kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

style: alejandra, deadnix, statix

Browse source
This commit is contained in:
Kat Inskip 2024-08-03 16:10:47 -07:00
parent 2e7ee0e4ca
commit 17c69c99de
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
78 changed files with 1051 additions and 878 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/common/access.nix
View file

@ -13,9 +13,11 @@
config.users.users);
};
in {
security.pam.sshAgentAuth.enable = true;
security.sudo.enable = true;
security.pam.services.sudo.sshAgentAuth = true;
security = {
pam.sshAgentAuth.enable = true;
sudo.enable = true;
pam.services.sudo.sshAgentAuth = true;
};
users.users = {
root = commonUser;
deploy =

60
nixos/common/login-notify.nix
View file

@ -1,32 +1,38 @@
{ pkgs, lib, config, ... }: let
inherit (lib.modules) mkAfter mkDefault;
{
pkgs,
lib,
config,
...
}: let
inherit (lib.modules) mkAfter mkDefault;
in {
sops.secrets.sshd-environment = {
sopsFile = ./secrets.yaml;
};
security.pam.services.sshd.text = let
sops.secrets.sshd-environment = {
sopsFile = ./secrets.yaml;
};
security.pam.services.sshd.text = let
notify = pkgs.writeShellScriptBin "notify" ''
export $(cat ${config.sops.secrets.sshd-environment.path} | xargs)
export $(cat ${config.sops.secrets.sshd-environment.path} | xargs)
if [ "$PAM_USER" = "deploy" ]; then
if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
fi
else
if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}."
elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}."
fi
fi
if [ "$PAM_USER" = "deploy" ]; then
if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} has opened an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} has closed an SSH session as part of doing a Nix deployment on ${config.networking.hostName}."
fi
else
if [ "$PAM_TYPE" = "open_session" ]; then
message="''${PAM_RHOST} opened an SSH session with ${config.networking.hostName} as user ''${PAM_USER}."
elif [ "$PAM_TYPE" = "close_session" ]; then
message="''${PAM_RHOST} closed their SSH session with ${config.networking.hostName} for user ''${PAM_USER}."
fi
fi
if [ -n "$message" ]; then
${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK
fi
if [ -n "$message" ]; then
${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK
fi
'';
in mkDefault (mkAfter ''
session required pam_exec.so seteuid ${notify}/bin/notify
'');
}
in
mkDefault (mkAfter ''
session required pam_exec.so seteuid ${notify}/bin/notify
'');
}

7
nixos/common/secrets.yaml
View file

@ -1,4 +1,5 @@
sshd-environment: ENC[AES256_GCM,data:lyzzRDxyNzBgrLthPjdJoXgkniCwLXFZE/GMpLlRzeSvAUN6yc8sFYTmvZiCe/t/33Yr5+BtOhAUI5JzTYJ/kc3Dg4ziB4KbHP4ejPtAb6x2UbEHcN6euPogwXR8lpeO9zJE4gWFOHoYJ4bLa1wuCYgbNkjWDYYHGEoWAMVDU6XYRb3riV21WWIQO/DbC7mAgw==,iv:ZysLG3x0wlxuTYnJrGtrTkjjduMoEOyiWWuC1nRIp4I=,tag:mlNO2yo7JkV2O7A2Da+EjQ==,type:str]
tailscale-key: ENC[AES256_GCM,data:FK237Or4qtZGon9tevPh4q568+IUSWxfuG8s2ZNLXWgoa76GoyO+qwCmvXiVibRH1Ljo/LXoNQjb2pYV7w==,iv:UZv+EnlRDOWh86sOFh7ZNryPz1r55u+Dbr/dDL/USjo=,tag:B8DJwPXR/50ARbfyfxPtcw==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -69,8 +70,8 @@ sops:
N0hTL1A1MVE2MldocTFWZzc1OENobkUKUseg2IGSClvmrq6vlnF1sCgYlUaH4Ke0
sDdpVwg1b5WLwbZFeE/Ro1gRY3s+9iDFrU3Rh95R1KmigpMVYz1ILQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-04T21:22:16Z"
mac: ENC[AES256_GCM,data:5obbMHWEPm7KhJGWXpsKvGI99sJCx8hScIbS2vo3Ua0fvTwML8tkC3gsfLwaZ0D3KGHN6qxyjvP8ajIoxRK2Lj6G2FOWo7gmNzw9ULu+kPj53dqbmy/c3EeZU3WFNaRFXiQx0C80k8YFzPXQAkF/X5NdaRYRL6BFvPRRuq83Uds=,iv:EaeI+Z3e/QZIlU+EIGg+9sDFPtcfnVs8TQvvROOujg4=,tag:+P6U0/+b4nkZNob5fJ6pkg==,type:str]
lastmodified: "2024-08-03T22:14:00Z"
mac: ENC[AES256_GCM,data:ACZ3txmEBIUU73JSsJmDDE7+D5oXdAVNN1Dgypl8tgRIGtMFwRpktmhdXON6jHpaWiZ0DBRuvN97SWUbkPbhyMG6PrKRdQHYLdFAocuNFBpX58xIrAclVUjPEbV5bqBU/zPemxj/5sXbiuX8AYSENiAOYhfCxi8SZbNgU4W6xO8=,iv:G2d9ZRTeaNpDfkB3maZzAHYIRKB6ewwjqUQr7RBrNEM=,tag:7y/0gVUJMmyMoiwiLr8Q1g==,type:str]
pgp:
- created_at: "2024-07-04T21:21:19Z"
enc: |-
@ -93,4 +94,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

