diff --git a/flake.nix b/flake.nix index b7c2aa4..9763091 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,12 @@ inputs.languini.nixosModules.default ]; }; + nixosConfigurations.loadedskypotato = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./loadedskypotato/configuration.nix + ]; + }; }; } diff --git a/loadedskypotato/configuration.nix b/loadedskypotato/configuration.nix new file mode 100644 index 0000000..82b97a1 --- /dev/null +++ b/loadedskypotato/configuration.nix @@ -0,0 +1,738 @@ +{ lib, config, pkgs, inputs, ... }: +let + ClaytonXYZ = "/Block/ClaytonXYZ"; + nixpkgs-mautrix-nix = (import inputs.nixpkgs { + system = "x86_64-linux"; + config = { + permittedInsecurePackages = [ "olm-3.2.16" ]; + }; + }); +in +{ + imports = + [ + ./hardware-configuration.nix + ./remoteBuild.nix + ./grocy.nix + ./tandoor.nix + ./mealie.nix + ./matomo.nix + ./trilium.nix + ]; + + cos.grocy = { + enable = true; + dataDir = "/Block/grocy"; + hostname = "grocy.claytonhickey.me"; + }; + + cos.tandoor = { + enable = false; + hostname = "tandoor.claytonhickey.me"; + port = 8123; + }; + + cos.mealie = { + enable = false; + port = 8129; + hostname = "mealie.claytonhickey.me"; + }; + + cos.matomo = { + enable = false; + hostname = "matomo.claytonhickey.me"; + }; + + cos.trilium = { + enable = true; + hostname = "trilium.claytonhickey.me"; + dataDir = "/Block/trilium"; + port = 8578; + }; + + services.nginx.virtualHosts."claytonhickey.me_fs" = + let + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + in + { + listen = [{ + addr = "127.0.0.1"; + port = 8302; + }]; + locations."/" = { + root = "/Block/claytonhickey_me/www"; + extraConfig = ''absolute_redirect off;''; + }; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {"m.server" = "matrix.claytonhickey.me:443";}; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {"m.homeserver" = {base_url = "https://matrix.claytonhickey.me";};}; + locations."/.well-known/webfinger" = { + extraConfig = '' + add_header Access-Control-Allow-Origin '*'; + ''; + return = "301 https://mastodon.claytonhickey.me$request_uri"; + }; + }; + + services.nginx.virtualHosts."matrix.claytonhickey.me" = + { + listen = [{ + addr = "127.0.0.1"; + port = 8303; + }]; + locations."/".extraConfig = '' return 404; ''; + + locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + }; + + services.nginx.virtualHosts."bikeability-rasterserver.claytonhickey.me" = + { + listen = [{ + addr = "127.0.0.1"; + port = 8304; + }]; + locations."/".proxyPass = "http://10.100.0.2:9000/styles/bikeability/512/"; + }; + + services.cloudflared = { + enable = true; + certificateFile = "/Block/cloudflare/cert.pem"; + tunnels = { + "4fc85af1-38f7-4c96-856c-7c797c5e3bf8" = { + credentialsFile = "/Block/cloudflare/4fc85af1-38f7-4c96-856c-7c797c5e3bf8.json"; + default = "http_status:404"; + ingress = { + "languini.net" = "http://10.100.0.2:5267"; + "claytondoesthings.xyz" = "http://127.0.0.1:5000"; + "nextcloud.claytondoesthings.xyz" = "http://10.100.0.2:8120"; + "bikeability.claytonhickey.me" = "http://10.100.0.2:8001"; + "bikeability-tileserver.claytonhickey.me" = "http://10.100.0.2:8000"; + "bikeability-rasterserver.claytonhickey.me" = "http://127.0.0.1:8304"; + "claytonhickey.me" = "http://127.0.0.1:8302"; + "jellyfin.claytonhickey.me" = "http://10.100.0.2:8096"; + "forgejo.claytonhickey.me" = "unix://${config.services.forgejo.settings.server.HTTP_ADDR}"; + "matrix.claytonhickey.me" = "http://127.0.0.1:8303"; + "actual.claytonhickey.me" = "http://127.0.0.1:3000"; + "mastodon.claytonhickey.me" = "http://10.100.0.2:5328"; + }; + }; + }; + }; + + services.nginx.streamConfig = '' + server { + listen 25565 