LiteNet/Litenet-Nix-Infra
3
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Rory& 2024-07-19 03:31:44 +00:00
commit 42c65b27b5
32 changed files with 4257 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored Executable file
View file

@ -0,0 +1 @@
* text=auto eol=lf

6
.gitignore vendored Executable file
View file

@ -0,0 +1,6 @@
hardware-configuration.nix
.vscode/
matrix-user-tokens.txt
nixpkgs/
result
wg/

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "nixpkgs"]
path = nixpkgs
url = https://github.com/TheArcaneBrony/nixpkgs.git

1
README.md Executable file
View file

@ -0,0 +1 @@
`^\s?\n(\s?\n)+` -> `\n`: REPLACE ALL MULTIPLE NEWLINES

27
build.sh Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p git nixos-install-tools nix-output-monitor
if [ $# -ne 2 ]; then
echo "Usage: $0 <root> <config>"
echo "NOTE: hardware config will be generated from root!"
echo "Defined configs:"
cat flake.nix | grep '.lib.nixosSystem' | sed 's/ =.*//' | sed 's/^[ \t]*//;s/[ \t]*$//' | while read cfg; do echo " - $cfg"; done
exit 1
fi
if [ "$1" = "/" ]; then
[ -f "host/${2}/pre-rebuild.sh" ] && host/$2/pre-rebuild.sh
nixos-generate-config --show-hardware-config > hardware-configuration.nix
git add -f hardware-configuration.nix
nom build .#nixosConfigurations.${2}.config.system.build.toplevel && sudo nixos-rebuild switch --flake .#${HOSTNAME} || exit 1
nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all -L || exit 1
[ -f "host/${2}/post-rebuild.sh" ] && host/$2/post-rebuild.sh
git rm --cached hardware-configuration.nix
exit
else
nixos-generate-config --show-hardware-config --root "${1}" > hardware-configuration.nix
git add -f hardware-configuration.nix
nix build .#nixosConfigurations.${2}.config.system.build.toplevel --extra-experimental-features nix-command --extra-experimental-features flakes || exit 1
nixos-install --root "${1}" --flake ".#${2}"
git rm --cached hardware-configuration.nix
cp . "${1}/Rory-Open-Architecture" -r
exit
fi

6
clean-old-generations.sh Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env sh
nix-collect-garbage -d
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
nix-collect-garbage -d
/nix/var/nix/profiles/system/bin/switch-to-configuration boot

BIN
flake.lock Normal file
View file

Binary file not shown.

30
flake.nix Executable file
View file

@ -0,0 +1,30 @@
{
description = "Chris' services flake";
inputs = {
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable";
#url="path:/Rory-Open-Architecture/nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/master";
};
};
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
nixosConfigurations = {
matrix = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./host/matrix/configuration.nix
./hardware-configuration.nix
home-manager.nixosModules.home-manager
];
specialArgs = {
inherit home-manager;
};
};
};
};
}

22
host/matrix/configuration.nix Executable file
View file

@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../../modules/base-server.nix
./services/postgres.nix
./services/matrix/root.nix
./services/nginx/nginx.nix
];
networking = {
hostName = "matrix";
interfaces.ens18.ipv4.addresses = [ {
address = "10.10.0.3";
prefixLength = 8;
} ];
defaultGateway.interface = "ens18";
};
system.stateVersion = "22.11"; # DO NOT EDIT!
}

53
host/matrix/services/matrix/coturn.nix Executable file
View file

@ -0,0 +1,53 @@
{ config, pkgs, lib, ... }:
{
# coturn (WebRTC)
services.coturn = rec {
enable = false; # Alicia - figure out secret first...
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "will be world readable for local users :(";
realm = "turn.example.com";
# Alicia - figure out how to get this to work, since nginx runs on separate machine...
#cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
#pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
'';
};
#services.matrix-synapse = with config.services.coturn; {
# turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
# turn_shared_secret = static-auth-secret;
# turn_user_lifetime = "1h";
#};
}