78
nixos/common/tailscale.nix
View file

@ -1,3 +1,77 @@
_: {
services.tailscale.enable = true;
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.tailscale;
in {
options.services.tailscale = with types; {
advertiseExitNode = mkEnableOption "exit node";
};
config = {
networking.firewall = {
trustedInterfaces = [cfg.interfaceName];
allowedUDPPorts = [cfg.port];
};
systemd.network = {
wait-online.ignoredInterfaces = [cfg.interfaceName];
networks."50-tailscale" = {
networkConfig = {
DNSDefaultRoute = false;
#DNS = "";
};
};
};
services.tailscale.enable = mkDefault true;
sops.secrets.tailscale-key = mkIf cfg.enable {
sopsFile = ./secrets.yaml;
};
systemd.services.tailscale-autoconnect = mkIf cfg.enable rec {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = wants ++ wantedBy;
wants = ["network-pre.target"];
wantedBy = ["tailscaled.service"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
};
# have the job run this shell script
script = let
fixResolved = optionalString config.services.resolved.enable ''
resolvectl revert ${cfg.interfaceName} || true
'';
# https://tailscale.com/kb/1320/performance-best-practices#ethtool-configuration
exitNodeRouting = optionalString cfg.advertiseExitNode ''
netdev=$(${pkgs.iproute2}/bin/ip route show 0/0 | ${pkgs.coreutils}/bin/cut -f5 -d' ' || echo ${config.systemd.network.networks._00-local.name or "eth0"})
${getExe pkgs.ethtool} -K "$netdev" rx-udp-gro-forwarding on rx-gro-list off || true
'';
advertiseExitNode = "--advertise-exit-node" + optionalString (!cfg.advertiseExitNode) "=false";
in
with pkgs; ''
# wait for tailscaled to settle
sleep 5
${fixResolved}
${exitNodeRouting}
# check if we are already authenticated to tailscale
status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)"
if [[ $status = Running ]]; then
# if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${getExe tailscale} up ${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path})
'';
};
};
}

6
nixos/environments/hyprland/xdg-portals.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
inputs,
...
}: {
{pkgs, ...}: {
xdg = {
portal = {
enable = true;

10
nixos/environments/kde/xserver.nix
View file

@ -3,7 +3,11 @@
xclip
wl-clipboard
];
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.desktopManager.plasma6.enable = true;
services = {
xserver = {
enable = true;
displayManager.gdm.enable = true;
};
desktopManager.plasma6.enable = true;
};
}

