commit 7cfd4f6767bd457c61095ae2c27ccf23e0df5332 · pyrox.dev/nix

+24 -16

flake.nix

···

       109
        
               , extraModules ? [ ]

     

       110
        
               , extraHMModules ? [ ]

     

       111
        
               ,

     

       112
       -
               }: lib.nixosSystem {

     

       0
        
       
     

       113
        
                 inherit system;

     

       114
       -
                 modules = [

     

       115
       -
                   ./hosts/${hostname}/configuration.nix

     

       116
       -
                   ./hosts/${hostname}/bootloader.nix

     

       117
       -
                   inputs.home-manager.nixosModules.home-manager

     

       118
       -
                   {

     

       119
       -
                     home-manager.useGlobalPkgs = true;

     

       120
       -
                     home-manager.useUserPackages = true;

     

       121
       -
                     home-manager.extraSpecialArgs = { inherit pkgs system inputs; };

     

       122
       -
                     home-manager.sharedModules = [ ] ++ extraHMModules;

     

       123
       -
                   }

     

       124
       -
                   (mkUser { inherit profile; username = "pyrox"; })

     

       125
       -
                   (mkUser { inherit profile; username = "thehedgehog"; })

     

       126
       -
                   inputs.agenix.nixosModules.default

     

       127
       -
                 ] ++ extraModules;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       128
        
                 specialArgs = { inherit self inputs pkgs; };

     

       129
        
               };

     

       130
        
           in

     
···

       172
        
                 hyprland.homeManagerModules.default

     

       173
        
               ];

     

       174
        
             };

     

       175
       -
       

     

       176
        
           };

     

       177
        
       }

···

       109
        
               , extraModules ? [ ]

     

       110
        
               , extraHMModules ? [ ]

     

       111
        
               ,

     

       112
       +
               }:

     

       113
       +
               lib.nixosSystem {

     

       114
        
                 inherit system;

     

       115
       +
                 modules =

     

       116
       +
                   [

     

       117
       +
                     ./hosts/${hostname}/configuration.nix

     

       118
       +
                     ./hosts/${hostname}/bootloader.nix

     

       119
       +
                     inputs.home-manager.nixosModules.home-manager

     

       120
       +
                     {

     

       121
       +
                       home-manager.useGlobalPkgs = true;

     

       122
       +
                       home-manager.useUserPackages = true;

     

       123
       +
                       home-manager.extraSpecialArgs = { inherit pkgs system inputs; };

     

       124
       +
                       home-manager.sharedModules = [ ] ++ extraHMModules;

     

       125
       +
                     }

     

       126
       +
                     (mkUser {

     

       127
       +
                       inherit profile;

     

       128
       +
                       username = "pyrox";

     

       129
       +
                     })

     

       130
       +
                     (mkUser {

     

       131
       +
                       inherit profile;

     

       132
       +
                       username = "thehedgehog";

     

       133
       +
                     })

     

       134
       +
                     inputs.agenix.nixosModules.default

     

       135
       +
                   ]

     

       136
       +
                   ++ extraModules;

     

       137
        
                 specialArgs = { inherit self inputs pkgs; };

     

       138
        
               };

     

       139
        
           in

     
···

       181
        
                 hyprland.homeManagerModules.default

     

       182
        
               ];

     

       183
        
             };

     

       0
        
       
     

       184
        
           };

     

       185
        
       }

+5 -1

home/gtk.nix

···

       1
       -
       {pkgs, config, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         gtk = {

     

       3
        
           enable = true;

     

       4
        
           cursorTheme = {

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         config,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         gtk = {

     

       7
        
           enable = true;

     

       8
        
           cursorTheme = {

+1 -1

home/profiles/base.nix

···

       1
       -
       { inputs, ... }: {

     

       2
        
         imports = [

     

       3
        
           ../programs/gpg.nix

     

       4
        
         ];

···

       1
       +
       {inputs, ...}: {

     

       2
        
         imports = [

     

       3
        
           ../programs/gpg.nix

     

       4
        
         ];

+5 -1

home/profiles/desktop.nix

···

       1
       -
       { pkgs, inputs, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         imports = [

     

       3
        
           ./base.nix

     

       4
        
           ./cli.nix

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         inputs,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         imports = [

     

       7
        
           ./base.nix

     

       8
        
           ./cli.nix

+5 -1

home/profiles/development.nix

···

       1
       -
       {inputs, pkgs, ...}: let

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         ctp-pkgs = inputs.ctp-toolbox.packages.${pkgs.system};

     

       3
        
       in {

     

       4
        
         home.packages = with pkgs; [

···

       1
       +
       {

     

       2
       +
         inputs,

     

       3
       +
         pkgs,

     

       4
       +
         ...

     

       5
       +
       }: let

     

       6
        
         ctp-pkgs = inputs.ctp-toolbox.packages.${pkgs.system};

     

       7
        
       in {

     

       8
        
         home.packages = with pkgs; [

+4 -4

home/profiles/gui.nix

···

       4
        
         lib,

     

       5
        
         # games ? true,

     

       6
        
         # social ? true,

     

       7
       -
         ...}: {

     

       0
        
       
     

       8
        
         imports = [

     

       9
        
           ../wayland/sway.nix

     

       10
        
       

     
···

       43
        
           ueberzug

     

       44
        
           viewnior

     

       45
        
           wezterm

     

       46
       -
         # ] ++ lib.optionals games [

     

       47
        
           factorio-experimental

     

       48
        
           mindustry

     

       49
        
           minetest

     
···

       51
        
           prismlauncher

     

       52
        
           protontricks

     

       53
        
           proton-caller

     

       54
       -
         # ] ++ lib.optionals social [

     

       55
        
           discord

     

       56
        
           premid

     

       57
        
           zulip

     

       58
        
         ];

     

       59
       -
       

     

       60
        
       }

···

       4
        
         lib,

     

       5
        
         # games ? true,

     

       6
        
         # social ? true,

     

       7
       +
         ...

     

       8
       +
       }: {

     

       9
        
         imports = [

     

       10
        
           ../wayland/sway.nix

     

       11
        
       

     
···

       44
        
           ueberzug

     

       45
        
           viewnior

     

       46
        
           wezterm

     

       47
       +
           # ] ++ lib.optionals games [

     

       48
        
           factorio-experimental

     

       49
        
           mindustry

     

       50
        
           minetest

     
···

       52
        
           prismlauncher

     

       53
        
           protontricks

     

       54
        
           proton-caller

     

       55
       +
           # ] ++ lib.optionals social [

     

       56
        
           discord

     

       57
        
           premid

     

       58
        
           zulip

     

       59
        
         ];

     

       0
        
       
     

       60
        
       }

+5 -1

home/profiles/server.nix

···

       1
       -
       { pkgs, inputs, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         imports = [

     

       3
        
           ./base.nix

     

       4
        
           ./cli.nix

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         inputs,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         imports = [

     

       7
        
           ./base.nix

     

       8
        
           ./cli.nix

+1 -4

home/programs/emacs/default.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         ...

     

       4
       -
       }: {

     

       5
        
         programs.emacs = {

     

       6
        
           enable = true;

     

       7
        
           package = (pkgs.emacsPackagesFor pkgs.emacsPgtk).emacsWithPackages (epkgs: [epkgs.vterm pkgs.mu]);

···

       1
       +
       {pkgs, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         programs.emacs = {

     

       3
        
           enable = true;

     

       4
        
           package = (pkgs.emacsPackagesFor pkgs.emacsPgtk).emacsWithPackages (epkgs: [epkgs.vterm pkgs.mu]);

+5 -1

home/programs/email.nix

···

       1
       -
       { pkgs, lib, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         programs.msmtp.enable = true;

     

       3
        
         programs.mbsync.enable = true;

     

       4
        
         programs.mu.enable = true;

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         lib,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         programs.msmtp.enable = true;

     

       7
        
         programs.mbsync.enable = true;

     

       8
        
         programs.mu.enable = true;

+13 -9

home/programs/espanso/default.nix

···

       1
       -
       {pkgs, inputs, ...}: {

     

       2
       -
           # xdg.configFile."espanso" = {

     

       3
       -
           #     source = ./config;

     

       4
       -
           #     recursive = true;

     

       5
       -
           # };

     

       6
       -
           # services.espanso = {

     

       7
       -
           #     enable = true;

     

       8
       -
           #     package = inputs.espanso-nixpkgs.legacyPackages.x86_64-linux.espanso;

     

       9
       -
           # };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       10
        
       }

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         inputs,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
       +
         # xdg.configFile."espanso" = {

     

       7
       +
         #     source = ./config;

     

       8
       +
         #     recursive = true;

     

       9
       +
         # };

     

       10
       +
         # services.espanso = {

     

       11
       +
         #     enable = true;

     

       12
       +
         #     package = inputs.espanso-nixpkgs.legacyPackages.x86_64-linux.espanso;

     

       13
       +
         # };

     

       14
        
       }

+28 -28

home/programs/helix.nix

···

       1
        
       {

     

       2
       -
           programs.helix = {

     

       3
       -
               enable = true;

     

       4
       -
               settings = {

     

       5
       -
                   theme = "catppuccin_mocha";

     

       6
       -
                   editor = {

     

       7
       -
                       line-number = "absolute";

     

       8
       -
                       mouse = false;

     

       9
       -
                       auto-save = true;

     

       10
       -
                       true-color = true;

     

       11
       -
                       bufferline = "multiple";

     

       12
       -
                       color-modes = true;

     

       13
       -
                       cursor-shape = {

     

       14
       -
                           normal = "block";

     

       15
       -
                           insert = "bar";

     

       16
       -
                           select = "underline";

     

       17
       -
                       };

     

       18
       -
                       lsp = {

     

       19
       -
                           display-messages = true;

     

       20
       -
                           auto-signature-help = true;

     

       21
       -
                           display-signature-help-docs = true;

     

       22
       -
                       };

     

       23
       -
                       whitespace.render = {

     

       24
       -
                           space = "none";

     

       25
       -
                           tab = "all";

     

       26
       -
                           newline = "all";

     

       27
       -
                       };

     

       28
       -
                       indent-guides.render = true;

     

       29
       -
                   };

     

       30
        
               };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       31
        
           };

     

       0
        
       
     

       32
        
       }

···

       1
        
       {

     

       2
       +
         programs.helix = {

     

       3
       +
           enable = true;

     

       4
       +
           settings = {

     

       5
       +
             theme = "catppuccin_mocha";

     

       6
       +
             editor = {

     

       7
       +
               line-number = "absolute";

     

       8
       +
               mouse = false;

     

       9
       +
               auto-save = true;

     

       10
       +
               true-color = true;

     

       11
       +
               bufferline = "multiple";

     

       12
       +
               color-modes = true;

     

       13
       +
               cursor-shape = {

     

       14
       +
                 normal = "block";

     

       15
       +
                 insert = "bar";

     

       16
       +
                 select = "underline";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       17
        
               };

     

       18
       +
               lsp = {

     

       19
       +
                 display-messages = true;

     

       20
       +
                 auto-signature-help = true;

     

       21
       +
                 display-signature-help-docs = true;

     

       22
       +
               };

     

       23
       +
               whitespace.render = {

     

       24
       +
                 space = "none";

     

       25
       +
                 tab = "all";

     

       26
       +
                 newline = "all";

     

       27
       +
               };

     

       28
       +
               indent-guides.render = true;

     

       29
       +
             };

     

       30
        
           };

     

       31
       +
         };

     

       32
        
       }

+1 -4

home/programs/kitty.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         ...