55
host/matrix/services/matrix/draupnir.nix Executable file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
{
# Alicia - doesnt work yet... until in nixpkgs...
services.draupnir = {
enable = true;
pantalaimon = {
enable = true;
username = "draupnir";
passwordFile = "/etc/draupnir-password";
options = {
homeserver = "http://localhost:8008";
ssl = false;
};
};
settings = {
managementRoom = "#draupnir-mgmt:rory.gay";
verboseLogging = false;
recordIgnoredInvites = true; # Let's log ignored invites, just incase
autojoinOnlyIfManager = true; # Let's not open ourselves up to DoS attacks
automaticallyRedactForReasons = [ "*" ]; # I always want autoredact
fasterMembershipChecks = true;
backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
pollReports = false; # this is a single person homeserver... let's save ourself the work
admin.enableMakeRoomAdminCommand = true;
commands.ban.defaultReasons = [
"spam"
"harassment"
"transphobia"
"scam"
];
protections = {
wordlist = {
words = [
"tranny"
"faggot"
"ywnbaw"
"nigger"
];
minutesBeforeTrusting = 0;
};
};
};
};
# services.pantalaimon-headless.instances.draupnir = {
# homeserver = "http://localhost:8008";
# ssl = false;
# };
}

11
host/matrix/services/matrix/root.nix Executable file
View file

@ -0,0 +1,11 @@
{ config, pkgs, lib, botcore-v4, ... }:
{
imports =
[
./synapse.nix
# ./coturn.nix
# ./draupnir.nix
];
}

