Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Syzygial:main
Branches Tags
Syzygial:main
..
compare: Syzygial:a46014bab7f1ac87b3ce13228e4c2432662cd472
Branches Tags
Syzygial:main

4 Commits
main ... a46014bab7

Author SHA1 Message Date
David Crompton
a46014bab7 PinetabV: catch2 & registry fix 2024-07-12 03:55:12 +00:00
David Crompton
119d74c888 universedesktop: vesktop & obs 2024-07-11 23:20:13 -04:00
David Crompton
7e31efd385 universedesktop: wlroots portal 2024-07-11 23:20:12 -04:00
David Crompton
2b7a1bd25d Pinetab-v: rope in config 2024-07-11 23:20:12 -04:00
130 changed files with 1250 additions and 7248 deletions
Expand all files Collapse all files

296
flake.lock generated
View File

@@ -1,51 +1,38 @@
{ {
"nodes": { "nodes": {
"deploy-rs": { "emacs-overlay": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs", "nixpkgs": [
"utils": "utils" "me-emacs",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1770019181, "lastModified": 1692037570,
"narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=", "narHash": "sha256-bvj/wfLLFTc8cWAwhN8tgShiy8ekPWt1+gWlEH7W4zY=",
"owner": "serokell", "owner": "nix-community",
"repo": "deploy-rs", "repo": "emacs-overlay",
"rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171", "rev": "7a4b5bbc06182e2f704630cd77a614ab0d9c2f2e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "serokell", "owner": "nix-community",
"repo": "deploy-rs", "repo": "emacs-overlay",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github" "type": "github"
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1689068808,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -56,14 +43,14 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1689068808,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -72,21 +59,6 @@
"type": "github" "type": "github"
} }
}, },
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -94,11 +66,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776114641, "lastModified": 1718526747,
"narHash": "sha256-VJMt3n9zGRzupzvlhcKIz4SpWflKh0rWfYTgmkmun0Q=", "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2de7205ce6e10b031151033e69b7ef89708dc282", "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -107,54 +79,20 @@
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1737234286,
"narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=",
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737237494,
"narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=",
"rev": "b90bf629bbd835e61f1317b99e12f8c831017006",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"
}
},
"me-emacs": { "me-emacs": {
"inputs": { "inputs": {
"emacs-overlay": "emacs-overlay",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1772550819, "lastModified": 1718551485,
"narHash": "sha256-K6TvujvSSv+pDPAXqdabd7g9wFIkOdvHOeeFohou42A=", "narHash": "sha256-rIAQivtFw0YN3i3xAeBEpCcErA1KGD/IxV7c2VaKIJ8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "cce76e2f8f4372dd3391a76daa53c1a89b89bc40", "rev": "3ac7b61c9f476746489938d708309b7e69eeafd4",
"revCount": 94, "revCount": 61,
"type": "git", "type": "git",
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git" "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
}, },
@@ -163,27 +101,6 @@
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git" "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
} }
}, },
"microvm": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1775996588,
"narHash": "sha256-klBp+NIkJJtFHKFEHaMqwDHSK09UufDL6RJoxUZOL5Q=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "c0a53823dbf7eb166c2fa7dc2d1e0d6cb2be7562",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -191,11 +108,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1775037210, "lastModified": 1718662658,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146", "rev": "29b3096a6e283d7e6779187244cb2a3942239fdf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -205,29 +122,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1743014863, "lastModified": 1720158314,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", "narHash": "sha256-QNEOk6xmw3ct7P70wKzkGoqeb5gyJWEFdw7AZIul9V4=",
"owner": "NixOS", "owner": "CyborgPotato",
"repo": "nixpkgs", "repo": "nixos-hardware",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "rev": "c905e5bf25f9eab4cd3e014d3157fa3a62c3a5b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "CyborgPotato",
"ref": "nixpkgs-unstable", "ref": "master",
"repo": "nixpkgs", "repo": "nixos-hardware",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1775710090, "lastModified": 1718530797,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", "narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa", "rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -237,13 +154,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1775888245, "lastModified": 1691950488,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", "narHash": "sha256-iUNEeudc4dGjx+HsHccnGiuZUVE/nhjXuQ1DVCsHIUY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925", "rev": "720e61ed8de116eec48d6baea1d54469b536b985",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1720553833,
"narHash": "sha256-IXMiHQMtdShDXcBW95ctA+m5Oq2kLxnBt7WlMxvDQXA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "249fbde2a178a2ea2638b65b9ecebd531b338cf9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1718478900,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1718276985,
"narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3f84a279f1a6290ce154c5531378acc827836fbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -255,26 +220,26 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module",
"me-emacs": "me-emacs", "me-emacs": "me-emacs",
"microvm": "microvm",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_2", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable_2",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
"lastModified": 1776119890, "lastModified": 1718506969,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -283,22 +248,6 @@
"type": "github" "type": "github"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1772189877,
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
"ref": "refs/heads/main",
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
"revCount": 1255,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@@ -328,39 +277,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

142
flake.nix
View File

@@ -1,6 +1,8 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
nixos-hardware.url = "github:CyborgPotato/nixos-hardware/master";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
me-emacs.url = "git+https://git.syzygial.cc/Syzygial/EmacsConfig.git"; me-emacs.url = "git+https://git.syzygial.cc/Syzygial/EmacsConfig.git";
me-emacs.inputs.nixpkgs.follows = "nixpkgs"; me-emacs.inputs.nixpkgs.follows = "nixpkgs";
@@ -8,118 +10,94 @@
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm.url = "github:astro/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
}; };
outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm, deploy-rs }@inputs: let outputs = { self, nixpkgs, nixpkgs-stable, nixos-hardware, sops-nix, me-emacs, nix-darwin, home-manager }@attrs: let
overlays = import ./overlays/default.nix inputs; hydraGitea = import ./overlays/hydra.nix;
modules = import ./modules/default.nix inputs; nvidiaContainer = import ./overlays/nvidiacontainer.nix nixpkgs;
me-emacs-overlay = me-emacs.overlays.default;
overlays' = l: ({ config, pkgs, ... }: { # Configuration for `nixpkgs`
nixpkgs.overlays = l; nixpkgsConfig = {
}); config = { allowUnfree = true; };
};
pkgs_linux-x86_64 = nixpkgs.legacyPackages."x86-linux"; pkgs_linux-x86_64 = nixpkgs.legacyPackages."x86-linux";
pkgs_linux-aarch64 = nixpkgs.legacyPackages."aarch64-linux"; pkgs_linux-aarch64 = nixpkgs.legacyPackages."aarch64-linux";
sysConfig = config: {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
} // config;
nixosSystem' = config: nixpkgs.lib.nixosSystem (sysConfig ({
} // config));
darwinSystem' = config: nix-darwin.lib.darwinSystem (sysConfig ({
system = "aarch64-darwin";
} // config));
homeConf' = config: home-manager.lib.homeManagerConfiguration config;
in { in {
nixosConfigurations = { nixosConfigurations = {
nixos = nixosSystem' { nixos = nixpkgs.lib.nixosSystem {
modules =[ system = "x86_64-linux";
./machines/hippocampus/configuration.nix specialArgs = attrs;
(overlays' [ modules =
overlays.nvidiaContainer [
]) ({ config, pkgs, ... }: {
modules.sops nixpkgs.overlays = [ hydraGitea nvidiaContainer ];
({ pkgs, ...}: {
nix.package = pkgs.lix;
}) })
./machines/hippocampus/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
universedesktop = nixosSystem' { universedesktop = nixpkgs.lib.nixosSystem {
modules = [ system = "x86_64-linux";
specialArgs = attrs;
modules =
[
({ config, pkgs, ... }: {
nixpkgs.overlays = [ me-emacs-overlay ];
})
./machines/universedesktop/configuration.nix ./machines/universedesktop/configuration.nix
(overlays' [ sops-nix.nixosModules.sops
overlays.emacs
])
modules.sops
# Broken w/ this nixpkgs input
# lix-module.nixosModules.default
]; ];
}; };
pericyte = nixosSystem' { ptv = let
patch-8gb = {
hardware.deviceTree.overlays = [{
name = "8GB-patch";
dtsFile = "${nixos-hardware}/pine64/pinetab-v/star64-8GB.dts";
}];
};
in nixpkgs-stable.lib.nixosSystem {
specialArgs = {
inputs = attrs;
};
modules = [ modules = [
./machines/pericyte/configuration.nix ./machines/ptv/configuration.nix
modules.sops patch-8gb
# lix-module.nixosModules.default
# microvm.nixosModules.host
]; ];
}; };
}; };
darwinConfigurations = { darwinConfigurations."UniverseAir" = nix-darwin.lib.darwinSystem {
UniverseAir = darwinSystem' { system = "aarch64-darwin";
specialArgs = {
inputs = attrs;
};
modules = [ modules = [
./machines/universeair/configuration.nix ./machines/universeair/configuration.nix
(overlays' [ ({ config, pkgs, ... }: {
overlays.emacs nixpkgs.overlays = [ me-emacs-overlay ];
]) })
modules.home-manager-darwin home-manager.darwinModules.home-manager
# lix-module.nixosModules.default {
nixpkgs = nixpkgsConfig;
}
]; ];
}; };
}; homeConfigurations."universelaptop" = home-manager.lib.homeManagerConfiguration {
homeConfigurations = {
universelaptop = homeConf' {
pkgs = pkgs_linux-aarch64; pkgs = pkgs_linux-aarch64;
# Specify your home configuration modules here, for example,
# the path to your home.nix.
modules = [ ./machines/asahi/home.nix ];
extraSpecialArgs = { extraSpecialArgs = {
pkgs-x86_64 = pkgs_linux-x86_64; pkgs-x86_64 = pkgs_linux-x86_64;
inputs = inputs; inputs = attrs;
};
modules = [
./machines/asahi/home.nix
];
}; };
}; };
deploy = {
nodes = {
pericyte = {
hostname = "opcp";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pericyte;
};
};
};
};
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
hydraJobs = { hydraJobs = {
# inherit (me-emacs) packages; PinetabV = self.nixosConfigurations.ptv.config.system.build.toplevel;
}; };
}; };
} }

20
machines/hippocampus/backups/gitea.nix
View File

@@ -1,24 +1,6 @@
{ pkgs, config, ... }: { { ... }: {
services.gitea.dump = { services.gitea.dump = {
enable = true; enable = true;
interval = "2:45"; interval = "2:45";
}; };
systemd.timers."gitea-clear-dump" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "gitea-clear-dump.service";
};
};
systemd.services."gitea-clear-dump" = {
script = ''
${pkgs.findutils}/bin/find /var/lib/gitea/dump -type f -ctime +5 -exec rm -f {} \;
'';
serviceConfig = {
Type = "oneshot";
User = config.services.gitea.user;
};
};
} }

23
machines/hippocampus/configuration.nix
View File

@@ -39,7 +39,6 @@
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3" "nodejs-14.21.3"
"openssl-1.1.1w" "openssl-1.1.1w"
"olm-3.2.16"
]; ];
nix.gc = { nix.gc = {
automatic = true; automatic = true;
@@ -47,9 +46,6 @@
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
nix.settings.trusted-users = [
"server"
];
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
@@ -75,22 +71,22 @@
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true; # Enable the Pantheon Desktop Environment.
# services.xserver.desktopManager.plasma5.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11 # Configure keymap in X11
services.xserver = { services.xserver = {
xkb = {
layout = "us"; layout = "us";
variant = ""; xkbVariant = "";
};
}; };
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;
# Enable sound with pipewire. # Enable sound with pipewire.
services.pulseaudio.enable = false; sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
@@ -118,16 +114,15 @@
}; };
# Enable automatic login for the user. # Enable automatic login for the user.
# services.xserver.displayManager.autoLogin.enable = true; services.xserver.displayManager.autoLogin.enable = true;
# services.xserver.displayManager.autoLogin.user = "server"; services.xserver.displayManager.autoLogin.user = "server";
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
firefox firefox
tmux screen
tio
btop btop
htop htop

22
machines/hippocampus/modules/containerHeadscale.nix
View File

@@ -25,8 +25,6 @@
authKeyFile = "/var/tailauth"; authKeyFile = "/var/tailauth";
extraUpFlags = ["--login-server" "${authServer}"]; extraUpFlags = ["--login-server" "${authServer}"];
}; };
# Resolves https://github.com/NixOS/nixpkgs/issues/430756
systemd.services.tailscaled-autoconnect.serviceConfig.Type = lib.mkForce "simple";
}; };
}; };
@@ -61,19 +59,19 @@ in {
}; };
config = { config = {
# networking.bridges = { networking.bridges = {
# "br0" = { "br0" = {
# interfaces = []; interfaces = [];
# }; };
# }; };
# networking.interfaces.br0.ipv4.addresses = [{ networking.interfaces.br0.ipv4.addresses = [{
# address = "10.0.0.1"; address = "10.0.0.1";
# prefixLength = 24; prefixLength = 24;
# }]; }];
networking.nat = { networking.nat = {
enable = true; enable = true;
# Check for hostBridge use vb instead of ve # Check for hostBridge use vb instead of ve
internalInterfaces = (map (n: "ve-${n}") (attrNames cfg.containers)); internalInterfaces = (map (n: "vb-${n}") (attrNames cfg.containers)) ++ ["br0"];
externalInterface = "enp0s25"; externalInterface = "enp0s25";
enableIPv6 = true; enableIPv6 = true;
}; };

4
machines/hippocampus/modules/headscale.nix
View File

@@ -68,7 +68,7 @@ let
partOf = ["headscale.service"]; partOf = ["headscale.service"];
script = '' script = ''
${pkgs.bash}/bin/bash -c '${cfg.package}/bin/headscale users create ${name} || true' ${cfg.package}/bin/headscale users create ${name}
''; '';
serviceConfig = { serviceConfig = {
@@ -91,7 +91,7 @@ let
partOf = ["headscale.service"]; partOf = ["headscale.service"];
script = '' script = ''
${cfg.package}/bin/headscale preauthkeys -u $(${cfg.package}/bin/headscale users -o json-line list | ${pkgs.jq}/bin/jq '.[] | select(.name=="${name}").id') create \ ${cfg.package}/bin/headscale preauthkeys -u ${name} create \
${lib.optionalString options.preAuthEphemeral "--ephemeral"} \ ${lib.optionalString options.preAuthEphemeral "--ephemeral"} \
${lib.optionalString options.preAuthReusable "--reusable"} \ ${lib.optionalString options.preAuthReusable "--reusable"} \
--expiration ${options.preAuthExpiration} \ --expiration ${options.preAuthExpiration} \

2
machines/hippocampus/nvidia.nix
View File

@@ -6,7 +6,7 @@
nixpkgs.config.nvidia.acceptLicense = true; nixpkgs.config.nvidia.acceptLicense = true;
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.graphics.enable = true; hardware.opengl.enable = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU. # Optionally, you may need to select the appropriate driver version for your specific GPU.
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;