reuseport; + proxy_pass 10.100.0.2:25565; + } + server { + listen 25566 reuseport; + proxy_pass 10.100.0.2:25566; + } + ''; + + services.dnsmasq = { + enable = true; + settings = { + address = [ + #"/nextcloud.claytondoesthings.xyz/fc10::1" + #"/nextcloud.claytondoesthings.xyz/10.100.0.1" + "/hydra.claytonhickey.me/10.100.0.2" + #"/forgejo.claytonhickey.me/fc10::1" + #"/forgejo.claytonhickey.me/10.100.0.1" + ]; + #"dns-rr" = [ + # "nextcloud.claytondoesthings.xyz,65,000100" + # "forgejo.claytonhickey.me,65,000100" + #]; + }; + }; + + boot.loader.grub.enable = true; + networking = { + hostName = "loadedskypotato"; # Define your hostname. + networkmanager.enable = true; # Easiest to use and most distros use this by default. + usePredictableInterfaceNames = false; + useDHCP = false; + firewall = { + allowedTCPPorts = [ + 25565 # minecraft survival + 25566 # minecraft creative + ]; + allowedUDPPorts = [ + 51820 # wireguard + ]; + interfaces.wg0 = { + allowedUDPPorts = [ + 53 + ]; + allowedTCPPorts = [ + 53 + ]; + }; + }; + nat = { + enable = true; + enableIPv6 = true; + externalInterface = "eth0"; + internalInterfaces = [ + "wg0" + ]; + }; + wireguard = { + enable = true; + interfaces = { + wg0 = { + ips = [ + "10.100.0.1/32" + "fc10::1/128" + ]; + listenPort = 51820; + #postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + # ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc10::2/128 -o eth0 -j MASQUERADE + # ${pkgs.iptables}/bin/ip6tables -t nat -A PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/ip6tables -t nat -A PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53 + #''; + #postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + # ${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/iptables -t nat -D PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc10::2/128 -o eth0 -j MASQUERADE + # ${pkgs.iptables}/bin/ip6tables -t nat -D PREROUTING -i wg0 -p udp --dport 53 -j REDIRECT --to-ports 53 + # ${pkgs.iptables}/bin/ip6tables -t nat -D PREROUTING -i wg0 -p tcp --dport 53 -j REDIRECT --to-ports 53 + #''; + privateKeyFile = "/Block/wireguard-keys/private"; + peers = [ + { # fire-media-server + publicKey = "TnuODb+I5wfF6z5wlwOFiRr4CKImY557OIXyZCXPSio="; + # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. + allowedIPs = [ "10.100.0.2/32" "fc10::2/128"]; + } + { # laptop + publicKey = "7Hi/p1DEnAejX5vf46ul1ZWAeGM9nuWWGXXr9f6sUWA="; + allowedIPs = [ "10.100.0.3/32" "fc10::3/128" ]; + } + { # phone + publicKey = "UAP8/k1zWInrksQQAf0NuDUD1b0K0djDVUcYl+DNMEE="; + allowedIPs = [ "10.100.0.4/32" ]; + } + { # desktop + publicKey = "w054mlSBBq4u0ilTYfwc2xbb5Z+7kEigikSZ3R0u73w="; + allowedIPs = [ "10.100.0.5/32" ]; + } + { # octonix + publicKey = "5l1fL2LJP5yhuLoqfEtlR5/DJ6h+F+iLEKlr/uaI02o="; + allowedIPs = [ "10.100.0.6/32" ]; + } + ]; + }; + }; + }; + }; + + time.timeZone = "America/New_York"; + + services = { + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + forgejo = { + enable = true; + settings = { + server = { + PROTOCOL = "http+unix"; + ROOT_URL = "https://forgejo.claytonhickey.me/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + + actual = { + enable = true; + settings = { + hostname = "127.0.0.1"; + }; + }; + + nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + + clientMaxBodySize = "1G"; + + logError = "/var/log/nginx/error.log"; + + virtualHosts = { + + "default_server" = { + default = true; + rejectSSL = true; + locations."