diff --git a/flake.lock b/flake.lock
index 9319e23..028d8b3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,20 @@
{
"nodes": {
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -36,10 +51,27 @@
"type": "indirect"
}
},
+ "nixpkgs_stable": {
+ "locked": {
+ "lastModified": 1677779205,
+ "narHash": "sha256-6DBjL9wjq86p2GczmwnHtFRnWPBPItc67gapWENBgX8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "96e18717904dfedcd884541e5a92bf9ff632cf39",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
"root": {
"inputs": {
+ "flake-utils": "flake-utils",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
+ "nixpkgs_stable": "nixpkgs_stable",
"vps_nixpkgs": "vps_nixpkgs"
}
},
diff --git a/flake.nix b/flake.nix
index 2075a83..1f15f42 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,19 +3,35 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
+ nixpkgs_stable.url = "nixpkgs/nixos-22.11";
vps_nixpkgs.url = "nixpkgs/master";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
+
+ flake-utils.url = "github:numtide/flake-utils";
+
+ # Required for making sure that Pi-hole continures running if the executing user has no active session
+ #linger = {
+ #url = "github:mindsbackyard/linger-flake";
+ #inputs.flake-utils.follows = "flake-utils";
+ #};
+
+ #pihole = {
+ #url = "github:mindsbackyard/pihole-flake";
+ #inputs.nixpkgs.follows = "nixpkgs";
+ #inputs.flake-utils.follows = "flake-utils";
+ #inputs.linger.follows = "linger";
+ #};
};
- outputs = { self, nixpkgs, vps_nixpkgs, home-manager }@attrs:
+ outputs = { self, nixpkgs, nixpkgs_stable, vps_nixpkgs, home-manager, flake-utils }@attrs:
let
system = "x86_64-linux";
homeManagerSharedModule = {
home-manager.useGlobalPkgs = true;
- home-manager.users.nathan = { config, pkgs, lib, ... }:{
+ home-manager.users.marcus = { config, pkgs, lib, ... }:{
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
@@ -51,18 +67,10 @@
};
};
};
- programs.bash = {
- enable = true;
- sessionVariables = {
- };
- profileExtra = ''
- if [ -e /home/nathan/.nix-profile/etc/profile.d/nix.sh ]; then . /home/nathan/.nix-profile/etc/profile.d/nix.sh; fi # added by Nix installer
- '';
- };
programs.git = {
enable = true;
- userName = "Nathan Braswell";
- userEmail = "nathan@braswell.email";
+ userName = "Marcus Godwin";
+ userEmail = "godwin3@gatech.edu";
};
programs.vim = {
enable = true;
@@ -150,51 +158,6 @@
setw -g mode-keys vi
'';
};
- programs.emacs = {
- enable = true;
- extraConfig = ''
- (menu-bar-mode -1)
- (tool-bar-mode -1)
- (scroll-bar-mode -1)
-
- ;; Use spaces, not tabs, for indentation.
- (setq-default indent-tabs-mode nil)
- ;; Highlight matching pairs of parentheses.
