kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: searx, nixpkgs update, vintagestory, katslime

Browse source
This commit is contained in:
Kat Inskip 2026-01-29 17:06:46 -08:00
parent 840765fe8a
commit 658d0434c8
24 changed files with 719 additions and 276 deletions
Download patch file Download diff file Expand all files Collapse all files

598
flake.lock generated
View file

File diff suppressed because it is too large Load diff

9
flake.nix
View file

@ -81,6 +81,10 @@
flake-parts.follows = "flake-parts";
};
};
kusachi = {
url = "github:kittywitch/kusachi";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae-rbw = {
url = "github:kittywitch/vicinae-rbw";
flake = false;
@ -367,10 +371,9 @@
flake-compat.follows = "flake-compat";
};
};
hyprland.url = "github:hyprwm/Hyprland/6712fb954f2e4f701878b97f19b7185a2cd0e192";
hyprland.url = "github:hyprwm/Hyprland";
hy3 = {
#url = "github:outfoxxed/hy3?ref=33fb5c01f192c0b1b6c1ab29f4a38e4bdfc85427";
url = "github:Immelancholy/hy3/update-to-m_reserved_area";
url = "github:outfoxxed/hy3";
inputs.hyprland.follows = "hyprland";
};
# a bunch of modules (also arcnmx is good)

22
hardware-configuration.nix
View file

@ -1,22 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/data/subvol-103-disk-0";
fsType = "zfs";
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

19
home/environments/hyprland/window-rules.nix
View file

@ -2,19 +2,12 @@ _: {
wayland.windowManager.hyprland.settings = {
windowrule = [
"match:initial_class AlacrittyFloating, float on"
];
windowrulev2 = [
"suppressevent fullscreen, class:steam_app_default, content game"
"suppressevent maximize, class:.*"
"tile, class:battle\.net\.exe"
"renderunfocused, class:discord, initialTitle:Discord"
"unset, title:Wine System Tray"
"workspace special:hidden silent, title:Wine System Tray"
"noinitialfocus, title:Wine System Tray"
"no_follow_mouse, class:Unity"
"match:initial_class battle\.net\.exe tile on workspace special:hidden silent"
"match:initial_class discord renderunfocused"
"match:initial_title \"Wine System Tray\" unset"
"match:initial_class Unity no_follow_mouse on"
"match:initial_class steam focusonactivate off suppressevent activate"
"match:initial_class steam_app_default match:content 3 suppressevent fullscreen"
];
};
}

11
home/profiles/graphical/discord.nix
View file

@ -7,9 +7,6 @@
frameless = true;
plugins = {
# Shared
betterFolders = {
enable = true;
};
callTimer = {
enable = true;
};
@ -30,8 +27,6 @@
tagsList = {
};
};
mutualGroupDMs.enable = true;
pinDMs.enable = true;
platformIndicators = {
enable = true;
};
@ -46,7 +41,6 @@
viewIcons.enable = true;
youtubeAdblock.enable = true;
# Equicord
amITyping.enable = true;
anammox = {
enable = true;
billing = true;
@ -54,15 +48,10 @@
gift = true;
serverBoost = true;
};
betterUserArea = {
enable = true;
};
channelTabs.enable = true;
equicordToolbox.enable = true;
globalBadges.enable = true;
moreKaomoji.enable = true;
noNitroUpsell.enable = true;
recentDmSwitcher.enable = true;
statusPresets = {
enable = true;
statusPresets = {

18
home/profiles/graphical/librewolf/main.nix
View file

@ -18,6 +18,24 @@
enable = true;
profiles = {
main = {
search = {
engines = {
searxng = {
name = "Kat SearxNG";
urls = [
{
template = "https://search.kittywit.ch/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
iconMapObj."16" = "/static/themes/simple/img/favicon.png";
definedAliases = [ "@searx" ];
}
];
};
};
default = "searxng";
};
id = 0;
isDefault = true;
containersForce = true;

4
nixos/profiles/dev/packages.nix
View file

@ -1,7 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
ida-pro-kat
android-studio
#ida-pro-kat
#android-studio
bingrep
hexyl
jwt-cli

1
nixos/profiles/gaming/quest.nix
View file

@ -2,7 +2,6 @@
environment.systemPackages = with pkgs; [
gsettings-desktop-schemas
];
programs.adb.enable = true;
users.users.kat.extraGroups = ["adbusers"];
services.udev.extraRules = ''
SUBSYSTEM=="usb",ATTR{idVendor}=="2833",ATTR{idProduct}=="0186",MODE="0660",GROUP="adbusers",TAG+="uaccess",SYMLINK+="android",SYMLINK+="android%n"