     

       4
       -
       }: {

     

       5
        
         programs.kitty = {

     

       6
        
           enable = true;

     

       7
        
           font.name = "IBM Plex Mono Regular";

···

       1
       +
       {pkgs, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         programs.kitty = {

     

       3
        
           enable = true;

     

       4
        
           font.name = "IBM Plex Mono Regular";

+4 -1

home/programs/obs.nix

···

       1
       -
       { config, pkgs, ... }:

     

       2
        
       {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         programs.obs-studio = {

     

       4
        
           enable = true;

     

       5
        
           plugins = with pkgs.obs-studio-plugins; [

···

       0
        
       
     

       1
        
       {

     

       2
       +
         config,

     

       3
       +
         pkgs,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         programs.obs-studio = {

     

       7
        
           enable = true;

     

       8
        
           plugins = with pkgs.obs-studio-plugins; [

+3 -3

home/wayland/sway.nix

···

       85
        
               commands = [

     

       86
        
                 {

     

       87
        
                   command = "inhibit_idle fullscreen";

     

       88
       -
                   criteria = { class = "Chromium|zoom|Firefox"; };

     

       89
        
                 }

     

       90
        
                 {

     

       91
        
                   command = "floating enable, sticky enable, resize set 30 ppt 50 ppt, border pixel 4";

     

       92
       -
                   criteria = { app_id = "^launcher$"; };

     

       93
        
                 }

     

       94
        
                 {

     

       95
        
                   command = "resize set 20 ppt";

     

       96
       -
                   criteria = { title = "Mumble PTT"; };

     

       97
        
                 }

     

       98
        
               ];

     

       99
        
             };

···

       85
        
               commands = [

     

       86
        
                 {

     

       87
        
                   command = "inhibit_idle fullscreen";

     

       88
       +
                   criteria = {class = "Chromium|zoom|Firefox";};

     

       89
        
                 }

     

       90
        
                 {

     

       91
        
                   command = "floating enable, sticky enable, resize set 30 ppt 50 ppt, border pixel 4";

     

       92
       +
                   criteria = {app_id = "^launcher$";};

     

       93
        
                 }

     

       94
        
                 {

     

       95
        
                   command = "resize set 20 ppt";

     

       96
       +
                   criteria = {title = "Mumble PTT";};

     

       97
        
                 }

     

       98
        
               ];

     

       99
        
             };

+6 -2

home/wayland/waybar.nix

···

       1
       -
       { pkgs, lib, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         programs.waybar = {

     

       3
        
           enable = true;

     

       4
        
           systemd.enable = true;

     
···

       108
        
                   Playing = " ";

     

       109
        
                   Paused = " ";

     

       110
        
                 };

     

       111
       -
                 max-length =70;

     

       112
        
                 exec = "${lib.getExe pkgs.playerctl} -a metadata --format '{\"text\": \"{{playerName}}: {{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";

     

       113
        
                 on-click = "${lib.getExe pkgs.playerctl} play-pause";

     

       114
        
               };

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         lib,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         programs.waybar = {

     

       7
        
           enable = true;

     

       8
        
           systemd.enable = true;

     
···

       112
        
                   Playing = " ";

     

       113
        
                   Paused = " ";

     

       114
        
                 };

     

       115
       +
                 max-length = 70;

     

       116
        
                 exec = "${lib.getExe pkgs.playerctl} -a metadata --format '{\"text\": \"{{playerName}}: {{artist}} - {{markup_escape(title)}}\", \"tooltip\": \"{{playerName}} : {{markup_escape(title)}}\", \"alt\": \"{{status}}\", \"class\": \"{{status}}\"}' -F";

     

       117
        
                 on-click = "${lib.getExe pkgs.playerctl} play-pause";

     

       118
        
               };

+1 -1

hosts/common/ssh.nix

···

       1
        
       {

     

       2
       -
         age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

     

       3
        
         services.openssh = {

     

       4
        
           enable = false;

     

       5
        
           allowSFTP = false;

···

       1
        
       {

     

       2
       +
         age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];

     

       3
        
         services.openssh = {

     

       4
        
           enable = false;

     

       5
        
           allowSFTP = false;

+2 -2

hosts/marvin/bootloader.nix

···

       29
        
           };

     

       30
        
       

     

       31
        
           kernel.sysctl = {

     

       32
       -
               "net.ipv4.ip_forward" = 1;

     

       33
       -
               "net.ipv6.conf.all.forwarding" = 1;

     

       34
        
           };

     

       35
        
       

     

       36
        
           # ZFS Config

···

       29
        
           };

     

       30
        
       

     

       31
        
           kernel.sysctl = {

     

       32
       +
             "net.ipv4.ip_forward" = 1;

     

       33
       +
             "net.ipv6.conf.all.forwarding" = 1;

     

       34
        
           };

     

       35
        
       

     

       36
        
           # ZFS Config

+46 -47

hosts/marvin/services/calckey.nix

···

       1
       -
       { config, ... }: {

     

       2
       -
           virtualisation.oci-containers.containers = {

     

       3
       -
               calckey-server = {

     

       4
       -
                   image = "docker.io/thatonecalculator/calckey";

     

       5
       -
                   dependsOn = [

     

       6
       -
                       "calckey-db"

     

       7
       -
                       "calckey-redis"

     

       8
       -
                   ];

     

       9
       -
                   ports = [

     

       10
       -
                       "6919:3000"

     

       11
       -
                   ];

     

       12
       -
                   volumes = [

     

       13
       -
                       "/var/lib/calckey/config:/calckey/.config:ro"

     

       14
       -
                       "/var/lib/calckey/files:/calckey/files"

     

       15
       -
                   ];

     

       16
       -
                   extraOptions = [

     

       17
       -
                       "--network=calckey"

     

       18
       -
                   ];

     

       19
       -
                   environment = {

     

       20
       -
                       NODE_ENV = "production";

     

       21
       -
                   };

     

       22
       -
               };

     

       23
       -
               calckey-redis = {

     

       24
       -
                   image = "docker.io/redis:7.0-alpine";

     

       25
       -
                   environmentFiles = [

     

       26
       -
                       "/var/lib/calckey/config/docker.env"

     

       27
       -
                   ];

     

       28
       -
                   volumes = [

     

       29
       -
                       "/var/lib/calckey/redis:/data"

     

       30
       -
                   ];

     

       31
       -
                   extraOptions = [

     

       32
       -
                       "--network=calckey"

     

       33
       -
                   ];

     

       34
       -
               };

     

       35
       -
               calckey-db = {

     

       36
       -
                   image = "docker.io/postgres:12.2-alpine";

     

       37
       -
                   environmentFiles = [

     

       38
       -
                       "/var/lib/calckey/config/docker.env"

     

       39
       -
                   ];

     

       40
       -
                   extraOptions = [

     

       41
       -
                       "--network=calckey"

     

       42
       -
                   ];

     

       43
       -
                   volumes = [

     

       44
       -
                       "/var/lib/calckey/db:/var/lib/postgresql/data"

     

       45
       -
                   ];

     

       46
       -
               };

     

       47
        
           };

     

       0
        
       
     

       48
        
       }

     

       49
       -

···

       1
       +
       {config, ...}: {

     

       2
       +
         virtualisation.oci-containers.containers = {

     

       3
       +
           calckey-server = {

     

       4
       +
             image = "docker.io/thatonecalculator/calckey";

     

       5
       +
             dependsOn = [

     

       6
       +
               "calckey-db"

     

       7
       +
               "calckey-redis"

     

       8
       +
             ];

     

       9
       +
             ports = [

     

       10
       +
               "6919:3000"

     

       11
       +
             ];

     

       12
       +
             volumes = [

     

       13
       +
               "/var/lib/calckey/config:/calckey/.config:ro"

     

       14
       +
               "/var/lib/calckey/files:/calckey/files"

     

       15
       +
             ];

     

       16
       +
             extraOptions = [

     

       17
       +
               "--network=calckey"

     

       18
       +
             ];

     

       19
       +
             environment = {

     

       20
       +
               NODE_ENV = "production";

     

       21
       +
             };

     

       22
       +
           };

     

       23
       +
           calckey-redis = {

     

       24
       +
             image = "docker.io/redis:7.0-alpine";

     

       25
       +
             environmentFiles = [

     

       26
       +
               "/var/lib/calckey/config/docker.env"

     

       27
       +
             ];

     

       28
       +
             volumes = [

     

       29
       +
               "/var/lib/calckey/redis:/data"

     

       30
       +
             ];

     

       31
       +
             extraOptions = [

     

       32
       +
               "--network=calckey"

     

       33
       +
             ];

     

       34
       +
           };

     

       35
       +
           calckey-db = {

     

       36
       +
             image = "docker.io/postgres:12.2-alpine";

     

       37
       +
             environmentFiles = [

     

       38
       +
               "/var/lib/calckey/config/docker.env"

     

       39
       +
             ];

     

       40
       +
             extraOptions = [

     

       41
       +
               "--network=calckey"

     

       42
       +
             ];

     

       43
       +
             volumes = [

     

       44
       +
               "/var/lib/calckey/db:/var/lib/postgresql/data"