- (setq show-paren-delay 0)
- (show-paren-mode)
-
- ;(require 'smartparens-config)
-
-
- (setq evil-want-C-u-scroll t)
- (evil-mode 1)
- (evil-set-undo-system 'undo-redo)
- (setq key-chord-two-keys-delay 0.5)
- (key-chord-define evil-insert-state-map "jk" 'evil-normal-state)
- (key-chord-mode 1)
- (custom-set-variables
- ;; custom-set-variables was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(custom-safe-themes
- '("3ff4a0ad1a2da59a72536e6030291cf663314c14c8a5a9eb475f3c28436d071d" default)))
- (custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- )
- (load-theme 'dracula t)
- '';
- extraPackages = epkgs: with epkgs; [
- evil key-chord magit proof-general
- #paredit
- #smartparens
- #parinfer-rust-mode
- rainbow-delimiters dracula-theme
- ];
- };
};
};
commonConfigFunc = ({ config, lib, pkgs, modulesPath, ... }: (specificPkgs: {
@@ -202,18 +165,76 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ];
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
time.timeZone = "America/New_York";
+ users.extraUsers.marcus = {
+ name = "marcus";
+ isNormalUser = true;
+ group = "users";
+ extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
+ createHome = true;
+ home = "/home/marcus";
+ shell = "/run/current-system/sw/bin/bash";
+ };
users.extraUsers.nathan = {
name = "nathan";
isNormalUser = true;
group = "users";
- extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "sway" "plugdev" "adbusers"];
+ extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
createHome = true;
home = "/home/nathan";
shell = "/run/current-system/sw/bin/bash";
};
+ # Pi Hole + docker setup
+ virtualisation.oci-containers.backend = "docker";
+ virtualisation.docker.autoPrune.enable = true;
+
+ virtualisation.oci-containers.containers.pihole = {
+ #image = "pihole/pihole:2023.02.2";
+ image = "pihole/pihole:latest";
+ ports = [
+ "5353:53/upd"
+ "5353:53/tcp"
+ "9091:80/tcp"
+ ];
+ volumes = [
+ "/var/lib/pihole/:/etc/pihole/"
+ "/var/lib/dnsmasq.d:/etc/dnsmasq.d"
+ ];
+ environment = {
+ TZ = config.time.timeZone;
+ WEB_PORT = "80";
+ WEBPASSWORD = "critical";
+ PIHOLE_DNS_ = "172.17.0.1";
+ REV_SERVER = "true";
+ REV_SERVER_DOMAIN = "pihole.local";
+ REV_SERVER_TARGET = "192.168.1.1";
+ REV_SERVER_CIDR = "192.168.1.0/16";
+ DNSMASQ_LISTENING = "all";
+ };
+ extraOptions = [
+ "--add-host=host.docker.internal:host-gateway"
+ ];
+ };
+ #systemd.services."docker-pihole".postStart = ''
+ #while ! docker ps | grep pihole; do
+ #sleep 10s
+ #echo "Waiting on containers"
+ #done
+ #sleep 30s
+
+ #docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
+ #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
+ #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
+ #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
+
+ #docker exec pihole pihole -g
+ #'';
+
+ # Enable flatpak for installing/running steam link software
+ services.flatpak.enable = true;
+
# testing
- services.jellyfin.enable = false;
+ services.jellyfin.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
@@ -226,10 +247,10 @@
extraPortals = [pkgs.xdg-desktop-portal-gtk ];
gtkUsePortal = true;
};
- services.blueman.enable = true;
-
- services.printing.enable = true;
- services.printing.drivers = [ pkgs.brlaser ];
+ nixpkgs.overlays = [ (self: super: {
+ glusterfs = (import nixpkgs_stable { inherit system; overlays = []; }).pkgs.glusterfs;
+ }) ];
+ services.glusterfs.enable = true;
programs.sway = {
enable = true;
@@ -243,6 +264,7 @@
kanshi # autorandr
bemenu # is this right?
