Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Syzygial:main
Branches Tags
Syzygial:main
..
compare: Syzygial:442ed943a5e8634efbeca99dd04d54fd92a1444f
Branches Tags
Syzygial:main

3 Commits
main ... 442ed943a5

Author SHA1 Message Date
david
442ed943a5 universeair: moar casks 2025-03-13 11:20:10 -04:00
david
9fc4e369cb universeair: catchup 2025-03-13 11:20:10 -04:00
david
1337395df3 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/304a011325b7ac7b8c9950333cd215a7aa146b0e' (2024-07-24)
  → 'github:nix-community/home-manager/2598861031b78aadb4da7269df7ca9ddfc3e1671' (2024-08-18)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/884f3fe6d9bf056ba0017c132c39c1f0d07d4fec' (2024-07-23)
  → 'github:LnL7/nix-darwin/076b9a905af8a52b866c8db068d6da475839d97b' (2024-08-17)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/68c9ed8bbed9dfce253cc91560bf9043297ef2fe' (2024-07-21)
  → 'github:NixOS/nixpkgs/8a3354191c0d7144db9756a74755672387b702ba' (2024-08-18)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/aff2f88277dabe695de4773682842c34a0b7fd54' (2024-07-22)
  → 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
 2025-03-13 11:20:08 -04:00
72 changed files with 353 additions and 5616 deletions
Expand all files Collapse all files

286
flake.lock generated
View File

@@ -1,51 +1,53 @@
{
"nodes": {
"deploy-rs": {
"emacs-overlay": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
"nixpkgs": [
"me-emacs",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1770019181,
"narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
<<<<<<< HEAD
"lastModified": 1737825153,
"narHash": "sha256-R1p2ZXOydII+MT/SpeOXBjo/dgfD/gIArge2YAgSw38=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "4ebe4c890e7c8662ae31192359a56b0505cf10ba",
=======
"lastModified": 1724086605,
"narHash": "sha256-kZm8GJfEt8Na5JyNfjXCIUKiMOAbWDNsCejh2OeF7r8=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "d153d9f118d71fa8f4d3204639b4fd32d793ab57",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
<<<<<<< HEAD
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
=======
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -56,14 +58,22 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
<<<<<<< HEAD
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
=======
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -94,11 +104,19 @@
]
},
"locked": {
"lastModified": 1776114641,
"narHash": "sha256-VJMt3n9zGRzupzvlhcKIz4SpWflKh0rWfYTgmkmun0Q=",
<<<<<<< HEAD
"lastModified": 1741701235,
"narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2de7205ce6e10b031151033e69b7ef89708dc282",
"rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
=======
"lastModified": 1723986931,
"narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -135,7 +153,7 @@
"narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=",
"rev": "b90bf629bbd835e61f1317b99e12f8c831017006",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006"
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz"
},
"original": {
"type": "tarball",
@@ -144,44 +162,31 @@
},
"me-emacs": {
"inputs": {
"emacs-overlay": "emacs-overlay",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772550819,
"narHash": "sha256-K6TvujvSSv+pDPAXqdabd7g9wFIkOdvHOeeFohou42A=",
<<<<<<< HEAD
"lastModified": 1741711436,
"narHash": "sha256-Kfj4ZKupTKUq4UYukqerHlhG0SBhPIbNyMf4DrlboJ8=",
"ref": "refs/heads/master",
"rev": "cce76e2f8f4372dd3391a76daa53c1a89b89bc40",
"revCount": 94,
"rev": "c4135ecee1752ab5f35812951eeef23250f883c6",
"revCount": 71,
=======
"dirtyRev": "a02c16d51dc2979e911a4652e17c8df3aca6e2e2-dirty",
"dirtyShortRev": "a02c16d-dirty",
"lastModified": 1724089813,
"narHash": "sha256-o/nV+HC3KIhWZhl3w4iPh4+rd/+ASSQrVBRiRJhbYIw=",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "git",
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
"url": "file:///Users/universelaptop/.emacs.d"
},
"original": {
"type": "git",
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
}
},
"microvm": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1775996588,
"narHash": "sha256-klBp+NIkJJtFHKFEHaMqwDHSK09UufDL6RJoxUZOL5Q=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "c0a53823dbf7eb166c2fa7dc2d1e0d6cb2be7562",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
"url": "file:///Users/universelaptop/.emacs.d"
}
},
"nix-darwin": {
@@ -191,11 +196,19 @@
]
},
"locked": {
"lastModified": 1775037210,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
<<<<<<< HEAD
"lastModified": 1741229100,
"narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146",
"rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab",
=======
"lastModified": 1723859949,
"narHash": "sha256-kiaGz4deGYKMjJPOji/JVvSP/eTefrIA3rAjOnOpXl4=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "076b9a905af8a52b866c8db068d6da475839d97b",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -207,27 +220,19 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
<<<<<<< HEAD
"lastModified": 1741513245,
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
=======
"lastModified": 1723991338,
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"rev": "8a3354191c0d7144db9756a74755672387b702ba",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -237,13 +242,57 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
<<<<<<< HEAD
"lastModified": 1737672001,
"narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8",
=======
"lastModified": 1723938990,
"narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
"owner": "NixOS",
<<<<<<< HEAD
"ref": "nixos-24.11",
=======
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1721524707,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
>>>>>>> 75336a2 (flake.lock: Update)
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
@@ -255,26 +304,32 @@
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"lix-module": "lix-module",
"me-emacs": "me-emacs",
"microvm": "microvm",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1776119890,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
<<<<<<< HEAD
"lastModified": 1741644481,
"narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
"rev": "e653d71e82575a43fe9d228def8eddb73887b866",
=======
"lastModified": 1723501126,
"narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
>>>>>>> 75336a2 (flake.lock: Update)
"type": "github"
},
"original": {
@@ -283,22 +338,6 @@
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1772189877,
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
"ref": "refs/heads/main",
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
"revCount": 1255,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -328,39 +367,6 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

42
flake.nix
View File

@@ -12,12 +12,9 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm.url = "github:astro/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
};
outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm, deploy-rs }@inputs: let
outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module }@inputs: let
overlays = import ./overlays/default.nix inputs;
modules = import ./modules/default.nix inputs;
@@ -48,12 +45,11 @@
modules =[
./machines/hippocampus/configuration.nix
(overlays' [
overlays.hydra
overlays.nvidiaContainer
])
modules.sops
({ pkgs, ...}: {
nix.package = pkgs.lix;
})
lix-module.nixosModules.default
];
};
universedesktop = nixosSystem' {
@@ -63,16 +59,7 @@
overlays.emacs
])
modules.sops
# Broken w/ this nixpkgs input
# lix-module.nixosModules.default
];
};
pericyte = nixosSystem' {
modules = [
./machines/pericyte/configuration.nix
modules.sops
# lix-module.nixosModules.default
# microvm.nixosModules.host
lix-module.nixosModules.default
];
};
};
@@ -84,7 +71,7 @@
overlays.emacs
])
modules.home-manager-darwin
# lix-module.nixosModules.default
lix-module.nixosModules.default
];
};
};
@@ -102,24 +89,5 @@
];
};
};
deploy = {
nodes = {
pericyte = {
hostname = "opcp";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pericyte;
};
};
};
};
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
hydraJobs = {
# inherit (me-emacs) packages;
};
};
}

20
machines/hippocampus/backups/gitea.nix
View File

@@ -1,24 +1,6 @@
{ pkgs, config, ... }: {
{ ... }: {
services.gitea.dump = {
enable = true;
interval = "2:45";
};
systemd.timers."gitea-clear-dump" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "gitea-clear-dump.service";
};
};
systemd.services."gitea-clear-dump" = {
script = ''
${pkgs.findutils}/bin/find /var/lib/gitea/dump -type f -ctime +5 -exec rm -f {} \;
'';
serviceConfig = {
Type = "oneshot";
User = config.services.gitea.user;
};
};
}

6
machines/hippocampus/configuration.nix
View File

@@ -39,7 +39,6 @@
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1w"
"olm-3.2.16"
];
nix.gc = {
automatic = true;
@@ -90,7 +89,7 @@
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -126,8 +125,7 @@
environment.systemPackages = with pkgs; [
firefox
tmux
tio
screen
btop
htop

22
machines/hippocampus/modules/containerHeadscale.nix
View File

@@ -25,8 +25,6 @@
authKeyFile = "/var/tailauth";
extraUpFlags = ["--login-server" "${authServer}"];
};
# Resolves https://github.com/NixOS/nixpkgs/issues/430756
systemd.services.tailscaled-autoconnect.serviceConfig.Type = lib.mkForce "simple";
};
};
@@ -61,19 +59,19 @@ in {
};
config = {
# networking.bridges = {
# "br0" = {
# interfaces = [];
# };
# };
# networking.interfaces.br0.ipv4.addresses = [{
# address = "10.0.0.1";
# prefixLength = 24;
# }];
networking.bridges = {
"br0" = {
interfaces = [];
};
};
networking.interfaces.br0.ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
networking.nat = {
enable = true;
# Check for hostBridge use vb instead of ve
internalInterfaces = (map (n: "ve-${n}") (attrNames cfg.containers));
internalInterfaces = (map (n: "vb-${n}") (attrNames cfg.containers)) ++ ["br0"];
externalInterface = "enp0s25";
enableIPv6 = true;
};

2
machines/hippocampus/modules/headscale.nix
View File

@@ -91,7 +91,7 @@ let
partOf = ["headscale.service"];
script = ''
${cfg.package}/bin/headscale preauthkeys -u $(${cfg.package}/bin/headscale users -o json-line list | ${pkgs.jq}/bin/jq '.[] | select(.name=="${name}").id') create \
${cfg.package}/bin/headscale preauthkeys -u ${name} create \
${lib.optionalString options.preAuthEphemeral "--ephemeral"} \
${lib.optionalString options.preAuthReusable "--reusable"} \
--expiration ${options.preAuthExpiration} \

17
machines/hippocampus/oci/Wireguard.ContainerFile
View File

@@ -1,17 +0,0 @@
FROM alpine:3.16
RUN apk add --no-cache bash jq curl git ncurses \
bc \
coredns \
grep \
iproute2 \
iptables \
ip6tables \
iputils \
kmod \
net-tools \
nftables \
openresolv \
wireguard-tools
RUN git clone https://github.com/pia-foss/manual-connections /manual-connections
WORKDIR /manual-connections
CMD bash -c "/manual-connections/run_setup.sh && watch -n 1800 curl ip.me"

96
machines/hippocampus/oci/jelly.nix
View File

@@ -18,12 +18,10 @@
in {
containers = {
wireguard = {
# Derived from the pia-wg.tar.gz
# which was built from the containerfile
image = "localhost/pia-wg:latest";
image = "thrnz/docker-wireguard-pia";
volumes = [
# "${configDir}/wireguard:/config"
# "${configDir}/wireguard_pia:/pia"
"${configDir}/wireguard_pia:/pia"
];
ports = getPorts [
"deluge"
@@ -31,28 +29,18 @@
"radarr"
"jellyseerr"
"bazarr"
# "readarr"
"readarr"
"prowlarr"
];
environment = {
TZ = "America/Toronto";
LOC = "ca";
PIA_DNS = "false"; # - true/false
PIA_PF = "false"; # - true/false
PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true.
MAX_LATENCY = "0.2"; # - numeric value, in seconds
AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION
# PREFERRED_REGION = ""; # - the region ID for a PIA server
DIP_TOKEN = "n";
VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong
DISABLE_IPV6 = "no"; # - yes/no
LOC = "ca";
};
extraOptions = [
"--privileged" "--dns=1.1.1.1"
"--cap-add=ALL"
"--pull=newer"
"--dns=1.1.1.1"
"--env-file=${config.sops.secrets.jellyfin-pia.path}"
"--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE"
"--cap-drop=MKNOD,AUDIT_WRITE"
"--sysctl=net.ipv4.ip_forward=1"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1"
@@ -127,36 +115,6 @@
];
};
# TODO: Usage monitoring and data analytics for media removal
#
# jellystat = {
# image = "fallenbagel/jellyseerr:latest";
# volumes = [
# "${dataDir}:/data"
# "${configDir}/jellyseerr:/app/config"
# ];
# environment = baseEnv // {
# };
# extraOptions = [
# "--pull=newer"
# ];
# };
# jellysweep = {
# image = "fallenbagel/jellyseerr:latest";
# volumes = [
# "${dataDir}:/data"
# "${configDir}/jellyseerr:/app/config"
# ];
# environment = baseEnv // {
# };
# extraOptions = [
# "--pull=newer"
# ];
# };
radarr = {
image = "linuxserver/radarr:latest";
volumes = [
@@ -220,26 +178,26 @@
];
};
# readarr = {
# image = "linuxserver/readarr:nightly";
# volumes = [
# "${dataDir}:/data"
# "${configDir}/readarr:/config"
# ];
# ports = [
# "8787:8787"
# ];
# environment = baseEnv // {
#
# };
# extraOptions = [
# "--pull=newer"
# "--network" "container:wireguard"
# ];
# dependsOn = [
# "prowlarr"
# ];
# };
readarr = {
image = "linuxserver/readarr:nightly";
volumes = [
"${dataDir}:/data"
"${configDir}/readarr:/config"
];
ports = [
"8787:8787"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"prowlarr"
];
};
prowlarr = {
image = "linuxserver/prowlarr:nightly";

BIN
machines/hippocampus/oci/pia-wg.tar.gz
View File

Binary file not shown.