     

       45
       +
             ];

     

       0
        
       
     

       46
        
           };

     

       47
       +
         };

     

       48
        
       }

     

       0

+6 -1

hosts/marvin/services/calibre-web.nix

···

       1
       -
       { config, lib, pkgs, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         services.calibre-web = {

     

       3
        
           enable = true;

     

       4
        
           openFirewall = false;

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
        
         services.calibre-web = {

     

       8
        
           enable = true;

     

       9
        
           openFirewall = false;

+21 -16

hosts/marvin/services/factorio.nix

···

       1
       -
       { config, lib, pkgs, ... }: {

     

       2
       -
           services.factorio = {

     

       3
       -
               enable = true;

     

       4
       -
               public = false;

     

       5
       -
               requireUserVerification = true;

     

       6
       -
               openFirewall = true;

     

       7
       -
               saveName = "planetfloof";

     

       8
       -
               nonBlockingSaving = true;

     

       9
       -
               lan = true;

     

       10
       -
               game-password = "EatTheRAM";

     

       11
       -
               game-name = "Pyrox Industries";

     

       12
       -
               description = "Fluffy and Furry Factorio game, run by Pyrox!";

     

       13
       -
               admins = [

     

       14
       -
                   "Pyr0x"

     

       15
       -
               ];

     

       16
       -
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       17
        
       }

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
       +
         services.factorio = {

     

       8
       +
           enable = true;

     

       9
       +
           public = false;

     

       10
       +
           requireUserVerification = true;

     

       11
       +
           openFirewall = true;

     

       12
       +
           saveName = "planetfloof";

     

       13
       +
           nonBlockingSaving = true;

     

       14
       +
           lan = true;

     

       15
       +
           game-password = "EatTheRAM";

     

       16
       +
           game-name = "Pyrox Industries";

     

       17
       +
           description = "Fluffy and Furry Factorio game, run by Pyrox!";

     

       18
       +
           admins = [

     

       19
       +
             "Pyr0x"

     

       20
       +
           ];

     

       21
       +
         };

     

       22
        
       }

+22 -17

hosts/marvin/services/fossil.nix

···

       1
       -
       { config, pkgs, lib, ... }: {

     

       2
       -
           systemd.services.fossil = {

     

       3
       -
               wantedBy = [ "multi-user.target" ]; 

     

       4
       -
               after = [ "network.target" ];

     

       5
       -
               description = "Fossil SCM WebUI";

     

       6
       -
               serviceConfig = {

     

       7
       -
                   User = "fossil";

     

       8
       -
                   ExecStart = "${pkgs.fossil}/bin/fossil server --port 6918 --acme --baseurl https://src.pyrox.dev --https --jsmode bundled --repolist /var/lib/fossil/";

     

       9
       -
                   Restart = "always";

     

       10
       -
                   RestartSec = 3;

     

       11
       -
               };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       12
        
           };

     

       13
       -
           users.users.fossil = {

     

       14
       -
               isSystemUser = true;

     

       15
       -
               description = "Fossil User";

     

       16
       -
               group = "fossil";

     

       17
       -
           };

     

       18
       -
           users.groups.fossil = { };

     

       0
        
       
     

       19
        
       }

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         pkgs,

     

       4
       +
         lib,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
       +
         systemd.services.fossil = {

     

       8
       +
           wantedBy = ["multi-user.target"];

     

       9
       +
           after = ["network.target"];

     

       10
       +
           description = "Fossil SCM WebUI";

     

       11
       +
           serviceConfig = {

     

       12
       +
             User = "fossil";

     

       13
       +
             ExecStart = "${pkgs.fossil}/bin/fossil server --port 6918 --acme --baseurl https://src.pyrox.dev --https --jsmode bundled --repolist /var/lib/fossil/";

     

       14
       +
             Restart = "always";

     

       15
       +
             RestartSec = 3;

     

       16
        
           };

     

       17
       +
         };

     

       18
       +
         users.users.fossil = {

     

       19
       +
           isSystemUser = true;

     

       20
       +
           description = "Fossil User";

     

       21
       +
           group = "fossil";

     

       22
       +
         };

     

       23
       +
         users.groups.fossil = {};

     

       24
        
       }

+1 -1

hosts/marvin/services/gitea.nix

···

       1
       -
       { pkgs, ... }: {

     

       2
        
         services.gitea = {

     

       3
        
           enable = true;

     

       4
        
           package = pkgs.forgejo;

···

       1
       +
       {pkgs, ...}: {

     

       2
        
         services.gitea = {

     

       3
        
           enable = true;

     

       4
        
           package = pkgs.forgejo;

+6 -1

hosts/marvin/services/golink.nix

···

       1
       -
       { config, lib, pkgs, ... }:  {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         services.golink = {

     

       3
        
           enable = true;

     

       4
        
           tailscaleAuthKeyFile = /run/agenix/golink-authkey;

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
        
         services.golink = {

     

       8
        
           enable = true;

     

       9
        
           tailscaleAuthKeyFile = /run/agenix/golink-authkey;

+33 -34

hosts/marvin/services/grafana.nix

···

       2
        
         services.grafana = {

     

       3
        
           enable = true;

     

       4
        
           settings = {

     

       5
       -
               analytics.reporting_enable = false;

     

       6
       -
               "auth.generic_oauth" = {

     

       7
       -
                       name = "central";

     

       8
       -
                       icon = "signin";

     

       9
       -
                       enabled = "true";

     

       10
       -
                       client_id = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";

     

       11
       -
                       client_secret = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";

     

       12
       -
                       auth_url = "https://auth.pyrox.dev/application/o/authorize/";

     

       13
       -
                       token_url = "https://auth.pyrox.dev/application/o/token/";

     

       14
       -
                       api_url = "https://auth.pyrox.dev/application/o/userinfo/";

     

       15
       -
                       scopes = "openid profile email";

     

       16
       -
               };

     

       17
       -
               "auth" = {

     

       18
       -
                   signout_redirect_url = "https://auth.pyrox.dev/if/session-end/stathog/";

     

       19
       -
                   disableLoginForm = true;

     

       20
       -
               };

     

       21
       -
               security = {

     

       22
       -
                   admin_user = "thehedgeh0g";

     

       23
       -
                   admin_password = "$__file{${config.age.secrets.grafana-admin.path}}";

     

       24
       -
               };

     

       25
       -
               server = {

     

       26
       -
                   root_url = "https://stats.pyrox.dev";

     

       27
       -
                   domain = "stats.pyrox.dev";

     

       28
       -
                   http_port = 6914;

     

       29
       -
                   http_addr = "0.0.0.0";

     

       30
       -
               };

     

       31
       -
               smtp = {

     

       32
       -
                   enabled = true;

     

       33
       -
                   user = "grafana@thehedgehog.me";

     

       34
       -
                   from_address = "grafana@thehedgehog.me";

     

       35
       -
                   host = "smtp.migadu.com:465";

     

       36
       -
                   password = "$__file{${config.age.secrets.grafana-smtp-password.path}}";

     

       37
       -
               };

     

       38
        
           };

     

       39
       -
       

     

       40
        
         };

     

       41
        
       }

···

       2
        
         services.grafana = {

     

       3
        
           enable = true;

     

       4
        
           settings = {

     

       5
       +
             analytics.reporting_enable = false;

     

       6
       +
             "auth.generic_oauth" = {

     

       7
       +
               name = "central";

     

       8
       +
               icon = "signin";

     

       9
       +
               enabled = "true";

     

       10
       +
               client_id = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";

     

       11
       +
               client_secret = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";

     

       12
       +
               auth_url = "https://auth.pyrox.dev/application/o/authorize/";

     

       13
       +
               token_url = "https://auth.pyrox.dev/application/o/token/";

     

       14
       +
               api_url = "https://auth.pyrox.dev/application/o/userinfo/";

     

       15
       +
               scopes = "openid profile email";

     

       16
       +
             };

     

       17
       +
             "auth" = {

     

       18
       +
               signout_redirect_url = "https://auth.pyrox.dev/if/session-end/stathog/";

     

       19
       +
               disableLoginForm = true;

     

       20
       +
             };

     

       21
       +
             security = {

     

       22
       +
               admin_user = "thehedgeh0g";

     

       23
       +
               admin_password = "$__file{${config.age.secrets.grafana-admin.path}}";

     

       24
       +
             };

     

       25
       +
             server = {

     

       26
       +
               root_url = "https://stats.pyrox.dev";

     

       27
       +
               domain = "stats.pyrox.dev";

     

       28
       +
               http_port = 6914;

     

       29
       +
               http_addr = "0.0.0.0";

     

       30
       +
             };

     

       31
       +
             smtp = {

     

       32
       +
               enabled = true;

     

       33
       +
               user = "grafana@thehedgehog.me";

     

       34
       +
               from_address = "grafana@thehedgehog.me";

     

       35
       +
               host = "smtp.migadu.com:465";

     

       36
       +
               password = "$__file{${config.age.secrets.grafana-smtp-password.path}}";

     

       37
       +
             };

     

       38
        
           };

     

       0
        
       
     

       39
        
         };

     

       40
        
       }

+15 -9

hosts/marvin/services/hedgedoc.nix

···

       73
        
           bindMounts.data.isReadOnly = false;

     

       74
        
       

     

       75
        
           # Actual config for the container.

     

       76
       -
           config = { config, pkgs, ... }: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       77
        
             system.stateVersion = "23.05";

     

       78
        
             services.postgresql = {

     

       79
        
               enable = true;

     

       80
        
               package = pkgs.postgesql_15;

     

       81
       -
               ensureUsers = [{

     

       82
       -
                 name = "hedgedoc";

     

       83
       -
                 ensurePermissions = {

     

       84
       -
                   "DATABASE hedgedoc" = "ALL PRIVILEGES";

     

       85
       -
                 };

     

       86
       -
               }];

     

       0
        
       
     

       0
        
       
     

       87
        
               ensureDatabases = ["hedgedoc"];

     

       88
        
             };

     

       89
        
             networking.firewall = {

     

       90
        
               enable = true;

     

       91
       -
               allowedTCPPorts = [ 5432 ];

     

       92
       -
               allowedUDPPorts = [ 5432 ];

     

       93
        
             };

     

       94
        
           };

     

       95
        
         };

···

       73
        
           bindMounts.data.isReadOnly = false;

     

       74
        
       

     

       75
        
           # Actual config for the container.

     

       76
       +
           config = {

     

       77
       +
             config,

     

       78
       +
             pkgs,

     

       79
       +
             ...

