miloignis/nix_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Setup before Nathan (hehe me) modifies a bunch of stuff

Browse Source
This commit is contained in:
Marcus Godwin
2023-03-06 19:00:50 -05:00
parent 84f040f8bf
commit 4bec798787
2 changed files with 186 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+32
View File
@@ -1,5 +1,20 @@
{ {
"nodes": { "nodes": {
"flake-utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -36,10 +51,27 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_stable": {
"locked": {
"lastModified": 1677779205,
"narHash": "sha256-6DBjL9wjq86p2GczmwnHtFRnWPBPItc67gapWENBgX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "96e18717904dfedcd884541e5a92bf9ff632cf39",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs_stable": "nixpkgs_stable",
"vps_nixpkgs": "vps_nixpkgs" "vps_nixpkgs": "vps_nixpkgs"
} }
}, },
flake.nix
+154 -576
View File
@@ -3,19 +3,35 @@
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs_stable.url = "nixpkgs/nixos-22.11";
vps_nixpkgs.url = "nixpkgs/master"; vps_nixpkgs.url = "nixpkgs/master";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
flake-utils.url = "github:numtide/flake-utils";
# Required for making sure that Pi-hole continures running if the executing user has no active session
#linger = {
#url = "github:mindsbackyard/linger-flake";
#inputs.flake-utils.follows = "flake-utils";
#};
#pihole = {
#url = "github:mindsbackyard/pihole-flake";
#inputs.nixpkgs.follows = "nixpkgs";
#inputs.flake-utils.follows = "flake-utils";
#inputs.linger.follows = "linger";
#};
}; };
outputs = { self, nixpkgs, vps_nixpkgs, home-manager }@attrs: outputs = { self, nixpkgs, nixpkgs_stable, vps_nixpkgs, home-manager, flake-utils }@attrs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
homeManagerSharedModule = { homeManagerSharedModule = {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.users.nathan = { config, pkgs, lib, ... }:{ home-manager.users.marcus = { config, pkgs, lib, ... }:{
# This value determines the Home Manager release that your # This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage # configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards # when a new Home Manager release introduces backwards
@@ -51,18 +67,10 @@
}; };
}; };
}; };
programs.bash = {
enable = true;
sessionVariables = {
};
profileExtra = ''
if [ -e /home/nathan/.nix-profile/etc/profile.d/nix.sh ]; then . /home/nathan/.nix-profile/etc/profile.d/nix.sh; fi # added by Nix installer
'';
};
programs.git = { programs.git = {
enable = true; enable = true;
userName = "Nathan Braswell"; userName = "Marcus Godwin";
userEmail = "nathan@braswell.email"; userEmail = "godwin3@gatech.edu";
}; };
programs.vim = { programs.vim = {
enable = true; enable = true;
@@ -150,51 +158,6 @@
setw -g mode-keys vi setw -g mode-keys vi
''; '';
}; };
programs.emacs = {
enable = true;
extraConfig = ''
(menu-bar-mode -1)
(tool-bar-mode -1)
(scroll-bar-mode -1)
;; Use spaces, not tabs, for indentation.
(setq-default indent-tabs-mode nil)
;; Highlight matching pairs of parentheses.
