cry/flake
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: cry:56af3c8919a817ea06f3613ef692f7a03567a93a
Branches Tags
cry:main
cry:pc/latest
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost
..
compare: cry:8c0f6606fa821611667f1768dbfd798968557367
Branches Tags
cry:main
cry:pc/latest
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost

No commits in common. "56af3c8919a817ea06f3613ef692f7a03567a93a" and "8c0f6606fa821611667f1768dbfd798968557367" have entirely different histories.
56af3c8919 ... 8c0f6606fa

11 changed files with 428 additions and 381 deletions
Download patch file Download diff file Expand all files Collapse all files

3
deploy
View file

@ -19,8 +19,7 @@ collect_garbage () {
rebuild_flake () { rebuild_flake () {
# make sure all changes are visible to nixos # make sure all changes are visible to nixos
# (--intent-to-add tracks files but DOES NOT stage them) git add . --verbose
git add . --intent-to-add --verbose
local FLAGS= local FLAGS=
if [ "$1" = "reinstall-bootloader" ]; then if [ "$1" = "reinstall-bootloader" ]; then
FLAGS="--install-bootloader" FLAGS="--install-bootloader"

122
homes/modules/editor/helix.nix
View file

@ -1,61 +1,5 @@
{ {pkgs, ...}: {
pkgs, # read https://docs.helix-editor.com/editor.html
pkgs-unstable,
...
}: let
lsps = {
bash-language-server =
{
pkg = pkgs.bash-language-server;
cmd = "bash-language-server";
};
clangd =
{
pkg = pkgs.clang-tools;
cmd = "clangd";
};
haskell-language-server =
{
pkg = pkgs.haskell-language-server;
cmd = "haskell-language-server-wrapper";
};
# TODO: once upgraded past Nix-24.07 this line won't be necessary (I think)
# helix will support nixd by default
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd =
{
pkg = pkgs.nixd;
cmd = "nixd";
};
OmniSharp =
{
pkg = pkgs.omnisharp-roslyn;
cmd = "OmniSharp";
};
rust-analyzer =
{
pkg = pkgs.rust-analyzer;
cmd = "rust-analyzer";
};
ty =
{
pkg = pkgs-unstable.ty;
cmd = "ty";
};
};
in {
home.packages =
lsps
|> builtins.attrValues
|> map (lsp: lsp.pkg);
# REF: https://docs.helix-editor.com/editor.html
programs.helix = { programs.helix = {
enable = true; enable = true;
settings = { settings = {
@ -184,12 +128,11 @@ in {
}; };
auto-format = false; # my python is beautiful ^_^ auto-format = false; # my python is beautiful ^_^
rulers = [80]; rulers = [80];
language-servers = ["ty"];
} }
{ {
name = "c"; name = "c";
file-types = ["c" "h"]; # use .hpp for C++ file-types = ["c" "h"]; # use .hpp for C++
auto-format = true; auto-format = false;
formatter.command = "${pkgs.clang-tools}/bin/clang-format"; formatter.command = "${pkgs.clang-tools}/bin/clang-format";
language-servers = ["clangd"]; language-servers = ["clangd"];
} }
@ -209,26 +152,49 @@ in {
formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; formatter.command = "${pkgs.rustfmt}/bin/rustfmt";
language-servers = ["rust-analyzer"]; language-servers = ["rust-analyzer"];
} }
{ # {
name = "c-sharp"; # name = "c-sharp";
file-types = ["cs"]; # source = "source.cs";
indent = { # file-types = ["cs"];
tab-width = 4; # indent = {
unit = " "; # tab-width = 4;
}; # unit = " ";
block-comment-tokens = { # };
start = "/*"; # block-comment-tokens = {
end = "*/"; # start = "/*";
}; # end = "*/";
# auto-format = false; # };
# formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; # # auto-format = false;
# language-servers = ["OmniSharp"]; # # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp";
} # # language-servers = ["OmniSharp"];
# }
]; ];
language-server = language-server = {
lsps # use nixd as default nix lsp (I haven't tried nil yet)
|> builtins.mapAttrs (_: lsp: { command = "${lsp.pkg}/bin/${lsp.cmd}"; }); # NOTE: nixd will be supported by default after nix 24.07
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd = {
command = "${pkgs.nixd}/bin/nixd";
};
# clangd for C
clangd = {
command = "${pkgs.clang-tools}/bin/clangd";
};
haskell-language-server = {
command = "${pkgs.haskell-language-server}/bin/haskell-language-server-wrapper";
};
rust-analyzer = {
command = "${pkgs.rust-analyzer}/bin/rust-analyzer";
};
# C# language services
OmniSharp = {
command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp";
};
};
}; };
}; };
} }

