kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: matrix cleanup automations, kde plasma

Browse source
This commit is contained in:
Kat Inskip 2024-06-28 16:51:40 -07:00
parent a07bdbcafb
commit ed4defc62f
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
25 changed files with 521 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/common/nix-deploy-trusted-user.nix → nixos/common/nix.nix
View file

@ -1,6 +1,7 @@
_: {
nix = {
settings = {
auto-optimise-store = true;
trusted-users = [
"deploy"
];

9
nixos/environments/kde/xserver.nix
View file

@ -1,10 +1,9 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
xclip
wl-clipboard
];
services.xserver = {
enable = true;
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.desktopManager.plasma6.enable = true;
}

22
nixos/hardware/oracle_flex.nix Normal file
View file

@ -0,0 +1,22 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.supportedFilesystems = [ "xfs" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
swapDevices = [ { device = "/dev/sda2"; } ];
boot = {
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
};
};
}

21
nixos/hardware/oracle_micro.nix Normal file
View file

@ -0,0 +1,21 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
boot = {
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
};
};
}

1
nixos/profiles/graphical/fonts.nix
View file

@ -8,7 +8,6 @@
corefonts
vistafonts
open-dyslexic
chicago95
];
enableDefaultPackages = true;
fontDir.enable = true;

24
nixos/profiles/server/nix.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }: let
inherit (lib.modules) mkForce;
in {
nix.gc = {
automatic = true;
dates = "weekly";
};
sops.secrets.nix-gc-environment = {
sopsFile = ./secrets.yaml;
};
systemd.services.nix-gc = {
script = let
cfg = config.nix.gc;
in mkForce ''
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Beginning nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options});
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Finished nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \''${OUTPUT}\"}" $DISCORD_WEBHOOK_LINK
'';
serviceConfig = {
EnvironmentFile = config.sops.secrets.nix-gc-environment.path;
};
};
}