/".return = 404; + }; + }; + }; + postgresql = { + enable = true; + ensureDatabases = [ + "matrix-synapse" + #"mautrix-gmessages" + "mautrix-discord" + ]; + ensureUsers = [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + } + #{ + # name = "mautrix-gmessages"; + # ensureDBOwnership = true; + # ensureClauses = { + # login = true; + # }; + #} + { + name = "mautrix-discord"; + ensureDBOwnership = true; + ensureClauses = { + login = true; + }; + } + ]; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + host sameuser all 127.0.0.1/32 scram-sha-256 + host sameuser all ::1/128 scram-sha-256 + ''; + }; + matrix-synapse = { + enable = true; + settings = { + server_name = "claytonhickey.me"; + public_baseurl = "https://matrix.claytonhickey.me"; + listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + app_service_config_files = [ + #"/var/lib/matrix-synapse/slack-registration.yaml" + #"/var/lib/matrix-synapse/gmessages-registration.yaml" + "/var/lib/matrix-synapse/discord-registration.yaml" + ]; + }; + }; + mautrix-meta = { + instances = { + instagram = { + enable = true; + registerToSynapse = true; + settings = { + network = { + mode = "instagram"; + ig_e2ee = true; + displayname_template = "{{or .DisplayName .Username \"Unknown User\"}}"; + proxy_media = false; + min_full_reconnect_interval_seconds = 3600; + force_refresh_interval_seconds = 72000; + disable_xma_backfill = true; + disable_xma_always = false; + }; + bridge = { + command_prefix = "!instagram"; + personal_filtering_spaces = true; + private_chat_protal_meta = true; + async_events = false; + split_portals = false; + resend_bridge_info = false; + no_bridge_info_state_key = false; + bridge_matrix_leave = false; + tag_only_on_create = true; + only_bridge_tags = [ "m.favourite" "m.lowpriority" ]; + mute_only_on_create = true; + cleanup_on_logout = { + enabled = false; + }; + relay = { + enabled = false; + }; + permissions = { + "*" = "relay"; + "claytonhickey.me" = "user"; + "@clay53:claytonhickey.me" = "admin"; + }; + }; + database = { + type = "sqlite3-fk-wal"; + uri = "file:/var/lib/${config.services.mautrix-meta.instances.instagram.dataDir}/mautrix-meta.db?_txlock=immediate"; + }; + homeserver = { + address = config.services.matrix-synapse.settings.public_baseurl; + domain = config.services.matrix-synapse.settings.server_name; + software = "standard"; + async_media = false; + websocket = false; + ping_interval_seconds = 0; + }; + appservice = { + address = "http://localhost:29319"; + hostname = "127.0.0.1"; + port = 29319; + id = "instagram"; + bot = { + username = "instagrambot"; + displayname = "Instagram bridge bot"; + avatar = "mxc://maunium.net/DxpVrwwzPUwaUSazpsjXgcKB"; + }; + ephemeral_events = true; + async_transactions = true; + username_template = "instagram_{{.}}"; + }; + matrix = { + message_status_events = false; + delivery_recepts = false; + message_error_notices = true; + sync_direct_chat_list = true; + federate_rooms = true; + uplad_file_threshold = 5242880; + }; + analytics = { + token = null; + url = "https://api.segment.io/v1/track"; + user_id = null; + }; + provisioning = { + prefix = "/_matrix/provision"; + shard_secret = "generate"; + allow_matrix_auth = true; + debug_endpoints = false; + }; + public_media = { + enabled = false; + }; + direct_media = { + enabled = false; + }; + backfill = { + enable = true; + max_initial_messages = 50; + max_catchup_messages= 500; + unread_hours_threshold = 720; + threads = { + max_initial_messages = 50; + }; + queue = { + enabled = false; + }; + }; + encryption = { + allow = true; + default = true; + }; + logging = { + min_level = "debug"; + writers = [ + { + type = "stdout"; + format = "pretty-colored"; + } + ]; + }; + }; + }; + facebook = { + enable = true; + registerToSynapse = true; + settings = { + network = { + mode = "facebook"; + ig_e2ee = false; + displayname_template = "{{or .DisplayName .Username \"Unknown User\"}}"; + proxy_media = false; + min_full_reconnect_interval_seconds = 3600; + force_refresh_interval_seconds = 72000; + disable_xma_backfill = true; + disable_xma_always = false; + }; + bridge = { + command_prefix = "!facebook"; + personal_filtering_spaces = true; + private_chat_protal_meta = true; + async_events = false; + split_portals = false; + resend_bridge_info = false; + no_bridge_info_state_key = false; + bridge_matrix_leave = false; + tag_only_on_create = true; + only_bridge_tags = [ "m.favourite" "m.lowpriority" ]; + mute_only_on_create = true; + cleanup_on_logout = { + enabled = false; + }; + relay = { + enabled = false; + }; + permissions = { + "*" = "relay"; + "claytonhickey.me" = "user"; + "@clay53:claytonhickey.me" = "admin"; + }; + }; + database = { + type = "sqlite3-fk-wal"; + uri = "file:/var/lib/${config.services.mautrix-meta.instances.facebook.dataDir}/mautrix-meta.db?_txlock=immediate"; + }; + homeserver = { + address = config.services.matrix-synapse.settings.public_baseurl; + domain = config.services.matrix-synapse.settings.server_name; + software = "standard"; + async_media = false; + websocket = false; + ping_interval_seconds = 0; + }; + appservice = { + address = "http://localhost:29320"; + hostname = "127.0.0.1"; + port = 29320; + id = "facebook"; + bot = { + username = "facebookbot"; + displayname = "Facebook bridge bot"; + avatar = "mxc://maunium.net/DxpVrwwzPUwaUSazpsjXgcKB"; + }; + ephemeral_events = true; + async_transactions = true; + username_template = "facebook_{{.}}"; + }; + matrix = { + message_status_events = false; + delivery_recepts = false; + message_error_notices = true; + sync_direct_chat_list = true; + federate_rooms = true; + uplad_file_threshold = 5242880; + }; + analytics = { + token = null; + url = "https://api.segment.io/v1/track"; + user_id = null; + }; + provisioning = { + prefix = "/_matrix/provision"; + shard_secret = "generate"; + allow_matrix_auth = true; + debug_endpoints = false; + }; + public_media = { + enabled = false; + }; + direct_media = { + enabled = false; + }; + backfill = { + enable = true; + max_initial_messages = 50; + max_catchup_messages= 500; + unread_hours_threshold = 720; + threads = { + max_initial_messages = 50; + }; + queue = { + enabled = false; + }; + }; + encryption = { + allow = true; + default = true; + }; + logging = { + min_level = "debug"; + writers = [ + { + type = "stdout"; + format = "pretty-colored"; + } + ]; + }; + }; + }; + }; + }; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim + wget + inetutils + mtr + sysstat + htop + git + ocaml + #nixpkgs-mautrix-nix.mautrix-slack + #mautrix-gmessages + mautrix-meta + mautrix-discord + ncdu + tcpdump + cloudflared + ]; + + systemd = { + services = { + ClaytonXYZ = { + wantedBy = [ "default.target" ]; + description = "claytondoesthings website"; + environment = { + STATIC_DIR = "${ClaytonXYZ}/s"; + DOMAIN = "https://claytondoesthings.xyz"; + ROCKET_PORT = "5000"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = ''${ClaytonXYZ}/target/release/clayton_xyz''; + }; + }; + #iloveu = { + # wantedBy = [ "default.target" ]; + # description = "iloveu server"; + # serviceConfig = { + # Type = "simple"; + # ExecStart = ''${iloveu.server}/bin/iloveu-server --address 127.0.0.1:5001 --password "N86QVNwNZe!oXz" --transactions-dir /Block/iloveu''; + # }; + #}; + claytonhickeymeUpdate = { + description = "update claytonhickeyme website"; + wantedBy = [ "default.target" ]; + path = [ pkgs.git pkgs.ocaml pkgs.nix ]; + environment = { + NIX_PATH="/root/.nix-defexpr/channels:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels"; + }; + script = ''#!