Compare commits
234 commits
update-inp
...
main
Author | SHA1 | Date | |
---|---|---|---|
db728f1fc0 | |||
deb35998b7 | |||
d4b4561588 | |||
71f81dbb0f | |||
d0e97fa1ed | |||
8a93fb6c56 | |||
52f13d5dbd | |||
|
9fea7edfec | ||
|
242e72e7cb | ||
|
ddb7bf0d93 | ||
247420a189 | |||
|
c2c39502c8 | ||
|
8b86e66c9d | ||
af4e5a7127 | |||
8910001198 | |||
a03fc6bb9c | |||
59ef761474 | |||
c0c8f825fc | |||
73eaf9c154 | |||
6b0e944765 | |||
3e03107d00 | |||
320717a71d | |||
38397e271b | |||
8444f3e28c | |||
faafea4739 | |||
|
c6f27fc33a | ||
|
9cbf6f9558 | ||
018d5f4cd4 | |||
f436f8fcdb | |||
ff8630ece5 | |||
|
19d07a5e45 | ||
8c02b4a16d | |||
|
73f1a6c65a | ||
650a206aa4 | |||
|
dc91b774a4 | ||
|
b8a24dfc2f | ||
30665c65aa | |||
6eb2393d7e | |||
4c2f141db5 | |||
29b7574b86 | |||
24819a7f56 | |||
695892638a | |||
d1091ec8ba | |||
d6328117b8 | |||
2ca15ddaad | |||
2388e80dd9 | |||
992b4796ad | |||
|
03c32f38d0 | ||
a3d92ecedd | |||
|
87ac22ac91 | ||
06bd495dd9 | |||
|
0ba6f7874b | ||
e5004ed8fd | |||
|
81842a1f3e | ||
e6de0b8257 | |||
|
9f9f6d7b76 | ||
|
840b178b59 | ||
|
82022ac8b9 | ||
|
e66731bd82 | ||
|
be5d1f2958 | ||
|
391c1adf40 | ||
1dd90e2037 | |||
90692c9bc1 | |||
|
ba4345c402 | ||
e76c317759 | |||
|
1e9b66957b | ||
4ea602f398 | |||
|
669c6b695f | ||
|
7af4450578 | ||
6c7f6bd789 | |||
|
38a2b135f0 | ||
d546dc3712 | |||
8b5239404b | |||
|
fa10cf8993 | ||
0c31324e8f | |||
4de085154b | |||
|
5129bab73d | ||
|
e974c61904 | ||
|
fc41ef1f97 | ||
|
6a0d2ae272 | ||
|
87cfddba6e | ||
|
e36fb1550e | ||
|
147b9e9673 | ||
50e3b402fc | |||
b32ddfa0a1 | |||
|
1f8a1403d3 | ||
|
f04564930a | ||
eac20c1f2e | |||
|
a698502f25 | ||
|
a2141e6ccf | ||
a74c1d8585 | |||
|
f091338a53 | ||
|
72dfd80e05 | ||
58e0708ff9 | |||
|
1c8bfba590 | ||
|
a0f0dc73d2 | ||
7b2b29aa9f | |||
|
50be012843 | ||
|
6e355613a3 | ||
|
cc3dcbbeb5 | ||
|
97fad990a5 | ||
|
81ecd43174 | ||
|
55982c87a1 | ||
|
5486e29490 | ||
9cf734c7ff | |||
|
1863e2a718 | ||
|
896580046f | ||
|
6f96e220e3 | ||
|
5f432307c7 | ||
|
ec07bbcb11 | ||
|
599ce3247d | ||
e56c756223 | |||
66bfeade06 | |||
4422ecabc3 | |||
|
052faf0dae | ||
1b2c329422 | |||
|
bd246c4022 | ||
ed3c9c2c7e | |||
7ea51e7e28 | |||
909e1d81e1 | |||
509219aeb3 | |||
9193287ca8 | |||
|
937f7d2103 | ||
0d5158fb36 | |||
|
bf5e1c03f9 | ||
|
70f76b0c3e | ||
|
3600ccf512 | ||
|
0f578b4b7c | ||
|
363a76fc44 | ||
|
1b2a6405b9 | ||
|
0024b744e4 | ||
bfc46c3164 | |||
|
5f96194984 | ||
|
8574c3104e | ||
|
fb7628d979 | ||
5660ee6f2f | |||
dc2db99c72 | |||
|
b4693e11fd | ||
2986df9e03 | |||
0afbda1448 | |||
a7764b3311 | |||
|
4d5f52e9e2 | ||
e4dae7955a | |||
10c7e7cee8 | |||
d6bdadef61 | |||
decd75c77d | |||
fcf0e28b1d | |||
|
a75ab9df9c | ||
eef846fc41 | |||
|
48b263f087 | ||
|
33ba020cc3 | ||
|
9a247218d1 | ||
|
d072c492cb | ||
|
53bbb17bba | ||
|
b7a042278c | ||
38f9b8299e | |||
|
d2ea963076 | ||
|
3227d7f5ef | ||
099d8255a2 | |||
6a8b02c799 | |||
|
cf6f59babf | ||
|
5ff3aba810 | ||
28c7dcc1da | |||
|
5068006114 | ||
|
297e27c163 | ||
2fb286355a | |||
|
abc2784495 | ||
|
2aa4c4fa2f | ||
|
6f42cedd30 | ||
|
8fa3d10b56 | ||
|
a611b906f3 | ||
|
a303a8b42e | ||
2b0c89f824 | |||
|
14d7afd685 | ||
|
3ec6b8bb36 | ||
c5626f91f8 | |||
72ee75f712 | |||
|
8c99483e2f | ||
75d866774c | |||
dc2705dfa6 | |||
|
299514c083 | ||
c59b2826f7 | |||
d76655faa9 | |||
9163da98ee | |||
|
df40b9af8e | ||
ffac050b97 | |||
|
3f91e0b932 | ||
c170ebf123 | |||
e34cbc3aa2 | |||
|
6de8368ec7 | ||
|
2fb1e4b060 | ||
|
cbf02fecb4 | ||
|
afe4a90e7f | ||
|
73954ddf32 | ||
|
7669333ce9 | ||
de47710bfa | |||
|
e8461efe17 | ||
|
58c0439a51 | ||
|
b5a95ac91e | ||
|
1304539f5e | ||
|
be247c23e7 | ||
|
75de16889e | ||
|
078d120b98 | ||
|
dad85eddd1 | ||
0b154948b6 | |||
|
28af5275d6 | ||
|
7e76356772 | ||
|
3993447c62 | ||
|
13a84e242e | ||
|
4b8bbd97b0 | ||
|
a53651448d | ||
|
7b26ec8a9f | ||
72cd4b6d78 | |||
d681beae48 | |||
e6a04e5c3a | |||
|
da539e687b | ||
4c533c6bf3 | |||
|
8a750c57b7 | ||
|
b39d5f25b8 | ||
471e3df439 | |||
db7e4b50af | |||
b6331e6569 | |||
7a1292eda9 | |||
f2a212f1b6 | |||
28817ddac9 | |||
2cf362376c | |||
ab50d3e1c0 | |||
4ffe117269 | |||
88b7a63bb0 | |||
c4f3ccc4b5 | |||
114beec6ec | |||
|
7696430491 | ||
|
033d83ad28 | ||
|
914c0ed227 |
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
||||||
testing/**
|
testing/**
|
||||||
|
result
|
||||||
|
|
39
.sops.yaml
|
@ -1,7 +1,10 @@
|
||||||
keys:
|
keys:
|
||||||
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||||
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
||||||
- &alucard age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
||||||
|
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||||
|
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
||||||
|
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/services/dns-knot.yaml
|
- path_regex: secrets/services/dns-knot.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -20,13 +23,13 @@ creation_rules:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *emily
|
- *emily
|
||||||
age:
|
age:
|
||||||
- *alucard
|
- *emilia
|
||||||
- path_regex: secrets/services/vaultwarden.yaml
|
- path_regex: secrets/services/vaultwarden.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *emily
|
- *emily
|
||||||
age:
|
age:
|
||||||
- *alucard
|
- *emilia
|
||||||
- path_regex: secrets/services/hydra.yaml
|
- path_regex: secrets/services/hydra.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
@ -39,3 +42,33 @@ creation_rules:
|
||||||
- *emily
|
- *emily
|
||||||
age:
|
age:
|
||||||
- *seras
|
- *seras
|
||||||
|
- path_regex: secrets/services/nyastodon.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *girldick
|
||||||
|
- path_regex: secrets/hosts/seras.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *seras
|
||||||
|
- path_regex: secrets/services/akkoma.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *florp
|
||||||
|
- path_regex: secrets/restic/zh3485s1.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *florp
|
||||||
|
- path_regex: secrets/restic/zh3485s2.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *crime
|
||||||
|
|
|
@ -13,11 +13,11 @@ $ nix run github:nix-community/nixos-anywhere -- --flake ".#<configuration>" roo
|
||||||
### desktops
|
### desktops
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ nix --extra-experimental-features nix-command run github:nix-community/nixos-anywhere -- --flake "git+https://git.bsd.gay/snaki/nixfiles.git#<configuration>" --no-reboot --build-on-target root@127.0.0.1
|
$ nix --extra-experimental-features nix-command run github:nix-community/nixos-anywhere -- --flake "git+https://woof.rip/emily/nixfiles.git#<configuration>" --no-reboot --build-on-target root@127.0.0.1
|
||||||
$ nixos-enter
|
$ nixos-enter
|
||||||
$ passwd <local-user>
|
$ passwd <local-user>
|
||||||
reboot
|
reboot
|
||||||
$ git clone https://git.bsd.gay/snaki/nixfiles.git
|
$ git clone https://woof.rip/emily/nixfiles.git
|
||||||
$ colmena apply-local --sudo --node <node>
|
$ colmena apply-local --sudo --node <node>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, inputs, lib, pkgs, ... }: let
|
||||||
|
inherit (lib) mkDefault;
|
||||||
with lib; {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./kernel.nix
|
./kernel.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./openssh.nix
|
./openssh.nix
|
||||||
./users
|
./users.nix
|
||||||
../../modules
|
../../modules
|
||||||
|
inputs.lix-module.nixosModules.default
|
||||||
];
|
];
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
kitty.terminfo
|
kitty.terminfo
|
||||||
|
@ -22,8 +23,9 @@ with lib; {
|
||||||
man-pages-posix
|
man-pages-posix
|
||||||
unzip
|
unzip
|
||||||
zip
|
zip
|
||||||
|
fd
|
||||||
figlet
|
figlet
|
||||||
];
|
];
|
||||||
programs = {
|
programs = {
|
||||||
mtr.enable = true;
|
mtr.enable = true;
|
||||||
fish.enable = true;
|
fish.enable = true;
|
||||||
|
@ -53,6 +55,7 @@ with lib; {
|
||||||
'';
|
'';
|
||||||
users.motdFile = "/var/lib/deployment/motd";
|
users.motdFile = "/var/lib/deployment/motd";
|
||||||
|
|
||||||
|
nix.package = pkgs.lix.override { enableGC = true; };
|
||||||
nix.gc.automatic = true;
|
nix.gc.automatic = true;
|
||||||
nix.gc.options = "--delete-older-than 7d";
|
nix.gc.options = "--delete-older-than 7d";
|
||||||
nix.optimise.automatic = true;
|
nix.optimise.automatic = true;
|
||||||
|
@ -61,7 +64,7 @@ with lib; {
|
||||||
path = pkgs.path;
|
path = pkgs.path;
|
||||||
};
|
};
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
experimental-features = [ "nix-command" "flakes" "pipe-operator" ];
|
||||||
trusted-users = [ "root" "@wheel" ];
|
trusted-users = [ "root" "@wheel" ];
|
||||||
substituters = [ "https://cache.kyouma.net" ];
|
substituters = [ "https://cache.kyouma.net" ];
|
||||||
trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
|
trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
|
||||||
|
@ -103,6 +106,6 @@ with lib; {
|
||||||
|
|
||||||
services.fprintd.enable = config.kyouma.machine-type.graphical;
|
services.fprintd.enable = config.kyouma.machine-type.graphical;
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = mkDefault "23.11";
|
||||||
time.timeZone = mkDefault "CET";
|
time.timeZone = mkDefault "CET";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
{ config, lib, ... }: with lib; {
|
{ lib, ... }: with lib; {
|
||||||
networking = {
|
networking = {
|
||||||
domain = mkDefault "kyouma.net";
|
domain = mkDefault "kyouma.net";
|
||||||
|
dhcpcd.enable = false;
|
||||||
|
useDHCP = false;
|
||||||
nftables.enable = mkDefault true;
|
nftables.enable = mkDefault true;
|
||||||
firewall.logRefusedConnections = mkDefault false;
|
firewall.logRefusedConnections = mkDefault false;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.enable = true;
|
systemd.network.enable = true;
|
||||||
networking.dhcpcd.enable = false;
|
|
||||||
|
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -11,6 +11,8 @@ let
|
||||||
sigAlgorithms = [
|
sigAlgorithms = [
|
||||||
"ssh-ed25519-cert-v01@openssh.com"
|
"ssh-ed25519-cert-v01@openssh.com"
|
||||||
"ssh-ed25519"
|
"ssh-ed25519"
|
||||||
|
"sk-ssh-ed25519-cert-v01@openssh.com"
|
||||||
|
"sk-ssh-ed25519@openssh.com"
|
||||||
];
|
];
|
||||||
|
|
||||||
kexAlgorithms = [
|
kexAlgorithms = [
|
||||||
|
@ -37,7 +39,7 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = "prohibit-password";
|
PermitRootLogin = "no";
|
||||||
|
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
KbdInteractiveAuthentication = false;
|
KbdInteractiveAuthentication = false;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./emily
|
../users/emily
|
||||||
];
|
];
|
||||||
}
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ modulesPath, config, lib, inputs, pkgs, ... }: {
|
{ modulesPath, inputs, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
@ -52,7 +52,7 @@
|
||||||
|
|
||||||
programs.eza = {
|
programs.eza = {
|
||||||
enable = true;
|
enable = true;
|
||||||
icons = true;
|
icons = "auto";
|
||||||
git = true;
|
git = true;
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--color-scale=all"
|
"--color-scale=all"
|
||||||
|
|
|
@ -1,31 +1,31 @@
|
||||||
{ config, pkgs, ... }: {
|
{ inputs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
|
../../users/lucy
|
||||||
../../profiles/headless.nix
|
../../profiles/headless.nix
|
||||||
../../profiles/kartoffel.nix
|
../../profiles/kartoffel.nix
|
||||||
../../profiles/lxc.nix
|
../../profiles/lxc.nix
|
||||||
|
../../services/arrs
|
||||||
|
../../services/jellyfin.nix
|
||||||
../../services/nginx.nix
|
../../services/nginx.nix
|
||||||
./nginx.nix
|
inputs.oth.nixosModules.default
|
||||||
];
|
];
|
||||||
networking = {
|
networking.hostName = "crime";
|
||||||
hostName = "crime";
|
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
firewall.allowedUDPPorts = [ 443 ];
|
|
||||||
};
|
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
"2a0f:be01:0:100::1337/128"
|
"2a0f:be01:0:100::b00b:a/128"
|
||||||
"2a0f:be01:0:100::1338/128"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
kyouma.nginx.defaultForbidden = "fentanyl.trade";
|
||||||
security.acme.certs = {
|
kyouma.restic = {
|
||||||
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
|
enable = true;
|
||||||
"crime.kyouma.net" = {};
|
remoteUser = "zh3485s2";
|
||||||
|
paths = [
|
||||||
|
"/var/lib/jellyfin"
|
||||||
|
"/var/lib/radarr"
|
||||||
|
"/var/lib/sonarr"
|
||||||
|
"/var/lib/private/prowlarr"
|
||||||
|
"/home"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.jellyfin.enable = true;
|
|
||||||
services.sonarr.enable = true;
|
|
||||||
services.radarr.enable = true;
|
|
||||||
services.prowlarr.enable = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,114 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
landingPage = pkgs.writeTextDir "index.html" ''
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>crime.kyouma.net</title>
|
|
||||||
<style>
|
|
||||||
body {
|
|
||||||
width: 35em;
|
|
||||||
margin: 0 auto;
|
|
||||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>Welcome to crime.kyouma.net!</h1>
|
|
||||||
<p>If you see this page, the nginx web server is successfully installed and
|
|
||||||
working. Further configuration is required.</p>
|
|
||||||
|
|
||||||
<p>Sonarr
|
|
||||||
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
|
|
||||||
Radarr
|
|
||||||
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
|
|
||||||
Prowlarr
|
|
||||||
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
|
|
||||||
|
|
||||||
<p><em>Thank you for using nginx.</em></p>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
'';
|
|
||||||
extraConfig = ''
|
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header Referrer-Policy "same-origin" always;
|
|
||||||
'';
|
|
||||||
proxyConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
'';
|
|
||||||
jellyAddr = "[::1]";
|
|
||||||
jellyWeb = {
|
|
||||||
forceSSL = true;
|
|
||||||
#http3 = true;
|
|
||||||
#quic = true;
|
|
||||||
inherit extraConfig;
|
|
||||||
|
|
||||||
locations = {
|
|
||||||
"= /".return = "302 https://$host/web/";
|
|
||||||
"/" = {
|
|
||||||
proxyPass = "http://${jellyAddr}:8096";
|
|
||||||
extraConfig = ''
|
|
||||||
${proxyConfig}
|
|
||||||
proxy_buffering on;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"= /web/" = {
|
|
||||||
proxyPass = "http://${jellyAddr}:8096/web/index.html";
|
|
||||||
extraConfig = proxyConfig;
|
|
||||||
};
|
|
||||||
"/socket" = {
|
|
||||||
proxyPass = "http://${jellyAddr}:8096";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = proxyConfig;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts = {
|
|
||||||
"fentanyl.trade" = jellyWeb // {
|
|
||||||
enableACME = true;
|
|
||||||
};
|
|
||||||
"frotti.ng" = jellyWeb // {
|
|
||||||
useACMEHost = "fentanyl.trade";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
kyouma.nginx.virtualHosts = {
|
|
||||||
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
|
|
||||||
"redirect" = {
|
|
||||||
default = true;
|
|
||||||
reuseport = true;
|
|
||||||
useACMEHost = "fentanyl.trade";
|
|
||||||
extraConfig = ''
|
|
||||||
return 403;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"crime.kyouma.net" = {
|
|
||||||
listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
|
|
||||||
locations = {
|
|
||||||
"/".root = landingPage;
|
|
||||||
"/sonarr/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:8989";
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
};
|
|
||||||
"/radarr/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:7878";
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
};
|
|
||||||
"/prowlarr/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:9696";
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
37
config/hosts/emilia/configuration.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ ... }:{
|
||||||
|
imports = [
|
||||||
|
../../common
|
||||||
|
../../profiles/headless.nix
|
||||||
|
../../profiles/physical.nix
|
||||||
|
../../services/forgejo.nix
|
||||||
|
../../services/nginx.nix
|
||||||
|
../../services/uptime-kuma.nix
|
||||||
|
../../services/vaultwarden.nix
|
||||||
|
../../services/librespeed.nix
|
||||||
|
./disko.nix
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [ "i915" ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "btrfs" ];
|
||||||
|
|
||||||
|
kyouma.machine-type.physical = true;
|
||||||
|
kyouma.nginx.defaultForbidden = "uptime.kyouma.net";
|
||||||
|
|
||||||
|
networking.hostName = "emilia";
|
||||||
|
|
||||||
|
systemd.network.networks."98-eth-default" = {
|
||||||
|
matchConfig.MACAddress = "04:d4:c4:39:73:f6";
|
||||||
|
addresses = [
|
||||||
|
{
|
||||||
|
Address = "95.217.83.107/32";
|
||||||
|
Peer = "95.217.83.65/32";
|
||||||
|
}
|
||||||
|
{ Address = "2a01:4f9:4a:1f5f::1/64"; }
|
||||||
|
];
|
||||||
|
routes = [
|
||||||
|
{ Gateway = "95.217.83.65"; }
|
||||||
|
{ Gateway = "fe80::1"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
72
config/hosts/emilia/disko.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ inputs, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.disko.nixosModules.disko
|
||||||
|
];
|
||||||
|
disko.devices = {
|
||||||
|
disk.bb-nvme0n1 = {
|
||||||
|
device = "/dev/disk/by-id/nvme-eui.343337304e4032870025384100000001";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
BOOT = {
|
||||||
|
type = "EF00";
|
||||||
|
size = "512M";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = [ "/dev/disk/by-partlabel/disk-aa-nvme1n1-root" "-f" "-d raid1" "-m raid1" ];
|
||||||
|
subvolumes = {
|
||||||
|
"nixos" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
"var" = {
|
||||||
|
mountpoint = "/var";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
"home" = {
|
||||||
|
mountpoint = "/home";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
"nix" = {
|
||||||
|
mountpoint = "/nix";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
disk.aa-nvme1n1 = {
|
||||||
|
device = "/dev/disk/by-id/nvme-eui.343337304d8021880025384500000001";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
BOOT = {
|
||||||
|
type = "EF00";
|
||||||
|
size = "512M";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
type = "8300";
|
||||||
|
size = "100%";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
9
config/hosts/emilia/hardware-configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ modulesPath, ... }: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
}
|
||||||
|
|
68
config/hosts/florp/configuration.nix
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
{ lib, config, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
../../common
|
||||||
|
../../profiles/headless.nix
|
||||||
|
../../profiles/kartoffel.nix
|
||||||
|
../../profiles/lxc.nix
|
||||||
|
../../services/akkoma
|
||||||
|
../../services/nginx.nix
|
||||||
|
];
|
||||||
|
networking = {
|
||||||
|
hostName = "florp";
|
||||||
|
domain = lib.mkForce "social";
|
||||||
|
};
|
||||||
|
systemd.network.networks."98-eth-default" = {
|
||||||
|
address = [
|
||||||
|
"2a0f:be01:0:100::171/128"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
kyouma.nginx.defaultForbidden = "florp.social";
|
||||||
|
kyouma.restic = let
|
||||||
|
pgBackup = "/var/cache/postgresql.sql";
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
remoteUser = "zh3485s1";
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "hourly";
|
||||||
|
Persistent = true;
|
||||||
|
};
|
||||||
|
paths = [
|
||||||
|
"/var/lib/akkoma"
|
||||||
|
"/var/lib/secrets"
|
||||||
|
pgBackup
|
||||||
|
];
|
||||||
|
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
umask 0077
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
|
||||||
|
${config.services.postgresql.superUser} >${pgBackup}
|
||||||
|
'';
|
||||||
|
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm -f -- ${pgBackup}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql.settings = {
|
||||||
|
max_connections = 128;
|
||||||
|
shared_buffers = "4GB";
|
||||||
|
effective_cache_size = "12GB";
|
||||||
|
maintenance_work_mem = "1GB";
|
||||||
|
checkpoint_completion_target = 0.9;
|
||||||
|
wal_buffers = "16MB";
|
||||||
|
default_statistics_target = 100;
|
||||||
|
random_page_cost = 1.1;
|
||||||
|
effective_io_concurrency = 200;
|
||||||
|
work_mem = "34952kB";
|
||||||
|
huge_pages = "try";
|
||||||
|
min_wal_size = "2GB";
|
||||||
|
max_wal_size = "8GB";
|
||||||
|
max_worker_processes = 16;
|
||||||
|
max_parallel_workers_per_gather = 4;
|
||||||
|
max_parallel_workers = 16;
|
||||||
|
max_parallel_maintenance_workers = 4;
|
||||||
|
};
|
||||||
|
system.stateVersion = "24.11";
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, inputs, ... }: {
|
{ lib, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/kartoffel.nix
|
../../profiles/kartoffel.nix
|
||||||
|
@ -11,7 +11,6 @@
|
||||||
domain = lib.mkForce "girldick.gay";
|
domain = lib.mkForce "girldick.gay";
|
||||||
hostName = "staging";
|
hostName = "staging";
|
||||||
nftables.enable = lib.mkForce false;
|
nftables.enable = lib.mkForce false;
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/builder.nix
|
../../profiles/builder.nix
|
||||||
|
@ -14,10 +14,16 @@
|
||||||
|
|
||||||
kyouma.machine-type.physical = true;
|
kyouma.machine-type.physical = true;
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "integra";
|
||||||
hostName = "integra";
|
|
||||||
useDHCP = false;
|
nix.sshServe.keys = [
|
||||||
};
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
matchConfig.Type = "ether";
|
matchConfig.Type = "ether";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, ... }: {
|
{ inputs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }: {
|
{ modulesPath, ... }: {
|
||||||
imports =
|
imports = [
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, lib, pkgs, ... }: {
|
{ lib, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/rpi.nix
|
../../profiles/rpi.nix
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ config, lib, inputs, ... }: {
|
{ lib, inputs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
../../profiles/headless.nix
|
../../profiles/headless.nix
|
||||||
|
@ -6,7 +6,7 @@
|
||||||
];
|
];
|
||||||
kyouma.machine-type.physical = false;
|
kyouma.machine-type.physical = false;
|
||||||
|
|
||||||
systemd.network.networks."98-eth-static" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
matchConfig.Type = "ether";
|
matchConfig.Type = "ether";
|
||||||
matchConfig.Name = "e*";
|
matchConfig.Name = "e*";
|
||||||
linkConfig.RequiredForOnline = "routable";
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
@ -20,8 +20,8 @@
|
||||||
"185.244.193.190/22"
|
"185.244.193.190/22"
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{ routeConfig.Gateway = "fe80::1"; }
|
{ Gateway = "fe80::1"; }
|
||||||
{ routeConfig.Gateway = "185.244.192.1"; }
|
{ Gateway = "185.244.192.1"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
services.powerdns = {
|
services.powerdns = {
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
|
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
|
||||||
../../common
|
../../common
|
||||||
../../profiles/graphical
|
../../profiles/physical.nix
|
||||||
./hardware-configuration.nix
|
|
||||||
./disko.nix
|
./disko.nix
|
||||||
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.extraModprobeConfig = ''
|
boot.extraModprobeConfig = ''
|
||||||
|
@ -21,18 +21,14 @@
|
||||||
"rcu_nocbs=0-8"
|
"rcu_nocbs=0-8"
|
||||||
|
|
||||||
];
|
];
|
||||||
boot.loader = {
|
|
||||||
systemd-boot.enable = true;
|
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
hardware.gpgSmartcards.enable = true;
|
hardware.gpgSmartcards.enable = true;
|
||||||
hardware.nitrokey.enable = true;
|
hardware.nitrokey.enable = true;
|
||||||
|
|
||||||
hardware.opengl = {
|
hardware.graphics = {
|
||||||
driSupport32Bit = true;
|
enable = true;
|
||||||
|
enable32Bit = true;
|
||||||
extraPackages = with pkgs; [
|
extraPackages = with pkgs; [
|
||||||
intel-media-driver
|
intel-media-driver
|
||||||
libvdpau-va-gl
|
libvdpau-va-gl
|
||||||
|
@ -44,8 +40,13 @@
|
||||||
extraBackends = [ pkgs.utsushi ];
|
extraBackends = [ pkgs.utsushi ];
|
||||||
};
|
};
|
||||||
|
|
||||||
kyouma.machine-type.physical = true;
|
kyouma = {
|
||||||
kyouma.machine-type.portable = true;
|
graphical = {
|
||||||
|
enable = true;
|
||||||
|
compositor = "hyprland";
|
||||||
|
};
|
||||||
|
machine-type.portable = true;
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "ryuuko";
|
networking.hostName = "ryuuko";
|
||||||
networking.firewall.allowedTCPPorts = [ 22000 ];
|
networking.firewall.allowedTCPPorts = [ 22000 ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, ... }: {
|
{ inputs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ ... }: {
|
{ pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common
|
../../common
|
||||||
|
../../users/nil
|
||||||
../../profiles/builder.nix
|
../../profiles/builder.nix
|
||||||
../../profiles/headless.nix
|
../../profiles/headless.nix
|
||||||
../../profiles/kartoffel.nix
|
../../profiles/kartoffel.nix
|
||||||
|
@ -9,15 +10,43 @@
|
||||||
../../services/hydra
|
../../services/hydra
|
||||||
../../services/update-nixfiles.nix
|
../../services/update-nixfiles.nix
|
||||||
];
|
];
|
||||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
||||||
|
|
||||||
networking = {
|
boot.binfmt = {
|
||||||
hostName = "seras";
|
preferStaticEmulators = true;
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.hostName = "seras";
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
"2a0f:be01:0:100::169/128"
|
"2a0f:be01:0:100::169/128"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.postgresql.settings = {
|
||||||
|
max_connections = 200;
|
||||||
|
shared_buffers = "24GB";
|
||||||
|
effective_cache_size = "72GB";
|
||||||
|
maintenance_work_mem = "2GB";
|
||||||
|
checkpoint_completion_target = 0.9;
|
||||||
|
wal_buffers = "16MB";
|
||||||
|
