From e64f7a78e01e5fa661471cb518cc71fc33223b5a Mon Sep 17 00:00:00 2001 From: polwex Date: Sun, 21 Jul 2024 01:49:04 +0700 Subject: m --- hosts/base.nix | 8 +- hosts/cloud/bkk/configuration.nix | 72 +++++----- hosts/cloud/bkk/default.nix | 4 + hosts/cloud/jeet/configuration.nix | 132 +++++++++---------- hosts/cloud/jeet/default.nix | 4 + hosts/cloud/oldsortug/configuration.nix | 46 ------- hosts/cloud/oldsortug/coturn.nix | 60 --------- hosts/cloud/oldsortug/gitea.nix | 27 ---- hosts/cloud/oldsortug/hardware-configuration.nix | 31 ----- hosts/cloud/oldsortug/nginx.nix | 21 --- hosts/cloud/oldsortug/packages.nix | 53 -------- hosts/cloud/oldsortug/users.nix | 56 -------- hosts/cloud/sing/default.nix | 4 + hosts/cloud/sortug/configuration.nix | 146 +++++++++++---------- hosts/cloud/sortug/default.nix | 1 + hosts/cloud/span/configuration.nix | 72 ++++++++++ hosts/cloud/span/default.nix | 4 + hosts/cloud/span/flake.lock | 27 ++++ hosts/cloud/span/flake.nix | 16 +++ hosts/cloud/span/hardware-configuration.nix | 36 +++++ hosts/cloud/span/mail.nix | 67 ++++++++++ hosts/cloud/span/nginx.nix | 46 +++++++ hosts/cloud/span/packages.nix | 47 +++++++ hosts/cloud/span/users.nix | 42 ++++++ hosts/cloud/spanm/configuration.nix | 66 ---------- hosts/cloud/spanm/flake.lock | 27 ---- hosts/cloud/spanm/flake.nix | 16 --- hosts/cloud/spanm/hardware-configuration.nix | 36 ----- hosts/cloud/spanm/mail.nix | 67 ---------- hosts/cloud/spanm/nginx.nix | 46 ------- hosts/cloud/spanm/packages.nix | 47 ------- hosts/cloud/spanm/users.nix | 42 ------ hosts/darwin.nix | 10 ++ .../default.nix | 18 +++ hosts/mac/kmonad-daemon-shim/default.nix | 18 +++ hosts/mac/kmonad-daemon-shim/main.c | 23 ++++ hosts/mac/m1mba/configuration.nix | 18 +++ hosts/mac/m1mba/keyboard.nix | 53 ++++++++ hosts/mac/m1mba/mac.nix | 12 ++ hosts/mac/m1mba/pkgs.nix | 68 ++++++++++ hosts/mac/m1mba/services.nix | 11 ++ hosts/mac/m1mba/users.nix | 43 ++++++ hosts/mac/mac.nix | 12 ++ hosts/mac/yabai/0001-mouse-follows-swap.patch | 31 +++++ hosts/mac/yabai/default.nix | 5 + hosts/nixos.nix | 4 +- hosts/result | 1 + hosts/server.nix | 8 ++ hosts/users.nix | 59 ++++----- outputs.nix | 4 +- 50 files changed, 905 insertions(+), 862 deletions(-) create mode 100644 hosts/cloud/bkk/default.nix create mode 100644 hosts/cloud/jeet/default.nix delete mode 100644 hosts/cloud/oldsortug/configuration.nix delete mode 100644 hosts/cloud/oldsortug/coturn.nix delete mode 100644 hosts/cloud/oldsortug/gitea.nix delete mode 100644 hosts/cloud/oldsortug/hardware-configuration.nix delete mode 100644 hosts/cloud/oldsortug/nginx.nix delete mode 100644 hosts/cloud/oldsortug/packages.nix delete mode 100644 hosts/cloud/oldsortug/users.nix create mode 100644 hosts/cloud/sing/default.nix create mode 100644 hosts/cloud/span/configuration.nix create mode 100644 hosts/cloud/span/default.nix create mode 100644 hosts/cloud/span/flake.lock create mode 100644 hosts/cloud/span/flake.nix create mode 100644 hosts/cloud/span/hardware-configuration.nix create mode 100644 hosts/cloud/span/mail.nix create mode 100644 hosts/cloud/span/nginx.nix create mode 100644 hosts/cloud/span/packages.nix create mode 100644 hosts/cloud/span/users.nix delete mode 100644 hosts/cloud/spanm/configuration.nix delete mode 100644 hosts/cloud/spanm/flake.lock delete mode 100644 hosts/cloud/spanm/flake.nix delete mode 100644 hosts/cloud/spanm/hardware-configuration.nix delete mode 100644 hosts/cloud/spanm/mail.nix delete mode 100644 hosts/cloud/spanm/nginx.nix delete mode 100644 hosts/cloud/spanm/packages.nix delete mode 100644 hosts/cloud/spanm/users.nix create mode 100644 hosts/darwin.nix create mode 100644 hosts/mac/Karabiner-DriverKit-VirtualHIDDevice/default.nix create mode 100644 hosts/mac/kmonad-daemon-shim/default.nix create mode 100644 hosts/mac/kmonad-daemon-shim/main.c create mode 100644 hosts/mac/m1mba/configuration.nix create mode 100644 hosts/mac/m1mba/keyboard.nix create mode 100644 hosts/mac/m1mba/mac.nix create mode 100644 hosts/mac/m1mba/pkgs.nix create mode 100644 hosts/mac/m1mba/services.nix create mode 100644 hosts/mac/m1mba/users.nix create mode 100644 hosts/mac/mac.nix create mode 100644 hosts/mac/yabai/0001-mouse-follows-swap.patch create mode 100644 hosts/mac/yabai/default.nix create mode 120000 hosts/result create mode 100644 hosts/server.nix diff --git a/hosts/base.nix b/hosts/base.nix index e1e421b..3cffa00 100644 --- a/hosts/base.nix +++ b/hosts/base.nix @@ -1,10 +1,4 @@ -{ - config, - lib, - pkgs, - unfreePkgs, - ... -}: { +{pkgs, ...}: { # enable flakes nix = { package = pkgs.nixFlakes; diff --git a/hosts/cloud/bkk/configuration.nix b/hosts/cloud/bkk/configuration.nix index 42f6b2c..9769419 100644 --- a/hosts/cloud/bkk/configuration.nix +++ b/hosts/cloud/bkk/configuration.nix @@ -1,49 +1,37 @@ -{ modulesPath, lib, pkgs, ... }: { + modulesPath, + lib, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix ./nginx.nix - ]; - boot = { - loader.grub = { - enable = true; - device = "/dev/vda"; - }; - }; - users.users.root.openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + ../../users.nix + ../../base.nix + ../../server.nix + ]; + boot = { + loader.grub = { + enable = true; + device = "/dev/vda"; + }; + }; - # enable flakes - nix = { - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - settings = { - keep-outputs = true; - keep-derivations = true; - }; - }; - - services.openssh = { - enable = true; - passwordAuthentication = false; - # ports = [5522]; - }; - networking = { - hostName = "yn-bkk"; # use Digital Ocean metadata server - }; - networking.firewall = { - enable = false; - # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; - # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; - }; - services.ntfy-sh = { - enable = true; - settings = { - base-url = "https://n.urbit.men"; - listen-http = ":8090"; - }; - }; + networking = { + hostName = "yn-bkk"; # use Digital Ocean metadata server + }; + networking.firewall = { + enable = false; + # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + }; + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://n.urbit.men"; + listen-http = ":8090"; + }; + }; system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/cloud/bkk/default.nix b/hosts/cloud/bkk/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/bkk/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/jeet/configuration.nix b/hosts/cloud/jeet/configuration.nix index 1d470e2..30bf8c6 100644 --- a/hosts/cloud/jeet/configuration.nix +++ b/hosts/cloud/jeet/configuration.nix @@ -1,75 +1,75 @@ -{ modulesPath, pkgs, ... }: { + modulesPath, + pkgs, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ./disk-config.nix ./hardware-configuration.nix + ../../users.nix + ../../base.nix + ../../server.nix ]; - boot.loader.grub.enable = true; - # enable flakes - nix = { - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - settings = { - keep-outputs = true; - keep-derivations = true; - }; - }; - - services.openssh = { - enable = true; - passwordAuthentication = false; - # ports = [5522]; - }; - services.do-agent.enable = true; - networking = { - firewall.enable = false; - hostName = "yn-ind"; # use Digital Ocean metadata server - networkmanager.enable = true; - useDHCP = false; - interfaces.eth0.ipv4.addresses = [ - {address = "93.127.194.223"; prefixLength = 32;} - ]; - interfaces.eth0.ipv6.addresses = [ - {address = "2a02:4780:12:413b::1"; prefixLength = 64;} - ]; - defaultGateway = { - address = "169.254.0.1"; - interface = "eth0"; - }; - defaultGateway6 = { - address = "fe80:1"; - interface = "eth0"; - }; - interfaces.ens18.ipv4.addresses = [ - {address = "93.127.194.223"; prefixLength = 32;} - ]; - interfaces.ens18.ipv6.addresses = [ - {address = "2a02:4780:12:413b::1"; prefixLength = 64;} - ]; - # defaultGateway = { - # address = "169.254.0.1"; - # interface = "ens18"; - # }; - # defaultGateway6 = { - # address = "fe80:1"; - # interface = "ens18"; - # }; - nameservers = [ - "217.21.86.10" - "8.8.4.4" - "1.1.1.1" - ]; - }; + boot.loader.grub.enable = true; - users.users.root.openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; - # networking.firewall = { - # enable = true; - # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; - # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; - # }; + services.do-agent.enable = true; + networking = { + firewall.enable = false; + hostName = "yn-ind"; # use Digital Ocean metadata server + networkmanager.enable = true; + useDHCP = false; + interfaces.eth0.ipv4.addresses = [ + { + address = "93.127.194.223"; + prefixLength = 32; + } + ]; + interfaces.eth0.ipv6.addresses = [ + { + address = "2a02:4780:12:413b::1"; + prefixLength = 64; + } + ]; + defaultGateway = { + address = "169.254.0.1"; + interface = "eth0"; + }; + defaultGateway6 = { + address = "fe80:1"; + interface = "eth0"; + }; + interfaces.ens18.ipv4.addresses = [ + { + address = "93.127.194.223"; + prefixLength = 32; + } + ]; + interfaces.ens18.ipv6.addresses = [ + { + address = "2a02:4780:12:413b::1"; + prefixLength = 64; + } + ]; + # defaultGateway = { + # address = "169.254.0.1"; + # interface = "ens18"; + # }; + # defaultGateway6 = { + # address = "fe80:1"; + # interface = "ens18"; + # }; + nameservers = [ + "217.21.86.10" + "8.8.4.4" + "1.1.1.1" + ]; + }; + + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + # }; } diff --git a/hosts/cloud/jeet/default.nix b/hosts/cloud/jeet/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/jeet/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/oldsortug/configuration.nix b/hosts/cloud/oldsortug/configuration.nix deleted file mode 100644 index 1c1866e..0000000 --- a/hosts/cloud/oldsortug/configuration.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ modulesPath, lib, ... }: -{ - imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - ./hardware-configuration.nix - ./gitea.nix - ./nginx.nix - ./coturn.nix - ]; - boot = { - growPartition = true; - kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; - initrd.kernelModules = [ "virtio_scsi" ]; - kernelModules = [ "virtio_pci" "virtio_net" ]; - loader = { - grub.device = "/dev/sda"; - timeout = 0; - grub.configurationLimit = 0; - }; - }; - services.openssh = { - enable = true; - passwordAuthentication = false; - ports = [5522]; - }; - services.do-agent.enable = true; - networking = { - hostName = "sortug"; # use Digital Ocean metadata server - }; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; - allowedUDPPorts = [ 40308 80 443 53 51820 5522 - 50000 - 50001 - 50002 - 50003 - 50004 - 50005 - 50006 - 50007 - 50008 - 50009 - 50010 - ]; - }; -} diff --git a/hosts/cloud/oldsortug/coturn.nix b/hosts/cloud/oldsortug/coturn.nix deleted file mode 100644 index aaf097c..0000000 --- a/hosts/cloud/oldsortug/coturn.