353
hosts/hyrule/default.nix
View file

@ -1,6 +1,8 @@
{ {
pkgs, pkgs,
pkgs-unstable, pkgs-unstable,
inputs,
lib,
... ...
}: let }: let
home-manager = builtins.fetchTarball { home-manager = builtins.fetchTarball {
@ -12,13 +14,12 @@ in {
./hardware-configuration.nix ./hardware-configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
./services/forgejo.nix
./services/vaultwarden.nix
./services/nginx.nix
# ./mailserver.nix # TEMP: location # ./mailserver.nix # TEMP: location
# ./minecraft-server.nix # TEMP: location # ./minecraft-server.nix # TEMP: location
../modules/bashistrans.nix #../modules/server/nginx.nix
#../modules/server/ssh.nix
#../modules/server/fail2ban.nix
]; ];
nix.settings = { nix.settings = {
@ -32,6 +33,15 @@ in {
]; ];
}; };
# nixpkgs.config.allowUnfreePredicate = let
# whitelist = map lib.getName [
# "minecraft-server"
# pkgs.minecraft-server
# pkgs-unstable.minecraft-server
# ];
# in
# pkg: builtins.elem (lib.getName pkg) whitelist;
time.timeZone = "Australia/Brisbane"; time.timeZone = "Australia/Brisbane";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -82,6 +92,30 @@ in {
]; ];
}; };
# wireguard.interfaces = {
# wg0 = {
# ips = ["10.10.10.4/24"]; # my IP and the subnet (keyword: "AND")
# listenPort = 54231;
#
# privateKeyFile = "/root/wg_agrivpn_hyrule";
#
# peers = [
# {
# # peer's public key
# publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY=";
#
# # choose which traffic to forward
# allowedIPs = ["10.0.51.0/24" "10.10.10.0/24"];
#
# # TODO: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# endpoint = "150.242.34.33:54231";
#
# # send keepalives every 25 seconds. Important to keep NAT tables alive.
# persistentKeepalive = 25;
# }
# ];
# };
# };
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
address = [ address = [
@ -116,7 +150,7 @@ in {
extraGroups = ["wheel"]; extraGroups = ["wheel"];
shell = pkgs.bash; shell = pkgs.bash;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev"
]; ];
}; };
@ -142,6 +176,70 @@ in {
}; };
services = { services = {
# simple nginx instance to host static construction page
# TODO: I want sshd and forgejo's ssh server to both be bound to port 22
# So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc)
# and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address)
nginx = {
enable = true;
# in wake of CVE-2022-3602/CVE-2022-3786
package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# streamConfig = ''
# server {
# listen 127.0.0.1:53 udp reuseport;
# proxy_timeout 20s;
# proxy_pass 192.168.0.1:53535;
# }
# '';
virtualHosts = let
localhost = "http://127.0.0.1";
std = {
# TODO: should I run over QUIC+HTTP3? (experimental)
# quic = true;
# http3 = true;
enableACME = true;
# kTLS = true; # offload TLS to the linux kernel
};
in {
"imbored.dev" =
{
default = true;
addSSL = true; # not strictly enforced <3
root = "/var/www/imbored";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
# Route "vault" subdomain to vaultwarden
"vault.imbored.dev" =
{
forceSSL = true;
locations."/".proxyPass = "${localhost}:8222";
}
// std;
# Route "forge" subdomain to forgejo
# TODO: use `forgejo.settings.server.ENABLE_ACME` instead?
"forge.imbored.dev" =
{
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "${localhost}:3000";
}
// std;
};
};
openssh = { openssh = {
enable = true; enable = true;
ports = [22]; ports = [22];
@ -153,8 +251,235 @@ in {
X11Forwarding = false; X11Forwarding = false;
}; };
}; };
};
vaultwarden = {
enable = true;
dbBackend = "sqlite";
# backupDir = "/var/backup/vaultwarden"; # disable with null
# https://mynixos.com/nixpkgs/option/services.vaultwarden.config
config = {
# internal address and port to listen on
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
# hostname to listen for
DOMAIN = "https://vault.imbored.dev";
# signup policy
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
};
# https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
};