5
nixos/profiles/gaming/vintagestory.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }: {
environment.systemPackages = [
pkgs.vintagestory
];
}

12
nixos/profiles/gaming/vr.nix
View file

@ -7,14 +7,11 @@
inherit (lib.lists) singleton;
inherit (lib.meta) getExe';
in {
systemd.user.services.wlx-overlay-s = {
description = "wlx-overlay-s";
path = [
pkgs.wayvr-dashboard
];
systemd.user.services.wayvr = {
description = "wayvr";
serviceConfig = {
Type = "simple";
ExecStart = getExe' pkgs.wlx-overlay-s "wlx-overlay-s";
ExecStart = getExe' pkgs.wayvr "wayvr";
};
};
programs.steam.extraPackages = with pkgs.gst_all_1; [
@ -82,8 +79,7 @@ in {
};
environment.systemPackages = with pkgs; [
wlx-overlay-s
wayvr-dashboard
wayvr
monado-vulkan-layers
bs-manager
vrcx

3
nixos/profiles/graphical/dns.nix
View file

@ -14,8 +14,5 @@ in {
enable = false;
domains = ["~."];
dnssec = "false";
extraConfig = ''
DNSOverTLS=yes
'';
};
}

2
nixos/profiles/graphical/infra.nix
View file

@ -35,7 +35,7 @@ in {
};
*/
dns = {
enable = mkDefault true;
enable = mkDefault false;
};
monitoring = {
enable = mkIf config.gensokyo-zone.access.local.enable (mkDefault true);

2
nixos/profiles/performance/kernel.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {
#boot.zfs.package = pkgs.zfs_cachyos;
boot.zfs.package = pkgs.zfs_unstable;
#boot.kernelPackages = pkgs.linuxPackages_cachyos;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable;
}

13
nixos/servers/dorkdev.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, inputs, ... }: let
domain = "dork.dev";
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
root = inputs.kusachi.packages.x86_64-linux.kusachi-site;
};
};
};
}

4
nixos/servers/mail/mail.nix
View file

@ -6,7 +6,7 @@
enable = true;
stateVersion = 3;
fqdn = "rinnosuke.inskip.me";
domains = ["dork.dev" "kittywit.ch" "inskip.me"];
domains = ["dork.dev" "kittywit.ch" "inskip.me" "katsli.me"];
fullTextSearch.enable = true;
@ -19,11 +19,13 @@
"@dork.dev"
"@inskip.me"
"@kittywit.ch"
"@katsli.me"
];
catchAll = [
"dork.dev"
"inskip.me"
"kittywit.ch"
"katsli.me"
];
};
};

54
nixos/servers/searxng/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, lib, ... }: let
domain = "search.kittywit.ch";
cfg = config.services.searx;
in {
sops.secrets.searx-env = {
sopsFile = ./secrets.yaml;
};
systemd.services.nginx.serviceConfig.SupplementaryGroups = [ "searx " ];
services = {
searx = {
enable = true;
configureUwsgi = true;
redisCreateLocally = true;
settings = {
server.secret_key = "$SEARXNG_SECRET";
};
environmentFile = config.sops.secrets.searx-env.path;
};
uwsgi.instance.vassals.searx = {
socket = "/run/searx/uwsgi.sock";
chmod-socket = "660";
};
nginx.virtualHosts.${domain} = {
listen = let
addrs = ["100.73.129.88" "[fd7a:115c:a1e0::5634:8158]"];
in map (addr:
{
port = 443;
ssl = true;
inherit addr;
}) addrs;
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
recommendedProxySettings = true;
recommendedUwsgiSettings = true;
uwsgiPass = "unix:${config.services.uwsgi.instance.vassals.searx.socket}";
extraConfig = # nginx
''
uwsgi_param HTTP_HOST $host;
uwsgi_param HTTP_CONNECTION $http_connection;
uwsgi_param HTTP_X_SCHEME $scheme;
uwsgi_param HTTP_X_SCRIPT_NAME ""; # NOTE: When we ever make the path configurable, this must be set to anything not "/"!
uwsgi_param HTTP_X_REAL_IP $remote_addr;
uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
'';
};
"/static/".alias = lib.mkDefault "${cfg.package}/share/static/";
};
};
};
}