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ ... }: - -{ - services.coturn = { - enable = true; - lt-cred-mech = true; - # use-auth-secret = true; - # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC"; - realm = "turn.sortug.com"; - # relay-ips = [ - # "" - # ]; - # no-tcp-relay = true; - extraConfig = " - cipher-list=\"HIGH\" - no-loopback-peers - no-multicast-peers - "; - # secure-stun = true; - cert = "/var/lib/acme/turn.sortug.com/fullchain.pem"; - pkey = "/var/lib/acme/turn.sortug.com/key.pem"; - min-port = 49152; - max-port = 49999; - }; - - # Open ports in the firewall. - networking.firewall = { - enable = true; - allowPing = false; - allowedTCPPorts = [ - 5349 # STUN tls - 5350 # STUN tls alt - 80 # http - 443 # https - ]; - allowedUDPPortRanges = [ - { from=49152; to=49999; } # TURN relay - ]; - }; - - # setup certs - services.nginx = { - enable = true; - virtualHosts = { - "turn.sortug.com" = { - forceSSL = true; - enableACME = true; - }; - }; - }; - users.groups.turnserver.members = ["nginx" "coturn"]; - - # share certs with coturn and restart on renewal - security.acme.certs = { - "turn.sortug.com" = { - postRun = "systemctl reload nginx.service; systemctl restart coturn.service"; - }; - }; -} - diff --git a/hosts/cloud/oldsortug/gitea.nix b/hosts/cloud/oldsortug/gitea.nix deleted file mode 100644 index a25773a..0000000 --- a/hosts/cloud/oldsortug/gitea.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, ...}: -{ - services.gitea = { - enable = true; - user = "git"; - appName = "Sortug Git"; - settings.server = { - domain = "git.sortug.com"; - ROOT_URL = "https://git.sortug.com/"; - SSH_PORT = 5522; - }; - lfs.enable = true; - }; - - users.users = { - git = { - description = "Gitea Service"; - home = "/var/lib/gitea"; - useDefaultShell = true; - group = "gitea"; - isSystemUser = true; - }; - }; - - - -} diff --git a/hosts/cloud/oldsortug/hardware-configuration.nix b/hosts/cloud/oldsortug/hardware-configuration.nix deleted file mode 100644 index f46db2a..0000000 --- a/hosts/cloud/oldsortug/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/32e438fa-ead6-47d5-8ebe-75f6b1d0c1a6"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/cloud/oldsortug/nginx.nix b/hosts/cloud/oldsortug/nginx.nix deleted file mode 100644 index ba64539..0000000 --- a/hosts/cloud/oldsortug/nginx.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: { - - security.acme.acceptTerms = true; - security.acme.defaults.email = "security@sortug.com"; - users.users.y.homeMode = "750"; - services.nginx = { - enable = true; - virtualHosts."old.sortug.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:9000"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_set_header Host $Host; - ''; - # actually important - }; - }; - }; -} diff --git a/hosts/cloud/oldsortug/packages.nix b/hosts/cloud/oldsortug/packages.nix deleted file mode 100644 index 6985acb..0000000 --- a/hosts/cloud/oldsortug/packages.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, pkgs, ... }: - -{ - nixpkgs.config = { - allowUnfree = true; - }; - - environment.systemPackages = with pkgs; [ - neovim - fish - # unix utilities - tmux - bat # cat replacement written in Rust - colordiff - direnv # Per-directory environment variables - lsd - fd # find replacement written in Rust - fzf # Fuzzy finder - git - glibcLocales - gnumake - htop # Resource monitoring - jq # JSON parsing for the CLI - lsof - ripgrep # grep replacement written in Rust - sd # Fancy sed replacement - silver-searcher - skim # High-powered fuzzy finder written in Rust - strace # debug stack trace - tealdeer # tldr for various shell tools - testdisk - tokei # Handy tool to see lines of code by language - watchexec # Fileystem watcher/executor useful for speedy development - xsv # CSV file parsing utility - just # Intriguing new make replacement - mdcat # Markdown converter/reader for the CLI - tree - unzip - zip - - # networking - curl - caddy # simple web server made with go - innernet - - # s3 - minio - # databases - # postgresql - # sqlite - ]; -} - diff --git a/hosts/cloud/oldsortug/users.nix b/hosts/cloud/oldsortug/users.nix deleted file mode 100644 index b3515c1..0000000 --- a/hosts/cloud/oldsortug/users.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, ... }: - - -let shellAliases = { - l = "lsd -lAh"; - la = "lsd -lAh"; - ports = "sudo lsof -i -P -n | grep LISTEN"; - gco = "git checkout"; - gcob = "git checkout -b"; -}; - -in { - programs.fish = { - inherit shellAliases; - enable = true; -# plugins = [{ -# name="foreign-env"; -# src = pkgs.fetchFromGitHub { -# owner = "oh-my-fish"; -# repo = "plugin-foreign-env"; -# rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; -# sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; -# }; -# }]; -}; - - users = { - extraUsers = { - y = { - group = "users"; - isNormalUser = true; - extraGroups = [ - "systemd-journal" - "wheel" - ]; - createHome = true; - home = "/home/y"; - isSystemUser = false; - shell = pkgs.fish; - openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; - }; -# urbit = { -# group = "users"; -# isNormalUser = true; -# createHome = true; -# isSystemUser = false; -# openssh.authorizedKeys.keys = -# [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/VzXbaX1CLqQfPCkRdMHzAKsbS//2B0qlw3ROnR74tgl7jrBP2qeYhydcNECqC5WWO+KLZrbOWdVLATLW6z6oLlMx6E6WCfRVx/F7coMd/FBYqHwJ2Z1PbG0YSjWH07GyVYU2Nc9HfW459aXpGQ2LlTjYP14i7DqvSesCIkfbPfHzwAkyDxj4oIMXS3LMQlh4u69YKoXS/LPU+1Qv+bT5alRc2Uw+/9/q1IfDDxIiKqt3EVNEM6p5QssXtlFhk0+7zXRApWbpYLbjAVHDHbFoPAXeKLQvpgnz1K84fOGNlXj9nISYfDba8NVWQbetKnVxmQNDUKk3jOcBFmjgHvYv pkova@Pyrys-MacBook-Pro.local" ]; -# }; - }; - }; -} - - - diff --git a/hosts/cloud/sing/default.nix b/hosts/cloud/sing/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/sing/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix index da267f6..9f75d14 100644 --- a/hosts/cloud/sortug/configuration.nix +++ b/hosts/cloud/sortug/configuration.nix @@ -1,84 +1,88 @@ -{ modulesPath, lib, ... }: { - imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - ./hardware-configuration.nix - (modulesPath + "/installer/scan/not-detected.nix") - ./gitea.nix - ./nginx.nix - ./minio.nix - # ./coturn.nix - ./disk-config.nix - # ./mail.nix - ]; + modulesPath, + lib, + ... +}: { + imports = + lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix + ++ [ + ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + ../../base.nix + ../../users.nix + ../../server.nix + ../packages.nix + ./gitea.nix + ./nginx.nix + ./minio.nix + # ./coturn.nix + ./disk-config.nix + # ./mail.nix + ]; - - boot = { + boot = { loader.grub.enable = true; # loader.grub.device = "/dev/sda"; - }; + }; - services.openssh = { - enable = true; - passwordAuthentication = false; - ports = [5522]; + services.do-agent.enable = true; + networking = { + firewall.enable = false; + networkmanager.enable = true; + hostName = "sortug"; # use Digital Ocean metadata server + useDHCP = false; + interfaces.enp3s0.ipv4.addresses = [ + { + address = "209.182.234.186"; + prefixLength = 24; + } + ]; + interfaces.enp3s0.ipv6.addresses = [ + { + address = "2602:ff16:14:0:1:f7:0:1"; + prefixLength = 64; + } + ]; + defaultGateway = { + address = "209.182.234.1"; + interface = "enp3s0"; }; - - users.users.root.openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; - - services.do-agent.enable = true; - networking = { - firewall.enable = false; - networkmanager.enable = true; - hostName = "sortug"; # use Digital Ocean metadata server - useDHCP = false; - interfaces.enp3s0.ipv4.addresses = [ - {address = "209.182.234.186"; prefixLength = 24;} - ]; - interfaces.enp3s0.ipv6.addresses = [ - {address = "2602:ff16:14:0:1:f7:0:1"; prefixLength = 64;} - ]; - defaultGateway = { - address = "209.182.234.1"; - interface = "enp3s0"; - }; - defaultGateway6 = { - address = "2602:ff16:14::1"; - interface = "enp3s0"; - }; - nameservers = [ - "8.8.8.8" - "8.8.4.4" - "2001:4860:4860::8888" - "2001:4860:4860::8844" - ]; - }; + defaultGateway6 = { + address = "2602:ff16:14::1"; + interface = "enp3s0"; + }; + nameservers = [ + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + ]; + }; # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x - services.resolved = { - enable = true; - domains = - [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; - }; + services.resolved = { + enable = true; + domains = ["2001:4860:4860::8888" "2001:4860:4860::8844"]; + }; - # networking.firewall = { - # enable = true; - # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; - # allowedUDPPorts = [ 40308 80 443 53 51820 5522 - # 50000 - # 50001 - # 50002 - # 50003 - # 50004 - # 50005 - # 50006 - # 50007 - # 50008 - # 50009 - # 50010 - # ]; - # }; + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 40308 80 443 53 51820 5522 + # 50000 + # 50001 + # 50002 + # 50003 + # 50004 + # 50005 + # 50006 + # 50007 + # 50008 + # 50009 + # 50010 + # ]; + # }; services.ntfy-sh = { enable = true; settings = { diff --git a/hosts/cloud/sortug/default.nix b/hosts/cloud/sortug/default.nix index 0307c7b..3669483 100644 --- a/hosts/cloud/sortug/default.nix +++ b/hosts/cloud/sortug/default.nix @@ -1,3 +1,4 @@ inputs: [ + inputs.disko.nixosModules.disko ./configuration.nix ] diff --git a/hosts/cloud/span/configuration.nix b/hosts/cloud/span/configuration.nix new file mode 100644 index 0000000..1157308 --- /dev/null +++ b/hosts/cloud/span/configuration.nix @@ -0,0 +1,72 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./users.nix + ./mail.nix + ./packages.nix + ./nginx.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "spanmail"; # Define your hostname. + # + # Enable networking + networking.networkmanager.enable = true; + + networking.interfaces.ens160.ipv4.addresses = [ + { + address = "185.32.214.66"; + prefixLength = 22; + } + ]; + networking.defaultGateway = "185.32.212.1"; + + networking.nameservers = ["185.32.212.3"]; + + # Set your time zone. + time.timeZone = "Europe/Zurich"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/cloud/span/default.nix b/hosts/cloud/span/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/span/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/span/flake.lock b/hosts/cloud/span/flake.lock new file mode 100644 index 0000000..6bc7bd0 --- /dev/null +++ b/hosts/cloud/span/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1704008649, + "narHash": "sha256-rGPSWjXTXTurQN9beuHdyJhB8O761w1Zc5BqSSmHvoM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d44d59d2b5bd694cd9d996fd8c51d03e3e9ba7f7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/cloud/span/flake.nix b/hosts/cloud/span/flake.nix new file mode 100644 index 0000000..b801212 --- /dev/null +++ b/hosts/cloud/span/flake.nix @@ -0,0 +1,16 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + outputs = { nixpkgs, ... }: + { + nixosConfigurations.spanmail = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ./users.nix + ./packages.nix + ./mail.nix + ]; + }; + }; +} diff --git a/hosts/cloud/span/hardware-configuration.nix b/hosts/cloud/span/hardware-configuration.nix new file mode 100644 index 0000000..fad27b2 --- /dev/null +++ b/hosts/cloud/span/hardware-configuration.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "ahci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7a5731fc-56f0-4ce5-9dbe-dec8d1ba25db"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/066C-4E19"; + fsType = "vfat"; + }; + swapDevices = [ { + device = "/var/lib/swapfile"; + size = 4*1024; + } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens160.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix new file mode 100644 index 0000000..d020fec --- /dev/null +++ b/hosts/cloud/span/mail.