6 +36,7 @@ Click the hyperlink to find out! In case you didn't see: - [[file:mindmap/index.org][Mindmap]] - [[file:mindmap/index.org][Mindmap]] * [[file:config/index.org][Configurations]] +#+attr_html: :alt nix topology graph of all my systems [[./img/topology.svg]] Most of my configurations/dotfiles for various programs are literate configurations, and I @@ -76,6 +78,7 @@ Alternatively for all of these addresses, you can use ~ret2pop.eth~, if you can An anonymous form of ecash, the only one out of these that is actually being used for the purpose of currency (on the dark web): #+attr_html: :width 240 :height 240 +#+attr_html: :alt XMR QR code [[./img/monero.webp]] #+begin_example 88DQVgiowjJLwsHfTaNjNgJ9Wu4Pw9msie89M2fMrTVJeDEnzqwYMQjX9nAnEDegWrU9LsJdNYp5EKkzxT73DuD6EGa9eWf @@ -84,6 +87,7 @@ of currency (on the dark web): Utility in the form of smart contracts (which are perhaps useful for something important in the future), with first mover advantage in this regard: #+attr_html: :width 147 :height 147 +#+attr_html: :alt ETH QR code [[./img/eth.webp]] #+begin_example 0x135Ed80afB7Cd06E494e5Bb737Da8D4B23153480 @@ -93,6 +97,7 @@ Note that this includes subprojects such as LINK which I find to have some value The standard, and probably will continue to be used as a prediction market/speculative asset for the efficacy of other cryptocurrencies: #+attr_html: :width 147 :height 147 +#+attr_html: :alt bitcoin QR code [[./img/bitcoin.webp]] #+begin_example bc1qaymk2ky8unwq7jdydjw6y9a5xr9z60mkds9ttq diff --git a/mindmap/LRC circuit.org b/mindmap/LRC circuit.org index f685940..0df7bdc 100644 --- a/mindmap/LRC circuit.org +++ b/mindmap/LRC circuit.org @@ -38,6 +38,7 @@ another circuit diagram will include a possibly variable voltage source. #+end_export #+CAPTION: LRC Circuit without voltage source +#+attr_html: :alt Homogeneous LRC circuit diagram #+attr_html: :width 400 :height 310 [[./lrc_circuit.png]] @@ -115,6 +116,7 @@ Here is the circuit diagram for the LRC circuit with a voltage source: #+end_export #+CAPTION: LRC Circuit +#+attr_html: :alt Circuit diagram with AC voltage source #+attr_html: :width 400 :height 319 [[./lrc_circuit_source.png]] This new [[id:4be41e2e-52b9-4cd1-ac4c-7ecb57106692][differential equation]] looks like this: diff --git a/mindmap/Laplace Transform.org b/mindmap/Laplace Transform.org index 8113a6e..f5552e9 100644 --- a/mindmap/Laplace Transform.org +++ b/mindmap/Laplace Transform.org @@ -3,6 +3,7 @@ :END: #+title: Laplace Transform #+author: Preston Pan +#+description: The algebra of differential equations. #+options: broken-links:t diff --git a/mindmap/philosophy.org b/mindmap/philosophy.org index 7fe892f..0e9d2c9 100644 --- a/mindmap/philosophy.org +++ b/mindmap/philosophy.org @@ -3,6 +3,7 @@ :END: #+title: philosophy #+author: Preston Pan +#+description: But what is philosophy? #+options: broken-links:t * Introduction diff --git a/mindmap/physics.org b/mindmap/physics.org index 35d7508..22fa0c8 100644 --- a/mindmap/physics.org +++ b/mindmap/physics.org @@ -3,6 +3,7 @@ :END: #+title: physics #+author: Preston Pan +#+description: What happens when things exist. #+options: broken-links:t diff --git a/mindmap/prv_LRC_circuit.org.log b/mindmap/prv_LRC_circuit.org.log deleted file mode 100644 index b841f4f..0000000 --- a/mindmap/prv_LRC_circuit.org.log +++ /dev/null @@ -1,35 +0,0 @@ -This is XeTeX, Version 3.141592653-2.6-0.999995 (TeX Live 2023/nixos.org) (preloaded format=xelatex 1980.1.1) 3 JAN 2025 14:31 -entering extended mode - restricted \write18 enabled. - %&-line parsing enabled. -**&xelatex prv_LRC_circuit.org.ini \nonstopmode\nofiles\PassOptionsToPackage{active,tightpage,auctex}{preview}\AtBeginDocument{\ifx\ifPreview\undefined\RequirePackage[displaymath,textmath,graphics]{preview}[2004/11/05]\fi} \input \detokenize{ "LRC circuit.org.tex" } -(./prv_LRC_circuit.org.ini -LaTeX2e <2023-11-01> patch level 1 -L3 programming layer <2024-02-20> -(/nix/store/w8fdfdyc5l71qr9m42h2fpifzxp9p5mn-texlive-2023-env-texmfdist/tex/latex/mylatex/mylatex.ltx)) (/nix/store/w8fdfdyc5l71qr9m42h2fpifzxp9p5mn-texlive-2023-env-texmfdist/tex/latex/tools/.tex File ignored) -No auxiliary output files. - -! I can't find file `"LRC circuit.org.tex"'. -<inserted text> "LRC circuit.org.tex" - -<*> ...