diff options
Diffstat (limited to 'nix/modules')
| -rw-r--r-- | nix/modules/cgit.nix | 4 | ||||
| -rw-r--r-- | nix/modules/configuration.nix | 133 | ||||
| -rw-r--r-- | nix/modules/git-daemon.nix | 2 | ||||
| -rw-r--r-- | nix/modules/home/default.nix | 28 | ||||
| -rw-r--r-- | nix/modules/home/emacs.nix | 10 | ||||
| -rw-r--r-- | nix/modules/home/firefox.nix | 252 | ||||
| -rw-r--r-- | nix/modules/home/git.nix | 17 | ||||
| -rw-r--r-- | nix/modules/home/hyprland.nix | 15 | ||||
| -rw-r--r-- | nix/modules/home/mbsync.nix | 24 | ||||
| -rw-r--r-- | nix/modules/home/mpd.nix | 34 | ||||
| -rw-r--r-- | nix/modules/home/msmtp.nix | 12 | ||||
| -rw-r--r-- | nix/modules/home/secrets.nix | 4 | ||||
| -rw-r--r-- | nix/modules/home/user.nix | 14 | ||||
| -rw-r--r-- | nix/modules/maddy.nix | 17 | ||||
| -rw-r--r-- | nix/modules/nginx.nix | 267 | ||||
| -rw-r--r-- | nix/modules/public_inbox.nix | 41 | ||||
| -rw-r--r-- | nix/modules/secrets.nix | 7 | ||||
| -rw-r--r-- | nix/modules/vars.nix | 51 | ||||
| -rw-r--r-- | nix/modules/znc.nix | 2 |
19 files changed, 345 insertions, 589 deletions
diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix index 54eb90c..eb0cc63 100644 --- a/nix/modules/cgit.nix +++ b/nix/modules/cgit.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { services.cgit."my-projects" = { - enable = true; - scanPath = "/srv/git"; + enable = lib.mkDefault config.monorepo.profiles.server.enable; + scanPath = "${config.users.users.git.home}"; settings = { root-title = "Nullring Git Server"; root-desc = "Projects and cool things"; diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index decc121..564a8b1 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -11,6 +11,7 @@ let "maddy" "ntfy-sh" "public-inbox" + "plugdev" ]; in { @@ -31,7 +32,6 @@ in ./git-daemon.nix ./ollama.nix ./i2pd.nix - ./gitweb.nix ./conduit.nix ./bitcoin.nix ./murmur.nix @@ -83,6 +83,7 @@ country=CA btrfs = true; ext4 = true; }; + extraModprobeConfig = '' options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1 options rtw88_core disable_lps_deep=y power_save=0 disable_aspm_l1ss=y @@ -122,10 +123,10 @@ country=CA }; kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" + "snd-seq" + "snd-rawmidi" + "xhci_hcd" + "kvm_intel" "af_packet" "ccm" "ctr" @@ -200,29 +201,28 @@ country=CA ]; kernel.sysctl = { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; - # madaidan + # madaidan "kernel.smtcontrol" = "on"; - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; - # net + # net "net.ipv4.ip_forward" = 1; - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - - # "net.ipv4.conf.all.accept_redirects" = false; - # "net.ipv4.conf.all.secure_redirects" = false; - # "net.ipv4.conf.default.accept_redirects" = false; - # "net.ipv4.conf.default.secure_redirects" = false; - # "net.ipv6.conf.all.accept_redirects" = false; - # "net.ipv6.conf.default.accept_redirects" = false; + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + # "net.ipv4.conf.all.accept_redirects" = false; + # "net.ipv4.conf.all.secure_redirects" = false; + # "net.ipv4.conf.default.accept_redirects" = false; + # "net.ipv4.conf.default.secure_redirects" = false; + # "net.ipv6.conf.all.accept_redirects" = false; + # "net.ipv6.conf.default.accept_redirects" = false; }; }; @@ -282,17 +282,17 @@ country=CA graphics.enable = ! config.monorepo.profiles.ttyonly.enable; bluetooth = { - enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); - powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); + enable = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); + powerOnBoot = lib.mkDefault (! config.monorepo.profiles.ttyonly.enable); }; }; services = { pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; }; jitterentropy-rngd.enable = true; @@ -301,16 +301,14 @@ country=CA usbguard.enable = false; dbus.apparmor = "enabled"; - kanata.enable = true; - # Misc. udev = { - extraRules = ''''; - packages = if config.monorepo.profiles.workstation.enable then with pkgs; [ - platformio-core - platformio-core.udev - openocd - ] else []; + extraRules = ''''; + packages = if config.monorepo.profiles.workstation.enable then with pkgs; [ + platformio-core + platformio-core.udev + openocd + ] else []; }; printing.enable = lib.mkDefault config.monorepo.profiles.workstation.enable; @@ -327,8 +325,8 @@ country=CA nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; + allowUnfree = true; + cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; }; }; @@ -338,19 +336,19 @@ country=CA defaults.email = "ret2pop@gmail.com"; }; apparmor = { - enable = true; - killUnconfinedConfinables = true; + enable = true; + killUnconfinedConfinables = true; packages = with pkgs; [ apparmor-profiles ]; - policies = { - firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; - }; + # policies = { + # firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; + # }; }; pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } + { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; rtkit.enable = true; @@ -361,9 +359,9 @@ country=CA forcePageTableIsolation = true; tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; }; auditd.enable = true; @@ -376,9 +374,9 @@ country=CA enable = (! config.monorepo.profiles.ttyonly.enable); wlr.enable = (! config.monorepo.profiles.ttyonly.enable); extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + xdg-desktop-portal + xdg-desktop-portal-hyprland ] else []; config.common.default = "*"; }; @@ -403,7 +401,7 @@ country=CA (writeShellScriptBin "new-repo" '' #!/bin/bash - cd /srv/git + cd ${config.users.users.git.home} git init --bare "$1" vim "$1/description" chown -R git:git "$1" @@ -445,37 +443,36 @@ country=CA nginx = { group = "nginx"; isSystemUser = lib.mkDefault true; - extraGroups = [ - "acme" - ]; + extraGroups = [ "acme" ]; }; root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey ]; git = { - isSystemUser = true; - home = "/srv/git"; - shell = "/bin/sh"; + isSystemUser = true; + home = "/srv/git"; + shell = "/bin/sh"; group = "git"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEF+mcL9nDkzVhCYyYWCIrP+b6oRiiaV509jywbD0Vq nix-on-droid@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCedJm0yYB0qLah/Y7PqLVgNh6qp+yujssGtuR05KbZLzSnsLUjUMObMyjFB9xTKrSGDqyoMkNe2l5VXMBJ9wBKLbzqMWbkakAWOj7EC/qZ6dFWA075mniwAuWKY/Q8QYohAJbbeU4j0ObWrltd4ar2Ac9vsVyftYF5efg8PEqVdOxzrBn5taY1zCCRjee5ISeRDIovnBbq7x86jsx5VnXTjMN9FZCI2qmz992Sg/PPXpXat+O1YQlG0eBHEny2Ug9gaAYnGOVr6kZKE4lrjz47nrXVXO6lJsNXmuzTVnEgo30DAA3dV4fws/M5ptM5Pgg2qe94HyHWhhmtXOekWmGtP3YxpVe3M/SPl31UL570ZDuuCcpJTsbe90ZyXC3CiSJkLKbmFkfOgZ6DI2LT8KSp09/2NCtZYriLN/nXObn6gQzByGMxVyKNx2hh8ENt9hzTCAk5lYDK3g3wS8eLCY3EH/caEqT9mLZEZeRHtAhtfozo1VJL7sSZ0Zm7wiIxHylwOshh1sYI1gb1MgMqNnrr1t8+8UK+Q0NERQW3yiphG36HXWy/DdCG0EF+N850KbgH1FFur+m+3hZCZCFVp3tGCcOC+bxWMBT3+9yC6LARi5cFjLQaWLsNO5xEs4vqX3+s3QjJ0pAYDkgtoeY2Fbh+imN+JasWn/cSy5p3UdE4ZQ== andrei@kiss" ]; }; "${config.monorepo.vars.userName}" = { openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + config.monorepo.vars.sshKey ]; linger = true; - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" ]; - shell = pkgs.zsh; - packages = []; + initialPassword = "${config.monorepo.vars.userName}"; + isNormalUser = true; + description = config.monorepo.vars.fullName; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" "docker" "plugdev" ]; + shell = pkgs.zsh; + packages = []; }; }; diff --git a/nix/modules/git-daemon.nix b/nix/modules/git-daemon.nix index e5e2192..5b79304 100644 --- a/nix/modules/git-daemon.nix +++ b/nix/modules/git-daemon.nix @@ -3,6 +3,6 @@ services.gitDaemon = { enable = lib.mkDefault config.monorepo.profiles.server.enable; exportAll = true; - basePath = "/srv/git"; + basePath = "${config.users.users.git.home}"; }; } diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix index a45ce59..6e92c86 100644 --- a/nix/modules/home/default.nix +++ b/nix/modules/home/default.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, sops-nix, ... }: +{ lib, config, pkgs, sops-nix, super, ... }: { imports = [ sops-nix.homeManagerModules.sops @@ -42,35 +42,13 @@ lang-coq.enable = lib.mkEnableOption "Enables coq language support"; lang-lean.enable = lib.mkEnableOption "Enables lean language support"; lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; - crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; art.enable = lib.mkEnableOption "Enables various art programs"; music.enable = lib.mkEnableOption "Enables mpd"; workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; hyprland.enable = lib.mkEnableOption "Enables hyprland"; - - email = { - email = lib.mkOption { - type = lib.types.str; - default = "ret2pop@nullring.xyz"; - example = "john@example.com"; - description = "Email address and imaps/smtps account"; - }; - imapsServer = lib.mkOption { - type = lib.types.str; - default = "mail.nullring.xyz"; - example = "imap.example.com"; - description = "imaps server address"; - }; - smtpsServer = lib.mkOption { - type = lib.types.str; - default = "mail.nullring.xyz"; - example = "smtp.example.com"; - description = "smtp server address"; - }; - enable = lib.mkEnableOption "Enables email"; - }; + email.enable = lib.mkEnableOption "Enables email"; }; }; @@ -198,7 +176,7 @@ email.enable = lib.mkDefault config.monorepo.profiles.enable; # Programming - graphics.enable = lib.mkDefault config.monorepo.profiles.enable; + graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable); lang-c.enable = lib.mkDefault config.monorepo.profiles.enable; lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable; lang-python.enable = lib.mkDefault config.monorepo.profiles.enable; diff --git a/nix/modules/home/emacs.nix b/nix/modules/home/emacs.nix index cdf1def..bc85177 100644 --- a/nix/modules/home/emacs.nix +++ b/nix/modules/home/emacs.