diff --git a/.sops.yaml b/.sops.yaml index bce85082..865b9f50 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -16,7 +16,7 @@ creation_rules: key_groups: - pgp: - *kat - - age: &age_common + age: &age_common - *yukari - *yukari_kat - *koishi diff --git a/flake.lock b/flake.lock index 336768ba..847d80c4 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1715015942, - "narHash": "sha256-acSCdcggbwQdgGY/C29HY9KOBL9D2y2kP22GG6wWcL8=", + "lastModified": 1717919469, + "narHash": "sha256-Pgco19bs3bMJiVG0HL8nXVFsMijdHIRnnUO8WmdhIVk=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "1dfe8e22dffb4ee7110404b318caba16b7d7aaa8", + "rev": "625cc299098ac8cea904f2777d0cdf9a191b9e7d", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1700768693, - "narHash": "sha256-HuaniSdF1jCD86rE5WAvK39fAyGKBPPriVrsHxd5n+k=", + "lastModified": 1716575596, + "narHash": "sha256-F+0nBhI4OfM8XtZ/Usb90c4oerEob1bENWXgb+lMjvg=", "owner": "arcnmx", "repo": "base16.nix", - "rev": "0d01fbdf72d5184bee401c380abe17fe725863fb", + "rev": "13b838df99d8694005d479388f7389b441c7e820", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1716511055, - "narHash": "sha256-5Fe/DGgvMhPEMl9VdVxv3zvwRcwNDmW5eRJ0gk72w7U=", + "lastModified": 1718440858, + "narHash": "sha256-iMVwdob8F6P6Ib+pnhMZqyvYI10ZxmvA885jjnEaO54=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0bea8222f6e83247dd13b055d83e64bce02ee532", + "rev": "58b905ea87674592aa84c37873e6c07bc3807aba", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1715699772, - "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", "owner": "serokell", "repo": "deploy-rs", - "rev": "b3ea6f333f9057b77efd9091119ba67089399ced", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", "type": "github" }, "original": { @@ -308,11 +308,11 @@ ] }, "locked": { - "lastModified": 1716457508, - "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=", + "lastModified": 1718526747, + "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "owner": "nix-community", "repo": "home-manager", - "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05", + "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1716327911, - "narHash": "sha256-PI+wygItS/TKzi4gEAROvKTUzTx9GT+PGBttS/IOA/Q=", + "lastModified": 1718368322, + "narHash": "sha256-VfMg3RsnRLQzbq0hFIh1dCM09b5C/F/qPFUOgU/CRi0=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "27ca640abeef2d425b5dbecf804f5eb622cef56d", + "rev": "dd3a853c8239d1c3f3f37de7d2b8ae4b4f3840df", "type": "github" }, "original": { @@ -357,6 +357,7 @@ "hyprlang": [ "hyprlang" ], + "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "nixpkgs": [ "nixpkgs" @@ -369,11 +370,11 @@ ] }, "locked": { - "lastModified": 1716491954, - "narHash": "sha256-NUDPjdf02j5UuFcf2c5rousGK2f94UzRdGH3jE7JfL4=", + "lastModified": 1718566457, + "narHash": "sha256-IIUhBjiDa0TjvEJb1WTJ9TM8PTGJjl+sOWfSdZKIJNA=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "4e42107d25dc47ee94da282db233f85f1e4c6bd0", + "rev": "b15be9c77de593581007de53b2bbca97d121900a", "type": "github" }, "original": { @@ -407,6 +408,7 @@ }, "hyprlang": { "inputs": { + "hyprutils": "hyprutils_2", "nixpkgs": [ "nixpkgs" ], @@ -415,11 +417,11 @@ ] }, "locked": { - "lastModified": 1716473782, - "narHash": "sha256-+qLn4lsHU6iL3+HTo1gTQ1tWzet8K9h+IfVemzEQZj8=", + "lastModified": 1717881852, + "narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "87d5d984109c839482b88b4795db073eb9ed446f", + "rev": "ec6938c66253429192274d612912649a0cfe4d28", "type": "github" }, "original": { @@ -433,6 +435,7 @@ "hyprlang": [ "hyprlang" ], + "hyprutils": "hyprutils_3", "nixpkgs": [ "nixpkgs" ], @@ -441,11 +444,11 @@ ] }, "locked": { - "lastModified": 1716461934, - "narHash": "sha256-5j/GfBVkgqGTlEA7s/6CBn0pKK6ohXQi38lkKeno/mA=", + "lastModified": 