i3status
+ ffmpeg_5-full
];
};
@@ -254,14 +276,27 @@
# For steam, and Vulkan in general
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+ };
+ hardware.opengl = {
+ enable = true;
+ extraPackages = with pkgs; [
+ intel-media-driver
+ vaapiIntel
+ vaapiVdpau
+ libvdpau-va-gl
+ intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+ ];
+ };
environment.systemPackages = with pkgs; [
tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop
firefox-wayland chromium gnome.nautilus
- vlc steam calibre foliate transmission-gtk mupdf
- gimp
+ vlc steam transmission-gtk mupdf
foot pavucontrol pywal
- sway wayland glib dracula-theme gnome.adwaita-icon-theme swaylock swayidle wl-clipboard
+ sway wayland glib dracula-theme gnome.adwaita-icon-theme wl-clipboard
(pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
@@ -303,540 +338,83 @@
ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file";
};
};
- services.syncthing = {
- enable = true;
- user = "nathan";
- dataDir = "/home/nathan/syncthing_stuff";
- configDir = "/home/nathan/syncthing_stuff/.config/syncthing";
- };
services.openssh.enable = true;
services.tailscale.enable = true;
networking.firewall.enable = false;
+
+ #services.pihole = {
+ #enable = true;
+ #hostConfig = {
+ #user = "pihole";
+ #enableLingeringForUser = true;
+ #persistVolumes = true;
+ #dnsPort = 5335;
+ #webPort = 8080;
+ #};
+ #piholeConfig.ftl = {
+ #LOCAL_IPV4 = "192.168.4.200";
+ #};
+ #piholeConfig.web = {
+ #virtualHost = "pi.hole";
+ #password = "password";
+ #};
+ #};
+
+ #networking.firewall.interfaces.eth0 = {
+ #allowedTCPPorts = [ 5335 8080 ];
+ #allowedUDPPorts = [ 5335 ];
+ #};
}));
in {
- nixosConfigurations.nixos4800H = nixpkgs.lib.nixosSystem {
+ nixosConfigurations.panam = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs;
modules = [
- home-manager.nixosModules.home-manager
- homeManagerSharedModule
- ({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs [ pkgs.light ]) {
- # HARDWARE
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+ # make the module declared by linger flake available to our config
+ #linger.nixosModules.${system}.default
+ #pihole.nixosModules.${system}.default
- boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" = { device = "/dev/disk/by-uuid/ae8e4a92-53dd-49b5-bf3a-aeb9a109c01e"; fsType = "ext4"; };
- fileSystems."/boot" = { device = "/dev/disk/by-uuid/28E9-0409"; fsType = "vfat"; };
- swapDevices = [ ];
- nix.maxJobs = lib.mkDefault 16;
- # END HARDWARE
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.kernelPackages = pkgs.linuxPackages_latest;
- networking.hostName = "nixos4800H"; # Define your hostname.
-
- # THIS SEEMS CONTRADICTORY
- # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- # Per-interface useDHCP will be mandatory in the future, so this generated config
- # replicates the default behaviour.
- networking.useDHCP = false;
- networking.interfaces.eno1.useDHCP = true;
- networking.interfaces.wlp1s0.useDHCP = true;
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "10.100.0.7/24" ];
- privateKeyFile = "/home/nathan/wireguard-keys/private";
- peers = [
- {
- publicKey = "WXx7XXJzerPJBPMTvZ454iQhx5Q5bFvBgF6NsPPX9nk=";
- allowedIPs = [ "10.100.0.0/24" ];
- #allowedIPs = [ "0.0.0.0/0" ];
- ## Then sudo ip route add 104.238.179.164 via 10.0.0.1 dev enp30s0
- endpoint = "104.238.179.164:51820";
- persistentKeepalive = 25;
- }
- ];
- };
- };
- system.stateVersion = "20.03";
- }))
- ];
- };
- nixosConfigurations.nixos-desktop = nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = attrs;
- modules = [
- home-manager.nixosModules.home-manager
- homeManagerSharedModule
- ({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs []) {
- # HARDWARE
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
- boot.supportedFilesystems = [ "ntfs" ];
- fileSystems."/" = { device = "/dev/disk/by-uuid/163c1731-2f66-436b-a74f-20f84ec628dd"; fsType = "ext4"; };
- fileSystems."/boot" = { device = "/dev/disk/by-uuid/9C44-5411"; fsType = "vfat"; };
- #fileSystems."/big_disk" = { device = "/dev/disk/by-uuid/B610D69310D65A47"; fsType = "ntfs3"; options = ["rw" "uid=1000"]; };
- swapDevices = [ ];
- networking.useDHCP = lib.mkDefault true;
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
- # END HARDWARE
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- networking.hostName = "nixos-desktop"; # Define your hostname.
