LiteNet/Litenet-Nix-Infra
3
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Nixfmt, unvendor Rory user

Browse source
This commit is contained in:
Rory& 2024-07-19 06:16:51 +02:00
parent 42c65b27b5
commit 0d980840a4
21 changed files with 554 additions and 2468 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
flake.lock
View file

Binary file not shown.

49
flake.nix
View file

@ -1,30 +1,45 @@
{ {
description = "Chris' services flake"; description = "LiteNet services flake";
inputs = { inputs = {
nixpkgs = { nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable"; url = "github:NixOS/nixpkgs/nixos-unstable";
#url="path:/Rory-Open-Architecture/nixpkgs"; #url="path:/Rory-Open-Architecture/nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
}; };
};
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
nixosConfigurations = {
matrix = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./host/matrix/configuration.nix
./hardware-configuration.nix
home-manager.nixosModules.home-manager
];
specialArgs = {
inherit home-manager;
};
};
Rory-Open-Architecture = {
url = "git+https://cgit.rory.gay/Rory-Open-Architecture.git";
flake = false;
}; };
}; };
outputs =
inputs: with inputs; {
nixosConfigurations = {
matrix = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./host/matrix/configuration.nix
./hardware-configuration.nix
home-manager.nixosModules.home-manager
# Rory&'s user
(
{ config, ... }:
{
programs.dconf.enable = true;
}
) # Fix for home-manager failing to deploy
(Rory-Open-Architecture + "/modules/users/Rory.nix")
];
specialArgs = {
inherit home-manager;
};
};
};
};
} }

32
host/matrix/configuration.nix
View file

@ -1,22 +1,30 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = imports = [
[ ../../modules/base-server.nix
../../modules/base-server.nix
./services/postgres.nix ./services/postgres.nix
./services/matrix/root.nix ./services/matrix/root.nix
./services/nginx/nginx.nix ./services/nginx/nginx.nix
]; ];
networking = { networking = {
hostName = "matrix"; hostName = "matrix";
interfaces.ens18.ipv4.addresses = [ { interfaces.ens18.ipv4.addresses = [
address = "10.10.0.3"; {
prefixLength = 8; address = "10.10.0.3";
} ]; prefixLength = 8;
}
];
defaultGateway.interface = "ens18"; defaultGateway.interface = "ens18";
}; };
hardware.enableAllFirmware = false;
hardware.enableRedistributableFirmware = false;
system.stateVersion = "22.11"; # DO NOT EDIT! system.stateVersion = "22.11"; # DO NOT EDIT!
} }

8
host/matrix/services/matrix/coturn.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
# coturn (WebRTC) # coturn (WebRTC)
@ -50,4 +55,3 @@
#}; #};
} }

16
host/matrix/services/matrix/draupnir.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
# Alicia - doesnt work yet... until in nixpkgs... # Alicia - doesnt work yet... until in nixpkgs...
@ -46,10 +51,9 @@
}; };
}; };
# services.pantalaimon-headless.instances.draupnir = { # services.pantalaimon-headless.instances.draupnir = {
# homeserver = "http://localhost:8008"; # homeserver = "http://localhost:8008";
# ssl = false; # ssl = false;
# }; # };
} }

19
host/matrix/services/matrix/root.nix
View file

@ -1,11 +1,16 @@
{ config, pkgs, lib, botcore-v4, ... }: {
config,
pkgs,
lib,
botcore-v4,
...
}:
{ {
imports = imports = [
[ ./synapse.nix
./synapse.nix # ./coturn.nix
# ./coturn.nix # ./draupnir.nix
# ./draupnir.nix ];
];
} }