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: { + imports = [ + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + + sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8"; + }) + ]; + + services.dovecot2.sieve.extensions = [ "fileinto" ]; + mailserver = { + enable = true; + fqdn = "mail.spandrell.ch"; + domains = [ "spandrell.ch" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "s@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "book@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "site@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "lol@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "sub@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "security@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "parallax@spandrell.ch" = { + hashedPassword = "$2y$12$RVCKyEwpPmQLznKOgtXiBOR3nRy5aT3rFMtypJiDe6xFPfi/r3TXq"; + }; + "finnem@spandrell.ch" = { + hashedPasswordFile = "/home/span/finnem.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@spandrell.ch"; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.spandrell.ch"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.enable = true; +} diff --git a/hosts/cloud/span/nginx.nix b/hosts/cloud/span/nginx.nix new file mode 100644 index 0000000..cda5ab4 --- /dev/null +++ b/hosts/cloud/span/nginx.nix @@ -0,0 +1,46 @@ +{ config, pkgs, ... }: { + + services.nginx = { + enable = true; + appendHttpConfig = '' + limit_req_zone $binary_remote_addr zone=blog:10m rate=10r/s; + ''; + virtualHosts."spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + limit_req zone=blog burst=20 nodelay; + proxy_set_header Host $Host; + proxy_set_header Forwarded for=$remote_addr; + ''; + }; + }; + virtualHosts."u.spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8081"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + limit_req zone=blog burst=20 nodelay; + proxy_set_header Host $Host; + proxy_set_header Forwarded for=$remote_addr; + ''; + }; + }; + virtualHosts."s3.spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + }; + }; + }; +} diff --git a/hosts/cloud/span/packages.nix b/hosts/cloud/span/packages.nix new file mode 100644 index 0000000..6574071 --- /dev/null +++ b/hosts/cloud/span/packages.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + vim + helix + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + wget + + minio + ncdu + ]; +} + diff --git a/hosts/cloud/span/users.nix b/hosts/cloud/span/users.nix new file mode 100644 index 0000000..60e3a5a --- /dev/null +++ b/hosts/cloud/span/users.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; + }; + + users = { + users = { + span = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "networkmanager" + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/span"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" + ]; + }; + }; + }; +} + + + diff --git a/hosts/cloud/spanm/configuration.nix b/hosts/cloud/spanm/configuration.nix deleted file mode 100644 index 0ec8bf2..0000000 --- a/hosts/cloud/spanm/configuration.nix +++ /dev/null @@ -1,66 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "spanmail"; # Define your hostname. - # - # Enable networking - networking.networkmanager.enable = true; - - networking.interfaces.ens160.ipv4.addresses = [ { - address = "185.32.214.66"; - prefixLength = 22; - } ]; - networking.defaultGateway = "185.32.212.1"; - - networking.nameservers = [ "185.32.212.3" ]; - - # Set your time zone. - time.timeZone = "Europe/Zurich"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" -]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - -} diff --git a/hosts/cloud/spanm/flake.lock b/hosts/cloud/spanm/flake.lock deleted file mode 100644 index 6bc7bd0..0000000 --- a/hosts/cloud/spanm/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1704008649, - "narHash": "sha256-rGPSWjXTXTurQN9beuHdyJhB8O761w1Zc5BqSSmHvoM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d44d59d2b5bd694cd9d996fd8c51d03e3e9ba7f7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hosts/cloud/spanm/flake.nix b/hosts/cloud/spanm/flake.nix deleted file mode 100644 index b801212..0000000 --- a/hosts/cloud/spanm/flake.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - - outputs = { nixpkgs, ... }: - { - nixosConfigurations.spanmail = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./configuration.nix - ./users.nix - ./packages.nix - ./mail.nix - ]; - }; - }; -} diff --git a/hosts/cloud/spanm/hardware-configuration.nix b/hosts/cloud/spanm/hardware-configuration.nix deleted file mode 100644 index fad27b2..0000000 --- a/hosts/cloud/spanm/hardware-configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "ahci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/7a5731fc-56f0-4ce5-9dbe-dec8d1ba25db"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/066C-4E19"; - fsType = "vfat"; - }; - swapDevices = [ { - device = "/var/lib/swapfile"; - size = 4*1024; - } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens160.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/cloud/spanm/mail.nix b/hosts/cloud/spanm/mail.nix deleted file mode 100644 index d020fec..0000000 --- a/hosts/cloud/spanm/mail.