/bin/sh + cd /Block/claytonhickey_me + ./update.sh + ''; + serviceConfig.Type = "oneshot"; + startAt = "*:0/2"; + }; + #api_claytonhickey_me = { + # description = "api for claytonhickeyme website"; + # wantedBy = [ "default.target" ]; + # path = [ pkgs.nix pkgs.bash ]; + # environment = { + # NIX_PATH="/root/.nix-defexpr/channels:nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels"; + # HOME="/root"; + # }; + # script = ''#!/bin/sh + # cd /Block/api_claytonhickey_me + # nix run 'github:mitchellh/zig-overlay#master-2025-01-20' --extra-experimental-features nix-command --extra-experimental-features flakes build run + # ''; + #}; + #mcServer = { + # description = "Minecraft"; + # wantedBy = [ "default.target" ]; + # path = [ pkgs.jdk21 ]; + # script = ''#!/bin/sh + # cd /Block/mc-server + # ./start.sh + # ''; + #}; + #mautrix-slack = { + # wantedBy = [ "default.target" ]; + # description = "Mautrix-slack"; + # serviceConfig = { + # Type = "simple"; + # User = "mautrix-slack"; + # ExecStart = ''${nixpkgs-mautrix-nix.mautrix-slack}/bin/mautrix-slack -c /opt/mautrix-slack/slack-config.yaml -r /var/lib/matrix-synapse/slack-registration.yaml''; + # }; + #}; + #mautrix-gmessages = { + # wantedBy = [ "default.target" ]; + # description = "Mautrix-gmessages"; + # serviceConfig = { + # Type = "simple"; + # User = "mautrix-gmessages"; + # ExecStart = ''${pkgs.mautrix-gmessages}/bin/mautrix-gmessages -c /opt/mautrix-gmessages/config.yaml -r /var/lib/matrix-synapse/gmessages-registration.yaml''; + # }; + #}; + mautrix-discord = { + wantedBy = [ "default.target" ]; + description = "Mautrix-discord"; + serviceConfig = { + Type = "simple"; + User = "mautrix-discord"; + ExecStart = ''${pkgs.mautrix-discord}/bin/mautrix-discord -c /opt/mautrix-discord/config.yaml -r /var/lib/matrix-synapse/discord-registration.yaml''; + }; + }; + }; + }; + + users = { + groups = { + #mautrix-slack = {}; + #mautrix-gmessages = {}; + mautrix-discord = {}; + }; + users = { + #mautrix-slack = { + # isSystemUser = true; + # home = "/opt/mautrix-slack"; + # group = "mautrix-slack"; + # createHome = true; + # useDefaultShell = true; + #}; + #mautrix-gmessages = { + # isSystemUser = true; + # home = "/opt/mautrix-gmessages"; + # group = "mautrix-gmessages"; + # createHome = true; + # useDefaultShell = true; + #}; + mautrix-discord = { + isSystemUser = true; + home = "/opt/mautrix-discord"; + group = "mautrix-discord"; + createHome = true; + useDefaultShell = true; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "clayton@claytondoesthings.xyz"; + }; + + nixpkgs.config = { + allowUnfree = true; + permittedInsecurePackages = [ + "olm-3.2.16" + ]; + }; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "23.05"; +} diff --git a/loadedskypotato/flake.lock b/loadedskypotato/flake.lock new file mode 100644 index 0000000..f59ae9d --- /dev/null +++ b/loadedskypotato/flake.lock @@ -0,0 +1,256 @@ +{ + "nodes": { + "cnvim": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixvimFlake": "nixvimFlake" + }, + "locked": { + "lastModified": 1759775807, + "narHash": "sha256-GV0uY5MU7b9liqwg7q/qvYOUl+wfn7QN6mzVTpvTVCU=", + "owner": "clay53", + "repo": "cnvim", + "rev": "bf8ce57673408977928c7c6da1218845c1b53236", + "type": "github" + }, + "original": { + "owner": "clay53", + "repo": "cnvim", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "cnvim", + "nixvimFlake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "cnvim", + "nixvimFlake", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "cnvim", + "nixvimFlake", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "languini": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1763640836, + "narHash": "sha256-XiAiB0fzK346tBBKe0BO25nrQ3LvBhmm7fqUW0e8/BU=", + "ref": "refs/heads/master", + "rev": "eab36d08e70608321bc59f9df01dc72aca283354", + "revCount": 