Compare commits
1 commit
main
...
update-inp
Author | SHA1 | Date | |
---|---|---|---|
90d65f28ed |
1
.gitignore
vendored
|
@ -1,2 +1 @@
|
|||
testing/**
|
||||
result
|
||||
|
|
|
@ -2,7 +2,6 @@ keys:
|
|||
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
||||
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
||||
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||
creation_rules:
|
||||
- path_regex: secrets/services/dns-knot.yaml
|
||||
key_groups:
|
||||
|
@ -40,9 +39,3 @@ creation_rules:
|
|||
- *emily
|
||||
age:
|
||||
- *seras
|
||||
- path_regex: secrets/services/nyastodon.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *emily
|
||||
age:
|
||||
- *girldick
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib; {
|
||||
imports = [
|
||||
|
@ -7,7 +7,6 @@ with lib; {
|
|||
./openssh.nix
|
||||
./users
|
||||
../../modules
|
||||
inputs.lix-module.nixosModules.default
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
kitty.terminfo
|
||||
|
@ -24,7 +23,7 @@ with lib; {
|
|||
unzip
|
||||
zip
|
||||
figlet
|
||||
];
|
||||
];
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
fish.enable = true;
|
||||
|
@ -62,7 +61,7 @@ with lib; {
|
|||
path = pkgs.path;
|
||||
};
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" "pipe-operator" ];
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
trusted-users = [ "root" "@wheel" ];
|
||||
substituters = [ "https://cache.kyouma.net" ];
|
||||
trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
|
||||
|
|
|
@ -11,8 +11,6 @@ let
|
|||
sigAlgorithms = [
|
||||
"ssh-ed25519-cert-v01@openssh.com"
|
||||
"ssh-ed25519"
|
||||
"sk-ssh-ed25519-cert-v01@openssh.com"
|
||||
"sk-ssh-ed25519@openssh.com"
|
||||
];
|
||||
|
||||
kexAlgorithms = [
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
];
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"jitsi-meet-1.0.8043"
|
||||
"electron-25.9.0"
|
||||
];
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
@ -23,7 +23,6 @@
|
|||
whois
|
||||
htop
|
||||
restic
|
||||
fend
|
||||
] ++ lib.optionals config.kyouma.machine-type.graphical [
|
||||
linux-manual
|
||||
colmena
|
||||
|
@ -43,8 +42,8 @@
|
|||
libnotify
|
||||
slurp
|
||||
grim
|
||||
simple-scan
|
||||
nemo
|
||||
gnome.simple-scan
|
||||
cinnamon.nemo
|
||||
imagemagick_light
|
||||
|
||||
#ubuntu_font_family
|
||||
|
@ -62,7 +61,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
../../services/nginx.nix
|
||||
../../services/uptime-kuma.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/librespeed.nix
|
||||
./disko.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
|
|
@ -62,7 +62,6 @@
|
|||
};
|
||||
};
|
||||
root = {
|
||||
type = "8300";
|
||||
size = "100%";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -16,15 +16,6 @@
|
|||
|
||||
networking.hostName = "integra";
|
||||
|
||||
nix.sshServe.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
|
||||
];
|
||||
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
matchConfig.Type = "ether";
|
||||
matchConfig.Name = "e*";
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
|
||||
../../common
|
||||
../../profiles/graphical
|
||||
../../profiles/physical.nix
|
||||
./disko.nix
|
||||
./hardware-configuration.nix
|
||||
|
@ -26,9 +27,8 @@
|
|||
hardware.gpgSmartcards.enable = true;
|
||||
hardware.nitrokey.enable = true;
|
||||
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
hardware.opengl = {
|
||||
driSupport32Bit = true;
|
||||
extraPackages = with pkgs; [
|
||||
intel-media-driver
|
||||
libvdpau-va-gl
|
||||
|
@ -40,13 +40,7 @@
|
|||
extraBackends = [ pkgs.utsushi ];
|
||||
};
|
||||
|
||||
kyouma = {
|
||||
graphical = {
|
||||
enable = true;
|
||||
compositor = "hyprland";
|
||||
};
|
||||
machine-type.portable = true;
|
||||
};
|
||||
kyouma.machine-type.portable = true;
|
||||
|
||||
networking.hostName = "ryuuko";
|
||||
networking.firewall.allowedTCPPorts = [ 22000 ];
|
||||
|
|
|
@ -20,31 +20,4 @@
|
|||
"2a0f:be01:0:100::169/128"
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "24GB";
|
||||
effective_cache_size = "72GB";
|
||||
maintenance_work_mem = "2GB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "31457kB";
|
||||
huge_pages = "try";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 32;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_parallel_workers = 32;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
|
||||
kyouma.ooklaserver = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
domain = "speedtest.kyouma.net";
|
||||
settings.openSSL.server.minimumTLSProtocol = "1.3";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,20 +1,18 @@
|
|||
{ lib, pkgs, ... }: {
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
nix.gc.options = lib.mkForce "--delete-older-than 30d";
|
||||
nix.settings = {
|
||||
trusted-users = [ "nix-ssh" ];
|
||||
#system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
|
||||
};
|
||||
nix.gc.options = lib.mkForce "--delete-older-than 60d";
|
||||
nix.settings.trusted-users = [ "build" ];
|
||||
nix.extraOptions = ''
|
||||
min-free = ${builtins.toString (16384 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (32768 * 1024 * 1024)}
|
||||
min-free = ${builtins.toString (4096 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (8192 * 1024 * 1024)}
|
||||
max-substitution-jobs = 20
|
||||
max-silent-time = 14400
|
||||
max-silent-time = 7200
|
||||
'';
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
write = true;
|
||||
keys = [
|
||||
users.users.build = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.bash;
|
||||
ignoreShellProgramCheck = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
|
||||
|
|
220
config/profiles/graphical/default.nix
Normal file
|
@ -0,0 +1,220 @@
|
|||
{ config, pkgs, lib, inputs, ... }: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.stylix.nixosModules.stylix
|
||||
./files.nix
|
||||
./hyprland.nix
|
||||
./nixvim.nix
|
||||
./waybar.nix
|
||||
];
|
||||
|
||||
kyouma.machine-type.graphical = true;
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
security.pam.services.hyprlock = {};
|
||||
|
||||
services.dbus.packages = [ pkgs.gcr ];
|
||||
services.geoclue2.enable = true;
|
||||
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
services.udisks2.enable = true;
|
||||
|
||||
environment.variables = {
|
||||
CLUTTER_BACKEND = "wayland";
|
||||
GDK_BACKEND = "wayland,x11";
|
||||
MOZ_ENABLE_WAYLAND = "1";
|
||||
QT_QPA_PLATFORM = "wayland;xcb";
|
||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||
SDL_VIDEODRIVER = "wayland";
|
||||
LIBVA_DRIVER_NAME = "radeonsi";
|
||||
MESA_VK_DEVICE_SELECT = "1002:73df";
|
||||
WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
|
||||
};
|
||||
xdg.icons.enable = true;
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
configPackages = [ pkgs.xdg-desktop-portal-hyprland ];
|
||||
};
|
||||
|
||||
stylix= {
|
||||
image = pkgs.fetchurl {
|
||||
url = "https://kyouma.net/wallpaper.png";
|
||||
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
|
||||
};
|
||||
polarity = "dark";
|
||||
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
|
||||
fonts = {
|
||||
sansSerif = {
|
||||
package = pkgs.noto-fonts;
|
||||
name = "Noto Sans";
|
||||
};
|
||||
serif = config.stylix.fonts.sansSerif;
|
||||
monospace = {
|
||||
package = pkgs.jetbrains-mono;
|
||||
name = "JetBrains Mono Regular";
|
||||
};
|
||||
sizes.terminal = 11;
|
||||
};
|
||||
cursor = {
|
||||
package = pkgs.capitaine-cursors;
|
||||
name = "capitaine";
|
||||
size = 24;
|
||||
};
|
||||
targets = {
|
||||
console.enable = false;
|
||||
gnome.enable = true;
|
||||
fish.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.emily = {
|
||||
stylix.targets = {
|
||||
hyprland.enable = false;
|
||||
kitty.enable = false;
|
||||
mako.enable = false;
|
||||
rofi.enable = false;
|
||||
swaylock.enable = false;
|
||||
waybar.enable = false;
|
||||
nixvim.enable = false;
|
||||
fish.enable = false;
|
||||
};
|
||||
home.keyboard = {
|
||||
layout = "de";
|
||||
variant = "neo_qwerty";
|
||||
};
|
||||
|
||||
programs.imv.enable = true;
|
||||
|
||||
programs.wpaperd = {
|
||||
enable = true;
|
||||
settings.default = {
|
||||
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
|
||||
duration = "60m";
|
||||
sorting = "random";
|
||||
};
|
||||
};
|
||||
programs.kitty = {
|
||||
enable = true;
|
||||
font.size = 13;
|
||||
font.name = "JetBrains Mono";
|
||||
settings = {
|
||||
enable_audio_bell = false;
|
||||
scrollback_lines = 65536;
|
||||
remember_window_size = false;
|
||||
initial_window_width = 1200;
|
||||
initial_window_height = 800;
|
||||
|
||||
bold_font = "auto";
|
||||
italic_font = "auto";
|
||||
bold_italic_font = "auto";
|
||||
|
||||
background = "#090312";
|
||||
background_opacity = "0.7";
|
||||
};
|
||||
keybindings = {
|
||||
"shift+right" = "next_tab";
|
||||
"ctrl+l" = "next_tab";
|
||||
"shift+left" = "previous_tab";
|
||||
"ctrl+h" = "previous_tab";
|
||||
};
|
||||
};
|
||||
programs.rofi = {
|
||||
enable = true;
|
||||
package = pkgs.rofi-wayland;
|
||||
};
|
||||
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
options = [ "--cmd cd" ];
|
||||
};
|
||||
programs.fzf.enable = true;
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme.name = "qtct";
|
||||
style.name = "kvantum-dark";
|
||||
style.package = with pkgs; [
|
||||
libsForQt5.qtstyleplugin-kvantum
|
||||
qt6Packages.qtstyleplugin-kvantum
|
||||
(catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
|
||||
];
|
||||
};
|
||||
gtk.iconTheme.name = "Adwaita";
|
||||
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
|
||||
|
||||
services.gammastep = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
temperature.day = 6500;
|
||||
temperature.night = 3700;
|
||||
settings.general.adjustment-method = "wayland";
|
||||
};
|
||||
services.mako = {
|
||||
enable = true;
|
||||
anchor = "top-right";
|
||||
backgroundColor = "#24273a";
|
||||
borderColor = "#c6a0f6";
|
||||
borderRadius = 15;
|
||||
borderSize = 2;
|
||||
defaultTimeout = 5000;
|
||||
layer = "overlay";
|
||||
maxIconSize = 48;
|
||||
padding = "15";
|
||||
progressColor = "over #B4A1DB";
|
||||
sort = "-time";
|
||||
textColor = "#cad3f5";
|
||||
extraConfig = ''
|
||||
max-history=100
|
||||
on-button-left=dismiss
|
||||
on-button-right=dismiss-all
|
||||
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
|
||||
|
||||
[urgency=low]
|
||||
border-color=#B4A1DB
|
||||
default-timeout=2000
|
||||
|
||||
[urgency=normal]
|
||||
border-color=#B4A1DB
|
||||
default-timeout=5000
|
||||
|
||||
[urgency=high]
|
||||
border-color=#D04E9D
|
||||
text-color=#D04E9D
|
||||
default-timeout=0
|
||||
|
||||
[category=mpd]
|
||||
border-color=#E49186
|
||||
default-timeout=2000
|
||||
group-by=category
|
||||
'';
|
||||
};
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
enableSshSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-gnome3;
|
||||
};
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
tray.enable = true;
|
||||
tray.command = "syncthingtray --replace";