1717883389, + "narHash": "sha256-2A4Q56JFd3t9j3Xpa0kxw2fjv8nNqgNBOA34rRcLA8I=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "972c1c27e6b057e5e891b6ae9f5b2c83bac1e087", + "rev": "c5b8ad03d03ddbd2b0ff8615c2f6dba31374b6a8", "type": "github" }, "original": { @@ -478,6 +481,81 @@ "type": "github" } }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1718271409, + "narHash": "sha256-8KvVqtApNt4FWTdn1TqVvw00rpqyG9UuUPA2ilPVD1U=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "8e10e0626fb26a14b859b3811b6ed7932400c86e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprutils_2": { + "inputs": { + "nixpkgs": [ + "hyprlang", + "nixpkgs" + ], + "systems": [ + "hyprlang", + "systems" + ] + }, + "locked": { + "lastModified": 1717881334, + "narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprutils_3": { + "inputs": { + "nixpkgs": [ + "hyprlock", + "nixpkgs" + ], + "systems": [ + "hyprlock", + "systems" + ] + }, + "locked": { + "lastModified": 1717881334, + "narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, "hyprwayland-scanner": { "inputs": { "nixpkgs": [ @@ -490,11 +568,11 @@ ] }, "locked": { - "lastModified": 1716058375, - "narHash": "sha256-CwjWoVnBZE5SBpRx9dgSQGCr4Goxyfcyv3zZbOhVqzk=", + "lastModified": 1718119275, + "narHash": "sha256-nqDYXATNkyGXVmNMkT19fT4sjtSPBDS1LLOxa3Fueo4=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "3afed4364790aebe0426077631af1e164a9650cc", + "rev": "1419520d5f7f38d35e05504da5c1b38212a38525", "type": "github" }, "original": { @@ -596,11 +674,11 @@ ] }, "locked": { - "lastModified": 1716513728, - "narHash": "sha256-yZJebdRQ1UmJ6BMVNRDwwd2ZyBtpxDXsVQixlDe+Ras=", + "lastModified": 1718328291, + "narHash": "sha256-+T30dHQeG7DDOAx7JDVXmQ0VoxNhmH7sP7XSua4Ap84=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "876132681d6c3c2ef74cc9e37c0730e8dfe6ed4d", + "rev": "47148517641585988aac4d082c5c02c72ac77c49", "type": "github" }, "original": { @@ -616,11 +694,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1718507237, + "narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4", "type": "github" }, "original": { @@ -631,11 +709,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716173274, - "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=", + "lastModified": 1718548414, + "narHash": "sha256-1obyIuQPR/Kq1j5/i/5EuAfQrDwjYnjCDG8iLtXmBhQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191", + "rev": "cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06", "type": "github" }, "original": { @@ -646,11 +724,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "lastModified": 1718318537, + "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", "type": "github" }, "original": { @@ -678,11 +756,11 @@ }, "nur": { "locked": { - "lastModified": 1716572789, - "narHash": "sha256-PcHsKc1cM47z3yuiPNaeKy8MFu2Fb0a5VO6jqjHK1z4=", + "lastModified": 1718567081, + "narHash": "sha256-IPqZSLbNkBidOM8YYnugdwr0GneHoiPZyRXKac5ydIM=", "owner": "nix-community", "repo": "NUR", - "rev": "7f8376c4f76ea79b9ad58ec11685da5b4fffca04", + "rev": "8a85dd301eda27f8ca394be91a706512f10fe897", "type": "github" }, "original": { @@ -701,11 +779,11 @@ ] }, "locked": { - "lastModified": 1716497069, - "narHash": "sha256-R8tGjY7wUKWY5O3iZiy1gyg0+8pdXcOeP3RppdKgLLM=", + "lastModified": 1718567165, + "narHash": "sha256-nhg4r4Kn3deooPiNao8oH/K7CcvRotDzBtg00MXiZkU=", "owner": "pjones", "repo": "plasma-manager", - "rev": "6d697a8dd6d0699bce69424dbed55184212ff21a", + "rev": "b906c67581fa12ad2821f295b37b5733fcc76926", "type": "github" }, "original": { @@ -857,11 +935,11 @@ ] }, "locked": { - "lastModified": 1716400300, - "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", + "lastModified": 