default_statistics_target = 100;
|
||||||
|
random_page_cost = 1.1;
|
||||||
|
effective_io_concurrency = 200;
|
||||||
|
work_mem = "31457kB";
|
||||||
|
huge_pages = "try";
|
||||||
|
min_wal_size = "1GB";
|
||||||
|
max_wal_size = "4GB";
|
||||||
|
max_worker_processes = 32;
|
||||||
|
max_parallel_workers_per_gather = 4;
|
||||||
|
max_parallel_workers = 32;
|
||||||
|
max_parallel_maintenance_workers = 4;
|
||||||
|
};
|
||||||
|
|
||||||
|
kyouma.ooklaserver = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
domain = "speedtest.kyouma.net";
|
||||||
|
settings.openSSL.server.minimumTLSProtocol = "1.3";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, lib, pkgs, ... }: {
|
{ config, inputs, lib, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.fernglas.nixosModules.default
|
inputs.fernglas.nixosModules.default
|
||||||
inputs.kyouma-www.nixosModules.default
|
inputs.kyouma-www.nixosModules.default
|
||||||
|
@ -11,8 +11,7 @@
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "web-dus";
|
hostName = "web-dus";
|
||||||
nftables.enable = lib.mkForce false;
|
nftables.enable = lib.mkForce false;
|
||||||
firewall.allowedTCPPorts = [ 80 443 11019 ];
|
firewall.allowedTCPPorts = [ 11019 ];
|
||||||
firewall.allowedUDPPorts = [ 443 ];
|
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
address = [
|
address = [
|
||||||
|
|
|
@ -1,18 +1,19 @@
|
||||||
{ lib, pkgs, ... }: {
|
{ lib, pkgs, ... }: {
|
||||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||||
nix.gc.options = lib.mkForce "--delete-older-than 60d";
|
nix.settings = {
|
||||||
nix.settings.trusted-users = [ "build" ];
|
trusted-users = [ "nix-ssh" ];
|
||||||
|
#system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
|
||||||
|
};
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
min-free = ${builtins.toString (4096 * 1024 * 1024)}
|
min-free = ${builtins.toString (16384 * 1024 * 1024)}
|
||||||
max-free = ${builtins.toString (8192 * 1024 * 1024)}
|
max-free = ${builtins.toString (32768 * 1024 * 1024)}
|
||||||
max-substitution-jobs = 20
|
max-substitution-jobs = 30
|
||||||
max-silent-time = 3600
|
max-silent-time = 14400
|
||||||
'';
|
'';
|
||||||
users.users.build = {
|
nix.sshServe = {
|
||||||
isNormalUser = true;
|
enable = true;
|
||||||
shell = pkgs.bash;
|
write = true;
|
||||||
ignoreShellProgramCheck = true;
|
keys = [
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
|
||||||
|
|
|
@ -1,782 +0,0 @@
|
||||||
{ config, pkgs, lib, inputs, ... }: {
|
|
||||||
imports = [
|
|
||||||
inputs.home-manager.nixosModules.home-manager
|
|
||||||
inputs.stylix.nixosModules.stylix
|
|
||||||
./nixvim.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
kyouma.machine-type.graphical = true;
|
|
||||||
|
|
||||||
hardware.opengl.enable = true;
|
|
||||||
|
|
||||||
boot.plymouth.enable = true;
|
|
||||||
|
|
||||||
security.pam.services.hyprlock = {};
|
|
||||||
|
|
||||||
services.dbus.packages = [ pkgs.gcr ];
|
|
||||||
services.geoclue2.enable = true;
|
|
||||||
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udisks2.enable = true;
|
|
||||||
|
|
||||||
environment.variables = {
|
|
||||||
SDL_VIDEODRIVER = "wayland";
|
|
||||||
QT_QPA_PLATFORM = "wayland";
|
|
||||||
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
|
||||||
GDK_BACKEND = "wayland,x11";
|
|
||||||
MOZ_ENABLE_WAYLAND = "1";
|
|
||||||
CLUTTER_BACKEND = "wayland";
|
|
||||||
LIBVA_DRIVER_NAME = "iHD";
|
|
||||||
};
|
|
||||||
xdg.icons.enable = true;
|
|
||||||
xdg.portal = {
|
|
||||||
enable = true;
|
|
||||||
wlr.enable = true;
|
|
||||||
configPackages = [ pkgs.xdg-desktop-portal-hyprland ];
|
|
||||||
};
|
|
||||||
|
|
||||||
stylix= {
|
|
||||||
image = pkgs.fetchurl {
|
|
||||||
url = "https://kyouma.net/wallpaper.png";
|
|
||||||
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
|
|
||||||
};
|
|
||||||
polarity = "dark";
|
|
||||||
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
|
|
||||||
fonts = {
|
|
||||||
sansSerif = {
|
|
||||||
package = pkgs.noto-fonts;
|
|
||||||
name = "Noto Sans";
|
|
||||||
};
|
|
||||||
serif = config.stylix.fonts.sansSerif;
|
|
||||||
monospace = {
|
|
||||||
package = pkgs.jetbrains-mono;
|
|
||||||
name = "JetBrains Mono Regular";
|
|
||||||
};
|
|
||||||
sizes.terminal = 11;
|
|
||||||
};
|
|
||||||
cursor = {
|
|
||||||
package = pkgs.capitaine-cursors;
|
|
||||||
name = "capitaine";
|
|
||||||
size = 24;
|
|
||||||
};
|
|
||||||
targets = {
|
|
||||||
console.enable = false;
|
|
||||||
gnome.enable = true;
|
|
||||||
fish.enable = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager.users.emily = {
|
|
||||||
stylix.targets = {
|
|
||||||
hyprland.enable = false;
|
|
||||||
kitty.enable = false;
|
|
||||||
mako.enable = false;
|
|
||||||
rofi.enable = false;
|
|
||||||
swaylock.enable = false;
|
|
||||||
waybar.enable = false;
|
|
||||||
nixvim.enable = false;
|
|
||||||
fish.enable = false;
|
|
||||||
};
|
|
||||||
home.keyboard = {
|
|
||||||
layout = "de";
|
|
||||||
variant = "neo_qwerty";
|
|
||||||
};
|
|
||||||
|
|
||||||
home.file.".local/bin/hypr/playerctl.sh" = let
|
|
||||||
playerctl = "${pkgs.playerctl}/bin/playerctl";
|
|
||||||
title = "$(${playerctl} metadata --format '{{markup_escape(title)}}')";
|
|
||||||
artist = "$(${playerctl} metadata --format '{{markup_escape(artist)}}')";
|
|
||||||
status = "$(${playerctl} status 2> /dev/null)";
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
executable = true;
|
|
||||||
text = ''
|
|
||||||
#!${pkgs.bash}/bin/bash
|
|
||||||
if [ "${status}" = "Playing" ]; then
|
|
||||||
echo -e " ${title}\nPlaying: ${artist} - ${title}\nplaying"
|
|
||||||
elif [ "${status}" = "Paused" ]; then
|
|
||||||
echo -e " ${title}\nPaused: ${artist} - ${title}\npaused"
|
|
||||||
else
|
|
||||||
echo -e ""
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
home.file."./local/bin/hypr/colorpicker.sh" = {
|
|
||||||
enable = true;
|
|
||||||
executable = true;
|
|
||||||
source = pkgs.writeShellApplication {
|
|
||||||
name = "colorpicker";
|
|
||||||
text = builtins.readFile ./files/scripts/colorpicker.sh;
|
|
||||||
runtimeInputs = with pkgs; [ coreutils grim slurp imagemagick_light wl-clipboard libnotify ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
home.file."./local/bin/hypr/rofi_powermenu.sh" = {
|
|
||||||
enable = true;
|
|
||||||
executable = true;
|
|
||||||
source = pkgs.writeShellApplication {
|
|
||||||
name = "rofi-powermenu";
|
|
||||||
text = builtins.readFile ./files/scripts/rofi_powermenu.sh;
|
|
||||||
runtimeInputs = with pkgs; [ rofi coreutils-full toybox xdg-user-dirs ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
home.file."./local/bin/hypr/rofi_screenshot.sh" = {
|
|
||||||
enable = true;
|
|
||||||
executable = true;
|
|
||||||
source = pkgs.writeShellApplication {
|
|
||||||
name = "rofi-screenshot";
|
|
||||||
text = builtins.readFile ./files/scripts/rofi_screenshot.sh;
|
|
||||||
runtimeInputs = with pkgs; [ coreutils grim hyprland imv slurp wl-clipboard libnotify pulseaudio toybox rofi xdg-user-dirs ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
home.file."./local/bin/hypr/screenshot.sh" = {
|
|
||||||
enable = true;
|
|
||||||
executable = true;
|
|
||||||
source = pkgs.writeShellApplication {
|
|
||||||
name = "screenshot";
|
|
||||||
text = builtins.readFile ./files/scripts/screenshot.sh;
|
|
||||||
runtimeInputs = with pkgs; [ coreutils grim imv slurp wl-clipboard libnotify pulseaudio ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
home.file."Pictures/wallpapers/sylviaritter/wallpaper.png" = {
|
|
||||||
enable = true;
|
|
||||||
source = config.stylix.image;
|
|
||||||
};
|
|
||||||
home.file."Pictures/wallpapers/lockscreen.png" = {
|
|
||||||
enable = true;
|
|
||||||
source = config.stylix.image;
|
|
||||||
};
|
|
||||||
wayland.windowManager.hyprland = {
|
|
||||||
enable = true;
|
|
||||||
settings = let
|
|
||||||
kitty = "${pkgs.kitty}/bin/kitty";
|
|
||||||
pactl = "${pkgs.pulseaudio}/bin/pactl";
|
|
||||||
playerctl = "${pkgs.playerctl}/bin/playerctl";
|
|
||||||
notifysend = "${pkgs.libnotify}/bin/notify-send";
|
|
||||||
dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin";
|
|
||||||
firefox = "${pkgs.firefox}/bin/firefox";
|
|
||||||
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
|
|
||||||
screenshot = "~/.local/bin/hypr/screenshot.sh";
|
|
||||||
rofi = "${pkgs.rofi-wayland}/bin/rofi";
|
|
||||||
in {
|
|
||||||
general = {
|
|
||||||
border_size = 1;
|
|
||||||
gaps_in = 4;
|
|
||||||
gaps_out = 8;
|
|
||||||
"col.active_border" = "0xFFB4A1DB 0xFFD04E9D 45deg";
|
|
||||||
"col.inactive_border" = "1e2030 1e2030 45deg";
|
|
||||||
cursor_inactive_timeout = 30;
|
|
||||||
layout = "dwindle";
|
|
||||||
};
|
|
||||||
decoration = {
|
|
||||||
rounding = 8;
|
|
||||||
shadow_range = 10;
|
|
||||||
"col.shadow" = "0x66000000";
|
|
||||||
"col.shadow_inactive" = "0x66000000";
|
|
||||||
blur = {
|
|
||||||
enabled = true;
|
|
||||||
passes = 2;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
dwindle.no_gaps_when_only = 1;
|
|
||||||
animations = {
|
|
||||||
bezier = [
|
|
||||||
"wind, 0.2, 0.9, 0.2, 1.05"
|
|
||||||
"winMov, 0.2, 0.9, 0.2, 1.08"
|
|
||||||
"winIn, 0.2, 0.9, 0.2, 1.08"
|
|
||||||
"winOut, 0.2, 0, 0.9, 0.2"
|
|
||||||
"liner, 1, 1, 1, 1"
|
|
||||||
];
|
|
||||||
animation = [
|
|
||||||
"windows, 1, 6, wind, slide"
|
|
||||||
"windowsIn, 1, 6, winIn, slide"
|
|
||||||
"windowsOut, 1, 6, winOut, slide"
|
|
||||||
"windowsMove, 1, 6, winMov, slide"
|
|
||||||
"border, 1, 1, liner"
|
|
||||||
"borderangle, 1, 30, liner, loop"
|
|
||||||
"fade, 1, 10, default"
|
|
||||||
"fadeOut, 1, 12, default"
|
|
||||||
"workspaces, 1, 8, wind"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
input = {
|
|
||||||
kb_layout = "de";
|
|
||||||
kb_variant = "neo_qwerty";
|
|
||||||
kb_options = "grp:alt_shift_toggle";
|
|
||||||
accel_profile = "adaptive";
|
|
||||||
scroll_method = "2fg";
|
|
||||||
float_switch_override_focus = 2;
|
|
||||||
touchpad = {
|
|
||||||
natural_scroll = true;
|
|
||||||
tap-to-click = false;
|
|
||||||
drag_lock = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
gestures = {
|
|
||||||
workspace_swipe = true;
|
|
||||||
workspace_swipe_distance = 3200;
|
|
||||||
workspace_swipe_min_speed_to_force = 40;
|
|
||||||
workspace_swipe_cancel_ratio = 0.15;
|
|
||||||
workspace_swipe_forever = true;
|
|
||||||
};
|
|
||||||
group = {
|
|
||||||
"col.border_inactive" = "0xFFDB695B";
|
|
||||||
"col.border_active" = "0xFF4BC66D";
|
|
||||||
groupbar = {
|
|
||||||
render_titles = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
xwayland = {
|
|
||||||
force_zero_scaling = true;
|
|
||||||
use_nearest_neighbor = false;
|
|
||||||
};
|
|
||||||
misc = {
|
|
||||||
disable_hyprland_logo = true;
|
|
||||||
disable_splash_rendering = true;
|
|
||||||
vrr = 1;
|
|
||||||
};
|
|
||||||
device = [
|
|
||||||
{
|
|
||||||
name = "syna8013:00-06cb:ce69-touchpad";
|
|
||||||
sensitivity = 0.3;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "logitech-m705";
|
|
||||||
sensitivity = 0.1;
|
|
||||||
accel_profile = "flat";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "tpps/2-ibm-trackpoint";
|
|
||||||
sensitivity = 0.2;
|
|
||||||
scroll_method = "on_button_down";
|
|
||||||
accel_profile = "flat";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "tpps/2-elan-trackpoint";
|
|
||||||
sensitivity = 0;
|
|
||||||
scroll_method = "on_button_down";
|
|
||||||
accel_profile = "flat";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
layerrule = [ "blur, waybar" ];
|
|
||||||
monitor = [
|
|
||||||
"eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
|
|
||||||
#"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
|
|
||||||
#"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
|
|
||||||
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@143.972,3840x0, 1,bitdepth,10"
|
|
||||||
"desc:Samsung Electric Company S27E500 0x3043394D, 1920x1080@70,6400x180, 1"
|
|
||||||
",preferred,auto,1"
|
|
||||||
];
|
|
||||||
workspace = [
|
|
||||||
"1, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, default:true"
|
|
||||||
"2, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"3, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"4, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"5, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"6, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"7, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
"8, monitor:desc:Samsung Electric Company S27E500 0x3043394D"
|
|
||||||
"9, monitor:desc:Samsung Electric Company S27E500 0x3043394D"
|
|
||||||
"10,monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
|
||||||
];
|
|
||||||
windowrule = [
|
|
||||||
"float, foot-float"
|
|
||||||
"float, yad|nm-connection-editor|pavucontrol"
|
|
||||||
"float, xfce-polkit|kvantummanager|qt5ct|zenity|waypaper"
|
|
||||||
"float, feh|com.github.weclaw1.ImageRoll|Gpicview|Gimp|MPlayer"
|
|
||||||
"float, VirtualBox Manager|qemu|Qemu-system-x86_64|PacketTracer"
|
|
||||||
"float, title:File Operation Progress|Open Files|Media viewer"
|
|
||||||
"float, title:Confirm to replace files"
|
|
||||||
"size 60% 64%, com.github.weclaw1.ImageRoll "
|
|
||||||
"center, com.github.weclaw1.ImageRoll"
|
|
||||||
"animation slide down,foot-full"
|
|
||||||
"animation slide up,Rofi"
|
|
||||||
];
|
|
||||||
|
|
||||||
"$mod" = "SUPER";
|
|
||||||
"$notifycmd" = "${notifysend} -h string:x-canonical-private-synchronous:hypr-cfg -u low";
|
|
||||||
bind = [
|
|
||||||
"$mod, Return, exec, ${kitty}"
|
|
||||||
"$mod, F1, exec, ${dolphin}"
|
|
||||||
"$mod, F2, exec, ${firefox}"
|
|
||||||
|
|
||||||
# Rofi
|
|
||||||
"$mod, D, exec, ${rofi} -show drun -theme ~/.config/rofi/launcher.rasi"
|
|
||||||
"$mod, R, exec, ${rofi} -show run -theme ~/.config/rofi/runner.rasi"
|
|
||||||
"$mod, A, exec, ~/.local/bin/hypr/rofi_screenshot.sh"
|
|
||||||
"$mod, X, exec, ~/.local/bin/hypr/rofi_powermenu.sh"
|
|
||||||
|
|
||||||
# Misc
|
|
||||||
"$mod, C, exec, ~/.local/bin/hypr/colorpicker.sh"
|
|
||||||
"CTRL_ALT, L, exec, ${pkgs.hyprlock}/bin/hyprlock"
|
|
||||||
|
|
||||||
# Function keys
|
|
||||||
", XF86AudioMute, exec, ${pactl} set-sink-mute @DEFAULT_SINK@ toggle"
|
|
||||||
", XF86AudioMicMute, exec, ${pactl} set-source-mute @DEFAULT_SOURCE@ toggle"
|
|
||||||
", XF86AudioNext, exec, ${playerctl} next"
|
|
||||||
", XF86AudioPrev, exec, ${playerctl} previous"
|
|
||||||
", XF86AudioPlay, exec, ${playerctl} play"
|
|
||||||
", XF86AudioStop, exec, ${playerctl} pause"
|
|
||||||
|
|
||||||
# Scratchpad
|
|
||||||
"$mod SHIFT, MINUS, movetoworkspace,special"
|
|
||||||
"$mod, MINUS, togglespecialworkspace,"
|
|
||||||
|
|
||||||
# Screenshots
|
|
||||||
", Print, exec, ${screenshot} --now"
|
|
||||||
"ALT, Print, exec, ${screenshot} --in5"
|
|
||||||
"SHIFT, Print, exec, ${screenshot} --in10"
|
|
||||||
"$mod, Print, exec, ${screenshot} --area"
|
|
||||||
|
|
||||||
# Hyprland
|
|
||||||
"$mod SHIFT, Q, killactive,"
|
|
||||||
"CTRL_ALT, Delete, exit,"
|
|
||||||
"$mod, F, fullscreen, 0"
|
|
||||||
"$mod, F, exec, $notifycmd 'Fullscreen Mode'"
|
|
||||||
"$mod, S, pseudo,"
|
|
||||||
"$mod, S, exec, $notifycmd 'Pseudo Mode'"
|
|
||||||
"$mod SHIFT, Space, togglefloating,"
|
|
||||||
"$mod SHIFT, Space, centerwindow,"
|
|
||||||
|
|
||||||
# windowgroup
|
|
||||||
"$mod, G, togglegroup"
|
|
||||||
"$mod, G, exec, $notifycmd 'Toggled Group Mode'"
|
|
||||||
"$mod, H, changegroupactive, b"
|
|
||||||
"$mod, L, changegroupactive, f"
|
|
||||||
|
|
||||||
# Change Focusconfig
|
|
||||||
"$mod, left, movefocus, l"
|
|
||||||
"$mod, H, movefocus, l"
|
|
||||||
"$mod, right, movefocus, r"
|
|
||||||
"$mod, L, movefocus, r"
|
|
||||||
"$mod, up, movefocus, u"
|
|
||||||
"$mod, K, movefocus, u"
|
|
||||||
"$mod, down, movefocus, d"
|
|
||||||
"$mod, J, movefocus, d"
|
|
||||||
|
|
||||||
# Move Active
|
|
||||||
"$mod SHIFT, left, movewindow, l"
|
|
||||||
"$mod SHIFT, H, movewindow, l"
|
|
||||||
"$mod SHIFT, right, movewindow, r"
|
|
||||||
"$mod SHIFT, L, movewindow, r"
|
|
||||||
"$mod SHIFT, up, movewindow, u"
|
|
||||||
"$mod SHIFT, K, movewindow, u"
|
|
||||||
"$mod SHIFT, down, movewindow, d"
|
|
||||||
"$mod SHIFT, J, movewindow, d"
|
|
||||||
|
|
||||||
# Switch between windows
|
|
||||||
"$mod,Tab,cyclenext,"
|
|
||||||
"$mod,Tab,bringactivetotop,"
|
|
||||||
|
|
||||||
# Workspaces
|
|
||||||
"$mod, 1, workspace, 1"
|
|
||||||
"$mod, 2, workspace, 2"
|
|
||||||
"$mod, 3, workspace, 3"
|
|
||||||
"$mod, 4, workspace, 4"
|
|
||||||
"$mod, 5, workspace, 5"
|
|
||||||
"$mod, 6, workspace, 6"
|
|
||||||
"$mod, 7, workspace, 7"
|
|
||||||
"$mod, 8, workspace, 8"
|
|
||||||
"$mod, 9, workspace, 9"
|
|
||||||
"$mod, 0, workspace, 10"
|
|
||||||
|
|
||||||
# Send to Workspaces
|
|
||||||
"$mod SHIFT, 1, movetoworkspace, 1"
|
|
||||||
"$mod SHIFT, 2, movetoworkspace, 2"
|
|
||||||
"$mod SHIFT, 3, movetoworkspace, 3"
|
|
||||||
"$mod SHIFT, 4, movetoworkspace, 4"
|
|
||||||
"$mod SHIFT, 5, movetoworkspace, 5"
|
|
||||||
"$mod SHIFT, 6, movetoworkspace, 6"
|
|
||||||
"$mod SHIFT, 7, movetoworkspace, 7"
|
|
||||||
"$mod SHIFT, 8, movetoworkspace, 8"
|
|
||||||
"$mod SHIFT, 9, movetoworkspace, 9"
|
|
||||||
"$mod SHIFT, 0, movetoworkspace, 10"
|
|
||||||
|
|
||||||
# Change Workspace Mode
|
|
||||||
"$mod CTRL, F, workspaceopt, allfloat"
|
|
||||||
"$mod CTRL, F, exec, $notifycmd 'Toggled All Float Mode'"
|
|
||||||
"$mod CTRL, S, workspaceopt, allpseudo"
|
|
||||||
"$mod CTRL, S, exec, $notifycmd 'Toggled All Pseudo Mode'"
|
|
||||||
|
|
||||||
# Misc
|
|
||||||
"$mod SHIFT, P, pin,"
|
|
||||||
"$mod SHIFT, P, exec, $notifycmd 'Toggled Pin'"
|
|
||||||
"$mod SHIFT, S, swapnext"
|
|
||||||
"$mod SHIFT, O, toggleopaque"
|
|
||||||
];
|
|
||||||
binde = [
|
|
||||||
# Function keys repeat
|
|
||||||
", XF86MonBrightnessUp, exec, ${brightnessctl} s +10%"
|
|
||||||
", XF86MonBrightnessDown, exec, ${brightnessctl} s 10%-"
|
|
||||||
", XF86AudioRaiseVolume, exec, ${pactl} set-sink-volume @DEFAULT_SINK@ +5%"
|
|
||||||
", XF86AudioLowerVolume, exec, ${pactl} set-sink-volume @DEFAULT_SINK@ -5%"
|
|
||||||
# Resize Active
|
|
||||||
"$mod CTRL, left, resizeactive, -20 0"
|
|
||||||
"$mod CTRL, H, resizeactive, -20 0"
|
|
||||||
"$mod CTRL, right, resizeactive, 20 0"
|
|
||||||
"$mod CTRL, L, resizeactive, 20 0"
|
|
||||||
"$mod CTRL, up, resizeactive, 0 -20"
|
|
||||||
"$mod CTRL, K, resizeactive, 0 -20"
|
|
||||||
"$mod CTRL, down, resizeactive, 0 20"
|
|
||||||
"$mod CTRL, J, resizeactive, 0 20"
|
|
||||||
|
|
||||||
# Move Active (Floating Only)
|
|
||||||
"$mod ALT, left, moveactive, -80 0"
|
|
||||||
"$mod ALT, H, moveactive, -80 0"
|
|
||||||
"$mod ALT, right, moveactive, 80 0"
|
|
||||||
"$mod ALT, L, moveactive, 80 0"
|
|
||||||
"$mod ALT, up, moveactive, 0 -80"
|
|
||||||
"$mod ALT, K, moveactive, 0 -80"
|
|
||||||
"$mod ALT, down, moveactive, 0 80"
|
|
||||||
"$mod ALT, J, moveactive, 0 80"
|
|
||||||
];
|
|
||||||
bindl = [
|
|
||||||
",switch:on:Lid Switch,exec, lsusb -d 17ef:30b4 && hyprctl keyword monitor 'eDP-1, disable'"
|
|
||||||
",switch:off:Lid Switch,exec, hyprctl keyword monitor 'eDP-1, 3840x2400@60, 0x0, 1, bitdepth,10'"
|
|
||||||
];
|
|
||||||
bindm = [
|
|
||||||
"$mod, mouse:272, movewindow"
|
|
||||||
"$mod, mouse:273, resizewindow"
|
|
||||||
];
|
|
||||||
exec-once = [
|
|
||||||
"${pkgs.wpaperd}/bin/wpaperd"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.hyprlock = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
general = {
|
|
||||||
grace = 1;
|
|
||||||
hide_cursor = true;
|
|
||||||
disable_loading_bar = true;
|
|
||||||
};
|
|
||||||
background = [{
|
|
||||||
path = "screenshot";
|
|
||||||
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
|
|
||||||
blur_passes = 3;
|
|
||||||
contrast = 1.25;
|
|
||||||
}];
|
|
||||||
input-field = [{
|
|
||||||
size = "250, 60";
|
|
||||||
outline_thickness = 2;
|
|
||||||
dots_size = 0.2;
|
|
||||||
dots_spacing = 0.2;
|
|
||||||
dots_center = true;
|
|
||||||
outer_color = "rgba(0, 0, 0, 0)";
|
|
||||||
inner_color = "rgba(0, 0, 0, 0.5)";
|
|
||||||
font_color = "rgb(200, 200, 200)";
|
|
||||||
fade_on_empty = true;
|
|
||||||
fade_timeout = 5000;
|
|
||||||
font_family = "JetBrains Mono Nerd Font Mono";
|
|
||||||
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
|
|
||||||
position = "0, 200";
|
|
||||||
halign = "center";
|
|
||||||
valign = "bottom";
|
|
||||||
}];
|
|
||||||
label = [{
|
|
||||||
text = "cmd[update:250] date +%X";
|
|
||||||
color = "rgba(255, 255, 255, 0.6)";
|
|
||||||
font_size = "100";
|
|
||||||
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
|
|
||||||
position = "0, -300";
|
|
||||||
halign = "center";
|
|
||||||
valign = "top";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.imv.enable = true;
|
|
||||||
|
|
||||||
programs.wpaperd = {
|
|
||||||
enable = true;
|
|
||||||
settings.default = {
|
|
||||||
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
|
|
||||||
duration = "60m";
|
|
||||||
sorting = "random";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
programs.waybar = {
|
|
||||||
enable = true;
|
|
||||||
style = ./files/waybar-style.css;
|
|
||||||
systemd = {
|
|
||||||
enable = true;
|
|
||||||
target = "hyprland-session.target";
|
|
||||||
};
|
|
||||||
settings = {
|
|
||||||
hyprbar = {
|
|
||||||
layer = "top";
|
|
||||||
position = "top";
|
|
||||||
#output = "eDP-1";
|
|
||||||
margin = "0 0 0 0";
|
|
||||||
modules-left = [ "hyprland/workspaces" "custom/playerctl" "tray" ];
|
|
||||||
modules-center = [ "clock" ];
|
|
||||||
modules-right = [ "backlight" "pulseaudio" "temperature" "cpu" "memory" "battery" "network" ];
|
|
||||||
|
|
||||||
"hyprland/workspaces" = {
|
|
||||||
format = "{icon}";
|
|
||||||
sort-by-number = true;
|
|
||||||
active-only = false;
|
|
||||||
on-click = "activate";
|
|
||||||
format-icons = {
|
|
||||||
"1" = "1";
|
|
||||||
"2" = "2";
|
|
||||||
"3" = "3";
|
|
||||||
"4" = "4";
|
|
||||||
"5" = "5";
|
|
||||||
"6" = "6";
|
|
||||||
"7" = "7";
|
|
||||||
"8" = "8";
|
|
||||||
"9" = "9";
|
|
||||||
"10" = "0";
|
|
||||||
urgent = "";
|
|
||||||
focused = "";
|
|
||||||
default = "";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
idle_inhibitor = {
|
|
||||||
format = "{icon}";
|
|
||||||
format-icons = {
|
|
||||||
activated = "";
|
|
||||||
deactivated = "";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
tray = {
|
|
||||||
icon-size = 18;
|
|
||||||
spacing = 8;
|
|
||||||
};
|
|
||||||
clock = {
|
|
||||||
#tooltip-format = "{:%A %d %B | %H:%M}";
|
|
||||||
format = " {:%Y-%m-%d %H:%M:%OS}";
|
|
||||||
format-alt = " {:%Y %b %d %a %H:%M:%OS}";
|
|
||||||
interval = 1;
|
|
||||||
};
|
|
||||||
cpu = {
|
|
||||||
format = " {usage:02}";
|
|
||||||
interval = 2;
|
|
||||||
on-click = "${pkgs.kitty}/bin/kitty -e ${pkgs.htop}/bin/htop";
|
|
||||||
};
|
|
||||||
memory = {
|
|
||||||
format = " {used:0.2f}";
|
|
||||||
on-click = "${pkgs.kitty}/bin/kitty -e ${pkgs.htop}/bin/htop";
|
|
||||||
};
|
|
||||||
temperature = {
|
|
||||||
hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
|
|
||||||
critical-threshold = 80;
|
|
||||||
format = " {temperatureC}°C";
|
|
||||||
};
|
|
||||||
backlight = {
|
|
||||||
format = "{icon} {percent: >3}%";
|
|
||||||
format-icons = ["" ""];
|
|
||||||
on-scroll-down = "${pkgs.brightnessctl}/bin/brightnessctl -c backlight set 1%-";
|
|
||||||
on-scroll-up = "${pkgs.brightnessctl}/bin/brightnessctl -c backlight set +1%";
|
|
||||||
};
|
|
||||||
battery = {
|
|
||||||
states = {
|
|
||||||
good = 90;
|
|
||||||
warning = 30;
|
|
||||||
critical = 15;
|
|
||||||
};
|
|
||||||
format = "";
|
|
||||||
format-discharging = "{icon} {capacity: >3}% {power:0.1f}W";
|
|
||||||
format-charging = " {capacity: >3}% {power:0.1f}W";
|
|
||||||
interval = 3;
|
|
||||||
format-icons = ["" "" "" "" ""];
|
|
||||||
};
|
|
||||||
network = {
|
|
||||||
format = "⚠ Disabled";
|
|
||||||
format-wifi = " {essid}";
|
|
||||||
format-ethernet = " Wired";
|
|
||||||
format-disconnected = "⚠ Disconnected";
|
|
||||||
on-click = "${pkgs.networkmanagerapplet}/bin/nm-connection-editor";
|
|
||||||
};
|
|
||||||
pulseaudio = {
|
|
||||||
scroll-step = 5;
|
|
||||||
format = "{icon} {volume: >3}%";
|
|
||||||
format-bluetooth = "{icon} {volume: >3}%";
|
|
||||||
format-muted = " muted";
|
|
||||||
format-icons = {
|
|
||||||
headphones = "";
|
|
||||||
handsfree = "";
|
|
||||||
headset = "";
|
|
||||||
phone = "";
|
|
||||||
portable = "";
|
|
||||||
car = "";
|
|
||||||
default = ["" ""];
|
|
||||||
};
|
|
||||||
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
|
|
||||||
};
|
|
||||||
"custom/playerctl" = {
|
|
||||||
interval = 1;
|
|
||||||
exec = "~/.local/bin/hypr/playerctl.sh";
|
|
||||||
on-click-middle = "${pkgs.playerctl}/bin/playerctl play-pause";
|
|
||||||
on-click-right = "${pkgs.playerctl}/bin/playerctl next";
|
|
||||||
on-click = "${pkgs.playerctl}/bin/playerctl previous";
|
|
||||||
escape = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
programs.kitty = {
|
|
||||||
enable = true;
|
|
||||||
font.size = 13;
|
|
||||||
font.name = "JetBrains Mono";
|
|
||||||
settings = {
|
|
||||||
enable_audio_bell = false;
|
|
||||||
scrollback_lines = 65536;
|
|
||||||
remember_window_size = false;
|
|
||||||
initial_window_width = 1200;
|
|
||||||
initial_window_height = 800;
|
|
||||||
|
|
||||||
bold_font = "auto";
|
|
||||||
italic_font = "auto";
|
|
||||||
bold_italic_font = "auto";
|
|
||||||
|
|
||||||
background = "#090312";
|
|
||||||
background_opacity = "0.7";
|
|
||||||
};
|
|
||||||
keybindings = {
|
|
||||||
"shift+right" = "next_tab";
|
|
||||||
"ctrl+l" = "next_tab";
|
|
||||||
"shift+left" = "previous_tab";
|
|
||||||
"ctrl+h" = "previous_tab";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