34
nixos/environments/xfce/xfce.nix
View file

@ -1,18 +1,22 @@
{ pkgs, ... }: {
services.gnome.gnome-keyring.enable = true;
services.xserver = {
enable = true;
libinput.touchpad = {
tappingButtonMap = "lrm";
clickMethod = "clickfinger";
{pkgs, ...}: {
services = {
gnome.gnome-keyring.enable = true;
xserver = {
enable = true;
libinput.touchpad = {
tappingButtonMap = "lrm";
clickMethod = "clickfinger";
};
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
displayManager.gdm.enable = true;
displayManager.defaultSession = "xfce";
xkbOptions = "ctrl:nocaps";
};
desktopManager = {
xterm.enable = false;
xfce.enable = true;
};
displayManager.gdm.enable = true;
displayManager.defaultSession = "xfce";
xkbOptions = "ctrl:nocaps";
colord.enable = true;
};
programs.xfconf.enable = true;
@ -21,6 +25,4 @@
xfce.xfce4-whiskermenu-plugin
xclip
];
services.colord.enable = true;
}

40
nixos/hardware/oracle_flex.nix
View file

@ -1,22 +1,32 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.supportedFilesystems = [ "xfs" ];
boot.tmp.cleanOnBoot = true;
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
swapDevices = [ { device = "/dev/sda2"; } ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/92B6-AAE1";
fsType = "vfat";
};
"/" = {
device = "/dev/sda3";
fsType = "xfs";
};
};
swapDevices = [{device = "/dev/sda2";}];
boot = {
supportedFilesystems = ["xfs"];
tmp.cleanOnBoot = true;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
kernelModules = ["nvme"];
};
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
};
};
}
}

37
nixos/hardware/oracle_micro.nix
View file

@ -1,21 +1,30 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.tmp.cleanOnBoot = true;
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
boot = {
tmp.cleanOnBoot = true;
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/1F52-C11D";
fsType = "vfat";
};
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
};
}
}

2
nixos/profiles/bootable/grub.nix
View file

@ -5,7 +5,7 @@
}: let
inherit (lib.modules) mkIf;
in {
boot.loader = mkIf (config.boot.loader.grub.enable) {
boot.loader = mkIf config.boot.loader.grub.enable {
timeout = null;
grub = {
useOSProber = true;

22
nixos/profiles/gaming/lutris.nix
View file

@ -1,16 +1,16 @@
{pkgs, ...}: {
hardware.opengl = {
driSupport32Bit = true;
hardware.graphics = {
enable32Bit = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
];
extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
driversi686Linux.mesa
];
};
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
];
hardware.opengl.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
driversi686Linux.mesa
];
environment.systemPackages = with pkgs; [
(lutris.override {
extraPkgs = pkgs: [

2
nixos/profiles/gaming/minecraft.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
programs.java = {
enable = true;
};

2
nixos/profiles/graphical/avahi.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
_: {
services.avahi = {
nssmdns4 = true;
enable = true;

3
nixos/profiles/graphical/packages.nix
View file

@ -8,6 +8,9 @@
dnsutils
usbutils
plexamp
prusa-slicer
super-slicer-beta
chromium
inputs.konawall-py.packages.${pkgs.system}.konawall-py
];
services.udev.packages = [

58
nixos/profiles/graphical/restic.nix
View file

@ -1,30 +1,30 @@
{ config, ... }: {
sops.secrets.restic-password-file = {
sopsFile = ./restic.yaml;
{config, ...}: {
sops.secrets.restic-password-file = {
sopsFile = ./restic.yaml;
};
services.restic.backups = {
${config.networking.hostName} = {
paths = [
"/home/kat/Documents"
"/home/kat/Pictures"
];
exclude = [
];
extraOptions = [
"sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 6"
];
initialize = true;
passwordFile = config.sops.secrets.restic-password-file.path;
repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
services.restic.backups = {
${config.networking.hostName} = {
paths = [
"/home/kat/Documents"
"/home/kat/Pictures"
];
exclude = [
];
extraOptions = [
"sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 6"
];
initialize = true;
passwordFile = config.sops.secrets.restic-password-file.path;
repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
}
};
}

6
nixos/profiles/graphical/sound.nix
View file

@ -1,12 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [pulsemixer];
sound = {
enable = true;
extraConfig = ''
defaults.pcm.rate_converter "speexrate_best"
'';
};
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;