|
||||
};
|
||||
services.udiskie = {
|
||||
enable = true;
|
||||
automount = false;
|
||||
};
|
||||
systemd.user.services.syncthingtray.Service = {
|
||||
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "1s";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||
{ config, pkgs, ... }: {
|
||||
home-manager.users.emily = {
|
||||
home.file.".local/bin/hypr/playerctl.sh" = let
|
||||
playerctl = "${pkgs.playerctl}/bin/playerctl";
|
||||
title = "$(${playerctl} metadata --format '{{markup_escape(title)}}')";
|
||||
|
@ -19,7 +19,7 @@
|
|||
fi
|
||||
'';
|
||||
};
|
||||
home.file.".local/bin/hypr/colorpicker.sh" = {
|
||||
home.file."./local/bin/hypr/colorpicker.sh" = {
|
||||
enable = true;
|
||||
executable = true;
|
||||
source = pkgs.writeShellApplication {
|
||||
|
@ -28,7 +28,7 @@
|
|||
runtimeInputs = with pkgs; [ coreutils grim slurp imagemagick_light wl-clipboard libnotify ];
|
||||
};
|
||||
};
|
||||
home.file.".local/bin/hypr/rofi_powermenu.sh" = {
|
||||
home.file."./local/bin/hypr/rofi_powermenu.sh" = {
|
||||
enable = true;
|
||||
executable = true;
|
||||
source = pkgs.writeShellApplication {
|
||||
|
@ -37,7 +37,7 @@
|
|||
runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ];
|
||||
};
|
||||
};
|
||||
home.file.".local/bin/hypr/rofi_screenshot.sh" = {
|
||||
home.file."./local/bin/hypr/rofi_screenshot.sh" = {
|
||||
enable = true;
|
||||
executable = true;
|
||||
source = pkgs.writeShellApplication {
|
||||
|
@ -46,7 +46,7 @@
|
|||
runtimeInputs = with pkgs; [ coreutils grim hyprland imv slurp wl-clipboard libnotify pulseaudio toybox rofi xdg-user-dirs ];
|
||||
};
|
||||
};
|
||||
home.file.".local/bin/hypr/screenshot.sh" = {
|
||||
home.file."./local/bin/hypr/screenshot.sh" = {
|
||||
enable = true;
|
||||
executable = true;
|
||||
source = pkgs.writeShellApplication {
|
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 34 KiB After Width: | Height: | Size: 34 KiB |
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
|
@ -1,5 +1,57 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
|
||||
{ pkgs, ... }: {
|
||||
home-manager.users.emily = {
|
||||
programs.hyprlock = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
hide_cursor = true;
|
||||
disable_loading_bar = true;
|
||||
};
|
||||
background = [{
|
||||
path = "screenshot";
|
||||
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
|
||||
blur_passes = 3;
|
||||
contrast = 1.25;
|
||||
}];
|
||||
input-field = [{
|
||||
size = "250, 60";
|
||||
outline_thickness = 2;
|
||||
dots_size = 0.2;
|
||||
dots_spacing = 0.2;
|
||||
dots_center = true;
|
||||
outer_color = "rgba(0, 0, 0, 0)";
|
||||
inner_color = "rgba(0, 0, 0, 0.5)";
|
||||
font_color = "rgb(200, 200, 200)";
|
||||
fade_on_empty = true;
|
||||
fade_timeout = 5000;
|
||||
font_family = "JetBrains Mono Nerd Font Mono";
|
||||
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
|
||||
position = "0, 200";
|
||||
halign = "center";
|
||||
valign = "bottom";
|
||||
}];
|
||||
label = [{
|
||||
text = "cmd[update:250] date +%X";
|
||||
color = "rgba(255, 255, 255, 0.6)";
|
||||
font_size = "100";
|
||||
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
|
||||
position = "0, -300";
|
||||
halign = "center";
|
||||
valign = "top";
|
||||
}];
|
||||
};
|
||||
};
|
||||
services.swayidle =
|
||||
let
|
||||
hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
|
||||
in {
|
||||
enable = true;
|
||||
systemdTarget = "hyprland-session.target";
|
||||
events = [
|
||||
{ event = "before-sleep"; command = hyprlock; }
|
||||
{ event = "lock"; command = hyprlock; }
|
||||
];
|
||||
};
|
||||
wayland.windowManager.hyprland = {
|
||||
enable = true;
|
||||
settings = let
|
||||
|
@ -118,8 +170,8 @@
|
|||
"eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
|
||||
#"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
|
||||
#"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
|
||||
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@240,5280x0,1, bitdepth,10, vrr,2"
|
||||
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-280,1, bitdepth,10, transform,1"
|
||||
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@120,5280x0,1, bitdepth,10, vrr,2"
|
||||
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1"
|
||||
",preferred,auto,1"
|
||||
];
|
||||
workspace = [
|
218
config/profiles/graphical/nixvim.nix
Normal file
|
@ -0,0 +1,218 @@
|
|||
{ pkgs, inputs, ... }: {
|
||||
home-manager.users.emily.imports = [
|
||||
inputs.nixvim.homeManagerModules.nixvim
|
||||
];
|
||||
home-manager.users.emily.programs.nixvim = {
|
||||
enable = true;
|
||||
extraPlugins = [
|
||||
pkgs.vimPlugins.molokai
|
||||
pkgs.vimPlugins.vim-airline-themes
|
||||
];
|
||||
colorscheme = "molokai";
|
||||
vimAlias = true;
|
||||
highlightOverride.Normal = {
|
||||
ctermbg = "NONE";
|
||||
bg = "NONE";
|
||||
};
|
||||
opts = {
|
||||
number = true;
|
||||
expandtab = true;
|
||||
autoindent = true;
|
||||
mouse = "";
|
||||
encoding = "utf-8";
|
||||
shiftwidth = 2;
|
||||
smartindent = true;
|
||||
tabstop = 2;
|
||||
|
||||
ignorecase = true;
|
||||
incsearch = true;
|
||||
smartcase = true;
|
||||
};
|
||||
keymaps = [
|
||||
{
|
||||
action = "<cmd>Neotree toggle<CR>";
|
||||
key = "<C-n>";
|
||||
mode = "n";
|
||||
options.silent = true;
|
||||
}
|
||||
{
|
||||
action = "<C-\\><C-n>";
|
||||
key = "<esc>";
|
||||
mode = "t";
|
||||
}
|
||||
];
|
||||
plugins.cmp = {
|
||||
enable = true;
|
||||
settings.sources = [
|
||||
{ name = "nvim_lsp"; }
|
||||
{ name = "luasnip"; }
|
||||
{ name = "buffer"; }
|
||||
{ name = "nvim_lua"; }
|
||||
{ name = "path"; }
|
||||
];
|
||||
settings.formatting = {
|
||||
fields = [ "abbr" "kind" "menu" ];
|
||||
format = ''
|
||||
function(_, item)
|
||||
local icons = {
|
||||
Namespace = "",
|
||||
Text = "",
|
||||
Method = "",
|
||||
Function = "",
|
||||
Constructor = "",
|
||||
Field = "",
|
||||
Variable = "",
|
||||
Class = "",
|
||||
Interface = "",
|
||||
Module = "",
|
||||
Property = "",
|
||||
Unit = "",
|
||||
Value = "",
|
||||
Enum = "",
|
||||
Keyword = "",
|
||||
Snippet = "",
|
||||
Color = "",
|
||||
File = "",
|
||||
Reference = "",
|
||||
Folder = "",
|
||||
EnumMember = "",
|
||||
Constant = "",
|
||||
Struct = "",
|
||||
Event = "",
|
||||
Operator = "",
|
||||
TypeParameter = "",
|
||||
Table = "",
|
||||
Object = "",
|
||||
Tag = "",
|
||||
Array = "[]",
|
||||
Boolean = "",
|
||||
Number = "",
|
||||
Null = "",
|
||||
String = "",
|
||||
Calendar = "",
|
||||
Watch = "",
|
||||
Package = "",
|
||||
Copilot = "",
|
||||
Codeium = "",
|
||||
TabNine = "",
|
||||
}
|
||||
|
||||
local icon = icons[item.kind] or ""
|
||||
item.kind = string.format("%s %s", icon, item.kind or "")
|
||||
return item
|
||||
end
|
||||
'';
|
||||
};
|
||||
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
|
||||
settings.window = {
|
||||
completion = {
|
||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||
scrollbar = false;
|
||||
sidePadding = 0;
|
||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||
};
|
||||
documentation = {
|
||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||
};
|
||||
};
|
||||
settings.mapping = {
|
||||
"<C-n>" = "cmp.mapping.select_next_item()";
|
||||
"<C-p>" = "cmp.mapping.select_prev_item()";
|
||||
"<C-j>" = "cmp.mapping.select_next_item()";
|
||||
"<C-k>" = "cmp.mapping.select_prev_item()";
|
||||
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
|
||||
"<C-f>" = "cmp.mapping.scroll_docs(4)";
|
||||
"<C-Space>" = "cmp.mapping.complete()";
|
||||
"<C-e>" = "cmp.mapping.close()";
|
||||
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
|
||||
"<Tab>" = ''
|
||||
cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_next_item()
|
||||
elseif require("luasnip").expand_or_jumpable() then
|
||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end,{"i","s"})
|
||||
'';
|
||||
"<S-Tab>" = ''
|
||||
cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_prev_item()
|
||||
elseif require("luasnip").jumpable(-1) then
|
||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end,{"i","s"})
|
||||
'';
|
||||
};
|
||||
};
|
||||
plugins.lsp = {
|
||||
enable = true;
|
||||
keymaps.lspBuf = {
|
||||
"K" = "hover";
|
||||
"gd" = "definition";
|
||||
"gD" = "references";
|
||||
"gt" = "type_definition";
|
||||
"gi" = "implementation";
|
||||
};
|
||||
servers = {
|
||||
bashls.enable = true;
|
||||
lua-ls.enable = true;
|
||||
nil_ls = {
|
||||
enable = true;
|
||||
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
};
|
||||
nixd = {
|
||||
enable = false;
|
||||
settings = {
|
||||
eval.depth = 5;
|
||||
eval.workers = 6;
|
||||
formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
options.enable = true;
|
||||
};
|
||||
};
|
||||
ruff-lsp.enable = true;
|
||||
rust-analyzer = {
|
||||
enable = true;
|
||||
installRustc = true;
|
||||
installCargo = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
plugins.none-ls = {
|
||||
enable = true;
|
||||
sources.diagnostics = {
|
||||
pylint.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
sources.formatting = {
|
||||
nixfmt.enable = true;
|
||||
markdownlint.enable = true;
|
||||
};
|
||||
};
|
||||
plugins.neo-tree = {
|
||||
enable = true;
|
||||
closeIfLastWindow = true;
|
||||
};
|
||||
plugins.treesitter = {
|
||||
enable = true;
|
||||
nixGrammars = true;
|
||||
indent = true;
|
||||
};
|
||||
plugins.airline.enable = true;
|
||||
plugins.cmp-buffer.enable = true;
|
||||
plugins.cmp-emoji.enable = true;
|
||||
plugins.cmp-nvim-lsp.enable = true;
|
||||
plugins.cmp-path.enable = true;
|
||||
plugins.cmp_luasnip.enable = true;
|
||||
plugins.luasnip.enable = true;
|
||||
plugins.nvim-autopairs.enable = true;
|
||||
plugins.rainbow-delimiters.enable = true;
|
||||
plugins.rustaceanvim.enable = true;
|
||||
plugins.treesitter-context.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||
{ pkgs, ... }: {
|
||||
home-manager.users.emily = {
|
||||
programs.waybar = {
|
||||
enable = true;
|
||||
style = ./files/waybar-style.css;
|
|
@ -69,6 +69,7 @@
|
|||
})
|
||||
];
|
||||
|
||||
sound.enable = true;
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
ipv6 = true;
|
||||
|
|
|
@ -24,9 +24,6 @@
|
|||
DEFAULT.APP_NAME = "The dog girl Git";
|
||||
federation.ENABLED = true;
|
||||
log.LEVEL = "Info";
|
||||
indexer = {
|
||||
REPO_INDEXER_ENABLED = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
PROTOCOL = "smtp+starttls";
|
||||
|
|
|
@ -1,27 +1,19 @@
|
|||
{ config, inputs, lib, ... }: {
|
||||
{ config, ... }: {
|
||||
imports = [
|
||||
./nix-config.nix
|
||||
inputs.hydra.nixosModules.hydra
|
||||
];
|
||||
sops.secrets."services/hydra/signKey" = {
|
||||
owner = "hydra-queue-runner";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
|
||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||
owner = "hydra";
|
||||
mode = "0400";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
||||
owner = "hydra-queue-runner";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
|
||||