     

       80
       +
           }: {

     

       81
        
             system.stateVersion = "23.05";

     

       82
        
             services.postgresql = {

     

       83
        
               enable = true;

     

       84
        
               package = pkgs.postgesql_15;

     

       85
       +
               ensureUsers = [

     

       86
       +
                 {

     

       87
       +
                   name = "hedgedoc";

     

       88
       +
                   ensurePermissions = {

     

       89
       +
                     "DATABASE hedgedoc" = "ALL PRIVILEGES";

     

       90
       +
                   };

     

       91
       +
                 }

     

       92
       +
               ];

     

       93
        
               ensureDatabases = ["hedgedoc"];

     

       94
        
             };

     

       95
        
             networking.firewall = {

     

       96
        
               enable = true;

     

       97
       +
               allowedTCPPorts = [5432];

     

       98
       +
               allowedUDPPorts = [5432];

     

       99
        
             };

     

       100
        
           };

     

       101
        
         };

+32 -27

hosts/marvin/services/io-bot.nix

···

       1
       -
       { config, pkgs, lib, ... }: {

     

       2
       -
           systemd.user.services.io-bot = {

     

       3
       -
               wantedBy = [ "multi-user.target" ];

     

       4
       -
               after = [ "network.target" "io-bot-lavalink.service" ];

     

       5
       -
               description = "I/O, my personal bot";

     

       6
       -
               serviceConfig = {

     

       7
       -
                   ExecStart = "${pkgs.poetry}/bin/poetry run python -OOm main";

     

       8
       -
                   Restart = "always";

     

       9
       -
                   RestartSec = 3;

     

       10
       -
                   WorkingDirectory = "/home/thehedgehog/io-py";

     

       11
       -
               };

     

       12
       -
               unitConfig = {

     

       13
       -
                   ConditionUser = "thehedgehog";

     

       14
       -
               };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       15
        
           };

     

       16
       -
           systemd.user.services.io-bot-lavalink = {

     

       17
       -
               wantedBy = [ "multi-user.target" ];

     

       18
       -
               after = [ "network.target" ];

     

       19
       -
               description = "Lavalink server for I/O";

     

       20
       -
               serviceConfig = {

     

       21
       -
                   ExecStart = "${pkgs.openjdk17_headless}/bin/java -jar ../Lavalink.jar";

     

       22
       -
                   Restart = "always";

     

       23
       -
                   RestartSec = 3;

     

       24
       -
                   WorkingDirectory = "/home/thehedgehog/io-py/config";

     

       25
       -
               };

     

       26
       -
               unitConfig = {

     

       27
       -
                   ConditionUser = "thehedgehog";

     

       28
       -
               };

     

       29
        
           };

     

       0
        
       
     

       30
        
       }

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         pkgs,

     

       4
       +
         lib,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
       +
         systemd.user.services.io-bot = {

     

       8
       +
           wantedBy = ["multi-user.target"];

     

       9
       +
           after = ["network.target" "io-bot-lavalink.service"];

     

       10
       +
           description = "I/O, my personal bot";

     

       11
       +
           serviceConfig = {

     

       12
       +
             ExecStart = "${pkgs.poetry}/bin/poetry run python -OOm main";

     

       13
       +
             Restart = "always";

     

       14
       +
             RestartSec = 3;

     

       15
       +
             WorkingDirectory = "/home/thehedgehog/io-py";

     

       16
       +
           };

     

       17
       +
           unitConfig = {

     

       18
       +
             ConditionUser = "thehedgehog";

     

       19
       +
           };

     

       20
       +
         };

     

       21
       +
         systemd.user.services.io-bot-lavalink = {

     

       22
       +
           wantedBy = ["multi-user.target"];

     

       23
       +
           after = ["network.target"];

     

       24
       +
           description = "Lavalink server for I/O";

     

       25
       +
           serviceConfig = {

     

       26
       +
             ExecStart = "${pkgs.openjdk17_headless}/bin/java -jar ../Lavalink.jar";

     

       27
       +
             Restart = "always";

     

       28
       +
             RestartSec = 3;

     

       29
       +
             WorkingDirectory = "/home/thehedgehog/io-py/config";

     

       30
        
           };

     

       31
       +
           unitConfig = {

     

       32
       +
             ConditionUser = "thehedgehog";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       33
        
           };

     

       34
       +
         };

     

       35
        
       }

+11 -11

hosts/marvin/services/littlelink.nix

···

       1
        
       {config, ...}: {

     

       2
       -
           virtualisation.oci-containers.containers.littlelink = {

     

       3
       -
               image = "julianprieber/littlelink-custom";

     

       4
       -
               volumes = [ "/var/lib/littlelink:/htdocs" ];

     

       5
       -
               ports = [ "6916:80" "6917:443" ];

     

       6
       -
               environment = {

     

       7
       -
                   SERVER_ADMIN = "me@thehedgehog.me";

     

       8
       -
                   HTTP_SERVER_NAME = "link.pyrox.dev";

     

       9
       -
                   HTTPS_SERVER_NAME = "link.pyrox.dev";

     

       10
       -
                   TZ = "America/New_York";

     

       11
       -
                   APP_NAME = "Pyrox's Links";

     

       12
       -
               };

     

       13
        
           };

     

       0
        
       
     

       14
        
       }

···

       1
        
       {config, ...}: {

     

       2
       +
         virtualisation.oci-containers.containers.littlelink = {

     

       3
       +
           image = "julianprieber/littlelink-custom";

     

       4
       +
           volumes = ["/var/lib/littlelink:/htdocs"];

     

       5
       +
           ports = ["6916:80" "6917:443"];

     

       6
       +
           environment = {

     

       7
       +
             SERVER_ADMIN = "me@thehedgehog.me";

     

       8
       +
             HTTP_SERVER_NAME = "link.pyrox.dev";

     

       9
       +
             HTTPS_SERVER_NAME = "link.pyrox.dev";

     

       10
       +
             TZ = "America/New_York";

     

       11
       +
             APP_NAME = "Pyrox's Links";

     

       0
        
       
     

       12
        
           };

     

       13
       +
         };

     

       14
        
       }

+8 -4

hosts/marvin/services/tandoor.nix

···

       1
       -
       {config, pkgs, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         virtualisation.oci-containers.containers = {

     

       3
        
           tandoor-db = {

     

       4
        
             image = "postgres:11-alpine";

     

       5
        
             environmentFiles = [

     

       6
        
               "/run/agenix/tandoor-env"

     

       7
       -
               (pkgs.concatText "tandoor-env" [ ./tandoor-env ])

     

       8
        
             ];

     

       9
        
             volumes = [

     

       10
        
               "/var/lib/tandoor/db:/var/lib/postgresql/data"

     
···

       15
        
             image = "vabene1111/recipes";

     

       16
        
             environmentFiles = [

     

       17
        
               "/run/agenix/tandoor-env"

     

       18
       -
               (pkgs.concatText "tandoor-env" [ ./tandoor-env ])

     

       19
        
             ];

     

       20
        
             volumes = [

     

       21
        
               "/var/lib/tandoor/static:/opt/recipes/staticfiles"

     
···

       34
        
             ];

     

       35
        
             environmentFiles = [

     

       36
        
               "/run/agenix/tandoor-env"

     

       37
       -
               (pkgs.concatText "tandoor-env" [ ./tandoor-env ])

     

       38
        
             ];

     

       39
        
             volumes = [

     

       40
        
               "/var/lib/tandoor/nginx:/etc/nginx/conf.d:ro"

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         pkgs,

     

       4
       +
         ...

     

       5
       +
       }: {

     

       6
        
         virtualisation.oci-containers.containers = {

     

       7
        
           tandoor-db = {

     

       8
        
             image = "postgres:11-alpine";

     

       9
        
             environmentFiles = [

     

       10
        
               "/run/agenix/tandoor-env"

     

       11
       +
               (pkgs.concatText "tandoor-env" [./tandoor-env])

     

       12
        
             ];

     

       13
        
             volumes = [

     

       14
        
               "/var/lib/tandoor/db:/var/lib/postgresql/data"

     
···

       19
        
             image = "vabene1111/recipes";

     

       20
        
             environmentFiles = [

     

       21
        
               "/run/agenix/tandoor-env"

     

       22
       +
               (pkgs.concatText "tandoor-env" [./tandoor-env])

     

       23
        
             ];

     

       24
        
             volumes = [

     

       25
        
               "/var/lib/tandoor/static:/opt/recipes/staticfiles"

     
···

       38
        
             ];

     

       39
        
             environmentFiles = [

     

       40
        
               "/run/agenix/tandoor-env"

     

       41
       +
               (pkgs.concatText "tandoor-env" [./tandoor-env])

     

       42
        
             ];

     

       43
        
             volumes = [

     

       44
        
               "/var/lib/tandoor/nginx:/etc/nginx/conf.d:ro"

+1 -4

hosts/prefect/configuration.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         ...

     

       4
       -
       }: {

     

       5
        
         imports = [

     

       6
        
           # Common Config

     

       7
        
           ../default.nix

···

       1
       +
       {pkgs, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         imports = [

     

       3
        
           # Common Config

     

       4
        
           ../default.nix

+1 -4

hosts/prefect/services/caddy.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         ...