6
nixos/profiles/secureboot.nix
View file

@ -1,4 +1,8 @@
{pkgs, lib, ...}: let
{
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
in {
environment.systemPackages = with pkgs; [

134
nixos/profiles/server/nix.nix
View file

@ -1,67 +1,73 @@
{ config, lib, pkgs, ... }: let
inherit (lib.modules) mkForce;
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkForce;
in {
nix.gc = {
automatic = true;
dates = "weekly";
};
sops.secrets.nix-gc-environment = {
sopsFile = ./secrets.yaml;
};
systemd.services.nix-gc = {
script = let
cfg = config.nix.gc;
in mkForce ''
#!/usr/bin/env bash
set -euo pipefail
# Helper functions
send_discord_message() {
local message="$1"
local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.')
${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \
-X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK"
}
get_filesystem_usage() {
${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n'
}
calculate_ratio() {
local before="$1"
local after="$2"
${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}"
}
# Initial filesystem usage
FS_BEFORE_USAGE=$(get_filesystem_usage)
send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE"
# Perform garbage collection
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options})
# Get filesystem usage after garbage collection
FS_AFTER_USAGE=$(get_filesystem_usage)
# Extract numeric values for calculation (assuming format like "75% (15G)")
BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
# Calculate ratio
RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT)
send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)"
# Send the output of nix-collect-garbage
send_discord_message "$OUTPUT"
'';
serviceConfig = {
EnvironmentFile = config.sops.secrets.nix-gc-environment.path;
Type = "oneshot";
};
nix.gc = {
automatic = true;
dates = "weekly";
};
sops.secrets.nix-gc-environment = {
sopsFile = ./secrets.yaml;
};
systemd.services.nix-gc = {
script = let
cfg = config.nix.gc;
in
mkForce ''
#!/usr/bin/env bash
set -euo pipefail
# Helper functions
send_discord_message() {
local message="$1"
local escaped_message=$(printf '%s' "$message" | ${pkgs.jq}/bin/jq -R -s '.')
${pkgs.curl}/bin/curl -s -H "Accept: application/json" -H "Content-Type: application/json" \
-X POST --data "{\"content\": $escaped_message}" "$DISCORD_WEBHOOK_LINK"
}
get_filesystem_usage() {
${pkgs.coreutils}/bin/df -h / | ${pkgs.gawk}/bin/awk 'NR==2 {print $5 " (" $3 ")"}' | tr -d '\n'
}
calculate_ratio() {
local before="$1"
local after="$2"
${pkgs.gawk}/bin/awk "BEGIN {printf \"%.2f\", ($after / $before) * 100}"
}
# Initial filesystem usage
FS_BEFORE_USAGE=$(get_filesystem_usage)
send_discord_message "Beginning nix garbage collection on ${config.networking.hostName} - Filesystem usage before: $FS_BEFORE_USAGE"
# Perform garbage collection
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options})
# Get filesystem usage after garbage collection
FS_AFTER_USAGE=$(get_filesystem_usage)
# Extract numeric values for calculation (assuming format like "75% (15G)")
BEFORE_PERCENT=$(echo $FS_BEFORE_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
AFTER_PERCENT=$(echo $FS_AFTER_USAGE | ${pkgs.coreutils}/bin/cut -d'%' -f1)
# Calculate ratio
RATIO=$(calculate_ratio $BEFORE_PERCENT $AFTER_PERCENT)
send_discord_message "Finished nix garbage collection on ${config.networking.hostName} - Filesystem usage: $FS_BEFORE_USAGE -> $FS_AFTER_USAGE ($RATIO%)"
# Send the output of nix-collect-garbage
send_discord_message "$OUTPUT"
'';
serviceConfig = {
EnvironmentFile = config.sops.secrets.nix-gc-environment.path;
Type = "oneshot";
};
};
}

29
nixos/profiles/virtualisation/virt-manager.nix Normal file
View file

@ -0,0 +1,29 @@
{pkgs, ...}: {
users.users.kat.extraGroups = ["libvirtd"];
environment.systemPackages = with pkgs; [
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
adwaita-icon-theme
];
services.spice-vdagentd.enable = true;
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;
};
}

