swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: enable matrix on winters

Browse source
This commit is contained in:
Swarsel 2024-09-25 17:21:24 +02:00
parent fc45873aad
commit a4e4bcd094
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
13 changed files with 377 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

114
SwarselSystems.org
View file

@ -409,7 +409,7 @@ A short overview over each input and what it does:
# nix for android # nix for android
nix-on-droid = { nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05"; url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -450,6 +450,11 @@ A short overview over each input and what it does:
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";
}; };
fw-fanctrl = {
url = "github:TamtamHero/fw-fanctrl/packaging/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
#+end_src #+end_src
*** let *** let
:PROPERTIES: :PROPERTIES:
@ -709,7 +714,7 @@ Nix on Android also demands an own flake output, which is provided here.
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ modules = [
./profiles/mysticant/configuration.nix ./profiles/mysticant
]; ];
}; };
@ -1801,6 +1806,7 @@ My work machine. Built for more security, this is the gold standard of my config
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.fw-fanctrl.nixosModules.default
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
@ -1845,6 +1851,7 @@ My work machine. Built for more security, this is the gold standard of my config
resumeDevice = "/dev/disk/by-label/nixos"; resumeDevice = "/dev/disk/by-label/nixos";
}; };
programs.fw-fanctrl.enable = true;
networking = { networking = {
hostName = "nbl-imba-2"; hostName = "nbl-imba-2";
@ -2031,7 +2038,7 @@ My work machine. Built for more security, this is the gold standard of my config
networking = { networking = {
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a"; hostId = "b7778a4a";
firewall.enable = true; firewall.enable = false;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
@ -2056,6 +2063,63 @@ My work machine. Built for more security, this is the gold standard of my config
} }
#+end_src
**** Magicant (Phone)
#+begin_src nix :tangle profiles/mysticant/default.nix
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}
#+end_src #+end_src
*** Virtual hosts *** Virtual hosts
@ -6574,8 +6638,8 @@ Also, the system state version is set here. No need to touch it.
}; };
environment.shellAliases = lib.recursiveUpdate { environment.shellAliases = lib.recursiveUpdate {
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;
@ -6721,9 +6785,11 @@ Also, the system state version is set here. No need to touch it.
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users.swarsel.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
]; ];
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
]; ];
} }
@ -6851,7 +6917,7 @@ Also, the system state version is set here. No need to touch it.
hardware = { hardware = {
opengl.enable = true; # opengl.enable = true;
enableAllFirmware = true; enableAllFirmware = true;
}; };
@ -6861,7 +6927,7 @@ Also, the system state version is set here. No need to touch it.
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
LogLevel = "trace"; LogLevel = "error";
Address = "0.0.0.0"; Address = "0.0.0.0";
Port = 4040; Port = 4040;
MusicFolder = "/Vault/Eternor/Musik"; MusicFolder = "/Vault/Eternor/Musik";
@ -6870,11 +6936,12 @@ Also, the system state version is set here. No need to touch it.
Scanner.GroupAlbumReleases = true; Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 24h"; ScanSchedule = "@every 24h";
MPVPath = "${pkgs.mpv}/bin/mpv"; MPVPath = "${pkgs.mpv}/bin/mpv";
MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
Jukebox = { Jukebox = {
Enabled = true; Enabled = true;
Default = "pch"; Default = "pch";
Devices = [ Devices = [
"pch" [ "pch" "alsa/sysdefault:CARD=PCH" ]
]; ];
}; };
# Insert these values locally as sops-nix does not work for them # Insert these values locally as sops-nix does not work for them
@ -7012,6 +7079,14 @@ Also, the system state version is set here. No need to touch it.
{ config, lib, pkgs, modulesPath, sops, ... }: { config, lib, pkgs, modulesPath, sops, ... }:
let let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
baseUrl = "https://${matrixDomain}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${matrixDomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in in
{ {
@ -7162,7 +7237,7 @@ Also, the system state version is set here. No need to touch it.
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
registerToSynapse = true; registerToSynapse = false;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -7209,7 +7284,7 @@ Also, the system state version is set here. No need to touch it.
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
registerToSynapse = true; registerToSynapse = false;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -7269,13 +7344,30 @@ Also, the system state version is set here. No need to touch it.
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
listen = [
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = { locations = {
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.2:8008"; proxyPass = "http://localhost:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
}; };
}; };
}; };