1718506969, + "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b549832718b8946e875c016a4785d204fcfc2e53", + "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "type": "github" }, "original": { @@ -980,11 +1058,11 @@ ] }, "locked": { - "lastModified": 1716028628, - "narHash": "sha256-sjgvUXjDXIA48tq+nbQ+e2BfAJyz865mfOtXTj1c8yQ=", + "lastModified": 1718470009, + "narHash": "sha256-VBeDG3we0bkbFWMyZy+wjUkmeDN58pGFzw1dQCTeDV8=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "041bad074dbde651c6b9d23dce5ee15b67e98c6c", + "rev": "e0a970cbb8c3af05c80ef48a336ad91efd9b2bf6", "type": "github" }, "original": { @@ -1009,11 +1087,11 @@ ] }, "locked": { - "lastModified": 1716290197, - "narHash": "sha256-1u9Exrc7yx9qtES2brDh7/DDZ8w8ap1nboIOAtCgeuM=", + "lastModified": 1718272114, + "narHash": "sha256-KsX7sAwkEFpXiwyjt0HGTnnrUU58wW1jlzj5IA/LRz8=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "91e48d6acd8a5a611d26f925e51559ab743bc438", + "rev": "24be4a26f0706e456fca1b61b8c79f7486a9e86d", "type": "github" }, "original": { diff --git a/home/environments/kde/gtk.nix b/home/environments/kde/gtk.nix index 0a64cc40..aa742ff0 100644 --- a/home/environments/kde/gtk.nix +++ b/home/environments/kde/gtk.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { gtk = { - enable = true; + enable = false; iconTheme = { name = "Numix-Square-Light"; package = pkgs.numix-icon-theme-square; diff --git a/home/environments/kde/kde.nix b/home/environments/kde/kde.nix index 2aa4c557..d86aa070 100644 --- a/home/environments/kde/kde.nix +++ b/home/environments/kde/kde.nix @@ -1,4 +1,52 @@ -_: { +{ pkgs, ... }: { + home.packages = with pkgs.kdePackages; [ + kscreen + kwin + pkgs.xwayland + kscreen + libkscreen + kscreenlocker + kactivitymanagerd + kde-cli-tools + kglobalacceld # keyboard shortcut daemon + kwrited # wall message proxy, not to be confused with kwrite + baloo # system indexer + milou # search engine atop baloo + kdegraphics-thumbnailers # pdf etc thumbnailer + polkit-kde-agent-1 # polkit auth ui + plasma-desktop + plasma-workspace + drkonqi # crash handler + kde-inotify-survey # warns the user on low inotifywatch limits + + # Application integration + libplasma # provides Kirigami platform theme + plasma-integration # provides Qt platform theme + kde-gtk-config # syncs KDE settings to GTK + + # Artwork + themes + breeze + breeze-icons + breeze-gtk + ocean-sound-theme + plasma-workspace-wallpapers + pkgs.hicolor-icon-theme # fallback icons + qqc2-breeze-style + qqc2-desktop-style + + # misc Plasma extras + kdeplasma-addons + pkgs.xdg-user-dirs # recommended upstream + + # Plasma utilities + kmenuedit + kinfocenter + plasma-systemmonitor + ksystemstats + libksysguard + systemsettings + kcmutils + ]; programs.plasma = { configFile = { "kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1; @@ -16,4 +64,4 @@ _: { "kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol"; }; }; -} +} \ No newline at end of file diff --git a/home/environments/kde/qt.nix b/home/environments/kde/qt.nix index 1e220552..cf75c4c2 100644 --- a/home/environments/kde/qt.nix +++ b/home/environments/kde/qt.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { qt = { - enable = true; + enable = false; platformTheme = "kde"; style = { name = "arc"; diff --git a/home/profiles/common/nix.nix b/home/profiles/common/nix.nix new file mode 100644 index 00000000..03c1d950 --- /dev/null +++ b/home/profiles/common/nix.nix @@ -0,0 +1,7 @@ +_: { + nix.gc = { + automatic = true; + frequency = "weekly"; + persistent = true; + }; +} \ No newline at end of file diff --git a/home/profiles/graphical/chromium.nix b/home/profiles/graphical/chromium.nix index 1eba940e..a495d4d7 100644 --- a/home/profiles/graphical/chromium.nix +++ b/home/profiles/graphical/chromium.