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, super, ... }: { programs.emacs = { @@ -6,10 +6,10 @@ package = pkgs.emacs-pgtk; extraConfig = '' (setq debug-on-error t) -(setq system-email "${config.monorepo.profiles.email.email}") -(setq system-username "${config.monorepo.vars.internetName}") -(setq system-fullname "${config.monorepo.vars.fullName}") -(setq system-gpgkey "${config.monorepo.vars.gpgKey}") +(setq system-email "${super.monorepo.vars.email}") +(setq system-username "${super.monorepo.vars.internetName}") +(setq system-fullname "${super.monorepo.vars.fullName}") +(setq system-gpgkey "${super.monorepo.vars.gpgKey}") (load "${pkgs.writeText "init.el" (builtins.readFile ../../init.el)}") ''; diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix index 3ae8f71..df05517 100644 --- a/nix/modules/home/firefox.nix +++ b/nix/modules/home/firefox.nix @@ -1,12 +1,8 @@ { lib, config, pkgs, ... }: { - programs.firefox = { + programs.librewolf = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - package = pkgs.firefox; - policies = { - EnableTrackingProtection = true; - OfferToSaveLogins = false; - }; + package = pkgs.librewolf; profiles = { default = { id = 0; @@ -18,249 +14,9 @@ tree-style-tab firefox-color vimium - ] - ++ (lib.optional - config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - - settings = { - media = { - memory_cache_max_size = 65536; - cache_readahead_limit = 7200; - cache_resume_threshold = 3600; - peerconnection.ice = { - proxy_only_if_behind_proxy = true; - default_address_only = true; - }; - }; - - gfx = { - content.skia-font-cache-size = 20; - canvas.accelerated = { - cache-items = 4096; - cache-size = 512; - }; - }; - - network = { - http = { - max-connections = 1800; - max-persistent-connections-per-server = 10; - max-urgent-start-excessive-connections-per-host = 5; - referer.XOriginTrimmingPolicy = 2; - }; - - buffer.cache = { - size = 262144; - count = 128; - }; - - dns = { - max_high_priority_threads = 8; - disablePrefetch = true; - }; - - pacing.requests.enabled = false; - dnsCacheExpiration = 3600; - ssl_tokens_cache_capacity = 10240; - prefetch-next = false; - predictor.enabled = false; - cookie.sameSite.noneRequiresSecure = true; - IDN_show_punycode = true; - auth.subresource-http-auth-allow = 1; - captive-portal-service.enabled = false; - connectivity-service.enabled = false; - }; - - browser = { - download = { - always_ask_before_handling_new_types = true; - manager.addToRecentDocs = false; - open_pdf_attachments_inline = true; - start_downloads_in_tmp_dir = true; - }; - - urlbar = { - suggest.quicksuggest.sponsored = false; - suggest.quicksuggest.nonsponsored = false; - suggest.calculator = true; - update2.engineAliasRefresh = true; - unitConversion.enabled = true; - trending.featureGate = false; - }; - - search = { - separatePrivateDefault.ui.enabled = true; - suggest.enabled = false; - }; - - newtabpage.activity-stream = { - feeds = { - topsites = false; - section.topstories = false; - telemetry = false; - }; - asrouter.userprefs.cfr = { - addons = false; - features = false; - }; - telemetry = false; - }; - - privatebrowsing = { - vpnpromourl = ""; - forceMediaMemoryCache = true; - }; - - display = { - focus_ring_on_anything = true; - focus_ring_style = 0; - focus_ring_width = 0; - }; - - cache.jsbc_compression_level = 3; - helperApps.deleteTempFileOnExit = true; - uitour.enabled = false; - sessionstore.interval = 60000; - formfill.enable = false; - xul.error_pages.expert_bad_cert = true; - contentblocking.category = "strict"; - ping-centre.telemetry = false; - discovery.enabled = false; - shell.checkDefaultBrowser = false; - preferences.moreFromMozilla = false; - tabs.tabmanager.enabled = false; - aboutConfig.showWarning = false; - aboutwelcome.enabled = false; - bookmarks.openInTabClosesMenu = false; - menu.showViewImageInfo = true; - compactmode.show = true; - safebrowsing.downloads.remote.enabled = false; - tabs.crashReporting.sendReport = false; - crashReports.unsubmittedCheck.autoSubmit2 = false; - privateWindowSeparation.enabled = false; - }; - - security = { - mixed_content = { - block_display_content = true; - upgrade_display_content = true; - }; - insecure_connection_text = { - enabled = true; - pbmode.enabled = true; - }; - OCSP.enabled = 0; - remote_settings.crlite_filters.enabled = true; - pki.crlite_mode = 2; - ssl.treat_unsafe_negotiation_as_broken = true; - tls.enable_0rtt_data = false; - }; - - toolkit = { - telemetry = { - unified = false; - enabled = false; - server = "data:,"; - archive.enabled = false; - newProfilePing.enabled = false; - shutdownPingSender.enabled = false; - updatePing.enabled = false; - bhrPing.enabled = false; - firstShutdownPing.enabled = false; - coverage.opt-out = true; - }; - coverage = { - opt-out = true; - endpoint.base = ""; - }; - legacyUserProfileCustomizations.stylesheets = true; - }; - - dom = { - security = { - https_first = true; - https_first_schemeless = true; - sanitizer.enabled = true; - }; - enable_web_task_scheduling = true; - }; - - layout = { - css = { - grid-template-masonry-value.enabled = true; - has-selector.enabled = true; - prefers-color-scheme.content-override = 2; - }; - word_select.eat_space_to_next_word = false; - }; - - urlclassifier = { - trackingSkipURLs = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; - features.socialtracking.skipURLs = "*.instagram.com, *.twitter.com, *.twimg.com"; - }; - - privacy = { - globalprivacycontrol.enabled = true; - history.custom = true; - userContext.ui.enabled = true; - trackingprotection = { - enabled = true; - pbmode.enabled = true; - socialtracking.enabled = true; - }; - }; - - full-screen-api = { - transition-duration = { - enter = "0 0"; - leave = "0 0"; - }; - warning = { - delay = -1; - timeout = 0; - }; - }; - - permissions.default = { - desktop-notification = 2; - geo = 2; - }; - - signon = { - formlessCapture.enabled = false; - privateBrowsingCapture.enabled = false; - }; - - datareporting = { - policy.dataSubmissionEnabled = false; - healthreport.uploadEnabled = false; - }; - - extensions = { - pocket.enabled = false; - getAddons.showPane = false; - htmlaboutaddons.recommendations.enabled = false; - postDownloadThirdPartyPrompt = false; - }; - - app = { - shield.optoutstudies.enabled = false; - normandy.enabled = false; - normandy.api_url = ""; - }; + privacy-redirect + ] ++ (lib.optional config.monorepo.profiles.crypto.enable pkgs.nur.repos.rycee.firefox-addons.metamask); - image.mem.decode_bytes_at_a_time = 32768; - editor.truncate_user_pastes = false; - pdfjs.enableScripting = false; - geo.provider.network.url = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; - permissions.manager.defaultsUrl = ""; - webchannel.allowObject.urlWhitelist = ""; - breakpad.reportURL = ""; - captivedetect.canonicalURL = ""; - cookiebanners.service.mode = 1; - findbar.highlightAll = true; - content.notify.interval = 100000; - }; }; }; }; diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix index 24e84b4..4018a3b 100644 --- a/nix/modules/home/git.nix +++ b/nix/modules/home/git.nix @@ -1,25 +1,26 @@ -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, super, ... }: { programs.git = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; package = pkgs.gitFull; lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - userName = config.monorepo.vars.fullName; - userEmail = config.monorepo.profiles.email.email; + userName = super.monorepo.vars.fullName; + userEmail = "${super.monorepo.vars.email}"; signing = { - key = config.monorepo.vars.gpgKey; + key = super.monorepo.vars.gpgKey; signByDefault = true; }; extraConfig = { init.defaultBranch = "main"; - credential."${config.monorepo.profiles.email.smtpsServer}" = { - username = "${config.monorepo.profiles.email.email}"; + credential."mail.${super.monorepo.vars.orgHost}" = { + username = "${super.monorepo.vars.email}"; helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; }; + sendemail = { - smtpserver = "${config.monorepo.profiles.email.smtpsServer}"; - smtpuser = "${config.monorepo.profiles.email.email}"; + smtpserver = "mail.${super.monorepo.vars.orgHost}"; + smtpuser = "${super.monorepo.vars.email}"; smtpserverport = 465; smtpencryption = "ssl"; }; diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix index b649e96..3e867cb 100644 --- a/nix/modules/home/hyprland.nix +++ b/nix/modules/home/hyprland.nix @@ -23,7 +23,7 @@ "fcitx5 -d --replace" "fcitx5-remote -r" "emacs" - "firefox" + "librewolf" ]; env = [ "LIBVA_DRIVER_NAME,nvidia" @@ -53,11 +53,16 @@ workspace = 1; } { - name = "firefox"; - "match:class" = "firefox"; + name = "librewolf"; + "match:class" = "librewolf"; workspace = 2; } { + name = "element-desktop"; + "match:class" = "element-desktop"; + workspace = 3; + } + { name = "vesktop"; "match:class" = "vesktop"; workspace = 3; @@ -80,13 +85,13 @@ ]; bind = [ - "$mod, F, exec, firefox" + "$mod, F, exec, librewolf" "$mod, Return, exec, kitty" "$mod, E, exec, emacs" "$mod, B, exec, bitcoin-qt" "$mod, S, exec, pavucontrol" "$mod, M, exec, monero-wallet-gui" - "$mod, V, exec, vesktop" + "$mod, V, exec, element-desktop" "$mod, C, exec, fluffychat" "$mod, D, exec, wofi --show run" "$mod, P, exec, bash ${scripts}/powermenu.sh" diff --git a/nix/modules/home/mbsync.nix b/nix/modules/home/mbsync.nix index b7c7424..893528e 100644 --- a/nix/modules/home/mbsync.nix +++ b/nix/modules/home/mbsync.nix @@ -1,28 +1,28 @@ -{ lib, config, ... }: +{ lib, config, super, ... }: { programs.mbsync = { enable = lib.mkDefault config.monorepo.profiles.email.enable; extraConfig = '' - IMAPAccount ${config.monorepo.vars.internetName} - Host ${config.monorepo.profiles.email.imapsServer} - User ${config.monorepo.profiles.email.email} + IMAPAccount ${super.monorepo.vars.internetName} + Host mail.