programs.rofi = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.rofi-wayland;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.zoxide = {
|
|
||||||
enable = true;
|
|
||||||
options = [ "--cmd cd" ];
|
|
||||||
};
|
|
||||||
programs.fzf.enable = true;
|
|
||||||
|
|
||||||
qt = {
|
|
||||||
enable = true;
|
|
||||||
platformTheme.name = "qtct";
|
|
||||||
style.name = "kvantum-dark";
|
|
||||||
style.package = with pkgs; [
|
|
||||||
libsForQt5.qtstyleplugin-kvantum
|
|
||||||
qt6Packages.qtstyleplugin-kvantum
|
|
||||||
(catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
|
|
||||||
];
|
|
||||||
};
|
|
||||||
gtk.iconTheme.name = "Adwaita";
|
|
||||||
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
|
|
||||||
|
|
||||||
services.gammastep = {
|
|
||||||
enable = true;
|
|
||||||
provider = "geoclue2";
|
|
||||||
temperature.day = 6500;
|
|
||||||
temperature.night = 3700;
|
|
||||||
settings.general.adjustment-method = "wayland";
|
|
||||||
};
|
|
||||||
services.mako = {
|
|
||||||
enable = true;
|
|
||||||
anchor = "top-right";
|
|
||||||
backgroundColor = "#24273a";
|
|
||||||
borderColor = "#c6a0f6";
|
|
||||||
borderRadius = 15;
|
|
||||||
borderSize = 2;
|
|
||||||
defaultTimeout = 5000;
|
|
||||||
layer = "overlay";
|
|
||||||
maxIconSize = 48;
|
|
||||||
padding = "15";
|
|
||||||
progressColor = "over #B4A1DB";
|
|
||||||
sort = "-time";
|
|
||||||
textColor = "#cad3f5";
|
|
||||||
extraConfig = ''
|
|
||||||
max-history=100
|
|
||||||
on-button-left=dismiss
|
|
||||||
on-button-right=dismiss-all
|
|
||||||
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
|
|
||||||
|
|
||||||
[urgency=low]
|
|
||||||
border-color=#B4A1DB
|
|
||||||
default-timeout=2000
|
|
||||||
|
|
||||||
[urgency=normal]
|
|
||||||
border-color=#B4A1DB
|
|
||||||
default-timeout=5000
|
|
||||||
|
|
||||||
[urgency=high]
|
|
||||||
border-color=#D04E9D
|
|
||||||
text-color=#D04E9D
|
|
||||||
default-timeout=0
|
|
||||||
|
|
||||||
[category=mpd]
|
|
||||||
border-color=#E49186
|
|
||||||
default-timeout=2000
|
|
||||||
group-by=category
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.gpg-agent = {
|
|
||||||
enable = true;
|
|
||||||
enableSshSupport = true;
|
|
||||||
pinentryPackage = pkgs.pinentry-gnome3;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.swayidle =
|
|
||||||
let
|
|
||||||
hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
systemdTarget = "hyprland-session.target";
|
|
||||||
events = [
|
|
||||||
{ event = "before-sleep"; command = hyprlock; }
|
|
||||||
{ event = "lock"; command = hyprlock; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.syncthing = {
|
|
||||||
enable = true;
|
|
||||||
tray.enable = true;
|
|
||||||
tray.command = "syncthingtray --replace";
|
|
||||||
};
|
|
||||||
services.udiskie = {
|
|
||||||
enable = true;
|
|
||||||
automount = false;
|
|
||||||
};
|
|
||||||
systemd.user.services.syncthingtray.Service = {
|
|
||||||
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = "1s";
|
|
||||||
};
|
|
||||||
systemd.user.targets.tray.Unit = {
|
|
||||||
BindsTo = "waybar.service";
|
|
||||||
After = "waybar.service";
|
|
||||||
};
|
|
||||||
xdg.configFile."mako-icons" = {
|
|
||||||
enable = true;
|
|
||||||
recursive = true;
|
|
||||||
source = ./files/icons;
|
|
||||||
};
|
|
||||||
xdg.configFile."rofi" = {
|
|
||||||
enable = true;
|
|
||||||
recursive = true;
|
|
||||||
source = ./files/rofi;
|
|
||||||
};
|
|
||||||
xdg.userDirs =
|
|
||||||
let
|
|
||||||
home = config.home-manager.users.emily.home.homeDirectory;
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
desktop = null;
|
|
||||||
documents = "${home}/docs";
|
|
||||||
download = "${home}/Downloads";
|
|
||||||
music = "${home}/music";
|
|
||||||
pictures = "${home}/Pictures";
|
|
||||||
publicShare = null;
|
|
||||||
templates = null;
|
|
||||||
videos = "${home}/videos";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,218 +0,0 @@
|
||||||
{config, pkgs, inputs, ... }: {
|
|
||||||
home-manager.users.emily.imports = [
|
|
||||||
inputs.nixvim.homeManagerModules.nixvim
|
|
||||||
];
|
|
||||||
home-manager.users.emily.programs.nixvim = {
|
|
||||||
enable = true;
|
|
||||||
extraPlugins = [
|
|
||||||
pkgs.vimPlugins.molokai
|
|
||||||
pkgs.vimPlugins.vim-airline-themes
|
|
||||||
];
|
|
||||||
colorscheme = "molokai";
|
|
||||||
vimAlias = true;
|
|
||||||
highlightOverride.Normal = {
|
|
||||||
ctermbg = "NONE";
|
|
||||||
bg = "NONE";
|
|
||||||
};
|
|
||||||
opts = {
|
|
||||||
number = true;
|
|
||||||
expandtab = true;
|
|
||||||
autoindent = true;
|
|
||||||
mouse = "";
|
|
||||||
encoding = "utf-8";
|
|
||||||
shiftwidth = 2;
|
|
||||||
smartindent = true;
|
|
||||||
tabstop = 2;
|
|
||||||
|
|
||||||
ignorecase = true;
|
|
||||||
incsearch = true;
|
|
||||||
smartcase = true;
|
|
||||||
};
|
|
||||||
keymaps = [
|
|
||||||
{
|
|
||||||
action = "<cmd>Neotree toggle<CR>";
|
|
||||||
key = "<C-n>";
|
|
||||||
mode = "n";
|
|
||||||
options.silent = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "<C-\\><C-n>";
|
|
||||||
key = "<esc>";
|
|
||||||
mode = "t";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
plugins.cmp = {
|
|
||||||
enable = true;
|
|
||||||
settings.sources = [
|
|
||||||
{ name = "nvim_lsp"; }
|
|
||||||
{ name = "luasnip"; }
|
|
||||||
{ name = "buffer"; }
|
|
||||||
{ name = "nvim_lua"; }
|
|
||||||
{ name = "path"; }
|
|
||||||
];
|
|
||||||
settings.formatting = {
|
|
||||||
fields = [ "abbr" "kind" "menu" ];
|
|
||||||
format = ''
|
|
||||||
function(_, item)
|
|
||||||
local icons = {
|
|
||||||
Namespace = "",
|
|
||||||
Text = "",
|
|
||||||
Method = "",
|
|
||||||
Function = "",
|
|
||||||
Constructor = "",
|
|
||||||
Field = "",
|
|
||||||
Variable = "",
|
|
||||||
Class = "",
|
|
||||||
Interface = "",
|
|
||||||
Module = "",
|
|
||||||
Property = "",
|
|
||||||
Unit = "",
|
|
||||||
Value = "",
|
|
||||||
Enum = "",
|
|
||||||
Keyword = "",
|
|
||||||
Snippet = "",
|
|
||||||
Color = "",
|
|
||||||
File = "",
|
|
||||||
Reference = "",
|
|
||||||
Folder = "",
|
|
||||||
EnumMember = "",
|
|
||||||
Constant = "",
|
|
||||||
Struct = "",
|
|
||||||
Event = "",
|
|
||||||
Operator = "",
|
|
||||||
TypeParameter = "",
|
|
||||||
Table = "",
|
|
||||||
Object = "",
|
|
||||||
Tag = "",
|
|
||||||
Array = "[]",
|
|
||||||
Boolean = "",
|
|
||||||
Number = "",
|
|
||||||
Null = "",
|
|
||||||
String = "",
|
|
||||||
Calendar = "",
|
|
||||||
Watch = "",
|
|
||||||
Package = "",
|
|
||||||
Copilot = "",
|
|
||||||
Codeium = "",
|
|
||||||
TabNine = "",
|
|
||||||
}
|
|
||||||
|
|
||||||
local icon = icons[item.kind] or ""
|
|
||||||
item.kind = string.format("%s %s", icon, item.kind or "")
|
|
||||||
return item
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
|
|
||||||
settings.window = {
|
|
||||||
completion = {
|
|
||||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
|
||||||
scrollbar = false;
|
|
||||||
sidePadding = 0;
|
|
||||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
|
||||||
};
|
|
||||||
documentation = {
|
|
||||||
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
|
||||||
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
settings.mapping = {
|
|
||||||
"<C-n>" = "cmp.mapping.select_next_item()";
|
|
||||||
"<C-p>" = "cmp.mapping.select_prev_item()";
|
|
||||||
"<C-j>" = "cmp.mapping.select_next_item()";
|
|
||||||
"<C-k>" = "cmp.mapping.select_prev_item()";
|
|
||||||
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
|
|
||||||
"<C-f>" = "cmp.mapping.scroll_docs(4)";
|
|
||||||
"<C-Space>" = "cmp.mapping.complete()";
|
|
||||||
"<C-e>" = "cmp.mapping.close()";
|
|
||||||
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
|
|
||||||
"<Tab>" = ''
|
|
||||||
cmp.mapping(function(fallback)
|
|
||||||
if cmp.visible() then
|
|
||||||
cmp.select_next_item()
|
|
||||||
elseif require("luasnip").expand_or_jumpable() then
|
|
||||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
|
|
||||||
else
|
|
||||||
fallback()
|
|
||||||
end
|
|
||||||
end,{"i","s"})
|
|
||||||
'';
|
|
||||||
"<S-Tab>" = ''
|
|
||||||
cmp.mapping(function(fallback)
|
|
||||||
if cmp.visible() then
|
|
||||||
cmp.select_prev_item()
|
|
||||||
elseif require("luasnip").jumpable(-1) then
|
|
||||||
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
|
|
||||||
else
|
|
||||||
fallback()
|
|
||||||
end
|
|
||||||
end,{"i","s"})
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
plugins.lsp = {
|
|
||||||
enable = true;
|
|
||||||
keymaps.lspBuf = {
|
|
||||||
"K" = "hover";
|
|
||||||
"gd" = "definition";
|
|
||||||
"gD" = "references";
|
|
||||||
"gt" = "type_definition";
|
|
||||||
"gi" = "implementation";
|
|
||||||
};
|
|
||||||
servers = {
|
|
||||||
bashls.enable = true;
|
|
||||||
lua-ls.enable = true;
|
|
||||||
nil_ls = {
|
|
||||||
enable = true;
|
|
||||||
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
|
||||||
};
|
|
||||||
nixd = {
|
|
||||||
enable = false;
|
|
||||||
settings = {
|
|
||||||
eval.depth = 5;
|
|
||||||
eval.workers = 6;
|
|
||||||
formatting.command = [ "nixfmt" "-w" "140" ];
|
|
||||||
options.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ruff-lsp.enable = true;
|
|
||||||
rust-analyzer = {
|
|
||||||
enable = true;
|
|
||||||
installRustc = true;
|
|
||||||
installCargo = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
plugins.none-ls = {
|
|
||||||
enable = true;
|
|
||||||
sources.diagnostics = {
|
|
||||||
pylint.enable = true;
|
|
||||||
statix.enable = true;
|
|
||||||
};
|
|
||||||
sources.formatting = {
|
|
||||||
nixfmt.enable = true;
|
|
||||||
markdownlint.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
plugins.neo-tree = {
|
|
||||||
enable = true;
|
|
||||||
closeIfLastWindow = true;
|
|
||||||
};
|
|
||||||
plugins.treesitter = {
|
|
||||||
enable = true;
|
|
||||||
nixGrammars = true;
|
|
||||||
indent = true;
|
|
||||||
};
|
|
||||||
plugins.airline.enable = true;
|
|
||||||
plugins.cmp-buffer.enable = true;
|
|
||||||
plugins.cmp-emoji.enable = true;
|
|
||||||
plugins.cmp-nvim-lsp.enable = true;
|
|
||||||
plugins.cmp-path.enable = true;
|
|
||||||
plugins.cmp_luasnip.enable = true;
|
|
||||||
plugins.luasnip.enable = true;
|
|
||||||
plugins.nvim-autopairs.enable = true;
|
|
||||||
plugins.rainbow-delimiters.enable = true;
|
|
||||||
plugins.rustaceanvim.enable = true;
|
|
||||||
plugins.treesitter-context.enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }: {
|
{ ... }: {
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
DNS = [2a0f:be01::1]
|
DNS = [2a0f:be01::1]
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
IPv6AcceptRA = false;
|
IPv6AcceptRA = false;
|
||||||
};
|
};
|
||||||
routes = [
|
routes = [
|
||||||
{ routeConfig.Gateway = "fe80::1"; }
|
{ Gateway = "fe80::1"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, modulesPath, ... }: {
|
{ modulesPath, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||||
];
|
];
|
||||||
|
@ -14,6 +14,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.useHostResolvConf = false;
|
networking.useHostResolvConf = false;
|
||||||
}
|
}
|
||||||
|
|
16
config/profiles/physical.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ pkgs, ... }:{
|
||||||
|
boot.loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
pciutils
|
||||||
|
usbutils
|
||||||
|
];
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
|
||||||
|
kyouma.machine-type.physical = true;
|
||||||
|
|
||||||
|
services.fwupd.enable = true;
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, lib, pkgs, ... }: {
|
{ inputs, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||||
];
|
];
|
||||||
|
@ -9,10 +9,6 @@
|
||||||
options snd_bcm2835 enable_headphones=1
|
options snd_bcm2835 enable_headphones=1
|
||||||
'';
|
'';
|
||||||
kernelParams = [ "snd_bcm2835.enable_hdmi=1" ];
|
kernelParams = [ "snd_bcm2835.enable_hdmi=1" ];
|
||||||
loader.raspberryPi.firmwareConfig = ''
|
|
||||||
dtparam=audio=on
|
|
||||||
dtparam=krnbt=on
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
console.enable = false;
|
console.enable = false;
|
||||||
|
|
||||||
|
@ -69,7 +65,6 @@
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
sound.enable = true;
|
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ipv6 = true;
|
ipv6 = true;
|
||||||
|
|
342
config/services/akkoma/default.nix
Normal file
|
@ -0,0 +1,342 @@
|
||||||
|
{ config, inputs, lib, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.florp-moderation.nixosModules.default
|
||||||
|
# Moderated instances. See https://woof.rip/florp/moderation for more information.
|
||||||
|
inputs.florp-moderation.nixosModules.florp
|
||||||
|
];
|
||||||
|
sops.secrets."services/akkoma/mailerPassword" = {
|
||||||
|
sopsFile = ../../../secrets/services/akkoma.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."services/akkoma/deepl" = {
|
||||||
|
sopsFile = ../../../secrets/services/akkoma.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.akkoma = {
|
||||||
|
enable = true;
|
||||||
|
extraPackages = let
|
||||||
|
imagemagick = pkgs.imagemagick.override {
|
||||||
|
libheif = pkgs.libheif.overrideAttrs (prevAttrs: {
|
||||||
|
buildInputs = prevAttrs.buildInputs or [ ] ++ [ pkgs.svt-av1 ];
|
||||||
|
cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DWITH_SvtEnc=ON" ];
|
||||||
|
});
|
||||||
|
};
|
||||||
|
in with pkgs; [ exiftool ffmpeg-headless imagemagick ];
|
||||||
|
|
||||||
|
extraStatic = let
|
||||||
|
actualFetchzip =
|
||||||
|
{
|
||||||
|
url,
|
||||||
|
hash
|
||||||
|
}: pkgs.runCommandNoCC "${lib.last (lib.splitString "/" url)}" {
|
||||||
|
src = pkgs.fetchurl {
|
||||||
|
inherit url hash;
|
||||||
|
};
|
||||||
|
} ''
|
||||||
|
${lib.getExe pkgs.unzip} $src -d $out
|
||||||
|
for f in $out/*_256.png; do
|
||||||
|
mv -- "$f" "''${f/_256}"
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
|
||||||
|
|
||||||
|
"emoji/custom" = pkgs.runCommandNoCC "florp" {
|
||||||
|
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
|
||||||
|
} ''
|
||||||
|
mkdir $out
|
||||||
|
cp $src $out/florp.png
|
||||||
|
'';
|
||||||
|
|
||||||
|
"emoji/neodog" = actualFetchzip {
|
||||||
|
url = "https://git.gay/moonrabbits/neodog/raw/commit/6f9eb283b6dcbe507fde1110abab267cb2d73b70/neodog.zip";
|
||||||
|
hash = "sha256-ISyzpRyjHf+4jKrOtHHqH0Qn7CQu5RQSLH/HL/YSdT4=";
|
||||||
|
};
|
||||||
|
|
||||||
|
"emoji/neocat" = actualFetchzip {
|
||||||
|
url = "https://volpeon.ink/emojis/neocat/neocat.zip";
|
||||||
|
hash = "sha256-DZDuk0Djlax504flNWdpqAw+ROLOOVGj0ZvJLyouo7A=";
|
||||||
|
};
|
||||||
|
|
||||||
|
"emoji/neofox" = actualFetchzip {
|
||||||
|
url = "https://volpeon.ink/emojis/neofox/neofox.zip";
|
||||||
|
hash = "sha256-rZUPA7ZvrO8q/lx8XK3IxJ1URLgq0PSh752eWzG+uos=";
|
||||||
|
};
|
||||||
|
|
||||||
|
"emoji/blobhaj" = actualFetchzip {
|
||||||
|
url = "https://web.archive.org/web/20240829143703/https://heatherhorns.com/wp-content/uploads/2022/12/Blobhaj-12-13-2022.zip";
|
||||||
|
hash = "sha256-5l8ozTivCSOomPq+zDD4FWhK5mA/H2qkGs8beuDnp9s=";
|
||||||
|
};
|
||||||
|
|
||||||
|
"static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
|
||||||
|
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
|
||||||
|
elly-mod = "/static/themes/elly-mod.json";
|
||||||
|
}
|
||||||
|
));
|
||||||
|
|
||||||
|
"static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
|
||||||
|
|
||||||
|
"static/custom.css" = pkgs.writeText "custom.css" ''
|
||||||
|
.tos-content img, .terms-of-service img {
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
"static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default;
|
||||||
|
"images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper;
|
||||||
|
"images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner;
|
||||||
|
"favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon;
|
||||||
|
};
|
||||||
|
|
||||||
|
frontends = {
|
||||||
|
primary = {
|
||||||
|
package = pkgs.akkoma-fe-domi;
|
||||||
|
name = "akkoma-fe";
|
||||||
|
ref = "5f0339ce00";
|
||||||
|
};
|
||||||
|
admin = {
|
||||||
|
package = pkgs.akkoma-admin-fe;
|
||||||
|
name = "admin-fe";
|
||||||
|
ref = "stable";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.akkoma.config = let
|
||||||
|
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom;
|
||||||
|
|
||||||
|
mkMapOfPredefinedKeys = set: let
|
||||||
|
string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\"";
|
||||||
|
|
||||||
|
toElixir = value:
|
||||||
|
if value == null then "nil" else
|
||||||
|
if lib.isString value then string value else
|
||||||
|
if builtins.isBool value then lib.boolToString value else
|
||||||
|
if lib.isInt value || lib.isFloat value then toString value else
|
||||||
|
abort "Not a elixir value ${value}";
|
||||||
|
|
||||||
|
entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value:
|
||||||
|
"${toElixir name}: ${toElixir value}"
|
||||||
|
) attrs);
|
||||||
|
in mkRaw "%{${entries set}}";
|
||||||
|
|
||||||
|
in {
|
||||||
|
":pleroma" = {
|
||||||
|
":instance" = {
|
||||||
|
name = "florp.social";
|
||||||
|
email = "contact@florp.social";
|
||||||
|
notify_email = "noreply@florp.social";
|
||||||
|
description = "Likes are now florps. The timeline goes sideways.";
|
||||||
|
instance_thumbnail = "/instance/thumbnail.avif";
|
||||||
|
limit = 69420;
|
||||||
|
description_limit = 69420;
|
||||||
|
remote_limit = 131072;
|
||||||
|
upload_limit = 256 * 1024 * 1024;
|
||||||
|
avatar_upload_limit = 4 * 1024 * 1024;
|
||||||
|
background_upload_limit = 8 * 1024 * 1024;
|
||||||
|
banner_upload_limit = 8 * 1024 * 1024;
|
||||||
|
registrations_open = true;
|
||||||
|
registration_reason_length = 2048;
|
||||||
|
account_approval_required = true;
|
||||||
|
account_activation_required = true;
|
||||||
|
federating = true;
|
||||||
|
federation_incoming_replies_max_depth = 1024;
|
||||||
|
federation_reachability_timeout_days = 14;
|
||||||
|
allow_relay = true;
|
||||||
|
max_pinned_statuses = 10;
|
||||||
|
max_report_comment_size = 2048;
|
||||||
|
safe_dm_mentions = true;
|
||||||
|
remote_post_retention_days = 365;
|
||||||
|
user_bio_length = 8192;
|
||||||
|
user_name_length = 64;
|
||||||
|
cleanup_attachments = true;
|
||||||
|
local_bubble = [
|
||||||
|
"solitary.social"
|
||||||
|
"donotsta.re"
|
||||||
|
"chaos.social"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
":emoji".groups = {
|
||||||
|
blobs = "/emoji/blobs.gg/*.png";
|
||||||
|
blobhaj = "/emoji/blobhaj/512w/*.png";
|
||||||
|
neodog = "/emoji/neodog/*.png";
|
||||||
|
neocat = [
|
||||||
|
"/emoji/neocat/*.png"
|
||||||
|
"/emoji/neodog/additional_neocat/*.png"
|
||||||
|
];
|
||||||
|
neofox = [
|
||||||
|
"/emoji/neofox/*.png"
|
||||||
|
"/emoji/neodog/additional_neofox/*.png"
|
||||||
|
];
|
||||||
|
Custom = "/emoji/custom/*.png";
|
||||||
|
};
|
||||||
|
|
||||||
|
"Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha";
|
||||||
|
|
||||||
|
"Pleroma.Web.Endpoint".url.host = "florp.social";
|
||||||
|
|
||||||
|
"Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C";
|
||||||
|
|
||||||
|
"Pleroma.Emails.Mailer" = {
|
||||||
|
enabled = true;
|
||||||
|
adapter = mkRaw "Swoosh.Adapters.SMTP";
|
||||||
|
relay = "mail.kyouma.net";
|
||||||
|
username = "noreply@florp.social";
|
||||||
|
password._secret = config.sops.secrets."services/akkoma/mailerPassword".path;
|
||||||
|
port = 465;
|
||||||
|
ssl = true;
|
||||||
|
auth = mkRaw ":always";
|
||||||
|
};
|
||||||
|
|
||||||
|
":database".rum_enabled = true;
|
||||||
|
|
||||||
|
":media_proxy" = {
|
||||||
|
enabled = true;
|
||||||
|
base_url = "https://cache.florp.social";
|
||||||
|
proxy_opts.redirect_on_failure = true;
|
||||||
|
proxy_opts.max_body_length = 64 * 1024 * 1024;
|
||||||
|
};
|
||||||
|
|
||||||
|
":media_preview_proxy" = {
|
||||||
|
enabled = true;
|
||||||
|
thumbnail_max_width = 1920;
|
||||||
|
thumbnail_max_height = 1080;
|
||||||
|
min_content_length = 128 * 1024;
|
||||||
|
};
|
||||||
|
|
||||||
|
"Pleroma.Upload".base_url = "https://media.florp.social";
|
||||||
|
|
||||||
|
"Pleroma.Upload".filters = map mkRaw [
|
||||||
|
"Pleroma.Upload.Filter.Exiftool.ReadDescription"
|
||||||
|
"Pleroma.Upload.Filter.Exiftool.StripMetadata"
|
||||||
|
"Pleroma.Upload.Filter.Dedupe"
|
||||||
|
"Pleroma.Upload.Filter.AnonymizeFilename"
|
||||||
|
];
|
||||||
|
|
||||||
|
":mrf".policies = map mkRaw [
|
||||||
|
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
|
||||||
|
];
|
||||||
|
|
||||||
|
":mrf_object_age".threshold = 180 * 24 * 3600;
|
||||||
|
|
||||||
|
":frontend_configurations" = {
|
||||||
|
pleroma_fe = mkMapOfPredefinedKeys {
|
||||||
|
background = "/images/sylvia-ritter-15012323.avif";
|
||||||
|
nsfwCensorImage = "/static/blurhash-overlay.png";
|
||||||
|
collapseMessageWithSubject = true;
|
||||||
|
streaming = true;
|
||||||
|
webPushNotifications = true;
|
||||||
|
useStreamingApi = true;
|
||||||
|
scopeCopy = true;
|
||||||
|
subjectLineBehavior = "masto";
|
||||||
|
alwaysShowSubjectInput = true;
|
||||||
|
postContentType = "text/markdown";
|
||||||
|
modalOnRepeat = true;
|
||||||
|
minimalScopesMode = true;
|
||||||
|
redirectRootNoLogin = "/about";
|
||||||
|
translationLanguage = "en";
|
||||||
|
theme = "elly-mod";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
":restrict_unauthenticated" = {
|
||||||
|
timelines = mkMapOfPredefinedKeys {
|
||||||
|
local = false;
|
||||||
|
federated = false;
|
||||||
|
bubble = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
":translator" = {
|
||||||
|
enabled = true;
|
||||||
|
module = mkRaw "Pleroma.Akkoma.Translators.DeepL";
|
||||||
|
};
|
||||||
|
|
||||||
|
":deepl" = {
|
||||||
|
tier = mkAtom ":free";
|
||||||
|
api_key._secret = config.sops.secrets."services/akkoma/deepl".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
":web_push_encryption".":vapid_details" = {
|
||||||
|
subject = "mailto:contact@florp.social";
|
||||||
|
};
|
||||||
|
|
||||||
|
":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer";
|
||||||
|
};
|
||||||
|
services.postgresql.enable = true;
|
||||||
|
services.postgresql.extraPlugins = [
|
||||||
|
pkgs.postgresql16Packages.rum
|
||||||
|
];
|
||||||
|
services.nginx = {
|
||||||
|
clientMaxBodySize = "256m";
|
||||||
|
commonHttpConfig = ''
|
||||||
|
access_log off;
|
||||||
|
|
||||||
|
proxy_cache_path /var/cache/nginx/akkoma-media-cache
|
||||||
|
levels= keys_zone=akkoma_media_cache:64m max_size=64g
|
||||||
|
inactive=1y use_temp_path=off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
kyouma.nginx.virtualHosts = let
|
||||||
|
proxyCache = ''
|
||||||
|
proxy_cache akkoma_media_cache;
|
||||||
|
|
||||||
|
# Cache objects in slices of 1 MiB
|
||||||
|
slice 1m;
|
||||||
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||||
|
proxy_set_header Range $slice_range;
|
||||||
|
|
||||||
|
# Decouple proxy and upstream responses
|
||||||
|
proxy_buffering on;
|
||||||
|
proxy_cache_lock on;
|
||||||
|
proxy_ignore_client_abort on;
|
||||||
|
|
||||||
|
# Default cache times for various responses
|
||||||
|
proxy_cache_valid 200 1y;
|
||||||
|
proxy_cache_valid 206 301 304 1h;
|
||||||
|
|
||||||
|
# Allow serving of stale items
|
||||||
|
proxy_cache_use_stale error timeout invalid_header updating;
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
"florp.social" = {
|
||||||
|
serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ];
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:/run/akkoma/socket";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."^/media(/.*)$".return = "308 https://media.florp.social$1";
|
||||||
|
locations."^/proxy(/.*)$".return = "308 https://cache.florp.social$1";
|
||||||
|
locations."= /api/v1/pleroma/admin/config" = {
|
||||||
|
return = ''200 "\{\"error\":\"You must enable configurable_from_database in your config file.\"\}"'';
|
||||||
|
extraConfig = ''
|
||||||
|
types { } default_type "application/json; charset=utf-8";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"media.florp.social" = {
|
||||||
|
useACMEHost = "florp.social";
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:/run/akkoma/socket";
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^(?!/media)(.*)$ /media$1;
|
||||||
|
'' + proxyCache;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"cache.florp.social" = {
|
||||||
|
useACMEHost = "florp.social";
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:/run/akkoma/socket";
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^(?!/proxy)(.*)$ /proxy$1;
|
||||||
|
'' + proxyCache;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."florp.social".extraDomainNames = [
|
||||||
|
"cache.florp.social"
|
||||||
|
"media.florp.social"
|
||||||
|
] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ];
|
||||||
|
}
|
529
config/services/akkoma/elly-mod.json
Normal file
|
@ -0,0 +1,529 @@
|
||||||
|
{
|
||||||
|
"_pleroma_theme_version": 2,
|
||||||
|
"name": "elly's theme (mod)",
|
||||||
|
"theme": {
|
||||||
|
"themeEngineVersion": 3,
|
||||||
|
"shadows": {
|
||||||
|
"panel": [
|
||||||
|
{
|
||||||
|
"color": "#000000",
|
||||||
|
"x": "1",
|
||||||
|
"y": "2",
|
||||||
|
"blur": "6",
|
||||||
|
"spread": 0,
|
||||||
|
"alpha": 0.6
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"topBar": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": 0,
|
||||||
|
"blur": 4,
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": 0.6
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"popup": [
|
||||||
|
{
|
||||||
|
"x": 2,
|
||||||
|
"y": 2,
|
||||||
|
"blur": 3,
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": 0.5
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"avatar": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": 1,
|
||||||
|
"blur": 8,
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": 0.7
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"avatarStatus": [],
|
||||||
|
"panelHeader": [
|
||||||
|
{
|
||||||
|
