kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: matrix cleanup automations, kde plasma

Browse source
This commit is contained in:
Kat Inskip 2024-06-28 16:51:40 -07:00
parent a07bdbcafb
commit ed4defc62f
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
25 changed files with 521 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -16,7 +16,7 @@ creation_rules:
key_groups:
- pgp:
- *kat
- age: &age_common
age: &age_common
- *yukari
- *yukari_kat
- *koishi

192
flake.lock generated
View file

@ -3,11 +3,11 @@
"arcexprs": {
"flake": false,
"locked": {
"lastModified": 1715015942,
"narHash": "sha256-acSCdcggbwQdgGY/C29HY9KOBL9D2y2kP22GG6wWcL8=",
"lastModified": 1717919469,
"narHash": "sha256-Pgco19bs3bMJiVG0HL8nXVFsMijdHIRnnUO8WmdhIVk=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "1dfe8e22dffb4ee7110404b318caba16b7d7aaa8",
"rev": "625cc299098ac8cea904f2777d0cdf9a191b9e7d",
"type": "github"
},
"original": {
@ -27,11 +27,11 @@
]
},
"locked": {
"lastModified": 1700768693,
"narHash": "sha256-HuaniSdF1jCD86rE5WAvK39fAyGKBPPriVrsHxd5n+k=",
"lastModified": 1716575596,
"narHash": "sha256-F+0nBhI4OfM8XtZ/Usb90c4oerEob1bENWXgb+lMjvg=",
"owner": "arcnmx",
"repo": "base16.nix",
"rev": "0d01fbdf72d5184bee401c380abe17fe725863fb",
"rev": "13b838df99d8694005d479388f7389b441c7e820",
"type": "github"
},
"original": {
@ -129,11 +129,11 @@
]
},
"locked": {
"lastModified": 1716511055,
"narHash": "sha256-5Fe/DGgvMhPEMl9VdVxv3zvwRcwNDmW5eRJ0gk72w7U=",
"lastModified": 1718440858,
"narHash": "sha256-iMVwdob8F6P6Ib+pnhMZqyvYI10ZxmvA885jjnEaO54=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "0bea8222f6e83247dd13b055d83e64bce02ee532",
"rev": "58b905ea87674592aa84c37873e6c07bc3807aba",
"type": "github"
},
"original": {
@ -156,11 +156,11 @@
]
},
"locked": {
"lastModified": 1715699772,
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
@ -308,11 +308,11 @@
]
},
"locked": {
"lastModified": 1716457508,
"narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=",
"lastModified": 1718526747,
"narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "850cb322046ef1a268449cf1ceda5fd24d930b05",
"rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
"type": "github"
},
"original": {
@ -338,11 +338,11 @@
]
},
"locked": {
"lastModified": 1716327911,
"narHash": "sha256-PI+wygItS/TKzi4gEAROvKTUzTx9GT+PGBttS/IOA/Q=",
"lastModified": 1718368322,
"narHash": "sha256-VfMg3RsnRLQzbq0hFIh1dCM09b5C/F/qPFUOgU/CRi0=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "27ca640abeef2d425b5dbecf804f5eb622cef56d",
"rev": "dd3a853c8239d1c3f3f37de7d2b8ae4b4f3840df",
"type": "github"
},
"original": {
@ -357,6 +357,7 @@
"hyprlang": [
"hyprlang"
],
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"nixpkgs"
@ -369,11 +370,11 @@
]
},
"locked": {
"lastModified": 1716491954,
"narHash": "sha256-NUDPjdf02j5UuFcf2c5rousGK2f94UzRdGH3jE7JfL4=",
"lastModified": 1718566457,
"narHash": "sha256-IIUhBjiDa0TjvEJb1WTJ9TM8PTGJjl+sOWfSdZKIJNA=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "4e42107d25dc47ee94da282db233f85f1e4c6bd0",
"rev": "b15be9c77de593581007de53b2bbca97d121900a",
"type": "github"
},
"original": {
@ -407,6 +408,7 @@
},
"hyprlang": {
"inputs": {
"hyprutils": "hyprutils_2",
"nixpkgs": [
"nixpkgs"
],
@ -415,11 +417,11 @@
]
},
"locked": {
"lastModified": 1716473782,
"narHash": "sha256-+qLn4lsHU6iL3+HTo1gTQ1tWzet8K9h+IfVemzEQZj8=",
"lastModified": 1717881852,
"narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "87d5d984109c839482b88b4795db073eb9ed446f",
"rev": "ec6938c66253429192274d612912649a0cfe4d28",
"type": "github"
},
"original": {
@ -433,6 +435,7 @@
"hyprlang": [
"hyprlang"
],
"hyprutils": "hyprutils_3",
"nixpkgs": [
"nixpkgs"
],
@ -441,11 +444,11 @@
]
},
"locked": {
"lastModified": 1716461934,
"narHash": "sha256-5j/GfBVkgqGTlEA7s/6CBn0pKK6ohXQi38lkKeno/mA=",
"lastModified": 1717883389,
"narHash": "sha256-2A4Q56JFd3t9j3Xpa0kxw2fjv8nNqgNBOA34rRcLA8I=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "972c1c27e6b057e5e891b6ae9f5b2c83bac1e087",
"rev": "c5b8ad03d03ddbd2b0ff8615c2f6dba31374b6a8",
"type": "github"
},
"original": {
@ -478,6 +481,81 @@
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1718271409,
