kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

style: alejandra, deadnix, statix

Browse source
This commit is contained in:
Kat Inskip 2024-08-03 16:10:47 -07:00
parent 2e7ee0e4ca
commit 17c69c99de
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
78 changed files with 1051 additions and 878 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ci/common.nix
View file

@ -1,5 +1,4 @@
{
lib,
channels,
config,
...
@ -18,10 +17,12 @@
};
};
/*nix.config = {
/*
nix.config = {
extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"];
#extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
};*/
};
*/
channels = {
nixfiles.path = ../.;

11
ci/flake-cron.nix
View file

@ -1,13 +1,10 @@
{
lib,
channels,
config,
...
}:
with lib; let
pkgs = channels.nixpkgs;
in {
imports = [ ./common.nix ];
with lib; {
imports = [./common.nix];
config = {
name = "flake-update";
@ -53,8 +50,8 @@ in {
};
jobs = {
flake-update = { ... }: {
imports = [ ./packages.nix ];
flake-update = {...}: {
imports = [./packages.nix];
};
};

21
ci/nodes.nix
View file

@ -5,11 +5,10 @@
...
}:
with lib; let
pkgs = channels.nixpkgs;
enabledNixosSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "NixOS") channels.nixfiles.systems;
enabledHomeSystems = filterAttrs (_: system: system.config.ci.enable && system.config.type == "Home") channels.nixfiles.systems;
in {
imports = [ ./common.nix ];
imports = [./common.nix];
config = {
name = "nodes";
@ -34,7 +33,8 @@ in {
workflow_dispatch = {};
};
jobs = let
genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" {
genericNixosBuildJob = name: _system:
nameValuePair "nixos-${name}" {
step.${name} = {
name = "build system closure for ${name}";
order = 500;
@ -47,7 +47,8 @@ in {
};
};
};
genericHomeBuildJob = name: system: nameValuePair "home-${name}" {
genericHomeBuildJob = name: _system:
nameValuePair "home-${name}" {
step.${name} = {
name = "build home closure for ${name}";
order = 500;
@ -62,19 +63,23 @@ in {
};
nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems;
homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems;
in nixosBuildJobs // homeBuildJobs;
in
nixosBuildJobs // homeBuildJobs;
};
jobs = let
genericNixosBuildJob = name: system: nameValuePair "nixos-${name}" ({ ... }: {
genericNixosBuildJob = name: _system:
nameValuePair "nixos-${name}" (_: {
#imports = [ ./packages.nix ];
});
genericHomeBuildJob = name: system: nameValuePair "home-${name}" ({ ... }: {
genericHomeBuildJob = name: _system:
nameValuePair "home-${name}" (_: {
#imports = [ ./packages.nix ];
});
nixosBuildJobs = mapAttrs' genericNixosBuildJob enabledNixosSystems;
homeBuildJobs = mapAttrs' genericHomeBuildJob enabledHomeSystems;
in nixosBuildJobs // homeBuildJobs;
in
nixosBuildJobs // homeBuildJobs;
ci.gh-actions.checkoutOptions = {
fetch-depth = 0;

14
ci/packages.nix
View file

@ -1,16 +1,14 @@
{
lib,
config,
channels,
...
}: let
{channels, ...}: let
inherit (channels.nixfiles) legacyPackages;
in {
tasks = {
devShell.inputs = with legacyPackages.x86_64-linux; [
deploy-rs
terraform tflint
alejandra deadnix statix
terraform
tflint
alejandra
deadnix
statix
ssh-to-age
];
};