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { # Backup browser! For aliexpress and things. home.packages = [ - pkgs.ungoogled-chromium + #pkgs.ungoogled-chromium ]; } \ No newline at end of file diff --git a/home/profiles/graphical/packages.nix b/home/profiles/graphical/packages.nix index 3d8eac39..cf446cc3 100644 --- a/home/profiles/graphical/packages.nix +++ b/home/profiles/graphical/packages.nix @@ -31,5 +31,6 @@ cryptsetup # Encrypted block devices yubikey-manager # Yubikey v4l-utils # Webcam + obsidian ]; } diff --git a/nixos/common/nix-deploy-trusted-user.nix b/nixos/common/nix.nix similarity index 73% rename from nixos/common/nix-deploy-trusted-user.nix rename to nixos/common/nix.nix index 6539c263..2f4147f1 100644 --- a/nixos/common/nix-deploy-trusted-user.nix +++ b/nixos/common/nix.nix @@ -1,6 +1,7 @@ _: { nix = { settings = { + auto-optimise-store = true; trusted-users = [ "deploy" ]; diff --git a/nixos/environments/kde/xserver.nix b/nixos/environments/kde/xserver.nix index bb8bf021..878b11a4 100644 --- a/nixos/environments/kde/xserver.nix +++ b/nixos/environments/kde/xserver.nix @@ -1,10 +1,9 @@ {pkgs, ...}: { environment.systemPackages = with pkgs; [ xclip + wl-clipboard ]; - services.xserver = { - enable = true; - displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; - }; + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.desktopManager.plasma6.enable = true; } diff --git a/nixos/hardware/oracle_flex.nix b/nixos/hardware/oracle_flex.nix new file mode 100644 index 00000000..20d96da9 --- /dev/null +++ b/nixos/hardware/oracle_flex.nix @@ -0,0 +1,22 @@ +{ modulesPath, ... }: { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.supportedFilesystems = [ "xfs" ]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; }; + fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; }; + swapDevices = [ { device = "/dev/sda2"; } ]; + boot = { + loader = { + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + configurationLimit = 1; + }; + systemd-boot.configurationLimit = 1; + }; + }; +} \ No newline at end of file diff --git a/nixos/hardware/oracle_micro.nix b/nixos/hardware/oracle_micro.nix new file mode 100644 index 00000000..1d841a4f --- /dev/null +++ b/nixos/hardware/oracle_micro.nix @@ -0,0 +1,21 @@ +{ modulesPath, ... }: { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; }; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + + boot = { + loader = { + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + configurationLimit = 1; + }; + systemd-boot.configurationLimit = 1; + }; + }; +} \ No newline at end of file diff --git a/nixos/profiles/graphical/fonts.nix b/nixos/profiles/graphical/fonts.nix index 88e6f069..02de72b0 100644 --- a/nixos/profiles/graphical/fonts.nix +++ b/nixos/profiles/graphical/fonts.nix @@ -8,7 +8,6 @@ corefonts vistafonts open-dyslexic - chicago95 ]; enableDefaultPackages = true; fontDir.enable = true; diff --git a/nixos/profiles/server/nix.nix b/nixos/profiles/server/nix.nix new file mode 100644 index 00000000..a94658c7 --- /dev/null +++ b/nixos/profiles/server/nix.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: let + inherit (lib.modules) mkForce; +in { + nix.gc = { + automatic = true; + dates = "weekly"; + }; + sops.secrets.nix-gc-environment = { + sopsFile = ./secrets.yaml; + }; + systemd.services.nix-gc = { + script = let + cfg = config.nix.gc; + in mkForce '' + ${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Beginning nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK + OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}); + ${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Finished nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK + ${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \''${OUTPUT}\"}" $DISCORD_WEBHOOK_LINK + ''; + serviceConfig = { + EnvironmentFile = config.sops.secrets.nix-gc-environment.path; + }; + }; +} \ No newline at end of file diff --git a/nixos/profiles/server/secrets.yaml b/nixos/profiles/server/secrets.yaml new file mode 100644 index 00000000..45e40950 --- /dev/null +++ b/nixos/profiles/server/secrets.yaml @@ -0,0 +1,69 @@ +nix-gc-environment: ENC[AES256_GCM,data:eAvFY8gan0RSoEOSnF8OCoDGSJsqv6z30WVKPBhI/BLCDuaHOe9ryGYZ+Pdv06IHiyew0ZwOQHId8O5cX65DnzSMubS5NYtIXMe9k29Qr1LB8QcCJK6NEhaN3ovGiVGErpp44Z5g6kK8vxPzMVq66IQA0pKlaJ3JBgQJ5s12DZ+MFmNzZ2g2vVssNSCooztfnw==,iv:qnyAErKjNm7ThukhNwcqkiKgzHJKp5J6TA8SKsTUxj8=,tag:9eNR4BAGOSE4qZT+dOLR0A==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQ3piaWxpa1N4ZFRTdkhw + d3BLOXdCd2NDeDJmcGl2UkxlV2RGMUdlYzFVCndmNk44aUVHRExJUmJXU2RpeHN2 + c0Y5bnQyZ2IyaFVuTHBkdHR2cFlldEEKLS0tIGpjUkZpL01BemdQb3JFL3crQS8w + dlZmMjJtcHl2NUU3bzV1dzBQK0FmY1UKiKRO7lTSpF7DYhR6eO0AhW4jsWMC9Etm + Bcc6Zpec0QKgmoy63aDj6+Fx0V5fCVX1Lis0PADpeNIn9Dshv5ouGg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbFRvTXQrK1ZNWWxPblB5 + MGVsaUx4MzRlcW4xVkZNczFRdzBlM3VQQVV3CjdXUk9IVC9NRDBNeUMrSUo2anFS + eUhNYWZvdEhJamVYcXJXUExwdFQwb1kKLS0tIHZqNlFhWXZHSDAvdkFtMVhSdnlI + amhncGFzbktNVThyTHl6NFdMc3N5SFkK9NDy5U7Bfl6t8sSZem+EbqD5yW3ZHiex + PUac2UJvy5Q8QA3knQUUtLuLAuE5WrpIOzV8w8YnMYpDBhZtwO9uDg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWFlRUFl2OHhuWnFWblBH + bWtRamd4ZDRURHRSYWRFc2tabWg1QTk1Vm1FCkV0akNpNTRxUURzQjQ3RHJMOFVI + T3lDZkFzdER3bmszcVVWZ1h1eWxwZXMKLS0tIFJianRjUm1tOWlxTGkxTkJ4a2hq + Z2lERWpVaXhqRDQ3YlpndTdKUklUcjgK5XCk4qbAerT2AfOlpjKK4sUTdAN3Edt0 + XleLhGq+bPG3CHUEN7SIaoHh4fyCpwcNGJPAcmeGY1yJZh8y0UQvSw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YlMzam1CMmFoSXVwWjdY + bC9hem5manl2RngvMm1FdDU0anZlL0pDdHpZClhOdlVrM05aek1sMUdQdHNvRTRp + UEZ4LzFXM3NtRzA0Nm80OFlGSWlnMW8KLS0tIGRPZWhRVStiUm9tYjErWmpZa3A4 + aDJmdGUxZWdqbXFjeCt4dHlSVDE4TEkKz+z1s1MvGcyVIPLQEnFFm1YpDDUc2KBf + p92AFO+1CXZsQTKY6eRPIUxkXPKXsBYPosy7Z34mBKmjlrvxrM+2OA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-25T03:22:44Z" + mac: ENC[AES256_GCM,data:2uVqMaPYgG2hbkMZCd3xJjjoEJqsGhFEXAq4p+X7YWO4hwB+H/REJJkHCUBegggWJtKA1zDKDIVzvZv3BeRaIe63Kaj2A/7c3qwjCsBpzm5DdJ3WrlAIffFSgOs7jUyFwQtP0ZsbHigsr/rA5NqDeC+4hVHg9XKgLXKyPoVk+iM=,iv:rzf0xQGfGMirg1wwe3paq1+lNdISerFXRUsPLtZ09m0=,tag:6xkM9kvN/8NqzTYB5eHbVA==,type:str] + pgp: + - created_at: "2024-06-25T03:21:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/8CQAUzNv2BxCf8d+XPW+NeV5XsTqk06/QdFmyhguS4fn7 + eyclxiww6FBspxX8WxfLsE3qLjA1cGRv8W8kvZMzuIiJW7BECnzUvANNci3STl3w + Ei4zkWCuXYdgO0nbfzvv2MyXSdw5nnJIRpbh/QyR7UOJkHHkurtLXCupNImZUN0d + FKzM+Y0rM/rDQvNxk216T0eAE68su+wzNbPEgYzMSq/0N5kFl+31JU7hRdXf1+Kd + MFFwu8owk/G0pqkOx3jIV5sia97CZbG7pZLNwfXTngVum/neRGCwNf+Ub4S51K0s + pQZHDFgacRUCKkJs2XXZcYQHEn2NQ+z+6rvnmOEsMMRM2X+g1+6SocL2Rf6VZgDo + UNr6oUplzMdJFRM8ymqP6IsVK/L8NQF9sna2MevtDGxoFV6Dl2mOzyHUCCaHyp0O + sWiIsnkogFDGOH7OjUSvTjv/o5RbeHGyLzzAYg8ZKRyqhdhzF+QFToQ4mqzyjrAd + NEqDgAYolgOPg2NmDpuBBnHwJhNQDaWA3wDDSEtH++xrjgZy0vovM79HUwYOGyPK + mOjl2CM52QFaORmSj561TgfOAO2ulVPIjXa88w9mFyyNqsecqWevQFBYn9/V7Yz0 + 5SpnUpxhJ50ZeY/IZa5rz+JoZmX+Gg+dwqvG58o1Nh21tQzFemApi7FC1HqwukPS + XgEhEqzHm2ayA9wTLyFkaZeIMQyCm/bm3i0PN4N9yojq6/g3wXK2k/tld208ro5m + 682qNj7bIeWqwdfZxdmdgzutqojV1zrfaC2iYLd58waxua6w9UbE9jvkg0cz6H8= + =ceQ3 + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/matrix/cleanup.nix b/nixos/servers/matrix/cleanup.nix new file mode 100644 index 00000000..126c8c3c --- /dev/null +++ b/nixos/servers/matrix/cleanup.