218
host/matrix/services/matrix/synapse.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
services.matrix-synapse = { services.matrix-synapse = {
@ -11,7 +16,6 @@
settings = { settings = {
server_name = "litenet.tel"; server_name = "litenet.tel";
enable_registration = true; enable_registration = true;
registration_requires_token = true; registration_requires_token = true;
@ -28,22 +32,22 @@
max_long_retry_delay = "30s"; max_long_retry_delay = "30s";
}; };
# event_cache_size = "1200K"; #defaults to 10K # event_cache_size = "1200K"; #defaults to 10K
# caches = { # caches = {
# global_factor = 5000.0; # global_factor = 5000.0;
# cache_entry_ttl = "12h"; # cache_entry_ttl = "12h";
# expire_caches = true; # expire_caches = true;
# sync_response_cache_duration = "6h"; # sync_response_cache_duration = "6h";
# cache_autotuning = { # cache_autotuning = {
# max_cache_memory_usage = "65536M"; # max_cache_memory_usage = "65536M";
# target_cache_memory_usage = "32768M"; # target_cache_memory_usage = "32768M";
# min_cache_ttl = "6h"; # min_cache_ttl = "6h";
# }; # };
# }; # };
# Alicia - figure this out later... # Alicia - figure this out later...
#registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
# registration_shared_secret_path = "/mnt/synapse-media/registration_shared_secret.txt"; # registration_shared_secret_path = "/mnt/synapse-media/registration_shared_secret.txt";
registration_shared_secret = "fuck"; registration_shared_secret = "fuck";
listeners = [ listeners = [
@ -53,10 +57,15 @@
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ { resources = [
names = [ "client" "federation" ]; {
compress = true; names = [
} ]; "client"
"federation"
];
compress = true;
}
];
} }
]; ];
dynamic_thumbnails = true; dynamic_thumbnails = true;
@ -81,63 +90,63 @@
}; };
app_service_config_files = [ app_service_config_files = [
#"/etc/matrix-synapse/appservice-registration.yaml" #"/etc/matrix-synapse/appservice-registration.yaml"
# "/var/lib/matrix-synapse/modas-registration.yaml" # "/var/lib/matrix-synapse/modas-registration.yaml"
]; ];
# rc_message = { # rc_message = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# rc_login = { # rc_login = {
# address = { # address = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# account = { # account = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# failed_attempts = { # failed_attempts = {
# per_second = 0.1; # per_second = 0.1;
# burst_count = 3; # burst_count = 3;
# }; # };
# }; # };
# rc_joins = { # rc_joins = {
# local = { # local = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# remote = { # remote = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# }; # };
# rc_joins_per_room = { # rc_joins_per_room = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# rc_invites = { # rc_invites = {
# per_room = { # per_room = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# per_user = { # per_user = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# per_issuer = { # per_issuer = {
# per_second = 1000; # per_second = 1000;
# burst_count = 1000; # burst_count = 1000;
# }; # };
# }; # };
# rc_federation = { # rc_federation = {
# window_size = 10; # window_size = 10;
# sleep_limit = 1000; # sleep_limit = 1000;
# sleep_delay = 100; # sleep_delay = 100;
# reject_limit = 1000; # reject_limit = 1000;
# concurrent = 100; # concurrent = 100;
# }; # };
# federation_rr_transactions_per_room_per_second = 1; # federation_rr_transactions_per_room_per_second = 1;
max_image_pixels = "100M"; max_image_pixels = "100M";
@ -175,42 +184,41 @@
plugins = with pkgs.matrix-synapse-plugins; [ plugins = with pkgs.matrix-synapse-plugins; [
# Alicia - need to port draupnir... # Alicia - need to port draupnir...
#matrix-synapse-mjolnir-antispam #matrix-synapse-mjolnir-antispam
# matrix-synapse-pam # matrix-synapse-pam
]; ];
# extraConfigFiles = [ # extraConfigFiles = [
# (pkgs.writeTextFile { # (pkgs.writeTextFile {
# name = "matrix-synapse-extra-config.yml"; # name = "matrix-synapse-extra-config.yml";
# text = '' # text = ''
# modules: # modules:
# - module: "pam_auth_provider.PAMAuthProvider" # - module: "pam_auth_provider.PAMAuthProvider"
# config: # config:
# create_users: true # create_users: true
# skip_user_check: false # skip_user_check: false
# ''; # '';
# }) # })
# ]; # ];
}; };
systemd.services.matrix-synapse-reg-token = { systemd.services.matrix-synapse-reg-token = {
description = "Random registration token for Synapse."; description = "Random registration token for Synapse.";
before = ["matrix-synapse.service"]; # So the registration can be used by Synapse before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
after = ["network.target"]; after = [ "network.target" ];
script = '' script = ''
if [ ! -f "registration_shared_secret.txt" ] if [ ! -f "registration_shared_secret.txt" ]
then then
cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
else else
echo Not generating key, key exists; echo Not generating key, key exists;
fi''; fi'';
serviceConfig = { serviceConfig = {
User = "matrix-synapse"; User = "matrix-synapse";
Group = "matrix-synapse"; Group = "matrix-synapse";
WorkingDirectory = "/mnt/synapse-media/"; WorkingDirectory = "/mnt/synapse-media/";
};
}; };
};
} }

