diff --git a/home.nix b/home.nix index c9280dd7..d130b6ba 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, witch, ... }: +{ pkgs, config, lib, ... }: { imports = [ ./modules/home ./private/profile/home ]; diff --git a/hosts/athame/home/weechat.nix b/hosts/athame/home/weechat.nix index 1554c209..ea3e0a5e 100644 --- a/hosts/athame/home/weechat.nix +++ b/hosts/athame/home/weechat.nix @@ -1,4 +1,4 @@ -{ config, pkgs, witch, lib, superConfig, ... }: +{ config, pkgs, lib, ... }: { programs.weechat = { @@ -16,7 +16,7 @@ '') (lib.mkAfter "/matrix connect kat") ]; - packageUnwrapped = pkgs.unstable.weechat-unwrapped; + packageUnwrapped = pkgs.weechat-unwrapped; homeDirectory = "${config.xdg.dataHome}/weechat"; plugins.python = { enable = true; @@ -32,9 +32,11 @@ vimode-git weechat-matrix weechat-notify-send - weechat-title + title ]; config = { + logger.level.irc = 0; + logger.level.matrix = 0; weechat = { look = { mouse = true; }; bar = { @@ -42,7 +44,6 @@ nicklist = { size_max = 18; }; }; }; - relay.network.password = witch.secrets.unscoped.weechat.relay; urlgrab.default.copycmd = "${pkgs.wl-clipboard}/bin/wl-copy"; plugins.var.python.vimode.copy_clipboard_cmd = "wl-copy"; plugins.var.python.vimode.paste_clipboard_cmd = "wl-paste --no-newline"; @@ -52,25 +53,7 @@ plugins.var.python.title.title_suffix = " ]"; plugins.var.python.notify_send.icon = ""; plugins.var.python.go.short_name = true; - irc = { - look = { server_buffer = "independent"; }; - server = { - freenode = { - address = "athame.kittywit.ch/5001"; - password = "kat/freenode:${witch.secrets.unscoped.weechat.znc}"; - ssl = true; - ssl_verify = false; - autoconnect = true; - }; - espernet = { - address = "athame.kittywit.ch/5001"; - password = "kat/espernet:${witch.secrets.unscoped.weechat.znc}"; - ssl = true; - ssl_verify = false; - autoconnect = true; - }; - }; - }; + irc = { look = { server_buffer = "independent"; }; }; matrix = { network = { max_backlog_sync_events = 30; @@ -82,13 +65,6 @@ server_buffer = "independent"; redactions = "notice"; }; - server.kat = { - address = "kittywit.ch"; - device_name = "${superConfig.networking.hostName}/weechat"; - username = "kat"; - password = "${witch.secrets.unscoped.weechat.matrix}"; - autoconnect = true; - }; }; }; }; diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index 06f24bab..2334854f 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -14,14 +14,12 @@ with lib; ../../../services/postgres.nix ../../../services/nginx.nix ../../../services/mail.nix - ../../../services/asterisk.nix ../../../services/gitea ../../../services/syncplay.nix ../../../services/weechat.nix ../../../services/bitwarden.nix ../../../services/taskserver.nix ../../../services/murmur.nix - ../../../services/znc.nix ../../../services/matrix.nix ../../../services/restic.nix ]; diff --git a/hosts/athame/nixos/virtualhosts.nix b/hosts/athame/nixos/virtualhosts.nix index 6dfc6ddf..45b3f70f 100644 --- a/hosts/athame/nixos/virtualhosts.nix +++ b/hosts/athame/nixos/virtualhosts.nix @@ -1,4 +1,6 @@ -{ config, pkgs, witch, ... }: +{ config, lib, pkgs, ... }: + +with lib; let common = { @@ -10,7 +12,7 @@ in { "kittywit.ch" = { root = pkgs.kat-website; } // common; "athame.kittywit.ch" = { root = "/var/www/athame"; } // common; "files.kittywit.ch" = { root = "/var/www/files"; } // common; - } // witch.secrets.virtualHosts.athame; + }; deploy.tf.dns.records.kittywitch_files = { tld = "kittywit.ch."; diff --git a/hosts/ostara/nixos/default.nix b/hosts/ostara/nixos/default.nix index a5be4605..b94fbab5 100644 --- a/hosts/ostara/nixos/default.nix +++ b/hosts/ostara/nixos/default.nix @@ -1,8 +1,7 @@ { config, pkgs, profiles, ... }: { - imports = - [ ./hw.nix profiles.kat profiles.laptop ]; + imports = [ ./hw.nix profiles.kat profiles.laptop ]; deploy.target = "slow"; diff --git a/hosts/samhain/nixos/default.nix b/hosts/samhain/nixos/default.nix index e84dce4e..46954a58 100644 --- a/hosts/samhain/nixos/default.nix +++ b/hosts/samhain/nixos/default.nix @@ -1,4 +1,4 @@ -{ tf, config, pkgs, lib, profiles, sources, witch, ... }: +{ tf, config, pkgs, lib, profiles, sources, ... }: with lib; @@ -17,7 +17,6 @@ in { ../../../services/nginx.nix ./thermal ./vm - ./nfs.nix ./transmission.nix ./jellyfin.nix ./virtualhosts.nix diff --git a/hosts/samhain/nixos/jellyfin.nix b/hosts/samhain/nixos/jellyfin.nix index 83847c3d..cee2bf61 100644 --- a/hosts/samhain/nixos/jellyfin.nix +++ b/hosts/samhain/nixos/jellyfin.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, ... }: +{ config, lib, pkgs, ... }: { katnet.public.tcp.ranges = [{ diff --git a/hosts/samhain/nixos/nfs.nix b/hosts/samhain/nixos/nfs.nix deleted file mode 100644 index 66fcada1..00000000 --- a/hosts/samhain/nixos/nfs.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, witch, lib, ... }: - -with lib; - -{ - katnet.private.tcp.ports = [ 111 2049 ]; - katnet.public.tcp.ports = [ 111 2049 ]; - - services.nfs.server.enable = true; - services.nfs.server.exports = - "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) ${witch.secrets.unscoped.ipv6_prefix}(rw)"; -} diff --git a/hosts/samhain/nixos/vm/default.nix b/hosts/samhain/nixos/vm/default.nix index 1387d1f9..4f865f9a 100644 --- a/hosts/samhain/nixos/vm/default.nix +++ b/hosts/samhain/nixos/vm/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, sources, witch, ... }: +{ config, pkgs, lib, ... }: { /* # libvirtd is used for our virtual machine @@ -113,8 +113,7 @@ scream = { Unit = { Description = "Scream - Audio forwarding from the VM."; }; Service = { - ExecStart = - "${pkgs.arc.pkgs.scream-arc}/bin/scream -i virbr0 -o pulse"; + ExecStart = "${pkgs.scream-arc}/bin/scream -i virbr0 -o pulse"; Restart = "always"; }; Install = { WantedBy = [ "default.target" ]; }; diff --git a/lib/witch.nix b/lib/witch.nix index 72002312..2b53e228 100644 --- a/lib/witch.nix +++ b/lib/witch.nix @@ -3,6 +3,5 @@ { style = import ./style.nix; colorhelpers = import ./colorhelpers.nix { inherit lib; }; - secrets = import ../private/secrets.nix; modList = import ./modules.nix; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 66c1999e..3ca54331 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -7,9 +7,9 @@ let inherit (super) dino; }; - discord = unstable.discord.override { nss = self.nss; }; + discord = super.discord.override { nss = self.nss; }; - ncmpcpp = unstable.ncmpcpp.override { + ncmpcpp = super.ncmpcpp.override { visualizerSupport = true; clockSupport = true; }; @@ -24,11 +24,7 @@ let pkgs = self; }; - weechatScripts = super.weechatScripts // { - weechat-title = (super.callPackage ./weechat-title { }); - }; - - screenstub = unstable.callPackage ./screenstub { }; + screenstub = super.callPackage ./screenstub { }; buildFirefoxXpiAddon = { pname, version, addonId, url, sha256, meta, ... }: pkgs.stdenv.mkDerivation { @@ -54,7 +50,7 @@ let kat-vm = super.callPackage ./kat-vm { }; - kat-glauca-dns = unstable.callPackage ./kat-glauca-dns { inherit sources; }; + kat-glauca-dns = super.callPackage ./kat-glauca-dns { }; kat-website = super.callPackage ./kat-website { }; @@ -65,12 +61,6 @@ let kat-tw-export = super.callPackage ./kat-tw-export { }; kat-scrot = super.callPackage ./kat-scrot { }; - - linuxPackagesFor = kernel: - (super.linuxPackagesFor kernel).extend (_: ksuper: { - vendor-reset = - (super.callPackage ./vendor-reset { kernel = ksuper.kernel; }).out; - }); }; in (pkgs.extend (import (sources.arc-nixexprs + "/overlay.nix"))).extend overlay diff --git a/pkgs/kat-glauca-dns/default.nix b/pkgs/kat-glauca-dns/default.nix index b0476662..592a11da 100644 --- a/pkgs/kat-glauca-dns/default.nix +++ b/pkgs/kat-glauca-dns/default.nix @@ -1,7 +1,6 @@ -{ sources, pkgs, curl, coreutils, writeShellScriptBin }: +{ pkgs, curl, coreutils, writeShellScriptBin }: -let rbw-bitw = (import sources.arc-nixexprs { inherit pkgs; }).pkgs.rbw-bitw; -in writeShellScriptBin "kat-glauca-dns" '' +writeShellScriptBin "kat-glauca-dns" '' #!/usr/bin/env bash set -eu diff --git a/pkgs/weechat-title/default.nix b/pkgs/weechat-title/default.nix deleted file mode 100644 index 5562478e..00000000 --- a/pkgs/weechat-title/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "title.py"; - version = "2011-11-15"; - sha256 = "1h8mxpv47q3inhynlfjm3pdjxlr2fl06z4cdhr06kpm8f7xvz56p"; - - src = fetchurl { - name = pname; - url = "https://weechat.org/files/scripts/title.py"; - sha256 = sha256; - }; - - unpackPhase = "true"; - - installPhase = '' - install -D $src $out/share/title.py - ''; - - passthru.scripts = [ pname ]; -} diff --git a/profiles/common/nixos.nix b/profiles/common/nixos.nix index 182100ba..a86647e0 100644 --- a/profiles/common/nixos.nix +++ b/profiles/common/nixos.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, ... }: +{ config, lib, pkgs, ... }: { imports = [ ./nixos ]; diff --git a/profiles/common/nixos/access.nix b/profiles/common/nixos/access.nix index d7ce38d5..da202920 100644 --- a/profiles/common/nixos/access.nix +++ b/profiles/common/nixos/access.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, ... }: +{ config, lib, pkgs, ... }: { security.sudo.wheelNeedsPassword = lib.mkForce false; diff --git a/profiles/common/nixos/default.nix b/profiles/common/nixos/default.nix index 3cc37fc5..253f464d 100644 --- a/profiles/common/nixos/default.nix +++ b/profiles/common/nixos/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, ... }: +{ config, lib, pkgs, ... }: { imports = [ diff --git a/profiles/common/nixos/locale.nix b/profiles/common/nixos/locale.nix index 2f98e850..90854b0d 100644 --- a/profiles/common/nixos/locale.nix +++ b/profiles/common/nixos/locale.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, ... }: +{ config, pkgs, ... }: { i18n.defaultLocale = "en_GB.UTF-8"; diff --git a/profiles/common/nixos/system.nix b/profiles/common/nixos/system.nix index a4435623..4eff7551 100644 --- a/profiles/common/nixos/system.nix +++ b/profiles/common/nixos/system.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, sources, ... }: +{ config, lib, pkgs, ... }: { - #imports = [ (sources.home-manager + "/nixos") ]; - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; services.journald.extraConfig = "SystemMaxUse=512M"; } diff --git a/profiles/gui/home/firefox/default.nix b/profiles/gui/home/firefox/default.nix index c69acb44..e16509da 100644 --- a/profiles/gui/home/firefox/default.nix +++ b/profiles/gui/home/firefox/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, superConfig, ... }: +{ config, lib, pkgs, superConfig, ... }: let commonSettings = { diff --git a/profiles/gui/home/gpg.nix b/profiles/gui/home/gpg.nix index 19dd1477..466b9708 100644 --- a/profiles/gui/home/gpg.nix +++ b/profiles/gui/home/gpg.