160
flake.lock generated
View file

@ -1,15 +1,48 @@
{
"nodes": {
"aquamarine": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1721853718,
"narHash": "sha256-QEkCryhEMBW8maWEbwN0LoJIjdt640FviwMeJpghJXM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "353dc1b7299d43f08de44276b93ae32726ff9d70",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "aquamarine",
"type": "github"
}
},
"arcexprs": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1720471472,
"narHash": "sha256-2mq+DpPirJ+0M6fxQYTaXiI7Z+CdKSXjTxoy93stX1g=",
"lastModified": 1721151051,
"narHash": "sha256-TLhFUzwYXvq8UQFho0y6hbBsR2puLWdgPyU8epBrG18=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "0067d9ff3aa5ce2f4e3c64a534494aa2700fcff1",
"rev": "158921b420fe8866b5201f74a0868230bc4b9e9d",
"type": "github"
},
"original": {
@ -131,11 +164,11 @@
]
},
"locked": {
"lastModified": 1720845312,
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"lastModified": 1721719500,
"narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec",
"type": "github"
},
"original": {
@ -310,11 +343,11 @@
]
},
"locked": {
"lastModified": 1720734513,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"lastModified": 1721852138,
"narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e",
"type": "github"
},
"original": {
@ -340,11 +373,11 @@
]
},
"locked": {
"lastModified": 1720108799,
"narHash": "sha256-AxRkTJlbB8r7aG6gvc7IaLhc2T9TO4/8uqanKRxukBQ=",
"lastModified": 1721330371,
"narHash": "sha256-aYlHTWylczLt6ERJyg6E66Y/XSCbVL7leVcRuJmVbpI=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "a5c0d57325c5f0814c39110a70ca19c070ae9486",
"rev": "4493a972b48f9c3014befbbf381ed5fff91a65dc",
"type": "github"
},
"original": {
@ -355,6 +388,7 @@
},
"hyprland": {
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprlang": [
"hyprlang"
@ -372,11 +406,11 @@
]
},
"locked": {
"lastModified": 1720896272,
"narHash": "sha256-8ZiWP+XbyrJ6MOQL0XHiz4OKJNBLnV9avwTesbwMbdc=",
"lastModified": 1721914179,
"narHash": "sha256-rh6YUcOJ1LEWfwFmx5P74moeqOqgMeYpuFMTs1y30ew=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "bc6b0880dda2607a80f000c134f573c970452a0f",
"rev": "33a5c8ce325e1657ec5571b57e05c6378706f4cd",
"type": "github"
},
"original": {
@ -395,11 +429,11 @@
]
},
"locked": {
"lastModified": 1718746314,
"narHash": "sha256-HUklK5u86w2Yh9dOkk4FdsL8eehcOZ95jPhLixGDRQY=",
"lastModified": 1721326555,
"narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "1b61f0093afff20ab44d88ad707aed8bf2215290",
"rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
"type": "github"
},
"original": {
@ -419,11 +453,11 @@
]
},
"locked": {
"lastModified": 1720381373,
"narHash": "sha256-lyC/EZdHULsaAKVryK11lgHY9u6pXr7qR4irnxNWC7k=",
"lastModified": 1721324361,
"narHash": "sha256-BiJKO0IIdnSwHQBSrEJlKlFr753urkLE48wtt0UhNG4=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "5df0174fd09de4ac5475233d65ffc703e89b82eb",
"rev": "adbefbf49664a6c2c8bf36b6487fd31e3eb68086",
"type": "github"
},
"original": {
@ -446,11 +480,11 @@
]
},
"locked": {
"lastModified": 1720707332,
"narHash": "sha256-OpUjVqJIxuouqUMmOAQI63XEOVk5EYyHwFVWdyrUdC8=",
"lastModified": 1721855891,
"narHash": "sha256-S70Pif/SaChwtJwV0K4rUh+pU8kyVtzbGtNtsOQ8geo=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "b407128caeb551ae808cf8d0fb653a252a271709",
"rev": "cf0e975fedcddde897a75c5b6a2a111177b0baad",
"type": "github"
},
"original": {
@ -495,11 +529,11 @@
]
},
"locked": {
"lastModified": 1720545076,
"narHash": "sha256-Pxacc2uoxI00koXp5+CyNqHOTQlqNlK0rlRHDBHX4+g=",
"lastModified": 1721324102,
"narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "6174a2a25f4e216c0f1d0c4278adc23c476b1d09",
"rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github"
},
"original": {
@ -520,11 +554,11 @@
]
},
"locked": {
"lastModified": 1717881334,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=",
"lastModified": 1721324102,
"narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e",
"rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github"
},
"original": {
@ -545,11 +579,11 @@
]
},
"locked": {
"lastModified": 1717881334,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=",
"lastModified": 1721324102,
"narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e",
"rev": "962582a090bc233c4de9d9897f46794280288989",
"type": "github"
},
"original": {
@ -570,11 +604,11 @@
]
},
"locked": {
"lastModified": 1720215857,
"narHash": "sha256-JPdL+Qul+jEueAn8CARfcWP83eJgwkhMejQYfDvrgvU=",
"lastModified": 1721324119,
"narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "d5fa094ca27e0039be5e94c0a80ae433145af8bb",
"rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
"type": "github"
},
"original": {
@ -676,11 +710,11 @@
]
},
"locked": {
"lastModified": 1720834054,
"narHash": "sha256-gpUgy1XJGw8PZuRQlGwxoriIP+8jgUf2Ho9/g6meQHQ=",
"lastModified": 1721870898,
"narHash": "sha256-K3U4emkszxLkPW9LOdkV49IB2hnMrGNcpVDbCclZ+as=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "526acd22f4ac06182ad4ec6346f5c6008590dbab",
"rev": "7161fd4ca148b330c180714e40c7399afca3f97c",
"type": "github"
},
"original": {
@ -696,11 +730,11 @@
]
},
"locked": {
"lastModified": 1720334033,
"narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=",
"lastModified": 1721531260,
"narHash": "sha256-O72uxk4gYFQDwNkoBioyrR3GK9EReZmexCStBaORMW8=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "685e40e1348007d2cf76747a201bab43d86b38cb",
"rev": "b6db9fd8dc59bb2ccb403f76d16ba8bbc1d5263d",
"type": "github"
},
"original": {
@ -711,11 +745,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1720737798,
"narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=",
"lastModified": 1721911538,
"narHash": "sha256-5OrkPJsiZmNe99C6+KX0qx9sphoVLvldFjuqDYAZ8GQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751",
"rev": "d3c993c851ad40bbab7e08d566138ff72cd8744f",
"type": "github"
},
"original": {
@ -756,11 +790,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1720768451,
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github"
},
"original": {
@ -772,11 +806,11 @@
},
"nur": {
"locked": {
"lastModified": 1720908054,
"narHash": "sha256-nRmtu5zaYvzvonEZaQlORbIoZvctVy3P3YraH/ChzG0=",
"lastModified": 1721925701,
"narHash": "sha256-BAKJ7tpE4Ic+KtY1fOBRkXFfZYEpH3d2elEGnCOmNMs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "fc076c6c1c848d6f950303f937b26d202b23d4b0",
"rev": "f769fc25d19d5521a997686ffd66c08a3d23334f",
"type": "github"
},
"original": {
@ -795,11 +829,11 @@
]
},
"locked": {
"lastModified": 1720896694,
"narHash": "sha256-lKInIpVIrI4YOTwbaN6wwQ+EvhL/iVqKhpxcTj4kBhE=",
"lastModified": 1721724566,
"narHash": "sha256-6H+OTxXkOrh3P+15bhkQJY7OaBrQVzx4Pz+pCn6rtIg=",
"owner": "pjones",
"repo": "plasma-manager",
"rev": "809d86d6a8a48b6d71b6ece05eeb5e55f554b396",
"rev": "b967e042896de0f64513d4596e3d1f3eae445d1c",
"type": "github"
},
"original": {
@ -951,11 +985,11 @@
]
},
"locked": {
"lastModified": 1720479166,
"narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=",
"lastModified": 1721688883,
"narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "67035a355b1d52d2d238501f8cc1a18706979760",
"rev": "aff2f88277dabe695de4773682842c34a0b7fd54",
"type": "github"
},
"original": {
@ -1074,11 +1108,11 @@
]
},
"locked": {
"lastModified": 1720787015,
"narHash": "sha256-U3IqoGmIzBKEJ0ihRQ10GRRtdoDBI6Oxl6aiGbUA59A=",
"lastModified": 1721650907,
"narHash": "sha256-2VX/zPeLhGTsHpToFH1gfI+oGNS6m7ZUWWaqwmw3HVY=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "371b5076d718f7f637d3959d0203061f06af1263",
"rev": "6686cbe947cb8b135e229ad2a3447b88d1cf6da9",
"type": "github"
},
"original": {
@ -1103,11 +1137,11 @@
]
},
"locked": {
"lastModified": 1720194466,
"narHash": "sha256-Rizg9efi6ue95zOp0MeIV2ZedNo+5U9G2l6yirgBUnA=",
"lastModified": 1721755049,
"narHash": "sha256-O17b38bQnmfxv7It3OnVYx7fp1seEdI7xxnw5vJFv30=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "b9b97e5ba23fe7bd5fa4df54696102e8aa863cf6",
"rev": "5555f467f68ce7cdf1060991c24263073b95e9da",
"type": "github"
},
"original": {

