Compare commits

...

129 commits

Author SHA1 Message Date
8428584816
hydra: add even more power 2024-11-21 20:05:40 +01:00
8910001198
akkoma: add more emojis 2024-11-20 12:37:49 +01:00
a03fc6bb9c
akkoma: Build ImageMagick with SVT-AV1 encoder 2024-11-20 11:07:52 +01:00
59ef761474
hydra: Add RV64GC ISA support for schrodinger 2024-11-20 11:07:52 +01:00
c0c8f825fc
hydra: Remove Cloud-V RISC-V build worker 2024-11-20 11:07:51 +01:00
73eaf9c154
build-worker-oci: update, add vikas keys 2024-11-20 11:07:51 +01:00
6b0e944765
users: add lucy 2024-11-20 11:07:50 +01:00
3e03107d00
ryuuko: add firefox custom build 2024-11-20 11:07:46 +01:00
320717a71d
crime: change paths 2024-11-17 23:03:52 +01:00
38397e271b
sears: add nil 2024-11-17 17:01:01 +01:00
8444f3e28c
hydra: no oom pls 2024-11-16 17:54:02 +01:00
faafea4739
hydra: add lab.nyantec.com to knownHosts 2024-11-16 12:43:59 +01:00
Update Bot
c6f27fc33a
flake.lock: Update
Flake lock file updates:

• Updated input 'nixvim':
    'github:nix-community/nixvim/24fe0dd2478643fcd4dd57c9570b4614fac80144' (2024-11-14)
  → 'github:nix-community/nixvim/be455f7f2714ce3479ae5bb662a03bd450f45793' (2024-11-15)
• Updated input 'stylix':
    'github:danth/stylix/e0a278871b63b1800ccdda568861b5324dd93797' (2024-11-14)
  → 'github:danth/stylix/5ab1207b2fdeb5a022f2dd7cccf6be760f1b150f' (2024-11-15)
2024-11-16 04:20:20 +01:00
Update Bot
9cbf6f9558
flake.lock: Update
Flake lock file updates:

• Updated input 'florp-moderation':
    'git+https://woof.rip/florp/moderation.git?ref=refs/heads/main&rev=f8765b410ad0496a82cc294c68aec701e6d391be' (2024-11-14)
  → 'git+https://woof.rip/florp/moderation.git?ref=refs/heads/main&rev=32e1061cb2ef3cd0eab0bd99f062a2776a73d459' (2024-11-14)
• Updated input 'home-manager':
    'github:nix-community/home-manager/35b055009afd0107b69c286fca34d2ad98940d57' (2024-11-13)
  → 'github:nix-community/home-manager/1d0862ee2d7c6f6cd720d6f32213fa425004be10' (2024-11-14)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
  → 'github:nixos/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11)
• Updated input 'nixvim':
    'github:nix-community/nixvim/f11a877bcc1d66cc8bd7990c704f91c1e99c7d08' (2024-11-13)
  → 'github:nix-community/nixvim/24fe0dd2478643fcd4dd57c9570b4614fac80144' (2024-11-14)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/d70155fdc00df4628446352fc58adc640cd705c2' (2024-11-05)
  → 'github:cachix/git-hooks.nix/cd1af27aa85026ac759d5d3fccf650abe7e1bbf0' (2024-11-11)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
  → 'github:lnl7/nix-darwin/6c71c49e2448e51ad830ed211024e6d0edc50116' (2024-11-12)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/ef493352f9e1f051e01a55c062731503a6b36b4e' (2024-11-08)
  → 'github:NuschtOS/search/135d202e032be70c93b6d7d53592ef4799d6efde' (2024-11-11)
• Updated input 'stylix':
    'github:danth/stylix/be94701ce7b746cb020e667f71492e398ed470f4' (2024-11-13)
  → 'github:danth/stylix/e0a278871b63b1800ccdda568861b5324dd93797' (2024-11-14)
2024-11-15 04:20:43 +01:00
018d5f4cd4
admin-fe: disable unused features 2024-11-14 20:00:19 +01:00
f436f8fcdb
florp: move moderation into its own repo 2024-11-14 19:13:55 +01:00
ff8630ece5
Thank you domi 2024-11-14 11:11:46 +01:00
Update Bot
19d07a5e45
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
  → 'github:nix-community/disko/5fd852c4155a689098095406500d0ae3d04654a8' (2024-11-14)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13)
• Updated input 'home-manager':
    'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10)
  → 'github:nix-community/home-manager/35b055009afd0107b69c286fca34d2ad98940d57' (2024-11-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/7dc65b2d9873b6bbb6ef90234b3db6546e4ed9af' (2024-11-12)
  → 'github:nix-community/nixvim/f11a877bcc1d66cc8bd7990c704f91c1e99c7d08' (2024-11-13)
• Updated input 'stylix':
    'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08)
  → 'github:danth/stylix/be94701ce7b746cb020e667f71492e398ed470f4' (2024-11-13)
2024-11-14 04:20:18 +01:00
8c02b4a16d
crime: add backup 2024-11-13 17:07:46 +01:00
Update Bot
73f1a6c65a
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/184687ae1a3139faa4746168baf071f60d0310c8' (2024-11-11)
  → 'github:nixos/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
• Updated input 'nixvim':
    'github:nix-community/nixvim/c892aa20732f982d4cc2b3ef2e2276a2a9a4d45b' (2024-11-11)
  → 'github:nix-community/nixvim/7dc65b2d9873b6bbb6ef90234b3db6546e4ed9af' (2024-11-12)
2024-11-13 04:20:20 +01:00
650a206aa4
crime: fix config 2024-11-12 22:10:02 +01:00
Update Bot
dc91b774a4
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06)
  → 'github:nixos/nixos-hardware/184687ae1a3139faa4746168baf071f60d0310c8' (2024-11-11)
• Updated input 'nixvim':
    'github:nix-community/nixvim/57068f532d5d42601fd74e2b531204fe1cd3a8f2' (2024-11-10)
  → 'github:nix-community/nixvim/c892aa20732f982d4cc2b3ef2e2276a2a9a4d45b' (2024-11-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10)
  → 'github:Mic92/sops-nix/4c91d52db103e757fc25b58998b0576ae702d659' (2024-11-11)
2024-11-12 04:20:27 +01:00
Update Bot
b8a24dfc2f
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/48c8b395bfbc6b76c7eae74df6c74351255a095c' (2024-10-30)
  → 'github:zhaofengli/attic/47752427561f1c34debb16728a210d378f0ece36' (2024-11-10)
• Updated input 'disko':
    'github:nix-community/disko/380847d94ff0fedee8b50ee4baddb162c06678df' (2024-11-03)
  → 'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
• Updated input 'florp-about':
    'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1845276697adca236be3e7a983238d2a2d0d57b5' (2024-11-09)
  → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=2f1130b23576a403b9b1d70d6431649bfa044621' (2024-11-10)
• Updated input 'home-manager':
    'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661' (2024-11-03)
  → 'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/f6e0cd5c47d150c4718199084e5764f968f1b560' (2024-11-02)
  → 'github:nixos/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
  → 'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
• Updated input 'nixvim':
    'github:nix-community/nixvim/6f210158b03b01a1fd44bf3968165e6da80635ce' (2024-11-02)
  → 'github:nix-community/nixvim/57068f532d5d42601fd74e2b531204fe1cd3a8f2' (2024-11-10)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/af8a16fe5c264f5e9e18bcee2859b40a656876cf' (2024-10-30)
  → 'github:cachix/git-hooks.nix/d70155fdc00df4628446352fc58adc640cd705c2' (2024-11-05)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/683d0c4cd1102dcccfa3f835565378c7f3cbe05e' (2024-11-01)
  → 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/9e22bd742480916ff5d0ab20ca2522eaa3fa061e' (2024-11-02)
  → 'github:NuschtOS/search/ef493352f9e1f051e01a55c062731503a6b36b4e' (2024-11-08)
• Updated input 'nixvim/nuschtosSearch/ixx':
    'github:NuschtOS/ixx/65c207c92befec93e22086da9456d3906a4e999c' (2024-10-21)
  → 'github:NuschtOS/ixx/9fd01aad037f345350eab2cd45e1946cc66da4eb' (2024-10-26)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03)
  → 'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10)
• Updated input 'stylix':
    'github:danth/stylix/04afcfc0684d9bbb24bb1dc77afda7c1843ec93b' (2024-10-26)
  → 'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08)
• Updated input 'stylix/tinted-foot':
    'github:tinted-theming/tinted-foot/eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce' (2023-10-08)
  → 'github:tinted-theming/tinted-foot/fd1b924b6c45c3e4465e8a849e67ea82933fcbe4' (2024-09-21)
2024-11-11 13:06:18 +01:00
30665c65aa
update-nixfiles: fix eval check 2024-11-11 13:06:18 +01:00
6eb2393d7e
flake.lock: Update
Flake lock file updates:

• Updated input 'florp-about':
    'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1d3098ad7775426c092a5bd13498d98a8b02b116' (2024-11-09)
  → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1845276697adca236be3e7a983238d2a2d0d57b5' (2024-11-09)
2024-11-11 13:06:17 +01:00
4c2f141db5
akkoma: Create backups from database dump 2024-11-11 13:06:13 +01:00
29b7574b86
akkoma: Limit banner image width 2024-11-09 22:59:36 +01:00
24819a7f56
restic: add timer option 2024-11-09 22:59:32 +01:00
695892638a flake.lock: Update
Flake lock file updates:

• Updated input 'florp-about':
    'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=35e71f8654bc7df450f24003353fccf45ceb5678' (2024-11-09)
  → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1d3098ad7775426c092a5bd13498d98a8b02b116' (2024-11-09)
2024-11-09 21:54:04 +01:00
d1091ec8ba
Adjust and amend defederation reason wording 2024-11-09 21:43:27 +01:00
d6328117b8
florp: add about page 2024-11-09 21:05:27 +01:00
2ca15ddaad
restic,florp: add backup 2024-11-09 17:40:43 +01:00
2388e80dd9
florp.social: add dedicated host 2024-11-08 13:51:19 +01:00
992b4796ad
nginx: enable http3 2024-11-04 20:30:18 +01:00
Update Bot
03c32f38d0
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/3979285062d6781525cded0f6c4ff92e71376b55' (2024-10-29)
  → 'github:nix-community/disko/380847d94ff0fedee8b50ee4baddb162c06678df' (2024-11-03)
• Updated input 'home-manager':
    'github:nix-community/home-manager/1743615b61c7285976f85b303a36cdf88a556503' (2024-11-01)
  → 'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661' (2024-11-03)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29)
  → 'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/1666d16426abe79af5c47b7c0efa82fd31bf4c56' (2024-10-27)
  → 'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26)
  → 'github:NixOS/nixpkgs/3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c' (2024-11-03)
2024-11-04 04:20:36 +01:00
a3d92ecedd
hydra: add riscv64 build worker 2024-11-03 14:31:55 +01:00
Update Bot
87ac22ac91
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc' (2024-10-31)
  → 'github:nixos/nixos-hardware/f6e0cd5c47d150c4718199084e5764f968f1b560' (2024-11-02)
• Updated input 'nixvim':
    'github:nix-community/nixvim/356896f58dde22ee16481b7c954e340dceec340d' (2024-11-01)
  → 'github:nix-community/nixvim/6f210158b03b01a1fd44bf3968165e6da80635ce' (2024-11-02)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
  → 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/b379bd4d872d159e5189053ce9a4adf86d56db4b' (2024-10-29)
  → 'github:lnl7/nix-darwin/683d0c4cd1102dcccfa3f835565378c7f3cbe05e' (2024-11-01)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/4e0a7a95a3df3333771abc4df6a656e7baf67106' (2024-10-31)
  → 'github:NuschtOS/search/9e22bd742480916ff5d0ab20ca2522eaa3fa061e' (2024-11-02)
2024-11-03 04:20:11 +01:00
06bd495dd9
akkoma: various stuff 2024-11-02 17:16:48 +01:00
Update Bot
0ba6f7874b
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/e83414058edd339148dc142a8437edb9450574c8' (2024-10-27)
  → 'github:nix-community/home-manager/1743615b61c7285976f85b303a36cdf88a556503' (2024-11-01)
• Updated input 'nixvim':
    'github:nix-community/nixvim/42ea1626cb002fa759a6b1e2841bfc80a4e59615' (2024-10-31)
  → 'github:nix-community/nixvim/356896f58dde22ee16481b7c954e340dceec340d' (2024-11-01)
2024-11-02 04:20:15 +01:00
e5004ed8fd
akkoma: add branding 2024-11-01 20:15:25 +01:00
Update Bot
81842a1f3e
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29)
  → 'github:nixos/nixos-hardware/da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc' (2024-10-31)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25)
  → 'github:nixos/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29)
• Updated input 'nixvim':
    'github:nix-community/nixvim/7d882356a486cf44b7fab842ac26885ecd985af3' (2024-10-29)
  → 'github:nix-community/nixvim/42ea1626cb002fa759a6b1e2841bfc80a4e59615' (2024-10-31)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/3c3e88f0f544d6bb54329832616af7eb971b6be6' (2024-10-16)
  → 'github:cachix/git-hooks.nix/af8a16fe5c264f5e9e18bcee2859b40a656876cf' (2024-10-30)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/2eb472230a5400c81d9008014888b4bff23bcf44' (2024-10-26)
  → 'github:lnl7/nix-darwin/b379bd4d872d159e5189053ce9a4adf86d56db4b' (2024-10-29)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/e373332c1f8237fc1263901745b0fe747228c8ba' (2024-10-27)
  → 'github:NuschtOS/search/4e0a7a95a3df3333771abc4df6a656e7baf67106' (2024-10-31)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/bae131e525cc8718da22fbeb8d8c7c43c4ea502a' (2024-10-27)
  → 'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30)
2024-11-01 04:20:44 +01:00
e6de0b8257
akkoma: add initial config 2024-10-31 23:41:54 +01:00
Update Bot
9f9f6d7b76
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/0fe1b1cd34e929871651db24326d9d45c80d1013' (2024-10-28)
  → 'github:zhaofengli/attic/48c8b395bfbc6b76c7eae74df6c74351255a095c' (2024-10-30)
• Updated input 'disko':
    'github:nix-community/disko/0e55423bf8c241cf18676a8b8424c7eadd170ffc' (2024-10-28)
  → 'github:nix-community/disko/3979285062d6781525cded0f6c4ff92e71376b55' (2024-10-29)
• Updated input 'nixvim':
    'github:nix-community/nixvim/a4c3ad01cd0755dd1e93473d74efdd89a1cf5999' (2024-10-28)
  → 'github:nix-community/nixvim/7d882356a486cf44b7fab842ac26885ecd985af3' (2024-10-29)
2024-10-30 04:20:19 +01:00
Update Bot
840b178b59
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/2b05b7d986cf6009b1c1ef7daa4961cd1a658782' (2024-10-16)
  → 'github:zhaofengli/attic/0fe1b1cd34e929871651db24326d9d45c80d1013' (2024-10-28)
• Added input 'attic/nix-github-actions':
    'github:nix-community/nix-github-actions/e04df33f62cdcf93d73e9a04142464753a16db67' (2024-10-24)
• Added input 'attic/nix-github-actions/nixpkgs':
    follows 'attic/nixpkgs'
• Updated input 'disko':
    'github:nix-community/disko/89e458a3bb3693e769bfb2b2447c3fe72092d498' (2024-10-27)
  → 'github:nix-community/disko/0e55423bf8c241cf18676a8b8424c7eadd170ffc' (2024-10-28)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/6906ac67a1078cf950b8527341e229eeecb5bc30' (2024-10-27)
  → 'github:nixos/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29)
• Updated input 'nixvim':
    'github:nix-community/nixvim/a20fbbc4b9665ec215e7bea061a1d64f6fd652ce' (2024-10-27)
  → 'github:nix-community/nixvim/a4c3ad01cd0755dd1e93473d74efdd89a1cf5999' (2024-10-28)
2024-10-29 04:20:12 +01:00
Update Bot
82022ac8b9
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/58cd832497f9c87cb4889744b86aba4284fd0474' (2024-10-26)
  → 'github:nix-community/disko/89e458a3bb3693e769bfb2b2447c3fe72092d498' (2024-10-27)
• Updated input 'home-manager':
    'github:nix-community/home-manager/93435d27d250fa986bfec6b2ff263161ff8288cb' (2024-10-25)
  → 'github:nix-community/home-manager/e83414058edd339148dc142a8437edb9450574c8' (2024-10-27)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24)
  → 'github:nixos/nixos-hardware/6906ac67a1078cf950b8527341e229eeecb5bc30' (2024-10-27)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
  → 'github:nixos/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25)
• Updated input 'nixvim':
    'github:nix-community/nixvim/bb0e3892a27efdc6f9c1771927f513577cb1c671' (2024-10-26)
  → 'github:nix-community/nixvim/a20fbbc4b9665ec215e7bea061a1d64f6fd652ce' (2024-10-27)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/7840909b00fbd5a183008a6eb251ea307fe4a76e' (2024-10-25)
  → 'github:lnl7/nix-darwin/2eb472230a5400c81d9008014888b4bff23bcf44' (2024-10-26)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/b35c0b1cbbcc42161c07c77419c2801d461f1401' (2024-10-24)
  → 'github:NuschtOS/search/e373332c1f8237fc1263901745b0fe747228c8ba' (2024-10-27)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22)
  → 'github:numtide/treefmt-nix/bae131e525cc8718da22fbeb8d8c7c43c4ea502a' (2024-10-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b2211d1a537136cc1d0d5c0af391e8712016b34e' (2024-10-26)
  → 'github:Mic92/sops-nix/1666d16426abe79af5c47b7c0efa82fd31bf4c56' (2024-10-27)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22' (2024-10-19)
  → 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26)
2024-10-28 04:20:42 +01:00
Update Bot
e66731bd82
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
  → 'github:nix-community/disko/58cd832497f9c87cb4889744b86aba4284fd0474' (2024-10-26)
• Updated input 'nixvim':
    'github:nix-community/nixvim/4726334e4413ff55f1db3768c8d08722abbf09cf' (2024-10-24)
  → 'github:nix-community/nixvim/bb0e3892a27efdc6f9c1771927f513577cb1c671' (2024-10-26)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
  → 'github:lnl7/nix-darwin/7840909b00fbd5a183008a6eb251ea307fe4a76e' (2024-10-25)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/bedc2f2ada220815a98a896e10f5e61bfc329bfc' (2024-10-24)
  → 'github:NuschtOS/search/b35c0b1cbbcc42161c07c77419c2801d461f1401' (2024-10-24)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/78a0e634fc8981d6b564f08b6715c69a755c4c7d' (2024-10-24)
  → 'github:Mic92/sops-nix/b2211d1a537136cc1d0d5c0af391e8712016b34e' (2024-10-26)
• Updated input 'stylix':
    'github:danth/stylix/fb9399b7e2c855f42dae76a363bab28d4f24aa8d' (2024-10-19)
  → 'github:danth/stylix/04afcfc0684d9bbb24bb1dc77afda7c1843ec93b' (2024-10-26)
2024-10-27 04:20:19 +01:00
Update Bot
be5d1f2958
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/a4353cc43d1b4dd6bdeacea90eb92a8b7b78a9d7' (2024-10-23)
  → 'github:nix-community/home-manager/93435d27d250fa986bfec6b2ff263161ff8288cb' (2024-10-25)
2024-10-26 04:20:15 +02:00
Update Bot
391c1adf40
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/5ec753a1fc4454df9285d8b3ec0809234defb975' (2024-10-21)
  → 'github:nix-community/home-manager/a4353cc43d1b4dd6bdeacea90eb92a8b7b78a9d7' (2024-10-23)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/64d900abe40057393148bc0283d35c2254dd4f57' (2024-10-23)
  → 'github:nixos/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1997e4aa514312c1af7e2bda7fad1644e778ff26' (2024-10-20)
  → 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
• Updated input 'nixvim':
    'github:nix-community/nixvim/029eafd70d6e28919a9ec01a94a46b51c4ccff40' (2024-10-23)
  → 'github:nix-community/nixvim/4726334e4413ff55f1db3768c8d08722abbf09cf' (2024-10-24)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
  → 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/f82d3e1c1c9d1eaeb91878519e2d27b27c66ce84' (2024-10-14)
  → 'github:NuschtOS/search/bedc2f2ada220815a98a896e10f5e61bfc329bfc' (2024-10-24)
• Added input 'nixvim/nuschtosSearch/ixx':
    'github:NuschtOS/ixx/65c207c92befec93e22086da9456d3906a4e999c' (2024-10-21)
• Added input 'nixvim/nuschtosSearch/ixx/flake-utils':
    follows 'nixvim/nuschtosSearch/flake-utils'
• Added input 'nixvim/nuschtosSearch/ixx/nixpkgs':
    follows 'nixvim/nuschtosSearch/nixpkgs'
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/d986489c1c757f6921a48c1439f19bfb9b8ecab5' (2024-10-18)
  → 'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/d089e742fb79259b9c4dd9f18e9de1dd4fa3c1ec' (2024-10-23)
  → 'github:Mic92/sops-nix/78a0e634fc8981d6b564f08b6715c69a755c4c7d' (2024-10-24)
2024-10-25 04:20:36 +02:00
1dd90e2037
forgejo: update to latest 2024-10-24 20:46:03 +02:00
90692c9bc1
hydra: increase gc time 2024-10-24 15:37:46 +02:00
Update Bot
ba4345c402
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/4be2aadf13b67ffbb993deb73adff77c46b728fc' (2024-10-22)
  → 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/22e8de2729f40d29a445c8baeaf22740b8b25daf' (2024-10-22)
  → 'github:nixos/nixos-hardware/64d900abe40057393148bc0283d35c2254dd4f57' (2024-10-23)
• Updated input 'nixvim':
    'github:nix-community/nixvim/b076f006c6b0cc6644a651bd21d4449cc3e7e56d' (2024-10-22)
  → 'github:nix-community/nixvim/029eafd70d6e28919a9ec01a94a46b51c4ccff40' (2024-10-23)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/26642e8f193f547e72d38cd4c0c4e45b49236d27' (2024-10-22)
  → 'github:Mic92/sops-nix/d089e742fb79259b9c4dd9f18e9de1dd4fa3c1ec' (2024-10-23)
2024-10-24 04:20:20 +02:00
e76c317759
seras: add riscv builder and zram 2024-10-23 22:08:01 +02:00
Update Bot
1e9b66957b
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/a6a3179ddf396dfc28a078e2f169354d0c137125' (2024-10-18)
  → 'github:nix-community/disko/4be2aadf13b67ffbb993deb73adff77c46b728fc' (2024-10-22)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21)
  → 'github:nixos/nixos-hardware/22e8de2729f40d29a445c8baeaf22740b8b25daf' (2024-10-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0' (2024-10-18)
  → 'github:nixos/nixpkgs/1997e4aa514312c1af7e2bda7fad1644e778ff26' (2024-10-20)
• Updated input 'nixvim':
    'github:nix-community/nixvim/0562e519ec0e69125c5edc917d41bccb54a534fd' (2024-10-21)
  → 'github:nix-community/nixvim/b076f006c6b0cc6644a651bd21d4449cc3e7e56d' (2024-10-22)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c504fd7ac946d7a1b17944d73b261ca0a0b226a5' (2024-10-20)
  → 'github:Mic92/sops-nix/26642e8f193f547e72d38cd4c0c4e45b49236d27' (2024-10-22)
2024-10-23 04:20:47 +02:00
4ea602f398
lix: enable-gc 2024-10-22 18:26:10 +02:00
Update Bot
669c6b695f
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/1e27f213d77fc842603628bcf2df6681d7d08f7e' (2024-10-20)
  → 'github:nix-community/home-manager/5ec753a1fc4454df9285d8b3ec0809234defb975' (2024-10-21)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/9fcf30fccf8435f6390efec4a4d38e69c2268a36' (2024-10-20)
  → 'github:nixos/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21)
• Updated input 'nixvim':
    'github:nix-community/nixvim/47b563d4e1410bff6a9481b3dd8b01b1e5ed70d2' (2024-10-20)
  → 'github:nix-community/nixvim/0562e519ec0e69125c5edc917d41bccb54a534fd' (2024-10-21)
2024-10-22 04:20:19 +02:00
Update Bot
7af4450578
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/122f70545b29ccb922e655b08acfe05bfb44ec68' (2024-10-19)
  → 'github:nix-community/home-manager/1e27f213d77fc842603628bcf2df6681d7d08f7e' (2024-10-20)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/38279034170b1e2929b2be33bdaedbf14a57bfeb' (2024-10-19)
  → 'github:nixos/nixos-hardware/9fcf30fccf8435f6390efec4a4d38e69c2268a36' (2024-10-20)
• Updated input 'nixvim':
    'github:nix-community/nixvim/c4ad4d0b2e7de04fa9ae0652b006807f42062080' (2024-10-19)
  → 'github:nix-community/nixvim/47b563d4e1410bff6a9481b3dd8b01b1e5ed70d2' (2024-10-20)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
  → 'github:Mic92/sops-nix/c504fd7ac946d7a1b17944d73b261ca0a0b226a5' (2024-10-20)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05)
  → 'github:NixOS/nixpkgs/bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22' (2024-10-19)
2024-10-21 04:20:24 +02:00
6c7f6bd789
hydra: increase cache time 2024-10-20 22:29:39 +02:00
Update Bot
38a2b135f0
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
  → 'github:nix-community/disko/a6a3179ddf396dfc28a078e2f169354d0c137125' (2024-10-18)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e78cbb20276f09c1802e62d2f77fc93ec32da268' (2024-10-17)
  → 'github:nix-community/home-manager/122f70545b29ccb922e655b08acfe05bfb44ec68' (2024-10-19)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12)
  → 'github:nixos/nixos-hardware/38279034170b1e2929b2be33bdaedbf14a57bfeb' (2024-10-19)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
  → 'github:nixos/nixpkgs/4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0' (2024-10-18)
• Updated input 'nixvim':
    'github:nix-community/nixvim/3c7b6ae5d1524c691a1b65f7290facd0dc296e40' (2024-10-17)
  → 'github:nix-community/nixvim/c4ad4d0b2e7de04fa9ae0652b006807f42062080' (2024-10-19)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/ff68f91754be6f3427e4986d7949e6273659be1d' (2024-10-13)
  → 'github:cachix/git-hooks.nix/3c3e88f0f544d6bb54329832616af7eb971b6be6' (2024-10-16)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/4446c7a6fc0775df028c5a3f6727945ba8400e64' (2024-10-03)
  → 'github:numtide/treefmt-nix/d986489c1c757f6921a48c1439f19bfb9b8ecab5' (2024-10-18)
• Updated input 'stylix':
    'github:danth/stylix/33a2eff15181e557bb6dd9d2073b90f7d218975d' (2024-10-14)
  → 'github:danth/stylix/fb9399b7e2c855f42dae76a363bab28d4f24aa8d' (2024-10-19)
2024-10-20 04:20:50 +02:00
d546dc3712
hydra: fix build 2024-10-18 18:07:29 +02:00
8b5239404b
seras: Increase postgresql limits 2024-10-18 15:15:00 +02:00
Update Bot
fa10cf8993
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/2a4fd1cfd8ed5648583dadef86966a8231024221' (2024-10-15)
  → 'github:nix-community/home-manager/e78cbb20276f09c1802e62d2f77fc93ec32da268' (2024-10-17)
• Updated input 'nixvim':
    'github:nix-community/nixvim/717e7060fafa2c3822a64e3f5bbfd4895577fdbf' (2024-10-16)
  → 'github:nix-community/nixvim/3c7b6ae5d1524c691a1b65f7290facd0dc296e40' (2024-10-17)
2024-10-18 04:57:06 +02:00
0c31324e8f
chore: Rename deprecated options 2024-10-17 16:55:25 +02:00
4de085154b
hydra: Use correct module 2024-10-17 15:58:16 +02:00
Update Bot
5129bab73d
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/e5c8d2d50981a34602358d917e7be011b2c397a8' (2024-10-10)
  → 'github:zhaofengli/attic/2b05b7d986cf6009b1c1ef7daa4961cd1a658782' (2024-10-16)
• Updated input 'disko':
    'github:nix-community/disko/9ab6ae4e632016caac1c7e82e15b12b8c672ed76' (2024-10-15)
  → 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
• Updated input 'nixvim':
    'github:nix-community/nixvim/429f2e8d1aa61181c0ec72bdafe022fbb6a092d6' (2024-10-15)
  → 'github:nix-community/nixvim/717e7060fafa2c3822a64e3f5bbfd4895577fdbf' (2024-10-16)
2024-10-17 04:36:44 +02:00
Update Bot
e974c61904
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/3b778f10eb275573da9f5c8a7a49e774200b87e5' (2024-10-14)
  → 'github:nix-community/disko/9ab6ae4e632016caac1c7e82e15b12b8c672ed76' (2024-10-15)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e1aec543f5caf643ca0d94b6a633101942fd065f' (2024-10-14)
  → 'github:nix-community/home-manager/2a4fd1cfd8ed5648583dadef86966a8231024221' (2024-10-15)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
  → 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
• Updated input 'nixvim':
    'github:nix-community/nixvim/619e24366e8ad34230d65a323d26ca981bfa6927' (2024-10-13)
  → 'github:nix-community/nixvim/429f2e8d1aa61181c0ec72bdafe022fbb6a092d6' (2024-10-15)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/eb74e0be24a11a1531b5b8659535580554d30b28' (2024-10-12)
  → 'github:cachix/git-hooks.nix/ff68f91754be6f3427e4986d7949e6273659be1d' (2024-10-13)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/48b50b3b137be5cfb9f4d006835ce7c3fe558ccc' (2024-10-08)
  → 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/9578d865b081c29ae98131caf7d2f69a42f0ca6e' (2024-10-12)
  → 'github:NuschtOS/search/f82d3e1c1c9d1eaeb91878519e2d27b27c66ce84' (2024-10-14)
2024-10-16 04:21:07 +02:00
Update Bot
fc41ef1f97
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b6215392ec3bd05e9ebfbb2f7945c414096fce8f' (2024-10-12)
  → 'github:nix-community/disko/3b778f10eb275573da9f5c8a7a49e774200b87e5' (2024-10-14)
• Updated input 'home-manager':
    'github:nix-community/home-manager/64c6325b28ebd708653dd41d88f306023f296184' (2024-10-13)
  → 'github:nix-community/home-manager/e1aec543f5caf643ca0d94b6a633101942fd065f' (2024-10-14)
• Updated input 'stylix':
    'github:danth/stylix/f95022bb6e74f726a87975aec982a5aa9fad8691' (2024-10-11)
  → 'github:danth/stylix/33a2eff15181e557bb6dd9d2073b90f7d218975d' (2024-10-14)
2024-10-15 04:20:29 +02:00
Update Bot
6a0d2ae272
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/d57112db877f07387ce7104b5ac346ede556d2d7' (2024-10-12)
  → 'github:nix-community/home-manager/64c6325b28ebd708653dd41d88f306023f296184' (2024-10-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/48b62ac2e607fb0c5332ba2a2455e9cf3184832a' (2024-10-12)
  → 'github:nix-community/nixvim/619e24366e8ad34230d65a323d26ca981bfa6927' (2024-10-13)
2024-10-14 04:20:53 +02:00
Update Bot
87cfddba6e
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/bdbdb725d632863bdedb80baabf21327614dd237' (2024-10-11)
  → 'github:nix-community/disko/b6215392ec3bd05e9ebfbb2f7945c414096fce8f' (2024-10-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2b13611eaed8326789f76f70d21d06fbb14e3e47' (2024-10-11)
  → 'github:nix-community/home-manager/d57112db877f07387ce7104b5ac346ede556d2d7' (2024-10-12)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
  → 'github:nixos/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12)
• Updated input 'nixvim':
    'github:nix-community/nixvim/5cd8c9cf3104027b42ffe531fb68463ecb08ebc9' (2024-10-10)
  → 'github:nix-community/nixvim/48b62ac2e607fb0c5332ba2a2455e9cf3184832a' (2024-10-12)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/1211305a5b237771e13fcca0c51e60ad47326a9a' (2024-10-05)
  → 'github:cachix/git-hooks.nix/eb74e0be24a11a1531b5b8659535580554d30b28' (2024-10-12)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/5cb7ef512ec20a5b7d60fc70dba014560559698a' (2024-10-09)
  → 'github:NuschtOS/search/9578d865b081c29ae98131caf7d2f69a42f0ca6e' (2024-10-12)
2024-10-13 04:20:52 +02:00
Update Bot
e36fb1550e
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/d39ee334984fcdae6244f5a8e6ab857479cbaefe' (2024-10-07)
  → 'github:nix-community/disko/bdbdb725d632863bdedb80baabf21327614dd237' (2024-10-11)
• Updated input 'home-manager':
    'github:nix-community/home-manager/342a1d682386d3a1d74f9555cb327f2f311dda6e' (2024-10-10)
  → 'github:nix-community/home-manager/2b13611eaed8326789f76f70d21d06fbb14e3e47' (2024-10-11)
• Updated input 'nixvim':
    'github:nix-community/nixvim/af650ba9401501352d6eaaced192bbb4abfaec87' (2024-10-10)
  → 'github:nix-community/nixvim/5cd8c9cf3104027b42ffe531fb68463ecb08ebc9' (2024-10-10)
• Updated input 'stylix':
    'github:danth/stylix/5699ba97c60455ebafde0fd4e78ca0a2e5a58282' (2024-10-09)
  → 'github:danth/stylix/f95022bb6e74f726a87975aec982a5aa9fad8691' (2024-10-11)
• Updated input 'stylix/tinted-kitty':
    'github:tinted-theming/tinted-kitty/81b15cb9eb696247af857808d37122188423f73b' (2024-10-02)
  → 'github:tinted-theming/tinted-kitty/eb39e141db14baef052893285df9f266df041ff8' (2024-05-23)
2024-10-12 04:20:30 +02:00
Update Bot
147b9e9673
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/61ebdef2e263c091f24807b07701be5cb8068dea' (2024-10-04)
  → 'github:zhaofengli/attic/e5c8d2d50981a34602358d917e7be011b2c397a8' (2024-10-10)
• Updated input 'disko':
    'github:nix-community/disko/574400001b3ffe555c7a21e0ff846230759be2ed' (2024-10-03)
  → 'github:nix-community/disko/d39ee334984fcdae6244f5a8e6ab857479cbaefe' (2024-10-07)
• Updated input 'home-manager':
    'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
  → 'github:nix-community/home-manager/342a1d682386d3a1d74f9555cb327f2f311dda6e' (2024-10-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
  → 'github:nixos/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01)
  → 'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
• Updated input 'nixvim':
    'github:nix-community/nixvim/0ca98d02104f7f0a703787a7a080a570b7f1bedd' (2024-10-02)
  → 'github:nix-community/nixvim/af650ba9401501352d6eaaced192bbb4abfaec87' (2024-10-10)
• Updated input 'nixvim/devshell':
    'github:numtide/devshell/67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae' (2024-07-27)
  → 'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef' (2024-10-07)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/2f5ae3fc91db865eff2c5a418da85a0fbe6238a3' (2024-10-01)
  → 'github:cachix/git-hooks.nix/1211305a5b237771e13fcca0c51e60ad47326a9a' (2024-10-05)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/f61d5f2051a387a15817007220e9fb3bbead57b3' (2024-09-30)
  → 'github:lnl7/nix-darwin/48b50b3b137be5cfb9f4d006835ce7c3fe558ccc' (2024-10-08)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/c3c3928b8de7d300c34e9d90fdc19febd1a32062' (2024-09-29)
  → 'github:NuschtOS/search/5cb7ef512ec20a5b7d60fc70dba014560559698a' (2024-10-09)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/879b29ae9a0378904fbbefe0dadaed43c8905754' (2024-09-27)
  → 'github:numtide/treefmt-nix/4446c7a6fc0775df028c5a3f6727945ba8400e64' (2024-10-03)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/3198a242e547939c5e659353551b0668ec150268' (2024-09-30)
  → 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dc454045f5b5d814e5862a6d057e7bb5c29edc05' (2024-09-08)
  → 'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05)
• Updated input 'stylix':
    'github:danth/stylix/e7e97059776da7e34b739415a7bc8f80f606b803' (2024-09-30)
  → 'github:danth/stylix/5699ba97c60455ebafde0fd4e78ca0a2e5a58282' (2024-10-09)
• Updated input 'stylix/tinted-kitty':
    'github:tinted-theming/tinted-kitty/06bb401fa9a0ffb84365905ffbb959ae5bf40805' (2022-10-05)
  → 'github:tinted-theming/tinted-kitty/81b15cb9eb696247af857808d37122188423f73b' (2024-10-02)
2024-10-11 14:06:40 +02:00
50e3b402fc
hydra: add more power 2024-10-11 14:06:35 +02:00
b32ddfa0a1
graphical, fly.toml: fixes 2024-10-10 19:10:47 +02:00
Update Bot
1f8a1403d3
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/416687e59c4f0b32742423458cab2c5ff8fe748a' (2024-09-11)
  → 'github:zhaofengli/attic/61ebdef2e263c091f24807b07701be5cb8068dea' (2024-10-04)
• Updated input 'home-manager':
    'github:nix-community/home-manager/437ec62009fa8ceb684eb447d455ffba25911cf9' (2024-10-01)
  → 'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
  → 'github:nixos/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
2024-10-05 04:20:54 +02:00
Update Bot
f04564930a
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/568727a884ae7cd9f266bd19aea655def8cafd78' (2024-10-02)
  → 'github:nix-community/disko/574400001b3ffe555c7a21e0ff846230759be2ed' (2024-10-03)
2024-10-04 04:20:34 +02:00
eac20c1f2e
vaultwarden: Fix secret owner 2024-10-03 15:47:40 +02:00
Update Bot
a698502f25
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/6c5ba9ec9d470c1ca29e7735762c9c366e28f7f5' (2024-10-01)
  → 'github:nix-community/disko/568727a884ae7cd9f266bd19aea655def8cafd78' (2024-10-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/ffe2d07e771580a005e675108212597e5b367d2d' (2024-09-26)
  → 'github:nix-community/home-manager/437ec62009fa8ceb684eb447d455ffba25911cf9' (2024-10-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/06cf0e1da4208d3766d898b7fdab6513366d45b9' (2024-09-29)
  → 'github:nixos/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01)
• Updated input 'nixvim':
    'github:nix-community/nixvim/5f4a4b47597d3b9ac26c41ff4e8da28fa662f200' (2024-09-29)
  → 'github:nix-community/nixvim/0ca98d02104f7f0a703787a7a080a570b7f1bedd' (2024-10-02)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a' (2024-09-12)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/85f7a7177c678de68224af3402ab8ee1bcee25c8' (2024-09-28)
  → 'github:cachix/git-hooks.nix/2f5ae3fc91db865eff2c5a418da85a0fbe6238a3' (2024-10-01)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/f2e1c4aa29fc211947c3a7113cba1dd707433b70' (2024-09-28)
  → 'github:lnl7/nix-darwin/f61d5f2051a387a15817007220e9fb3bbead57b3' (2024-09-30)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/9f7426e532ef8dfc839c4a3fcc567b13a20a70d3' (2024-09-27)
  → 'github:NuschtOS/search/c3c3928b8de7d300c34e9d90fdc19febd1a32062' (2024-09-29)
2024-10-03 04:20:51 +02:00
Update Bot
a2141e6ccf
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/67dc29be3036cc888f0b9d4f0a788ee0f6768700' (2024-09-26)
  → 'github:nix-community/disko/6c5ba9ec9d470c1ca29e7735762c9c366e28f7f5' (2024-10-01)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/d830ad47cc992b4a46b342bbc79694cbd0e980b2' (2024-09-27)
  → 'github:nixos/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1925c603f17fc89f4c8f6bf6f631a802ad85d784' (2024-09-26)
  → 'github:nixos/nixpkgs/06cf0e1da4208d3766d898b7fdab6513366d45b9' (2024-09-29)
• Updated input 'nixvim':
    'github:nix-community/nixvim/b5c19b6abb0fb0156b1cb76793b363e430e2cb47' (2024-09-27)
  → 'github:nix-community/nixvim/5f4a4b47597d3b9ac26c41ff4e8da28fa662f200' (2024-09-29)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/4e743a6920eab45e8ba0fbe49dc459f1423a4b74' (2024-09-19)
  → 'github:cachix/git-hooks.nix/85f7a7177c678de68224af3402ab8ee1bcee25c8' (2024-09-28)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d' (2024-09-22)
  → 'github:lnl7/nix-darwin/f2e1c4aa29fc211947c3a7113cba1dd707433b70' (2024-09-28)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/3b7dd61b365ca45380707453758a45f2e9977be3' (2024-09-22)
  → 'github:NuschtOS/search/9f7426e532ef8dfc839c4a3fcc567b13a20a70d3' (2024-09-27)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3' (2024-09-25)
  → 'github:numtide/treefmt-nix/879b29ae9a0378904fbbefe0dadaed43c8905754' (2024-09-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/127a96f49ddc377be6ba76964411bab11ae27803' (2024-09-27)
  → 'github:Mic92/sops-nix/3198a242e547939c5e659353551b0668ec150268' (2024-09-30)
• Updated input 'stylix':
    'github:danth/stylix/e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4' (2024-09-26)
  → 'github:danth/stylix/e7e97059776da7e34b739415a7bc8f80f606b803' (2024-09-30)
2024-10-02 12:55:04 +02:00
a74c1d8585
librespeed: Fixes 2024-10-02 12:54:44 +02:00
Update Bot
f091338a53
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/d0cb432a9d28218df11cbd77d984a2a46caeb5ac' (2024-09-22)
  → 'github:nixos/nixos-hardware/d830ad47cc992b4a46b342bbc79694cbd0e980b2' (2024-09-27)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/30439d93eb8b19861ccbe3e581abf97bdc91b093' (2024-09-23)
  → 'github:nixos/nixpkgs/1925c603f17fc89f4c8f6bf6f631a802ad85d784' (2024-09-26)
• Updated input 'nixvim':
    'github:nix-community/nixvim/cb2b76c1a9ec067ed0c449080f4973fecf8532ef' (2024-09-27)
  → 'github:nix-community/nixvim/b5c19b6abb0fb0156b1cb76793b363e430e2cb47' (2024-09-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e2d404a7ea599a013189aa42947f66cede0645c8' (2024-09-16)
  → 'github:Mic92/sops-nix/127a96f49ddc377be6ba76964411bab11ae27803' (2024-09-27)
2024-09-28 04:20:53 +02:00
Update Bot
72dfd80e05
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/c1c472f4cd91e4b0703e02810a8c7ed30186b6fa' (2024-09-25)
  → 'github:nix-community/disko/67dc29be3036cc888f0b9d4f0a788ee0f6768700' (2024-09-26)
• Updated input 'home-manager':
    'github:nix-community/home-manager/1e22ef1518fb175d762006f9cae7f6312b8caedb' (2024-09-25)
  → 'github:nix-community/home-manager/ffe2d07e771580a005e675108212597e5b367d2d' (2024-09-26)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9357f4f23713673f310988025d9dc261c20e70c6' (2024-09-21)
  → 'github:nixos/nixpkgs/30439d93eb8b19861ccbe3e581abf97bdc91b093' (2024-09-23)
• Updated input 'nixvim':
    'github:nix-community/nixvim/7bda0f1ce49e9da252bcee20b5f700e6dcd3cf8d' (2024-09-25)
  → 'github:nix-community/nixvim/cb2b76c1a9ec067ed0c449080f4973fecf8532ef' (2024-09-27)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/ee41a466c2255a3abe6bc50fc6be927cdee57a9f' (2024-09-19)
  → 'github:numtide/treefmt-nix/1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3' (2024-09-25)
• Updated input 'stylix':
    'github:danth/stylix/cf8b6e2d4e8aca8ef14b839a906ab5eb98b08561' (2024-09-24)
  → 'github:danth/stylix/e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4' (2024-09-26)
2024-09-27 18:42:49 +02:00
58e0708ff9
librespeed,graphical: minor fixes 2024-09-27 18:42:43 +02:00
Update Bot
1c8bfba590
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/6d42596a35d34918a905e8539a44d3fc91f42b5b' (2024-09-24)
  → 'github:nix-community/disko/c1c472f4cd91e4b0703e02810a8c7ed30186b6fa' (2024-09-25)
• Updated input 'home-manager':
    'github:nix-community/home-manager/21c021862fa696c8199934e2153214ab57150cb6' (2024-09-23)
  → 'github:nix-community/home-manager/1e22ef1518fb175d762006f9cae7f6312b8caedb' (2024-09-25)
• Updated input 'nixvim':
    'github:nix-community/nixvim/8f991cc8bc417ddbd1d5c7732268255557c13f4a' (2024-09-24)
  → 'github:nix-community/nixvim/7bda0f1ce49e9da252bcee20b5f700e6dcd3cf8d' (2024-09-25)
2024-09-26 04:21:00 +02:00
Update Bot
a0f0dc73d2
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b1d6bed240abef5f5373e88fc7909f493013e557' (2024-09-23)
  → 'github:nix-community/disko/6d42596a35d34918a905e8539a44d3fc91f42b5b' (2024-09-24)
• Updated input 'nixvim':
    'github:nix-community/nixvim/a75c2235d920dfd443d52c134bb51aa458f26814' (2024-09-24)
  → 'github:nix-community/nixvim/8f991cc8bc417ddbd1d5c7732268255557c13f4a' (2024-09-24)
• Updated input 'stylix':
    'github:danth/stylix/eccb9f2d63f4582b1c1ffe97d806156147aeee5f' (2024-09-23)
  → 'github:danth/stylix/cf8b6e2d4e8aca8ef14b839a906ab5eb98b08561' (2024-09-24)
• Removed input 'stylix/base16-foot'
• Removed input 'stylix/base16-kitty'
• Removed input 'stylix/base16-tmux'
• Added input 'stylix/tinted-foot':
    'github:tinted-theming/tinted-foot/eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce' (2023-10-08)
• Added input 'stylix/tinted-kitty':
    'github:tinted-theming/tinted-kitty/06bb401fa9a0ffb84365905ffbb959ae5bf40805' (2022-10-05)
• Added input 'stylix/tinted-tmux':
    'github:tinted-theming/tinted-tmux/c02050bebb60dbb20cb433cd4d8ce668ecc11ba7' (2023-10-08)
2024-09-25 04:20:27 +02:00
7b2b29aa9f
librespeed: test module 2024-09-24 23:56:26 +02:00
Update Bot
50be012843
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/51994df8ba24d5db5459ccf17b6494643301ad28' (2024-09-20)
  → 'github:nix-community/disko/b1d6bed240abef5f5373e88fc7909f493013e557' (2024-09-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04213d1ce4221f5d9b40bcee30706ce9a91d148d' (2024-09-22)
  → 'github:nix-community/home-manager/21c021862fa696c8199934e2153214ab57150cb6' (2024-09-23)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c04d5652cfa9742b1d519688f65d1bbccea9eb7e' (2024-09-19)
  → 'github:nixos/nixpkgs/9357f4f23713673f310988025d9dc261c20e70c6' (2024-09-21)
• Updated input 'nixvim':
    'github:nix-community/nixvim/a9345dcfc31519734361fecd246d32164feafbca' (2024-09-23)
  → 'github:nix-community/nixvim/a75c2235d920dfd443d52c134bb51aa458f26814' (2024-09-24)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/c03f85fa42d68d1056ca1740f3113b04f3addff2' (2024-09-19)
  → 'github:lnl7/nix-darwin/bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d' (2024-09-22)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/7733a39a1321057172d87e6251ded7cdeb67171e' (2024-09-20)
  → 'github:NuschtOS/search/3b7dd61b365ca45380707453758a45f2e9977be3' (2024-09-22)
• Updated input 'nixvim/nuschtosSearch/flake-utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
  → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
• Updated input 'stylix':
    'github:danth/stylix/53bcceb4e46d0b3e8ae6434a7a6bcc3463092093' (2024-09-20)
  → 'github:danth/stylix/eccb9f2d63f4582b1c1ffe97d806156147aeee5f' (2024-09-23)
2024-09-24 04:21:15 +02:00
Update Bot
6e355613a3
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/14929f7089268481d86b83ed31ffd88713dcd415' (2024-09-21)
  → 'github:nix-community/home-manager/04213d1ce4221f5d9b40bcee30706ce9a91d148d' (2024-09-22)
• Updated input 'kyouma-www':
    'git+https://woof.rip/emily/kyouma-net.git?ref=refs/heads/main&rev=fc34094fc69e69e217db1bf17d82b9d0bf3b2cc4' (2024-06-24)
  → 'git+https://woof.rip/emily/kyouma-net.git?ref=refs/heads/main&rev=f4e46ff6820d334c12b8f3a609ab43b895d3b630' (2024-09-22)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/b493dfd4a8cf9552932179e56ff3b5819a9b8381' (2024-09-21)
  → 'github:nixos/nixos-hardware/d0cb432a9d28218df11cbd77d984a2a46caeb5ac' (2024-09-22)
• Updated input 'nixvim':
    'github:nix-community/nixvim/2bc6a949924319f61619d32695115a61394741f8' (2024-09-21)
  → 'github:nix-community/nixvim/a9345dcfc31519734361fecd246d32164feafbca' (2024-09-23)
2024-09-23 04:20:23 +02:00
Update Bot
cc3dcbbeb5
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/dfe4d334b172071e7189d971ddecd3a7f811b48d' (2024-09-20)
  → 'github:nix-community/home-manager/14929f7089268481d86b83ed31ffd88713dcd415' (2024-09-21)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/10d5e0ecc32984c1bf1a9a46586be3451c42fd94' (2024-09-19)
  → 'github:nixos/nixos-hardware/b493dfd4a8cf9552932179e56ff3b5819a9b8381' (2024-09-21)
• Updated input 'nixvim':
    'github:nix-community/nixvim/3211ce356be612ae89a38c60799992bde8a47127' (2024-09-20)
  → 'github:nix-community/nixvim/2bc6a949924319f61619d32695115a61394741f8' (2024-09-21)
2024-09-22 04:20:44 +02:00
Update Bot
97fad990a5
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/624fd86460e482017ed9c3c3c55a3758c06a4e7f' (2024-09-19)
  → 'github:nix-community/disko/51994df8ba24d5db5459ccf17b6494643301ad28' (2024-09-20)
• Updated input 'dns':
    'github:kirelagin/dns.nix/e6693931023206f1f3c2bfc57d2c98b5f27f52e6' (2024-06-27)
  → 'github:kirelagin/dns.nix/a3196708a56dee76186a9415c187473b94e6cbae' (2024-09-20)
• Updated input 'home-manager':
    'github:nix-community/home-manager/1786e2afdbc48e9038f7cff585069736e1d0ed44' (2024-09-19)
  → 'github:nix-community/home-manager/dfe4d334b172071e7189d971ddecd3a7f811b48d' (2024-09-20)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/99dc8785f6a0adac95f5e2ab05cc2e1bf666d172' (2024-09-16)
  → 'github:nixos/nixpkgs/c04d5652cfa9742b1d519688f65d1bbccea9eb7e' (2024-09-19)
• Updated input 'nixvim':
    'github:nix-community/nixvim/400d1d927d76791b46ae30d431d908c60e411a26' (2024-09-19)
  → 'github:nix-community/nixvim/3211ce356be612ae89a38c60799992bde8a47127' (2024-09-20)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/7570de7b9b504cfe92025dd1be797bf546f66528' (2024-09-05)
  → 'github:cachix/git-hooks.nix/4e743a6920eab45e8ba0fbe49dc459f1423a4b74' (2024-09-19)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/21fe31f26473c180390cfa81e3ea81aca0204c80' (2024-09-13)
  → 'github:lnl7/nix-darwin/c03f85fa42d68d1056ca1740f3113b04f3addff2' (2024-09-19)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/97d34b70deed4878fcb2449ac89dab717d72efa1' (2024-09-15)
  → 'github:NuschtOS/search/7733a39a1321057172d87e6251ded7cdeb67171e' (2024-09-20)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/9fb342d14b69aefdf46187f6bb80a4a0d97007cd' (2024-09-02)
  → 'github:numtide/treefmt-nix/ee41a466c2255a3abe6bc50fc6be927cdee57a9f' (2024-09-19)
• Updated input 'stylix':
    'github:danth/stylix/149b313ddf91c3cc94309170498b162cec666675' (2024-09-16)
  → 'github:danth/stylix/53bcceb4e46d0b3e8ae6434a7a6bcc3463092093' (2024-09-20)
• Updated input 'stylix/base16-helix':
    'github:tinted-theming/base16-helix/34f41987bec14c0f3f6b2155c19787b1f6489625' (2024-07-12)
  → 'github:tinted-theming/base16-helix/7f795bf75d38e0eea9fed287264067ca187b88a9' (2024-09-09)
2024-09-21 04:20:47 +02:00
Update Bot
81ecd43174
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/d32d1504c77d7f6ba7e033357dcf638baceab9b7' (2024-09-17)
  → 'github:nix-community/disko/624fd86460e482017ed9c3c3c55a3758c06a4e7f' (2024-09-19)
• Updated input 'home-manager':
    'github:nix-community/home-manager/d2493de5cd1da06b6a4c3e97f4e7d5dd791df457' (2024-09-17)
  → 'github:nix-community/home-manager/1786e2afdbc48e9038f7cff585069736e1d0ed44' (2024-09-19)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/abb448608a56a60075468e90d8acec2a7cb689b1' (2024-09-18)
  → 'github:nixos/nixos-hardware/10d5e0ecc32984c1bf1a9a46586be3451c42fd94' (2024-09-19)
• Updated input 'nixvim':
    'github:nix-community/nixvim/9307b201a3dc57d5b71ded4f897ea9d096544877' (2024-09-18)
  → 'github:nix-community/nixvim/400d1d927d76791b46ae30d431d908c60e411a26' (2024-09-19)
2024-09-20 04:21:11 +02:00
Update Bot
55982c87a1
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/dc8b0296f68f72f3fe77469c549a6f098555c2e9' (2024-09-16)
  → 'github:nixos/nixos-hardware/abb448608a56a60075468e90d8acec2a7cb689b1' (2024-09-18)
• Updated input 'nixvim':
    'github:nix-community/nixvim/6cbf441c22b2c26a1561993f5993e20612a6df1c' (2024-09-17)
  → 'github:nix-community/nixvim/9307b201a3dc57d5b71ded4f897ea9d096544877' (2024-09-18)
2024-09-19 04:20:55 +02:00
Update Bot
5486e29490
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/22ee467a54a3ab7fa9d637ccad5330c6c087e9dc' (2024-09-16)
  → 'github:nix-community/disko/d32d1504c77d7f6ba7e033357dcf638baceab9b7' (2024-09-17)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
  → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
• Updated input 'home-manager':
    'github:nix-community/home-manager/a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff' (2024-09-15)
  → 'github:nix-community/home-manager/d2493de5cd1da06b6a4c3e97f4e7d5dd791df457' (2024-09-17)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/345c263f2f53a3710abe117f28a5cb86d0ba4059' (2024-09-13)
  → 'github:nixos/nixpkgs/99dc8785f6a0adac95f5e2ab05cc2e1bf666d172' (2024-09-16)
• Updated input 'nixvim':
    'github:nix-community/nixvim/2e3083e42509c399b224239f6d7fa17976b18536' (2024-09-16)
  → 'github:nix-community/nixvim/6cbf441c22b2c26a1561993f5993e20612a6df1c' (2024-09-17)
2024-09-18 04:21:02 +02:00
9cf734c7ff
integra: Add cafkafks ssh key to aarch64 build worker 2024-09-17 16:19:39 +02:00
Update Bot
1863e2a718
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/51e3a7e51279fedfb6669a00d21dc5936c78a6ce' (2024-09-15)
  → 'github:nix-community/disko/22ee467a54a3ab7fa9d637ccad5330c6c087e9dc' (2024-09-16)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
  → 'github:nixos/nixos-hardware/dc8b0296f68f72f3fe77469c549a6f098555c2e9' (2024-09-16)
• Updated input 'nixvim':
    'github:nix-community/nixvim/95b322a5220744a5cac725e62fa4e612851edbc2' (2024-09-15)
  → 'github:nix-community/nixvim/2e3083e42509c399b224239f6d7fa17976b18536' (2024-09-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f30b1bac192e2dc252107ac8a59a03ad25e1b96e' (2024-09-13)
  → 'github:Mic92/sops-nix/e2d404a7ea599a013189aa42947f66cede0645c8' (2024-09-16)
• Updated input 'stylix':
    'github:danth/stylix/35233f929629c8eb64e939e35260fc8347f94df9' (2024-09-12)
  → 'github:danth/stylix/149b313ddf91c3cc94309170498b162cec666675' (2024-09-16)
2024-09-17 04:20:38 +02:00
Update Bot
896580046f
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/3632080c41d7a657995807689a08ef6c4bcb2c72' (2024-09-14)
  → 'github:nix-community/disko/51e3a7e51279fedfb6669a00d21dc5936c78a6ce' (2024-09-15)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f' (2024-09-14)
  → 'github:nix-community/home-manager/a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff' (2024-09-15)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
  → 'github:nixos/nixpkgs/345c263f2f53a3710abe117f28a5cb86d0ba4059' (2024-09-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/61be7a6eed7b6e70db9731cdf32d6a3e163cee73' (2024-09-15)
  → 'github:nix-community/nixvim/95b322a5220744a5cac725e62fa4e612851edbc2' (2024-09-15)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/4267d5c5b51591a9553eefbd12172da050ee3433' (2024-09-13)
  → 'github:NuschtOS/search/97d34b70deed4878fcb2449ac89dab717d72efa1' (2024-09-15)
2024-09-16 04:22:12 +02:00
Update Bot
6f96e220e3
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/4ef99d8ec41369b6fbe83479b5566c2b8856972c' (2024-09-13)
  → 'github:nix-community/disko/3632080c41d7a657995807689a08ef6c4bcb2c72' (2024-09-14)
• Updated input 'home-manager':
    'github:nix-community/home-manager/503af483e1b328691ea3a434d331995595fb2e3d' (2024-09-13)
  → 'github:nix-community/home-manager/e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f' (2024-09-14)
• Updated input 'nixvim':
    'github:nix-community/nixvim/4e5bd1d79bb88b98e4d23241096989373150112c' (2024-09-13)
  → 'github:nix-community/nixvim/61be7a6eed7b6e70db9731cdf32d6a3e163cee73' (2024-09-15)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01)
  → 'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a' (2024-09-12)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/f4f18f3d7229845e1c9d517457b7a0b90a38b728' (2024-09-11)
  → 'github:lnl7/nix-darwin/21fe31f26473c180390cfa81e3ea81aca0204c80' (2024-09-13)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/9eaa0246f803758c26f00d21188de00098b79c8b' (2024-09-10)
  → 'github:NuschtOS/search/4267d5c5b51591a9553eefbd12172da050ee3433' (2024-09-13)
2024-09-15 04:20:54 +02:00
Update Bot
5f432307c7
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/59fb64b36b0a1961f6d4c6d5b8db45cc35d040f2' (2024-09-12)
  → 'github:nix-community/disko/4ef99d8ec41369b6fbe83479b5566c2b8856972c' (2024-09-13)
• Updated input 'home-manager':
    'github:nix-community/home-manager/da8406a6ff556b86dc368e96ca8bd81b2704a91a' (2024-09-12)
  → 'github:nix-community/home-manager/503af483e1b328691ea3a434d331995595fb2e3d' (2024-09-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1355a0cbfeac61d785b7183c0caaec1f97361b43' (2024-09-10)
  → 'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
• Updated input 'nixvim':
    'github:nix-community/nixvim/27a0dd435dd3563f4cf9d788601fadfce8c59db6' (2024-09-12)
  → 'github:nix-community/nixvim/4e5bd1d79bb88b98e4d23241096989373150112c' (2024-09-13)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
  → 'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/4509ca64f1084e73bc7a721b20c669a8d4c5ebe6' (2024-08-28)
  → 'github:cachix/git-hooks.nix/7570de7b9b504cfe92025dd1be797bf546f66528' (2024-09-05)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/ac5694a0b855a981e81b4d9f14052e3ff46ca39e' (2024-08-25)
  → 'github:lnl7/nix-darwin/f4f18f3d7229845e1c9d517457b7a0b90a38b728' (2024-09-11)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/5a08d691de30b6fc28d58ce71a5e420f2694e087' (2024-08-25)
  → 'github:NuschtOS/search/9eaa0246f803758c26f00d21188de00098b79c8b' (2024-09-10)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/3ffd842a5f50f435d3e603312eefa4790db46af5' (2024-08-28)
  → 'github:numtide/treefmt-nix/9fb342d14b69aefdf46187f6bb80a4a0d97007cd' (2024-09-02)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/cede1a08039178ac12957733e97ab1006c6b6892' (2024-09-09)
  → 'github:Mic92/sops-nix/f30b1bac192e2dc252107ac8a59a03ad25e1b96e' (2024-09-13)
2024-09-14 04:20:59 +02:00
Update Bot
ec07bbcb11
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe' (2024-09-03)
  → 'github:nix-community/disko/59fb64b36b0a1961f6d4c6d5b8db45cc35d040f2' (2024-09-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/8a1671642826633586d12ac3158e463c7a50a112' (2024-09-11)
  → 'github:nix-community/home-manager/da8406a6ff556b86dc368e96ca8bd81b2704a91a' (2024-09-12)
• Updated input 'nixvim':
    'github:nix-community/nixvim/11c133e89e4090c43445a2c3b5af2322831d7219' (2024-09-11)
  → 'github:nix-community/nixvim/27a0dd435dd3563f4cf9d788601fadfce8c59db6' (2024-09-12)
• Updated input 'stylix':
    'github:danth/stylix/ef81ad9e85e60420cc83d4642619c14b57139d33' (2024-09-02)
  → 'github:danth/stylix/35233f929629c8eb64e939e35260fc8347f94df9' (2024-09-12)
2024-09-13 04:21:09 +02:00
Update Bot
599ce3247d
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/aec90814a4ecbc40171d57eeef97c5cab4aaa7b4' (2024-09-08)
  → 'github:zhaofengli/attic/416687e59c4f0b32742423458cab2c5ff8fe748a' (2024-09-11)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e5fa72bad0c6f533e8d558182529ee2acc9454fe' (2024-09-10)
  → 'github:nix-community/home-manager/8a1671642826633586d12ac3158e463c7a50a112' (2024-09-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
  → 'github:nixos/nixpkgs/1355a0cbfeac61d785b7183c0caaec1f97361b43' (2024-09-10)
• Updated input 'nixvim':
    'github:nix-community/nixvim/fc7e9b29271a03459191955f78d4128451b7cd81' (2024-09-10)
  → 'github:nix-community/nixvim/11c133e89e4090c43445a2c3b5af2322831d7219' (2024-09-11)
2024-09-12 04:20:57 +02:00
e56c756223
ooklaserver: Cleanup 2024-09-12 00:39:29 +02:00
66bfeade06
fix: attic inputs and update-nixfiles 2024-09-11 22:17:48 +02:00
4422ecabc3
ooklaserver: Init module 2024-09-11 22:17:25 +02:00
Update Bot
052faf0dae
flake.lock: Update
Flake lock file updates:

• Updated input 'nixvim':
    'github:nix-community/nixvim/faa2e6306c0a1ae8e67dfdb0d75cd5ecd427ca5d' (2024-09-10)
  → 'github:nix-community/nixvim/fc7e9b29271a03459191955f78d4128451b7cd81' (2024-09-10)
2024-09-11 04:20:30 +02:00
1b2c329422
graphical: Move config to a module 2024-09-10 12:02:18 +02:00
Update Bot
bd246c4022
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/f74cee00364a36e4db8d05dc9c98391e18d9b4f8' (2024-08-30)
  → 'github:zhaofengli/attic/aec90814a4ecbc40171d57eeef97c5cab4aaa7b4' (2024-09-08)
• Removed input 'attic/flake-utils'
• Updated input 'disko':
    'github:nix-community/disko/96073e6423623d4a8027e9739d2af86d6422ea7a' (2024-09-02)
  → 'github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe' (2024-09-03)
• Updated input 'fernglas':
    'github:wobcom/fernglas/25020466957dbe0e193f7857d827020f5c1aa996' (2024-02-07)
  → 'github:wobcom/fernglas/25e55f0275c369d66ccd847e7fc0f4cbd4ca4d26' (2024-09-03)
• Updated input 'fernglas/communities':
    'github:NLNOG/lg.ring.nlnog.net/20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99' (2024-01-31)
  → 'github:NLNOG/lg.ring.nlnog.net/41cf616bae6fba597d074a484aabf1bee9002fb5' (2024-06-26)
• Updated input 'fernglas/nixpkgs':
    'github:NixOS/nixpkgs/faf912b086576fd1a15fca610166c98d47bc667e' (2024-02-05)
  → 'github:NixOS/nixpkgs/655a58a72a6601292512670343087c2d75d859c1' (2024-07-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/471e3eb0a114265bcd62d11d58ba8d3421ee68eb' (2024-09-01)
  → 'github:nix-community/home-manager/e5fa72bad0c6f533e8d558182529ee2acc9454fe' (2024-09-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28)
  → 'github:nixos/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/12228ff1752d7b7624a54e9c1af4b222b3c1073b' (2024-08-31)
  → 'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
• Updated input 'nixvim':
    'github:nix-community/nixvim/2b30ee87031fb40f0f894de00c23ea41714d940e' (2024-09-01)
  → 'github:nix-community/nixvim/faa2e6306c0a1ae8e67dfdb0d75cd5ecd427ca5d' (2024-09-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/5db5921e40ae382d6716dce591ea23b0a39d96f7' (2024-09-01)
  → 'github:Mic92/sops-nix/cede1a08039178ac12957733e97ab1006c6b6892' (2024-09-09)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171' (2024-07-21)
  → 'github:NixOS/nixpkgs/dc454045f5b5d814e5862a6d057e7bb5c29edc05' (2024-09-08)
• Updated input 'stylix':
    'github:danth/stylix/3a4101c4f4abee41859c0cb98f6250f04c80d0f6' (2024-08-31)
  → 'github:danth/stylix/ef81ad9e85e60420cc83d4642619c14b57139d33' (2024-09-02)
2024-09-10 11:19:41 +02:00
ed3c9c2c7e
Use lix everywhere 2024-09-10 11:02:43 +02:00
7ea51e7e28
build-worker: Use sshServe 2024-09-06 12:53:47 +02:00
909e1d81e1
build-worker-oci: Update 2024-09-03 15:00:28 +02:00
509219aeb3
build-worker-oci: Fix update.sh 2024-09-03 14:59:50 +02:00
9193287ca8
hydra: Renumber build workers 2024-09-03 14:27:57 +02:00
Update Bot
937f7d2103
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/511388d837178979de66d14ca4a2ebd5f7991cd3' (2024-08-29)
  → 'github:nix-community/disko/96073e6423623d4a8027e9739d2af86d6422ea7a' (2024-09-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/c2cd2a52e02f1dfa1c88f95abeb89298d46023be' (2024-08-23)
  → 'github:nix-community/home-manager/471e3eb0a114265bcd62d11d58ba8d3421ee68eb' (2024-09-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2' (2024-08-28)
  → 'github:nixos/nixpkgs/12228ff1752d7b7624a54e9c1af4b222b3c1073b' (2024-08-31)
• Updated input 'nixvim':
    'github:nix-community/nixvim/caefb266bee301922a4cf4d4564b1b000a0a21c3' (2024-08-31)
  → 'github:nix-community/nixvim/2b30ee87031fb40f0f894de00c23ea41714d940e' (2024-09-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
  → 'github:Mic92/sops-nix/5db5921e40ae382d6716dce591ea23b0a39d96f7' (2024-09-01)
2024-09-02 04:20:49 +02:00
0d5158fb36
hydra: Increase max_output_size 2024-09-01 23:30:26 +02:00
Update Bot
bf5e1c03f9
flake.lock: Update
Flake lock file updates:

• Updated input 'nixvim':
    'github:nix-community/nixvim/56208f9e3f46f034353636fa651df8663ec57fa3' (2024-08-30)
  → 'github:nix-community/nixvim/caefb266bee301922a4cf4d4564b1b000a0a21c3' (2024-08-31)
• Updated input 'stylix':
    'github:danth/stylix/6c895c6b42ca205017abe72a7263baf36a197972' (2024-08-26)
  → 'github:danth/stylix/3a4101c4f4abee41859c0cb98f6250f04c80d0f6' (2024-08-31)
2024-09-01 04:21:02 +02:00
Update Bot
70f76b0c3e
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/c2354f658582f7c870316dfce612cf7454720abe' (2024-08-24)
  → 'github:zhaofengli/attic/f74cee00364a36e4db8d05dc9c98391e18d9b4f8' (2024-08-30)
• Added input 'attic/flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
• Added input 'attic/flake-parts/nixpkgs-lib':
    follows 'attic/nixpkgs'
• Updated input 'attic/nixpkgs-stable':
    'github:NixOS/nixpkgs/205fd4226592cc83fd4c0885a3e4c9c400efabb5' (2024-07-09)
  → 'github:NixOS/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22)
• Updated input 'nixvim':
    'github:nix-community/nixvim/2704133fe3ca616b22ed6685cc67180456eb4160' (2024-08-29)
  → 'github:nix-community/nixvim/56208f9e3f46f034353636fa651df8663ec57fa3' (2024-08-30)
2024-08-31 04:20:28 +02:00
Update Bot
3600ccf512
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d0e1602ddde669d5beb01aec49d71a51937ed7be' (2024-08-24)
  → 'github:nixos/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2' (2024-08-28)
• Updated input 'nixvim':
    'github:nix-community/nixvim/70e9532ec290769e4d671747b0f65b1c29a3c14e' (2024-08-28)
  → 'github:nix-community/nixvim/2704133fe3ca616b22ed6685cc67180456eb4160' (2024-08-29)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/c8a54057aae480c56e28ef3e14e4960628ac495b' (2024-08-23)
  → 'github:cachix/git-hooks.nix/4509ca64f1084e73bc7a721b20c669a8d4c5ebe6' (2024-08-28)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/070f834771efa715f3e74cd8ab93ecc96fabc951' (2024-08-22)
  → 'github:numtide/treefmt-nix/3ffd842a5f50f435d3e603312eefa4790db46af5' (2024-08-28)
2024-08-30 04:20:46 +02:00
Update Bot
0f578b4b7c
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b89a61129f3976d6440e2356ac5d3e30930f7012' (2024-08-27)
  → 'github:nix-community/disko/511388d837178979de66d14ca4a2ebd5f7991cd3' (2024-08-29)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/9fc19be21f0807d6be092d70bf0b1de0c00ac895' (2024-08-25)
  → 'github:nixos/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28)
• Updated input 'nixvim':
    'github:nix-community/nixvim/4814147442cd3f12f8160ecad9e36751f68cdc22' (2024-08-27)
  → 'github:nix-community/nixvim/70e9532ec290769e4d671747b0f65b1c29a3c14e' (2024-08-28)
2024-08-29 04:20:57 +02:00
Update Bot
363a76fc44
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b09eb605e376c9e95c87c0ef3fcb8008e11c8368' (2024-08-26)
  → 'github:nix-community/disko/b89a61129f3976d6440e2356ac5d3e30930f7012' (2024-08-27)
• Updated input 'nixvim':
    'github:nix-community/nixvim/eac092c876e4c4861c6df0cff93e25b972b1842c' (2024-08-26)
  → 'github:nix-community/nixvim/4814147442cd3f12f8160ecad9e36751f68cdc22' (2024-08-27)
2024-08-28 04:20:22 +02:00
Update Bot
1b2a6405b9
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
  → 'github:nix-community/disko/b09eb605e376c9e95c87c0ef3fcb8008e11c8368' (2024-08-26)
• Updated input 'hydra':
    'git+https://git.lix.systems/snaakey/hydra.git?ref=refs/heads/main&rev=3c5c42385a4abff328e1bc2c1bac4701891570ec' (2024-08-25)
  → 'git+https://git.lix.systems/snaakey/hydra.git?ref=refs/heads/main&rev=ab6d81fad404af05dfeae7f74d1783a2f7367826' (2024-08-26)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
  → 'github:nixos/nixpkgs/d0e1602ddde669d5beb01aec49d71a51937ed7be' (2024-08-24)
• Updated input 'nixvim':
    'github:nix-community/nixvim/8234ee85eaa2c8b7f2c74f5b4cdf02c4965b07fc' (2024-08-24)
  → 'github:nix-community/nixvim/eac092c876e4c4861c6df0cff93e25b972b1842c' (2024-08-26)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/ea319a737939094b48fda9063fa3201ef2479aac' (2024-08-24)
  → 'github:lnl7/nix-darwin/ac5694a0b855a981e81b4d9f14052e3ff46ca39e' (2024-08-25)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/a05d1805f2a2bc47d230e5e92aecbf69f784f3d0' (2024-08-18)
  → 'github:NuschtOS/search/5a08d691de30b6fc28d58ce71a5e420f2694e087' (2024-08-25)
• Updated input 'stylix':
    'github:danth/stylix/d042af478ce87e188139480922a3085218194106' (2024-08-23)
  → 'github:danth/stylix/6c895c6b42ca205017abe72a7263baf36a197972' (2024-08-26)
2024-08-27 04:20:49 +02:00
Update Bot
0024b744e4
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1c84c314db42dd40ed6cf9293b9451ec2e7ebee4' (2024-08-24)
  → 'github:nixos/nixos-hardware/9fc19be21f0807d6be092d70bf0b1de0c00ac895' (2024-08-25)
2024-08-26 04:20:17 +02:00
bfc46c3164
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/snaakey/hydra.git?ref=refs/heads/main&rev=6eed4a5294d12563649a0af901eb8f8584aa549e' (2024-08-22)
  → 'git+https://git.lix.systems/snaakey/hydra.git?ref=refs/heads/main&rev=46c68b3a691e0ab5cd5b1f0907a44f87e24dbe7d' (2024-08-25)
2024-08-25 14:16:50 +02:00
Update Bot
5f96194984
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/6d9aeaef0a067d664cb11bb7704f7ec373d47fb2' (2024-08-21)
  → 'github:zhaofengli/attic/c2354f658582f7c870316dfce612cf7454720abe' (2024-08-24)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/b09c46430ffcf18d575acf5c339b38ac4e1db5d2' (2024-08-19)
  → 'github:nixos/nixos-hardware/1c84c314db42dd40ed6cf9293b9451ec2e7ebee4' (2024-08-24)
• Updated input 'nixvim':
    'github:nix-community/nixvim/1181535e34e433775ec3dbe962e50b1ebf85d44e' (2024-08-24)
  → 'github:nix-community/nixvim/8234ee85eaa2c8b7f2c74f5b4cdf02c4965b07fc' (2024-08-24)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/6cedaa7c1b4f82a266e5d30f212273e60d62cb0d' (2024-08-21)
  → 'github:cachix/git-hooks.nix/c8a54057aae480c56e28ef3e14e4960628ac495b' (2024-08-23)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
  → 'github:lnl7/nix-darwin/ea319a737939094b48fda9063fa3201ef2479aac' (2024-08-24)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/1d07739554fdc4f8481068f1b11d6ab4c1a4167a' (2024-08-16)
  → 'github:numtide/treefmt-nix/070f834771efa715f3e74cd8ab93ecc96fabc951' (2024-08-22)
2024-08-25 04:20:33 +02:00
Update Bot
8574c3104e
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/2598861031b78aadb4da7269df7ca9ddfc3e1671' (2024-08-18)
  → 'github:nix-community/home-manager/c2cd2a52e02f1dfa1c88f95abeb89298d46023be' (2024-08-23)
• Updated input 'nixvim':
    'github:nix-community/nixvim/1854d591cb0e5be6ad97f5091766cdf28e948265' (2024-08-22)
  → 'github:nix-community/nixvim/1181535e34e433775ec3dbe962e50b1ebf85d44e' (2024-08-24)
• Updated input 'stylix':
    'github:danth/stylix/c5f8f06543b70248a076f888177c7362a24d5dcc' (2024-08-21)
  → 'github:danth/stylix/d042af478ce87e188139480922a3085218194106' (2024-08-23)
• Added input 'stylix/flake-utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
• Added input 'stylix/flake-utils/systems':
    follows 'stylix/systems'
• Added input 'stylix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
2024-08-24 04:20:21 +02:00
Update Bot
fb7628d979
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/4b866c9942d0f771ae934f04ca9859936f9bfbcf' (2024-08-22)
  → 'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/8a3354191c0d7144db9756a74755672387b702ba' (2024-08-18)
  → 'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
• Updated input 'nixvim':
    'github:nix-community/nixvim/b7f419a759f70126e220533b724cc17e8528b184' (2024-08-21)
  → 'github:nix-community/nixvim/1854d591cb0e5be6ad97f5091766cdf28e948265' (2024-08-22)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba' (2024-08-16)
  → 'github:cachix/git-hooks.nix/6cedaa7c1b4f82a266e5d30f212273e60d62cb0d' (2024-08-21)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/076b9a905af8a52b866c8db068d6da475839d97b' (2024-08-17)
  → 'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
2024-08-23 04:20:54 +02:00
5660ee6f2f
Use own hydra branch until PR is merged 2024-08-22 20:40:57 +02:00
dc2db99c72
Fix ryuuko build 2024-08-22 18:27:32 +02:00
Update Bot
b4693e11fd
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/acf3c351f8de47c6857f31948ab253f9c7ce2a6f' (2024-08-19)
  → 'github:zhaofengli/attic/6d9aeaef0a067d664cb11bb7704f7ec373d47fb2' (2024-08-21)
• Updated input 'disko':
    'github:nix-community/disko/c7b14da22e302e0f9d7aa4df26b61016bcedf738' (2024-08-20)
  → 'github:nix-community/disko/4b866c9942d0f771ae934f04ca9859936f9bfbcf' (2024-08-22)
• Updated input 'lix':
    'bcaeb6388b.tar.gz?narHash=sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s%3D' (2024-08-12)
  → 'bcaeb6388b.tar.gz?narHash=sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s%3D&rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2' (2024-08-12)
• Updated input 'lix-module':
    '622a2253a0.tar.gz?narHash=sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts%3D' (2024-08-13)
  → '622a2253a0.tar.gz?narHash=sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts%3D&rev=622a2253a071a1fb97a4d3c8103a91114acc1140' (2024-08-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/851edc8df1347aef556a646c80d469a3137331ba' (2024-08-20)
  → 'github:nix-community/nixvim/b7f419a759f70126e220533b724cc17e8528b184' (2024-08-21)
• Updated input 'stylix':
    'github:danth/stylix/94d70292d0c687ebacb65d00bd516cbefa18d3ca' (2024-08-19)
  → 'github:danth/stylix/c5f8f06543b70248a076f888177c7362a24d5dcc' (2024-08-21)
2024-08-22 04:20:26 +02:00
2986df9e03
Move hydra to lix fork 2024-08-21 23:27:57 +02:00
0afbda1448
Add new build machines 2024-08-21 21:49:00 +02:00
a7764b3311
Add build-worker-oci container image 2024-08-21 21:32:49 +02:00
Update Bot
4d5f52e9e2
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/26b9417bde03edc6280d1f7ce709cd619cdb72d4' (2024-08-13)
  → 'github:zhaofengli/attic/acf3c351f8de47c6857f31948ab253f9c7ce2a6f' (2024-08-19)
• Updated input 'attic/crane':
    'github:ipetkov/crane/480dff0be03dac0e51a8dfc26e882b0d123a450e' (2024-05-29)
  → 'github:ipetkov/crane/4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4' (2024-08-06)
• Updated input 'attic/flake-compat':
    'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
  → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'attic/nixpkgs-stable':
    'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26)
  → 'github:NixOS/nixpkgs/205fd4226592cc83fd4c0885a3e4c9c400efabb5' (2024-07-09)
• Updated input 'disko':
    'github:nix-community/disko/0d510fe40b56ed74907a021d7e1ffd0042592914' (2024-08-12)
  → 'github:nix-community/disko/c7b14da22e302e0f9d7aa4df26b61016bcedf738' (2024-08-20)
• Updated input 'home-manager':
    'github:nix-community/home-manager/086f619dd991a4d355c07837448244029fc2d9ab' (2024-08-11)
  → 'github:nix-community/home-manager/2598861031b78aadb4da7269df7ca9ddfc3e1671' (2024-08-18)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
  → 'github:nixos/nixos-hardware/b09c46430ffcf18d575acf5c339b38ac4e1db5d2' (2024-08-19)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/a58bc8ad779655e790115244571758e8de055e3d' (2024-08-11)
  → 'github:nixos/nixpkgs/8a3354191c0d7144db9756a74755672387b702ba' (2024-08-18)
• Updated input 'nixvim':
    'github:nix-community/nixvim/dbf6f7bc997dc3a9ab1f014ea075600357226950' (2024-08-12)
  → 'github:nix-community/nixvim/851edc8df1347aef556a646c80d469a3137331ba' (2024-08-20)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/c7012d0c18567c889b948781bc74a501e92275d1' (2024-08-09)
  → 'github:cachix/git-hooks.nix/bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba' (2024-08-16)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/91010a5613ffd7ee23ee9263213157a1c422b705' (2024-08-06)
  → 'github:lnl7/nix-darwin/076b9a905af8a52b866c8db068d6da475839d97b' (2024-08-17)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/6ca2c3ae05a915c160512bd41f6810f456c9b30d' (2024-08-11)
  → 'github:NuschtOS/search/a05d1805f2a2bc47d230e5e92aecbf69f784f3d0' (2024-08-18)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/349de7bc435bdff37785c2466f054ed1766173be' (2024-08-12)
  → 'github:numtide/treefmt-nix/1d07739554fdc4f8481068f1b11d6ab4c1a4167a' (2024-08-16)
• Updated input 'stylix':
    'github:danth/stylix/5853f1a8bd072f2ebabfc3de3973084353cf6f1e' (2024-08-06)
  → 'github:danth/stylix/94d70292d0c687ebacb65d00bd516cbefa18d3ca' (2024-08-19)
2024-08-21 04:20:13 +02:00
93 changed files with 4309 additions and 933 deletions