69
nixos/profiles/server/secrets.yaml Normal file
View file

@ -0,0 +1,69 @@
nix-gc-environment: ENC[AES256_GCM,data:eAvFY8gan0RSoEOSnF8OCoDGSJsqv6z30WVKPBhI/BLCDuaHOe9ryGYZ+Pdv06IHiyew0ZwOQHId8O5cX65DnzSMubS5NYtIXMe9k29Qr1LB8QcCJK6NEhaN3ovGiVGErpp44Z5g6kK8vxPzMVq66IQA0pKlaJ3JBgQJ5s12DZ+MFmNzZ2g2vVssNSCooztfnw==,iv:qnyAErKjNm7ThukhNwcqkiKgzHJKp5J6TA8SKsTUxj8=,tag:9eNR4BAGOSE4qZT+dOLR0A==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQ3piaWxpa1N4ZFRTdkhw
d3BLOXdCd2NDeDJmcGl2UkxlV2RGMUdlYzFVCndmNk44aUVHRExJUmJXU2RpeHN2
c0Y5bnQyZ2IyaFVuTHBkdHR2cFlldEEKLS0tIGpjUkZpL01BemdQb3JFL3crQS8w
dlZmMjJtcHl2NUU3bzV1dzBQK0FmY1UKiKRO7lTSpF7DYhR6eO0AhW4jsWMC9Etm
Bcc6Zpec0QKgmoy63aDj6+Fx0V5fCVX1Lis0PADpeNIn9Dshv5ouGg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbFRvTXQrK1ZNWWxPblB5
MGVsaUx4MzRlcW4xVkZNczFRdzBlM3VQQVV3CjdXUk9IVC9NRDBNeUMrSUo2anFS
eUhNYWZvdEhJamVYcXJXUExwdFQwb1kKLS0tIHZqNlFhWXZHSDAvdkFtMVhSdnlI
amhncGFzbktNVThyTHl6NFdMc3N5SFkK9NDy5U7Bfl6t8sSZem+EbqD5yW3ZHiex
PUac2UJvy5Q8QA3knQUUtLuLAuE5WrpIOzV8w8YnMYpDBhZtwO9uDg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWFlRUFl2OHhuWnFWblBH
bWtRamd4ZDRURHRSYWRFc2tabWg1QTk1Vm1FCkV0akNpNTRxUURzQjQ3RHJMOFVI
T3lDZkFzdER3bmszcVVWZ1h1eWxwZXMKLS0tIFJianRjUm1tOWlxTGkxTkJ4a2hq
Z2lERWpVaXhqRDQ3YlpndTdKUklUcjgK5XCk4qbAerT2AfOlpjKK4sUTdAN3Edt0
XleLhGq+bPG3CHUEN7SIaoHh4fyCpwcNGJPAcmeGY1yJZh8y0UQvSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YlMzam1CMmFoSXVwWjdY
bC9hem5manl2RngvMm1FdDU0anZlL0pDdHpZClhOdlVrM05aek1sMUdQdHNvRTRp
UEZ4LzFXM3NtRzA0Nm80OFlGSWlnMW8KLS0tIGRPZWhRVStiUm9tYjErWmpZa3A4
aDJmdGUxZWdqbXFjeCt4dHlSVDE4TEkKz+z1s1MvGcyVIPLQEnFFm1YpDDUc2KBf
p92AFO+1CXZsQTKY6eRPIUxkXPKXsBYPosy7Z34mBKmjlrvxrM+2OA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T03:22:44Z"
mac: ENC[AES256_GCM,data:2uVqMaPYgG2hbkMZCd3xJjjoEJqsGhFEXAq4p+X7YWO4hwB+H/REJJkHCUBegggWJtKA1zDKDIVzvZv3BeRaIe63Kaj2A/7c3qwjCsBpzm5DdJ3WrlAIffFSgOs7jUyFwQtP0ZsbHigsr/rA5NqDeC+4hVHg9XKgLXKyPoVk+iM=,iv:rzf0xQGfGMirg1wwe3paq1+lNdISerFXRUsPLtZ09m0=,tag:6xkM9kvN/8NqzTYB5eHbVA==,type:str]
pgp:
- created_at: "2024-06-25T03:21:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/8CQAUzNv2BxCf8d+XPW+NeV5XsTqk06/QdFmyhguS4fn7
eyclxiww6FBspxX8WxfLsE3qLjA1cGRv8W8kvZMzuIiJW7BECnzUvANNci3STl3w
Ei4zkWCuXYdgO0nbfzvv2MyXSdw5nnJIRpbh/QyR7UOJkHHkurtLXCupNImZUN0d
FKzM+Y0rM/rDQvNxk216T0eAE68su+wzNbPEgYzMSq/0N5kFl+31JU7hRdXf1+Kd
MFFwu8owk/G0pqkOx3jIV5sia97CZbG7pZLNwfXTngVum/neRGCwNf+Ub4S51K0s
pQZHDFgacRUCKkJs2XXZcYQHEn2NQ+z+6rvnmOEsMMRM2X+g1+6SocL2Rf6VZgDo
UNr6oUplzMdJFRM8ymqP6IsVK/L8NQF9sna2MevtDGxoFV6Dl2mOzyHUCCaHyp0O
sWiIsnkogFDGOH7OjUSvTjv/o5RbeHGyLzzAYg8ZKRyqhdhzF+QFToQ4mqzyjrAd
NEqDgAYolgOPg2NmDpuBBnHwJhNQDaWA3wDDSEtH++xrjgZy0vovM79HUwYOGyPK
mOjl2CM52QFaORmSj561TgfOAO2ulVPIjXa88w9mFyyNqsecqWevQFBYn9/V7Yz0
5SpnUpxhJ50ZeY/IZa5rz+JoZmX+Gg+dwqvG58o1Nh21tQzFemApi7FC1HqwukPS
XgEhEqzHm2ayA9wTLyFkaZeIMQyCm/bm3i0PN4N9yojq6/g3wXK2k/tld208ro5m
682qNj7bIeWqwdfZxdmdgzutqojV1zrfaC2iYLd58waxua6w9UbE9jvkg0cz6H8=
=ceQ3
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1