47
nixos/servers/matrix/cleanup.nix
View file

@ -1,24 +1,27 @@
{ config, pkgs, ... }: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
{
config,
pkgs,
...
}: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
};
systemd = {
services.synapse-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "root";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path;
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup";
};
};
systemd = {
services.synapse-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "root";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path;
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup";
};
};
timers.synapse-cleanup = {
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy =
[ "timers.target" ];
};
timers.synapse-cleanup = {
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy = ["timers.target"];
};
}
};
}

2
nixos/servers/matrix/discord.nix
View file

@ -1,6 +1,6 @@
{config, ...}: {
services.mx-puppet-discord = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
settings = {
bridge = {
bindAddress = "localhost";

28
nixos/servers/matrix/signal.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./signal.yaml;
};
services.mautrix-signal = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-signal-environment.path;
settings = {
homeserver = {
@ -13,24 +13,24 @@
};
appservice = {
port = 9048;
ephemeral_events = false;
ephemeral_events = false;
};
signal = {
};
bridge = {
history_sync = {
request_full_sync = true;
request_full_sync = true;
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = {
"kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin";
@ -39,4 +39,4 @@
};
};
};
}
}

26
nixos/servers/matrix/slack.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./slack.yaml;
};
services.mautrix-slack = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-slack-environment.path;
settings = {
homeserver = {
@ -12,24 +12,24 @@
software = "standard";
};
appservice = {
ephemeral_events = false;
ephemeral_events = false;
};
slack = {
};
bridge = {
history_sync = {
request_full_sync = true;
request_full_sync = true;
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = {
"kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin";

2
nixos/servers/matrix/telegram.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./telegram.yaml;
};
services.mautrix-telegram = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-telegram-environment.path;
settings = {
homeserver = {

12
nixos/servers/matrix/whatsapp.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./whatsapp.yaml;
};
services.mautrix-whatsapp = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path;
settings = {
homeserver = {
@ -17,11 +17,11 @@
whatsapp = {
};
bridge = {
encryption = {
allow = true;
default = true;
require = true;
};
encryption = {
allow = true;
default = true;
require = true;
};
permissions = {
"kittywit.ch" = "full";
"@whatsapp:kittywit.ch" = "admin";

4
nixos/servers/monica/monica.nix
View file

@ -1,8 +1,8 @@
{ config, ... }: {
{config, ...}: {
sops.secrets.monica_appkey = {
sopsFile = ./secrets.yaml;
owner = config.services.monica.user;
group = config.services.monica.group;
inherit (config.services.monica) group;
};
services.monica = {
enable = true;

6
nixos/servers/rustdesk.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
services.rustdesk-server = {
enable = true;
relayIP = "100.89.32.57";
};
}

2
nixos/servers/tt-rss/nginx.nix
View file

@ -5,4 +5,4 @@ _: {
forceSSL = true;
};
};
}
}

38
nixos/servers/tt-rss/service.nix
View file

@ -1,20 +1,20 @@
{ pkgs, ... }: {
services.tt-rss = {
enable = true;
virtualHost = "rss.kittywit.ch";
selfUrlPath = "https://rss.kittywit.ch";
database = {
type = "pgsql";
host = null;
name = "tt_rss";
createLocally = false;
};
plugins = [
"auth_internal"
"auth_ldap"
"note"
"updater"
"api_feedreader"
];
_: {
services.tt-rss = {
enable = true;
virtualHost = "rss.kittywit.ch";
selfUrlPath = "https://rss.kittywit.ch";
database = {
type = "pgsql";
host = null;
name = "tt_rss";
createLocally = false;
};
}
plugins = [
"auth_internal"
"auth_ldap"
"note"
"updater"
"api_feedreader"
];
};
}