"color": "#ffffff",
|
||||||
|
"x": 0,
|
||||||
|
"y": "40",
|
||||||
|
"blur": "40",
|
||||||
|
"spread": "-40",
|
||||||
|
"inset": true,
|
||||||
|
"alpha": "0.1"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"button": [
|
||||||
|
{
|
||||||
|
"color": "#ffffff",
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": "0",
|
||||||
|
"spread": "1",
|
||||||
|
"alpha": "0.15",
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "#000000",
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": "1",
|
||||||
|
"spread": 0,
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"buttonHover": [
|
||||||
|
{
|
||||||
|
"color": "#318cbc",
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"alpha": 1,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "#000000",
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": "1",
|
||||||
|
"spread": 0,
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"buttonPressed": [
|
||||||
|
{
|
||||||
|
"color": "#bebebe",
|
||||||
|
"x": 0,
|
||||||
|
"y": 0,
|
||||||
|
"blur": "0",
|
||||||
|
"spread": "50",
|
||||||
|
"alpha": 0.5,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "#ffffff",
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"alpha": 0.2,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "#000000",
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": 0,
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"input": [
|
||||||
|
{
|
||||||
|
"color": "#FFFFFF",
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"alpha": "0.2",
|
||||||
|
"inset": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"colors": {
|
||||||
|
"underlay": "#000000",
|
||||||
|
"bg": "#070e1b",
|
||||||
|
"fg": "#31363b",
|
||||||
|
"cRed": "#c42d38",
|
||||||
|
"cGreen": "#22b325",
|
||||||
|
"cOrange": "#d7d720",
|
||||||
|
"cBlue": "#ffffff",
|
||||||
|
"accent": "#3daee9",
|
||||||
|
"link": "#318cbc",
|
||||||
|
"text": "#bebebe",
|
||||||
|
"badgeNotification": "#024297",
|
||||||
|
"badgeNotificationText": "#ffffff",
|
||||||
|
"alertNeutral": "#bebebe",
|
||||||
|
"alertNeutralText": "#ffffff",
|
||||||
|
"alertPopupNeutral": "#bebebe",
|
||||||
|
"alertPopupNeutralText": "#000000",
|
||||||
|
"alertSuccess": "#22b325",
|
||||||
|
"alertSuccessText": "#ffffff",
|
||||||
|
"alertPopupSuccess": "#22b325",
|
||||||
|
"alertPopupSuccessText": "#000000",
|
||||||
|
"alertWarning": "#d7d720",
|
||||||
|
"alertWarningText": "#ffffff",
|
||||||
|
"alertPopupWarning": "#d7d720",
|
||||||
|
"alertPopupWarningText": "#000000",
|
||||||
|
"alertError": "#ff090f",
|
||||||
|
"alertErrorText": "#bebebe",
|
||||||
|
"alertPopupError": "#ff090f",
|
||||||
|
"alertPopupErrorText": "#ffffff",
|
||||||
|
"panel": "#0d1a31",
|
||||||
|
"panelText": "#bebebe",
|
||||||
|
"alertNeutralPanelText": "#ffffff",
|
||||||
|
"alertSuccessPanelText": "#ffffff",
|
||||||
|
"alertWarningPanelText": "#ffffff",
|
||||||
|
"alertErrorPanelText": "#bebebe",
|
||||||
|
"fgText": "#bebebe",
|
||||||
|
"topBar": "#0d1a31",
|
||||||
|
"topBarText": "#bebebe",
|
||||||
|
"input": "#18223d",
|
||||||
|
"inputTopbarText": "#bebebe",
|
||||||
|
"inputPanelText": "#bebebe",
|
||||||
|
"inputText": "#bebebe",
|
||||||
|
"btn": "#18223d",
|
||||||
|
"btnText": "#bebebe",
|
||||||
|
"btnTopBarText": "#bebebe",
|
||||||
|
"btnDisabled": "#0c121c",
|
||||||
|
"btnDisabledTopBarText": "#393d45",
|
||||||
|
"btnPanelText": "#bebebe",
|
||||||
|
"btnDisabledPanelText": "#393d45",
|
||||||
|
"btnDisabledText": "#393d45",
|
||||||
|
"btnToggled": "#1b1d1f",
|
||||||
|
"btnToggledTopBarText": "#bebebe",
|
||||||
|
"btnToggledPanelText": "#bebebe",
|
||||||
|
"btnToggledText": "#bebebe",
|
||||||
|
"btnPressed": "#1b1d1f",
|
||||||
|
"btnPressedTopBarText": "#bebebe",
|
||||||
|
"btnPressedTopBar": "#1b1d1f",
|
||||||
|
"btnPressedPanelText": "#bebebe",
|
||||||
|
"btnPressedPanel": "#1b1d1f",
|
||||||
|
"btnPressedText": "#bebebe",
|
||||||
|
"tabActiveText": "#bebebe",
|
||||||
|
"tabText": "#bebebe",
|
||||||
|
"tab": "#1b1d1f",
|
||||||
|
"fgLink": "#543fe7",
|
||||||
|
"topBarLink": "#bebebe",
|
||||||
|
"panelLink": "#38a5ed",
|
||||||
|
"panelFaint": "#bebebe",
|
||||||
|
"icon": "#63666d",
|
||||||
|
"poll": "#1d4f6e",
|
||||||
|
"pollText": "#bebebe",
|
||||||
|
"border": "#363c41",
|
||||||
|
"postCyantext": "#ffffff",
|
||||||
|
"postGreentext": "#22b325",
|
||||||
|
"postLink": "#3daee9",
|
||||||
|
"lightText": "#f2f2f2",
|
||||||
|
"popover": "#070e1b",
|
||||||
|
"selectedMenuPopover": "#0d1930",
|
||||||
|
"highlight": "#0d1930",
|
||||||
|
"highlightText": "#bebebe",
|
||||||
|
"selectedMenu": "#0d1930",
|
||||||
|
"selectedMenuText": "#bebebe",
|
||||||
|
"selectedMenuPopoverIcon": "#666c77",
|
||||||
|
"highlightLink": "#3daee9",
|
||||||
|
"selectedMenuLink": "#3daee9",
|
||||||
|
"selectedMenuPopoverLink": "#3daee9",
|
||||||
|
"selectedMenuPopoverText": "#bebebe",
|
||||||
|
"faintLink": "#3daee9",
|
||||||
|
"highlightFaintLink": "#3daee9",
|
||||||
|
"selectedMenuFaintLink": "#3daee9",
|
||||||
|
"selectedMenuPopoverFaintLink": "#3daee9",
|
||||||
|
"faint": "#bebebe",
|
||||||
|
"highlightFaintText": "#bebebe",
|
||||||
|
"selectedMenuFaintText": "#bebebe",
|
||||||
|
"selectedMenuPopoverFaintText": "#bebebe",
|
||||||
|
"highlightLightText": "#f2f2f2",
|
||||||
|
"selectedMenuLightText": "#f2f2f2",
|
||||||
|
"selectedMenuPopoverLightText": "#f2f2f2",
|
||||||
|
"selectedMenuIcon": "#666c77",
|
||||||
|
"selectedPost": "#0d1930",
|
||||||
|
"selectedPostText": "#bebebe",
|
||||||
|
"selectedPostIcon": "#666c77",
|
||||||
|
"selectedPostLink": "#3daee9",
|
||||||
|
"selectedPostFaintLink": "#3daee9",
|
||||||
|
"highlightPostLink": "#3daee9",
|
||||||
|
"selectedPostPostLink": "#3daee9",
|
||||||
|
"selectedPostLightText": "#f2f2f2",
|
||||||
|
"selectedPostFaintText": "#bebebe",
|
||||||
|
"popoverText": "#bebebe",
|
||||||
|
"popoverIcon": "#63666d",
|
||||||
|
"popoverLink": "#3daee9",
|
||||||
|
"postFaintLink": "#3daee9",
|
||||||
|
"popoverPostFaintLink": "#3daee9",
|
||||||
|
"popoverFaintLink": "#3daee9",
|
||||||
|
"popoverFaintText": "#bebebe",
|
||||||
|
"popoverPostLink": "#3daee9",
|
||||||
|
"popoverLightText": "#f2f2f2",
|
||||||
|
"highlightIcon": "#666c77",
|
||||||
|
"highlightPostFaintLink": "#3daee9",
|
||||||
|
"profileTint": "#070e1b",
|
||||||
|
"profileBg": "#03070f",
|
||||||
|
"wallpaper": "#050a13"
|
||||||
|
},
|
||||||
|
"opacity": {
|
||||||
|
"underlay": 0.15,
|
||||||
|
"bg": 0.85,
|
||||||
|
"alert": 0.5,
|
||||||
|
"alertPopup": 0.95,
|
||||||
|
"panel": 0.75,
|
||||||
|
"input": 0.9,
|
||||||
|
"btn": 0.9,
|
||||||
|
"faint": 0.5,
|
||||||
|
"border": 0.55,
|
||||||
|
"popover": 1,
|
||||||
|
"profileTint": 0.5
|
||||||
|
},
|
||||||
|
"radii": {
|
||||||
|
"btn": "3",
|
||||||
|
"input": "4",
|
||||||
|
"checkbox": "1",
|
||||||
|
"panel": "3",
|
||||||
|
"avatar": "4",
|
||||||
|
"avatarAlt": "4",
|
||||||
|
"tooltip": 2,
|
||||||
|
"attachment": "3"
|
||||||
|
},
|
||||||
|
"fonts": {
|
||||||
|
"interface": {
|
||||||
|
"family": "sans-serif"
|
||||||
|
},
|
||||||
|
"input": {
|
||||||
|
"family": "inherit"
|
||||||
|
},
|
||||||
|
"post": {
|
||||||
|
"family": "inherit"
|
||||||
|
},
|
||||||
|
"postCode": {
|
||||||
|
"family": "monospace"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"source": {
|
||||||
|
"themeEngineVersion": 3,
|
||||||
|
"fonts": {},
|
||||||
|
"shadows": {
|
||||||
|
"panel": [
|
||||||
|
{
|
||||||
|
"x": "1",
|
||||||
|
"y": "2",
|
||||||
|
"blur": "6",
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": 0.6
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"button": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": "0",
|
||||||
|
"spread": "1",
|
||||||
|
"color": "#ffffff",
|
||||||
|
"alpha": "0.15",
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": "1",
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"panelHeader": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": "40",
|
||||||
|
"blur": "40",
|
||||||
|
"spread": "-40",
|
||||||
|
"inset": true,
|
||||||
|
"color": "#ffffff",
|
||||||
|
"alpha": "0.1"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"buttonHover": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"color": "--link",
|
||||||
|
"alpha": 1,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": "1",
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"buttonPressed": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": 0,
|
||||||
|
"blur": "0",
|
||||||
|
"spread": "50",
|
||||||
|
"color": "--faint",
|
||||||
|
"alpha": 0.5,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"color": "#ffffff",
|
||||||
|
"alpha": 0.2,
|
||||||
|
"inset": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"x": "1",
|
||||||
|
"y": "1",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": 0,
|
||||||
|
"color": "#000000",
|
||||||
|
"alpha": "0.3",
|
||||||
|
"inset": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"input": [
|
||||||
|
{
|
||||||
|
"x": 0,
|
||||||
|
"y": "0",
|
||||||
|
"blur": 0,
|
||||||
|
"spread": "1",
|
||||||
|
"color": "#FFFFFF",
|
||||||
|
"alpha": "0.2",
|
||||||
|
"inset": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"opacity": {
|
||||||
|
"bg": "0.85",
|
||||||
|
"border": "0.55",
|
||||||
|
"panel": "0.75",
|
||||||
|
"btn": "0.9",
|
||||||
|
"input": "0.9"
|
||||||
|
},
|
||||||
|
"colors": {
|
||||||
|
"bg": "#070e1b",
|
||||||
|
"fg": "#31363b",
|
||||||
|
"text": "#bebebe",
|
||||||
|
"underlay": "#000000",
|
||||||
|
"link": "#318cbc",
|
||||||
|
"accent": "#3daee9",
|
||||||
|
"faint": "#bebebe",
|
||||||
|
"faintLink": "#3daee9",
|
||||||
|
"postFaintLink": "#3daee9",
|
||||||
|
"cBlue": "#ffffff",
|
||||||
|
"cRed": "#c42d38",
|
||||||
|
"cGreen": "#22b325",
|
||||||
|
"cOrange": "#d7d720",
|
||||||
|
"highlight": "#0d1930",
|
||||||
|
"highlightLightText": "#f2f2f2",
|
||||||
|
"highlightPostLink": "#3daee9",
|
||||||
|
"highlightFaintText": "#bebebe",
|
||||||
|
"highlightFaintLink": "#3daee9",
|
||||||
|
"highlightPostFaintLink": "#3daee9",
|
||||||
|
"highlightText": "#bebebe",
|
||||||
|
"highlightLink": "#3daee9",
|
||||||
|
"highlightIcon": "#666c77",
|
||||||
|
"popover": "#070e1b",
|
||||||
|
"popoverLightText": "#f2f2f2",
|
||||||
|
"popoverPostLink": "#3daee9",
|
||||||
|
"popoverFaintText": "#bebebe",
|
||||||
|
"popoverFaintLink": "#3daee9",
|
||||||
|
"popoverPostFaintLink": "#3daee9",
|
||||||
|
"popoverText": "#bebebe",
|
||||||
|
"popoverLink": "#3daee9",
|
||||||
|
"popoverIcon": "#63666d",
|
||||||
|
"selectedPost": "#0d1930",
|
||||||
|
"selectedPostFaintText": "#bebebe",
|
||||||
|
"selectedPostLightText": "#f2f2f2",
|
||||||
|
"selectedPostPostLink": "#3daee9",
|
||||||
|
"selectedPostFaintLink": "#3daee9",
|
||||||
|
"selectedPostText": "#bebebe",
|
||||||
|
"selectedPostLink": "#3daee9",
|
||||||
|
"selectedPostIcon": "#666c77",
|
||||||
|
"selectedMenu": "#0d1930",
|
||||||
|
"selectedMenuLightText": "#f2f2f2",
|
||||||
|
"selectedMenuFaintText": "#bebebe",
|
||||||
|
"selectedMenuFaintLink": "#3daee9",
|
||||||
|
"selectedMenuText": "#bebebe",
|
||||||
|
"selectedMenuLink": "#3daee9",
|
||||||
|
"selectedMenuIcon": "#666c77",
|
||||||
|
"selectedMenuPopover": "#0d1930",
|
||||||
|
"selectedMenuPopoverLightText": "#f2f2f2",
|
||||||
|
"selectedMenuPopoverFaintText": "#bebebe",
|
||||||
|
"selectedMenuPopoverFaintLink": "#3daee9",
|
||||||
|
"selectedMenuPopoverText": "#bebebe",
|
||||||
|
"selectedMenuPopoverLink": "#3daee9",
|
||||||
|
"selectedMenuPopoverIcon": "#666c77",
|
||||||
|
"lightText": "#f2f2f2",
|
||||||
|
"postLink": "#3daee9",
|
||||||
|
"border": "#363c41",
|
||||||
|
"poll": "#1d4f6e",
|
||||||
|
"pollText": "#bebebe",
|
||||||
|
"icon": "#63666d",
|
||||||
|
"fgText": "#bebebe",
|
||||||
|
"fgLink": "#543fe7",
|
||||||
|
"panel": "#0d1a31",
|
||||||
|
"panelText": "#bebebe",
|
||||||
|
"panelFaint": "#bebebe",
|
||||||
|
"panelLink": "#38a5ed",
|
||||||
|
"topBar": "#0d1a31",
|
||||||
|
"topBarText": "#bebebe",
|
||||||
|
"topBarLink": "#bebebe",
|
||||||
|
"tab": "#1b1d1f",
|
||||||
|
"tabText": "#bebebe",
|
||||||
|
"tabActiveText": "#bebebe",
|
||||||
|
"btn": "#18223d",
|
||||||
|
"btnText": "#bebebe",
|
||||||
|
"btnPanelText": "#bebebe",
|
||||||
|
"btnTopBarText": "#bebebe",
|
||||||
|
"btnPressed": "#1b1d1f",
|
||||||
|
"btnPressedText": "#bebebe",
|
||||||
|
"btnPressedPanel": "#1b1d1f",
|
||||||
|
"btnPressedPanelText": "#bebebe",
|
||||||
|
"btnPressedTopBar": "#1b1d1f",
|
||||||
|
"btnPressedTopBarText": "#bebebe",
|
||||||
|
"btnToggled": "#1b1d1f",
|
||||||
|
"btnToggledText": "#bebebe",
|
||||||
|
"btnToggledPanelText": "#bebebe",
|
||||||
|
"btnToggledTopBarText": "#bebebe",
|
||||||
|
"btnDisabled": "#0c121c",
|
||||||
|
"btnDisabledText": "#393d45",
|
||||||
|
"btnDisabledPanelText": "#393d45",
|
||||||
|
"btnDisabledTopBarText": "#393d45",
|
||||||
|
"input": "#18223d",
|
||||||
|
"inputText": "#bebebe",
|
||||||
|
"inputPanelText": "#bebebe",
|
||||||
|
"inputTopbarText": "#bebebe",
|
||||||
|
"alertError": "#ff090f",
|
||||||
|
"alertErrorText": "#bebebe",
|
||||||
|
"alertErrorPanelText": "#bebebe",
|
||||||
|
"alertWarning": "#d7d720",
|
||||||
|
"alertWarningText": "#ffffff",
|
||||||
|
"alertWarningPanelText": "#ffffff",
|
||||||
|
"alertNeutral": "#bebebe",
|
||||||
|
"alertNeutralText": "#ffffff",
|
||||||
|
"alertNeutralPanelText": "#ffffff",
|
||||||
|
"badgeNotification": "#024297",
|
||||||
|
"badgeNotificationText": "#ffffff"
|
||||||
|
},
|
||||||
|
"radii": {
|
||||||
|
"btn": "3",
|
||||||
|
"input": "4",
|
||||||
|
"checkbox": "1",
|
||||||
|
"panel": "3",
|
||||||
|
"avatar": "4",
|
||||||
|
"avatarAlt": "4",
|
||||||
|
"attachment": "3"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
62
config/services/arrs/default.nix
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
{ lib, pkgs, ... }: {
|
||||||
|
|
||||||
|
services = lib.genAttrs [
|
||||||
|
"sonarr"
|
||||||
|
"radarr"
|
||||||
|
"prowlarr"
|
||||||
|
"lidarr"
|
||||||
|
] (_: {
|
||||||
|
enable = true;
|
||||||
|
});
|
||||||
|
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
|
||||||
|
wants = [ "mnt-mezzomix.mount" ];
|
||||||
|
});
|
||||||
|
|
||||||
|
systemd.mounts = lib.singleton {
|
||||||
|
description = "rclone mount";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" "radarr.service" "sonarr.service" ];
|
||||||
|
|
||||||
|
where = "/mnt/mezzomix";
|
||||||
|
what = "mezzomix@otos.feralhosting.com:private/rtorrent/data";
|
||||||
|
type = "fuse.sshfs";
|
||||||
|
options = "umask=0000,idmap=user,_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,reconnect,max_conns=10,identityfile=/etc/keys/ssh_host_ed25519_key";
|
||||||
|
};
|
||||||
|
systemd.automounts = lib.singleton {
|
||||||
|
name = "mnt-mezzomix.automount";
|
||||||
|
where = "/mnt/mezzomix";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
automountConfig.TimeoutIdleSec = 0;
|
||||||
|
};
|
||||||
|
environment.systemPackages = [ pkgs.sshfs ];
|
||||||
|
programs.ssh.ciphers = [ "aes256-ctr" ];
|
||||||
|
|
||||||
|
|
||||||
|
kyouma.nginx.virtualHosts = {
|
||||||
|
"crime.kyouma.net" = {
|
||||||
|
verifyClientCert = true;
|
||||||
|
disableHttp3 = true;
|
||||||
|
locations = {
|
||||||
|
"/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
|
||||||
|
"/lidarr/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8686";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
"/sonarr/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8989";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
"/radarr/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:7878";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
"/prowlarr/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:9696";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."crime.kyouma.net" = {};
|
||||||
|
}
|
29
config/services/arrs/landingPage.html
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>crime.kyouma.net</title>
|
||||||
|
<style>
|
||||||
|
body {
|
||||||
|
width: 35em;
|
||||||
|
margin: 0 auto;
|
||||||
|
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to crime.kyouma.net!</h1>
|
||||||
|
<p>If you see this page, the nginx web server is successfully installed and
|
||||||
|
working. Further configuration is required.</p>
|
||||||
|
|
||||||
|
<p>Sonarr
|
||||||
|
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
|
||||||
|
Radarr
|
||||||
|
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
|
||||||
|
Lidarr
|
||||||
|
<a href="https://crime.kyouma.net/lidarr">crime.kyouma.net/lidarr</a><br/>
|
||||||
|
Prowlarr
|
||||||
|
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
|
||||||
|
|
||||||
|
<p><em>Thank you for using nginx.</em></p>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -5,7 +5,8 @@
|
||||||
};
|
};
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path;
|
package = pkgs.forgejo;
|
||||||
|
secrets.mailer.PASSWD = config.sops.secrets."services/forgejo/mailerPassword".path;
|
||||||
database = {
|
database = {
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
|
@ -21,8 +22,12 @@
|
||||||
SCHEDULE = "@every 24h";
|
SCHEDULE = "@every 24h";
|
||||||
UPDATE_EXISTING = true;
|
UPDATE_EXISTING = true;
|
||||||
};
|
};
|
||||||
|
DEFAULT.APP_NAME = "The dog girl Git";
|
||||||
federation.ENABLED = true;
|
federation.ENABLED = true;
|
||||||
log.LEVEL = "Info";
|
log.LEVEL = "Info";
|
||||||
|
indexer = {
|
||||||
|
REPO_INDEXER_ENABLED = true;
|
||||||
|
};
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
PROTOCOL = "smtp+starttls";
|
PROTOCOL = "smtp+starttls";
|
||||||
|
@ -31,6 +36,11 @@
|
||||||
USER = "git@kyouma.net";
|
USER = "git@kyouma.net";
|
||||||
};
|
};
|
||||||
mirror.DEFAULT_INTERVAL = "1h";
|
mirror.DEFAULT_INTERVAL = "1h";
|
||||||
|
oauth2_client.REGISTER_EMAIL_CONFIRM = false;
|
||||||
|
openid = {
|
||||||
|
ENABLE_OPENID_SIGNIN = true;
|
||||||
|
ENABLE_OPENID_SIGNUP = true;
|
||||||
|
};
|
||||||
session = {
|
session = {
|
||||||
COOKIE_SECURE = true;
|
COOKIE_SECURE = true;
|
||||||
PROVIDER = "db";
|
PROVIDER = "db";
|
||||||
|
@ -39,7 +49,8 @@
|
||||||
server = {
|
server = {
|
||||||
STATIC_URL_PREFIX = "/static";
|
STATIC_URL_PREFIX = "/static";
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
DOMAIN = "git.kyouma.net";
|
DOMAIN = "woof.rip";
|
||||||
|
ROOT_URL = "https://woof.rip";
|
||||||
};
|
};
|
||||||
security = {
|
security = {
|
||||||
LOGIN_REMEMBER_DAYS = 90;
|
LOGIN_REMEMBER_DAYS = 90;
|
||||||
|
@ -63,11 +74,11 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kyouma.nginx.virtualHosts."git.kyouma.net" = {
|
kyouma.nginx.virtualHosts."woof.rip" = {
|
||||||
locations."/static/".alias = "${pkgs.forgejo.data}/public/";
|
locations."/static/".alias = "${pkgs.forgejo.data}/public/";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://unix:/run/forgejo/forgejo.socket";
|
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.acme.certs."git.kyouma.net" = {};
|
security.acme.certs."woof.rip" = {};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,19 +1,27 @@
|
||||||
{ config, ... }: {
|
{ config, inputs, lib, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./nix-config.nix
|
./nix-config.nix
|
||||||
|
inputs.hydra.nixosModules.hydra
|
||||||
];
|
];
|
||||||
sops.secrets."services/hydra/signKey" = {
|
sops.secrets."services/hydra/signKey" = {
|
||||||
owner = "hydra-queue-runner";
|
owner = "hydra-queue-runner";
|
||||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||||
};
|
};
|
||||||
|
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
|
||||||
|
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||||
|
owner = "hydra";
|
||||||
|
mode = "0400";
|
||||||
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||||
|
};
|
||||||
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
||||||
owner = "hydra-queue-runner";
|
owner = "hydra-queue-runner";
|
||||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||||
};
|
};
|
||||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||||
|
|
||||||
services.hydra = {
|
services.hydra-dev = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
|
||||||
hydraURL = "https://hydra.kyouma.net";
|
hydraURL = "https://hydra.kyouma.net";
|
||||||
listenHost = "localhost";
|
listenHost = "localhost";
|
||||||
notificationSender = "hydra@hydra.kyouma.net";
|
notificationSender = "hydra@hydra.kyouma.net";
|
||||||
|
@ -22,18 +30,24 @@
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
server_store_uri = https://cache.kyouma.net
|
server_store_uri = https://cache.kyouma.net
|
||||||
binary_cache_public_uri = https://cache.kyouma.net
|
binary_cache_public_uri = https://cache.kyouma.net
|
||||||
evaluator_workers = 8
|
evaluator_workers = 1
|
||||||
evaluator_max_memory_size = 4096
|
evaluator_max_memory_size = 4096
|
||||||
|
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.harmonia = {
|
services.harmonia = {
|
||||||
enable = true;
|
enable = true;
|
||||||
signKeyPath = config.sops.secrets."services/hydra/signKey".path;
|
signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
|
||||||
settings = {
|
settings = {
|
||||||
bind = "[::1]:5555";
|
bind = "[::1]:5555";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.hydra-evaluator.serviceConfig = {
|
||||||
|
MemoryHigh = "150G";
|
||||||
|
MemoryMax = "155G";
|
||||||
|
};
|
||||||
|
|
||||||
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
|
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
|
||||||
kyouma.nginx.virtualHosts = {
|
kyouma.nginx.virtualHosts = {
|
||||||
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
|
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
|
||||||
|
|
|
@ -1,24 +1,50 @@
|
||||||
{ config, ... }: {
|
{ config, lib, ... }: {
|
||||||
nix.buildMachines = [
|
nix.buildMachines = let
|
||||||
|
base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
x86-64 = [ "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||||
|
aarch64 = [ "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "gccarch-armv8.2-a+fp16+rcpc+dotprod" ];
|
||||||
|
riscv64 = [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
|
||||||
|
in [
|
||||||
{
|
{
|
||||||
hostName = "localhost";
|
hostName = "localhost";
|
||||||
sshUser = "hydra-queue-runner";
|
protocol = null;
|
||||||
maxJobs = 40;
|
maxJobs = 0;
|
||||||
speedFactor = 40;
|
speedFactor = 0;
|
||||||
systems = [ "x86_64-linux" ];
|
systems = [ "x86_64-linux" ];
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = base;
|
||||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostName = "integra.kyouma.net";
|
hostName = "integra.kyouma.net";
|
||||||
sshUser = "build";
|
sshUser = "nix-ssh";
|
||||||
maxJobs = 4;
|
maxJobs = 2;
|
||||||
speedFactor = 8;
|
speedFactor = 4;
|
||||||
systems = [ "aarch64-linux" ];
|
systems = [ "aarch64-linux" ];
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = base ++ aarch64;
|
||||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||||
}
|
}
|
||||||
];
|
{
|
||||||
|
hostName = "schrodinger.kyouma.net";
|
||||||
|
sshUser = "root";
|
||||||
|
maxJobs = 0;
|
||||||
|
speedFactor = 20;
|
||||||
|
systems = [ "riscv64-linux" ];
|
||||||
|
supportedFeatures = base ++ riscv64;
|
||||||
|
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||||
|
}
|
||||||
|
] ++ lib.forEach (lib.range 0 11) (num: {
|
||||||
|
hostName = "build-worker-${lib.fixedWidthNumber 2 num}";
|
||||||
|
sshUser = "root";
|
||||||
|
maxJobs = 2;
|
||||||
|
speedFactor = 20;
|
||||||
|
systems = [ "i686-linux" "x86_64-linux" ]
|
||||||
|
++ lib.optionals (lib.mod num 5 == 0) [ "aarch64-linux" "riscv64-linux" ];
|
||||||
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" ] ++ x86-64
|
||||||
|
++ lib.optionals (lib.mod num 5 == 0) (aarch64 ++ riscv64);
|
||||||
|
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||||
|
});
|
||||||
|
nixpkgs.config.allowUnsupportedSystem = true;
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
nix.gc.automatic = lib.mkForce false;
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
allowed-uris = [
|
allowed-uris = [
|
||||||
"github:"
|
"github:"
|
||||||
|
@ -27,11 +53,35 @@
|
||||||
"https://"
|
"https://"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
|
||||||
];
|
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
knownHosts = {
|
||||||
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
"build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
|
||||||
|
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
|
||||||
|
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||||
|
"schrodinger.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo7vZ6lS1wx76YsbAdhOsGcc20YMAW52ep8SZ/FCHDp";
|
||||||
|
"lab.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUePtVPtBK+CYosufbaGiMT4EVanti4V5t2Wg0g/Fy4";
|
||||||
|
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2200".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUGzlilikAUfUGKXVCoTeDvPRoWUgDDkNU5WaRUBzls";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
|
||||||
|
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
|
||||||
|
"[build-worker-kyoumanet-cdg.fly.dev]:2209".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGlQD/3fLn/Kyb7v0RIycHRcArGi75jURj803EMpW0S";
|
||||||
|
"[build-worker-kyoumanet-cdg.fly.dev]:2210".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQm1FSGBGdCR5f8MvBvdKM0M4yIQVnH1po7hHO5T1qz";
|
||||||
|
"[build-worker-kyoumanet-cdg.fly.dev]:2211".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlH+v2ZlcDQY3itw4b7aRbwRTqDsTE0R5Ua3vF0VaGr";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
Host machine-0008.cloud-v.co
|
||||||
|
Hostname machine.cloud-v.co
|
||||||
|
Port 20008
|
||||||
|
'' + lib.concatLines (lib.forEach (lib.range 0 11) (num: ''
|
||||||
|
Host build-worker-${lib.fixedWidthNumber 2 num}
|
||||||
|
Hostname build-worker-kyoumanet${lib.optionalString (num > 8) "-cdg"}.fly.dev
|
||||||
