From 763c37351d91828542a2b59d0d5fe6d02a79e957 Mon Sep 17 00:00:00 2001 From: Nathan Braswell Date: Sat, 18 Feb 2023 16:16:45 -0500 Subject: [PATCH] Combine with main flake, though keeping nixpkgs inputs seperate for now --- flake.lock | 30 +- flake.nix | 391 ++++++++++++++++- ...activate_flake.sh => vps_activate_flake.sh | 0 vps_flake/flake.lock | 76 ---- vps_flake/flake.nix | 401 ------------------ 5 files changed, 413 insertions(+), 485 deletions(-) rename vps_flake/vps_activate_flake.sh => vps_activate_flake.sh (100%) delete mode 100644 vps_flake/flake.lock delete mode 100644 vps_flake/flake.nix diff --git a/flake.lock b/flake.lock index c77248e..9319e23 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1675935446, - "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=", + "lastModified": 1676367705, + "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2dce7f1a55e785a22d61668516df62899278c9e4", + "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1676202775, - "narHash": "sha256-gV/RnfVZkGLHn+5rmX2GSh5aquVHpWOJw1cnpEV03tQ=", + "lastModified": 1676569297, + "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d917136f550a8c36efb1724390c7245105f79023", + "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", "type": "github" }, "original": { @@ -39,7 +39,8 @@ "root": { "inputs": { "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "vps_nixpkgs": "vps_nixpkgs" } }, "utils": { @@ -56,6 +57,21 @@ "repo": "flake-utils", "type": "github" } + }, + "vps_nixpkgs": { + "locked": { + "lastModified": 1673410828, + "narHash": "sha256-xAggTjXt7iqOe4lNRtq+B31cjxchvJOr9zIJJ4JmfY8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9852294f15c380cd61fd441538982426f8ee8ccc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "master", + "type": "indirect" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 12ade3a..d43f82a 100644 --- a/flake.nix +++ b/flake.nix @@ -3,13 +3,14 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; + vps_nixpkgs.url = "nixpkgs/master"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, home-manager }@attrs: + outputs = { self, nixpkgs, vps_nixpkgs, home-manager }@attrs: let system = "x86_64-linux"; homeManagerSharedModule = { @@ -426,5 +427,393 @@ })) ]; }; + nixosConfigurations.vps = vps_nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = attrs; + modules = [ + ({config, pkgs, lib, ... }: { + # HARDWARE + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + fileSystems."/" = + { device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc"; + fsType = "ext4"; + }; + nix.maxJobs = lib.mkDefault 1; + # END HARDWARE + + nix.gc.automatic = true; + imports = [ ]; + + nixpkgs.overlays = [ ( self: super: { + mautrix-telegram = super.mautrix-telegram.overrideAttrs (old: { + #src = pkgs.fetchFromGitHub { + # owner = "tulir"; + # repo = old.pname; + # #rev = "v${version}"; + # # Literal next commit to fix double-puppeting 2 typing 2 furious + # rev = "eca1032d1660099216e71a7e0b24d35bb4833d74"; + # sha256 = "1vpdgi1szhlccni1d87bbcsi2p08ifs1s2iinimkc7d8ldqv1p52"; + #}; + propagatedBuildInputs = old.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [ + #asyncpg + python-olm pycryptodome unpaddedbase64 + ]); + }); + }) ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only + + swapDevices = [{ + device = "/var/swapfile"; + size = 4096; + }]; + + networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; + # WireGuard + networking.nat.enable = true; + networking.nat.externalInterface = "ens3"; + networking.nat.internalInterfaces = ["wg0"]; + networking.firewall = { + #allowedTCPPorts = [ 22 80 443 3478 3479 ]; + #allowedUDPPorts = [ 22 80 443 5349 5350 51820 ]; + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ 22 80 443 51820 ]; + extraCommands = '' + iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + ''; + }; + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + privateKeyFile = "/home/nathan/wireguard-keys/private"; + peers = [ + { + publicKey = "FqJShA/dz8Jj73tSyjzcsyASOEv6uAFs6e/vRol8ygc="; + allowedIPs = [ "10.100.0.2/32" ]; + } + { + publicKey = "aAgay9pn/3Vj1nHC4GFY2vysW12n5VFyuUcB5+0pux8="; + allowedIPs = [ "10.100.0.3/32" ]; + } + { + publicKey = "u55Jkd4dRdBqnhliIP9lwsxIYow2Tr8BhPPhKFtaVAc="; + allowedIPs = [ "10.100.0.4/32" ]; + } + { + publicKey = "J/BWU33DYMkoWOKSZWrtAqWciep03YuicaDMD5MCqWg="; + allowedIPs = [ "10.100.0.5/32" ]; + } + { + publicKey = "y2gAEhg1vwK1+nka2Knu7NyOk8HaaY4w18nD6EMyLSk="; + allowedIPs = [ "10.100.0.6/32" ]; + } + { + publicKey = "SoaYh1mb6DYd6TuOEFl4lRCZUBTPQfOnWHIOmtkgxxM="; + allowedIPs = [ "10.100.0.7/32" ]; + } + ]; + }; + }; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + services.openssh.kbdInteractiveAuthentication = false; + services.openssh.permitRootLogin = "prohibit-password"; + + services.mastodon = { + enable = true; + localDomain = "mastodon.room409.xyz"; + configureNginx = true; + smtp.fromAddress = "notifications@mastodon.room409.xyz"; + }; + + services.mautrix-telegram = { + enable = true; + settings = { + homeserver = { + address = "https://synapse.room409.xyz"; + domain = "synapse.room409.xyz"; + }; + bridge.permissions = { + "synapse.room409.xyz" = "full"; + "@miloignis:synapse.room409.xyz" = "admin"; + }; + bridge.encryption = { + allow = true; + require_verification = false; + }; + }; + environmentFile = /var/lib/mautrix-telegram/secrets; + }; + + #services.bookbot = { + # enable = true; + # port = 8888; + #}; + + services.matrix-synapse = { + enable = true; + + settings = { + server_name = "synapse.room409.xyz"; + public_baseurl = "https://synapse.room409.xyz/"; + + enable_registration = false; + #registration_shared_secret = null; + database.name = "psycopg2"; + url_preview_enabled = true; + report_stats = true; + max_upload_size = "100M"; + + listeners = [ + { + port = 8008; + tls = false; + resources = [ + { + compress = true; + names = ["client" "federation"]; + } + ]; + } + ]; + app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/facebook-registration.yaml" + ]; + }; + }; + + services.gitea = { + enable = true; + disableRegistration = true; + appName = "Room409.xyz Forge"; + domain = "forge.room409.xyz"; + rootUrl = "https://forge.room409.xyz/"; + httpPort = 3001; + }; + + services.postgresql = { + enable = true; + # postgresql user and db name in the service.matrix-synapse.databse_args setting is default + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + + security.acme.email = "miloignis@gmail.com"; + security.acme.acceptTerms = true; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."forge.room409.xyz" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3001"; + }; + + virtualHosts."synapse.room409.xyz" = { + forceSSL = true; + enableACME = true; + locations."/.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '{ "m.server": "synapse.room409.xyz:443" }'; + ''; + locations."/.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{ "m.homeserver": {"base_url": "https://synapse.room409.xyz"}, "m.identity_server": { "base_url": "https://vector.im"} }'; + ''; + locations."/".proxyPass = "http://localhost:8008"; + locations."/".extraConfig = '' + client_max_body_size 100M; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + + virtualHosts."element-synapse.room409.xyz" = { + forceSSL = true; + enableACME = true; + root = pkgs.element-web.override { + conf = { + default_server_name = "synapse.room409.xyz"; + default_server_config = ""; + }; + }; + }; + + virtualHosts."kraken-lang.org" = { + forceSSL = true; + enableACME = true; + root = "/var/www/kraken-lang.org"; + locations."/k_prime.wasm".extraConfig = '' + default_type application/wasm; + ''; + }; + virtualHosts."faint.room409.xyz" = { + forceSSL = true; + enableACME = true; + root = "/var/www/faint.room409.xyz"; + }; + #virtualHosts."www.kraken-lang.org" = { + # forceSSL = true; + # enableACME = true; + # root = "/var/www/kraken-lang.org"; + # locations."/k_prime.wasm".extraConfig = '' + # default_type application/wasm; + # ''; + #}; + virtualHosts."room409.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = pkgs.writeTextDir "index.html" '' + + + + room409.xyz + + + +