122
flake.lock generated
View file

@ -215,6 +215,7 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -230,6 +231,21 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -389,6 +405,28 @@
"type": "github" "type": "github"
} }
}, },
"fw-fanctrl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724704488,
"narHash": "sha256-QmAanotjk81zsCwHI52XS4u9Cjv6KjNzTkYsAYFrubM=",
"owner": "TamtamHero",
"repo": "fw-fanctrl",
"rev": "db96c5962cff24f4c5977e30ca1c7626fb4171c7",
"type": "github"
},
"original": {
"owner": "TamtamHero",
"ref": "packaging/nix",
"repo": "fw-fanctrl",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -509,7 +547,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
@ -531,7 +569,7 @@
}, },
"nix-alien": { "nix-alien": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
@ -637,20 +675,21 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2" "nmd": "nmd_2"
}, },
"locked": { "locked": {
"lastModified": 1688144254, "lastModified": 1720396533,
"narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=", "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "t184256", "owner": "nix-community",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"rev": "2301e01d48c90b60751005317de7a84a51a87eb6", "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "t184256", "owner": "nix-community",
"ref": "release-23.05", "ref": "release-24.05",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"type": "github" "type": "github"
} }
@ -742,19 +781,35 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-for-bootstrap": { "nixpkgs-docs": {
"locked": { "locked": {
"lastModified": 1686921029, "lastModified": 1705957679,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", "rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github" "type": "github"
} }
}, },
@ -962,19 +1017,25 @@
} }
}, },
"nmd_2": { "nmd_2": {
"flake": false, "inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": { "locked": {
"lastModified": 1666190571, "lastModified": 1705050560,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "rycee", "owner": "~rycee",
"repo": "nmd", "repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "gitlab" "type": "sourcehut"
}, },
"original": { "original": {
"owner": "rycee", "owner": "~rycee",
"repo": "nmd", "repo": "nmd",
"type": "gitlab" "type": "sourcehut"
} }
}, },
"nmt": { "nmt": {
@ -1058,6 +1119,7 @@
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"fw-fanctrl": "fw-fanctrl",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
@ -1119,6 +1181,22 @@
"type": "github" "type": "github"
} }
}, },
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1683906868,
"narHash": "sha256-cif5Sx8Ca5vxdw/mNAgpulLH15TwmzyJFNM7JURpoaE=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "5a7bd491ac82441e6283fb0d5d54644b913b30c7",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
@ -1147,7 +1225,7 @@
"base16-kitty": "base16-kitty", "base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux", "base16-tmux": "base16-tmux",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager_3", "home-manager": "home-manager_3",

9
flake.nix
View file

@ -52,7 +52,7 @@
# nix for android # nix for android
nix-on-droid = { nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05"; url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -93,6 +93,11 @@
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";
}; };
fw-fanctrl = {
url = "github:TamtamHero/fw-fanctrl/packaging/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
@ -323,7 +328,7 @@
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ modules = [
./profiles/mysticant/configuration.nix ./profiles/mysticant
]; ];
}; };

38
profiles/mysticant/configuration.nix
View file

@ -1,13 +1,37 @@
{ pkgs, ... }: { { pkgs, ... }: {
environment.packages = with pkgs; [ environment = {
vim packages = with pkgs; [
git vim
man git
gnupg openssh
]; toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc # Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
# Read the changelog before changing this value # Read the changelog before changing this value
system.stateVersion = "23.05"; system.stateVersion = "23.05";

48
profiles/mysticant/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

2
profiles/nbl-imba-2/default.nix
View file

@ -3,6 +3,7 @@
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.fw-fanctrl.nixosModules.default
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
@ -47,6 +48,7 @@
resumeDevice = "/dev/disk/by-label/nixos"; resumeDevice = "/dev/disk/by-label/nixos";
}; };
programs.fw-fanctrl.enable = true;
networking = { networking = {
hostName = "nbl-imba-2"; hostName = "nbl-imba-2";

4
profiles/server/common/default.nix
View file

@ -43,8 +43,8 @@
environment.shellAliases = lib.recursiveUpdate environment.shellAliases = lib.recursiveUpdate
{ {
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;

31
profiles/server/common/matrix.nix
View file

@ -1,6 +1,14 @@
{ config, lib, pkgs, modulesPath, sops, ... }: { config, lib, pkgs, modulesPath, sops, ... }:
let let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
baseUrl = "https://${matrixDomain}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${matrixDomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in in
{ {
@ -151,7 +159,7 @@ in
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
registerToSynapse = true; registerToSynapse = false;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -198,7 +206,7 @@ in
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
registerToSynapse = true; registerToSynapse = false;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -258,13 +266,30 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
listen = [
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = { locations = {
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.2:8008"; proxyPass = "http://localhost:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
}; };
}; };
}; };

7
profiles/server/common/navidrome.nix
View file

@ -26,7 +26,7 @@
hardware = { hardware = {
opengl.enable = true; # opengl.enable = true;
enableAllFirmware = true; enableAllFirmware = true;
}; };
@ -36,7 +36,7 @@
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
LogLevel = "trace"; LogLevel = "error";
Address = "0.0.0.0"; Address = "0.0.0.0";
Port = 4040; Port = 4040;
MusicFolder = "/Vault/Eternor/Musik"; MusicFolder = "/Vault/Eternor/Musik";
@ -45,11 +45,12 @@
Scanner.GroupAlbumReleases = true; Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 24h"; ScanSchedule = "@every 24h";
MPVPath = "${pkgs.mpv}/bin/mpv"; MPVPath = "${pkgs.mpv}/bin/mpv";
MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
Jukebox = { Jukebox = {
Enabled = true; Enabled = true;
Default = "pch"; Default = "pch";
Devices = [ Devices = [
"pch" [ "pch" "alsa/sysdefault:CARD=PCH" ]
]; ];
}; };
# Insert these values locally as sops-nix does not work for them # Insert these values locally as sops-nix does not work for them

2
profiles/server/common/ssh.nix
View file

@ -6,9 +6,11 @@ _:
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users.swarsel.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
]; ];
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
]; ];
} }

48
profiles/server/mysticant/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

2
profiles/server/winters/default.nix
View file

@ -28,7 +28,7 @@
networking = { networking = {
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a"; hostId = "b7778a4a";
firewall.enable = true; firewall.enable = false;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };

1
secrets/keys/mysticant.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4REr8UMRxIr2gxx5DHpEE9WKNgBlgcz8TZQal23aF3 nix-on-droid@localhost