(setq show-paren-delay 0)
(show-paren-mode)
;(require 'smartparens-config)
(setq evil-want-C-u-scroll t)
(evil-mode 1)
(evil-set-undo-system 'undo-redo)
(setq key-chord-two-keys-delay 0.5)
(key-chord-define evil-insert-state-map "jk" 'evil-normal-state)
(key-chord-mode 1)
(custom-set-variables
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(custom-safe-themes
'("3ff4a0ad1a2da59a72536e6030291cf663314c14c8a5a9eb475f3c28436d071d" default)))
(custom-set-faces
;; custom-set-faces was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
)
(load-theme 'dracula t)
'';
extraPackages = epkgs: with epkgs; [
evil key-chord magit proof-general
#paredit
#smartparens
#parinfer-rust-mode
rainbow-delimiters dracula-theme
];
};
}; };
}; };
commonConfigFunc = ({ config, lib, pkgs, modulesPath, ... }: (specificPkgs: { commonConfigFunc = ({ config, lib, pkgs, modulesPath, ... }: (specificPkgs: {
@@ -202,18 +165,76 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
users.extraUsers.marcus = {
name = "marcus";
isNormalUser = true;
group = "users";
extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
createHome = true;
home = "/home/marcus";
shell = "/run/current-system/sw/bin/bash";
};
users.extraUsers.nathan = { users.extraUsers.nathan = {
name = "nathan"; name = "nathan";
isNormalUser = true; isNormalUser = true;
group = "users"; group = "users";
extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "sway" "plugdev" "adbusers"]; extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
createHome = true; createHome = true;
home = "/home/nathan"; home = "/home/nathan";
shell = "/run/current-system/sw/bin/bash"; shell = "/run/current-system/sw/bin/bash";
}; };
# Pi Hole + docker setup
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.autoPrune.enable = true;
virtualisation.oci-containers.containers.pihole = {
#image = "pihole/pihole:2023.02.2";
image = "pihole/pihole:latest";
ports = [
"5353:53/upd"
"5353:53/tcp"
"9091:80/tcp"
];
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d"
];
environment = {
TZ = config.time.timeZone;
WEB_PORT = "80";
WEBPASSWORD = "critical";
PIHOLE_DNS_ = "172.17.0.1";
REV_SERVER = "true";
REV_SERVER_DOMAIN = "pihole.local";
REV_SERVER_TARGET = "192.168.1.1";
REV_SERVER_CIDR = "192.168.1.0/16";
DNSMASQ_LISTENING = "all";
};
extraOptions = [
"--add-host=host.docker.internal:host-gateway"
];
};
#systemd.services."docker-pihole".postStart = ''
#while ! docker ps | grep pihole; do
#sleep 10s
#echo "Waiting on containers"
#done
#sleep 30s
#docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
#docker exec pihole pihole -g
#'';
# Enable flatpak for installing/running steam link software
services.flatpak.enable = true;
# testing # testing
services.jellyfin.enable = false; services.jellyfin.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@@ -226,10 +247,10 @@
extraPortals = [pkgs.xdg-desktop-portal-gtk ]; extraPortals = [pkgs.xdg-desktop-portal-gtk ];
gtkUsePortal = true; gtkUsePortal = true;
}; };
services.blueman.enable = true; nixpkgs.overlays = [ (self: super: {
glusterfs = (import nixpkgs_stable { inherit system; overlays = []; }).pkgs.glusterfs;
services.printing.enable = true; }) ];
services.printing.drivers = [ pkgs.brlaser ]; services.glusterfs.enable = true;
programs.sway = { programs.sway = {
enable = true; enable = true;
@@ -243,6 +264,7 @@
kanshi # autorandr kanshi # autorandr
bemenu # is this right? bemenu # is this right?
i3status i3status
ffmpeg_5-full
]; ];
}; };
@@ -255,13 +277,26 @@
hardware.opengl.driSupport = true; hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop
firefox-wayland chromium gnome.nautilus firefox-wayland chromium gnome.nautilus
vlc steam calibre foliate transmission-gtk mupdf vlc steam transmission-gtk mupdf
gimp
foot pavucontrol pywal foot pavucontrol pywal
sway wayland glib dracula-theme gnome.adwaita-icon-theme swaylock swayidle wl-clipboard sway wayland glib dracula-theme gnome.adwaita-icon-theme wl-clipboard
(pkgs.writeTextFile { (pkgs.writeTextFile {
name = "dbus-sway-environment"; name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment"; destination = "/bin/dbus-sway-environment";
@@ -303,540 +338,83 @@
ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file"; ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file";
}; };
}; };
services.syncthing = {
enable = true;
user = "nathan";
dataDir = "/home/nathan/syncthing_stuff";
configDir = "/home/nathan/syncthing_stuff/.config/syncthing";
};
services.openssh.enable = true; services.openssh.enable = true;
services.tailscale.enable = true; services.tailscale.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;
#services.pihole = {
#enable = true;
#hostConfig = {
#user = "pihole";
#enableLingeringForUser = true;
#persistVolumes = true;
#dnsPort = 5335;
#webPort = 8080;
#};
#piholeConfig.ftl = {
#LOCAL_IPV4 = "192.168.4.200";
#};
#piholeConfig.web = {
#virtualHost = "pi.hole";
#password = "password";
#};
#};
#networking.firewall.interfaces.eth0 = {
#allowedTCPPorts = [ 5335 8080 ];
#allowedUDPPorts = [ 5335 ];
#};
})); }));
in { in {
nixosConfigurations.nixos4800H = nixpkgs.lib.nixosSystem { nixosConfigurations.panam = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = attrs; specialArgs = attrs;
modules = [ modules = [
home-manager.nixosModules.home-manager # make the module declared by linger flake available to our config
homeManagerSharedModule #linger.nixosModules.${system}.default
({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs [ pkgs.light ]) { #pihole.nixosModules.${system}.default
# HARDWARE
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { device = "/dev/disk/by-uuid/ae8e4a92-53dd-49b5-bf3a-aeb9a109c01e"; fsType = "ext4"; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/28E9-0409"; fsType = "vfat"; };
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 16;
# END HARDWARE
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.hostName = "nixos4800H"; # Define your hostname.