216
host/matrix/services/matrix/synapse.nix Executable file
View file

@ -0,0 +1,216 @@
{ config, pkgs, lib, ... }:
{
services.matrix-synapse = {
enable = true;
withJemalloc = true;
dataDir = "/mnt/synapse-media";
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
settings = {
server_name = "litenet.tel";
enable_registration = true;
registration_requires_token = true;
require_membership_for_aliases = false;
redaction_retention_period = null;
user_ips_max_age = null;
allow_device_name_lookup_over_federation = true;
federation = {
client_timeout = "60s";
max_short_retries = 6;
max_short_retry_delay = "10s";
max_long_retries = 5;
max_long_retry_delay = "30s";
};
# event_cache_size = "1200K"; #defaults to 10K
# caches = {
# global_factor = 5000.0;
# cache_entry_ttl = "12h";
# expire_caches = true;
# sync_response_cache_duration = "6h";
# cache_autotuning = {
# max_cache_memory_usage = "65536M";
# target_cache_memory_usage = "32768M";
# min_cache_ttl = "6h";
# };
# };
# Alicia - figure this out later...
#registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
# registration_shared_secret_path = "/mnt/synapse-media/registration_shared_secret.txt";
registration_shared_secret = "fuck";
listeners = [
{
port = 8008;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [ {
names = [ "client" "federation" ];
compress = true;
} ];
}
];
dynamic_thumbnails = true;
presence = {
enable = true;
update_interval = 60;
};
url_preview_enabled = true;
database = {
name = "psycopg2";
args = {
user = "matrix-synapse";
#passwordFile = "/run/secrets/matrix-synapse-password";
password = "somepassword";
database = "matrix-synapse";
host = "127.0.0.1";
application_name = "matrix-synapse (liteniet.tel)";
cp_min = 5;
cp_max = 50;
#cp_reconnect_interval = "True";
};
};
app_service_config_files = [
#"/etc/matrix-synapse/appservice-registration.yaml"
# "/var/lib/matrix-synapse/modas-registration.yaml"
];
# rc_message = {
# per_second = 1000;
# burst_count = 1000;
# };
# rc_login = {
# address = {
# per_second = 1000;
# burst_count = 1000;
# };
# account = {
# per_second = 1000;
# burst_count = 1000;
# };
# failed_attempts = {
# per_second = 0.1;
# burst_count = 3;
# };
# };
# rc_joins = {
# local = {
# per_second = 1000;
# burst_count = 1000;
# };
# remote = {
# per_second = 1000;
# burst_count = 1000;
# };
# };
# rc_joins_per_room = {
# per_second = 1000;
# burst_count = 1000;
# };
# rc_invites = {
# per_room = {
# per_second = 1000;
# burst_count = 1000;
# };
# per_user = {
# per_second = 1000;
# burst_count = 1000;
# };
# per_issuer = {
# per_second = 1000;
# burst_count = 1000;
# };
# };
# rc_federation = {
# window_size = 10;
# sleep_limit = 1000;
# sleep_delay = 100;
# reject_limit = 1000;
# concurrent = 100;
# };
# federation_rr_transactions_per_room_per_second = 1;
max_image_pixels = "100M";
ui_auth = {
session_timeout = "1m";
};
login_via_existing_session = {
enabled = true;
require_ui_auth = true;
token_timeout = "1y";
};
#sentry = {
# dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
#};
report_stats = false;
user_directory = {
enabled = true;
search_all_users = true;
prefer_local_users = true;
};
experimental_features = {
"org.matrix.msc3026.busy_presence" = true;
"fi.mau.msc2815" = true;
"org.matrix.msc3881" = true;
"org.matrix.msc3874" = true;
"org.matrix.msc3912" = true;
};
};
plugins = with pkgs.matrix-synapse-plugins; [
# Alicia - need to port draupnir...
#matrix-synapse-mjolnir-antispam
# matrix-synapse-pam
];
# extraConfigFiles = [
# (pkgs.writeTextFile {
# name = "matrix-synapse-extra-config.yml";
# text = ''
# modules:
# - module: "pam_auth_provider.PAMAuthProvider"
# config:
# create_users: true
# skip_user_check: false
# '';
# })
# ];
};
systemd.services.matrix-synapse-reg-token = {
description = "Random registration token for Synapse.";
before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
wantedBy = ["multi-user.target"];
after = ["network.target"];
script = ''
if [ ! -f "registration_shared_secret.txt" ]
then
cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
else
echo Not generating key, key exists;
fi'';
serviceConfig = {
User = "matrix-synapse";
Group = "matrix-synapse";
WorkingDirectory = "/mnt/synapse-media/";
};
};
}

59
host/matrix/services/nginx/litenet.tel/matrix.nix Executable file
View file

@ -0,0 +1,59 @@
{
enableACME = false;
addSSL = false;
locations."/" = {
#proxyPass = "http://127.0.0.1:9001";
proxyPass = "http://localhost:8008";
extraConfig = ''
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Methods: *';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
#
# Tell client that this pre-flight info is valid for 20 days
#
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain; charset=utf-8';
more_set_headers 'Content-Length: 0';
return 204;
}
'';
};
locations."= /.well-known/matrix/server".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON {
"m.server" = "matrix.litenet.tel:443";
}}';
'';
locations."= /.well-known/matrix/client".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON {
"m.homeserver".base_url = "https://matrix.litenet.tel";
"m.identity_server".base_url = "https://matrix.litenet.tel";
}
}';
'';
locations."= /.well-known/matrix/support".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
return 200 '${builtins.toJSON {
admins = [
{
matrix_id = "@emma:rory.gay";
role = "admin";
}
{
matrix_id = "@chris:litenet.tel";
role = "admin";
}
];
}
}';
'';
}