"narHash": "sha256-8KvVqtApNt4FWTdn1TqVvw00rpqyG9UuUPA2ilPVD1U=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "8e10e0626fb26a14b859b3811b6ed7932400c86e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprutils_2": {
"inputs": {
"nixpkgs": [
"hyprlang",
"nixpkgs"
],
"systems": [
"hyprlang",
"systems"
]
},
"locked": {
"lastModified": 1717881334,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprutils_3": {
"inputs": {
"nixpkgs": [
"hyprlock",
"nixpkgs"
],
"systems": [
"hyprlock",
"systems"
]
},
"locked": {
"lastModified": 1717881334,
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprutils",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
@ -490,11 +568,11 @@
]
},
"locked": {
"lastModified": 1716058375,
"narHash": "sha256-CwjWoVnBZE5SBpRx9dgSQGCr4Goxyfcyv3zZbOhVqzk=",
"lastModified": 1718119275,
"narHash": "sha256-nqDYXATNkyGXVmNMkT19fT4sjtSPBDS1LLOxa3Fueo4=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "3afed4364790aebe0426077631af1e164a9650cc",
"rev": "1419520d5f7f38d35e05504da5c1b38212a38525",
"type": "github"
},
"original": {
@ -596,11 +674,11 @@
]
},
"locked": {
"lastModified": 1716513728,
"narHash": "sha256-yZJebdRQ1UmJ6BMVNRDwwd2ZyBtpxDXsVQixlDe+Ras=",
"lastModified": 1718328291,
"narHash": "sha256-+T30dHQeG7DDOAx7JDVXmQ0VoxNhmH7sP7XSua4Ap84=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "876132681d6c3c2ef74cc9e37c0730e8dfe6ed4d",
"rev": "47148517641585988aac4d082c5c02c72ac77c49",
"type": "github"
},
"original": {
@ -616,11 +694,11 @@
]
},
"locked": {
"lastModified": 1716170277,
"narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=",
"lastModified": 1718507237,
"narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "e0638db3db43b582512a7de8c0f8363a162842b9",
"rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4",
"type": "github"
},
"original": {
@ -631,11 +709,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1716173274,
"narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"lastModified": 1718548414,
"narHash": "sha256-1obyIuQPR/Kq1j5/i/5EuAfQrDwjYnjCDG8iLtXmBhQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"rev": "cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06",
"type": "github"
},
"original": {
@ -646,11 +724,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"lastModified": 1718318537,
"narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420",
"type": "github"
},
"original": {
@ -678,11 +756,11 @@
},
"nur": {
"locked": {
"lastModified": 1716572789,
"narHash": "sha256-PcHsKc1cM47z3yuiPNaeKy8MFu2Fb0a5VO6jqjHK1z4=",
"lastModified": 1718567081,
"narHash": "sha256-IPqZSLbNkBidOM8YYnugdwr0GneHoiPZyRXKac5ydIM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "7f8376c4f76ea79b9ad58ec11685da5b4fffca04",
"rev": "8a85dd301eda27f8ca394be91a706512f10fe897",
"type": "github"
},
"original": {
@ -701,11 +779,11 @@
]
},
"locked": {
"lastModified": 1716497069,
"narHash": "sha256-R8tGjY7wUKWY5O3iZiy1gyg0+8pdXcOeP3RppdKgLLM=",
"lastModified": 1718567165,
"narHash": "sha256-nhg4r4Kn3deooPiNao8oH/K7CcvRotDzBtg00MXiZkU=",
"owner": "pjones",
"repo": "plasma-manager",
"rev": "6d697a8dd6d0699bce69424dbed55184212ff21a",
"rev": "b906c67581fa12ad2821f295b37b5733fcc76926",
"type": "github"
},
"original": {
@ -857,11 +935,11 @@
]
},
"locked": {
"lastModified": 1716400300,
"narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
"lastModified": 1718506969,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b549832718b8946e875c016a4785d204fcfc2e53",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
"type": "github"
},
"original": {
@ -980,11 +1058,11 @@
]
},
"locked": {
"lastModified": 1716028628,
"narHash": "sha256-sjgvUXjDXIA48tq+nbQ+e2BfAJyz865mfOtXTj1c8yQ=",
"lastModified": 1718470009,
"narHash": "sha256-VBeDG3we0bkbFWMyZy+wjUkmeDN58pGFzw1dQCTeDV8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "041bad074dbde651c6b9d23dce5ee15b67e98c6c",
"rev": "e0a970cbb8c3af05c80ef48a336ad91efd9b2bf6",
"type": "github"
},
"original": {
@ -1009,11 +1087,11 @@
]
},
"locked": {
"lastModified": 1716290197,
"narHash": "sha256-1u9Exrc7yx9qtES2brDh7/DDZ8w8ap1nboIOAtCgeuM=",
"lastModified": 1718272114,
"narHash": "sha256-KsX7sAwkEFpXiwyjt0HGTnnrUU58wW1jlzj5IA/LRz8=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "91e48d6acd8a5a611d26f925e51559ab743bc438",
"rev": "24be4a26f0706e456fca1b61b8c79f7486a9e86d",
"type": "github"
},
"original": {

