diff options
Diffstat (limited to 'nix/modules')
67 files changed, 0 insertions, 4537 deletions
diff --git a/nix/modules/bitcoin.nix b/nix/modules/bitcoin.nix deleted file mode 100644 index bd014bb..0000000 --- a/nix/modules/bitcoin.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, ... }: -{ - services.bitcoind."${config.monorepo.vars.userName}" = { - enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - prune = 10000; - }; -} diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix deleted file mode 100644 index 5bf888d..0000000 --- a/nix/modules/cgit.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, ... }: -let - serverName = "git.${config.monorepo.vars.orgHost}"; -in -{ - services.cgit."my-projects" = { - enable = lib.mkDefault config.services.gitDaemon.enable; - scanPath = "${config.users.users.git.home}"; - settings = { - root-title = "Nullring Git Server"; - root-desc = "Projects and cool things"; - enable-commit-graph = 1; - enable-log-filecount = 1; - enable-log-linecount = 1; - enable-index-owner = 0; - clone-prefix = "https://${serverName}"; - enable-tree-linenumbers = 1; - strict-export = "git-daemon-export-ok"; - }; - gitHttpBackend = { - enable = true; - checkExportOkFiles = true; - }; - nginx = { - virtualHost = "${serverName}"; - }; - }; - - networking.domains.subDomains."${serverName}" = lib.mkIf config.services.cgit."my-projects".enable { }; - services.nginx.virtualHosts."${serverName}" = lib.mkIf config.services.cgit."my-projects".enable { - forceSSL = true; - enableACME = true; - }; -} diff --git a/nix/modules/conduit.nix b/nix/modules/conduit.nix deleted file mode 100644 index edc8e8b..0000000 --- a/nix/modules/conduit.nix +++ /dev/null @@ -1,212 +0,0 @@ -{ config, lib, ... }: -let - livekitListenPort = 8443; - # secrets.yaml - livekit_secret = "livekit_secret"; - conduit_secret = "conduit_secrets"; -in -{ - sops.secrets = lib.mkIf config.services.matrix-conduit.enable { - "${livekit_secret}" = lib.mkIf config.services.livekit.enable { - format = "yaml"; - mode = "0444"; - }; - - "${conduit_secret}" = { - format = "yaml"; - }; - }; - - services.matrix-conduit = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - secretFile = "/run/secrets/${conduit_secret}"; - settings.global = { - server_name = "matrix.${config.monorepo.vars.orgHost}"; - trusted_servers = [ - "matrix.org" - "nixos.org" - "conduit.rs" - ]; - address = "0.0.0.0"; - port = 6167; - allow_registration = false; - }; - }; - - - services.livekit = { - enable = lib.mkDefault (config.services.matrix-conduit.enable || config.services.matrix-synapse.enable); - keyFile = "/run/secrets/${livekit_secret}"; - settings = { - port = 7880; - turn = { - enabled = true; - domain = "livekit.${config.monorepo.vars.orgHost}"; - cert_file = "/var/lib/acme/livekit.${config.monorepo.vars.orgHost}/fullchain.pem"; - key_file = "/var/lib/acme/livekit.${config.monorepo.vars.orgHost}/key.pem"; - tls_port = 5349; - udp_port = 3478; - }; - - rtc = { - use_external_ip = true; - tcp_port = 7881; - udp_port = 7882; - port_range_start = 50000; - port_range_end = 60000; - }; - }; - }; - - services.lk-jwt-service = { - enable = lib.mkDefault config.services.livekit.enable; - port = 6495; - livekitUrl = "wss://livekit.${config.monorepo.vars.orgHost}"; - keyFile = "/run/secrets/${livekit_secret}"; - }; - - # TODO: split into conduit and livekit - networking.firewall.allowedTCPPorts = lib.mkIf config.services.matrix-conduit.enable [ 8448 7881 5349 livekitListenPort ]; - - # this is fine though - networking.firewall.allowedUDPPorts = lib.mkIf config.services.livekit.enable [ 7882 3478 ]; - networking.firewall.allowedUDPPortRanges = lib.mkIf config.services.livekit.enable [ - { from = 49152; to = 65535; } - ]; - - networking.domains.subDomains."matrix.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.matrix-conduit.enable { }; - networking.domains.subDomains."livekit.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.livekit.enable { }; - - services.nginx.virtualHosts."matrix.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.matrix-conduit.enable { - enableACME = lib.mkDefault config.monorepo.profiles.server.enable; - forceSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://127.0.0.1:${toString config.services.matrix-conduit.settings.global.port}"; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffers 32 16k; - proxy_read_timeout 5m; - ''; - }; - - locations."= /.well-known/matrix/server" = { - extraConfig = '' - default_type application/json; - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - ''; - - return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; - }; - - locations."/.well-known/matrix/client" = { - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - ''; - - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:${toString livekitListenPort}\"}]}'"; - }; - - extraConfig = '' - merge_slashes off; - ''; - }; - - - services.nginx.virtualHosts."matrix.${config.monorepo.vars.orgHost}-livekit" = lib.mkIf config.services.livekit.enable { - serverName = "matrix.${config.monorepo.vars.orgHost}"; - listen = [ - { - addr = "0.0.0.0"; - port = livekitListenPort; - ssl = true; - } - { - addr = "[::]"; - port = livekitListenPort; - ssl = true; - } - ]; - addSSL = true; - enableACME = false; - forceSSL = false; - useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.lk-jwt-service.port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - - services.nginx.virtualHosts."livekit.${config.monorepo.vars.orgHost}" = lib.mkIf config.services.livekit.enable { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.livekit.settings.port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - - # Standard headers for LiveKit - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # --- CORS CONFIGURATION START --- - # 1. Allow all origins (including app.element.io) - add_header 'Access-Control-Allow-Origin' '*' always; - - # 2. Allow specific methods (POST is required for /sfu/get) - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; - - # 3. Allow headers (Content-Type is crucial for JSON) - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; - - # 4. Handle the OPTIONS preflight request immediately - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - # --- CORS CONFIGURATION END --- - ''; - }; - }; -} diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix deleted file mode 100644 index bee737f..0000000 --- a/nix/modules/configuration.nix +++ /dev/null @@ -1,606 +0,0 @@ -{ config, pkgs, lib, ... }: -let - userGroups = [ - "nginx" - "git" - "ircd" - "ngircd" - "conduit" - "livekit" - "matterbridge" - "maddy" - "ntfy-sh" - "public-inbox" - "plugdev" - ]; - allDomains = - (lib.attrNames config.networking.domains.baseDomains) ++ - (lib.attrNames config.networking.domains.subDomains); - - # 2. Generate BOTH possible outcomes in advance - prodHosts = map (dom: "${config.monorepo.profiles.server.ipv4} ${dom}") allDomains; - vmHosts = map (dom: "127.0.0.1 ${dom}") allDomains; -in -{ - imports = [ - ./cgit.nix - ./public_inbox.nix - ./matterbridge.nix - ./mautrix.nix - ./xserver.nix - ./ssh.nix - ./pipewire.nix - ./tor.nix - ./kubo.nix - ./nvidia.nix - ./cuda.nix - ./nginx.nix - ./secrets.nix - ./git-daemon.nix - ./ollama.nix - ./i2pd.nix - ./conduit.nix - ./bitcoin.nix - ./murmur.nix - ./ngircd.nix - ./znc.nix - ./docker.nix - ./impermanence.nix - ./coturn.nix - ./maddy.nix - ./ntfy-sh.nix - ./fail2ban.nix - ]; - - environment.etc."wpa_supplicant.conf".text = '' - country=CA - ''; - systemd.tmpfiles.rules = [ - "d /srv/git 0755 git git -" - ]; - - zramSwap = lib.mkIf config.monorepo.profiles.desktop.enable { - enable = true; - algorithm = "zstd"; - memoryPercent = 50; - }; - - virtualisation.vmVariant = lib.mkIf config.monorepo.profiles.server.enable { - sops.validateSopsFiles = false; - disko.devices = lib.mkForce { }; - virtualisation.forwardPorts = [ - { from = "host"; host.port = 10443; guest.port = 443; } - { from = "host"; host.port = 9080; guest.port = 80; } - ]; - virtualisation.useNixStoreImage = false; - virtualisation.sharedDirectories.sops-keys = { - source = "/home/preston/.config/sops/age"; # Path to your host key - target = "/home/preston/.config/sops/age"; - }; - networking.extraHosts = lib.mkForce (lib.concatStringsSep "\n" vmHosts); - networking.defaultGateway = lib.mkForce null; - networking.interfaces."${config.monorepo.profiles.server.interface}".useDHCP = lib.mkForce true; - - fileSystems."/" = lib.mkForce { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - systemd.services.sops-nix = { - unitConfig.RequiresMountsFor = "/home/preston/.config/sops/age"; - }; - }; - - documentation = { - enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - man.enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - dev.enable = lib.mkDefault config.monorepo.profiles.documentation.enable; - }; - - environment = { - etc = { - securetty.text = '' - # /etc/securetty: list of terminals on which root is allowed to login. - # See securetty(5) and login(1). - ''; - }; - }; - - - systemd.network.enable = lib.mkDefault config.monorepo.profiles.server.enable; - systemd.network.networks."40-${config.monorepo.profiles.server.interface}" = lib.mkIf config.monorepo.profiles.server.enable { - matchConfig.Name = "${config.monorepo.profiles.server.interface}"; - networkConfig = { - IPv6AcceptRA = true; - IPv6PrivacyExtensions = false; - }; - ipv6AcceptRAConfig = { - UseAutonomousPrefix = false; - }; - }; - - systemd = { - services.NetworkManager-wait-online.enable = false; - coredump.enable = false; - network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; - tmpfiles.settings = { - "restrictetcnixos"."/etc/nixos/*".Z = { - mode = "0000"; - user = "root"; - group = "root"; - }; - }; - }; - - - boot = { - supportedFilesystems = { - btrfs = true; - ext4 = true; - }; - - extraModprobeConfig = '' - options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1 - options rtw88_core disable_lps_deep=y power_save=0 disable_aspm_l1ss=y - options rtw88_pci disable_msi=y disable_aspm=y - options rtw_core disable_lps_deep=y - options rtw_pci disable_msi=y disable_aspm=y - options rtw89_core disable_ps_mode=y - options rtw89_pci disable_aspm_l1=y disable_aspm_l1ss=y disable_clkreq=y - options iwlwifi 11n_disable=8 uapsd_disable=1 bt_coex_active=0 disable_11ax=1 power_save=0 - ''; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "nvme" - "sd_mod" - "ehci_pci" - "rtsx_pci_sdmmc" - "usbhid" - ]; - - kernelModules = [ ]; - }; - - lanzaboote = { - enable = config.monorepo.profiles.secureBoot.enable; - pkiBundle = "/var/lib/sbctl"; - }; - - loader = { - systemd-boot.enable = lib.mkForce ((! config.monorepo.profiles.grub.enable) && (! config.monorepo.profiles.secureBoot.enable)); - efi.canTouchEfiVariables = lib.mkForce (! config.monorepo.profiles.grub.enable); - }; - - kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" - "af_packet" - "ccm" - "ctr" - "cmac" - "arc4" - "ecb" - "michael_mic" - "gcm" - "sha256" - "sha384" - ]; - - kernelParams = [ - "cfg80211.reg_alpha2=CA" - "usbcore.autosuspend=-1" - "pcie_aspm=off" - "pci=noaer" - # "debugfs=off" - "page_alloc.shuffle=1" - "slab_nomerge" - # "page_poison=1" - - # madaidan - "pti=on" - "randomize_kstack_offset=on" - "vsyscall=none" - # "lockdown=confidentiality" - - # cpu - "spectre_v2=on" - "spec_store_bypass_disable=on" - "tsx=off" - "l1tf=full,force" - "kvm.nx_huge_pages=force" - - # hardened - "extra_latent_entropy" - - # mineral - # "init_on_alloc=1" - # "random.trust_bootloader=off" - # "init_on_free=1" - "quiet" - # "loglevel=0" - ]; - - blacklistedKernelModules = [ - "netrom" - "rose" - - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" - ]; - - kernel.sysctl = - if config.monorepo.profiles.server.enable then { - "net.ipv6.conf.${config.monorepo.profiles.server.interface}.autoconf" = 0; - "net.ipv6.conf.${config.monorepo.profiles.server.interface}.accept_ra" = 1; - } else { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; - - # madaidan - "kernel.smtcontrol" = "on"; - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; - - # net - "net.ipv4.ip_forward" = 1; - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - # "net.ipv4.conf.all.accept_redirects" = false; - # "net.ipv4.conf.all.secure_redirects" = false; - # "net.ipv4.conf.default.accept_redirects" = false; - # "net.ipv4.conf.default.secure_redirects" = false; - # "net.ipv6.conf.all.accept_redirects" = false; - # "net.ipv6.conf.default.accept_redirects" = false; - }; - }; - - networking = { - interfaces = lib.mkIf config.monorepo.profiles.server.enable { - "${config.monorepo.profiles.server.interface}" = { - ipv4.addresses = [ - { - address = config.monorepo.profiles.server.ipv4; - prefixLength = 24; - } - ]; - ipv6.addresses = [ - { - address = config.monorepo.profiles.server.ipv6; - prefixLength = 64; - } - ]; - useDHCP = lib.mkForce false; - }; - }; - - defaultGateway = lib.mkIf config.monorepo.profiles.server.enable config.monorepo.profiles.server.gateway; - useDHCP = false; - tempAddresses = lib.mkIf config.monorepo.profiles.server.enable "disabled"; - extraHosts = lib.mkIf config.monorepo.profiles.server.enable (lib.concatStringsSep "\n" prodHosts); - - domains = lib.mkIf config.monorepo.profiles.server.enable { - enable = true; - baseDomains = { - "${config.monorepo.vars.remoteHost}" = { - a.data = config.monorepo.profiles.server.ipv4; - aaaa.data = config.monorepo.profiles.server.ipv6; - }; - "${config.monorepo.vars.orgHost}" = { - a.data = config.monorepo.profiles.server.ipv4; - aaaa.data = config.monorepo.profiles.server.ipv6; - txt = { - data = "v=spf1 ip4:${config.monorepo.profiles.server.ipv4} ip6:${config.monorepo.profiles.server.ipv6} -all"; - }; - }; - }; - }; - - - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - dhcpcd.enable = (! config.monorepo.profiles.server.enable); - networkmanager = { - enable = lib.mkForce (! config.monorepo.profiles.server.enable); # rpis need network - wifi = { - powersave = false; - }; - ensureProfiles = { - profiles = { - home-wifi = { - connection = { - id = "TELUS6572"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "TELUS6572"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - # when someone actually steals my internet then I will be concerned. - # This password only matters if you actually show up to my house in real life. - # That would perhaps allow for some nasty networking related shenanigans. - # I guess we'll cross that bridge when I get there. - psk = "b4xnrv6cG6GX"; - }; - }; - }; - }; - }; - firewall = { - allowedTCPPorts = [ 22 11434 ]; - allowedUDPPorts = [ ]; - }; - }; - - hardware = { - wirelessRegulatoryDatabase = true; - enableAllFirmware = true; - cpu.intel.updateMicrocode = true; - graphics.enable = ! config.monorepo.profiles.ttyonly.enable; - - bluetooth = { - enable = lib.mkDefault config.monorepo.profiles.desktop.enable; - powerOnBoot = lib.mkDefault config.monorepo.profiles.desktop.enable; - }; - }; - - services = { - pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; - chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; - }; - - jitterentropy-rngd.enable = true; - resolved.settings.Resolve.DNSSEC = true; - # usbguard.enable = true; - usbguard.enable = false; - dbus.apparmor = "enabled"; - - # Misc. - udev = { - extraRules = ''''; - packages = - if config.monorepo.profiles.workstation.enable then with pkgs; [ - platformio-core - platformio-core.udev - openocd - ] else [ ]; - }; - - printing.