     

       4
       -
       }: {

     

       5
        
         services.caddy = {

     

       6
        
           enable = true;

     

       7
        
           package = pkgs.callPackage ../../../pkgs/caddyBin.nix {};

···

       1
       +
       {pkgs, ...}: {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         services.caddy = {

     

       3
        
           enable = true;

     

       4
        
           package = pkgs.callPackage ../../../pkgs/caddyBin.nix {};

+1 -1

hosts/prefect/services/dn42-peerfinder.nix

···

       1
       -
       {config, ...}: { services."dn42-pingfinder".uuidFile = config.age.secrets.dn42-peerfinder-uuid.path; }

···

       1
       +
       {config, ...}: {services."dn42-pingfinder".uuidFile = config.age.secrets.dn42-peerfinder-uuid.path;}

+5 -6

hosts/prefect/services/mailserver/default.nix

···

       1
       -
       { lib, ...}: {

     

       2
        
         imports = [

     

       3
        
           ./logins.nix

     

       4
        
           ./monitoring.nix

     
···

       35
        
       

     

       36
        
           # Set all no-reply addresses

     

       37
        
           rejectRecipients = [

     

       38
       -
               "no-reply@pyrox.dev"

     

       39
       -
               "no-reply@mrhedge.me"

     

       40
       -
               "no-reply@thehedgehog.me"

     

       41
       -
               "no-reply@mrhedgehog.xyz"

     

       42
        
           ];

     

       43
        
       

     

       44
        
           # DKIM Settings

     
···

       47
        
           dkimKeyBits = 4096;

     

       48
        
           dkimSelector = "mail";

     

       49
        
           dkimSigning = true;

     

       50
       -
       

     

       51
        
       

     

       52
        
           # DMARC Settings

     

       53
        
           dmarcReporting = {

···

       1
       +
       {lib, ...}: {

     

       2
        
         imports = [

     

       3
        
           ./logins.nix

     

       4
        
           ./monitoring.nix

     
···

       35
        
       

     

       36
        
           # Set all no-reply addresses

     

       37
        
           rejectRecipients = [

     

       38
       +
             "no-reply@pyrox.dev"

     

       39
       +
             "no-reply@mrhedge.me"

     

       40
       +
             "no-reply@thehedgehog.me"

     

       41
       +
             "no-reply@mrhedgehog.xyz"

     

       42
        
           ];

     

       43
        
       

     

       44
        
           # DKIM Settings

     
···

       47
        
           dkimKeyBits = 4096;

     

       48
        
           dkimSelector = "mail";

     

       49
        
           dkimSigning = true;

     

       0
        
       
     

       50
        
       

     

       51
        
           # DMARC Settings

     

       52
        
           dmarcReporting = {

+34 -32

hosts/prefect/services/mailserver/logins.nix

···

       1
       -
       { mailserver.loginAccounts = {

     

       2
       -
         "pyrox@pyrox.dev" = {

     

       3
       -
           hashedPassword = "$2b$05$8k04quBe6adg8d1yznEp3uNYM54MOVJTwDGIWvzocQFoWbmcCvebC";

     

       4
       -
           aliases = [

     

       5
       -
             "pyrox"

     

       6
       -
             "postmaster@pyrox.dev"

     

       7
       -
             "abuse@pyrox.dev"

     

       8
       -
             "aaron@pyrox.dev"

     

       9
       -
             # TODO: Move all emails to send to pyrox.dev

     

       10
       -
             # Emails below this line should be removed eventually

     

       11
       -
             "hedgehog@mrhedgehog.xyz"

     

       12
       -
             "me@thehedgehog.me"

     

       13
       -
             "aaron@mrhedgehog.xyz"

     

       14
       -
             "aaron@thehedgehog.me"

     

       15
       -
             "postmaster@thehedgehog.me"

     

       16
       -
             "abuse@thehedgehog.me"

     

       17
       -
             "@mrhedge.me"

     

       18
       -
             "hedgehog@mrhedgehog.xyz"

     

       19
       -
           ];

     

       20
       -
         };

     

       21
       -
         "social@pyrox.dev" = {

     

       22
       -
           hashedPassword = "$2b$05$kFDeXvSKU9oXuQXlitA7v.kkbzgCDTrm4O3Nb1kifPe7yAR7.KimO";

     

       23
       -
         };

     

       24
       -
         "auth@pyrox.dev" = {

     

       25
       -
           hashedPassword = "$2b$05$O049hbSwRJ5VYeAA8lLR4e6.fqVWf4PotgIUAO356j5K.OoGH5PF.";

     

       26
       -
         };

     

       27
       -
         "vault@pyrox.dev" = {

     

       28
       -
           hashedPassword = "$2b$05$MHo03BG3AVpBh4NE97zQ8.gTPx2sCoa6Jsw.DRxHBOBaKZ8DbfPrS";

     

       29
       -
         };

     

       30
       -
         "library@pyrox.dev" = {

     

       31
       -
           hashedPassword = "$2b$05$IHsSbEla8KL4gwExvFECFuuoP0ESk66K29R.vawTpbxEpuw1ahii.";

     

       0
        
       
     

       0
        
       
     

       32
        
         };

     

       33
       -
       };}

···

       1
       +
       {

     

       2
       +
         mailserver.loginAccounts = {

     

       3
       +
           "pyrox@pyrox.dev" = {

     

       4
       +
             hashedPassword = "$2b$05$8k04quBe6adg8d1yznEp3uNYM54MOVJTwDGIWvzocQFoWbmcCvebC";

     

       5
       +
             aliases = [

     

       6
       +
               "pyrox"

     

       7
       +
               "postmaster@pyrox.dev"

     

       8
       +
               "abuse@pyrox.dev"

     

       9
       +
               "aaron@pyrox.dev"

     

       10
       +
               # TODO: Move all emails to send to pyrox.dev

     

       11
       +
               # Emails below this line should be removed eventually

     

       12
       +
               "hedgehog@mrhedgehog.xyz"

     

       13
       +
               "me@thehedgehog.me"

     

       14
       +
               "aaron@mrhedgehog.xyz"

     

       15
       +
               "aaron@thehedgehog.me"

     

       16
       +
               "postmaster@thehedgehog.me"

     

       17
       +
               "abuse@thehedgehog.me"

     

       18
       +
               "@mrhedge.me"

     

       19
       +
               "hedgehog@mrhedgehog.xyz"

     

       20
       +
             ];

     

       21
       +
           };

     

       22
       +
           "social@pyrox.dev" = {

     

       23
       +
             hashedPassword = "$2b$05$kFDeXvSKU9oXuQXlitA7v.kkbzgCDTrm4O3Nb1kifPe7yAR7.KimO";

     

       24
       +
           };

     

       25
       +
           "auth@pyrox.dev" = {

     

       26
       +
             hashedPassword = "$2b$05$O049hbSwRJ5VYeAA8lLR4e6.fqVWf4PotgIUAO356j5K.OoGH5PF.";

     

       27
       +
           };

     

       28
       +
           "vault@pyrox.dev" = {

     

       29
       +
             hashedPassword = "$2b$05$MHo03BG3AVpBh4NE97zQ8.gTPx2sCoa6Jsw.DRxHBOBaKZ8DbfPrS";

     

       30
       +
           };

     

       31
       +
           "library@pyrox.dev" = {

     

       32
       +
             hashedPassword = "$2b$05$IHsSbEla8KL4gwExvFECFuuoP0ESk66K29R.vawTpbxEpuw1ahii.";

     

       33
       +
           };

     

       34
        
         };

     

       35
       +
       }

+7 -3

hosts/prefect/services/mailserver/monitoring.nix

···

       1
       -
       {config, pkgs, ... }: let

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
         cfg = config.mailserver;

     

       3
        
       in {

     

       4
        
         mailserver.monitoring = {

     
···

       44
        
             check process rspamd with matching "rspamd: main process"

     

       45
        
                 start program = "${pkgs.systemd}/bin/systemctl start rspamd"

     

       46
        
                 stop program = "${pkgs.systemd}/bin/systemctl stop rspamd"

     

       47
       -
         '';

     

       48
       -
       };

     

       49
        
       }

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         pkgs,

     

       4
       +
         ...

     

       5
       +
       }: let

     

       6
        
         cfg = config.mailserver;

     

       7
        
       in {

     

       8
        
         mailserver.monitoring = {

     
···

       48
        
             check process rspamd with matching "rspamd: main process"

     

       49
        
                 start program = "${pkgs.systemd}/bin/systemctl start rspamd"

     

       50
        
                 stop program = "${pkgs.systemd}/bin/systemctl stop rspamd"

     

       51
       +
           '';

     

       52
       +
         };

     

       53
        
       }

+158

hosts/prefect/services/named.conf

···

       1
       +
       include "/etc/bind/rndc.key";

     

       2
       +
       controls {

     

       3
       +
         inet 127.0.0.1 allow {localhost;} keys {"rndc-key";};

     

       4
       +
       };

     

       5
       +
       

     

       6
       +
       acl cachenetworks {  127.0.0.0/24;  };

     

       7
       +
       acl dn42-dns { 172.20.129.2; 172.20.1.255; 172.22.76.110; 172.20.14.33; };

     

       8
       +
       

     

       9
       +
       options {

     

       10
       +
         directory "/run/named";

     

       11
       +
         pid-file "/run/named/named.pid";

     

       12
       +
       

     

       13
       +
         # Server Identity

     

       14
       +
         version "420.69";

     

       15
       +
         server-id "zaphod";

     

       16
       +
         hostname "zaphod";

     

       17
       +
       

     

       18
       +
         # Enable DNSSEC

     

       19
       +
         dnssec-validation no;

     

       20
       +
       

     

       21
       +
         # Only listen to local addresses

     

       22
       +
         listen-on {  127.0.0.1;  };

     

       23
       +
         listen-on-v6 {  ::1;  };

     

       24
       +
         allow-query { any; };

     

       25
       +
         # disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns

     

       26
       +
         empty-zones-enable no;

     

       27
       +
         validate-except {

     

       28
       +
           # DN42 Zones

     

       29
       +
           "dn42";

     

       30
       +
           "20.172.in-addr.arpa";

     

       31
       +
           "21.172.in-addr.arpa";

     

       32
       +
           "22.172.in-addr.arpa";

     

       33
       +
           "23.172.in-addr.arpa";

     

       34
       +
           "10.in-addr.arpa";

     

       35
       +
           "d.f.ip6.arpa";

     

       36
       +
           # ChaosVPN Zones

     

       37
       +
           "hack";

     

       38
       +
           "31.172.in-addr.arpa";

     

       39
       +
           "100.10.in-addr.arpa";

     

       40
       +
           "101.10.in-addr.arpa";

     

       41
       +
           "102.10.in-addr.arpa";

     

       42
       +
           "103.10.in-addr.arpa";

     

       43
       +
       

     

       44
       +
           # NeoNetwork Zones

     

       45
       +
           "neo";

     

       46
       +
           "127.10.in-addr.arpa";

     

       47
       +
           "7.2.1.0.0.1.d.f.ip6.arpa";

     

       48
       +
         };

     

       49
       +
       

     

       50
       +
         # Recursion settings

     

       51
       +
         recursion yes;

     

       52
       +
         allow-recursion { any; };