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: { + sops.secrets.synapse-cleanup-environment = { + sopsFile = ./secrets.yaml; + }; + systemd = { + services.synapse-cleanup = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path; + ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup"; + }; + }; + timers.synapse-cleanup = { + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + Unit = "synapse-cleanup.service"; + }; + wantedBy = + [ "timers.target" ]; + }; + }; +} \ No newline at end of file diff --git a/nixos/servers/matrix/secrets.yaml b/nixos/servers/matrix/secrets.yaml index ee98804d..031e135c 100644 --- a/nixos/servers/matrix/secrets.yaml +++ b/nixos/servers/matrix/secrets.yaml @@ -1,5 +1,6 @@ matrix_shared_registration_secret: ENC[AES256_GCM,data:DsCqfbS2yxN7nVRevcjpfO63jBUsyQHfEfbpZpD3cBtPf+JuZ8TFPBNNQwx2NYdyty60INdr4w==,iv:pSf6VDS9bqZIq8ZqOW0v4siRbDp9EEdw7TtSSjjrC6A=,tag:V61OqmdsNzczOzf+2Y6LSA==,type:str] api_id: ENC[AES256_GCM,data:z1FqOKDSG1uo4BYgt2Ct9cUUy/daSgMNCnOHsdhG0ocw7eNI,iv:2cpOFO0Fcv/Y2xj/5UErbZ9qiLtn0QUWUg12Z9z/Ug4=,tag:cYEgrUM8GJ+uGNXKz4GpdQ==,type:str] +synapse-cleanup-environment: ENC[AES256_GCM,data:4/9ynVfsDZw8MiaGFOwrjexaQWx3+z39wLrwfWVfHQ5MYvIKRRlUBLg4zELEdszhoA6JRMaGGmS4FnnasyS69OaBO5uvK/fE5V2alKgmk+Ro+FmzRml3sow45Z/ppwW0rHAV8Ck6skjoC//s1RAwzQBf8n51EOcMtHwINHXCnyslQ6lJFxHtjd3oYdcK4m4rgCUxquYKwcEXXHlQhGomMmoFsXIMAncmzEyt7Go0nzpwj7lS3AfVn47UKc1mAzNWbUU4n6YHMwizziaCdJn1ybBQV1ZnbyAYjLI0jZB/jPC5,iv:JMYQhrNMpuFBozbOjR1VwvDREnXvWNMPmtPh8xiVYtM=,tag:X//QCU4z0+WnU6/e1HvMqg==,type:str] sops: shamir_threshold: 1 kms: [] @@ -16,8 +17,8 @@ sops: eWdDbGxobFlkZG1SL3UrTEJXajU3RXMK9ULFsUDHxBtzCy5tbwSFeKm18TRjX1mO B1SbGXUNG1XreeRpb5n7r01njVrPpbJI3DPtjvoKquNTc2BhZHi0Xg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T18:54:02Z" - mac: ENC[AES256_GCM,data:fJdeN80RbQ3wq9udQt/XA7XlvhT+y9gR8z38t2l5P9vnyfqlxEiyfPIdFO8p01ZW3HZFVMessx2ev469LTMXcvf3Ln+L/dopSzZm7L4IRx2EvLYN2PbrZ86/AhgI/CEWyYX/xEMdwxZFR08KNBIMfu161YeDGDgPeevbRpCWkRA=,iv:kY59Y+wN2ZbGFDFOGplFzWpgW0OG+RBcTfucpZNyjq0=,tag:4vPdTfw0lEr5+fH/ACqSuQ==,type:str] + lastmodified: "2024-06-25T02:14:06Z" + mac: ENC[AES256_GCM,data:Jy3jgbmueseKgSpoltuTcCAKikwAIxqD+A7uwLKSmyOW+DCzqNcSiSCjbeOlH3z/wiudFLo4uvFBIxp4wHRK/9PdWAKs9RGjkNAgEtPgyhsudhf8WjfWdb42/O7//6A2PbJJeO1iNvitkaPuL7rvkto1sf60o2DN3l142alnYgo=,iv:eLi5U62mv0C9SIH6cbQOY+KHPHw2rleJWiaOPqsqq3I=,tag:t2z2HzE8GMLK65nxYEYDpw==,type:str] pgp: - created_at: "2023-04-25T21:47:23Z" enc: | @@ -40,4 +41,4 @@ sops: -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/packages/synapse-cleanup/cleanup.sh b/packages/synapse-cleanup/cleanup.sh index 76d771d1..cf8c41d3 100644 --- a/packages/synapse-cleanup/cleanup.sh +++ b/packages/synapse-cleanup/cleanup.sh @@ -1,49 +1,52 @@ #!/usr/bin/env bash -set -eu -set -o pipefail +set -euo pipefail # Provide $HOMESERVER and $API_ID into the program via environment, or uncomment the two below lines: #read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER #read -sp "Enter the admin user token required: " API_ID TEMPDIR=$(mktemp -d) +database_before_size=$(sudo -u postgres psql matrix-synapse -c "SELECT pg_size_pretty(pg_database_size( 'matrix-synapse' ));" | sed -n "3p") +media_store_before_size=$(sudo du /var/lib/matrix-synapse/media_store -hd 0 | awk '{print $1}') +curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Beginning matrix-synapse optimization process - Database before size: ${database_before_size}, Media store before size: ${media_store_before_size}\"}" $DISCORD_WEBHOOK_LINK -echo -n "Starting synapse, just to make sure it is online for these requests" +echo "Starting synapse, just to make sure it is online for these requests" systemctl start matrix-synapse sleep 5 -echo -n "Collecting required room