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - udisks2.enable = (! config.monorepo.profiles.ttyonly.enable); - }; - - programs = { - nix-ld.enable = true; - zsh.enable = true; - light.enable = true; - ssh.enableAskPassword = false; - }; - - nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; - config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; - }; - }; - - security = { - acme = { - acceptTerms = true; - defaults.email = "${config.monorepo.vars.internetName}@gmail.com"; - }; - apparmor = { - enable = true; - killUnconfinedConfinables = true; - packages = with pkgs; [ - apparmor-profiles - ]; - # policies = { - # firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; - # }; - }; - - pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } - ]; - rtkit.enable = true; - - lockKernelModules = true; - protectKernelImage = true; - - allowSimultaneousMultithreading = true; - forcePageTableIsolation = true; - - tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; - }; - - auditd.enable = true; - audit.enable = true; - chromiumSuidSandbox.enable = (! config.monorepo.profiles.ttyonly.enable); - sudo.enable = true; - }; - - xdg.portal = { - enable = (! config.monorepo.profiles.ttyonly.enable); - wlr.enable = (! config.monorepo.profiles.ttyonly.enable); - extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland - ] else [ ]; - config.common.default = "*"; - }; - - environment.etc."gitconfig".text = '' - [init] - defaultBranch = main - ''; - environment.extraInit = '' - umask 0022 - ''; - environment.systemPackages = with pkgs; [ - restic - sbctl - gitFull - git-lfs - git-lfs-transfer - vim - curl - nmap - exiftool - (writeShellScriptBin "new-repo" - '' - #!/bin/bash - cd ${config.users.users.git.home} - git init --bare "$1" - vim "$1/description" - chown -R git:git "$1" - '' - ) - ]; - - users.groups = lib.genAttrs userGroups (name: lib.mkDefault { }); - - users.users = lib.genAttrs userGroups - (name: { - isSystemUser = lib.mkDefault true; - group = "${name}"; - extraGroups = [ "acme" "nginx" ]; - }) // { - conduit = { - isSystemUser = lib.mkDefault true; - group = "conduit"; - extraGroups = [ ]; - }; - matterbridge = { - isSystemUser = lib.mkDefault true; - group = "matterbridge"; - extraGroups = [ ]; - }; - - public-inbox = { - isSystemUser = lib.mkDefault true; - group = "public-inbox"; - - extraGroups = [ "acme" "nginx" "git" ]; - }; - - ircd = { - isSystemUser = lib.mkDefault true; - group = "ircd"; - home = "/home/ircd"; - }; - - nginx = { - group = "nginx"; - isSystemUser = lib.mkDefault true; - extraGroups = [ "acme" ]; - }; - - root.openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - ]; - - git = { - isSystemUser = true; - home = "/srv/git"; - shell = "/bin/sh"; - group = "git"; - openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEF+mcL9nDkzVhCYyYWCIrP+b6oRiiaV509jywbD0Vq nix-on-droid@localhost" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCedJm0yYB0qLah/Y7PqLVgNh6qp+yujssGtuR05KbZLzSnsLUjUMObMyjFB9xTKrSGDqyoMkNe2l5VXMBJ9wBKLbzqMWbkakAWOj7EC/qZ6dFWA075mniwAuWKY/Q8QYohAJbbeU4j0ObWrltd4ar2Ac9vsVyftYF5efg8PEqVdOxzrBn5taY1zCCRjee5ISeRDIovnBbq7x86jsx5VnXTjMN9FZCI2qmz992Sg/PPXpXat+O1YQlG0eBHEny2Ug9gaAYnGOVr6kZKE4lrjz47nrXVXO6lJsNXmuzTVnEgo30DAA3dV4fws/M5ptM5Pgg2qe94HyHWhhmtXOekWmGtP3YxpVe3M/SPl31UL570ZDuuCcpJTsbe90ZyXC3CiSJkLKbmFkfOgZ6DI2LT8KSp09/2NCtZYriLN/nXObn6gQzByGMxVyKNx2hh8ENt9hzTCAk5lYDK3g3wS8eLCY3EH/caEqT9mLZEZeRHtAhtfozo1VJL7sSZ0Zm7wiIxHylwOshh1sYI1gb1MgMqNnrr1t8+8UK+Q0NERQW3yiphG36HXWy/DdCG0EF+N850KbgH1FFur+m+3hZCZCFVp3tGCcOC+bxWMBT3+9yC6LARi5cFjLQaWLsNO5xEs4vqX3+s3QjJ0pAYDkgtoeY2Fbh+imN+JasWn/cSy5p3UdE4ZQ== andrei@kiss" - ]; - }; - "${config.monorepo.vars.userName}" = { - openssh.authorizedKeys.keys = [ - config.monorepo.vars.sshKey - ]; - - linger = true; - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" "plugdev" ]; - shell = pkgs.zsh; - packages = [ ]; - }; - }; - - nixpkgs.config.permittedInsecurePackages = [ - "python3.13-ecdsa-0.19.1" - "olm-3.2.16" - ]; - - nix = { - settings = { - keep-outputs = true; - keep-derivations = true; - auto-optimise-store = true; - max-jobs = 4; - cores = 0; - substituters = [ - "https://cache.nixos-cuda.org" - ]; - trusted-public-keys = [ - "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" - ]; - experimental-features = "nix-command flakes ca-derivations"; - trusted-users = [ "@wheel" ]; - }; - gc.automatic = true; - }; - time.timeZone = config.monorepo.vars.timeZone; - i18n.defaultLocale = "en_CA.UTF-8"; - system.stateVersion = "24.11"; -} diff --git a/nix/modules/coturn.nix b/nix/modules/coturn.nix deleted file mode 100644 index 3ceeac6..0000000 --- a/nix/modules/coturn.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: -{ - services.coturn = { - enable = false; - use-auth-secret = true; - listening-ips = [ "0.0.0.0" ]; - cert = "/var/lib/acme/matrix.${config.monorepo.vars.orgHost}/fullchain.pem"; - static-auth-secret-file = "/run/secrets/coturn_secret"; - }; -} diff --git a/nix/modules/cuda.nix b/nix/modules/cuda.nix deleted file mode 100644 index d5d9b7c..0000000 --- a/nix/modules/cuda.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - environment.systemPackages = (if config.monorepo.profiles.cuda.enable then with pkgs; [ - cudatoolkit - cudaPackages.cudnn - cudaPackages.libcublas - linuxPackages.nvidia_x11 - ] else []); -} diff --git a/nix/modules/default.nix b/nix/modules/default.nix deleted file mode 100644 index 80c057f..0000000 --- a/nix/modules/default.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - imports = [ - ./configuration.nix - ./vars.nix - ]; - - options = { - monorepo = { - profiles = { - cuda.enable = lib.mkEnableOption "Enables CUDA support"; - documentation.enable = lib.mkEnableOption "Enables documentation on system."; - secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl."; - pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup"; - tor.enable = lib.mkEnableOption "Enables tor along with torsocks"; - - server = { - enable = lib.mkEnableOption "Enables server services"; - interface = lib.mkOption { type = lib.types.str; default = "eth0"; }; - ipv4 = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - ipv6 = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - gateway = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; - }; - - ttyonly.enable = lib.mkEnableOption "TTY only, no xserver"; - grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot"; - workstation.enable = lib.mkEnableOption "Enables workstation services"; - desktop.enable = lib.mkEnableOption "Enables everything common to desktops"; - impermanence.enable = lib.mkEnableOption "Enables imperamanence"; - home.enable = lib.mkEnableOption "Enables home profiles"; - }; - }; - }; - - config = { - environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable ((with pkgs; [ - linux-manual - man-pages - man-pages-posix - iproute2 - silver-searcher - ripgrep - ]) ++ - (if (config.monorepo.vars.fileSystem == "btrfs") then with pkgs; [ - btrfs-progs - btrfs-snap - btrfs-list - btrfs-heatmap - ] else [ ])); - - boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable { - enable = true; - }; - - assertions = [ - { - assertion = !(config.monorepo.profiles.workstation.enable && config.monorepo.profiles.server.enable); - message = '' - You can't enable both workstation and server profile together. Please select only one. - ''; - } - { - assertion = !(config.monorepo.profiles.desktop.enable && config.monorepo.profiles.server.enable); - message = '' - You can't enable both desktop and server profile together. Please select only one. - ''; - } - ]; - monorepo = { - profiles = { - desktop.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - documentation.enable = lib.mkDefault true; - pipewire.enable = lib.mkDefault true; - tor.enable = lib.mkDefault true; - impermanence.enable = lib.mkDefault false; - server.enable = lib.mkDefault false; - ttyonly.enable = lib.mkDefault config.monorepo.profiles.server.enable; - home.enable = lib.mkDefault config.monorepo.profiles.desktop.enable; - }; - }; - }; -} diff --git a/nix/modules/docker.nix b/nix/modules/docker.nix deleted file mode 100644 index 9eb18f5..0000000 --- a/nix/modules/docker.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, config, vars, ... }: -{ - # virtualisation = { - # oci-containers = { - # backend = "podman"; - # containers = {}; - # }; - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # }; - # }; -} diff --git a/nix/modules/dovecot.nix b/nix/modules/dovecot.nix deleted file mode 100644 index 2921ad8..0000000 --- a/nix/modules/dovecot.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: -{ - services.dovecot2 = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - enableImap = true; - enablePop3 = true; - }; -} diff --git a/nix/modules/fail2ban.nix b/nix/modules/fail2ban.nix deleted file mode 100644 index 5d289a0..0000000 --- a/nix/modules/fail2ban.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, config, ... }: -{ - services.fail2ban = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - # Ban IP after 5 failures for 1 hour - maxretry = 5; - bantime = "1h"; - banaction = "iptables-allports"; - banaction-allports = "iptables-allports"; - }; -} diff --git a/nix/modules/firejail.nix b/nix/modules/firejail.nix deleted file mode 100644 index 054171a..0000000 --- a/nix/modules/firejail.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, ... }: -{ - programs.firejail = { - enable = true; - wrappedBinaries = { - firefox = { - executable = "${lib.getBin pkgs.firefox-bin}/bin/firefox"; - profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - emacs = { - executable = "${lib.getBin pkgs.emacs-pgtk}/bin/emacs"; - profile = "${pkgs.firejail}/etc/firejail/emacs.profile"; - }; - zathura = { - executable = "${lib.getBin pkgs.zathura}/bin/zathura"; - profile = "${pkgs.firejail}/etc/firejail/zathura.profile"; - }; - }; - }; -} diff --git a/nix/modules/git-daemon.nix b/nix/modules/git-daemon.nix deleted file mode 100644 index 972ab67..0000000 --- a/nix/modules/git-daemon.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - services.gitDaemon = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - exportAll = true; - basePath = "${config.users.users.git.home}"; - }; - networking.firewall.allowedTCPPorts = lib.mkIf config.services.gitDaemon.enable [ - 9418 - ]; -} diff --git a/nix/modules/gitolite.nix b/nix/modules/gitolite.nix deleted file mode 100644 index 33f647b..0000000 --- a/nix/modules/gitolite.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, config, ... }: -{ - services.gitolite = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - description = "My Gitolite User"; - adminPubkey = config.monorepo.vars.sshKey; - }; -} diff --git a/nix/modules/gitweb.nix b/nix/modules/gitweb.nix deleted file mode 100644 index 69cb951..0000000 --- a/nix/modules/gitweb.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - services.gitweb = { - gitwebTheme = lib.mkDefault config.monorepo.profiles.server.enable; - projectroot = "/srv/git/"; - extraConfig = '' -our $export_ok = "git-daemon-export-ok"; -our $site_name = "NullRing Git Server"; -our $site_header = "NullRing Projects"; -''; - }; -} diff --git a/nix/modules/gotosocial.nix b/nix/modules/gotosocial.nix deleted file mode 100644 index b0a0c21..0000000 --- a/nix/modules/gotosocial.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, ... }: -{ - services.gotosocial = { - enable = lib.mkDefault false; - setupPostgresqlDB = true; - settings = { - application-name = "Nullring GoToSocial Instance"; - host = "gotosocial.${config.monorepo.vars.orgHost}"; - protocol = "https"; - bind-address = "127.0.0.1"; - port = 8080; - }; - }; -} diff --git a/nix/modules/heisenbridge.nix b/nix/modules/heisenbridge.nix deleted file mode 100644 index f3b88fc..0000000 --- a/nix/modules/heisenbridge.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, config, ... }: -{ - services.heisenbridge = { - enable = true; - registrationUrl = "http://localhost:6167"; - owner = "@ret2pop:matrix.nullring.xyz"; - homeserver = "http://localhost:6167"; - }; -} diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix deleted file mode 100644 index 80b28ee..0000000 --- a/nix/modules/home/default.nix +++ /dev/null @@ -1,219 +0,0 @@ -{ lib, config, pkgs, sops-nix, super, ... }: -{ - imports = [ - sops-nix.homeManagerModules.sops - ../vars.nix - ./fcitx.nix - ./emacs.nix - ./firefox.nix - ./git.nix - ./hyprland.nix - ./mpv.nix - ./yt-dlp.nix - ./wofi.nix - ./kitty.nix - ./waybar.nix - ./zsh.nix - ./mbsync.nix - ./msmtp.nix - ./gammastep.nix - ./mpd.nix - ./mako.nix - ./user.nix - ./gtk.nix - ./secrets.nix - ./pantalaimon.nix - ]; - - options = { - monorepo.profiles = { - enable = lib.mkEnableOption "Enables home manager desktop configuration"; - # Programs - graphics.enable = lib.mkEnableOption "Enables graphical programs for user"; - lang-c.enable = lib.mkEnableOption "Enables C language support"; - lang-sh.enable = lib.mkEnableOption "Enables sh language support"; - lang-rust.enable = lib.mkEnableOption "Enables Rust language support"; - lang-python.enable = lib.mkEnableOption "Enables python language support"; - lang-sol.enable = lib.mkEnableOption "Enables solidity language support"; - lang-openscad.enable = lib.mkEnableOption "Enables openscad language support"; - lang-js.enable = lib.mkEnableOption "Enables javascript language support"; - lang-nix.enable = lib.mkEnableOption "Enables nix language support"; - lang-idris.enable = lib.mkEnableOption "Enables idris language support"; - lang-agda.enable = lib.mkEnableOption "Enables agda language support"; - lang-coq.enable = lib.mkEnableOption "Enables coq language support"; - lang-lean.enable = lib.mkEnableOption "Enables lean language support"; - lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; - crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; - art.enable = lib.mkEnableOption "Enables various art programs"; - music.enable = lib.mkEnableOption "Enables mpd"; - workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; - cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; - hyprland.enable = lib.mkEnableOption "Enables hyprland"; - email.enable = lib.mkEnableOption "Enables email"; - }; - }; - - config = { - home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else [ ]) - ++ - (if config.monorepo.profiles.lang-c.enable then - (with pkgs; [ - autobuild - clang - gdb - gnumake - bear - clang-tools - autotools-language-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.workstation.enable then - (with pkgs; [ - mumble - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-js.enable then - (with pkgs; [ - nodejs - bun - yarn - typescript - typescript-language-server - vscode-langservers-extracted - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-rust.enable then - (with pkgs; [ - cargo - rust-analyzer - rustfmt - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-python.enable then - (with pkgs; [ - poetry - python3 - python314Packages.python-lsp-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-sol.enable then - (with pkgs; [ - solc - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-openscad.enable then - (with pkgs; [ - openscad - openscad-lsp - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-sh.enable then - (with pkgs; [ - bash-language-server - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-haskell.enable then - (with pkgs; [ - haskell-language-server - haskellPackages.hlint - ghc - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-coq.enable then - (with pkgs; [ - coq - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-lean.enable then - (with pkgs; [ - lean4 - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-agda.enable then - (with pkgs; [ - agda - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-idris.enable then - (with pkgs; [ - idris - idris2Packages.idris2Lsp - ]) else [ ]) - ++ - (if config.monorepo.profiles.lang-nix.enable then - (with pkgs; [ - nil - nixd - nixfmt - nix-prefetch-scripts - ]) else [ ]) - ++ - (if config.monorepo.profiles.crypto.enable then - (with pkgs; [ - bitcoin - # electrum - monero-cli - monero-gui - ]) else [ ]) - ++ - (if config.monorepo.profiles.art.enable then - (with pkgs; [ - inkscape - # krita - ]) else [ ]) - ++ - (if config.monorepo.profiles.music.enable then - (with pkgs; [ - mpc - sox - ]) else [ ]) - ++ - (if config.monorepo.profiles.workstation.enable then - (with pkgs; [ - alsa-utils - alsa-scarlett-gui - ardour - audacity - # blender - foxdot - fluidsynth - qjackctl - qsynth - qpwgraph - imagemagick - supercollider - inkscape - # kdePackages.kdenlive - # kicad - murmur - ]) else [ ]); - - monorepo.profiles = { - enable = lib.mkDefault super.monorepo.profiles.home.enable; - music.enable = lib.mkDefault config.monorepo.profiles.enable; - email.enable = lib.mkDefault config.monorepo.profiles.enable; - cuda.enable = lib.mkDefault super.monorepo.profiles.cuda.enable; - - # Programming - graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable); - hyprland.