# stalwart-mail = let
# domain = "imbored.dev";
# in {
# enable = false; # true;
# # openFirewall = true; # im doing this manually rn
# settings = {
# certificate."${domain}" = {
# cert = "file://${certs.${domain}.cert}";
# private-key = "file://${certs.${domain}.key}";
# };
# server = {
# hostname = domain;
# tls = {
# certificate = "${domain}";
# enable = true;
# implicit = false;
# };
# listener = {
# "smtp-submission" = {
# bind = ["127.0.0.1:587"];
# protocol = "smtp";
# };
# "imap" = {
# bind = ["127.0.0.1:143"];
# protocol = "imap";
# };
# };
# };
# session = {
# rcpt.directory = "in-memory";
# auth = {
# mechanisms = ["PLAIN"];
# directory = "in-memory";
# };
# };
# jmap.directory = "in-memory";
# queue.outbound.next-hop = ["local"];
# directory."in-memory" = {
# type = "memory";
# users = [
# {
# name = "me";
# secret = "foobar";
# email = ["me@${domain}"];
# }
# {
# name = "Emile";
# secret = "foobar";
# email = ["emile@${domain}"];
# }
# ];
# };
# };
# };
# more options here: https://mynixos.com/nixpkgs/options/services.forgejo
# TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
# (might need me to override settings in the nixpkg)
# TODO: create a custom theme for forgejo (modify the source files most likely)
forgejo = {
enable = true;
# enable support for Git Large File Storage
lfs.enable = true;
database = {
type = "sqlite3"; # postgres
host = "127.0.0.1";
port = "3306"; # 5432 if postgres
};
# settings are written directly to the `app.ini` config file
# refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
settings = {
server = {
# ENABLE_ACME = true;
# ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev"
DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"?
ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server
# address and port to listen on
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
PROTOCOL = "http"; # http internally, reverse proxy uses https externally
START_SSH_SERVER = true;
DISABLE_SSH = false;
SSH_PORT = 2222;
};
DEFAULT = {
APP_NAME = "tearforge";
APP_SLOGIN = "but cozy";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::";
};
repository = {
DEFAULT_PRIVATE = "private"; # last, private, public
# repo/org created on push to non-existent
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = false;
DEFAULT_PUSH_CREATE_PRIVATE = true;
MAX_CREATION_LIMIT = -1;
};
"repository.upload" = {
# max per-file size in MB
FILE_MAX_SIZE = 50;
# max number of files per upload
MAX_FILES = 5;
};
badges = let
# flat, flat-square, plastic, for-the-badge, social
style = "for-the-badge";
in {
ENABLED = true;
GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
};
"ui.meta" = {
AUTHOR = "Emile Clark-Boman - emileclarkb";
DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?";
KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies";
};
markdown = {
ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true;
ENABLE_MATH = true;
};
admin = {
DEFAULT_EMAIL_NOTIFICATIONS = "enabled";
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
};
security = {
# Controls access to the installation page.
# When set to “true”, the installation page is not accessible.
#INSTALL_LOCK = false;
PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50)
MIN_PASSWORD_LENGTH = 12;
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
PASSWORD_CHECK_PWN = true;
};
service = {
DISABLE_REGISTRATION = true; # toggle for new users
#DEFAULT_USER_IS_RESTRICTED = true;
# Forbid login with third-party services (ie github)
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
ENABLE_CAPTCHA = true;
REQUIRE_CAPTCHA_FOR_LOGIN = true;
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true;
LOGIN_REMEMBER_DAYS = 365;
ENABLE_NOTIFY_MAIL = true;
};
"service.explore" = {
REQUIRE_SIGNIN_VIEW = false;
DISABLE_USERS_PAGE = false;
DISABLE_ORGANIZATIONS_PAGE = false;
DISABLE_CODE_PAGE = false;
};
cache = {
ADAPTER = "twoqueue";
HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}";
ITEM_TTL = "16h";
};
# TODO: fill this in once my mail server is configured
# email.incoming = { ... };
# optional
# TODO: fill this in once my mail server is configured
mailer = {
ENABLED = false;
SMTP_ADDR = "mail.imbored.dev";
FROM = "noreply@imbored.dev";
USER = "noreply@imbored.dev";
};
log = {
MODE = "file";
LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical"
ENABLE_SSH_LOG = true;
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
other = {
SHOW_FOOTER_VERSION = true;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true;
SHOW_FOOTER_POWERED_BY = true;
ENABLE_SITEMAP = true;
ENABLE_FEED = true;
};
};
};
};
security = { security = {
# accept Lets Encrypt's security policy (for nginx) # accept Lets Encrypt's security policy (for nginx)
acme = { acme = {
@ -182,5 +507,21 @@ in {
helix helix
]; ];
programs = {
fish.enable = true;
bash = {
completion.enable = true;
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
};
system.stateVersion = "24.11"; # DO NOT MODIFY system.stateVersion = "24.11"; # DO NOT MODIFY
} }