17
machines/hippocampus/oci/Wireguard.ContainerFile
View File

@@ -1,17 +0,0 @@
FROM alpine:3.16
RUN apk add --no-cache bash jq curl git ncurses \
bc \
coredns \
grep \
iproute2 \
iptables \
ip6tables \
iputils \
kmod \
net-tools \
nftables \
openresolv \
wireguard-tools
RUN git clone https://github.com/pia-foss/manual-connections /manual-connections
WORKDIR /manual-connections
CMD bash -c "/manual-connections/run_setup.sh && watch -n 1800 curl ip.me"

94
machines/hippocampus/oci/jelly.nix
View File

@@ -18,12 +18,10 @@
in { in {
containers = { containers = {
wireguard = { wireguard = {
# Derived from the pia-wg.tar.gz image = "thrnz/docker-wireguard-pia";
# which was built from the containerfile
image = "localhost/pia-wg:latest";
volumes = [ volumes = [
# "${configDir}/wireguard:/config" # "${configDir}/wireguard:/config"
# "${configDir}/wireguard_pia:/pia" "${configDir}/wireguard_pia:/pia"
]; ];
ports = getPorts [ ports = getPorts [
"deluge" "deluge"
@@ -31,28 +29,18 @@
"radarr" "radarr"
"jellyseerr" "jellyseerr"
"bazarr" "bazarr"
# "readarr" "readarr"
"prowlarr" "prowlarr"
]; ];
environment = { environment = {
TZ = "America/Toronto"; TZ = "America/Toronto";
LOC = "ca"; LOC = "ca";
PIA_DNS = "false"; # - true/false
PIA_PF = "false"; # - true/false
PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true.
MAX_LATENCY = "0.2"; # - numeric value, in seconds
AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION
# PREFERRED_REGION = ""; # - the region ID for a PIA server
DIP_TOKEN = "n";
VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong
DISABLE_IPV6 = "no"; # - yes/no
}; };
extraOptions = [ extraOptions = [
"--privileged" "--dns=1.1.1.1" "--cap-add=ALL"
"--pull=newer"
"--dns=1.1.1.1"
"--env-file=${config.sops.secrets.jellyfin-pia.path}" "--env-file=${config.sops.secrets.jellyfin-pia.path}"
"--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE"
"--cap-drop=MKNOD,AUDIT_WRITE"
"--sysctl=net.ipv4.ip_forward=1"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv6.conf.lo.disable_ipv6=1" "--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1" "--sysctl=net.ipv6.conf.all.disable_ipv6=1"
@@ -127,36 +115,6 @@
]; ];
}; };
# TODO: Usage monitoring and data analytics for media removal
#
# jellystat = {
# image = "fallenbagel/jellyseerr:latest";
# volumes = [
# "${dataDir}:/data"
# "${configDir}/jellyseerr:/app/config"
# ];
# environment = baseEnv // {
# };
# extraOptions = [
# "--pull=newer"
# ];
# };
# jellysweep = {
# image = "fallenbagel/jellyseerr:latest";
# volumes = [
# "${dataDir}:/data"
# "${configDir}/jellyseerr:/app/config"
# ];
# environment = baseEnv // {
# };
# extraOptions = [
# "--pull=newer"
# ];
# };
radarr = { radarr = {
image = "linuxserver/radarr:latest"; image = "linuxserver/radarr:latest";
volumes = [ volumes = [
@@ -220,26 +178,26 @@
]; ];
}; };
# readarr = { readarr = {
# image = "linuxserver/readarr:nightly"; image = "linuxserver/readarr:nightly";
# volumes = [ volumes = [
# "${dataDir}:/data" "${dataDir}:/data"
# "${configDir}/readarr:/config" "${configDir}/readarr:/config"
# ]; ];
# ports = [ ports = [
# "8787:8787" "8787:8787"
# ]; ];
# environment = baseEnv // { environment = baseEnv // {
#
# }; };
# extraOptions = [ extraOptions = [
# "--pull=newer" "--pull=newer"
# "--network" "container:wireguard" "--network" "container:wireguard"
# ]; ];
# dependsOn = [ dependsOn = [
# "prowlarr" "prowlarr"
# ]; ];
# }; };
prowlarr = { prowlarr = {
image = "linuxserver/prowlarr:nightly"; image = "linuxserver/prowlarr:nightly";

BIN
machines/hippocampus/oci/pia-wg.tar.gz
View File

Binary file not shown.

6
machines/hippocampus/riscv.nix
View File

@@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... ]: {
# TODO: rename to emulation?
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"riscv64-linux" "aarch64-linux" "riscv64-linux"
]; ];
boot.binfmt.preferStaticEmulators = true;
} }

25
machines/hippocampus/secrets/pass.yaml
View File

@@ -1,8 +1,7 @@
nextcloud: nextcloud:
adminPass: ENC[AES256_GCM,data:Tz34/CW22LYNtwDNoPHq0cINRg==,iv:eSw22XtTpODEreJKSK6mM0jZWAB6qLqANYF7KesNGso=,tag:4Zp7hTv3oArx+nDIEdA7Jw==,type:str] adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str]
s3secret: ENC[AES256_GCM,data:hv3SLDs6YW5KInUBFUPXImqwnZqjegXOv7hQFtuWI48=,iv:39R8crx5/3xdK0s8/yNMwSib2yDQcfOVg0PA7GhdiXA=,tag:J8YT12onk7DOFL7Z9OEYYQ==,type:str] s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
jellyfin-pia: ENC[AES256_GCM,data:hOgUAr47FMd2QgzgXBeqv41Paqy6zn6tyWVDbF1JtqcTog/zZC4=,iv:opnxrycFszAhuMARcP48gKF6eL1ERNgWS68wO+s4CIM=,tag:fqimxKdTAh55ANKD3bp46w==,type:str] jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
ddclient: ENC[AES256_GCM,data:a31MKnoEZXrj/s8z3+MP9jhQ5/sBjljZphXBJsWj5GU=,iv:YHKCartadDQa59aUf9Fw/KgdgMgsqsVLDAIh/KeqehQ=,tag:hUaUqjcX75xw6eC9axtQmw==,type:str]
anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str] anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str]
tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str] tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str]
tandoor-pass: ENC[AES256_GCM,data:Sjz2FuFm3bmqo9z2xckuIHq4qumQ2o/FA09DP7NQtngi,iv:M8BL8enwzGh4cp2hAtee99dC0VDxBvshNBiUp4QCVPQ=,tag:wMifwdLEMw4+M1EO5iywzw==,type:str] tandoor-pass: ENC[AES256_GCM,data:Sjz2FuFm3bmqo9z2xckuIHq4qumQ2o/FA09DP7NQtngi,iv:M8BL8enwzGh4cp2hAtee99dC0VDxBvshNBiUp4QCVPQ=,tag:wMifwdLEMw4+M1EO5iywzw==,type:str]
@@ -13,14 +12,11 @@ restic:
repo: ENC[AES256_GCM,data:7sy35DPRrhGudRorlGb2OSQzXgeKBXlC5KEYCAtw0VgCu5K2A4XjS8mSlDdf4Tz/4tun6nmH,iv:X+JOQVHL9t8Nc7zuSUrYKkUUV/lqlav9RehZf4bs8pw=,tag:roC7vneozMbnO40713tUkQ==,type:str] repo: ENC[AES256_GCM,data:7sy35DPRrhGudRorlGb2OSQzXgeKBXlC5KEYCAtw0VgCu5K2A4XjS8mSlDdf4Tz/4tun6nmH,iv:X+JOQVHL9t8Nc7zuSUrYKkUUV/lqlav9RehZf4bs8pw=,tag:roC7vneozMbnO40713tUkQ==,type:str]
passwd: ENC[AES256_GCM,data:vUsAP5+iZo7U55xnUP7Cnk1OxnrO+paHKmT2cuc=,iv:GF7fybEQZIxHPm1Z6Sj5dn/zOR5dRVgikH8LILsTMIs=,tag:Mh61boRPsfHeiSfXmrEx5Q==,type:str] passwd: ENC[AES256_GCM,data:vUsAP5+iZo7U55xnUP7Cnk1OxnrO+paHKmT2cuc=,iv:GF7fybEQZIxHPm1Z6Sj5dn/zOR5dRVgikH8LILsTMIs=,tag:Mh61boRPsfHeiSfXmrEx5Q==,type:str]
backblaze: ENC[AES256_GCM,data:IfWzuIYUrCGYpP68CPFi2vLqq9NVmiVyCE+Z8yi+cnaQwgwNL40lJEPL/U3d0lgsmrsV4GheNJ0oQ9tnrrJeBgZgwMl/CwXMctuUHo+cvVot/cNRd1vCdjRr7WUnw8737uxyW45OaaYbkZRa3NWEGDll1iFDWB2w4n5DTsomyO03tFZB5gckwQYmpjYmK4DcIWyTaEiDrznmkyM+sxoWv9pcTHZIIN7TCHHkzmlMzXXqJnoRfCpdVm/QF9jbrAYs,iv:tOa1FFyggm0ScoRdFk6tACOnQVcZMYaDqeJyX5SMKXc=,tag:EY5jQhZnLP6IzqY9garoEQ==,type:str] backblaze: ENC[AES256_GCM,data:IfWzuIYUrCGYpP68CPFi2vLqq9NVmiVyCE+Z8yi+cnaQwgwNL40lJEPL/U3d0lgsmrsV4GheNJ0oQ9tnrrJeBgZgwMl/CwXMctuUHo+cvVot/cNRd1vCdjRr7WUnw8737uxyW45OaaYbkZRa3NWEGDll1iFDWB2w4n5DTsomyO03tFZB5gckwQYmpjYmK4DcIWyTaEiDrznmkyM+sxoWv9pcTHZIIN7TCHHkzmlMzXXqJnoRfCpdVm/QF9jbrAYs,iv:tOa1FFyggm0ScoRdFk6tACOnQVcZMYaDqeJyX5SMKXc=,tag:EY5jQhZnLP6IzqY9garoEQ==,type:str]
oinkapi: ENC[AES256_GCM,data:bk4tLEYGpPnTgiSz9KAAwykjIFRMOL+GK9/VP/C/WGXSYyGq245w+EJuC/4+XNyic0dniGFtJOOGy9reIWj1ZIDXZY4=,iv:a85CCgy27ByGnMS/0ForMY25xkU1kgahyis0yLs5hTs=,tag:AsXxzQgyvBmpP/I0f0wApQ==,type:str]
oinkSapi: ENC[AES256_GCM,data:SXfowRHpuhDMVoeqWPkfbnj/9+uGlBCg3MwUHCADeuLgaZImSnEiYLyjQfruhzoul9E+F1Uj4QxG8KeOY7nAFqkl/Ns=,iv:GYEiAQDylHxu9CW5DB0so9QY8Ou4fZT3+wk7ZrgoP+o=,tag:W/Q+tSfDsEcSYcI+oLuxxA==,type:str]
tuwunelreg: ENC[AES256_GCM,data:5NJL1W6iVEwLwAUGlmCOHgVzV+9aLMrp8OXu8uVUw3SpCR5ffUuPsFtEHvJ2UkV1DPtJ2mz+EmqgWYOt7aY2xdtT5CTQJVlFcxQOOhJ2IYy5OpPHNtHLTWtKR1p0a3V38aBq98hZRL1JgdY1lrTtQPtV9u13zH+A2TZVmYxdG8Y=,iv:cltmxwdE0A7EYqdtaPXs2FALmO8YPydIOrNHfv7Pu9Q=,tag:ppnBVeL+t8sHhCXWOzLtjw==,type:str]
coturn-secret: ENC[AES256_GCM,data:9lPM14VVk/VlmYPy4XgIaKDQgRKcoaCaszcaETCBQMmMIGSuq+G2aHqa8dtXf6Tg/Llcza+VROZYBuC9bsFwoEDtcbhFoE9S7OKrJ8bWDDI1AGTwP3j9tgExvmd0HMyqkNrb3l1cPj4/CLcSlZxxWcYVWZL2sSzKpqhKNXGeYCM=,iv:zckUJK+F95lVKZz/XoD4nmuC14FiIU1gIxe5U4abvrg=,tag:nSPxlCMS4QXBvkb6jn4EQg==,type:str]
lk-jwt: ENC[AES256_GCM,data:6EXQbXUWsXzYwHU+KYh8FfVKoMScrbX/ITx/x128UdU1r0PmqEZ39TewmDUSlNlMsaWYRffNd8lmfF3sPZDOZzL/jNJNaTSqUKy8cPX8XF+LJqq08ZDWihvgKjcyHy6BORpe07fGp6v/otJW9XE9qujJ2QC/0MA+dJpckpfibaswfWwkL2BfmDfcq2H8Tudohg==,iv:Rm5uWOKGBKlnivGkxWokpG1YR1dxeTV+cVrDZ/3i8yE=,tag:bSeOZ7SEelDIeSGTdzRVng==,type:str]
dawarich_smtp: ENC[AES256_GCM,data:v4VU5XGGR2rLfQZsMvbXCA==,iv:jD3EFKab7/oxxqX6O1Mfz5tA/xUOGEaBtMsHnENouBQ=,tag:JWyrensx9v97blQv49jsLQ==,type:str]
mautrix-discord: ENC[AES256_GCM,data:LzRUuwdYs4HJfeSm9iKPNaGkx5Fqs0gPBdEhv0hbEANHw2Dsg/yioS5jWc8FymhVbO3L3lfpd+TJGH5dSRqU5cTcTJO34CyBLU+Y+bkbneI+Ri0ngfCEuuNpBjyvQhHrba1YskcgvUuHPMJejFPbfPKu7B+GNznI6mZUJmN6jvO7BweY2bTeC2zURMmMjcoNEcdDUhhlSRpOK/EUVZF3LE+MwBKz/WTJbtEi22wO+x/dIg3z8SLwZRSuUYwumZ7YyQAUHDJz/7Qy5u0uzMmAAY3WpQUICg8DykenndeXST2AopG4EsBazS9GwPX60Ri4MEnnPKNXSNHy0dH+NsuCnqNCIouOpraS3yobTaI7oJIPZoKTWoJWU2Xsh0pktdzyJbJf3kpal0lQkPbD4i31LQeJJbiPPXiouhKeaSKd2LcueGIWBgMD12phZ0Vk2t4S90oN25fByvfF9clviBKbJo/wrWTO2EeQpnrqOD9B1w6ZBowIxXwPUnfNP52sjKRjCWXakO/rSzLQs2DzXT7hN3cMdNsmHxGlIWlLDEHJIpcr49vIzHkCXZc8n412taBNxMRqLHRGFpB0Cjw9CelmZ8cnXOUbSzV06ahOeuJT2Gn+CwefAZSXtiZCnqqpb2758W1Xdw4VReenGyj6TIfTDbo5rfM2elbP/LOxf3obLRpyC4MQkqyo8geT3FjjYFXTc1jN7P/ma8U1YMdZaxdNwUxi1iVB28PhaJ60BMz7UYQW9QfmY24rX0TBaL2OKu4bSh1zeaZm7QbW0LCjBm1A08Pg8nYPZVobjfWXbCIYmsjGhH3T2/BLqqhfth+q3Oswqybi35AQR9EeSJ+tZWyCgHsPWgM8KCGyynqf8xvczSUeCro6MNQ5Jzw=,iv:Bo0FRzCPMFokZsRPwUg0vP+Azo6nr4sTkrU6O++lucU=,tag:zYPEZUkILsQTljLil5Yq5w==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve - recipient: age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve
enc: | enc: |
@@ -31,7 +27,8 @@ sops:
RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg== LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-24T01:33:31Z" lastmodified: "2024-06-09T21:13:43Z"
mac: ENC[AES256_GCM,data:9DI2psMKIl3mM6oBWeNHLrl+e5UY/uvE0P/Y9T2sRMVHUmbo5dmr7yCxDoQ/t6EJKUKURqh1ESH9QNqAWULJRQvMabOt+fSZwjP+d8F8cR1pAEmeIpYfnbJslvrz1uhlvdcc+HYdM9BVYJ3BC3QgQk49qhU03Mum2Vn9iHwD+FA=,iv:GNSrYPdYEnA6VoNY2OJvCdxbBasjAk2UrifumTgspJ4=,tag:uUtlcGookPmvwkDI9i2arg==,type:str] mac: ENC[AES256_GCM,data:wmHB0pgZODb1RL3CBJqQix4V5nES4XpiGJLy8wuuoq20HMQpuE+Ofh4V+px59kJF4bcGyB71OXGlDbPkf3Crz3WJe0UtQjm9qH+c3hlRZMAYCK+5g11ANPUTznjXdCE1JuNWBCu25wYRprDOuPzpr7UZETEHzKBiu2kGI6FajoU=,iv:mhQGGIiSXaaFHLm5mtIyCxjMeHDhv6Sc5fB6cGml2Bo=,tag:BnKHFPK7bhFEp95+9v9SGw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.8.1