280
host/matrix/services/nginx/localhost/matrix.nix Normal file
View file

@ -0,0 +1,280 @@
{
enableACME = false;
addSSL = false;
# locations."/_matrix" = {
# proxyPass = "http://192.168.1.5:8008";
# extraConfig = ''
# if ($request_method = 'OPTIONS') {
# more_set_headers 'Access-Control-Allow-Origin: *';
# more_set_headers 'Access-Control-Allow-Methods: *';
# #
# # Custom headers and headers various browsers *should* be OK with but aren't
# #
# more_set_headers 'Access-Control-Allow-Headers: *';
# #
# # Tell client that this pre-flight info is valid for 20 days
# #
# more_set_headers 'Access-Control-Max-Age' 1728000;
# more_set_headers 'Content-Type: text/plain; charset=utf-8';
# more_set_headers 'Content-Length' 0;
# return 204;
# };
# '';
# };
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
extraConfig = ''
proxy_read_timeout 3600;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
'';
};
locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/versions$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
};
# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
};
# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
};
# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
};
locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
};
# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
};
### DUPLICATES????
# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
proxyPass = "http://user_dir_workers_upstream$request_uri";
};
# ???
locations."/" = {
#resolver 127.0.0.11 valid=5s;
#set $backend "matrix-synapse:8008";
#proxyPass = "http://$backend";
proxyPass = "http://127.0.0.1:8008";
};
locations."~ ^/_matrix/federation/v1/event/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/state/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/state_ids/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/backfill/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/publicRooms" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/query/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/make_join/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/make_leave/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/event_auth/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/user/devices/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/key/v2/query" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/hierarchy/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
locations."~ ^/_matrix/federation/v1/send/" = {
proxyPass = "http://generic_workers_upstream$request_uri";
};
##### media repo
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
locations."~ ^/_matrix/media/" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/purge_media_cache$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/media/.*$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
locations."~ ^/_synapse/admin/v1/users/.*/media$" = {
proxyPass = "http://media_repository_workers_upstream$request_uri";
};
#locations."/" = {
#resolver 127.0.0.11 valid=5s;
#set $backend "matrix-synapse:8048";
#proxyPass = "http://$backend";
#};
locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
}

26
host/matrix/services/nginx/matrix-upstreams-workers.nix Normal file
View file

@ -0,0 +1,26 @@
{
generic_workers_upstream.servers = {
"127.0.0.1:18111" = { };
};
stream_writer_typing_stream_workers_upstream.servers = {
"127.0.0.1:20012" = { };
};
stream_writer_to_device_stream_workers_upstream.servers = {
"127.0.0.1:20013" = { };
};
stream_writer_account_data_stream_workers_upstream.servers = {
"127.0.0.1:20014" = { };
};
stream_writer_receipts_stream_workers_upstream.servers = {
"127.0.0.1:20015" = { };
};
stream_writer_presence_stream_workers_upstream.servers = {
"127.0.0.1:20016" = { };
};
media_repository_workers_upstream.servers = {
"127.0.0.1:18551" = { };
};
user_dir_workers_upstream.servers = {
"127.0.0.1:18661" = { };
};
}

26
host/matrix/services/nginx/matrix-upstreams.nix Normal file
View file

@ -0,0 +1,26 @@
{
generic_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
stream_writer_typing_stream_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
stream_writer_to_device_stream_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
stream_writer_account_data_stream_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
stream_writer_receipts_stream_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
stream_writer_presence_stream_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
media_repository_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
user_dir_workers_upstream.servers = {
"127.0.0.1:8008" = { };
};
}

48
host/matrix/services/nginx/nginx.nix Executable file
View file

@ -0,0 +1,48 @@
{ config, pkgs, lib, ... }:
{
services = {
nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedZstdSettings = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
appendConfig = ''
worker_processes 16;
'';
eventsConfig = ''
#use kqueue;
worker_connections 512;
'';
appendHttpConfig = ''
#sendfile on;
disable_symlinks off;
'';
upstreams = import ./matrix-upstreams.nix;
additionalModules = with pkgs.nginxModules; [
moreheaders
];
virtualHosts = {
#matrix...
"matrix.litenet.tel" = import ./litenet.tel/matrix.nix;
"matrix.localhost" = import ./localhost/matrix.nix;
};
};
};
systemd.services.nginx.serviceConfig = {
LimitNOFILE=5000000;
};
# systemd.services.nginx.requires = [ "data.mount" ];
# security.acme.acceptTerms = true;
# security.acme.defaults.email = "root@thearcanebrony.net";
# environment.systemPackages = with pkgs; [
#gitfs
# ];
}