1
hosts/hyrule/services/mailserver.nix → hosts/hyrule/mailserver.nix
View file

@ -28,7 +28,6 @@
aliases = ["emile@imbored.dev"]; aliases = ["emile@imbored.dev"];
hashedPasswordFile = let hashedPasswordFile = let
CWD = builtins.getEnv "PWD"; CWD = builtins.getEnv "PWD";
# XXX: TODO: use a secrets manager!
in "${CWD}/secrets/passwd/me"; in "${CWD}/secrets/passwd/me";
}; };
}; };

0
hosts/hyrule/services/minecraft-server.nix → hosts/hyrule/minecraft-server.nix
View file

150
hosts/hyrule/services/forgejo.nix
View file

@ -1,150 +0,0 @@
{...}: {
# more options here: https://mynixos.com/nixpkgs/options/services.forgejo
# TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
# (might need me to override settings in the nixpkg)
# TODO: create a custom theme for forgejo (modify the source files most likely)
services.forgejo = {
enable = true;
# enable support for Git Large File Storage
lfs.enable = true;
database = {
type = "sqlite3"; # postgres
host = "127.0.0.1";
port = "3306"; # 5432 if postgres
};
# settings are written directly to the `app.ini` config file
# refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
settings = {
server = {
# ENABLE_ACME = true;
# ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev"
DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"?
ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server
# address and port to listen on
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3000;
PROTOCOL = "http"; # http internally, reverse proxy uses https externally
START_SSH_SERVER = true;
DISABLE_SSH = false;
SSH_PORT = 2222;
};
DEFAULT = {
APP_NAME = "tearforge";
APP_SLOGIN = "but cozy";
APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::";
};
repository = {
DEFAULT_PRIVATE = "private"; # last, private, public
# repo/org created on push to non-existent
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = false;
DEFAULT_PUSH_CREATE_PRIVATE = true;
MAX_CREATION_LIMIT = -1;
};
"repository.upload" = {
# max per-file size in MB
FILE_MAX_SIZE = 50;
# max number of files per upload
MAX_FILES = 5;
};
badges = let
# flat, flat-square, plastic, for-the-badge, social
style = "for-the-badge";
in {
ENABLED = true;
GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
};
"ui.meta" = {
AUTHOR = "Emile Clark-Boman - emileclarkb";
DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?";
KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies";
};
markdown = {
ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true;
ENABLE_MATH = true;
};
admin = {
DEFAULT_EMAIL_NOTIFICATIONS = "enabled";
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
};
security = {
# Controls access to the installation page.
# When set to “true”, the installation page is not accessible.
#INSTALL_LOCK = false;
PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50)
MIN_PASSWORD_LENGTH = 12;
PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
PASSWORD_CHECK_PWN = true;
};
service = {
DISABLE_REGISTRATION = true; # toggle for new users
#DEFAULT_USER_IS_RESTRICTED = true;
# Forbid login with third-party services (ie github)
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