4
machines/hippocampus/riscv.nix
View File

@@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: {
# TODO: rename to emulation?
boot.binfmt.emulatedSystems = [
"riscv64-linux" "aarch64-linux"
"riscv64-linux"
];
boot.binfmt.preferStaticEmulators = true;
}

24
machines/hippocampus/secrets/pass.yaml
View File

@@ -1,7 +1,7 @@
nextcloud:
adminPass: ENC[AES256_GCM,data:Tz34/CW22LYNtwDNoPHq0cINRg==,iv:eSw22XtTpODEreJKSK6mM0jZWAB6qLqANYF7KesNGso=,tag:4Zp7hTv3oArx+nDIEdA7Jw==,type:str]
s3secret: ENC[AES256_GCM,data:hv3SLDs6YW5KInUBFUPXImqwnZqjegXOv7hQFtuWI48=,iv:39R8crx5/3xdK0s8/yNMwSib2yDQcfOVg0PA7GhdiXA=,tag:J8YT12onk7DOFL7Z9OEYYQ==,type:str]
jellyfin-pia: ENC[AES256_GCM,data:hOgUAr47FMd2QgzgXBeqv41Paqy6zn6tyWVDbF1JtqcTog/zZC4=,iv:opnxrycFszAhuMARcP48gKF6eL1ERNgWS68wO+s4CIM=,tag:fqimxKdTAh55ANKD3bp46w==,type:str]
adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str]
s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
ddclient: ENC[AES256_GCM,data:a31MKnoEZXrj/s8z3+MP9jhQ5/sBjljZphXBJsWj5GU=,iv:YHKCartadDQa59aUf9Fw/KgdgMgsqsVLDAIh/KeqehQ=,tag:hUaUqjcX75xw6eC9axtQmw==,type:str]
anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str]
tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str]
@@ -13,14 +13,11 @@ restic:
repo: ENC[AES256_GCM,data:7sy35DPRrhGudRorlGb2OSQzXgeKBXlC5KEYCAtw0VgCu5K2A4XjS8mSlDdf4Tz/4tun6nmH,iv:X+JOQVHL9t8Nc7zuSUrYKkUUV/lqlav9RehZf4bs8pw=,tag:roC7vneozMbnO40713tUkQ==,type:str]
passwd: ENC[AES256_GCM,data:vUsAP5+iZo7U55xnUP7Cnk1OxnrO+paHKmT2cuc=,iv:GF7fybEQZIxHPm1Z6Sj5dn/zOR5dRVgikH8LILsTMIs=,tag:Mh61boRPsfHeiSfXmrEx5Q==,type:str]
backblaze: ENC[AES256_GCM,data:IfWzuIYUrCGYpP68CPFi2vLqq9NVmiVyCE+Z8yi+cnaQwgwNL40lJEPL/U3d0lgsmrsV4GheNJ0oQ9tnrrJeBgZgwMl/CwXMctuUHo+cvVot/cNRd1vCdjRr7WUnw8737uxyW45OaaYbkZRa3NWEGDll1iFDWB2w4n5DTsomyO03tFZB5gckwQYmpjYmK4DcIWyTaEiDrznmkyM+sxoWv9pcTHZIIN7TCHHkzmlMzXXqJnoRfCpdVm/QF9jbrAYs,iv:tOa1FFyggm0ScoRdFk6tACOnQVcZMYaDqeJyX5SMKXc=,tag:EY5jQhZnLP6IzqY9garoEQ==,type:str]
oinkapi: ENC[AES256_GCM,data:bk4tLEYGpPnTgiSz9KAAwykjIFRMOL+GK9/VP/C/WGXSYyGq245w+EJuC/4+XNyic0dniGFtJOOGy9reIWj1ZIDXZY4=,iv:a85CCgy27ByGnMS/0ForMY25xkU1kgahyis0yLs5hTs=,tag:AsXxzQgyvBmpP/I0f0wApQ==,type:str]
oinkSapi: ENC[AES256_GCM,data:SXfowRHpuhDMVoeqWPkfbnj/9+uGlBCg3MwUHCADeuLgaZImSnEiYLyjQfruhzoul9E+F1Uj4QxG8KeOY7nAFqkl/Ns=,iv:GYEiAQDylHxu9CW5DB0so9QY8Ou4fZT3+wk7ZrgoP+o=,tag:W/Q+tSfDsEcSYcI+oLuxxA==,type:str]
tuwunelreg: ENC[AES256_GCM,data:5NJL1W6iVEwLwAUGlmCOHgVzV+9aLMrp8OXu8uVUw3SpCR5ffUuPsFtEHvJ2UkV1DPtJ2mz+EmqgWYOt7aY2xdtT5CTQJVlFcxQOOhJ2IYy5OpPHNtHLTWtKR1p0a3V38aBq98hZRL1JgdY1lrTtQPtV9u13zH+A2TZVmYxdG8Y=,iv:cltmxwdE0A7EYqdtaPXs2FALmO8YPydIOrNHfv7Pu9Q=,tag:ppnBVeL+t8sHhCXWOzLtjw==,type:str]
coturn-secret: ENC[AES256_GCM,data:9lPM14VVk/VlmYPy4XgIaKDQgRKcoaCaszcaETCBQMmMIGSuq+G2aHqa8dtXf6Tg/Llcza+VROZYBuC9bsFwoEDtcbhFoE9S7OKrJ8bWDDI1AGTwP3j9tgExvmd0HMyqkNrb3l1cPj4/CLcSlZxxWcYVWZL2sSzKpqhKNXGeYCM=,iv:zckUJK+F95lVKZz/XoD4nmuC14FiIU1gIxe5U4abvrg=,tag:nSPxlCMS4QXBvkb6jn4EQg==,type:str]
lk-jwt: ENC[AES256_GCM,data:6EXQbXUWsXzYwHU+KYh8FfVKoMScrbX/ITx/x128UdU1r0PmqEZ39TewmDUSlNlMsaWYRffNd8lmfF3sPZDOZzL/jNJNaTSqUKy8cPX8XF+LJqq08ZDWihvgKjcyHy6BORpe07fGp6v/otJW9XE9qujJ2QC/0MA+dJpckpfibaswfWwkL2BfmDfcq2H8Tudohg==,iv:Rm5uWOKGBKlnivGkxWokpG1YR1dxeTV+cVrDZ/3i8yE=,tag:bSeOZ7SEelDIeSGTdzRVng==,type:str]
dawarich_smtp: ENC[AES256_GCM,data:v4VU5XGGR2rLfQZsMvbXCA==,iv:jD3EFKab7/oxxqX6O1Mfz5tA/xUOGEaBtMsHnENouBQ=,tag:JWyrensx9v97blQv49jsLQ==,type:str]
mautrix-discord: ENC[AES256_GCM,data:LzRUuwdYs4HJfeSm9iKPNaGkx5Fqs0gPBdEhv0hbEANHw2Dsg/yioS5jWc8FymhVbO3L3lfpd+TJGH5dSRqU5cTcTJO34CyBLU+Y+bkbneI+Ri0ngfCEuuNpBjyvQhHrba1YskcgvUuHPMJejFPbfPKu7B+GNznI6mZUJmN6jvO7BweY2bTeC2zURMmMjcoNEcdDUhhlSRpOK/EUVZF3LE+MwBKz/WTJbtEi22wO+x/dIg3z8SLwZRSuUYwumZ7YyQAUHDJz/7Qy5u0uzMmAAY3WpQUICg8DykenndeXST2AopG4EsBazS9GwPX60Ri4MEnnPKNXSNHy0dH+NsuCnqNCIouOpraS3yobTaI7oJIPZoKTWoJWU2Xsh0pktdzyJbJf3kpal0lQkPbD4i31LQeJJbiPPXiouhKeaSKd2LcueGIWBgMD12phZ0Vk2t4S90oN25fByvfF9clviBKbJo/wrWTO2EeQpnrqOD9B1w6ZBowIxXwPUnfNP52sjKRjCWXakO/rSzLQs2DzXT7hN3cMdNsmHxGlIWlLDEHJIpcr49vIzHkCXZc8n412taBNxMRqLHRGFpB0Cjw9CelmZ8cnXOUbSzV06ahOeuJT2Gn+CwefAZSXtiZCnqqpb2758W1Xdw4VReenGyj6TIfTDbo5rfM2elbP/LOxf3obLRpyC4MQkqyo8geT3FjjYFXTc1jN7P/ma8U1YMdZaxdNwUxi1iVB28PhaJ60BMz7UYQW9QfmY24rX0TBaL2OKu4bSh1zeaZm7QbW0LCjBm1A08Pg8nYPZVobjfWXbCIYmsjGhH3T2/BLqqhfth+q3Oswqybi35AQR9EeSJ+tZWyCgHsPWgM8KCGyynqf8xvczSUeCro6MNQ5Jzw=,iv:Bo0FRzCPMFokZsRPwUg0vP+Azo6nr4sTkrU6O++lucU=,tag:zYPEZUkILsQTljLil5Yq5w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve
enc: |
@@ -31,7 +28,8 @@ sops:
RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-24T01:33:31Z"
mac: ENC[AES256_GCM,data:9DI2psMKIl3mM6oBWeNHLrl+e5UY/uvE0P/Y9T2sRMVHUmbo5dmr7yCxDoQ/t6EJKUKURqh1ESH9QNqAWULJRQvMabOt+fSZwjP+d8F8cR1pAEmeIpYfnbJslvrz1uhlvdcc+HYdM9BVYJ3BC3QgQk49qhU03Mum2Vn9iHwD+FA=,iv:GNSrYPdYEnA6VoNY2OJvCdxbBasjAk2UrifumTgspJ4=,tag:uUtlcGookPmvwkDI9i2arg==,type:str]
lastmodified: "2024-11-26T02:45:21Z"
mac: ENC[AES256_GCM,data:t5+2iRUJprwwW8GRiQx/h8IOYjjhsq+954GDL2ujXiZVM3oBhESdeBi6aMMwsqABCr+PjP4gb4qHHbduxWlGSZlAh4HSiVwwizI8XV8HZqUqPKBJEqRThzcwznCk4DOGpf1PMbktBX/r50pDeoDcgShKka1bMY8kD385SVklgNE=,iv:EXFXz12HNTMRoW0gIrTEZPHhdTG2cxaWf65uTgT7nZ4=,tag:5XweTiLnO9N8eZb4EPkh6g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.9.0

2
machines/hippocampus/servers/private.nix
View File

@@ -10,7 +10,7 @@
./private/prometheus.nix
# Pretty Visuals
./private/grafana.nix
# ./private/grafana.nix
# Home Monitoring and Control
# ./private/homeassistant.nix

8
machines/hippocampus/servers/private/grafana.nix
View File

@@ -2,11 +2,9 @@
{
services.grafana = {
enable = false;
enable = true;
settings.server = {
http_addr = "0.0.0.0";
http_port = 9998;
};
http_addr = "0.0.0.0";
http_port = 9998;
};
}

9
machines/hippocampus/servers/private/miniio.nix
View File

@@ -5,9 +5,8 @@
autoStart = true;
privateNetwork = true;
#hostBridge = "br0";
hostAddress = "10.${toString (10+n)}.0.0";
localAddress = "10.${toString (10+n)}.0.1";
hostBridge = "br0";
localAddress = "10.0.0.${toString (10+n)}/24";
# If true it registers a new node very time
# need to find where it stores the state
@@ -59,8 +58,8 @@
MINIO_VOLUMES = "/mnt/disk1/minio";
# Expandable later, but each pool must have more than 1 disk.
# https://github.com/minio/minio/issues/16711
MINIO_SERVER_URL = "http://100.64.0.4:9000";
MINIO_PROMETHEUS_URL = "http://100.64.0.4:9999";
MINIO_SERVER_URL = "http://minio1.minio1.tailnet:9000";
MINIO_PROMETHEUS_URL = "http://100.64.0.5:9999";
MINIO_PROMETHEUS_JOB_ID = "minio-job";
};
};

17
machines/hippocampus/servers/public.nix
View File

@@ -25,7 +25,7 @@
./public/nextcloud.nix
# Rabb.it at home
# ./public/watchthingz.nix
./public/watchthingz.nix
# Pterodactyl Game Server
./public/pterodactyl.nix
@@ -47,20 +47,5 @@
# Random Usage, specific port
./public/random.nix
# Perfect Pitch Project
./public/perfect_pitch.nix
# Matrix services
./public/matrix.nix
# Immich Photo Backups
./public/immich.nix
# Dawarich location tracking
./public/dawarich.nix
# IRC web-bouncer/client
./public/irc.nix
];
}