services.hydra-dev = {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
|
||||
hydraURL = "https://hydra.kyouma.net";
|
||||
listenHost = "localhost";
|
||||
notificationSender = "hydra@hydra.kyouma.net";
|
||||
|
@ -31,13 +23,12 @@
|
|||
server_store_uri = https://cache.kyouma.net
|
||||
binary_cache_public_uri = https://cache.kyouma.net
|
||||
evaluator_workers = 8
|
||||
evaluator_max_memory_size = 16384
|
||||
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
|
||||
evaluator_max_memory_size = 4096
|
||||
'';
|
||||
};
|
||||
services.harmonia = {
|
||||
enable = true;
|
||||
signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
|
||||
signKeyPath = config.sops.secrets."services/hydra/signKey".path;
|
||||
settings = {
|
||||
bind = "[::1]:5555";
|
||||
};
|
||||
|
|
|
@ -1,40 +1,24 @@
|
|||
{ config, lib, ... }: {
|
||||
{ config, ... }: {
|
||||
nix.buildMachines = [
|
||||
{
|
||||
hostName = "localhost";
|
||||
protocol = null;
|
||||
maxJobs = 0;
|
||||
speedFactor = 0;
|
||||
sshUser = "hydra-queue-runner";
|
||||
maxJobs = 40;
|
||||
speedFactor = 40;
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
{
|
||||
hostName = "integra.kyouma.net";
|
||||
sshUser = "nix-ssh";
|
||||
maxJobs = 2;
|
||||
speedFactor = 4;
|
||||
sshUser = "build";
|
||||
maxJobs = 4;
|
||||
speedFactor = 8;
|
||||
systems = [ "aarch64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
{
|
||||
hostName = "build-worker-04.nyantec.com";
|
||||
sshUser = "nix-ssh";
|
||||
maxJobs = 4;
|
||||
speedFactor = 18;
|
||||
systems = [ "x86_64-linux" "riscv64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
] ++ lib.forEach [ "01" "02" "03" "05" "06" "07" "08" "09" ] (num: {
|
||||
hostName = "build-worker-${num}";
|
||||
sshUser = "root";
|
||||
maxJobs = 2;
|
||||
speedFactor = 20;
|
||||
systems = [ "i686-linux" "x86_64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
});
|
||||
];
|
||||
nix.settings = {
|
||||
allowed-uris = [
|
||||
"github:"
|
||||
|
@ -43,46 +27,11 @@
|
|||
"https://"
|
||||
];
|
||||
};
|
||||
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
||||
];
|
||||
programs.ssh = {
|
||||
knownHosts = {
|
||||
"build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
|
||||
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
|
||||
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
||||
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
|
||||
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
|
||||
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
|
||||
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
|
||||
"[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
|
||||
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
|
||||
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
|
||||
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
|
||||
};
|
||||
extraConfig = ''
|
||||
Host build-worker-01
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2201
|
||||
Host build-worker-02
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2202
|
||||
Host build-worker-03
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2203
|
||||
Host build-worker-05
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2204
|
||||
Host build-worker-06
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2205
|
||||
Host build-worker-07
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2206
|
||||
Host build-worker-08
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2207
|
||||
Host build-worker-09
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2208
|
||||
'';
|
||||
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
{ ... }: {
|
||||
services.librespeed = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
domain = "speed.kyouma.net";
|
||||
frontend.enable = true;
|
||||
};
|
||||
}
|
|
@ -34,11 +34,5 @@
|
|||
add_header Referrer-Policy "same-origin" always;
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
'';
|
||||
eventsConfig = ''
|
||||
multi_accept on;
|
||||
'';
|
||||
appendConfig = ''
|
||||
worker_processes auto;
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,24 +1,4 @@
|
|||
{ config, pkgs, ... }: {
|
||||
sops.secrets."services/nyastodon/extraEnvFile" = {
|
||||
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||
owner = "mastodon";
|
||||
};
|
||||
sops.secrets."services/nyastodon/secretKeyBaseFile" = {
|
||||
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||
owner = "mastodon";
|
||||
};
|
||||
sops.secrets."services/nyastodon/otpSecretFile" = {
|
||||
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||
owner = "mastodon";
|
||||
};
|
||||
sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
|
||||
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||
owner = "mastodon";
|
||||
};
|
||||
sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
|
||||
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||
owner = "mastodon";
|
||||
};
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
package = pkgs.nyastodon;
|
||||
|
@ -26,10 +6,5 @@
|
|||
configureNginx = true;
|
||||
smtp.fromAddress = "webmaster@girldick.gay";
|
||||
streamingProcesses = 16;
|
||||
extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
|
||||
secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
|
||||
otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
|
||||
vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
|
||||
vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
};
|
||||
sops.secrets."services/vaultwarden/basicAuth" = {
|
||||
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||||
owner = "nginx";
|
||||
owner = "vaultwarden";
|
||||
};
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
||||
backupDir = "/var/backup/bitwarden_rs";
|
||||
config = {
|
||||
DOMAIN = "https://vault.kyouma.net";
|
||||
DOMAIN = "https://staging.vault.kyouma.net";
|
||||
DATABASE_MAX_CONNS = 15;
|
||||
WEB_VAULT_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "::1";
|
||||
|
@ -33,10 +33,10 @@
|
|||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
ROCKET_ADDRESS = "::1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_PORT = "8222";
|
||||
};
|
||||
};
|
||||
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
|
||||
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8222";
|
||||
proxyWebsockets = true;
|
||||
|
@ -46,5 +46,5 @@
|
|||
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
|
||||
};
|
||||
};
|
||||
security.acme.certs."vault.kyouma.net" = {};
|
||||
security.acme.certs."staging.vault.kyouma.net" = {};
|
||||
}
|
||||
|
|
714
flake.lock
39
flake.nix
|
@ -7,6 +7,7 @@
|
|||
attic = {
|
||||
url = "github:zhaofengli/attic";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
|
@ -19,30 +20,18 @@
|
|||
};
|
||||
fernglas = {
|
||||
url = "github:wobcom/fernglas";
|
||||
#inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
hydra = {
|
||||
url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
|
||||
inputs.lix.follows = "lix";
|
||||
};
|
||||
iceshrimp = {
|
||||
url = "git+https://iceshrimp.dev/iceshrimp/packaging";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
kyouma-www = {
|
||||
url = "git+https://woof.rip/emily/kyouma-net.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
|
||||
lix-module = {
|
||||
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-needsreboot = {
|
||||
url = "github:thefossguy/nixos-needsreboot";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -71,6 +60,10 @@
|
|||
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
|
||||
];
|
||||
builders-use-substitutes = true;
|
||||
builders = ''
|
||||
ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
|
||||
ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
|
||||
'';
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
|
||||
|
@ -110,9 +103,7 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
images = {
|
||||
lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
|
||||
};
|
||||
images.lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
|
||||
|
||||
overlays = {
|
||||
kyouma = import ./pkgs/overlay.nix;
|
||||
|
@ -135,18 +126,14 @@
|
|||
};
|
||||
in {
|
||||
packages = shinyflakes.mapPackages (pkgs) {
|
||||
# newHost = pkgs.writeShellApplication {
|
||||
# name = "update-flyio";
|
||||
# text = ''
|
||||
# '';
|
||||
# newhost = pkgs.stdenv.mkDerivation {
|
||||
# name = "newhost";
|
||||
# };
|
||||
};
|
||||
apps = {
|
||||
update-build-worker = {
|
||||
type = "app";
|
||||
program = ./pkgs/build-worker-oci/update.sh;
|
||||
};
|
||||
};
|
||||
# apps = rec {
|
||||
# newhost = self.packages.${system}.newhost;
|
||||
# default = newhost;
|
||||
# };
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = [ pkgs.colmena pkgs.sops ];
|
||||
};
|
||||
|
|
142
fly.toml
|
@ -1,142 +0,0 @@
|
|||
app = 'build-worker-kyoumanet'
|
||||
primary_region = 'ams'
|
||||
|
||||
[build]
|
||||
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||
|
||||
[processes]
|
||||
bw-01 = '/entrypoint.sh'
|
||||
bw-02 = '/entrypoint.sh'
|
||||
bw-03 = '/entrypoint.sh'
|
||||
bw-04 = '/entrypoint.sh'
|
||||
bw-05 = '/entrypoint.sh'
|
||||
bw-06 = '/entrypoint.sh'
|
||||
bw-07 = '/entrypoint.sh'
|
||||
bw-08 = '/entrypoint.sh'
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw01'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw02'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw03'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw04'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw05'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw06'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw07'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw08'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2201
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2202
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2203
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2204
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2205
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2206
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2207
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2208
|
||||
|
||||
[[restart]]
|
||||
policy = 'never'
|
||||
|
||||
[[vm]]
|
||||
size = 'performance-16x'
|
||||
memory = '96GB'
|
|
@ -1,5 +1,8 @@
|
|||
{ lib, ... }: let
|
||||
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||
in {
|
||||
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./deployment
|
||||
./machine-type
|
||||
./nginx
|
||||
./update-nixfiles
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,238 +0,0 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
let
|
||||
cfg = config.kyouma.graphical;
|
||||
in {
|
||||
options = {
|
||||
kyouma.graphical = {
|
||||
enable = lib.mkEnableOption "graphical profile";
|
||||
compositor = lib.mkOption {
|
||||
type = with lib.types; nullOr (enum [ "hyprland" "niri" ]);
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
inputs.stylix.nixosModules.stylix
|
||||
./files.nix
|
||||
./hyprland.nix
|
||||
./waybar-hyprland.nix
|
||||
./hyprlock.nix
|