8
machines/hippocampus/servers/private.nix
View File

@@ -10,18 +10,18 @@
./private/prometheus.nix ./private/prometheus.nix
# Pretty Visuals # Pretty Visuals
./private/grafana.nix # ./private/grafana.nix
# Home Monitoring and Control # Home Monitoring and Control
# ./private/homeassistant.nix ./private/homeassistant.nix
# Minio S3 Object Storage # Minio S3 Object Storage
./private/miniio.nix ./private/miniio.nix
# OctoPrint # OctoPrint
# ./private/octoprint.nix ./private/octoprint.nix
# Samba Share # Samba Share
# ./private/samba.nix ./private/samba.nix
]; ];
} }

4
machines/hippocampus/servers/private/grafana.nix
View File

@@ -2,11 +2,9 @@
{ {
services.grafana = { services.grafana = {
enable = false; enable = true;
settings.server = {
http_addr = "0.0.0.0"; http_addr = "0.0.0.0";
http_port = 9998; http_port = 9998;
}; };
};
} }

9
machines/hippocampus/servers/private/miniio.nix
View File

@@ -5,9 +5,8 @@
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
#hostBridge = "br0"; hostBridge = "br0";
hostAddress = "10.${toString (10+n)}.0.0"; localAddress = "10.0.0.${toString (10+n)}/24";
localAddress = "10.${toString (10+n)}.0.1";
# If true it registers a new node very time # If true it registers a new node very time
# need to find where it stores the state # need to find where it stores the state
@@ -59,8 +58,8 @@
MINIO_VOLUMES = "/mnt/disk1/minio"; MINIO_VOLUMES = "/mnt/disk1/minio";
# Expandable later, but each pool must have more than 1 disk. # Expandable later, but each pool must have more than 1 disk.
# https://github.com/minio/minio/issues/16711 # https://github.com/minio/minio/issues/16711
MINIO_SERVER_URL = "http://100.64.0.4:9000"; MINIO_SERVER_URL = "http://minio1.minio1.tailnet:9000";
MINIO_PROMETHEUS_URL = "http://100.64.0.4:9999"; MINIO_PROMETHEUS_URL = "http://100.64.0.5:9999";
MINIO_PROMETHEUS_JOB_ID = "minio-job"; MINIO_PROMETHEUS_JOB_ID = "minio-job";
}; };
}; };

23
machines/hippocampus/servers/public.nix
View File

@@ -6,6 +6,9 @@
# Entrace to Control Pane of Private Network # Entrace to Control Pane of Private Network
./public/headscale.nix ./public/headscale.nix
# Location tracking of my Dad in Saskatchewan
./public/hauk.nix
# Self Hosted Git Server # Self Hosted Git Server
./public/gitea.nix ./public/gitea.nix
@@ -25,7 +28,7 @@
./public/nextcloud.nix ./public/nextcloud.nix
# Rabb.it at home # Rabb.it at home
# ./public/watchthingz.nix ./public/watchthingz.nix
# Pterodactyl Game Server # Pterodactyl Game Server
./public/pterodactyl.nix ./public/pterodactyl.nix
@@ -44,23 +47,5 @@
# Recipe Manager # Recipe Manager
./public/tandoor.nix ./public/tandoor.nix
# Random Usage, specific port
./public/random.nix
# Perfect Pitch Project
./public/perfect_pitch.nix
# Matrix services
./public/matrix.nix
# Immich Photo Backups
./public/immich.nix
# Dawarich location tracking
./public/dawarich.nix
# IRC web-bouncer/client
./public/irc.nix
]; ];
} }

2
machines/hippocampus/servers/public/anki.nix
View File

@@ -4,8 +4,6 @@
sops.secrets.anki = { }; sops.secrets.anki = { };
services.anki-sync-server = { services.anki-sync-server = {
enable = true; enable = true;
port = 7333;
address = "0.0.0.0";
users = [ users = [
{ {
username = "David"; username = "David";

1
machines/hippocampus/servers/public/caddy.nix
View File

@@ -6,7 +6,6 @@
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
email = "davidcrompton1192@gmail.com"; email = "davidcrompton1192@gmail.com";
}; };
services.nginx.group = "caddy";
services.caddy.virtualHosts = { services.caddy.virtualHosts = {
"star.zlinger.syzygial.cc" = { "star.zlinger.syzygial.cc" = {
extraConfig = '' extraConfig = ''

38
machines/hippocampus/servers/public/dawarich.nix
View File

@@ -1,38 +0,0 @@
{ config, pkgs, lib, ... }: {
sops.secrets.dawarich_smtp = {
owner = config.services.dawarich.user;
group = config.services.dawarich.group;
};
services.dawarich = {
enable = true;
package = (pkgs.callPackage ./dawarich/package.nix { }).overrideAttrs (old: {
# https://github.com/Freika/dawarich/issues/1469
postInstall = (old.postInstall or "") + ''
cp ${./dawarich_smtp_config.rb} $out/config/initializers/smtp_settings.rb
'';
});
webPort = 7392;
configureNginx = false;
localDomain = "location.crompton.cc";
smtp = {
fromAddress = "automated@syzygial.cc";
user = "automated@syzygial.cc";
passwordFile = config.sops.secrets.dawarich_smtp.path;
host = "smtp.protonmail.ch";
port = 587;
};
};
services.caddy.virtualHosts = {
${config.services.dawarich.localDomain} = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.dawarich.webPort}
# encode brotli {
# match {
# content_type text/css text/plain text/xml text/x-component text/javascript application/x-javascript application/javascript application/json application/manifest+json application/vnd.api+json application/xml application/xhtml+xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype image/svg+xml image/x-icon image/vnd.microsoft.icon font/ttf font/eot font/otf font/opentype
# }
# }
'';
};
};
}

18
machines/hippocampus/servers/public/dawarich/0001-build-ffi-gem.diff
View File

@@ -1,18 +0,0 @@
diff --git a/Gemfile.lock b/Gemfile.lock
index d45a7657..d0a7b750 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -172,12 +172,7 @@ GEM
railties (>= 6.1.0)
fakeredis (0.1.4)
ffaker (2.25.0)
- ffi (1.17.2-aarch64-linux-gnu)
- ffi (1.17.2-arm-linux-gnu)
- ffi (1.17.2-arm64-darwin)
- ffi (1.17.2-x86-linux-gnu)
- ffi (1.17.2-x86_64-darwin)
- ffi (1.17.2-x86_64-linux-gnu)
+ ffi (1.17.2)
foreman (0.90.0)
thor (~> 1.4)
fugit (1.11.1)

32
machines/hippocampus/servers/public/dawarich/0002-openssl-hotfix.diff
View File

@@ -1,32 +0,0 @@
diff --git a/Gemfile b/Gemfile
index 36cf0d9c..fc914849 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,6 +28,7 @@ gem 'omniauth-github', '~> 2.0.0'
gem 'omniauth-google-oauth2'
gem 'omniauth_openid_connect'
gem 'omniauth-rails_csrf_protection'
+gem 'openssl'
gem 'parallel'
gem 'pg'
gem 'prometheus_exporter'
diff --git a/Gemfile.lock b/Gemfile.lock
index a32eb801..b2fc45bc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -348,6 +348,7 @@ GEM
tzinfo
validate_url
webfinger (~> 2.0)
+ openssl (3.3.1)
optimist (3.2.1)
orm_adapter (0.5.0)
ostruct (0.6.1)
@@ -665,6 +666,7 @@ DEPENDENCIES
omniauth-google-oauth2
omniauth-rails_csrf_protection
omniauth_openid_connect
+ openssl
parallel
pg
prometheus_exporter

3400
machines/hippocampus/servers/public/dawarich/gemset.nix
View File

File diff suppressed because it is too large Load Diff

142
machines/hippocampus/servers/public/dawarich/package.nix
View File

@@ -1,142 +0,0 @@
{
lib,
applyPatches,
bundlerEnv,
fetchFromGitHub,
fetchNpmDeps,
nixosTests,
nodejs,
npmHooks,
ruby_3_4,
stdenv,
tailwindcss_3,
gemset ? import ./gemset.nix,
sources ? lib.importJSON ./sources.json,
unpatchedSource ? fetchFromGitHub {
owner = "Freika";
repo = "dawarich";
tag = sources.version;
inherit (sources) hash;
},
}:
let
ruby = ruby_3_4;
in
stdenv.mkDerivation (finalAttrs: {
pname = "dawarich";
inherit (sources) version;
# Use `applyPatches` here because bundix in the update script (see ./update.sh)
# needs to run on the already patched Gemfile and Gemfile.lock.
# Only patches changing these two files should be here;
# patches for other parts of the application should go directly into mkDerivation.
src = applyPatches {
src = unpatchedSource;
patches = [
# bundix and bundlerEnv fail with system-specific gems
./0001-build-ffi-gem.diff
# openssl 3.6.0 breaks ruby openssl gem
# See https://github.com/NixOS/nixpkgs/issues/456753
# and https://github.com/ruby/openssl/issues/949#issuecomment-3370358680
./0002-openssl-hotfix.diff
];
postPatch = ''
substituteInPlace ./Gemfile \
--replace-fail "ruby File.read('.ruby-version').strip" "ruby '>= 3.4.0'"
'';
};
postPatch = ''
# move import directory to a more convenient place, otherwise its behind systemd private tmp
substituteInPlace ./app/services/imports/watcher.rb \
--replace-fail 'tmp/imports/watched' 'storage/imports/watched'
'';
dawarichGems = bundlerEnv {
name = "${finalAttrs.pname}-gems-${finalAttrs.version}";
inherit gemset ruby;
inherit (finalAttrs) version;
gemdir = finalAttrs.src;
};
npmDeps = fetchNpmDeps {
inherit (finalAttrs) src;
hash = sources.npmHash;
};
RAILS_ENV = "production";
NODE_ENV = "production";
REDIS_URL = ""; # build error if not defined
TAILWINDCSS_INSTALL_DIR = "${tailwindcss_3}/bin";
nativeBuildInputs = [
nodejs
npmHooks.npmConfigHook
finalAttrs.dawarichGems
finalAttrs.dawarichGems.wrappedRuby
];
propagatedBuildInputs = [
finalAttrs.dawarichGems.wrappedRuby
];
buildInputs = [
finalAttrs.dawarichGems
];
buildPhase = ''
runHook preBuild
patchShebangs bin/
for b in $(ls $dawarichGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $dawarichGems/bin/$b bin/$b
fi
done
SECRET_KEY_BASE_DUMMY=1 bundle exec rake assets:precompile
rm -rf node_modules tmp log storage
ln -s /var/log/dawarich log
ln -s /var/lib/dawarich storage
ln -s /tmp tmp
# delete more files unneeded at runtime
rm -rf docker docs screenshots package.json package-lock.json *.md *.example
runHook postBuild
'';
installPhase = ''
runHook preInstall
# tests are not needed at runtime
rm -rf spec e2e
# delete artifacts from patching
rm *.orig
mkdir -p $out
mv .{ruby*,app_version} $out/
mv * $out/
runHook postInstall
'';
passthru = {
tests = {
inherit (nixosTests) dawarich;
};
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package dawarich
updateScript = ./update.sh;
};
meta = {
changelog = "https://github.com/Freika/dawarich/blob/${finalAttrs.version}/CHANGELOG.md";
description = "Self-hostable alternative to Google Location History (Google Maps Timeline)";
homepage = "https://dawarich.app/";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [
diogotcorreia
];
platforms = lib.platforms.linux;
};
})

5
machines/hippocampus/servers/public/dawarich/sources.json
View File

@@ -1,5 +0,0 @@
{
"version": "1.2.0",
"hash": "sha256-6NlqeiG+kjpSVpg8JFvqZPvCoigzjIcF1Ru/AdMwShg=",
"npmHash": "sha256-doBsDBsO7npHs/jyeg4xWzdauWoK6dPe8z+97IP2zxI="
}

40
machines/hippocampus/servers/public/dawarich/update.sh
View File

@@ -1,40 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix curl jq nix-update nix-prefetch-github prefetch-npm-deps gnused
set -e
set -o pipefail
OWNER="Freika"
REPO="dawarich"
old_version=$(nix-instantiate --eval -A 'dawarich.version' default.nix | tr -d '"')
version=$(curl -s ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} "https://api.github.com/repos/$OWNER/$REPO/releases/latest" | jq -r ".tag_name")
echo "Updating to $version"
if [[ "$old_version" == "$version" ]]; then
echo "Already up to date!"
exit 0
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "refs/tags/$version" 2>/dev/null)
HASH=$(echo "$JSON" | jq -r .hash)
cat > "$SCRIPT_DIR/sources.json" << EOF
{
"version": "$version",
"hash": "$HASH",
"npmHash": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -A dawarich.src)"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile" --gemset="$SCRIPT_DIR/gemset.nix"
nixfmt "$SCRIPT_DIR/gemset.nix"
NPM_HASH="$(prefetch-npm-deps "$SOURCE_DIR/package-lock.json" 2>/dev/null)"
sed -i "s;sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=;$NPM_HASH;g" "$SCRIPT_DIR/sources.json"