${super.monorepo.vars.orgHost} + User ${super.monorepo.vars.email} PassCmd "cat ${config.sops.secrets.mail.path}" Port 993 TLSType IMAPS AuthMechs * CertificateFile /etc/ssl/certs/ca-certificates.crt - IMAPStore ${config.monorepo.vars.internetName}-remote - Account ${config.monorepo.vars.internetName} + IMAPStore ${super.monorepo.vars.internetName}-remote + Account ${super.monorepo.vars.internetName} - MaildirStore ${config.monorepo.vars.internetName}-local - Path ~/email/${config.monorepo.vars.internetName}/ - Inbox ~/email/${config.monorepo.vars.internetName}/INBOX + MaildirStore ${super.monorepo.vars.internetName}-local + Path ~/email/${super.monorepo.vars.internetName}/ + Inbox ~/email/${super.monorepo.vars.internetName}/INBOX SubFolders Verbatim - Channel ${config.monorepo.vars.internetName} - Far :${config.monorepo.vars.internetName}-remote: - Near :${config.monorepo.vars.internetName}-local: + Channel ${super.monorepo.vars.internetName} + Far :${super.monorepo.vars.internetName}-remote: + Near :${super.monorepo.vars.internetName}-local: Patterns * Create Near Sync All diff --git a/nix/modules/home/mpd.nix b/nix/modules/home/mpd.nix index 2ab711b..b423a70 100644 --- a/nix/modules/home/mpd.nix +++ b/nix/modules/home/mpd.nix @@ -10,14 +10,14 @@ network.listenAddress = "0.0.0.0"; extraConfig = '' audio_output { - type "pipewire" - name "pipewire output" + type "pipewire" + name "pipewire output" } audio_output { type "httpd" name "Ret2pop's Music Stream" - encoder "opus" # optional + encoder "opus" port "8000" bitrate "128000" format "48000:16:1" @@ -25,20 +25,20 @@ tags "yes" } -audio_output { - type "shout" - name "My VPS Stream" - host "127.0.0.1" - port "8888" # This must match your SSH tunnel local port - mount "/stream" # The URL path (e.g. http://vps:8000/stream) - password "SuperSecretSourcePass" - bitrate "128" - format "44100:16:2" - protocol "icecast2" # Essential for modern Icecast - user "source" # Default icecast source user - description "My MPD Stream" - genre "Mixed" -} + audio_output { + type "shout" + name "My VPS Stream" + host "127.0.0.1" + port "8888" + mount "/stream" + password "SuperSecretSourcePass" + bitrate "128" + format "44100:16:2" + protocol "icecast2" + user "source" + description "My MPD Stream" + genre "Mixed" + } ''; }; } diff --git a/nix/modules/home/msmtp.nix b/nix/modules/home/msmtp.nix index 6d69922..c1abd8f 100644 --- a/nix/modules/home/msmtp.nix +++ b/nix/modules/home/msmtp.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, super, ... }: { programs.msmtp = { enable = lib.mkDefault config.monorepo.profiles.email.enable; @@ -12,16 +12,16 @@ logfile ~/.msmtp.log # Gmail - account ${config.monorepo.vars.userName} - host ${config.monorepo.profiles.email.smtpsServer} + account ${super.monorepo.vars.internetName} + host mail.${super.monorepo.vars.orgHost} port 587 - from ${config.monorepo.profiles.email.email} - user ${config.monorepo.profiles.email.email} + from ${super.monorepo.vars.email} + user ${super.monorepo.vars.email} passwordeval "cat ${config.sops.secrets.mail.path}" # Set a default account - account default : ${config.monorepo.vars.userName} + account default : ${super.monorepo.vars.internetName} ''; }; } diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix index a38b4e0..8de0f59 100644 --- a/nix/modules/home/secrets.nix +++ b/nix/modules/home/secrets.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, super, ... }: { sops = { defaultSopsFile = if config.monorepo.profiles.graphics.enable @@ -6,7 +6,7 @@ else ../../secrets/vps_secrets.yaml; age = { - keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt"; + keyFile = "/home/${super.monorepo.vars.userName}/.config/sops/age/keys.txt"; }; secrets = if config.monorepo.profiles.graphics.enable then { diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index 28bbd22..05729b1 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, super, pkgs, ... }: { home = { activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] '' @@ -47,7 +47,7 @@ # Apps # octaveFull - vesktop grim swww vim kotatogram-desktop tg qwen-code element-desktop thunderbird