View file

@ -3,6 +3,8 @@ keys:
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
creation_rules:
- path_regex: secrets/services/dns-knot.yaml
key_groups:
@ -46,3 +48,27 @@ creation_rules:
- *emily
age:
- *girldick
- path_regex: secrets/hosts/seras.yaml
key_groups:
- pgp:
- *emily
age:
- *seras
- path_regex: secrets/services/akkoma.yaml
key_groups:
- pgp:
- *emily
age:
- *florp
- path_regex: secrets/restic/zh3485s1.yaml
key_groups:
- pgp:
- *emily
age:
- *florp
- path_regex: secrets/restic/zh3485s2.yaml
key_groups:
- pgp:
- *emily
age:
- *crime

View file

@ -1,14 +1,16 @@
{ config, lib, pkgs, ... }:
with lib; {
{ config, inputs, lib, pkgs, ... }: let
inherit (lib) mkDefault;
in {
imports = [
./kernel.nix
./networking.nix
./openssh.nix
./users
./users.nix
../../modules
inputs.lix-module.nixosModules.default
];
environment.systemPackages = with pkgs; [
kitty.terminfo
bat
dig
htop
@ -21,9 +23,8 @@ with lib; {
man-pages-posix
unzip
zip
fd
figlet
] ++ lib.optionals (!config.kyouma.machine-type.container) [
kitty.terminfo
];
programs = {
mtr.enable = true;
@ -54,16 +55,16 @@ with lib; {
'';
users.motdFile = "/var/lib/deployment/motd";
nix.package = pkgs.nixVersions.latest;
nix.package = pkgs.lix.override { enableGC = true; };
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 7d";
nix.optimise.automatic = true;
nix.registry.nixpkgs.to = lib.mkIf (!config.kyouma.machine-type.container) {
nix.registry.nixpkgs.to = {
type = "path";
path = pkgs.path;
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
experimental-features = [ "nix-command" "flakes" "pipe-operator" ];
trusted-users = [ "root" "@wheel" ];
substituters = [ "https://cache.kyouma.net" ];
trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ];
@ -105,6 +106,6 @@ with lib; {
services.fprintd.enable = config.kyouma.machine-type.graphical;
system.stateVersion = "23.11";
system.stateVersion = mkDefault "23.11";
time.timeZone = mkDefault "CET";
}

View file

@ -39,7 +39,7 @@ in {
];
settings = {
PermitRootLogin = "prohibit-password";
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;

View file

@ -1,5 +1,5 @@
{ ... }: {
imports = [
./emily
../users/emily
];
}

View file

@ -52,7 +52,7 @@
programs.eza = {
enable = true;
icons = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"

View file

@ -1,15 +0,0 @@
{ lib, modulesPath, ... }: {
imports = [
"${modulesPath}/virtualisation/docker-image.nix"
../../common
../../profiles/builder.nix
../../profiles/headless.nix
];
networking.hostName = "build-worker-oci";
services.resolved.enable = lib.mkForce false;
kyouma = {
machine-type.container = true;
deployment.auto-upgrade.enable = lib.mkForce false;
};
}

View file

@ -1,31 +1,31 @@
{ ... }: {
{ inputs, ... }: {
imports = [
../../common
../../users/lucy
../../profiles/headless.nix
../../profiles/kartoffel.nix
../../profiles/lxc.nix
../../services/arrs
../../services/jellyfin.nix
../../services/nginx.nix
./nginx.nix
inputs.oth.nixosModules.default
];
networking = {
hostName = "crime";
firewall.allowedTCPPorts = [ 80 443 ];
firewall.allowedUDPPorts = [ 443 ];
};
networking.hostName = "crime";
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::1337/128"
"2a0f:be01:0:100::1338/128"
"2a0f:be01:0:100::b00b:a/128"
];
};
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
"crime.kyouma.net" = {};
kyouma.nginx.defaultForbidden = "fentanyl.trade";
kyouma.restic = {
enable = true;
remoteUser = "zh3485s2";
paths = [
"/var/lib/jellyfin"
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/private/prowlarr"
"/home"
];
};
services.jellyfin.enable = true;
services.sonarr.enable = true;
services.radarr.enable = true;
services.prowlarr.enable = true;
}

View file

@ -1,114 +0,0 @@
{ pkgs, ... }:
let
landingPage = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html>
<head>
<title>crime.kyouma.net</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to crime.kyouma.net!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>Sonarr
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
Radarr
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
Prowlarr
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
'';
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
proxyConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
jellyAddr = "[::1]";
jellyWeb = {
forceSSL = true;
#http3 = true;
#quic = true;
inherit extraConfig;
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://${jellyAddr}:8096";
extraConfig = ''
${proxyConfig}
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://${jellyAddr}:8096/web/index.html";
extraConfig = proxyConfig;
};
"/socket" = {
proxyPass = "http://${jellyAddr}:8096";
proxyWebsockets = true;
extraConfig = proxyConfig;
};
};
};
in {
services.nginx = {
virtualHosts = {
"fentanyl.trade" = jellyWeb // {
enableACME = true;
};
"frotti.ng" = jellyWeb // {
useACMEHost = "fentanyl.trade";
};
};
};
kyouma.nginx.virtualHosts = {
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
"redirect" = {
default = true;
reuseport = true;
useACMEHost = "fentanyl.trade";
extraConfig = ''
return 403;
'';
};
"crime.kyouma.net" = {
listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
locations = {
"/".root = landingPage;
"/sonarr/" = {
proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true;
};
"/radarr/" = {
proxyPass = "http://127.0.0.1:7878";
recommendedProxySettings = true;
};
"/prowlarr/" = {
proxyPass = "http://127.0.0.1:9696";
recommendedProxySettings = true;
};
};
};
};
}

View file

@ -7,6 +7,7 @@
../../services/nginx.nix
../../services/uptime-kuma.nix
../../services/vaultwarden.nix
../../services/librespeed.nix
./disko.nix
./hardware-configuration.nix
];
@ -16,10 +17,8 @@
kyouma.machine-type.physical = true;
kyouma.nginx.defaultForbidden = "uptime.kyouma.net";
networking = {
firewall.allowedTCPPorts = [ 80 443 ];
hostName = "emilia";
};
networking.hostName = "emilia";
systemd.network.networks."98-eth-default" = {
matchConfig.MACAddress = "04:d4:c4:39:73:f6";
addresses = [

View file

@ -62,6 +62,7 @@
};
};
root = {
type = "8300";
size = "100%";
};
};

View file

@ -0,0 +1,68 @@
{ lib, config, pkgs, ... }: {
imports = [
../../common
../../profiles/headless.nix
../../profiles/kartoffel.nix
../../profiles/lxc.nix
../../services/akkoma
../../services/nginx.nix
];
networking = {
hostName = "florp";
domain = lib.mkForce "social";
};
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql";
in {
enable = true;
remoteUser = "zh3485s1";
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
paths = [
"/var/lib/akkoma"
"/var/lib/secrets"
pgBackup
];
backupPrepareCommand = ''
umask 0077
rm -f -- ${pgBackup}
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
${config.services.postgresql.superUser} >${pgBackup}
'';
backupCleanupCommand = ''
rm -f -- ${pgBackup}
'';
};
services.postgresql.settings = {
max_connections = 128;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "34952kB";
huge_pages = "try";
min_wal_size = "2GB";
max_wal_size = "8GB";
max_worker_processes = 16;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 16;
max_parallel_maintenance_workers = 4;
};
system.stateVersion = "24.11";
}

View file

@ -11,7 +11,6 @@
domain = lib.mkForce "girldick.gay";
hostName = "staging";
nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 80 443 ];
};
systemd.network.networks."98-eth-default" = {
address = [

View file

@ -16,6 +16,15 @@
networking.hostName = "integra";
nix.sshServe.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
];
systemd.network.networks."98-eth-default" = {
matchConfig.Type = "ether";
matchConfig.Name = "e*";

View file

@ -1,5 +1,6 @@
{ lib, inputs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./configuration.nix
];

View file

@ -2,7 +2,6 @@
imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme-gen4
../../common
../../profiles/graphical
../../profiles/physical.nix
./disko.nix
./hardware-configuration.nix
@ -41,7 +40,13 @@
extraBackends = [ pkgs.utsushi ];
};
kyouma.machine-type.portable = true;
kyouma = {
graphical = {
enable = true;
compositor = "hyprland";
};
machine-type.portable = true;
};
networking.hostName = "ryuuko";
networking.firewall.allowedTCPPorts = [ 22000 ];

View file

@ -1,6 +1,7 @@
{ ... }: {
{ pkgs, ... }: {
imports = [
../../common
../../users/nil
../../profiles/builder.nix
../../profiles/headless.nix
../../profiles/kartoffel.nix
@ -11,13 +12,37 @@
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking = {
hostName = "seras";
firewall.allowedTCPPorts = [ 80 443 ];
};
networking.hostName = "seras";
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::169/128"
];
};
services.postgresql.settings = {
max_connections = 200;
shared_buffers = "24GB";
effective_cache_size = "72GB";
maintenance_work_mem = "2GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "31457kB";
huge_pages = "try";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 32;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 32;
max_parallel_maintenance_workers = 4;
};
kyouma.ooklaserver = {
enable = true;
openFirewall = true;
domain = "speedtest.kyouma.net";
settings.openSSL.server.minimumTLSProtocol = "1.3";
};
}

View file

@ -11,8 +11,7 @@
networking = {
hostName = "web-dus";
nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ];
firewall.allowedTCPPorts = [ 11019 ];
};
systemd.network.networks."98-eth-default" = {
address = [

View file

@ -1,21 +1,19 @@
{ lib, pkgs, ... }: {
kyouma.deployment.auto-upgrade.cache = "daemon";
nix.gc.options = lib.mkForce "--delete-older-than 60d";
nix.settings = {
trusted-users = [ "build" ];
trusted-users = [ "nix-ssh" ];
#system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
};
nix.extraOptions = ''
min-free = ${builtins.toString (16384 * 1024 * 1024)}
max-free = ${builtins.toString (32768 * 1024 * 1024)}
max-substitution-jobs = 20
max-substitution-jobs = 30
max-silent-time = 14400
'';
users.users.build = {
isNormalUser = true;
shell = pkgs.bash;
ignoreShellProgramCheck = true;
openssh.authorizedKeys.keys = [
nix.sshServe = {
enable = true;
write = true;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"

View file

@ -1,218 +0,0 @@
{ config, pkgs, lib, inputs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
./files.nix
./hyprland.nix
./nixvim.nix
./waybar.nix
];
kyouma.machine-type.graphical = true;
boot.plymouth.enable = true;
security.pam.services.hyprlock = {};
services.dbus.packages = [ pkgs.gcr ];
services.geoclue2.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
services.udisks2.enable = true;
environment.variables = {
CLUTTER_BACKEND = "wayland";
GDK_BACKEND = "wayland,x11";
MOZ_ENABLE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland;xcb";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
LIBVA_DRIVER_NAME = "radeonsi";
MESA_VK_DEVICE_SELECT = "1002:73df";
WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
};
xdg.icons.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
configPackages = [ pkgs.xdg-desktop-portal-hyprland ];
};
stylix= {
image = pkgs.fetchurl {
url = "https://kyouma.net/wallpaper.png";
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
};
polarity = "dark";
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
fonts = {
sansSerif = {
package = pkgs.noto-fonts;
name = "Noto Sans";
};
serif = config.stylix.fonts.sansSerif;
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono Regular";
};
sizes.terminal = 11;
};
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine";
size = 24;
};
targets = {
console.enable = false;
gnome.enable = true;
fish.enable = false;
};
};
home-manager.users.emily = {
stylix.targets = {
hyprland.enable = false;
kitty.enable = false;
mako.enable = false;
rofi.enable = false;
swaylock.enable = false;
waybar.enable = false;
nixvim.enable = false;
fish.enable = false;
};
home.keyboard = {
layout = "de";
variant = "neo_qwerty";
};
programs.imv.enable = true;
programs.wpaperd = {
enable = true;
settings.default = {
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
duration = "60m";
sorting = "random";
};
};
programs.kitty = {
enable = true;
font.size = 13;
font.name = "JetBrains Mono";
settings = {
enable_audio_bell = false;
scrollback_lines = 65536;
remember_window_size = false;
initial_window_width = 1200;
initial_window_height = 800;
bold_font = "auto";
italic_font = "auto";
bold_italic_font = "auto";
background = "#090312";
background_opacity = "0.7";
};
keybindings = {
"shift+right" = "next_tab";
"ctrl+l" = "next_tab";
"shift+left" = "previous_tab";
"ctrl+h" = "previous_tab";
};
};
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
};
programs.zoxide = {
enable = true;
options = [ "--cmd cd" ];
};
programs.fzf.enable = true;
qt = {
enable = true;
platformTheme.name = "qtct";
style.name = "kvantum-dark";
style.package = with pkgs; [
libsForQt5.qtstyleplugin-kvantum
qt6Packages.qtstyleplugin-kvantum
(catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
];
};
gtk.iconTheme.name = "Adwaita";
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
services.gammastep = {
enable = true;
provider = "geoclue2";
temperature.day = 6500;
temperature.night = 3700;
settings.general.adjustment-method = "wayland";
};
services.mako = {
enable = true;
anchor = "top-right";
backgroundColor = "#24273a";
borderColor = "#c6a0f6";
borderRadius = 15;
borderSize = 2;
defaultTimeout = 5000;
layer = "overlay";
maxIconSize = 48;
padding = "15";
progressColor = "over #B4A1DB";
sort = "-time";
textColor = "#cad3f5";
extraConfig = ''
max-history=100
on-button-left=dismiss
on-button-right=dismiss-all
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
[urgency=low]
border-color=#B4A1DB
default-timeout=2000
[urgency=normal]
border-color=#B4A1DB
default-timeout=5000
[urgency=high]
border-color=#D04E9D
text-color=#D04E9D
default-timeout=0
[category=mpd]
border-color=#E49186
default-timeout=2000
group-by=category
'';
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
services.syncthing = {
enable = true;
tray.enable = true;
tray.command = "syncthingtray --replace";
};
services.udiskie = {
enable = true;
automount = false;
};
systemd.user.services.syncthingtray.Service = {
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
Restart = "on-failure";
RestartSec = "1s";
};
};
}

View file

@ -1,219 +0,0 @@
{ pkgs, inputs, ... }: {
home-manager.users.emily.imports = [
inputs.nixvim.homeManagerModules.nixvim
];
home-manager.users.emily.programs.nixvim = {
enable = true;
extraPlugins = [
pkgs.vimPlugins.molokai
pkgs.vimPlugins.vim-airline-themes
];
colorscheme = "molokai";
vimAlias = true;
highlightOverride.Normal = {
ctermbg = "NONE";
bg = "NONE";
};
opts = {
number = true;
expandtab = true;
autoindent = true;
mouse = "";
encoding = "utf-8";
shiftwidth = 2;
smartindent = true;
tabstop = 2;
ignorecase = true;
incsearch = true;
smartcase = true;
};
keymaps = [
{
action = "<cmd>Neotree toggle<CR>";
key = "<C-n>";
mode = "n";
options.silent = true;
}
{
action = "<C-\\><C-n>";
key = "<esc>";
mode = "t";
}
];
plugins.cmp = {
enable = true;
settings.sources = [
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
{ name = "buffer"; }
{ name = "nvim_lua"; }
{ name = "path"; }
];
settings.formatting = {
fields = [ "abbr" "kind" "menu" ];
format = ''
function(_, item)
local icons = {
Namespace = "󰌗",
Text = "󰉿",
Method = "󰆧",
Function = "󰆧",
Constructor = "",
Field = "󰜢",
Variable = "󰀫",
Class = "󰠱",
Interface = "",
Module = "",
Property = "󰜢",
Unit = "󰑭",
Value = "󰎠",
Enum = "",
Keyword = "󰌋",
Snippet = "",
Color = "󰏘",
File = "󰈚",
Reference = "󰈇",
Folder = "󰉋",
EnumMember = "",
Constant = "󰏿",
Struct = "󰙅",
Event = "",
Operator = "󰆕",
TypeParameter = "󰊄",
Table = "",
Object = "󰅩",
Tag = "",
Array = "[]",
Boolean = "",
Number = "",
Null = "󰟢",
String = "󰉿",
Calendar = "",
Watch = "󰥔",
Package = "",
Copilot = "",
Codeium = "",
TabNine = "",
}
local icon = icons[item.kind] or ""
item.kind = string.format("%s %s", icon, item.kind or "")
return item
end
'';
};
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
settings.window = {
completion = {
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
scrollbar = false;
sidePadding = 0;
border = [ "" "" "" "" "" "" "" "" ];
};
documentation = {
border = [ "" "" "" "" "" "" "" "" ];
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
};
};
settings.mapping = {
"<C-n>" = "cmp.mapping.select_next_item()";
"<C-p>" = "cmp.mapping.select_prev_item()";
"<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
"<Tab>" = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif require("luasnip").expand_or_jumpable() then
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
else
fallback()
end
end,{"i","s"})
'';
"<S-Tab>" = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif require("luasnip").jumpable(-1) then
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
else
fallback()
end
end,{"i","s"})
'';
};
};
plugins.lsp = {
enable = true;
keymaps.lspBuf = {
"K" = "hover";
"gd" = "definition";
"gD" = "references";
"gt" = "type_definition";
"gi" = "implementation";
};
servers = {
bashls.enable = true;
lua-ls.enable = true;
nil-ls = {
enable = true;
settings.formatting.command = [ "nixfmt" "-w" "140" ];
};
nixd = {
enable = false;
settings = {
eval.depth = 5;
eval.workers = 6;
formatting.command = [ "nixfmt" "-w" "140" ];
options.enable = true;
};
};
ruff-lsp.enable = true;
rust-analyzer = {
enable = true;
installRustc = true;
installCargo = true;
};
};
};
plugins.none-ls = {
enable = true;
sources.diagnostics = {
pylint.enable = true;
statix.enable = true;
};
sources.formatting = {
nixfmt.enable = true;
markdownlint.enable = true;
};
};
plugins.neo-tree = {
enable = true;
closeIfLastWindow = true;
};
plugins.treesitter = {
enable = true;
nixGrammars = true;
settings.indent.enable = true;
};
plugins.airline.enable = true;
plugins.cmp-buffer.enable = true;
plugins.cmp-emoji.enable = true;
plugins.cmp-nvim-lsp.enable = true;
plugins.cmp-path.enable = true;
plugins.cmp_luasnip.enable = true;
plugins.luasnip.enable = true;
plugins.nvim-autopairs.enable = true;
plugins.rainbow-delimiters.enable = true;
# Broken
plugins.rustaceanvim.enable = false;
plugins.treesitter-context.enable = true;
};
}