- system.stateVersion = "22.11";
- }))
- ];
- };
- nixosConfigurations.condoserver = nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = attrs;
- modules = [
home-manager.nixosModules.home-manager
homeManagerSharedModule
({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs []) {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- fileSystems."/" = { device = "/dev/disk/by-uuid/0ef06a3a-080d-4f15-b53e-54c91adb8ec9"; fsType = "ext4"; };
- fileSystems."/boot" = { device = "/dev/disk/by-uuid/86F4-9779"; fsType = "vfat"; };
- swapDevices = [ { device = "/dev/disk/by-uuid/20cc65f9-f35e-419a-b00f-252cd576b2ce"; } ];
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
- # high-resolution display
- hardware.video.hidpi.enable = lib.mkDefault true;
+
+ # needed for stable restarts of pi-hole container
+ #boot.cleanTmpDir = true;
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; };
+ fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; };
+ swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ];
+ # Mounted data drives for use by glusterfs
+ fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
+ fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; };
+ fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; };
+ # Glusterfs shared storage
+ fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; };
+ networking.useDHCP = lib.mkDefault true;
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ # high-resolution display
+ hardware.video.hidpi.enable = lib.mkDefault true;
+
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# don't suspend on lid close
services.logind.lidSwitch = "ignore";
- networking.hostName = "condoserver"; # Define your hostname.
+ networking.hostName = "panam"; # Define your hostname.
system.stateVersion = "22.11"; # Did you read the comment?
}))
];
};
- nixosConfigurations.vps = vps_nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = attrs;
- modules = [
- ({config, pkgs, lib, ... }: {
- # HARDWARE
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc";
- fsType = "ext4";
- };
- nix.maxJobs = lib.mkDefault 1;
- # END HARDWARE
-
- nix.gc.automatic = true;
- imports = [ ];
-
- nixpkgs.overlays = [ ( self: super: {
- mautrix-telegram = super.mautrix-telegram.overrideAttrs (old: {
- #src = pkgs.fetchFromGitHub {
- # owner = "tulir";
- # repo = old.pname;
- # #rev = "v${version}";
- # # Literal next commit to fix double-puppeting 2 typing 2 furious
- # rev = "eca1032d1660099216e71a7e0b24d35bb4833d74";
- # sha256 = "1vpdgi1szhlccni1d87bbcsi2p08ifs1s2iinimkc7d8ldqv1p52";
- #};
- propagatedBuildInputs = old.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [
- #asyncpg
- python-olm pycryptodome unpaddedbase64
- ]);
- });
- }) ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
-
- swapDevices = [{
- device = "/var/swapfile";
- size = 4096;
- }];
-
- networking.hostName = "vps"; # Define your hostname.
- networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
- # WireGuard
- networking.nat.enable = true;
- networking.nat.externalInterface = "ens3";
- networking.nat.internalInterfaces = ["wg0"];
- networking.firewall = {
- #allowedTCPPorts = [ 22 80 443 3478 3479 ];
- #allowedUDPPorts = [ 22 80 443 5349 5350 51820 ];
- allowedTCPPorts = [ 22 80 443 ];
- allowedUDPPorts = [ 22 80 443 51820 ];
- #extraCommands = ''
- # iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- #'';
- };
- #networking.wireguard.interfaces = {
- # wg0 = {
- # ips = [ "10.100.0.1/24" ];
- # listenPort = 51820;
- # privateKeyFile = "/home/nathan/wireguard-keys/private";
- # peers = [
- # {
- # publicKey = "FqJShA/dz8Jj73tSyjzcsyASOEv6uAFs6e/vRol8ygc=";
- # allowedIPs = [ "10.100.0.2/32" ];
- # }
- # {
- # publicKey = "aAgay9pn/3Vj1nHC4GFY2vysW12n5VFyuUcB5+0pux8=";
- # allowedIPs = [ "10.100.0.3/32" ];
- # }
- # {
- # publicKey = "u55Jkd4dRdBqnhliIP9lwsxIYow2Tr8BhPPhKFtaVAc=";
- # allowedIPs = [ "10.100.0.4/32" ];
- # }
- # {
- # publicKey = "J/BWU33DYMkoWOKSZWrtAqWciep03YuicaDMD5MCqWg=";
- # allowedIPs = [ "10.100.0.5/32" ];
- # }
- # {
- # publicKey = "y2gAEhg1vwK1+nka2Knu7NyOk8HaaY4w18nD6EMyLSk=";
- # allowedIPs = [ "10.100.0.6/32" ];
- # }
- # {
- # publicKey = "SoaYh1mb6DYd6TuOEFl4lRCZUBTPQfOnWHIOmtkgxxM=";
- # allowedIPs = [ "10.100.0.7/32" ];
- # }
- # ];
- # };
- #};
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
- services.openssh.kbdInteractiveAuthentication = false;
- services.openssh.permitRootLogin = "prohibit-password";
-
- services.mastodon = {
- enable = true;
- localDomain = "mastodon.room409.xyz";
- configureNginx = true;
- smtp.fromAddress = "notifications@mastodon.room409.xyz";
- };
-
- services.mautrix-telegram = {
- enable = true;
- settings = {
- homeserver = {
- address = "https://synapse.room409.xyz";
- domain = "synapse.room409.xyz";
- };
- bridge.permissions = {
- "synapse.room409.xyz" = "full";
- "@miloignis:synapse.room409.xyz" = "admin";
- };
- bridge.encryption = {
- allow = true;
- require_verification = false;
- };
- };
- environmentFile = /var/lib/mautrix-telegram/secrets;
- };
-
- #services.bookbot = {
- # enable = true;
- # port = 8888;
- #};
-
- services.matrix-synapse = {
- enable = true;
-
- settings = {
- server_name = "synapse.room409.xyz";
- public_baseurl = "https://synapse.room409.xyz/";
-
- enable_registration = false;
- #registration_shared_secret = null;
- database.name = "psycopg2";
- url_preview_enabled = true;
- report_stats = true;
- max_upload_size = "100M";
-
- listeners = [
- {
- port = 8008;
- tls = false;
- resources = [
- {
- compress = true;
- names = ["client" "federation"];
- }
- ];
- }
- ];
- app_service_config_files = [
- "/var/lib/matrix-synapse/telegram-registration.yaml"
- "/var/lib/matrix-synapse/facebook-registration.yaml"
- ];
- };
- };
-
- services.gitea = {
- enable = true;
- disableRegistration = true;
- appName = "Room409.xyz Forge";
- domain = "forge.room409.xyz";
- rootUrl = "https://forge.room409.xyz/";
- httpPort = 3001;
- };
-
- services.postgresql = {
- enable = true;