# THIS SEEMS CONTRADICTORY
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.useDHCP = true;
networking.interfaces.wlp1s0.useDHCP = true;
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.7/24" ];
privateKeyFile = "/home/nathan/wireguard-keys/private";
peers = [
{
publicKey = "WXx7XXJzerPJBPMTvZ454iQhx5Q5bFvBgF6NsPPX9nk=";
allowedIPs = [ "10.100.0.0/24" ];
#allowedIPs = [ "0.0.0.0/0" ];
## Then sudo ip route add 104.238.179.164 via 10.0.0.1 dev enp30s0
endpoint = "104.238.179.164:51820";
persistentKeepalive = 25;
}
];
};
};
system.stateVersion = "20.03";
}))
];
};
nixosConfigurations.nixos-desktop = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs;
modules = [
home-manager.nixosModules.home-manager
homeManagerSharedModule
({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs []) {
# HARDWARE
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = { device = "/dev/disk/by-uuid/163c1731-2f66-436b-a74f-20f84ec628dd"; fsType = "ext4"; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/9C44-5411"; fsType = "vfat"; };
#fileSystems."/big_disk" = { device = "/dev/disk/by-uuid/B610D69310D65A47"; fsType = "ntfs3"; options = ["rw" "uid=1000"]; };
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# END HARDWARE
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos-desktop"; # Define your hostname.
system.stateVersion = "22.11";
}))
];
};
nixosConfigurations.condoserver = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs;
modules = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
homeManagerSharedModule homeManagerSharedModule
({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs []) { ({ config, lib, pkgs, modulesPath, ... }@innerArgs: (lib.recursiveUpdate (commonConfigFunc innerArgs []) {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ]; # needed for stable restarts of pi-hole container
boot.kernelModules = [ "kvm-intel" ]; #boot.cleanTmpDir = true;
boot.extraModulePackages = [ ];
fileSystems."/" = { device = "/dev/disk/by-uuid/0ef06a3a-080d-4f15-b53e-54c91adb8ec9"; fsType = "ext4"; }; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
fileSystems."/boot" = { device = "/dev/disk/by-uuid/86F4-9779"; fsType = "vfat"; }; boot.initrd.kernelModules = [ ];
swapDevices = [ { device = "/dev/disk/by-uuid/20cc65f9-f35e-419a-b00f-252cd576b2ce"; } ]; boot.kernelModules = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; boot.extraModulePackages = [ ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; };
hardware.video.hidpi.enable = lib.mkDefault true; fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; };
swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ];
# Mounted data drives for use by glusterfs
fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; };
fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; };
# Glusterfs shared storage
fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; };
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# don't suspend on lid close # don't suspend on lid close
services.logind.lidSwitch = "ignore"; services.logind.lidSwitch = "ignore";
networking.hostName = "condoserver"; # Define your hostname. networking.hostName = "panam"; # Define your hostname.
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
})) }))
]; ];
}; };
nixosConfigurations.vps = vps_nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs;
modules = [
({config, pkgs, lib, ... }: {
# HARDWARE
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc";
fsType = "ext4";
};
nix.maxJobs = lib.mkDefault 1;
# END HARDWARE
nix.gc.automatic = true;
imports = [ ];
nixpkgs.overlays = [ ( self: super: {
mautrix-telegram = super.mautrix-telegram.overrideAttrs (old: {
#src = pkgs.fetchFromGitHub {
# owner = "tulir";
# repo = old.pname;
# #rev = "v${version}";
# # Literal next commit to fix double-puppeting 2 typing 2 furious
# rev = "eca1032d1660099216e71a7e0b24d35bb4833d74";
# sha256 = "1vpdgi1szhlccni1d87bbcsi2p08ifs1s2iinimkc7d8ldqv1p52";
#};
propagatedBuildInputs = old.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [
#asyncpg
python-olm pycryptodome unpaddedbase64
]);
});
}) ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
swapDevices = [{
device = "/var/swapfile";
size = 4096;
}];
networking.hostName = "vps"; # Define your hostname.
