m

8 files changed, 85 insertions, 39 deletions

diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix
index 308f010..ee15cd5 100644
--- a/hosts/cloud/sortug/configuration.nix
+++ b/hosts/cloud/sortug/configuration.nix
@@ -1,6 +1,7 @@
 {
   modulesPath,
   lib,
+  pkgs,
   ...
 }: {
   imports =
@@ -24,6 +25,7 @@
     loader.grub.enable = true;
     # loader.grub.device = "/dev/sda";
   };
+  environment.systemPackages = [pkgs.devenv];
 
   services.do-agent.enable = true;
   networking = {
diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix
index b075c22..78e93b8 100644
--- a/hosts/cloud/sortug/nginx.nix
+++ b/hosts/cloud/sortug/nginx.nix
@@ -26,19 +26,30 @@
     virtualHosts."ai.sortug.com" = {
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
+      locations."/stt" = {
         proxyPass = "http://127.0.0.1:8000";
-        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_connect_timeout 300s;
+          proxy_send_timeout 300s;
+          proxy_read_timeout 300s;
+          send_timeout 300s;
+        '';
       };
-    };
-    virtualHosts."kino.sortug.com" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8095";
-        proxyWebsockets = true; # needed if you need to use WebSocket
+      locations."/tts" = {
+        proxyPass = "http://127.0.0.1:8001";
+      };
+      locations."/embed" = {
+        proxyPass = "http://127.0.0.1:8002";
       };
     };
+    # virtualHosts."kino.sortug.com" = {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://127.0.0.1:8095";
+    #     proxyWebsockets = true; # needed if you need to use WebSocket
+    #   };
+    # };
     virtualHosts."u.sortug.com" = {
       enableACME = true;
       forceSSL = true;
@@ -65,6 +76,24 @@
         proxy_cache off;
       '';
     };
+    virtualHosts."line.sortug.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8924";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+        '';
+      };
+      extraConfig = ''
+        proxy_http_version 1.1;
+        chunked_transfer_encoding off;
+        proxy_buffering off;
+        proxy_cache off;
+      '';
+    };
     virtualHosts."ntfy.sortug.com" = {
       enableACME = true;
       forceSSL = true;
diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix
index d020fec..9cc44a7 100644
--- a/hosts/cloud/span/mail.nix
+++ b/hosts/cloud/span/mail.nix
@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     (builtins.fetchTarball {
       url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz";
@@ -9,11 +13,11 @@
     })
   ];
 
-  services.dovecot2.sieve.extensions = [ "fileinto" ];
+  services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
     fqdn = "mail.spandrell.ch";
-    domains = [ "spandrell.ch" ];
+    domains = ["spandrell.ch"];
 
     # A list of all login accounts. To create the password hashes, use
     # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
@@ -28,7 +32,7 @@
         hashedPasswordFile = "/home/span/mail.key";
       };
       "lol@spandrell.ch" = {
-        hashedPasswordFile = "/home/span/mail.key";
+        hashedPasswordFile = "/home/span/mail2.key";
       };
       "sub@spandrell.ch" = {
         hashedPasswordFile = "/home/span/mail.key";
@@ -51,17 +55,17 @@
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "security@spandrell.ch";
   services.roundcube = {
-     enable = true;
-     # this is the url of the vhost, not necessarily the same as the fqdn of
-     # the mailserver
-     hostName = "mail.spandrell.ch";
-     extraConfig = ''
-       # starttls needed for authentication, so the fqdn required to match
-       # the certificate
-       $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
-       $config['smtp_user'] = "%u";
-       $config['smtp_pass'] = "%p";
-     '';
+    enable = true;
+    # this is the url of the vhost, not necessarily the same as the fqdn of
+    # the mailserver
+    hostName = "mail.spandrell.ch";
+    extraConfig = ''
+      # starttls needed for authentication, so the fqdn required to match
+      # the certificate
+      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
   };
   services.nginx.enable = true;
 }
diff --git a/hosts/linux.nix b/hosts/linux.nix
index 95049ff..70ff0c9 100644
--- a/hosts/linux.nix
+++ b/hosts/linux.nix
@@ -4,7 +4,6 @@
     ./users.nix
     ./editors.nix
     ./pkgs.nix
-    ./unfree.nix
     ./network.nix
     #     ./yubikey.nix
   ];
@@ -35,10 +34,10 @@
   };
 