2
home/environments/hyprland/hyprland.nix
View file

@ -1,6 +1,4 @@
{
config,
lib,
std,
pkgs,
inputs,

2
home/environments/hyprland/hyprlock.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
_: {
programs.hyprlock = {
enable = true;
backgrounds = [

6
home/environments/hyprland/swaylock.nix
View file

@ -1,8 +1,4 @@
{
config,
pkgs,
...
}: {
{pkgs, ...}: {
programs.swaylock = {
enable = true;
package = pkgs.swaylock-effects;

1
home/environments/hyprland/waybar.nix
View file

@ -1,6 +1,5 @@
{
kittywitch,
pkgs,
config,
lib,
...

2
home/environments/kde/kde.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
home.packages = with pkgs.kdePackages; [
kscreen
kwin

2
home/environments/xfce/packages.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
home.packages = with pkgs; [
pavucontrol
];

1
home/environments/xfce/xfconf.nix
View file

@ -25,7 +25,6 @@ _: {
"theme" = "Chicago95";
"notify-location" = "bottom-right";
};
};
enable = true;
};

4
home/profiles/common/sops.nix
View file

@ -1,8 +1,8 @@
{ parent, ... }: {
{parent, ...}: {
sops = {
age.sshKeyPaths = [
"/home/kat/.ssh/id_ed25519"
];
defaultSopsFile = parent.sops.defaultSopsFile;
inherit (parent.sops) defaultSopsFile;
};
}

2
home/profiles/graphical/chromium.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
_: {
# Backup browser! For aliexpress and things.
home.packages = [
#pkgs.ungoogled-chromium

6
home/profiles/graphical/discord.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: let
{
pkgs,
lib,
...
}: let
inherit (lib.generators) toJSON;
in {
home.packages = with pkgs; [

12
home/profiles/graphical/firefox.nix
View file

@ -1,10 +1,4 @@
{
config,
pkgs,
inputs,
nur,
...
}: {
{nur, ...}: {
home.sessionVariables = {
BROWSER = "firefox";
};
@ -154,9 +148,9 @@
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
userChrome = ''
#urlbar {
#urlbar {
font-family: "Monaspace Krypton", monospace;
}
}
'';
};
};