2
machines/hippocampus/servers/public/anki.nix
View File

@@ -4,8 +4,6 @@
sops.secrets.anki = { };
services.anki-sync-server = {
enable = true;
port = 7333;
address = "0.0.0.0";
users = [
{
username = "David";

1
machines/hippocampus/servers/public/caddy.nix
View File

@@ -6,7 +6,6 @@
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
email = "davidcrompton1192@gmail.com";
};
services.nginx.group = "caddy";
services.caddy.virtualHosts = {
"star.zlinger.syzygial.cc" = {
extraConfig = ''

38
machines/hippocampus/servers/public/dawarich.nix
View File

@@ -1,38 +0,0 @@
{ config, pkgs, lib, ... }: {
sops.secrets.dawarich_smtp = {
owner = config.services.dawarich.user;
group = config.services.dawarich.group;
};
services.dawarich = {
enable = true;
package = (pkgs.callPackage ./dawarich/package.nix { }).overrideAttrs (old: {
# https://github.com/Freika/dawarich/issues/1469
postInstall = (old.postInstall or "") + ''
cp ${./dawarich_smtp_config.rb} $out/config/initializers/smtp_settings.rb
'';
});
webPort = 7392;
configureNginx = false;
localDomain = "location.crompton.cc";
smtp = {
fromAddress = "automated@syzygial.cc";
user = "automated@syzygial.cc";
passwordFile = config.sops.secrets.dawarich_smtp.path;
host = "smtp.protonmail.ch";
port = 587;
};
};
services.caddy.virtualHosts = {
${config.services.dawarich.localDomain} = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.dawarich.webPort}
# encode brotli {
# match {
# content_type text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/manifest+json application/vnd.api+json application/xml application/xhtml+xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype
# }
# }
'';
};
};
}

18
machines/hippocampus/servers/public/dawarich/0001-build-ffi-gem.diff
View File

@@ -1,18 +0,0 @@
diff --git a/Gemfile.lock b/Gemfile.lock
index d45a7657..d0a7b750 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -172,12 +172,7 @@ GEM
railties (>= 6.1.0)
fakeredis (0.1.4)
ffaker (2.25.0)
- ffi (1.17.2-aarch64-linux-gnu)
- ffi (1.17.2-arm-linux-gnu)
- ffi (1.17.2-arm64-darwin)
- ffi (1.17.2-x86-linux-gnu)
- ffi (1.17.2-x86_64-darwin)
- ffi (1.17.2-x86_64-linux-gnu)
+ ffi (1.17.2)
foreman (0.90.0)
thor (~> 1.4)
fugit (1.11.1)

32
machines/hippocampus/servers/public/dawarich/0002-openssl-hotfix.diff
View File

@@ -1,32 +0,0 @@
diff --git a/Gemfile b/Gemfile
index 36cf0d9c..fc914849 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,6 +28,7 @@ gem 'omniauth-github', '~> 2.0.0'
gem 'omniauth-google-oauth2'
gem 'omniauth_openid_connect'
gem 'omniauth-rails_csrf_protection'
+gem 'openssl'
gem 'parallel'
gem 'pg'
gem 'prometheus_exporter'
diff --git a/Gemfile.lock b/Gemfile.lock
index a32eb801..b2fc45bc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -348,6 +348,7 @@ GEM
tzinfo
validate_url
webfinger (~> 2.0)
+ openssl (3.3.1)
optimist (3.2.1)
orm_adapter (0.5.0)
ostruct (0.6.1)
@@ -665,6 +666,7 @@ DEPENDENCIES
omniauth-google-oauth2
omniauth-rails_csrf_protection
omniauth_openid_connect
+ openssl
parallel
pg
prometheus_exporter

3400
machines/hippocampus/servers/public/dawarich/gemset.nix
View File

File diff suppressed because it is too large Load Diff

142
machines/hippocampus/servers/public/dawarich/package.nix
View File

@@ -1,142 +0,0 @@
{
lib,
applyPatches,
bundlerEnv,
fetchFromGitHub,
fetchNpmDeps,
nixosTests,
nodejs,
npmHooks,
ruby_3_4,
stdenv,
tailwindcss_3,
gemset ? import ./gemset.nix,
sources ? lib.importJSON ./sources.json,
unpatchedSource ? fetchFromGitHub {
owner = "Freika";
repo = "dawarich";
tag = sources.version;
inherit (sources) hash;
},
}:
let
ruby = ruby_3_4;
in
stdenv.mkDerivation (finalAttrs: {
pname = "dawarich";
inherit (sources) version;
# Use `applyPatches` here because bundix in the update script (see ./update.sh)
# needs to run on the already patched Gemfile and Gemfile.lock.
# Only patches changing these two files should be here;
# patches for other parts of the application should go directly into mkDerivation.
src = applyPatches {
src = unpatchedSource;
patches = [
# bundix and bundlerEnv fail with system-specific gems
./0001-build-ffi-gem.diff
# openssl 3.6.0 breaks ruby openssl gem
# See https://github.com/NixOS/nixpkgs/issues/456753
# and https://github.com/ruby/openssl/issues/949#issuecomment-3370358680
./0002-openssl-hotfix.diff
];
postPatch = ''
substituteInPlace ./Gemfile \
--replace-fail "ruby File.read('.ruby-version').strip" "ruby '>= 3.4.0'"
'';
};
postPatch = ''
# move import directory to a more convenient place, otherwise its behind systemd private tmp
substituteInPlace ./app/services/imports/watcher.rb \
--replace-fail 'tmp/imports/watched' 'storage/imports/watched'
'';
dawarichGems = bundlerEnv {
name = "${finalAttrs.pname}-gems-${finalAttrs.version}";
inherit gemset ruby;
inherit (finalAttrs) version;
gemdir = finalAttrs.src;
};
npmDeps = fetchNpmDeps {
inherit (finalAttrs) src;
hash = sources.npmHash;
};
RAILS_ENV = "production";
NODE_ENV = "production";
REDIS_URL = ""; # build error if not defined
TAILWINDCSS_INSTALL_DIR = "${tailwindcss_3}/bin";
nativeBuildInputs = [
nodejs
npmHooks.npmConfigHook
finalAttrs.dawarichGems
finalAttrs.dawarichGems.wrappedRuby
];
propagatedBuildInputs = [
finalAttrs.dawarichGems.wrappedRuby
];
buildInputs = [
finalAttrs.dawarichGems
];
buildPhase = ''
runHook preBuild
patchShebangs bin/
for b in $(ls $dawarichGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $dawarichGems/bin/$b bin/$b
fi
done
SECRET_KEY_BASE_DUMMY=1 bundle exec rake assets:precompile
rm -rf node_modules tmp log storage
ln -s /var/log/dawarich log
ln -s /var/lib/dawarich storage
ln -s /tmp tmp
# delete more files unneeded at runtime
rm -rf docker docs screenshots package.json package-lock.json *.md *.example
runHook postBuild
'';
installPhase = ''
runHook preInstall
# tests are not needed at runtime
rm -rf spec e2e
# delete artifacts from patching
rm *.orig
mkdir -p $out
mv .{ruby*,app_version} $out/
mv * $out/
runHook postInstall
'';
passthru = {
tests = {
inherit (nixosTests) dawarich;
};
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package dawarich
updateScript = ./update.sh;
};
meta = {
changelog = "https://github.com/Freika/dawarich/blob/${finalAttrs.version}/CHANGELOG.md";
description = "Self-hostable alternative to Google Location History (Google Maps Timeline)";
homepage = "https://dawarich.app/";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [
diogotcorreia
];
platforms = lib.platforms.linux;
};
})

5
machines/hippocampus/servers/public/dawarich/sources.json
View File

@@ -1,5 +0,0 @@
{
"version": "1.2.0",
"hash": "sha256-6NlqeiG+kjpSVpg8JFvqZPvCoigzjIcF1Ru/AdMwShg=",
"npmHash": "sha256-doBsDBsO7npHs/jyeg4xWzdauWoK6dPe8z+97IP2zxI="
}

40
machines/hippocampus/servers/public/dawarich/update.sh
View File

@@ -1,40 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix curl jq nix-update nix-prefetch-github prefetch-npm-deps gnused
set -e
set -o pipefail
OWNER="Freika"
REPO="dawarich"
old_version=$(nix-instantiate --eval -A 'dawarich.version' default.nix | tr -d '"')
version=$(curl -s ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} "https://api.github.com/repos/$OWNER/$REPO/releases/latest" | jq -r ".tag_name")
echo "Updating to $version"
if [[ "$old_version" == "$version" ]]; then
echo "Already up to date!"
exit 0
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "refs/tags/$version" 2>/dev/null)
HASH=$(echo "$JSON" | jq -r .hash)
cat > "$SCRIPT_DIR/sources.json" << EOF
{
"version": "$version",
"hash": "$HASH",
"npmHash": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -A dawarich.src)"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile" --gemset="$SCRIPT_DIR/gemset.nix"
nixfmt "$SCRIPT_DIR/gemset.nix"
NPM_HASH="$(prefetch-npm-deps "$SOURCE_DIR/package-lock.json" 2>/dev/null)"
sed -i "s;sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=;$NPM_HASH;g" "$SCRIPT_DIR/sources.json"

5
machines/hippocampus/servers/public/dawarich_smtp_config.rb
View File

@@ -1,5 +0,0 @@
Rails.application.config.action_mailer.smtp_settings.merge!(
authentication: ENV.fetch('SMTP_AUTHENTICATION', 'login').to_sym,
open_timeout: ENV.fetch('SMTP_OPEN_TIMEOUT', '25').to_i,
read_timeout: ENV.fetch('SMTP_READ_TIMEOUT', '25').to_i
)

6
machines/hippocampus/servers/public/headscale.nix
View File

@@ -6,7 +6,6 @@
enable = true;
# 7000 port addresses are for internal network
port = 7000;
address = "0.0.0.0"; # Access within nixos-containers
settings = {
server_url = "https://headscale.syzygial.cc";
# TODO: Generate keys??
@@ -27,9 +26,6 @@
dns = {
base_domain = "tailnet";
magic_dns = true;
nameservers.global = [
"1.1.1.1"
];
};
};
};
@@ -41,7 +37,7 @@
services.caddy.virtualHosts = {
"headscale.syzygial.cc" = {
extraConfig = ''
reverse_proxy 0.0.0.0:7000
reverse_proxy localhost:7000
'';
};
};

2
machines/hippocampus/servers/public/hydra.nix
View File

@@ -17,7 +17,7 @@ in {
'';
};
nix.extraOptions = ''
allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab: https://git.lix.systems
allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab:
'';
systemd.services.hydra = {
serviceConfig = {

13
machines/hippocampus/servers/public/immich.nix
View File

@@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }: {
services.immich = {
enable = true;
mediaLocation = "/mass/immich";
};
services.caddy.virtualHosts = {
"photos.crompton.cc" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.immich.port}
'';
};
};
}

25
machines/hippocampus/servers/public/irc.nix
View File

@@ -1,25 +0,0 @@
{ config, pkgs, lib, ... }: {
services.thelounge = {
enable = true;
public = false;
port = 7797;
#plugins;
#package;
extraConfig = {
# Caddy RP
reverseProxy = true;
defaults = {
name = "Esper";
host = "irc.esper.net";
port = 6697;
};
};
};
services.caddy.virtualHosts = {
"irc.glia.club" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.thelounge.port}
'';
};
};
}

6
machines/hippocampus/servers/public/matrix.nix
View File

@@ -1,6 +0,0 @@
{ ... }: {
imports = [
./matrix/server.nix
./matrix/client.nix
];
}