   ## Bluetooth
-#  hardware.enableAllFirmware = true;
-#  hardware.bluetooth.enable = true;
-#  hardware.bluetooth.settings = {General = {Experimental = true;};};
-#  hardware.bluetooth.disabledPlugins = ["sap"];
-#  hardware.bluetooth.package = pkgs.bluez;
-#  services.blueman.enable = true;
+  #  hardware.enableAllFirmware = true;
+  #  hardware.bluetooth.enable = true;
+  #  hardware.bluetooth.settings = {General = {Experimental = true;};};
+  #  hardware.bluetooth.disabledPlugins = ["sap"];
+  #  hardware.bluetooth.package = pkgs.bluez;
+  #  services.blueman.enable = true;
 }
diff --git a/hosts/local/fw11/configuration.nix b/hosts/local/fw11/configuration.nix
index 8574868..ad8fffd 100644
--- a/hosts/local/fw11/configuration.nix
+++ b/hosts/local/fw11/configuration.nix
@@ -22,9 +22,10 @@ in {
     # Include the results of the hardware scan.
     ../../base.nix
     ../../linux.nix
-    ../wayland.nix
-    ../../syncthing.nix
-    ./keyboard.nix
+    # ../../syncthing.nix
+    ../../unfree.nix
+    # ../wayland.nix
+    # ./keyboard.nix
     # ../android.nix
   ];
 
@@ -44,8 +45,8 @@ in {
   boot.loader.efi.canTouchEfiVariables = true;
   # boot.supportedFilesystems = ["ntfs"];
   # boot.kernelPackages = lib.mkForce unfreePkgs.linuxKernel.packages.linux_xanmod_latest;
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-  # boot.kernelPackages = pkgs.linuxPackages_6_11;
+  # boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_6_12;
   services.fprintd.enable = true;
 
   networking = {
diff --git a/hosts/local/fw11/keyboard.nix b/hosts/local/fw11/keyboard.nix
index 7aef3c4..ce875dd 100644
--- a/hosts/local/fw11/keyboard.nix
+++ b/hosts/local/fw11/keyboard.nix
@@ -34,7 +34,8 @@
         config = builtins.readFile ./framework.kbd;
       };
       usbThinkpad = {
-        device = "/dev/input/by-id/usb-Lenovo_ThinkPad_Compact_USB_Keyboard_with_TrackPoint-event-kbd";
+        # device = "/dev/input/by-id/usb-Lenovo_ThinkPad_Compact_USB_Keyboard_with_TrackPoint-event-kbd";
+        device = "/dev/input/by-id/usb-Lenovo_TrackPoint_Keyboard_II-event-kbd";
         config = builtins.readFile ./thinkpad.kbd;
       };
     };
diff --git a/hosts/nixos.nix b/hosts/nixos.nix
index e85a2a9..1b7b55c 100644
--- a/hosts/nixos.nix
+++ b/hosts/nixos.nix
@@ -2,7 +2,9 @@
   mkNixosSystem = system: path:
     inputs.nixpkgs.lib.nixosSystem {
       inherit system;
-      specialArgs = {inherit inputs;};
+      specialArgs = {
+        inherit inputs;
+      };
       modules = import (./. + "/${path}") inputs;
     };
 in {
diff --git a/hosts/unfree.nix b/hosts/unfree.nix
index d3e889d..73c4a8a 100644
--- a/hosts/unfree.nix
+++ b/hosts/unfree.nix
@@ -1,9 +1,16 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  inputs,
+  ...
+}: {
   # allow unfree
   nixpkgs.config = {
     allowUnfree = true;
+    allowUnfreePredicate = _: true;
     chromium.enableWideVine = true;
   };
+
+  # https://stackoverflow.com/questions/77585228/how-to-allow-unfree-packages-in-nix-for-each-situation-nixos-nix-nix-wit
   environment.systemPackages = with pkgs; [
     # opera
     spotify
@@ -15,6 +22,7 @@
     steamcmd
     steam-run
     protonup-qt
+    #    inputs.claude-desktop.packages.x86_64-linux.claude-desktop
   ];
   # fucking vscode requires this for github copilot