jami + grim swww vim kotatogram-desktop tg qwen-code element-desktop signal-desktop thunderbird jami # Sound/media pavucontrol alsa-utils imagemagick ffmpeg helvum @@ -59,7 +59,7 @@ torsocks tor-browser # For transfering secrets onto new system - magic-wormhole stow + stow # fonts nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-color-emoji fira-code font-awesome_6 victor-mono @@ -133,7 +133,6 @@ cd "$HOME" '') ] else [ pfetch - # net curl torsocks @@ -155,6 +154,13 @@ cd "$HOME" enable = true; defaultApplications = { "x-scheme-handler/mailto" = "emacsclient-mail.desktop"; + "text/html" = "librewolf.desktop"; + "text/xml" = "librewolf.desktop"; + "application/xhtml+xml" = "librewolf.desktop"; + "x-scheme-handler/http" = "librewolf.desktop"; + "x-scheme-handler/https" = "librewolf.desktop"; + "x-scheme-handler/about" = "librewolf.desktop"; + "x-scheme-handler/unknown" = "librewolf.desktop"; }; }; diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix index 706e187..a36e3b4 100644 --- a/nix/modules/maddy.nix +++ b/nix/modules/maddy.nix @@ -25,25 +25,16 @@ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; - ensureAccounts = [ + ensureAccounts = (builtins.map (x: "${x}@${config.monorepo.vars.orgHost}") config.monorepo.vars.projects) ++ [ "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" - "monorepo@${config.monorepo.vars.orgHost}" - "nullerbot@${config.monorepo.vars.orgHost}" "discussion@${config.monorepo.vars.orgHost}" ]; - ensureCredentials = { + ensureCredentials = lib.genAttrs config.services.maddy.ensureAccounts (name: { + passwordFile = "/run/secrets/mail_monorepo_password"; + }) // { "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_password"; }; - "monorepo@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; - "nullerbot@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; - "discussion@${config.monorepo.vars.orgHost}" = { - passwordFile = "/run/secrets/mail_monorepo_password"; - }; }; }; } diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix index 791e3a4..18fa1eb 100644 --- a/nix/modules/nginx.nix +++ b/nix/modules/nginx.nix @@ -1,113 +1,108 @@ { config, lib, ... }: { - services.nginx = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; - user = "nginx"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = false; - - gitweb = { + config = lib.mkIf config.monorepo.profiles.server.enable { + services.nginx = { enable = true; - virtualHost = "${config.monorepo.vars.orgHost}"; - }; - - virtualHosts = { - "matrix.${config.monorepo.vars.orgHost}" = { - enableACME = true; - forceSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://127.0.0.1:6167"; - extraConfig = '' + user = "nginx"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = false; + virtualHosts = { + "matrix.${config.monorepo.vars.orgHost}" = { + enableACME = config.monorepo.profiles.server.enable; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + locations."/_matrix/" = { + proxyPass = "http://127.0.0.1:6167"; + extraConfig = '' proxy_set_header Host $host; proxy_buffers 32 16k; proxy_read_timeout 5m; ''; - }; - locations."= /.well-known/matrix/server" = { - extraConfig = '' + }; + locations."= /.well-known/matrix/server" = { + extraConfig = '' default_type application/json; add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - - return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; - }; - locations."/.well-known/matrix/client" = { - extraConfig = '' + + return = ''200 '{"m.server": "matrix.${config.monorepo.vars.orgHost}:443"}' ''; + }; + locations."/.well-known/matrix/client" = { + extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'"; - }; + return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.${config.monorepo.vars.orgHost}\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix.${config.monorepo.vars.orgHost}:8443\"}]}'"; + }; - extraConfig = '' + extraConfig = '' merge_slashes off; ''; - }; + }; - "matrix.${config.monorepo.vars.orgHost}-livekit" = { - serverName = "matrix.${config.monorepo.vars.orgHost}"; - listen = [ - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - } - { - addr = "[::]"; - port = 8443; - ssl = true; - } - ]; - addSSL = true; - enableACME = false; - forceSSL = false; - useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; - - locations."/" = { - proxyPass = "http://127.0.0.1:6495"; - proxyWebsockets = true; - extraConfig = '' + "matrix.${config.monorepo.vars.orgHost}-livekit" = { + serverName = "matrix.${config.monorepo.vars.orgHost}"; + listen = [ + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + } + { + addr = "[::]"; + port = 8443; + ssl = true; + } + ]; + addSSL = true; + enableACME = false; + forceSSL = false; + useACMEHost = "matrix.${config.monorepo.vars.orgHost}"; + + locations."