View file

@ -0,0 +1,342 @@
{ config, inputs, lib, pkgs, ... }: {
imports = [
inputs.florp-moderation.nixosModules.default
# Moderated instances. See https://woof.rip/florp/moderation for more information.
inputs.florp-moderation.nixosModules.florp
];
sops.secrets."services/akkoma/mailerPassword" = {
sopsFile = ../../../secrets/services/akkoma.yaml;
};
sops.secrets."services/akkoma/deepl" = {
sopsFile = ../../../secrets/services/akkoma.yaml;
};
services.akkoma = {
enable = true;
extraPackages = let
imagemagick = pkgs.imagemagick.override {
libheif = pkgs.libheif.overrideAttrs (prevAttrs: {
buildInputs = prevAttrs.buildInputs or [ ] ++ [ pkgs.svt-av1 ];
cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DWITH_SvtEnc=ON" ];
});
};
in with pkgs; [ exiftool ffmpeg-headless imagemagick ];
extraStatic = let
actualFetchzip =
{
url,
hash
}: pkgs.runCommandNoCC "${lib.last (lib.splitString "/" url)}" {
src = pkgs.fetchurl {
inherit url hash;
};
} ''
${lib.getExe pkgs.unzip} $src -d $out
for f in $out/*_256.png; do
mv -- "$f" "''${f/_256}"
done
'';
in {
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
"emoji/custom" = pkgs.runCommandNoCC "florp" {
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
} ''
mkdir $out
cp $src $out/florp.png
'';
"emoji/neodog" = actualFetchzip {
url = "https://git.gay/moonrabbits/neodog/raw/commit/6f9eb283b6dcbe507fde1110abab267cb2d73b70/neodog.zip";
hash = "sha256-ISyzpRyjHf+4jKrOtHHqH0Qn7CQu5RQSLH/HL/YSdT4=";
};
"emoji/neocat" = actualFetchzip {
url = "https://volpeon.ink/emojis/neocat/neocat.zip";
hash = "sha256-DZDuk0Djlax504flNWdpqAw+ROLOOVGj0ZvJLyouo7A=";
};
"emoji/neofox" = actualFetchzip {
url = "https://volpeon.ink/emojis/neofox/neofox.zip";
hash = "sha256-rZUPA7ZvrO8q/lx8XK3IxJ1URLgq0PSh752eWzG+uos=";
};
"emoji/blobhaj" = actualFetchzip {
url = "https://web.archive.org/web/20240829143703/https://heatherhorns.com/wp-content/uploads/2022/12/Blobhaj-12-13-2022.zip";
hash = "sha256-5l8ozTivCSOomPq+zDD4FWhK5mA/H2qkGs8beuDnp9s=";
};
"static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
elly-mod = "/static/themes/elly-mod.json";
}
));
"static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
"static/custom.css" = pkgs.writeText "custom.css" ''
.tos-content img, .terms-of-service img {
max-width: 100%;
}
'';
"static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default;
"images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper;
"images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner;
"favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon;
};
frontends = {
primary = {
package = pkgs.akkoma-fe-domi;
name = "akkoma-fe";
ref = "5f0339ce00";
};
admin = {
package = pkgs.akkoma-admin-fe;
name = "admin-fe";
ref = "stable";
};
};
};
services.akkoma.config = let
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom;
mkMapOfPredefinedKeys = set: let
string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\"";
toElixir = value:
if value == null then "nil" else
if lib.isString value then string value else
if builtins.isBool value then lib.boolToString value else
if lib.isInt value || lib.isFloat value then toString value else
abort "Not a elixir value ${value}";
entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value:
"${toElixir name}: ${toElixir value}"
) attrs);
in mkRaw "%{${entries set}}";
in {
":pleroma" = {
":instance" = {
name = "florp.social";
email = "contact@florp.social";
notify_email = "noreply@florp.social";
description = "Likes are now florps. The timeline goes sideways.";
instance_thumbnail = "/instance/thumbnail.avif";
limit = 69420;
description_limit = 69420;
remote_limit = 131072;
upload_limit = 256 * 1024 * 1024;
avatar_upload_limit = 4 * 1024 * 1024;
background_upload_limit = 8 * 1024 * 1024;
banner_upload_limit = 8 * 1024 * 1024;
registrations_open = true;
registration_reason_length = 2048;
account_approval_required = true;
account_activation_required = true;
federating = true;
federation_incoming_replies_max_depth = 1024;
federation_reachability_timeout_days = 14;
allow_relay = true;
max_pinned_statuses = 10;
max_report_comment_size = 2048;
safe_dm_mentions = true;
remote_post_retention_days = 365;
user_bio_length = 8192;
user_name_length = 64;
cleanup_attachments = true;
local_bubble = [
"solitary.social"
"donotsta.re"
"chaos.social"
];
};
":emoji".groups = {
blobs = "/emoji/blobs.gg/*.png";
blobhaj = "/emoji/blobhaj/512w/*.png";
neodog = "/emoji/neodog/*.png";
neocat = [
"/emoji/neocat/*.png"
"/emoji/neodog/additional_neocat/*.png"
];
neofox = [
"/emoji/neofox/*.png"
"/emoji/neodog/additional_neofox/*.png"
];
Custom = "/emoji/custom/*.png";
};
"Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha";
"Pleroma.Web.Endpoint".url.host = "florp.social";
"Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C";
"Pleroma.Emails.Mailer" = {
enabled = true;
adapter = mkRaw "Swoosh.Adapters.SMTP";
relay = "mail.kyouma.net";
username = "noreply@florp.social";
password._secret = config.sops.secrets."services/akkoma/mailerPassword".path;
port = 465;
ssl = true;
auth = mkRaw ":always";
};
":database".rum_enabled = true;
":media_proxy" = {
enabled = true;
base_url = "https://cache.florp.social";
proxy_opts.redirect_on_failure = true;
proxy_opts.max_body_length = 64 * 1024 * 1024;
};
":media_preview_proxy" = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
min_content_length = 128 * 1024;
};
"Pleroma.Upload".base_url = "https://media.florp.social";
"Pleroma.Upload".filters = map mkRaw [
"Pleroma.Upload.Filter.Exiftool.ReadDescription"
"Pleroma.Upload.Filter.Exiftool.StripMetadata"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
":mrf".policies = map mkRaw [
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
];
":mrf_object_age".threshold = 180 * 24 * 3600;
":frontend_configurations" = {
pleroma_fe = mkMapOfPredefinedKeys {
background = "/images/sylvia-ritter-15012323.avif";
nsfwCensorImage = "/static/blurhash-overlay.png";
collapseMessageWithSubject = true;
streaming = true;
webPushNotifications = true;
useStreamingApi = true;
scopeCopy = true;
subjectLineBehavior = "masto";
alwaysShowSubjectInput = true;
postContentType = "text/markdown";
modalOnRepeat = true;
minimalScopesMode = true;
redirectRootNoLogin = "/about";
translationLanguage = "en";
theme = "elly-mod";
};
};
":restrict_unauthenticated" = {
timelines = mkMapOfPredefinedKeys {
local = false;
federated = false;
bubble = true;
};
};
":translator" = {
enabled = true;
module = mkRaw "Pleroma.Akkoma.Translators.DeepL";
};
":deepl" = {
tier = mkAtom ":free";
api_key._secret = config.sops.secrets."services/akkoma/deepl".path;
};
};
":web_push_encryption".":vapid_details" = {
subject = "mailto:contact@florp.social";
};
":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer";
};
services.postgresql.enable = true;
services.postgresql.extraPlugins = [
pkgs.postgresql16Packages.rum
];
services.nginx = {
clientMaxBodySize = "256m";
commonHttpConfig = ''
access_log off;
proxy_cache_path /var/cache/nginx/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:64m max_size=64g
inactive=1y use_temp_path=off;
'';
};
kyouma.nginx.virtualHosts = let
proxyCache = ''
proxy_cache akkoma_media_cache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
in {
"florp.social" = {
serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ];
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
proxyWebsockets = true;
};
locations."^/media(/.*)$".return = "308 https://media.florp.social$1";
locations."^/proxy(/.*)$".return = "308 https://cache.florp.social$1";
locations."= /api/v1/pleroma/admin/config" = {
return = ''200 "\{\"error\":\"You must enable configurable_from_database in your config file.\"\}"'';
extraConfig = ''
types { } default_type "application/json; charset=utf-8";
'';
};
};
"media.florp.social" = {
useACMEHost = "florp.social";
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
rewrite ^(?!/media)(.*)$ /media$1;
'' + proxyCache;
};
};
"cache.florp.social" = {
useACMEHost = "florp.social";
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
rewrite ^(?!/proxy)(.*)$ /proxy$1;
'' + proxyCache;
};
};
};
security.acme.certs."florp.social".extraDomainNames = [
"cache.florp.social"
"media.florp.social"
] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ];
}

View file

@ -0,0 +1,529 @@
{
"_pleroma_theme_version": 2,
"name": "elly's theme (mod)",
"theme": {
"themeEngineVersion": 3,
"shadows": {
"panel": [
{
"color": "#000000",
"x": "1",
"y": "2",
"blur": "6",
"spread": 0,
"alpha": 0.6
}
],
"topBar": [
{
"x": 0,
"y": 0,
"blur": 4,
"spread": 0,
"color": "#000000",
"alpha": 0.6
}
],
"popup": [
{
"x": 2,
"y": 2,
"blur": 3,
"spread": 0,
"color": "#000000",
"alpha": 0.5
}
],
"avatar": [
{
"x": 0,
"y": 1,
"blur": 8,
"spread": 0,
"color": "#000000",
"alpha": 0.7
}
],
"avatarStatus": [],
"panelHeader": [
{
"color": "#ffffff",
"x": 0,
"y": "40",
"blur": "40",
"spread": "-40",
"inset": true,
"alpha": "0.1"
}
],
"button": [
{
"color": "#ffffff",
"x": 0,
"y": "0",
"blur": "0",
"spread": "1",
"alpha": "0.15",
"inset": true
},
{
"color": "#000000",
"x": "1",
"y": "1",
"blur": "1",
"spread": 0,
"alpha": "0.3",
"inset": false
}
],
"buttonHover": [
{
"color": "#318cbc",
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"alpha": 1,
"inset": true
},
{
"color": "#000000",
"x": "1",
"y": "1",
"blur": "1",
"spread": 0,
"alpha": "0.3",
"inset": false
}
],
"buttonPressed": [
{
"color": "#bebebe",
"x": 0,
"y": 0,
"blur": "0",
"spread": "50",
"alpha": 0.5,
"inset": true
},
{
"color": "#ffffff",
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"alpha": 0.2,
"inset": true
},
{
"color": "#000000",
"x": "1",
"y": "1",
"blur": 0,
"spread": 0,
"alpha": "0.3",
"inset": false
}
],
"input": [
{
"color": "#FFFFFF",
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"alpha": "0.2",
"inset": true
}
]
},
"colors": {
"underlay": "#000000",
"bg": "#070e1b",
"fg": "#31363b",
"cRed": "#c42d38",
"cGreen": "#22b325",
"cOrange": "#d7d720",
"cBlue": "#ffffff",
"accent": "#3daee9",
"link": "#318cbc",
"text": "#bebebe",
"badgeNotification": "#024297",
"badgeNotificationText": "#ffffff",
"alertNeutral": "#bebebe",
"alertNeutralText": "#ffffff",
"alertPopupNeutral": "#bebebe",
"alertPopupNeutralText": "#000000",
"alertSuccess": "#22b325",
"alertSuccessText": "#ffffff",
"alertPopupSuccess": "#22b325",
"alertPopupSuccessText": "#000000",
"alertWarning": "#d7d720",
"alertWarningText": "#ffffff",
"alertPopupWarning": "#d7d720",
"alertPopupWarningText": "#000000",
"alertError": "#ff090f",
"alertErrorText": "#bebebe",
"alertPopupError": "#ff090f",
"alertPopupErrorText": "#ffffff",
"panel": "#0d1a31",
"panelText": "#bebebe",
"alertNeutralPanelText": "#ffffff",
"alertSuccessPanelText": "#ffffff",
"alertWarningPanelText": "#ffffff",
"alertErrorPanelText": "#bebebe",
"fgText": "#bebebe",
"topBar": "#0d1a31",
"topBarText": "#bebebe",
"input": "#18223d",
"inputTopbarText": "#bebebe",
"inputPanelText": "#bebebe",
"inputText": "#bebebe",
"btn": "#18223d",
"btnText": "#bebebe",
"btnTopBarText": "#bebebe",
"btnDisabled": "#0c121c",
"btnDisabledTopBarText": "#393d45",
"btnPanelText": "#bebebe",
"btnDisabledPanelText": "#393d45",
"btnDisabledText": "#393d45",
"btnToggled": "#1b1d1f",
"btnToggledTopBarText": "#bebebe",
"btnToggledPanelText": "#bebebe",
"btnToggledText": "#bebebe",
"btnPressed": "#1b1d1f",
"btnPressedTopBarText": "#bebebe",
"btnPressedTopBar": "#1b1d1f",
"btnPressedPanelText": "#bebebe",
"btnPressedPanel": "#1b1d1f",
"btnPressedText": "#bebebe",
"tabActiveText": "#bebebe",
"tabText": "#bebebe",
"tab": "#1b1d1f",
"fgLink": "#543fe7",
"topBarLink": "#bebebe",
"panelLink": "#38a5ed",
"panelFaint": "#bebebe",
"icon": "#63666d",
"poll": "#1d4f6e",
"pollText": "#bebebe",
"border": "#363c41",
"postCyantext": "#ffffff",
"postGreentext": "#22b325",
"postLink": "#3daee9",
"lightText": "#f2f2f2",
"popover": "#070e1b",
"selectedMenuPopover": "#0d1930",
"highlight": "#0d1930",
"highlightText": "#bebebe",
"selectedMenu": "#0d1930",
"selectedMenuText": "#bebebe",
"selectedMenuPopoverIcon": "#666c77",
"highlightLink": "#3daee9",
"selectedMenuLink": "#3daee9",
"selectedMenuPopoverLink": "#3daee9",
"selectedMenuPopoverText": "#bebebe",
"faintLink": "#3daee9",
"highlightFaintLink": "#3daee9",
"selectedMenuFaintLink": "#3daee9",
"selectedMenuPopoverFaintLink": "#3daee9",
"faint": "#bebebe",
"highlightFaintText": "#bebebe",
"selectedMenuFaintText": "#bebebe",
"selectedMenuPopoverFaintText": "#bebebe",
"highlightLightText": "#f2f2f2",
"selectedMenuLightText": "#f2f2f2",
"selectedMenuPopoverLightText": "#f2f2f2",
"selectedMenuIcon": "#666c77",
"selectedPost": "#0d1930",
"selectedPostText": "#bebebe",
"selectedPostIcon": "#666c77",
"selectedPostLink": "#3daee9",
"selectedPostFaintLink": "#3daee9",
"highlightPostLink": "#3daee9",
"selectedPostPostLink": "#3daee9",
"selectedPostLightText": "#f2f2f2",
"selectedPostFaintText": "#bebebe",
"popoverText": "#bebebe",
"popoverIcon": "#63666d",
"popoverLink": "#3daee9",
"postFaintLink": "#3daee9",
"popoverPostFaintLink": "#3daee9",
"popoverFaintLink": "#3daee9",
"popoverFaintText": "#bebebe",
"popoverPostLink": "#3daee9",
"popoverLightText": "#f2f2f2",
"highlightIcon": "#666c77",
"highlightPostFaintLink": "#3daee9",
"profileTint": "#070e1b",
"profileBg": "#03070f",
"wallpaper": "#050a13"
},
"opacity": {
"underlay": 0.15,
"bg": 0.85,
"alert": 0.5,
"alertPopup": 0.95,
"panel": 0.75,
"input": 0.9,
"btn": 0.9,
"faint": 0.5,
"border": 0.55,
"popover": 1,
"profileTint": 0.5
},
"radii": {
"btn": "3",
"input": "4",
"checkbox": "1",
"panel": "3",
"avatar": "4",
"avatarAlt": "4",
"tooltip": 2,
"attachment": "3"
},
"fonts": {
"interface": {
"family": "sans-serif"
},
"input": {
"family": "inherit"
},
"post": {
"family": "inherit"
},
"postCode": {
"family": "monospace"
}
}
},
"source": {
"themeEngineVersion": 3,
"fonts": {},
"shadows": {
"panel": [
{
"x": "1",
"y": "2",
"blur": "6",
"spread": 0,
"color": "#000000",
"alpha": 0.6
}
],
"button": [
{
"x": 0,
"y": "0",
"blur": "0",
"spread": "1",
"color": "#ffffff",
"alpha": "0.15",
"inset": true
},
{
"x": "1",
"y": "1",
"blur": "1",
"spread": 0,
"color": "#000000",
"alpha": "0.3",
"inset": false
}
],
"panelHeader": [
{
"x": 0,
"y": "40",
"blur": "40",
"spread": "-40",
"inset": true,
"color": "#ffffff",
"alpha": "0.1"
}
],
"buttonHover": [
{
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"color": "--link",
"alpha": 1,
"inset": true
},
{
"x": "1",
"y": "1",
"blur": "1",
"spread": 0,
"color": "#000000",
"alpha": "0.3",
"inset": false
}
],
"buttonPressed": [
{
"x": 0,
"y": 0,
"blur": "0",
"spread": "50",
"color": "--faint",
"alpha": 0.5,
"inset": true
},
{
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"color": "#ffffff",
"alpha": 0.2,
"inset": true
},
{
"x": "1",
"y": "1",
"blur": 0,
"spread": 0,
"color": "#000000",
"alpha": "0.3",
"inset": false
}
],
"input": [
{
"x": 0,
"y": "0",
"blur": 0,
"spread": "1",
"color": "#FFFFFF",
"alpha": "0.2",
"inset": true
}
]
},
"opacity": {
"bg": "0.85",
"border": "0.55",
"panel": "0.75",
"btn": "0.9",
"input": "0.9"
},
"colors": {
"bg": "#070e1b",
"fg": "#31363b",
"text": "#bebebe",
"underlay": "#000000",
"link": "#318cbc",
"accent": "#3daee9",
"faint": "#bebebe",
"faintLink": "#3daee9",
"postFaintLink": "#3daee9",
"cBlue": "#ffffff",
"cRed": "#c42d38",
"cGreen": "#22b325",
"cOrange": "#d7d720",
"highlight": "#0d1930",
"highlightLightText": "#f2f2f2",
"highlightPostLink": "#3daee9",
"highlightFaintText": "#bebebe",
"highlightFaintLink": "#3daee9",
"highlightPostFaintLink": "#3daee9",
"highlightText": "#bebebe",
"highlightLink": "#3daee9",
"highlightIcon": "#666c77",
"popover": "#070e1b",
"popoverLightText": "#f2f2f2",
"popoverPostLink": "#3daee9",
"popoverFaintText": "#bebebe",
"popoverFaintLink": "#3daee9",
"popoverPostFaintLink": "#3daee9",
"popoverText": "#bebebe",
"popoverLink": "#3daee9",
"popoverIcon": "#63666d",
"selectedPost": "#0d1930",
"selectedPostFaintText": "#bebebe",
"selectedPostLightText": "#f2f2f2",
"selectedPostPostLink": "#3daee9",
"selectedPostFaintLink": "#3daee9",
"selectedPostText": "#bebebe",
"selectedPostLink": "#3daee9",
"selectedPostIcon": "#666c77",
"selectedMenu": "#0d1930",
"selectedMenuLightText": "#f2f2f2",
"selectedMenuFaintText": "#bebebe",
"selectedMenuFaintLink": "#3daee9",
"selectedMenuText": "#bebebe",
"selectedMenuLink": "#3daee9",
"selectedMenuIcon": "#666c77",
"selectedMenuPopover": "#0d1930",
"selectedMenuPopoverLightText": "#f2f2f2",
"selectedMenuPopoverFaintText": "#bebebe",
"selectedMenuPopoverFaintLink": "#3daee9",
"selectedMenuPopoverText": "#bebebe",
"selectedMenuPopoverLink": "#3daee9",
"selectedMenuPopoverIcon": "#666c77",
"lightText": "#f2f2f2",
"postLink": "#3daee9",
"border": "#363c41",
"poll": "#1d4f6e",
"pollText": "#bebebe",
"icon": "#63666d",
"fgText": "#bebebe",
"fgLink": "#543fe7",
"panel": "#0d1a31",
"panelText": "#bebebe",
"panelFaint": "#bebebe",
"panelLink": "#38a5ed",
"topBar": "#0d1a31",
"topBarText": "#bebebe",
"topBarLink": "#bebebe",
"tab": "#1b1d1f",
"tabText": "#bebebe",
"tabActiveText": "#bebebe",
"btn": "#18223d",
"btnText": "#bebebe",
"btnPanelText": "#bebebe",
"btnTopBarText": "#bebebe",
"btnPressed": "#1b1d1f",
"btnPressedText": "#bebebe",
"btnPressedPanel": "#1b1d1f",
"btnPressedPanelText": "#bebebe",
"btnPressedTopBar": "#1b1d1f",
"btnPressedTopBarText": "#bebebe",
"btnToggled": "#1b1d1f",
"btnToggledText": "#bebebe",
"btnToggledPanelText": "#bebebe",
"btnToggledTopBarText": "#bebebe",
"btnDisabled": "#0c121c",
"btnDisabledText": "#393d45",
"btnDisabledPanelText": "#393d45",
"btnDisabledTopBarText": "#393d45",
"input": "#18223d",
"inputText": "#bebebe",
"inputPanelText": "#bebebe",
"inputTopbarText": "#bebebe",
"alertError": "#ff090f",
"alertErrorText": "#bebebe",
"alertErrorPanelText": "#bebebe",
"alertWarning": "#d7d720",
"alertWarningText": "#ffffff",
"alertWarningPanelText": "#ffffff",
"alertNeutral": "#bebebe",
"alertNeutralText": "#ffffff",
"alertNeutralPanelText": "#ffffff",
"badgeNotification": "#024297",
"badgeNotificationText": "#ffffff"
},
"radii": {
"btn": "3",
"input": "4",
"checkbox": "1",
"panel": "3",
"avatar": "4",
"avatarAlt": "4",
"attachment": "3"
}
}
}

View file

@ -0,0 +1,55 @@
{ lib, pkgs, ... }: {
services = {
prowlarr.enable = true;
} // lib.genAttrs [ "sonarr" "radarr" ] (_: {
enable = true;
});
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
wants = [ "mnt-mezzomix.mount" ];
});
systemd.mounts = lib.singleton {
description = "rclone mount";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" "radarr.service" "sonarr.service" ];
where = "/mnt/mezzomix";
what = "mezzomix@otos.feralhosting.com:private/rtorrent/data";
type = "fuse.sshfs";
options = "umask=0000,idmap=user,_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,reconnect,max_conns=10,identityfile=/etc/keys/ssh_host_ed25519_key";
};
systemd.automounts = lib.singleton {
name = "mnt-mezzomix.automount";
where = "/mnt/mezzomix";
wantedBy = [ "multi-user.target" ];
automountConfig.TimeoutIdleSec = 0;
};
environment.systemPackages = [ pkgs.sshfs ];
programs.ssh.ciphers = [ "aes256-ctr" ];
kyouma.nginx.virtualHosts = {
"crime.kyouma.net" = {
verifyClientCert = true;
disableHttp3 = true;
locations = {
"/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
"/sonarr/" = {
proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true;
};
"/radarr/" = {
proxyPass = "http://127.0.0.1:7878";
recommendedProxySettings = true;
};
"/prowlarr/" = {
proxyPass = "http://127.0.0.1:9696";
recommendedProxySettings = true;
};
};
};
};
security.acme.certs."crime.kyouma.net" = {};
}

View file

@ -0,0 +1,27 @@
<!DOCTYPE html>
<html>
<head>
<title>crime.kyouma.net</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to crime.kyouma.net!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>Sonarr
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
Radarr
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
Prowlarr
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

View file

@ -5,6 +5,7 @@
};
services.forgejo = {
enable = true;
package = pkgs.forgejo;
secrets.mailer.PASSWD = config.sops.secrets."services/forgejo/mailerPassword".path;
database = {
createDatabase = true;

View file

@ -1,6 +1,7 @@
{ config, ... }: {
{ config, inputs, lib, ... }: {
imports = [
./nix-config.nix
inputs.hydra.nixosModules.hydra
];
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
@ -18,8 +19,9 @@
};
kyouma.deployment.auto-upgrade.cache = "daemon";
services.hydra = {
services.hydra-dev = {
enable = true;
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";
@ -28,18 +30,24 @@
extraConfig = ''
server_store_uri = https://cache.kyouma.net
binary_cache_public_uri = https://cache.kyouma.net
evaluator_workers = 8
evaluator_max_memory_size = 16384
evaluator_workers = 6
evaluator_max_memory_size = 12288
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
'';
};
services.harmonia = {
enable = true;
signKeyPath = config.sops.secrets."services/hydra/signKey".path;
signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
settings = {
bind = "[::1]:5555";
};
};
systemd.services.hydra-evaluator.serviceConfig = {
MemoryHigh = "250G";
MemoryMax = "254G";
};
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
kyouma.nginx.virtualHosts = {
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";

View file

@ -1,42 +1,45 @@
{ config, ... }: {
nix.buildMachines = [
{ config, lib, ... }: {
nix.buildMachines = let
base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
in [
{
hostName = "localhost";
sshUser = "hydra-queue-runner";
maxJobs = 20;
speedFactor = 17;
protocol = null;
maxJobs = 0;
speedFactor = 0;
systems = [ "x86_64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
supportedFeatures = base;
}
{
hostName = "integra.kyouma.net";
sshUser = "build";
sshUser = "nix-ssh";
maxJobs = 2;
speedFactor = 4;
systems = [ "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = base;
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
{
hostName = "build-worker-03.nyantec.com";
sshUser = "nix-ssh";
maxJobs = 4;
speedFactor = 18;
systems = [ "x86_64-linux" "riscv64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
hostName = "schrodinger.kyouma.net";
sshUser = "root";
maxJobs = 0;
speedFactor = 20;
systems = [ "riscv64-linux" ];
supportedFeatures = base ++ [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
{
hostName = "build-worker-04.nyantec.com";
sshUser = "nix-ssh";
maxJobs = 4;
speedFactor = 18;
systems = [ "x86_64-linux" "riscv64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
] ++ lib.forEach (lib.range 0 10) (num: {
hostName = "build-worker-${lib.fixedWidthNumber 2 num}";
sshUser = "root";
maxJobs = 2;
speedFactor = 20;
systems = [ "i686-linux" "x86_64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}
];
});
nixpkgs.config.allowUnsupportedSystem = true;
nix.distributedBuilds = true;
nix.gc.automatic = lib.mkForce false;
nix.settings = {
allowed-uris = [
"github:"
@ -45,13 +48,34 @@
"https://"
];
};
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
];
programs.ssh = {
knownHosts."build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
knownHosts."build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
knownHosts = {
"build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
"schrodinger.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo7vZ6lS1wx76YsbAdhOsGcc20YMAW52ep8SZ/FCHDp";
"lab.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUePtVPtBK+CYosufbaGiMT4EVanti4V5t2Wg0g/Fy4";
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
"[build-worker-kyoumanet.fly.dev]:2200".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUGzlilikAUfUGKXVCoTeDvPRoWUgDDkNU5WaRUBzls";
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
"[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
"[build-worker-kyoumanet-cdg.fly.dev]:2209".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGlQD/3fLn/Kyb7v0RIycHRcArGi75jURj803EMpW0S";
"[build-worker-kyoumanet-cdg.fly.dev]:2210".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQm1FSGBGdCR5f8MvBvdKM0M4yIQVnH1po7hHO5T1qz";
};
extraConfig = ''
Host machine-0008.cloud-v.co
Hostname machine.cloud-v.co
Port 20008
'' + lib.concatLines (lib.forEach (lib.range 0 10) (num: ''
Host build-worker-${lib.fixedWidthNumber 2 num}
Hostname build-worker-kyoumanet${lib.optionalString (num > 8) "-cdg"}.fly.dev
Port 22${lib.fixedWidthNumber 2 num}
''));
};
}

View file

@ -0,0 +1,34 @@
{ lib, ... }: {
services.jellyfin.enable = true;
kyouma.nginx.virtualHosts = {
"watch.kyouma.net".redirectTo = "fentanyl.trade";
"fentanyl.trade" = {
serverAliases = lib.singleton "frotti.ng";
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
extraConfig = ''
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
};
"/socket" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
proxyWebsockets = true;
};
};
};
};
security.acme.certs."fentanyl.trade".extraDomainNames = [
"frotti.ng"
"watch.kyouma.net"
];
}