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - lang-c.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-python.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-sol.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-sh.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-openscad.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-js.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-nix.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-coq.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-lean.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-haskell.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-idris.enable = lib.mkDefault config.monorepo.profiles.enable; - lang-agda.enable = lib.mkDefault config.monorepo.profiles.enable; - - crypto.enable = lib.mkDefault config.monorepo.profiles.enable; - art.enable = lib.mkDefault config.monorepo.profiles.enable; - workstation.enable = lib.mkDefault super.monorepo.profiles.workstation.enable; - }; - }; -} diff --git a/nix/modules/home/emacs.nix b/nix/modules/home/emacs.nix deleted file mode 100644 index bc85177..0000000 --- a/nix/modules/home/emacs.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib, config, pkgs, super, ... }: -{ - programs.emacs = - { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.emacs-pgtk; - extraConfig = '' -(setq debug-on-error t) -(setq system-email "${super.monorepo.vars.email}") -(setq system-username "${super.monorepo.vars.internetName}") -(setq system-fullname "${super.monorepo.vars.fullName}") -(setq system-gpgkey "${super.monorepo.vars.gpgKey}") -(load "${pkgs.writeText "init.el" (builtins.readFile ../../init.el)}") -''; - - extraPackages = epkgs: [ - epkgs.agda2-mode - epkgs.all-the-icons - epkgs.auctex - epkgs.catppuccin-theme - epkgs.company - epkgs.company-solidity - epkgs.counsel - epkgs.centaur-tabs - epkgs.dashboard - epkgs.doom-themes - epkgs.doom-modeline - epkgs.elfeed - epkgs.elfeed-org - epkgs.elfeed-tube - epkgs.elfeed-tube-mpv - epkgs.elpher - epkgs.ement - epkgs.emmet-mode - epkgs.emms - epkgs.enwc - epkgs.evil - epkgs.evil-collection - epkgs.evil-commentary - epkgs.evil-org - epkgs.f - epkgs.flycheck - epkgs.general - epkgs.gptel - epkgs.gruvbox-theme - epkgs.haskell-mode - epkgs.htmlize - epkgs.idris-mode - epkgs.irony-eldoc - epkgs.ivy - epkgs.ivy-pass - epkgs.kiwix - epkgs.latex-preview-pane - epkgs.lsp-ivy - epkgs.lsp-mode - epkgs.lsp-haskell - epkgs.lyrics-fetcher - epkgs.mastodon - epkgs.magit - epkgs.magit-delta - epkgs.mu4e - epkgs.minuet - epkgs.nix-mode - epkgs.org-fragtog - epkgs.org-journal - epkgs.org-roam - epkgs.org-roam-ui - epkgs.org-superstar - epkgs.page-break-lines - epkgs.password-store - epkgs.pdf-tools - epkgs.pinentry - epkgs.platformio-mode - epkgs.projectile - epkgs.rustic - epkgs.scad-mode - epkgs.simple-httpd - epkgs.solidity-flycheck - epkgs.solidity-mode - epkgs.sudo-edit - epkgs.telega - epkgs.treemacs - epkgs.treemacs-evil - epkgs.treemacs-magit - epkgs.treemacs-projectile - epkgs.treesit-auto - epkgs.typescript-mode - epkgs.unicode-fonts - epkgs.use-package - epkgs.vterm - epkgs.wgrep - epkgs.web-mode - epkgs.websocket - epkgs.which-key - epkgs.writegood-mode - epkgs.writeroom-mode - epkgs.yaml-mode - epkgs.yasnippet - epkgs.yasnippet-snippets - ]; - }; -} diff --git a/nix/modules/home/fcitx.nix b/nix/modules/home/fcitx.nix deleted file mode 100644 index 1907590..0000000 --- a/nix/modules/home/fcitx.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - i18n.inputMethod = { - type = "fcitx5"; - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - fcitx5.addons = if config.monorepo.profiles.graphics.enable then (with pkgs; [ - fcitx5-gtk - qt6Packages.fcitx5-chinese-addons - qt6Packages.fcitx5-configtool - fcitx5-mozc - fcitx5-rime - ]) else []; - }; -} diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix deleted file mode 100644 index d339ba8..0000000 --- a/nix/modules/home/firefox.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - programs.librewolf = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.librewolf; - profiles = { - default = { - id = 0; - name = "default"; - isDefault = true; - - extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ - ublock-origin - tree-style-tab - firefox-color - vimium - privacy-redirect - ] ++ (lib.optional config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - settings = { - "privacy.resistFingerprinting.letterboxing" = true; - }; - }; - }; - }; -} diff --git a/nix/modules/home/gammastep.nix b/nix/modules/home/gammastep.nix deleted file mode 100644 index 208dda7..0000000 --- a/nix/modules/home/gammastep.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, config, ... }: -{ - services.gammastep = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - provider = "manual"; - latitude = 49.282730; - longitude = -123.120735; - - temperature = { - day = 5000; - night = 3000; - }; - - settings = { - general = { - adjustment-method = "wayland"; - }; - }; - }; -} diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix deleted file mode 100644 index 4018a3b..0000000 --- a/nix/modules/home/git.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, lib, config, super, ... }: -{ - programs.git = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.gitFull; - lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - userName = super.monorepo.vars.fullName; - userEmail = "${super.monorepo.vars.email}"; - signing = { - key = super.monorepo.vars.gpgKey; - signByDefault = true; - }; - - extraConfig = { - init.defaultBranch = "main"; - credential."mail.${super.monorepo.vars.orgHost}" = { - username = "${super.monorepo.vars.email}"; - helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; - }; - - sendemail = { - smtpserver = "mail.${super.monorepo.vars.orgHost}"; - smtpuser = "${super.monorepo.vars.email}"; - smtpserverport = 465; - smtpencryption = "ssl"; - }; - }; - - aliases = { - pl = "pull"; - ps = "push"; - co = "checkout"; - c = "commit"; - a = "add"; - st = "status"; - sw = "switch"; - b = "branch"; - }; - }; -} diff --git a/nix/modules/home/gtk.nix b/nix/modules/home/gtk.nix deleted file mode 100644 index 6283581..0000000 --- a/nix/modules/home/gtk.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - config = lib.mkIf config.monorepo.profiles.graphics.enable { - gtk = { - theme = { - name = "catppuccin-mocha-pink-standard"; - package = pkgs.catppuccin-gtk.override { - variant = "mocha"; - accents = [ "pink" ]; - }; - }; - }; - xdg.configFile = { - "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets"; - "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css"; - "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css"; - - "gtk-3.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-3.0/gtk.css"; - "gtk-3.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-3.0/gtk-dark.css"; - "gtk-3.0/settings.ini".text = '' - [Settings] - gtk-theme-name=${config.gtk.theme.name} - gtk-application-prefer-dark-theme=1 - ''; - }; - }; -} diff --git a/nix/modules/home/home.nix b/nix/modules/home/home.nix deleted file mode 100644 index aa55550..0000000 --- a/nix/modules/home/home.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, sops-nix, ... }: -{ - home-manager = { - sharedModules = [ - sops-nix.homeManagerModules.sops - ]; - useGlobalPkgs = true; - useUserPackages = true; - users."${config.monorepo.vars.userName}" = import ./default.nix; - }; -} diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix deleted file mode 100644 index c836b81..0000000 --- a/nix/modules/home/hyprland.nix +++ /dev/null @@ -1,192 +0,0 @@ -{ lib, config, wallpapers, pkgs, scripts, ... }: -{ - wayland.windowManager.hyprland = { - enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; - package = pkgs.hyprland; - xwayland.enable = true; - systemd.enable = true; - settings = { - "$mod" = "SUPER"; - bezier = [ - "overshot, 0.05, 0.9, 0.1, 1.05" - ]; - animation = [ - # "workspaces, 1, 10, overshot" - "windows, 1, 2, default" - "workspaces, 1, 2, default, slidefade 20%" - ]; - exec-once = [ - "waybar" - "swww-daemon --format xrgb" - "sh -c 'swww img \"$(find ${wallpapers} -type f \\( -iname \"*.jpg\" -o -iname \"*.png\" \\) | shuf -n1)\"'" - "fcitx5-remote -r" - "fcitx5 -d --replace" - "fcitx5-remote -r" - "emacs" - "librewolf" - ]; - env = [ - "LIBVA_DRIVER_NAME,nvidia" - "XDG_SESSION_TYPE,wayland" - "GBM_BACKEND,nvidia-drm" - "__GLX_VENDOR_LIBRARY_NAME,nvidia" - "ELECTRON_OZONE_PLATFORM_HINT,auto" - ]; - - monitor = [ - "DP-4,2560x1440@165.000000,0x0,1" - "Unknown-1,disable" - ]; - - layerrule = [ - { - name = "waybar blur"; - "match:namespace" = "waybar"; - blur = "on"; - } - ]; - - windowrule = [ - { - name = "emacs"; - "match:class" = "emacs"; - workspace = 1; - } - { - name = "librewolf"; - "match:class" = "librewolf"; - workspace = 2; - } - { - name = "chromium-browser"; - "match:class" = "chromium-browser"; - workspace = 2; - } - { - name = "signal"; - "match:class" = "signal"; - workspace = 3; - } - { - name = "Element"; - "match:class" = "Element"; - workspace = 3; - } - { - name = "pavucontrol"; - "match:class" = "pavucontrol"; - workspace = 4; - } - { - name = "qpwgraph"; - "match:class" = "qpwgraph"; - workspace = 4; - } - { - name = "mpv"; - "match:class" = "mpv"; - workspace = 4; - } - ]; - - bind = [ - "$mod, F, exec, librewolf" - "$mod, Return, exec, kitty" - "$mod, E, exec, emacs" - "$mod, B, exec, bitcoin-qt" - "$mod, S, exec, pavucontrol" - "$mod, M, exec, monero-wallet-gui" - "$mod, V, exec, element-desktop" - "$mod, C, exec, signal-desktop" - "$mod, D, exec, wofi --show run" - "$mod, P, exec, bash ${scripts}/powermenu.sh" - "$mod, Q, killactive" - "$mod SHIFT, H, movewindow, l" - "$mod SHIFT, L, movewindow, r" - "$mod SHIFT, K, movewindow, u" - "$mod SHIFT, J, movewindow, d" - - "$mod SHIFT, T, togglefloating" - "$mod SHIFT, F, fullscreen" - - "$mod, H, movefocus, l" - "$mod, L, movefocus, r" - "$mod, K, movefocus, u" - "$mod, J, movefocus, d" - ", XF86AudioPlay, exec, mpc toggle" - ", Print, exec, grim" - - "$mod, right, resizeactive, 30 0" - "$mod, left, resizeactive, -30 0" - "$mod, up, resizeactive, 0 -30" - "$mod, down, resizeactive, 0 30" - ] - ++ ( - builtins.concatLists (builtins.genList - ( - x: - let - ws = - let - c = (x + 1) / 10; - in - builtins.toString (x + 1 - (c * 10)); - in - [ - "$mod, ${ws}, workspace, ${toString (x + 1)}" - "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" - ] - ) - 10) - ); - bindm = [ - "$mod, mouse:272, movewindow" - "$mod, mouse:273, resizewindow" - "$mod ALT, mouse:272, resizewindow" - ]; - binde = [ - ", XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - ", XF86AudioLowerVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" - ", XF86AudioNext, exec, mpc next" - ", XF86AudioPrev, exec, mpc prev" - ", XF86MonBrightnessUp , exec, xbacklight -inc 10" - ", XF86MonBrightnessDown, exec, xbacklight -dec 10" - ]; - decoration = { - blur = { - enabled = true; - size = 9; - passes = 4; - contrast = 0.8; - brightness = 1.1; - noise = 0.02; - new_optimizations = true; - ignore_opacity = true; - xray = false; - }; - rounding = 5; - }; - input = { - scroll_method = "on_button_down"; - scroll_button = 276; - sensitivity = -0.5; - kb_options = "caps:swapescape"; - repeat_delay = 300; - repeat_rate = 50; - natural_scroll = false; - touchpad = { - natural_scroll = true; - disable_while_typing = true; - tap-to-click = true; - }; - }; - cursor = { - no_hardware_cursors = true; - }; - misc = { - force_default_wallpaper = 0; - disable_hyprland_logo = true; - }; - }; - }; -} diff --git a/nix/modules/home/kitty.nix b/nix/modules/home/kitty.nix deleted file mode 100644 index b3e6e33..0000000 --- a/nix/modules/home/kitty.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ lib, config, ... }: -{ - programs.kitty = { - enable = lib.mkDefault (config.monorepo.profiles.hyprland.enable && config.monorepo.profiles.graphics.enable); - settings = { - enable_audio_bell = false; - font_family = "Iosevka Nerd Font"; - font_size = 14; - confirm_os_window_close = 0; - background_opacity = "0.7"; - # Catppuccin theme - foreground = "#cdd6f4"; - background = "#1e1e2e"; - selection_foreground = "#1e1e2e"; - selection_background = "#f5e0dc"; - cursor = "#f5e0dc"; - cursor_text_color = "#1e1e2e"; - url_color = "#f5e0dc"; - active_border_color = "#B4BEFE"; - inactive_border_color = "#6C7086"; - bell_border_color = "#F9E2AF"; - wayland_titlebar_color = "#1E1E2E"; - macos_titlebar_color = "#1E1E2E"; - active_tab_foreground = "#11111B"; - active_tab_background = "#CBA6F7"; - inactive_tab_foreground = "#CDD6F4"; - inactive_tab_background = "#181825"; - tab_bar_background = "#11111B"; - mark1_foreground = "#1E1E2E"; - mark1_background = "#B4BEFE"; - mark2_foreground = "#1E1E2E"; - mark2_background = "#CBA6F7"; - mark3_foreground = "#1E1E2E"; - mark3_background = "#74C7EC"; - color0 = "#45475A"; - color8 = "#585B70"; - color1 = "#F38BA8"; - color9 = "#F38BA8"; - color2 = "#A6E3A1"; - color10 = "#A6E3A1"; - color3 = "#F9E2AF"; - color11 = "#F9E2AF"; - color4 = "#89B4FA"; - color12 = "#89B4FA"; - color5 = "#F5C2E7"; - color13 = "#F5C2E7"; - color6 = "#94E2D5"; - color14 = "#94E2D5"; - color7 = "#BAC2DE"; - color15 = "#A6ADC8"; - }; - }; -} diff --git a/nix/modules/home/mako.nix b/nix/modules/home/mako.nix deleted file mode 100644 index 14edde8..0000000 --- a/nix/modules/home/mako.