435
machines/hippocampus/servers/public/matrix/bots/discord.nix
View File

@@ -1,435 +0,0 @@
{ config, pkgs, lib, ... }: let
mautrix-discord-user = config.systemd.services.mautrix-discord.serviceConfig.User;
in {
sops.secrets.mautrix-discord = {
owner = mautrix-discord-user;
};
services.postgresql = {
enable = true;
ensureDatabases = [
mautrix-discord-user
];
ensureUsers = [
{
name = "${mautrix-discord-user}";
ensureDBOwnership = true;
}
];
};
services.mautrix-discord = {
enable = true;
# Secrets stored in environmentFile
settings = {
logging = {
min_level = "debug";
writers = [{
type = "stdout";
format = "pretty-colored";
} {
type = "file";
format = "json";
filename = "./logs/mautrix-discord.log";
max_size = 100;
max_backups = 10;
compress = true;
}];
};
homeserver = {
# The address that this appservice can use to connect to the homeserver.
address = "https://glia.club";
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain = "glia.club";
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software = "standard";
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint = null;
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint = null;
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media = false;
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket = false;
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds = 0;
};
bridge = {
# Localpart template of MXIDs for Discord users.
# {{.}} is replaced with the internal ID of the Discord user.
username_template = "bridge_discord_{{.}}";
# Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# Available variables:
# .ID - Internal user ID
# .Username - Legacy display/username on Discord
# .GlobalName - New displayname on Discord
# .Discriminator - The 4 numbers after the name on Discord
# .Bot - Whether the user is a bot
# .System - Whether the user is an official system user
# .Webhook - Whether the user is a webhook and is not an application
# .Application - Whether the user is an application
displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}} (Discord DM)";
# Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
# Available variables:
# .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
# .ParentName - Parent channel name (used for categories).
# .GuildName - Guild name.
# .NSFW - Whether the channel is marked as NSFW.
# .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}} (Discord)";
# Displayname template for Discord guilds (bridged as spaces).
# Available variables:
# .Name - Guild name
guild_name_template = "{{.Name}} (Discord)";
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta = "default";
# Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode.
# If not set, avatars will not be bridged. Only the /mautrix-discord/avatar/{server}/{id}/{hash} endpoint is used on this address.
# This should not have a trailing slash, the endpoint above will be appended to the provided address.
public_address = "https://discord.bridge.matrix.glia.club";
# A random key used to sign the avatar URLs. The bridge will only accept requests with a valid signature.
avatar_proxy_key = "generate";
portal_message_buffer = 128;
# Number of private channel portals to create on bridge startup.
# Other portals will be created when receiving messages.
startup_private_channel_create_limit = 5;
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
delivery_receipts = false;
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events = false;
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices = true;
# Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
# This can avoid unnecessary invite events in guild rooms when members are synced in.
restricted_rooms = false;
# Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix?
# This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4).
autojoin_thread_on_open = true;
# Should inline fields in Discord embeds be bridged as HTML tables to Matrix?
# Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI.
embed_fields_as_tables = true;
# Should guild channels be muted when the portal is created? This only meant for single-user instances,
# it won't mute it for all users if there are multiple Matrix users in the same Discord guild.
mute_channels_on_create = false;
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list = false;
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info = false;
# Should incoming custom emoji reactions be bridged as mxc:// URIs?
# If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
custom_emoji_reactions = true;
# Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
# If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
delete_portal_on_channel_delete = false;
# Should the bridge delete all portal rooms when you leave a guild on Discord?
# This only applies if the guild has no other Matrix users on this bridge instance.
delete_guild_on_leave = true;
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms = false;
# Prefix messages from webhooks with the profile info? This can be used along with a custom displayname_template
# to better handle webhooks that change their name all the time (like ones used by bridges).
#
# This will use the fallback mode in MSC4144, which means clients that support MSC4144 will not show the prefix
# (and will instead show the name and avatar as the message sender).
prefix_webhook_messages = true;
# Bridge webhook avatars?
enable_webhook_avatars = true;
# Should the bridge upload media to the Discord CDN directly before sending the message when using a user token,
# like the official client does? The other option is sending the media in the message send request as a form part
# (which is always used by bots and webhooks).
use_discord_cdn_upload = true;
# Proxy for Discord connections
proxy = "";
# Should mxc uris copied from Discord be cached?
# This can be `never` to never cache, `unencrypted` to only cache unencrypted mxc uris, or `always` to cache everything.
# If you have a media repo that generates non-unique mxc uris, you should set this to never.
cache_media = "unencrypted";
# Settings for converting Discord media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media = {
# Should custom mxc:// URIs be used instead of reuploading media?
enabled = true;
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name = "discord.bridge.matrix.glia.club";
# Optionally a custom .well-known response. This defaults to `server_name:443`
# well_known_response = "";
# The bridge supports MSC3860 media download redirects and will use them if the requester supports it.
# Optionally, you can force redirects and not allow proxying at all by setting this to false.
allow_proxy = true;
};
# Settings for converting animated stickers.
animated_sticker = {
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (lottie JSON)
# png - converts to non-animated png (fastest)
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target = "webp";
# Arguments for converter. All converters take width and height.
args = {
width = 320;
height = 320;
fps = 25; # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
};
};
# Servers to always allow double puppeting from
double_puppet_server_map = {
"glia.club" = "https://glia.club";
};
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery = false;
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map = {
"glia.club" = "as_token:$MAUTRIX_DISCORD_DOUBLE_PUPPET";
};
# The prefix for commands. Only required in non-management rooms.
command_prefix = "!discord";
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text = {
# Sent when joining a room.
welcome = "Hello, I'm a Discord bridge bot.";
# Sent when joining a management room and the user is already logged in.
welcome_connected = "Use `help` for help.";
# Sent when joining a management room and the user is not logged in.
welcome_unconnected = "Use `help` for help or `login` to log in.";
# Optional extra text sent when joining a management room.
additional_help = "";
};
# Settings for backfilling messages.
backfill = {
# Limits for forward backfilling.
forward_limits = {
# Initial backfill (when creating portal). 0 means backfill is disabled.
# A special unlimited value is not supported, you must set a limit. Initial backfill will
# fetch all messages first before backfilling anything, so high limits can take a lot of time.
initial = {
dm = 5000;
channel = 5000;
thread = 5000;
};
# Missed message backfill (on startup).
# 0 means backfill is disabled, -1 means fetch all messages since last bridged message.
# When using unlimited backfill (-1), messages are backfilled as they are fetched.
# With limits, all messages up to the limit are fetched first and backfilled afterwards.
missed = {
dm = -1;
channel = -1;
thread = -1;
};
# Maximum members in a guild to enable backfilling. Set to -1 to disable limit.
# This can be used as a rough heuristic to disable backfilling in channels that are too active.
# Currently only applies to missed message backfill.
max_guild_members = -1;
};
};
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption = {
# Allow encryption, work in group chat rooms with e2ee enabled
allow = false;
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default = false;
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# Changing this option requires updating the appservice registration file.
appservice = false;
# Whether to use MSC4190 instead of appservice login to create the bridge bot device.
# Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
# Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
# Changing this option requires updating the appservice registration file.
msc4190 = false;
# Require encryption, drop any unencrypted messages.
require = false;
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing = false;
# Should users mentions be in the event wire content to enable the server to send push notifications?
plaintext_mentions = false;
# Options for deleting megolm sessions from the bridge.
delete_keys = {
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack = false;
# Don't store outbound sessions in the inbound table.
dont_store_outbound = false;
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt = false;
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt = false;
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session = false;
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete = false;
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired = false;
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound = false;
};
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels = {
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive = "unverified";
# Minimum level that the bridge should accept for incoming Matrix messages.
send = "unverified";
# Minimum level that the bridge should require for accepting key requests.
share = "cross-signed-tofu";
};
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation = {
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom = false;
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds = 604800000;
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages = 100;
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation = false;
};
};
# Settings for provisioning API
provisioning = {
# Prefix for the provisioning API paths.
prefix = "/_matrix/provision";
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret = "generate";
# Enable debug API at /debug with provisioning authentication.
debug_endpoints = false;
};
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Discord account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions = {
"*" = "relay";
"glia.club" = "user";
"@admin:glia.club" = "admin";
"@cyborgpotato:glia.club" = "admin";
};
};
appservice = {
# The address that the homeserver can use to connect to this appservice.
address = "http://localhost:${toString config.services.mautrix-discord.settings.appservice.port}";
# The hostname and port where this appservice should listen.
hostname = "0.0.0.0";
port = 7193;
# Database config.
# See definition at top of file
database = {
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type = "postgres";
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri = "postgres:///${mautrix-discord-user}?host=/var/run/postgresql";
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns = 20;
max_idle_conns = 2;
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time = null;
max_conn_lifetime = null;
};
# The unique ID of this appservice.
id = "discord";
# Appservice bot details.
bot = {
# Username of the appservice bot.
username = "discordbot";
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname = "Discord bridge bot";
avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
};
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events = true;
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions = false;
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN";
hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN";
};
};
serviceDependencies = [ config.services.mautrix-discord.registrationServiceUnit ]
++ (lib.lists.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.lists.optional config.services.matrix-conduit.enable "matrix-conduit.service")
++ (lib.lists.optional config.services.matrix-continuwuity.enable "matrix-continuwuity.service")
++ (lib.lists.optional config.services.matrix-tuwunel.enable "matrix-tuwunel.service")
++ (lib.lists.optional config.services.dendrite.enable "dendrite.service");
environmentFile = config.sops.secrets.mautrix-discord.path;
};
services.caddy.virtualHosts = {
"${config.services.mautrix-discord.settings.bridge.direct_media.server_name}" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.mautrix-discord.settings.appservice.port}
'';
};
};
}

103
machines/hippocampus/servers/public/matrix/client.nix
View File

@@ -1,103 +0,0 @@
{ config, pkgs, lib, ... }: {
services.nginx.virtualHosts.cinny = {
listen = [{
addr = "unix:/run/nginx/cinny.sock";
}];
locations."/" = {
root = pkgs.element-web.override {
conf = {
default_server_name = "glia.club";
default_server_config = {
m.homeserver = {
base_url = "https://chat.glia.club";
server_name = "glia.club";
};
};
disable_custom_urls = false;
disable_guests = true;
disable_login_language_selector = false;
disable_3pid_login = false;
force_verification = false;
brand = "Element";
integrations_ui_url = "https://scalar.vector.im/";
integrations_rest_url = "https://scalar.vector.im/api";
integrations_widgets_urls = [
"https://scalar.vector.im/_matrix/integrations/v1"
"https://scalar.vector.im/api"
"https://scalar-staging.vector.im/_matrix/integrations/v1"
"https://scalar-staging.vector.im/api"
];
default_widget_container_height = 280;
default_country_code = "GB";
show_labs_settings = true;
features = {
threadsActivityCentre = true;
feature_video_rooms = true;
feature_group_calls = true;
feature_element_call_video_rooms = true;
};
default_federate = false;
default_theme = "light";
room_directory = {
servers = ["glia.club"];
};
enable_presence_by_hs_url = {
"https://glia.club" = true;
"https://chat.glia.club" = true;
"https://matrix.org" = false;
"https://matrix-client.matrix.org" = false;
};
setting_defaults = {
breadcrumbs = false;
};
jitsi = {
preferred_domain = "meet.element.io";
};
element_call = {
url = "https://call.element.io";
brand = "Element Call";
};
map_style_url = "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";
};
};
extraConfig = ''
index index.html;
# Set no-cache for the version, config and index.html
# so that browsers always check for a new copy of Element Web.
# NB http://your-domain/ and http://your-domain/? are also covered by this
location = /index.html {
add_header Cache-Control "no-cache";
}
location = /version {
add_header Cache-Control "no-cache";
}
# covers config.json and config.hostname.json requests as it is prefix.
location /config {
add_header Cache-Control "no-cache";
}
location /modules/ {
alias /modules/;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
'';
};
};
services.caddy.virtualHosts = {
"glia.club, glia.club:8448" = {
extraConfig = lib.mkAfter ''
reverse_proxy unix//run/nginx/cinny.sock
'';
};
"chat.glia.club" = {
extraConfig = ''
reverse_proxy unix//run/nginx/cinny.sock
'';
};
};
}

62
machines/hippocampus/servers/public/matrix/rtc.nix
View File

@@ -1,62 +0,0 @@
{ config, pkgs, lib, ... }: {
imports = [
./turn.nix
];
# Shared between lk-jwt-service and livekit
# TODO: Generate it
sops.secrets.lk-jwt = {};
services.lk-jwt-service = {
enable = true;
port = 7374;
livekitUrl = "wss://matrix-rtc.glia.club";
keyFile = config.sops.secrets.lk-jwt.path;
};
services.livekit = {
enable = true;
keyFile = config.sops.secrets.lk-jwt.path;
# Ingress of other video streams
# for RTC usage, e.g. RTMP, WHIP, etc.
ingress = { enable = false; };
# Redis is used if we were to use ingress
# redis = { };
settings = {
port = 7375;
bind_addresses = [""];
rtc = {
tcp_port = 7376;
port_range_start = 50100;
port_range_end = 50200;
use_external_ip = true;
enable_loopback_candidate = false;
};
};
};
services.matrix-tuwunel.settings = {
global.well_known = {
rtc_transports = [{
type = "livekit";
livekit_service_url = "https://matrix-rtc.glia.club";
}];
};
};
services.caddy.virtualHosts = {
"matrix-rtc.glia.club" = {
extraConfig = ''
# This is matrix-rtc-jwt
@jwt_service {
path /sfu/get* /healthz*
}
handle @jwt_service {
reverse_proxy localhost:${toString config.services.lk-jwt-service.port}
}
# This is livekit
handle {
reverse_proxy localhost:${toString config.services.livekit.settings.port} {
header_up Connection "upgrade"
header_up Upgrade {http.request.header.Upgrade}
}
}
'';
};
};
}