\input \detokenize{ "LRC circuit.org.tex" } - -(Press Enter to retry, or Control-D to exit) -Please type another input file name -! Emergency stop. -<inserted text> "LRC circuit.org.tex" - -<*> ...\input \detokenize{ "LRC circuit.org.tex" } - -*** (job aborted, file error in nonstop mode) - - -Here is how much of TeX's memory you used: - 39 strings out of 474773 - 1168 string characters out of 5739028 - 1917839 words of memory out of 5000000 - 22285 multiletter control sequences out of 15000+600000 - 558069 words of font info for 36 fonts, out of 8000000 for 9000 - 1348 hyphenation exceptions out of 8191 - 13i,0n,22p,396b,12s stack positions out of 10000i,1000n,20000p,200000b,200000s -No pages of output. diff --git a/mindmap/special relativity.org b/mindmap/special relativity.org index aca50de..9e6c4b2 100644 --- a/mindmap/special relativity.org +++ b/mindmap/special relativity.org @@ -32,6 +32,7 @@ no information can either; light in this case can be replaced with something els once the light reaches the roof from the floor, where this distance is $d$ meters, $\frac{d}{c}$ seconds will have passed for Bob. #+caption: A very scientifically accurate drawing of the situation +#+attr_html: :alt Bad drawing of a reference frame with velocity #+attr_html: :width 1800 :height 1800 [[../img/relativity1.webp]] diff --git a/nix b/nix -Subproject 7e0ff1661d94a061d0ad6db72803d211f9df463 +Subproject 7185f3f185bbfe594dbf11a31a2e7d78d5b72f0 @@ -102,6 +102,11 @@ body { flex-direction: column; align-items: center; min-height: 100vh; + + @media (max-width: 1250px) { + padding-left: 0; + font-size: 20px; + } } h1, h2, h3 { line-height: 1.2; font-family: var(--font-header), serif; } @@ -123,7 +128,14 @@ h1 { line-height: 1.3; } -h2 { font-size: 1.6rem; margin-top: 2.5rem; margin-bottom: 0.6rem; } +h2 { + font-size: 1.6rem; + margin-top: 2.5rem; + margin-bottom: 0.6rem; + + @media (max-width: 768px) { font-size: 1.5rem; } +} + h3 { font-size: 1.25rem; font-weight: 700; margin-top: 2rem; margin-bottom: 0.4rem; letter-spacing: 0.02em; } h4 { font-size: 1.1rem; font-weight: 700; color: var(--text-main); } h5 { font-size: 1rem; font-weight: 700; color: var(--link-color); } @@ -616,23 +628,14 @@ pre { } h2 { display: none !important; } + + @media (max-width: 1250px) { display: none !important; } } #postamble { text-align: center; } -@media (max-width: 1250px) { - body { - padding-left: 0; - font-size: 20px; - } - #table-of-contents { display: none !important; } - h1 { font-size: 1.8rem; } - h2 { font-size: 18px; } -} @media (max-width: 768px) { - h2 { font-size: 1.5rem; } - blockquote, .src, .example { max-width: 100%; width: 100%; diff --git a/tests/test-csp-hash.py b/tests/test-csp-hash.py new file mode 100644 index 0000000..8401979 --- /dev/null +++ b/tests/test-csp-hash.py @@ -0,0 +1,10 @@ +import sys, re, hashlib, base64 +html = open(sys.argv[1]).read() +match = re.search(r'<style[^>]*>(.*?)</style>', html, re.DOTALL | re.IGNORECASE) +if match: + content = match.group(1).encode('utf-8') + print(base64.b64encode(hashlib.sha256(content).digest()).decode()) + exit(0) +else: + print('Error: Still could not find a <style> tag in the HTML.') + exit(1) |