6
home/profiles/shell/ssh.nix
View file

@ -6,8 +6,10 @@ _: {
hashKnownHosts = true;
compression = true;
forwardAgent = true;
/*extraConfig = ''
/*
extraConfig = ''
RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra
'';*/
'';
*/
};
}

2
home/profiles/shell/starship.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
_: {
programs.starship = {
enable = true;
enableZshIntegration = true;

50
modules/nixos/mautrix-slack.nix
View file

@ -1,20 +1,20 @@
{ lib
, config
, pkgs
, ...
}:
let
{
lib,
config,
pkgs,
...
}: let
cfg = config.services.mautrix-slack;
dataDir = "/var/lib/mautrix-slack";
registrationFile = "${dataDir}/slack-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-slack-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json { };
settingsFormat = pkgs.formats.json {};
appservicePort = 29335;
# to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
mkDefaults = lib.mapAttrsRecursive (_n: v: lib.mkDefault v);
defaultConfig = {
homeserver.address = "http://localhost:8448";
appservice = {
@ -35,8 +35,8 @@ let
displayname_template = "{{.RealName}} (S)";
bot_displayname_template = "{{.Name}} (bot)";
channel_name_template = "#{{.Name}}";
double_puppet_server_map = { };
login_shared_secret_map = { };
double_puppet_server_map = {};
login_shared_secret_map = {};
command_prefix = "!slack";
permissions."*" = "relay";
relay.enabled = true;
@ -50,15 +50,13 @@ let
};
};
};
in
{
in {
options.services.mautrix-slack = {
enable = lib.mkEnableOption "mautrix-slack, a Matrix-Signal puppeting bridge.";
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type;
inherit (settingsFormat) type;
default = defaultConfig;
description = ''
{file}`config.yaml` configuration as a Nix attribute set.
@ -113,7 +111,8 @@ in
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
default =
(lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
@ -138,7 +137,6 @@ in
};
config = lib.mkIf cfg.enable {
users.users.mautrix-slack = {
isSystemUser = true;
group = "mautrix-slack";
@ -146,13 +144,13 @@ in
description = "Mautrix-Signal bridge user";
};
users.groups.mautrix-slack = { };
users.groups.mautrix-slack = {};
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ];
settings.app_service_config_files = [registrationFile];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-slack" ];
serviceConfig.SupplementaryGroups = ["mautrix-slack"];
};
# Note: this is defined here to avoid the docs depending on `config`
@ -169,11 +167,11 @@ in
systemd.services.mautrix-slack = {
description = "mautrix-slack, a Matrix-Signal puppeting bridge.";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
wantedBy = ["multi-user.target"];
wants = ["network-online.target"] ++ cfg.serviceDependencies;
after = ["network-online.target"] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ];
path = [pkgs.ffmpeg-headless];
preStart = ''
# substitute the settings file by environment variables
@ -240,12 +238,12 @@ in
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
SystemCallFilter = ["@system-service"];
Type = "simple";
UMask = 0027;
};
restartTriggers = [ settingsFileUnsubstituted ];
restartTriggers = [settingsFileUnsubstituted];
};
};
meta.maintainers = with lib.maintainers; [ kittywitch ];
meta.maintainers = with lib.maintainers; [kittywitch];
}

2
modules/system/deploy.nix
View file

@ -27,7 +27,7 @@ in {
autoRollback = mkOptionDefault true;
magicRollback = mkOptionDefault true;
fastConnection = mkOptionDefault false;
hostname = mkOptionDefault "${name}.inskip.me";
hostname = mkOptionDefault "${name}.tail0b3cc1.ts.net";
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name};

12
modules/system/host.nix
View file

@ -120,10 +120,16 @@ in {
};
home = args: let
renamedArgs = set.rename "specialArgs" "extraSpecialArgs" args;
renamedArgsWithPkgs = renamedArgs // { inherit lib; pkgs = pkgs.${args.system}; };
attrsToRemove = [ "configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system" ];
renamedArgsWithPkgs =
renamedArgs
// {
inherit lib;
pkgs = pkgs.${args.system};
};
attrsToRemove = ["configuration" "username" "homeDirectory" "stateVersion" "extraModules" "system"];
safeArgs = removeAttrs renamedArgsWithPkgs attrsToRemove;
in inputs.home-manager.lib.homeManagerConfiguration safeArgs;
in
inputs.home-manager.lib.homeManagerConfiguration safeArgs;
darwin = inputs.darwin.lib.darwinSystem;
macos = inputs.darwin.lib.darwinSystem;
}

8
nixos/common/access.nix
View file

@ -13,9 +13,11 @@
config.users.users);
};
in {
security.pam.sshAgentAuth.enable = true;
security.sudo.enable = true;
security.pam.services.sudo.sshAgentAuth = true;
security = {
pam.sshAgentAuth.enable = true;
sudo.enable = true;
pam.services.sudo.sshAgentAuth = true;
};
users.users = {
root = commonUser;
deploy =