38
host/matrix/services/nginx/litenet.tel/matrix.nix
View file

@ -26,34 +26,34 @@
locations."= /.well-known/matrix/server".extraConfig = '' locations."= /.well-known/matrix/server".extraConfig = ''
more_set_headers 'Content-Type application/json'; more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *'; more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON { return 200 '${builtins.toJSON { "m.server" = "matrix.litenet.tel:443"; }}';
"m.server" = "matrix.litenet.tel:443";
}}';
''; '';
locations."= /.well-known/matrix/client".extraConfig = '' locations."= /.well-known/matrix/client".extraConfig = ''
more_set_headers 'Content-Type application/json'; more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *'; more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON { return 200 '${
"m.homeserver".base_url = "https://matrix.litenet.tel"; builtins.toJSON {
"m.identity_server".base_url = "https://matrix.litenet.tel"; "m.homeserver".base_url = "https://matrix.litenet.tel";
} "m.identity_server".base_url = "https://matrix.litenet.tel";
}
}'; }';
''; '';
locations."= /.well-known/matrix/support".extraConfig = '' locations."= /.well-known/matrix/support".extraConfig = ''
more_set_headers 'Content-Type application/json'; more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *'; more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON { return 200 '${
admins = [ builtins.toJSON {
{ admins = [
matrix_id = "@emma:rory.gay"; {
role = "admin"; matrix_id = "@emma:rory.gay";
} role = "admin";
{ }
matrix_id = "@chris:litenet.tel"; {
role = "admin"; matrix_id = "@chris:litenet.tel";
} role = "admin";
]; }
} ];
}
}'; }';
''; '';
} }

429
host/matrix/services/nginx/localhost/matrix.nix
View file

@ -22,227 +22,227 @@
# ''; # '';
# }; # };
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
locations."~ ^/_matrix/client/(r0|v3)/sync$" = { locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
extraConfig = '' extraConfig = ''
proxy_read_timeout 3600; proxy_read_timeout 3600;
proxy_connect_timeout 3600; proxy_connect_timeout 3600;
proxy_send_timeout 3600; proxy_send_timeout 3600;
''; '';
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/versions$" = { locations."~ ^/_matrix/client/versions$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
}; };
# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
}; };
# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
}; };
# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
}; };
# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
}; };
### DUPLICATES???? ### DUPLICATES????
# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
proxyPass = "http://user_dir_workers_upstream$request_uri"; proxyPass = "http://user_dir_workers_upstream$request_uri";
}; };
# ??? # ???
locations."/" = { locations."/" = {
#resolver 127.0.0.11 valid=5s; #resolver 127.0.0.11 valid=5s;
#set $backend "matrix-synapse:8008"; #set $backend "matrix-synapse:8008";
#proxyPass = "http://$backend"; #proxyPass = "http://$backend";
proxyPass = "http://127.0.0.1:8008"; proxyPass = "http://127.0.0.1:8008";
}; };
locations."~ ^/_matrix/federation/v1/event/" = { locations."~ ^/_matrix/federation/v1/event/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/state/" = { locations."~ ^/_matrix/federation/v1/state/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/state_ids/" = { locations."~ ^/_matrix/federation/v1/state_ids/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/backfill/" = { locations."~ ^/_matrix/federation/v1/backfill/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/get_missing_events/" = { locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/publicRooms" = { locations."~ ^/_matrix/federation/v1/publicRooms" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/query/" = { locations."~ ^/_matrix/federation/v1/query/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/make_join/" = { locations."~ ^/_matrix/federation/v1/make_join/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/make_leave/" = { locations."~ ^/_matrix/federation/v1/make_leave/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/event_auth/" = { locations."~ ^/_matrix/federation/v1/event_auth/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/user/devices/" = { locations."~ ^/_matrix/federation/v1/user/devices/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/key/v2/query" = { locations."~ ^/_matrix/key/v2/query" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/hierarchy/" = { locations."~ ^/_matrix/federation/v1/hierarchy/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
locations."~ ^/_matrix/federation/v1/send/" = { locations."~ ^/_matrix/federation/v1/send/" = {
proxyPass = "http://generic_workers_upstream$request_uri"; proxyPass = "http://generic_workers_upstream$request_uri";
}; };
##### media repo ##### media repo
@ -269,12 +269,11 @@
proxyPass = "http://media_repository_workers_upstream$request_uri"; proxyPass = "http://media_repository_workers_upstream$request_uri";
}; };
#locations."/" = { #locations."/" = {
#resolver 127.0.0.11 valid=5s; #resolver 127.0.0.11 valid=5s;
#set $backend "matrix-synapse:8048"; #set $backend "matrix-synapse:8048";
#proxyPass = "http://$backend"; #proxyPass = "http://$backend";
#}; #};
locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
} }