2
home/environments/kde/gtk.nix
View file

@ -1,6 +1,6 @@
{pkgs, ...}: {
gtk = {
enable = true;
enable = false;
iconTheme = {
name = "Numix-Square-Light";
package = pkgs.numix-icon-theme-square;

52
home/environments/kde/kde.nix
View file

@ -1,4 +1,52 @@
_: {
{ pkgs, ... }: {
home.packages = with pkgs.kdePackages; [
kscreen
kwin
pkgs.xwayland
kscreen
libkscreen
kscreenlocker
kactivitymanagerd
kde-cli-tools
kglobalacceld # keyboard shortcut daemon
kwrited # wall message proxy, not to be confused with kwrite
baloo # system indexer
milou # search engine atop baloo
kdegraphics-thumbnailers # pdf etc thumbnailer
polkit-kde-agent-1 # polkit auth ui
plasma-desktop
plasma-workspace
drkonqi # crash handler
kde-inotify-survey # warns the user on low inotifywatch limits
# Application integration
libplasma # provides Kirigami platform theme
plasma-integration # provides Qt platform theme
kde-gtk-config # syncs KDE settings to GTK
# Artwork + themes
breeze
breeze-icons
breeze-gtk
ocean-sound-theme
plasma-workspace-wallpapers
pkgs.hicolor-icon-theme # fallback icons
qqc2-breeze-style
qqc2-desktop-style
# misc Plasma extras
kdeplasma-addons
pkgs.xdg-user-dirs # recommended upstream
# Plasma utilities
kmenuedit
kinfocenter
plasma-systemmonitor
ksystemstats
libksysguard
systemsettings
kcmutils
];
programs.plasma = {
configFile = {
"kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1;
@ -16,4 +64,4 @@ _: {
"kxkbrc"."Layout"."Options" = "terminate:ctrl_alt_bksp,ctrl:hyper_capscontrol";
};
};
}
}