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, config, sounds, ... }: -{ - services.mako = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - on-notify = "exec mpv ${sounds}/polite.ogg --no-config --no-video"; - background-color = "#11111bf8"; - text-color = "#cdd6f4"; - border-color = "#89b4faff"; - border-radius = 1; - font = "Fira Code 10"; - default-timeout = 3000; - }; - }; -} diff --git a/nix/modules/home/mbsync.nix b/nix/modules/home/mbsync.nix deleted file mode 100644 index 893528e..0000000 --- a/nix/modules/home/mbsync.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, super, ... }: -{ - programs.mbsync = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - IMAPAccount ${super.monorepo.vars.internetName} - Host mail.${super.monorepo.vars.orgHost} - User ${super.monorepo.vars.email} - PassCmd "cat ${config.sops.secrets.mail.path}" - Port 993 - TLSType IMAPS - AuthMechs * - CertificateFile /etc/ssl/certs/ca-certificates.crt - - IMAPStore ${super.monorepo.vars.internetName}-remote - Account ${super.monorepo.vars.internetName} - - MaildirStore ${super.monorepo.vars.internetName}-local - Path ~/email/${super.monorepo.vars.internetName}/ - Inbox ~/email/${super.monorepo.vars.internetName}/INBOX - SubFolders Verbatim - - Channel ${super.monorepo.vars.internetName} - Far :${super.monorepo.vars.internetName}-remote: - Near :${super.monorepo.vars.internetName}-local: - Patterns * - Create Near - Sync All - Expunge None - SyncState * - ''; - }; -} diff --git a/nix/modules/home/mpd.nix b/nix/modules/home/mpd.nix deleted file mode 100644 index b423a70..0000000 --- a/nix/modules/home/mpd.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, config, ... }: -{ - services.mpd = { - enable = lib.mkDefault config.monorepo.profiles.music.enable; - dbFile = "/home/${config.monorepo.vars.userName}/.config/mpd/db"; - dataDir = "/home/${config.monorepo.vars.userName}/.config/mpd/"; - network.port = 6600; - musicDirectory = "/home/${config.monorepo.vars.userName}/music"; - playlistDirectory = "/home/${config.monorepo.vars.userName}/.config/mpd/playlists"; - network.listenAddress = "0.0.0.0"; - extraConfig = '' - audio_output { - type "pipewire" - name "pipewire output" - } - - audio_output { - type "httpd" - name "Ret2pop's Music Stream" - encoder "opus" - port "8000" - bitrate "128000" - format "48000:16:1" - always_on "yes" - tags "yes" - } - - audio_output { - type "shout" - name "My VPS Stream" - host "127.0.0.1" - port "8888" - mount "/stream" - password "SuperSecretSourcePass" - bitrate "128" - format "44100:16:2" - protocol "icecast2" - user "source" - description "My MPD Stream" - genre "Mixed" - } - ''; - }; -} diff --git a/nix/modules/home/mpv.nix b/nix/modules/home/mpv.nix deleted file mode 100644 index 6dd7f4d..0000000 --- a/nix/modules/home/mpv.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - programs.mpv = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - config = { - profile = "gpu-hq"; - force-window = true; - ytdl-format = "bestvideo+bestaudio"; - cache-default = 4000000; - }; - }; -} diff --git a/nix/modules/home/msmtp.nix b/nix/modules/home/msmtp.nix deleted file mode 100644 index c1abd8f..0000000 --- a/nix/modules/home/msmtp.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, super, ... }: -{ - programs.msmtp = { - enable = lib.mkDefault config.monorepo.profiles.email.enable; - extraConfig = '' - # Set default values for all following accounts. - defaults - auth on - tls on - tls_trust_file /etc/ssl/certs/ca-certificates.crt - tls_certcheck off - logfile ~/.msmtp.log - - # Gmail - account ${super.monorepo.vars.internetName} - host mail.${super.monorepo.vars.orgHost} - port 587 - from ${super.monorepo.vars.email} - user ${super.monorepo.vars.email} - passwordeval "cat ${config.sops.secrets.mail.path}" - - - # Set a default account - account default : ${super.monorepo.vars.internetName} - ''; - }; -} diff --git a/nix/modules/home/pantalaimon.nix b/nix/modules/home/pantalaimon.nix deleted file mode 100644 index 35e72c3..0000000 --- a/nix/modules/home/pantalaimon.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, ... }: -{ - services.pantalaimon = { - enable = lib.mkDefault false; - settings = { - Default = { - LogLevel = "Debug"; - SSL = true; - }; - - local-matrix = { - Homeserver = "https://matrix.nullring.xyz"; - ListenAddress = "127.0.0.1"; - ListenPort = 8008; - }; - }; - - }; -} diff --git a/nix/modules/home/personal_secrets.nix b/nix/modules/home/personal_secrets.nix deleted file mode 100644 index 9013de1..0000000 --- a/nix/modules/home/personal_secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf config.monorepo.profiles.graphics.enable { - sops.secrets = { - mail = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/mail"; - }; - cloudflare-dns = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; - }; - digikey = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/digikey"; - }; - dn42 = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/dn42"; - }; - }; - }; -} diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix deleted file mode 100644 index 00be79b..0000000 --- a/nix/modules/home/secrets.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, super, ... }: -{ - sops = { - defaultSopsFile = - if config.monorepo.profiles.graphics.enable - then ../../secrets/secrets.yaml - else ../../secrets/vps_secrets.yaml; - - age = { - keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt"; - }; - - secrets = - if super.monorepo.profiles.desktop.enable then { - mail = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/mail"; - }; - cloudflare-dns = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; - }; - digikey = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/digikey"; - }; - dn42 = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/dn42"; - }; - } else { }; - defaultSymlinkPath = "/run/user/1000/secrets"; - defaultSecretsMountPoint = "/run/user/1000/secrets.d"; - }; -} diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix deleted file mode 100644 index d378fb6..0000000 --- a/nix/modules/home/user.nix +++ /dev/null @@ -1,202 +0,0 @@ -{ lib, config, super, pkgs, ... }: -{ - home = { - activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' - if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/ - fi - - if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then - mkdir -p /home/${config.monorepo.vars.userName}/music - fi - - if [ ! -d /home/${config.monorepo.vars.userName}/org ]; then - mkdir -p /home/${config.monorepo.vars.userName}/org - fi - - if [ ! -d /home/${config.monorepo.vars.userName}/src ]; then - mkdir -p /home/${config.monorepo.vars.userName}/src - fi - - touch /home/${config.monorepo.vars.userName}/org/agenda.org - touch /home/${config.monorepo.vars.userName}/org/notes.org - ''; - - enableNixpkgsReleaseCheck = false; - username = config.monorepo.vars.userName; - homeDirectory = "/home/${config.monorepo.vars.userName}"; - stateVersion = "24.11"; - - packages = with pkgs; (if config.monorepo.profiles.graphics.enable then [ - # wikipedia - # kiwix kiwix-tools - gnupg - unzip - mupdf - zathura - - fzf - # passwords - age - sops - - # formatting - ghostscript - texliveFull - pandoc - - # Emacs Deps - graphviz - jq - - # Apps - # octaveFull - grim - swww - vim - kotatogram-desktop - tg - qwen-code - element-desktop - signal-desktop - signal-cli - thunderbird - jami - - # Sound/media - pavucontrol - alsa-utils - imagemagick - ffmpeg - helvum - - # Net - curl - rsync - gitFull - iamb - ungoogled-chromium - - # Tor - torsocks - tor-browser - - # For transfering secrets onto new system - stow - - # fonts - nerd-fonts.iosevka - noto-fonts - noto-fonts-cjk-sans - noto-fonts-color-emoji - fira-code - font-awesome_6 - victor-mono - (aspellWithDicts - (dicts: with dicts; [ en en-computers en-science ])) - - # Misc. - pinentry-gnome3 - x11_ssh_askpass - xdg-utils - acpilight - pfetch - libnotify - htop - - (pkgs.writeShellScriptBin "help" - '' - #!/usr/bin/env sh - # Portable, colored, nicely aligned alias list - - # Generate uncolored alias pairs - aliases=$(cat <<'EOF' - ${let aliases = config.programs.zsh.shellAliases; - in lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: - "${name} -> ${value}" - ) aliases)} - EOF - ) - - # Align and color using awk - echo "$aliases" | awk ' - BEGIN { - GREEN="\033[0;32m"; - YELLOW="\033[0;33m"; - RESET="\033[0m"; - maxlen=0; - } - { - # Split line on " -> " - split($0, parts, / -> /); - name[NR]=parts[1]; - cmd[NR]=parts[2]; - if(length(parts[1])>maxlen) maxlen=length(parts[1]); - } - END { - for(i=1;i<=NR;i++) { - # printf with fixed width for alias name - printf "%s%-*s%s -> %s%s%s\n", GREEN, maxlen, name[i], RESET, YELLOW, cmd[i], RESET; - } - }' - '') - - (writeShellScriptBin "remote-build" - '' - #!/bin/bash - nixos-rebuild --sudo --ask-sudo-password --target-host "$1" switch --flake $HOME/monorepo/nix#spontaneity - '' - ) - (writeShellScriptBin "install-vps" - '' - #!/bin/bash - nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config $HOME/monorepo/nix/systems/spontaneity/hardware-configuration.nix --flake $HOME/monorepo/nix#spontaneity --target-host "$1" - '') - (writeShellScriptBin "secrets" - '' - #!/bin/bash - cd "$HOME/secrets" - git pull # repo is over LAN - stow */ # manage secrets with gnu stow - cd "$HOME" - '') - (writeShellScriptBin "spontaneity-ci" - '' - #!/bin/bash - nixos-rebuild build-vm --flake $HOME/monorepo/nix#spontaneity && QEMU_OPTS="-serial stdio" ./result/bin/run-spontaneity-vm 2>&1 | tee vm-boot.log'') - ] else [ - pfetch - # net - curl - torsocks - rsync - ]); - }; - - services = { - gpg-agent = { - pinentry.package = pkgs.pinentry-emacs; - enable = true; - extraConfig = '' - allow-emacs-pinentry - allow-loopback-pinentry - ''; - }; - }; - xdg.mimeApps = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - defaultApplications = { - "x-scheme-handler/mailto" = "emacsclient-mail.desktop"; - "text/html" = "librewolf.desktop"; - "text/xml" = "librewolf.desktop"; - "application/xhtml+xml" = "librewolf.desktop"; - "x-scheme-handler/http" = "librewolf.desktop"; - "x-scheme-handler/https" = "librewolf.desktop"; - "x-scheme-handler/about" = "librewolf.desktop"; - "x-scheme-handler/unknown" = "librewolf.desktop"; - }; - }; - - programs.bash.enable = true; - fonts.fontconfig.enable = true; -} diff --git a/nix/modules/home/vps_secrets.nix b/nix/modules/home/vps_secrets.nix deleted file mode 100644 index df75a39..0000000 --- a/nix/modules/home/vps_secrets.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, config, ... }: -{ - config = lib.mkIf (!config.monorepo.profiles.graphics.enable) { - sops.secrets = { - znc = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc"; - }; - znc_password_salt = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc_password_salt"; - }; - znc_password_hash = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/znc_password_hash"; - }; - matrix_bridge = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/matrix_bridge"; - }; - coturn_secret = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/coturn_secret"; - }; - livekit_secret = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/livekit_secret"; - }; - livekit = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/livekit"; - }; - conduit_secrets = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/conduit_secrets"; - }; - mautrix_env = { - format = "yaml"; - path = "${config.sops.defaultsymlinkpath}/mautrix_env"; - }; - }; - }; -} diff --git a/nix/modules/home/waybar.nix b/nix/modules/home/waybar.nix deleted file mode 100644 index 8e797a5..0000000 --- a/nix/modules/home/waybar.nix +++ /dev/null @@ -1,274 +0,0 @@ -{ lib, config, ... }: -{ - programs.waybar = { - enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; - style = '' - * { - border: none; - border-radius: 0px; - font-family: Iosevka Nerd Font, FontAwesome, Noto Sans CJK; - font-size: 14px; - font-style: normal; - min-height: 0; - } - - window#waybar { - background: rgba(30, 30, 46, 0.5); - border-bottom: 1px solid #45475a; - color: #cdd6f4; - } - - #workspaces { - background: #45475a; - margin: 5px 5px 5px 5px; - padding: 0px 5px 0px 5px; - border-radius: 16px; - border: solid 0px #f4d9e1; - font-weight: normal; - font-style: normal; - } - #workspaces button { - padding: 0px 5px; - border-radius: 16px; - color: #a6adc8; - } - - #workspaces button.active { - color: #f4d9e1; - background-color: transparent; - border-radius: 16px; - } - - #workspaces button:hover { - background-color: #cdd6f4; - color: black; - border-radius: 16px; - } - - #custom-date, #clock, #battery, #pulseaudio, #network, #custom-randwall, #custom-launcher { - background: transparent; - padding: 5px 5px 5px 5px; - margin: 5px 5px 5px 5px; - border-radius: 8px; - border: solid 0px #f4d9e1; - } - - #custom-date { - color: #D3869B; - } - - #custom-power { - color: #24283b; - background-color: #db4b4b; - border-radius: 5px; - margin-right: 10px; - margin-top: 5px; - margin-bottom: 5px; - margin-left: 0px; - padding: 5px 10px; - } - - #tray { - background: #45475a; - margin: 5px 5px 5px 5px; - border-radius: 16px; - padding: 0px 5px; - /*border-right: solid 1px #282738;*/ - } - - #clock { - color: #cdd6f4; - background-color: #45475a; - border-radius: 0px 0px 0px 24px; - padding-left: 13px; - padding-right: 15px; - margin-right: 0px; - margin-left: 10px; - margin-top: 0px; - margin-bottom: 0px; - font-weight: bold; - /*border-left: solid 1px #282738;*/ - } - - #battery { - color: #89b4fa; - } - - #battery.charging { - color: #a6e3a1; - } - - #battery.warning:not(.charging) { - background-color: #f7768e; - color: #f38ba8; - border-radius: 5px 5px 5px 5px; - } - - #backlight { - background-color: #24283b; - color: #db4b4b; - border-radius: 0px 0px 0px 0px; - margin: 5px; - margin-left: 0px; - margin-right: 0px; - padding: 0px 0px; - } - - #network { - color: #f4d9e1; - border-radius: 8px; - margin-right: 5px; - } - - #pulseaudio { - color: #f4d9e1; - border-radius: 8px; - margin-left: 0px; - } - - #pulseaudio.muted { - background: transparent; - color: #928374; - border-radius: 8px; - margin-left: 0px; - } - - #custom-randwall { - color: #f4d9e1; - border-radius: 8px; - margin-right: 0px; - } - - #custom-launcher { - color: #e5809e; - background-color: #45475a; - border-radius: 0px 24px 0px 0px; - margin: 0px 0px 0px 0px; - padding: 0 20px 0 13px; - /*border-right: solid 1px #282738;*/ - font-size: 20px; - } - - #custom-launcher button:hover { - background-color: #FB4934; - color: transparent; - border-radius: 8px; - margin-right: -5px; - margin-left: 10px; - } - - #custom-playerctl { - background: #45475a; - padding-left: 15px; - padding-right: 14px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - margin-left: 0px; - font-weight: normal; - font-style: normal; - font-size: 16px; - } - - #custom-playerlabel { - background: transparent; - padding-left: 10px; - padding-right: 15px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - font-weight: normal; - font-style: normal; - } - - #window { - background: #45475a; - padding-left: 