14
nixos/common/login-notify.nix
View file

@ -1,10 +1,15 @@
{ pkgs, lib, config, ... }: let
{
pkgs,
lib,
config,
...
}: let
inherit (lib.modules) mkAfter mkDefault;
in {
sops.secrets.sshd-environment = {
sopsFile = ./secrets.yaml;
};
security.pam.services.sshd.text = let
security.pam.services.sshd.text = let
notify = pkgs.writeShellScriptBin "notify" ''
export $(cat ${config.sops.secrets.sshd-environment.path} | xargs)
@ -26,7 +31,8 @@ security.pam.services.sshd.text = let
${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$message\"}" $DISCORD_WEBHOOK_LINK
fi
'';
in mkDefault (mkAfter ''
in
mkDefault (mkAfter ''
session required pam_exec.so seteuid ${notify}/bin/notify
'');
'');
}

7
nixos/common/secrets.yaml
View file

@ -1,4 +1,5 @@
sshd-environment: ENC[AES256_GCM,data:lyzzRDxyNzBgrLthPjdJoXgkniCwLXFZE/GMpLlRzeSvAUN6yc8sFYTmvZiCe/t/33Yr5+BtOhAUI5JzTYJ/kc3Dg4ziB4KbHP4ejPtAb6x2UbEHcN6euPogwXR8lpeO9zJE4gWFOHoYJ4bLa1wuCYgbNkjWDYYHGEoWAMVDU6XYRb3riV21WWIQO/DbC7mAgw==,iv:ZysLG3x0wlxuTYnJrGtrTkjjduMoEOyiWWuC1nRIp4I=,tag:mlNO2yo7JkV2O7A2Da+EjQ==,type:str]
tailscale-key: ENC[AES256_GCM,data:FK237Or4qtZGon9tevPh4q568+IUSWxfuG8s2ZNLXWgoa76GoyO+qwCmvXiVibRH1Ljo/LXoNQjb2pYV7w==,iv:UZv+EnlRDOWh86sOFh7ZNryPz1r55u+Dbr/dDL/USjo=,tag:B8DJwPXR/50ARbfyfxPtcw==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -69,8 +70,8 @@ sops:
N0hTL1A1MVE2MldocTFWZzc1OENobkUKUseg2IGSClvmrq6vlnF1sCgYlUaH4Ke0
sDdpVwg1b5WLwbZFeE/Ro1gRY3s+9iDFrU3Rh95R1KmigpMVYz1ILQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-04T21:22:16Z"
mac: ENC[AES256_GCM,data:5obbMHWEPm7KhJGWXpsKvGI99sJCx8hScIbS2vo3Ua0fvTwML8tkC3gsfLwaZ0D3KGHN6qxyjvP8ajIoxRK2Lj6G2FOWo7gmNzw9ULu+kPj53dqbmy/c3EeZU3WFNaRFXiQx0C80k8YFzPXQAkF/X5NdaRYRL6BFvPRRuq83Uds=,iv:EaeI+Z3e/QZIlU+EIGg+9sDFPtcfnVs8TQvvROOujg4=,tag:+P6U0/+b4nkZNob5fJ6pkg==,type:str]
lastmodified: "2024-08-03T22:14:00Z"
mac: ENC[AES256_GCM,data:ACZ3txmEBIUU73JSsJmDDE7+D5oXdAVNN1Dgypl8tgRIGtMFwRpktmhdXON6jHpaWiZ0DBRuvN97SWUbkPbhyMG6PrKRdQHYLdFAocuNFBpX58xIrAclVUjPEbV5bqBU/zPemxj/5sXbiuX8AYSENiAOYhfCxi8SZbNgU4W6xO8=,iv:G2d9ZRTeaNpDfkB3maZzAHYIRKB6ewwjqUQr7RBrNEM=,tag:7y/0gVUJMmyMoiwiLr8Q1g==,type:str]
pgp:
- created_at: "2024-07-04T21:21:19Z"
enc: |-
@ -93,4 +94,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