So Mean and Clean

+ It's like a hacker wrote it +

+ Keyboard Cowpeople Team: Serif, a cross platform Matrix client +

+ MiloIgnis: Kraken Programming Language + + + ''; + }; + #locations."/bookclub/".proxyPass = "http://localhost:8888/room/!xSMgeFJYbuYTOGAGga:synapse.room409.xyz/"; + }; + + virtualHosts."miloignis.room409.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = pkgs.writeTextDir "index.html" '' + + + + MiloIgnis's Website + + + +

MiloIgnis's Website

+

+ Hello! I'm MiloIgnis, a part-time PhD student studing programming languages and compilers. + My current project is making a functional language based on Vau-calculus (inspired by John Shutt's work) practial via partial evlauation and some clever compilation techniques. + That project, Kraken, is here. + +
    +
  1. Matrix - @miloignis:synapse.room409.xyz
    2. +
  2. Mastodon - @miloignis
    3. +
+

+ + + ''; + }; + }; + + virtualHosts."internet-list.room409.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = pkgs.writeTextDir "index.html" '' + + + + room409.xyz + + + +

A list of colors on the internet

+
    +
  1. Blue
    2. +
  2. Chilladelphia
    3. +
  3. Kenny
    4. +
+ + + ''; + }; + }; + + #virtualHosts."4800H.room409.xyz" = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://10.100.0.7:80"; + #}; + }; + + services.journald.extraConfig = "SystemMaxUse=50M"; + + environment.systemPackages = with pkgs; [ + htop tmux git vim wget unzip file + iftop ripgrep + #wireguard + ]; + users.extraUsers.nathan = { + name = "nathan"; + isNormalUser = true; + group = "users"; + extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "plugdev"]; + createHome = true; + home = "/home/nathan"; + shell = "/run/current-system/sw/bin/bash"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjyWh/SPOgx+yOgrc8g8+7PR0+CWMrWZ4PaWcmgDzfUGAWyj2FHBNG2gLvIKn4+TAwvbEPp+7YXxlmiYltUWNlEXEzryhrhYiqeun9uApT+fgzxF278/VeS+NErX4S2WGwhUdybk6MSs0cpUVp+TNiZFUH+ltTcLai3aLaMaL13Z024DzjpD4jRVG4PErHTe/6dTfdmg6AS7gB0b+LTjFzdYSdeYsHxqcig+d+34vQkNmV2dIvLpNkbpzyfUyE3g1gpYTgRKgY4mZqd6QUKOyIH0SDqPUDrmK6e1LK2yTYe1jP39G2JhAMOrSm8jEFm7RLxHXJ862EqD8gFV2aCQ2HUFlFpx7t02Tgvw80grQRoJKJyYtElO6CAr+oFnhxWnYgUsoYmGLSp5Nv1wV9WHkprWnGyuj/CGM8D3gwFSL672IYQOGTwQElcclRZ/uMlNjtyw6ky4VV22gDZag1hMfZhWf/nmMNql8dCoqY7K36XAAEDXjiS5J9EZe7AexLV68= nathan@nixos_4800H" # laptop + + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmGhDNdwDXulhJ8MGehlfLQZ8Qzxv2K4vXqyvJWSkMj5XzCRcylKME0qdfiA+G0SeozCY2Qhd2xiPsaL3PaZX7HD1fiesO0jofl9Ph+VIbwwP2LT7kYYSoUXSdj3uPBdZD8BhSZsMHIPVQfzj5JkvE1W9AQik+d5o7RPO8srpo8JHRpH0lgJbuiLWkpLX2sD2hjlI5uMhMekGnI0UA3ie3x9Xnh3J019X0K3Efxm8X31k60j9J0bgGLhxYwu42+kiJKabdpk5tFsqLvDRbzPUGSm+5ZiWMX5ILDbr+/Aczzb2ek5rzsEB2s48BmxBtJnXfjnQtBo6URuJYzVSI9V6vEgUnueGPY/DN1oeRZqTcqujIADh3ZMcdKg1cfdvNYoSk2FcFz0rZXTLjkwOAK2HMRZFXK5ijX7tpnb5GXsiDa0uoWhJVByzrnlqZ65LuHdLFPbe+A/N+T3wzykIkG2hNv8mRJi7/pWjNy2O2iKsSSSabN5xjxI7aFzyUQK+23UF2wzLc1+f4qMcB5HoHhktOV1QRM4RKtvYhdkAG0O/C5Wu0BItrjQbAoqSa29QLlBpHCIlY4Vr8S4kNXf8mm8gRrKATHNZBTUAVNMDYFcd9n4hyK8ERGodaXFDP7m/r+yZaHLcpQQ46sYjq2nbkP1yYaCbmVoEEUpKRtP2UDc91w== miloignis@gmail.com" # desktop + + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSG8Mi192YYB1PSmRUQGT0WxMuG8f3HKmdC6Y/NTKlRZDMeyV81cxmJpMjpKszc0P5e0j6F4Q1y9R0GybRPVFFgA5I5ETReWcJ1pe8Bs/BxZpxcl/fESUl2YOoEWxGzwha7CAIAlgMFTljj9osYTx+b8j+6MFhlsRnUCaxngRle2JeSmkCFYMlkKjynTHME4OjfRb3xR1VmB489s25tMmRjpzGuD6+5o0x+nX3yk8t711vKcuYx0irwi3sn4w9bKXamPOZH/5sCNz1Q7Qgz9BWOPYXMpnYytDcps7ACAqpKu3etzBvMQo+TZzivr+yZhePhUWovE1HpPVTBqEf3D+ekHZ5ZdQ6Y4W3/16WdDYCq9eCdZvsPOAFi9Sl/lf74LuzEqD1pPHg7avh7+fNJN2r0KoyozuvDSIwW8Kwo1uSav0XCHvdsFmSUmEXjwb4M2Bue6XDWCrVa8FiRpS1F/uvLgdWsZIkBJCX6vy6zPkFMJoKG9IdT4KYCn1KW3ifwTs= nathan@nixos" #condoserver + + ]; + }; + + system.stateVersion = "20.03"; + }) + ]; + }; }; } diff --git a/vps_flake/vps_activate_flake.sh b/vps_activate_flake.sh similarity index 100% rename from vps_flake/vps_activate_flake.sh rename to vps_activate_flake.sh diff --git a/vps_flake/flake.lock b/vps_flake/flake.lock deleted file mode 100644 index a6b158b..0000000 --- a/vps_flake/flake.lock +++ /dev/null @@ -1,76 +0,0 @@ -{ - "nodes": { - "home-manager": { - "inputs": { - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1676367705, - "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", - "type": "github" - }, - "original": { - "id": "home-manager", - "type": "indirect" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1675115703, - "narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1673410828, - "narHash": "sha256-xAggTjXt7iqOe4lNRtq+B31cjxchvJOr9zIJJ4JmfY8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9852294f15c380cd61fd441538982426f8ee8ccc", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "master", - "type": "indirect" - } - }, - "root": { - "inputs": { - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" - } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/vps_flake/flake.nix b/vps_flake/flake.nix deleted file mode 100644 index be13624..0000000 --- a/vps_flake/flake.nix +++ /dev/null @@ -1,401 +0,0 @@ -{ - description = "System config"; - - inputs = { - nixpkgs.url = "nixpkgs/master"; - }; - - outputs = { self, nixpkgs, home-manager }@attrs: - let - system = "x86_64-linux"; - in { - nixosConfigurations.vps = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = [ - ({config, pkgs, lib, ... }: { - # HARDWARE - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc"; - fsType = "ext4"; - }; - nix.maxJobs = lib.mkDefault 1; - # END HARDWARE - - nix.gc.automatic = true; - imports = [ ]; - - nixpkgs.overlays = [ ( self: super: { - mautrix-telegram = super.mautrix-telegram.overrideAttrs (old: { - #src = pkgs.fetchFromGitHub { - # owner = "tulir"; - # repo = old.pname; - # #rev = "v${version}"; - # # Literal next commit to fix double-puppeting 2 typing 2 furious - # rev = "eca1032d1660099216e71a7e0b24d35bb4833d74"; - # sha256 = "1vpdgi1szhlccni1d87bbcsi2p08ifs1s2iinimkc7d8ldqv1p52"; - #}; - propagatedBuildInputs = old.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [ - #asyncpg - python-olm pycryptodome unpaddedbase64 - ]); - }); - }) ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only - - swapDevices = [{ - device = "/var/swapfile"; - size = 4096; - }]; - - networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; - # WireGuard - networking.nat.enable = true; - networking.nat.externalInterface = "ens3"; - networking.nat.internalInterfaces = ["wg0"]; - networking.firewall = { - #allowedTCPPorts = [ 22 80 443 3478 3479 ]; - #allowedUDPPorts = [ 22 80 443 5349 5350 51820 ]; - allowedTCPPorts = [ 22 80 443 ]; - allowedUDPPorts = [ 22 80 443 51820 ]; - extraCommands = '' - iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE - ''; - }; - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - privateKeyFile = "/home/nathan/wireguard-keys/private"; - peers = [ - { - publicKey = "FqJShA/dz8Jj73tSyjzcsyASOEv6uAFs6e/vRol8ygc="; - allowedIPs = [ "10.100.0.2/32" ]; - } - { - publicKey = "aAgay9pn/3Vj1nHC4GFY2vysW12n5VFyuUcB5+0pux8="; - allowedIPs = [ "10.100.0.3/32" ]; - } - { - publicKey = "u55Jkd4dRdBqnhliIP9lwsxIYow2Tr8BhPPhKFtaVAc="; - allowedIPs = [ "10.100.0.4/32" ]; - } - { - publicKey = "J/BWU33DYMkoWOKSZWrtAqWciep03YuicaDMD5MCqWg="; - allowedIPs = [ "10.100.0.5/32" ]; - } - { - publicKey = "y2gAEhg1vwK1+nka2Knu7NyOk8HaaY4w18nD6EMyLSk="; - allowedIPs = [ "10.100.0.6/32" ]; - } - { - publicKey = "SoaYh1mb6DYd6TuOEFl4lRCZUBTPQfOnWHIOmtkgxxM="; - allowedIPs = [ "10.100.0.7/32" ]; - } - ]; - }; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.kbdInteractiveAuthentication = false; - services.openssh.permitRootLogin = "prohibit-password"; - - services.mastodon = { - enable = true; - localDomain = "mastodon.room409.xyz"; - configureNginx = true; - smtp.fromAddress = "notifications@mastodon.room409.xyz"; - }; - - services.mautrix-telegram = { - enable = true; - settings = { - homeserver = { - address = "https://synapse.room409.xyz"; - domain = "synapse.room409.xyz"; - }; - bridge.permissions = { - "synapse.room409.xyz" = "full"; - "@miloignis:synapse.room409.xyz" = "admin"; - }; - bridge.encryption = { - allow = true; - require_verification = false; - }; - }; - environmentFile = /var/lib/mautrix-telegram/secrets; - }; - - #services.bookbot = { - # enable = true; - # port = 8888; - #}; - - services.matrix-synapse = { - enable = true; - - settings = { - server_name = "synapse.room409.xyz"; - public_baseurl = "https://synapse.room409.xyz/"; - - enable_registration = false; - #registration_shared_secret = null; - database.name = "psycopg2"; - url_preview_enabled = true; - report_stats = true; - max_upload_size = "100M"; - - listeners = [ - { - port = 8008; - tls = false; - resources = [ - { - compress = true; - names = ["client" "federation"]; - } - ]; - } - ]; - app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/facebook-registration.yaml" - ]; - }; - }; - - services.gitea = { - enable = true; - disableRegistration = true; - appName = "Room409.xyz Forge"; - domain = "forge.room409.xyz"; - rootUrl = "https://forge.room409.xyz/"; - httpPort = 3001; - }; - - services.postgresql = { - enable = true; - # postgresql user and db name in the service.matrix-synapse.databse_args setting is default - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - security.acme.email = "miloignis@gmail.com"; - security.acme.acceptTerms = true; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts."forge.room409.xyz" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - - virtualHosts."synapse.room409.xyz" = { - forceSSL = true; - enableACME = true; - locations."/.well-known/matrix/server".extraConfig = '' - add_header Content-Type application/json; - return 200 '{ "m.server": "synapse.room409.xyz:443" }'; - ''; - locations."/.well-known/matrix/client".extraConfig = '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '{ "m.homeserver": {"base_url": "https://synapse.room409.xyz"}, "m.identity_server": { "base_url": "https://vector.im"} }'; - ''; - locations."/".proxyPass = "http://localhost:8008"; - locations."/".extraConfig = '' - client_max_body_size 100M; - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - - virtualHosts."element-synapse.room409.xyz" = { - forceSSL = true; - enableACME = true; - root = pkgs.element-web.override { - conf = { - default_server_name = "synapse.room409.xyz"; - default_server_config = ""; - }; - }; - }; - - virtualHosts."kraken-lang.org" = { - forceSSL = true; - enableACME = true; - root = "/var/www/kraken-lang.org"; - locations."/k_prime.wasm".extraConfig = '' - default_type application/wasm; - ''; - }; - virtualHosts."faint.room409.xyz" = { - forceSSL = true; - enableACME = true; - root = "/var/www/faint.room409.xyz"; - }; - #virtualHosts."www.kraken-lang.org" = { - # forceSSL = true; - # enableACME = true; - # root = "/var/www/kraken-lang.org"; - # locations."/k_prime.wasm".extraConfig = '' - # default_type application/wasm; - # ''; - #}; - virtualHosts."room409.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = pkgs.writeTextDir "index.html" '' - - - - room409.xyz - - - -