15px; - padding-right: 15px; - border-radius: 16px; - /*border-left: solid 1px #282738;*/ - /*border-right: solid 1px #282738;*/ - margin-top: 5px; - margin-bottom: 5px; - font-weight: normal; - font-style: normal; - } - - #custom-wf-recorder { - padding: 0 20px; - color: #e5809e; - background-color: #1E1E2E; - } - - #cpu { - background-color: #45475a; - /*color: #FABD2D;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #memory { - background-color: #45475a; - /*color: #83A598;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #disk { - background-color: #45475a; - /*color: #8EC07C;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 10px 0px 10px; - font-weight: bold; - } - - #custom-hyprpicker { - background-color: #45475a; - /*color: #8EC07C;*/ - border-radius: 16px; - margin: 5px; - margin-left: 5px; - margin-right: 5px; - padding: 0px 11px 0px 9px; - font-weight: bold; - } - ''; - settings = { - mainBar = { - layer = "top"; - position = "top"; - height = 50; - - output = config.monorepo.vars.monitors; - - modules-left = [ "hyprland/workspaces" ]; - modules-center = [ "hyprland/window" ]; - modules-right = [ "battery" "clock" ]; - - battery = { - format = "{icon} {capacity}%"; - format-icons = ["" "" "" "" "" ]; - }; - - clock = { - format = "⏰ {:%a %d, %b %H:%M}"; - }; - }; - }; - }; -} diff --git a/nix/modules/home/wofi.nix b/nix/modules/home/wofi.nix deleted file mode 100644 index ec2e3bc..0000000 --- a/nix/modules/home/wofi.nix +++ /dev/null @@ -1,188 +0,0 @@ -{ lib, config, ... }: -{ - programs.wofi = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - location = "bottom-right"; - allow_markup = true; - show = "drun"; - width = 750; - height = 400; - always_parse_args = true; - show_all = false; - term = "kitty"; - hide_scroll = true; - print_command = true; - insensitive = true; - prompt = "Run what, Commander?"; - columns = 2; - }; - - style = '' - @define-color rosewater #f5e0dc; - @define-color rosewater-rgb rgb(245, 224, 220); - @define-color flamingo #f2cdcd; - @define-color flamingo-rgb rgb(242, 205, 205); - @define-color pink #f5c2e7; - @define-color pink-rgb rgb(245, 194, 231); - @define-color mauve #cba6f7; - @define-color mauve-rgb rgb(203, 166, 247); - @define-color red #f38ba8; - @define-color red-rgb rgb(243, 139, 168); - @define-color maroon #eba0ac; - @define-color maroon-rgb rgb(235, 160, 172); - @define-color peach #fab387; - @define-color peach-rgb rgb(250, 179, 135); - @define-color yellow #f9e2af; - @define-color yellow-rgb rgb(249, 226, 175); - @define-color green #a6e3a1; - @define-color green-rgb rgb(166, 227, 161); - @define-color teal #94e2d5; - @define-color teal-rgb rgb(148, 226, 213); - @define-color sky #89dceb; - @define-color sky-rgb rgb(137, 220, 235); - @define-color sapphire #74c7ec; - @define-color sapphire-rgb rgb(116, 199, 236); - @define-color blue #89b4fa; - @define-color blue-rgb rgb(137, 180, 250); - @define-color lavender #b4befe; - @define-color lavender-rgb rgb(180, 190, 254); - @define-color text #cdd6f4; - @define-color text-rgb rgb(205, 214, 244); - @define-color subtext1 #bac2de; - @define-color subtext1-rgb rgb(186, 194, 222); - @define-color subtext0 #a6adc8; - @define-color subtext0-rgb rgb(166, 173, 200); - @define-color overlay2 #9399b2; - @define-color overlay2-rgb rgb(147, 153, 178); - @define-color overlay1 #7f849c; - @define-color overlay1-rgb rgb(127, 132, 156); - @define-color overlay0 #6c7086; - @define-color overlay0-rgb rgb(108, 112, 134); - @define-color surface2 #585b70; - @define-color surface2-rgb rgb(88, 91, 112); - @define-color surface1 #45475a; - @define-color surface1-rgb rgb(69, 71, 90); - @define-color surface0 #313244; - @define-color surface0-rgb rgb(49, 50, 68); - @define-color base #1e1e2e; - @define-color base-rgb rgb(30, 30, 46); - @define-color mantle #181825; - @define-color mantle-rgb rgb(24, 24, 37); - @define-color crust #11111b; - @define-color crust-rgb rgb(17, 17, 27); - - * { - font-family: 'Iosevka Nerd Font', monospace; - font-size: 14px; - } - - /* Window */ - window { - margin: 0px; - padding: 10px; - border: 0.16em solid @lavender; - border-radius: 0.1em; - background-color: @base; - animation: slideIn 0.5s ease-in-out both; - } - - /* Slide In */ - @keyframes slideIn { - 0% { - opacity: 0; - } - - 100% { - opacity: 1; - } - } - - /* Inner Box */ - #inner-box { - margin: 5px; - padding: 10px; - border: none; - background-color: @base; - animation: fadeIn 0.5s ease-in-out both; - } - - /* Fade In */ - @keyframes fadeIn { - 0% { - opacity: 0; - } - - 100% { - opacity: 1; - } - } - - /* Outer Box */ - #outer-box { - margin: 5px; - padding: 10px; - border: none; - background-color: @base; - } - - /* Scroll */ - #scroll { - margin: 0px; - padding: 10px; - border: none; - background-color: @base; - } - - /* Input */ - #input { - margin: 5px 20px; - padding: 10px; - border: none; - border-radius: 0.1em; - color: @text; - background-color: @base; - animation: fadeIn 0.5s ease-in-out both; - } - - #input image { - border: none; - color: @red; - } - - #input * { - outline: 4px solid @red!important; - } - - /* Text */ - #text { - margin: 5px; - border: none; - color: @text; - animation: fadeIn 0.5s ease-in-out both; - } - - #entry { - background-color: @base; - } - - #entry arrow { - border: none; - color: @lavender; - } - - /* Selected Entry */ - #entry:selected { - border: 0.11em solid @lavender; - } - - #entry:selected #text { - color: @mauve; - } - - #entry:drop(active) { - background-color: @lavender!important; - } - ''; - }; -} diff --git a/nix/modules/home/yt-dlp.nix b/nix/modules/home/yt-dlp.nix deleted file mode 100644 index b9dd8e0..0000000 --- a/nix/modules/home/yt-dlp.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - programs.yt-dlp = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - settings = { - embed-thumbnail = true; - embed-subs = true; - sub-langs = "all"; - downloader = "aria2c"; - downloader-args = "aria2c:'-c -x8 -s8 -k1M'"; - }; - }; -} diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix deleted file mode 100644 index 62dcbd5..0000000 --- a/nix/modules/home/zsh.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, config, pkgs, systemHostName, ... }: -{ - programs.zsh = { - enable = true; - initContent = '' - umask 0022 - export EXTRA_CCFLAGS="-I/usr/include" - source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh - export QT_QPA_PLATFORM="wayland" - export OLLAMA_MODEL="qwen3:14b" - ''; - - localVariables = { - EDITOR = "emacsclient --create-frame --alternate-editor=vim"; - INPUT_METHOD = "fcitx"; - QT_IM_MODULE = "fcitx"; - GTK_IM_MODULE = "fcitx"; - XMODIFIERS = "@im=fcitx"; - XIM_SERVERS = "fcitx"; - WXSUPPRESS_SIZER_FLAGS_CHECK = "1"; - }; - - shellAliases = { - clone-secrets = "git clone ssh://\"$1\"/home/preston/secrets \"$HOME/secrets\""; - get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\""; - se = "sops edit"; - f = "vim $(fzf)"; - e = "cd $(find . -type d -print | fzf)"; - c = "clear"; - g = "git"; - v = "vim"; - py = "python3"; - build-installer = "nix build $HOME/monorepo/nix#nixosConfigurations.installer.config.system.build.isoImage"; - rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}"; - nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update"; - usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; - usite - = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/"; - sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l"; - }; - loginExtra = '' - if [[ "$(tty)" = "/dev/tty1" ]]; then - exec Hyprland - fi - ''; - }; -} diff --git a/nix/modules/honk.nix b/nix/modules/honk.nix deleted file mode 100644 index 985a544..0000000 --- a/nix/modules/honk.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, config, ... }: -{ - services.honk = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - servername = "ret2pop.net"; - username = "ret2pop"; - }; -} diff --git a/nix/modules/i2pd.nix b/nix/modules/i2pd.nix deleted file mode 100644 index 9e942fa..0000000 --- a/nix/modules/i2pd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -{ - services.i2pd = { - enable = lib.mkDefault false; - address = "0.0.0.0"; - inTunnels = { }; - outTunnels = { }; - }; -} diff --git a/nix/modules/icecast.nix b/nix/modules/icecast.nix deleted file mode 100644 index 7d3d88d..0000000 --- a/nix/modules/icecast.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, config, ... }: -{ - services.icecast = { - enable = lib.mkDefault false; - listen.address = "0.0.0.0"; - extraConfig = '' - <mount type="default"> - <public>0</public> - <intro>/stream.m3u</intro> - <max-listener-duration>3600</max-listener-duration> - <authentication type="url"> - <option name="mount_add" value="http://auth.example.org/stream_start.php"/> - </authentication> - <http-headers> - <header name="foo" value="bar" /> - </http-headers> - </mount> - ''; - }; - admin.password = "changeme"; -} diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix deleted file mode 100644 index 4fa886a..0000000 --- a/nix/modules/impermanence.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, ... }: -{ - assertions = [ - { - assertion = (! (config.monorepo.profiles.impermanence.enable && (! (config.monorepo.vars.fileSystem == "btrfs")))); - message = "Impermanence requires btrfs filesystem."; - } - ]; - - boot.initrd.postResumeCommands = (if config.monorepo.profiles.impermanence.enable then lib.mkAfter '' - mkdir /btrfs_tmp - mount -t btrfs -n -o subvol=/ /dev/mapper/crypted /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount -n /btrfs_tmp - '' else ""); - - boot.initrd.luks.devices = (if (config.monorepo.vars.fileSystem == "btrfs") then { - crypted = { - device = "/dev/disk/by-partlabel/disk-main-luks"; - }; - } else {}); - - fileSystems = if (config.monorepo.profiles.impermanence.enable) then { - "/persistent" = { - neededForBoot = true; - }; - "/home" = { - neededForBoot = true; - }; - } else {}; - - environment.persistence."/persistent" = { - enable = config.monorepo.profiles.impermanence.enable; - hideMounts = true; - directories = [ - "/var/log" - "/var/lib/bluetooth" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/etc/NetworkManager/system-connections" - ]; - files = [ - "/etc/machine-id" - { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } - ]; - users."${config.monorepo.vars.userName}" = { - directories = [ - "Downloads" - "music" - "Pictures" - "Documents" - "Videos" - "Monero" - "org" - "monorepo" - "soundfont" - "website_html" - "ardour" - "audacity" - "img" - "email" - "projects" - "secrets" - - ".emacs.d" - ".elfeed" - ".electrum" - ".mozilla" - ".bitmonero" - ".config" - ".crypto" - { directory = ".gnupg"; mode = "0700"; } - { directory = ".ssh"; mode = "0700"; } - { directory = ".local/share/keyrings"; mode = "0700"; } - ".local/share/direnv" - ]; - files = [ - ".emacs" - ]; - }; - }; -} diff --git a/nix/modules/inspircd.nix b/nix/modules/inspircd.nix deleted file mode 100644 index bf3e9ba..0000000 --- a/nix/modules/inspircd.nix +++ /dev/null @@ -1,539 +0,0 @@ -{ lib, config, ... }: -{ - services.inspircd = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - modules = [ "ssl_openssl" ]; - config = '' -<server name="nullring.xyz" - description="Nullring IRC Instance" - network="NullRing"> - -<admin - name="Preston Pan" - nick="prestonp" - email="ret2pop@gmail.com"> - -<bind - address="0.0.0.0" - port="6697" - type="clients" - ssl="openssl"> - -<module name="ssl_openssl"> -<openssl certfile="/var/lib/acme/fullchain.pem" keyfile="/var/lib/acme/key.pem"> - -<power - # hash: what hash these passwords are hashed with. - # Requires the module for selected hash (m_md5.so, m_sha256.so - # or m_ripemd160.so) be loaded and the password hashing module - # (m_password_hash.so) loaded. - # Options here are: "md5", "sha256" and "ripemd160", or one of - # these prefixed with "hmac-", e.g.: "hmac-sha256". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd <hash> <password> - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" - - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> - -<connect - # name: Name to use for this connect block. Mainly used for - # connect class inheriting. - name="main" - - # allow: What IP addresses/hosts to allow for this block. - allow="*" - - # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" - - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. - # (Note, this is a client-side thing, if the client does not - # send /nick, /user or /pass) - timeout="10" - - # pingfreq: How often (in seconds) the server tries to ping connecting clients. - pingfreq="120" - - # hardsendq: maximum amount of data allowed in a client's send queue - # before they are dropped. Keep this value higher than the length of - # your network's /LIST or /WHO output, or you will have lots of - # disconnects from sendq overruns! - # Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc. - hardsendq="1M" - - # softsendq: amount of data in a client's send queue before the server - # begins delaying their commands in order to allow the sendq to drain - softsendq="8192" - - # recvq: amount of data allowed in a client's queue before they are dropped. - # Entering "8K" is equivalent to "8192", see above. - recvq="8K" - - # threshold: This specifies the amount of command penalty a user is allowed to have - # before being quit or fakelagged due to flood. Normal commands have a penalty of 1, - # ones such as /OPER have penalties up to 10. - # - # If you are not using fakelag, this should be at least 20 to avoid excess flood kills - # from processing some commands. - threshold="10" - - # commandrate: This specifies the maximum rate that commands can be processed. - # If commands are sent more rapidly, the user's penalty will increase and they will - # either be fakelagged or killed when they reach the threshold - # - # Units are millicommands per second, so 1000 means one line per second. - commandrate="1000" - - # fakelag: Use fakelag instead of killing users for excessive flood - # - # Fake lag stops command processing for a user when a flood is detected rather than - # immediately killing them; their commands are held in the recvq and processed later - # as the user's command penalty drops. Note that if this is enabled, flooders will - # quit with "RecvQ exceeded" rather than "Excess Flood". - fakelag="on" - - # localmax: Maximum local connections per IP. - - localmax="200" - - # globalmax: Maximum global (network-wide) connections per IP. - - globalmax="200" - - # useident: Defines if users in this class must respond to a ident query or not. - useident="no" - - # limit: How many users are allowed in this class - limit="5000" - - # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. - # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking - # module be loaded as well. - modes="+x"> - - -#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# CIDR configuration allows detection of clones and applying of # -# throttle limits across a CIDR range. (A CIDR range is a group of # -# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # -# represented as 192.168.1.0/24). This means that abuse across an ISP # -# is detected and curtailed much easier. Here is a good chart that # -# shows how many IPs the different CIDRs