     

       53
       +
         allow-recursion-on { any; };

     

       54
       +
         allow-query-cache { any; };

     

       55
       +
         allow-query-cache-on { any; };

     

       56
       +
         prefetch 10;

     

       57
       +
       };

     

       58
       +
       

     

       59
       +
       # DN42 Zones

     

       60
       +
       zone "dn42" {

     

       61
       +
         type forward;

     

       62
       +
         forward only;

     

       63
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       64
       +
       };

     

       65
       +
       zone "20.172.in-addr.arpa" {

     

       66
       +
         type forward;

     

       67
       +
         forward only;

     

       68
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       69
       +
       };

     

       70
       +
       zone "21.172.in-addr.arpa" {

     

       71
       +
         type forward;

     

       72
       +
         forward only;

     

       73
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       74
       +
       };

     

       75
       +
       zone "22.172.in-addr.arpa" {

     

       76
       +
         type forward;

     

       77
       +
         forward only;

     

       78
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       79
       +
       };

     

       80
       +
       zone "23.172.in-addr.arpa" {

     

       81
       +
         type forward;

     

       82
       +
         forward only;

     

       83
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       84
       +
       };

     

       85
       +
       zone "10.in-addr.arpa" {

     

       86
       +
         type forward;

     

       87
       +
         forward only;

     

       88
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       89
       +
       };

     

       90
       +
       zone "d.f.ip6.arpa" {

     

       91
       +
         type forward;

     

       92
       +
         forward only;

     

       93
       +
         forwarders { 172.20.0.53; 172.23.0.53; };

     

       94
       +
       };

     

       95
       +
       

     

       96
       +
       # ChaosVPN Zones

     

       97
       +
       zone "hack" {

     

       98
       +
         type forward;

     

       99
       +
         forward only;

     

       100
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       101
       +
       };

     

       102
       +
       zone "31.172.in-addr.arpa" {

     

       103
       +
         type forward;

     

       104
       +
         forward only;

     

       105
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       106
       +
       };

     

       107
       +
       zone "100.10.in-addr.arpa" {

     

       108
       +
         type forward;

     

       109
       +
         forward only;

     

       110
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       111
       +
       };

     

       112
       +
       zone "101.10.in-addr.arpa" {

     

       113
       +
         type forward;

     

       114
       +
         forward only;

     

       115
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       116
       +
       };

     

       117
       +
       zone "102.10.in-addr.arpa" {

     

       118
       +
         type forward;

     

       119
       +
         forward only;

     

       120
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       121
       +
       };

     

       122
       +
       zone "103.10.in-addr.arpa" {

     

       123
       +
         type forward;

     

       124
       +
         forward only;

     

       125
       +
         forwarders { 172.31.0.5; 172.31.255.53; };

     

       126
       +
       };

     

       127
       +
       

     

       128
       +
       # NeoNetwork

     

       129
       +
       zone "neo" {

     

       130
       +
         type forward;

     

       131
       +
         forward only;

     

       132
       +
         forwarders { 10.127.255.53; };

     

       133
       +
       };

     

       134
       +
       zone "127.10.in-addr.arpa" {

     

       135
       +
         type forward;

     

       136
       +
         forward only;

     

       137
       +
         forwarders { 10.127.255.53; };

     

       138
       +
       };

     

       139
       +
       zone "7.2.1.0.0.1.d.f.ip6.arpa" {

     

       140
       +
         type forward;

     

       141
       +
         forward only;

     

       142
       +
         forwarders { 10.127.255.53; };

     

       143
       +
       };

     

       144
       +
       

     

       145
       +
       zone "crxn" {

     

       146
       +
         type forward;

     

       147
       +
         forward only;

     

       148
       +
         forwarders { fd92:58b6:2b2::5353; };

     

       149
       +
       };

     

       150
       +
       # Fallback root zone

     

       151
       +
       zone "." {

     

       152
       +
         type forward;

     

       153
       +
         forward only;

     

       154
       +
         forwarders { 100.123.15.72; 9.9.9.9; };

     

       155
       +
       };

     

       156
       +
       

     

       157
       +
       

     

       158
       +

+21 -16

hosts/prefect/services/nginx.nix

···

       1
       -
       { config, lib, pkgs, ... }: {

     

       2
       -
           services.nginx = {

     

       3
       -
               enable = true;

     

       4
       -
               recommendedOptimisation = true;

     

       5
       -
               recommendedTlsSettings = true;

     

       6
       -
               recommendedGzipSettings = true;

     

       7
       -
               recommendedProxySettings = true;

     

       8
       -
               virtualHosts = lib.mkForce {};

     

       9
       -
               streamConfig = ''

     

       10
       -
                   server {

     

       11
       -
                       listen 34197 udp;

     

       12
       -
                       proxy_pass 100.123.15.72:34197;

     

       13
       -
                       proxy_responses 0;

     

       14
       -
                   }

     

       15
       -
               '';

     

       16
       -
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       17
        
       }

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }: {

     

       7
       +
         services.nginx = {

     

       8
       +
           enable = true;

     

       9
       +
           recommendedOptimisation = true;

     

       10
       +
           recommendedTlsSettings = true;

     

       11
       +
           recommendedGzipSettings = true;

     

       12
       +
           recommendedProxySettings = true;

     

       13
       +
           virtualHosts = lib.mkForce {};

     

       14
       +
           streamConfig = ''

     

       15
       +
             server {

     

       16
       +
                 listen 34197 udp;

     

       17
       +
                 proxy_pass 100.123.15.72:34197;

     

       18
       +
                 proxy_responses 0;

     

       19
       +
             }

     

       20
       +
           '';

     

       21
       +
         };

     

       22
        
       }

+34 -27

hosts/prefect/services/nsd/pyrox.dev.nix

···

       25
        
         ];

     

       26
        
       

     

       27
        
         TXT = [

     

       28
       -
         (with spf; strict ["a:mail.pyrox.dev."])

     

       29
        
           # PGP Key fingerprint for Keyoxide

     

       30
        
           "https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"

     

       31
        
         ];

     

       32
       -
         DKIM = [{

     

       33
       -
           selector = "mail";

     

       34
       -
           k = "rsa";

     

       35
       -
           p = "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7fZ6ICm5id3H67eeKcwqYMCnhG2hVVWWbERVZMM5lDKwZiPPksZcYEyXKTshSejfkqwzGN/BGzauqDMU/mglMjRjO5vJUMRS5rZOwRs6On+4BX5x1ko19zjtOsm/Jiu1ffBNKBptnjLJ2K2K9/0VZnXZ3Cww+ghek2rBJeoOrQofq/qSFZDO/nsijezos02kh3J+DtSzoAbn6+eZ/H1rQ7gTuoQll+8AZDX1kUmz5+blqIs/cTuL3lkpLwi7pnrO9XDc4z4DxC2PUHyZe7OBxXNocS5X3F06bYPxyRiW7h9++RtGM1Al+VWEelwpdWsJGUwNRxqcsBnqXLTpnOju1y8tQvU2FR9CBkHduR2OqygUCd10GuUJ+OL9Y3vmzEMuewKJWCZFcpSfbF9jA1IDOR34FMgZ/bTh5XkpmWMa7+LVABnZ3QfjAiyR11RoCvjakEyJdn0wq341vgFI6c0S+uIzYBvjzs+KdehEuThKTi5bOR6Phn2cavro7bIHunRiag3cbH5G24Evv3K2Ll1uj3/wLXIxDRFK2MuEUvcfVYysZAL0opfx32zD9Y/T7DNLJI2bwYbLQnIYl/MuGDWySPAP2ttIGEArPhRQhUAKiBOXyCsCmwZ0qTshGqKuQPx64Qqr9TyF7ZcjxdQxHZ5m6riXo4S8U1D11rr+wLV9AF8CAwEAAQ==";

     

       36
       -
         }];

     

       0
        
       
     

       0
        
       
     

       37
        
         ## Set DMARC Policy

     

       38
       -
         DMARC = [{

     

       39
       -
           p = "reject";

     

       40
       -
           sp = "reject";

     

       41
       -
           pct = 25;

     

       42
       -
           fo = ["1"];

     

       43
       -
           adkim = "strict";

     

       44
       -
           aspf = "strict";

     

       45
       -
           rua = ["mailto:postmaster@pyrox.dev"];

     

       46
       -
           ruf = ["mailto:postmaster@pyrox.dev"];

     

       47
       -
           rf = ["afrf"];

     

       48
       -
           ri = 86400;

     

       49
       -
         }];

     

       0
        
       
     

       0
        
       
     

       50
        
       

     

       51
       -
         MX = [{

     

       52
       -
           exchange = "mail.pyrox.dev.";

     

       53
       -
           preference = 10;

     

       54
       -
         }];

     

       55
       -
       

     

       0
        
       
     

       56
        
       

     

       57
        
         CAA = letsEncrypt "me@thehedgehog.me";

     

       58
        
       

     
···

       93
        
           openpgpkey = prefect;

     

       94
        
       

     

       95
        
           # Records for Factorio server

     

       96
       -
           factorio.SRV = [{

     

       0
        
       
     

       97
        
               service = "factorio";

     

       98
        
               proto = "udp";

     

       99
        
               priority = 10;

     

       100
        
               port = 34197;

     

       101
        
               target = "pyrox.dev.";

     

       102
       -
           }];

     

       0
        
       
     

       103
        
       

     

       104
        
           # Externally hosted stuff

     

       105
       -
           mc.NS = [ "galileo.aternos.org." "columbus.aternos.org." ];

     

       106
        
       

     

       107
        
           ## Statuspage, hosted at PikaPods

     

       108
        
           status.CNAME = ["thankful-junglefowl.pikapod.net."];

     

       109
        
       

     

       110
       -
           blog.A = [ "5.78.24.5" ];

     

       111
        
         };

     

       112
        
       }

···

       25
        
         ];

     

       26
        
       

     

       27
        
         TXT = [

     

       28
       +
           (with spf; strict ["a:mail.pyrox.dev."])