52
machines/hippocampus/servers/public/matrix/server.nix
View File

@@ -1,52 +0,0 @@
{ config, pkgs, lib, ... }: {
imports = [
# Real Time Communication
./rtc.nix
./bots/discord.nix
];
sops.secrets.tuwunelreg = {
owner = config.services.matrix-tuwunel.user;
};
services.matrix-tuwunel = {
enable = true;
stateDirectory = "tuwunel";
# Must be equal to whatever reverse proxy is used for the unix
# socket path to work
group = config.services.caddy.group;
settings = {
global = {
address = null;
unix_socket_path = "/run/tuwunel/tuwunel.sock";
server_name = "glia.club";
allow_federation = false;
allow_encryption = true;
new_user_displayname_suffix = "🌱";
allow_registration = true;
registration_token_file = config.sops.secrets.tuwunelreg.path;
well_known = {
client = "https://glia.club";
server = "glia.club:443";
};
# TODO: Configure more in detail/for safety:
url_preview_domain_contains_allowlist = ["*"];
};
};
};
services.caddy.virtualHosts = {
"glia.club, glia.club:8448" = {
extraConfig = let
proxy = "unix/${config.services.matrix-tuwunel.settings.global.unix_socket_path}";
in ''
reverse_proxy /_matrix/* ${proxy}
reverse_proxy /_tuwunel/* ${proxy}
reverse_proxy /.well-known/matrix/client ${proxy}
reverse_proxy /.well-known/matrix/server ${proxy}
reverse_proxy /.well-known/matrix/support ${proxy}
'';
};
};
}

88
machines/hippocampus/servers/public/matrix/turn.nix
View File

@@ -1,88 +0,0 @@
{ config, pkgs, lib, ... }: {
# TODO: Generate coturn secret
sops.secrets.coturn-secret = {
owner = "turnserver";
group = config.services.matrix-tuwunel.group;
mode = "0440";
};
# TODO: patch coturn service to specify user/group
systemd.services.coturn.serviceConfig.Group = lib.mkForce config.services.caddy.group;
services.coturn = {
enable = true;
realm = "turn.glia.club";
listening-port = 3478;
tls-listening-port = 5349;
min-port = config.services.livekit.settings.rtc.port_range_start+1;
max-port = 52000;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
cert = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.crt";
pkey = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.key";
extraConfig = ''
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
no-tcp-relay
# don't let the relay ever try to connect to private IP address ranges within your network (if any)
# given the turn server is likely behind your firewall, remember to include any privileged public IPs too.
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
# recommended additional local peers to block, to mitigate external access to internal services.
# https://www.enablesecurity.com/blog/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
# https://www.enablesecurity.com/blog/cve-2020-26262-bypass-of-coturns-access-control-protection/#further-concerns-what-else
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# special case the turn server itself so that client->TURN->TURN->client flows work
# this should be one of the turn server's listening IPs
allowed-peer-ip=10.0.0.1
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
total-quota=1200
'';
};
services.matrix-tuwunel.settings = {
global = {
turn_uris = [
"turn:turn.glia.club?transport=udp"
"turn:turn.glia.club?transport=tcp"
];
turn_secret_file = config.sops.secrets.coturn-secret.path;
};
};
services.caddy.virtualHosts = {
"turn.glia.club" = {
# Use ZeroSSL
# as WebRTC clients misbehave with LetsEncrypt:
# https://github.com/element-hq/element-android/issues/1533
# https://github.com/element-hq/element-ios/issues/2712
# https://bugs.chromium.org/p/webrtc/issues/detail?id=11710
extraConfig = ''
tls {
ca https://acme.zerossl.com/v2/DV90
}
respond "You ~~spin~~ turn me right round!"
'';
};
};
}

9
machines/hippocampus/servers/public/nextcloud.nix
View File

@@ -13,7 +13,7 @@ in {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud33;
package = pkgs.nextcloud30;
hostName = "localhost";
settings = {
trusted_domains = [
@@ -22,7 +22,8 @@ in {
];
trusted_proxies = [
"127.0.0.1"
"cloud.crompton.cc"
"nextcloud.syzygial.cc"
];
overwriteprotocol = "https";
@@ -41,7 +42,7 @@ in {
objectstore.s3 = {
enable = true;
bucket = "nextcloud";
verify_bucket_exists = false;
autocreate = false;
key = "nextcloud";
secretFile = config.sops.secrets."nextcloud/s3secret".path;
region = "us-east-1";
@@ -78,7 +79,7 @@ in {
ffmpeg_7-headless
# required for recognize app
nodejs_20 # runtime and installation requirement
node-pre-gyp # installation requirement
nodejs_20.pkgs.node-pre-gyp # installation requirement
util-linux # runtime requirement for taskset
];
};

55
machines/hippocampus/servers/public/perfect_pitch.nix
View File

@@ -1,55 +0,0 @@
{config, pkgs, ...}:
{
systemd.targets.machines.enable = true;
systemd.services."perfectpitch-container" = {
enable = true;
wantedBy = ["machines.target"];
environment = {
# SYSTEMD_NSPAWN_USE_CGNS = "0";
};
script = ''
exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
--resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse --bind /dev/net/tun \
-nbD /var/lib/machines/perfectpitch --machine perfectpitch
'';
postStart = ''
${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true
${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true
${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true
'';
serviceConfig = {
Type = "notify";
Slice = "machine.slice";
Delegate = true;
DeviceAllow = [
"/dev/fuse rwm"
"/dev/net/tun rwm"
];
};
};
networking.nat = {
enable = true;
# Check for hostBridge use vb instead of ve
internalInterfaces = ["ve-perfectpitch"];
externalInterface = "enp0s25";
enableIPv6 = true;
forwardPorts = [
{ sourcePort = 8022;
destination = "10.2.0.1:22";
proto = "tcp";
}
{ sourcePort = 8022;
destination = "10.2.0.1:22";
proto = "udp";
}
];
};
services.caddy.virtualHosts = {
"pitch.crompton.cc" = {
extraConfig = ''
reverse_proxy 10.2.0.1:8080
'';
};
};
}

4
machines/hippocampus/servers/public/pterodactyl.nix
View File

@@ -32,11 +32,11 @@
externalInterface = "enp0s25";
enableIPv6 = true;
forwardPorts = [
{ sourcePort = "25565:26000";
{ sourcePort = "25565:28000";
destination = "10.1.0.1:25565-25600";
proto = "tcp";
}
{ sourcePort = "25565:26000";
{ sourcePort = "25565:28000";
destination = "10.1.0.1:25565-25600";
proto = "udp";
}

7
machines/hippocampus/servers/public/tandoor.nix
View File

@@ -10,18 +10,15 @@ in {
SECRET_KEY = config.sops.secrets.tandoor-secret.path;
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "127.0.0.1";
POSTGRES_PORT = config.services.postgresql.settings.port;
POSTGRES_PORT = config.services.postgresql.port;
POSTGRES_USER = tandoor_user;
POSTGRES_DB = tandoor_user;
MEDIA_ROOT = "/var/lib/tandoor-recipes/media";
ENABLE_SIGNUP = "1";
ALLOWED_HOSTS = "tandoor.syzygial.cc";
};
};
systemd.services.tandoor-recipes = {
# https://github.com/TandoorRecipes/recipes/issues/3617
environment.GUNICORN_MEDIA = "1"; #lib.mkForce null;
environment.GUNICORN_MEDIA = lib.mkForce null;
serviceConfig = {
EnvironmentFile = config.sops.secrets.tandoor-pass.path;
};

16
machines/hippocampus/services/dyndns.nix
View File

@@ -2,7 +2,7 @@
sops.secrets.ddclient = {};
services.ddclient = {
enable = true;
usev4 = "webv4, web=dynamicdns.park-your-domain.com/getip";
usev4 = "web, web=dynamicdns.park-your-domain.com/getip";
protocol = "namecheap";
server = "dynamicdns.park-your-domain.com";
username = "crompton.cc";
@@ -11,18 +11,4 @@
"@"
];
};
sops.secrets.oinkapi = {};
sops.secrets.oinkSapi = {};
services.oink = {
enable = true;
apiKeyFile = config.sops.secrets.oinkapi.path;
secretApiKeyFile = config.sops.secrets.oinkSapi.path;
domains = [
{
domain = "glia.club";
subdomain = "";
ttl = 1200;
}
];
};
}

30
machines/pericyte/configuration.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
"${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
"${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
./servers.nix
./podman.nix
./container-registry.nix
# ./microvm-configuration.nix
# ./k3s.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
git
btop
tmux
oci-cli
];
boot.tmp.cleanOnBoot = true;
# zramSwap.enable = true;
networking.hostName = "pericyte";
networking.domain = "";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOaNNSV/wurGA8D7bT+WX4UlHdKqd9SFfVXvSalvHag5qYDPUIsGGkqSNj1dcong9qxrC8y7G7ybWhwRKTKXInXrq6EO4JkVkCSbVqrq8gIv66upsKltvmf0esiOdrpRgHoiup8JKaX93aUT27rykReT39mFwkJZDoD4ViNiK7QmbgDC/9pyGDSJykreSnBoxtczox8Zi+pwN8XMI4nRVdV9hppXMpj38/O3Qaq+oXdHJ2MVNy9D+TqxYofstFbzpJpEb2xA4QYnq/VVJFk8VaZlg3qxelwBJ1GNZO8TMkLA+6b07D3aISyEIQAONviNktPwRPiw903hsDyeKDunDx ssh-key-2025-03-31'' ];
system.stateVersion = "25.05";
}

6
machines/pericyte/container-registry.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }: {
services.dockerRegistry = {
enable = true;
package = pkgs.distribution;
};
}

18
machines/pericyte/hardware-configuration.nix
View File

@@ -1,18 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/FCE4-1F46"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
swapDevices = [
{
device = "/swapfile";
}
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
}

22
machines/pericyte/k3s.nix
View File

@@ -1,22 +0,0 @@
{ pkgs, ... }: {
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
services.k3s = {
enable = true;
role = "server";
extraFlags = toString [
# "--debug" # Optionally add additional args to k3s
];
};
environment.systemPackages = with pkgs; [
rancher
];
}

6
machines/pericyte/microvm-configuration.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }: {
microvm.autostart = [
"vm-starbot"
"vm-starbot-dev"
];
}

21
machines/pericyte/podman.nix
View File

@@ -1,21 +0,0 @@
{ pkgs, ... }: {
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
skopeo # Inspect images
podlet # create quadlets (systemd units)
podman-tui # status of containers in the terminal
podman-compose # start group of containers for dev
];
}

5
machines/pericyte/servers.nix
View File

@@ -1,5 +0,0 @@
{ ... }: {
imports = [
./servers/public.nix
];
}

5
machines/pericyte/servers/public.nix
View File

@@ -1,5 +0,0 @@
{ ... }: {
imports = [
./public/mirotalk.nix
];
}

8
machines/pericyte/servers/public/caddy.nix
View File

@@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
services.caddy = {
enable = true;
email = "davidcrompton1192@gmail.com";
};
}

20
machines/pericyte/servers/public/mirotalk.nix
View File

@@ -1,20 +0,0 @@
{ config, pkgs, lib, ... }: {
nixpkgs.overlays = [(final: prev: {
mirotalk = prev.buildNpmPackage {
pname = "mirotalk";
version = "2025-11-01";
src = prev.fetchFromGitHub {
owner = "miroslavpejic85";
repo = "mirotalk";
rev = "168f4ce2675f6691dfceec352b72e7a53372c9a7";
hash = "sha256-4HC25RM8GenHgNCYoJDWmtaUxnoSorr692RLa7PpW5s=";
};
npmDepsHash = "sha256-B0eHRkBThLgZ4SNA38uW1T4auCsUvS1ULOIR1iEoPqk=";
dontNpmBuild = true;
};
})];
environment.systemPackages = with pkgs; [
mirotalk
];
}

32
machines/pericyte/test.nix
View File

@@ -1,32 +0,0 @@
{ pkgs, ... }: {
users.groups.peertube = { };
users.users.peertube = {
isSystemUser = true;
group = "peertube";
home = "/var/lib/peertube";
createHome = true;
uid = 2342;
subUidRanges = [
{
count = 65536;
startUid = 2147483646;
}
];
subGidRanges = [
{
count = 65536;
startGid = 2147483647;
}
];
};
virtualisation.oci-containers = {
backend = "podman";
# containers.peertube = {
# image = "chocobozzz/peertube:latest";
# ports = [ ];
# podman = {
# user = "peertube";
# };
# };
};
}

2
machines/universeair/app-fix.nix
View File

@@ -11,7 +11,7 @@
rm -rf "$nix_apps"
mkdir -p "$nix_apps"
find ${config.system.build.applications}/Applications -maxdepth 1 -type l -exec readlink '{}' + |
while read -r src; do
while read src; do
# Spotlight does not recognize symlinks, it will ignore directory we link to the applications folder.
# It does understand MacOS aliases though, a unique filesystem feature. Sadly they cannot be created
# from bash (as far as I know), so we use the oh-so-great Apple Script instead.