83
host/matrix/services/postgres.nix Executable file
View file

@ -0,0 +1,83 @@
{ config, pkgs, lib, ... }:
{
systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
# TYPE, DATABASE, USER, ADDRESS, METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host matrix-synapse matrix-synapse 127.0.0.1/32 trust
host all all 0.0.0.0/0 md5
'';
# initialScript = pkgs.writeText "backend-initScript" ''
# CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
# CREATE DATABASE nixcloud;
# GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
# '';
dataDir = "/mnt/postgres/data";
settings = {
# https://pgconfigurator.cybertec.at/
max_connections = 250;
superuser_reserved_connections = 3;
# shared_buffers = "32565MB";
# work_mem = "512MB";
# maintenance_work_mem = "1024MB";
# huge_pages = "try";
# effective_cache_size = "60GB"; #was 22
# effective_io_concurrency = "8";
# random_page_cost = 4;
# can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
# shared_preload_libraries = "pg_stat_statements";
# track_io_timing = "on";
# track_functions = "pl";
# "pg_stat_statements.max" = "10000"; # additional
# "pg_stat_statements.track" = "all"; # additional
# wal_level = "replica";
# max_wal_senders = 0;
# synchronous_commit = "off"; #was on
# checkpoint_timeout = "15min";
# checkpoint_completion_target = "0.9";
# max_wal_size = "1GB";
# min_wal_size = "512MB";
#
# wal_compression = "on";
# wal_buffers = "-1";
# wal_writer_delay = "200ms";
# wal_writer_flush_after = "1MB";
# #checkpoint_segments = "64"; # additional
# default_statistics_target = "250"; # additional
# bgwriter_delay = "200ms";
# bgwriter_lru_maxpages = "100";
# bgwriter_lru_multiplier = "2.0";
# bgwriter_flush_after = "0";
# max_worker_processes = "32"; #was 14
# max_parallel_workers_per_gather = "16"; #was 7
# max_parallel_maintenance_workers = "16"; #was 7
# max_parallel_workers = "32"; #was 14
# parallel_leader_participation = "on";
# enable_partitionwise_join = "on";
# enable_partitionwise_aggregate = "on";
# jit = "on";
# max_slot_wal_keep_size = "1GB";
# track_wal_io_timing = "on";
# maintenance_io_concurrency = "4";
# wal_recycle = "on";
};
};
}

94
modules/base-server.nix Executable file
View file

@ -0,0 +1,94 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./base.nix
./users/chris.nix
];
documentation.nixos.enable = false;
documentation.enable = false;
documentation.info.enable = false;
documentation.man.enable = false;
environment.variables.BROWSER = "echo";
nix.settings.trusted-users = [ "root" "@wheel" ];
time.timeZone = lib.mkDefault "UTC";
systemd = {
# Given that our systems are headless, emergency mode is useless.
# We prefer the system to attempt to continue booting so
# that we can hopefully still access it remotely.
enableEmergencyMode = false;
# For more detail, see:
# https://0pointer.de/blog/projects/watchdog.html
watchdog = {
# systemd will send a signal to the hardware watchdog at half
# the interval defined here, so every 10s.
# If the hardware watchdog does not get a signal for 20s,
# it will forcefully reboot the system.
runtimeTime = "20s";
# Forcefully reboot if the final stage of the reboot
# hangs without progress for more than 30s.
# For more info, see:
# https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
rebootTime = "30s";
};
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
};
systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false;
# systemd.services.systemd-networkd.stopIfChanged = false;
# systemd.services.systemd-resolved.stopIfChanged = false;
nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
nix.daemonIOSchedClass = lib.mkDefault "idle";
nix.daemonIOSchedPriority = lib.mkDefault 7;
# My servers always use /dev/vda as boot disk...
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
grub = {
devices = [ "/dev/vda" ]; # nodev for EFI only
# EFI
efiSupport = false;
efiInstallAsRemovable = false;
};
timeout = 1;
};
};
networking = {
hostName = lib.mkDefault "Rory-nix-base-server";
networkmanager.enable = false;
useNetworkd = true;
wireless.enable = false;
enableIPv6 = false;
firewall = {
enable = false;
# allowedTCPPorts = [ ... ];
# allowedUDPPorts = [ ... ];
};
useDHCP = false;
# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
nameservers = [ "10.0.0.1" "10.5.0.1" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
defaultGateway = "10.0.0.1";
};
hardware.pulseaudio.enable = false;
i18n.defaultLocale = "en_US.UTF-8";
}