137
nixos/servers/searxng/secrets.yaml Normal file
View file

@ -0,0 +1,137 @@
searx-env: ENC[AES256_GCM,data:SN6klLp/1NN/Hryet/hFLu0SOtfHPkUCOI02kLRNlQR648dE8UrphDKSIYG0J2VLw7bE9XrykY4FxhK5LdBtg8FCGac/Kkmal7zXEbNLCMo=,iv:uTDs08pTR33HPlAgLWXiGHmsczACx6sar0XbKMYpG+I=,tag:5p8mMaGrjWqv0oLoxuEynA==,type:str]
sops:
shamir_threshold: 1
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbTNnWit5R2EvNmdZcmJD
c0V6ekNwNUF5bEFjL2xrZUU0eHBDRG1UbFdnCk1CLzY0cGhhUjRJbzFwNFVwL3FY
RmJ3b3A2dGEzNTFYUDFKWVZKZnF5a1kKLS0tIFFQMnFOeTF5dmtPWUcxd05FazFq
b2JFZU5ORE9kOFBpNzM1SmlaeGtNSW8KD16YQNXKJse7rj+FBkZ0D2RM2BpcNThI
m8D5n/tLUZ0OjVh37FLYtqXnhqKlw4PXJyZ59WkSZLLvXuiM++9g8g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGS29nZ09SY1l4VVNqS1BN
YnF4SnlOdm1YK3ZOZzU3b0xBNEUrMlFvZVVZCnNyYjBERGZSSkVJbExvMDQvekVC
ODJxZXBQZVk1VnBBVi93SHZoTEZCMTQKLS0tIExCUWc5UG0rYlM2RmNHb3A3QXVo
VmNJSFROL1NtRVN4cFZlY2lUTjFIWVEK770h7Sk2fl1f3UHKUSj/MkhfGy1Wy554
biEzP7B++CDtmCyFTGxPlW3dD7+fC9SM1/1CN04zu8xIi9lDdpJP3A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a0m73qr8hhuz8xemv4vymf4wmpghm2hst8wgrn3pn65ext5mf4ksk0vsdm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRThSRWNZWTdMRzFXRWla
dHZpUGlsWnBJYXNiVjRIMEpSNjl1RzkycVZ3CmtFL0M2aHA5dHkxQkxEVmFQcVJ6
Z3FGREdEajlocEYyUnJZSksxL3g4WmcKLS0tIFlMVXdDbThmZGMvaGZhNEQwdm1Q
ckllR2xoYi94R3JOd2FKWjFTMDN6cU0KVjQQhC31JTmsckuY/ZV+mn4UT7mDjEQN
ne8ww4s+IhZaMLZVcZpOcqCsllfWHI0kGXhLLJa84E1AROvrfJh55Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaW5hZHRBM1VtekV4MU93
RHpKQ2prR09ObUJwVjZlWWtGZ1ZodDlGQ0Q0Ci9sbXJNbzhDS0ZxL3M0ZlNpcUU5
Z3g4Q3NheFJrQVo5eUNLam5uWUllLzgKLS0tIGR1WTQxLzAvQXArMmpMNGtKNXor
dHVIYnQyMGRBejhTQnlianZoTEcrZXMKYSzBcWH8FqqRzf3a5emets+wjbLLUpsc
UFet4jSGJP5eJXD3rQk1EIMdi2MxFUzjq/nl7jwqVAVR46XCrbJQ7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZnhBR2QyZ2ltMG1MM056
Yy9Eb2hmakpzZmU1VUllZUw3azUzd0tPeW40CjkwV3NlUVhPOUhra3pQVkxFdmZo
MFFOWmpEbUd4b0Jzb1NGNDRrQmhtRzAKLS0tIHZBWGpxdm11aVdYcmp0dm4wMUxD
ZXNCLzgzeG56WUhPb2ZIUFF4eWR1L2MKIUgIfb31zqiVncpj2Vu2dueAMbMhL8EC