ENABLE_CAPTCHA = true;
REQUIRE_CAPTCHA_FOR_LOGIN = true;
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true;
LOGIN_REMEMBER_DAYS = 365;
ENABLE_NOTIFY_MAIL = true;
};
"service.explore" = {
REQUIRE_SIGNIN_VIEW = false;
DISABLE_USERS_PAGE = false;
DISABLE_ORGANIZATIONS_PAGE = false;
DISABLE_CODE_PAGE = false;
};
cache = {
ADAPTER = "twoqueue";
HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}";
ITEM_TTL = "16h";
};
# TODO: fill this in once my mail server is configured
# email.incoming = { ... };
# optional
# TODO: fill this in once my mail server is configured
mailer = {
ENABLED = false;
SMTP_ADDR = "mail.dobutterfliescry.net";
FROM = "iforgor@dobutterfliescry.net";
USER = "iforgor@dobutterfliescry.net";
};
log = {
MODE = "file";
LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical"
ENABLE_SSH_LOG = true;
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
other = {
SHOW_FOOTER_VERSION = true;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true;
SHOW_FOOTER_POWERED_BY = true;
ENABLE_SITEMAP = true;
ENABLE_FEED = true;
};
};
};
}

99
hosts/hyrule/services/nginx.nix
View file

@ -1,99 +0,0 @@
{pkgs, ...}: {
nixpkgs.overlays = [
(self: super: {
# in wake of CVE-2022-3602/CVE-2022-3786
nginxStable = super.nginxStable.override {openssl = pkgs.libressl;};
})
];
# simple nginx instance to host static construction page
# TODO: I want sshd and forgejo's ssh server to both be bound to port 22
# So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc)
# and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address)
services.nginx = {
enable = true;
# XXX: TODO: this should auto use the nginxStable overlay no?
# in wake of CVE-2022-3602/CVE-2022-3786
# package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# streamConfig = ''
# server {
# listen 127.0.0.1:53 udp reuseport;
# proxy_timeout 20s;
# proxy_pass 192.168.0.1:53535;
# }
# '';
virtualHosts = let
localhost = "http://127.0.0.1";
std = {
# TODO: should I run over QUIC+HTTP3? (experimental)
# quic = true;
# http3 = true;
enableACME = true;
# kTLS = true; # offload TLS to the linux kernel
};
website =
{
default = true;
addSSL = true; # not strictly enforced <3
root = "/var/www/imbored";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
vault =
{
forceSSL = true;
locations."/".proxyPass = "${localhost}:8222";
}
// std;
forge =
{
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "${localhost}:3000";
}
// std;
in {
# XXX: TODO: imbored.dev and dobutterfliescry.net can't
# XXX: TODO: be active at the same time??? why??
# "imbored.dev" =
# {
# default = true;
# addSSL = true; # not strictly enforced <3
# root = "/var/www/imbored";
# # extraConfig = ''
# # error_page 404 /custom_404.html;
# # '';
# }
# // std;
"dobutterfliescry.net" =
{
default = true;
addSSL = true; # not strictly enforced <3
root = "/var/www/cry";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
# Route "vault" subdomain to vaultwarden
"vault.imbored.dev" = vault;
# Route "forge" subdomain to forgejo
# TODO: use `forgejo.settings.server.ENABLE_ACME` instead?
"forge.imbored.dev" = forge;
# "forge.dobutterfliescry.net" = forge;
};
};
}