145
modules/base.nix Executable file
View file

@ -0,0 +1,145 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./packages/vim.nix
./users/Rory.nix
];
boot = {
initrd.systemd.enable = true;
kernelParams = [
"memory_hotplug.memmap_on_memory=1"
"memhp_default_state=online"
"net.core.default_qdisc=fq"
"net.ipv4.tcp_congestion_control=bbr"
"mitigations=off"
"audit=0"
"consoleblank=0"
"kmemcheck=0"
"no_console_suspend"
"kernel.core_pattern=/dev/null"
"init_on_alloc=0"
"kernel.sysrq=1"
"kernel.dmesg_restrict=0"
"net.ipv4.ip_forward=1"
"vm.swappiness=10"
"net.core.netdev_max_backlog=16384"
"net.core.somaxconn=8192"
"net.core.rmem_default=1048576"
"net.core.rmem_max=16777216"
"net.core.wmem_default=1048576"
"net.core.wmem_max=16777216"
"net.core.optmem_max=65536"
#"net.ipv4.tcp_rmem=4096 1048576 2097152"
#"net.ipv4.tcp_wmem=4096 65536 16777216"
"net.ipv4.udp_rmem_min=4096"
"net.ipv4.udp_wmem_min=4096"
"net.ipv4.tcp_fastopen=3"
"net.ipv4.tcp_mtu_probing=1"
"net.ipv4.tcp_keepalive_time=30"
"net.ipv4.tcp_keepalive_intvl=15"
"net.ipv4.tcp_keepalive_probes=4"
"net.ipv4.tcp_timestamps=0"
];
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
loader = {
grub = {
enable = true;
version = 2;
};
timeout = 1;
};
};
networking = {
hostName = lib.mkDefault "Rory-nix-base";
firewall = {
enable = false;
# allowedTCPPorts = [ ... ];
# allowedUDPPorts = [ ... ];
};
nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
};
i18n.defaultLocale = "en_US.UTF-8";
services = {
openssh = {
enable = true;
#allow more logins in cases where i have many ssh keys on a system
extraConfig = ''
MaxAuthTries 32
'';
};
resolved = {
enable = true;
dnssec = lib.mkForce "false";
dnsovertls = lib.mkForce "false";
};
};
systemd = {
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
};
environment.systemPackages = with pkgs; [
wget
neofetch
lnav
pciutils
git
lsd
duf
htop
btop
duf
kitty.terminfo
tmux
jq
yq
pv
dig
cloud-utils
nix-output-monitor
expect
unrar-wrapper
arch-install-scripts
debootstrap
file
unzip
brotli
# - zsh
zsh
zsh-powerlevel10k
zsh-nix-shell
zsh-you-should-use
zsh-syntax-highlighting
zsh-completions
];
systemd.coredump.extraConfig = lib.mkDefault ''
Storage=none
'';
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = [ "@wheel" ];
};
};
nixpkgs = {
config.allowUnfree = true;
};
security = {
polkit.enable = true;
sudo.wheelNeedsPassword = false;
};
}