correspond to: # -# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # -# # - -<cidr - # ipv4clone: specifies how many bits of an IP address should be - # looked at for clones. The default only looks for clones on a - # single IP address of a user. You do not want to set this - # extremely low. (Values are 0-32). - ipv4clone="32" - - # ipv6clone: specifies how many bits of an IP address should be - # looked at for clones. The default only looks for clones on a - # single IP address of a user. You do not want to set this - # extremely low. (Values are 0-128). - ipv6clone="128"> - -<channels - # users: Maximum number of channels a user can be in at once. - users="20" - - # opers: Maximum number of channels an oper can be in at once. - opers="60"> - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# If these values are not defined, InspIRCd uses the default DNS resolver -# of your system. - -<dns - # server: DNS server to use to attempt to resolve IP's to hostnames. - # in most cases, you won't need to change this, as inspircd will - # automatically detect the nameserver depending on /etc/resolv.conf - # (or, on Windows, your set nameservers in the registry.) - # Note that this must be an IP address and not a hostname, because - # there is no resolver to resolve the name until this is defined! - # - # server="127.0.0.1" - - # timeout: seconds to wait to try to resolve DNS/hostname. - timeout="5"> - -# An example of using an IPv6 nameserver -#<dns server="::1" timeout="5"> - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Define the path to the PID file here. The PID file can be used to # -# rehash the ircd from the shell or to terminate the ircd from the # -# shell using shell scripts, perl scripts, etc... and to monitor the # -# ircd's state via cron jobs. If this is a relative path, it will be # -# relative to the configuration directory, and if it is not defined, # -# the default of 'inspircd.pid' is used. # -# # - -#<pid file="/path/to/inspircd.pid"> - -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # -# It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # -# # - -<banlist chan="#largechan" limit="128"> -<banlist chan="*" limit="69"> - -#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag is optional, and specifies one or more features which are # -# not available to non-operators. # -# # -# For example you may wish to disable NICK and prevent non-opers from # -# changing their nicknames. # -# Note that any disabled commands take effect only after the user has # -# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # -# so for example disabling NICK will not cripple your network. # -# # -# You can also define if you want to disable any channelmodes # -# or usermodes from your users. # -# # -# `fakenonexistant' will make the ircd pretend that nonexistant # -# commands simply don't exist to non-opers ("no such command"). # -# # -#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes"> - - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Just remove this... Its here to make you read ALL of the config # -# file options ;) # - -#<die value="You should probably edit your config *PROPERLY* and try again."> - - - -#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Settings to define which features are usable on your server. # -# # - -<options - # prefixquit: What (if anything) users' quit messages - # should be prefixed with. - prefixquit="Quit: " - - # suffixquit: What (if anything) users' quit messages - # should be suffixed with. - suffixquit="" - - # prefixpart: What (if anything) users' part messages - # should be prefixed with. - prefixpart=""" - # NOTE: Use "\"" instead of """ if not using <config format="xml"> - - # suffixpart: What (if anything) users' part message - # should be suffixed with. - suffixpart=""" - - # fixedquit: Set all users' quit messages to this value. - #fixedquit="" - - # fixedpart: Set all users' part messages in all channels - # to this value. - #fixedpart="" - - # syntaxhints: If enabled, if a user fails to send the correct parameters - # for a command, the ircd will give back some help text of what - # the correct parameters are. - syntaxhints="no" - - # cyclehosts: If enabled, when a user gets a host set, it will cycle - # them in all their channels. If not, it will simply change their host - # without cycling them. - cyclehosts="yes" - - # cyclehostsfromuser: If enabled, the source of the mode change for - # cyclehosts will be the user who cycled. This can look nicer, but - # triggers anti-takeover mechanisms of some obsolete bots. - cyclehostsfromuser="no" - - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - - # announcets: If set to yes, when the timestamp on a channel changes, all users - # in the channel will be sent a NOTICE about it. - announcets="yes" - - # allowmismatch: Setting this option to yes will allow servers to link even - # if they don't have the same "optionally common" modules loaded. Setting this to - # yes may introduce some desyncs and unwanted behaviour. - allowmismatch="no" - - # defaultbind: Sets the default for <bind> tags without an address. Choices are - # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support, - # falling back to IPv4 otherwise. - defaultbind="auto" - - # hostintopic: If enabled, channels will show the host of the topic setter - # in the topic. If set to no, it will only show the nick of the topic setter. - hostintopic="yes" - - # pingwarning: If a server does not respond to a ping within x seconds, - # it will send a notice to opers with snomask +l informing that the server - # is about to ping timeout. - pingwarning="15" - - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" - - # defaultmodes: What modes are set on a empty channel when a user - # joins it and it is unregistered. - defaultmodes="nt" - - # moronbanner: This is the text that is sent to a user when they are - # banned from the server. - moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." - - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" - - # invitebypassmodes: This allows /invite to bypass other channel modes. - # (Such as +k, +j, +l, etc.) - invitebypassmodes="yes" - - # nosnoticestack: This prevents snotices from 'stacking' and giving you - # the message saying '(last message repeated X times)'. Defaults to no. - nosnoticestack="no" - - # welcomenotice: When turned on, this sends a NOTICE to connecting users - # with the text Welcome to <networkname>! after successful registration. - # Defaults to yes. - welcomenotice="yes"> - - -#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# -# # - -<performance - # netbuffersize: Size of the buffer used to receive data from clients. - # The ircd may only read this amount of text in 1 go at any time. - netbuffersize="10240" - - # somaxconn: The maximum number of connections that may be waiting - # in the accept queue. This is *NOT* the total maximum number of - # connections per server. Some systems may only allow this to be up - # to 5, while others (such as Linux and *BSD) default to 128. - somaxconn="128" - - # limitsomaxconn: By default, somaxconn (see above) is limited to a - # safe maximum value in the 2.0 branch for compatibility reasons. - # This setting can be used to disable this limit, forcing InspIRCd - # to use the value specified above. - limitsomaxconn="true" - - # softlimit: This optional feature allows a defined softlimit for - # connections. If defined, it sets a soft max connections value. - softlimit="12800" - - # quietbursts: When syncing or splitting from a network, a server - # can generate a lot of connect and quit messages to opers with - # +C and +Q snomasks. Setting this to yes squelches those messages, - # which makes it easier for opers, but degrades the functionality of - # bots like BOPM during netsplits. - quietbursts="yes" - - # nouserdns: If enabled, no DNS lookups will be performed on - # connecting users. This can save a lot of resources on very busy servers. - nouserdns="no"> - -#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# -# # - -<security - - # announceinvites: This option controls which members of the channel - # receive an announcement when someone is INVITEd. Available values: - # 'none' - don't send invite announcements - # 'all' - send invite announcements to all members - # 'ops' - send invite announcements to ops and higher ranked users - # 'dynamic' - send invite announcements to halfops (if available) and - # higher ranked users. This is the recommended setting. - announceinvites="dynamic" - - # hidemodes: If enabled, then the listmodes given will be hidden - # from users below halfop. This is not recommended to be set on +b - # as it may break some functionality in popular clients such as mIRC. - hidemodes="eI" - - # hideulines: If this value is set to yes, U-lined servers will - # be hidden from non-opers in /links and /map. - hideulines="no" - - # flatlinks: If this value is set to yes, /map and /links will - # be flattened when shown to non-opers. - flatlinks="no" - - # hidewhois: When defined, the given text will be used in place - # of the server a user is on when whoised by a non-oper. Most - # networks will want to set this to something like "*.netname.net" - # to conceal the actual server a user is on. - # Note that enabling this will cause users' idle times to only be - # shown when the format /WHOIS <nick> <nick> is used. - hidewhois="" - - # hidebans: If this value is set to yes, when a user is banned ([gkz]lined) - # only opers will see the ban message when the user is removed - # from the server. - hidebans="no" - - # hidekills: If defined, replaces who set a /kill with a custom string. - hidekills="" - - # hideulinekills: Hide kills from clients of ulined servers from server notices. - hideulinekills="yes" - - # hidesplits: If enabled, non-opers will not be able to see which - # servers split in a netsplit, they will only be able to see that one - # occurred (If their client has netsplit detection). - hidesplits="no" - - # maxtargets: Maximum number of targets per command. - # (Commands like /notice, /privmsg, /kick, etc) - maxtargets="20" - - # customversion: Displays a custom string when a user /version's - # the ircd. This may be set for security reasons or vanity reasons. - customversion="" - - # operspywhois: show opers (users/auspex) the +s channels a user is in. Values: - # splitmsg Split with an explanatory message - # yes Split with no explanatory message - # no Do not show - operspywhois="no" - - # runasuser: If this is set, InspIRCd will attempt to switch - # to run as this user, which allows binding of ports under 1024. - # You should NOT set this unless you are starting as root. - # NOT SUPPORTED/NEEDED UNDER WINDOWS. - #runasuser="" - - # runasgroup: If this is set, InspIRCd will attempt to switch - # to run as this group, which allows binding of ports under 1024. - # You should NOT set this unless you are starting as root. - # NOT SUPPORTED/NEEDED UNDER WINDOWS. - #runasgroup="" - - # restrictbannedusers: If this is set to yes, InspIRCd will not allow users - # banned on a channel to change nickname or message channels they are - # banned on. - restrictbannedusers="yes" - - # genericoper: Setting this value to yes makes all opers on this server - # appear as 'is an IRC operator' in their WHOIS, regardless of their - # oper type, however oper types are still used internally. This only - # affects the display in WHOIS. - genericoper="no" - - # userstats: /stats commands that users can run (opers can run all). - userstats="Pu"> - -<limits - # maxnick: Maximum length of a nickname. - maxnick="500" - - # maxchan: Maximum length of a channel name. - maxchan="500" - - # maxmodes: Maximum number of mode changes per line. - maxmodes="20" - - # maxident: Maximum length of a ident/username. - maxident="500" - - # maxquit: Maximum length of a quit message. - maxquit="255" - - # maxtopic: Maximum length of a channel topic. - maxtopic="307" - - # maxkick: Maximum length of a kick message. - maxkick="255" - - # maxgecos: Maximum length of a GECOS (realname). - maxgecos="128" - - # maxaway: Maximum length of an away message. - maxaway="200"> - -<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log"> - -#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag lets you define the behaviour of the /whowas command of # -# your server. # -# # - -<whowas - # groupsize: Maximum entries per nick shown when performing - # a /whowas nick. - groupsize="10" - - # maxgroups: Maximum number of nickgroups that can be added to - # the list so that /whowas does not use a lot of resources on - # large networks. - maxgroups="100000" - - # maxkeep: Maximum time a nick is kept in the whowas list - # before being pruned. Time may be specified in seconds, - # or in the following format: 1y2w3d4h5m6s. Minimum is - # 1 hour. - maxkeep="3d"> - -<badnick - # nick: Nick to disallow. Wildcards are supported. - nick="ChanServ" - - # reason: Reason to display on /nick. - reason="Reserved For Services"> - -<badnick nick="NickServ" reason="Reserved For Services"> -<badnick nick="OperServ" reason="Reserved For Services"> -<badnick nick="MemoServ" reason="Reserved For Services"> - -<badhost host="root@*" reason="Don't IRC as root!"> - -<insane - # hostmasks: Allow bans with insane hostmasks. (over-reaching bans) - hostmasks="no" - - # ipmasks: Allow bans with insane ipmasks. (over-reaching bans) - ipmasks="no" - - # nickmasks: Allow bans with insane nickmasks. (over-reaching bans) - nickmasks="no" - - # trigger: What percentage of users on the network to trigger - # specifying an insane ban as. The default is 95.5%, which means - # if you have a 1000 user network, a ban will not be allowed if it - # will be banning 955 or more users. - trigger="95.5"> -''; - }; -} diff --git a/nix/modules/ircd.nix b/nix/modules/ircd.nix deleted file mode 100644 index ee4eb75..0000000 --- a/nix/modules/ircd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, ... }: -{ - services.ircdHybrid = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - extraIPs = [ "0.0.0.0" ]; - extraPort = "6697"; - adminEmail = "ret2pop@gmail.com"; - description = "NullRing IRC instance"; - serverName = "nullring.xyz"; - certificate = "/var/lib/acme/nullring.xyz/cert.pem"; - }; -} diff --git a/nix/modules/kubo.nix b/nix/modules/kubo.nix deleted file mode 100644 index c64295d..0000000 --- a/nix/modules/kubo.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services.kubo = { - enable = lib.mkDefault config.monorepo.profiles.workstation.enable; - autoMount = false; - enableGC = true; - settings = { - Addresses.API = [ - "/ip4/127.0.0.1/tcp/5001" - ]; - Bootstrap = [ - "/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu" - "/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm" - ]; - Datastore = { - StorageMax = "20GB"; - }; - }; - }; -} diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix deleted file mode 100644 index 6cd2350..0000000 --- a/nix/modules/maddy.nix +++ /dev/null @@ -1,196 +0,0 @@ -{ lib, config, options, ... }: -let - emailServerName = "mail.${config.monorepo.vars.orgHost}"; - serverName = "list.