|
Port 22${lib.fixedWidthNumber 2 num}
|
||||||
|
''));
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
34
config/services/jellyfin.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, ... }: {
|
||||||
|
|
||||||
|
services.jellyfin.enable = true;
|
||||||
|
|
||||||
|
kyouma.nginx.virtualHosts = {
|
||||||
|
"watch.kyouma.net".redirectTo = "fentanyl.trade";
|
||||||
|
"fentanyl.trade" = {
|
||||||
|
serverAliases = lib.singleton "frotti.ng";
|
||||||
|
locations = {
|
||||||
|
"= /".return = "302 https://$host/web/";
|
||||||
|
"/" = {
|
||||||
|
proxyPass = "http://[::1]:8096";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_buffering on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"= /web/" = {
|
||||||
|
proxyPass = "http://[::1]:8096";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
"/socket" = {
|
||||||
|
proxyPass = "http://[::1]:8096";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."fentanyl.trade".extraDomainNames = [
|
||||||
|
"frotti.ng"
|
||||||
|
"watch.kyouma.net"
|
||||||
|
];
|
||||||
|
}
|
8
config/services/librespeed.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ ... }: {
|
||||||
|
services.librespeed = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
domain = "speed.kyouma.net";
|
||||||
|
frontend.enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }: with lib; {
|
{ config, lib, pkgs, ... }: let
|
||||||
|
inherit (lib) mkDefault;
|
||||||
|
in {
|
||||||
kyouma.deployment.tags = [ "web" ];
|
kyouma.deployment.tags = [ "web" ];
|
||||||
security.dhparams.enable = true;
|
security.dhparams.enable = true;
|
||||||
security.dhparams.params.nginx = {};
|
security.dhparams.params.nginx = {};
|
||||||
|
@ -9,9 +11,11 @@
|
||||||
email = "noc@kyouma.net";
|
email = "noc@kyouma.net";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
#package = pkgs.nginxQuic;
|
package = mkDefault pkgs.nginxQuic;
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
@ -32,7 +36,14 @@
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
add_header Referrer-Policy "same-origin" always;
|
add_header Referrer-Policy "same-origin" always;
|
||||||
|
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
|
||||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||||
'';
|
'';
|
||||||
|
eventsConfig = ''
|
||||||
|
multi_accept on;
|
||||||
|
'';
|
||||||
|
appendConfig = ''
|
||||||
|
worker_processes auto;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,24 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
|
sops.secrets."services/nyastodon/extraEnvFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/secretKeyBaseFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/otpSecretFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nyastodon;
|
package = pkgs.nyastodon;
|
||||||
|
@ -6,5 +26,10 @@
|
||||||
configureNginx = true;
|
configureNginx = true;
|
||||||
smtp.fromAddress = "webmaster@girldick.gay";
|
smtp.fromAddress = "webmaster@girldick.gay";
|
||||||
streamingProcesses = 16;
|
streamingProcesses = 16;
|
||||||
|
extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
|
||||||
|
secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
|
||||||
|
otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
|
||||||
|
vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
|
||||||
|
vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
18
config/services/uptime-kuma.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{ ... }:{
|
||||||
|
services.uptime-kuma = {
|
||||||
|
enable = true;
|
||||||
|
appriseSupport = true;
|
||||||
|
settings = {
|
||||||
|
HOST = "::1";
|
||||||
|
PORT = "3001";
|
||||||
|
NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
kyouma.nginx.virtualHosts."uptime.kyouma.net" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://[::1]:3001";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."uptime.kyouma.net" = {};
|
||||||
|
}
|
|
@ -1,19 +1,21 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, ... }: {
|
||||||
sops.secrets."services/vaultwarden/environmentFile" = {
|
sops.secrets."services/vaultwarden/environmentFile" = {
|
||||||
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||||||
owner = "vaultwarden";
|
owner = "vaultwarden";
|
||||||
};
|
};
|
||||||
|
sops.secrets."services/vaultwarden/basicAuth" = {
|
||||||
|
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||||||
|
owner = "nginx";
|
||||||
|
};
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
||||||
|
backupDir = "/var/backup/bitwarden_rs";
|
||||||
config = {
|
config = {
|
||||||
DATA_FOLDER = "/var/lib/vaultwarden";
|
DOMAIN = "https://vault.kyouma.net";
|
||||||
DOMAIN = "staging.vault.kyouma.net";
|
|
||||||
DATABASE_MAX_CONNS = 15;
|
DATABASE_MAX_CONNS = 15;
|
||||||
WEB_VAULT_ENABLED = true;
|
WEB_VAULT_ENABLED = true;
|
||||||
WEBSOCKET_ENABLED = true;
|
|
||||||
WEBSOCKET_ADDRESS = "::1";
|
WEBSOCKET_ADDRESS = "::1";
|
||||||
WEBSOCKET_PORT = 3012;
|
|
||||||
SENDS_ALLOWED = true;
|
SENDS_ALLOWED = true;
|
||||||
ORG_ATTACHMENT_LIMIT = 1048576;
|
ORG_ATTACHMENT_LIMIT = 1048576;
|
||||||
USER_ATTACHMENT_LIMIT = 524288;
|
USER_ATTACHMENT_LIMIT = 524288;
|
||||||
|
@ -30,15 +32,19 @@
|
||||||
SMTP_USERNAME = "vault@kyouma.net";
|
SMTP_USERNAME = "vault@kyouma.net";
|
||||||
SMTP_SECURITY = "starttls";
|
SMTP_SECURITY = "starttls";
|
||||||
SMTP_PORT = 587;
|
SMTP_PORT = 587;
|
||||||
ROCKET_ADDRESS = "unix:/run/vaultwarden/rocket.socket";
|
ROCKET_ADDRESS = "::1";
|
||||||
ROCKET_PORT = "";
|
ROCKET_PORT = 8222;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
|
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://unix:/run/vaultwarden/rocket.socket";
|
proxyPass = "http://[::1]:8222";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
locations."/admin" = {
|
||||||
|
proxyPass = "http://[::1]:8222";
|
||||||
|
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
security.acme.certs."staging.vault.kyouma.net" = {};
|
security.acme.certs."vault.kyouma.net" = {};
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
"electron-25.9.0"
|
"jitsi-meet-1.0.8043"
|
||||||
];
|
];
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
@ -23,6 +23,7 @@
|
||||||
whois
|
whois
|
||||||
htop
|
htop
|
||||||
restic
|
restic
|
||||||
|
fend
|
||||||
] ++ lib.optionals config.kyouma.machine-type.graphical [
|
] ++ lib.optionals config.kyouma.machine-type.graphical [
|
||||||
linux-manual
|
linux-manual
|
||||||
colmena
|
colmena
|
||||||
|
@ -36,14 +37,17 @@
|
||||||
pavucontrol
|
pavucontrol
|
||||||
signal-desktop
|
signal-desktop
|
||||||
element-desktop
|
element-desktop
|
||||||
|
firefox
|
||||||
|
# currently broken
|
||||||
|
#inputs.firefox.packages.${pkgs.system}.firefox
|
||||||
|
|
||||||
nixfmt-classic
|
nixfmt-classic
|
||||||
wl-clipboard
|
wl-clipboard
|
||||||
libnotify
|
libnotify
|
||||||
slurp
|
slurp
|
||||||
grim
|
grim
|
||||||
gnome.simple-scan
|
simple-scan
|
||||||
cinnamon.nemo
|
nemo
|
||||||
imagemagick_light
|
imagemagick_light
|
||||||
|
|
||||||
#ubuntu_font_family
|
#ubuntu_font_family
|
||||||
|
@ -61,7 +65,7 @@
|
||||||
|
|
||||||
programs.eza = {
|
programs.eza = {
|
||||||
enable = true;
|
enable = true;
|
||||||
icons = true;
|
icons = "auto";
|
||||||
git = true;
|
git = true;
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--color-scale=all"
|
"--color-scale=all"
|
78
config/users/lucy/default.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ inputs, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.lucy = {
|
||||||
|
isNormalUser = true;
|
||||||
|
shell = pkgs.fish;
|
||||||
|
ignoreShellProgramCheck = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIId7XvwEHtC9KdGg4Bn+XE+yyBp7/dRToJX9T56mM7ln kosaki@kosaki"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZH8HwE1OxVAArRpc3+c7foYJ/WYjp4BqUyuab9yQyl emilia@emilia"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.users.lucy = {
|
||||||
|
home.stateVersion = "24.11";
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
whois
|
||||||
|
htop
|
||||||
|
restic
|
||||||
|
fend
|
||||||
|
];
|
||||||
|
fonts.fontconfig.enable = true;
|
||||||
|
|
||||||
|
programs.bat.enable = true;
|
||||||
|
programs.gpg.enable = true;
|
||||||
|
programs.ripgrep.enable = true;
|
||||||
|
|
||||||
|
programs.tmux = {
|
||||||
|
enable = true;
|
||||||
|
prefix = "M-w";
|
||||||
|
clock24 = true;
|
||||||
|
extraConfig = ''
|
||||||
|
# unbind keys
|
||||||
|
unbind-key C-b
|
||||||
|
|
||||||
|
# new prefix
|
||||||
|
bind-key M-w send-prefix
|
||||||
|
|
||||||
|
# selection via vim keys
|
||||||
|
bind-key -r h select-pane -L
|
||||||
|
bind-key -r j select-pane -D
|
||||||
|
bind-key -r k select-pane -U
|
||||||
|
bind-key -r l select-pane -R
|
||||||
|
|
||||||
|
# resize aswell
|
||||||
|
bind-key -r C-h resize-pane -L 5
|
||||||
|
bind-key -r C-j resize-pane -D 5
|
||||||
|
bind-key -r C-k resize-pane -U 5
|
||||||
|
bind-key -r C-l resize-pane -R 5
|
||||||
|
|
||||||
|
bind-key g split-window
|
||||||
|
bind-key v split-window -h
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.eza = {
|
||||||
|
enable = true;
|
||||||
|
icons = "auto";
|
||||||
|
git = true;
|
||||||
|
extraOptions = [
|
||||||
|
"--color-scale=all"
|
||||||
|
"--color-scale-mode=gradient"
|
||||||
|
"--group-directories-first"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
programs.fish = {
|
||||||
|
enable = true;
|
||||||
|
interactiveShellInit = ''
|
||||||
|
set -U fish_greeting
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
49
config/users/nil/default.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{ inputs, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.nil = {
|
||||||
|
isNormalUser = true;
|
||||||
|
shell = pkgs.fish;
|
||||||
|
ignoreShellProgramCheck = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICczPHRwY9MAwDGlcB0QgMOJjcpLJhVU3covrW9RBS62AAAABHNzaDo="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.users.nil = {
|
||||||
|
home.stateVersion = "24.11";
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
whois
|
||||||
|
htop
|
||||||
|
restic
|
||||||
|
fend
|
||||||
|
];
|
||||||
|
fonts.fontconfig.enable = true;
|
||||||
|
|
||||||
|
programs.bat.enable = true;
|
||||||
|
programs.gpg.enable = true;
|
||||||
|
programs.ripgrep.enable = true;
|
||||||
|
|
||||||
|
programs.eza = {
|
||||||
|
enable = true;
|
||||||
|
icons = "auto";
|
||||||
|
git = true;
|
||||||
|
extraOptions = [
|
||||||
|
"--color-scale=all"
|
||||||
|
"--color-scale-mode=gradient"
|
||||||
|
"--group-directories-first"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
programs.fish = {
|
||||||
|
enable = true;
|
||||||
|
interactiveShellInit = ''
|
||||||
|
set -U fish_greeting
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
989
flake.lock
58
flake.nix
|
@ -7,7 +7,6 @@
|
||||||
attic = {
|
attic = {
|
||||||
url = "github:zhaofengli/attic";
|
url = "github:zhaofengli/attic";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
|
||||||
};
|
};
|
||||||
disko = {
|
disko = {
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko";
|
||||||
|
@ -20,18 +19,42 @@
|
||||||
};
|
};
|
||||||
fernglas = {
|
fernglas = {
|
||||||
url = "github:wobcom/fernglas";
|
url = "github:wobcom/fernglas";
|
||||||
#inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
|
firefox = {
|
||||||
|
url = "git+https://woof.rip/mikael/firefox.git";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
florp-about = {
|
||||||
|
url = "git+https://woof.rip/florp/about.git";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
florp-branding = {
|
||||||
|
url = "git+https://woof.rip/florp/branding.git";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
florp-moderation = {
|
||||||
|
url = "git+https://woof.rip/florp/moderation.git";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
hydra = {
|
||||||
|
url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
|
||||||
|
inputs.lix.follows = "lix";
|
||||||
|
};
|
||||||
kyouma-www = {
|
kyouma-www = {
|
||||||
url = "git+https://git.bsd.gay/snaki/kyouma-net.git";
|
url = "git+https://woof.rip/emily/kyouma-net.git";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
|
lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz";
|
||||||
|
lix-module = {
|
||||||
|
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
nixos-needsreboot = {
|
nixos-needsreboot = {
|
||||||
url = "github:thefossguy/nixos-needsreboot";
|
url = "github:thefossguy/nixos-needsreboot";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -41,6 +64,11 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.home-manager.follows = "home-manager";
|
inputs.home-manager.follows = "home-manager";
|
||||||
};
|
};
|
||||||
|
oth = {
|
||||||
|
url = "git+ssh://forgejo@woof.rip/emily/oth.git";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
|
};
|
||||||
sops-nix = {
|
sops-nix = {
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -60,10 +88,6 @@
|
||||||
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
|
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
|
||||||
];
|
];
|
||||||
builders-use-substitutes = true;
|
builders-use-substitutes = true;
|
||||||
builders = ''
|
|
||||||
ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
|
|
||||||
ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
|
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
|
||||||
|
@ -103,7 +127,9 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
images.lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
|
images = {
|
||||||
|
lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
|
||||||
|
};
|
||||||
|
|
||||||
overlays = {
|
overlays = {
|
||||||
kyouma = import ./pkgs/overlay.nix;
|
kyouma = import ./pkgs/overlay.nix;
|
||||||
|
@ -126,14 +152,18 @@
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
packages = shinyflakes.mapPackages (pkgs) {
|
packages = shinyflakes.mapPackages (pkgs) {
|
||||||
# newhost = pkgs.stdenv.mkDerivation {
|
# newHost = pkgs.writeShellApplication {
|
||||||
# name = "newhost";
|
# name = "update-flyio";
|
||||||
|
# text = ''
|
||||||
|
# '';
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
# apps = rec {
|
apps = {
|
||||||
# newhost = self.packages.${system}.newhost;
|
update-build-worker = {
|
||||||
# default = newhost;
|
type = "app";
|
||||||
# };
|
program = ./pkgs/build-worker-oci/update.sh;
|
||||||
|
};
|
||||||
|
};
|
||||||
devShells.default = pkgs.mkShell {
|
devShells.default = pkgs.mkShell {
|
||||||
packages = [ pkgs.colmena pkgs.sops ];
|
packages = [ pkgs.colmena pkgs.sops ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,8 +1,5 @@
|
||||||
{ ... }: {
|
{ lib, ... }: let
|
||||||
imports = [
|
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||||
./deployment
|
in {
|
||||||
./machine-type
|
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||||
./nginx
|
|
||||||
./update-nixfiles
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
238
modules/graphical/default.nix
Normal file
|
@ -0,0 +1,238 @@
|
||||||
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.kyouma.graphical;
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
kyouma.graphical = {
|
||||||
|
enable = lib.mkEnableOption "graphical profile";
|
||||||
|
compositor = lib.mkOption {
|
||||||
|
type = with lib.types; nullOr (enum [ "hyprland" "niri" ]);
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
inputs.stylix.nixosModules.stylix
|
||||||
|
./files.nix
|
||||||
|
./hyprland.nix
|
||||||
|
./waybar-hyprland.nix
|
||||||
|
./hyprlock.nix
|
||||||
|
./nixvim.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
|
kyouma.machine-type.graphical = true;
|
||||||
|
|
||||||
|
boot.plymouth.enable = true;
|
||||||
|
|
||||||
|
security.pam.services.hyprlock = {};
|
||||||
|
|
||||||
|
services.dbus.packages = [ pkgs.gcr ];
|
||||||
|
services.geoclue2.enable = true;
|
||||||
|
|
||||||
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udisks2.enable = true;
|
||||||
|
|
||||||
|
environment.variables = {
|
||||||
|
CLUTTER_BACKEND = "wayland";
|
||||||
|
GDK_BACKEND = "wayland,x11";
|
||||||
|
MOZ_ENABLE_WAYLAND = "1";
|
||||||
|
QT_QPA_PLATFORM = "wayland;xcb";
|
||||||
|
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
|
||||||
|
SDL_VIDEODRIVER = "wayland";
|
||||||
|
LIBVA_DRIVER_NAME = "radeonsi";
|
||||||
|
MESA_VK_DEVICE_SELECT = "1002:73df";
|
||||||
|
WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
|
||||||
|
};
|
||||||
|
xdg.icons.enable = true;
|
||||||
|
xdg.portal = {
|
||||||
|
enable = true;
|
||||||
|
wlr.enable = true;
|
||||||
|
configPackages = [ (if cfg.compositor == "hyprland"
|
||||||
|
then pkgs.xdg-desktop-portal-hyprland
|
||||||
|
else pkgs.xdg-desktop-portal-wlr
|
||||||
|
) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
stylix= {
|
||||||
|
image = pkgs.fetchurl {
|
||||||
|
url = "https://kyouma.net/wallpaper.png";
|
||||||
|
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
|
||||||
|
};
|
||||||
|
polarity = "dark";
|
||||||
|
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
|
||||||
|
fonts = {
|
||||||
|
sansSerif = {
|
||||||
|
package = pkgs.noto-fonts;
|
||||||
|
name = "Noto Sans";
|
||||||
|
};
|
||||||
|
serif = config.stylix.fonts.sansSerif;
|
||||||
|
monospace = {
|
||||||
|
package = pkgs.jetbrains-mono;
|
||||||
|
name = "JetBrains Mono Regular";
|
||||||
|
};
|
||||||
|
sizes.terminal = 11;
|
||||||
|
};
|
||||||
|
cursor = {
|
||||||
|
package = pkgs.capitaine-cursors;
|
||||||
|
name = "capitaine";
|
||||||
|
size = 24;
|
||||||
|
};
|
||||||
|
targets = {
|
||||||
|
console.enable = false;
|
||||||
|
gnome.enable = true;
|
||||||
|
fish.enable = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.users.emily = {
|
||||||
|
stylix.targets = {
|
||||||
|
hyprland.enable = false;
|
||||||
|
sway.enable = false;
|
||||||
|
kitty.enable = false;
|
||||||
|
mako.enable = false;
|
||||||
|
rofi.enable = false;
|
||||||
|
swaylock.enable = false;
|
||||||
|
waybar.enable = false;
|
||||||
|
nixvim.enable = false;
|
||||||
|
fish.enable = false;
|
||||||
|
};
|
||||||
|
home.keyboard = {
|
||||||
|
layout = "de";
|
||||||
|
variant = "neo_qwerty";
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.imv.enable = true;
|
||||||
|
|
||||||
|
programs.wpaperd = {
|
||||||
|
enable = true;
|
||||||
|
settings.default = {
|
||||||
|
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
|
||||||
|
duration = "60m";
|
||||||
|
sorting = "random";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
programs.kitty = {
|
||||||
|
enable = true;
|
||||||
|
font.size = 13;
|
||||||
|
font.name = "JetBrains Mono";
|
||||||
|
settings = {
|
||||||
|
enable_audio_bell = false;
|
||||||
|
scrollback_lines = 65536;
|
||||||
|
remember_window_size = false;
|
||||||
|
initial_window_width = 1200;
|
||||||
|
initial_window_height = 800;
|
||||||
|
|
||||||
|
bold_font = "auto";
|
||||||
|
italic_font = "auto";
|
||||||
|
bold_italic_font = "auto";
|
||||||
|
|
||||||
|
background = "#090312";
|
||||||
|
background_opacity = "0.7";
|
||||||
|
};
|
||||||
|
keybindings = {
|
||||||
|
"shift+right" = "next_tab";
|
||||||
|
"ctrl+l" = "next_tab";
|
||||||
|
"shift+left" = "previous_tab";
|
||||||
|
"ctrl+h" = "previous_tab";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
programs.rofi = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.rofi-wayland;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.zoxide = {
|
||||||
|
enable = true;
|
||||||
|
options = [ "--cmd cd" ];
|
||||||
|
};
|
||||||
|
programs.fzf.enable = true;
|
||||||
|
|
||||||
|
qt = {
|
||||||
|
enable = true;
|
||||||
|
platformTheme.name = "qtct";
|
||||||
|
style.name = "kvantum-dark";
|
||||||
|
style.package = with pkgs; [
|
||||||
|
libsForQt5.qtstyleplugin-kvantum
|
||||||
|
qt6Packages.qtstyleplugin-kvantum
|
||||||
|
(catppuccin-kvantum.override { accent = "mauve"; variant = "macchiato"; })
|
||||||
|
];
|
||||||
|
};
|
||||||
|
gtk.iconTheme.name = "Adwaita";
|
||||||
|
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
|
||||||
|
|
||||||
|
services.gammastep = {
|
||||||
|
enable = true;
|
||||||
|
provider = "geoclue2";
|
||||||
|
temperature.day = 6500;
|
||||||
|
temperature.night = 3700;
|
||||||
|
settings.general.adjustment-method = "wayland";
|
||||||
|
};
|
||||||
|
services.mako = {
|
||||||
|
enable = true;
|
||||||
|
anchor = "top-right";
|
||||||
|
backgroundColor = "#24273a";
|
||||||
|
borderColor = "#c6a0f6";
|
||||||
|
borderRadius = 15;
|
||||||
|
borderSize = 2;
|
||||||
|
defaultTimeout = 5000;
|
||||||
|
layer = "overlay";
|
||||||
|
maxIconSize = 48;
|
||||||
|
padding = "15";
|
||||||
|
progressColor = "over #B4A1DB";
|
||||||
|
sort = "-time";
|
||||||
|
textColor = "#cad3f5";
|
||||||
|
extraConfig = ''
|
||||||
|
max-history=100
|
||||||
|
on-button-left=dismiss
|
||||||
|
on-button-right=dismiss-all
|
||||||
|
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
|
||||||
|
|
||||||
|
[urgency=low]
|
||||||
|
border-color=#B4A1DB
|
||||||
|
default-timeout=2000
|
||||||
|
|
||||||
|
[urgency=normal]
|
||||||
|
border-color=#B4A1DB
|
||||||
|
default-timeout=5000
|
||||||
|
|
||||||
|
[urgency=high]
|
||||||
|
border-color=#D04E9D
|
||||||
|
text-color=#D04E9D
|
||||||
|
default-timeout=0
|
||||||
|
|
||||||
|
[category=mpd]
|
||||||
|
border-color=#E49186
|
||||||
|
default-timeout=2000
|
||||||
|
group-by=category
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.gpg-agent = {
|
||||||
|
enable = true;
|
||||||
|
enableSshSupport = true;
|
||||||
|
pinentryPackage = pkgs.pinentry-gnome3;
|
||||||
|
};
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
tray.enable = true;
|
||||||
|
tray.command = "syncthingtray --replace";
|
||||||
|
};
|
||||||
|
services.udiskie = {
|
||||||
|
enable = true;
|
||||||
|
automount = false;
|
||||||
|
};
|
||||||
|
systemd.user.services.syncthingtray.Service = {
|
||||||
|
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
|
||||||
|
Restart = "on-failure";
|
||||||
|
RestartSec = "1s";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
91
modules/graphical/files.nix
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||||
|
home.file.".local/bin/hypr/playerctl.sh" = let
|
||||||
|
playerctl = "${pkgs.playerctl}/bin/playerctl";
|
||||||
|
title = "$(${playerctl} metadata --format '{{markup_escape(title)}}')";
|
||||||
|
artist = "$(${playerctl} metadata --format '{{markup_escape(artist)}}')";
|
||||||
|
status = "$(${playerctl} status 2> /dev/null)";
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
executable = true;
|
||||||
|
text = ''
|
||||||
|
#!${pkgs.bash}/bin/bash
|
||||||
|
if [ "${status}" = "Playing" ]; then
|
||||||
|
echo -e " ${title}\nPlaying: ${artist} - ${title}\nplaying"
|
||||||
|
elif [ "${status}" = "Paused" ]; then
|
||||||
|
echo -e " ${title}\nPaused: ${artist} - ${title}\npaused"
|
||||||
|
else
|
||||||
|
echo -e ""
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
home.file.".local/bin/hypr/colorpicker.sh" = {
|
||||||
|
enable = true;
|
||||||
|
executable = true;
|
||||||
|
source = pkgs.writeShellApplication {
|
||||||
|
name = "colorpicker";
|
||||||
|
text = builtins.readFile ./files/scripts/colorpicker.sh;
|
||||||
|
runtimeInputs = with pkgs; [ coreutils grim slurp imagemagick_light wl-clipboard libnotify ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
home.file.".local/bin/hypr/rofi_powermenu.sh" = {
|
||||||
|
enable = true;
|
||||||
|
executable = true;
|
||||||
|
source = pkgs.writeShellApplication {
|
||||||
|
name = "rofi-powermenu";
|
||||||
|
text = builtins.readFile ./files/scripts/rofi_powermenu.sh;
|
||||||
|
runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
home.file.".local/bin/hypr/rofi_screenshot.sh" = {
|
||||||
|
enable = true;
|
||||||
|
executable = true;
|
||||||
|
source = pkgs.writeShellApplication {
|
||||||
|
name = "rofi-screenshot";
|
||||||
|
text = builtins.readFile ./files/scripts/rofi_screenshot.sh;
|
||||||
|
runtimeInputs = with pkgs; [ coreutils grim hyprland imv slurp wl-clipboard libnotify pulseaudio toybox rofi xdg-user-dirs ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
home.file.".local/bin/hypr/screenshot.sh" = {
|
||||||
|
enable = true;
|
||||||
|
executable = true;
|
||||||
|
source = pkgs.writeShellApplication {
|
||||||
|
name = "screenshot";
|
||||||
|
text = builtins.readFile ./files/scripts/screenshot.sh;
|
||||||
|
runtimeInputs = with pkgs; [ coreutils grim imv slurp wl-clipboard libnotify pulseaudio ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
home.file."Pictures/wallpapers/sylviaritter/wallpaper.png" = {
|
||||||
|
enable = true;
|
||||||
|
source = config.stylix.image;
|
||||||
|
};
|
||||||
|
home.file."Pictures/wallpapers/lockscreen.png" = {
|
||||||
|
enable = true;
|
||||||
|
source = config.stylix.image;
|
||||||
|
};
|
||||||
|
xdg.configFile."mako-icons" = {
|
||||||
|
enable = true;
|
||||||
|
recursive = true;
|
||||||
|
source = ./files/icons;
|
||||||
|
};
|
||||||
|
xdg.configFile."rofi" = {
|
||||||
|
enable = true;
|
||||||
|
recursive = true;
|
||||||
|
source = ./files/rofi;
|
||||||
|
};
|
||||||
|
xdg.userDirs =
|
||||||
|
let
|
||||||
|
home = config.home-manager.users.emily.home.homeDirectory;
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
desktop = null;
|
||||||
|
documents = "${home}/docs";
|
||||||
|
download = "${home}/Downloads";
|
||||||
|
music = "${home}/music";
|
||||||
|
pictures = "${home}/Pictures";
|
||||||
|
publicShare = null;
|
||||||
|
templates = null;
|
||||||
|
videos = "${home}/videos";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 34 KiB After Width: | Height: | Size: 34 KiB |
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
|
@ -59,11 +59,11 @@ confirm_run () {
|
||||||
# Execute Command
|
# Execute Command
|
||||||
run_cmd() {
|
run_cmd() {
|
||||||
if [[ "$1" == '--opt1' ]]; then
|
if [[ "$1" == '--opt1' ]]; then
|
||||||
hyprlock
|