25
hosts/hyrule/services/vaultwarden.nix
View file

@ -1,25 +0,0 @@
{...}: {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
# backupDir = "/var/backup/vaultwarden"; # disable with null
# https://mynixos.com/nixpkgs/option/services.vaultwarden.config
config = {
# internal address and port to listen on
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
# hostname to listen for
DOMAIN = "https://vault.imbored.dev";
# signup policy
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
};
# https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
};
}

9
hosts/lolcathost/default.nix
View file

@ -296,12 +296,13 @@ in {
# C Family # C Family
gcc gcc
clang clang
clang-tools
clang-tools
# Rust # Rust
cargo cargo
rustc rustc
rustfmt rustfmt
rust-analyzer
# Go # Go
go go
# Nim # Nim
@ -310,12 +311,16 @@ in {
# Haskell # Haskell
ghc ghc
ghcid ghcid
haskell-language-server
ormolu ormolu
# Nix # Nix
# TODO: once upgraded past Nix-24.07 this line won't be necessary (I think)
# helix will support nixd by default
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
nixd # lsp for nix
nix-prefetch-git nix-prefetch-git
nix-index nix-index
nix-unit
deploy-rs deploy-rs
# Python # Python

32
hosts/modules/bashistrans.nix
View file

@ -2,26 +2,22 @@
# I want to use fish as my login shell but it always goes terrible # I want to use fish as my login shell but it always goes terrible
# cause it isn't POSIX compliant, so instead Bash is my login and # cause it isn't POSIX compliant, so instead Bash is my login and
# will just exec fish (^-^) # will just exec fish (^-^)
programs = { programs.bash = {
fish.enable = true; blesh.enable = false; # ble.sh replacement for GNU readline
completion.enable = true;
bash = { interactiveShellInit = ''
blesh.enable = false; # ble.sh replacement for GNU readline # help bash transition into a beautiful fish!
completion.enable = true; if [[ -z $CRY_BASH_IS_TRANS ]]
then
interactiveShellInit = '' if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
# help bash transition into a beautiful fish!
if [[ -z $CRY_BASH_IS_TRANS ]]
then then
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
then exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
fi fi
# bash is trans now! (no more transitioning required) fi
export CRY_BASH_IS_TRANS=true # bash is trans now! (no more transitioning required)
''; export CRY_BASH_IS_TRANS=true
}; '';
}; };
} }

15
hosts/myputer/default.nix
View file

@ -307,9 +307,19 @@ in {
# Haskell # Haskell
ghc ghc
ghcid ghcid
haskell-language-server
ormolu ormolu
# Java # Java
# jdk17
# (jre8.overrideAttrs
# (oldAttrs: {
# enableJavaFX = true;
# }))
# (jdk8.overrideAttrs
# (oldAttrs: {
# enableJavaFX = true;
# }))
visualvm visualvm
# Python # Python
@ -347,6 +357,11 @@ in {
tesseract # for my work with Agribit tesseract # for my work with Agribit
# TODO: once upgraded past Nix-24.07 this line won't be necessary (I think)
# helix will support nixd by default
# SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix
# nixd # lsp for nix # DEBUG
# Pretty necessary # Pretty necessary
git git
git-filter-repo git-filter-repo