1028
modules/packages/nginx/mime.types Normal file
View file

File diff suppressed because it is too large Load diff

22
modules/packages/vim.nix Executable file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
(neovim.override {
vimAlias = true;
configure = {
packages.myPlugins = with pkgs.vimPlugins; {
start = [ vim-lastplace vim-nix vim-airline ];
opt = [];
};
customRC = ''
" your custom vimrc
set nocompatible
set backspace=indent,eol,start
" ...
'';
};
}
)];
}

53
modules/users/Rory.client.nix Executable file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, home-manager, ... }:
{
programs = {
ssh = {
startAgent = true;
setXAuthLocation = true;
enableAskPassword = true;
};
};
home-manager.users.Rory = {
services.gnome-keyring.enable = lib.mkForce false;
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
# keepassxc, maybe?
systemd.user.services.keepassxc = {
Unit = {
Description = "KeePassXC password manager";
#After = [ "graphical-session-pre.target" ];
PartOf = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
ExecStart = "${pkgs.keepassxc}/bin/keepassxc ~/.secrets.kdbx";
Restart = "always";
};
};
systemd.user.services.easyeffects = {
Unit = {
Description = "EasyEffects";
#After = [ "graphical-session-pre.target" ];
PartOf = [ "default.target" ];
};
Install = { WantedBy = [ "default.target" ]; };
Service = {
ExecStart = "${pkgs.easyeffects}/bin/easyeffects";
Restart = "always";
};
};
home.stateVersion = "22.11";
};
}

190
modules/users/Rory.nix Executable file
View file

@ -0,0 +1,190 @@
{ config, lib, pkgs, home-manager, ... }:
{
users.users.Rory = {
isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "ocp" ];
packages = with pkgs; [
lnav
age
git
lsd
duf
btop
htop
kitty.terminfo
tmux
jq
dig
# - zsh
zsh
zsh-powerlevel10k
zsh-nix-shell
zsh-you-should-use
zsh-syntax-highlighting
zsh-completions
];
openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPRTuz83dVThuDVXhDz3w3uYBGJ+JPzdZFT6wvhQXQ3 Rory@Rory-wsl" # work laptop
];
useDefaultShell = true;
shell = pkgs.zsh;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
home-manager.users.Rory = {
programs = {
git = {
enable = true;
userName = "Rory&";
userEmail = "root@rory.gay";
extraConfig = {
safe = {
directory = "/";
};
};
};
zsh = {
enable = true;
enableAutosuggestions = true;
enableVteIntegration = true;
autocd = true;
initExtraFirst = ''
export EDITOR=nvim
export SYSTEMD_EDITOR=$EDITOR
export GIT_EDITOR=$EDITOR
export QT_QPA_PLATFORMTHEME=xdgdesktopportal
export GTK_USE_PORTAL=1
export _JAVA_AWT_WM_NONREPARENTING=1
export WINEDEBUG=-all
export DOTPROFILE_LOADED='yes'
export CHOKIDAR_USEPOLLING=true
export MSBUILDLIVELOGGER=auto
export DOTNET_WATCH_SUPPRESS_LAUNCH_BROWSER=1
export DOTNET_CLI_TELEMETRY_OPTOUT=1
function mkkey() {
echo "Making key for $1"
ssh-keygen -t ed25519 -C "$HOST -> $1" -f ~/.ssh/id_ed25519_$1
(
echo "Host $1"
echo " IdentityFile ~/.ssh/id_ed25519_$1"
) >> ~/.ssh/config
echo 'Done! Public key:'
cat ~/.ssh/id_ed25519_$1.pub
}
export DISABLE_AUTO_UPDATE=true
COMPLETION_WAITING_DOTS="true"
'';
initExtra = ''
alias mv='mv -v'
alias pre='npx prettier -w'
alias git-commit='git commit --signoff --sign'
alias npm='NODE_OPTIONS=--openssl-legacy-provider npm'
alias npx='NODE_OPTIONS=--openssl-legacy-provider npx'
alias yarn='NODE_OPTIONS=--openssl-legacy-provider npx -y yarn --use-yarnrc $XDG_CONFIG_HOME/yarn/config'
alias node='NODE_OPTIONS=--openssl-legacy-provider node'
# - dotnet
alias drun='dotnet watch run --no-hot-reload --property WarningLevel=0'
alias dbuild='dotnet watch build --no-hot-reload --property WarningLevel=0'
alias ls='lsd -lA --color=always --icon=always'
alias transfetch='neofetch --kitty ~/trans_witch.jpg'
alias gc='git-commit'
[ -f "$HOME/.profile" ] && . $HOME/.profile
'';
#alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
oh-my-zsh = {
enable = true;
plugins = [
"git"
"sudo"
];
};
plugins = [
{
name = "powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "powerlevel10k-config";
src = lib.cleanSource ./Rory;
file = "p10k.zsh";
}
{
name = "zsh-syntax-highlighting";
src = pkgs.zsh-syntax-highlighting;
file = "share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh";
}
{
name = "zsh-autosuggestions";
src = pkgs.zsh-autosuggestions;
file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
}
];
localVariables = {
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS = [
"os_icon"
"dir"
"vcs"
"prompt_char"
];
POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS = [
"status"
"command_execution_time"
"background_jobs"
"direnv"
"virtualenv"
"pyenv"
"nodeenv"
"context"
"nix_shell"
"vi_mode"
"load"
"disk_usage"
"ram"
];
POWERLEVEL9K_MODE = "nerdfont-complete";
POWERLEVEL9K_ICON_PADDING = "none";
POWERLEVEL9K_PROMPT_ADD_NEWLINE = "false";
POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR = "\uE0B1";
POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR = "\uE0B3";
POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR = "\uE0B0";
POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR = "\uE0B2";
POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL = "\uE0B0";
POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL = "\uE0B2";
POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE = true;
};
};
neovim = {
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
coc = {
enable = true;
};
};
};
programs.neovim.plugins = with pkgs.vimPlugins; [
pkgs.vimPlugins.nvim-tree-lua
{
plugin = pkgs.vimPlugins.vim-startify;
config = "let g:startify_change_to_vcs_root = 0";
}
];
home.stateVersion = "22.11";
};
}