11
machines/universeair/configuration.nix
View File

@@ -3,7 +3,7 @@ in
{
imports = [
# Install Apps Detactable by Spotlight
# ./app-fix.nix
./app-fix.nix
# Tiling Window Manager
./yabai.nix
# Shortcuts babe, not Automator
@@ -11,12 +11,10 @@ in
];
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nixUnstable;
nix.settings.auto-optimise-store = false;
nix.settings.trusted-users = [
"root"
"universelaptop"
];
users.users.universelaptop = {
name = "universelaptop";
@@ -145,7 +143,6 @@ in
environment.systemPackages = (with pkgs; [
me-emacs
svgbob
(aspellWithDicts (p: with p;[
en
en-computers
@@ -192,6 +189,7 @@ in
"bitwarden"
"zoom-for-it-admins"
"libreoffice"
"kicad"
"tailscale"
"godot"
"pixelorama"
@@ -220,5 +218,4 @@ in
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.primaryUser = "universelaptop";
}

18
machines/universeair/libresprite_TODO_PR.nix
View File

@@ -1,18 +0,0 @@
(libresprite.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "LibreSprite";
repo = "LibreSprite";
rev = "c99d3666b17ff731824e3eccc79cf3ec48564ad5";
fetchSubmodules = true;
sha256 = "sha256-mdMdHQvl6Mt0oisZ4c/Wk6dvklq3Iyz05brbFxSIaj0=";
};
patches = [];
buildInputs = old.buildInputs ++ (with pkgs; [
libarchive
tinyxml-2
]);
postPatch = ''
sed -i -e 's/if(''${CMAKE_SYSTEM_NAME} MATCHES "Darwin")/if(FALSE)/' CMakeLists.txt
'';
meta.broken = false;
}))

2
machines/universeair/skhd.nix
View File

@@ -2,7 +2,7 @@
services.skhd = {
enable = true;
skhdConfig = ''
cmd + shift - e : open '${(pkgs.me-emacs.override {withNativeCompilation = false;})}/Applications/Emacs.app'
cmd + shift - e : open '${pkgs.me-emacs}/Applications/Emacs.app'
cmd + shift + ctrl - e : kitty -d ~ -1
'';
};

11
machines/universedesktop/configuration.nix
View File

@@ -34,9 +34,6 @@
# ccache, y'know for blenders and whatnots
./ccache.nix
# So we can run riscv 'natively'
./riscv.nix
];
fileSystems."/home/universe/tmp" = {
@@ -60,14 +57,11 @@
#services.resolved.enable = true;
networking.resolvconf.enable = true;
sops.secrets.wireless = {
owner = "wpa_supplicant"; # TODO Use systemd service variable
};
sops.secrets.wireless = { };
networking.wireless.secretsFile = config.sops.secrets.wireless.path;
networking.wireless.enable = true;
networking.wireless.networks = {
# "BELL422 5G".pskRaw = "ext:PSK_HOME";
"BELL422".pskRaw = "ext:PSK_HOME";
};
@@ -121,6 +115,8 @@
services.fwupd.enable = true;
programs.adb.enable = true;
# GTK Support
programs.dconf.enable = true;
@@ -137,7 +133,6 @@
environment.systemPackages = with pkgs; [
direnv
nix-direnv
android-tools
];
documentation.dev.enable = true;

3
machines/universedesktop/desktop/default.nix
View File

@@ -3,7 +3,6 @@
./audio.nix
./graphics.nix
# ./dwl.nix # Sadly, nVidia seems to be too broken too often on wayland
./dwm.nix
# ./niri.nix
./dwm.nix
];
}

38
machines/universedesktop/desktop/dwl.nix
View File

@@ -7,9 +7,6 @@ in {
imports = [
./wayland.nix
];
services.displayManager.ly = {
enable = true;
};
services.displayManager.sessionPackages = [ pkgs.dwl ];
#services.gnome.gnome-keyring.enable = lib.mkDefault true;
@@ -17,21 +14,20 @@ in {
nixpkgs.overlays = [
(final: prev: {
# wlroots_0_19 = prev.wlroots_0_18.overrideAttrs (old: {
# version = "0.20.0-dev";
# src = final.fetchFromGitLab {
# domain = "gitlab.freedesktop.org";
# owner = "wlroots";
# repo = "wlroots";
# rev = "106f0f950639924d706df21f48545b09db8197ed"; # 0.20.0-dev # 2025-11-14
# hash = "sha256-Xybhb4hdvrfLCa0HopnKa6HP4b5gaepK5Y54YUg/TKM=";
# };
# });
wlroots_0_19 = prev.wlroots_0_18.overrideAttrs (old: {
src = final.fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "wlroots";
repo = "wlroots";
rev = "d305934ebe6852785a1f425ee96861f0b7280d76"; # 0.19-prev # 25-01-25
hash = "sha256-NnPSC5p/phTFe+nWp9vl8LUbmBO/RXSSUuDZ2boucXY=";
};
});
dwl = (prev.dwl.override { wlroots = final.wlroots_0_19; }).overrideAttrs (old: let
dwl-patches = pkgs.fetchgit {
url = "https://codeberg.org/dwl/dwl-patches.git";
rev = "46021333a10ecb9179c8477588fafd75c7cc7a05";
hash = "sha256-Q39EYfGNTSsfViTxW9ZFLqaw/udqkBc1hb7hEfjmsgY=";
rev = "4a869141fa643d9be792a9aa44a42cf7f7f882ad";
hash = "sha256-xlaK9xMrc+KDNecsyByRIxXmPEZ2dmP4FQ0bMojsyws=";
};
patches = let
dwl-patch = p: "${dwl-patches}/patches/${p}/${p}.patch";
@@ -42,14 +38,14 @@ in {
(dwl-patch "autostart")
];
in {
version = "28-09-2025";
version = "21-09-2024";
src = final.fetchFromGitea {
domain = "codeberg.org";
owner = "dwl";
repo = "dwl";
rev = "6cd26568d5b8be2252ac0def36cd194b4fb2d7c3";
hash = "sha256-ihxF9Z4uT0K3omO4mbzkeICY/RyqvuD+C5JSGWIf6MI=";
rev = "d1c2f434983562bd7d2ace15ab0c05155be603bc";
hash = "sha256-SpfjQfzvbpDiihziyKGPoBwvp3evgCQQhhjldAE/MwY=";
};
patches = (old.patches or []) ++ patches;
@@ -95,13 +91,13 @@ in {
# Recommended by upstream, required for screencast support
# https://github.com/YaLTeR/niri/wiki/Important-Software#portals
extraPortals = [
pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal-gtk
#pkgs.xdg-desktop-portal-gnome
#pkgs.xdg-desktop-portal-gtk
];
wlr.enable = true;
};
security = {
polkit.enable = true;
pam.services.swaylock = { };

2
machines/universedesktop/desktop/dwl/config.def.h
View File

@@ -7,7 +7,7 @@
static const int sloppyfocus = 1; /* focus follows mouse */
static const int bypass_surface_visibility = 0; /* 1 means idle inhibitors will disable idle tracking even if it's surface isn't visible */
static const unsigned int borderpx = 3; /* border pixel of windows */
static const float rootcolor[] = COLOR(0x000000ff);
static const float rootcolor[] = COLOR(0x222222ff);
static const float bordercolor[] = COLOR(0x233e5dff);
static const float focuscolor[] = COLOR(0x005577ff);
static const float urgentcolor[] = COLOR(0xff0000ff);

44
machines/universedesktop/desktop/dwm.nix
View File

@@ -2,7 +2,11 @@
nixpkgs.overlays = [
(final: prev: {
st = prev.st.override {
conf = builtins.readFile (pkgs.replaceVars ./dwm/st-config.def.h {});
conf = builtins.readFile (pkgs.substituteAll {
src = ./dwm/st-config.def.h;
env = {
};
});
};
})
];
@@ -14,18 +18,21 @@
emacsclient --create-frame --alternate-editor=""
'';
in pkgs.dwm.override {
conf = pkgs.replaceVars ./dwm/config.h {
dmenucmd="${pkgs.dmenu}/bin/dmenu_run";
termcmd="${pkgs.st}/bin/st";
editcmd="${launch_emacs}";
playcmd=pkgs.writeScript "playerctl-play-pause" ''
#!${pkgs.bash}/bin/bash
${pkgs.playerctl}/bin/playerctl play-pause
'';
scrncmd=pkgs.writeScript "screenshot-region" ''
#!${pkgs.bash}/bin/bash
${pkgs.maim}/bin/maim -o -s | ${pkgs.xclip}/bin/xclip -sel clip -t image/png
'';
conf = pkgs.substituteAll {
src = ./dwm/config.h;
env = {
dmenucmd="${pkgs.dmenu}/bin/dmenu_run";
termcmd="${pkgs.st}/bin/st";
editcmd="${launch_emacs}";
playcmd=pkgs.writeScript "playerctl-play-pause" ''
#!${pkgs.bash}/bin/bash
${pkgs.playerctl}/bin/playerctl play-pause
'';
scrncmd=pkgs.writeScript "screenshot-region" ''
#!${pkgs.bash}/bin/bash
${pkgs.maim}/bin/maim -o -s | ${pkgs.xclip}/bin/xclip -sel clip -t image/png
'';
};
};
patches = [
./dwm/fullscreen.patch
@@ -41,16 +48,6 @@
enable = true;
background = "#000000";
};
services.xserver.config = lib.mkAfter ''
Section "InputClass"
Identifier "joystick catchall"
MatchIsJoystick "on"
MatchDevicePath "/dev/input/event*"
Driver "joystick"
Option "StartKeysEnabled" "False"
Option "StartMouseEnabled" "False"
EndSection
'';
environment.sessionVariables = {
GTK_THEME="Adwaita-dark";
};
@@ -59,6 +56,5 @@ EndSection
dmenu
xclip
pwvucontrol
st
];
}

2
machines/universedesktop/desktop/graphics.nix
View File

@@ -9,7 +9,7 @@
powerManagement.finegrained = false;
nvidiaSettings = true;
open = true;
# package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
#package = config.boot.kernelPackages.nvidiaPackages.beta;
#package = let
# rcu_patch = pkgs.fetchpatch {
# url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";

101
machines/universedesktop/desktop/niri.nix
View File

@@ -1,106 +1,7 @@
{ config, pkgs, lib, ... }: let
launch_emacs = pkgs.writeScript "emacsclient-or-start" ''
#!${pkgs.bash}/bin/bash
emacsclient --create-frame --alternate-editor=""
'';
in {
{ config, pkgs, lib, ... }: {
imports = [
./wayland.nix
];
services.displayManager.sessionPackages = [ pkgs.dwl ];
#services.gnome.gnome-keyring.enable = lib.mkDefault true;
systemd.packages = [ pkgs.dwl ];
nixpkgs.overlays = [
(final: prev: {
wlroots_0_19 = prev.wlroots_0_18.overrideAttrs (old: {
src = final.fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "wlroots";
repo = "wlroots";
rev = "d305934ebe6852785a1f425ee96861f0b7280d76"; # 0.19-prev # 25-01-25
hash = "sha256-NnPSC5p/phTFe+nWp9vl8LUbmBO/RXSSUuDZ2boucXY=";
};
});
dwl = (prev.dwl.override { wlroots = final.wlroots_0_19; }).overrideAttrs (old: let
dwl-patches = pkgs.fetchgit {
url = "https://codeberg.org/dwl/dwl-patches.git";
rev = "4a869141fa643d9be792a9aa44a42cf7f7f882ad";
hash = "sha256-xlaK9xMrc+KDNecsyByRIxXmPEZ2dmP4FQ0bMojsyws=";
};
patches = let
dwl-patch = p: "${dwl-patches}/patches/${p}/${p}.patch";
in [
(dwl-patch "ipc")
(dwl-patch "restore-monitor")
(dwl-patch "regexrules")
(dwl-patch "autostart")
];
in {
version = "21-09-2024";
src = final.fetchFromGitea {
domain = "codeberg.org";
owner = "dwl";
repo = "dwl";
rev = "d1c2f434983562bd7d2ace15ab0c05155be603bc";
hash = "sha256-SpfjQfzvbpDiihziyKGPoBwvp3evgCQQhhjldAE/MwY=";
};
patches = (old.patches or []) ++ patches;
postPatch = (old.postPatch or "") + ''
export termcmd=${pkgs.foot}/bin/foot
export editcmd=${launch_emacs}
export menucmd=${pkgs.fuzzel}/bin/fuzzel
export barcmd=${pkgs.waybar}/bin/waybar
export playcmd=${pkgs.writeScript "playerctl-play-pause" ''
#!${pkgs.bash}/bin/bash
${pkgs.playerctl}/bin/playerctl play-pause
''}
export scrncmd=${pkgs.writeScript "screenshot-region" ''
#!${pkgs.bash}/bin/bash
${pkgs.slurp}/bin/slurp | ${pkgs.grim}/bin/grim -g - - | ${pkgs.wl-clipboard}/bin/wl-copy
''}
substituteAll ${./dwl/config.def.h} ./config.def.h
'';
postInstall = ''
chmod ugo+x $out/share/wayland-sessions/dwl.desktop
'';
passthru.providedSessions = ["dwl"];
});
})
];
security = {
polkit.enable = true;
pam.services.swaylock = { };
};
services.graphical-desktop.enable = true;
services.xserver.desktopManager.runXdgAutostartIfNone = lib.mkDefault true;
environment.systemPackages = with pkgs; [
dwl
waybar
foot
pwvucontrol
];
}
{ config, pkgs, lib, ... }: {
programs.niri.enable = true;
environment.sessionVariables = {
# Breaks WebCord
# NIXOS_OZONE_WL=1;
WLR_NO_HARDWARE_CURSORS=1;
SDL_VIDEODRIVER="wayland";
QT_QPA_PLATFORM="wayland-egl";
QT_WAYLAND_DISABLE_WINDOW_DECORATIONS="1";
__JAVA_AWT_WM_NONREPARENTING=1;
GTK_THEME="Adwaita-dark";
};
}