5
machines/hippocampus/servers/public/dawarich_smtp_config.rb
View File

@@ -1,5 +0,0 @@
Rails.application.config.action_mailer.smtp_settings.merge!(
authentication: ENV.fetch('SMTP_AUTHENTICATION', 'login').to_sym,
open_timeout: ENV.fetch('SMTP_OPEN_TIMEOUT', '25').to_i,
read_timeout: ENV.fetch('SMTP_READ_TIMEOUT', '25').to_i
)

2
machines/hippocampus/servers/public/gitea.nix
View File

@@ -35,7 +35,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
settings.port = 5432; port = 5432;
ensureDatabases = [ ensureDatabases = [
"gitea" "gitea"
]; ];

14
machines/hippocampus/servers/public/hauk.nix Normal file
View File

@@ -0,0 +1,14 @@
{pkgs, config, ...}:
{
imports = [
../../oci/hauk.nix
];
services.caddy.virtualHosts = {
"crompton.cc" = {
extraConfig = ''
reverse_proxy 127.0.0.1:7888
'';
};
};
}

8
machines/hippocampus/servers/public/headscale.nix
View File

@@ -6,7 +6,6 @@
enable = true; enable = true;
# 7000 port addresses are for internal network # 7000 port addresses are for internal network
port = 7000; port = 7000;
address = "0.0.0.0"; # Access within nixos-containers
settings = { settings = {
server_url = "https://headscale.syzygial.cc"; server_url = "https://headscale.syzygial.cc";
# TODO: Generate keys?? # TODO: Generate keys??
@@ -24,12 +23,9 @@
]; ];
# Give a name to each device # Give a name to each device
dns = { dns_config = {
base_domain = "tailnet"; base_domain = "tailnet";
magic_dns = true; magic_dns = true;
nameservers.global = [
"1.1.1.1"
];
}; };
}; };
}; };
@@ -41,7 +37,7 @@
services.caddy.virtualHosts = { services.caddy.virtualHosts = {
"headscale.syzygial.cc" = { "headscale.syzygial.cc" = {
extraConfig = '' extraConfig = ''
reverse_proxy 0.0.0.0:7000 reverse_proxy localhost:7000
''; '';
}; };
}; };

51
machines/hippocampus/servers/public/hydra.nix
View File

@@ -1,4 +1,14 @@
{config, pkgs, ...}: let {config, pkgs, ...}: let
deploy-container = pkgs.writeScriptBin "deploy-nixos-container" ''
pushd $2
nixos-container update $1 --flake $2#$3
git reset --hard HEAD
git clean -fdx
git reflog expire --expire=now --all
git repack -ad # Remove dangling objects from packfiles
git prune # Remove dangling loose objects
popd
'';
in { in {
imports = [ imports = [
# ./nix-serve.nix # ./nix-serve.nix
@@ -17,7 +27,7 @@ in {
''; '';
}; };
nix.extraOptions = '' nix.extraOptions = ''
allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab: https://git.lix.systems allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab:
''; '';
systemd.services.hydra = { systemd.services.hydra = {
serviceConfig = { serviceConfig = {
@@ -32,15 +42,44 @@ in {
]; ];
}; };
# Deployment User
users.users.hydra-deploy = {
isNormalUser = true;
home = "/var/lib/hydra/deploy";
description = "Hydra Deployment User";
extraGroups = [ "hydra" ];
packages = [
deploy-container
];
};
# TODO: Configure authorizedKeys between
# hydra-queue-runner and hydra-deploy
security.sudo.extraRules = [
{
users = ["hydra-deploy"];
commands = [
{
command = "${deploy-container}/bin/deploy-nixos-container *";
options = ["NOPASSWD"];
}
];
}
];
networking.nat = {
enable = true;
internalInterfaces = [
"ve-newalan"
"ve-handyhelper"
];
externalInterface = "enp0s25";
enableIPv6 = true;
};
nix.buildMachines = [ nix.buildMachines = [
{ hostName = "localhost"; { hostName = "localhost";
systems = [ system = "x86_64-linux";
"x86_64-linux"
"riscv64-linux"
];
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 16; maxJobs = 8;
} }
]; ];
services.caddy.virtualHosts = { services.caddy.virtualHosts = {

13
machines/hippocampus/servers/public/immich.nix
View File

@@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }: {
services.immich = {
enable = true;
mediaLocation = "/mass/immich";
};
services.caddy.virtualHosts = {
"photos.crompton.cc" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.immich.port}
'';
};
};
}

25
machines/hippocampus/servers/public/irc.nix
View File

@@ -1,25 +0,0 @@
{ config, pkgs, lib, ... }: {
services.thelounge = {
enable = true;
public = false;
port = 7797;
#plugins;
#package;
extraConfig = {
# Caddy RP
reverseProxy = true;
defaults = {
name = "Esper";
host = "irc.esper.net";
port = 6697;
};
};
};
services.caddy.virtualHosts = {
"irc.glia.club" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.thelounge.port}
'';
};
};
}

6
machines/hippocampus/servers/public/matrix.nix
View File

@@ -1,6 +0,0 @@
{ ... }: {
imports = [
./matrix/server.nix
./matrix/client.nix
];
}

435
machines/hippocampus/servers/public/matrix/bots/discord.nix
View File

@@ -1,435 +0,0 @@
{ config, pkgs, lib, ... }: let
mautrix-discord-user = config.systemd.services.mautrix-discord.serviceConfig.User;
in {
sops.secrets.mautrix-discord = {
owner = mautrix-discord-user;
};
services.postgresql = {
enable = true;
ensureDatabases = [
mautrix-discord-user
];
ensureUsers = [
{
name = "${mautrix-discord-user}";
ensureDBOwnership = true;
}
];
};
services.mautrix-discord = {
enable = true;
# Secrets stored in environmentFile
settings = {
logging = {
min_level = "debug";
writers = [{
type = "stdout";
format = "pretty-colored";
} {
type = "file";
format = "json";
filename = "./logs/mautrix-discord.log";
max_size = 100;
max_backups = 10;
compress = true;
}];
};
homeserver = {
# The address that this appservice can use to connect to the homeserver.
address = "https://glia.club";
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain = "glia.club";
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software = "standard";
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint = null;
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint = null;
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media = false;
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket = false;
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds = 0;
};
bridge = {
# Localpart template of MXIDs for Discord users.
# {{.}} is replaced with the internal ID of the Discord user.
username_template = "bridge_discord_{{.}}";
# Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# Available variables:
# .ID - Internal user ID
# .Username - Legacy display/username on Discord
# .GlobalName - New displayname on Discord
# .Discriminator - The 4 numbers after the name on Discord
# .Bot - Whether the user is a bot
# .System - Whether the user is an official system user
# .Webhook - Whether the user is a webhook and is not an application
# .Application - Whether the user is an application
displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}} (Discord DM)";
# Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
# Available variables:
# .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
# .ParentName - Parent channel name (used for categories).
# .GuildName - Guild name.
# .NSFW - Whether the channel is marked as NSFW.
# .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}} (Discord)";
# Displayname template for Discord guilds (bridged as spaces).
# Available variables:
# .Name - Guild name
guild_name_template = "{{.Name}} (Discord)";
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta = "default";
# Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode.
# If not set, avatars will not be bridged. Only the /mautrix-discord/avatar/{server}/{id}/{hash} endpoint is used on this address.
# This should not have a trailing slash, the endpoint above will be appended to the provided address.
public_address = "https://discord.bridge.matrix.glia.club";
# A random key used to sign the avatar URLs. The bridge will only accept requests with a valid signature.
avatar_proxy_key = "generate";
portal_message_buffer = 128;
# Number of private channel portals to create on bridge startup.
# Other portals will be created when receiving messages.
startup_private_channel_create_limit = 5;
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
delivery_receipts = false;
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events = false;
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices = true;
# Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
# This can avoid unnecessary invite events in guild rooms when members are synced in.
restricted_rooms = false;
# Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix?
# This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4).
autojoin_thread_on_open = true;
# Should inline fields in Discord embeds be bridged as HTML tables to Matrix?
# Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI.
embed_fields_as_tables = true;
# Should guild channels be muted when the portal is created? This only meant for single-user instances,
# it won't mute it for all users if there are multiple Matrix users in the same Discord guild.
mute_channels_on_create = false;
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list = false;
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info = false;
# Should incoming custom emoji reactions be bridged as mxc:// URIs?
# If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
custom_emoji_reactions = true;
# Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
# If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
delete_portal_on_channel_delete = false;
# Should the bridge delete all portal rooms when you leave a guild on Discord?
# This only applies if the guild has no other Matrix users on this bridge instance.
delete_guild_on_leave = true;
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms = false;
# Prefix messages from webhooks with the profile info? This can be used along with a custom displayname_template
# to better handle webhooks that change their name all the time (like ones used by bridges).
#
# This will use the fallback mode in MSC4144, which means clients that support MSC4144 will not show the prefix
# (and will instead show the name and avatar as the message sender).
prefix_webhook_messages = true;
# Bridge webhook avatars?
enable_webhook_avatars = true;
# Should the bridge upload media to the Discord CDN directly before sending the message when using a user token,
# like the official client does? The other option is sending the media in the message send request as a form part
# (which is always used by bots and webhooks).
use_discord_cdn_upload = true;
# Proxy for Discord connections
proxy = "";
# Should mxc uris copied from Discord be cached?
# This can be `never` to never cache, `unencrypted` to only cache unencrypted mxc uris, or `always` to cache everything.
# If you have a media repo that generates non-unique mxc uris, you should set this to never.
cache_media = "unencrypted";
# Settings for converting Discord media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media = {
# Should custom mxc:// URIs be used instead of reuploading media?
enabled = true;
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name = "discord.bridge.matrix.glia.club";
# Optionally a custom .well-known response. This defaults to `server_name:443`
# well_known_response = "";
# The bridge supports MSC3860 media download redirects and will use them if the requester supports it.
# Optionally, you can force redirects and not allow proxying at all by setting this to false.
allow_proxy = true;
};
# Settings for converting animated stickers.
animated_sticker = {
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (lottie JSON)
# png - converts to non-animated png (fastest)
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target = "webp";
# Arguments for converter. All converters take width and height.
args = {
width = 320;
height = 320;
fps = 25; # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
};
};
# Servers to always allow double puppeting from
double_puppet_server_map = {
"glia.club" = "https://glia.club";
};
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery = false;
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map = {
"glia.club" = "as_token:$MAUTRIX_DISCORD_DOUBLE_PUPPET";
};
# The prefix for commands. Only required in non-management rooms.
command_prefix = "!discord";
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text = {
# Sent when joining a room.
welcome = "Hello, I'm a Discord bridge bot.";
# Sent when joining a management room and the user is already logged in.
welcome_connected = "Use `help` for help.";
# Sent when joining a management room and the user is not logged in.
welcome_unconnected = "Use `help` for help or `login` to log in.";
# Optional extra text sent when joining a management room.
additional_help = "";
};
# Settings for backfilling messages.
backfill = {
# Limits for forward backfilling.
forward_limits = {
# Initial backfill (when creating portal). 0 means backfill is disabled.
# A special unlimited value is not supported, you must set a limit. Initial backfill will
# fetch all messages first before backfilling anything, so high limits can take a lot of time.
initial = {
dm = 5000;
channel = 5000;
thread = 5000;
};
# Missed message backfill (on startup).
# 0 means backfill is disabled, -1 means fetch all messages since last bridged message.
# When using unlimited backfill (-1), messages are backfilled as they are fetched.
# With limits, all messages up to the limit are fetched first and backfilled afterwards.
missed = {
dm = -1;
channel = -1;
thread = -1;
};
# Maximum members in a guild to enable backfilling. Set to -1 to disable limit.
# This can be used as a rough heuristic to disable backfilling in channels that are too active.
# Currently only applies to missed message backfill.
max_guild_members = -1;
};
};
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption = {
# Allow encryption, work in group chat rooms with e2ee enabled
allow = false;
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default = false;
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# Changing this option requires updating the appservice registration file.
appservice = false;
# Whether to use MSC4190 instead of appservice login to create the bridge bot device.
# Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
# Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
# Changing this option requires updating the appservice registration file.
msc4190 = false;
# Require encryption, drop any unencrypted messages.
require = false;
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing = false;
# Should users mentions be in the event wire content to enable the server to send push notifications?
plaintext_mentions = false;
# Options for deleting megolm sessions from the bridge.
delete_keys = {
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack = false;
# Don't store outbound sessions in the inbound table.
dont_store_outbound = false;
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt = false;
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt = false;
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session = false;
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete = false;
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired = false;
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound = false;
};
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels = {
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive = "unverified";
# Minimum level that the bridge should accept for incoming Matrix messages.
send = "unverified";
# Minimum level that the bridge should require for accepting key requests.
share = "cross-signed-tofu";
};
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation = {
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom = false;
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds = 604800000;
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages = 100;
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation = false;
};
};
# Settings for provisioning API
provisioning = {
# Prefix for the provisioning API paths.
prefix = "/_matrix/provision";
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret = "generate";
# Enable debug API at /debug with provisioning authentication.
debug_endpoints = false;
};
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Discord account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions = {
"*" = "relay";
"glia.club" = "user";
"@admin:glia.club" = "admin";
"@cyborgpotato:glia.club" = "admin";
};
};
appservice = {
# The address that the homeserver can use to connect to this appservice.
address = "http://localhost:${toString config.services.mautrix-discord.settings.appservice.port}";
# The hostname and port where this appservice should listen.
hostname = "0.0.0.0";
port = 7193;
# Database config.
# See definition at top of file
database = {
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type = "postgres";
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri = "postgres:///${mautrix-discord-user}?host=/var/run/postgresql";
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns = 20;
max_idle_conns = 2;
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time = null;
max_conn_lifetime = null;
};
# The unique ID of this appservice.
id = "discord";
# Appservice bot details.
bot = {
# Username of the appservice bot.
username = "discordbot";
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname = "Discord bridge bot";
avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
};
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events = true;
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions = false;
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN";
hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN";
};
};
serviceDependencies = [ config.services.mautrix-discord.registrationServiceUnit ]
++ (lib.lists.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.lists.optional config.services.matrix-conduit.enable "matrix-conduit.service")
++ (lib.lists.optional config.services.matrix-continuwuity.enable "matrix-continuwuity.service")
++ (lib.lists.optional config.services.matrix-tuwunel.enable "matrix-tuwunel.service")
++ (lib.lists.optional config.services.dendrite.enable "dendrite.service");
environmentFile = config.sops.secrets.mautrix-discord.path;
};
services.caddy.virtualHosts = {
"${config.services.mautrix-discord.settings.bridge.direct_media.server_name}" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.mautrix-discord.settings.appservice.port}
'';
};
};
}