30
nixos/servers/weechat/buflist.nix
View file

@ -1,17 +1,17 @@
{ config, ... }: {
home-manager.users.kat.programs.weechat.config.buflist = {
format = with config.base16.defaultScheme.map.ansiStr; {
indent = " "; # default " "
buffer_current = "\${color:,${base02}}\${format_buffer}";
hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})";
hotlist_highlight = "\${color:${base0E}}";
hotlist_low = "\${color:${base03}}";
hotlist_message = "\${color:${base08}}";
hotlist_none = "\${color:${base05}}";
hotlist_private = "\${color:${base09}}";
hotlist_separator = "\${color:${base04}},";
number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }";
};
look.use_items = 4;
{config, ...}: {
home-manager.users.kat.programs.weechat.config.buflist = {
format = with config.base16.defaultScheme.map.ansiStr; {
indent = " "; # default " "
buffer_current = "\${color:,${base02}}\${format_buffer}";
hotlist = " \${color:${base0D}}(\${hotlist}\${color:${base0D}})";
hotlist_highlight = "\${color:${base0E}}";
hotlist_low = "\${color:${base03}}";
hotlist_message = "\${color:${base08}}";
hotlist_none = "\${color:${base05}}";
hotlist_private = "\${color:${base09}}";
hotlist_separator = "\${color:${base04}},";
number = "\${color:${base09}}\${number}\${if:\${number_displayed}?.: }";
};
look.use_items = 4;
};
}

88
nixos/servers/weechat/init.nix
View file

@ -1,46 +1,46 @@
{ config, pkgs, lib, ... }: let
inherit (lib.modules) mkMerge mkBefore mkAfter;
{lib, ...}: let
inherit (lib.modules) mkMerge mkBefore mkAfter;
in {
home-manager.users.kat = { config, ... }: {
sops.secrets = let
common = {
sopsFile = ./secrets.yaml;
};
in {
weechat-secret = common;
liberachat-cert = common;
espernet-cert = common;
softnet-cert = common;
};
programs.weechat = {
init = mkMerge [
(mkBefore ''
/matrix server add kittywitch yukari.gensokyo.zone
/matrix server add kittywitch-discord yukari.gensokyo.zone
/matrix server add kittywitch-telegram yukari.gensokyo.zone
/matrix server add kittywitch-whatsapp yukari.gensokyo.zone
/matrix server add kittywitch-signal yukari.gensokyo.zone
/matrix server add kittywitch-slack yukari.gensokyo.zone
/exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path}
/set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path}
/set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path}
/set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path}
/key bind meta-g /go
/key bind meta-v /input jump_last_buffer_displayed
/key bind meta-c /buffer close
/key bind meta-n /bar toggle nicklist
/key bind meta-b /bar toggle buflist
/relay add weechat 9000
'')
(mkAfter ''
/matrix connect kittywitch
/matrix connect kittywitch-discord
/matrix connect kittywitch-telegram
/matrix connect kittywitch-whatsapp
/matrix connect kittywitch-signal
'')
];
};
home-manager.users.kat = {config, ...}: {
sops.secrets = let
common = {
sopsFile = ./secrets.yaml;
};
in {
weechat-secret = common;
liberachat-cert = common;
espernet-cert = common;
softnet-cert = common;
};
}
programs.weechat = {
init = mkMerge [
(mkBefore ''
/matrix server add kittywitch yukari.gensokyo.zone
/matrix server add kittywitch-discord yukari.gensokyo.zone
/matrix server add kittywitch-telegram yukari.gensokyo.zone
/matrix server add kittywitch-whatsapp yukari.gensokyo.zone
/matrix server add kittywitch-signal yukari.gensokyo.zone
/matrix server add kittywitch-slack yukari.gensokyo.zone
/exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path}
/set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path}
/set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path}
/set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path}
/key bind meta-g /go
/key bind meta-v /input jump_last_buffer_displayed
/key bind meta-c /buffer close
/key bind meta-n /bar toggle nicklist
/key bind meta-b /bar toggle buflist
/relay add weechat 9000
'')
(mkAfter ''
/matrix connect kittywitch
/matrix connect kittywitch-discord
/matrix connect kittywitch-telegram
/matrix connect kittywitch-whatsapp
/matrix connect kittywitch-signal
'')
];
};
};
}

10
nixos/servers/weechat/irc.nix
View file

@ -1,8 +1,8 @@
_: {
home-manager.users.kat.programs.weechat.config.irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
home-manager.users.kat.programs.weechat.config.irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
};
}