${config.monorepo.vars.orgHost}"; - password_path = "mail_monorepo_password"; -in -{ - sops.secrets = lib.mkIf config.services.maddy.enable { - "${password_path}" = lib.mkIf config.services.maddy.enable { - format = "yaml"; - owner = "maddy"; - }; - }; - - services.maddy = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - openFirewall = true; - hostname = "${config.monorepo.vars.orgHost}"; - primaryDomain = "mail.${config.monorepo.vars.orgHost}"; - localDomains = [ - "$(primary_domain)" - "${config.monorepo.vars.orgHost}" - ]; - tls = { - loader = "file"; - certificates = [ - { - keyPath = "/var/lib/acme/mail.${config.monorepo.vars.orgHost}/key.pem"; - certPath = "/var/lib/acme/mail.${config.monorepo.vars.orgHost}/fullchain.pem"; - } - ]; - }; - config = builtins.replaceStrings [ - "imap tcp://0.0.0.0:143" - "submission tcp://0.0.0.0:587" - ] [ - "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" - "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" - ] - options.services.maddy.config.default; - - ensureAccounts = (builtins.map (x: "${x}@${config.monorepo.vars.orgHost}") config.monorepo.vars.projects) ++ [ - "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" - "discussion@${config.monorepo.vars.orgHost}" - ]; - ensureCredentials = lib.genAttrs config.services.maddy.ensureAccounts - (name: { - passwordFile = "/run/secrets/${password_path}"; - }) // { - "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_password"; - }; - }; - }; - - systemd.tmpfiles.rules = [ - "C+ /var/lib/public-inbox/style.css 0644 public-inbox public-inbox - ${../data/public-inbox.css}" - ]; - systemd.services.public-inbox-httpd = - if config.monorepo.profiles.server.enable then { - preStart = '' - # Copy or link the file. - # Using 'cp' is often safer for sandboxed services than linking to the store. Lol. - cp -f ${../data/public-inbox.css} /var/lib/public-inbox/style.css - chmod 644 /var/lib/public-inbox/style.css - ''; - - serviceConfig = { - # Allow the service to see the file it just created - BindPaths = [ - "/var/lib/public-inbox" - "${config.users.users.git.home}" - ]; - ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; - # Ensure it can actually write to the directory during preStart - ReadWritePaths = [ "/var/lib/public-inbox" ]; - }; - } else { }; - - systemd.services.public-inbox-watch = - if config.monorepo.profiles.server.enable then { - after = [ "sops-nix.service" ]; - confinement.enable = lib.mkForce false; - preStart = '' - mkdir -p /var/lib/public-inbox/.tmp - chmod 0700 /var/lib/public-inbox/.tmp - ln -sfn ${config.sops.templates."public-inbox-netrc".path} /var/lib/public-inbox/.netrc - ''; - environment = { - PUBLIC_INBOX_FORCE_IPV4 = "1"; - NETRC = config.sops.templates."public-inbox-netrc".path; - HOME = "/var/lib/public-inbox"; - TMPDIR = "/var/lib/public-inbox/.tmp"; - }; - - serviceConfig = { - RestrictSUIDSGID = lib.mkForce false; - ReadWritePaths = [ "/var/lib/public-inbox" ]; - RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" ]; - PrivateNetwork = lib.mkForce false; - SystemCallFilter = lib.mkForce [ ]; - RootDirectory = lib.mkForce ""; - - CapabilityBoundingSet = lib.mkForce [ "~" ]; - UMask = lib.mkForce "0022"; - ProtectSystem = lib.mkForce false; - }; - } else { }; - - services.public-inbox = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - settings = { - coderepo = lib.genAttrs config.monorepo.vars.projects (name: { - dir = "${config.users.users.git.home}/${name}.git"; - # works even if no cgit server running here, this is just the default - cgitUrl = "https://git.${config.monorepo.vars.orgHost}/${name}.git"; - }); - publicinbox.css = [ "/var/lib/public-inbox/style.css" ]; - publicinbox.wwwlisting = "all"; - }; - http = { - enable = true; - port = 9090; - }; - inboxes = lib.genAttrs config.monorepo.vars.projects - (name: { - description = "discussion of the ${name} project."; - address = [ "${name}@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/${name}"; - url = "https://list.${config.monorepo.vars.orgHost}/${name}"; - watch = [ "imaps://${name}${config.monorepo.vars.orgHost}@${emailServerName}/INBOX" ]; - coderepo = [ "${name}" ]; - }) // { - "discussion" = { - description = "Main Nullring Discussion Mailing List"; - address = [ "discussion@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/discuss"; - url = "https://${serverName}/discussion"; - watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@${emailServerName}/INBOX" ]; - }; - }; - }; - - networking.domains.baseDomains."${config.monorepo.vars.orgHost}" = lib.mkIf config.services.maddy.enable { - mx.data = [ - { - preference = 10; - exchange = "${emailServerName}"; - } - ]; - }; - - networking.domains.subDomains = lib.mkIf config.services.maddy.enable { - "${serverName}" = { }; - "${emailServerName}" = { }; - "_dmarc.${config.monorepo.vars.orgHost}" = { - txt = { - data = "v=DMARC1; p=none"; - }; - }; - "default._domainkey.${config.monorepo.vars.orgHost}" = { - txt = { - data = "v=DKIM1; k=rsa; p=${config.monorepo.vars.dkimKey}"; - }; - }; - }; - - networking.firewall.allowedTCPPorts = lib.mkIf config.services.maddy.enable [ - 143 - 465 - 587 - 993 - ]; - - services.nginx.virtualHosts."${serverName}" = lib.mkIf config.services.public-inbox.enable { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.public-inbox.http.port}"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - - services.nginx.virtualHosts."${emailServerName}" = lib.mkIf config.services.maddy.enable { - serverName = "${emailServerName}"; - root = "/var/www/dummy"; - addSSL = true; - enableACME = true; - }; - -} diff --git a/nix/modules/matrix-appservice-irc.nix b/nix/modules/matrix-appservice-irc.nix deleted file mode 100644 index 518cdde..0000000 --- a/nix/modules/matrix-appservice-irc.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: -{ - enable = lib.mkDefault config.monorepo.profiles.server.enable; - registrationUrl = "localhost"; - - settings = { - homeserver.url = "https://matrix.nullring.xyz"; - homserver.domain = "matrix.nullring.xyz"; - }; -} diff --git a/nix/modules/matterbridge.nix b/nix/modules/matterbridge.nix deleted file mode 100644 index 85a2295..0000000 --- a/nix/modules/matterbridge.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, config, ... }: -{ - services.matterbridge = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - configPath = "${config.sops.templates.matterbridge.path}"; - }; -} diff --git a/nix/modules/mautrix.nix b/nix/modules/mautrix.nix deleted file mode 100644 index abdb50d..0000000 --- a/nix/modules/mautrix.nix +++ /dev/null @@ -1,150 +0,0 @@ -{ lib, config, ... }: -{ - services.mautrix-discord = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - environmentFile = "/run/secrets/mautrix_env"; - settings = { - bridge = { - animated_sticker = { - args = { - fps = 25; - height = 320; - width = 320; - }; - target = "webp"; - }; - autojoin_thread_on_open = true; - avatar_proxy_key = "generate"; - backfill = { - forward_limits = { - initial = { - channel = 0; - dm = 0; - thread = 0; - }; - max_guild_members = -1; - missed = { - channel = 0; - dm = 0; - thread = 0; - }; - }; - }; - cache_media = "unencrypted"; - channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}"; - command_prefix = "!discord"; - custom_emoji_reactions = true; - delete_guild_on_leave = true; - delete_portal_on_channel_delete = false; - delivery_receipts = false; - direct_media = { - allow_proxy = true; - enabled = false; - server_key = "generate"; - }; - displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}}"; - double_puppet_allow_discovery = true; - double_puppet_server_map = { }; - embed_fields_as_tables = true; - enable_webhook_avatars = true; - encryption = { - allow = false; - allow_key_sharing = false; - appservice = false; - default = false; - delete_keys = { - delete_fully_used_on_decrypt = false; - delete_on_device_delete = false; - delete_outbound_on_ack = false; - delete_outdated_inbound = false; - delete_prev_on_new_session = false; - dont_store_outbound = false; - periodically_delete_expired = false; - ratchet_on_decrypt = false; - }; - msc4190 = false; - plaintext_mentions = false; - require = false; - rotation = { - disable_device_change_key_rotation = false; - enable_custom = false; - messages = 100; - milliseconds = 604800000; - }; - verification_levels = { - receive = "unverified"; - send = "unverified"; - share = "cross-signed-tofu"; - }; - }; - federate_rooms = true; - guild_name_template = "{{.Name}}"; - login_shared_secret_map = { }; - management_room_text = { - additional_help = ""; - welcome = "Hello, I'm a Discord bridge bot."; - welcome_connected = "Use `help` for help."; - welcome_unconnected = "Use `help` for help or `login` to log in."; - }; - message_error_notices = true; - message_status_events = false; - mute_channels_on_create = false; - permissions = { - "@${config.monorepo.vars.internetName}:matrix.${config.monorepo.vars.orgHost}" = "admin"; - "*" = "user"; - }; - portal_message_buffer = 128; - prefix_webhook_messages = true; - private_chat_portal_meta = "default"; - provisioning = { - debug_endpoints = false; - prefix = "/_matrix/provision"; - shared_secret = "generate"; - }; - public_address = null; - resend_bridge_info = false; - restricted_rooms = false; - startup_private_channel_create_limit = 5; - sync_direct_chat_list = false; - use_discord_cdn_upload = true; - username_template = "discord_{{.}}"; - }; - - appservice = { - address = "http://localhost:29334"; - hostname = "0.0.0.0"; - port = 29334; - id = "discord"; - bot = { - username = "discordbot"; - displayname = "Discord bridge bot"; - avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC"; - }; - ephemeral_events = true; - async_transactions = false; - database = { - type = "sqlite3"; - uri = "file:${config.services.mautrix-discord.dataDir}/mautrix-discord.db?_txlock=immediate"; - max_open_conns = 20; - max_idle_conns = 2; - max_conn_idle_time = null; - max_conn_lifetime = null; - }; - as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN"; - hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN"; - }; - - dataDir = "/var/lib/mautrix-discord"; - homeserver = { - async_media = false; - message_send_checkpoint_endpoint = null; - ping_interval_seconds = 0; - software = "standard"; - status_endpoint = null; - websocket = false; - domain = "matrix.${config.monorepo.vars.orgHost}"; - address = "http://localhost:6167"; - }; - }; - }; -} diff --git a/nix/modules/murmur.nix b/nix/modules/murmur.nix deleted file mode 100644 index fcd4434..0000000 --- a/nix/modules/murmur.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, config, ... }: -{ - services.murmur = { -# enable = lib.mkDefault config.monorepo.profiles.server.enable; - enable = false; - openFirewall = true; - hostName = "0.0.0.0"; - welcometext = "Wecome to the Null Murmur instance!"; - registerName = "nullring"; - registerHostname = "${config.monorepo.vars.orgHost}"; - sslCert = "/var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem"; - sslKey = "/var/lib/acme/${config.monorepo.vars.orgHost}/sslKey.pem"; - }; -} diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix deleted file mode 100644 index f911fc1..0000000 --- a/nix/modules/nginx.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, ... }: -{ - services.nginx = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - user = "nginx"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = false; - virtualHosts = { - "${config.monorepo.vars.remoteHost}" = { - serverName = "${config.monorepo.vars.remoteHost}"; - serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; - root = "/var/www/${config.monorepo.vars.internetName}-website/"; - addSSL = true; - enableACME = true; - }; - - # the port comes from ssh tunnelling - "music.${config.monorepo.vars.remoteHost}" = lib.mkIf config.monorepo.profiles.server.enable { - addSSL = true; - enableACME = true; - basicAuthFile = config.sops.secrets."mpd_password".path; - locations."/" = { - proxyPass = "http://localhost:8000"; - extraConfig = '' - proxy_buffering off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_read_timeout 36000s; - ''; - }; - }; - - "${config.monorepo.vars.orgHost}" = { - serverName = "${config.monorepo.vars.orgHost}"; - root = "/var/www/nullring/"; - addSSL = true; - enableACME = true; - }; - }; - }; - - networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ]; - - networking.domains.subDomains = lib.mkIf config.services.nginx.enable { - "${config.monorepo.vars.remoteHost}" = { }; - "${config.monorepo.vars.orgHost}" = { }; - "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = { }; - }; -} diff --git a/nix/modules/ngircd.nix b/nix/modules/ngircd.nix deleted file mode 100644 index 12c719e..0000000 --- a/nix/modules/ngircd.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, config, ... }: -{ - services.ngircd = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - config = '' - [Global] - Name = ${config.monorepo.vars.orgHost} - Info = NullRing IRC Instance - Listen = ::,0.0.0.0 - MotdFile = /etc/motd.txt - Network = NullRing - Ports = 6667 - [Options] - PAM = no - [SSL] - CertFile = /var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem - CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 - KeyFile = /var/lib/acme/${config.monorepo.vars.orgHost}/key.pem - Ports = 6697 - ''; - }; - - environment.etc."motd.txt" = { - source = ../data/motd.txt; - mode = "644"; - user = "ngircd"; - group = "ngircd"; - }; - - networking.firewall.allowedTCPPorts = - if (config.services.ngircd.enable == true) then [ - 6697 - 6667 - ] else [ ]; -} diff --git a/nix/modules/ntfy-sh.nix b/nix/modules/ntfy-sh.nix deleted file mode 100644 index 3cbab0e..0000000 --- a/nix/modules/ntfy-sh.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ pkgs, lib, config, ... }: -let - serverName = "ntfy.${config.monorepo.vars.remoteHost}"; - port = 2586; - ntfySecret = "ntfy"; -in -{ - sops.secrets."${ntfySecret}" = lib.mkIf config.services.ntfy-sh.enable { - format = "yaml"; - owner = "ntfy-sh"; - }; - - services.ntfy-sh = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - settings = { - base-url = "https://${serverName}"; - listen-http = "127.0.0.1:${toString port}"; - envrionmentFile = "/run/secrets/${ntfySecret}"; - auth-file = "/var/lib/ntfy-sh/user.db"; - auth-default-access = "deny-all"; - enable-login = true; - }; - }; - - services.nginx.enable = config.services.ntfy-sh.enable; - - systemd.services.ntfy-sh = lib.mkIf config.services.ntfy-sh.enable { - serviceConfig = { - EnvironmentFile = "/run/secrets/${ntfySecret}"; - }; - postStart = lib.mkForce '' - # 1. Wait for the server to initialize the database - echo "Waiting for ntfy auth database to appear..." - TIMEOUT=30 - while [ ! -f /var/lib/ntfy-sh/user.db ]; do - sleep 1 - TIMEOUT=$((TIMEOUT-1)) - if [ $TIMEOUT -le 0 ]; then - echo "Timed out waiting for database creation!" - exit 1 - fi - done - - echo "Database found. Configuring admin user..." - - # 2. Define the username - ADMIN_USER="ret2pop" - - # 3. Check if user exists, create if missing - # We pipe the password twice because 'ntfy user add' asks for confirmation - if ! ${pkgs.ntfy-sh}/bin/ntfy user list | grep -q "$ADMIN_USER"; then - echo "Creating admin user $ADMIN_USER..." - printf "$ADMIN_PASSWORD\n$ADMIN_PASSWORD" | \ - ${pkgs.ntfy-sh}/bin/ntfy user add --role=admin "$ADMIN_USER" - echo "User created." - else - echo "Admin user already exists." - fi - ''; - }; - - networking.domains.subDomains."