swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: enable matrix on winters

Browse source
This commit is contained in:
Swarsel 2024-09-25 17:21:24 +02:00
parent fc45873aad
commit a4e4bcd094
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
13 changed files with 377 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

114
SwarselSystems.org
View file

@ -409,7 +409,7 @@ A short overview over each input and what it does:
# nix for android
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05";
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -450,6 +450,11 @@ A short overview over each input and what it does:
zjstatus = {
url = "github:dj95/zjstatus";
};
fw-fanctrl = {
url = "github:TamtamHero/fw-fanctrl/packaging/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
#+end_src
*** let
:PROPERTIES:
@ -709,7 +714,7 @@ Nix on Android also demands an own flake output, which is provided here.
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./profiles/mysticant/configuration.nix
./profiles/mysticant
];
};
@ -1801,6 +1806,7 @@ My work machine. Built for more security, this is the gold standard of my config
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.fw-fanctrl.nixosModules.default
./hardware-configuration.nix
./disk-config.nix
@ -1845,6 +1851,7 @@ My work machine. Built for more security, this is the gold standard of my config
resumeDevice = "/dev/disk/by-label/nixos";
};
programs.fw-fanctrl.enable = true;
networking = {
hostName = "nbl-imba-2";
@ -2031,7 +2038,7 @@ My work machine. Built for more security, this is the gold standard of my config
networking = {
hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true;
firewall.enable = false;
firewall.allowedTCPPorts = [ 80 443 ];
};
@ -2056,6 +2063,63 @@ My work machine. Built for more security, this is the gold standard of my config
}
#+end_src
**** Magicant (Phone)
#+begin_src nix :tangle profiles/mysticant/default.nix
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}
#+end_src
*** Virtual hosts
@ -6574,8 +6638,8 @@ Also, the system state version is set here. No need to touch it.
};
environment.shellAliases = lib.recursiveUpdate {
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;";
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
}
config.swarselsystems.shellAliases;
@ -6721,9 +6785,11 @@ Also, the system state version is set here. No need to touch it.
};
users.users.swarsel.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
];
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
];
}
@ -6851,7 +6917,7 @@ Also, the system state version is set here. No need to touch it.
hardware = {
opengl.enable = true;
# opengl.enable = true;
enableAllFirmware = true;
};
@ -6861,7 +6927,7 @@ Also, the system state version is set here. No need to touch it.
enable = true;
openFirewall = true;
settings = {
LogLevel = "trace";
LogLevel = "error";
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/Vault/Eternor/Musik";
@ -6870,11 +6936,12 @@ Also, the system state version is set here. No need to touch it.
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 24h";
MPVPath = "${pkgs.mpv}/bin/mpv";
MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
Jukebox = {
Enabled = true;
Default = "pch";
Devices = [
"pch"
[ "pch" "alsa/sysdefault:CARD=PCH" ]
];
};
# Insert these values locally as sops-nix does not work for them
@ -7012,6 +7079,14 @@ Also, the system state version is set here. No need to touch it.
{ config, lib, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
baseUrl = "https://${matrixDomain}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${matrixDomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
@ -7162,7 +7237,7 @@ Also, the system state version is set here. No need to touch it.
services.mautrix-whatsapp = {
enable = true;
registerToSynapse = true;
registerToSynapse = false;
settings = {
homeserver = {
address = "http://localhost:8008";
@ -7209,7 +7284,7 @@ Also, the system state version is set here. No need to touch it.
services.mautrix-signal = {
enable = true;
registerToSynapse = true;
registerToSynapse = false;
settings = {
homeserver = {
address = "http://localhost:8008";
@ -7269,13 +7344,30 @@ Also, the system state version is set here. No need to touch it.
enableACME = true;
forceSSL = true;
acmeRoot = null;
listen = [
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.2:8008";
proxyPass = "http://localhost:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
"= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
};
};