66, + "type": "git", + "url": "ssh://forgejo@127.0.0.1/TutorEngine/leptos_client.git" + }, + "original": { + "type": "git", + "url": "ssh://forgejo@127.0.0.1/TutorEngine/leptos_client.git" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvimFlake": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "cnvim", + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1759768698, + "narHash": "sha256-hSTuhdHtDdTvCxCpz51v9dwckRS1HuMXLZeRhqWGZUQ=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "ca7f98d9366b587c8e5b824f8437e79747d810fb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "cnvim", + "nixvimFlake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758662783, + "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "reloading-languini-module": { + "locked": { + "lastModified": 1755243353, + "narHash": "sha256-V5bsos1w0lUi1TEfauKSTnO/HEKQMYtnRpoB/7TFrj4=", + "ref": "refs/heads/master", + "rev": "1238709da142f1d5649abf7e2547661e60d5c556", + "revCount": 36, + "type": "git", + "url": "ssh://forgejo@127.0.0.1/TutorEngine/reloading-languini-module.git" + }, + "original": { + "type": "git", + "url": "ssh://forgejo@127.0.0.1/TutorEngine/reloading-languini-module.git" + } + }, + "root": { + "inputs": { + "cnvim": "cnvim", + "languini": "languini", + "nixpkgs": "nixpkgs", + "reloading-languini-module": "reloading-languini-module" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "languini", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763606317, + "narHash": "sha256-lsq4Urmb9Iyg2zyg2yG6oMQk9yuaoIgy+jgvYM4guxA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a5615abaf30cfaef2e32f1ff9bd5ca94e2911371", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/loadedskypotato/flake.nix b/loadedskypotato/flake.nix new file mode 100644 index 0000000..b16907a --- /dev/null +++ b/loadedskypotato/flake.nix @@ -0,0 +1,23 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + cnvim = { + url = "github:clay53/cnvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + reloading-languini-module.url = "git+ssh://forgejo@127.0.0.1/TutorEngine/reloading-languini-module.git"; + languini = { + url = "git+ssh://forgejo@127.0.0.1/TutorEngine/leptos_client.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + outputs = { self, nixpkgs, ... }@inputs: { + nixosConfigurations.loadedskypotato = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./configuration.nix + inputs.reloading-languini-module.nixosModules.default + ]; + }; + }; +} diff --git a/loadedskypotato/grocy.nix b/loadedskypotato/grocy.nix new file mode 100644 index 0000000..7a0aecb --- /dev/null +++ b/loadedskypotato/grocy.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, config, ... }: +let cfg = config.cos.grocy; in +{ + options.cos.grocy = { + enable = lib.mkEnableOption "enable grocy"; + dataDir = lib.mkOption { + type = lib.types.str; + }; + hostname = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkIf cfg.enable { + services.grocy = { + enable = true; + hostName = cfg.hostname; + dataDir = cfg.dataDir; + }; + + services.nginx.virtualHosts.${cfg.hostname} = { + listen = [{ + addr = "127.0.0.1"; + port = 8303; + }]; + serverName = null; + enableACME = lib.mkForce false; + forceSSL = lib.mkForce false; + }; + services.cloudflared.tunnels."4fc85af1-38f7-4c96-856c-7c797c5e3bf8".ingress.${cfg.hostname} = "http://127.0.0.1:8303"; + }; +} diff --git a/loadedskypotato/hardware-configuration.nix b/loadedskypotato/hardware-configuration.nix new file mode 100644 index 0000000..bc2618b --- /dev/null +++ b/loadedskypotato/hardware-configuration.nix @@ -0,0 +1,50 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/sda"; + fsType = "ext4"; + }; + + fileSystems."