1723
modules/users/Rory/p10k.zsh Normal file
View file

File diff suppressed because it is too large Load diff

BIN
modules/users/Rory/wallpaper.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 585 KiB

18
modules/users/chris.nix Executable file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
users.users.chris = {
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = with pkgs; [
nano
nodejs-slim
];
#initialPassword = "password";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
];
};
}

4
rebuild-wsl-no-update.sh Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/env sh
nom build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel && sudo nixos-rebuild switch --flake .#${HOSTNAME}
#./build.sh / $HOSTNAME

13
rebuild-wsl.sh Executable file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env sh
if [ -d "nixpkgs" ]; then
cd nixpkgs
# git remote add upstream https://github.com/NixOS/nixpkgs || git remote set-url upstream https://github.com/NixOS/nixpkgs
# git fetch --all -v
# git rebase upstream/nixos-unstable -v
cd ..
fi
nix flake update
nom build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel && sudo nixos-rebuild switch --flake .#${HOSTNAME}
#./build.sh / $HOSTNAME

2
rebuild.sh Executable file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env sh
./build.sh / $HOSTNAME

12
update.sh Executable file
View file

@ -0,0 +1,12 @@
#!/usr/bin/env sh
if [ -d "nixpkgs" ]; then
cd nixpkgs
# git remote add upstream https://github.com/NixOS/nixpkgs || git remote set-url upstream https://github.com/NixOS/nixpkgs
# git fetch --all -v
# git rebase upstream/nixos-unstable -v && git push --force
cd ..
fi
nix flake update
./build.sh / $HOSTNAME