29
host/matrix/services/nginx/nginx.nix
View file

@ -1,10 +1,15 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
package = pkgs.nginxQuic; #package = pkgs.nginxMainline;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedZstdSettings = true; recommendedZstdSettings = true;
@ -14,19 +19,17 @@
defaultMimeTypes = ../../../../modules/packages/nginx/mime.types; defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
appendConfig = '' appendConfig = ''
worker_processes 16; worker_processes 16;
''; '';
eventsConfig = '' eventsConfig = ''
#use kqueue; #use kqueue;
worker_connections 512; worker_connections 512;
''; '';
appendHttpConfig = '' appendHttpConfig = ''
#sendfile on; #sendfile on;
disable_symlinks off; disable_symlinks off;
''; '';
upstreams = import ./matrix-upstreams.nix; upstreams = import ./matrix-upstreams.nix;
additionalModules = with pkgs.nginxModules; [ additionalModules = with pkgs.nginxModules; [ moreheaders ];
moreheaders
];
virtualHosts = { virtualHosts = {
#matrix... #matrix...
"matrix.litenet.tel" = import ./litenet.tel/matrix.nix; "matrix.litenet.tel" = import ./litenet.tel/matrix.nix;
@ -35,14 +38,6 @@
}; };
}; };
systemd.services.nginx.serviceConfig = { systemd.services.nginx.serviceConfig = {
LimitNOFILE=5000000; LimitNOFILE = 5000000;
}; };
# systemd.services.nginx.requires = [ "data.mount" ];
# security.acme.acceptTerms = true;
# security.acme.defaults.email = "root@thearcanebrony.net";
# environment.systemPackages = with pkgs; [
#gitfs
# ];
} }