     

       29
        
           # PGP Key fingerprint for Keyoxide

     

       30
        
           "https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"

     

       31
        
         ];

     

       32
       +
         DKIM = [

     

       33
       +
           {

     

       34
       +
             selector = "mail";

     

       35
       +
             k = "rsa";

     

       36
       +
             p = "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7fZ6ICm5id3H67eeKcwqYMCnhG2hVVWWbERVZMM5lDKwZiPPksZcYEyXKTshSejfkqwzGN/BGzauqDMU/mglMjRjO5vJUMRS5rZOwRs6On+4BX5x1ko19zjtOsm/Jiu1ffBNKBptnjLJ2K2K9/0VZnXZ3Cww+ghek2rBJeoOrQofq/qSFZDO/nsijezos02kh3J+DtSzoAbn6+eZ/H1rQ7gTuoQll+8AZDX1kUmz5+blqIs/cTuL3lkpLwi7pnrO9XDc4z4DxC2PUHyZe7OBxXNocS5X3F06bYPxyRiW7h9++RtGM1Al+VWEelwpdWsJGUwNRxqcsBnqXLTpnOju1y8tQvU2FR9CBkHduR2OqygUCd10GuUJ+OL9Y3vmzEMuewKJWCZFcpSfbF9jA1IDOR34FMgZ/bTh5XkpmWMa7+LVABnZ3QfjAiyR11RoCvjakEyJdn0wq341vgFI6c0S+uIzYBvjzs+KdehEuThKTi5bOR6Phn2cavro7bIHunRiag3cbH5G24Evv3K2Ll1uj3/wLXIxDRFK2MuEUvcfVYysZAL0opfx32zD9Y/T7DNLJI2bwYbLQnIYl/MuGDWySPAP2ttIGEArPhRQhUAKiBOXyCsCmwZ0qTshGqKuQPx64Qqr9TyF7ZcjxdQxHZ5m6riXo4S8U1D11rr+wLV9AF8CAwEAAQ==";

     

       37
       +
           }

     

       38
       +
         ];

     

       39
        
         ## Set DMARC Policy

     

       40
       +
         DMARC = [

     

       41
       +
           {

     

       42
       +
             p = "reject";

     

       43
       +
             sp = "reject";

     

       44
       +
             pct = 25;

     

       45
       +
             fo = ["1"];

     

       46
       +
             adkim = "strict";

     

       47
       +
             aspf = "strict";

     

       48
       +
             rua = ["mailto:postmaster@pyrox.dev"];

     

       49
       +
             ruf = ["mailto:postmaster@pyrox.dev"];

     

       50
       +
             rf = ["afrf"];

     

       51
       +
             ri = 86400;

     

       52
       +
           }

     

       53
       +
         ];

     

       54
        
       

     

       55
       +
         MX = [

     

       56
       +
           {

     

       57
       +
             exchange = "mail.pyrox.dev.";

     

       58
       +
             preference = 10;

     

       59
       +
           }

     

       60
       +
         ];

     

       61
        
       

     

       62
        
         CAA = letsEncrypt "me@thehedgehog.me";

     

       63
        
       

     
···

       98
        
           openpgpkey = prefect;

     

       99
        
       

     

       100
        
           # Records for Factorio server

     

       101
       +
           factorio.SRV = [

     

       102
       +
             {

     

       103
        
               service = "factorio";

     

       104
        
               proto = "udp";

     

       105
        
               priority = 10;

     

       106
        
               port = 34197;

     

       107
        
               target = "pyrox.dev.";

     

       108
       +
             }

     

       109
       +
           ];

     

       110
        
       

     

       111
        
           # Externally hosted stuff

     

       112
       +
           mc.NS = ["galileo.aternos.org." "columbus.aternos.org."];

     

       113
        
       

     

       114
        
           ## Statuspage, hosted at PikaPods

     

       115
        
           status.CNAME = ["thankful-junglefowl.pikapod.net."];

     

       116
        
       

     

       117
       +
           blog.A = ["5.78.24.5"];

     

       118
        
         };

     

       119
        
       }

+1 -1

hosts/prefect/services/nsd/thehedgehog.me.nix

···

       121
        
           ## Netdata Cloud statuspage

     

       122
        
           netdata.CNAME = ["app.netdata.cloud"];

     

       123
        
       

     

       124
       -
           mc.NS = [ "galileo.aternos.org." "columbus.aternos.org." ];

     

       125
        
       

     

       126
        
           ## Statuspage, hosted at PikaPods

     

       127
        
           status.CNAME = ["thankful-junglefowl.pikapod.net."];

···

       121
        
           ## Netdata Cloud statuspage

     

       122
        
           netdata.CNAME = ["app.netdata.cloud"];

     

       123
        
       

     

       124
       +
           mc.NS = ["galileo.aternos.org." "columbus.aternos.org."];

     

       125
        
       

     

       126
        
           ## Statuspage, hosted at PikaPods

     

       127
        
           status.CNAME = ["thankful-junglefowl.pikapod.net."];

+1 -1

hosts/zaphod/misc.nix

···

       51
        
         virtualisation.virtualbox.host.enableExtensionPack = false;

     

       52
        
         virtualisation.virtualbox.guest.enable = false;

     

       53
        
         virtualisation.virtualbox.guest.x11 = false;

     

       54
       -
         users.extraGroups.vboxusers.members = [ "thehedgehog" ];

     

       55
        
       

     

       56
        
         environment.etc."NetworkManager/NetworkManager.conf" = lib.mkForce {

     

       57
        
           text = ''

···

       51
        
         virtualisation.virtualbox.host.enableExtensionPack = false;

     

       52
        
         virtualisation.virtualbox.guest.enable = false;

     

       53
        
         virtualisation.virtualbox.guest.x11 = false;

     

       54
       +
         users.extraGroups.vboxusers.members = ["thehedgehog"];

     

       55
        
       

     

       56
        
         environment.etc."NetworkManager/NetworkManager.conf" = lib.mkForce {

     

       57
        
           text = ''

+9 -9

hosts/zaphod/programs/proxychains.nix

···

       1
        
       {

     

       2
       -
           programs.proxychains = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
               enable = true;

     

       4
       -
               proxies = {

     

       5
       -
                   ssh = {

     

       6
       -
                       enable = true;

     

       7
       -
                       type = "socks5";

     

       8
       -
                       host = "127.0.0.1";

     

       9
       -
                       port = 9999;

     

       10
       -
                   };

     

       11
       -
               };

     

       12
        
           };

     

       0
        
       
     

       13
        
       }

···

       1
        
       {

     

       2
       +
         programs.proxychains = {

     

       3
       +
           enable = true;

     

       4
       +
           proxies = {

     

       5
       +
             ssh = {

     

       6
        
               enable = true;

     

       7
       +
               type = "socks5";

     

       8
       +
               host = "127.0.0.1";

     

       9
       +
               port = 9999;

     

       10
       +
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
           };

     

       12
       +
         };

     

       13
        
       }

+4 -4

hosts/zaphod/services/misc.nix

···

       2
        
         config,

     

       3
        
         lib,

     

       4
        
         ...

     

       5
       -
       }:

     

       6
       -
       {

     

       7
        
         services = {

     

       8
        
           blueman.enable = true;

     

       9
        
           fstrim.enable = lib.mkDefault true;

     

       10
       -
           tlp.enable = lib.mkDefault ((lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")

     

       11
       -
                                       || !config.services.power-profiles-daemon.enable);

     

       0
        
       
     

       12
        
           xserver.libinput.enable = lib.mkDefault true;

     

       13
        
           espanso.enable = true;

     

       14
        
         };

···

       2
        
         config,

     

       3
        
         lib,

     

       4
        
         ...

     

       5
       +
       }: {

     

       0
        
       
     

       6
        
         services = {

     

       7
        
           blueman.enable = true;

     

       8
        
           fstrim.enable = lib.mkDefault true;

     

       9
       +
           tlp.enable =

     

       10
       +
             lib.mkDefault ((lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")

     

       11
       +
               || !config.services.power-profiles-daemon.enable);

     

       12
        
           xserver.libinput.enable = lib.mkDefault true;

     

       13
        
           espanso.enable = true;

     

       14
        
         };

+8 -8

hosts/zaphod/services/redis.nix

···

       1
        
       {

     

       2
       -
           services.redis = {

     

       3
       -
               vmOverCommit = true;

     

       4
       -
               servers.io-py = {

     

       5
       -
                   enable = true;

     

       6
       -
                   bind = "127.0.0.1";

     

       7
       -
                   appendOnly = true;

     

       8
       -
                   requirePass = "I/O.pyRedisPassword";

     

       9
       -
               };

     

       10
        
           };

     

       0
        
       
     

       11
        
       }

···

       1
        
       {

     

       2
       +
         services.redis = {

     

       3
       +
           vmOverCommit = true;

     

       4
       +
           servers.io-py = {

     

       5
       +
             enable = true;

     

       6
       +
             bind = "127.0.0.1";

     

       7
       +
             appendOnly = true;

     

       8
       +
             requirePass = "I/O.pyRedisPassword";

     

       0
        
       
     

       9
        
           };

     

       10
       +
         };

     

       11
        
       }

+5 -3

lib/default.nix

···

       1
       -
       { inputs, overlays, pkgs }:

     

       2
       -
       let

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         inherit (builtins) mapAttrs;

     

       4
        
       in {

     

       5
       -
       

     

       6
        
         # mkColmena = {

     

       7
        
         #   hostname,

     

       8
        
         #

···

       1
       +
       {

     

       2
       +
         inputs,

     

       3
       +
         overlays,

     

       4
       +
         pkgs,

     

       5
       +
       }: let

     

       6
        
         inherit (builtins) mapAttrs;

     

       7
        
       in {

     

       0
        
       
     

       8
        
         # mkColmena = {

     

       9
        
         #   hostname,

     

       10
        
         #

+8 -3

modules/dn42-pingfinder.nix

···

       1
       -
       { config, options, pkgs, lib, ... }:

     

       2
        
       {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         options.services."dn42-pingfinder" = {

     

       4
        
           uuidFile = lib.mkOption {

     

       5
        
             type = lib.types.nullOr lib.types.path;

     
···

       31
        
           };

     

       32
        
       

     

       33
        
           systemd.timers.dn42-pingfinder = {

     

       34
       -
             wantedBy = [ "timers.target" ];

     

       35
       -
             partOf = [ "dn42-pingfinder.service" ];

     

       36
        
             timerConfig = {

     

       37
        
               OnCalendar = "*:0/5";

     

       38
        
               Persistent = true;

···

       0
        
       
     

       1
        
       {

     

       2
       +
         config,

     

       3
       +
         options,

     

       4
       +
         pkgs,

     

       5
       +
         lib,

     

       6
       +
         ...