44
nixos/servers/weechat/matrix.nix
View file

@ -1,24 +1,24 @@
{ pkgs, ... }: {
home-manager.users.kat.programs.weechat = {
scripts = with pkgs.weechatScripts; [
weechat-matrix
];
plugins = {
python = {
packages = [ "weechat-matrix" ];
};
};
config.matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = {
server_buffer = "independent";
redactions = "notice";
};
};
{pkgs, ...}: {
home-manager.users.kat.programs.weechat = {
scripts = with pkgs.weechatScripts; [
weechat-matrix
];
plugins = {
python = {
packages = ["weechat-matrix"];
};
};
config.matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = {
server_buffer = "independent";
redactions = "notice";
};
};
};
}

6
nixos/servers/weechat/nginx.nix
View file

@ -1,13 +1,13 @@
{ pkgs, ... }: {
{pkgs, ...}: {
services.nginx.virtualHosts."irc.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = { root = pkgs.glowing-bear; };
"/" = {root = pkgs.glowing-bear;};
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
};
};
}
}

48
nixos/servers/weechat/perl.nix
View file

@ -1,25 +1,25 @@
{ pkgs, lib, ... }: {
home-manager.users.kat.programs.weechat = {
plugins = {
perl = {
enable = true;
};
};
scripts = with pkgs.weechatScripts; [
highmon
parse_relayed_msg
];
config.plugins.var.perl = {
highmon = {
short_names = "on";
output = "buffer";
merge_private = "on";
alignment = "nchannel,nick";
};
parse_relayed_msg = {
servername = "espernet";
supported_bot_names = "cord";
};
};
{pkgs, ...}: {
home-manager.users.kat.programs.weechat = {
plugins = {
perl = {
enable = true;
};
};
}
scripts = with pkgs.weechatScripts; [
highmon
parse_relayed_msg
];
config.plugins.var.perl = {
highmon = {
short_names = "on";
output = "buffer";
merge_private = "on";
alignment = "nchannel,nick";
};
parse_relayed_msg = {
servername = "espernet";
supported_bot_names = "cord";
};
};
};
}

143
nixos/servers/weechat/python.nix
View file

@ -1,70 +1,77 @@
{ config, pkgs, std, inputs, lib, ... }: let
inherit (builtins) toJSON;
inherit (std) list set;
{
config,
pkgs,
std,
inputs,
lib,
...
}: let
inherit (builtins) toJSON;
inherit (std) list set;
in {
home-manager.users.kat.programs.weechat = {
plugins = {
python = {
enable = true;
};
};
scripts = with pkgs.weechatScripts; [
colorize_nicks
title
weechat-go
weechat-notify-send
vimode-develop
auto_away
weechat-autosort
urlgrab
unread_buffer
];
config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; {
python = {
vimode = {
copy_clipboard_cmd = "wl-copy";
paste_clipboard_cmd = "wl-paste --no-newline";
imap_esc_timeout = "100";
search_vim = true;
user_mappings = toJSON {
"," = "/buffer #{1}<CR>";
"``" = "/input jump_last_buffer_displayed<CR>";
"`n" = "/input jump_smart<CR>";
"k" = "/input history_previous<CR>";
"j" = "/input history_next<CR>";
"p" = "a/input clipboard_paste<ICMD><ESC>";
"P" = "/input clipboard_paste<CR>";
#"u" = "/input undo<CR>";
#"\\x01R" = "/input redo<CR>";
"\\x01K" = "/buffer move -1<CR>";
"\\x01J" = "/buffer move +1<CR>";
};
user_mappings_noremap = toJSON {
"\\x01P" = "p";
"/" = "i/";
};
user_search_mapping = "?";
mode_indicator_cmd_color_bg = base01;
mode_indicator_cmd_color = base04;
mode_indicator_insert_color_bg = base01;
mode_indicator_insert_color = base04;
mode_indicator_normal_color_bg = base01;
mode_indicator_normal_color = base04;
mode_indicator_replace_color_bg = base01;
mode_indicator_replace_color = base0E;
mode_indicator_search_color_bg = base0E;
mode_indicator_search_color = base04;
no_warn = true;
};
title = {
title_prefix = "weechat - ";
show_hotlist = true;
current_buffer_suffix = " [";
title_suffix = " ]";
};
notify_send.icon = "";
go.short_name = true;
};
};
home-manager.users.kat.programs.weechat = {
plugins = {
python = {
enable = true;
};
};
}
scripts = with pkgs.weechatScripts; [
colorize_nicks
title
weechat-go
weechat-notify-send
vimode-develop
auto_away
weechat-autosort
urlgrab
unread_buffer
];
config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; {
python = {
vimode = {
copy_clipboard_cmd = "wl-copy";
paste_clipboard_cmd = "wl-paste --no-newline";
imap_esc_timeout = "100";
search_vim = true;
user_mappings = toJSON {
"," = "/buffer #{1}<CR>";
"``" = "/input jump_last_buffer_displayed<CR>";
"`n" = "/input jump_smart<CR>";
"k" = "/input history_previous<CR>";
"j" = "/input history_next<CR>";
"p" = "a/input clipboard_paste<ICMD><ESC>";
"P" = "/input clipboard_paste<CR>";
#"u" = "/input undo<CR>";
#"\\x01R" = "/input redo<CR>";
"\\x01K" = "/buffer move -1<CR>";
"\\x01J" = "/buffer move +1<CR>";
};
user_mappings_noremap = toJSON {
"\\x01P" = "p";
"/" = "i/";
};
user_search_mapping = "?";
mode_indicator_cmd_color_bg = base01;
mode_indicator_cmd_color = base04;
mode_indicator_insert_color_bg = base01;
mode_indicator_insert_color = base04;
mode_indicator_normal_color_bg = base01;
mode_indicator_normal_color = base04;
mode_indicator_replace_color_bg = base01;
mode_indicator_replace_color = base0E;
mode_indicator_search_color_bg = base0E;
mode_indicator_search_color = base04;
no_warn = true;
};
title = {
title_prefix = "weechat - ";
show_hotlist = true;
current_buffer_suffix = " [";
title_suffix = " ]";
};
notify_send.icon = "";
go.short_name = true;
};
};
};
}