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, sources, ... }: +{ config, lib, pkgs, ... }: { home.sessionVariables = { diff --git a/profiles/gui/home/mpv.nix b/profiles/gui/home/mpv.nix index 799cb02e..e452ef65 100644 --- a/profiles/gui/home/mpv.nix +++ b/profiles/gui/home/mpv.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, ... }: +{ config, lib, pkgs, ... }: { programs.mpv = { @@ -38,10 +38,7 @@ enable = false; username = "kat"; defaultRoom = "lounge"; - server = { - host = "sync.kittywit.ch"; - password = witch.secrets.hosts.athame.syncplay.password; - }; + server = { host = "sync.kittywit.ch"; }; # gui = false; config = { client_settings = { diff --git a/profiles/gui/home/music.nix b/profiles/gui/home/music.nix index 6435cdad..349ead8c 100644 --- a/profiles/gui/home/music.nix +++ b/profiles/gui/home/music.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, ... }: +{ config, lib, pkgs, ... }: { programs.ncmpcpp = { @@ -51,7 +51,7 @@ }; programs.beets = { enable = true; - package = pkgs.unstable.beets; + package = pkgs.beets; settings = { directory = "~/media-share/music"; library = "~/.local/share/beets.db"; diff --git a/profiles/gui/home/weechat.nix b/profiles/gui/home/weechat.nix index 58ebe1be..c3678743 100644 --- a/profiles/gui/home/weechat.nix +++ b/profiles/gui/home/weechat.nix @@ -20,7 +20,7 @@ '') (lib.mkAfter "/matrix connect kat") ]; - packageUnwrapped = pkgs.unstable.weechat-unwrapped; + packageUnwrapped = pkgs.weechat-unwrapped; homeDirectory = "${config.xdg.dataHome}/weechat"; plugins.python = { enable = true; @@ -36,9 +36,11 @@ vimode-git weechat-matrix weechat-notify-send - weechat-title + title ]; config = { + logger.level.irc = 0; + logger.level.matrix = 0; weechat = { look = { mouse = true; }; bar = { diff --git a/profiles/gui/nixos/firefox.nix b/profiles/gui/nixos/firefox.nix index 36b94f4f..b44e884e 100644 --- a/profiles/gui/nixos/firefox.nix +++ b/profiles/gui/nixos/firefox.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, witch, ... }: +{ config, pkgs, ... }: { xdg = { diff --git a/profiles/kat/home/git.nix b/profiles/kat/home/git.nix index 0b820d03..99387e52 100644 --- a/profiles/kat/home/git.nix +++ b/profiles/kat/home/git.nix @@ -4,9 +4,9 @@ home.packages = with pkgs; [ git-crypt gitAndTools.gitRemoteGcrypt - unstable.gitAndTools.gitAnnex + gitAndTools.gitAnnex git-revise - arc.pkgs.gitAndTools.git-annex-remote-b2 + gitAndTools.git-annex-remote-b2 ]; programs.git = { diff --git a/profiles/kat/home/vim/default.nix b/profiles/kat/home/vim/default.nix index 0db40c08..0a0f600e 100644 --- a/profiles/kat/home/vim/default.nix +++ b/profiles/kat/home/vim/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, ... }: +{ config, lib, pkgs, ... }: { home.sessionVariables.EDITOR = "vim"; diff --git a/profiles/sway/home/default.nix b/profiles/sway/home/default.nix index bef27a59..22532153 100644 --- a/profiles/sway/home/default.nix +++ b/profiles/sway/home/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, sources, ... }: +{ config, pkgs, ... }: { imports = [ ./waybar ./mako.nix ./sway.nix ./swayidle.nix ./gammastep.nix ]; diff --git a/profiles/sway/nixos/default.nix b/profiles/sway/nixos/default.nix index 50170fec..14566c45 100644 --- a/profiles/sway/nixos/default.nix +++ b/profiles/sway/nixos/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, sources, ... }: +{ config, pkgs, ... }: { imports = [ ./sway.nix ]; diff --git a/profiles/sway/nixos/sway.nix b/profiles/sway/nixos/sway.nix index fbca3f70..86aa3092 100644 --- a/profiles/sway/nixos/sway.nix +++ b/profiles/sway/nixos/sway.