24
nixos/servers/matrix/cleanup.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
};
systemd = {
services.synapse-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "root";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path;
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup";
};
};
timers.synapse-cleanup = {
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy =
[ "timers.target" ];
};
};
}

7
nixos/servers/matrix/secrets.yaml
View file

@ -1,5 +1,6 @@
matrix_shared_registration_secret: ENC[AES256_GCM,data:DsCqfbS2yxN7nVRevcjpfO63jBUsyQHfEfbpZpD3cBtPf+JuZ8TFPBNNQwx2NYdyty60INdr4w==,iv:pSf6VDS9bqZIq8ZqOW0v4siRbDp9EEdw7TtSSjjrC6A=,tag:V61OqmdsNzczOzf+2Y6LSA==,type:str]
api_id: ENC[AES256_GCM,data:z1FqOKDSG1uo4BYgt2Ct9cUUy/daSgMNCnOHsdhG0ocw7eNI,iv:2cpOFO0Fcv/Y2xj/5UErbZ9qiLtn0QUWUg12Z9z/Ug4=,tag:cYEgrUM8GJ+uGNXKz4GpdQ==,type:str]
synapse-cleanup-environment: ENC[AES256_GCM,data:4/9ynVfsDZw8MiaGFOwrjexaQWx3+z39wLrwfWVfHQ5MYvIKRRlUBLg4zELEdszhoA6JRMaGGmS4FnnasyS69OaBO5uvK/fE5V2alKgmk+Ro+FmzRml3sow45Z/ppwW0rHAV8Ck6skjoC//s1RAwzQBf8n51EOcMtHwINHXCnyslQ6lJFxHtjd3oYdcK4m4rgCUxquYKwcEXXHlQhGomMmoFsXIMAncmzEyt7Go0nzpwj7lS3AfVn47UKc1mAzNWbUU4n6YHMwizziaCdJn1ybBQV1ZnbyAYjLI0jZB/jPC5,iv:JMYQhrNMpuFBozbOjR1VwvDREnXvWNMPmtPh8xiVYtM=,tag:X//QCU4z0+WnU6/e1HvMqg==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -16,8 +17,8 @@ sops:
eWdDbGxobFlkZG1SL3UrTEJXajU3RXMK9ULFsUDHxBtzCy5tbwSFeKm18TRjX1mO
B1SbGXUNG1XreeRpb5n7r01njVrPpbJI3DPtjvoKquNTc2BhZHi0Xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-29T18:54:02Z"
mac: ENC[AES256_GCM,data:fJdeN80RbQ3wq9udQt/XA7XlvhT+y9gR8z38t2l5P9vnyfqlxEiyfPIdFO8p01ZW3HZFVMessx2ev469LTMXcvf3Ln+L/dopSzZm7L4IRx2EvLYN2PbrZ86/AhgI/CEWyYX/xEMdwxZFR08KNBIMfu161YeDGDgPeevbRpCWkRA=,iv:kY59Y+wN2ZbGFDFOGplFzWpgW0OG+RBcTfucpZNyjq0=,tag:4vPdTfw0lEr5+fH/ACqSuQ==,type:str]
lastmodified: "2024-06-25T02:14:06Z"
mac: ENC[AES256_GCM,data:Jy3jgbmueseKgSpoltuTcCAKikwAIxqD+A7uwLKSmyOW+DCzqNcSiSCjbeOlH3z/wiudFLo4uvFBIxp4wHRK/9PdWAKs9RGjkNAgEtPgyhsudhf8WjfWdb42/O7//6A2PbJJeO1iNvitkaPuL7rvkto1sf60o2DN3l142alnYgo=,iv:eLi5U62mv0C9SIH6cbQOY+KHPHw2rleJWiaOPqsqq3I=,tag:t2z2HzE8GMLK65nxYEYDpw==,type:str]
pgp:
- created_at: "2023-04-25T21:47:23Z"
enc: |
@ -40,4 +41,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1