103
machines/hippocampus/servers/public/matrix/client.nix
View File

@@ -1,103 +0,0 @@
{ config, pkgs, lib, ... }: {
services.nginx.virtualHosts.cinny = {
listen = [{
addr = "unix:/run/nginx/cinny.sock";
}];
locations."/" = {
root = pkgs.element-web.override {
conf = {
default_server_name = "glia.club";
default_server_config = {
m.homeserver = {
base_url = "https://chat.glia.club";
server_name = "glia.club";
};
};
disable_custom_urls = false;
disable_guests = true;
disable_login_language_selector = false;
disable_3pid_login = false;
force_verification = false;
brand = "Element";
integrations_ui_url = "https://scalar.vector.im/";
integrations_rest_url = "https://scalar.vector.im/api";
integrations_widgets_urls = [
"https://scalar.vector.im/_matrix/integrations/v1"
"https://scalar.vector.im/api"
"https://scalar-staging.vector.im/_matrix/integrations/v1"
"https://scalar-staging.vector.im/api"
];
default_widget_container_height = 280;
default_country_code = "GB";
show_labs_settings = true;
features = {
threadsActivityCentre = true;
feature_video_rooms = true;
feature_group_calls = true;
feature_element_call_video_rooms = true;
};
default_federate = false;
default_theme = "light";
room_directory = {
servers = ["glia.club"];
};
enable_presence_by_hs_url = {
"https://glia.club" = true;
"https://chat.glia.club" = true;
"https://matrix.org" = false;
"https://matrix-client.matrix.org" = false;
};
setting_defaults = {
breadcrumbs = false;
};
jitsi = {
preferred_domain = "meet.element.io";
};
element_call = {
url = "https://call.element.io";
brand = "Element Call";
};
map_style_url = "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";
};
};
extraConfig = ''
index index.html;
# Set no-cache for the version, config and index.html
# so that browsers always check for a new copy of Element Web.
# NB http://your-domain/ and http://your-domain/? are also covered by this
location = /index.html {
add_header Cache-Control "no-cache";
}
location = /version {
add_header Cache-Control "no-cache";
}
# covers config.json and config.hostname.json requests as it is prefix.
location /config {
add_header Cache-Control "no-cache";
}
location /modules/ {
alias /modules/;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
'';
};
};
services.caddy.virtualHosts = {
"glia.club, glia.club:8448" = {
extraConfig = lib.mkAfter ''
reverse_proxy unix//run/nginx/cinny.sock
'';
};
"chat.glia.club" = {
extraConfig = ''
reverse_proxy unix//run/nginx/cinny.sock
'';
};
};
}

62
machines/hippocampus/servers/public/matrix/rtc.nix
View File

@@ -1,62 +0,0 @@
{ config, pkgs, lib, ... }: {
imports = [
./turn.nix
];
# Shared between lk-jwt-service and livekit
# TODO: Generate it
sops.secrets.lk-jwt = {};
services.lk-jwt-service = {
enable = true;
port = 7374;
livekitUrl = "wss://matrix-rtc.glia.club";
keyFile = config.sops.secrets.lk-jwt.path;
};
services.livekit = {
enable = true;
keyFile = config.sops.secrets.lk-jwt.path;
# Ingress of other video streams
# for RTC usage, e.g. RTMP, WHIP, etc.
ingress = { enable = false; };
# Redis is used if we were to use ingress
# redis = { };
settings = {
port = 7375;
bind_addresses = [""];
rtc = {
tcp_port = 7376;
port_range_start = 50100;
port_range_end = 50200;
use_external_ip = true;
enable_loopback_candidate = false;
};
};
};
services.matrix-tuwunel.settings = {
global.well_known = {
rtc_transports = [{
type = "livekit";
livekit_service_url = "https://matrix-rtc.glia.club";
}];
};
};
services.caddy.virtualHosts = {
"matrix-rtc.glia.club" = {
extraConfig = ''
# This is matrix-rtc-jwt
@jwt_service {
path /sfu/get* /healthz*
}
handle @jwt_service {
reverse_proxy localhost:${toString config.services.lk-jwt-service.port}
}
# This is livekit
handle {
reverse_proxy localhost:${toString config.services.livekit.settings.port} {
header_up Connection "upgrade"
header_up Upgrade {http.request.header.Upgrade}
}
}
'';
};
};
}

52
machines/hippocampus/servers/public/matrix/server.nix
View File

@@ -1,52 +0,0 @@
{ config, pkgs, lib, ... }: {
imports = [
# Real Time Communication
./rtc.nix
./bots/discord.nix
];
sops.secrets.tuwunelreg = {
owner = config.services.matrix-tuwunel.user;
};
services.matrix-tuwunel = {
enable = true;
stateDirectory = "tuwunel";
# Must be equal to whatever reverse proxy is used for the unix
# socket path to work
group = config.services.caddy.group;
settings = {
global = {
address = null;
unix_socket_path = "/run/tuwunel/tuwunel.sock";
server_name = "glia.club";
allow_federation = false;
allow_encryption = true;
new_user_displayname_suffix = "🌱";
allow_registration = true;
registration_token_file = config.sops.secrets.tuwunelreg.path;
well_known = {
client = "https://glia.club";
server = "glia.club:443";
};
# TODO: Configure more in detail/for safety:
url_preview_domain_contains_allowlist = ["*"];
};
};
};
services.caddy.virtualHosts = {
"glia.club, glia.club:8448" = {
extraConfig = let
proxy = "unix/${config.services.matrix-tuwunel.settings.global.unix_socket_path}";
in ''
reverse_proxy /_matrix/* ${proxy}
reverse_proxy /_tuwunel/* ${proxy}
reverse_proxy /.well-known/matrix/client ${proxy}
reverse_proxy /.well-known/matrix/server ${proxy}
reverse_proxy /.well-known/matrix/support ${proxy}
'';
};
};
}

88
machines/hippocampus/servers/public/matrix/turn.nix
View File

@@ -1,88 +0,0 @@
{ config, pkgs, lib, ... }: {
# TODO: Generate coturn secret
sops.secrets.coturn-secret = {
owner = "turnserver";
group = config.services.matrix-tuwunel.group;
mode = "0440";
};
# TODO: patch coturn service to specify user/group
systemd.services.coturn.serviceConfig.Group = lib.mkForce config.services.caddy.group;
services.coturn = {
enable = true;
realm = "turn.glia.club";
listening-port = 3478;
tls-listening-port = 5349;
min-port = config.services.livekit.settings.rtc.port_range_start+1;
max-port = 52000;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets.coturn-secret.path;
cert = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.crt";
pkey = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.key";
extraConfig = ''
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
no-tcp-relay
# don't let the relay ever try to connect to private IP address ranges within your network (if any)
# given the turn server is likely behind your firewall, remember to include any privileged public IPs too.
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
# recommended additional local peers to block, to mitigate external access to internal services.
# https://www.enablesecurity.com/blog/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
# https://www.enablesecurity.com/blog/cve-2020-26262-bypass-of-coturns-access-control-protection/#further-concerns-what-else
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# special case the turn server itself so that client->TURN->TURN->client flows work
# this should be one of the turn server's listening IPs
allowed-peer-ip=10.0.0.1
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
total-quota=1200
'';
};
services.matrix-tuwunel.settings = {
global = {
turn_uris = [
"turn:turn.glia.club?transport=udp"
"turn:turn.glia.club?transport=tcp"
];
turn_secret_file = config.sops.secrets.coturn-secret.path;
};
};
services.caddy.virtualHosts = {
"turn.glia.club" = {
# Use ZeroSSL
# as WebRTC clients misbehave with LetsEncrypt:
# https://github.com/element-hq/element-android/issues/1533
# https://github.com/element-hq/element-ios/issues/2712
# https://bugs.chromium.org/p/webrtc/issues/detail?id=11710
extraConfig = ''
tls {
ca https://acme.zerossl.com/v2/DV90
}
respond "You ~~spin~~ turn me right round!"
'';
};
};
}

15
machines/hippocampus/servers/public/nextcloud.nix
View File

@@ -13,16 +13,17 @@ in {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud33; package = pkgs.nextcloud28;
hostName = "localhost"; hostName = "localhost";
settings = { extraOptions = {
trusted_domains = [ trusted_domains = [
"cloud.crompton.cc" "cloud.crompton.cc"
"nextcloud.syzygial.cc" "nextcloud.syzygial.cc"
]; ];
trusted_proxies = [ trusted_proxies = [
"127.0.0.1" "cloud.crompton.cc"
"nextcloud.syzygial.cc"
]; ];
overwriteprotocol = "https"; overwriteprotocol = "https";
@@ -41,7 +42,7 @@ in {
objectstore.s3 = { objectstore.s3 = {
enable = true; enable = true;
bucket = "nextcloud"; bucket = "nextcloud";
verify_bucket_exists = false; autocreate = false;
key = "nextcloud"; key = "nextcloud";
secretFile = config.sops.secrets."nextcloud/s3secret".path; secretFile = config.sops.secrets."nextcloud/s3secret".path;
region = "us-east-1"; region = "us-east-1";
@@ -75,10 +76,10 @@ in {
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
packages = with pkgs; [ packages = with pkgs; [
# generate video thumbnails with preview generator # generate video thumbnails with preview generator
ffmpeg_7-headless ffmpeg_5-headless
# required for recognize app # required for recognize app
nodejs_20 # runtime and installation requirement nodejs_20 # runtime and installation requirement
node-pre-gyp # installation requirement nodejs_20.pkgs.node-pre-gyp # installation requirement
util-linux # runtime requirement for taskset util-linux # runtime requirement for taskset
]; ];
}; };
@@ -98,7 +99,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
settings.port = 5432; port = 5432;
ensureDatabases = [ ensureDatabases = [
"nextcloud" "nextcloud"
]; ];

2
machines/hippocampus/servers/public/nextcloud/onlyoffice.nix
View File

@@ -36,7 +36,7 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
settings.port = 5432; port = 5432;
ensureDatabases = [ ensureDatabases = [
"onlyoffice" "onlyoffice"
]; ];

55
machines/hippocampus/servers/public/perfect_pitch.nix
View File

@@ -1,55 +0,0 @@
{config, pkgs, ...}:
{
systemd.targets.machines.enable = true;
systemd.services."perfectpitch-container" = {
enable = true;
wantedBy = ["machines.target"];
environment = {
# SYSTEMD_NSPAWN_USE_CGNS = "0";
};
script = ''
exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
--resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse --bind /dev/net/tun \
-nbD /var/lib/machines/perfectpitch --machine perfectpitch
'';
postStart = ''
${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true
${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true
${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true
'';
serviceConfig = {
Type = "notify";
Slice = "machine.slice";
Delegate = true;
DeviceAllow = [
"/dev/fuse rwm"
"/dev/net/tun rwm"
];
};
};
networking.nat = {
enable = true;
# Check for hostBridge use vb instead of ve
internalInterfaces = ["ve-perfectpitch"];
externalInterface = "enp0s25";
enableIPv6 = true;
forwardPorts = [
{ sourcePort = 8022;
destination = "10.2.0.1:22";
proto = "tcp";
}
{ sourcePort = 8022;
destination = "10.2.0.1:22";
proto = "udp";
}
];
};
services.caddy.virtualHosts = {
"pitch.crompton.cc" = {
extraConfig = ''
reverse_proxy 10.2.0.1:8080
'';
};
};
}

10
machines/hippocampus/servers/public/pterodactyl.nix
View File

@@ -32,11 +32,11 @@
externalInterface = "enp0s25"; externalInterface = "enp0s25";
enableIPv6 = true; enableIPv6 = true;
forwardPorts = [ forwardPorts = [
{ sourcePort = "25565:26000"; { sourcePort = "25565:28000";
destination = "10.1.0.1:25565-25600"; destination = "10.1.0.1:25565-25600";
proto = "tcp"; proto = "tcp";
} }
{ sourcePort = "25565:26000"; { sourcePort = "25565:28000";
destination = "10.1.0.1:25565-25600"; destination = "10.1.0.1:25565-25600";
proto = "udp"; proto = "udp";
} }
@@ -52,17 +52,11 @@
}; };
services.caddy.virtualHosts = { services.caddy.virtualHosts = {
"games.syzygial.cc:443" = { "games.syzygial.cc:443" = {
serverAliases = [
"games.crompton.cc:443"
];
extraConfig = '' extraConfig = ''
reverse_proxy 10.1.0.1:80 reverse_proxy 10.1.0.1:80
''; '';
}; };
"games.syzygial.cc:9000" = { "games.syzygial.cc:9000" = {
serverAliases = [
"games.crompton.cc:9000"
];
extraConfig = '' extraConfig = ''
reverse_proxy 10.1.0.1:9000 reverse_proxy 10.1.0.1:9000
''; '';

9
machines/hippocampus/servers/public/random.nix
View File

@@ -1,9 +0,0 @@
{ config, pkgs, lib, ... }: {
services.caddy.virtualHosts = {
"pitch.syzygial.cc" = {
extraConfig = ''
reverse_proxy 127.0.0.1:7123
'';
};
};
}

7
machines/hippocampus/servers/public/syzygial.nix
View File

@@ -10,12 +10,5 @@
} }
''; '';
}; };
"crompton.cc" = {
extraConfig = ''
file_server {
root /srv/www/crompton
}
'';
};
}; };
} }

8
machines/hippocampus/servers/public/tandoor.nix
View File

@@ -10,18 +10,14 @@ in {
SECRET_KEY = config.sops.secrets.tandoor-secret.path; SECRET_KEY = config.sops.secrets.tandoor-secret.path;
DB_ENGINE = "django.db.backends.postgresql"; DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "127.0.0.1"; POSTGRES_HOST = "127.0.0.1";
POSTGRES_PORT = config.services.postgresql.settings.port; POSTGRES_PORT = config.services.postgresql.port;
POSTGRES_USER = tandoor_user; POSTGRES_USER = tandoor_user;
POSTGRES_DB = tandoor_user; POSTGRES_DB = tandoor_user;
MEDIA_ROOT = "/var/lib/tandoor-recipes/media";
ENABLE_SIGNUP = "1"; ENABLE_SIGNUP = "1";
ALLOWED_HOSTS = "tandoor.syzygial.cc";
}; };
}; };
systemd.services.tandoor-recipes = { systemd.services.tandoor-recipes = {
# https://github.com/TandoorRecipes/recipes/issues/3617
environment.GUNICORN_MEDIA = "1"; #lib.mkForce null;
serviceConfig = { serviceConfig = {
EnvironmentFile = config.sops.secrets.tandoor-pass.path; EnvironmentFile = config.sops.secrets.tandoor-pass.path;
}; };
@@ -29,7 +25,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
settings.port = 5432; port = 5432;
ensureDatabases = [ ensureDatabases = [
tandoor_user tandoor_user
]; ];

2
machines/hippocampus/servers/public/vaultwarden.nix
View File

@@ -16,7 +16,7 @@
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
settings.port = 5432; port = 5432;
ensureDatabases = [ ensureDatabases = [
"vaultwarden" "vaultwarden"
]; ];

3
machines/hippocampus/servers/public/webdav.nix
View File

@@ -1,7 +1,4 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
users.users.webdav = {
shell = pkgs.bashInteractive;
};
sops.secrets.webdav = { sops.secrets.webdav = {
owner = config.services.webdav.user; owner = config.services.webdav.user;
}; };