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; - # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: - # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack - - sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8"; - }) - ]; - - services.dovecot2.sieve.extensions = [ "fileinto" ]; - mailserver = { - enable = true; - fqdn = "mail.spandrell.ch"; - domains = [ "spandrell.ch" ]; - - # A list of all login accounts. To create the password hashes, use - # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' - loginAccounts = { - "s@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "book@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "site@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "lol@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "sub@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "security@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; - }; - "parallax@spandrell.ch" = { - hashedPassword = "$2y$12$RVCKyEwpPmQLznKOgtXiBOR3nRy5aT3rFMtypJiDe6xFPfi/r3TXq"; - }; - "finnem@spandrell.ch" = { - hashedPasswordFile = "/home/span/finnem.key"; - }; - }; - - # Use Let's Encrypt certificates. Note that this needs to set up a stripped - # down nginx and opens port 80. - certificateScheme = "acme-nginx"; - }; - security.acme.acceptTerms = true; - security.acme.defaults.email = "security@spandrell.ch"; - services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "mail.spandrell.ch"; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - }; - services.nginx.enable = true; -} diff --git a/hosts/cloud/spanm/nginx.nix b/hosts/cloud/spanm/nginx.nix deleted file mode 100644 index cda5ab4..0000000 --- a/hosts/cloud/spanm/nginx.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, pkgs, ... }: { - - services.nginx = { - enable = true; - appendHttpConfig = '' - limit_req_zone $binary_remote_addr zone=blog:10m rate=10r/s; - ''; - virtualHosts."spandrell.ch" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8080"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - limit_req zone=blog burst=20 nodelay; - proxy_set_header Host $Host; - proxy_set_header Forwarded for=$remote_addr; - ''; - }; - }; - virtualHosts."u.spandrell.ch" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8081"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - limit_req zone=blog burst=20 nodelay; - proxy_set_header Host $Host; - proxy_set_header Forwarded for=$remote_addr; - ''; - }; - }; - virtualHosts."s3.spandrell.ch" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:9000"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_set_header Host $Host; - ''; - }; - }; - }; -} diff --git a/hosts/cloud/spanm/packages.nix b/hosts/cloud/spanm/packages.nix deleted file mode 100644 index 6574071..0000000 --- a/hosts/cloud/spanm/packages.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -{ - nixpkgs.config = { - allowUnfree = true; - }; - - environment.systemPackages = with pkgs; [ - vim - helix - fish - # unix utilities - tmux - bat # cat replacement written in Rust - colordiff - direnv # Per-directory environment variables - lsd - fd # find replacement written in Rust - fzf # Fuzzy finder - git - htop # Resource monitoring - jq # JSON parsing for the CLI - lsof - ripgrep # grep replacement written in Rust - sd # Fancy sed replacement - silver-searcher - strace # debug stack trace - tealdeer # tldr for various shell tools - testdisk - tokei # Handy tool to see lines of code by language - watchexec # Fileystem watcher/executor useful for speedy development - xsv # CSV file parsing utility - just # Intriguing new make replacement - mdcat # Markdown converter/reader for the CLI - tree - unzip - zip - - # networking - curl - wget - - minio - ncdu - ]; -} - diff --git a/hosts/cloud/spanm/users.nix b/hosts/cloud/spanm/users.nix deleted file mode 100644 index 60e3a5a..0000000 --- a/hosts/cloud/spanm/users.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, pkgs, ... }: - - -let shellAliases = { - l = "lsd -lAh"; - la = "lsd -lAh"; - ports = "sudo lsof -i -P -n | grep LISTEN"; - gco = "git checkout"; - gcob = "git checkout -b"; -}; - -in { - programs.fish = { - inherit shellAliases; - enable = true; - }; - - users = { - users = { - span = { - group = "users"; - isNormalUser = true; - extraGroups = [ - "networkmanager" - "systemd-journal" - "wheel" - ]; - createHome = true; - home = "/home/span"; - isSystemUser = false; - shell = pkgs.fish; - openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" - ]; - }; - }; - }; -} - - - diff --git a/hosts/darwin.nix b/hosts/darwin.nix new file mode 100644 index 0000000..909322b --- /dev/null +++ b/hosts/darwin.nix @@ -0,0 +1,10 @@ +inputs: let + mkDarwinSystem = system: path: + inputs.nixpkgs.lib.darwinSystem { + inherit system; + specialArgs = {inherit inputs;}; + modules = import (./. + "/${path}") inputs; + }; +in { + m1mba = mkDarwinSystem "aarch64-darwin" "mac/m1mba"; +} diff --git a/hosts/mac/Karabiner-DriverKit-VirtualHIDDevice/default.nix b/hosts/mac/Karabiner-DriverKit-VirtualHIDDevice/default.nix new file mode 100644 index 0000000..c08f415 --- /dev/null +++ b/hosts/mac/Karabiner-DriverKit-VirtualHIDDevice/default.nix @@ -0,0 +1,18 @@ +{ cpio, Karabiner-DriverKit-VirtualHIDDevice-src, stdenv, xar }: + +stdenv.mkDerivation { + pname = "Karabiner-DriverKit-VirtualHIDDevice"; + version = "2.1.0"; + src = Karabiner-DriverKit-VirtualHIDDevice-src + "/dist/Karabiner-DriverKit-VirtualHIDDevice-2.1.0.pkg"; + buildInputs = [ cpio xar ]; + unpackPhase = '' + xar -xf $src + mv Payload Payload.gz + gzip -d Payload.gz + mkdir extracted && cd extracted && cpio -i < ../Payload + ''; + dontBuild = true; + installPhase = '' + cp -r . $out + ''; +} diff --git a/hosts/mac/kmonad-daemon-shim/default.nix b/hosts/mac/kmonad-daemon-shim/default.nix new file mode 100644 index 0000000..2e53f78 --- /dev/null +++ b/hosts/mac/kmonad-daemon-shim/default.nix @@ -0,0 +1,18 @@ +{ Karabiner-DriverKit-VirtualHIDDevice, stdenv }: + +stdenv.mkDerivation { + pname = "kmonad-daemon-shim"; + version = "0.1.0"; + src = ./.; + patchPhase = '' + substituteInPlace main.c \ + --subst-var-by client "${Karabiner-DriverKit-VirtualHIDDevice}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient" + ''; + buildPhase = '' + cc main.c -o kmonad-daemon-shim + ''; + installPhase = '' + mkdir -p $out/bin + cp kmonad-daemon-shim $out/bin + ''; +} diff --git a/hosts/mac/kmonad-daemon-shim/main.c b/hosts/mac/kmonad-daemon-shim/main.c new file mode 100644 index 0000000..a9f0596 --- /dev/null +++ b/hosts/mac/kmonad-daemon-shim/main.c @@ -0,0 +1,23 @@ +#include +#include +#include + +char *const kdv_client[] = {"@client@"}; + +int main(int argc, char *argv[]) { + int r = fork(); + if (r < 0) { + perror("kmonad-service-shim: fork"); + return 1; + } else if (r == 0) { + r = execvp(kdv_client[0], kdv_client); + } else { + // To give time for kdv-client to start + sleep(1); + r = execvp("kmonad", argv); + }; + if (r < 0) { + perror("kmonad-service-shim: execvp"); + return 1; + } +} diff --git a/hosts/mac/m1mba/configuration.nix b/hosts/mac/m1mba/configuration.nix new file mode 100644 index 0000000..373f781 --- /dev/null +++ b/hosts/mac/m1mba/configuration.nix @@ -0,0 +1,18 @@ +{...}: { + imports = [ + ../../base.nix + ../mac.nix + ./users.nix + ./pkgs.nix + ]; + + # Auto upgrade nix package and the daemon service. + services.nix-daemon.enable = true; + # nix.package = pkgs.nix; + # Used for backwards compatibility, please read the changelog before changing. + # $ darwin-rebuild changelog + system.stateVersion = 4; + + # The platform the configuration will be used on. + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/hosts/mac/m1mba/keyboard.nix b/hosts/mac/m1mba/keyboard.nix new file mode 100644 index 0000000..f6b164f --- /dev/null +++ b/hosts/mac/m1mba/keyboard.nix @@ -0,0 +1,53 @@ +{ kmonad, config, lib, pkgs, ... }: + +let cfg = config.y.kmonad; in +{ + options.y.kmonad = { + enable = lib.mkEnableOption "kmonad"; + + config = lib.mkOption { + type = lib.types.lines; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ kmonad.overlays.default ]; + + launchd.daemons.kmonad-default.serviceConfig = { + EnvironmentVariables.PATH = "${pkgs.kmonad}/bin:${pkgs.overlays.Karabiner-DriverKit-VirtualHIDDevice}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS:${config.environment.systemPath}"; + KeepAlive = true; + Nice = -20; + ProgramArguments = [ + "/Applications/.Karabiner-VirtualHIDDevice-Manager.app/kmonad-daemon-shim" + "--input" + ''iokit-name "Apple Internal Keyboard / Trackpad"'' + + (toString (builtins.toFile "../../kmonad/mac.kbd" '' + (defcfg + input (iokit-name "Apple Internal Keyboard / Trackpad") + output (kext) + fallthrough true + allow-cmd false + ) + + ${cfg.config} + '')) + ]; + StandardOutPath = "/Library/Logs/KMonad/default-stdout"; + StandardErrorPath = "/Library/Logs/KMonad/default-stderr"; + RunAtLoad = true; + }; + + system.activationScripts.script.applications.text = '' + echo copying dext... + ${pkgs.rsync}/bin/rsync -a --delete ${pkgs.overlays.Karabiner-DriverKit-VirtualHIDDevice}/Applications/.Karabiner-VirtualHIDDevice-Manager.app/ /Applications/.Karabiner-VirtualHIDDevice-Manager.app + echo copying shim... + cp --no-preserve mode ${pkgs.overlays.kmonad-daemon-shim}/bin/kmonad-daemon-shim /Applications/.Karabiner-VirtualHIDDevice-Manager.app/kmonad-daemon-shim + chown root /Applications/.Karabiner-VirtualHIDDevice-Manager.app/kmonad-daemon-shim + chmod u=rx,og= /Applications/.Karabiner-VirtualHIDDevice-Manager.app/kmonad-daemon-shim + echo activating dext... + /Applications/.Karabiner-VirtualHIDDevice-Manager.app/Contents/MacOS/Karabiner-VirtualHIDDevice-Manager activate + printf '\x1b[0;31mPlease grant Input Monitoring permissions to /Applications/.Karabiner-VirtualHIDDevice-Manager.app/kmonad-daemon-shim in System Preferences > Security & Privacy > Privacy > Input Monitoring\x1b[0m\n' + ''; + }; +} diff --git a/hosts/mac/m1mba/mac.nix b/hosts/mac/m1mba/mac.nix new file mode 100644 index 0000000..dba3035 --- /dev/null +++ b/hosts/mac/m1mba/mac.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + fonts.fontDir.enable = true; + fonts.fonts = with pkgs; [ + recursive + (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + ]; + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToEscape = true; + }; +} diff --git a/hosts/mac/m1mba/pkgs.nix b/hosts/mac/m1mba/pkgs.nix new file mode 100644 index 0000000..dffcd66 --- /dev/null +++ b/hosts/mac/m1mba/pkgs.nix @@ -0,0 +1,68 @@ +{ pkgs, kmonad, unstablePkgs, ...}: + +{ +# custom +# y.kmonad.enable = true; + environment.systemPackages = with unstablePkgs; [ + # custom + pkgs.overlays.yabai + #unfree +# slack +# spotify +# corefonts +# symbola + #gui + alacritty + vscodium + tdesktop + # terminal + # + vim + neovim + helix + # --- + wget + htop + bat + gitAndTools.gitFull + lazygit + git-lfs + lsd + lsof + tmux + tmate + curlFull + ripgrep + ranger + minio + minio-client + zip + unzip + jq + vifm + nnn + # neovim asks for a c compiler just to run nvim-treesitter commands. let's see + fzf + killall + tree + deluge + ncdu + edir + bottom + pigz + rclone + # direnv + direnv + nix-direnv + # scraping + python310Packages.yt-dlp + # code + nodejs + node2nix + zig + gcc + gnumake + sqlite + ]; +} + diff --git a/hosts/mac/m1mba/services.nix b/hosts/mac/m1mba/services.nix new file mode 100644 index 0000000..52572ac --- /dev/null +++ b/hosts/mac/m1mba/services.nix @@ -0,0 +1,11 @@ +inputs: pkgs: +let inherit (pkgs) callPackage +in { + Karabiner-DriverKit-VirtualHIDDevice = callPackage + ./Karabiner-DriverKit-VirtualHIDDevice + { Karabiner-DriverKit-VirtualHIDDevice-src = inputs.kmonad + "/../c_src/mac/Karabiner-DriverKit-VirtualHIDDevice"; }; + kmonad-daemon-shim = callPackage ./kmonad-daemon-shim { }; + yabai = callPackage ./yabai { + inherit (pkgs) yabai; + }; +} \ No newline at end of file diff --git a/hosts/mac/m1mba/users.nix b/hosts/mac/m1mba/users.nix new file mode 100644 index 0000000..10eceac --- /dev/null +++ b/hosts/mac/m1mba/users.