View file

@ -0,0 +1,8 @@
{ ... }: {
services.librespeed = {
enable = true;
openFirewall = true;
domain = "speed.kyouma.net";
frontend.enable = true;
};
}

View file

@ -1,4 +1,6 @@
{ config, lib, ... }: with lib; {
{ config, lib, pkgs, ... }: let
inherit (lib) mkDefault;
in {
kyouma.deployment.tags = [ "web" ];
security.dhparams.enable = true;
security.dhparams.params.nginx = {};
@ -9,9 +11,11 @@
email = "noc@kyouma.net";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
services.nginx = {
enable = true;
#package = pkgs.nginxQuic;
package = mkDefault pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
@ -32,7 +36,14 @@
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
'';
eventsConfig = ''
multi_accept on;
'';
appendConfig = ''
worker_processes auto;
'';
};
}

View file

@ -5,14 +5,14 @@
};
sops.secrets."services/vaultwarden/basicAuth" = {
sopsFile = ../../secrets/services/vaultwarden.yaml;
owner = "vaultwarden";
owner = "nginx";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
backupDir = "/var/backup/bitwarden_rs";
config = {
DOMAIN = "https://staging.vault.kyouma.net";
DOMAIN = "https://vault.kyouma.net";
DATABASE_MAX_CONNS = 15;
WEB_VAULT_ENABLED = true;
WEBSOCKET_ADDRESS = "::1";
@ -33,10 +33,10 @@
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = "8222";
ROCKET_PORT = 8222;
};
};
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
locations."/" = {
proxyPass = "http://[::1]:8222";
proxyWebsockets = true;
@ -46,5 +46,5 @@
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
};
};
security.acme.certs."staging.vault.kyouma.net" = {};
security.acme.certs."vault.kyouma.net" = {};
}

View file

@ -12,7 +12,7 @@
];
};
nixpkgs.config.permittedInsecurePackages = [
"electron-25.9.0"
"jitsi-meet-1.0.8043"
];
home-manager.useGlobalPkgs = true;
@ -23,6 +23,7 @@
whois
htop
restic
fend
] ++ lib.optionals config.kyouma.machine-type.graphical [
linux-manual
colmena
@ -36,6 +37,9 @@
pavucontrol
signal-desktop
element-desktop
firefox
# currently broken
#inputs.firefox.packages.${pkgs.system}.firefox
nixfmt-classic
wl-clipboard
@ -61,7 +65,7 @@
programs.eza = {
enable = true;
icons = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"

View file

@ -0,0 +1,78 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
users.users.lucy = {
isNormalUser = true;
shell = pkgs.fish;
ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIId7XvwEHtC9KdGg4Bn+XE+yyBp7/dRToJX9T56mM7ln kosaki@kosaki"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZH8HwE1OxVAArRpc3+c7foYJ/WYjp4BqUyuab9yQyl emilia@emilia"
];
};
home-manager.useGlobalPkgs = true;
home-manager.users.lucy = {
home.stateVersion = "24.11";
home.packages = with pkgs; [
whois
htop
restic
fend
];
fonts.fontconfig.enable = true;
programs.bat.enable = true;
programs.gpg.enable = true;
programs.ripgrep.enable = true;
programs.tmux = {
enable = true;
prefix = "M-w";
clock24 = true;
extraConfig = ''
# unbind keys
unbind-key C-b
# new prefix
bind-key M-w send-prefix
# selection via vim keys
bind-key -r h select-pane -L
bind-key -r j select-pane -D
bind-key -r k select-pane -U
bind-key -r l select-pane -R
# resize aswell
bind-key -r C-h resize-pane -L 5
bind-key -r C-j resize-pane -D 5
bind-key -r C-k resize-pane -U 5
bind-key -r C-l resize-pane -R 5
bind-key g split-window
bind-key v split-window -h
'';
};
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"
"--color-scale-mode=gradient"
"--group-directories-first"
];
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
};
};
}

View file

@ -0,0 +1,49 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
users.users.nil = {
isNormalUser = true;
shell = pkgs.fish;
ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICczPHRwY9MAwDGlcB0QgMOJjcpLJhVU3covrW9RBS62AAAABHNzaDo="
];
};
home-manager.useGlobalPkgs = true;
home-manager.users.nil = {
home.stateVersion = "24.11";
home.packages = with pkgs; [
whois
htop
restic
fend
];
fonts.fontconfig.enable = true;
programs.bat.enable = true;
programs.gpg.enable = true;
programs.ripgrep.enable = true;
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"
"--color-scale-mode=gradient"
"--group-directories-first"
];
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -7,7 +7,6 @@
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
disko = {
url = "github:nix-community/disko";
@ -20,22 +19,42 @@
};
fernglas = {
url = "github:wobcom/fernglas";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
firefox = {
url = "git+https://woof.rip/mikael/firefox.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-about = {
url = "git+https://woof.rip/florp/about.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-branding = {
url = "git+https://woof.rip/florp/branding.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-moderation = {
url = "git+https://woof.rip/florp/moderation.git";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
iceshrimp = {
url = "git+https://iceshrimp.dev/iceshrimp/packaging";
inputs.nixpkgs.follows = "nixpkgs";
hydra = {
url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
inputs.lix.follows = "lix";
};
kyouma-www = {
url = "git+https://woof.rip/emily/kyouma-net.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-needsreboot = {
url = "github:thefossguy/nixos-needsreboot";
inputs.nixpkgs.follows = "nixpkgs";
@ -45,6 +64,11 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
oth = {
url = "git+ssh://forgejo@woof.rip/emily/oth.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
@ -64,10 +88,6 @@
"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
];
builders-use-substitutes = true;
builders = ''
ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm
ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm
'';
};
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
@ -109,7 +129,6 @@
};
images = {
lain = self.nixosConfigurations.lain-minimal.config.system.build.sdImage;
build-worker-oci = self.nixosConfigurations.build-worker-oci.config.system.build.tarball;
};
overlays = {
@ -133,14 +152,18 @@
};
in {
packages = shinyflakes.mapPackages (pkgs) {
# newhost = pkgs.stdenv.mkDerivation {
# name = "newhost";
# newHost = pkgs.writeShellApplication {
# name = "update-flyio";
# text = ''
# '';
# };
};
# apps = rec {
# newhost = self.packages.${system}.newhost;
# default = newhost;
# };
apps = {
update-build-worker = {
type = "app";
program = ./pkgs/build-worker-oci/update.sh;
};
};
devShells.default = pkgs.mkShell {
packages = [ pkgs.colmena pkgs.sops ];
};

View file

@ -1,8 +1,5 @@
{ ... }: {
imports = [
./deployment
./machine-type
./nginx
./update-nixfiles
];
{ lib, ... }: let
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
in {
imports = builtins.map (dir: ./${dir}) mapModules;
}

View file

@ -0,0 +1,238 @@
{ config, pkgs, lib, inputs, ... }:
let
cfg = config.kyouma.graphical;
in {
options = {
kyouma.graphical = {
enable = lib.mkEnableOption "graphical profile";
compositor = lib.mkOption {
type = with lib.types; nullOr (enum [ "hyprland" "niri" ]);
default = null;
};
};
};
imports = [
inputs.stylix.nixosModules.stylix
./files.nix
./hyprland.nix
./waybar-hyprland.nix
./hyprlock.nix
./nixvim.nix
];
config = lib.mkIf cfg.enable {
kyouma.machine-type.graphical = true;
boot.plymouth.enable = true;
security.pam.services.hyprlock = {};
services.dbus.packages = [ pkgs.gcr ];
services.geoclue2.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
services.udisks2.enable = true;
environment.variables = {
CLUTTER_BACKEND = "wayland";
GDK_BACKEND = "wayland,x11";
MOZ_ENABLE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland;xcb";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
LIBVA_DRIVER_NAME = "radeonsi";
MESA_VK_DEVICE_SELECT = "1002:73df";
WLR_DRM_DEVICES = "$HOME/.config/hypr/external-gpu:$HOME/.config/hypr/internal-gpu";
};
xdg.icons.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
configPackages = [ (if cfg.compositor == "hyprland"
then pkgs.xdg-desktop-portal-hyprland
else pkgs.xdg-desktop-portal-wlr
) ];
};
stylix= {
image = pkgs.fetchurl {
url = "https://kyouma.net/wallpaper.png";
sha256 = "1f46b439a864cd28b8ea93563b4762f1efb2648bae0148fd6b45f3033b10b0e8";
};
polarity = "dark";
#base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-macchiato.yaml";
fonts = {
sansSerif = {
package = pkgs.noto-fonts;
name = "Noto Sans";
};
serif = config.stylix.fonts.sansSerif;
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono Regular";
};
sizes.terminal = 11;
};
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine";
size = 24;
};
targets = {
console.enable = false;
gnome.enable = true;
fish.enable = false;
};
};
home-manager.users.emily = {
stylix.targets = {
hyprland.enable = false;
sway.enable = false;
kitty.enable = false;
mako.enable = false;
rofi.enable = false;
swaylock.enable = false;
waybar.enable = false;
nixvim.enable = false;
fish.enable = false;
};
home.keyboard = {
layout = "de";
variant = "neo_qwerty";
};
programs.imv.enable = true;
programs.wpaperd = {
enable = true;
settings.default = {
path = "/home/emily/Pictures/wallpapers/sylviaritter/";
duration = "60m";
sorting = "random";
};
};
programs.kitty = {
enable = true;
font.size = 13;
font.name = "JetBrains Mono";
settings = {
enable_audio_bell = false;
scrollback_lines = 65536;
remember_window_size = false;
initial_window_width = 1200;
initial_window_height = 800;
bold_font = "auto";
italic_font = "auto";
bold_italic_font = "auto";
background = "#090312";
background_opacity = "0.7";
};
keybindings = {
"shift+right" = "next_tab";
"ctrl+l" = "next_tab";
"shift+left" = "previous_tab";
"ctrl+h" = "previous_tab";
};
};
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
};
programs.zoxide = {
enable = true;
options = [ "--cmd cd" ];
};
programs.fzf.enable = true;
qt = {
enable = true;
platformTheme.name = "qtct";
style.name = "kvantum-dark";
style.package = with pkgs; [
libsForQt5.qtstyleplugin-kvantum
qt6Packages.qtstyleplugin-kvantum
(catppuccin-kvantum.override { accent = "mauve"; variant = "macchiato"; })
];
};
gtk.iconTheme.name = "Adwaita";
gtk.iconTheme.package = pkgs.gnome.adwaita-icon-theme;
services.gammastep = {
enable = true;
provider = "geoclue2";
temperature.day = 6500;
temperature.night = 3700;
settings.general.adjustment-method = "wayland";
};
services.mako = {
enable = true;
anchor = "top-right";
backgroundColor = "#24273a";
borderColor = "#c6a0f6";
borderRadius = 15;
borderSize = 2;
defaultTimeout = 5000;
layer = "overlay";
maxIconSize = 48;
padding = "15";
progressColor = "over #B4A1DB";
sort = "-time";
textColor = "#cad3f5";
extraConfig = ''
max-history=100
on-button-left=dismiss
on-button-right=dismiss-all
on-notify=exec ${pkgs.mpv}/bin/mpv /usr/share/sounds/freedesktop/stereo/message.oga
[urgency=low]
border-color=#B4A1DB
default-timeout=2000
[urgency=normal]
border-color=#B4A1DB
default-timeout=5000
[urgency=high]
border-color=#D04E9D
text-color=#D04E9D
default-timeout=0
[category=mpd]
border-color=#E49186
default-timeout=2000
group-by=category
'';
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
services.syncthing = {
enable = true;
tray.enable = true;
tray.command = "syncthingtray --replace";
};
services.udiskie = {
enable = true;
automount = false;
};
systemd.user.services.syncthingtray.Service = {
ExecStartPre = "${pkgs.coreutils-full}/bin/sleep 2";
Restart = "on-failure";
RestartSec = "1s";
};
};
};
}

View file

@ -1,5 +1,5 @@
{ config, pkgs, ... }: {
home-manager.users.emily = {
{ config, lib, pkgs, ... }: {
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
home.file.".local/bin/hypr/playerctl.sh" = let
playerctl = "${pkgs.playerctl}/bin/playerctl";
title = "$(${playerctl} metadata --format '{{markup_escape(title)}}')";
@ -19,7 +19,7 @@
fi
'';
};
home.file."./local/bin/hypr/colorpicker.sh" = {
home.file.".local/bin/hypr/colorpicker.sh" = {
enable = true;
executable = true;
source = pkgs.writeShellApplication {
@ -28,7 +28,7 @@
runtimeInputs = with pkgs; [ coreutils grim slurp imagemagick_light wl-clipboard libnotify ];
};
};
home.file."./local/bin/hypr/rofi_powermenu.sh" = {
home.file.".local/bin/hypr/rofi_powermenu.sh" = {
enable = true;
executable = true;
source = pkgs.writeShellApplication {
@ -37,7 +37,7 @@
runtimeInputs = with pkgs; [ rofi hyprlock coreutils-full toybox xdg-user-dirs ];
};
};
home.file."./local/bin/hypr/rofi_screenshot.sh" = {
home.file.".local/bin/hypr/rofi_screenshot.sh" = {
enable = true;
executable = true;
source = pkgs.writeShellApplication {
@ -46,7 +46,7 @@
runtimeInputs = with pkgs; [ coreutils grim hyprland imv slurp wl-clipboard libnotify pulseaudio toybox rofi xdg-user-dirs ];
};
};
home.file."./local/bin/hypr/screenshot.sh" = {
home.file.".local/bin/hypr/screenshot.sh" = {
enable = true;
executable = true;
source = pkgs.writeShellApplication {

View file

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

View file

Before

Width:  |  Height:  |  Size: 20 KiB

After

Width:  |  Height:  |  Size: 20 KiB

View file

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 23 KiB

View file

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

View file

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 31 KiB

View file

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View file

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

View file

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View file

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 26 KiB

View file

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

View file

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 29 KiB

View file

Before

Width:  |  Height:  |  Size: 33 KiB

After

Width:  |  Height:  |  Size: 33 KiB

View file

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 28 KiB

View file

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 22 KiB

View file

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View file

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 23 KiB

View file

@ -1,57 +1,5 @@
{ pkgs, ... }: {
home-manager.users.emily = {
programs.hyprlock = {
enable = true;
settings = {
general = {
hide_cursor = true;
disable_loading_bar = true;
};
background = [{
path = "screenshot";
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
blur_passes = 3;
contrast = 1.25;
}];
input-field = [{
size = "250, 60";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.5)";
font_color = "rgb(200, 200, 200)";
fade_on_empty = true;
fade_timeout = 5000;
font_family = "JetBrains Mono Nerd Font Mono";
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
position = "0, 200";
halign = "center";
valign = "bottom";
}];
label = [{
text = "cmd[update:250] date +%X";
color = "rgba(255, 255, 255, 0.6)";
font_size = "100";
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
position = "0, -300";
halign = "center";
valign = "top";
}];
};
};
services.swayidle =
let
hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
in {
enable = true;
systemdTarget = "hyprland-session.target";
events = [
{ event = "before-sleep"; command = hyprlock; }
{ event = "lock"; command = hyprlock; }
];
};
{ config, inputs, lib, pkgs, ... }: {
config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
wayland.windowManager.hyprland = {
enable = true;
settings = let
@ -61,6 +9,8 @@
notifysend = "${pkgs.libnotify}/bin/notify-send";
dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin";
firefox = "${pkgs.firefox}/bin/firefox";
# currently broken
#firefox = "${inputs.firefox.packages.${pkgs.system}.firefox}/bin/firefox";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
screenshot = "~/.local/bin/hypr/screenshot.sh";
rofi = "${pkgs.rofi-wayland}/bin/rofi";
@ -170,8 +120,8 @@
"eDP-1, 3840x2400@60, 0x0, 1, bitdepth, 10"
#"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
#"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@120,5280x0,1, bitdepth,10, vrr,2"
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1"
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@240,5280x0,1, bitdepth,10, vrr,2"
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-280,1, bitdepth,10, transform,1"
",preferred,auto,1"
];
workspace = [

View file

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }: {
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
programs.hyprlock = {
enable = true;
settings = {
general = {
hide_cursor = true;
disable_loading_bar = true;
};
background = [{
path = "screenshot";
#path = "$HOME/Pictures/wallpapers/lockscreen.png";
blur_passes = 3;
contrast = 1.25;
}];
input-field = [{
size = "250, 60";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.2;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.5)";
font_color = "rgb(200, 200, 200)";
fade_on_empty = true;
fade_timeout = 5000;
font_family = "JetBrains Mono Nerd Font Mono";
fail_text = "<i>$FAIL <b>$ATTEMPTS</b></i>";
position = "0, 200";
halign = "center";
valign = "bottom";
}];
label = [{
text = "cmd[update:250] date +%X";
color = "rgba(255, 255, 255, 0.6)";
font_size = "100";
font_family = "JetBrains Mono Nerd Font Mono ExtraBold";
position = "0, -300";
halign = "center";
valign = "top";
}];
};
};
services.swayidle =
let
hyprlock = "pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
in {
enable = true;
systemdTarget = "${config.kyouma.graphical.compositor}-session.target";
events = [
{ event = "before-sleep"; command = hyprlock; }
{ event = "lock"; command = hyprlock; }
];
};
};
}

View file

@ -0,0 +1,220 @@
{ config, lib, pkgs, inputs, ... }: {
config = lib.mkIf config.kyouma.graphical.enable {
home-manager.users.emily.imports = [
inputs.nixvim.homeManagerModules.nixvim
];
home-manager.users.emily.programs.nixvim = {
enable = true;
extraPlugins = [
pkgs.vimPlugins.molokai
pkgs.vimPlugins.vim-airline-themes
];
colorscheme = "molokai";
vimAlias = true;
highlightOverride.Normal = {
ctermbg = "NONE";
bg = "NONE";
};
opts = {
number = true;
expandtab = true;
autoindent = true;
mouse = "";
encoding = "utf-8";
shiftwidth = 2;
smartindent = true;
tabstop = 2;
ignorecase = true;
incsearch = true;
smartcase = true;
};
keymaps = [
{
action = "<cmd>Neotree toggle<CR>";
key = "<C-n>";
mode = "n";
options.silent = true;
}
{
action = "<C-\\><C-n>";
key = "<esc>";
mode = "t";
}
];
plugins.cmp = {
enable = true;
settings.sources = [
{ name = "nvim_lsp"; }
{ name = "luasnip"; }
{ name = "buffer"; }
{ name = "nvim_lua"; }
{ name = "path"; }
];
settings.formatting = {
fields = [ "abbr" "kind" "menu" ];
format = ''
function(_, item)
local icons = {
Namespace = "󰌗",
Text = "󰉿",
Method = "󰆧",
Function = "󰆧",
Constructor = "",
Field = "󰜢",
Variable = "󰀫",
Class = "󰠱",
Interface = "",
Module = "",
Property = "󰜢",
Unit = "󰑭",
Value = "󰎠",
Enum = "",
Keyword = "󰌋",
Snippet = "",
Color = "󰏘",
File = "󰈚",
Reference = "󰈇",
Folder = "󰉋",
EnumMember = "",
Constant = "󰏿",
Struct = "󰙅",
Event = "",
Operator = "󰆕",
TypeParameter = "󰊄",
Table = "",
Object = "󰅩",
Tag = "",
Array = "[]",
Boolean = "",
Number = "",
Null = "󰟢",
String = "󰉿",
Calendar = "",
Watch = "󰥔",
Package = "",
Copilot = "",
Codeium = "",
TabNine = "",
}
local icon = icons[item.kind] or ""
item.kind = string.format("%s %s", icon, item.kind or "")
return item
end
'';
};
settings.snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
settings.window = {
completion = {
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
scrollbar = false;
sidePadding = 0;
border = [ "" "" "" "" "" "" "" "" ];
};
documentation = {
border = [ "" "" "" "" "" "" "" "" ];
winhighlight = "FloatBorder:CmpBorder,Normal:CmpPmenu,CursorLine:CmpSel,Search:PmenuSel";
};
};
settings.mapping = {
"<C-n>" = "cmp.mapping.select_next_item()";
"<C-p>" = "cmp.mapping.select_prev_item()";
"<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Insert, select = true })";
"<Tab>" = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif require("luasnip").expand_or_jumpable() then
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-expand-or-jump", true, true, true), "")
else
fallback()
end
end,{"i","s"})
'';
"<S-Tab>" = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif require("luasnip").jumpable(-1) then
vim.fn.feedkeys(vim.api.nvim_replace_termcodes("<Plug>luasnip-jump-prev", true, true, true), "")
else
fallback()
end
end,{"i","s"})
'';
};
};
plugins.lsp = {
enable = true;
keymaps.lspBuf = {
"K" = "hover";
"gd" = "definition";
"gD" = "references";
"gt" = "type_definition";
"gi" = "implementation";
};
servers = {
bashls.enable = true;
lua_ls.enable = true;
nil_ls = {
enable = true;
settings.formatting.command = [ "nixfmt" "-w" "140" ];
};
nixd = {
enable = false;
settings = {
eval.depth = 5;
eval.workers = 6;
formatting.command = [ "nixfmt" "-w" "140" ];
options.enable = true;
};
};
ruff_lsp.enable = true;
rust_analyzer = {
enable = true;
installRustc = true;
installCargo = true;
};
};
};
plugins.none-ls = {
enable = true;
sources.diagnostics = {
pylint.enable = true;
};
sources.formatting = {
nixfmt.enable = true;
markdownlint.enable = true;
};
};
plugins.neo-tree = {
enable = true;
closeIfLastWindow = true;
};
plugins.treesitter = {
enable = true;
nixGrammars = true;
settings.indent.enable = true;
};
plugins.airline.enable = true;
plugins.cmp-buffer.enable = true;
plugins.cmp-emoji.enable = true;
plugins.cmp-nvim-lsp.enable = true;
plugins.cmp-path.enable = true;
plugins.cmp_luasnip.enable = true;
plugins.luasnip.enable = true;
plugins.nvim-autopairs.enable = true;
plugins.rainbow-delimiters.enable = true;
plugins.web-devicons.enable = true;
# Broken
plugins.rustaceanvim.enable = false;
plugins.treesitter-context.enable = true;
};
};
}

View file

@ -1,5 +1,5 @@
{ pkgs, ... }: {
home-manager.users.emily = {
{ config, lib, pkgs, ... }: {
config.home-manager.users.emily = lib.mkIf config.kyouma.graphical.enable {
programs.waybar = {
enable = true;
style = ./files/waybar-style.css;