- # postgresql user and db name in the service.matrix-synapse.databse_args setting is default
- initialScript = pkgs.writeText "synapse-init.sql" ''
- CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
- CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- '';
- };
-
- services.headscale = {
- enable = true;
- address = "0.0.0.0";
- port = 8789;
- serverUrl = "https://headscale.room409.xyz";
- dns.baseDomain = "wg.test";
- settings.logtail.enabled = false;
- };
-
- security.acme.email = "miloignis@gmail.com";
- security.acme.acceptTerms = true;
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
-
- virtualHosts."headscale.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://localhost:8789";
- proxyWebsockets = true;
- };
- };
-
- virtualHosts."forge.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://localhost:3001";
- };
-
- virtualHosts."synapse.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/.well-known/matrix/server".extraConfig = ''
- add_header Content-Type application/json;
- return 200 '{ "m.server": "synapse.room409.xyz:443" }';
- '';
- locations."/.well-known/matrix/client".extraConfig = ''
- add_header Content-Type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '{ "m.homeserver": {"base_url": "https://synapse.room409.xyz"}, "m.identity_server": { "base_url": "https://vector.im"} }';
- '';
- locations."/".proxyPass = "http://localhost:8008";
- locations."/".extraConfig = ''
- client_max_body_size 100M;
- proxy_set_header X-Forwarded-For $remote_addr;
- '';
- };
-
- virtualHosts."element-synapse.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- root = pkgs.element-web.override {
- conf = {
- default_server_name = "synapse.room409.xyz";
- default_server_config = "";
- };
- };
- };
-
- virtualHosts."kraken-lang.org" = {
- forceSSL = true;
- enableACME = true;
- root = "/var/www/kraken-lang.org";
- locations."/k_prime.wasm".extraConfig = ''
- default_type application/wasm;
- '';
- };
- virtualHosts."faint.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- root = "/var/www/faint.room409.xyz";
- };
- #virtualHosts."www.kraken-lang.org" = {
- # forceSSL = true;
- # enableACME = true;
- # root = "/var/www/kraken-lang.org";
- # locations."/k_prime.wasm".extraConfig = ''
- # default_type application/wasm;
- # '';
- #};
- virtualHosts."room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- root = pkgs.writeTextDir "index.html" ''
-
-
-
- room409.xyz
-
-
-
-
- It's like a hacker wrote it
-
- Keyboard Cowpeople Team: Serif, a cross platform Matrix client
-
- MiloIgnis: Kraken Programming Language
-
-
- '';
- };
- #locations."/bookclub/".proxyPass = "http://localhost:8888/room/!xSMgeFJYbuYTOGAGga:synapse.room409.xyz/";
- };
-
- virtualHosts."miloignis.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- root = pkgs.writeTextDir "index.html" ''
-
-
-
- MiloIgnis's Website
-
-
-
-
-
- Hello! I'm MiloIgnis, a part-time PhD student studing programming languages and compilers.
- My current project is making a functional language based on Vau-calculus (inspired by John Shutt's work) practial via partial evlauation and some clever compilation techniques.