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; + v = "nvim"; + sv = "sudo nvim"; + dotsin = "sh ~/dotfiles/commit.sh"; + sourceit = ". (sed 's/^/export /' .env | psub)"; + rebuild = "darwin-rebuild switch --flake ~/dotfiles/nixos/mac"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; +# plugins = [{ +# name="foreign-env"; +# src = pkgs.fetchFromGitHub { +# owner = "oh-my-fish"; +# repo = "plugin-foreign-env"; +# rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; +# sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; +# }; +# }]; +}; + + users = { + users = { + y = { + createHome = true; + home = "/home/y"; + shell = pkgs.fish; + }; + }; + }; +} + + diff --git a/hosts/mac/mac.nix b/hosts/mac/mac.nix new file mode 100644 index 0000000..dba3035 --- /dev/null +++ b/hosts/mac/mac.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + fonts.fontDir.enable = true; + fonts.fonts = with pkgs; [ + recursive + (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + ]; + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToEscape = true; + }; +} diff --git a/hosts/mac/yabai/0001-mouse-follows-swap.patch b/hosts/mac/yabai/0001-mouse-follows-swap.patch new file mode 100644 index 0000000..ac7b8f5 --- /dev/null +++ b/hosts/mac/yabai/0001-mouse-follows-swap.patch @@ -0,0 +1,31 @@ +From 612465d4000cc747a1673a4b422f863aa2bfdc25 Mon Sep 17 00:00:00 2001 +From: Matthew Toohey +Date: Sat, 19 Nov 2022 19:55:08 -0500 +Subject: [PATCH] mouse follows swap + +--- + src/window_manager.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/window_manager.c b/src/window_manager.c +index b07a88b..96b07e1 100644 +--- a/src/window_manager.c ++++ b/src/window_manager.c +@@ -1812,6 +1812,14 @@ enum window_op_error window_manager_swap_window(struct space_manager *sm, struct + } + + window_manager_animate_window_list(window_list, ts_buf_len(window_list)); ++ ++ if (wm->enable_mff) { ++ struct window *focused_window_dest = NULL; ++ if (a->id == wm->focused_window_id) focused_window_dest = b; ++ else if (b->id == wm->focused_window_id) focused_window_dest = a; ++ if (focused_window_dest) window_manager_center_mouse(wm, focused_window_dest); ++ } ++ + return WINDOW_OP_ERROR_SUCCESS; + } + +-- +2.37.1 (Apple Git-137.1) + diff --git a/hosts/mac/yabai/default.nix b/hosts/mac/yabai/default.nix new file mode 100644 index 0000000..23e19cc --- /dev/null +++ b/hosts/mac/yabai/default.nix @@ -0,0 +1,5 @@ +{ yabai }: + +yabai.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or [ ]) ++ [ ./0001-mouse-follows-swap.patch ]; +}) diff --git a/hosts/nixos.nix b/hosts/nixos.nix index c5dc34a..b76285f 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -15,7 +15,7 @@ in { # pi4 = mkNixosSystem "aarch64-linux" "headless/pi4"; # # cloud boxes sortug = mkNixosSystem "x64_64-linux" "cloud/sortug"; - # lightnode = mkNixosSystem "x64_64-linux" "cloud/lightnode"; - # hostinger = mkNixosSystem "x64_64-linux" "cloud/hostinger"; + lightnode = mkNixosSystem "x64_64-linux" "cloud/bkk"; + hostinger = mkNixosSystem "x64_64-linux" "cloud/jeet"; # contabo = mkNixosSystem "x64_64-linux" "cloud/contabo"; } diff --git a/hosts/result b/hosts/result new file mode 120000 index 0000000..93c9528 --- /dev/null +++ b/hosts/result @@ -0,0 +1 @@ +/nix/store/8sa6lysp93fnchdl33wl5ig4pmxykddk-nixos-system-yn-ind-24.11.20240719.1d9c2c9 \ No newline at end of file diff --git a/hosts/server.nix b/hosts/server.nix new file mode 100644 index 0000000..5c76b5d --- /dev/null +++ b/hosts/server.nix @@ -0,0 +1,8 @@ +{...}: { + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + ports = [5522]; + }; + users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes"]; +} diff --git a/hosts/users.nix b/hosts/users.nix index 6c5394b..e6ba45f 100644 --- a/hosts/users.nix +++ b/hosts/users.nix @@ -1,33 +1,34 @@ -{ config, pkgs, ... }: - - -let shellAliases = { - l = "lsd -lAh"; - la = "lsd -lAh"; - ports = "sudo lsof -i -P -n | grep LISTEN"; - gco = "git checkout"; - gcob = "git checkout -b"; - v = "nvim"; - sv = "sudo nvim"; - dotsin = "sh ~/dotfiles/commit.sh"; - sourceit = ". (sed 's/^/export /' .env | psub)"; - sqlite = "rlwrap sqlite3"; - # rsyn = "rsync -zuvaP --filter=':- .gitignore'" -}; - +{ + config, + pkgs, + ... +}: let + shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; + v = "nvim"; + sv = "sudo nvim"; + dotsin = "sh ~/dotfiles/commit.sh"; + sourceit = ". (sed 's/^/export /' .env | psub)"; + sqlite = "rlwrap sqlite3"; + # rsyn = "rsync -zuvaP --filter=':- .gitignore'" + }; in { programs.fish = { - inherit shellAliases; - enable = true; - shellInit = '' - if not functions -q fisher - echo "no fisher" - curl -sL https://raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish | source - end - ''; - # fisher install jorgebucaran/fisher - # fisher install IlanCosman/tide@v6 -}; + inherit shellAliases; + enable = true; + # shellInit = '' + # if not functions -q fisher + # echo "no fisher" + # curl -sL https://raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish | source + # end + # ''; + # fisher install jorgebucaran/fisher + # fisher install IlanCosman/tide@v6 + }; users = { users = { @@ -51,5 +52,3 @@ in { }; }; } - - diff --git a/outputs.nix b/outputs.nix index 21c186e..846c4d9 100644 --- a/outputs.nix +++ b/outputs.nix @@ -11,7 +11,5 @@ }; in { nixosConfigurations = import ./hosts/nixos.nix inputs; - # darwinConfigurations = { - # m1mba = import ./hosts/mac/m1mba inputs; - # }; + darwinConfigurations = import ./hosts/darwin.nix inputs; } -- cgit v1.2.3