78
nixos/common/tailscale.nix
View file

@ -1,3 +1,77 @@
_: {
services.tailscale.enable = true;
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.tailscale;
in {
options.services.tailscale = with types; {
advertiseExitNode = mkEnableOption "exit node";
};
config = {
networking.firewall = {
trustedInterfaces = [cfg.interfaceName];
allowedUDPPorts = [cfg.port];
};
systemd.network = {
wait-online.ignoredInterfaces = [cfg.interfaceName];
networks."50-tailscale" = {
networkConfig = {
DNSDefaultRoute = false;
#DNS = "";
};
};
};
services.tailscale.enable = mkDefault true;
sops.secrets.tailscale-key = mkIf cfg.enable {
sopsFile = ./secrets.yaml;
};
systemd.services.tailscale-autoconnect = mkIf cfg.enable rec {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = wants ++ wantedBy;
wants = ["network-pre.target"];
wantedBy = ["tailscaled.service"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
};
# have the job run this shell script
script = let
fixResolved = optionalString config.services.resolved.enable ''
resolvectl revert ${cfg.interfaceName} || true
'';
# https://tailscale.com/kb/1320/performance-best-practices#ethtool-configuration
exitNodeRouting = optionalString cfg.advertiseExitNode ''
netdev=$(${pkgs.iproute2}/bin/ip route show 0/0 | ${pkgs.coreutils}/bin/cut -f5 -d' ' || echo ${config.systemd.network.networks._00-local.name or "eth0"})
${getExe pkgs.ethtool} -K "$netdev" rx-udp-gro-forwarding on rx-gro-list off || true
'';
advertiseExitNode = "--advertise-exit-node" + optionalString (!cfg.advertiseExitNode) "=false";
in
with pkgs; ''
# wait for tailscaled to settle
sleep 5
${fixResolved}
${exitNodeRouting}
# check if we are already authenticated to tailscale
status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)"
if [[ $status = Running ]]; then
# if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${getExe tailscale} up ${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path})
'';
};
};
}

6
nixos/environments/hyprland/xdg-portals.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
inputs,
...
}: {
{pkgs, ...}: {
xdg = {
portal = {
enable = true;

10
nixos/environments/kde/xserver.nix
View file

@ -3,7 +3,11 @@
xclip
wl-clipboard
];
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.desktopManager.plasma6.enable = true;
services = {
xserver = {
enable = true;
displayManager.gdm.enable = true;
};
desktopManager.plasma6.enable = true;
};
}

12
nixos/environments/xfce/xfce.nix
View file

@ -1,6 +1,7 @@
{ pkgs, ... }: {
services.gnome.gnome-keyring.enable = true;
services.xserver = {
{pkgs, ...}: {
services = {
gnome.gnome-keyring.enable = true;
xserver = {
enable = true;
libinput.touchpad = {
tappingButtonMap = "lrm";
@ -14,6 +15,9 @@
displayManager.defaultSession = "xfce";
xkbOptions = "ctrl:nocaps";
};
colord.enable = true;
};
programs.xfconf.enable = true;
environment.systemPackages = with pkgs; [
@ -21,6 +25,4 @@
xfce.xfce4-whiskermenu-plugin
xclip
];
services.colord.enable = true;
}

28
nixos/hardware/oracle_flex.nix
View file

@ -1,14 +1,24 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.supportedFilesystems = [ "xfs" ];
boot.tmp.cleanOnBoot = true;
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
swapDevices = [ { device = "/dev/sda2"; } ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/92B6-AAE1";
fsType = "vfat";
};
"/" = {
device = "/dev/sda3";
fsType = "xfs";
};
};
swapDevices = [{device = "/dev/sda2";}];
boot = {
supportedFilesystems = ["xfs"];
tmp.cleanOnBoot = true;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
kernelModules = ["nvme"];
};
loader = {
grub = {
efiSupport = true;

25
nixos/hardware/oracle_micro.nix
View file

@ -1,13 +1,8 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.tmp.cleanOnBoot = true;
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
boot = {
tmp.cleanOnBoot = true;
loader = {
grub = {
efiSupport = true;
@ -16,6 +11,20 @@
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/1F52-C11D";
fsType = "vfat";
};
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
};
}

2
nixos/profiles/bootable/grub.nix
View file

@ -5,7 +5,7 @@
}: let
inherit (lib.modules) mkIf;
in {
boot.loader = mkIf (config.boot.loader.grub.enable) {
boot.loader = mkIf config.boot.loader.grub.enable {
timeout = null;
grub = {
useOSProber = true;

10
nixos/profiles/gaming/lutris.nix
View file

@ -1,16 +1,16 @@
{pkgs, ...}: {
hardware.opengl = {
driSupport32Bit = true;
};
hardware.opengl.extraPackages = with pkgs; [
hardware.graphics = {
enable32Bit = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
];
hardware.opengl.extraPackages32 = with pkgs; [
extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
driversi686Linux.mesa
];
};
environment.systemPackages = with pkgs; [
(lutris.override {
extraPkgs = pkgs: [

2
nixos/profiles/gaming/minecraft.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{pkgs, ...}: {
programs.java = {
enable = true;
};

2
nixos/profiles/graphical/avahi.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
_: {
services.avahi = {
nssmdns4 = true;
enable = true;

3
nixos/profiles/graphical/packages.nix
View file

@ -8,6 +8,9 @@
dnsutils
usbutils
plexamp
prusa-slicer
super-slicer-beta
chromium
inputs.konawall-py.packages.${pkgs.system}.konawall-py
];
services.udev.packages = [

2
nixos/profiles/graphical/restic.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: {
{config, ...}: {
sops.secrets.restic-password-file = {
sopsFile = ./restic.yaml;
};

6
nixos/profiles/graphical/sound.nix
View file

@ -1,12 +1,6 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [pulsemixer];
sound = {
enable = true;
extraConfig = ''
defaults.pcm.rate_converter "speexrate_best"
'';
};
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;