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
# WireGuard
networking.nat.enable = true;
networking.nat.externalInterface = "ens3";
networking.nat.internalInterfaces = ["wg0"];
networking.firewall = {
#allowedTCPPorts = [ 22 80 443 3478 3479 ];
#allowedUDPPorts = [ 22 80 443 5349 5350 51820 ];
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ 22 80 443 51820 ];
#extraCommands = ''
# iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#'';
};
#networking.wireguard.interfaces = {
# wg0 = {
# ips = [ "10.100.0.1/24" ];
# listenPort = 51820;
# privateKeyFile = "/home/nathan/wireguard-keys/private";
# peers = [
# {
# publicKey = "FqJShA/dz8Jj73tSyjzcsyASOEv6uAFs6e/vRol8ygc=";
# allowedIPs = [ "10.100.0.2/32" ];
# }
# {
# publicKey = "aAgay9pn/3Vj1nHC4GFY2vysW12n5VFyuUcB5+0pux8=";
# allowedIPs = [ "10.100.0.3/32" ];
# }
# {
# publicKey = "u55Jkd4dRdBqnhliIP9lwsxIYow2Tr8BhPPhKFtaVAc=";
# allowedIPs = [ "10.100.0.4/32" ];
# }
# {
# publicKey = "J/BWU33DYMkoWOKSZWrtAqWciep03YuicaDMD5MCqWg=";
# allowedIPs = [ "10.100.0.5/32" ];
# }
# {
# publicKey = "y2gAEhg1vwK1+nka2Knu7NyOk8HaaY4w18nD6EMyLSk=";
# allowedIPs = [ "10.100.0.6/32" ];
# }
# {
# publicKey = "SoaYh1mb6DYd6TuOEFl4lRCZUBTPQfOnWHIOmtkgxxM=";
# allowedIPs = [ "10.100.0.7/32" ];
# }
# ];
# };
#};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.kbdInteractiveAuthentication = false;
services.openssh.permitRootLogin = "prohibit-password";
services.mastodon = {
enable = true;
localDomain = "mastodon.room409.xyz";
configureNginx = true;
smtp.fromAddress = "notifications@mastodon.room409.xyz";
};
services.mautrix-telegram = {
enable = true;
settings = {
homeserver = {
address = "https://synapse.room409.xyz";
domain = "synapse.room409.xyz";
};
bridge.permissions = {
"synapse.room409.xyz" = "full";
"@miloignis:synapse.room409.xyz" = "admin";
};
bridge.encryption = {
allow = true;
require_verification = false;
};
};
environmentFile = /var/lib/mautrix-telegram/secrets;
};
#services.bookbot = {
# enable = true;
# port = 8888;
#};
services.matrix-synapse = {
enable = true;
settings = {
server_name = "synapse.room409.xyz";
public_baseurl = "https://synapse.room409.xyz/";
enable_registration = false;
#registration_shared_secret = null;
database.name = "psycopg2";
url_preview_enabled = true;
report_stats = true;
max_upload_size = "100M";
listeners = [
{
port = 8008;
tls = false;
resources = [
{
compress = true;
names = ["client" "federation"];
}
];
}
];
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/facebook-registration.yaml"
];
};
};
services.gitea = {
enable = true;
disableRegistration = true;
appName = "Room409.xyz Forge";
domain = "forge.room409.xyz";
rootUrl = "https://forge.room409.xyz/";
httpPort = 3001;
};
services.postgresql = {
enable = true;
# postgresql user and db name in the service.matrix-synapse.databse_args setting is default
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.headscale = {
enable = true;
address = "0.0.0.0";
port = 8789;
serverUrl = "https://headscale.room409.xyz";
dns.baseDomain = "wg.test";
settings.logtail.enabled = false;
};