/Block" = + { device = "/dev/sdc"; + fsType = "ext4"; + }; + + swapDevices = [{ + device = "/swapfile"; + size = 4*1024; + }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/loadedskypotato/matomo.nix b/loadedskypotato/matomo.nix new file mode 100644 index 0000000..50d4af1 --- /dev/null +++ b/loadedskypotato/matomo.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: +let cfg = config.cos.matomo; in +{ + options.cos.matomo = { + enable = lib.mkEnableOption "enable matomo"; + hostname = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkIf cfg.enable { + services.matomo = { # Effectively never finished + enable = true; + hostname = cfg.hostname; + nginx = {}; + }; + }; +} diff --git a/loadedskypotato/mealie.nix b/loadedskypotato/mealie.nix new file mode 100644 index 0000000..f25c393 --- /dev/null +++ b/loadedskypotato/mealie.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, config, ... }: +let cfg = config.cos.mealie; in +{ + options.cos.mealie = { + enable = lib.mkEnableOption "enable Mealie"; + hostname = lib.mkOption { + type = lib.types.str; + }; + port = lib.mkOption { + type = lib.types.port; + }; + }; + + config = lib.mkIf cfg.enable { + services.mealie = { + enable = true; + port = cfg.port; + listenAddress = "127.0.0.1"; + }; + + services.nginx = { + enable = true; + virtualHosts.${cfg.hostname} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + }; + }; + }; + }; +} diff --git a/loadedskypotato/remoteBuild.nix b/loadedskypotato/remoteBuild.nix new file mode 100644 index 0000000..1303e89 --- /dev/null +++ b/loadedskypotato/remoteBuild.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + nix.buildMachines = [{ + sshUser = "clhickey"; + hostName = "10.100.0.3"; + system = "x86_64-linux"; + protocol = "ssh-ng"; + maxJobs = 3; + speedFactor = 10; + supportedFeatures = [ "big-parallel" ]; + mandatoryFeatures = []; + }]; + nix.distributedBuilds = true; +} diff --git a/loadedskypotato/tandoor.nix b/loadedskypotato/tandoor.nix new file mode 100644 index 0000000..02f83cd --- /dev/null +++ b/loadedskypotato/tandoor.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, config, ... }: +let cfg = config.cos.tandoor; in +{ + options.cos.tandoor = { + enable = lib.mkEnableOption "enable Tandoor"; + hostname = lib.mkOption { + type = lib.types.str; + }; + port = lib.mkOption { + type = lib.types.port; + }; + }; + + config = lib.mkIf cfg.enable { + services.tandoor-recipes = { + enable = true; + port = cfg.port; + address = "127.0.0.1"; + }; + + services.nginx = { + enable = true; + virtualHosts.${cfg.hostname} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + }; + }; + }; + }; +} diff --git a/loadedskypotato/trilium.nix b/loadedskypotato/trilium.nix new file mode 100644 index 0000000..8d715b7 --- /dev/null +++ b/loadedskypotato/trilium.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + lib, + ... +}: +let cfg = config.cos.trilium; in +{ + options.cos.trilium = { + enable = lib.mkEnableOption "trilium-server"; + hostname = lib.mkOption { + type = lib.types.str; + }; + port = lib.mkOption { + type = lib.types.port; + }; + dataDir = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkIf cfg.enable { + services.trilium-server = { + enable = true; + package = pkgs.trilium-next-server; + port = cfg.port; + dataDir = cfg.dataDir; + }; + + services.cloudflared.tunnels."4fc85af1-38f7-4c96-856c-7c797c5e3bf8".ingress.${cfg.hostname} = "http://${config.services.trilium-server.host}:${builtins.toString cfg.port}"; + }; +}