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, sources, ... }: +{ config, pkgs, lib, ... }: { programs.sway = { diff --git a/services/asterisk.nix b/services/asterisk.nix deleted file mode 100644 index 7dd0d8d6..00000000 --- a/services/asterisk.nix +++ /dev/null @@ -1,224 +0,0 @@ -{ config, pkgs, witch, ... }: - -{ - katnet.public.tcp.ports = [ 5160 5060 ]; - katnet.public.udp.ports = [ 5160 5060 ]; - - katnet.public.tcp.ranges = [{ - from = 10000; - to = 20000; - }]; - - katnet.public.udp.ranges = [{ - from = 10000; - to = 20000; - }]; - - services.fail2ban.jails = { - asterisk = '' - enabled = true - filter = asterisk - action = iptables-allports[name=ASTERISK, protocol=all] - logpath = /var/log/asterisk/messages - maxretry = 4 - ''; - }; - - services.asterisk = { - enable = true; - confFiles = { - "rtp.conf" = '' - [general] - rtpstart=10000 - rtpend=20000 - ''; - "extensions.conf" = '' - [from-twilio] - exten => _.,1,Dial(SIP/1337,20) - - [from-signalwire] - exten => s,1,Set(numb=''${CUT(CUT(PJSIP_HEADER(read,To),@,1),:,2)}) - same => n,Dial(SIP/1337,20) - - [from-internal] - exten => _1X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.us}>) - same => n,Dial(PJSIP/''${EXTEN:1}@signalwire) - same => n(end),Hangup() - exten => _2X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.canada}>) - same => n,Dial(PJSIP/''${EXTEN:1}@signalwire) - same => n(end),Hangup() - exten => _3X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.uk}>) - same => n,Dial(PJSIP/+''${EXTEN:1}@twilio-ie) - same => n(end),Hangup() - ''; - "pjproject.conf" = '' - ; Common pjproject options - ; - - ;========================LOG_MAPPINGS SECTION OPTIONS=============================== - ;[log_mappings] - ; SYNOPSIS: Provides pjproject to Asterisk log level mappings. - ; NOTES: The name of this section in the pjproject.conf configuration file must - ; remain log_mappings or the configuration will not be applied. - ; The defaults mentioned below only apply if this file or the 'log_mappings' - ; object can'tbe found. If the object is found, there are no defaults. If - ; you don't specify an entry, nothing will be logged for that level. - ; - ;asterisk_error = ; A comma separated list of pjproject log levels to map to - ; Asterisk errors. - ; (default: "0,1") - ;asterisk_warning = ; A comma separated list of pjproject log levels to map to - ; Asterisk warnings. - ; (default: "2") - ;asterisk_notice = ; A comma separated list of pjproject log levels to map to - ; Asterisk notices. - ; (default: "") - ;asterisk_verbose = ; A comma separated list of pjproject log levels to map to - ; Asterisk verbose. - ; (default: "") - ;asterisk_debug = ; A comma separated list of pjproject log levels to map to - ; Asterisk debug - ; (default: "3,4,5") - ;type= ; Must be of type log_mappings (default: "") - - ''; - "sip.conf" = '' - [general] - ;; Only uncomment this if you want to connect to a different SIP server and receive calls from it - context=public - allowguest=no - udpbindaddr=0.0.0.0:5160 - tcpbindaddr=0.0.0.0:5160 - tcpenable=yes - transport=udp,tcp - disallow=all - allow=speex32 - allow=g722 - allow=ulaw - allow=alaw - allow=gsm - allow=g726 - - [1337] - type=friend - context=from-internal - host=dynamic - secret=${witch.secrets.hosts.athame.phone.password} - nat=force_rport,comedia - ''; - "pjsip_wizard.conf" = '' - [user_defaults](!) - type = wizard - accepts_registrations = yes - sends_registrations = no - accepts_auth = yes - sends_auth = no - endpoint/context = from-internal - endpoint/tos_audio=ef - endpoint/tos_video=af41 - endpoint/cos_audio=5 - endpoint/cos_video=4 - endpoint/allow = !all,ulaw - endpoint/dtmf_mode= rfc4733 - endpoint/aggregate_mwi = yes - endpoint/use_avpf = no - endpoint/rtcp_mux = no - endpoint/bundle = no - endpoint/ice_support = no - endpoint/media_use_received_transport = no - endpoint/trust_id_inbound = yes - endpoint/media_encryption = no - endpoint/timers = yes - endpoint/media_encryption_optimistic = no - endpoint/send_pai = yes - endpoint/rtp_symmetric = yes - endpoint/rewrite_contact = yes - endpoint/force_rport = yes - endpoint/language = en - - [trunk_defaults](!) - type = wizard - endpoint/transport=0.0.0.0-udp - endpoint/allow = !all,ulaw - endpoint/t38_udptl=no - endpoint/t38_udptl_ec=none - endpoint/fax_detect=no - endpoint/trust_id_inbound=no - endpoint/t38_udptl_nat=no - endpoint/direct_media=no - endpoint/rewrite_contact=yes - endpoint/rtp_symmetric=yes - endpoint/dtmf_mode=rfc4733 - endpoint/allow_subscribe = no - aor/qualify_frequency = 60 - - [twilio-ie](trunk_defaults) - sends_auth = yes - sends_registrations = no - remote_hosts = kat-asterisk.pstn.dublin.twilio.com - outbound_auth/username = asterisk - outbound_auth/password = ${witch.secrets.hosts.athame.phone.endpoint.password.twilio} - endpoint/context = from-twilio - aor/qualify_frequency = 60 - ''; - "pjsip.conf" = '' - [global] - type=global - - [0.0.0.0-udp] - type=transport - protocol=udp - bind=0.0.0.0:5060 - allow_reload=no - tos=cs3 - cos=3 - - [signalwire] - type=auth - auth_type=userpass - username=asterisk ; Your username - password=${witch.secrets.hosts.athame.phone.endpoint.password.signalwire} - - [signalwire] - type=aor - contact=sip:${witch.secrets.hosts.athame.phone.endpoint.url} - - [signalwire] - type=endpoint - transport=transport-udp - outbound_auth=signalwire ; Note that there is only an outbound_auth, as we do not challenge when a call arrives inbound - aors=signalwire - disallow=all - allow=speex32 - allow=g722 - allow=ulaw - allow=alaw - allow=gsm - allow=g726 - from_user=asterisk - from_domain=${witch.secrets.hosts.athame.phone.endpoint.url} - media_encryption=sdes ; Note that we are using encryption - context=from-signalwire - - [signalwire] - type=registration - server_uri=sip:${witch.secrets.hosts.athame.phone.endpoint.url} - client_uri=sip:asterisk@${witch.secrets.hosts.athame.phone.endpoint.url}; Your full SIP URI - outbound_auth=signalwire - - [signalwire] - type=identify - endpoint=signalwire - match=${witch.secrets.hosts.athame.phone.endpoint.url} - ''; - "logger.conf" = '' - [general] - dateformat=%F %T - [logfiles] - ; Add debug output to log - messages => security, notice,warning,error - syslog.local0 => notice,warning,error,debug - ''; - }; - }; -} diff --git a/services/bitwarden.nix b/services/bitwarden.nix index 502c9261..dca92102 100644 --- a/services/bitwarden.nix +++ b/services/bitwarden.nix @@ -1,4 +1,4 @@ -{ config, pkgs, witch, ... }: +{ config, pkgs, ... }: { services.postgresql = { @@ -16,7 +16,6 @@ rocketPort = 4000; websocketEnabled = true; signupsAllowed = false; - adminToken = witch.secrets.hosts.athame.bitwarden_secret; domain = "https://vault.kittywit.ch"; databaseUrl = "postgresql://bitwarden_rs@/bitwarden_rs"; }; diff --git a/services/mail.nix b/services/mail.nix index 0b6a8cbf..23741d8e 100644 --- a/services/mail.nix +++ b/services/mail.nix @@ -1,4 +1,4 @@ -{ config, lib, tf, pkgs, witch, sources, ... }: +{ config, lib, tf, pkgs, sources, ... }: with lib; @@ -82,14 +82,6 @@ with lib; txt.value = tf.variables.domainkey_kitty.ref; }; - secrets.files = { - kat_mail_hash = { - source = ../private/files/mail/kat-pw-hash; - owner = "kat"; - group = "users"; - }; - }; - mailserver = { enable = true; fqdn = "athame.kittywit.ch"; diff --git a/services/matrix.nix b/services/matrix.nix index 1988b8e3..67abeec8 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -1,4 +1,4 @@ -{ config, pkgs, witch, ... }: +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.mx-puppet-discord pkgs.mautrix-whatsapp ]; @@ -13,7 +13,6 @@ services.matrix-synapse = { enable = true; - registration_shared_secret = witch.secrets.hosts.athame.matrix_secret; max_upload_size = "512M"; server_name = "kittywit.ch"; app_service_config_files = [ @@ -34,10 +33,6 @@ }]; }; - secrets.files = { - telegram-env = { source = ../private/files/matrix/mautrix-telegram.env; }; - }; - services.mautrix-telegram = { enable = true; settings = { @@ -62,7 +57,6 @@ }; }; }; - environmentFile = config.secrets.files.telegram-env.path; }; systemd.services.mx-puppet-discord = { diff --git a/services/nginx.nix b/services/nginx.nix index 137d578a..6306aa86 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, tf, ... }: +{ config, lib, pkgs, tf, ... }: with lib; @@ -37,7 +37,7 @@ with lib; }; security.acme = { - email = witch.secrets.unscoped.acme.email; + email = "acme@kittywit.ch"; acceptTerms = true; }; } diff --git a/services/syncplay.nix b/services/syncplay.nix index f57596e0..cae34791 100644 --- a/services/syncplay.nix +++ b/services/syncplay.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, witch, ... }: +{ config, lib, pkgs, tf, ... }: with lib; @@ -21,16 +21,32 @@ with lib; cname.target = "athame.kittywit.ch."; }; + deploy.tf.variables.syncplay_pass = { + type = "string"; + value.shellCommand = "bitw get infra/syncplay-server -f password"; + }; + + deploy.tf.variables.syncplay_salt = { + type = "string"; + value.shellCommand = "bitw get infra/syncplay-salt -f password"; + }; + + secrets.files.syncplay-env = { + text = '' + SYNCPLAY_PASSWORD=${tf.variables.syncplay_pass.ref} + SYNCPLAY_SALT=${tf.variables.syncplay_salt.ref} + ''; + owner = "syncplay"; + group = "sync-cert"; + }; + systemd.services.syncplay = { - environment = { - SYNCPLAY_PASSWORD = witch.secrets.hosts.athame.syncplay.password; - SYNCPLAY_SALT = witch.secrets.hosts.athame.syncplay.salt; - }; description = "Syncplay Service"; wantedBy = singleton "multi-user.target"; after = singleton "network-online.target"; serviceConfig = { + EnvironmentFile = config.secrets.files.syncplay-env.path; ExecStart = "${pkgs.syncplay}/bin/syncplay-server --port 8999 --tls /var/lib/acme/sync.kittywit.ch/ --disable-ready"; User = "syncplay"; diff --git a/services/znc.nix b/services/znc.nix deleted file mode 100644 index ee2c7753..00000000 --- a/services/znc.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, witch, ... }: - -with lib; - -{ - katnet.public.tcp.ports = singleton 5001; - - services.znc = { - enable = true; - mutable = false; - useLegacyConfig = false; - openFirewall = false; - config = { - Listener.l = { - Port = 5000; - SSL = false; - AllowWeb = true; - }; - Listener.j = { - Port = 5001; - SSL = true; - AllowWeb = false; - }; - modules = [ "webadmin" "adminlog" ]; - User = witch.secrets.hosts.athame.znc; - }; - }; - - services.nginx.virtualHosts."znc.kittywit.ch" = { - enableACME = true; - forceSSL = true; - locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; - }; - - deploy.tf.dns.records.kittywitch_znc = { - tld = "kittywit.ch."; - domain = "znc"; - cname.target = "athame.kittywit.ch."; - }; -}