2
home/environments/kde/qt.nix
View file

@ -1,6 +1,6 @@
{pkgs, ...}: {
qt = {
enable = true;
enable = false;
platformTheme = "kde";
style = {
name = "arc";

7
home/profiles/common/nix.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
nix.gc = {
automatic = true;
frequency = "weekly";
persistent = true;
};
}

2
home/profiles/graphical/chromium.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: {
# Backup browser! For aliexpress and things.
home.packages = [
pkgs.ungoogled-chromium
#pkgs.ungoogled-chromium
];
}

1
home/profiles/graphical/packages.nix
View file

@ -31,5 +31,6 @@
cryptsetup # Encrypted block devices
yubikey-manager # Yubikey
v4l-utils # Webcam
obsidian
];
}

1
nixos/common/nix-deploy-trusted-user.nix → nixos/common/nix.nix
View file

@ -1,6 +1,7 @@
_: {
nix = {
settings = {
auto-optimise-store = true;
trusted-users = [
"deploy"
];

9
nixos/environments/kde/xserver.nix
View file

@ -1,10 +1,9 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
xclip
wl-clipboard
];
services.xserver = {
enable = true;
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.desktopManager.plasma6.enable = true;
}

22
nixos/hardware/oracle_flex.nix Normal file
View file

@ -0,0 +1,22 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.supportedFilesystems = [ "xfs" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/92B6-AAE1"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
swapDevices = [ { device = "/dev/sda2"; } ];
boot = {
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
};
};
}

21
nixos/hardware/oracle_micro.nix Normal file
View file

@ -0,0 +1,21 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/1F52-C11D"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
boot = {
loader = {
grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 1;
};
systemd-boot.configurationLimit = 1;
};
};
}

1
nixos/profiles/graphical/fonts.nix
View file

@ -8,7 +8,6 @@
corefonts
vistafonts
open-dyslexic
chicago95
];
enableDefaultPackages = true;
fontDir.enable = true;

24
nixos/profiles/server/nix.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }: let
inherit (lib.modules) mkForce;
in {
nix.gc = {
automatic = true;
dates = "weekly";
};
sops.secrets.nix-gc-environment = {
sopsFile = ./secrets.yaml;
};
systemd.services.nix-gc = {
script = let
cfg = config.nix.gc;
in mkForce ''
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Beginning nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK
OUTPUT=$(${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options});
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Finished nix garbage collection on ${config.networking.hostName}.${config.networking.domain}\"}" $DISCORD_WEBHOOK_LINK
${pkgs.curl}/bin/curl -vvvv -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \''${OUTPUT}\"}" $DISCORD_WEBHOOK_LINK
'';
serviceConfig = {
EnvironmentFile = config.sops.secrets.nix-gc-environment.path;
};
};
}