/" = { + proxyPass = "http://127.0.0.1:6495"; + proxyWebsockets = true; + extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; + }; }; - }; - "livekit.${config.monorepo.vars.orgHost}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:7880"; - proxyWebsockets = true; - extraConfig = '' + "livekit.${config.monorepo.vars.orgHost}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:7880"; + proxyWebsockets = true; + extraConfig = '' proxy_read_timeout 3600s; proxy_send_timeout 3600s; @@ -141,53 +136,62 @@ } # --- CORS CONFIGURATION END --- ''; + }; }; - }; - "ntfy.${config.monorepo.vars.remoteHost}" = { - serverName = "ntfy.${config.monorepo.vars.remoteHost}"; - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:2586"; - proxyWebsockets = true; + "ntfy.${config.monorepo.vars.remoteHost}" = { + serverName = "ntfy.${config.monorepo.vars.remoteHost}"; + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:2586"; + proxyWebsockets = true; + extraConfig = '' +proxy_buffering off; +proxy_request_buffering off + +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +''; + }; }; - }; - "${config.monorepo.vars.remoteHost}" = { - serverName = "${config.monorepo.vars.remoteHost}"; - serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; - root = "/var/www/${config.monorepo.vars.internetName}-website/"; - addSSL = true; - enableACME = true; - }; + "${config.monorepo.vars.remoteHost}" = { + serverName = "${config.monorepo.vars.remoteHost}"; + serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ]; + root = "/var/www/${config.monorepo.vars.internetName}-website/"; + addSSL = true; + enableACME = true; + }; - "git.${config.monorepo.vars.orgHost}" = { - forceSSL = true; - enableACME = true; - }; - "list.${config.monorepo.vars.orgHost}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:9090"; - extraConfig = '' + "git.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + }; + "list.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:9090"; + extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; + }; }; - }; - # the port comes from ssh tunnelling - "music.${config.monorepo.vars.remoteHost}" = { - addSSL = true; - enableACME = true; - basicAuthFile = config.sops.secrets."mpd_password".path; - locations."/" = { - proxyPass = "http://localhost:8000"; - extraConfig = '' + # the port comes from ssh tunnelling + "music.${config.monorepo.vars.remoteHost}" = lib.mkIf config.monorepo.profiles.server.enable { + addSSL = true; + enableACME = true; + basicAuthFile = config.sops.secrets."mpd_password".path; + locations."/" = { + proxyPass = "http://localhost:8000"; + extraConfig = '' proxy_buffering off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -196,21 +200,22 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 36000s; ''; + }; }; - }; - "${config.monorepo.vars.orgHost}" = { - serverName = "${config.monorepo.vars.orgHost}"; - root = "/var/www/nullring/"; - addSSL = true; - enableACME = true; - }; + "${config.monorepo.vars.orgHost}" = { + serverName = "${config.monorepo.vars.orgHost}"; + root = "/var/www/nullring/"; + addSSL = true; + enableACME = true; + }; - "mail.${config.monorepo.vars.orgHost}" = { - serverName = "mail.${config.monorepo.vars.orgHost}"; - root = "/var/www/dummy"; - addSSL = true; - enableACME = true; + "mail.${config.monorepo.vars.orgHost}" = { + serverName = "mail.${config.monorepo.vars.orgHost}"; + root = "/var/www/dummy"; + addSSL = true; + enableACME = true; + }; }; }; }; diff --git a/nix/modules/public_inbox.nix b/nix/modules/public_inbox.nix index cba1e39..3cd084b 100644 --- a/nix/modules/public_inbox.nix +++ b/nix/modules/public_inbox.nix @@ -15,7 +15,7 @@ # Allow the service to see the file it just created BindPaths = [ "/var/lib/public-inbox" - "/srv/git/" + "${config.users.users.git.home}" ]; ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; # Ensure it can actually write to the directory during preStart @@ -55,10 +55,10 @@ services.public-inbox = { enable = lib.mkDefault config.monorepo.profiles.server.enable; settings = { - coderepo."nullerbot".dir = "/srv/git/nullerbot.git"; - coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git"; - coderepo."monorepo".dir = "/srv/git/monorepo.git"; - coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git"; + coderepo = lib.genAttrs config.monorepo.vars.projects (name: { + dir = "${config.users.users.git.home}/${name}.git"; + cgitUrl = "https://git.${config.monorepo.vars.orgHost}/${name}.git"; + }); publicinbox.css = ["/var/lib/public-inbox/style.css"]; publicinbox.wwwlisting = "all"; }; @@ -66,18 +66,14 @@ enable = true; port = 9090; }; - inboxes = { - "monorepo" = { - description = "discussion of ret2pop's monorepo project and related work."; - address = [ "monorepo@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/monorepo"; - url = "https://list.