pidof hyprlock || hyprlock
|
||||||
elif [[ "$1" == '--opt2' ]]; then
|
elif [[ "$1" == '--opt2' ]]; then
|
||||||
confirm_run 'hyprctl dispatch exit 0'
|
confirm_run 'hyprctl dispatch exit 0'
|
||||||
elif [[ "$1" == '--opt3' ]]; then
|
elif [[ "$1" == '--opt3' ]]; then
|
||||||
confirm_run 'pulsemixer --mute' 'hyprlock' 'systemctl suspend' #"$DIR/scripts/lockscreen"
|
confirm_run 'pulsemixer --mute' 'systemctl suspend'
|
||||||
elif [[ "$1" == '--opt4' ]]; then
|
elif [[ "$1" == '--opt4' ]]; then
|
||||||
confirm_run 'systemctl hibernate'
|
confirm_run 'systemctl hibernate'
|
||||||
elif [[ "$1" == '--opt5' ]]; then
|
elif [[ "$1" == '--opt5' ]]; then
|
304
modules/graphical/hyprland.nix
Normal file
|
@ -0,0 +1,304 @@
|
||||||
|
{ config, inputs, lib, pkgs, ... }: {
|
||||||
|
config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
|
||||||
|
wayland.windowManager.hyprland = {
|
||||||
|
enable = true;
|
||||||
|
settings = let
|
||||||
|
kitty = "${pkgs.kitty}/bin/kitty";
|
||||||
|
pactl = "${pkgs.pulseaudio}/bin/pactl";
|
||||||
|
playerctl = "${pkgs.playerctl}/bin/playerctl";
|
||||||
|
notifysend = "${pkgs.libnotify}/bin/notify-send";
|
||||||
|
dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin";
|
||||||
|
firefox = "${pkgs.firefox}/bin/firefox";
|
||||||
|
# currently broken
|
||||||
|
#firefox = "${inputs.firefox.packages.${pkgs.system}.firefox}/bin/firefox";
|
||||||
|
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
|
||||||
|
screenshot = "~/.local/bin/hypr/screenshot.sh";
|
||||||
|
rofi = "${pkgs.rofi-wayland}/bin/rofi";
|
||||||
|
in {
|
||||||
|
general = {
|
||||||
|
border_size = 1;
|
||||||
|
gaps_in = 4;
|
||||||
|
gaps_out = 8;
|
||||||
|
"col.active_border" = "0xFFB4A1DB 0xFFD04E9D 45deg";
|
||||||
|
"col.inactive_border" = "1e2030 1e2030 45deg";
|
||||||
|
cursor_inactive_timeout = 30;
|
||||||
|
layout = "dwindle";
|
||||||
|
};
|
||||||
|
decoration = {
|
||||||
|
rounding = 8;
|
||||||
|
shadow_range = 10;
|
||||||
|
"col.shadow" = "0x66000000";
|
||||||
|
"col.shadow_inactive" = "0x66000000";
|
||||||
|
blur = {
|
||||||
|
enabled = true;
|
||||||
|
passes = 2;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
dwindle.no_gaps_when_only = 1;
|
||||||
|
animations = {
|
||||||
|
bezier = [
|
||||||
|
"wind, 0.2, 0.9, 0.2, 1.05"
|
||||||
|
"winMov, 0.2, 0.9, 0.2, 1.08"
|
||||||
|
"winIn, 0.2, 0.9, 0.2, 1.08"
|
||||||
|
"winOut, 0.2, 0, 0.9, 0.2"
|
||||||
|
"liner, 1, 1, 1, 1"
|
||||||
|
];
|
||||||
|
animation = [
|
||||||
|
"windows, 1, 6, wind, slide"
|
||||||
|
"windowsIn, 1, 6, winIn, slide"
|
||||||
|
"windowsOut, 1, 6, winOut, slide"
|
||||||
|
"windowsMove, 1, 6, winMov, slide"
|
||||||
|
"border, 1, 1, liner"
|
||||||
|
"borderangle, 1, 30, liner, loop"
|
||||||
|
"fade, 1, 10, default"
|
||||||
|
"fadeOut, 1, 12, default"
|
||||||
|
"workspaces, 1, 8, wind"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
input = {
|
||||||
|
kb_layout = "de";
|
||||||
|
kb_variant = "neo_qwerty";
|
||||||
|
kb_options = "grp:alt_shift_toggle";
|
||||||
|
accel_profile = "adaptive";
|
||||||
|
scroll_method = "2fg";
|
||||||
|
float_switch_override_focus = 2;
|
||||||
|
touchpad = {
|
||||||
|
natural_scroll = true;
|
||||||
|
tap-to-click = false;
|
||||||
|
drag_lock = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
gestures = {
|
||||||
|
workspace_swipe = true;
|
||||||
|
workspace_swipe_distance = 3200;
|
||||||
|
workspace_swipe_min_speed_to_force = 40;
|
||||||
|
workspace_swipe_cancel_ratio = 0.15;
|
||||||
|
workspace_swipe_forever = true;
|
||||||
|
};
|
||||||
|
group = {
|
||||||
|
"col.border_inactive" = "0xFFDB695B";
|
||||||
|
"col.border_active" = "0xFF4BC66D";
|
||||||
|
groupbar = {
|
||||||
|
render_titles = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
xwayland = {
|
||||||
|
force_zero_scaling = true;
|
||||||
|
use_nearest_neighbor = false;
|
||||||
|
};
|
||||||
|
misc = {
|
||||||
|
disable_hyprland_logo = true;
|
||||||
|
disable_splash_rendering = true;
|
||||||
|
vrr = 1;
|
||||||
|
};
|
||||||
|
device = [
|
||||||
|
{
|
||||||
|
name = "syna8013:00-06cb:ce69-touchpad";
|
||||||
|
sensitivity = 0.3;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "logitech-m705";
|
||||||
|
sensitivity = 0.1;
|
||||||
|
accel_profile = "flat";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "tpps/2-ibm-trackpoint";
|
||||||
|
sensitivity = 0.2;
|
||||||
|
scroll_method = "on_button_down";
|
||||||
|
accel_profile = "flat";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "tpps/2-elan-trackpoint";
|
||||||
|
sensitivity = 0;
|
||||||
|
scroll_method = "on_button_down";
|
||||||
|
accel_profile = "flat";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
layerrule = [ "blur, waybar" ];
|
||||||
|
monitor = [
|
||||||
|
"eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
|
||||||
|
#"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
|
||||||
|
#"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
|
||||||
|
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@240,5280x0,1, bitdepth,10, vrr,2"
|
||||||
|
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-280,1, bitdepth,10, transform,1"
|
||||||
|
",preferred,auto,1"
|
||||||
|
];
|
||||||
|
workspace = [
|
||||||
|
"1, monitor:desc:Dell Inc. AW3225QF FXK2YZ3, default:true"
|
||||||
|
"2, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
"3, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
"4, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
"5, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
"6, monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
"7, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
||||||
|
"8, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
||||||
|
"9, monitor:desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455"
|
||||||
|
"10,monitor:desc:Dell Inc. AW3225QF FXK2YZ3"
|
||||||
|
];
|
||||||
|
windowrule = [
|
||||||
|
"float, foot-float"
|
||||||
|
"float, yad|nm-connection-editor|pavucontrol"
|
||||||
|
"float, xfce-polkit|kvantummanager|qt5ct|zenity|waypaper"
|
||||||
|
"float, feh|com.github.weclaw1.ImageRoll|Gpicview|Gimp|MPlayer"
|
||||||
|
"float, VirtualBox Manager|qemu|Qemu-system-x86_64|PacketTracer"
|
||||||
|
"float, title:File Operation Progress|Open Files|Media viewer"
|
||||||
|
"float, title:Confirm to replace files"
|
||||||
|
"size 60% 64%, com.github.weclaw1.ImageRoll "
|
||||||
|
"center, com.github.weclaw1.ImageRoll"
|
||||||
|
"animation slide down,foot-full"
|
||||||
|
"animation slide up,Rofi"
|
||||||
|
];
|
||||||
|
|
||||||
|
"$mod" = "SUPER";
|
||||||
|
"$notifycmd" = "${notifysend} -h string:x-canonical-private-synchronous:hypr-cfg -u low";
|
||||||
|
bind = [
|
||||||
|
"$mod, Return, exec, ${kitty}"
|
||||||
|
"$mod, F1, exec, ${dolphin}"
|
||||||
|
"$mod, F2, exec, ${firefox}"
|
||||||
|
|
||||||
|
# Rofi
|
||||||
|
"$mod, D, exec, ${rofi} -show drun -theme ~/.config/rofi/launcher.rasi"
|
||||||
|
"$mod, R, exec, ${rofi} -show run -theme ~/.config/rofi/runner.rasi"
|
||||||
|
"$mod, A, exec, ~/.local/bin/hypr/rofi_screenshot.sh"
|
||||||
|
"$mod, X, exec, ~/.local/bin/hypr/rofi_powermenu.sh"
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
"$mod, C, exec, ~/.local/bin/hypr/colorpicker.sh"
|
||||||
|
"CTRL_ALT, L, exec, ${pkgs.systemd}/bin/loginctl lock-session"
|
||||||
|
|
||||||
|
# Function keys
|
||||||
|
", XF86AudioMute, exec, ${pactl} set-sink-mute @DEFAULT_SINK@ toggle"
|
||||||
|
", XF86AudioMicMute, exec, ${pactl} set-source-mute @DEFAULT_SOURCE@ toggle"
|
||||||
|
", XF86AudioNext, exec, ${playerctl} next"
|
||||||
|
", XF86AudioPrev, exec, ${playerctl} previous"
|
||||||
|
", XF86AudioPlay, exec, ${playerctl} play"
|
||||||
|
", XF86AudioStop, exec, ${playerctl} pause"
|
||||||
|
|
||||||
|
# Scratchpad
|
||||||
|
"$mod SHIFT, MINUS, movetoworkspace,special"
|
||||||
|
"$mod, MINUS, togglespecialworkspace,"
|
||||||
|
|
||||||
|
# Screenshots
|
||||||
|
", Print, exec, ${screenshot} --now"
|
||||||
|
"ALT, Print, exec, ${screenshot} --in5"
|
||||||
|
"SHIFT, Print, exec, ${screenshot} --in10"
|
||||||
|
"$mod, Print, exec, ${screenshot} --area"
|
||||||
|
|
||||||
|
# Hyprland
|
||||||
|
"$mod SHIFT, Q, killactive,"
|
||||||
|
"CTRL_ALT, Delete, exit,"
|
||||||
|
"$mod, F, fullscreen, 0"
|
||||||
|
"$mod, F, exec, $notifycmd 'Fullscreen Mode'"
|
||||||
|
"$mod, S, pseudo,"
|
||||||
|
"$mod, S, exec, $notifycmd 'Pseudo Mode'"
|
||||||
|
"$mod SHIFT, Space, togglefloating,"
|
||||||
|
"$mod SHIFT, Space, centerwindow,"
|
||||||
|
|
||||||
|
# windowgroup
|
||||||
|
"$mod, G, togglegroup"
|
||||||
|
"$mod, G, exec, $notifycmd 'Toggled Group Mode'"
|
||||||
|
"$mod, H, changegroupactive, b"
|
||||||
|
"$mod, L, changegroupactive, f"
|
||||||
|
|
||||||
|
# Change Focusconfig
|
||||||
|
"$mod, left, movefocus, l"
|
||||||
|
"$mod, H, movefocus, l"
|
||||||
|
"$mod, right, movefocus, r"
|
||||||
|
"$mod, L, movefocus, r"
|
||||||
|
"$mod, up, movefocus, u"
|
||||||
|
"$mod, K, movefocus, u"
|
||||||
|
"$mod, down, movefocus, d"
|
||||||
|
"$mod, J, movefocus, d"
|
||||||
|
|
||||||
|
# Move Active
|
||||||
|
"$mod SHIFT, left, movewindow, l"
|
||||||
|
"$mod SHIFT, H, movewindow, l"
|
||||||
|
"$mod SHIFT, right, movewindow, r"
|
||||||
|
"$mod SHIFT, L, movewindow, r"
|
||||||
|
"$mod SHIFT, up, movewindow, u"
|
||||||
|
"$mod SHIFT, K, movewindow, u"
|
||||||
|
"$mod SHIFT, down, movewindow, d"
|
||||||
|
"$mod SHIFT, J, movewindow, d"
|
||||||
|
|
||||||
|
# Switch between windows
|
||||||
|
"$mod,Tab,cyclenext,"
|
||||||
|
"$mod,Tab,bringactivetotop,"
|
||||||
|
|
||||||
|
# Workspaces
|
||||||
|
"$mod, 1, workspace, 1"
|
||||||
|
"$mod, 2, workspace, 2"
|
||||||
|
"$mod, 3, workspace, 3"
|
||||||
|
"$mod, 4, workspace, 4"
|
||||||
|
"$mod, 5, workspace, 5"
|
||||||
|
"$mod, 6, workspace, 6"
|
||||||
|
"$mod, 7, workspace, 7"
|
||||||
|
"$mod, 8, workspace, 8"
|
||||||
|
"$mod, 9, workspace, 9"
|
||||||
|
"$mod, 0, workspace, 10"
|
||||||
|
|
||||||
|
# Send to Workspaces
|
||||||
|
"$mod SHIFT, 1, movetoworkspace, 1"
|
||||||
|
"$mod SHIFT, 2, movetoworkspace, 2"
|
||||||
|
"$mod SHIFT, 3, movetoworkspace, 3"
|
||||||
|
"$mod SHIFT, 4, movetoworkspace, 4"
|
||||||
|
"$mod SHIFT, 5, movetoworkspace, 5"
|
||||||
|
"$mod SHIFT, 6, movetoworkspace, 6"
|
||||||
|
"$mod SHIFT, 7, movetoworkspace, 7"
|
||||||
|
"$mod SHIFT, 8, movetoworkspace, 8"
|
||||||
|
"$mod SHIFT, 9, movetoworkspace, 9"
|
||||||
|
"$mod SHIFT, 0, movetoworkspace, 10"
|
||||||
|
|
||||||
|
# Change Workspace Mode
|
||||||
|
"$mod CTRL, F, workspaceopt, allfloat"
|
||||||
|
"$mod CTRL, F, exec, $notifycmd 'Toggled All Float Mode'"
|
||||||
|
"$mod CTRL, S, workspaceopt, allpseudo"
|
||||||
|
"$mod CTRL, S, exec, $notifycmd 'Toggled All Pseudo Mode'"
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
"$mod SHIFT, P, pin,"
|
||||||
|
"$mod SHIFT, P, exec, $notifycmd 'Toggled Pin'"
|
||||||
|
"$mod SHIFT, S, swapnext"
|
||||||
|
"$mod SHIFT, O, toggleopaque"
|
||||||
|
];
|
||||||
|
binde = [
|
||||||
|
# Function keys repeat
|
||||||
|
", XF86MonBrightnessUp, exec, ${brightnessctl} s +10%"
|
||||||
|
", XF86MonBrightnessDown, exec, ${brightnessctl} s 10%-"
|
||||||
|
", XF86AudioRaiseVolume, exec, ${pactl} set-sink-volume @DEFAULT_SINK@ +5%"
|
||||||
|
", XF86AudioLowerVolume, exec, ${pactl} set-sink-volume @DEFAULT_SINK@ -5%"
|
||||||
|
# Resize Active
|
||||||
|
"$mod CTRL, left, resizeactive, -20 0"
|
||||||
|
"$mod CTRL, H, resizeactive, -20 0"
|
||||||
|
"$mod CTRL, right, resizeactive, 20 0"
|
||||||
|
"$mod CTRL, L, resizeactive, 20 0"
|
||||||
|
"$mod CTRL, up, resizeactive, 0 -20"
|
||||||
|
"$mod CTRL, K, resizeactive, 0 -20"
|
||||||
|
"$mod CTRL, down, resizeactive, 0 20"
|
||||||
|
"$mod CTRL, J, resizeactive, 0 20"
|
||||||
|
|
||||||
|
# Move Active (Floating Only)
|
||||||
|
"$mod ALT, left, moveactive, -80 0"
|
||||||
|
"$mod ALT, H, moveactive, -80 0"
|
||||||
|
"$mod ALT, right, moveactive, 80 0"
|
||||||
|
"$mod ALT, L, moveactive, 80 0"
|
||||||
|
"$mod ALT, up, moveactive, 0 -80"
|
||||||
|
"$mod ALT, K, moveactive, 0 -80"
|
||||||
|
"$mod ALT, down, moveactive, 0 80"
|
||||||
|
"$mod ALT, J, moveactive, 0 80"
|
||||||
|
];
|
||||||
|
bindl = [
|
||||||
|
",switch:on:Lid Switch,exec, lsusb -d 17ef:30b4 && hyprctl keyword monitor 'eDP-1, disable'"
|
||||||
|
",switch:off:Lid Switch,exec, hyprctl keyword monitor 'eDP-1, 3840x2400@60, 0x0, 1, bitdepth,10'"
|
||||||
|
];
|
||||||
|
bindm = [
|
||||||
|
"$mod, mouse:272, movewindow"
|
||||||
|
"$mod, mouse:273, resizewindow"
|
||||||
|
];
|
||||||
|
exec-once = [
|
||||||
|
"${pkgs.wpaperd}/bin/wpaperd"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
56
modules/graphical/hyprlock.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||||
|
programs.hyprlock = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
general = {
|
||||||
|
hide_cursor = true;
|
||||||
|
disable_loading_bar = true;
|
||||||
|
};
|
||||||
|
background = [{
|
||||||
|
path = "screenshot";
|
||||||
|
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
|
||||||
|
blur_passes = 3;
|
||||||
|
contrast = 1.25;
|
||||||
|
}];
|
||||||
|
input-field = [{
|
||||||
|
size = "250, 60";
|
||||||
|
outline_thickness = 2;
|
||||||
|
dots_size = 0.2;
|
||||||
|
dots_spacing = 0.2;
|
||||||
|
dots_center = true;
|
||||||
|
outer_color = "rgba(0, 0, 0, 0)";
|
||||||
|
inner_color = "rgba(0, 0, 0, 0.5)";
|
||||||
|
font_color = "rgb(200, 200, 200)";
|
||||||
|
fade_on_empty = true;
|
||||||
|
fade_timeout = 5000;
|
||||||
|
font_family = "JetBrains Mono Nerd Font Mono";
|
||||||
|
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
|
||||||
|
position = "0, 200";
|
||||||
|
halign = "center";
|
||||||
|
valign = "bottom";
|
||||||
|
}];
|
||||||
|
label = [{
|
||||||
|
text = "cmd[update:250] date +%X";
|
||||||
|
color = "rgba(255, 255, 255, 0.6)";
|
||||||
|
font_size = "100";
|
||||||
|
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
|
||||||
|
position = "0, -300";
|
||||||
|
halign = "center";
|
||||||
|
valign = "top";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.swayidle =
|
||||||
|
let
|
||||||
|
hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
systemdTarget = "${config.kyouma.graphical.compositor}-session.target";
|
||||||
|
events = [
|
||||||
|
{ event = "before-sleep"; command = hyprlock; }
|
||||||
|
{ event = "lock"; command = hyprlock; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
220
modules/graphical/nixvim.nix
Normal file
|
@ -0,0 +1,220 @@
|
||||||
|
{ config, lib, pkgs, inputs, ... }: {
|
||||||
|
config = lib.mkIf config.kyouma.graphical.enable {
|
||||||
|
home-manager.users.emily.imports = [
|
||||||
|
inputs.nixvim.homeManagerModules.nixvim
|
||||||
|
];
|
||||||
|
home-manager.users.emily.programs.nixvim = {
|
||||||
|
enable = true;
|
||||||
|
extraPlugins = [
|
||||||
|
pkgs.vimPlugins.molokai
|
||||||
|
pkgs.vimPlugins.vim-airline-themes
|
||||||
|
];
|
||||||
|
colorscheme = "molokai";
|
||||||
|
vimAlias = true;
|
||||||
|
highlightOverride.Normal = {
|
||||||
|
ctermbg = "NONE";
|
||||||
|
bg = "NONE";
|
||||||
|
};
|
||||||
|
opts = {
|
||||||
|
number = true;
|
||||||
|
expandtab = true;
|
||||||
|
autoindent = true;
|
||||||
|
mouse = "";
|
||||||
|
encoding = "utf-8";
|
||||||
|
shiftwidth = 2;
|
||||||
|
smartindent = true;
|
||||||
|
tabstop = 2;
|
||||||
|
ignorecase = true;
|
||||||
|
incsearch = true;
|
||||||
|
smartcase = true;
|
||||||
|
};
|
||||||
|
keymaps = [
|
||||||
|
{
|
||||||
|
action = "<cmd>Neotree toggle<CR>";
|
||||||
|
key = "<C-n>";
|
||||||
|
mode = "n";
|
||||||
|
options.silent = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
action = "<C-\\><C-n>";
|
||||||
|
key = "<esc>";
|
||||||
|
mode = "t";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
plugins.cmp = {
|
||||||
|
enable = true;
|
||||||
|
settings.sources = [
|
||||||
|
{ name = "nvim_lsp"; }
|
||||||
|
{ name = "luasnip"; }
|
||||||
|
{ name = "buffer"; }
|
||||||
|
{ name = "nvim_lua"; }
|
||||||
|
{ name = "path"; }
|
||||||
|
];
|
||||||
|
settings.formatting = {
|
||||||
|
fields = [ "abbr" "kind" "menu" ];
|
||||||
|
format = ''
|
||||||
|
function(_, item)
|
||||||
|
local icons = {
|
||||||
|
Namespace = "",
|
||||||
|
Text = "",
|
||||||
|
Method = "",
|
||||||
|
Function = "",
|
||||||
|
Constructor = "",
|
||||||
|
Field = "",
|
||||||
|
Variable = "",
|
||||||
|
Class = "",
|
||||||
|
Interface = "",
|
||||||
|
Module = "",
|
||||||
|
Property = "",
|
||||||
|
Unit = "",
|
||||||
|
Value = "",
|
||||||
|
Enum = "",
|
||||||
|
Keyword = "",
|
||||||
|
Snippet = "",
|
||||||
|
Color = "",
|
||||||
|
File = "",
|
||||||
|
Reference = "",
|
||||||
|
Folder = "",
|
||||||
|
EnumMember = "",
|
||||||
|
Constant = "",
|
||||||
|
Struct = "",
|
||||||
|
Event = "",
|
||||||
|
Operator = "",
|
||||||
|
TypeParameter = "",
|
||||||
|
Table = "",
|
||||||
|
Object = "",
|
||||||
|
Tag = "",
|
||||||
|
Array = "[]",
|
||||||
|
Boolean = "",
|
||||||
|
Number = "",
|
||||||
|
Null = "",
|
||||||
|
String = "",
|
||||||
|
Calendar = "",
|
||||||
|
Watch = "",
|
||||||
|
Package = "",
|
||||||
|
Copilot = "",
|
||||||
|
Codeium = "",
|
||||||
|
TabNine = "",
|
||||||
|
}
|
||||||
|
|
||||||
|
local icon = icons[item.kind] or ""
|
||||||
|
item.kind = string.format("%s %s", icon, item.kind or "")
|
||||||
|
return item
|
||||||
|
end
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
|
||||||
|
settings.window = {
|
||||||
|
completion = {
|
||||||
|
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||||
|
scrollbar = false;
|
||||||
|
sidePadding = 0;
|
||||||
|
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||||
|
};
|
||||||
|
documentation = {
|
||||||
|
border = [ "╭" "─" "╮" "│" "╯" "─" "╰" "│" ];
|
||||||
|
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
settings.mapping = {
|
||||||
|
"<C-n>" = "cmp.mapping.select_next_item()";
|
||||||
|
"<C-p>" = "cmp.mapping.select_prev_item()";
|
||||||
|
"<C-j>" = "cmp.mapping.select_next_item()";
|
||||||
|
"<C-k>" = "cmp.mapping.select_prev_item()";
|
||||||
|
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
|
||||||
|
"<C-f>" = "cmp.mapping.scroll_docs(4)";
|
||||||
|
"<C-Space>" = "cmp.mapping.complete()";
|
||||||
|
"<C-e>" = "cmp.mapping.close()";
|
||||||
|
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
|
||||||
|
"<Tab>" = ''
|
||||||
|
cmp.mapping(function(fallback)
|
||||||
|
if cmp.visible() then
|
||||||
|
cmp.select_next_item()
|
||||||
|
elseif require("luasnip").expand_or_jumpable() then
|
||||||
|
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
|
||||||
|
else
|
||||||
|
fallback()
|
||||||
|
end
|
||||||
|
end,{"i","s"})
|
||||||
|
'';
|
||||||
|
"<S-Tab>" = ''
|
||||||
|
cmp.mapping(function(fallback)
|
||||||
|
if cmp.visible() then
|
||||||
|
cmp.select_prev_item()
|
||||||
|
elseif require("luasnip").jumpable(-1) then
|
||||||
|
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
|
||||||
|
else
|
||||||
|
fallback()
|
||||||
|
end
|
||||||
|
end,{"i","s"})
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
plugins.lsp = {
|
||||||
|
enable = true;
|
||||||
|
keymaps.lspBuf = {
|
||||||
|
"K" = "hover";
|
||||||
|
"gd" = "definition";
|
||||||
|
"gD" = "references";
|
||||||
|
"gt" = "type_definition";
|
||||||
|
"gi" = "implementation";
|
||||||
|
};
|
||||||
|
servers = {
|
||||||
|
bashls.enable = true;
|
||||||
|
lua_ls.enable = true;
|
||||||
|
nil_ls = {
|
||||||
|
enable = true;
|
||||||
|
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
||||||
|
};
|
||||||
|
nixd = {
|
||||||
|
enable = false;
|
||||||
|
settings = {
|
||||||
|
eval.depth = 5;
|
||||||
|
eval.workers = 6;
|
||||||
|
formatting.command = [ "nixfmt" "-w" "140" ];
|
||||||
|
options.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ruff_lsp.enable = true;
|
||||||
|
rust_analyzer = {
|
||||||
|
enable = true;
|
||||||
|
installRustc = true;
|
||||||
|
installCargo = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
plugins.none-ls = {
|
||||||
|
enable = true;
|
||||||
|
sources.diagnostics = {
|
||||||
|
pylint.enable = true;
|
||||||
|
};
|
||||||
|
sources.formatting = {
|
||||||
|
nixfmt.enable = true;
|
||||||
|
markdownlint.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
plugins.neo-tree = {
|
||||||
|
enable = true;
|
||||||
|
closeIfLastWindow = true;
|
||||||
|
};
|
||||||
|
plugins.treesitter = {
|
||||||
|
enable = true;
|
||||||
|
nixGrammars = true;
|
||||||
|
settings.indent.enable = true;
|
||||||
|
};
|
||||||
|
plugins.airline.enable = true;
|
||||||
|
plugins.cmp-buffer.enable = true;
|
||||||
|
plugins.cmp-emoji.enable = true;
|
||||||
|
plugins.cmp-nvim-lsp.enable = true;
|
||||||
|
plugins.cmp-path.enable = true;
|
||||||
|
plugins.cmp_luasnip.enable = true;
|
||||||
|
plugins.luasnip.enable = true;
|
||||||
|
plugins.nvim-autopairs.enable = true;
|
||||||
|
plugins.rainbow-delimiters.enable = true;
|
||||||
|
plugins.web-devicons.enable = true;
|
||||||
|
# Broken
|
||||||
|
plugins.rustaceanvim.enable = false;
|
||||||
|
plugins.treesitter-context.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
129
modules/graphical/waybar-hyprland.nix
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
|
||||||
|
programs.waybar = {
|
||||||
|
enable = true;
|
||||||
|
style = ./files/waybar-style.css;
|
||||||
|
systemd = {
|
||||||
|
enable = true;
|
||||||
|
target = "hyprland-session.target";
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
hyprbar = {
|
||||||
|
layer = "top";
|
||||||
|
position = "top";
|
||||||
|
#output = "eDP-1";
|
||||||
|
margin = "0 0 0 0";
|
||||||
|
modules-left = [ "hyprland/workspaces" "custom/playerctl" "tray" ];
|
||||||
|
modules-center = [ "clock" ];
|
||||||
|
modules-right = [ "backlight" "pulseaudio" "temperature" "cpu" "memory" "battery" "network" ];
|
||||||
|
|
||||||
|
"hyprland/workspaces" = {
|
||||||
|
format = "{icon}";
|
||||||
|
sort-by-number = true;
|
||||||
|
active-only = false;
|
||||||
|
on-click = "activate";
|
||||||
|
format-icons = {
|
||||||
|
"1" = "1";
|
||||||
|
"2" = "2";
|
||||||
|
"3" = "3";
|
||||||
|
"4" = "4";
|
||||||
|
"5" = "5";
|
||||||
|
"6" = "6";
|
||||||
|
"7" = "7";
|
||||||
|
"8" = "8";
|
||||||
|
"9" = "9";
|
||||||
|
"10" = "0";
|
||||||
|
urgent = "";
|
||||||
|
focused = "";
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
idle_inhibitor = {
|
||||||
|
format = "{icon}";
|
||||||
|
format-icons = {
|
||||||
|
activated = "";
|
||||||
|
deactivated = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
tray = {
|
||||||
|
icon-size = 18;
|
||||||
|
spacing = 8;
|
||||||
|
};
|
||||||
|
clock = {
|
||||||
|
#tooltip-format = "{:%A %d %B | %H:%M}";
|
||||||
|
format = " {:%Y-%m-%d %H:%M:%OS}";
|
||||||
|
format-alt = " {:%Y %b %d %a %H:%M:%OS}";
|
||||||
|
interval = 1;
|
||||||
|
};
|
||||||
|
cpu = {
|
||||||
|
format = " {usage:02}";
|
||||||
|
interval = 2;
|
||||||
|
on-click = "${pkgs.kitty}/bin/kitty -e ${pkgs.htop}/bin/htop";
|
||||||
|
};
|
||||||
|
memory = {
|
||||||
|
format = " {used:0.2f}";
|
||||||
|
on-click = "${pkgs.kitty}/bin/kitty -e ${pkgs.htop}/bin/htop";
|
||||||
|
};
|
||||||
|
temperature = {
|
||||||
|
hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
|
||||||
|
critical-threshold = 80;
|
||||||
|
format = " {temperatureC}°C";
|
||||||
|
};
|
||||||
|
backlight = {
|
||||||
|
format = "{icon} {percent: >3}%";
|
||||||
|
format-icons = ["" ""];
|
||||||
|
on-scroll-down = "${pkgs.brightnessctl}/bin/brightnessctl -c backlight set 1%-";
|
||||||
|
on-scroll-up = "${pkgs.brightnessctl}/bin/brightnessctl -c backlight set +1%";
|
||||||
|
};
|
||||||
|
battery = {
|
||||||
|
states = {
|
||||||
|
good = 90;
|
||||||
|
warning = 30;
|
||||||
|
critical = 15;
|
||||||
|
};
|
||||||
|
format = "";
|
||||||
|
format-discharging = "{icon} {capacity: >3}% {power:0.1f}W";
|
||||||
|
format-charging = " {capacity: >3}% {power:0.1f}W";
|
||||||
|
interval = 3;
|
||||||
|
format-icons = ["" "" "" "" ""];
|
||||||
|
};
|
||||||
|
network = {
|
||||||
|
format = "⚠ Disabled";
|
||||||
|
format-wifi = " {essid}";
|
||||||
|
format-ethernet = " Wired";
|
||||||
|
format-disconnected = "⚠ Disconnected";
|
||||||
|
on-click = "${pkgs.networkmanagerapplet}/bin/nm-connection-editor";
|
||||||
|
};
|
||||||
|
pulseaudio = {
|
||||||
|
scroll-step = 5;
|
||||||
|
format = "{icon} {volume: >3}%";
|
||||||
|
format-bluetooth = "{icon} {volume: >3}%";
|
||||||
|
format-muted = " muted";
|
||||||
|
format-icons = {
|
||||||
|
headphones = "";
|
||||||
|
handsfree = "";
|
||||||
|
headset = "";
|
||||||
|
phone = "";
|
||||||
|
portable = "";
|
||||||
|
car = "";
|
||||||
|
default = ["" ""];
|
||||||
|
};
|
||||||
|
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
|
||||||
|
};
|
||||||
|
"custom/playerctl" = {
|
||||||
|
interval = 1;
|
||||||
|
exec = "~/.local/bin/hypr/playerctl.sh";
|
||||||
|
on-click-middle = "${pkgs.playerctl}/bin/playerctl play-pause";
|
||||||
|
on-click-right = "${pkgs.playerctl}/bin/playerctl next";
|
||||||
|
on-click = "${pkgs.playerctl}/bin/playerctl previous";
|
||||||
|
escape = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.user.targets.tray.Unit = {
|
||||||
|
BindsTo = "waybar.service";
|
||||||
|
After = "waybar.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
408
modules/librespeed/default.nix
Normal file
|
@ -0,0 +1,408 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.librespeed;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.librespeed =
|
||||||
|
let
|
||||||
|
inherit (lib) mkOption types;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
enable = lib.mkEnableOption "LibreSpeed server";
|
||||||
|
package = lib.mkPackageOption pkgs "librespeed-rust" { };
|
||||||
|
domain = mkOption {
|
||||||
|
description = ''
|
||||||
|
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||||
|
configure librespeed to use TLS.