1
machines/hippocampus/services.nix
View File

@@ -1,6 +1,5 @@
{ {
imports = [ imports = [
./services/tailscale.nix ./services/tailscale.nix
./services/dyndns.nix
]; ];
} }

28
machines/hippocampus/services/dyndns.nix
View File

@@ -1,28 +0,0 @@
{ config, pkgs, lib, ... }: {
sops.secrets.ddclient = {};
services.ddclient = {
enable = true;
usev4 = "webv4, web=dynamicdns.park-your-domain.com/getip";
protocol = "namecheap";
server = "dynamicdns.park-your-domain.com";
username = "crompton.cc";
passwordFile = config.sops.secrets.ddclient.path;
domains = [
"@"
];
};
sops.secrets.oinkapi = {};
sops.secrets.oinkSapi = {};
services.oink = {
enable = true;
apiKeyFile = config.sops.secrets.oinkapi.path;
secretApiKeyFile = config.sops.secrets.oinkSapi.path;
domains = [
{
domain = "glia.club";
subdomain = "";
ttl = 1200;
}
];
};
}

30
machines/pericyte/configuration.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
"${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
"${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
./servers.nix
./podman.nix
./container-registry.nix
# ./microvm-configuration.nix
# ./k3s.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
git
btop
tmux
oci-cli
];
boot.tmp.cleanOnBoot = true;
# zramSwap.enable = true;
networking.hostName = "pericyte";
networking.domain = "";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOaNNSV/wurGA8D7bT+WX4UlHdKqd9SFfVXvSalvHag5qYDPUIsGGkqSNj1dcong9qxrC8y7G7ybWhwRKTKXInXrq6EO4JkVkCSbVqrq8gIv66upsKltvmf0esiOdrpRgHoiup8JKaX93aUT27rykReT39mFwkJZDoD4ViNiK7QmbgDC/9pyGDSJykreSnBoxtczox8Zi+pwN8XMI4nRVdV9hppXMpj38/O3Qaq+oXdHJ2MVNy9D+TqxYofstFbzpJpEb2xA4QYnq/VVJFk8VaZlg3qxelwBJ1GNZO8TMkLA+6b07D3aISyEIQAONviNktPwRPiw903hsDyeKDunDx ssh-key-2025-03-31'' ];
system.stateVersion = "25.05";
}

6
machines/pericyte/container-registry.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }: {
services.dockerRegistry = {
enable = true;
package = pkgs.distribution;
};
}

18
machines/pericyte/hardware-configuration.nix
View File

@@ -1,18 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/FCE4-1F46"; fsType = "vfat"; };
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
swapDevices = [
{
device = "/swapfile";
}
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
}

22
machines/pericyte/k3s.nix
View File

@@ -1,22 +0,0 @@
{ pkgs, ... }: {
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
services.k3s = {
enable = true;
role = "server";
extraFlags = toString [
# "--debug" # Optionally add additional args to k3s
];
};
environment.systemPackages = with pkgs; [
rancher
];
}

6
machines/pericyte/microvm-configuration.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }: {
microvm.autostart = [
"vm-starbot"
"vm-starbot-dev"
];
}

21
machines/pericyte/podman.nix
View File

@@ -1,21 +0,0 @@
{ pkgs, ... }: {
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
skopeo # Inspect images
podlet # create quadlets (systemd units)
podman-tui # status of containers in the terminal
podman-compose # start group of containers for dev
];
}

5
machines/pericyte/servers.nix
View File

@@ -1,5 +0,0 @@
{ ... }: {
imports = [
./servers/public.nix
];
}

5
machines/pericyte/servers/public.nix
View File

@@ -1,5 +0,0 @@
{ ... }: {
imports = [
./public/mirotalk.nix
];
}

8
machines/pericyte/servers/public/caddy.nix
View File

@@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
services.caddy = {
enable = true;
email = "davidcrompton1192@gmail.com";
};
}

20
machines/pericyte/servers/public/mirotalk.nix
View File

@@ -1,20 +0,0 @@
{ config, pkgs, lib, ... }: {
nixpkgs.overlays = [(final: prev: {
mirotalk = prev.buildNpmPackage {
pname = "mirotalk";
version = "2025-11-01";
src = prev.fetchFromGitHub {
owner = "miroslavpejic85";
repo = "mirotalk";
rev = "168f4ce2675f6691dfceec352b72e7a53372c9a7";
hash = "sha256-4HC25RM8GenHgNCYoJDWmtaUxnoSorr692RLa7PpW5s=";
};
npmDepsHash = "sha256-B0eHRkBThLgZ4SNA38uW1T4auCsUvS1ULOIR1iEoPqk=";
dontNpmBuild = true;
};
})];
environment.systemPackages = with pkgs; [
mirotalk
];
}

32
machines/pericyte/test.nix
View File

@@ -1,32 +0,0 @@
{ pkgs, ... }: {
users.groups.peertube = { };
users.users.peertube = {
isSystemUser = true;
group = "peertube";
home = "/var/lib/peertube";
createHome = true;
uid = 2342;
subUidRanges = [
{
count = 65536;
startUid = 2147483646;
}
];
subGidRanges = [
{
count = 65536;
startGid = 2147483647;
}
];
};
virtualisation.oci-containers = {
backend = "podman";
# containers.peertube = {
# image = "chocobozzz/peertube:latest";
# ports = [ ];
# podman = {
# user = "peertube";
# };
# };
};
}

42
machines/ptv/ccache.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, pkgs, lib, inputs, ... }: {
programs.ccache.enable = true;
programs.ccache.cacheDir = "/opt/ccache";
nix.settings.extra-sandbox-paths = [ "/opt/ccache" ];
nixpkgs.overlays = [
(self: super: {
ccacheWrapper = super.ccacheWrapper.override {
# TODO: Sloppiness random_seed apart of wrapper
extraConfig = ''
export CCACHE_COMPRESS=1
export CCACHE_DIR="${config.programs.ccache.cacheDir}"
export CCACHE_UMASK=007
if [ ! -d "$CCACHE_DIR" ]; then
echo "====="
echo "Directory '$CCACHE_DIR' does not exist"
echo "Please create it with:"
echo " sudo mkdir -m0770 '$CCACHE_DIR'"
echo " sudo chown root:nixbld '$CCACHE_DIR'"
echo "====="
exit 1
fi
if [ ! -w "$CCACHE_DIR" ]; then
echo "====="
echo "Directory '$CCACHE_DIR' is not accessible for user $(whoami)"
echo "Please verify its access permissions"
echo "====="
exit 1
fi
'';
};
linux-ptv-ccache = pkgs.callPackage "${inputs.nixos-hardware}/pine64/pinetab-v/linux-5.15.nix" {
argsOverride = {
stdenv = self.ccacheStdenv;
};
};
})
];
programs.ccache.packageNames = [ "ffmpeg" "firefox-unwrapped" "tmux" ];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-ptv-ccache;
}

91
machines/ptv/configuration.nix Normal file
View File

@@ -0,0 +1,91 @@
{ lib, pkgs, config, inputs, ... }: let
inherit (pkgs.checkpointBuildTools) prepareCheckpointBuild mkCheckpointBuild;
linux-cached = prepareCheckpointBuild pkgs.linux-ptv;
linux-changed = pkgs.linux-ptv;
linux-ptv = pkgs.checkpointBuildTools.mkCheckpointBuild linux-changed linux-cached;
in {
# boot.kernelPackages = pkgs.linuxPackagesFor linux-ptv;
boot.kernelParams = lib.mkDefault [ "console=tty0" "console=ttyS0" ];
systemd.services."getty@tty0".enable = lib.mkDefault true;
systemd.services."getty@tty0".wantedBy = lib.mkDefault [ "getty.target" ];
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "riscv64-linux";
networking.hostName = "ptv";
nix.registry.nixpkgs.flake = inputs.nixpkgs-stable;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.overlays = [
(final: prev: {
# https://github.com/starfive-tech/soft_3rdpart/tree/JH7110_VisionFive2_devel
# Source of different firmware/3rd party sw and fw
img-rogue-firmware = pkgs.stdenv.mkDerivation {
pname = "img-gpu-powervr";
version = "36-working-on-it";
src = ./rgx-img-gpu-firmware.tar.gz;
dontBuild = true;
passthru = {
compressFirmware = false;
};
installPhase = ''
runHook preInstall
mkdir -p $out/lib/firmware
cp * $out/lib/firmware
runHook postInstall
'';
};
})
(import ./pkgs)
];
imports = [
"${inputs.nixos-hardware}/pine64/pinetab-v/sd-image.nix"
# ./ccache.nix
./native-bootstrap.nix
];
users.users = {
pine64 = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialHashedPassword = "$y$j9T$cuXgVIPt3n1.v7GcoXiql1$4EBlHM7sYO.lL.DTDwQzTBqSYsD01WIDZQXleCeozl8";
};
root = {
initialHashedPassword = "$y$j9T$cuXgVIPt3n1.v7GcoXiql1$4EBlHM7sYO.lL.DTDwQzTBqSYsD01WIDZQXleCeozl8";
};
};
networking.wireless.enable = true;
networking.wireless.userControlled.enable = true;
#programs.hyprland = {
# Install the packages from nixpkgs
# enable = true;
# Whether to enable XWayland
# xwayland.enable = true;
#};
environment.systemPackages = with pkgs; [
dropbear
busybox
tmux
git
weston
# ffmpeg
# firefox
];
hardware.firmware = pkgs.lib.mkOrder 1000 [
pkgs.img-rogue-firmware
];
services.openssh.enable = true;
}

BIN
machines/ptv/img-gpu-powervr-bin-1.15.6052913.tar.gz Normal file
View File

Binary file not shown.

BIN
machines/ptv/img-gpu-powervr-bin-1.17.6210866.tar.gz Normal file
View File

Binary file not shown.

37
machines/ptv/native-bootstrap.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, pkgs, lib, ...}: let
stdenvStages = curStage:
[ curStage ]
++
(if curStage.hasCC
then [curStage.cc] ++ (stdenvStages curStage.__bootPackages.stdenv)
else []);
in {
system.includeBuildDependencies = true;
system.extraDependencies = with pkgs;
lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform)
((stdenvStages stdenv) ++ [
stdenvNoCC
clangStdenv
clangStdenv.cc
clang
libllvm
gcc
rustc
cargo
coreutils
curl
wget
python3
# Other common build tools
zip
unzip
cmake
meson
bison
perl
zlib
busybox
xz
binutils
]);
}

17
machines/ptv/pkgs-cross/argyllcms/default.nix Normal file
View File

@@ -0,0 +1,17 @@
final: prev: prev.argyllcms.overrideAttrs (old: {
postInstall = (prev.lib.optional (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) ''
cp imdi/imdi_make $out/bin
cp gamut/GenRMGam $out/bin
'');
patches = (prev.lib.optionals (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) [
./imdi_make.patch
]);
preBuild = (prev.lib.optional (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) ''
cd imdi; imdi_make; cd ..
cd gamut; GenRMGam; cd ..
'');
# Need to use build version of imdi_make && host version for output
depsBuildBuild = (prev.lib.optionals (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) [
prev.buildPackages.argyllcms
]);
})

39
machines/ptv/pkgs-cross/argyllcms/imdi_make.patch Normal file
View File

@@ -0,0 +1,39 @@
diff --git a/gamut/Jamfile b/gamut/Jamfile
index e97d0df..adc259f 100755
--- a/gamut/Jamfile
+++ b/gamut/Jamfile
@@ -47,7 +47,7 @@ Main GenRMGam : GenRMGam.c ;
# Generate referenec medium gamut the kernel files
# (NoUpdate so that Cross Compile Win64 hack works)
NNoUpdate RefMediumGamut.gam ;
-GenFile RefMediumGamut.gam : GenRMGam ;
+# GenFile RefMediumGamut.gam : GenRMGam ;
# Visual gamut
Main GenVisGam : GenVisGam.c ;
diff --git a/imdi/Jamfile b/imdi/Jamfile
index 79b27fb..64c3348 100755
--- a/imdi/Jamfile
+++ b/imdi/Jamfile
@@ -41,7 +41,7 @@ LINKLIBS = ../numlib/libnum ;
# GenFile source.c : program args ; make custom file
# Generate all the kernel files
-GenFileND imdi_k.h : imdi_make $(IMDI_MAKE_OPT) -d [ NormPaths $(DOT) ] ;
+# GenFileND imdi_k.h : imdi_make $(IMDI_MAKE_OPT) -d [ NormPaths $(DOT) ] ;
# imdi library
Library libimdi : imdi.c imdi_tab.c ;
diff --git a/imdi/Makefile b/imdi/Makefile
index 5523893..2048875 100755
--- a/imdi/Makefile
+++ b/imdi/Makefile
@@ -48,7 +48,7 @@ imdi_gen$(SUFOBJ): imdi_gen.c imdi_utl.h imdi_arch.h imdi_gen.h
# Generate the kernel files
imdi_k.h imdi_k.c : imdi_make$(SUFEXE)
- .$(SLASH)imdi_make$(SUFEXE)
+ imdi_make$(SUFEXE)
# imdi runtime library

4
machines/ptv/pkgs-cross/bundlerApp/default.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: prev.bundlerApp.override (old: {
ruby = final.buildPackages.ruby;
callPackage = final.newScope { ruby = final.buildPackages.ruby; };
})

3
machines/ptv/pkgs-cross/cryptsetup/default.nix Normal file
View File

@@ -0,0 +1,3 @@
final: prev: prev.cryptsetup.overrideAttrs (old: {
doCheck = false;
})

19
machines/ptv/pkgs-cross/default.nix Normal file
View File

@@ -0,0 +1,19 @@
(final: prev: {
discount = (import ./discount) final prev;
fwupd-efi = (import ./fwupd-efi) final prev;
live555 = (import ./live555) final prev;
protobuf = (import ./protobuf) final prev;
bundlerApp = (import ./bundlerApp) final prev;
vulkan-tools = (import ./vulkan-tools) final prev;
libdrm = (import ./libdrm) final prev;
valgrind = (import ./valgrind) final prev;
valgrind-light = final.valgrind.override { gdb = null; };
argyllcms = (import ./argyllcms) final prev;
gn = (import ./gn) final prev;
openfortivpn = (import ./openfortivpn) final prev;
vpnc = (import ./vpnc) final prev;
# perl538Packages.Testutf8 = (import ./perlTestutf8) final prev;
diffutils = (import ./diffutils) final prev;
gnugrep = (import ./gnugrep) final prev;
cryptsetup = (import ./cryptsetup) final prev;
})

4
machines/ptv/pkgs-cross/diffutils/default.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: prev.diffutils.overrideAttrs (old: {
doCheck = false; #prev.stdenv.hostPlatform != "riscv64-linux";
})

23
machines/ptv/pkgs-cross/discount/config-sed.c Normal file
View File

@@ -0,0 +1,23 @@
#include <stdio.h>
int
main(argc, argv)
int argc;
char **argv;
{
char *p;
if (argc != 3)
return 1;
printf("s;@%s@;", argv[1]);
for (p=argv[2]; *p; ++p) {
if ( *p == ';' )
putchar('\\');
putchar(*p);
}
puts(";g");
return 0;
}