T1TDy58V24DvV4z+wzfHPwKJYHX90dc6G3Gl2C5Yd2Yqm44EacsztA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSDYwcVJSRy8yQmVWQVpW
dmVCMTJLME9IekVxTnZVYTJpRzZGbEwwNUFVClFyNVlZYjRhTlpXVXh5bUpBUW1l
THRKRytnV2NVaEo0ZkEwOEtCOXR2cUkKLS0tIEFSeFJtL2ZmelJaWW05WnJXNG52
Sk9ZaitMcWlPU3ZZeitnZDlMVmJLYzgKlUsyPYCotrD9hCuv/9DWaErtolKgXTg5
+kADH2LEiJqzwG9rhzQw+uCQBm3Qn5CU/ndVqT4cDpeTkg6LivP9Hw==
-----END AGE ENCRYPTED FILE-----
- recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aFJxTGxRRDI5MlJZZ1dB
aEYrVEJGQ2RQYy84ZzRsWk4vK3VoZ2NDSUZjCk5vdzFoUXBQR1BvNE93dE1pYUhO
QmNSQzN1eG5Dcjh0UDloNklHWFYyZ2cKLS0tIFlWc2QyYXJGVW52THRueVMvUDRX
NzA4VUlWRkxseHlvdG1ib0dyait1QlEKHZ9PjxcwRUKC026Ck7Gw5V35EdIc9fym
bCH4h7I/KfVgH+oBKiwGYkwinmSqQXb+rWVGORBFMkxzqZjIXU4fWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rt0ngkum32wt6l2wnyr40hmwd9ulmzqfarg5vk62zqp0uvj4lyuqd2atgq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwU0tTK3M2SHFVU2tEdU8v
Z1VxVkxOR3VyWWd3UGkwMXdQdC9UZEgyREdRCkhJdDdUdjhQVDY1MXgrZEFmN0JU
N1pHK0djUnpWZFpLN0FzaWNRZ3FJaVEKLS0tIFVDWWRIOUVQcm5udXZUa1p6VHlm
SUFoZ3MxTGorVWxMbDRNS2pFQ2RlSU0KIz/9bdnkzIni5/2P2zcvrJotv+DHV7rB
rLoXjLNECGB6Uj0p5imqGNLmHGI8VFxABpK7xIx4ANI9xRBPAT7FGg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOHJVaDYzaUJ2RysxMzlz
TDhwa3lSK3h4blhFOUhpMm9ESTQ1cVlaK0dBCjdxTTV4Qy91eXNESnpIY3RBREdK
bHlQeE15cEx0R2tYU3JBMStlMys4QjgKLS0tIDIwakhTNWsvbWFHc0F2MGdGdDd2
eFZmS2NKdWpIRDVpOW9TNGJNZGxEOFkKOqK4s64AXIlXCwWM3XZWrs2J9YI1K4qb
MEy7IToJwkV7Obhf3XH/OrmnAkTa8RvIiAp6xcayOzJ5dyp2WbND0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rjldv3fn3q686647exmcukthr32gmp6s3axs0lhyenvru9ajp9rs24ukvz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMTJndExyWXVieFhvOWhk
ZUFZQ2JBa1Zmank5K3JKU3ZmSjZYYWFOdmo4CnlQMFJxTmNGZWlsWnZhOFYzRVNm
ckpQRjJtbVY2MmRZMld3c0I4SEhwdjQKLS0tIHhLVm9VL3Q3cUVRZlkrc1IyYnBQ
cVlYNUpCdGNnN1J2VHJWVjcydHIrK0kKAT67m/3scZzYSi/z+PgvLs33RpfpmuYz
9vVQ9ONRmZLboagm2sJPgUkJVaVoLCaAQDVa4XLThpVEEp7zgsQCig==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p9v6xaujkdat2tsc2mc4gxpg9hjr4suvwryuat95z2c53xhsyfxq0gf594
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTEF1RTJaVko0UGxvUGdE