|
||||||
|
'';
|
||||||
|
default = null;
|
||||||
|
type = with types; nullOr nonEmptyStr;
|
||||||
|
};
|
||||||
|
downloadIPDB = mkOption {
|
||||||
|
description = ''
|
||||||
|
Whether to download the IP info database before starting librespeed.
|
||||||
|
Disable this if you want to use the Go implementation.
|
||||||
|
'';
|
||||||
|
default = !(cfg.secrets ? "ipinfo_api_key");
|
||||||
|
defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
openFirewall = mkOption {
|
||||||
|
description = ''
|
||||||
|
Whether to open the firewall for the specified port.
|
||||||
|
'';
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
secrets = mkOption {
|
||||||
|
description = ''
|
||||||
|
Attribute set of filesystem paths.
|
||||||
|
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
type = with types; nullOr (attrsOf path);
|
||||||
|
};
|
||||||
|
settings = mkOption {
|
||||||
|
description = ''
|
||||||
|
LibreSpeed configuration written as Nix expression.
|
||||||
|
All values set to `null` will be excluded from the evaluated config.
|
||||||
|
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||||
|
|
||||||
|
See [github.com/librespeed][librespeed] for configuration help.
|
||||||
|
|
||||||
|
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
type =
|
||||||
|
with types;
|
||||||
|
nullOr (
|
||||||
|
attrsOf (oneOf [
|
||||||
|
(nullOr bool)
|
||||||
|
int
|
||||||
|
str
|
||||||
|
package
|
||||||
|
])
|
||||||
|
);
|
||||||
|
};
|
||||||
|
frontend = {
|
||||||
|
enable = lib.mkEnableOption ''
|
||||||
|
Enables the LibreSpeed frontend and adds a nginx virtual host if
|
||||||
|
not explicetly disabled and `services.librespeed.domain` is not `null`.
|
||||||
|
'';
|
||||||
|
contactEmail = mkOption {
|
||||||
|
description = "Email address listed in the privacy policy.";
|
||||||
|
default =
|
||||||
|
if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||||
|
defaultText = lib.literalExpression ''
|
||||||
|
if (config.services.librespeed.domain != null) then
|
||||||
|
"webmaster@''${config.services.librespeed.domain}"
|
||||||
|
else
|
||||||
|
"webmaster@''${config.networking.fqdn}";
|
||||||
|
'';
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
pageTitle = mkOption {
|
||||||
|
description = "Title of the webpage.";
|
||||||
|
default = "LibreSpeed";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
useNginx = mkOption {
|
||||||
|
description = ''
|
||||||
|
Configure nginx for the LibreSpeed frontend.
|
||||||
|
This will only create a virtual host for the frontend and won't proxy all requests because
|
||||||
|
the reported upload and download speeds are inaccurate if proxied.
|
||||||
|
'';
|
||||||
|
default = cfg.domain != null;
|
||||||
|
defaultText = lib.literalExpression "config.services.librespeed.domain != null";
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
settings = mkOption {
|
||||||
|
description = ''
|
||||||
|
Override default settings of the speedtest web client.
|
||||||
|
See [speedtest_worker.js][link] for a list of possible values.
|
||||||
|
|
||||||
|
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
|
||||||
|
'';
|
||||||
|
default = {
|
||||||
|
telemetry_level = "basic";
|
||||||
|
};
|
||||||
|
type =
|
||||||
|
with types;
|
||||||
|
nullOr (
|
||||||
|
attrsOf (oneOf [
|
||||||
|
bool
|
||||||
|
int
|
||||||
|
str
|
||||||
|
float
|
||||||
|
])
|
||||||
|
);
|
||||||
|
};
|
||||||
|
servers = mkOption {
|
||||||
|
description = "LibreSpeed servers that should apper in the server list.";
|
||||||
|
type = types.listOf (
|
||||||
|
types.submodule {
|
||||||
|
options =
|
||||||
|
let
|
||||||
|
inherit (types) nonEmptyStr;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
name = mkOption {
|
||||||
|
description = "Name shown in the server list.";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
server = mkOption {
|
||||||
|
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
dlURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to download test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/garbage";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
ulURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to upload test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/empty";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
pingURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to latency/jitter test on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/empty";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
getIpURL = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL path to IP lookup on this server.
|
||||||
|
Append `.php` to the default value if the server uses the php implementation.
|
||||||
|
'';
|
||||||
|
default = "backend/getIP";
|
||||||
|
type = nonEmptyStr;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable (
|
||||||
|
let
|
||||||
|
librespeedAssets =
|
||||||
|
pkgs.runCommand "librespeed-assets"
|
||||||
|
(
|
||||||
|
let
|
||||||
|
mapValue =
|
||||||
|
arg:
|
||||||
|
if (lib.isBool arg) then
|
||||||
|
lib.boolToString arg
|
||||||
|
else if ((lib.isInt arg) || (lib.isFloat arg)) then
|
||||||
|
toString arg
|
||||||
|
else
|
||||||
|
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||||
|
|
||||||
|
mapSettings = lib.pipe cfg.frontend.settings [
|
||||||
|
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
|
||||||
|
(lib.attrValues)
|
||||||
|
(lib.concatLines)
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
preferLocal = true;
|
||||||
|
|
||||||
|
serversList = ''
|
||||||
|
function get_servers() {
|
||||||
|
return ${builtins.toJSON cfg.frontend.servers}
|
||||||
|
}
|
||||||
|
function override_settings () {
|
||||||
|
${mapSettings}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
||||||
|
''
|
||||||
|
cp -r ${pkgs.librespeed-rust}/assets $out
|
||||||
|
chmod 666 $out/servers_list.js
|
||||||
|
cat >$out/servers_list.js <<<"$serversList"
|
||||||
|
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||||
|
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
|
||||||
|
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||||
|
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||||
|
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||||
|
message = ''
|
||||||
|
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||||
|
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||||
|
${cfg.domain} = {
|
||||||
|
locations."/".root = librespeedAssets;
|
||||||
|
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
||||||
|
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||||
|
${cfg.domain} = {
|
||||||
|
reloadServices = [ "librespeed.service" ];
|
||||||
|
webroot = "/var/lib/acme/acme-challenge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||||
|
{
|
||||||
|
name = cfg.domain;
|
||||||
|
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.librespeed.settings =
|
||||||
|
let
|
||||||
|
inherit (lib) mkDefault mkIf;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
assets_path =
|
||||||
|
if (cfg.frontend.enable && !cfg.frontend.useNginx) then
|
||||||
|
librespeedAssets
|
||||||
|
else
|
||||||
|
pkgs.writeTextDir "index.html" "";
|
||||||
|
|
||||||
|
bind_address = mkDefault "::";
|
||||||
|
listen_port = mkDefault 8989;
|
||||||
|
base_url = mkDefault "backend";
|
||||||
|
worker_threads = mkDefault "auto";
|
||||||
|
|
||||||
|
database_type = mkDefault "none";
|
||||||
|
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||||
|
|
||||||
|
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||||
|
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||||
|
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||||
|
tls_cert_file =
|
||||||
|
if (cfg.domain != null) then
|
||||||
|
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
||||||
|
else
|
||||||
|
(mkDefault "");
|
||||||
|
tls_key_file =
|
||||||
|
if (cfg.domain != null) then
|
||||||
|
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
||||||
|
else
|
||||||
|
(mkDefault "");
|
||||||
|
|
||||||
|
enable_tls = mkDefault (cfg.domain != null);
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services =
|
||||||
|
let
|
||||||
|
configFile =
|
||||||
|
let
|
||||||
|
mapValue =
|
||||||
|
arg:
|
||||||
|
if (lib.isBool arg) then
|
||||||
|
lib.boolToString arg
|
||||||
|
else if (lib.isInt arg) then
|
||||||
|
toString arg
|
||||||
|
else
|
||||||
|
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||||
|
in
|
||||||
|
with lib;
|
||||||
|
pipe cfg.settings [
|
||||||
|
(filterAttrs (_: val: val != null))
|
||||||
|
(mapAttrs (name: val: "${name}=${mapValue val}"))
|
||||||
|
(attrValues)
|
||||||
|
(concatLines)
|
||||||
|
(pkgs.writeText "${cfg.package.name}-config.toml")
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
|
||||||
|
description = "LibreSpeed secret helper";
|
||||||
|
|
||||||
|
ExecStart =
|
||||||
|
let
|
||||||
|
script = pkgs.writeShellApplication {
|
||||||
|
name = "librespeed-secrets";
|
||||||
|
runtimeInputs = [ pkgs.coreutils ];
|
||||||
|
text =
|
||||||
|
''
|
||||||
|
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
|
||||||
|
''
|
||||||
|
+ lib.pipe cfg.secrets [
|
||||||
|
(lib.mapAttrs (
|
||||||
|
name: file: ''
|
||||||
|
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
|
||||||
|
${name}="$(<${lib.escapeShellArg file})"
|
||||||
|
EOF
|
||||||
|
''
|
||||||
|
))
|
||||||
|
(lib.concatLines lib.attrValues)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in
|
||||||
|
lib.getExe script;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
RuntimeDirectory = "librespeed";
|
||||||
|
UMask = "u=rw";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
librespeed = {
|
||||||
|
description = "LibreSpeed server daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
|
|
||||||
|
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||||
|
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||||
|
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||||
|
];
|
||||||
|
|
||||||
|
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||||
|
ExecStart = "${lib.getExe cfg.package} -c ${
|
||||||
|
if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
|
||||||
|
}";
|
||||||
|
WorkingDirectory = "/var/cache/librespeed";
|
||||||
|
RuntimeDirectory = "librespeed";
|
||||||
|
RuntimeDirectoryPreserve = true;
|
||||||
|
StateDirectory = "librespeed";
|
||||||
|
CacheDirectory = "librespeed";
|
||||||
|
SyslogIdentifier = "librespeed";
|
||||||
|
|
||||||
|
ReadOnlyPaths = [ cfg.package ];
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = "@system-service";
|
||||||
|
SystemCallErrorNumber = "EPERM";
|
||||||
|
LockPersonality = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||||
|
}
|
|
@ -2,28 +2,40 @@
|
||||||
cfg = config.kyouma.nginx;
|
cfg = config.kyouma.nginx;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "same-origin" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header Referrer-Policy "same-origin" always;
|
||||||
'';
|
'';
|
||||||
createHost = vhostName: vhostCfg: {
|
createHost = vhostName: vhostCfg: {
|
||||||
extraConfig = (lib.optionalString (builtins.hasAttr "extraConfig" vhostCfg) vhostCfg.extraConfig) + "\n" + extraConfig;
|
extraConfig = lib.optionalString (vhostCfg ? "extraConfig") (
|
||||||
|
vhostCfg.extraConfig + "\n" + extraConfig
|
||||||
|
) + lib.optionalString (
|
||||||
|
if (vhostCfg ? "verifyClientCert") then
|
||||||
|
vhostCfg.verifyClientCert
|
||||||
|
else false
|
||||||
|
) ''
|
||||||
|
ssl_client_certificate ${./kyouma_Root_CA.pem};
|
||||||
|
ssl_verify_client on;
|
||||||
|
ssl_verify_depth 1;
|
||||||
|
'';
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
#kTLS = true;
|
|
||||||
#http3 = true;
|
|
||||||
#quic = true;
|
|
||||||
} //
|
} //
|
||||||
lib.optionalAttrs (!(builtins.hasAttr "useACMEHost" vhostCfg)) {
|
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
} //
|
} //
|
||||||
lib.optionalAttrs (builtins.hasAttr "redirectTo" vhostCfg) {
|
lib.optionalAttrs (vhostCfg ? "redirectTo") {
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
useACMEHost = vhostCfg.redirectTo;
|
useACMEHost = vhostCfg.redirectTo;
|
||||||
globalRedirect = vhostCfg.redirectTo;
|
globalRedirect = vhostCfg.redirectTo;
|
||||||
} //
|
} //
|
||||||
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ]);
|
lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
|
||||||
|
http3 = true;
|
||||||
|
quic = true;
|
||||||
|
} //
|
||||||
|
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
|
@ -38,17 +50,21 @@ in {
|
||||||
};
|
};
|
||||||
config = {
|
config = {
|
||||||
services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) (
|
services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) (
|
||||||
builtins.mapAttrs (createHost) cfg.virtualHosts) //
|
builtins.mapAttrs (createHost) cfg.virtualHosts
|
||||||
lib.optionalAttrs (cfg.defaultForbidden != null) {
|
) // lib.optionalAttrs (cfg.defaultForbidden != null) {
|
||||||
"redirect" = {
|
"redirect" = {
|
||||||
default = true;
|
quic = true;
|
||||||
forceSSL = true;
|
http3 = true;
|
||||||
reuseport = true;
|
# reuseport has to be specified on the quic listener
|
||||||
useACMEHost = cfg.defaultForbidden;
|
# when using worker_processes auto;
|
||||||
extraConfig = ''
|
reuseport = true;
|
||||||
return 403;
|
default = true;
|
||||||
'';
|
forceSSL = true;
|
||||||
};
|
useACMEHost = cfg.defaultForbidden;
|
||||||
|
extraConfig = ''
|
||||||
|
return 403;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
192
modules/nginx/kyouma_Root_CA.pem
Normal file
|
@ -0,0 +1,192 @@
|
||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
47:94:9e:44:65:f4:61:f8:aa:b3:c1:7b:86:38:21:d9:88:a5:88:f0
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: CN=kyouma Root CA
|
||||||
|
Validity
|
||||||
|
Not Before: Jun 21 14:02:26 2024 GMT
|
||||||
|
Not After : Jun 21 14:02:26 2044 GMT
|
||||||
|
Subject: CN=kyouma Root CA
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
Public-Key: (7680 bit)
|
||||||
|
Modulus:
|
||||||
|
00:f9:d0:a3:4b:d9:77:e3:ec:b4:46:8e:3f:1f:a4:
|
||||||
|
39:22:60:d8:ad:e9:1e:fe:ad:17:f8:30:d6:f6:fa:
|
||||||
|
e9:62:f7:36:25:07:e9:6c:83:91:42:0f:e2:53:f1:
|
||||||
|
ca:70:da:26:7d:bf:bb:1d:d5:4d:5e:99:82:99:39:
|
||||||
|
97:f3:c3:7d:f9:0d:08:e8:d4:ae:fc:45:88:98:8e:
|
||||||
|
a3:bc:2a:bd:16:67:32:59:08:59:eb:a8:de:a6:a7:
|
||||||
|
77:9d:f9:1a:c6:7f:76:92:3d:d7:56:74:2b:a3:5a:
|
||||||
|
97:8f:05:ab:3b:dc:92:61:2e:7f:95:b1:5c:04:da:
|
||||||
|
1e:2e:b9:de:7b:16:b2:85:b4:b4:5a:48:34:9a:bb:
|
||||||
|
18:0d:0a:0a:34:91:f8:8f:f3:79:46:a6:c4:ee:aa:
|
||||||
|
93:88:03:cf:43:a2:ba:1e:bc:65:f1:78:d8:ce:d8:
|
||||||
|
2b:fb:db:33:d6:37:ad:d4:9d:44:38:ff:b5:0d:dc:
|
||||||
|
08:61:2c:fb:f0:86:b2:ef:ff:a8:4f:63:28:13:49:
|
||||||
|
f8:21:4e:cb:22:98:54:de:e7:b4:e2:b6:14:c9:c5:
|
||||||
|
59:04:82:04:a2:39:3c:61:f5:91:99:ff:ac:6e:80:
|
||||||
|
9a:d2:22:7d:51:fb:ad:a3:6a:4c:14:a8:e3:28:d9:
|
||||||
|
22:ac:c8:3d:34:17:5a:40:ce:8d:3c:52:e7:e1:e9:
|
||||||
|
d4:75:0d:3f:b8:dd:d3:d2:56:25:92:fa:75:87:81:
|
||||||
|
fe:59:4a:82:53:d5:e7:03:39:c0:07:84:73:70:d0:
|
||||||
|
fc:fe:3f:06:e0:f9:0f:59:22:74:05:13:65:58:5a:
|
||||||
|
a8:1d:7b:52:4f:47:ed:be:26:57:47:49:57:d5:7f:
|
||||||
|
34:c7:3c:0f:55:d4:17:57:8a:0e:bb:f5:3a:c7:77:
|
||||||
|
f1:7d:06:49:a9:a8:dd:18:0e:a2:97:52:c8:49:e5:
|
||||||
|
39:c7:31:5d:07:c3:58:ed:8e:ae:c7:7c:1b:db:8d:
|
||||||
|
dc:a0:c3:e3:f5:c0:98:35:cf:fc:92:a0:a6:f3:0f:
|
||||||
|
b1:18:95:c0:01:eb:1d:96:8d:02:7b:9a:dc:29:5d:
|
||||||
|
59:f1:2a:dc:53:0e:6b:2b:6b:5d:36:03:a1:bd:e4:
|
||||||
|
e6:b4:1f:5a:66:67:13:4a:2c:7f:56:c9:75:5c:fe:
|
||||||
|
42:20:24:51:18:bb:ea:30:12:8f:88:d1:ad:fe:eb:
|
||||||
|
59:92:8d:1e:be:ff:3e:6e:f2:5a:d9:8c:20:f4:35:
|
||||||
|
ed:bc:01:47:21:d3:10:b9:5d:fe:6a:8e:e0:a3:e3:
|
||||||
|
e5:6f:ac:8b:fc:61:d0:75:a8:a3:92:1f:2c:cc:c1:
|
||||||
|
15:17:36:3b:05:ab:58:76:be:63:9d:30:5d:ed:7d:
|
||||||
|
83:0c:b7:24:8f:10:a8:90:02:ee:68:81:05:cd:d9:
|
||||||
|
4f:2e:cc:ef:97:62:d1:75:6b:82:f3:d0:34:56:d3:
|
||||||
|
59:7e:d9:d3:7d:93:ce:1b:17:de:fd:18:4b:e6:50:
|
||||||
|
72:77:88:60:dd:ff:5e:95:05:61:fe:d8:31:dd:34:
|
||||||
|
1e:e1:6d:61:1e:80:73:05:3e:3b:22:c2:34:07:48:
|
||||||
|
9b:0e:06:8d:a6:81:c4:4d:e9:4d:5d:df:e1:04:cd:
|
||||||
|
5b:85:6e:b2:12:aa:1b:cd:bd:4e:7e:53:ea:59:49:
|
||||||
|
af:11:70:b3:11:87:0f:af:2f:99:ce:e9:69:db:6d:
|
||||||
|
d0:5a:14:1a:95:2f:2f:db:bf:36:62:e1:99:ff:7c:
|
||||||
|
b8:b9:5c:4e:79:33:61:ee:db:4b:6f:40:7d:49:b2:
|
||||||
|
6e:e1:65:9d:f6:45:fe:27:14:24:82:5d:f6:a4:38:
|
||||||
|
01:ac:47:54:da:b6:02:c1:ad:79:71:b6:93:64:ec:
|
||||||
|
a4:06:7b:d6:5e:1c:da:7f:40:16:47:65:47:24:2a:
|
||||||
|
8b:77:32:49:89:c4:9f:26:d4:f9:a6:ba:e6:42:aa:
|
||||||
|
74:fd:7e:1e:d1:75:95:5c:5c:d8:d4:bb:75:05:79:
|
||||||
|
10:7a:df:5a:2b:69:9b:75:28:cb:b5:4e:48:3e:a3:
|
||||||
|
aa:21:04:95:8f:62:3b:46:2f:07:d0:9e:1c:50:9b:
|
||||||
|
3d:ba:6d:1f:c2:a0:41:7f:47:43:57:ef:92:31:47:
|
||||||
|
4a:a2:91:65:43:5c:c1:2b:fd:26:2d:be:41:a7:98:
|
||||||
|
7a:8f:52:89:5f:81:ff:48:7d:04:2a:b8:4d:50:91:
|
||||||
|
f5:af:18:33:44:f2:55:5f:68:87:33:d8:e6:4f:5d:
|
||||||
|
b9:92:ca:06:51:f3:e0:b1:5b:6f:a0:52:fe:6e:98:
|
||||||
|
22:01:5f:c2:fb:45:59:02:67:62:6f:74:2b:79:62:
|
||||||
|
e7:5a:13:a8:db:fd:a2:64:b1:0b:49:2f:f4:61:35:
|
||||||
|
a0:b6:12:2c:ec:24:19:9f:0c:14:85:05:b5:e1:c1:
|
||||||
|
9e:4e:87:a4:88:c9:79:65:1d:12:ac:89:e6:bc:ed:
|
||||||
|
6b:58:90:fd:95:40:3f:2e:ba:ff:b8:52:5d:60:98:
|
||||||
|
32:b9:20:38:a5:08:da:a1:fc:38:89:3c:f1:de:38:
|
||||||
|
cf:60:d8:69:a1:4b:88:51:f7:31:b8:fc:56:dc:56:
|
||||||
|
3a:7a:39:c5:03:23:2a:8f:fa:ab:92:7a:b6:37:da:
|
||||||
|
c1:9f:55:e7:31:b1:c5:be:31:60:08:c2:33:30:ec:
|
||||||
|
cf
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
7B:C0:C6:7B:04:C4:66:0C:CD:32:FF:B0:6F:E1:D9:51:FD:1C:EE:B7
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
X509v3 Key Usage: critical
|
||||||
|
Certificate Sign, CRL Sign
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Signature Value:
|
||||||
|
58:b3:2d:00:8e:c2:72:5b:ed:91:8e:3c:98:66:6a:e4:61:c3:
|
||||||
|
0f:d1:51:98:0c:64:79:3d:01:ac:8a:38:7f:af:fc:80:31:83:
|
||||||
|
86:a8:79:b9:0f:18:6d:2e:3a:ef:0a:c0:b1:30:39:7e:a4:3d:
|
||||||
|
ed:4e:35:3e:9e:f1:a3:29:dd:cc:01:1e:62:6b:ed:5b:77:31:
|
||||||
|
b3:4c:91:1d:69:70:20:44:87:e0:37:17:a0:ba:c4:e5:57:c5:
|
||||||
|
90:1a:f2:1e:0d:ac:aa:30:11:c3:da:1c:3f:3a:28:b5:6d:12:
|
||||||
|
ac:45:b6:6c:f0:b2:b2:6e:f0:55:33:8e:29:10:ac:9e:61:ac:
|
||||||
|
35:ec:ed:c7:e3:51:c2:86:52:10:7a:9c:f6:22:5d:65:65:18:
|
||||||
|
62:b7:e9:6e:be:64:46:db:dc:15:45:eb:1a:42:45:83:d7:aa:
|
||||||
|
dd:63:24:4a:ed:b9:d5:35:86:27:22:33:6a:26:4b:32:0a:15:
|
||||||
|
75:18:19:58:e9:6b:b4:84:ac:00:a3:78:d3:9d:7d:25:3c:5e:
|
||||||
|
51:7f:01:ca:90:d1:40:2b:d2:45:e1:4f:fb:6e:8d:2e:cc:04:
|
||||||
|
07:34:07:91:c6:8c:4f:a5:e4:7d:dd:78:0f:b0:9d:01:9d:6e:
|
||||||
|
89:16:6d:3a:94:dd:38:57:bc:49:c2:e1:b5:aa:54:8f:d1:8b:
|
||||||
|
13:db:35:2f:d1:80:5e:45:fb:53:60:61:d5:c3:e1:9c:21:60:
|
||||||
|
a3:83:34:e6:9e:bc:86:70:fe:36:8b:35:55:28:e0:f4:b0:81:
|
||||||
|
ed:37:59:0e:7a:f6:a7:66:a1:b6:36:45:30:95:c8:80:d6:40:
|
||||||
|
a9:12:bf:47:b1:33:09:fa:89:d4:9f:c2:57:75:6a:47:dd:87:
|
||||||
|
3f:b3:d1:3d:13:bc:5e:82:ea:5f:3a:dc:46:35:1e:1f:83:40:
|
||||||
|
1c:1d:5e:ba:37:18:a3:75:2f:60:a7:84:67:9b:79:17:ad:fb:
|
||||||
|
2a:5b:d8:84:5d:f2:ff:cc:81:4c:08:e4:17:ec:b7:cf:ac:4c:
|
||||||
|
0f:91:8a:4c:fa:91:ed:24:39:f9:04:3a:18:b0:b1:c3:57:ed:
|
||||||
|
9b:f1:cf:ab:bf:07:f1:52:ef:57:de:0a:76:e7:e4:c4:5f:69:
|
||||||
|
93:71:0c:d4:3f:23:12:55:8c:3d:e6:79:b3:3c:5e:86:ac:1f:
|
||||||
|
5e:7f:ec:96:d8:da:4d:c9:40:32:ee:b5:cb:6e:86:27:49:45:
|
||||||
|
e6:89:30:80:fa:ba:ef:21:42:92:ba:f8:a7:51:16:61:04:13:
|
||||||
|
da:87:ac:c5:9c:c0:19:55:80:2d:4a:32:bb:30:12:0b:49:15:
|
||||||
|
ec:1e:5b:23:d4:d2:a3:4e:c6:22:19:bc:e2:ba:23:67:88:4c:
|
||||||
|
54:d0:bf:10:61:91:d9:eb:f7:d7:bc:89:ee:83:0d:a3:2c:81:
|
||||||
|
a4:c2:38:58:c3:50:b7:fe:3f:f2:bc:a2:f0:52:9d:04:1f:c2:
|
||||||
|
85:bd:d6:06:77:30:7b:90:3d:29:92:dc:41:a9:40:4b:bb:7c:
|
||||||
|
b7:91:07:65:2b:03:af:e4:a0:18:ab:a5:76:00:bc:10:e8:21:
|
||||||
|
41:c7:d7:53:80:41:21:67:af:fe:d1:9d:14:4c:a9:7e:16:1d:
|
||||||
|
4b:61:a4:f4:b1:e8:88:fe:c4:f1:60:3e:6d:d5:a9:90:14:3e:
|
||||||
|
95:5d:7d:f0:7b:1e:af:5f:80:63:a8:ce:b1:a7:a1:b2:9a:10:
|
||||||
|
f7:d9:e7:00:fa:33:d7:61:c9:35:b1:c2:c9:60:0b:a5:1d:08:
|
||||||
|
a8:b2:1d:56:15:b8:b9:5e:36:b3:df:6a:76:6c:5e:9d:a7:e5:
|
||||||
|
54:dc:1a:6c:c3:34:f2:c2:c6:ee:7a:68:49:a3:41:d6:54:34:
|
||||||
|
78:c9:2b:d2:d2:52:94:23:35:d7:c4:bf:c6:e0:21:18:4f:7a:
|
||||||
|
7a:be:e8:ab:34:fa:f7:4d:1a:4b:3c:37:e9:5f:1c:76:b1:6d:
|
||||||
|
96:70:f5:f5:db:b4:15:ba:2c:71:25:80:b3:98:4a:d3:1a:8d:
|
||||||
|
0e:69:24:de:e3:0c:38:64:82:6e:54:d1:74:47:e5:e5:69:b1:
|
||||||
|
c1:04:12:72:8a:3f:71:c0:9f:dc:db:ba:0e:e8:3d:52:4a:23:
|
||||||
|
56:04:9b:8c:eb:4f:62:19:7f:f5:bd:1e:48:d9:7f:89:84:3c:
|
||||||
|
8d:f5:67:21:d6:81:ee:5a:cd:fa:c2:53:60:a0:97:1e:80:a2:
|
||||||
|
dc:96:89:e6:99:d9:9d:48:23:a0:07:9a:02:06:29:04:eb:03:
|
||||||
|
79:06:6b:a0:41:98:d2:8f:2d:b4:e3:cb:c2:5e:78:74:a1:92:
|
||||||
|
29:c9:7d:07:03:ca:3f:8c:f5:71:f0:c4:7d:6a:1b:ac:33:37:
|
||||||
|
4f:03:54:44:46:b6:76:1c:55:8a:7d:7b:e5:58:4e:a9:f8:e1:
|
||||||
|
fe:7b:f3:a2:f8:e6:3b:e0:0b:5d:47:a8:b7:aa:f8:f3:c0:65:
|
||||||
|
b0:e4:1c:22:8f:9e:b9:d1:8f:a6:4a:a4:28:6f:6c:27:31:49:
|
||||||
|
58:c0:4d:80:3b:e3:e2:22:aa:ec:4e:ba:a5:0d:9e:b8:17:8c:
|
||||||
|
6b:4e:2d:37:6a:cc:f3:2d:0d:6b:34:b4:00:eb:ce:31:0e:a5:
|
||||||
|
c4:85:cd:1e:16:0b
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIIgjCCBKqgAwIBAgIUR5SeRGX0Yfiqs8F7hjgh2YiliPAwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwGTEXMBUGA1UEAwwOa3lvdW1hIFJvb3QgQ0EwHhcNMjQwNjIxMTQwMjI2WhcN
|
||||||
|
NDQwNjIxMTQwMjI2WjAZMRcwFQYDVQQDDA5reW91bWEgUm9vdCBDQTCCA+IwDQYJ
|
||||||
|
KoZIhvcNAQEBBQADggPPADCCA8oCggPBAPnQo0vZd+PstEaOPx+kOSJg2K3pHv6t
|
||||||
|
F/gw1vb66WL3NiUH6WyDkUIP4lPxynDaJn2/ux3VTV6Zgpk5l/PDffkNCOjUrvxF
|
||||||
|
iJiOo7wqvRZnMlkIWeuo3qand535GsZ/dpI911Z0K6Nal48FqzvckmEuf5WxXATa
|
||||||
|
Hi653nsWsoW0tFpINJq7GA0KCjSR+I/zeUamxO6qk4gDz0Oiuh68ZfF42M7YK/vb
|
||||||
|
M9Y3rdSdRDj/tQ3cCGEs+/CGsu//qE9jKBNJ+CFOyyKYVN7ntOK2FMnFWQSCBKI5
|
||||||
|
PGH1kZn/rG6AmtIifVH7raNqTBSo4yjZIqzIPTQXWkDOjTxS5+Hp1HUNP7jd09JW
|
||||||
|
JZL6dYeB/llKglPV5wM5wAeEc3DQ/P4/BuD5D1kidAUTZVhaqB17Uk9H7b4mV0dJ
|
||||||
|
V9V/NMc8D1XUF1eKDrv1Osd38X0GSamo3RgOopdSyEnlOccxXQfDWO2Orsd8G9uN
|
||||||
|
3KDD4/XAmDXP/JKgpvMPsRiVwAHrHZaNAnua3CldWfEq3FMOaytrXTYDob3k5rQf
|
||||||
|
WmZnE0osf1bJdVz+QiAkURi76jASj4jRrf7rWZKNHr7/Pm7yWtmMIPQ17bwBRyHT
|
||||||
|
ELld/mqO4KPj5W+si/xh0HWoo5IfLMzBFRc2OwWrWHa+Y50wXe19gwy3JI8QqJAC
|
||||||
|
7miBBc3ZTy7M75di0XVrgvPQNFbTWX7Z032TzhsX3v0YS+ZQcneIYN3/XpUFYf7Y
|
||||||
|
Md00HuFtYR6AcwU+OyLCNAdImw4GjaaBxE3pTV3f4QTNW4VushKqG829Tn5T6llJ
|
||||||
|
rxFwsxGHD68vmc7padtt0FoUGpUvL9u/NmLhmf98uLlcTnkzYe7bS29AfUmybuFl
|
||||||
|
nfZF/icUJIJd9qQ4AaxHVNq2AsGteXG2k2TspAZ71l4c2n9AFkdlRyQqi3cySYnE
|
||||||
|
nybU+aa65kKqdP1+HtF1lVxc2NS7dQV5EHrfWitpm3Uoy7VOSD6jqiEElY9iO0Yv
|
||||||
|
B9CeHFCbPbptH8KgQX9HQ1fvkjFHSqKRZUNcwSv9Ji2+QaeYeo9SiV+B/0h9BCq4
|
||||||
|
TVCR9a8YM0TyVV9ohzPY5k9duZLKBlHz4LFbb6BS/m6YIgFfwvtFWQJnYm90K3li
|
||||||
|
51oTqNv9omSxC0kv9GE1oLYSLOwkGZ8MFIUFteHBnk6HpIjJeWUdEqyJ5rzta1iQ
|
||||||
|
/ZVAPy66/7hSXWCYMrkgOKUI2qH8OIk88d44z2DYaaFLiFH3Mbj8VtxWOno5xQMj
|
||||||
|
Ko/6q5J6tjfawZ9V5zGxxb4xYAjCMzDszwIDAQABo0IwQDAdBgNVHQ4EFgQUe8DG
|
||||||
|
ewTEZgzNMv+wb+HZUf0c7rcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
|
||||||
|
AQYwDQYJKoZIhvcNAQELBQADggPBAFizLQCOwnJb7ZGOPJhmauRhww/RUZgMZHk9
|
||||||
|
AayKOH+v/IAxg4aoebkPGG0uOu8KwLEwOX6kPe1ONT6e8aMp3cwBHmJr7Vt3MbNM
|
||||||
|
kR1pcCBEh+A3F6C6xOVXxZAa8h4NrKowEcPaHD86KLVtEqxFtmzwsrJu8FUzjikQ
|
||||||
|
rJ5hrDXs7cfjUcKGUhB6nPYiXWVlGGK36W6+ZEbb3BVF6xpCRYPXqt1jJErtudU1
|
||||||
|
hiciM2omSzIKFXUYGVjpa7SErACjeNOdfSU8XlF/AcqQ0UAr0kXhT/tujS7MBAc0
|
||||||
|
B5HGjE+l5H3deA+wnQGdbokWbTqU3ThXvEnC4bWqVI/RixPbNS/RgF5F+1NgYdXD
|
||||||
|
4ZwhYKODNOaevIZw/jaLNVUo4PSwge03WQ569qdmobY2RTCVyIDWQKkSv0exMwn6
|
||||||
|
idSfwld1akfdhz+z0T0TvF6C6l863EY1Hh+DQBwdXro3GKN1L2CnhGebeRet+ypb
|
||||||
|
2IRd8v/MgUwI5Bfst8+sTA+Rikz6ke0kOfkEOhiwscNX7Zvxz6u/B/FS71feCnbn
|
||||||
|
5MRfaZNxDNQ/IxJVjD3mebM8XoasH15/7JbY2k3JQDLutctuhidJReaJMID6uu8h
|
||||||
|
QpK6+KdRFmEEE9qHrMWcwBlVgC1KMrswEgtJFeweWyPU0qNOxiIZvOK6I2eITFTQ
|
||||||
|
vxBhkdnr99e8ie6DDaMsgaTCOFjDULf+P/K8ovBSnQQfwoW91gZ3MHuQPSmS3EGp
|
||||||
|
QEu7fLeRB2UrA6/koBirpXYAvBDoIUHH11OAQSFnr/7RnRRMqX4WHUthpPSx6Ij+
|
||||||
|
xPFgPm3VqZAUPpVdffB7Hq9fgGOozrGnobKaEPfZ5wD6M9dhyTWxwslgC6UdCKiy
|
||||||
|
HVYVuLleNrPfanZsXp2n5VTcGmzDNPLCxu56aEmjQdZUNHjJK9LSUpQjNdfEv8bg
|
||||||
|
IRhPenq+6Ks0+vdNGks8N+lfHHaxbZZw9fXbtBW6LHElgLOYStMajQ5pJN7jDDhk
|
||||||
|
gm5U0XRH5eVpscEEEnKKP3HAn9zbug7oPVJKI1YEm4zrT2IZf/W9HkjZf4mEPI31
|
||||||
|
ZyHWge5azfrCU2Cglx6AotyWieaZ2Z1II6AHmgIGKQTrA3kGa6BBmNKPLbTjy8Je
|
||||||
|
eHShkinJfQcDyj+M9XHwxH1qG6wzN08DVERGtnYcVYp9e+VYTqn44f5786L45jvg
|
||||||
|
C11HqLeq+PPAZbDkHCKPnrnRj6ZKpChvbCcxSVjATYA74+IiquxOuqUNnrgXjGtO
|
||||||
|
LTdqzPMtDWs0tADrzjEOpcSFzR4WCw==
|
||||||
|
-----END CERTIFICATE-----
|
169
modules/ooklaserver/default.nix
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.kyouma.ooklaserver;
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
kyouma.ooklaserver = let
|
||||||
|
inherit (lib) mkOption types;
|
||||||
|
in {
|
||||||
|
enable = lib.mkEnableOption "ookla speedtest server";
|
||||||
|
package = lib.mkPackageOption pkgs "ooklaserver" {};
|
||||||
|
domain = mkOption {
|
||||||
|
description = "Domain to use.";
|
||||||
|
default = null;
|
||||||
|
type = with types; nullOr nonEmptyStr;
|
||||||
|
};
|
||||||
|
openFirewall = mkOption {
|
||||||
|
description = "Whether to open the firewall for the specified ports.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
tcpPorts = mkOption {
|
||||||
|
description = ''
|
||||||
|
The server listens on TCP port 5060 and 8080 by default. These ports are required for
|
||||||
|
speedtest.net servers, although more can be added.