4
nixos/servers/weechat/urlgrab.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard";
{pkgs, ...}: {
home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard";
}

108
nixos/servers/weechat/weechat.nix
View file

@ -1,56 +1,54 @@
{ config, std, inputs, lib, ... }: let
inherit (std) list set;
in {
home-manager.users.kat = {
services.weechat.enable = true;
programs.weechat = {
enable = true;
config.weechat = with config.base16.defaultScheme.map.ansiStr; {
look = {
mouse = true;
separator_horizontal = "";
read_marker_string = "";
prefix_same_nick = "";
highlight_disable_regex = "signal|discord|telegram|whatsapp";
highlight = "kat,kittywitch";
};
# color overrides
color = {
chat_nick_self = base0E;
separator = base06;
chat_read_marker = base0B;
chat_read_marker_bg = base03;
};
# bars config
bar = {
buflist = {
size_max = 24;
color_delim = base0E;
};
input = {
items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]";
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
nicklist = {
size_max = 18;
color_delim = base0E;
};
status = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion";
conditions = "\${window.buffer.full_name} != perl.highmon";
};
title = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
};
};
{config, ...}: {
home-manager.users.kat = {
services.weechat.enable = true;
programs.weechat = {
enable = true;
config.weechat = with config.base16.defaultScheme.map.ansiStr; {
look = {
mouse = true;
separator_horizontal = "";
read_marker_string = "";
prefix_same_nick = "";
highlight_disable_regex = "signal|discord|telegram|whatsapp";
highlight = "kat,kittywitch";
};
};
}
# color overrides
color = {
chat_nick_self = base0E;
separator = base06;
chat_read_marker = base0B;
chat_read_marker_bg = base03;
};
# bars config
bar = {
buflist = {
size_max = 24;
color_delim = base0E;
};
input = {
items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]";
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
nicklist = {
size_max = 18;
color_delim = base0E;
};
status = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion";
conditions = "\${window.buffer.full_name} != perl.highmon";
};
title = {
color_bg = base02;
color_fg = base06;
color_delim = base0E;
conditions = "\${window.buffer.full_name} != perl.highmon";
};
};
};
};
};
}