${serverName}" = lib.mkIf config.services.ntfy-sh.enable { }; - services.nginx.virtualHosts."${serverName}" = lib.mkIf config.services.ntfy-sh.enable { - serverName = "${serverName}"; - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_buffering off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; -} diff --git a/nix/modules/nvidia.nix b/nix/modules/nvidia.nix deleted file mode 100644 index 5b05d28..0000000 --- a/nix/modules/nvidia.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - hardware = { - graphics.extraPackages = (if config.monorepo.profiles.cuda.enable - then with pkgs; [ - libva-vdpau-driver - libvdpau-va-gl - nvidia-vaapi-driver - ] else []); - - nvidia = { - modesetting.enable = lib.mkDefault config.monorepo.profiles.cuda.enable; - powerManagement = { - enable = lib.mkDefault config.monorepo.profiles.cuda.enable; - finegrained = false; - }; - open = config.monorepo.profiles.cuda.enable; - package = config.boot.kernelPackages.nvidiaPackages.stable; - nvidiaSettings = false; - }; - }; -} diff --git a/nix/modules/ollama.nix b/nix/modules/ollama.nix deleted file mode 100644 index a9144ae..0000000 --- a/nix/modules/ollama.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - # services.open-webui.enable = lib.mkDefault (!config.monorepo.profiles.server.enable); - services.ollama = { - enable = lib.mkDefault config.monorepo.profiles.desktop.enable; - package = if (config.monorepo.profiles.cuda.enable) then pkgs.ollama-cuda else pkgs.ollama-vulkan; - loadModels = - if (config.monorepo.profiles.cuda.enable) then [ - "qwen3:30b" - "qwen3-coder:latest" - "qwen2.5-coder:latest" - "gemma3:12b-it-qat" - ] else [ - "qwen3:0.6b" - "qwen2.5-coder:0.5b" - ]; - host = "0.0.0.0"; - openFirewall = true; - }; -} diff --git a/nix/modules/pantalaimon.nix b/nix/modules/pantalaimon.nix deleted file mode 100644 index e82e50f..0000000 --- a/nix/modules/pantalaimon.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - services.pantalaimon-headless = { - instances = { - "nullring" = { - ssl = true; - homeserver = "https://matrix.nullring.xyz"; - listenAddress = "localhost"; - listenPort = 8009; - }; - }; - }; -} diff --git a/nix/modules/pipewire.nix b/nix/modules/pipewire.nix deleted file mode 100644 index 0fc2d69..0000000 --- a/nix/modules/pipewire.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, config, ... }: -{ - services.pipewire = { - enable = lib.mkDefault config.monorepo.profiles.pipewire.enable; - alsa = { - enable = lib.mkDefault config.monorepo.profiles.pipewire.enable; - support32Bit = true; - }; - pulse.enable = lib.mkDefault config.monorepo.profiles.pipewire.enable; - jack.enable = lib.mkDefault config.monorepo.profiles.pipewire.enable; - wireplumber.enable = lib.mkDefault config.monorepo.profiles.pipewire.enable; - extraConfig = { - pipewire."92-low-latency" = { - "context.properties" = { - "default.clock.rate" = 48000; - "default.clock.quantum" = 512; - "default.clock.min-quantum" = 512; - "default.clock.max-quantum" = 1024; - }; - pipewire-pulse."92-low-latency" = { - "context.properties" = [ - { - name = "libpipewire-module-protocol-pulse"; - args = { }; - } - ]; - "pulse.properties" = { - "pulse.min.req" = "32/48000"; - "pulse.default.req" = "32/48000"; - "pulse.max.req" = "32/48000"; - "pulse.min.quantum" = "32/48000"; - "pulse.max.quantum" = "32/48000"; - }; - "stream.properties" = { - "node.latency" = "32/48000"; - "resample.quality" = 1; - }; - }; - }; - }; - }; -} diff --git a/nix/modules/postfix.nix b/nix/modules/postfix.nix deleted file mode 100644 index 35c9e21..0000000 --- a/nix/modules/postfix.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: -{ - services.postfix = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - config = { - }; - }; -} diff --git a/nix/modules/public_inbox.nix b/nix/modules/public_inbox.nix deleted file mode 100644 index 3cd084b..0000000 --- a/nix/modules/public_inbox.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, config, ... }: -{ - systemd.tmpfiles.rules = [ - "C+ /var/lib/public-inbox/style.css 0644 public-inbox public-inbox - ${../data/public-inbox.css}" - ]; - systemd.services.public-inbox-httpd = if config.monorepo.profiles.server.enable then { - preStart = '' - # Copy or link the file. - # Using 'cp' is often safer for sandboxed services than linking to the store. Lol. - cp -f ${../data/public-inbox.css} /var/lib/public-inbox/style.css - chmod 644 /var/lib/public-inbox/style.css - ''; - - serviceConfig = { - # Allow the service to see the file it just created - BindPaths = [ - "/var/lib/public-inbox" - "${config.users.users.git.home}" - ]; - ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; - # Ensure it can actually write to the directory during preStart - ReadWritePaths = [ "/var/lib/public-inbox" ]; - }; - } else {}; - - systemd.services.public-inbox-watch = if config.monorepo.profiles.server.enable then { - after = [ "sops-nix.service" ]; - confinement.enable = lib.mkForce false; - preStart = '' - mkdir -p /var/lib/public-inbox/.tmp - chmod 0700 /var/lib/public-inbox/.tmp - ln -sfn ${config.sops.templates."public-inbox-netrc".path} /var/lib/public-inbox/.netrc - ''; - environment = { - PUBLIC_INBOX_FORCE_IPV4 = "1"; - NETRC = config.sops.templates."public-inbox-netrc".path; - HOME = "/var/lib/public-inbox"; - TMPDIR = "/var/lib/public-inbox/.tmp"; - }; - - serviceConfig = { - RestrictSUIDSGID = lib.mkForce false; - ReadWritePaths = [ "/var/lib/public-inbox" ]; - RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" ]; - PrivateNetwork = lib.mkForce false; - SystemCallFilter = lib.mkForce []; - RootDirectory = lib.mkForce ""; - - CapabilityBoundingSet = lib.mkForce [ "~" ]; - UMask = lib.mkForce "0022"; - ProtectSystem = lib.mkForce false; - }; - } else {}; - - services.public-inbox = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - settings = { - coderepo = lib.genAttrs config.monorepo.vars.projects (name: { - dir = "${config.users.users.git.home}/${name}.git"; - cgitUrl = "https://git.${config.monorepo.vars.orgHost}/${name}.git"; - }); - publicinbox.css = ["/var/lib/public-inbox/style.css"]; - publicinbox.wwwlisting = "all"; - }; - http = { - enable = true; - port = 9090; - }; - inboxes = lib.genAttrs config.monorepo.vars.projects (name: { - description = "discussion of the ${name} project."; - address = [ "${name}@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/${name}"; - url = "https://list.${config.monorepo.vars.orgHost}/${name}"; - watch = [ "imaps://${name}${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - coderepo = [ "${name}" ]; - }) // { - "discussion" = { - description = "Main Nullring Discussion Mailing List"; - address = [ "discussion@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/discuss"; - url = "https://list.${config.monorepo.vars.orgHost}/discussion"; - watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - }; - }; - }; -} diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix deleted file mode 100644 index dc0a7c3..0000000 --- a/nix/modules/secrets.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ config, ... }: -{ - sops = { - defaultSopsFile = - if config.monorepo.profiles.server.enable - then ../secrets/vps_secrets.yaml - else ../secrets/secrets.yaml; - - - templates = - if config.monorepo.profiles.server.enable then { - "public-inbox-netrc" = { - owner = "public-inbox"; - group = "public-inbox"; - mode = "0400"; - content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' - machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; - }; - "matterbridge" = { - owner = "matterbridge"; - content = '' - [irc.myirc] - Server="127.0.0.1:6667" - Nick="bridge" - RemoteNickFormat="[{PROTOCOL}] <{NICK}> " - UseTLS=false - - [telegram.mytelegram] - Token="${config.sops.placeholder.telegram_token}" - RemoteNickFormat="<({PROTOCOL}){NICK}> " - MessageFormat="HTMLNick :" - QuoteFormat="{MESSAGE} (re @{QUOTENICK}: {QUOTEMESSAGE})" - QuoteLengthLimit=46 - IgnoreMessages="^/" - - [discord.mydiscord] - Token="${config.sops.placeholder.discord_token}" - Server="Null Identity" - AutoWebHooks=true - RemoteNickFormat="[{PROTOCOL}] <{NICK}> " - PreserveThreading=true - - [[gateway]] - name="gateway1" - enable=true - - [[gateway.inout]] - account="irc.myirc" - channel="#nullring" - - [[gateway.inout]] - account="discord.mydiscord" - channel="ID:996282946879242262" - - [[gateway.inout]] - account="telegram.mytelegram" - channel="-5290629325" - ''; - }; - } else { }; - - age = { - keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt"; - }; - - secrets = - if config.monorepo.profiles.desktop.enable then { - mail = { - format = "yaml"; - }; - cloudflare-dns = { - format = "yaml"; - }; - digikey = { - format = "yaml"; - }; - dn42 = { - format = "yaml"; - }; - } else { - znc = { - format = "yaml"; - }; - znc_password_salt = { - format = "yaml"; - }; - znc_password_hash = { - format = "yaml"; - }; - matrix_bridge = { - format = "yaml"; - }; - mail_password = { - format = "yaml"; - owner = "maddy"; - }; - - mail_monorepo_password_pi = { - format = "yaml"; - owner = "public-inbox"; - }; - - mautrix_env = { - format = "yaml"; - }; - telegram_token = { - format = "yaml"; - }; - discord_token = { - format = "yaml"; - }; - mpd_password = { - format = "yaml"; - owner = "nginx"; - }; - }; - }; -} diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix deleted file mode 100644 index c816f1c..0000000 --- a/nix/modules/ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ... }: -{ - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - AllowUsers = [ config.monorepo.vars.userName "git" ]; - PermitRootLogin = "no"; - KbdInteractiveAuthentication = false; - }; - }; - networking.firewall.allowedTCPPorts = lib.mkIf config.services.openssh.enable [ 22 ]; -} diff --git a/nix/modules/tor.nix b/nix/modules/tor.nix deleted file mode 100644 index 73cb4b2..0000000 --- a/nix/modules/tor.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: -{ - services.tor = { - enable = lib.mkDefault config.monorepo.profiles.tor.enable; - openFirewall = true; - client = { - enable = lib.mkDefault config.monorepo.profiles.tor.enable; - socksListenAddress = { - IsolateDestAddr = true; - addr = "127.0.0.1"; - port = 9050; - }; - dns.enable = true; - }; - torsocks = { - enable = lib.mkDefault config.monorepo.profiles.tor.enable; - server = "127.0.0.1:9050"; - }; - }; -} diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix deleted file mode 100644 index 062a17a..0000000 --- a/nix/modules/vars.nix +++ /dev/null @@ -1,131 +0,0 @@ -{ lib, ... }: -let - vars = import ../flakevars.nix; -in -{ - options.monorepo.vars = { - device = lib.mkOption { - type = lib.types.str; - default = "/dev/sda"; - example = "/dev/nvme0n1"; - description = "device that NixOS is installed to"; - }; - - internetName = lib.mkOption { - type = lib.types.str; - default = "${vars.internetName}"; - example = "myinternetname"; - description = "Internet name to be used for internet usernames"; - }; - - sshKey = lib.mkOption { - type = lib.types.str; - default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; - example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; - description = "Admin public key for managing multiple configurations"; - }; - - dkimKey = lib.mkOption { - type = lib.types.str; - default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB"; - example = "string_after_p="; - description = "dkim key to put in host record for email"; - }; - - repoName = lib.mkOption { - type = lib.types.str; - default = "monorepo"; - example = "myreponame"; - description = "Name of this repository"; - }; - - projects = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "monorepo" - "nullerbot" - ]; - example = [ - "project1" - "project2" - "project3" - ]; - description = "Names of repos that will have mailing lists"; - }; - - fileSystem = lib.mkOption { - type = lib.types.str; - default = "ext4"; - example = "btrfs"; - description = "filesystem to install with disko"; - }; - - diskoSpec = lib.mkOption { - type = lib.types.attrs; - description = "retains a copy of the disko spec for reflection"; - }; - - fullName = lib.mkOption { - type = lib.types.str; - default = "Preston Pan"; - example = "John Doe"; - description = "Full Name"; - }; - - userName = lib.mkOption { - type = lib.types.str; - default = "preston"; - example = "myUser"; - description = "system username"; - }; - - gpgKey = lib.mkOption { - type = lib.types.str; - default = "AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1"; - example = "1234567890ABCDEF..."; - description = "GPG key fingerprint"; - }; - - remoteHost = lib.mkOption { - type = lib.types.str; - default = "${vars.remoteHost}"; - example = "example.com"; - description = "Address to push to and pull from for website and git repos"; - }; - - orgHost = lib.mkOption { - type = lib.types.str; - default = "${vars.orgHost}"; - example = "orgname.org"; - description = "Domain name of your organization, points to same VPS as remoteHost"; - }; - - email = lib.mkOption { - type = lib.types.str; - default = "${vars.internetName}@${vars.orgHost}"; - example = "example@example.org"; - description = "Admin email address"; - }; - - timeZone = lib.mkOption { - type = lib.types.str; - default = "America/Vancouver"; - example = "America/Chicago"; - description = "Linux timezone"; - }; - - monitors = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "HDMI-A-1" - "eDP-1" - "DP-2" - "DP-3" - "DP-4" - "LVDS-1" - ]; - example = []; - description = "Monitors that waybar will use"; - }; - }; -} diff --git a/nix/modules/xserver.nix b/nix/modules/xserver.nix deleted file mode 100644 index e3e0d9d..0000000 --- a/nix/modules/xserver.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, pkgs, ... }: -{ - services.xserver = { - enable = (! config.monorepo.profiles.ttyonly.enable); - displayManager = { - startx.enable = (! config.monorepo.profiles.ttyonly.enable); - }; - - # windowManager = { - # i3 = { - # enable = (! config.monorepo.profiles.ttyonly.enable); - # }; - # }; - - desktopManager = { - runXdgAutostartIfNone = true; - }; - - # xkb = { - # layout = "us"; - # variant = ""; - # options = "caps:escape"; - # }; - - videoDrivers = (if config.monorepo.profiles.cuda.enable then [ "nvidia" ] else [ ]); - }; -} diff --git a/nix/modules/znc.nix b/nix/modules/znc.nix deleted file mode 100644 index c9f9b51..0000000 --- a/nix/modules/znc.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, config, ... }: -{ - services.znc = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - openFirewall = true; - confOptions = { - useSSL = true; - passBlock = '' -<Pass password> - Method = sha256 - Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea - Salt = sDY,?H5AxC-!gH3a.:)D -</Pass> -''; - modules = [ - "partyline" - "webadmin" - "adminlog" - "log" - ]; - networks = { - "libera" = { - server = "irc.libera.chat"; - port = 6697; - useSSL = true; - modules = [ "simple_away" ]; - }; - "nullring" = { - server = "${config.monorepo.vars.orgHost}"; - port = 6697; - useSSL = true; - modules = [ "simple_away" "log" ]; - }; - }; - }; - }; -} |