ZEd2QmlzeFhNVXlaTHFPandoREpKUjdTZlRZCmdsclFDaWJrOEhwcnFremo2Ymx6
YVFTdHVuSnFRSU1RcWUxQVRBanN1enMKLS0tIEJ3WmZtVmdVakZocXA2YkpWN3pw
MkNMWEFucHp0Rnp4RzBTa1ZpUWNGbDAKIQia/KWjx+EEY20B8qRYWOSw2wYEGqi6
W1Z/yR5bu4Y6xQveTR13E9UwWFjsdd4y3UTBr1lXwJViAaELnY0LYw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nxgmdahcjhmtrf7q66jep55cjdcw6tfpw722jr4gytaykgf89ugqxufgyd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c2tRYnNyVGZwTCtXN3Nv
SUxjZVJlQVh6RU9MSjJjVkliMEI3WDZNWEdrCmJNWWxFcmZqamowUDR3aE1vZFVo
aXVNZ1VrOUdHeXBhMTRYbUZWWlZ0aUEKLS0tIHpVekJidlFnMzJ4M3l1MzhEQVc3
MjA5MmZwcWpuTUJMdDQ2aEE2UXlXcEEK8g4fyXpelh/HXzRWwBQzXV7fD7uXcG67
2ZT9+SrDyPqJX19MeOaRz1GrByCnvRSm5bJhQpl8bzLZWGPnKkHE0Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-29T22:22:37Z"
mac: ENC[AES256_GCM,data:zx3ouEx2Z4hJd/URBG6VSwQHg5PvRkBHniL+PfDoKPkLl/9X+XQqnYFgJhmnmpbt86SQs2QE8z2pr+V/X1d7QmB+mEni7EHibfj4D90cS/PYNUaadfA4OZo0oQ2DFp7KrSODO+KBpjWOslxYQZp7bqc6poSBfhldF+qTB4VxL4U=,iv:ZPTOYsmbR6h+++NEORtS/fg9VY8NjuU/lBcHHwxvcRM=,tag:P060lZssXo9QZHEJq6czJA==,type:str]
pgp:
- created_at: "2026-01-29T22:21:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAidMC+AnJC5aE8eXPv37kk5Sr/wlfPAgqvPSaO9dWadOW
oziaahw+TZAl8lFZbxjImJ9oMd/cjSgD8v8rboEgziKe3bKHsBVuvUFjnvwAL+2p
tUiihE1Vmeb6XOOUEZ37cgvddTxya8qEOgfIZq3YfTGRkj7hs+eZSt98Y0+6LP0l
+VJs5IqiyVzva3/oKFiOOrQ17BJ75z2EGs9hfY6Fz4LNPxRq6abA/8LAMGFIlE9K
adx+X7Qz6s/Z++qMZrUJV+K/D8QH9lvSTranaXbIc2KOjGo7QhxSCHAF4yXotGs9
fljPSFmyFZlVkOA2cHJKbU2gN8H70TSpmWFESJ7ZT5uGeqAuG+lVpOB4F9eeTZwa
jHUxhu33Px5HsLXoJN7tz1qYhw0EFZQLzfN+S1OMYAcJsGACfw+3BeAuGOr1SiWV
R/lP6fPszO4M8hUtWFlIYV9myGonbvxQF3Lu816TsinfzX/WfWJUwsdTYXftuccg
XPD4HlfsmapdYo4MHiHXzGJIh7SiX1i0Jkvy9fb7TBu3Ucul1AZyhg5yLGSmqOXW
wUM3rwWJVB5oniIDz048qhqubukzRrqTD1NbhNh24xlzauTV4GZ0BzWI4maKjTv5
5UBGMegL6I/COCNMgaZeIZkdS/JnuXiibJWFDurMwWosoXcYRYYsTRFX1X+TLJzS
XgFVc6SnWJbMFNg7ueoWcDgSPsymuUqsqGokUFINcBAsYcM1zV8iuYeiqGTzwL0h
BL7w0VeWdFETSEKSMeb9qov9+6dAxdypRMWaqKnWKGAtQRNEsET8p3Ac6Pbxq94=
=QAcT
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.11.0