View file

@ -0,0 +1,408 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.librespeed;
in
{
options.services.librespeed =
let
inherit (lib) mkOption types;
in
{
enable = lib.mkEnableOption "LibreSpeed server";
package = lib.mkPackageOption pkgs "librespeed-rust" { };
domain = mkOption {
description = ''
If not `null`, this will add an entry to `services.librespeed.servers` and
configure librespeed to use TLS.
'';
default = null;
type = with types; nullOr nonEmptyStr;
};
downloadIPDB = mkOption {
description = ''
Whether to download the IP info database before starting librespeed.
Disable this if you want to use the Go implementation.
'';
default = !(cfg.secrets ? "ipinfo_api_key");
defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
type = types.bool;
};
openFirewall = mkOption {
description = ''
Whether to open the firewall for the specified port.
'';
default = false;
type = types.bool;
};
secrets = mkOption {
description = ''
Attribute set of filesystem paths.
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
'';
default = { };
type = with types; nullOr (attrsOf path);
};
settings = mkOption {
description = ''
LibreSpeed configuration written as Nix expression.
All values set to `null` will be excluded from the evaluated config.
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
See [github.com/librespeed][librespeed] for configuration help.
[librespeed]: https://github.com/librespeed/speedtest-rust
'';
default = { };
type =
with types;
nullOr (
attrsOf (oneOf [
(nullOr bool)
int
str
package
])
);
};
frontend = {
enable = lib.mkEnableOption ''
Enables the LibreSpeed frontend and adds a nginx virtual host if
not explicetly disabled and `services.librespeed.domain` is not `null`.
'';
contactEmail = mkOption {
description = "Email address listed in the privacy policy.";
default =
if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
defaultText = lib.literalExpression ''
if (config.services.librespeed.domain != null) then
"webmaster@''${config.services.librespeed.domain}"
else
"webmaster@''${config.networking.fqdn}";
'';
type = types.str;
};
pageTitle = mkOption {
description = "Title of the webpage.";
default = "LibreSpeed";
type = types.str;
};
useNginx = mkOption {
description = ''
Configure nginx for the LibreSpeed frontend.
This will only create a virtual host for the frontend and won't proxy all requests because
the reported upload and download speeds are inaccurate if proxied.
'';
default = cfg.domain != null;
defaultText = lib.literalExpression "config.services.librespeed.domain != null";
type = types.bool;
};
settings = mkOption {
description = ''
Override default settings of the speedtest web client.
See [speedtest_worker.js][link] for a list of possible values.
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
'';
default = {
telemetry_level = "basic";
};
type =
with types;
nullOr (
attrsOf (oneOf [
bool
int
str
float
])
);
};
servers = mkOption {
description = "LibreSpeed servers that should apper in the server list.";
type = types.listOf (
types.submodule {
options =
let
inherit (types) nonEmptyStr;
in
{
name = mkOption {
description = "Name shown in the server list.";
type = nonEmptyStr;
};
server = mkOption {
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
type = nonEmptyStr;
};
dlURL = mkOption {
description = ''
URL path to download test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/garbage";
type = nonEmptyStr;
};
ulURL = mkOption {
description = ''
URL path to upload test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
pingURL = mkOption {
description = ''
URL path to latency/jitter test on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/empty";
type = nonEmptyStr;
};
getIpURL = mkOption {
description = ''
URL path to IP lookup on this server.
Append `.php` to the default value if the server uses the php implementation.
'';
default = "backend/getIP";
type = nonEmptyStr;
};
};
}
);
};
};
};
config = lib.mkIf cfg.enable (
let
librespeedAssets =
pkgs.runCommand "librespeed-assets"
(
let
mapValue =
arg:
if (lib.isBool arg) then
lib.boolToString arg
else if ((lib.isInt arg) || (lib.isFloat arg)) then
toString arg
else
"\"${lib.escape [ "\"" ] (toString arg)}\"";
mapSettings = lib.pipe cfg.frontend.settings [
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
(lib.attrValues)
(lib.concatLines)
];
in
{
preferLocal = true;
serversList = ''
function get_servers() {
return ${builtins.toJSON cfg.frontend.servers}
}
function override_settings () {
${mapSettings}
}
'';
}
)
''
cp -r ${pkgs.librespeed-rust}/assets $out
chmod 666 $out/servers_list.js
cat >$out/servers_list.js <<<"$serversList"
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
'';
in
{
assertions = [
{
assertion = cfg.frontend.useNginx -> cfg.domain != null;
message = ''
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
'';
}
];
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.listen_port ];
};
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
${cfg.domain} = {
locations."/".root = librespeedAssets;
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
enableACME = true;
forceSSL = true;
};
};
security.acme.certs = lib.mkIf (cfg.domain != null) {
${cfg.domain} = {
reloadServices = [ "librespeed.service" ];
webroot = "/var/lib/acme/acme-challenge";
};
};
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
{
name = cfg.domain;
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
}
];
services.librespeed.settings =
let
inherit (lib) mkDefault mkIf;
in
{
assets_path =
if (cfg.frontend.enable && !cfg.frontend.useNginx) then
librespeedAssets
else
pkgs.writeTextDir "index.html" "";
bind_address = mkDefault "::";
listen_port = mkDefault 8989;
base_url = mkDefault "backend";
worker_threads = mkDefault "auto";
database_type = mkDefault "none";
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
#librespeed-rust will fail to start if the following config parameters are omitted.
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
tls_cert_file =
if (cfg.domain != null) then
(mkDefault "/run/credentials/librespeed.service/cert.pem")
else
(mkDefault "");
tls_key_file =
if (cfg.domain != null) then
(mkDefault "/run/credentials/librespeed.service/key.pem")
else
(mkDefault "");
enable_tls = mkDefault (cfg.domain != null);
};
systemd.services =
let
configFile =
let
mapValue =
arg:
if (lib.isBool arg) then
lib.boolToString arg
else if (lib.isInt arg) then
toString arg
else
"\"${lib.escape [ "\"" ] (toString arg)}\"";
in
with lib;
pipe cfg.settings [
(filterAttrs (_: val: val != null))
(mapAttrs (name: val: "${name}=${mapValue val}"))
(attrValues)
(concatLines)
(pkgs.writeText "${cfg.package.name}-config.toml")
];
in
{
librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
description = "LibreSpeed secret helper";
ExecStart =
let
script = pkgs.writeShellApplication {
name = "librespeed-secrets";
runtimeInputs = [ pkgs.coreutils ];
text =
''
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
''
+ lib.pipe cfg.secrets [
(lib.mapAttrs (
name: file: ''
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
${name}="$(<${lib.escapeShellArg file})"
EOF
''
))
(lib.concatLines lib.attrValues)
];
};
in
lib.getExe script;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
RuntimeDirectory = "librespeed";
UMask = "u=rw";
};
};
librespeed = {
description = "LibreSpeed server daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
serviceConfig = {
Type = "simple";
Restart = "always";
DynamicUser = true;
LoadCredential = lib.mkIf (cfg.domain != null) [
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
];
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
ExecStart = "${lib.getExe cfg.package} -c ${
if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
}";
WorkingDirectory = "/var/cache/librespeed";
RuntimeDirectory = "librespeed";
RuntimeDirectoryPreserve = true;
StateDirectory = "librespeed";
CacheDirectory = "librespeed";
SyslogIdentifier = "librespeed";
ReadOnlyPaths = [ cfg.package ];
RestrictSUIDSGID = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectProc = "invisible";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
SystemCallErrorNumber = "EPERM";
LockPersonality = true;
NoNewPrivileges = true;
};
};
};
}
);
meta.maintainers = with lib.maintainers; [ snaki ];
}

View file

@ -38,11 +38,6 @@ in {
default = false;
description = mdDoc "Mark machine as portable.";
};
container = mkOption {
type = types.bool;
default = false;
description = mdDoc "Mark machine as container image.";
};
};
config = {
assertions = [

View file

@ -2,28 +2,40 @@
cfg = config.kyouma.nginx;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
createHost = vhostName: vhostCfg: {
extraConfig = (lib.optionalString (builtins.hasAttr "extraConfig" vhostCfg) vhostCfg.extraConfig) + "\n" + extraConfig;
extraConfig = lib.optionalString (vhostCfg ? "extraConfig") (
vhostCfg.extraConfig + "\n" + extraConfig
) + lib.optionalString (
if (vhostCfg ? "verifyClientCert") then
vhostCfg.verifyClientCert
else false
) ''
ssl_client_certificate ${./kyouma_Root_CA.pem};
ssl_verify_client on;
ssl_verify_depth 1;
'';
forceSSL = true;
#kTLS = true;
#http3 = true;
#quic = true;
} //
lib.optionalAttrs (!(builtins.hasAttr "useACMEHost" vhostCfg)) {
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
enableACME = true;
} //
lib.optionalAttrs (builtins.hasAttr "redirectTo" vhostCfg) {
lib.optionalAttrs (vhostCfg ? "redirectTo") {
enableACME = false;
useACMEHost = vhostCfg.redirectTo;
globalRedirect = vhostCfg.redirectTo;
} //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ]);
lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
http3 = true;
quic = true;
} //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
in {
options = {
@ -38,17 +50,21 @@ in {
};
config = {
services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) (
builtins.mapAttrs (createHost) cfg.virtualHosts) //
lib.optionalAttrs (cfg.defaultForbidden != null) {
"redirect" = {
default = true;
forceSSL = true;
reuseport = true;
useACMEHost = cfg.defaultForbidden;
extraConfig = ''
return 403;
'';
};
builtins.mapAttrs (createHost) cfg.virtualHosts
) // lib.optionalAttrs (cfg.defaultForbidden != null) {
"redirect" = {
quic = true;
http3 = true;
# reuseport has to be specified on the quic listener
# when using worker_processes auto;
reuseport = true;
default = true;
forceSSL = true;
useACMEHost = cfg.defaultForbidden;
extraConfig = ''
return 403;
'';
};
};
};
}

View file

@ -0,0 +1,192 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:94:9e:44:65:f4:61:f8:aa:b3:c1:7b:86:38:21:d9:88:a5:88:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kyouma Root CA
Validity
Not Before: Jun 21 14:02:26 2024 GMT
Not After : Jun 21 14:02:26 2044 GMT
Subject: CN=kyouma Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (7680 bit)
Modulus:
00:f9:d0:a3:4b:d9:77:e3:ec:b4:46:8e:3f:1f:a4:
39:22:60:d8:ad:e9:1e:fe:ad:17:f8:30:d6:f6:fa:
e9:62:f7:36:25:07:e9:6c:83:91:42:0f:e2:53:f1:
ca:70:da:26:7d:bf:bb:1d:d5:4d:5e:99:82:99:39:
97:f3:c3:7d:f9:0d:08:e8:d4:ae:fc:45:88:98:8e:
a3:bc:2a:bd:16:67:32:59:08:59:eb:a8:de:a6:a7:
77:9d:f9:1a:c6:7f:76:92:3d:d7:56:74:2b:a3:5a:
97:8f:05:ab:3b:dc:92:61:2e:7f:95:b1:5c:04:da:
1e:2e:b9:de:7b:16:b2:85:b4:b4:5a:48:34:9a:bb:
18:0d:0a:0a:34:91:f8:8f:f3:79:46:a6:c4:ee:aa:
93:88:03:cf:43:a2:ba:1e:bc:65:f1:78:d8:ce:d8:
2b:fb:db:33:d6:37:ad:d4:9d:44:38:ff:b5:0d:dc:
08:61:2c:fb:f0:86:b2:ef:ff:a8:4f:63:28:13:49:
f8:21:4e:cb:22:98:54:de:e7:b4:e2:b6:14:c9:c5:
59:04:82:04:a2:39:3c:61:f5:91:99:ff:ac:6e:80:
9a:d2:22:7d:51:fb:ad:a3:6a:4c:14:a8:e3:28:d9:
22:ac:c8:3d:34:17:5a:40:ce:8d:3c:52:e7:e1:e9:
d4:75:0d:3f:b8:dd:d3:d2:56:25:92:fa:75:87:81:
fe:59:4a:82:53:d5:e7:03:39:c0:07:84:73:70:d0:
fc:fe:3f:06:e0:f9:0f:59:22:74:05:13:65:58:5a:
a8:1d:7b:52:4f:47:ed:be:26:57:47:49:57:d5:7f:
34:c7:3c:0f:55:d4:17:57:8a:0e:bb:f5:3a:c7:77:
f1:7d:06:49:a9:a8:dd:18:0e:a2:97:52:c8:49:e5:
39:c7:31:5d:07:c3:58:ed:8e:ae:c7:7c:1b:db:8d:
dc:a0:c3:e3:f5:c0:98:35:cf:fc:92:a0:a6:f3:0f:
b1:18:95:c0:01:eb:1d:96:8d:02:7b:9a:dc:29:5d:
59:f1:2a:dc:53:0e:6b:2b:6b:5d:36:03:a1:bd:e4:
e6:b4:1f:5a:66:67:13:4a:2c:7f:56:c9:75:5c:fe:
42:20:24:51:18:bb:ea:30:12:8f:88:d1:ad:fe:eb:
59:92:8d:1e:be:ff:3e:6e:f2:5a:d9:8c:20:f4:35:
ed:bc:01:47:21:d3:10:b9:5d:fe:6a:8e:e0:a3:e3:
e5:6f:ac:8b:fc:61:d0:75:a8:a3:92:1f:2c:cc:c1:
15:17:36:3b:05:ab:58:76:be:63:9d:30:5d:ed:7d:
83:0c:b7:24:8f:10:a8:90:02:ee:68:81:05:cd:d9:
4f:2e:cc:ef:97:62:d1:75:6b:82:f3:d0:34:56:d3:
59:7e:d9:d3:7d:93:ce:1b:17:de:fd:18:4b:e6:50:
72:77:88:60:dd:ff:5e:95:05:61:fe:d8:31:dd:34:
1e:e1:6d:61:1e:80:73:05:3e:3b:22:c2:34:07:48:
9b:0e:06:8d:a6:81:c4:4d:e9:4d:5d:df:e1:04:cd:
5b:85:6e:b2:12:aa:1b:cd:bd:4e:7e:53:ea:59:49:
af:11:70:b3:11:87:0f:af:2f:99:ce:e9:69:db:6d:
d0:5a:14:1a:95:2f:2f:db:bf:36:62:e1:99:ff:7c:
b8:b9:5c:4e:79:33:61:ee:db:4b:6f:40:7d:49:b2:
6e:e1:65:9d:f6:45:fe:27:14:24:82:5d:f6:a4:38:
01:ac:47:54:da:b6:02:c1:ad:79:71:b6:93:64:ec:
a4:06:7b:d6:5e:1c:da:7f:40:16:47:65:47:24:2a:
8b:77:32:49:89:c4:9f:26:d4:f9:a6:ba:e6:42:aa:
74:fd:7e:1e:d1:75:95:5c:5c:d8:d4:bb:75:05:79:
10:7a:df:5a:2b:69:9b:75:28:cb:b5:4e:48:3e:a3:
aa:21:04:95:8f:62:3b:46:2f:07:d0:9e:1c:50:9b:
3d:ba:6d:1f:c2:a0:41:7f:47:43:57:ef:92:31:47:
4a:a2:91:65:43:5c:c1:2b:fd:26:2d:be:41:a7:98:
7a:8f:52:89:5f:81:ff:48:7d:04:2a:b8:4d:50:91:
f5:af:18:33:44:f2:55:5f:68:87:33:d8:e6:4f:5d:
b9:92:ca:06:51:f3:e0:b1:5b:6f:a0:52:fe:6e:98:
22:01:5f:c2:fb:45:59:02:67:62:6f:74:2b:79:62:
e7:5a:13:a8:db:fd:a2:64:b1:0b:49:2f:f4:61:35:
a0:b6:12:2c:ec:24:19:9f:0c:14:85:05:b5:e1:c1:
9e:4e:87:a4:88:c9:79:65:1d:12:ac:89:e6:bc:ed:
6b:58:90:fd:95:40:3f:2e:ba:ff:b8:52:5d:60:98:
32:b9:20:38:a5:08:da:a1:fc:38:89:3c:f1:de:38:
cf:60:d8:69:a1:4b:88:51:f7:31:b8:fc:56:dc:56:
3a:7a:39:c5:03:23:2a:8f:fa:ab:92:7a:b6:37:da:
c1:9f:55:e7:31:b1:c5:be:31:60:08:c2:33:30:ec:
cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C0:C6:7B:04:C4:66:0C:CD:32:FF:B0:6F:E1:D9:51:FD:1C:EE:B7
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
58:b3:2d:00:8e:c2:72:5b:ed:91:8e:3c:98:66:6a:e4:61:c3:
0f:d1:51:98:0c:64:79:3d:01:ac:8a:38:7f:af:fc:80:31:83:
86:a8:79:b9:0f:18:6d:2e:3a:ef:0a:c0:b1:30:39:7e:a4:3d:
ed:4e:35:3e:9e:f1:a3:29:dd:cc:01:1e:62:6b:ed:5b:77:31:
b3:4c:91:1d:69:70:20:44:87:e0:37:17:a0:ba:c4:e5:57:c5:
90:1a:f2:1e:0d:ac:aa:30:11:c3:da:1c:3f:3a:28:b5:6d:12:
ac:45:b6:6c:f0:b2:b2:6e:f0:55:33:8e:29:10:ac:9e:61:ac:
35:ec:ed:c7:e3:51:c2:86:52:10:7a:9c:f6:22:5d:65:65:18:
62:b7:e9:6e:be:64:46:db:dc:15:45:eb:1a:42:45:83:d7:aa:
dd:63:24:4a:ed:b9:d5:35:86:27:22:33:6a:26:4b:32:0a:15:
75:18:19:58:e9:6b:b4:84:ac:00:a3:78:d3:9d:7d:25:3c:5e:
51:7f:01:ca:90:d1:40:2b:d2:45:e1:4f:fb:6e:8d:2e:cc:04:
07:34:07:91:c6:8c:4f:a5:e4:7d:dd:78:0f:b0:9d:01:9d:6e:
89:16:6d:3a:94:dd:38:57:bc:49:c2:e1:b5:aa:54:8f:d1:8b:
13:db:35:2f:d1:80:5e:45:fb:53:60:61:d5:c3:e1:9c:21:60:
a3:83:34:e6:9e:bc:86:70:fe:36:8b:35:55:28:e0:f4:b0:81:
ed:37:59:0e:7a:f6:a7:66:a1:b6:36:45:30:95:c8:80:d6:40:
a9:12:bf:47:b1:33:09:fa:89:d4:9f:c2:57:75:6a:47:dd:87:
3f:b3:d1:3d:13:bc:5e:82:ea:5f:3a:dc:46:35:1e:1f:83:40:
1c:1d:5e:ba:37:18:a3:75:2f:60:a7:84:67:9b:79:17:ad:fb:
2a:5b:d8:84:5d:f2:ff:cc:81:4c:08:e4:17:ec:b7:cf:ac:4c:
0f:91:8a:4c:fa:91:ed:24:39:f9:04:3a:18:b0:b1:c3:57:ed:
9b:f1:cf:ab:bf:07:f1:52:ef:57:de:0a:76:e7:e4:c4:5f:69:
93:71:0c:d4:3f:23:12:55:8c:3d:e6:79:b3:3c:5e:86:ac:1f:
5e:7f:ec:96:d8:da:4d:c9:40:32:ee:b5:cb:6e:86:27:49:45:
e6:89:30:80:fa:ba:ef:21:42:92:ba:f8:a7:51:16:61:04:13:
da:87:ac:c5:9c:c0:19:55:80:2d:4a:32:bb:30:12:0b:49:15:
ec:1e:5b:23:d4:d2:a3:4e:c6:22:19:bc:e2:ba:23:67:88:4c:
54:d0:bf:10:61:91:d9:eb:f7:d7:bc:89:ee:83:0d:a3:2c:81:
a4:c2:38:58:c3:50:b7:fe:3f:f2:bc:a2:f0:52:9d:04:1f:c2:
85:bd:d6:06:77:30:7b:90:3d:29:92:dc:41:a9:40:4b:bb:7c:
b7:91:07:65:2b:03:af:e4:a0:18:ab:a5:76:00:bc:10:e8:21:
41:c7:d7:53:80:41:21:67:af:fe:d1:9d:14:4c:a9:7e:16:1d:
4b:61:a4:f4:b1:e8:88:fe:c4:f1:60:3e:6d:d5:a9:90:14:3e:
95:5d:7d:f0:7b:1e:af:5f:80:63:a8:ce:b1:a7:a1:b2:9a:10:
f7:d9:e7:00:fa:33:d7:61:c9:35:b1:c2:c9:60:0b:a5:1d:08:
a8:b2:1d:56:15:b8:b9:5e:36:b3:df:6a:76:6c:5e:9d:a7:e5:
54:dc:1a:6c:c3:34:f2:c2:c6:ee:7a:68:49:a3:41:d6:54:34:
78:c9:2b:d2:d2:52:94:23:35:d7:c4:bf:c6:e0:21:18:4f:7a:
7a:be:e8:ab:34:fa:f7:4d:1a:4b:3c:37:e9:5f:1c:76:b1:6d:
96:70:f5:f5:db:b4:15:ba:2c:71:25:80:b3:98:4a:d3:1a:8d:
0e:69:24:de:e3:0c:38:64:82:6e:54:d1:74:47:e5:e5:69:b1:
c1:04:12:72:8a:3f:71:c0:9f:dc:db:ba:0e:e8:3d:52:4a:23:
56:04:9b:8c:eb:4f:62:19:7f:f5:bd:1e:48:d9:7f:89:84:3c:
8d:f5:67:21:d6:81:ee:5a:cd:fa:c2:53:60:a0:97:1e:80:a2:
dc:96:89:e6:99:d9:9d:48:23:a0:07:9a:02:06:29:04:eb:03:
79:06:6b:a0:41:98:d2:8f:2d:b4:e3:cb:c2:5e:78:74:a1:92:
29:c9:7d:07:03:ca:3f:8c:f5:71:f0:c4:7d:6a:1b:ac:33:37:
4f:03:54:44:46:b6:76:1c:55:8a:7d:7b:e5:58:4e:a9:f8:e1:
fe:7b:f3:a2:f8:e6:3b:e0:0b:5d:47:a8:b7:aa:f8:f3:c0:65:
b0:e4:1c:22:8f:9e:b9:d1:8f:a6:4a:a4:28:6f:6c:27:31:49:
58:c0:4d:80:3b:e3:e2:22:aa:ec:4e:ba:a5:0d:9e:b8:17:8c:
6b:4e:2d:37:6a:cc:f3:2d:0d:6b:34:b4:00:eb:ce:31:0e:a5:
c4:85:cd:1e:16:0b
-----BEGIN CERTIFICATE-----
MIIIgjCCBKqgAwIBAgIUR5SeRGX0Yfiqs8F7hjgh2YiliPAwDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOa3lvdW1hIFJvb3QgQ0EwHhcNMjQwNjIxMTQwMjI2WhcN
NDQwNjIxMTQwMjI2WjAZMRcwFQYDVQQDDA5reW91bWEgUm9vdCBDQTCCA+IwDQYJ
KoZIhvcNAQEBBQADggPPADCCA8oCggPBAPnQo0vZd+PstEaOPx+kOSJg2K3pHv6t
F/gw1vb66WL3NiUH6WyDkUIP4lPxynDaJn2/ux3VTV6Zgpk5l/PDffkNCOjUrvxF
iJiOo7wqvRZnMlkIWeuo3qand535GsZ/dpI911Z0K6Nal48FqzvckmEuf5WxXATa
Hi653nsWsoW0tFpINJq7GA0KCjSR+I/zeUamxO6qk4gDz0Oiuh68ZfF42M7YK/vb
M9Y3rdSdRDj/tQ3cCGEs+/CGsu//qE9jKBNJ+CFOyyKYVN7ntOK2FMnFWQSCBKI5
PGH1kZn/rG6AmtIifVH7raNqTBSo4yjZIqzIPTQXWkDOjTxS5+Hp1HUNP7jd09JW
JZL6dYeB/llKglPV5wM5wAeEc3DQ/P4/BuD5D1kidAUTZVhaqB17Uk9H7b4mV0dJ
V9V/NMc8D1XUF1eKDrv1Osd38X0GSamo3RgOopdSyEnlOccxXQfDWO2Orsd8G9uN
3KDD4/XAmDXP/JKgpvMPsRiVwAHrHZaNAnua3CldWfEq3FMOaytrXTYDob3k5rQf
WmZnE0osf1bJdVz+QiAkURi76jASj4jRrf7rWZKNHr7/Pm7yWtmMIPQ17bwBRyHT
ELld/mqO4KPj5W+si/xh0HWoo5IfLMzBFRc2OwWrWHa+Y50wXe19gwy3JI8QqJAC
7miBBc3ZTy7M75di0XVrgvPQNFbTWX7Z032TzhsX3v0YS+ZQcneIYN3/XpUFYf7Y
Md00HuFtYR6AcwU+OyLCNAdImw4GjaaBxE3pTV3f4QTNW4VushKqG829Tn5T6llJ
rxFwsxGHD68vmc7padtt0FoUGpUvL9u/NmLhmf98uLlcTnkzYe7bS29AfUmybuFl
nfZF/icUJIJd9qQ4AaxHVNq2AsGteXG2k2TspAZ71l4c2n9AFkdlRyQqi3cySYnE
nybU+aa65kKqdP1+HtF1lVxc2NS7dQV5EHrfWitpm3Uoy7VOSD6jqiEElY9iO0Yv
B9CeHFCbPbptH8KgQX9HQ1fvkjFHSqKRZUNcwSv9Ji2+QaeYeo9SiV+B/0h9BCq4
TVCR9a8YM0TyVV9ohzPY5k9duZLKBlHz4LFbb6BS/m6YIgFfwvtFWQJnYm90K3li
51oTqNv9omSxC0kv9GE1oLYSLOwkGZ8MFIUFteHBnk6HpIjJeWUdEqyJ5rzta1iQ
/ZVAPy66/7hSXWCYMrkgOKUI2qH8OIk88d44z2DYaaFLiFH3Mbj8VtxWOno5xQMj
Ko/6q5J6tjfawZ9V5zGxxb4xYAjCMzDszwIDAQABo0IwQDAdBgNVHQ4EFgQUe8DG
ewTEZgzNMv+wb+HZUf0c7rcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AQYwDQYJKoZIhvcNAQELBQADggPBAFizLQCOwnJb7ZGOPJhmauRhww/RUZgMZHk9
AayKOH+v/IAxg4aoebkPGG0uOu8KwLEwOX6kPe1ONT6e8aMp3cwBHmJr7Vt3MbNM
kR1pcCBEh+A3F6C6xOVXxZAa8h4NrKowEcPaHD86KLVtEqxFtmzwsrJu8FUzjikQ
rJ5hrDXs7cfjUcKGUhB6nPYiXWVlGGK36W6+ZEbb3BVF6xpCRYPXqt1jJErtudU1
hiciM2omSzIKFXUYGVjpa7SErACjeNOdfSU8XlF/AcqQ0UAr0kXhT/tujS7MBAc0
B5HGjE+l5H3deA+wnQGdbokWbTqU3ThXvEnC4bWqVI/RixPbNS/RgF5F+1NgYdXD
4ZwhYKODNOaevIZw/jaLNVUo4PSwge03WQ569qdmobY2RTCVyIDWQKkSv0exMwn6
idSfwld1akfdhz+z0T0TvF6C6l863EY1Hh+DQBwdXro3GKN1L2CnhGebeRet+ypb
2IRd8v/MgUwI5Bfst8+sTA+Rikz6ke0kOfkEOhiwscNX7Zvxz6u/B/FS71feCnbn
5MRfaZNxDNQ/IxJVjD3mebM8XoasH15/7JbY2k3JQDLutctuhidJReaJMID6uu8h
QpK6+KdRFmEEE9qHrMWcwBlVgC1KMrswEgtJFeweWyPU0qNOxiIZvOK6I2eITFTQ
vxBhkdnr99e8ie6DDaMsgaTCOFjDULf+P/K8ovBSnQQfwoW91gZ3MHuQPSmS3EGp
QEu7fLeRB2UrA6/koBirpXYAvBDoIUHH11OAQSFnr/7RnRRMqX4WHUthpPSx6Ij+
xPFgPm3VqZAUPpVdffB7Hq9fgGOozrGnobKaEPfZ5wD6M9dhyTWxwslgC6UdCKiy
HVYVuLleNrPfanZsXp2n5VTcGmzDNPLCxu56aEmjQdZUNHjJK9LSUpQjNdfEv8bg
IRhPenq+6Ks0+vdNGks8N+lfHHaxbZZw9fXbtBW6LHElgLOYStMajQ5pJN7jDDhk
gm5U0XRH5eVpscEEEnKKP3HAn9zbug7oPVJKI1YEm4zrT2IZf/W9HkjZf4mEPI31
ZyHWge5azfrCU2Cglx6AotyWieaZ2Z1II6AHmgIGKQTrA3kGa6BBmNKPLbTjy8Je
eHShkinJfQcDyj+M9XHwxH1qG6wzN08DVERGtnYcVYp9e+VYTqn44f5786L45jvg
C11HqLeq+PPAZbDkHCKPnrnRj6ZKpChvbCcxSVjATYA74+IiquxOuqUNnrgXjGtO
LTdqzPMtDWs0tADrzjEOpcSFzR4WCw==
-----END CERTIFICATE-----