94
host/matrix/services/postgres.nix
View file

@ -1,7 +1,12 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ]; systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -26,58 +31,57 @@
max_connections = 250; max_connections = 250;
superuser_reserved_connections = 3; superuser_reserved_connections = 3;
# shared_buffers = "32565MB"; # shared_buffers = "32565MB";
# work_mem = "512MB"; # work_mem = "512MB";
# maintenance_work_mem = "1024MB"; # maintenance_work_mem = "1024MB";
# huge_pages = "try"; # huge_pages = "try";
# effective_cache_size = "60GB"; #was 22 # effective_cache_size = "60GB"; #was 22
# effective_io_concurrency = "8"; # effective_io_concurrency = "8";
# random_page_cost = 4; # random_page_cost = 4;
# can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10; # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
# shared_preload_libraries = "pg_stat_statements"; # shared_preload_libraries = "pg_stat_statements";
# track_io_timing = "on"; # track_io_timing = "on";
# track_functions = "pl"; # track_functions = "pl";
# "pg_stat_statements.max" = "10000"; # additional # "pg_stat_statements.max" = "10000"; # additional
# "pg_stat_statements.track" = "all"; # additional # "pg_stat_statements.track" = "all"; # additional
# wal_level = "replica"; # wal_level = "replica";
# max_wal_senders = 0; # max_wal_senders = 0;
# synchronous_commit = "off"; #was on # synchronous_commit = "off"; #was on
# checkpoint_timeout = "15min"; # checkpoint_timeout = "15min";
# checkpoint_completion_target = "0.9"; # checkpoint_completion_target = "0.9";
# max_wal_size = "1GB"; # max_wal_size = "1GB";
# min_wal_size = "512MB"; # min_wal_size = "512MB";
# #
# wal_compression = "on"; # wal_compression = "on";
# wal_buffers = "-1"; # wal_buffers = "-1";
# wal_writer_delay = "200ms"; # wal_writer_delay = "200ms";
# wal_writer_flush_after = "1MB"; # wal_writer_flush_after = "1MB";
# #checkpoint_segments = "64"; # additional # #checkpoint_segments = "64"; # additional
# default_statistics_target = "250"; # additional # default_statistics_target = "250"; # additional
# bgwriter_delay = "200ms"; # bgwriter_delay = "200ms";
# bgwriter_lru_maxpages = "100"; # bgwriter_lru_maxpages = "100";
# bgwriter_lru_multiplier = "2.0"; # bgwriter_lru_multiplier = "2.0";
# bgwriter_flush_after = "0"; # bgwriter_flush_after = "0";
# max_worker_processes = "32"; #was 14 # max_worker_processes = "32"; #was 14
# max_parallel_workers_per_gather = "16"; #was 7 # max_parallel_workers_per_gather = "16"; #was 7
# max_parallel_maintenance_workers = "16"; #was 7 # max_parallel_maintenance_workers = "16"; #was 7
# max_parallel_workers = "32"; #was 14 # max_parallel_workers = "32"; #was 14
# parallel_leader_participation = "on"; # parallel_leader_participation = "on";
# enable_partitionwise_join = "on"; # enable_partitionwise_join = "on";
# enable_partitionwise_aggregate = "on"; # enable_partitionwise_aggregate = "on";
# jit = "on"; # jit = "on";
# max_slot_wal_keep_size = "1GB"; # max_slot_wal_keep_size = "1GB";
# track_wal_io_timing = "on"; # track_wal_io_timing = "on";
# maintenance_io_concurrency = "4"; # maintenance_io_concurrency = "4";
# wal_recycle = "on"; # wal_recycle = "on";
}; };
}; };
} }

51
modules/base-server.nix
View file

@ -1,40 +1,33 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = imports = [
[ ./base.nix
./base.nix ./users/chris.nix
./users/chris.nix ];
];
documentation.nixos.enable = false; documentation.nixos.enable = false;
documentation.enable = false; documentation.enable = false;
documentation.info.enable = false; documentation.info.enable = false;
documentation.man.enable = false; documentation.man.enable = false;
environment.variables.BROWSER = "echo"; environment.variables.BROWSER = "echo";
nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.trusted-users = [
"root"
"@wheel"
];
time.timeZone = lib.mkDefault "UTC"; time.timeZone = lib.mkDefault "UTC";
systemd = { systemd = {
# Given that our systems are headless, emergency mode is useless.
# We prefer the system to attempt to continue booting so
# that we can hopefully still access it remotely.
enableEmergencyMode = false; enableEmergencyMode = false;
# For more detail, see:
# https://0pointer.de/blog/projects/watchdog.html
watchdog = { watchdog = {
# systemd will send a signal to the hardware watchdog at half
# the interval defined here, so every 10s.
# If the hardware watchdog does not get a signal for 20s,
# it will forcefully reboot the system.
runtimeTime = "20s"; runtimeTime = "20s";
# Forcefully reboot if the final stage of the reboot
# hangs without progress for more than 30s.
# For more info, see:
# https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
rebootTime = "30s"; rebootTime = "30s";
}; };
@ -46,8 +39,8 @@
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false; systemd.network.wait-online.enable = false;
# systemd.services.systemd-networkd.stopIfChanged = false; # systemd.services.systemd-networkd.stopIfChanged = false;
# systemd.services.systemd-resolved.stopIfChanged = false; # systemd.services.systemd-resolved.stopIfChanged = false;
nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000); nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000); nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
@ -82,8 +75,15 @@
}; };
useDHCP = false; useDHCP = false;
# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; # nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
nameservers = [ "10.0.0.1" "10.5.0.1" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; nameservers = [
"10.0.0.1"
"10.5.0.1"
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.4.4.8"
];
defaultGateway = "10.0.0.1"; defaultGateway = "10.0.0.1";
}; };
@ -91,4 +91,3 @@
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
} }