1
nixos/servers/web/acme.nix
View file

@ -5,6 +5,7 @@
}: {
security.acme = {
defaults = {
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.sops.secrets.acme_credentials.path;
email = lib.mkDefault "acme@inskip.me";

8
systems/goliath.nix
View file

@ -71,6 +71,11 @@ _: let
common-gpu-nvidia-nonprime
]);
programs.virt-manager.enable = true;
users.groups.libvirtd.members = [ "kat" ];
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
home-manager.users.kat = {
programs = {
obs-studio.package = pkgs.obs-studio.override {
@ -190,6 +195,7 @@ _: let
"ELECTRON_OZONE_PLATFORM_HINT,auto"
"LIBVA_DRIVER_NAME,nvidia"
"__GLX_VENDOR_LIBRARY_NAME,nvidia"
"__NV_DISABLE_EXPLICIT_SYNC,1"
"NIXOS_OZONE_WL,1"
"QT_QPA_PLATFORM,wayland;xcb"
];
@ -253,6 +259,8 @@ _: let
drives.swap.result
];
networking.firewall.trustedInterfaces = ["tailscale0"];
environment.systemPackages = with pkgs; [
kdePackages.qttools
ledfx

2
systems/rinnosuke.nix
View file

@ -17,6 +17,8 @@ _: let
continuwuity
prosody
web
dorkdev
searxng
]);
boot = {

10
tf/cloudflare-zones.tf
View file

@ -4,11 +4,13 @@ locals {
dork = "dork.dev"
inskip = "inskip.me"
kittywitch = "kittywit.ch"
katslime = "katsli.me"
}
zone_ids = {
dork = cloudflare_zone.dork_zone.id
inskip = cloudflare_zone.inskip_zone.id
kittywitch = cloudflare_zone.kittywitch_zone.id
katslime = cloudflare_zone.katslime_zone.id
}
}
@ -35,3 +37,11 @@ resource "cloudflare_zone" "kittywitch_zone" {
type = "full"
zone = local.zones.kittywitch
}
resource "cloudflare_zone" "katslime_zone" {
account_id = local.account_id
paused = false
plan = "free"
type = "full"
zone = local.zones.katslime
}

3
tf/dork-pages.tf
View file

@ -50,6 +50,7 @@ resource "cloudflare_record" "dorkdev_root_pages" {
proxied = false
ttl = 3600
type = "CNAME"
value = "${cloudflare_pages_project.dorkdev.name}.pages.dev"
# value = "${cloudflare_pages_project.dorkdev.name}.pages.dev"
value = "rinnosuke.inskip.me"
zone_id = local.zone_ids.dork
}

55
tf/services.tf
View file

@ -127,6 +127,16 @@ resource "cloudflare_record" "kittywitch_mail_mx" {
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "katslime_mail_mx" {
name = "@"
proxied = false
ttl = 3600
type = "MX"
priority = 10
value = "rinnosuke.inskip.me"
zone_id = local.zone_ids.katslime
}
resource "cloudflare_record" "dork_mail_spf" {
name = "@"
proxied = false
@ -154,6 +164,15 @@ resource "cloudflare_record" "kittywitch_mail_spf" {
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "katslime_mail_spf" {
name = "@"
proxied = false
ttl = 10800
type = "TXT"
value = "v=spf1 a:rinnosuke.inskip.me -all"
zone_id = local.zone_ids.katslime
}
resource "cloudflare_record" "dork_mail_dkim" {
name = "mail._domainkey"
proxied = false
@ -181,7 +200,14 @@ resource "cloudflare_record" "kittywitch_mail_dkim" {
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "katslime_mail_dkim" {
name = "mail._domainkey"
proxied = false
ttl = 3600#10800
type = "TXT"
value = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwPILF7D7pzBW0wVElKKAt0uVhfl7Jba6iChOTy8Hjw0FD9qp5LMILlOOjHsWwaUZdDnwesEhhnHLmBZHUDon0c1LNWaJsxbv6JrUw9sqQMhsMDOXPj0Gt8UdvpwoNu/MVHQL2d1YlJswlDcfNl7qphW5KjLI10Xh1eif0ssmSk5BuIVSKgenDmZGc81uWSH1/8RvmYNyN6bqco+ZjhW/8IeHgZslZVm283Zag7+mMdjwo7f9kSotsm0uk9rkblkYB3GckBSEWmtwZbgN6e6f5zCcill3ndJN54HylKeBeiGAUlM1C0RCq2COXEjZCE+3ljPv1zD9+BvJGEroP5nWwIDAQAB"
zone_id = local.zone_ids.katslime
}
resource "cloudflare_record" "dork_mail_dmarc" {
name = "_dmarc"
proxied = false
@ -209,6 +235,15 @@ resource "cloudflare_record" "kittywitch_mail_dmarc" {
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "katslime_mail_dmarc" {
name = "_dmarc"
proxied = false
ttl = 10800
type = "TXT"
value = "v=DMARC1; p=none"
zone_id = local.zone_ids.katslime
}
resource "cloudflare_record" "dork_mail_submission_autodiscover" {
name = "_submission._tcp"
@ -361,3 +396,21 @@ resource "cloudflare_record" "xmpp_upload" {
value = "rinnosuke.inskip.me"
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "searx" {
name = "search"
proxied = false
ttl = 3600
type = "A"
value = "100.73.129.88"
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "searx_v6" {
name = "search"
proxied = false
ttl = 3600
type = "AAAA"
value = "fd7a:115c:a1e0::5634:8158"
zone_id = local.zone_ids.kittywitch
}

2
tf/terraform.tfstate
View file

File diff suppressed because one or more lines are too long