View file

@ -0,0 +1,169 @@
{ config, lib, pkgs, ... }:
let
cfg = config.kyouma.ooklaserver;
in {
options = {
kyouma.ooklaserver = let
inherit (lib) mkOption types;
in {
enable = lib.mkEnableOption "ookla speedtest server";
package = lib.mkPackageOption pkgs "ooklaserver" {};
domain = mkOption {
description = "Domain to use.";
default = null;
type = with types; nullOr nonEmptyStr;
};
openFirewall = mkOption {
description = "Whether to open the firewall for the specified ports.";
default = false;
type = types.bool;
};
tcpPorts = mkOption {
description = ''
The server listens on TCP port 5060 and 8080 by default. These ports are required for
speedtest.net servers, although more can be added.
'';
default = [ 5060 8080 ];
type = with types; listOf port;
};
udpPorts = mkOption {
description = ''
The server listens on UDP port 5060 and 8080 by default. These ports are required for
speedtest.net servers, although more can be added.
'';
default = [ 5060 8080 ];
type = with types; listOf port;
};
settings = mkOption {
description = ''
OoklaServer configuration written as Nix expression.
Comma seperated values should be written as list.
'';
default = {};
type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
str
(attrsOf valueType)
(listOf (oneOf [ port str ]))
]);
in valueType;
};
};
};
config = lib.mkIf cfg.enable {
security.acme.certs.${cfg.domain} = {
reloadServices = [ "ooklaserver.service" ];
webroot = "/var/lib/acme/acme-challenge";
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedUDPPorts = cfg.udpPorts;
allowedTCPPorts = cfg.tcpPorts;
};
kyouma.ooklaserver.settings = let
inherit (lib) mkDefault;
in {
OoklaServer = {
inherit (cfg) tcpPorts udpPorts;
enableAutoUpdate = false;
ssl.useLetsEncrypt = false;
useIPv6 = mkDefault true;
allowedDomains = mkDefault [ "*.ookla.com" "*.speedtest.net" ];
userAgentFilterEnabled = mkDefault true;
workerThreadPool = {
capacity = mkDefault 30000;
stackSizeBytes = mkDefault 102400;
};
ipTracking = {
gcIntervalMinutes = mkDefault 5;
maxIdleAgeMinutes = mkDefault 35;
slidingWindowBucketLengthMinutes = mkDefault 5;
metricTopIpCount = mkDefault 5;
maxConnPerIp = mkDefault 500;
maxConnPerBucketPerIp = mkDefault 20000;
};
clientAuthToken.denyInvalid = mkDefault true;
websocket.frameSizeLimitBytes = mkDefault 5242880;
http.maxHeadersSize = mkDefault 65536;
};
openSSL.server = {
certificateFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/cert.pem";
privateKeyFile = "/run/credentials/${config.systemd.services.ooklaserver.name}/key.pem";
minimumTLSProtocol = mkDefault "1.2";
};
logging.loggers.app = {
name = mkDefault "Application";
channel = {
class = mkDefault "ConsoleChannel";
pattern = mkDefault "[%p] %t";
};
level = mkDefault "information";
};
};
systemd.services.ooklaserver = let
configFile = let
anyToString = arg: if (lib.isBool arg) then
lib.boolToString arg
else if (lib.isList arg) then
lib.concatStringsSep "," (map (val: toString val) arg)
else toString arg;
in
with lib; lib.pipe cfg.settings [
(mapAttrsRecursive (path: val: "${concatStringsSep "." path} = ${anyToString val}"))
(collect isString)
(concatLines)
(pkgs.writeTextDir "bin/OoklaServer.properties")
];
packageWithCfg = pkgs.symlinkJoin {
name = "${cfg.package.name}-with-config";
paths = [ cfg.package configFile ];
};
in {
description = "Ookla speedtest server daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
User = "ooklaserver";
Group = "ooklaserver";
DynamicUser = true;
LoadCredential = [
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
];
ExecStart = "${packageWithCfg}/bin/OoklaServer";
WorkingDirectory = packageWithCfg;
SyslogIdentifier = "ooklaserver";
ReadOnlyPaths = [ packageWithCfg ];
RestrictSUIDSGID = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectProc = "invisible";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
SystemCallErrorNumber = "EPERM";
LockPersonality = true;
NoNewPrivileges = true;
};
};
};
}

View file

@ -0,0 +1,72 @@
{ config, lib, options, pkgs, ... }: let
cfg = config.kyouma.restic;
in {
options.kyouma.restic = let
inherit (lib) mkOption types;
in {
inherit (options.services.restic.backups.type.getSubOptions [])
timerConfig backupPrepareCommand backupCleanupCommand;
enable = lib.mkEnableOption "Enable restic backup";
paths = mkOption {
description = "paths to backup";
type = with types; listOf path;
default = [];
};
pruneOpts = mkOption {
description = "paths to backup";
type = with types; listOf str;
default = [
"--keep-hourly 24"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
];
};
remote = mkOption {
description = "restic remote to use";
type = types.nonEmptyStr;
default = "zh3485.rsync.net";
};
remoteUser = mkOption {
description = "remote ssh user";
type = types.nonEmptyStr;
default = "";
};
user = mkOption {
description = "user who runs the backup job";
type = types.nonEmptyStr;
default = "root";
};
repo = mkOption {
description = "restic repo";
type = types.nonEmptyStr;
default = "${config.networking.hostName}-backup";
};
};
config = lib.mkIf cfg.enable {
sops.secrets."restic/${cfg.remoteUser}/password" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
initialize = true;
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
extraBackupArgs = [
"--compression=max"
"--pack-size=128"
"--read-concurrency=8"
];
extraOptions = let
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
in [
"sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'"
];
};
};
}

View file

@ -0,0 +1 @@
zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd

View file

@ -0,0 +1,7 @@
{
akkoma-frontends
}:
akkoma-frontends.admin-fe.overrideAttrs {
patches = [ ./disable-options.patch ];
}

View file

@ -0,0 +1,12 @@
diff --git a/config/prod.env.js b/config/prod.env.js
index 7acb93a2..ea500e99 100644
--- a/config/prod.env.js
+++ b/config/prod.env.js
@@ -2,6 +2,6 @@ module.exports = {
NODE_ENV: '"production"',
ENV_CONFIG: '"prod"',
BASE_API: '"https://api-prod"',
- DISABLED_FEATURES: '[""]',
+ DISABLED_FEATURES: '["settings","media-proxy-cache","relays"]',
ASSETS_PUBLIC_PATH: '/pleroma/admin/'
}

View file

@ -0,0 +1,53 @@
{
akkoma-frontends,
fetchFromGitea,
fetchYarnDeps
}:
akkoma-frontends.akkoma-fe.overrideAttrs (let
src = fetchFromGitea {
domain = "git.sakamoto.pl";
owner = "domi";
repo = "akkoma-fe";
rev = "5f0339ce005ccb12365128089edb5fd77f60841b";
hash = "sha256-AHmJyOFmQZXmNMMsp8ONm9Itns1H/idEKl8+sxn2RSA=";
};
offlineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
hash = "sha256-7WB6nmxNckMdftKds2OgD2kClvCCT/I5vmthV0jrkSs=";
};
in {
version = "unstable-2024-07-20";
pname = "akkoma-fe-domi";
inherit src offlineCache;
postPatch = ''
# Build scripts assume to be used within a Git repository checkout
substituteInPlace src/modules/instance.js \
--replace-fail "widenTimeline: true" 'widenTimeline: "50%"'
substituteInPlace src/modules/config.js \
--replace-fail "streaming: false" "streaming: true" \
--replace-fail "useStreamingApi: false" "useStreamingApi: true" \
--replace-fail "webPushNotifications: false" "webPushNotifications: true" \
--replace-fail "postLanguage: undefined" 'postLanguage: "en"'
substituteInPlace src/i18n/en.json \
--replace-fail "meow" "florp" \
--replace-fail "Meow" "Florp"
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
build/webpack.prod.conf.js
'';
configurePhase = ''
runHook preConfigure
export HOME="$(mktemp -d)"
yarn config --offline set yarn-offline-mirror ${offlineCache}
fixup-yarn-lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
runHook postConfigure
'';
})

View file

@ -0,0 +1,158 @@
app = 'build-worker-kyoumanet'
primary_region = 'ams'
[build]
image = 'registry.fly.io/build-worker-kyoumanet:latest'
[processes]
bw-00 = '/entrypoint.sh'
bw-01 = '/entrypoint.sh'
bw-02 = '/entrypoint.sh'
bw-03 = '/entrypoint.sh'
bw-04 = '/entrypoint.sh'
bw-05 = '/entrypoint.sh'
bw-06 = '/entrypoint.sh'
bw-07 = '/entrypoint.sh'
bw-08 = '/entrypoint.sh'
[[mounts]]
source = 'bw00'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-00']
[[mounts]]
source = 'bw01'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-01']
[[mounts]]
source = 'bw02'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-02']
[[mounts]]
source = 'bw03'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-03']
[[mounts]]
source = 'bw04'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-04']
[[mounts]]
source = 'bw05'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-05']
[[mounts]]
source = 'bw06'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-06']
[[mounts]]
source = 'bw07'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-07']
[[mounts]]
source = 'bw08'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-08']
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-00']
[[services.ports]]
port = 2200
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-01']
[[services.ports]]
port = 2201
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-02']
[[services.ports]]
port = 2202
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-03']
[[services.ports]]
port = 2203
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-04']
[[services.ports]]
port = 2204
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-05']
[[services.ports]]
port = 2205
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-06']
[[services.ports]]
port = 2206
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-07']
[[services.ports]]
port = 2207
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-08']
[[services.ports]]
port = 2208
[[restart]]
policy = 'never'
[[vm]]
size = 'performance-16x'
memory = '96GB'

View file

@ -0,0 +1,67 @@
# fly.toml app configuration file generated for build-worker-kyoumanet-cdg on 2024-11-21T00:31:54+01:00
#
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
#
app = 'build-worker-kyoumanet-cdg'
primary_region = 'cdg'
[build]
image = 'registry.fly.io/build-worker-kyoumanet:latest'
[processes]
bw-09 = '/entrypoint.sh'
bw-10 = '/entrypoint.sh'
bw-11 = '/entrypoint.sh'
[[mounts]]
source = 'bw09'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-09']
[[mounts]]
source = 'bw10'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-10']
[[mounts]]
source = 'bw11'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-11']
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-09']
[[services.ports]]
port = 2209
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-10']
[[services.ports]]
port = 2210
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-11']
[[services.ports]]
port = 2211
[[restart]]
policy = 'never'
[[vm]]
size = 'performance-16x'
memory = '96GB'

View file

@ -0,0 +1,100 @@
# I hate this so much aaa
{
callPackage,
dockerTools,
openssh,
bash,
gnused,
util-linux,
}:
dockerTools.buildLayeredImage {
name = "build-worker-oci";
tag = "latest";
fromImage = callPackage ./source.nix {};
maxLayers = 110;
passthru.updateScript = ./update.sh;
enableFakechroot = true;
contents = [ openssh util-linux bash gnused ];
config.Cmd = [ "/entrypoint.sh" ];
fakeRootCommands = ''
mkdir -p /root
cat <<EOF > /root/nix.conf
build-users-group = nixbld
experimental-features = nix-command flakes
sandbox = true
substituters = https://cache.kyouma.net https://cache.nixos.org
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
max-substitution-jobs = 20
max-silent-time = 14400
min-free = ${builtins.toString (49152 * 1024 * 1024)}
max-free = ${builtins.toString (65536 * 1024 * 1024)}
system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
EOF
mkdir -p /root/.ssh
cat <<EOF > /root/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAl3/krXJeCcDEJXRuzOdCOrJLG7b6MRqC+a9Xux3mW vika@hydrangea
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQjTy9qqHcs5vgTz+iMAiNNMqdyGtOhEpnpJCReEFfZ vika@rafflesia
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINAgFdk78I4zssUGsAIV01zefLBpwc1W7hfTobbG80XLAAAABHNzaDo= vika@nitrokey
EOF
cat <<EOF > /root/.ssh/environment
PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin
EOF
cat <<EOF > /root/sshd_config
AcceptEnv GIT_PROTOCOL
AuthenticationMethods publickey
AuthorizedPrincipalsFile none
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
GatewayPorts no
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
KbdInteractiveAuthentication no
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
LogLevel INFO
Macs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
PasswordAuthentication no
PermitRootLogin prohibit-password
PermitUserEnvironment yes
PrintMotd no
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com
StreamLocalBindUnlink yes
StrictModes yes
UseDns no
UsePAM no
X11Forwarding no
Banner none
AddressFamily any
Port 2222
Subsystem sftp ${openssh}/libexec/sftp-server
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
HostKey /mnt/data/ssh/ssh_host_ed25519_key
EOF
mkdir -p /etc/keys
mkdir -p /var/empty
mkdir -p /var/log
cp ${./entrypoint.sh} /entrypoint.sh
chmod +x /entrypoint.sh
'';
}

View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
cat /etc/passwd > /root/passwd
rm -f /etc/passwd
cp /root/passwd /etc/passwd
echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd
cat /etc/shadow > /root/shadow
rm -f /etc/shadow
cp /root/shadow /etc/shadow
/bin/sed -i "s/root:!/root:*/g" /etc/shadow
[[ ! -d "/mnt/data/ssh" ]] && mkdir -p /mnt/data/ssh
if [[ "$(ls /mnt/data/ssh/*_key)" = "" ]]; then
ssh-keygen -t "ed25519" -f "/mnt/data/ssh/ssh_host_ed25519_key" -N ""
fi
[[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store
[[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir
[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp
rm -rf /mnt/data/nix-store/*
rm -f /etc/nix/nix.conf
cp /root/nix.conf /etc/nix/nix.conf
/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
/bin/mount --bind /mnt/data/tmp /tmp
/root/.nix-profile/bin/sshd -D -f /root/sshd_config

View file

@ -0,0 +1,11 @@
{
dockerTools,
}:
dockerTools.pullImage {
imageName = "nixos/nix";
imageDigest = "sha256:133a1607deea14a02c2bc0850e275ed135814235a1147f68967afee261caea2b";
sha256 = "0602a59g14l1jiqfffz14hcp982qaqczi5f0ylvv0h9pp2pqrqs5";
finalImageName = "nixos/nix";
finalImageTag = "latest";
}

32
pkgs/build-worker-oci/update.sh Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p skopeo nix-prefetch-docker
set -euo pipefail
while [[ $# -gt 0 ]]; do
case $1 in
*)
echo "Unknown option $1"
exit 1
;;
esac
done
IMAGE=$(nix-prefetch-docker --image-name nixos/nix --image-tag latest --arch amd64 --os linux)
cat > ./pkgs/build-worker-oci/source.nix << EOF
{
dockerTools,
}:
dockerTools.pullImage ${IMAGE}
EOF
nix build .\#packages.x86_64-linux.build-worker-oci
skopeo --insecure-policy copy docker-archive:"result" \
docker://registry.fly.io/build-worker-kyoumanet:latest --dest-creds x:"$(flyctl auth token)" --format v2s2
rm "result"
fly deploy

View file

@ -0,0 +1,34 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
let
version = "1.1.5";
src = fetchFromGitHub {
owner = "librespeed";
repo = "speedtest-go";
rev = "refs/tags/v${version}";
hash = "sha256-ywGrodl/mj/WB25F0TKVvaV0PV4lgc+KEj0x/ix9HT8=";
};
in
buildGoModule {
pname = "librespeed-go";
inherit version src;
vendorHash = "sha256-ev5TEv8u+tx7xIvNaK8b5iq2XXF6I37Fnrr8mb+N2WM=";
ldflags = [ "-w" "-s" ];
postInstall = ''
cp -r web/assets $out/
'';
meta = {
description = "A very lightweight speed test implementation in Go.";
homepage = "https://github.com/librespeed/speedtest-go";
license = lib.licenses.lgpl3Plus;
maintainers = with lib.maintainers; [ snaki ];
mainProgram = "speedtest";
};
}

View file

@ -0,0 +1,38 @@
{
lib,
fetchFromGitHub,
rustPlatform,
}:
let
# https://github.com/librespeed/speedtest-rust/pull/7
version = "unstable-2024-09-28";
src = fetchFromGitHub {
owner = "librespeed";
repo = "speedtest-rust";
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
};
in
rustPlatform.buildRustPackage {
pname = "librespeed-rust";
inherit version src;
cargoLock.lockFile = "${src}/Cargo.lock";
# error: linker `aarch64-linux-gnu-gcc` not found
postPatch = ''
rm .cargo/config.toml
'';
postInstall = ''
cp -r assets $out/
'';
meta = {
description = "A very lightweight speed test implementation in Rust.";
homepage = "https://github.com/librespeed/speedtest-rust";
license = lib.licenses.lgpl3Plus;
maintainers = with lib.maintainers; [ snaki ];
mainProgram = "librespeed-rs";
};
}

View file

@ -2,4 +2,14 @@ final: prev: {
nyastodon = final.callPackage ./nyastodon/default.nix {};
upgrade-system = final.callPackage ./upgrade-system/default.nix {};
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
librespeed-go = final.callPackage ./librespeed-go/default.nix {};
akkoma-fe-domi = final.callPackage ./akkoma-fe-domi/default.nix {};
akkoma-admin-fe = final.callPackage ./akkoma-admin-fe/default.nix {};
nginxQuic = prev.nginxQuic.override {
withSlice = true;
# Use zlib because zlib-ng uses larger buffers then nginx preallocates.
zlib = final.zlib;
};
}

View file

@ -22,19 +22,35 @@ merge_theirs () {
test_build () {
local build_jobs
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
for build in ${build_jobs}; do
local build_status
while true; do
local build_finished
build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")"
[[ ${build_finished} == 1 ]] && break
sleep 5
done
build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")"
[[ $build_status != 0 ]] && echo "Build ${build} failed" && exit 1
[[ $build_status != 0 ]] &&
echo "Build ${build} failed" &&
exit 1
echo "Build ${build} was successful"
done
# Idk why this is broken someone should fix me
# local last_error
# local now
#
# last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
# now="$(date +%s)"
#
# [[ $last_error -gt $now ]] &&
# echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
# exit 1
}
wait_for_hydra () {
@ -42,16 +58,18 @@ wait_for_hydra () {
local hydra_rev
local counter
counter=0
git_rev="$(gitin rev-parse update-inputs)"
while true; do
hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)"
while [[ $counter -lt 180 ]]; do
counter=$((counter +1))
hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/evals" | jq -r '.evals | max_by(.id) | .flake' | sed -E "s/.+&rev=(.*)/\1/g")"
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
echo "Hydra got new commit"
break
fi
sleep 30
sleep 5
done
if [[ $counter -ge 30 ]]; then
if [[ $counter -ge 180 ]]; then
echo "Hydra no workey"
exit 1
fi
@ -87,7 +105,7 @@ gitin push origin update-inputs
echo "Waiting for hydra to get new commit"
export -f wait_for_hydra
timeout 4h bash -c wait_for_hydra
timeout 4h bash -c "wait_for_hydra ${ROOT} ${JOBSET_URL}"
echo "Testing if all build jobs completed successfully"
test_build

View file

@ -0,0 +1,35 @@
restic:
zh3485s1:
password: ENC[AES256_GCM,data:lDDSSqUH3pewpMA+6SNwGwRz95MBjeaD6I3RWUQNBFXsw/W9RoIY85AcRXxCl7CW,iv:NFF6uCs2FolMe9cgPkoAFmbWdXG2SuVRtoOyQXouEAU=,tag:UeC49xFwFkMh0Wi8p9reFw==,type:str]
id_ed25519: ENC[AES256_GCM,data:fe2CAKWSrEOvEPZgGhbigw+DEnDUGtTXEj7nuGaH5enMGDvd7QtRlDYLkM+g9zKrRJ46e2nM6btUZVqqx4rJiUbjJ5B/cBzb259CTxKGgHeMj/cYXPypamIEKFwUrloxzrgxH5JIOoUvj9Ny1P1UPIB//B5Z1Uunqmdqd2XoiAtDwZ/hvyuOfdFyUkKmOnCdF4pheMRXZ6Z51N4f09OIwuZ/xC4LQYAVB2lyycOgrvefPA5YYabMd23yEXn6v/BiP1TWbSInTHvz6Rii2WYqYO3ORCfi1pvWe15kSrTsT9zYRzLvZi5TD+4FMhLmIttZB2OXK7X+h6cHtej7X+v6HKhMKHNJhukRUP7DpcZ0+ArBEdw2j+H7C4q8NdR9rk4we7WpdQlY7tGpJvEzSis+P/Jph/tkzx6xXpKiOeOAXgQUS41qcAy7gmZj7CdsulerUHcfDy4a0y1OEuDmoYW420cGGYOCB9BlvYQbaDhyv5AMSL8sMZfm7mX5qXliE7ZQc20ggKoY2MKH6RjnT8pQhMBWo/NW13PPBDIL,iv:1+aopW183ir5XHMKcDons24A/E61mLuyJGrQTRpPXdE=,tag:s1w+HZdktM0H9FUrz097Cw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeWpKYktzVE1tMkpGU1c5
akZZdlBkeFQyUmUrOHZxTGE2V1FUVmV3cG5VCmZvTG1JTS9SUTk1aVl6TnBPQ1Fh
clRDTmQzQUJxWlYyV2dmVXNyTDJ2K0kKLS0tIHA3S0dsQzRxRWF4RFdSSzh1aXI5
ZFQvWFhZTndubkxaRVh3YXl0V25ZcUEK0/wV9i01kRkphrseSBqAL9f8tUlUtJDO
PUZL2Em/QjNEnXJaxxR612ONA94ptK9bsqzRJV5RtGqDwd+oAnr13Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-08T13:41:02Z"
mac: ENC[AES256_GCM,data:tMatUcv/jbvQ1URp6DrUyuiB9+rgCCdOxEVcM0NBiV5P9DGWE1hWytky4yPE9nFUOWLI7m4nTSEXHuT4yT3LkBd1Ndzhm5wQ0NEAVnZ6Sj7YOQI5CS1q95sviJBv57PBkaajHDNeSJX2hEQeR4qJFUR4fu0hIwadyzeunP/kfKE=,iv:gXRAg4cN43ocQMZm0lL8AnrbDtK+TKGchWpd/TYhnjA=,tag:+HqYuDWjoTdv+CWrJmuwxA==,type:str]
pgp:
- created_at: "2024-11-08T13:31:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdALVqRZ2qzjR86mEE/MHAR5H3gmIukchY/NSvGg1Ggfmsw
uZhnl5puGOO579ItHXbk+BYwBS2koL7jyhnX8E9zmM3d3SZHwzx0mk79fr2jLFj6
0l4BLrhhcpUtzfje4/SeTgWFRIA68ON/PUTmW2Lgclh9OpQfbbousFS/JMvvdHaT
/3uJEww5MKMPlqWqK7w7z6iwIITRKH0vzQoIZ3hVcDKtKOJrJ/1bWcJorFsazxvT
=KZPf
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -0,0 +1,35 @@
restic:
zh3485s2:
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-13T12:51:05Z"
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
pgp:
- created_at: "2024-11-13T12:49:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
=4L7O
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -0,0 +1,35 @@
services:
akkoma:
mailerPassword: ENC[AES256_GCM,data:kNep5V0HVr17bEIY2/AbwRUPqkfHKf9xnOnYi5sMJ+STWjVrQf+AzdueJTAf9Nym,iv:Usmu0uM5ev60Ui8h9zLUcDDJIHNSxAFtMq5LyLwmAsA=,tag:fNIhB8LGJwWO3zzQWgm68A==,type:str]
deepl: ENC[AES256_GCM,data:JVJkCm6UFUlownU/oRTmZ5o85mPv935Hj56JcXCt3PwNmx1kQbyj,iv:UzvGgVter1/9U8g/HQ2FfWNviD0KgWRLnW9fzgfGDag=,tag:q65bd26xFQ6Av71hy8u2fA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NGRYOHFVSXBNdjlpVDhF
V0g2ZkRiZnR6UElvWEZKUWxHSjZySlJadHlvCmpBdzBPRklkOVltZWwzNlNrc0pC
bG9kU3phNmFKNGkwek94Y2hZcjZCNW8KLS0tIFFqM0VTQXRuODAva0Rkc2xvWFB4
VTQ3RExKY093VG8vOThCczRzY2tpY2cKJOv0yVl9Zody0mjtytyjCXpe5V3NsReA
/Dqr6V9Hjuf3u0fjMHAjE6hDPGVH5t5NYLkNDeaGHNTaAd5dnhfprg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-31T16:57:58Z"
mac: ENC[AES256_GCM,data:VJpsLBdnle6bP6ALxLS2eTOEbiHJbNc5D+pvsoJulI9VODtBk0p1VvJv9ilToxh4oiwctMmCKSO4R9NyuZUqoqwwlYtW6tFDITBA2eg/iu/uQjcuuKLC+fFGdtnTpZcShUyMds3qi8Z8Iegk2sSMLk5QXCE2QhMUQ50VN4TXF2c=,iv:rOF34iqckOJMAVm+3RDSdlrJh4hgnyiTut3SM1e0w0E=,tag:cMjMkKkN8UFWGQqQfWBUnA==,type:str]
pgp:
- created_at: "2024-11-04T20:52:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdApk/nEYcccQBCzFwC+hZbMio0s37LJuK6ceSLW786Sjsw
90ggzfOg63e92cyqYxvbKqtCgVHHU/9RmKdsSZM+rFcR3XpzWw0ke10WjZNW0lU5
0l4BuP1sPvP7Z+kxWlITnYl4SPKxVhSmYtAdGbceiGUo36jtpi9vkziuPmyrGttM
t1PNZ9gjGVyNw96rRg9bgXCSvJo2FfMx8GeArj1yuO3+bkkbDm7mFrbF6fMQN3JE
=Q9iO
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1