security.acme.email = "miloignis@gmail.com";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."headscale.room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8789";
proxyWebsockets = true;
};
};
virtualHosts."forge.room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3001";
};
virtualHosts."synapse.room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
return 200 '{ "m.server": "synapse.room409.xyz:443" }';
'';
locations."/.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{ "m.homeserver": {"base_url": "https://synapse.room409.xyz"}, "m.identity_server": { "base_url": "https://vector.im"} }';
'';
locations."/".proxyPass = "http://localhost:8008";
locations."/".extraConfig = ''
client_max_body_size 100M;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
virtualHosts."element-synapse.room409.xyz" = {
forceSSL = true;
enableACME = true;
root = pkgs.element-web.override {
conf = {
default_server_name = "synapse.room409.xyz";
default_server_config = "";
};
};
};
virtualHosts."kraken-lang.org" = {
forceSSL = true;
enableACME = true;
root = "/var/www/kraken-lang.org";
locations."/k_prime.wasm".extraConfig = ''
default_type application/wasm;
'';
};
virtualHosts."faint.room409.xyz" = {
forceSSL = true;
enableACME = true;
root = "/var/www/faint.room409.xyz";
};
#virtualHosts."www.kraken-lang.org" = {
# forceSSL = true;
# enableACME = true;
# root = "/var/www/kraken-lang.org";
# locations."/k_prime.wasm".extraConfig = ''
# default_type application/wasm;
# '';
#};
virtualHosts."room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.writeTextDir "index.html" ''<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>room409.xyz</title>
<style>
h1, h2 ,h3 { line-height:1.2; }
body {
max-width: 45em;
margin: 1em auto;
padding: 0 .62em;
font: 1.2em/1.62 sans-serif;
}
</style>
</head>
<body>
<header><h1>So Mean and Clean</h1></header>
<i>It's like a hacker wrote it</i>
<br> <br>
<b>Keyboard Cowpeople Team:</b> <a href="https://github.com/Limvot/Serif">Serif, a cross platform Matrix client</a>
<br> <br>
<b>MiloIgnis:</b> <a href="https://kraken-lang.org/">Kraken Programming Language</a>
</body>
</html>
'';
};
#locations."/bookclub/".proxyPass = "http://localhost:8888/room/!xSMgeFJYbuYTOGAGga:synapse.room409.xyz/";
};
virtualHosts."miloignis.room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.writeTextDir "index.html" ''<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>MiloIgnis's Website</title>
<style>
h1, h2 ,h3 { line-height:1.2; }
body {
max-width: 45em;
margin: 1em auto;
padding: 0 .62em;
font: 1.2em/1.62 sans-serif;
}
</style>
</head>
<body>
<header><h1>MiloIgnis's Website</h1></header>
<br> <br>
Hello! I'm MiloIgnis, a part-time PhD student studing programming languages and compilers.
My current project is making a functional language based on Vau-calculus (inspired by John Shutt's work) practial via partial evlauation and some clever compilation techniques.
That project, Kraken, is <a href="https://kraken-lang.org/">here</a>.
<ol>
<li>Matrix - <a href="https://matrix.to/#/@miloignis:synapse.room409.xyz">@miloignis:synapse.room409.xyz</a></li>
<li>Mastodon - <a rel="me" href="https://mastodon.room409.xyz/@miloignis">@miloignis</a></li>