data" -curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}"/roomlist.json -jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/to_purge.txt -jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/history_purge.txt +echo "Collecting required room data" +curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json" +jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt" +jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt" ts=$(( $(date --date="1 month ago" +%s)*1000 )) -echo -n "Cleaning up media store" +echo "Cleaning up media store" curl --header "Authorization: Bearer ${API_ID}" -X POST "https://${HOMESERVER}/_synapse/admin/v1/media/delete?before_ts=${ts}" +media_store_after_size=$(sudo du /var/lib/matrix-synapse/media_store -hd 0 | awk '{print $1}') -echo -n "Deleting empty rooms" -rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/to_purge.txt) +echo "Deleting empty rooms" +rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}/to_purge.txt") for room_id in $rooms_to_remove; do - if [ -n "$room_id" ];then - echo -e "\nDeleting ${room_id}!\n" + if [ -n "${room_id}" ]; then curl --header "Authorization: Bearer ${API_ID}" -X DELETE -H "Content-Type: application/json" -d "{}" "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}" fi -done +done rooms_to_clean=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/history_purge.txt) -echo -n "Deleting unnecessary room history" -for room_id in $rooms_to_clean; do - echo -e "\nRemoving history for $room_id\n" - curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": $ts }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/\${room_id}" -don +echo "Deleting unnecessary room history" +for room_id in $rooms_to_clean; do + curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}" +done -echo -n "Last optimization steps, database optimization, shutting down Synapse" -systemctl stop matrix-synaps +echo "Last optimization steps, database optimization, shutting down Synapse" +systemctl stop matrix-synapse sudo -u matrix-synapse synapse_auto_compressor -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/" -c 500 -n 100 sudo -u postgres psql matrix-synapse -c "REINDEX (VERBOSE) DATABASE \"matrix-synapse\";" -sudo -u postgres psql -c "VACUUM FULL VERBOSE;" +sudo -u postgres psql matrix-synapse -c "VACUUM FULL VERBOSE;" rm -rf "${TEMPDIR}" -echo -n "Synapse cleanup performed, booting up" -systemctl start matrix-synapse \ No newline at end of file +echo "Synapse cleanup performed, booting up" +systemctl start matrix-synapse +database_after_size=$(sudo -u postgres psql matrix-synapse -c "SELECT pg_size_pretty(pg_database_size( 'matrix-synapse' ));" | sed -n "3p") +curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Matrix-synapse optimization process finished - Database after size: ${database_after_size}, ratio: ${database_ratio}, Media store after size: ${media_store_after_size}, ratio: ${media_store_ratio}\"}" $DISCORD_WEBHOOK_LINK diff --git a/packages/synapse-cleanup/default.nix b/packages/synapse-cleanup/default.nix index 1bbcf7c9..cc3daee3 100644 --- a/packages/synapse-cleanup/default.nix +++ b/packages/synapse-cleanup/default.nix @@ -6,6 +6,10 @@ wrapShellScriptBin "synapse-cleanup" ./cleanup.sh { depsRuntimePath = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state curl + gawk + sudo + postgresql + rink jq ]; } diff --git a/systems/daiyousei.nix b/systems/daiyousei.nix new file mode 100644 index 00000000..fe2abd7e --- /dev/null +++ b/systems/daiyousei.nix @@ -0,0 +1,31 @@ +_: let + hostConfig = { + lib, + tree, + modulesPath, + ... + }: let + inherit (lib.modules) mkDefault; + in { + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ] + ++ (with tree.nixos.profiles; [ + server + ]) + ++ (with