- That project, Kraken, is here.
-
-
- - Matrix - @miloignis:synapse.room409.xyz
- - Mastodon - @miloignis
-
-
-
-
- '';
- };
- };
-
- virtualHosts."internet-list.room409.xyz" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- root = pkgs.writeTextDir "index.html" ''
-
-
-
- room409.xyz
-
-
-
- A list of colors on the internet
-
- - Blue
- - Chilladelphia
- - Kenny
-
-
-
- '';
- };
- };
-
- #virtualHosts."4800H.room409.xyz" = {
- # forceSSL = true;
- # enableACME = true;
- # locations."/".proxyPass = "http://10.100.0.7:80";
- #};
- };
-
- services.journald.extraConfig = "SystemMaxUse=50M";
-
- services.tailscale.enable = true;
- environment.systemPackages = with pkgs; [
- htop tmux git vim wget unzip file
- iftop ripgrep
- config.services.headscale.package
- #wireguard
- ];
- users.extraUsers.nathan = {
- name = "nathan";
- isNormalUser = true;
- group = "users";
- extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "plugdev"];
- createHome = true;
- home = "/home/nathan";
- shell = "/run/current-system/sw/bin/bash";
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjyWh/SPOgx+yOgrc8g8+7PR0+CWMrWZ4PaWcmgDzfUGAWyj2FHBNG2gLvIKn4+TAwvbEPp+7YXxlmiYltUWNlEXEzryhrhYiqeun9uApT+fgzxF278/VeS+NErX4S2WGwhUdybk6MSs0cpUVp+TNiZFUH+ltTcLai3aLaMaL13Z024DzjpD4jRVG4PErHTe/6dTfdmg6AS7gB0b+LTjFzdYSdeYsHxqcig+d+34vQkNmV2dIvLpNkbpzyfUyE3g1gpYTgRKgY4mZqd6QUKOyIH0SDqPUDrmK6e1LK2yTYe1jP39G2JhAMOrSm8jEFm7RLxHXJ862EqD8gFV2aCQ2HUFlFpx7t02Tgvw80grQRoJKJyYtElO6CAr+oFnhxWnYgUsoYmGLSp5Nv1wV9WHkprWnGyuj/CGM8D3gwFSL672IYQOGTwQElcclRZ/uMlNjtyw6ky4VV22gDZag1hMfZhWf/nmMNql8dCoqY7K36XAAEDXjiS5J9EZe7AexLV68= nathan@nixos_4800H" # laptop
-
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmGhDNdwDXulhJ8MGehlfLQZ8Qzxv2K4vXqyvJWSkMj5XzCRcylKME0qdfiA+G0SeozCY2Qhd2xiPsaL3PaZX7HD1fiesO0jofl9Ph+VIbwwP2LT7kYYSoUXSdj3uPBdZD8BhSZsMHIPVQfzj5JkvE1W9AQik+d5o7RPO8srpo8JHRpH0lgJbuiLWkpLX2sD2hjlI5uMhMekGnI0UA3ie3x9Xnh3J019X0K3Efxm8X31k60j9J0bgGLhxYwu42+kiJKabdpk5tFsqLvDRbzPUGSm+5ZiWMX5ILDbr+/Aczzb2ek5rzsEB2s48BmxBtJnXfjnQtBo6URuJYzVSI9V6vEgUnueGPY/DN1oeRZqTcqujIADh3ZMcdKg1cfdvNYoSk2FcFz0rZXTLjkwOAK2HMRZFXK5ijX7tpnb5GXsiDa0uoWhJVByzrnlqZ65LuHdLFPbe+A/N+T3wzykIkG2hNv8mRJi7/pWjNy2O2iKsSSSabN5xjxI7aFzyUQK+23UF2wzLc1+f4qMcB5HoHhktOV1QRM4RKtvYhdkAG0O/C5Wu0BItrjQbAoqSa29QLlBpHCIlY4Vr8S4kNXf8mm8gRrKATHNZBTUAVNMDYFcd9n4hyK8ERGodaXFDP7m/r+yZaHLcpQQ46sYjq2nbkP1yYaCbmVoEEUpKRtP2UDc91w== miloignis@gmail.com" # desktop
-
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSG8Mi192YYB1PSmRUQGT0WxMuG8f3HKmdC6Y/NTKlRZDMeyV81cxmJpMjpKszc0P5e0j6F4Q1y9R0GybRPVFFgA5I5ETReWcJ1pe8Bs/BxZpxcl/fESUl2YOoEWxGzwha7CAIAlgMFTljj9osYTx+b8j+6MFhlsRnUCaxngRle2JeSmkCFYMlkKjynTHME4OjfRb3xR1VmB489s25tMmRjpzGuD6+5o0x+nX3yk8t711vKcuYx0irwi3sn4w9bKXamPOZH/5sCNz1Q7Qgz9BWOPYXMpnYytDcps7ACAqpKu3etzBvMQo+TZzivr+yZhePhUWovE1HpPVTBqEf3D+ekHZ5ZdQ6Y4W3/16WdDYCq9eCdZvsPOAFi9Sl/lf74LuzEqD1pPHg7avh7+fNJN2r0KoyozuvDSIwW8Kwo1uSav0XCHvdsFmSUmEXjwb4M2Bue6XDWCrVa8FiRpS1F/uvLgdWsZIkBJCX6vy6zPkFMJoKG9IdT4KYCn1KW3ifwTs= nathan@nixos" #condoserver
-
- ];
- };
-
- system.stateVersion = "20.03";
- })
- ];
- };
};
}