14
machines/universedesktop/desktop/obs-wayland-window-projection.patch
View File

@@ -1,8 +1,8 @@
diff --git a/frontend/widgets/OBSProjector.cpp b/frontend/widgets/OBSProjector.cpp
index cc214ea..79b0120 100644
--- a/frontend/widgets/OBSProjector.cpp
+++ b/frontend/widgets/OBSProjector.cpp
@@ -36,11 +36,6 @@ OBSProjector::OBSProjector(QWidget *widget, obs_source_t *source_, int monitor,
diff --git a/UI/window-projector.cpp b/UI/window-projector.cpp
index e61f23182..a405e9f17 100644
--- a/UI/window-projector.cpp
+++ b/UI/window-projector.cpp
@@ -37,11 +37,6 @@ OBSProjector::OBSProjector(QWidget *widget, obs_source_t *source_, int monitor,
// can skip it
windowHandle()->setProperty("isOBSProjectorWindow", true);
@@ -12,5 +12,5 @@ index cc214ea..79b0120 100644
-#endif
-
type = type_;
#ifndef __APPLE__
setWindowIcon(QIcon::fromTheme("obs", QIcon(":/res/images/obs.png")));
#ifdef __APPLE__
setWindowIcon(

10
machines/universedesktop/desktop/wayland.nix
View File

@@ -11,11 +11,11 @@
in {
glfw3-minecraft = prev.glfw3-minecraft.overrideAttrs (old: {
patches = [ (builtins.head old.patches) ] ++ [
# (patch' "0001-Key-Modifiers-Fix")
# (patch' "0002-Fix-duplicate-pointer-scroll-events")
# (patch' "0003-Implement-glfwSetCursorPosWayland")
# (patch' "0004-Fix-Window-size-on-unset-fullscreen")
# (patch' "0005-Avoid-error-on-startup")
(patch' "0001-Key-Modifiers-Fix")
(patch' "0002-Fix-duplicate-pointer-scroll-events")
(patch' "0003-Implement-glfwSetCursorPosWayland")
(patch' "0004-Fix-Window-size-on-unset-fullscreen")
(patch' "0005-Avoid-error-on-startup")
./0006-DontCrashWindowPos.patch
];
});

80
machines/universedesktop/programs/art.nix
View File

@@ -5,9 +5,41 @@
python-final: python-prev: let
py = python-prev;
in {
opencamlib = py.toPythonModule (pkgs.stdenv.mkDerivation rec {
pname = "opencamlib";
version = "2019.07";
nativeBuildInputs = (with pkgs;[
cmake
git
doxygen
boost
texlive.combined.scheme-full
]);
propagatedNativeBuildInputs = [
py.python
py.boost
py.vtk
];
postPatch = ''
mkdir -p $out/${py.python.sitePackages}/{lib,ocl}
sed -e 's#LIBRARY DESTINATION ''${PYTHON_ARCH_PACKAGES}#LIBRARY DESTINATION '"$out"'/${py.python.sitePackages}#g' -i src/pythonlib/pythonlib.cmake
sed -e 's#DESTINATION ''${PYTHON_SITE_PACKAGES}#DESTINATION '"$out"'/${py.python.sitePackages}#g' -i src/pythonlib/pythonlib.cmake
'';
cmakeFlags = [
"-DVERSION_STRING=2019.07"
"-DBUILD_CXX_LIB=ON"
"-DBUILD_PY_LIB=ON"
"-DUSE_PY_3=ON"
"-DCMAKE_BUILD_TYPE=Release"
];
src = pkgs.fetchFromGitHub {
owner = "aewallin";
repo = "opencamlib";
rev = "2019.07";
sha256 = "1a8pxp1mh8x3bfsb0l97vgxrpk482p7q9jprkd4m9hv69vva2bdz";
};
});
equation = py.buildPythonPackage {
pyproject = true;
build-system = [ py.setuptools ];
pname = "Equation";
version = "1.2.01";
nativeBuildInputs = [
@@ -20,8 +52,6 @@
};
};
morphio = py.toPythonModule ( pkgs.stdenv.mkDerivation rec {
pyproject = true;
build-system = [ py.setuptools ];
pname = "MorphIO";
version = "3.3.4";
nativeBuildInputs = (with pkgs; [
@@ -55,20 +85,30 @@
blender_cuda = prev.blender.override {
cudaSupport = true;
};
# blender = final.blender_cuda.withPackages (p: with p; [
# # OpenCAMLib support
# shapely
# equation
# opencamlib
# # NeuroMorphoVis support
# matplotlib
# seaborn
# pandas
# pillow
# h5py
# morphio
# # TODO add BluePy support?
# ]);
blender = final.blender_cuda.withPackages (p: with p; [
# OpenCAMLib support
shapely
equation
#opencamlib
# NeuroMorphoVis support
matplotlib
seaborn
pandas
pillow
h5py
morphio
# TODO add BluePy support?
]);
# Update RX and Aseprite
rx = prev.rx.overrideAttrs (old: {
version = "git";
src = prev.fetchFromGitHub {
owner = "cloudhead";
repo = old.pname;
rev = "18625a68921873ebe21a7ea8096409a9f0314541";
sha256 = "sha256-LTpaV/fgYUgA2M6Wz5qLHnTNywh13900g+umhgLvciM=";
};
});
})];
environment.systemPackages = with pkgs; [
@@ -76,8 +116,8 @@
# GTK theme support (basic) for GTK apps e.g. inkscape
adwaita-icon-theme
aseprite
pixelorama
rx
aseprite-unfree
gimp
glaxnimate

10
machines/universedesktop/programs/desktop.nix
View File

@@ -14,21 +14,19 @@
"openssl-1.1.1v"
];
services.gnome.gnome-keyring.enable = true;
environment.systemPackages = with pkgs; [
firefox
chromium
bitwarden-desktop
bitwarden
bitwarden-cli
nextcloud-client
kdePackages.kdeconnect-kde
libsForQt5.kdeconnect-kde
discord
vesktop
slack
signal-desktop
element-desktop
zoom-us
anki

26
machines/universedesktop/programs/games.nix
View File

@@ -5,36 +5,13 @@
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.config.common.default = "*";
# On X11: Steam requires a compositor for BigPicture
programs.steam.enable = true;
# Game compat
programs.gamemode.enable = true;
nixpkgs.overlays = [(final: prev: {
shattered-pixel-dungeon = prev.shattered-pixel-dungeon.overrideAttrs (old: rec {
version = "3.2.5";
patches = [];
mitmCache = final.gradle_8.fetchDeps {
inherit (old) pname;
data = ./shattered-pixel-dungeon/deps.json;
};
src = pkgs.fetchFromGitHub {
owner = "00-Evan";
repo = "shattered-pixel-dungeon";
rev = "v${version}";
hash = "sha256-ltCKM46nzZZVJqHzo3V0Igyd4q+uD95fuLMWCi18jbQ=";
};
});
})];
environment.systemPackages = with pkgs; [
# For Steam
protontricks
gamescope
gamescope-wsi
# Minecraft
openjdk17
@@ -42,8 +19,5 @@
# PS2 Games
pcsx2
# Standalone
shattered-pixel-dungeon
];
}

2
machines/universedesktop/programs/office.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: {
environment.systemPackages = with pkgs; [
emacs
me-emacs
texlive.combined.scheme-full
pandoc
libreoffice-qt

1
machines/universedesktop/programs/programming.nix
View File

@@ -10,7 +10,6 @@ in {
enable = true;
};
};
hardware.nvidia-container-toolkit.enable = true;
environment.systemPackages = with pkgs; [
godot_4

289
machines/universedesktop/programs/shattered-pixel-dungeon/deps.json
View File