||||
./nixvim.nix
|
||||
];
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
kyouma.machine-type.graphical = true;
|
||||
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
security.pam.services.hyprlock = {};
|
||||
|
||||
services.dbus.packages = [ pkgs.gcr ];
|
||||
services.geoclue2.enable = true;
|
||||
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
services.udisks2.enable = true;
|
||||
|
||||
environment.variables = {
|
||||
CLUTTER_BACKEND = "wayland";
|
||||
GDK_BACKEND = "wayland,x11";
|
||||
MOZ_ENABLE_WAYLAND = "1";
|
||||
QT_QPA_PLATFORM = "wayland;xcb";
|
||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||
SDL_VIDEODRIVER = "wayland";
|
||||
LIBVA_DRIVER_NAME = "radeonsi";
|
||||
MESA_VK_DEVICE_SELECT = "1002:73df";
|
||||
WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
|
||||
};
|
||||
xdg.icons.enable = true;
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
configPackages = [ (if cfg.compositor == "hyprland"
|
||||
then pkgs.xdg-desktop-portal-hyprland
|
||||
else pkgs.xdg-desktop-portal-wlr
|
||||
) ];
|
||||
};
|
||||
|
||||
stylix= {
|
||||
image = pkgs.fetchurl {
|
||||
url = "https://kyouma.net/wallpaper.png";
|
||||
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
|
||||
};
|
||||
polarity = "dark";
|
||||
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
|
||||
fonts = {
|
||||
sansSerif = {
|
||||
package = pkgs.noto-fonts;
|
||||
name = "Noto Sans";
|
||||
};
|
||||
serif = config.stylix.fonts.sansSerif;
|
||||
monospace = {
|
||||
package = pkgs.jetbrains-mono;
|
||||
name = "JetBrains Mono Regular";
|
||||
};
|
||||
sizes.terminal = 11;
|
||||
};
|
||||
cursor = {
|
||||
package = pkgs.capitaine-cursors;
|
||||
name = "capitaine";
|
||||
size = 24;
|
||||
};
|
||||
targets = {
|
||||
console.enable = false;
|
||||
gnome.enable = true;
|
||||
fish.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.emily = {
|
||||
stylix.targets = {
|
||||
hyprland.enable = false;
|
||||
sway.enable = false;
|
||||
kitty.enable = false;
|
||||
mako.enable = false;
|
||||
rofi.enable = false;
|
||||
swaylock.enable = false;
|
||||
waybar.enable = false;
|
||||
nixvim.enable = false;
|
||||
fish.enable = false;
|
||||
};
|
||||
home.keyboard = {
|
||||
layout = "de";
|
||||
variant = "neo_qwerty";
|
||||
};
|
||||
|
||||
programs.imv.enable = true;
|
||||
|
||||
programs.wpaperd = {
|
||||
enable = true;
|
||||
settings.default = {
|
||||
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
|
||||
duration = "60m";
|
||||
sorting = "random";
|
||||
};
|
||||
};
|
||||
programs.kitty = {
|
||||
enable = true;
|
||||
font.size = 13;
|
||||
font.name = "JetBrains Mono";
|
||||
settings = {
|
||||
enable_audio_bell = false;
|
||||
scrollback_lines = 65536;
|
||||
remember_window_size = false;
|
||||
initial_window_width = 1200;
|
||||
initial_window_height = 800;
|
||||
|
||||
bold_font = "auto";
|
||||
italic_font = "auto";
|
||||
bold_italic_font = "auto";
|
||||
|
||||
background = "#090312";
|
||||
background_opacity = "0.7";
|
||||
};
|
||||
keybindings = {
|
||||
"shift+right" = "next_tab";
|
||||
"ctrl+l" = "next_tab";
|
||||
"shift+left" = "previous_tab";
|
||||
"ctrl+h" = "previous_tab";
|
||||
};
|
||||
};
|
||||
programs.rofi = {
|
||||
enable = true;
|
||||
package = pkgs.rofi-wayland;
|
||||
};
|
||||
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
options = [ "--cmd cd" ];
|
||||
};
|
||||
programs.fzf.enable = true;
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme.name = "qtct";
|
||||
style.name = "kvantum-dark";
|
||||
style.package = with pkgs; [
|
||||
libsForQt5.qtstyleplugin-kvantum
|
||||
qt6Packages.qtstyleplugin-kvantum
|
||||
(catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
|
||||
];
|
||||
};
|
||||
gtk.iconTheme.name = "Adwaita";
|
||||
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
|
||||
|
||||
services.gammastep = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
temperature.day = 6500;
|
||||
temperature.night = 3700;
|
||||
settings.general.adjustment-method = "wayland";
|
||||
};
|
||||
services.mako = {
|
||||
enable = true;
|
||||
anchor = "top-right";
|
||||
backgroundColor = "#24273a";
|
||||
borderColor = "#c6a0f6";
|
||||
borderRadius = 15;
|
||||
borderSize = 2;
|
||||
defaultTimeout = 5000;
|
||||
layer = "overlay";
|
||||
maxIconSize = 48;
|
||||
padding = "15";
|
||||
progressColor = "over #B4A1DB";
|
||||
sort = "-time";
|
||||
textColor = "#cad3f5";
|
||||
extraConfig = ''
|
||||
max-history=100
|
||||
on-button-left=dismiss
|
||||
on-button-right=dismiss-all
|
||||
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
|
||||
|
||||
[urgency=low]
|
||||
border-color=#B4A1DB
|
||||
default-timeout=2000
|
||||
|
||||
[urgency=normal]
|
||||
border-color=#B4A1DB
|
||||
default-timeout=5000
|
||||
|
||||
[urgency=high]
|
||||
border-color=#D04E9D
|
||||
text-color=#D04E9D
|
||||
default-timeout=0
|
||||
|
||||
[category=mpd]
|
||||
border-color=#E49186
|
||||
default-timeout=2000
|
||||
group-by=category
|
||||
'';
|
||||
};
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
enableSshSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-gnome3;
|
||||
};
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
tray.enable = true;
|
||||
tray.command = "syncthingtray --replace";
|
||||
};
|
||||
services.udiskie = {
|
||||
enable = true;
|
||||
automount = false;
|
||||
};
|
||||
systemd.user.services.syncthingtray.Service = {
|
||||
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "1s";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||
programs.hyprlock = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
hide_cursor = true;
|
||||
disable_loading_bar = true;
|
||||
};
|
||||
background = [{
|
||||
path = "screenshot";
|
||||
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
|
||||
blur_passes = 3;
|
||||
contrast = 1.25;
|
||||
}];
|
||||
input-field = [{
|
||||
size = "250, 60";
|
||||
outline_thickness = 2;
|
||||
dots_size = 0.2;
|
||||
dots_spacing = 0.2;
|
||||
dots_center = true;
|
||||
outer_color = "rgba(0, 0, 0, 0)";
|
||||
inner_color = "rgba(0, 0, 0, 0.5)";
|
||||
font_color = "rgb(200, 200, 200)";
|
||||
fade_on_empty = true;
|
||||
fade_timeout = 5000;
|
||||
font_family = "JetBrains Mono Nerd Font Mono";
|
||||
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
|
||||
position = "0, 200";
|
||||
halign = "center";
|
||||
valign = "bottom";
|
||||
}];
|
||||
label = [{
|
||||
text = "cmd[update:250] date +%X";
|
||||
color = "rgba(255, 255, 255, 0.6)";
|
||||
font_size = "100";
|
||||
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
|
||||
position = "0, -300";
|
||||
halign = "center";
|
||||
valign = "top";
|
||||
}];
|
||||
};
|
||||
};
|
||||
services.swayidle =
|
||||
let
|
||||
hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
|
||||
in {
|
||||
enable = true;
|
||||
systemdTarget = "${config.kyouma.graphical.compositor}-session.target";
|
||||
events = [
|
||||
{ event = "before-sleep"; command = hyprlock; }
|
||||
{ event = "lock"; command = hyprlock; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,220 +0,0 @@
|
|||
{ config, lib, pkgs, inputs, ... }: {
|
||||
config = lib.mkIf config.kyouma.graphical.enable {
|
||||
home-manager.users.emily.imports = [
|
||||
inputs.nixvim.homeManagerModules.nixvim
|
||||
];
|
||||
home-manager.users.emily.programs.nixvim = {
|
||||
enable = true;
|
||||
extraPlugins = [
|
||||
pkgs.vimPlugins.molokai
|
||||
pkgs.vimPlugins.vim-airline-themes
|
||||
];
|
||||
colorscheme = "molokai";
|
||||
vimAlias = true;
|
||||
highlightOverride.Normal = {
|
||||
ctermbg = "NONE";
|
||||
bg = "NONE";
|
||||
};
|
||||
opts = {
|
||||
number = true;
|
||||
expandtab = true;
|
||||
autoindent = true;
|
||||
mouse = "";
|
||||
encoding = "utf-8";
|
||||
shiftwidth = 2;
|
||||
smartindent = true;
|
||||
tabstop = 2;
|
||||
ignorecase = true;
|
||||
incsearch = true;
|
||||
smartcase = true;
|
||||
};
|
||||
keymaps = [
|
||||
{
|
||||
action = "<cmd>Neotree toggle<CR>";
|
||||
key = "<C-n>";
|
||||
mode = "n";
|
||||
options.silent = true;
|
||||
}
|
||||
{
|
||||
action = "<C-\\><C-n>";
|
||||
key = "<esc>";
|
||||
mode = "t";
|
||||
}
|
||||
];
|
||||
plugins.cmp = {
|
||||
enable = true;
|
||||
settings.sources = [
|
||||
{ name = "nvim_lsp"; }
|
||||
{ name = "luasnip"; }
|
||||
{ name = "buffer"; }
|
||||
{ name = "nvim_lua"; }
|
||||
{ name = "path"; }
|
||||
];
|
||||
settings.formatting = {
|
||||
fields = [ "abbr" "kind" "menu" ];
|
||||
format = ''
|
||||
function(_, item)
|
||||
local icons = {
|
||||
Namespace = "",
|
||||
Text = "",
|
||||
Method = "",
|
||||
Function = "",
|
||||
Constructor = "",
|
||||
Field = "",
|
||||
Variable = "",
|
||||
Class = "",
|
||||
Interface = "",
|
||||
Module = "",
|
||||
Property = "",
|
||||
Unit = "",
|
||||
Value = "",
|
||||
Enum = "",
|
||||
Keyword = "",
|
||||
Snippet = "",
|
||||
Color = "",
|
||||
File = "",
|
||||
Reference = "",
|
||||
Folder = "",
|
||||
EnumMember = "",
|
||||
Constant = "",
|
||||
Struct = "",
|
||||
Event = "",
|
||||
Operator = "",
|
||||
TypeParameter = "",
|
||||
Table = "",
|
||||
Object = "",
|
||||
Tag = "",
|
||||
Array = "[]",
|
||||
Boolean = "",
|
||||
Number = "",
|
||||
Null = "",
|
||||
String = "",
|
||||
Calendar = "",
|
||||
Watch = "",
|
||||
Package = "",
|
||||
Copilot = "",
|
||||
Codeium = "",
|
||||
TabNine = "",
|
||||
}
|
||||
|
||||
local icon = icons[item.kind] or ""
|
||||
item.kind = string.format("%s %s", icon, item.kind or "")
|
||||
return item
|
||||
end
|
||||
'';
|
||||
};
|
||||
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
|
||||
settings.window = {
|
||||
completion = {
|
||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||
scrollbar = false;
|
||||
sidePadding = 0;
|
||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||
};
|
||||
documentation = {
|
||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||
};
|
||||
};
|
||||
settings.mapping = {
|
||||
"<C-n>" = "cmp.mapping.select_next_item()";
|
||||
"<C-p>" = "cmp.mapping.select_prev_item()";
|
||||
"<C-j>" = "cmp.mapping.select_next_item()";
|
||||
"<C-k>" = "cmp.mapping.select_prev_item()";
|
||||
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
|
||||
"<C-f>" = "cmp.mapping.scroll_docs(4)";
|
||||
"<C-Space>" = "cmp.mapping.complete()";
|
||||
"<C-e>" = "cmp.mapping.close()";
|
||||
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
|
||||
"<Tab>" = ''
|
||||
cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_next_item()
|
||||
elseif require("luasnip").expand_or_jumpable() then
|
||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end,{"i","s"})
|
||||
'';
|
||||
"<S-Tab>" = ''
|
||||
cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_prev_item()
|
||||
elseif require("luasnip").jumpable(-1) then
|
||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end,{"i","s"})
|
||||
'';
|
||||
};
|
||||
};
|
||||
plugins.lsp = {
|
||||
enable = true;
|
||||
keymaps.lspBuf = {
|
||||
"K" = "hover";
|
||||
"gd" = "definition";
|