67
machines/ptv/pkgs-cross/discount/config-sed.patch Normal file
View File

@@ -0,0 +1,67 @@
diff --git a/configure.inc b/configure.inc
index fd0c9ba..98066d5 100755
--- a/configure.inc
+++ b/configure.inc
@@ -1733,52 +1733,6 @@ AC_FAIL() {
$__fail 1
}
-#
-# __ac_config_sed; a C program to do escaping for AC_SUB
-__ac_config_sed() {
-
-
- test -x config.sed && return
-
- echo "generating config.sed"
-
- AC_PROG_CC
-
-cat > ngc$$.c << \EOF
-#include <stdio.h>
-
-int
-main(argc, argv)
-int argc;
-char **argv;
-{
- char *p;
-
- if (argc != 3)
- return 1;
-
- printf("s;@%s@;", argv[1]);
-
- for (p=argv[2]; *p; ++p) {
- if ( *p == ';' )
- putchar('\\');
- putchar(*p);
- }
-
- puts(";g");
- return 0;
-}
-EOF
-
- if $AC_CC -o config.sed ngc$$.c; then
- rm -f ngc$$.c
- __config_files="$__config_files config.sed"
- else
- rm -f ngc$$.c
- AC_FAIL "Cannot generate config.sed helper program"
- fi
-}
-
#
# AC_SUB writes a substitution into config.sub
AC_SUB() {
@@ -1788,8 +1742,7 @@ AC_SUB() {
echo "target=$_target, rest=$*"
- __ac_config_sed
- ./config.sed "$_target" "$*" >> "$__cwd"/config.sub
+ config.sed "$_target" "$*" >> "$__cwd"/config.sub
}
#
# AC_TEXT writes arbitrary text into config.h

47
machines/ptv/pkgs-cross/discount/default.nix Normal file
View File

@@ -0,0 +1,47 @@
final: prev: let
config-sed = prev.buildPackages.stdenv.mkDerivation {
name = "orc-discount-config-sed";
src = ./config-sed.c;
dontUnpack = true;
buildPhase = ''
$CC -o config.sed $src
'';
installPhase = ''
mkdir -p $out/bin
chmod +x ./config.sed
mv config.sed $out/bin
'';
};
in prev.discount.overrideAttrs (old: let
patches = [
./config-sed.patch
./make-fix.patch
] ++ old.patches;
orc-tools = prev.buildPackages.stdenv.mkDerivation {
name = "orc-discount-tools";
src = old.src;
inherit patches;
configureScript = old.configureScript;
configureFlags = old.configureFlags;
buildPhase = ''
$CC -o mktags mktags.c
$CC -I ./ -o branch tools/branch.c
'';
installPhase = ''
mkdir -p $out/bin
mv mktags $out/bin
mv branch $out/bin
'';
};
in {
# ./configure does not support autoconf-style --build=/--host=.
configurePlatforms = [ ];
depsBuildBuild = [
config-sed
orc-tools
prev.buildPackages.coreutils
];
nativeBuildInputs = [
];
inherit patches;
})

58
machines/ptv/pkgs-cross/discount/make-fix.patch Normal file
View File

@@ -0,0 +1,58 @@
diff --git a/Makefile.in b/Makefile.in
index 085fbd5..e59d769 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -29,7 +29,7 @@ OBJS=mkdio.o markdown.o dumptree.o generate.o \
xml.o Csio.o xmlpage.o basename.o emmatch.o \
github_flavoured.o setup.o tags.o html5.o \
@AMALLOC@ @H1TITLE@ flags.o
-TESTFRAMEWORK=echo cols branch pandoc_headers
+TESTFRAMEWORK=echo cols pandoc_headers
# modules that markdown, makepage, mkd2html, &tc use
COMMON=pgm_options.o gethopt.o notspecial.o
@@ -84,19 +84,16 @@ $(DESTDIR)$(LIBDIR):
@MK_PKGCONFIG@$(DESTDIR)$(PKGDIR):
@MK_PKGCONFIG@ $(INSTALL_DIR) $(DESTDIR)$(PKGDIR)
-version.o: version.c VERSION branch
- $(BUILD) -DBRANCH=`./branch` -DVERSION=\"`cat VERSION`\" -c version.c
+version.o: version.c VERSION
+ $(BUILD) -DBRANCH=`branch` -DVERSION=\"`cat VERSION`\" -c version.c
VERSION:
@true
tags.o: tags.c cstring.h tags.h blocktags
-blocktags: mktags
- ./mktags > blocktags
-
-mktags: mktags.o
- $(LINK) -o mktags mktags.o
+blocktags:
+ mktags > blocktags
# example programs
@THEME@theme: theme.o $(COMMON) $(MKDLIB) mkdio.h
@@ -143,11 +140,6 @@ pandoc_headers.o: tools/pandoc_headers.c config.h
pandoc_headers: pandoc_headers.o $(COMMON) $(MKDLIB)
$(LINK) -o pandoc_headers pandoc_headers.o $(COMMON) -lmarkdown
-branch.o: tools/branch.c config.h
- $(BUILD) -c -o branch.o tools/branch.c
-branch: branch.o
- $(LINK) -o branch branch.o
-
cols.o: tools/cols.c config.h
$(BUILD) -c -o cols.o tools/cols.c
cols: cols.o
@@ -163,7 +155,7 @@ clean:
rm -f $(MKDLIB) `./librarian.sh files $(MKDLIB) VERSION`
distclean spotless: clean
- @DISTCLEAN@ @GENERATED_FILES@ @CONFIGURE_FILES@ ./mktags ./blocktags
+ @DISTCLEAN@ @GENERATED_FILES@ @CONFIGURE_FILES@ ./blocktags
Csio.o: Csio.c cstring.h amalloc.h config.h markdown.h
amalloc.o: amalloc.c

13
machines/ptv/pkgs-cross/discount/where-tr.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/configure.inc b/configure.inc
index fd0c9ba..7ea98e6 100755
--- a/configure.inc
+++ b/configure.inc
@@ -1830,7 +1830,7 @@ AC_QUIET() {
}
-AC_TR=`acLookFor tr`
+AC_TR=`which tr`
if [ "$AC_TR" ]; then
# try posix-style tr
ABC=`echo abc | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`

19
machines/ptv/pkgs-cross/fwupd-efi/default.nix Normal file
View File

@@ -0,0 +1,19 @@
(final: prev:
prev.fwupd-efi.overrideAttrs (old: {
mesonFlags = old.mesonFlags ++ [
# Use this instead of patch, however it points to proper binary
"-Defi-cc=${prev.stdenv.cc.targetPrefix}cc"
];
preBuild = ''
cp ${prev.gnu-efi}/lib/*.lds ../efi/lds
'';
patches = [
(prev.fetchurl {
url = "https://github.com/fwupd/fwupd-efi/commit/986a6e3beee6b951ca3622f47ed991e0e11c065c.diff";
hash = "sha256-UKerVzSn28QSoca6m2igVM6ai8i3B2jyB52B6e/HV5A=";
})
# ./efi-meson.patch
];
})
)

13
machines/ptv/pkgs-cross/fwupd-efi/efi-meson.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/efi/meson.build b/efi/meson.build
index 936ba3c..53687b1 100644
--- a/efi/meson.build
+++ b/efi/meson.build
@@ -1,7 +1,7 @@
generate_sbat = find_program('generate_sbat.py', native: true)
generate_binary = find_program('generate_binary.py', native: true)
-efi_cc = get_option('efi-cc')
+efi_cc = run_command('sh', '-c', 'echo $CC')
efi_ld = get_option('efi-ld')
efi_ldsdir = get_option('efi-ldsdir')
efi_incdir = get_option('efi-includedir')

14
machines/ptv/pkgs-cross/fwupd-efi/meson-rv64.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/meson.build b/meson.build
index 7d59695..b82bcdf 100644
--- a/meson.build
+++ b/meson.build
@@ -31,6 +31,9 @@ elif host_cpu == 'arm'
elif host_cpu == 'aarch64'
EFI_MACHINE_TYPE_NAME = 'aa64'
gnu_efi_arch = 'aarch64'
+elif host_cpu == 'riscv64'
+ EFI_MACHINE_TYPE_NAME = '.'
+ gnu_efi_arch = 'riscv64'
else
error('Unknown host_cpu ' + host_cpu)
endif

10
machines/ptv/pkgs-cross/gn/default.nix Normal file
View File

@@ -0,0 +1,10 @@
# TODO: gn-unstable needs rev newer than 2021-01-28
# 713a1850957b919c876c924e43ef0ddc4d8a8144 for riscv64 support
final: prev: prev.gn.overrideAttrs (old: {
src = prev.fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "713a1850957b919c876c924e43ef0ddc4d8a8144";
hash = "sha256-yzx7wPp/PEwGg4HZ99YntyHJ384nTVq6fyB6/vOOvOM=";
};
})

4
machines/ptv/pkgs-cross/gnugrep/default.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: prev.gnugrep.overrideAttrs (old: {
doCheck = false; #prev.stdenv.hostPlatform != "riscv64-linux";
})

5
machines/ptv/pkgs-cross/libdrm/default.nix Normal file
View File

@@ -0,0 +1,5 @@
final: prev: prev.libdrm.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [
final.libatomic_ops
];
})

8
machines/ptv/pkgs-cross/live555/default.nix Normal file
View File

@@ -0,0 +1,8 @@
final: prev: prev.live555.overrideAttrs (old: {
preConfigure = (prev.lib.optional (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) ''
sed -e 's/^C_COMPILER.*=.*$/C_COMPILER = $(CC)/g' -i config.*
sed -e 's/^CPLUSPLUS_COMPILER.*=.*$/CPLUSPLUS_COMPILER = $(CXX)/g' -i config.*
sed -e 's/^LINK.*=.*$/LINK = $(CXX) -o/g' -i config.*
sed -e 's/^LIBRARY_LINK.*=.*$/LIBRARY_LINK = $(AR) cr /g' -i config.*
'');
})

5
machines/ptv/pkgs-cross/openfortivpn/default.nix Normal file
View File

@@ -0,0 +1,5 @@
final: prev: prev.openfortivpn.overrideAttrs (old: {
configureFlags = old.configureFlags ++ prev.lib.optionals (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) [
"--disable-proc"
];
})

42
machines/ptv/pkgs-cross/perlTestutf8/default.nix Normal file
View File

@@ -0,0 +1,42 @@
final: prev: prev.perl538Packages.Testutf8.overrideAttrs (old: let
perl = final.perl538;
in {
postInstall = prev.lib.optionalString (prev.stdenv.buildPlatform != prev.stdenv.hostPlatform) ''
mkdir -p $out/${perl.libPrefix}/cross_perl/${perl.version}/DBI
cat > $out/${perl.libPrefix}/cross_perl/${perl.version}/DBI.pm <<EOF
package DBI;
BEGIN {
our \$VERSION = "$version";
}
1;
EOF
autodir=$(echo $out/${perl.libPrefix}/${perl.version}/*/auto/DBI)
cat > $out/${perl.libPrefix}/cross_perl/${perl.version}/DBI/DBD.pm <<EOF
package DBI::DBD;
use Exporter ();
use vars qw (@ISA @EXPORT);
@ISA = qw(Exporter);
@EXPORT = qw(dbd_postamble);
sub dbd_postamble {
return '
# --- This section was generated by DBI::DBD::dbd_postamble()
DBI_INSTARCH_DIR=$autodir
DBI_DRIVER_XST=$autodir/Driver.xst
# The main dependency (technically correct but probably not used)
\$(BASEEXT).c: \$(BASEEXT).xsi
# This dependency is needed since MakeMaker uses the .xs.o rule
\$(BASEEXT)\$(OBJ_EXT): \$(BASEEXT).xsi
\$(BASEEXT).xsi: \$(DBI_DRIVER_XST) $autodir/Driver_xst.h
''\t\$(PERL) -p -e "s/~DRIVER~/\$(BASEEXT)/g" \$(DBI_DRIVER_XST) > \$(BASEEXT).xsi
# ---
';
}
1;
EOF
'';
})

11
machines/ptv/pkgs-cross/protobuf/default.nix Normal file
View File

@@ -0,0 +1,11 @@
final: prev: prev.protobuf.overrideAttrs (old: {
# https://github.com/advancedtelematic/aktualizr/issues/1427
# atomics not supported, need either submit PR like suggested bove
# or, for now, use libatomic_ops
postPatch = old.postPatch + ''
sed -i -e 's/set(protobuf_LINK_LIBATOMIC false)/set(protobuf_LINK_LIBATOMIC true)/' CMakeLists.txt
'';
buildInputs = [
prev.libatomic_ops
] ++ old.buildInputs;
})

15
machines/ptv/pkgs-cross/valgrind/default.nix Normal file
View File

@@ -0,0 +1,15 @@
final: prev: prev.valgrind.overrideAttrs (old: {
src = prev.fetchFromGitHub {
owner = "petrpavlu";
repo = "valgrind-riscv64";
rev = "71272b252977fe52f03ea4fa8306b457b098cca5";
hash = "sha256-xD84dYSzq9eD35NfnmtI/zONVRjhDAEJkge26yFK034=";
};
outputs = [ "out" ];
patches = [
(prev.fetchpatch {
url = "https://bugsfiles.kde.org/attachment.cgi?id=149173";
sha256 = "sha256-jX9hD4utWRebbXMJYZ5mu9jecvdrNP05E5J+PnKRTyQ=";
})
];
})

3
machines/ptv/pkgs-cross/vpnc/default.nix Normal file
View File

@@ -0,0 +1,3 @@
final: prev: prev.vpnc.overrideAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs ++ (prev.lib.optionals (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) [final.perl]);
})

7
machines/ptv/pkgs-cross/vulkan-tools/default.nix Normal file
View File

@@ -0,0 +1,7 @@
final: prev: prev.vulkan-tools.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ (prev.lib.optionals (prev.stdenv.hostPlatform != prev.stdenv.buildPlatform) [
"-DBUILD_CUBE=OFF"
"-DPKG_CONFIG_EXECUTABLE=${prev.buildPackages.pkg-config}/bin/riscv64-unknown-linux-gnu-pkg-config"
]);
})

3
machines/ptv/pkgs/cryptsetup/default.nix Normal file
View File

@@ -0,0 +1,3 @@
final: prev: prev.cryptsetup.overrideAttrs (old: {
doCheck = false;
})