30
modules/base.nix
View file

@ -1,11 +1,12 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = imports = [ ./packages/vim.nix ];
[
./packages/vim.nix
./users/Rory.nix
];
boot = { boot = {
initrd.systemd.enable = true; initrd.systemd.enable = true;
@ -60,7 +61,12 @@
# allowedTCPPorts = [ ... ]; # allowedTCPPorts = [ ... ];
# allowedUDPPorts = [ ... ]; # allowedUDPPorts = [ ... ];
}; };
nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; nameservers = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.4.4.8"
];
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -71,7 +77,7 @@
#allow more logins in cases where i have many ssh keys on a system #allow more logins in cases where i have many ssh keys on a system
extraConfig = '' extraConfig = ''
MaxAuthTries 32 MaxAuthTries 32
''; '';
}; };
resolved = { resolved = {
enable = true; enable = true;
@ -84,7 +90,7 @@
sleep.extraConfig = '' sleep.extraConfig = ''
AllowSuspend=no AllowSuspend=no
AllowHibernation=no AllowHibernation=no
''; '';
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -114,7 +120,6 @@
unzip unzip
brotli brotli
# - zsh # - zsh
zsh zsh
zsh-powerlevel10k zsh-powerlevel10k
@ -129,7 +134,10 @@
''; '';
nix = { nix = {
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = [ "@wheel" ]; trusted-users = [ "@wheel" ];
}; };

16
modules/packages/vim.nix
View file

@ -1,14 +1,20 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.variables = { EDITOR = "vim"; }; environment.variables = {
EDITOR = "vim";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(neovim.override { (neovim.override {
vimAlias = true; vimAlias = true;
configure = { configure = {
packages.myPlugins = with pkgs.vimPlugins; { packages.myPlugins = with pkgs.vimPlugins; {
start = [ vim-lastplace vim-nix vim-airline ]; start = [
opt = []; vim-lastplace
vim-nix
vim-airline
];
opt = [ ];
}; };
customRC = '' customRC = ''
" your custom vimrc " your custom vimrc
@ -17,6 +23,6 @@
" ... " ...
''; '';
}; };
} })
)]; ];
} }

53
modules/users/Rory.client.nix
View file

@ -1,53 +0,0 @@
{ config, lib, pkgs, home-manager, ... }:
{
programs = {
ssh = {
startAgent = true;
setXAuthLocation = true;
enableAskPassword = true;
};
};
home-manager.users.Rory = {
services.gnome-keyring.enable = lib.mkForce false;
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
# keepassxc, maybe?
systemd.user.services.keepassxc = {
Unit = {
Description = "KeePassXC password manager";
#After = [ "graphical-session-pre.target" ];
PartOf = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
ExecStart = "${pkgs.keepassxc}/bin/keepassxc ~/.secrets.kdbx";
Restart = "always";
};
};
systemd.user.services.easyeffects = {
Unit = {
Description = "EasyEffects";
#After = [ "graphical-session-pre.target" ];
PartOf = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
ExecStart = "${pkgs.easyeffects}/bin/easyeffects";
Restart = "always";
};
};
home.stateVersion = "22.11";
};
}