||||
"gD" = "references";
|
||||
"gt" = "type_definition";
|
||||
"gi" = "implementation";
|
||||
};
|
||||
servers = {
|
||||
bashls.enable = true;
|
||||
lua_ls.enable = true;
|
||||
nil_ls = {
|
||||
enable = true;
|
||||
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
};
|
||||
nixd = {
|
||||
enable = false;
|
||||
settings = {
|
||||
eval.depth = 5;
|
||||
eval.workers = 6;
|
||||
formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
options.enable = true;
|
||||
};
|
||||
};
|
||||
ruff_lsp.enable = true;
|
||||
rust_analyzer = {
|
||||
enable = true;
|
||||
installRustc = true;
|
||||
installCargo = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
plugins.none-ls = {
|
||||
enable = true;
|
||||
sources.diagnostics = {
|
||||
pylint.enable = true;
|
||||
};
|
||||
sources.formatting = {
|
||||
nixfmt.enable = true;
|
||||
markdownlint.enable = true;
|
||||
};
|
||||
};
|
||||
plugins.neo-tree = {
|
||||
enable = true;
|
||||
closeIfLastWindow = true;
|
||||
};
|
||||
plugins.treesitter = {
|
||||
enable = true;
|
||||
nixGrammars = true;
|
||||
settings.indent.enable = true;
|
||||
};
|
||||
plugins.airline.enable = true;
|
||||
plugins.cmp-buffer.enable = true;
|
||||
plugins.cmp-emoji.enable = true;
|
||||
plugins.cmp-nvim-lsp.enable = true;
|
||||
plugins.cmp-path.enable = true;
|
||||
plugins.cmp_luasnip.enable = true;
|
||||
plugins.luasnip.enable = true;
|
||||
plugins.nvim-autopairs.enable = true;
|
||||
plugins.rainbow-delimiters.enable = true;
|
||||
plugins.web-devicons.enable = true;
|
||||
# Broken
|
||||
plugins.rustaceanvim.enable = false;
|
||||
plugins.treesitter-context.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,408 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.librespeed;
|
||||
in
|
||||
{
|
||||
options.services.librespeed =
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
enable = lib.mkEnableOption "LibreSpeed server";
|
||||
package = lib.mkPackageOption pkgs "librespeed-rust" { };
|
||||
domain = mkOption {
|
||||
description = ''
|
||||
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||
configure librespeed to use TLS.
|
||||
'';
|
||||
default = null;
|
||||
type = with types; nullOr nonEmptyStr;
|
||||
};
|
||||
downloadIPDB = mkOption {
|
||||
description = ''
|
||||
Whether to download the IP info database before starting librespeed.
|
||||
Disable this if you want to use the Go implementation.
|
||||
'';
|
||||
default = !(cfg.secrets ? "ipinfo_api_key");
|
||||
defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
|
||||
type = types.bool;
|
||||
};
|
||||
openFirewall = mkOption {
|
||||
description = ''
|
||||
Whether to open the firewall for the specified port.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
secrets = mkOption {
|
||||
description = ''
|
||||
Attribute set of filesystem paths.
|
||||
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
|
||||
'';
|
||||
default = { };
|
||||
type = with types; nullOr (attrsOf path);
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = { };
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
])
|
||||
);
|
||||
};
|
||||
frontend = {
|
||||
enable = lib.mkEnableOption ''
|
||||
Enables the LibreSpeed frontend and adds a nginx virtual host if
|
||||
not explicetly disabled and `services.librespeed.domain` is not `null`.
|
||||
'';
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default =
|
||||
if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
defaultText = lib.literalExpression ''
|
||||
if (config.services.librespeed.domain != null) then
|
||||
"webmaster@''${config.services.librespeed.domain}"
|
||||
else
|
||||
"webmaster@''${config.networking.fqdn}";
|
||||
'';
|
||||
type = types.str;
|
||||
};
|
||||
pageTitle = mkOption {
|
||||
description = "Title of the webpage.";
|
||||
default = "LibreSpeed";
|
||||
type = types.str;
|
||||
};
|
||||
useNginx = mkOption {
|
||||
description = ''
|
||||
Configure nginx for the LibreSpeed frontend.
|
||||
This will only create a virtual host for the frontend and won't proxy all requests because
|
||||
the reported upload and download speeds are inaccurate if proxied.
|
||||
'';
|
||||
default = cfg.domain != null;
|
||||
defaultText = lib.literalExpression "config.services.librespeed.domain != null";
|
||||
type = types.bool;
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Override default settings of the speedtest web client.
|
||||
See [speedtest_worker.js][link] for a list of possible values.
|
||||
|
||||
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
|
||||
'';
|
||||
default = {
|
||||
telemetry_level = "basic";
|
||||
};
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
bool
|
||||
int
|
||||
str
|
||||
float
|
||||
])
|
||||
);
|
||||
};
|
||||
servers = mkOption {
|
||||
description = "LibreSpeed servers that should apper in the server list.";
|
||||
type = types.listOf (
|
||||
types.submodule {
|
||||
options =
|
||||
let
|
||||
inherit (types) nonEmptyStr;
|
||||
in
|
||||
{
|
||||
name = mkOption {
|
||||
description = "Name shown in the server list.";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
server = mkOption {
|
||||
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
dlURL = mkOption {
|
||||
description = ''
|
||||
URL path to download test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/garbage";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
ulURL = mkOption {
|
||||
description = ''
|
||||
URL path to upload test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/empty";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
pingURL = mkOption {
|
||||
description = ''
|
||||
URL path to latency/jitter test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/empty";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
getIpURL = mkOption {
|
||||
description = ''
|
||||
URL path to IP lookup on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/getIP";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable (
|
||||
let
|
||||
librespeedAssets =
|
||||
pkgs.runCommand "librespeed-assets"
|
||||
(
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if ((lib.isInt arg) || (lib.isFloat arg)) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
|
||||
mapSettings = lib.pipe cfg.frontend.settings [
|
||||
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
|
||||
(lib.attrValues)
|
||||
(lib.concatLines)
|
||||
];
|
||||
in
|
||||
{
|
||||
preferLocal = true;
|
||||
|
||||
serversList = ''
|
||||
function get_servers() {
|
||||
return ${builtins.toJSON cfg.frontend.servers}
|
||||
}
|
||||
function override_settings () {
|
||||
${mapSettings}
|
||||
}
|
||||
'';
|
||||
}
|
||||
)
|
||||
''
|
||||
cp -r ${pkgs.librespeed-rust}/assets $out
|
||||
chmod 666 $out/servers_list.js
|
||||
cat >$out/servers_list.js <<<"$serversList"
|
||||
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||
'';
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
locations."/".root = librespeedAssets;
|
||||
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
||||
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||
${cfg.domain} = {
|
||||
reloadServices = [ "librespeed.service" ];
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
};
|
||||
|
||||
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||
}
|
||||
];
|
||||
|
||||
services.librespeed.settings =
|
||||
let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
in
|
||||
{
|
||||
assets_path =
|
||||
if (cfg.frontend.enable && !cfg.frontend.useNginx) then
|
||||
librespeedAssets
|
||||
else
|
||||
pkgs.writeTextDir "index.html" "";
|
||||
|
||||
bind_address = mkDefault "::";
|
||||
listen_port = mkDefault 8989;
|
||||
base_url = mkDefault "backend";
|
||||
worker_threads = mkDefault "auto";
|
||||
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||
|
||||
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||
tls_cert_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
tls_key_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
|
||||
enable_tls = mkDefault (cfg.domain != null);
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
configFile =
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if (lib.isInt arg) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
in
|
||||
with lib;
|
||||
pipe cfg.settings [
|
||||
(filterAttrs (_: val: val != null))
|
||||
(mapAttrs (name: val: "${name}=${mapValue val}"))
|
||||
(attrValues)
|
||||
(concatLines)
|
||||
(pkgs.writeText "${cfg.package.name}-config.toml")
|
||||
];
|
||||
in
|
||||
{
|
||||
librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
|
||||
description = "LibreSpeed secret helper";
|
||||
|
||||
ExecStart =
|
||||
let
|
||||
script = pkgs.writeShellApplication {
|
||||
name = "librespeed-secrets";
|
||||
runtimeInputs = [ pkgs.coreutils ];
|
||||
text =
|
||||
''
|
||||
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
|
||||
''
|
||||
+ lib.pipe cfg.secrets [
|
||||
(lib.mapAttrs (
|
||||
name: file: ''
|
||||
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
|
||||
${name}="$(<${lib.escapeShellArg file})"
|
||||
EOF
|
||||
''
|
||||
))
|
||||
(lib.concatLines lib.attrValues)
|
||||
];
|
||||
};
|
||||
in
|
||||
lib.getExe script;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
RuntimeDirectory = "librespeed";
|
||||
UMask = "u=rw";
|
||||
};
|
||||
};
|
||||
librespeed = {
|
||||
description = "LibreSpeed server daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
DynamicUser = true;
|
||||
|
||||
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
|
||||
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||
ExecStart = "${lib.getExe cfg.package} -c ${
|
||||
if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
|
||||
}";
|
||||
WorkingDirectory = "/var/cache/librespeed";
|
||||
RuntimeDirectory = "librespeed";
|
||||
RuntimeDirectoryPreserve = true;
|
||||
StateDirectory = "librespeed";
|
||||
CacheDirectory = "librespeed";
|
||||
SyslogIdentifier = "librespeed";
|
||||
|
||||
ReadOnlyPaths = [ cfg.package ];
|
||||
RestrictSUIDSGID = true;
|
||||
RestrictNamespaces = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectProc = "invisible";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||
}
|
|
@ -1,169 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.kyouma.ooklaserver;
|
||||
in {
|
||||
options = {
|
||||
kyouma.ooklaserver = let
|
||||
inherit (lib) mkOption types;
|
||||
in {
|
||||
enable = lib.mkEnableOption "ookla speedtest server";
|
||||
package = lib.mkPackageOption pkgs "ooklaserver" {};
|
||||
domain = mkOption {
|
||||
description = "Domain to use.";
|
||||
default = null;
|
||||
type = with types; nullOr nonEmptyStr;
|
||||
};
|
||||
openFirewall = mkOption {
|
||||
description = "Whether to open the firewall for the specified ports.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
tcpPorts = mkOption {
|
||||
description = ''
|
||||
The server listens on TCP port 5060 and 8080 by default. These ports are required for
|
||||
speedtest.net servers, although more can be added.