69
nixos/profiles/server/secrets.yaml Normal file
View file

@ -0,0 +1,69 @@
nix-gc-environment: ENC[AES256_GCM,data:eAvFY8gan0RSoEOSnF8OCoDGSJsqv6z30WVKPBhI/BLCDuaHOe9ryGYZ+Pdv06IHiyew0ZwOQHId8O5cX65DnzSMubS5NYtIXMe9k29Qr1LB8QcCJK6NEhaN3ovGiVGErpp44Z5g6kK8vxPzMVq66IQA0pKlaJ3JBgQJ5s12DZ+MFmNzZ2g2vVssNSCooztfnw==,iv:qnyAErKjNm7ThukhNwcqkiKgzHJKp5J6TA8SKsTUxj8=,tag:9eNR4BAGOSE4qZT+dOLR0A==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQ3piaWxpa1N4ZFRTdkhw
d3BLOXdCd2NDeDJmcGl2UkxlV2RGMUdlYzFVCndmNk44aUVHRExJUmJXU2RpeHN2
c0Y5bnQyZ2IyaFVuTHBkdHR2cFlldEEKLS0tIGpjUkZpL01BemdQb3JFL3crQS8w
dlZmMjJtcHl2NUU3bzV1dzBQK0FmY1UKiKRO7lTSpF7DYhR6eO0AhW4jsWMC9Etm
Bcc6Zpec0QKgmoy63aDj6+Fx0V5fCVX1Lis0PADpeNIn9Dshv5ouGg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbFRvTXQrK1ZNWWxPblB5
MGVsaUx4MzRlcW4xVkZNczFRdzBlM3VQQVV3CjdXUk9IVC9NRDBNeUMrSUo2anFS
eUhNYWZvdEhJamVYcXJXUExwdFQwb1kKLS0tIHZqNlFhWXZHSDAvdkFtMVhSdnlI
amhncGFzbktNVThyTHl6NFdMc3N5SFkK9NDy5U7Bfl6t8sSZem+EbqD5yW3ZHiex
PUac2UJvy5Q8QA3knQUUtLuLAuE5WrpIOzV8w8YnMYpDBhZtwO9uDg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWFlRUFl2OHhuWnFWblBH
bWtRamd4ZDRURHRSYWRFc2tabWg1QTk1Vm1FCkV0akNpNTRxUURzQjQ3RHJMOFVI
T3lDZkFzdER3bmszcVVWZ1h1eWxwZXMKLS0tIFJianRjUm1tOWlxTGkxTkJ4a2hq
Z2lERWpVaXhqRDQ3YlpndTdKUklUcjgK5XCk4qbAerT2AfOlpjKK4sUTdAN3Edt0
XleLhGq+bPG3CHUEN7SIaoHh4fyCpwcNGJPAcmeGY1yJZh8y0UQvSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YlMzam1CMmFoSXVwWjdY
bC9hem5manl2RngvMm1FdDU0anZlL0pDdHpZClhOdlVrM05aek1sMUdQdHNvRTRp
UEZ4LzFXM3NtRzA0Nm80OFlGSWlnMW8KLS0tIGRPZWhRVStiUm9tYjErWmpZa3A4
aDJmdGUxZWdqbXFjeCt4dHlSVDE4TEkKz+z1s1MvGcyVIPLQEnFFm1YpDDUc2KBf
p92AFO+1CXZsQTKY6eRPIUxkXPKXsBYPosy7Z34mBKmjlrvxrM+2OA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T03:22:44Z"
mac: ENC[AES256_GCM,data:2uVqMaPYgG2hbkMZCd3xJjjoEJqsGhFEXAq4p+X7YWO4hwB+H/REJJkHCUBegggWJtKA1zDKDIVzvZv3BeRaIe63Kaj2A/7c3qwjCsBpzm5DdJ3WrlAIffFSgOs7jUyFwQtP0ZsbHigsr/rA5NqDeC+4hVHg9XKgLXKyPoVk+iM=,iv:rzf0xQGfGMirg1wwe3paq1+lNdISerFXRUsPLtZ09m0=,tag:6xkM9kvN/8NqzTYB5eHbVA==,type:str]
pgp:
- created_at: "2024-06-25T03:21:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/8CQAUzNv2BxCf8d+XPW+NeV5XsTqk06/QdFmyhguS4fn7
eyclxiww6FBspxX8WxfLsE3qLjA1cGRv8W8kvZMzuIiJW7BECnzUvANNci3STl3w
Ei4zkWCuXYdgO0nbfzvv2MyXSdw5nnJIRpbh/QyR7UOJkHHkurtLXCupNImZUN0d
FKzM+Y0rM/rDQvNxk216T0eAE68su+wzNbPEgYzMSq/0N5kFl+31JU7hRdXf1+Kd
MFFwu8owk/G0pqkOx3jIV5sia97CZbG7pZLNwfXTngVum/neRGCwNf+Ub4S51K0s
pQZHDFgacRUCKkJs2XXZcYQHEn2NQ+z+6rvnmOEsMMRM2X+g1+6SocL2Rf6VZgDo
UNr6oUplzMdJFRM8ymqP6IsVK/L8NQF9sna2MevtDGxoFV6Dl2mOzyHUCCaHyp0O
sWiIsnkogFDGOH7OjUSvTjv/o5RbeHGyLzzAYg8ZKRyqhdhzF+QFToQ4mqzyjrAd
NEqDgAYolgOPg2NmDpuBBnHwJhNQDaWA3wDDSEtH++xrjgZy0vovM79HUwYOGyPK
mOjl2CM52QFaORmSj561TgfOAO2ulVPIjXa88w9mFyyNqsecqWevQFBYn9/V7Yz0
5SpnUpxhJ50ZeY/IZa5rz+JoZmX+Gg+dwqvG58o1Nh21tQzFemApi7FC1HqwukPS
XgEhEqzHm2ayA9wTLyFkaZeIMQyCm/bm3i0PN4N9yojq6/g3wXK2k/tld208ro5m
682qNj7bIeWqwdfZxdmdgzutqojV1zrfaC2iYLd58waxua6w9UbE9jvkg0cz6H8=
=ceQ3
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1