So Mean and Clean

- It's like a hacker wrote it -

- Keyboard Cowpeople Team: Serif, a cross platform Matrix client -

- MiloIgnis: Kraken Programming Language - - - ''; - }; - #locations."/bookclub/".proxyPass = "http://localhost:8888/room/!xSMgeFJYbuYTOGAGga:synapse.room409.xyz/"; - }; - - virtualHosts."miloignis.room409.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = pkgs.writeTextDir "index.html" '' - - - - MiloIgnis's Website - - - -

MiloIgnis's Website

-

- Hello! I'm MiloIgnis, a part-time PhD student studing programming languages and compilers. - My current project is making a functional language based on Vau-calculus (inspired by John Shutt's work) practial via partial evlauation and some clever compilation techniques. - That project, Kraken, is here. - -
    -
  1. Matrix - @miloignis:synapse.room409.xyz
    2. -
  2. Mastodon - @miloignis
    3. -
-

- - - ''; - }; - }; - - virtualHosts."internet-list.room409.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = pkgs.writeTextDir "index.html" '' - - - - room409.xyz - - - -

A list of colors on the internet

-
    -
  1. Blue
    2. -
  2. Chilladelphia
    3. -
  3. Kenny
    4. -
- - - ''; - }; - }; - - #virtualHosts."4800H.room409.xyz" = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://10.100.0.7:80"; - #}; - }; - - services.journald.extraConfig = "SystemMaxUse=50M"; - - environment.systemPackages = with pkgs; [ - htop tmux git vim wget unzip file - iftop ripgrep - #wireguard - ]; - users.extraUsers.nathan = { - name = "nathan"; - isNormalUser = true; - group = "users"; - extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "networkmanager" "plugdev"]; - createHome = true; - home = "/home/nathan"; - shell = "/run/current-system/sw/bin/bash"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjyWh/SPOgx+yOgrc8g8+7PR0+CWMrWZ4PaWcmgDzfUGAWyj2FHBNG2gLvIKn4+TAwvbEPp+7YXxlmiYltUWNlEXEzryhrhYiqeun9uApT+fgzxF278/VeS+NErX4S2WGwhUdybk6MSs0cpUVp+TNiZFUH+ltTcLai3aLaMaL13Z024DzjpD4jRVG4PErHTe/6dTfdmg6AS7gB0b+LTjFzdYSdeYsHxqcig+d+34vQkNmV2dIvLpNkbpzyfUyE3g1gpYTgRKgY4mZqd6QUKOyIH0SDqPUDrmK6e1LK2yTYe1jP39G2JhAMOrSm8jEFm7RLxHXJ862EqD8gFV2aCQ2HUFlFpx7t02Tgvw80grQRoJKJyYtElO6CAr+oFnhxWnYgUsoYmGLSp5Nv1wV9WHkprWnGyuj/CGM8D3gwFSL672IYQOGTwQElcclRZ/uMlNjtyw6ky4VV22gDZag1hMfZhWf/nmMNql8dCoqY7K36XAAEDXjiS5J9EZe7AexLV68= nathan@nixos_4800H" # laptop - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmGhDNdwDXulhJ8MGehlfLQZ8Qzxv2K4vXqyvJWSkMj5XzCRcylKME0qdfiA+G0SeozCY2Qhd2xiPsaL3PaZX7HD1fiesO0jofl9Ph+VIbwwP2LT7kYYSoUXSdj3uPBdZD8BhSZsMHIPVQfzj5JkvE1W9AQik+d5o7RPO8srpo8JHRpH0lgJbuiLWkpLX2sD2hjlI5uMhMekGnI0UA3ie3x9Xnh3J019X0K3Efxm8X31k60j9J0bgGLhxYwu42+kiJKabdpk5tFsqLvDRbzPUGSm+5ZiWMX5ILDbr+/Aczzb2ek5rzsEB2s48BmxBtJnXfjnQtBo6URuJYzVSI9V6vEgUnueGPY/DN1oeRZqTcqujIADh3ZMcdKg1cfdvNYoSk2FcFz0rZXTLjkwOAK2HMRZFXK5ijX7tpnb5GXsiDa0uoWhJVByzrnlqZ65LuHdLFPbe+A/N+T3wzykIkG2hNv8mRJi7/pWjNy2O2iKsSSSabN5xjxI7aFzyUQK+23UF2wzLc1+f4qMcB5HoHhktOV1QRM4RKtvYhdkAG0O/C5Wu0BItrjQbAoqSa29QLlBpHCIlY4Vr8S4kNXf8mm8gRrKATHNZBTUAVNMDYFcd9n4hyK8ERGodaXFDP7m/r+yZaHLcpQQ46sYjq2nbkP1yYaCbmVoEEUpKRtP2UDc91w== miloignis@gmail.com" # desktop - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSG8Mi192YYB1PSmRUQGT0WxMuG8f3HKmdC6Y/NTKlRZDMeyV81cxmJpMjpKszc0P5e0j6F4Q1y9R0GybRPVFFgA5I5ETReWcJ1pe8Bs/BxZpxcl/fESUl2YOoEWxGzwha7CAIAlgMFTljj9osYTx+b8j+6MFhlsRnUCaxngRle2JeSmkCFYMlkKjynTHME4OjfRb3xR1VmB489s25tMmRjpzGuD6+5o0x+nX3yk8t711vKcuYx0irwi3sn4w9bKXamPOZH/5sCNz1Q7Qgz9BWOPYXMpnYytDcps7ACAqpKu3etzBvMQo+TZzivr+yZhePhUWovE1HpPVTBqEf3D+ekHZ5ZdQ6Y4W3/16WdDYCq9eCdZvsPOAFi9Sl/lf74LuzEqD1pPHg7avh7+fNJN2r0KoyozuvDSIwW8Kwo1uSav0XCHvdsFmSUmEXjwb4M2Bue6XDWCrVa8FiRpS1F/uvLgdWsZIkBJCX6vy6zPkFMJoKG9IdT4KYCn1KW3ifwTs= nathan@nixos" #condoserver - - ]; - }; - - system.stateVersion = "20.03"; - }) - ]; - }; - }; -}