|
||||
'';
|
||||
default = [ 5060 8080 ];
|
||||
type = with types; listOf port;
|
||||
};
|
||||
udpPorts = mkOption {
|
||||
description = ''
|
||||
The server listens on UDP port 5060 and 8080 by default. These ports are required for
|
||||
speedtest.net servers, although more can be added.
|
||||
'';
|
||||
default = [ 5060 8080 ];
|
||||
type = with types; listOf port;
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
OoklaServer configuration written as Nix expression.
|
||||
Comma seperated values should be written as list.
|
||||
'';
|
||||
default = {};
|
||||
type = with lib.types; let
|
||||
valueType = nullOr (oneOf [
|
||||
bool
|
||||
int
|
||||
str
|
||||
(attrsOf valueType)
|
||||
(listOf (oneOf [ port str ]))
|
||||
]);
|
||||
in valueType;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.acme.certs.${cfg.domain} = {
|
||||
reloadServices = [ "ooklaserver.service" ];
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedUDPPorts = cfg.udpPorts;
|
||||
allowedTCPPorts = cfg.tcpPorts;
|
||||
};
|
||||
|
||||
kyouma.ooklaserver.settings = let
|
||||
inherit (lib) mkDefault;
|
||||
in {
|
||||
OoklaServer = {
|
||||
inherit (cfg) tcpPorts udpPorts;
|
||||
enableAutoUpdate = false;
|
||||
ssl.useLetsEncrypt = false;
|
||||
useIPv6 = mkDefault true;
|
||||
allowedDomains = mkDefault [ "*.ookla.com" "*.speedtest.net" ];
|
||||
userAgentFilterEnabled = mkDefault true;
|
||||
workerThreadPool = {
|
||||
capacity = mkDefault 30000;
|
||||
stackSizeBytes = mkDefault 102400;
|
||||
};
|
||||
ipTracking = {
|
||||
gcIntervalMinutes = mkDefault 5;
|
||||
maxIdleAgeMinutes = mkDefault 35;
|
||||
slidingWindowBucketLengthMinutes = mkDefault 5;
|
||||
metricTopIpCount = mkDefault 5;
|
||||
maxConnPerIp = mkDefault 500;
|
||||
maxConnPerBucketPerIp = mkDefault 20000;
|
||||
};
|
||||
clientAuthToken.denyInvalid = mkDefault true;
|
||||
websocket.frameSizeLimitBytes = mkDefault 5242880;
|
||||
http.maxHeadersSize = mkDefault 65536;
|
||||
};
|
||||
openSSL.server = {
|
||||
certificateFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/cert.pem";
|
||||
privateKeyFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/key.pem";
|
||||
minimumTLSProtocol = mkDefault "1.2";
|
||||
};
|
||||
logging.loggers.app = {
|
||||
name = mkDefault "Application";
|
||||
channel = {
|
||||
class = mkDefault "ConsoleChannel";
|
||||
pattern = mkDefault "[%p] %t";
|
||||
};
|
||||
level = mkDefault "information";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.ooklaserver = let
|
||||
configFile = let
|
||||
anyToString = arg: if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if (lib.isList arg) then
|
||||
lib.concatStringsSep "," (map (val: toString val) arg)
|
||||
else toString arg;
|
||||
in
|
||||
with lib; lib.pipe cfg.settings [
|
||||
(mapAttrsRecursive (path: val: "${concatStringsSep "." path} = ${anyToString val}"))
|
||||
(collect isString)
|
||||
(concatLines)
|
||||
(pkgs.writeTextDir "bin/OoklaServer.properties")
|
||||
];
|
||||
packageWithCfg = pkgs.symlinkJoin {
|
||||
name = "${cfg.package.name}-with-config";
|
||||
paths = [ cfg.package configFile ];
|
||||
};
|
||||
in {
|
||||
description = "Ookla speedtest server daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
User = "ooklaserver";
|
||||
Group = "ooklaserver";
|
||||
DynamicUser = true;
|
||||
|
||||
LoadCredential = [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
ExecStart = "${packageWithCfg}/bin/OoklaServer";
|
||||
WorkingDirectory = packageWithCfg;
|
||||
SyslogIdentifier = "ooklaserver";
|
||||
|
||||
ReadOnlyPaths = [ packageWithCfg ];
|
||||
RestrictSUIDSGID = true;
|
||||
RestrictNamespaces = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectProc = "invisible";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,97 +0,0 @@
|
|||
# I hate this so much aaa
|
||||
{
|
||||
callPackage,
|
||||
dockerTools,
|
||||
openssh,
|
||||
bash,
|
||||
gnused,
|
||||
util-linux,
|
||||
}:
|
||||
|
||||
dockerTools.buildLayeredImage {
|
||||
name = "build-worker-oci";
|
||||
tag = "latest";
|
||||
|
||||
fromImage = callPackage ./source.nix {};
|
||||
|
||||
maxLayers = 110;
|
||||
|
||||
passthru.updateScript = ./update.sh;
|
||||
|
||||
enableFakechroot = true;
|
||||
|
||||
contents = [ openssh util-linux bash gnused ];
|
||||
|
||||
config.Cmd = [ "/entrypoint.sh" ];
|
||||
|
||||
fakeRootCommands = ''
|
||||
mkdir -p /root
|
||||
cat <<EOF > /root/nix.conf
|
||||
build-users-group = nixbld
|
||||
experimental-features = nix-command flakes
|
||||
sandbox = true
|
||||
substituters = https://cache.kyouma.net https://cache.nixos.org
|
||||
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||
max-substitution-jobs = 20
|
||||
max-silent-time = 14400
|
||||
min-free = ${builtins.toString (49152 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (65536 * 1024 * 1024)}
|
||||
system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
|
||||
EOF
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
cat <<EOF > /root/.ssh/authorized_keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
|
||||
EOF
|
||||
|
||||
cat <<EOF > /root/.ssh/environment
|
||||
PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
|
||||
EOF
|
||||
|
||||
cat <<EOF > /root/sshd_config
|
||||
AcceptEnv GIT_PROTOCOL
|
||||
AuthenticationMethods publickey
|
||||
AuthorizedPrincipalsFile none
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
|
||||
GatewayPorts no
|
||||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
|
||||
KbdInteractiveAuthentication no
|
||||
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
|
||||
LogLevel INFO
|
||||
Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||
PasswordAuthentication no
|
||||
PermitRootLogin prohibit-password
|
||||
PermitUserEnvironment yes
|
||||
PrintMotd no
|
||||
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
|
||||
StreamLocalBindUnlink yes
|
||||
StrictModes yes
|
||||
UseDns no
|
||||
UsePAM no
|
||||
X11Forwarding no
|
||||
Banner none
|
||||
AddressFamily any
|
||||
Port 2222
|
||||
|
||||
Subsystem sftp ${openssh}/libexec/sftp-server
|
||||
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
|
||||
HostKey /mnt/data/ssh/ssh_host_ed25519_key
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/keys
|
||||
mkdir -p /var/empty
|
||||
mkdir -p /var/log
|
||||
|
||||
cp ${./entrypoint.sh} /entrypoint.sh
|
||||
chmod +x /entrypoint.sh
|
||||
'';
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
cat /etc/passwd > /root/passwd
|
||||
rm -f /etc/passwd
|
||||
cp /root/passwd /etc/passwd
|
||||
echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
|
||||
cat /etc/shadow > /root/shadow
|
||||
rm -f /etc/shadow
|
||||
cp /root/shadow /etc/shadow
|
||||
/bin/sed -i "s/root:!/root:*/g" /etc/shadow
|
||||
|
||||
[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
|
||||
if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
|
||||
ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
|
||||
fi
|
||||
|
||||
[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
|
||||
[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
|
||||
[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
|
||||
|
||||
rm -rf /mnt/data/nix-store/*
|
||||
|
||||
rm -f /etc/nix/nix.conf
|
||||
cp /root/nix.conf /etc/nix/nix.conf
|
||||
|
||||
/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
|
||||
/bin/mount --bind /mnt/data/tmp /tmp
|
||||
|
||||
/root/.nix-profile/bin/sshd -D -f /root/sshd_config
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
dockerTools,
|
||||
}:
|
||||
|
||||
dockerTools.pullImage {
|
||||
imageName = "nixos/nix";
|
||||
imageDigest = "sha256:fd7a5c67d396fe6bddeb9c10779d97541ab3a1b2a9d744df3754a99add4046f1";
|
||||
sha256 = "1ggkwd9zw8lj97ig7zah7dqy463hfhsgq3iwxxf8117gf8xi422s";
|
||||
finalImageName = "nixos/nix";
|
||||
finalImageTag = "latest";
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i bash -p skopeo nix-prefetch-docker
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
*)
|
||||
echo "Unknown option $1"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
IMAGE=$(nix-prefetch-docker --image-name nixos/nix --image-tag latest --arch amd64 --os linux)
|
||||
|
||||
cat > ./pkgs/build-worker-oci/source.nix << EOF
|
||||
{
|
||||
dockerTools,
|
||||
}:
|
||||
|
||||
dockerTools.pullImage ${IMAGE}
|
||||
EOF
|
||||
|
||||
nix build .\#packages.x86_64-linux.build-worker-oci
|
||||
|
||||
skopeo --insecure-policy copy docker-archive:"result" \
|
||||
docker://registry.fly.io/build-worker-kyoumanet:latest --dest-creds x:"$(flyctl auth token)" --format v2s2
|
||||
|
||||
rm "result"
|
||||
|
||||
fly deploy
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
buildGoModule,
|
||||
}:
|
||||
let
|
||||
version = "1.1.5";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-go";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-ywGrodl/mj/WB25F0TKVvaV0PV4lgc+KEj0x/ix9HT8=";
|
||||
};
|
||||
in
|
||||
buildGoModule {
|
||||
pname = "librespeed-go";
|
||||
inherit version src;
|
||||
|
||||
vendorHash = "sha256-ev5TEv8u+tx7xIvNaK8b5iq2XXF6I37Fnrr8mb+N2WM=";
|
||||
|
||||
ldflags = [ "-w" "-s" ];
|
||||
|
||||
postInstall = ''
|
||||
cp -r web/assets $out/
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A very lightweight speed test implementation in Go.";
|
||||
homepage = "https://github.com/librespeed/speedtest-go";
|
||||
license = lib.licenses.lgpl3Plus;
|
||||
maintainers = with lib.maintainers; [ snaki ];
|
||||
mainProgram = "speedtest";
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
rustPlatform,
|
||||
}:
|
||||
let
|
||||
# https://github.com/librespeed/speedtest-rust/pull/7
|
||||
version = "unstable-2024-09-28";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-rust";
|
||||