24
nixos/servers/matrix/cleanup.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }: {
sops.secrets.synapse-cleanup-environment = {
sopsFile = ./secrets.yaml;
};
systemd = {
services.synapse-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "root";
EnvironmentFile = config.sops.secrets.synapse-cleanup-environment.path;
ExecStart = "${pkgs.synapse-cleanup}/bin/synapse-cleanup";
};
};
timers.synapse-cleanup = {
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "synapse-cleanup.service";
};
wantedBy =
[ "timers.target" ];
};
};
}

7
nixos/servers/matrix/secrets.yaml
View file

@ -1,5 +1,6 @@
matrix_shared_registration_secret: ENC[AES256_GCM,data:DsCqfbS2yxN7nVRevcjpfO63jBUsyQHfEfbpZpD3cBtPf+JuZ8TFPBNNQwx2NYdyty60INdr4w==,iv:pSf6VDS9bqZIq8ZqOW0v4siRbDp9EEdw7TtSSjjrC6A=,tag:V61OqmdsNzczOzf+2Y6LSA==,type:str]
api_id: ENC[AES256_GCM,data:z1FqOKDSG1uo4BYgt2Ct9cUUy/daSgMNCnOHsdhG0ocw7eNI,iv:2cpOFO0Fcv/Y2xj/5UErbZ9qiLtn0QUWUg12Z9z/Ug4=,tag:cYEgrUM8GJ+uGNXKz4GpdQ==,type:str]
synapse-cleanup-environment: ENC[AES256_GCM,data:4/9ynVfsDZw8MiaGFOwrjexaQWx3+z39wLrwfWVfHQ5MYvIKRRlUBLg4zELEdszhoA6JRMaGGmS4FnnasyS69OaBO5uvK/fE5V2alKgmk+Ro+FmzRml3sow45Z/ppwW0rHAV8Ck6skjoC//s1RAwzQBf8n51EOcMtHwINHXCnyslQ6lJFxHtjd3oYdcK4m4rgCUxquYKwcEXXHlQhGomMmoFsXIMAncmzEyt7Go0nzpwj7lS3AfVn47UKc1mAzNWbUU4n6YHMwizziaCdJn1ybBQV1ZnbyAYjLI0jZB/jPC5,iv:JMYQhrNMpuFBozbOjR1VwvDREnXvWNMPmtPh8xiVYtM=,tag:X//QCU4z0+WnU6/e1HvMqg==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -16,8 +17,8 @@ sops:
eWdDbGxobFlkZG1SL3UrTEJXajU3RXMK9ULFsUDHxBtzCy5tbwSFeKm18TRjX1mO
B1SbGXUNG1XreeRpb5n7r01njVrPpbJI3DPtjvoKquNTc2BhZHi0Xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-29T18:54:02Z"
mac: ENC[AES256_GCM,data:fJdeN80RbQ3wq9udQt/XA7XlvhT+y9gR8z38t2l5P9vnyfqlxEiyfPIdFO8p01ZW3HZFVMessx2ev469LTMXcvf3Ln+L/dopSzZm7L4IRx2EvLYN2PbrZ86/AhgI/CEWyYX/xEMdwxZFR08KNBIMfu161YeDGDgPeevbRpCWkRA=,iv:kY59Y+wN2ZbGFDFOGplFzWpgW0OG+RBcTfucpZNyjq0=,tag:4vPdTfw0lEr5+fH/ACqSuQ==,type:str]
lastmodified: "2024-06-25T02:14:06Z"
mac: ENC[AES256_GCM,data:Jy3jgbmueseKgSpoltuTcCAKikwAIxqD+A7uwLKSmyOW+DCzqNcSiSCjbeOlH3z/wiudFLo4uvFBIxp4wHRK/9PdWAKs9RGjkNAgEtPgyhsudhf8WjfWdb42/O7//6A2PbJJeO1iNvitkaPuL7rvkto1sf60o2DN3l142alnYgo=,iv:eLi5U62mv0C9SIH6cbQOY+KHPHw2rleJWiaOPqsqq3I=,tag:t2z2HzE8GMLK65nxYEYDpw==,type:str]
pgp:
- created_at: "2023-04-25T21:47:23Z"
enc: |
@ -40,4 +41,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