6
nixos/profiles/secureboot.nix
View file

@ -1,4 +1,8 @@
{pkgs, lib, ...}: let
{
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
in {
environment.systemPackages = with pkgs; [

10
nixos/profiles/server/nix.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: let
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkForce;
in {
nix.gc = {
@ -13,7 +18,8 @@ in {
systemd.services.nix-gc = {
script = let
cfg = config.nix.gc;
in mkForce ''
in
mkForce ''
#!/usr/bin/env bash
set -euo pipefail

29
nixos/profiles/virtualisation/virt-manager.nix Normal file
View file

@ -0,0 +1,29 @@
{pkgs, ...}: {
users.users.kat.extraGroups = ["libvirtd"];
environment.systemPackages = with pkgs; [
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
adwaita-icon-theme
];
services.spice-vdagentd.enable = true;
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
spiceUSBRedirection.enable = true;
};
}

9
nixos/servers/matrix/cleanup.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
};
@ -17,8 +21,7 @@
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy =
[ "timers.target" ];
wantedBy = ["timers.target"];
};
};
}

2
nixos/servers/matrix/discord.nix
View file

@ -1,6 +1,6 @@
{config, ...}: {
services.mx-puppet-discord = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
settings = {
bridge = {
bindAddress = "localhost";

2
nixos/servers/matrix/signal.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./signal.yaml;
};
services.mautrix-signal = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-signal-environment.path;
settings = {
homeserver = {

2
nixos/servers/matrix/slack.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./slack.yaml;
};
services.mautrix-slack = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-slack-environment.path;
settings = {
homeserver = {

2
nixos/servers/matrix/telegram.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./telegram.yaml;
};
services.mautrix-telegram = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-telegram-environment.path;
settings = {
homeserver = {

2
nixos/servers/matrix/whatsapp.nix
View file

@ -3,7 +3,7 @@
sopsFile = ./whatsapp.yaml;
};
services.mautrix-whatsapp = {
enable = config.services.matrix-synapse.enable;
inherit (config.services.matrix-synapse) enable;
environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path;
settings = {
homeserver = {

4
nixos/servers/monica/monica.nix
View file

@ -1,8 +1,8 @@
{ config, ... }: {
{config, ...}: {
sops.secrets.monica_appkey = {
sopsFile = ./secrets.yaml;
owner = config.services.monica.user;
group = config.services.monica.group;
inherit (config.services.monica) group;
};
services.monica = {
enable = true;

6
nixos/servers/rustdesk.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
services.rustdesk-server = {
enable = true;
relayIP = "100.89.32.57";
};
}

2
nixos/servers/tt-rss/service.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: {
_: {
services.tt-rss = {
enable = true;
virtualHost = "rss.kittywit.ch";

2
nixos/servers/weechat/buflist.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: {
{config, ...}: {
home-manager.users.kat.programs.weechat.config.buflist = {
format = with config.base16.defaultScheme.map.ansiStr; {
indent = " "; # default " "

4
nixos/servers/weechat/init.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: let
{lib, ...}: let
inherit (lib.modules) mkMerge mkBefore mkAfter;
in {
home-manager.users.kat = { config, ... }: {
home-manager.users.kat = {config, ...}: {
sops.secrets = let
common = {
sopsFile = ./secrets.yaml;

4
nixos/servers/weechat/matrix.nix
View file

@ -1,11 +1,11 @@
{ pkgs, ... }: {
{pkgs, ...}: {
home-manager.users.kat.programs.weechat = {
scripts = with pkgs.weechatScripts; [
weechat-matrix
];
plugins = {
python = {
packages = [ "weechat-matrix" ];
packages = ["weechat-matrix"];
};
};
config.matrix = {

4
nixos/servers/weechat/nginx.nix
View file

@ -1,9 +1,9 @@
{ pkgs, ... }: {
{pkgs, ...}: {
services.nginx.virtualHosts."irc.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = { root = pkgs.glowing-bear; };
"/" = {root = pkgs.glowing-bear;};
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;

2
nixos/servers/weechat/perl.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: {
{pkgs, ...}: {
home-manager.users.kat.programs.weechat = {
plugins = {
perl = {

9
nixos/servers/weechat/python.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, std, inputs, lib, ... }: let
{
config,
pkgs,
std,
inputs,
lib,
...
}: let
inherit (builtins) toJSON;
inherit (std) list set;
in {

2
nixos/servers/weechat/urlgrab.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
{pkgs, ...}: {
home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard";
}

4
nixos/servers/weechat/weechat.nix
View file

@ -1,6 +1,4 @@
{ config, std, inputs, lib, ... }: let
inherit (std) list set;
in {
{config, ...}: {
home-manager.users.kat = {
services.weechat.enable = true;
programs.weechat = {

3
overlays.nix
View file

@ -2,8 +2,7 @@
inputs,
tree,
...
}:
[
}: [
(final: prev: inputs.arcexprs.overlays.default final prev)
inputs.darwin.overlays.default
inputs.deploy-rs.overlay