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
|
||||
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
|
||||
};
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
pname = "librespeed-rust";
|
||||
inherit version src;
|
||||
|
||||
cargoLock.lockFile = "${src}/Cargo.lock";
|
||||
|
||||
# error: linker `aarch64-linux-gnu-gcc` not found
|
||||
postPatch = ''
|
||||
rm .cargo/config.toml
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
cp -r assets $out/
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A very lightweight speed test implementation in Rust.";
|
||||
homepage = "https://github.com/librespeed/speedtest-rust";
|
||||
license = lib.licenses.lgpl3Plus;
|
||||
maintainers = with lib.maintainers; [ snaki ];
|
||||
mainProgram = "librespeed-rs";
|
||||
};
|
||||
}
|
|
@ -1,28 +1,161 @@
|
|||
{
|
||||
callPackage,
|
||||
mastodon,
|
||||
patches ? [],
|
||||
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
|
||||
, yarn-berry, callPackage, ruby, writeShellScript
|
||||
, brotli
|
||||
|
||||
# Allow building a fork or custom version of Mastodon:
|
||||
, pname ? "nyastodon"
|
||||
, version ? srcOverride.version
|
||||
, patches ? []
|
||||
# src is a package
|
||||
, srcOverride ? callPackage ./source.nix { inherit patches; }
|
||||
, gemset ? ./. + "/gemset.nix"
|
||||
, yarnHash ? srcOverride.yarnHash
|
||||
}:
|
||||
let
|
||||
src = callPackage ./source.nix {
|
||||
inherit patches;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
inherit pname version;
|
||||
|
||||
src = srcOverride;
|
||||
|
||||
mastodonGems = bundlerEnv {
|
||||
name = "${pname}-gems-${version}";
|
||||
inherit version gemset ruby;
|
||||
gemdir = src;
|
||||
};
|
||||
|
||||
yarn-deps = callPackage ./yarn.nix {
|
||||
inherit src;
|
||||
hash = src.yarnHash;
|
||||
mastodonModules = stdenv.mkDerivation {
|
||||
pname = "${pname}-modules";
|
||||
inherit src version;
|
||||
|
||||
yarnOfflineCache = callPackage ./yarn.nix {
|
||||
src = srcOverride;
|
||||
hash = yarnHash;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
|
||||
|
||||
RAILS_ENV = "production";
|
||||
NODE_ENV = "production";
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
export HOME=$PWD
|
||||
# This option is needed for openssl-3 compatibility
|
||||
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
|
||||
export NODE_OPTIONS=--openssl-legacy-provider
|
||||
|
||||
export YARN_ENABLE_TELEMETRY=0
|
||||
mkdir -p ~/.yarn/berry
|
||||
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
|
||||
|
||||
yarn install --immutable --immutable-cache
|
||||
|
||||
patchShebangs ~/bin
|
||||
patchShebangs ~/node_modules
|
||||
|
||||
# skip running yarn install
|
||||
rm -rf ~/bin/yarn
|
||||
|
||||
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
|
||||
rails assets:precompile
|
||||
yarn cache clean
|
||||
rm -rf ~/node_modules/.cache
|
||||
|
||||
# Create missing static gzip and brotli files
|
||||
gzip --best --keep ~/public/assets/500.html
|
||||
gzip --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
|
||||
-exec gzip --best --keep --force {} ';'
|
||||
brotli --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
|
||||
-exec brotli --best --keep {} ';'
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/public
|
||||
cp -r node_modules $out/node_modules
|
||||
cp -r public/assets $out/public
|
||||
cp -r public/packs $out/public
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
};
|
||||
|
||||
nyastodon = mastodon.override {
|
||||
pname = "nyastodon";
|
||||
srcOverride = src;
|
||||
gemset = ./gemset.nix;
|
||||
propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
|
||||
nativeBuildInputs = [ brotli ];
|
||||
buildInputs = [ mastodonGems nodejs-slim ];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
ln -s $mastodonModules/node_modules node_modules
|
||||
ln -s $mastodonModules/public/assets public/assets
|
||||
ln -s $mastodonModules/public/packs public/packs
|
||||
|
||||
patchShebangs bin/
|
||||
for b in $(ls $mastodonGems/bin/)
|
||||
do
|
||||
if [ ! -f bin/$b ]; then
|
||||
ln -s $mastodonGems/bin/$b bin/$b
|
||||
fi
|
||||
done
|
||||
|
||||
# Remove execute permissions
|
||||
chmod 0444 public/emoji/*.svg
|
||||
|
||||
# Create missing static gzip and brotli files
|
||||
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
|
||||
-exec gzip --best --keep --force {} ';' \
|
||||
-exec brotli --best --keep {} ';'
|
||||
find public/emoji -type f -name '.*.svg' \
|
||||
-exec gzip --best --keep --force {} ';' \
|
||||
-exec brotli --best --keep {} ';'
|
||||
ln -s assets/500.html.gz public/500.html.gz
|
||||
ln -s assets/500.html.br public/500.html.br
|
||||
ln -s packs/sw.js.gz public/sw.js.gz
|
||||
ln -s packs/sw.js.br public/sw.js.br
|
||||
ln -s packs/sw.js.map.gz public/sw.js.map.gz
|
||||
ln -s packs/sw.js.map.br public/sw.js.map.br
|
||||
|
||||
rm -rf log
|
||||
ln -s /var/log/mastodon log
|
||||
ln -s /tmp tmp
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = let
|
||||
run-streaming = writeShellScript "run-streaming.sh" ''
|
||||
# NixOS helper script to consistently use the same NodeJS version the package was built with.
|
||||
${nodejs-slim}/bin/node ./streaming
|
||||
'';
|
||||
in ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
ln -s ${run-streaming} $out/run-streaming.sh
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
tests.mastodon = nixosTests.mastodon;
|
||||
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
|
||||
updateScript = ./update.sh;
|
||||
};
|
||||
|
||||
modules = callPackage ./modules.nix {
|
||||
inherit nyastodon yarn-deps;
|
||||
meta = with lib; {
|
||||
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
||||
homepage = "https://joinmastodon.org";
|
||||
license = licenses.agpl3Plus;
|
||||
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
|
||||
};
|
||||
in
|
||||
nyastodon.overrideAttrs (_: {
|
||||
mastodonModules = modules;
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
# copied from https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/modules.nix
|
||||
{
|
||||
stdenv,
|
||||
nodejs-slim,
|
||||
yarn-berry,
|
||||
brotli,
|
||||
# previous inputs
|
||||
nyastodon,
|
||||
yarn-deps,
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
pname = "glitch-modules";
|
||||
inherit (nyastodon) src version;
|
||||
|
||||
yarnOfflineCache = yarn-deps;
|
||||
|
||||
nativeBuildInputs = [nyastodon.mastodonGems nyastodon.mastodonGems.wrappedRuby] ++ [nodejs-slim yarn-berry brotli];
|
||||
|
||||
RAILS_ENV = "production";
|
||||
NODE_ENV = "production";
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
export HOME=$PWD
|
||||
# This option is needed for openssl-3 compatibility
|
||||
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
|
||||
export NODE_OPTIONS=--openssl-legacy-provider
|
||||
|
||||
export YARN_ENABLE_TELEMETRY=0
|
||||
# what the actual *fuck* https://github.com/yarnpkg/berry/issues/6309
|
||||
export UV_USE_IO_URING=0
|
||||
mkdir -p ~/.yarn/berry
|
||||
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
|
||||
|
||||
yarn install --immutable --immutable-cache
|
||||
|
||||
patchShebangs ~/bin
|
||||
patchShebangs ~/node_modules
|
||||
|
||||
# skip running yarn install
|
||||
rm -rf ~/bin/yarn
|
||||
|
||||
OTP_SECRET=precompile_placeholder \
|
||||
SECRET_KEY_BASE=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
|
||||
rails assets:precompile
|
||||
yarn cache clean
|
||||
rm -rf ~/node_modules/.cache
|
||||
|
||||
# Create missing static gzip and brotli files
|
||||
gzip --best --keep ~/public/assets/500.html
|
||||
gzip --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
|
||||
-exec gzip --best --keep --force {} ';'
|
||||
brotli --best --keep ~/public/packs/report.html
|
||||
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
|
||||
-exec brotli --best --keep {} ';'
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/public
|
||||
cp -r node_modules $out/node_modules
|
||||
cp -r public/assets $out/public
|
||||
cp -r public/packs $out/public
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
|
@ -1,17 +1,17 @@
|
|||
# This file was generated by pkgs.mastodon.updateScript.
|
||||
{ lib, fetchgit, applyPatches, patches ? [] }:
|
||||
{ fetchgit, applyPatches, patches ? [] }:
|
||||
let
|
||||
version = "4.3.0-alpha.5+glitch+cat+1.0.8";
|
||||
version = "v4.3.0-alpha.3+glitch+cat+1.0.0+nya-1.2.2";
|
||||
in
|
||||
(
|
||||
applyPatches {
|
||||
src = fetchgit {
|
||||
url = "https://woof.rip/mirrors/catstodon.git";
|
||||
rev = "7d8714db8135f5c3dfc81964887248d76a797788";
|
||||
hash = "sha256-VPXsIRAZxNOaLRI+g2gDy582BYx5t/SHv4xIrGAFTz0=";
|
||||
url = "https://git.bsd.gay/fef/nyastodon.git";
|
||||
rev = "refs/heads/develop";
|
||||
hash = "sha256-YFQPzsqJxGOS4E/1+chB+C7vD+NlgFiRekDsGZdcL9c=";
|
||||
};
|
||||
patches = patches ++ [];
|
||||
}) // {
|
||||
inherit version;
|
||||
yarnHash = "sha256-kkjRYQPjWB1udlpIH2Q+a+bbiqXw1T/dgv3KmQk/YBY=";
|
||||
yarnHash = "sha256-XYTQaeSCaws9pR2QAYX2Y4F4BXLdQdBwYV9rCE3tYRA=";
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-git gnused jq prefetch-yarn-deps yarn-lock-converter
|
||||
set -e
|
||||
|
||||
URL=https://woof.rip/mirrors/catstodon.git
|
||||
URL=https://git.bsd.gay/fef/nyastodon.git
|
||||
|
||||
POSITIONAL=()
|
||||
while [[ $# -gt 0 ]]; do
|
||||
|
@ -38,7 +38,7 @@ done
|
|||
|
||||
if [[ -n "$POSITIONAL" ]]; then
|
||||
echo "Usage: update.sh [--url URL] [--ver VERSION] [--rev REVISION] [--patches PATCHES]"
|
||||
echo "If URL is not provided, it defaults to https://woof.rip/mirrors/nyastodon.git"
|
||||
echo "If URL is not provided, it defaults to https://git.bsd.gay/fef/nyastodon.git"
|
||||
echo "If VERSION is not provided, it defaults to the latest git revision."