|
||||||
|
'';
|
||||||
|
default = [ 5060 8080 ];
|
||||||
|
type = with types; listOf port;
|
||||||
|
};
|
||||||
|
udpPorts = mkOption {
|
||||||
|
description = ''
|
||||||
|
The server listens on UDP port 5060 and 8080 by default. These ports are required for
|
||||||
|
speedtest.net servers, although more can be added.
|
||||||
|
'';
|
||||||
|
default = [ 5060 8080 ];
|
||||||
|
type = with types; listOf port;
|
||||||
|
};
|
||||||
|
settings = mkOption {
|
||||||
|
description = ''
|
||||||
|
OoklaServer configuration written as Nix expression.
|
||||||
|
Comma seperated values should be written as list.
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
type = with lib.types; let
|
||||||
|
valueType = nullOr (oneOf [
|
||||||
|
bool
|
||||||
|
int
|
||||||
|
str
|
||||||
|
(attrsOf valueType)
|
||||||
|
(listOf (oneOf [ port str ]))
|
||||||
|
]);
|
||||||
|
in valueType;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
security.acme.certs.${cfg.domain} = {
|
||||||
|
reloadServices = [ "ooklaserver.service" ];
|
||||||
|
webroot = "/var/lib/acme/acme-challenge";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||||
|
allowedUDPPorts = cfg.udpPorts;
|
||||||
|
allowedTCPPorts = cfg.tcpPorts;
|
||||||
|
};
|
||||||
|
|
||||||
|
kyouma.ooklaserver.settings = let
|
||||||
|
inherit (lib) mkDefault;
|
||||||
|
in {
|
||||||
|
OoklaServer = {
|
||||||
|
inherit (cfg) tcpPorts udpPorts;
|
||||||
|
enableAutoUpdate = false;
|
||||||
|
ssl.useLetsEncrypt = false;
|
||||||
|
useIPv6 = mkDefault true;
|
||||||
|
allowedDomains = mkDefault [ "*.ookla.com" "*.speedtest.net" ];
|
||||||
|
userAgentFilterEnabled = mkDefault true;
|
||||||
|
workerThreadPool = {
|
||||||
|
capacity = mkDefault 30000;
|
||||||
|
stackSizeBytes = mkDefault 102400;
|
||||||
|
};
|
||||||
|
ipTracking = {
|
||||||
|
gcIntervalMinutes = mkDefault 5;
|
||||||
|
maxIdleAgeMinutes = mkDefault 35;
|
||||||
|
slidingWindowBucketLengthMinutes = mkDefault 5;
|
||||||
|
metricTopIpCount = mkDefault 5;
|
||||||
|
maxConnPerIp = mkDefault 500;
|
||||||
|
maxConnPerBucketPerIp = mkDefault 20000;
|
||||||
|
};
|
||||||
|
clientAuthToken.denyInvalid = mkDefault true;
|
||||||
|
websocket.frameSizeLimitBytes = mkDefault 5242880;
|
||||||
|
http.maxHeadersSize = mkDefault 65536;
|
||||||
|
};
|
||||||
|
openSSL.server = {
|
||||||
|
certificateFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/cert.pem";
|
||||||
|
privateKeyFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/key.pem";
|
||||||
|
minimumTLSProtocol = mkDefault "1.2";
|
||||||
|
};
|
||||||
|
logging.loggers.app = {
|
||||||
|
name = mkDefault "Application";
|
||||||
|
channel = {
|
||||||
|
class = mkDefault "ConsoleChannel";
|
||||||
|
pattern = mkDefault "[%p] %t";
|
||||||
|
};
|
||||||
|
level = mkDefault "information";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.ooklaserver = let
|
||||||
|
configFile = let
|
||||||
|
anyToString = arg: if (lib.isBool arg) then
|
||||||
|
lib.boolToString arg
|
||||||
|
else if (lib.isList arg) then
|
||||||
|
lib.concatStringsSep "," (map (val: toString val) arg)
|
||||||
|
else toString arg;
|
||||||
|
in
|
||||||
|
with lib; lib.pipe cfg.settings [
|
||||||
|
(mapAttrsRecursive (path: val: "${concatStringsSep "." path} = ${anyToString val}"))
|
||||||
|
(collect isString)
|
||||||
|
(concatLines)
|
||||||
|
(pkgs.writeTextDir "bin/OoklaServer.properties")
|
||||||
|
];
|
||||||
|
packageWithCfg = pkgs.symlinkJoin {
|
||||||
|
name = "${cfg.package.name}-with-config";
|
||||||
|
paths = [ cfg.package configFile ];
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
description = "Ookla speedtest server daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
|
||||||
|
User = "ooklaserver";
|
||||||
|
Group = "ooklaserver";
|
||||||
|
DynamicUser = true;
|
||||||
|
|
||||||
|
LoadCredential = [
|
||||||
|
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||||
|
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||||
|
];
|
||||||
|
ExecStart = "${packageWithCfg}/bin/OoklaServer";
|
||||||
|
WorkingDirectory = packageWithCfg;
|
||||||
|
SyslogIdentifier = "ooklaserver";
|
||||||
|
|
||||||
|
ReadOnlyPaths = [ packageWithCfg ];
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = "@system-service";
|
||||||
|
SystemCallErrorNumber = "EPERM";
|
||||||
|
LockPersonality = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
72
modules/restic/default.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ config, lib, options, pkgs, ... }: let
|
||||||
|
cfg = config.kyouma.restic;
|
||||||
|
in {
|
||||||
|
options.kyouma.restic = let
|
||||||
|
inherit (lib) mkOption types;
|
||||||
|
in {
|
||||||
|
inherit (options.services.restic.backups.type.getSubOptions [])
|
||||||
|
timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
|
enable = lib.mkEnableOption "Enable restic backup";
|
||||||
|
paths = mkOption {
|
||||||
|
description = "paths to backup";
|
||||||
|
type = with types; listOf path;
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
pruneOpts = mkOption {
|
||||||
|
description = "paths to backup";
|
||||||
|
type = with types; listOf str;
|
||||||
|
default = [
|
||||||
|
"--keep-hourly 24"
|
||||||
|
"--keep-daily 14"
|
||||||
|
"--keep-weekly 8"
|
||||||
|
"--keep-monthly 12"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
remote = mkOption {
|
||||||
|
description = "restic remote to use";
|
||||||
|
type = types.nonEmptyStr;
|
||||||
|
default = "zh3485.rsync.net";
|
||||||
|
};
|
||||||
|
remoteUser = mkOption {
|
||||||
|
description = "remote ssh user";
|
||||||
|
type = types.nonEmptyStr;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
description = "user who runs the backup job";
|
||||||
|
type = types.nonEmptyStr;
|
||||||
|
default = "root";
|
||||||
|
};
|
||||||
|
repo = mkOption {
|
||||||
|
description = "restic repo";
|
||||||
|
type = types.nonEmptyStr;
|
||||||
|
default = "${config.networking.hostName}-backup";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
||||||
|
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = {
|
||||||
|
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
||||||
|
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
|
||||||
|
initialize = true;
|
||||||
|
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
||||||
|
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
||||||
|
extraBackupArgs = [
|
||||||
|
"--compression=max"
|
||||||
|
"--pack-size=128"
|
||||||
|
"--read-concurrency=8"
|
||||||
|
];
|
||||||
|
extraOptions = let
|
||||||
|
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
|
||||||
|
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
|
||||||
|
in [
|
||||||
|
"sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
1
modules/restic/zh3485.rsync.net/ssh_host_ed25519_key.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
|
|
@ -44,13 +44,13 @@ in {
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
addKeysToAgent = "yes";
|
addKeysToAgent = "yes";
|
||||||
matchBlocks."git.bsd.gay".identityFile = cfg.privateKey;
|
matchBlocks."woof.rip".identityFile = cfg.privateKey;
|
||||||
};
|
};
|
||||||
services.ssh-agent.enable = true;
|
services.ssh-agent.enable = true;
|
||||||
};
|
};
|
||||||
nix.settings.accept-flake-config = true;
|
nix.settings.accept-flake-config = true;
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
knownHosts."git.bsd.gay".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHd48YPVXBWVdQwVAF16Ihs7FNTPmD1kMUnOfQttc1bA";
|
knownHosts."woof.rip".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeiU8hbOhTuF0Ku8XNIYno3rtxL1CR5gHmZJo4WbLZZ";
|
||||||
};
|
};
|
||||||
systemd.services.update-nixfiles = {
|
systemd.services.update-nixfiles = {
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
|
|
7
pkgs/akkoma-admin-fe/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
akkoma-frontends
|
||||||
|
}:
|
||||||
|
|
||||||
|
akkoma-frontends.admin-fe.overrideAttrs {
|
||||||
|
patches = [ ./disable-options.patch ];
|
||||||
|
}
|
12
pkgs/akkoma-admin-fe/disable-options.patch
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
diff --git a/config/prod.env.js b/config/prod.env.js
|
||||||
|
index 7acb93a2..ea500e99 100644
|
||||||
|
--- a/config/prod.env.js
|
||||||
|
+++ b/config/prod.env.js
|
||||||
|
@@ -2,6 +2,6 @@ module.exports = {
|
||||||
|
NODE_ENV: '"production"',
|
||||||
|
ENV_CONFIG: '"prod"',
|
||||||
|
BASE_API: '"https://api-prod"',
|
||||||
|
- DISABLED_FEATURES: '[""]',
|
||||||
|
+ DISABLED_FEATURES: '["settings","media-proxy-cache","relays"]',
|
||||||
|
ASSETS_PUBLIC_PATH: '/pleroma/admin/'
|
||||||
|
}
|
53
pkgs/akkoma-fe-domi/default.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{
|
||||||
|
akkoma-frontends,
|
||||||
|
fetchFromGitea,
|
||||||
|
fetchYarnDeps
|
||||||
|
}:
|
||||||
|
akkoma-frontends.akkoma-fe.overrideAttrs (let
|
||||||
|
src = fetchFromGitea {
|
||||||
|
domain = "git.sakamoto.pl";
|
||||||
|
owner = "domi";
|
||||||
|
repo = "akkoma-fe";
|
||||||
|
rev = "5f0339ce005ccb12365128089edb5fd77f60841b";
|
||||||
|
hash = "sha256-AHmJyOFmQZXmNMMsp8ONm9Itns1H/idEKl8+sxn2RSA=";
|
||||||
|
};
|
||||||
|
offlineCache = fetchYarnDeps {
|
||||||
|
yarnLock = "${src}/yarn.lock";
|
||||||
|
hash = "sha256-7WB6nmxNckMdftKds2OgD2kClvCCT/I5vmthV0jrkSs=";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
version = "unstable-2024-07-20";
|
||||||
|
pname = "akkoma-fe-domi";
|
||||||
|
inherit src offlineCache;
|
||||||
|
postPatch = ''
|
||||||
|
# Build scripts assume to be used within a Git repository checkout
|
||||||
|
substituteInPlace src/modules/instance.js \
|
||||||
|
--replace-fail "widenTimeline: true" 'widenTimeline: "50%"'
|
||||||
|
|
||||||
|
substituteInPlace src/modules/config.js \
|
||||||
|
--replace-fail "streaming: false" "streaming: true" \
|
||||||
|
--replace-fail "useStreamingApi: false" "useStreamingApi: true" \
|
||||||
|
--replace-fail "webPushNotifications: false" "webPushNotifications: true" \
|
||||||
|
--replace-fail "postLanguage: undefined" 'postLanguage: "en"'
|
||||||
|
|
||||||
|
substituteInPlace src/i18n/en.json \
|
||||||
|
--replace-fail "meow" "florp" \
|
||||||
|
--replace-fail "Meow" "Florp"
|
||||||
|
|
||||||
|
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
|
||||||
|
build/webpack.prod.conf.js
|
||||||
|
'';
|
||||||
|
|
||||||
|
configurePhase = ''
|
||||||
|
runHook preConfigure
|
||||||
|
|
||||||
|
export HOME="$(mktemp -d)"
|
||||||
|
|
||||||
|
yarn config --offline set yarn-offline-mirror ${offlineCache}
|
||||||
|
fixup-yarn-lock yarn.lock
|
||||||
|
|
||||||
|
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||||
|
|
||||||
|
runHook postConfigure
|
||||||
|
'';
|
||||||
|
})
|
158
pkgs/build-worker-oci/ams/fly.toml
Normal file
|
@ -0,0 +1,158 @@
|
||||||
|
app = 'build-worker-kyoumanet'
|
||||||
|
primary_region = 'ams'
|
||||||
|
|
||||||
|
[build]
|
||||||
|
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||||
|
|
||||||
|
[processes]
|
||||||
|
bw-00 = '/entrypoint.sh'
|
||||||
|
bw-01 = '/entrypoint.sh'
|
||||||
|
bw-02 = '/entrypoint.sh'
|
||||||
|
bw-03 = '/entrypoint.sh'
|
||||||
|
bw-04 = '/entrypoint.sh'
|
||||||
|
bw-05 = '/entrypoint.sh'
|
||||||
|
bw-06 = '/entrypoint.sh'
|
||||||
|
bw-07 = '/entrypoint.sh'
|
||||||
|
bw-08 = '/entrypoint.sh'
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw00'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-00']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw01'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-01']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw02'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-02']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw03'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-03']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw04'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-04']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw05'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-05']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw06'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-06']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw07'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-07']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw08'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-08']
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-00']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2200
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-01']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2201
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-02']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2202
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-03']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2203
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-04']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2204
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-05']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2205
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-06']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2206
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-07']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2207
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-08']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2208
|
||||||
|
|
||||||
|
[[restart]]
|
||||||
|
policy = 'never'
|
||||||
|
|
||||||
|
[[vm]]
|
||||||
|
size = 'performance-16x'
|
||||||
|
memory = '96GB'
|
67
pkgs/build-worker-oci/cdg/fly.toml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
# fly.toml app configuration file generated for build-worker-kyoumanet-cdg on 2024-11-21T00:31:54+01:00
|
||||||
|
#
|
||||||
|
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
|
||||||
|
#
|
||||||
|
|
||||||
|
app = 'build-worker-kyoumanet-cdg'
|
||||||
|
primary_region = 'cdg'
|
||||||
|
|
||||||
|
[build]
|
||||||
|
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||||
|
|
||||||
|
[processes]
|
||||||
|
bw-09 = '/entrypoint.sh'
|
||||||
|
bw-10 = '/entrypoint.sh'
|
||||||
|
bw-11 = '/entrypoint.sh'
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw09'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-09']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw10'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-10']
|
||||||
|
|
||||||
|
[[mounts]]
|
||||||
|
source = 'bw11'
|
||||||
|
destination = '/mnt/data'
|
||||||
|
initial_size = '256GB'
|
||||||
|
processes = ['bw-11']
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-09']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2209
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-10']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2210
|
||||||
|
|
||||||
|
[[services]]
|
||||||
|
protocol = 'tcp'
|
||||||
|
internal_port = 2222
|
||||||
|
auto_stop_machines = 'off'
|
||||||
|
processes = ['bw-11']
|
||||||
|
|
||||||
|
[[services.ports]]
|
||||||
|
port = 2211
|
||||||
|
|
||||||
|
[[restart]]
|
||||||
|
policy = 'never'
|
||||||
|
|
||||||
|
[[vm]]
|
||||||
|
size = 'performance-16x'
|
||||||
|
memory = '96GB'
|
122
pkgs/build-worker-oci/default.nix
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
# I hate this so much aaa
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
callPackage,
|
||||||
|
dockerTools,
|
||||||
|
openssh,
|
||||||
|
bash,
|
||||||
|
gnused,
|
||||||
|
util-linux,
|
||||||
|
qemu-user
|
||||||
|
}:
|
||||||
|
|
||||||
|
dockerTools.buildLayeredImage {
|
||||||
|
name = "build-worker-oci";
|
||||||
|
tag = "latest";
|
||||||
|
|
||||||
|
fromImage = callPackage ./source.nix {};
|
||||||
|
|
||||||
|
maxLayers = 110;
|
||||||
|
|
||||||
|
passthru.updateScript = ./update.sh;
|
||||||
|
|
||||||
|
enableFakechroot = true;
|
||||||
|
|
||||||
|
contents = [ openssh util-linux bash gnused qemu-user ];
|
||||||
|
|
||||||
|
config.Cmd = [ "/entrypoint.sh" ];
|
||||||
|
|
||||||
|
fakeRootCommands = let
|
||||||
|
system-features = [
|
||||||
|
"benchmark"
|
||||||
|
"big-parallel"
|
||||||
|
"nixos-test"
|
||||||
|
"uid-range"
|
||||||
|
"gccarch-x86-64"
|
||||||
|
"gccarch-x86-64-v2"
|
||||||
|
"gccarch-x86-64-v3"
|
||||||
|
"gccarch-armv8-a"
|
||||||
|
"gccarch-armv8.1-a"
|
||||||
|
"gccarch-armv8.2-a"
|
||||||
|
"gccarch-armv8.2-a+fp16+rcpc+dotprod"
|
||||||
|
"gccarch-rv64imac"
|
||||||
|
"gccarch-rv64imacfd"
|
||||||
|
"gccarch-rv64gc"
|
||||||
|
];
|
||||||
|
in ''
|
||||||
|
mkdir -p /root
|
||||||
|
cat <<EOF > /root/nix.conf
|
||||||
|
build-users-group = nixbld
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
sandbox = true
|
||||||
|
substituters = https://cache.kyouma.net https://cache.nixos.org
|
||||||
|
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||||
|
max-substitution-jobs = 20
|
||||||
|
max-silent-time = 14400
|
||||||
|
min-free = ${builtins.toString (49152 * 1024 * 1024)}
|
||||||
|
max-free = ${builtins.toString (65536 * 1024 * 1024)}
|
||||||
|
extra-platforms = aarch64-linux i686-linux riscv64-linux
|
||||||
|
system-features = ${toString system-features}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mkdir -p /root/.ssh
|
||||||
|
cat <<EOF > /root/.ssh/authorized_keys
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAl3/krXJeCcDEJXRuzOdCOrJLG7b6MRqC+a9Xux3mW vika@hydrangea
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQjTy9qqHcs5vgTz+iMAiNNMqdyGtOhEpnpJCReEFfZ vika@rafflesia
|
||||||
|
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINAgFdk78I4zssUGsAIV01zefLBpwc1W7hfTobbG80XLAAAABHNzaDo= vika@nitrokey
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF > /root/.ssh/environment
|
||||||
|
PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF > /root/sshd_config
|
||||||
|
AcceptEnv GIT_PROTOCOL
|
||||||
|
AuthenticationMethods publickey
|
||||||
|
AuthorizedPrincipalsFile none
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
|
||||||
|
GatewayPorts no
|
||||||
|
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
|
||||||
|
KbdInteractiveAuthentication no
|
||||||
|
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
|
||||||
|
LogLevel INFO
|
||||||
|
Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
||||||
|
PasswordAuthentication no
|
||||||
|
PermitRootLogin prohibit-password
|
||||||
|
PermitUserEnvironment yes
|
||||||
|
PrintMotd no
|
||||||
|
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
|
||||||
|
StreamLocalBindUnlink yes
|
||||||
|
StrictModes yes
|
||||||
|
UseDns no
|
||||||
|
UsePAM no
|
||||||
|
X11Forwarding no
|
||||||
|
Banner none
|
||||||
|
AddressFamily any
|
||||||
|
Port 2222
|
||||||
|
|
||||||
|
Subsystem sftp ${openssh}/libexec/sftp-server
|
||||||
|
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
|
||||||
|
HostKey /mnt/data/ssh/ssh_host_ed25519_key
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mkdir -p /etc/keys
|
||||||
|
mkdir -p /var/empty
|
||||||
|
mkdir -p /var/log
|
||||||
|
|
||||||
|
substitute ${./entrypoint.sh} /entrypoint.sh \
|
||||||
|
--subst-var-by qemu-aarch64 ${lib.getExe' qemu-user "qemu-aarch64"} \
|
||||||
|
--subst-var-by qemu-riscv64 ${lib.getExe' qemu-user "qemu-riscv64"}
|
||||||
|
chmod +x /entrypoint.sh
|
||||||
|
'';
|
||||||
|
}
|
39
pkgs/build-worker-oci/entrypoint.sh
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
cat /etc/passwd > /root/passwd
|
||||||
|
rm -f /etc/passwd
|
||||||
|
cp /root/passwd /etc/passwd
|
||||||
|
echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
|
||||||
|
cat /etc/shadow > /root/shadow
|
||||||
|
rm -f /etc/shadow
|
||||||
|
cp /root/shadow /etc/shadow
|
||||||
|
/bin/sed -i "s/root:!/root:*/g" /etc/shadow
|
||||||
|
|
||||||
|
[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
|
||||||
|
if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
|
||||||
|
ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
|
||||||
|
[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
|
||||||
|
[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
|
||||||
|
|
||||||
|
rm -rf /mnt/data/nix-store/*
|
||||||
|
|
||||||
|
rm -f /etc/nix/nix.conf
|
||||||
|
cp /root/nix.conf /etc/nix/nix.conf
|
||||||
|
|
||||||
|
/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
|
||||||
|
/bin/mount --bind /mnt/data/tmp /tmp
|
||||||
|
|
||||||
|
# Register QEMU binaries for user mode emulation
|
||||||
|
aarch64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'
|
||||||
|
aarch64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
|
||||||
|
|
||||||
|
riscv64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'
|
||||||
|
riscv64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
|
||||||
|
|
||||||
|
echo ":qemu-aarch64:M::$aarch64_magic:$aarch64_mask:@qemu-aarch64@:POCF" >/proc/sys/fs/binfmt_misc/register
|
||||||
|
echo ":qemu-riscv64:M::$riscv64_magic:$riscv64_mask:@qemu-riscv64@:POCF" >/proc/sys/fs/binfmt_misc/register
|
||||||
|
|
||||||
|
/root/.nix-profile/bin/sshd -D -f /root/sshd_config
|