     

       7
       +
       }: {

     

       8
        
         options.services."dn42-pingfinder" = {

     

       9
        
           uuidFile = lib.mkOption {

     

       10
        
             type = lib.types.nullOr lib.types.path;

     
···

       36
        
           };

     

       37
        
       

     

       38
        
           systemd.timers.dn42-pingfinder = {

     

       39
       +
             wantedBy = ["timers.target"];

     

       40
       +
             partOf = ["dn42-pingfinder.service"];

     

       41
        
             timerConfig = {

     

       42
        
               OnCalendar = "*:0/5";

     

       43
        
               Persistent = true;

-122

pkgs/nyxt-lisp.nix

···

       1
       -
       {

     

       2
       -
         lib,

     

       3
       -
         stdenv,

     

       4
       -
         clwrapper,

     

       5
       -
         pkgs,

     

       6
       -
         sbcl,

     

       7
       -
         coreutils,

     

       8
       -
         nix,

     

       9
       -
         asdf,

     

       10
       -
       }: {

     

       11
       -
         nyxt = pkgs.lispPackages.buildLispPackage rec {

     

       12
       -
           :winherit lib pkgs clwrapper stdenv;

     

       13
       -
       	nixLib = pkgs.lib;

     

       14
       -
       	callPackage = nixLib.callPackageWith lispPackages;

     

       15
       -
           baseName = "nyxt";

     

       16
       -
           version = "3-pre-release-2";

     

       17
       -
       

     

       18
       -
           description = "Nyxt Browser";

     

       19
       -
       

     

       20
       -
           overrides = x: {

     

       21
       -
             postInstall = ''

     

       22
       -
               echo "Building nyxt binary"

     

       23
       -
               (

     

       24
       -
                 source "$out/lib/common-lisp-settings"/*-shell-config.sh

     

       25
       -
                 cd "$out/lib/common-lisp"/*/

     

       26
       -
                 makeFlags="''${makeFlags:-}"

     

       27
       -
                 make LISP=common-lisp.sh NYXT_INTERNAL_QUICKLISP=false PREFIX="$out" $makeFlags all

     

       28
       -
                 make LISP=common-lisp.sh NYXT_INTERNAL_QUICKLISP=false PREFIX="$out" $makeFlags install

     

       29
       -
                 cp nyxt "$out/bin/nyxt"

     

       30
       -
               )

     

       31
       -
               NIX_LISP_PRELAUNCH_HOOK='

     

       32
       -
                 nix_lisp_build_system nyxt/gtk-application \

     

       33
       -
                  "(asdf/system:component-entry-point (asdf:find-system :nyxt/gtk-application))" \

     

       34
       -
                  "" "(format *error-output* \"Alien objects:~%~s~%\" sb-alien::*shared-objects*)"

     

       35
       -
               ' "$out/bin/nyxt-lisp-launcher.sh"

     

       36
       -
               cp "$out/lib/common-lisp/nyxt/nyxt" "$out/bin/"

     

       37
       -
             '';

     

       38
       -
       

     

       39
       -
             # Prevent nyxt from trying to obtain dependencies as submodules

     

       40
       -
             makeFlags = ["NYXT_SUBMODULES=false"] ++ x.buildFlags or [];

     

       41
       -
       

     

       42
       -
             patches =

     

       43
       -
               x.patches

     

       44
       -
               or []

     

       45
       -
               ++ [

     

       46
       -
                 # Work around crash when opening _any_ URL

     

       47
       -
                 # https://github.com/atlas-engineer/nyxt/issues/1781

     

       48
       -
                 # https://github.com/NixOS/nixpkgs/issues/158005

     

       49
       -
                 (pkgs.fetchpatch {

     

       50
       -
                   name = "nyxt-webkit-disable-sandbox.patch";

     

       51
       -
                   url = "https://github.com/atlas-engineer/nyxt/commit/48ac0d8727f1ca1428188a1ab2c05b7be5f6cc51.patch";

     

       52
       -
                   sha256 = "0570mcfn5wmjha6jmfdgglp0w5b7rpfnv3flzn77clgbknwbxi0m";

     

       53
       -
                 })

     

       54
       -
               ];

     

       55
       -
           };

     

       56
       -
       

     

       57
       -
           deps = with pkgs.lispPackages; [

     

       58
       -
             alexandria

     

       59
       -
             bordeaux-threads

     

       60
       -
             calispel

     

       61
       -
             cl-css

     

       62
       -
             cl-json

     

       63
       -
             cl-markup

     

       64
       -
             cl-ppcre

     

       65
       -
             cl-ppcre-unicode

     

       66
       -
             cl-prevalence

     

       67
       -
             closer-mop

     

       68
       -
             cl-containers

     

       69
       -
             cl-qrencode

     

       70
       -
             clss

     

       71
       -
             cluffer

     

       72
       -
             moptilities

     

       73
       -
             dexador

     

       74
       -
             enchant

     

       75
       -
             file-attributes

     

       76
       -
             iolib

     

       77
       -
             local-time

     

       78
       -
             log4cl

     

       79
       -
             lparallel

     

       80
       -
             mk-string-metrics

     

       81
       -
             osicat

     

       82
       -
             parenscript

     

       83
       -
             quri

     

       84
       -
             serapeum

     

       85
       -
             spinneret

     

       86
       -
             str

     

       87
       -
             plump

     

       88
       -
             swank

     

       89
       -
             trivia

     

       90
       -
             trivial-clipboard

     

       91
       -
             trivial-features

     

       92
       -
             trivial-garbage

     

       93
       -
             trivial-package-local-nicknames

     

       94
       -
             trivial-types

     

       95
       -
             unix-opts

     

       96
       -
             cl-html-diff

     

       97
       -
             hu_dot_dwim_dot_defclass-star

     

       98
       -
             cl-custom-hash-table

     

       99
       -
             fset

     

       100
       -
             cl-cffi-gtk

     

       101
       -
             cl-webkit2

     

       102
       -
             cl-gobject-introspection

     

       103
       -
           ];

     

       104
       -
           src = pkgs.fetchFromGitHub {

     

       105
       -
             owner = "atlas-engineer";

     

       106
       -
             repo = "nyxt";

     

       107
       -
             rev = "${version}";

     

       108
       -
             sha256 = "12l7ir3q29v06jx0zng5cvlbmap7p709ka3ik6x29lw334qshm9b";

     

       109
       -
           };

     

       110
       -
       

     

       111
       -
           packageName = "nyxt";

     

       112
       -
       

     

       113
       -
           propagatedBuildInputs = [

     

       114
       -
             pkgs.libressl.out

     

       115
       -
             pkgs.webkitgtk

     

       116
       -
             pkgs.sbcl

     

       117
       -
           ];

     

       118
       -
           meta = {

     

       119
       -
               description = "Nyxt Browser";

     

       120
       -
           };

     

       121
       -
         };

     

       122
       -
       }

-56

pkgs/nyxt.nix

···

       1
       -
       { stdenv, lib, lispPackages

     

       2
       -
       , makeWrapper, wrapGAppsHook, gst_all_1

     

       3
       -
       , glib, gdk-pixbuf, cairo

     

       4
       -
       , mailcap, pango, gtk3

     

       5
       -
       , glib-networking, gsettings-desktop-schemas

     

       6
       -
       , xclip, notify-osd, enchant, pkgs

     

       7
       -
       }:

     

       8
       -
       

     

       9
       -
       stdenv.mkDerivation rec {

     

       10
       -
         pname = "nyxt";

     

       11
       -
         inherit (pkgs.my-pkgs.nyxt-lisp.meta) version;

     

       12
       -
       

     

       13
       -
         src = lispPackages.nyxt;

     

       14
       -
       

     

       15
       -
         nativeBuildInputs = [ makeWrapper wrapGAppsHook ];

     

       16
       -
         gstBuildInputs = with gst_all_1; [

     

       17
       -
           gstreamer gst-libav

     

       18
       -
           gst-plugins-base

     

       19
       -
           gst-plugins-good

     

       20
       -
           gst-plugins-bad

     

       21
       -
           gst-plugins-ugly

     

       22
       -
         ];

     

       23
       -
         buildInputs = [

     

       24
       -
           glib gdk-pixbuf cairo

     

       25
       -
           mailcap pango gtk3

     

       26
       -
           glib-networking gsettings-desktop-schemas

     

       27
       -
           xclip notify-osd enchant

     

       28
       -
         ] ++ gstBuildInputs;

     

       29
       -
       

     

       30
       -
         GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" gstBuildInputs;

     

       31
       -
       

     

       32
       -
         dontWrapGApps = true;

     

       33
       -
         installPhase = ''

     

       34
       -
           mkdir -p $out/share/applications/

     

       35
       -
           sed "s/VERSION/$version/" $src/lib/common-lisp/nyxt/assets/nyxt.desktop > $out/share/applications/nyxt.desktop

     

       36
       -
           for i in 16 32 128 256 512; do

     

       37
       -
             mkdir -p "$out/share/icons/hicolor/''${i}x''${i}/apps/"

     

       38
       -
             cp -f $src/lib/common-lisp/nyxt/assets/nyxt_''${i}x''${i}.png "$out/share/icons/hicolor/''${i}x''${i}/apps/nyxt.png"

     

       39
       -
           done

     

       40
       -
           mkdir -p $out/bin && makeWrapper $src/bin/nyxt $out/bin/nyxt \

     

       41
       -
             --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "${GST_PLUGIN_SYSTEM_PATH_1_0}" \

     

       42
       -
             --argv0 nyxt "''${gappsWrapperArgs[@]}"

     

       43
       -
         '';

     

       44
       -
       

     

       45
       -
         checkPhase = ''

     

       46
       -
           $out/bin/nyxt -h

     

       47
       -
         '';

     

       48
       -
       

     

       49
       -
         meta = with lib; {

     

       50
       -
           description = "Infinitely extensible web-browser (with Lisp development files using WebKitGTK platform port)";

     

       51
       -
           homepage = "https://nyxt.atlas.engineer";

     

       52
       -
           license = licenses.bsd3;

     

       53
       -
           maintainers = with maintainers; [ lewo payas ];

     

       54
       -
           platforms = platforms.all;

     

       55
       -
         };

     

       56
       -
       }