|
||||
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
|
||||
exit 1
|
||||
|
@ -79,7 +79,7 @@ HASH=$(echo "$JSON" | jq -r .hash)
|
|||
|
||||
cat > source.nix << EOF
|
||||
# This file was generated by pkgs.mastodon.updateScript.
|
||||
{ lib, fetchgit, applyPatches, patches ? [] }:
|
||||
{ fetchgit, applyPatches, patches ? [] }:
|
||||
let
|
||||
version = "$VERSION";
|
||||
in
|
||||
|
@ -93,7 +93,7 @@ in
|
|||
patches = patches ++ [$PATCHES];
|
||||
}) // {
|
||||
inherit version;
|
||||
yarnHash = lib.fakeHash;
|
||||
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||
}
|
||||
EOF
|
||||
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
final: prev: {
|
||||
nyastodon = final.callPackage ./nyastodon/default.nix {};
|
||||
upgrade-system = final.callPackage ./upgrade-system/default.nix {};
|
||||
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
|
||||
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
|
||||
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
|
||||
librespeed-go = final.callPackage ./librespeed-go/default.nix {};
|
||||
nyastodon = final.callPackage ./nyastodon/default.nix { };
|
||||
upgrade-system = final.callPackage ./upgrade-system/default.nix { };
|
||||
update-nixfiles = final.callPackage ./update-nixfiles/default.nix { };
|
||||
}
|
||||
|
|
|
@ -42,7 +42,7 @@ wait_for_hydra () {
|
|||
local hydra_rev
|
||||
local counter
|
||||
counter=0
|
||||
git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)"
|
||||
git_rev="$(gitin rev-parse update-inputs)"
|
||||
while true; do
|
||||
hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
|
||||
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
|
||||
|
|
|
@ -2,7 +2,6 @@ services:
|
|||
hydra:
|
||||
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
|
||||
id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
|
||||
id_ed25519_hydra-eval: ENC[AES256_GCM,data:8YLmxuh+2ul1VtCbpXk5gORM97R5jgxkq/0GGUgAGgrUzKxeW+7onXTD3DoCz5sMaLOgtgM4ZEuMLQIxBQIwbmGPubZZhaP1nYsrgMxz/ZEjnHc7o2EOgrIa6B7v1w16D9uqRqfvA47jHyA5SoDEo7iJcEF9o34cyxCGQe0AHkhnCxcFY3u1ZNMCQ6WBPl4rlyAvZcaba6ySss9WQuzVs7IlJyOEr0F1zgl6R9cj700UnVrd27pId9xBhN1xtwob23+BnSIbq7u7HBECrQLwfDwXaDbVpHfk+cPEG23DzRXVeiy8KGEVBVE5nzx6WpRfTbh45CP0LrDVR+/G3crKiuK4mHqAtJ3UnW45clM3Gcz7VygCsjGArO3pVp4cctOZu0lD+AfAjmgl7tz7xTVLLPNhglraSLbWL3TUQ7rdtKIGggrJD7uo7k2RpUHemMtZk2+o42tYJ4uHKVELf+vACoGHGYn/2Vn6NWZEITlpOXCNNRMd7eYunFwN4HX2m9vRwUR8vtPJyOUeC957kln3,iv:r0ejnmyxNFabwzJn5gJL0tId/jP0FTrL0utFWd/DiRA=,tag:RsObDcDIkbr3tg2863b19Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -18,8 +17,8 @@ sops:
|
|||
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
|
||||
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-23T22:18:12Z"
|
||||
mac: ENC[AES256_GCM,data:80Dul9VV/MpL/IgWilpne4szz28rQPV0fgdjTfX33c6hO1OiARDFrY6hRTAk38AKakkIFwmneBlmTfFpgN6pstqX9f4YNtHLdi6KXoJzBL9v6+gyY5ypJwKftpXcKUuJUo/A03HA8Grq4vhOqsUEO7HXofj96GxKcMtHONgcTbI=,iv:v140qo5vnEsJhObV5GgLgBbU2/AoROfSSvEiAXl+Kgg=,tag:vitC7J3pSGA9WkNzfFVmXw==,type:str]
|
||||
lastmodified: "2024-05-14T12:01:05Z"
|
||||
mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-05-10T18:05:16Z"
|
||||
enc: |-
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
services:
|
||||
nyastodon:
|
||||
secretKeyBaseFile: ENC[AES256_GCM,data:VywfWY41tcM6zDCMlCLnOh5hRCkb3dLCmfDgcT0QoKTqlV2QqlutQMOAG4DA06HuIyext6DGOkvAsDGLIHb7SWblU6UaQgpoUCp+WpHqCc/fxzg9EsOy9ApF4ESCj/Fb+l55eRS7QlC7isU9zxWW5H9ccMxbmZcGePN8aGyZbaU=,iv:GHg1/Q64uuxFmbt9X/+WbmuHUVlXcK7fd0W+flYoxVs=,tag:8tlsSUXfyb67Cx4Eejmg9A==,type:str]
|
||||
otpSecretFile: ENC[AES256_GCM,data:Gu0MAnP4E+oTNtVeqeKpI3RceCotoqo2kVKJXiCEUtw3Sm206nDIyfdcX7r7Ho+nlpwe05gYFYSb+ISgmz8p8bTxmAc2J/1fFnmC+6V/3d5sNP+a0KIdA0xVZ+HRTqe+N8X1n8n0FzbBvps5IZ4Y02Jvf7dK5QQyxj6H5fFzdhs=,iv:QrO78qm4jCBbdDPqoprVUHMM6XC9YTQ+U4zAnMVaHcM=,tag:HIzQUwsYi3i+SoDbbuaMUg==,type:str]
|
||||
vapidPrivateKeyFile: ENC[AES256_GCM,data:YhT0xABuEa8VIlpzl1IAd5Jkni9xKBazF0EJssDfRfry7RHvrj5qyMkK17w=,iv:cfbspnityKGgGOohXcwGY6h8k2VbW35wa+Lzc/Z71mc=,tag:bK02soRkqcmkPKB/n2w/ug==,type:str]
|
||||
vapidPublicKeyFile: ENC[AES256_GCM,data:CIv5x7oG4oJ13suTlMUEDnih26rQ6XhHFiyXz3kRjVkNiWFylLxRvpmCRvgogFQoH05MRTTm50qPK7GTFc0N/XMucGSS4bHpZFc/g/OJJAfjHWUixamK0w==,iv:Vo9txxYAY0YOmv23w94S7K0vh8QntCKiK7/VwA439P8=,tag:UtJmMFnnyYPgypDFBtgKjQ==,type:str]
|
||||
extraEnvFile: ENC[AES256_GCM,data:kaMYIkHq7TluFww4SnQiVrEgm0+yIbXFucbMWRzdpq0KSrBD2Wim014KljfnGC6udMGApzhACHCRx0K5HtjxUW0dtoasQOregHZQL8peuvm8hWwsvAm4Y+uNY4zz6XU+2vZgUFLFWkJdRjWngc4Va2lLn0rGGV1GtGHUJrvCjNz931XGjVERaSqfBbcJ5YzrevIreixCqcqTPWm5VlpGYtzS3dQptqRb/fu/x3ewZIRUV0pwDCZC4x0PNTI7I2fEyWrNEqwaA/7gPIwu600PGYf5gIP+1UNLhbhdGJjCl6PKL2srNs8=,iv:3Dfw5FEGvHzvCIslTFAoy0Y6Vzp/KjT4sAJq7nWgBSs=,tag:CZmVCBJrxVyCvtV03qaP7A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTdsY1F6bXFtNWcvTlEw
|
||||
YVBSUHFKOFVaUTBBNDQ1YURrTDcyTkMrcndzClRZbkw1a2xzU2lwZDM3QVE5dFhs
|
||||
ay8rYmt5QUFVTGpNVzJkTzlTOElSZVUKLS0tIGYwUDFKazhNcFZvNVEwT3R3K2FM
|
||||
Y0RKVmdleHJBZ0lkNzNJbVc2UzY5dU0KEK8p4FnlZ5LRXl4LAYBnhKssxS5wVOzn
|
||||
sK+T3B6sduuFsCDtKj8PslRHqhqUzKx9zHnmEzVdknz5lMu3VR8dig==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-14T18:02:20Z"
|
||||
mac: ENC[AES256_GCM,data:M5jjc6EjOS07PEc36z5Bj5wKYcIILFH34AWgdQDWsST4xeyFl+I0nDBJNxfsHuh9j5DOiqVSQsgGVww5ldb491JC6CDwAbjU/vAU9qmncBU6QGH3li/iqUQgL5i6JRBwdiuaDG+MUG9uYuyJoQrFFY64ysKcZEu50Uz3ZFE4zzA=,iv:EIewnDy+oBC1x/TMLbF7qwrjvq/eRW6D5VXOpmWQUf0=,tag:E7OQfoVQFABZw6CrFpBb0g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-08-14T17:48:29Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D1GtNSlou/HkSAQdAjC0ApM8rgWrRJZNhQp67X7SsTM3bR6eG39MKdzyDIXYw
|
||||
pXMhu4F75V2X22ptlUfvIyCZWk2Xo4O3DvyjjTPXPucvgKDq3sCrUZ5s7PzuSPkL
|
||||
0l4BybEwUNioL8xs8+Mft6kFAXiXQX3f4Y5IYNi2L5uboDEASyXpmwE14FAITeIO
|
||||
XAsG0U6WAh/GtOtaP4R7samvM67e4CSbijxM4FaITZa1K4LcmSeVGl3SgiSAuDj2
|
||||
=KquB
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|