tree.nixos.hardware; [ + oracle_flex + ]) + ++ (with tree.nixos.servers; [ + ]); + + system.stateVersion = "23.11"; + }; +in { + arch = "aarch64"; + type = "NixOS"; + modules = [ + hostConfig + ]; +} diff --git a/systems/default.nix b/systems/default.nix index 017a2865..67e30a74 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -142,6 +142,9 @@ serverLocations = { mediabox = "10.1.1.167"; orb = "orb"; + daiyousei = "140.238.156.121"; + mei = "150.230.28.111"; + mai = "132.145.108.249"; }; in { deploy.nodes = set.merge [ @@ -149,7 +152,7 @@ ${name} = { profiles.system = { user = "root"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name}; + path = inputs.deploy-rs.lib.${host.system}.activate.nixos inputs.self.nixosConfigurations.${name}; }; autoRollback = false; magicRollback = false; @@ -166,6 +169,7 @@ ${name} = { hostname = serverLocations.${name}; sshUser = "root"; + sshOpts = ["-oControlMaster=no" "-oControlPath=/tmp/willneverexist" "-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"]; }; }) (set.optional (name == "renko" && host.folder == "nixos") { diff --git a/systems/koishi.nix b/systems/koishi.nix index 48e09bce..05293fea 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -20,7 +20,7 @@ _: let secureboot ]) ++ (with tree.nixos.environments; [ - xfce + kde ]); config = { home-manager.users.kat.imports = @@ -29,7 +29,7 @@ _: let devops ]) ++ (with tree.home.environments; [ - xfce + kde ]); fileSystems = { @@ -45,6 +45,30 @@ _: let boot.extraModprobeConfig = "options snd_hda_intel power_save=0"; + programs.ssh.extraConfig = '' + Host daiyousei-build + HostName 140.238.156.121 + User root + IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh + ''; + + nix.buildMachines = [ + { + hostName = "daiyousei-build"; + system = "aarch64-linux"; + protocol = "ssh-ng"; + maxJobs = 100; + speedFactor = 1; + supportedFeatures = [ "benchmark" "big-parallel" "kvm" ]; + mandatoryFeatures = [ ]; + } + ]; + + nix.distributedBuilds = true; + # optional, useful when the builder has a faster internet connection than yours + nix.extraOptions = '' + builders-use-substitutes = true + ''; services.printing.enable = true; services.hardware.bolt.enable = true; @@ -54,7 +78,7 @@ _: let ]; boot = { - supportedFilesystems = ["ntfs"]; + supportedFilesystems = ["ntfs" "xfs"]; }; networking = { diff --git a/systems/mai.nix b/systems/mai.nix new file mode 100644 index 00000000..9428a169 --- /dev/null +++ b/systems/mai.nix @@ -0,0 +1,31 @@ +_: let + hostConfig = { + lib, + tree, + modulesPath, + ... + }: let + inherit (lib.modules) mkDefault; + in { + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ] + ++ (with tree.nixos.profiles; [ + server + ]) + ++ (with tree.nixos.hardware; [ + oracle_micro + ]) + ++ (with tree.nixos.servers; [ + ]); + + system.stateVersion = "23.11"; + }; +in { + arch = "x86_64"; + type = "NixOS"; + modules = [ + hostConfig + ]; +} diff --git a/systems/mei.nix b/systems/mei.nix new file mode 100644 index 00000000..9428a169 --- /dev/null +++ b/systems/mei.nix @@ -0,0 +1,31 @@ +_: let + hostConfig = { + lib, + tree, + modulesPath, + ... + }: let + inherit (lib.modules) mkDefault; + in { + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ] + ++ (with tree.nixos.profiles; [ + server + ]) + ++ (with tree.nixos.hardware; [ + oracle_micro + ]) + ++ (with tree.nixos.servers; [ + ]); + + system.stateVersion = "23.11"; + }; +in { + arch = "x86_64"; + type = "NixOS"; + modules = [ + hostConfig + ]; +} diff --git a/systems/yukari.nix b/systems/yukari.nix index ef67ba13..73774fe6 100644 --- a/systems/yukari.nix +++ b/systems/yukari.nix @@ -19,7 +19,6 @@ _: let postgres matrix vaultwarden - grafana-stack public-directory weechat tt-rss