122
flake.lock generated
View file

@ -215,6 +215,7 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -230,6 +231,21 @@
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -389,6 +405,28 @@
"type": "github"
}
},
"fw-fanctrl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724704488,
"narHash": "sha256-QmAanotjk81zsCwHI52XS4u9Cjv6KjNzTkYsAYFrubM=",
"owner": "TamtamHero",
"repo": "fw-fanctrl",
"rev": "db96c5962cff24f4c5977e30ca1c7626fb4171c7",
"type": "github"
},
"original": {
"owner": "TamtamHero",
"ref": "packaging/nix",
"repo": "fw-fanctrl",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -509,7 +547,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
@ -531,7 +569,7 @@
},
"nix-alien": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"nix-filter": "nix-filter",
"nix-index-database": "nix-index-database",
@ -637,20 +675,21 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1688144254,
"narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=",
"owner": "t184256",
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "2301e01d48c90b60751005317de7a84a51a87eb6",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github"
},
"original": {
"owner": "t184256",
"ref": "release-23.05",
"owner": "nix-community",
"ref": "release-24.05",
"repo": "nix-on-droid",
"type": "github"
}
@ -742,19 +781,35 @@
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"nixpkgs-docs": {
"locked": {
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
@ -962,19 +1017,25 @@
}
},
"nmd_2": {
"flake": false,
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "rycee",
"owner": "~rycee",
"repo": "nmd",
"type": "gitlab"
"type": "sourcehut"
}
},
"nmt": {
@ -1058,6 +1119,7 @@
"inputs": {
"disko": "disko",
"emacs-overlay": "emacs-overlay",
"fw-fanctrl": "fw-fanctrl",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
@ -1119,6 +1181,22 @@
"type": "github"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1683906868,
"narHash": "sha256-cif5Sx8Ca5vxdw/mNAgpulLH15TwmzyJFNM7JURpoaE=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "5a7bd491ac82441e6283fb0d5d54644b913b30c7",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_6",
@ -1147,7 +1225,7 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_4",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_3",

9
flake.nix
View file

@ -52,7 +52,7 @@
# nix for android
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05";
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -93,6 +93,11 @@
zjstatus = {
url = "github:dj95/zjstatus";
};
fw-fanctrl = {
url = "github:TamtamHero/fw-fanctrl/packaging/nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@ -323,7 +328,7 @@
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./profiles/mysticant/configuration.nix
./profiles/mysticant
];
};

28
profiles/mysticant/configuration.nix
View file

@ -1,13 +1,37 @@
{ pkgs, ... }: {
environment.packages = with pkgs; [
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
# Read the changelog before changing this value
system.stateVersion = "23.05";

48
profiles/mysticant/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

2
profiles/nbl-imba-2/default.nix
View file

@ -3,6 +3,7 @@
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.fw-fanctrl.nixosModules.default
./hardware-configuration.nix
./disk-config.nix
@ -47,6 +48,7 @@
resumeDevice = "/dev/disk/by-label/nixos";
};
programs.fw-fanctrl.enable = true;
networking = {
hostName = "nbl-imba-2";

4
profiles/server/common/default.nix
View file

@ -43,8 +43,8 @@
environment.shellAliases = lib.recursiveUpdate
{
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;";
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
}
config.swarselsystems.shellAliases;

31
profiles/server/common/matrix.nix
View file

@ -1,6 +1,14 @@
{ config, lib, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "swatrix.swarsel.win";
baseUrl = "https://${matrixDomain}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${matrixDomain}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
@ -151,7 +159,7 @@ in
services.mautrix-whatsapp = {
enable = true;
registerToSynapse = true;
registerToSynapse = false;
settings = {
homeserver = {
address = "http://localhost:8008";
@ -198,7 +206,7 @@ in
services.mautrix-signal = {
enable = true;
registerToSynapse = true;
registerToSynapse = false;
settings = {
homeserver = {
address = "http://localhost:8008";
@ -258,13 +266,30 @@ in
enableACME = true;
forceSSL = true;
acmeRoot = null;
listen = [
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.2:8008";
proxyPass = "http://localhost:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
"= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
};
};

7
profiles/server/common/navidrome.nix
View file

@ -26,7 +26,7 @@
hardware = {
opengl.enable = true;
# opengl.enable = true;
enableAllFirmware = true;
};
@ -36,7 +36,7 @@
enable = true;
openFirewall = true;
settings = {
LogLevel = "trace";
LogLevel = "error";
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/Vault/Eternor/Musik";
@ -45,11 +45,12 @@
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 24h";
MPVPath = "${pkgs.mpv}/bin/mpv";
MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
Jukebox = {
Enabled = true;
Default = "pch";
Devices = [
"pch"
[ "pch" "alsa/sysdefault:CARD=PCH" ]
];
};
# Insert these values locally as sops-nix does not work for them

2
profiles/server/common/ssh.nix
View file

@ -6,9 +6,11 @@ _:
};
users.users.swarsel.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
];
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
../../../secrets/keys/mysticant.pub
];
}

48
profiles/server/mysticant/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, ... }: {
environment = {
packages = with pkgs; [
vim
git
openssh
toybox
dig
man
gnupg
];
etcBackupExtension = ".bak";
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;
};
# Backup etc files instead of failing to activate generation if a file already exists in /etc
# Read the changelog before changing this value
system.stateVersion = "23.05";
# Set up nix for flakes
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

2
profiles/server/winters/default.nix
View file

@ -28,7 +28,7 @@
networking = {
hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true;
firewall.enable = false;
firewall.allowedTCPPorts = [ 80 443 ];
};

1
secrets/keys/mysticant.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4REr8UMRxIr2gxx5DHpEE9WKNgBlgcz8TZQal23aF3 nix-on-droid@localhost