68
machines/ptv/pkgs/default.nix Normal file
View File

@@ -0,0 +1,68 @@
(final: prev: let
noCheck = p: p.overrideAttrs (old: {
doCheck = false;
});
in {
valgrind = (import ./valgrind) final prev;
valgrind-light = final.valgrind.override { gdb = null; };
cryptsetup = (import ./cryptsetup) final prev;
libopus = noCheck prev.libopus;
gn = (import ./gn) final prev;
# Test Times out
openexr = noCheck prev.openexr;
ell = noCheck prev.ell;
# Checks timeout:
pixman = noCheck prev.pixman;
# Inspired by: https://github.com/systemd/systemd/issues/12534
# and https://github.com/systemd/systemd/issues/30448
# Seems RISC-V and the like with GCC don't play well with O3
systemd = prev.systemd.overrideAttrs (old: {
# https://github.com/mesonbuild/meson/issues/10487
mesonBuildType = "custom";
mesonFlags = old.mesonFlags ++ [ "-Doptimization=2" ];
});
# See https://github.com/catchorg/Catch2/issues/2808
# Fixed by https://github.com/NixOS/nixpkgs/pull/295243
catch2_3 = prev.catch2_3.overrideAttrs (old: {
preConfigure = (old.preConfigure or "") + ''
export CFLAGS="$CFLAGS -Wno-error=cast-align"
'';
});
# One test times out
json-glib = noCheck prev.json-glib;
# Openh264 doesn't support RISC-V (yet)
# freerdp requires it by default: lets make that not true
freerdp = prev.freerdp.override {
openh264 = null;
};
tracker = noCheck prev.tracker;
openblas = prev.openblas.overrideAttrs (old: {
postPatch = (old.postPatch or "") + ''
sed -i 's/-static//g' Makefile.riscv64
'';
});
python3 = prev.python3.override {
packageOverrides = final-py: prev-py: let
noCheck = p: p.overridePythonAttrs (old: {
doCheck = false;
});
in {
dbus-python = prev-py.dbus-python.overridePythonAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs ++ [ final.dbus ];
doCheck = false;
});
hypothesis = noCheck prev-py.hypothesis;
h2 = noCheck prev-py.h2;
numpy = prev-py.numpy.overridePythonAttrs (old: {
doCheck = false;
});
# https://github.com/pandas-dev/pandas/pull/50349 <-- This
# but for risc-v
pandas = noCheck prev-py.pandas;
sphinx = noCheck prev-py.sphinx;
#skia-pathops = prev.skia-pathops.overridePythonAttrs (old: {
# patches = old.patches or [] ++ [ ./skia-riscv.patch ];
#});
};
};
})

10
machines/ptv/pkgs/gn/default.nix Normal file
View File

@@ -0,0 +1,10 @@
# TODO: gn-unstable needs rev newer than 2021-01-28
# 713a1850957b919c876c924e43ef0ddc4d8a8144 for riscv64 support
final: prev: prev.gn.overrideAttrs (old: {
src = prev.fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "713a1850957b919c876c924e43ef0ddc4d8a8144";
hash = "sha256-yzx7wPp/PEwGg4HZ99YntyHJ384nTVq6fyB6/vOOvOM=";
};
})

15
machines/ptv/pkgs/valgrind/default.nix Normal file
View File

@@ -0,0 +1,15 @@
final: prev: prev.valgrind.overrideAttrs (old: {
src = prev.fetchFromGitHub {
owner = "petrpavlu";
repo = "valgrind-riscv64";
rev = "71272b252977fe52f03ea4fa8306b457b098cca5";
hash = "sha256-xD84dYSzq9eD35NfnmtI/zONVRjhDAEJkge26yFK034=";
};
outputs = [ "out" ];
patches = [
(prev.fetchpatch {
url = "https://bugsfiles.kde.org/attachment.cgi?id=149173";
sha256 = "sha256-jX9hD4utWRebbXMJYZ5mu9jecvdrNP05E5J+PnKRTyQ=";
})
];
})

BIN
machines/ptv/rgx-img-gpu-firmware.tar.gz Normal file
View File

Binary file not shown.

2
machines/universeair/app-fix.nix
View File

@@ -11,7 +11,7 @@
rm -rf "$nix_apps" rm -rf "$nix_apps"
mkdir -p "$nix_apps" mkdir -p "$nix_apps"
find ${config.system.build.applications}/Applications -maxdepth 1 -type l -exec readlink '{}' + | find ${config.system.build.applications}/Applications -maxdepth 1 -type l -exec readlink '{}' + |
while read -r src; do while read src; do
# Spotlight does not recognize symlinks, it will ignore directory we link to the applications folder. # Spotlight does not recognize symlinks, it will ignore directory we link to the applications folder.
# It does understand MacOS aliases though, a unique filesystem feature. Sadly they cannot be created # It does understand MacOS aliases though, a unique filesystem feature. Sadly they cannot be created
# from bash (as far as I know), so we use the oh-so-great Apple Script instead. # from bash (as far as I know), so we use the oh-so-great Apple Script instead.

115
machines/universeair/configuration.nix
View File

@@ -3,7 +3,7 @@ in
{ {
imports = [ imports = [
# Install Apps Detactable by Spotlight # Install Apps Detactable by Spotlight
# ./app-fix.nix ./app-fix.nix
# Tiling Window Manager # Tiling Window Manager
./yabai.nix ./yabai.nix
# Shortcuts babe, not Automator # Shortcuts babe, not Automator
@@ -11,12 +11,10 @@ in
]; ];
nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.nixpkgs.flake = inputs.nixpkgs;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nixUnstable; # nix.package = pkgs.nixUnstable;
nix.settings.auto-optimise-store = false; nix.settings.auto-optimise-store = false;
nix.settings.trusted-users = [
"root"
"universelaptop"
];
users.users.universelaptop = { users.users.universelaptop = {
name = "universelaptop"; name = "universelaptop";
@@ -42,16 +40,11 @@ in
}; };
}; };
home.stateVersion = "22.05"; home.stateVersion = "22.05";
# TODO: https://nohzafk.github.io/posts/2023-12-18-nix-emacs-treesit-grammars/
# home.file = {
# # tree-sitter subdirectory of the directory specified by user-emacs-directory
# ".config/emacs/.local/cache/tree-sitter".source =
# "${emacs29.treesitGrammars}/lib";
# };
}; };
}; };
fonts.packages = with pkgs; [ fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
julia-mono julia-mono
bqn386 bqn386
]; ];
@@ -67,85 +60,8 @@ in
VISUAL = "emacs"; VISUAL = "emacs";
}; };
nixpkgs.overlays = [
(final: prev: {
skia-aseprite = prev.skia-aseprite.overrideAttrs (old: {
postPatch = (old.postPatch or "") + ''
sed -i -e 's/"-march=armv7-a",//g' gn/skia/BUILD.gn
'';
buildInputs = old.buildInputs ++ [
final.xcbuild
final.darwin.apple_sdk.frameworks.ApplicationServices
];
meta.maintainers = with pkgs.lib.maintainers; [
davidcromp
];
});
aseprite = prev.aseprite.overrideAttrs (old: {
cmakeFlags = [
"-DENABLE_DESKTOP_INTEGRATION=OFF"
"-DENABLE_UPDATER=OFF"
"-DUSE_SHARED_CMARK=ON"
"-DUSE_SHARED_CURL=ON"
"-DUSE_SHARED_FMT=ON"
"-DUSE_SHARED_FREETYPE=ON"
"-DUSE_SHARED_GIFLIB=ON"
"-DUSE_SHARED_HARFBUZZ=ON"
"-DUSE_SHARED_JPEGLIB=ON"
"-DUSE_SHARED_LIBPNG=ON"
"-DPNG_ARM_NEON:STRING=on"
"-DUSE_SHARED_LIBWEBP=ON"
"-DUSE_SHARED_PIXMAN=ON"
"-DUSE_SHARED_TINYXML=ON"
"-DUSE_SHARED_WEBP=ON"
"-DUSE_SHARED_ZLIB=ON"
# Disable libarchive programs.
"-DENABLE_CAT=OFF"
"-DENABLE_CPIO=OFF"
"-DENABLE_TAR=OFF"
# UI backend.
"-DLAF_OS_BACKEND=skia"
"-DLAF_WITH_EXAMPLES=OFF"
"-DSKIA_DIR=${final.skia-aseprite}"
"-DSKIA_LIBRARY_DIR=${final.skia-aseprite}/lib"
"-DSKIA_LIBRARYR=${final.skia-aseprite}/lib/libskia.a"
];
buildInputs = with pkgs; [
cmark
curl
fmt
fontconfig
freetype
giflib
glib
harfbuzzFull
libjpeg
libpng
libwebp
pcre2
pixman
skia-aseprite
tinyxml-2
zlib
# MacOS:
] ++ (with darwin.apple_sdk.frameworks; [
Cocoa
QuickLook
Quartz
]);
hardeningDisable = [
"format" # Darwin Specific
];
meta.broken = false;
});
})
];
environment.systemPackages = (with pkgs; [ environment.systemPackages = (with pkgs; [
me-emacs mac-emacs
svgbob
(aspellWithDicts (p: with p;[ (aspellWithDicts (p: with p;[
en en
en-computers en-computers
@@ -155,7 +71,7 @@ in
texliveFull texliveFull
wget wget
#xquartz xquartz
kitty kitty
btop btop
@@ -169,12 +85,9 @@ in
tailscale tailscale
discord discord
slack slack
inkscape
gimp gimp
# aseprite
# TODO: Consider using Yabai?? # TODO: Consider using Yabai??
# Games
prismlauncher
]); ]);
homebrew = { homebrew = {
@@ -192,21 +105,18 @@ in
"bitwarden" "bitwarden"
"zoom-for-it-admins" "zoom-for-it-admins"
"libreoffice" "libreoffice"
"microsoft-office"
"prismlauncher"
"kicad"
"tailscale" "tailscale"
"godot" "wine-stable"
"pixelorama"
"blender"
"inkscape"
]; ];
# Apps to install outside of nix for when wanting to test/run # Apps to install outside of nix for when wanting to test/run
# things that... aren't used by other people who use nix, like # things that... aren't used by other people who use nix, like
# python apps (which is why poetry is there) # python apps (which is why poetry is there)
brews = [ brews = [
"poetry" "poetry"
"pdm"
"python@3.11" "python@3.11"
"python@3.10"
"pygments"
# sudo ln -sfn /opt/homebrew/opt/openjdk/libexec/openjdk.jdk \ # sudo ln -sfn /opt/homebrew/opt/openjdk/libexec/openjdk.jdk \
# /Library/Java/JavaVirtualMachines/openjdk.jdk # /Library/Java/JavaVirtualMachines/openjdk.jdk
"openjdk" "openjdk"
@@ -220,5 +130,4 @@ in
# Used for backwards compatibility, please read the changelog before changing. # Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog # $ darwin-rebuild changelog
system.stateVersion = 4; system.stateVersion = 4;
system.primaryUser = "universelaptop";
} }

18
machines/universeair/libresprite_TODO_PR.nix
View File

@@ -1,18 +0,0 @@
(libresprite.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "LibreSprite";
repo = "LibreSprite";
rev = "c99d3666b17ff731824e3eccc79cf3ec48564ad5";
fetchSubmodules = true;
sha256 = "sha256-mdMdHQvl6Mt0oisZ4c/Wk6dvklq3Iyz05brbFxSIaj0=";
};
patches = [];
buildInputs = old.buildInputs ++ (with pkgs; [
libarchive
tinyxml-2
]);
postPatch = ''
sed -i -e 's/if(''${CMAKE_SYSTEM_NAME} MATCHES "Darwin")/if(FALSE)/' CMakeLists.txt
'';
meta.broken = false;
}))

2
machines/universeair/skhd.nix
View File

@@ -2,7 +2,7 @@
services.skhd = { services.skhd = {
enable = true; enable = true;
skhdConfig = '' skhdConfig = ''
cmd + shift - e : open '${(pkgs.me-emacs.override {withNativeCompilation = false;})}/Applications/Emacs.app' cmd + shift - e : open '${pkgs.mac-emacs}/Applications/Emacs.app'
cmd + shift + ctrl - e : kitty -d ~ -1 cmd + shift + ctrl - e : kitty -d ~ -1
''; '';
}; };

22
machines/universedesktop/configuration.nix
View File

@@ -2,9 +2,9 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ lib, config, pkgs, inputs, ... }: { { lib, config, pkgs, nixpkgs, ... }: {
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
# Allow user-mode qemu for running riscv64 binaries # Allow user-mode qemu for running riscv64 binaries
# boot.binfmt.emulatedSystems = [ "riscv64-linux" ]; # boot.binfmt.emulatedSystems = [ "riscv64-linux" ];
@@ -34,9 +34,6 @@
# ccache, y'know for blenders and whatnots # ccache, y'know for blenders and whatnots
./ccache.nix ./ccache.nix
# So we can run riscv 'natively'
./riscv.nix
]; ];
fileSystems."/home/universe/tmp" = { fileSystems."/home/universe/tmp" = {
@@ -57,18 +54,14 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.wlp6s0.useDHCP = true; networking.interfaces.wlp6s0.useDHCP = true;
# Fixes DNS issue with tailscale: https://github.com/tailscale/tailscale/issues/4254 # Fixes DNS issue with tailscale: https://github.com/tailscale/tailscale/issues/4254
#services.resolved.enable = true; services.resolved.enable = true;
networking.resolvconf.enable = true;
sops.secrets.wireless = { sops.secrets.wireless = { };
owner = "wpa_supplicant"; # TODO Use systemd service variable networking.wireless.environmentFile = config.sops.secrets.wireless.path;
};
networking.wireless.secretsFile = config.sops.secrets.wireless.path;
networking.wireless.enable = true; networking.wireless.enable = true;
networking.wireless.networks = { networking.wireless.networks = {
# "BELL422 5G".pskRaw = "ext:PSK_HOME"; "@SSID_HOME@".psk = "@PSK_HOME@";
"BELL422".pskRaw = "ext:PSK_HOME";
}; };
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
@@ -121,6 +114,8 @@
services.fwupd.enable = true; services.fwupd.enable = true;
programs.adb.enable = true;
# GTK Support # GTK Support
programs.dconf.enable = true; programs.dconf.enable = true;
@@ -137,7 +132,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
direnv direnv
nix-direnv nix-direnv
android-tools
]; ];
documentation.dev.enable = true; documentation.dev.enable = true;

25
machines/universedesktop/desktop/0006-DontCrashWindowPos.patch
View File

@@ -1,25 +0,0 @@
diff --git a/src/wl_window.c b/src/wl_window.c
index 5b491ff..f54b244 100644
--- a/src/wl_window.c
+++ b/src/wl_window.c
@@ -2236,16 +2236,16 @@ void _glfwGetWindowPosWayland(_GLFWwindow* window, int* xpos, int* ypos)
// A Wayland client is not aware of its position, so just warn and leave it
// as (0, 0)
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not provide the window position");
+ fprintf(stderr,
+ "Wayland: The platform does not provide the window position");
}
void _glfwSetWindowPosWayland(_GLFWwindow* window, int xpos, int ypos)
{
// A Wayland client can not set its position, so just warn
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the window position");
+ fprintf(stderr,
+ "Wayland: The platform does not support setting the window position");
}
void _glfwGetWindowSizeWayland(_GLFWwindow* window, int* width, int* height)

Some files were not shown because too many files have changed in this diff Show More