190
modules/users/Rory.nix
View file

@ -1,190 +0,0 @@
{ config, lib, pkgs, home-manager, ... }:
{
users.users.Rory = {
isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "ocp" ];
packages = with pkgs; [
lnav
age
git
lsd
duf
btop
htop
kitty.terminfo
tmux
jq
dig
# - zsh
zsh
zsh-powerlevel10k
zsh-nix-shell
zsh-you-should-use
zsh-syntax-highlighting
zsh-completions
];
openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPRTuz83dVThuDVXhDz3w3uYBGJ+JPzdZFT6wvhQXQ3 Rory@Rory-wsl" # work laptop
];
useDefaultShell = true;
shell = pkgs.zsh;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
home-manager.users.Rory = {
programs = {
git = {
enable = true;
userName = "Rory&";
userEmail = "root@rory.gay";
extraConfig = {
safe = {
directory = "/";
};
};
};
zsh = {
enable = true;
enableAutosuggestions = true;
enableVteIntegration = true;
autocd = true;
initExtraFirst = ''
export EDITOR=nvim
export SYSTEMD_EDITOR=$EDITOR
export GIT_EDITOR=$EDITOR
export QT_QPA_PLATFORMTHEME=xdgdesktopportal
export GTK_USE_PORTAL=1
export _JAVA_AWT_WM_NONREPARENTING=1
export WINEDEBUG=-all
export DOTPROFILE_LOADED='yes'
export CHOKIDAR_USEPOLLING=true
export MSBUILDLIVELOGGER=auto
export DOTNET_WATCH_SUPPRESS_LAUNCH_BROWSER=1
export DOTNET_CLI_TELEMETRY_OPTOUT=1
function mkkey() {
echo "Making key for $1"
ssh-keygen -t ed25519 -C "$HOST -> $1" -f ~/.ssh/id_ed25519_$1
(
echo "Host $1"
echo " IdentityFile ~/.ssh/id_ed25519_$1"
) >> ~/.ssh/config
echo 'Done! Public key:'
cat ~/.ssh/id_ed25519_$1.pub
}
export DISABLE_AUTO_UPDATE=true
COMPLETION_WAITING_DOTS="true"
'';
initExtra = ''
alias mv='mv -v'
alias pre='npx prettier -w'
alias git-commit='git commit --signoff --sign'
alias npm='NODE_OPTIONS=--openssl-legacy-provider npm'
alias npx='NODE_OPTIONS=--openssl-legacy-provider npx'
alias yarn='NODE_OPTIONS=--openssl-legacy-provider npx -y yarn --use-yarnrc $XDG_CONFIG_HOME/yarn/config'
alias node='NODE_OPTIONS=--openssl-legacy-provider node'
# - dotnet
alias drun='dotnet watch run --no-hot-reload --property WarningLevel=0'
alias dbuild='dotnet watch build --no-hot-reload --property WarningLevel=0'
alias ls='lsd -lA --color=always --icon=always'
alias transfetch='neofetch --kitty ~/trans_witch.jpg'
alias gc='git-commit'
[ -f "$HOME/.profile" ] && . $HOME/.profile
'';
#alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
oh-my-zsh = {
enable = true;
plugins = [
"git"
"sudo"
];
};
plugins = [
{
name = "powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "powerlevel10k-config";
src = lib.cleanSource ./Rory;
file = "p10k.zsh";
}
{
name = "zsh-syntax-highlighting";
src = pkgs.zsh-syntax-highlighting;
file = "share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh";
}
{
name = "zsh-autosuggestions";
src = pkgs.zsh-autosuggestions;
file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
}
];
localVariables = {
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS = [
"os_icon"
"dir"
"vcs"
"prompt_char"
];
POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS = [
"status"
"command_execution_time"
"background_jobs"
"direnv"
"virtualenv"
"pyenv"
"nodeenv"
"context"
"nix_shell"
"vi_mode"
"load"
"disk_usage"
"ram"
];
POWERLEVEL9K_MODE = "nerdfont-complete";
POWERLEVEL9K_ICON_PADDING = "none";
POWERLEVEL9K_PROMPT_ADD_NEWLINE = "false";
POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR = "\uE0B1";
POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR = "\uE0B3";
POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR = "\uE0B0";
POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR = "\uE0B2";
POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL = "\uE0B0";
POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL = "\uE0B2";
POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE = true;
};
};
neovim = {
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
coc = {
enable = true;
};
};
};
programs.neovim.plugins = with pkgs.vimPlugins; [
pkgs.vimPlugins.nvim-tree-lua
{
plugin = pkgs.vimPlugins.vim-startify;
config = "let g:startify_change_to_vcs_root = 0";
}
];
home.stateVersion = "22.11";
};
}

1723
modules/users/Rory/p10k.zsh
View file

File diff suppressed because it is too large Load diff

BIN
modules/users/Rory/wallpaper.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 585 KiB

5
modules/users/chris.nix
View file

@ -10,9 +10,6 @@
nodejs-slim nodejs-slim
]; ];
#initialPassword = "password"; #initialPassword = "password";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI" ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
];
}; };
} }