49
packages/synapse-cleanup/cleanup.sh
View file

@ -1,49 +1,52 @@
#!/usr/bin/env bash
set -eu
set -o pipefail
set -euo pipefail
# Provide $HOMESERVER and $API_ID into the program via environment, or uncomment the two below lines:
#read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER
#read -sp "Enter the admin user token required: " API_ID
TEMPDIR=$(mktemp -d)
database_before_size=$(sudo -u postgres psql matrix-synapse -c "SELECT pg_size_pretty(pg_database_size( 'matrix-synapse' ));" | sed -n "3p")
media_store_before_size=$(sudo du /var/lib/matrix-synapse/media_store -hd 0 | awk '{print $1}')
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Beginning matrix-synapse optimization process - Database before size: ${database_before_size}, Media store before size: ${media_store_before_size}\"}" $DISCORD_WEBHOOK_LINK
echo -n "Starting synapse, just to make sure it is online for these requests"
echo "Starting synapse, just to make sure it is online for these requests"
systemctl start matrix-synapse
sleep 5
echo -n "Collecting required room data"
curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}"/roomlist.json
jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/to_purge.txt
jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/history_purge.txt
echo "Collecting required room data"
curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}/roomlist.json"
jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/to_purge.txt"
jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}/roomlist.json" > "${TEMPDIR}/history_purge.txt"
ts=$(( $(date --date="1 month ago" +%s)*1000 ))
echo -n "Cleaning up media store"
echo "Cleaning up media store"
curl --header "Authorization: Bearer ${API_ID}" -X POST "https://${HOMESERVER}/_synapse/admin/v1/media/delete?before_ts=${ts}"
media_store_after_size=$(sudo du /var/lib/matrix-synapse/media_store -hd 0 | awk '{print $1}')
echo -n "Deleting empty rooms"
rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/to_purge.txt)
echo "Deleting empty rooms"
rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}/to_purge.txt")
for room_id in $rooms_to_remove; do
if [ -n "$room_id" ];then
echo -e "\nDeleting ${room_id}!\n"
if [ -n "${room_id}" ]; then
curl --header "Authorization: Bearer ${API_ID}" -X DELETE -H "Content-Type: application/json" -d "{}" "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}"
fi
done
done
rooms_to_clean=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/history_purge.txt)
echo -n "Deleting unnecessary room history"
for room_id in $rooms_to_clean; do
echo -e "\nRemoving history for $room_id\n"
curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": $ts }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/\${room_id}"
don
echo "Deleting unnecessary room history"
for room_id in $rooms_to_clean; do
curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": ${ts} }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/${room_id}"
done
echo -n "Last optimization steps, database optimization, shutting down Synapse"
systemctl stop matrix-synaps
echo "Last optimization steps, database optimization, shutting down Synapse"
systemctl stop matrix-synapse
sudo -u matrix-synapse synapse_auto_compressor -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/" -c 500 -n 100
sudo -u postgres psql matrix-synapse -c "REINDEX (VERBOSE) DATABASE \"matrix-synapse\";"
sudo -u postgres psql -c "VACUUM FULL VERBOSE;"
sudo -u postgres psql matrix-synapse -c "VACUUM FULL VERBOSE;"
rm -rf "${TEMPDIR}"
echo -n "Synapse cleanup performed, booting up"
systemctl start matrix-synapse
echo "Synapse cleanup performed, booting up"
systemctl start matrix-synapse
database_after_size=$(sudo -u postgres psql matrix-synapse -c "SELECT pg_size_pretty(pg_database_size( 'matrix-synapse' ));" | sed -n "3p")
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"Matrix-synapse optimization process finished - Database after size: ${database_after_size}, ratio: ${database_ratio}, Media store after size: ${media_store_after_size}, ratio: ${media_store_ratio}\"}" $DISCORD_WEBHOOK_LINK