10
packages/mautrix-slack.nix
View file

@ -1,5 +1,9 @@
{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }:
{
lib,
buildGoModule,
fetchFromGitHub,
olm,
}:
buildGoModule rec {
pname = "mautrix-slack";
version = "2024-05-01";
@ -23,7 +27,7 @@ buildGoModule rec {
homepage = "https://github.com/mautrix/slack";
description = "A Matrix-Slack puppeting bridge";
license = licenses.agpl3Plus;
maintainers = with maintainers; [ kittywitch ];
maintainers = with maintainers; [kittywitch];
mainProgram = "mautrix-slack";
};
}

11
packages/synapse-cleanup/cleanup.sh
View file

@ -41,7 +41,7 @@ main() {
if [[ -z "$HOMESERVER" || -z "$API_ID" || -z "$DISCORD_WEBHOOK_LINK" ]]; then
send_discord_message "Error: HOMESERVER, API_ID, and DISCORD_WEBHOOK_LINK must be set."
exit 1
fi
}
# Initial sizes and usage
local db_before_size=$(get_db_size)
@ -59,7 +59,7 @@ main() {
"https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json"
jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt"
jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt"
jq -c '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt"
local ts=$(( $(date --date="${MONTHS_TO_KEEP} month ago" +%s)*1000 ))
@ -74,15 +74,18 @@ main() {
-H "Content-Type: application/json" -d "{}" \
"https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}"
fi
done < <(jq -r '.[]' "${TEMPDIR}/to_purge.txt")
done < "${TEMPDIR}/to_purge.txt"
send_discord_message "Deleting unnecessary room history"
while read -r room_id; do
room_id=$(echo "$room_id" | tr -d '"') # Remove quotes if present
if [ -n "${room_id}" ]; then
curl --header "Authorization: Bearer ${API_ID}" -X POST \
-H "Content-Type: application/json" \
-d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" \
"https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}"
done < <(jq -r '.[]' "${TEMPDIR}/history_purge.txt")
fi
done < "${TEMPDIR}/history_purge.txt"
send_discord_message "Performing database optimization"
systemctl stop matrix-synapse

1
shells/repo.nix
View file

@ -2,7 +2,6 @@
pkgs,
inputs,
std,
lib,
...
}:
with pkgs; let

5
systems/daiyousei.nix
View file

@ -1,12 +1,9 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
}: {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")

6
systems/default.nix
View file

@ -1,8 +1,10 @@
{ inputs,
{
inputs,
tree,
lib,
std,
pkgs, }: let
pkgs,
}: let
# The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain.
inherit (lib.modules) evalModules;
inherit (std) set;

12
systems/fullhome.nix
View file

@ -1,14 +1,6 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
imports =
with tree.home.profiles; [
hostConfig = {tree, ...}: {
imports = with tree.home.profiles; [
common
devops
graphical

1
systems/goliath.nix
View file

@ -3,7 +3,6 @@ _: let
config,
lib,
tree,
pkgs,
...
}: let
inherit (lib.lists) singleton;

25
systems/koishi.nix
View file

@ -1,11 +1,5 @@
_: let
hostConfig = {
tree,
pkgs,
lib,
inputs,
...
}: {
hostConfig = {tree, ...}: {
imports =
(with tree.nixos.hardware; [
framework
@ -17,6 +11,7 @@ _: let
laptop
bcachefs
sdr
virtualisation
secureboot
])
++ (with tree.nixos.environments; [
@ -52,23 +47,25 @@ _: let
IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh
'';
nix.buildMachines = [
nix = {
buildMachines = [
{
hostName = "daiyousei-build";
system = "aarch64-linux";
protocol = "ssh-ng";
maxJobs = 100;
speedFactor = 1;
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
mandatoryFeatures = [ ];
supportedFeatures = ["benchmark" "big-parallel" "kvm"];
mandatoryFeatures = [];
}
];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
};
# optional, useful when the builder has a faster internet connection than yours
services.printing.enable = true;
services.hardware.bolt.enable = true;

5
systems/mai.nix
View file

@ -1,12 +1,9 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
}: {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")

6
systems/mei.nix
View file

@ -1,12 +1,9 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
}: {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
@ -18,6 +15,7 @@ _: let
oracle_micro
])
++ (with tree.nixos.servers; [
rustdesk
]);
system.stateVersion = "23.11";

1
tf/dork-pages.tf
View file

@ -27,6 +27,7 @@ resource "cloudflare_pages_domain" "dorkdev_root" {
account_id = local.account_id
project_name = "dorkdev"
domain = local.zones.dork
}
resource "cloudflare_record" "dorkdev_root_pages" {

2
tf/inskip-pages.tf
View file

@ -38,6 +38,6 @@ resource "cloudflare_record" "inskip_root_pages" {
proxied = false
ttl = 3600
type = "CNAME"
value = "${cloudflare_pages_project.inskip_root.name}.pages.dev"
value = cloudflare_pages_project.inskip_root.subdomain
zone_id = local.zone_ids.inskip
}

0
tf/tf.tfvars Normal file
View file