@@ -1,289 +0,0 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://central.sonatype.com/repository/maven-snapshots/com/badlogicgames": {
"gdx#gdx-backend-lwjgl3/1.13.6-20251016.105554-34/SNAPSHOT": {
"jar": "sha256-unqPp0fol5ow2OPp46AmljGbt/b/zaDG8AP2QcKrVjU=",
"module": "sha256-3lbjdtsywfNKS5fxEeIEh8f8EunPNrEHieih8rqJXpE=",
"pom": "sha256-P7DA/UDAWmA+/t4H3EJkktKK/e9+pX0gH4fpljqZXWQ="
},
"gdx#gdx-freetype-platform/1.13.6-20251016.105554-35/SNAPSHOT": {
"pom": "sha256-kTnggHqjEcoBlUTM+K15WHCqKodiKvGPrgnTHuTKU4o="
},
"gdx#gdx-freetype-platform/1.13.6-20251016.105554-35/SNAPSHOT/natives-desktop": {
"jar": "sha256-TJvhHfQ9qRTZCDnOvymAn4PXmS6CziqEKN7yv5ioIQU="
},
"gdx#gdx-freetype/1.13.6-20251016.105554-35/SNAPSHOT": {
"jar": "sha256-qZWM1tkaKatC6U1h/Jgo9fV6/Six9XOuNU4qpVYhzsg=",
"module": "sha256-tyz5DG0UTrK0tt4ZK1BgJb35T5EBuNpj1gZLe6zoCTI=",
"pom": "sha256-wi92v9kAtTv++AZjKT3wJYBeISF98NLNy26X9kEVFSk="
},
"gdx#gdx-platform/1.13.6-20251016.105554-34/SNAPSHOT": {
"pom": "sha256-UW0w1+UTHDD4HaYruY6QVmd/ur/0vHS4wYDZ5hDCEuQ="
},
"gdx#gdx-platform/1.13.6-20251016.105554-34/SNAPSHOT/natives-desktop": {
"jar": "sha256-hCVxiuw/clRgnObDu+eM/OhDnTXEHhVt/gUmHTyzcgU="
},
"gdx#gdx/1.13.6-20251016.105554-34/SNAPSHOT": {
"jar": "sha256-40W5tyVSTXgmSdHtQQoll9OiGhDLhDqRPPWjrrspunM=",
"module": "sha256-4xOqM5QcQy7HCliD3TZNk+QvjI0FWI62x1pKpRNzwVs=",
"pom": "sha256-aDtJJZT/VHJyxd5RKFrQbc32IFT2wk9R7LeDvhBt8v4="
},
"gdx/gdx-backend-lwjgl3/1.13.6-SNAPSHOT/maven-metadata": {
"xml": {
"groupId": "com.badlogicgames.gdx",
"lastUpdated": "20251017222916"
}
},
"gdx/gdx-freetype-platform/1.13.6-SNAPSHOT/maven-metadata": {
"xml": {
"groupId": "com.badlogicgames.gdx",
"lastUpdated": "20251021160202"
}
},
"gdx/gdx-freetype/1.13.6-SNAPSHOT/maven-metadata": {
"xml": {
"groupId": "com.badlogicgames.gdx",
"lastUpdated": "20251017222931"
}
},
"gdx/gdx-platform/1.13.6-SNAPSHOT/maven-metadata": {
"xml": {
"groupId": "com.badlogicgames.gdx",
"lastUpdated": "20251017222936"
}
},
"gdx/gdx/1.13.6-SNAPSHOT/maven-metadata": {
"xml": {
"groupId": "com.badlogicgames.gdx",
"lastUpdated": "20251017222908"
}
}
},
"https://plugins.gradle.org/m2/org": {
"beryx#badass-runtime-plugin/1.13.1": {
"jar": "sha256-IW3RL1SacHD31B2wTupXAaF5Z0mzVerAzkMVLs0DGBc=",
"module": "sha256-Jf4I7QwECTJuc38vDJ/7BhyFQihl53ATdMOVyjpy9PA=",
"pom": "sha256-qZgenE/Me3hqUL+/IW93EBgs27ECjqsGiavMYeS37XI="
},
"beryx/runtime#org.beryx.runtime.gradle.plugin/1.13.1": {
"pom": "sha256-7SsiPX22wuiujLyvq8E96b0kKfwfNMtEFVh0jJCBu+U="
},
"slf4j#slf4j-api/1.7.32": {
"jar": "sha256-NiT4R0wa9G11+YvAl9eGSjI8gbOAiqQ2iabhxgHAJ74=",
"pom": "sha256-ABzeWzxrqRBwQlz+ny5pXkrri8KQotTNllMRJ6skT+U="
},
"slf4j#slf4j-parent/1.7.32": {
"pom": "sha256-WrNJ0PTHvAjtDvH02ThssZQKL01vFSFQ4W277MC4PHA="
}
},
"https://repo.maven.apache.org/maven2": {
"com/badlogicgames/gdx#gdx-jnigen-loader/2.5.2": {
"jar": "sha256-34HyPP1nhcUtNeEI7qo5MPVZ1NJ3CmEC51ynv6b58no=",
"module": "sha256-jwtii5G9Ez24XxUuFZMprPf0tmeDvR32AcNZfcJRIiQ=",
"pom": "sha256-i0dgu2bbPz+ZuEBj7z6ZDWOhzZx81XSlatf07kvRdoc="
},
"com/badlogicgames/gdx-controllers#gdx-controllers-core/2.2.4": {
"jar": "sha256-BNpnYnsaNkbvjyFMkdKWdCp8BVl9vCFnqqsJy9zHdHA=",
"module": "sha256-dxOP5TsOdeRf4dOROsublicWFxCuVPJUR0sizmp6pIA=",
"pom": "sha256-k7HO3nAet8GNZfFei7eds5zzGk6u5pMceIl84NgOMlQ="
},
"com/badlogicgames/gdx-controllers#gdx-controllers-desktop/2.2.4": {
"jar": "sha256-jjkOWcYhHtI+Cm/UAYzvo3+LmGXe5pmVaZBTSWuAHWw=",
"module": "sha256-zhrDRlPnkWGq8Nycm+vdDb1zQW0pHSz8ljavonod9mU=",
"pom": "sha256-2pO01ZTa8EMd+Q7bPPEOHjpGnCgCDHZb5P+fYKD6bTY="
},
"com/badlogicgames/jamepad#jamepad/2.26.5.0": {
"jar": "sha256-sO+RC6Uxyt/gQYSWow2Hy6xGAhsGJUf1tZR+A1Q1cRo=",
"module": "sha256-KGmFPVwJdU2vuY9u6veZLc2Q6K3uFxL/bgjmUgBKflA=",
"pom": "sha256-Up7mQ8lbw+6SfuSnRqwFaOQSnbb5dscD82IjN9/6Inc="
},
"com/badlogicgames/jlayer#jlayer/1.0.1-gdx": {
"jar": "sha256-qrze3C4/pBxOE4hwUj10MzfxiZMQgGMLoaIoVTjNAPs=",
"pom": "sha256-nGCRe2JnOIvFeWpSDswPF8ed2hVGUM0FQdTEE4ghv0k="
},
"org/jcraft#jorbis/0.0.17": {
"jar": "sha256-4GfymjcBQmtn7ZcwNpScbljKW7U+73JAsuceKG0lKp4=",
"pom": "sha256-GN47DZMq+Zgy202DL2g1B/vdWgsMJN1oDoTOb1cYLiQ="
},
"org/json#json/20170516": {
"jar": "sha256-gT835IIPGFTopOtPgN+UvxsfLsbDtyaS8jq5pVYlavY=",
"pom": "sha256-ZMFVQ6PV2yeaIK6w36A0oqecIVn4zUAd6kj/DyNMGN0="
},
"org/lwjgl#lwjgl-glfw/3.3.3": {
"jar": "sha256-vtx1f9KxslUUbbJrdLnL0fz1ZEuJtHsQT6chx0FgQlk=",
"pom": "sha256-fJuPWGrEz36esvNnrphUzK7i2Nf2LiOHxJ0sGvrtirM="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-linux": {
"jar": "sha256-uDBgYrF3QfNCaQiHUUIfGsIaWXv7vQxsYSJjAc3nRLg="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-linux-arm32": {
"jar": "sha256-3Z1NZxT8k1nUfdoNR8HYyLvkmQG393wj/Kepyb/CmFg="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-linux-arm64": {
"jar": "sha256-zGE5yD95nQ4UhOpMIByM5tV8jHokSlIXEWqAax60F5s="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-macos": {
"jar": "sha256-qJtVNirsnlo7vRNkYBu4WxR9trrmiJHKmiMtbPstVew="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-macos-arm64": {
"jar": "sha256-uUUdZ7wXyQb7goKlUi8liwIvMFaeC2LaAB1ZChe0Xhk="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-windows": {
"jar": "sha256-mBVbRR38b1hQid7HehL5wFeJxNzrjaRy+dMIFgEBpw0="
},
"org/lwjgl#lwjgl-glfw/3.3.3/natives-windows-x86": {
"jar": "sha256-lkZVXUBfDSo6lXa1BvV8FjKvZPaaiuWMsESK4EqceCQ="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3": {
"jar": "sha256-6Z4xJp5meKS/xi7yTFCkgcAcvdAEhh7Omlm6EnaMZRY=",
"pom": "sha256-IJuMfX+cGXLVyNX5zhmjUW/5BxRD0N+Khm2hNDvS46k="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-linux": {
"jar": "sha256-TkoT1wFdQmBbvPfvn66tRt6sZAnkN3qO1K6oFfFGNLM="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-linux-arm32": {
"jar": "sha256-5IM/wmIeLnMCBXPmKZcJIPHNHfmE/hyc7bszSNzDeG8="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-linux-arm64": {
"jar": "sha256-44PVJBwNR/QBKnU+C//+Ra/DDQBiGbm9iQN1ahA3ibU="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-macos": {
"jar": "sha256-ICTapcaqQHhmQUi3OQ+4sjHyNw6g4X1AeJTbp+nlZOw="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-macos-arm64": {
"jar": "sha256-Y5Vuokb/ZKqpzg4dbjzK1obPv5N9H81suNX0T2OCFgw="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-windows": {
"jar": "sha256-mUnI5JmYvQyHjYQohAEfE4PihRAFCR4LK897dnG4SOs="
},
"org/lwjgl#lwjgl-jemalloc/3.3.3/natives-windows-x86": {
"jar": "sha256-2bTgbiqEIFWD+wVEDSI4OFqRywGgYN2x03YiOuIl8Uo="
},
"org/lwjgl#lwjgl-openal/3.3.3": {
"jar": "sha256-rg6Cdnys8Ikh9Xj7qdhHU93rAM6toFEKK0qIK+KPv5U=",
"pom": "sha256-f6aiEbvk5FuCmHU31kN6e1KUM07TrBbLhElV70PV5w8="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-linux": {
"jar": "sha256-kDD+2SinHqwv30zhZDzE7HJNhxDjtDe9znUL3J6YKyo="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-linux-arm32": {
"jar": "sha256-xyXRfh5GJsf0O29NCKRnSW4JECXnHxn0+x8xN8Tabmc="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-linux-arm64": {
"jar": "sha256-q/OSSHs1h9qJtlUlAAjfSjYKL9Xh7gCr1h9/UpFSBaE="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-macos": {
"jar": "sha256-gmSuMqyfQTxPRQGGPF9udXam/avcXQUtMoG7rMM3fx0="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-macos-arm64": {
"jar": "sha256-OZJGOhao3xn2MRewiD6tDtko3U3wF/VbXk4St6JwSJo="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-windows": {
"jar": "sha256-49p8PbJcgduNQl7x49v6FQALBA1mnwCLCBPJQzOslsg="
},
"org/lwjgl#lwjgl-openal/3.3.3/natives-windows-x86": {
"jar": "sha256-hSyk42sf390++2zkLwi30PlXsExLz714BXsMeZ85kjE="
},
"org/lwjgl#lwjgl-opengl/3.3.3": {
"jar": "sha256-UGLadQ5ffsieJ+i2e31A+oxLFokBWeNfgoEWzmyOyh4=",
"pom": "sha256-RDkltWQq0xjUnfrpe66c3QnkkCWzAqlLAQf8iIm+bN0="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-linux": {
"jar": "sha256-2COpLGooELURLaME3MarzUyxAnBvdPfpNKIjzqIFElA="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-linux-arm32": {
"jar": "sha256-BbGiXD+3Ipdao78siIQ3I9puEFmhktVo3e/AGkV/qkc="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-linux-arm64": {
"jar": "sha256-Cyt1Mn1HRRY0EjNI1VUDrgPlFVGwyIea6QyOS04aT5w="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-macos": {
"jar": "sha256-TBBz0OWumZZtDvHWp3lXWEdtJH2TD9xewYZeOMuEfM4="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-macos-arm64": {
"jar": "sha256-8bPx3oP5c6uuOkvDLbWyKa5dVcyA27xffIQYEv4gtf4="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-windows": {
"jar": "sha256-9F5fYFlrA7Lj2LmKEjyFXr0LUVTIFV3CpWuJDMyQdHc="
},
"org/lwjgl#lwjgl-opengl/3.3.3/natives-windows-x86": {
"jar": "sha256-nZnSA95OMShsrnU6HfuYE2fJNzTxlEZEunG+Uhs68sw="
},
"org/lwjgl#lwjgl-stb/3.3.3": {
"jar": "sha256-DP96pG6p1w/MIIVwFSk+qA+/Ia3Kw0YAyE2puBpEypM=",
"pom": "sha256-jR2kP3mIdcV5yokH95rk/D6tFVQl6pVVxvqqsT1Q5J0="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-linux": {
"jar": "sha256-xEiQaN3G3ESxAwcZQ/gBotB2Y01LdNtHCSf4SjCCGeE="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-linux-arm32": {
"jar": "sha256-/WYDpBauUJJiAxV7ajQOiPX60GyAjvQcsDUBcTn+Lzw="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-linux-arm64": {
"jar": "sha256-F/DPG45SLuprS5fBkHCznlT1+H7YT7iVhXR+QPkF4ds="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-macos": {
"jar": "sha256-MpN6NS20usPpKqG72uKYipWOS5B6tbVXdky6gtsgupc="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-macos-arm64": {
"jar": "sha256-sfZYdf2d3SgJe+YHYCniuPq168FibiHO92FhHfynFcI="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-windows": {
"jar": "sha256-0Sq4Zv4RaekkrFtNa7d2eueEKp/IZSeYaCwAabtz/PI="
},
"org/lwjgl#lwjgl-stb/3.3.3/natives-windows-x86": {
"jar": "sha256-RkJORUWXM7JsSnsN0mlSCctpONr6OpASxqVoLJSixA4="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3": {
"jar": "sha256-7gUVBU7hmj9AiEJv7p2HnrLuZXsH5QZOTiyFH2rc8Us=",
"pom": "sha256-LBvRGfQeZaVEYT+R5xYOAGuBkW5zpu919UkkLMTzvvI="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3/natives-linux": {
"jar": "sha256-oHb6BaTRdHYuq1hS7nLCnRSrEKVlTyf7AGZO8bUsDAU="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3/natives-linux-arm64": {
"jar": "sha256-gNNOdtFcBJUXRBSIMpCDkdqLFPaKAwtksLQHAqNzkdc="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3/natives-macos": {
"jar": "sha256-RGXdRv35MJwM5kw1KaDaZ5L7ZxHDKB6MXbqTXmqb/Dw="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3/natives-macos-arm64": {
"jar": "sha256-b32XlBRlHjQ9yLiz+q3g4tnk/fmdVl1WI+EtQNuuSiI="
},
"org/lwjgl#lwjgl-tinyfd/3.3.3/natives-windows": {
"jar": "sha256-AihZEfHIgXNfpNDrFB/+qv2aK7k0nZj3wfuKnLScD1g="
},
"org/lwjgl#lwjgl/3.3.3": {
"jar": "sha256-3Jx7LUjoOW1oiV+JAv+gHkYlPeRN/pJ1M/8JRX6/7sQ=",
"pom": "sha256-gx1Gb8AWKUUrRhNzEeFYI8CWx9b66VKYxke5+/XWgfQ="
},
"org/lwjgl#lwjgl/3.3.3/natives-linux": {
"jar": "sha256-5mNzjFGaBvbWWYgvqOTgmvfxDpIZKe5cxUp1h/Yu1Mk="
},
"org/lwjgl#lwjgl/3.3.3/natives-linux-arm32": {
"jar": "sha256-cNP3SNRawTWDKplV6lGcpv7Tqn0dR+tnR8uHk2hGyUE="
},
"org/lwjgl#lwjgl/3.3.3/natives-linux-arm64": {
"jar": "sha256-OXp5pdiQcobUAY0CbLw3NYxTu7aqvDoVNPGf8jt/hVg="
},
"org/lwjgl#lwjgl/3.3.3/natives-macos": {
"jar": "sha256-ApTuTi3X72vvr/r8C7maKom3YHC1zYMC89dWJLZ4bQM="
},
"org/lwjgl#lwjgl/3.3.3/natives-macos-arm64": {
"jar": "sha256-UKycoJ5Z8FHcrPTcCyFF6ekW5qsUYzt1aUIxv+WTFKg="
},
"org/lwjgl#lwjgl/3.3.3/natives-windows": {
"jar": "sha256-XuY6GRh+/lu4dH/ST3sTJX2zSN9a1kEROjaV5D8hOVk="
},
"org/lwjgl#lwjgl/3.3.3/natives-windows-x86": {
"jar": "sha256-IqIjOCYlVOteEzyEQd7u2shNoILrO6yE0DLaT682l0k="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/sonatype/oss#oss-parent/9": {
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
}
}
}

3
machines/universedesktop/programs/terminal.nix
View File

@@ -9,8 +9,7 @@
htop
btop
xclip
tio
tmux
screen
usbutils
man-pages
man-pages-posix

6
machines/universedesktop/riscv.nix
View File

@@ -1,6 +0,0 @@
{ config, pkgs, lib, ... }: {
boot.binfmt.emulatedSystems = [
"riscv64-linux"
];
boot.binfmt.preferStaticEmulators = true;
}