</ol>
<br> <br>
</body>
</html>
'';
};
};
virtualHosts."internet-list.room409.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.writeTextDir "index.html" ''<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>room409.xyz</title>
<style>
h1, h2 ,h3 { line-height:1.2; }
body {
max-width: 45em;
margin: 1em auto;
padding: 0 .62em;
font: 1.2em/1.62 sans-serif;
}
</style>
</head>
<body>
<header><h1>A list of colors on the internet</h1></header>
<ol>
<li>Blue</li>
<li>Chilladelphia</li>
<li>Kenny</li>
</ol>
</body>
</html>
'';
};
};
#virtualHosts."4800H.room409.xyz" = {
# forceSSL = true;
# enableACME = true;
# locations."/".proxyPass = "http://10.100.0.7:80";
#};
};
services.journald.extraConfig = "SystemMaxUse=50M";
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [
htop tmux git vim wget unzip file
iftop ripgrep
config.services.headscale.package
#wireguard
];
users.extraUsers.nathan = {
name = "nathan";
isNormalUser = true;
group = "users";
extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "plugdev"];
createHome = true;
home = "/home/nathan";
shell = "/run/current-system/sw/bin/bash";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjyWh/SPOgx+yOgrc8g8+7PR0+CWMrWZ4PaWcmgDzfUGAWyj2FHBNG2gLvIKn4+TAwvbEPp+7YXxlmiYltUWNlEXEzryhrhYiqeun9uApT+fgzxF278/VeS+NErX4S2WGwhUdybk6MSs0cpUVp+TNiZFUH+ltTcLai3aLaMaL13Z024DzjpD4jRVG4PErHTe/6dTfdmg6AS7gB0b+LTjFzdYSdeYsHxqcig+d+34vQkNmV2dIvLpNkbpzyfUyE3g1gpYTgRKgY4mZqd6QUKOyIH0SDqPUDrmK6e1LK2yTYe1jP39G2JhAMOrSm8jEFm7RLxHXJ862EqD8gFV2aCQ2HUFlFpx7t02Tgvw80grQRoJKJyYtElO6CAr+oFnhxWnYgUsoYmGLSp5Nv1wV9WHkprWnGyuj/CGM8D3gwFSL672IYQOGTwQElcclRZ/uMlNjtyw6ky4VV22gDZag1hMfZhWf/nmMNql8dCoqY7K36XAAEDXjiS5J9EZe7AexLV68= nathan@nixos_4800H" # laptop
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmGhDNdwDXulhJ8MGehlfLQZ8Qzxv2K4vXqyvJWSkMj5XzCRcylKME0qdfiA+G0SeozCY2Qhd2xiPsaL3PaZX7HD1fiesO0jofl9Ph+VIbwwP2LT7kYYSoUXSdj3uPBdZD8BhSZsMHIPVQfzj5JkvE1W9AQik+d5o7RPO8srpo8JHRpH0lgJbuiLWkpLX2sD2hjlI5uMhMekGnI0UA3ie3x9Xnh3J019X0K3Efxm8X31k60j9J0bgGLhxYwu42+kiJKabdpk5tFsqLvDRbzPUGSm+5ZiWMX5ILDbr+/Aczzb2ek5rzsEB2s48BmxBtJnXfjnQtBo6URuJYzVSI9V6vEgUnueGPY/DN1oeRZqTcqujIADh3ZMcdKg1cfdvNYoSk2FcFz0rZXTLjkwOAK2HMRZFXK5ijX7tpnb5GXsiDa0uoWhJVByzrnlqZ65LuHdLFPbe+A/N+T3wzykIkG2hNv8mRJi7/pWjNy2O2iKsSSSabN5xjxI7aFzyUQK+23UF2wzLc1+f4qMcB5HoHhktOV1QRM4RKtvYhdkAG0O/C5Wu0BItrjQbAoqSa29QLlBpHCIlY4Vr8S4kNXf8mm8gRrKATHNZBTUAVNMDYFcd9n4hyK8ERGodaXFDP7m/r+yZaHLcpQQ46sYjq2nbkP1yYaCbmVoEEUpKRtP2UDc91w== miloignis@gmail.com" # desktop
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSG8Mi192YYB1PSmRUQGT0WxMuG8f3HKmdC6Y/NTKlRZDMeyV81cxmJpMjpKszc0P5e0j6F4Q1y9R0GybRPVFFgA5I5ETReWcJ1pe8Bs/BxZpxcl/fESUl2YOoEWxGzwha7CAIAlgMFTljj9osYTx+b8j+6MFhlsRnUCaxngRle2JeSmkCFYMlkKjynTHME4OjfRb3xR1VmB489s25tMmRjpzGuD6+5o0x+nX3yk8t711vKcuYx0irwi3sn4w9bKXamPOZH/5sCNz1Q7Qgz9BWOPYXMpnYytDcps7ACAqpKu3etzBvMQo+TZzivr+yZhePhUWovE1HpPVTBqEf3D+ekHZ5ZdQ6Y4W3/16WdDYCq9eCdZvsPOAFi9Sl/lf74LuzEqD1pPHg7avh7+fNJN2r0KoyozuvDSIwW8Kwo1uSav0XCHvdsFmSUmEXjwb4M2Bue6XDWCrVa8FiRpS1F/uvLgdWsZIkBJCX6vy6zPkFMJoKG9IdT4KYCn1KW3ifwTs= nathan@nixos" #condoserver
];
};
system.stateVersion = "20.03";
})
];
};
}; };
} }