4
packages/synapse-cleanup/default.nix
View file

@ -6,6 +6,10 @@ wrapShellScriptBin "synapse-cleanup" ./cleanup.sh {
depsRuntimePath = with pkgs; [
matrix-synapse-tools.rust-synapse-compress-state
curl
gawk
sudo
postgresql
rink
jq
];
}

31
systems/daiyousei.nix Normal file
View file

@ -0,0 +1,31 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
]
++ (with tree.nixos.profiles; [
server
])
++ (with tree.nixos.hardware; [
oracle_flex
])
++ (with tree.nixos.servers; [
]);
system.stateVersion = "23.11";
};
in {
arch = "aarch64";
type = "NixOS";
modules = [
hostConfig
];
}

6
systems/default.nix
View file

@ -142,6 +142,9 @@
serverLocations = {
mediabox = "10.1.1.167";
orb = "orb";
daiyousei = "140.238.156.121";
mei = "150.230.28.111";
mai = "132.145.108.249";
};
in {
deploy.nodes = set.merge [
@ -149,7 +152,7 @@
${name} = {
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name};
path = inputs.deploy-rs.lib.${host.system}.activate.nixos inputs.self.nixosConfigurations.${name};
};
autoRollback = false;
magicRollback = false;
@ -166,6 +169,7 @@
${name} = {
hostname = serverLocations.${name};
sshUser = "root";
sshOpts = ["-oControlMaster=no" "-oControlPath=/tmp/willneverexist" "-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
};
})
(set.optional (name == "renko" && host.folder == "nixos") {

30
systems/koishi.nix
View file

@ -20,7 +20,7 @@ _: let
secureboot
])
++ (with tree.nixos.environments; [
xfce
kde
]);
config = {
home-manager.users.kat.imports =
@ -29,7 +29,7 @@ _: let
devops
])
++ (with tree.home.environments; [
xfce
kde
]);
fileSystems = {
@ -45,6 +45,30 @@ _: let
boot.extraModprobeConfig = "options snd_hda_intel power_save=0";
programs.ssh.extraConfig = ''
Host daiyousei-build
HostName 140.238.156.121
User root
IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh
'';
nix.buildMachines = [
{
hostName = "daiyousei-build";
system = "aarch64-linux";
protocol = "ssh-ng";
maxJobs = 100;
speedFactor = 1;
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
mandatoryFeatures = [ ];
}
];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
services.printing.enable = true;
services.hardware.bolt.enable = true;
@ -54,7 +78,7 @@ _: let
];
boot = {
supportedFilesystems = ["ntfs"];
supportedFilesystems = ["ntfs" "xfs"];
};
networking = {

31
systems/mai.nix Normal file
View file

@ -0,0 +1,31 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
]
++ (with tree.nixos.profiles; [
server
])
++ (with tree.nixos.hardware; [
oracle_micro
])
++ (with tree.nixos.servers; [
]);
system.stateVersion = "23.11";
};
in {
arch = "x86_64";
type = "NixOS";
modules = [
hostConfig
];
}

31
systems/mei.nix Normal file
View file

@ -0,0 +1,31 @@
_: let
hostConfig = {
lib,
tree,
modulesPath,
...
}: let
inherit (lib.modules) mkDefault;
in {
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
]
++ (with tree.nixos.profiles; [
server
])
++ (with tree.nixos.hardware; [
oracle_micro
])
++ (with tree.nixos.servers; [
]);
system.stateVersion = "23.11";
};
in {
arch = "x86_64";
type = "NixOS";
modules = [
hostConfig
];
}

1
systems/yukari.nix
View file

@ -19,7 +19,6 @@ _: let
postgres
matrix
vaultwarden
grafana-stack
public-directory
weechat
tt-rss