${config.monorepo.vars.orgHost}/monorepo"; - watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - coderepo = [ - "monorepo" - ]; - }; - + inboxes = lib.genAttrs config.monorepo.vars.projects (name: { + description = "discussion of the ${name} project."; + address = [ "${name}@${config.monorepo.vars.orgHost}" ]; + inboxdir = "/var/lib/public-inbox/${name}"; + url = "https://list.${config.monorepo.vars.orgHost}/${name}"; + watch = [ "imaps://${name}${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ "${name}" ]; + }) // { "discussion" = { description = "Main Nullring Discussion Mailing List"; address = [ "discussion@${config.monorepo.vars.orgHost}" ]; @@ -85,17 +81,6 @@ url = "https://list.${config.monorepo.vars.orgHost}/discussion"; watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; }; - - "nullerbot" = { - description = "Discussion of Nullerbot Matrix Bot"; - address = [ "nullerbot@${config.monorepo.vars.orgHost}" ]; - inboxdir = "/var/lib/public-inbox/nullerbot"; - url = "https://list.${config.monorepo.vars.orgHost}/nullerbot"; - watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; - coderepo = [ - "nullerbot" - ]; - }; }; }; } diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix index 9c1dbed..f68ed40 100644 --- a/nix/modules/secrets.nix +++ b/nix/modules/secrets.nix @@ -11,11 +11,8 @@ owner = "public-inbox"; group = "public-inbox"; mode = "0400"; - content = '' -machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} -machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} -machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} - ''; + content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' +machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; }; "matterbridge" = { owner = "matterbridge"; diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix index c991588..062a17a 100644 --- a/nix/modules/vars.nix +++ b/nix/modules/vars.nix @@ -18,6 +18,20 @@ in description = "Internet name to be used for internet usernames"; }; + sshKey = lib.mkOption { + type = lib.types.str; + default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; + example = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"; + description = "Admin public key for managing multiple configurations"; + }; + + dkimKey = lib.mkOption { + type = lib.types.str; + default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9GpfjvQlldPrHAC7Yt+ZF0aduUIVV4j2+KUkF0j6NsrpOgvU6COWKQSod/B/qyPBLWf+w5P5YiJ9XnOgw6Db/I9C67eusEHnV/cbvokXLQjSBvXee1OEdrT9i+6iUgDeGWP4CrD1DcwvXzAcCI9exy3yALHVlbkyYvi0KAYofs8dVQ3JCwSCMlol71lA6ULJ2zbCIWeSOv9/C6QZ5HOIeeoFLesX6O/YvF4FYxWbSHy244TXYuczQKuayjKgD6e8gIT5WJRQj8IAWOQ2podWw6hSuB3Ig+ekoOfnl5ivJGOMbAzFTj8FtbS4ncyidLU1kIOeuLfiILeDDLlIeYTwIDAQAB"; + example = "string_after_p="; + description = "dkim key to put in host record for email"; + }; + repoName = lib.mkOption { type = lib.types.str; default = "monorepo"; @@ -25,6 +39,20 @@ in description = "Name of this repository"; }; + projects = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "monorepo" + "nullerbot" + ]; + example = [ + "project1" + "project2" + "project3" + ]; + description = "Names of repos that will have mailing lists"; + }; + fileSystem = lib.mkOption { type = lib.types.str; default = "ext4"; @@ -37,13 +65,6 @@ in description = "retains a copy of the disko spec for reflection"; }; - userName = lib.mkOption { - type = lib.types.str; - default = "preston"; - example = "myUser"; - description = "system username"; - }; - fullName = lib.mkOption { type = lib.types.str; default = "Preston Pan"; @@ -51,6 +72,13 @@ in description = "Full Name"; }; + userName = lib.mkOption { + type = lib.types.str; + default = "preston"; + example = "myUser"; + description = "system username"; + }; + gpgKey = lib.mkOption { type = lib.types.str; default = "AEC273BF75B6F54D81343A1AC1FE6CED393AE6C1"; @@ -69,7 +97,14 @@ in type = lib.types.str; default = "${vars.orgHost}"; example = "orgname.org"; - description = "Domain name of your organization"; + description = "Domain name of your organization, points to same VPS as remoteHost"; + }; + + email = lib.mkOption { + type = lib.types.str; + default = "${vars.internetName}@${vars.orgHost}"; + example = "example@example.org"; + description = "Admin email address"; }; timeZone = lib.mkOption { diff --git a/nix/modules/znc.nix b/nix/modules/znc.nix index 758f720..c9f9b51 100644 --- a/nix/modules/znc.nix +++ b/nix/modules/znc.nix @@ -26,7 +26,7 @@ modules = [ "simple_away" ]; }; "nullring" = { - server = "nullring.xyz"; + server = "${config.monorepo.vars.orgHost}"; port = 6697; useSSL = true; modules = [ "simple_away" "log" ]; |