diff --git a/TODO.md b/TODO.md index 52635fc..023c781 100644 --- a/TODO.md +++ b/TODO.md @@ -1,10 +1,9 @@ - [ ] Update the README.md - [ ] switch ssh keys to ECC (fuck RSA) +- [ ] forgejo not post-quantum (fix that) -- [ ] migrate forge.dobutterfliescry.net -> tearforge.net -- [ ] rename forgejo user to git +- [X] migrate forge.dobutterfliescry.net -> tearforge.net +- [X] rename forgejo user to git - [ ] setup my own VPN -- [ ] connect match to my VPN +- [ ] connect matcha to my VPN - [ ] use matcha to build stuff instead of using my laptop - -- [ ] make `ceru` do local and remote deployments diff --git a/colors.rasi b/colors.rasi new file mode 100644 index 0000000..a36f6aa --- /dev/null +++ b/colors.rasi @@ -0,0 +1,20 @@ +* { + background: rgba(51,37,65,0.9); + foreground: rgba(198,186,227,0.9); + color00: rgba(78,66,70,0.9); + color01: rgba(111,91,159,0.9); + color02: rgba(120,98,164,0.9); + color03: rgba(131,128,181,0.9); + color04: rgba(154,127,183,0.9); + color05: rgba(157,129,185,0.9); + color06: rgba(123,153,183,0.9); + color07: rgba(165,148,207,0.9); + color08: rgba(115,103,145,0.9); + color09: rgba(129,102,193,0.9); + color10: rgba(140,112,199,0.9); + color11: rgba(145,141,218,0.9); + color12: rgba(170,126,217,0.9); + color13: rgba(174,130,220,0.9); + color14: rgba(135,181,228,0.9); + color15: rgba(165,148,207,0.9); +} diff --git a/flake.lock b/flake.lock index 26fea2d..c2f4558 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,6 @@ "cerulean": { "inputs": { "deploy-rs": "deploy-rs", - "home-manager": "home-manager", "microvm": "microvm", "nixpkgs": [ "nixpkgs" @@ -16,17 +15,14 @@ ] }, "locked": { - "lastModified": 1771194110, - "narHash": "sha256-x6rijGWmPL5FTpkr+8vpcKKCOT33QHEV8bP6ibEAXFE=", - "owner": "cry128", - "repo": "Cerulean", - "rev": "d527937829dec0f410f126a2f85e374cb99a2fbb", - "type": "github" + "lastModified": 1771650297, + "narHash": "sha256-7A952ZrngNdgSJWPLvKdVyGCXn1WtuBUMG4JoRTSCso=", + "path": "/home/me/cry/mk/cerulean", + "type": "path" }, "original": { - "owner": "cry128", - "repo": "Cerulean", - "type": "github" + "path": "/home/me/cry/mk/cerulean", + "type": "path" } }, "deploy-rs": { @@ -65,17 +61,17 @@ ] }, "locked": { - "lastModified": 1770947070, - "narHash": "sha256-g/l/iUET/M+nSrXlwYF2e0KeKqgGpjy3qhwQY4tG62A=", + "lastModified": 1771281537, + "narHash": "sha256-mSFKM4DEvg1mMk3WaE4VQHOEg4UUxfqqfYUnIxeQeQE=", "ref": "refs/heads/main", - "rev": "4fc28bfb4f95071d34184c7ba3153eaff87eba41", - "revCount": 121, + "rev": "3678fe95787bb660c4e9ff9933c5d03693a07a76", + "revCount": 122, "type": "git", - "url": "https://forge.dobutterfliescry.net/cry/site" + "url": "https://tearforge.net/cry/site" }, "original": { "type": "git", - "url": "https://forge.dobutterfliescry.net/cry/site" + "url": "https://tearforge.net/cry/site" } }, "flake-compat": { @@ -169,28 +165,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "cerulean", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770260404, - "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -220,11 +194,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1770310890, - "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=", + "lastModified": 1771365290, + "narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5", + "rev": "789c90b164b55b4379e7a94af8b9c01489024c18", "type": "github" }, "original": { @@ -304,11 +278,11 @@ ] }, "locked": { - "lastModified": 1770943752, - "narHash": "sha256-3vWAy2BCP5liaCEKmeqeVWbTCF/JnukgMOg8qf8mCcg=", + "lastModified": 1771375681, + "narHash": "sha256-qDDw0ruBZ1kt63j4uVP5Xrd1OxGKIYrSFnig0z6ozSw=", "owner": "FlameFlag", "repo": "nixcord", - "rev": "aa1626057e57eca3686fbc1c3e2ddfde884c6b2a", + "rev": "d030dbb48ab020092681a39c878c1d48a553ffc1", "type": "github" }, "original": { @@ -319,11 +293,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", + "lastModified": 1771208521, + "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", + "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8", "type": "github" }, "original": { @@ -350,11 +324,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "lastModified": 1771008912, + "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "rev": "a82ccc39b39b621151d6732718e3e250109076fa", "type": "github" }, "original": { @@ -389,15 +363,15 @@ "locked": { "lastModified": 1770975056, "narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=", - "owner": "cry128", - "repo": "nt", + "ref": "refs/heads/main", "rev": "f42dcdd49a7921a7f433512e83d5f93696632412", - "type": "github" + "revCount": 205, + "type": "git", + "url": "https://tearforge.net/cry/nt" }, "original": { - "owner": "cry128", - "repo": "nt", - "type": "github" + "type": "git", + "url": "https://tearforge.net/cry/nt" } }, "root": { @@ -405,7 +379,7 @@ "cerulean": "cerulean", "dobutterfliescry-net": "dobutterfliescry-net", "grub2-themes": "grub2-themes", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", "nixcord": "nixcord", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 2e7b315..2b50529 100644 --- a/flake.nix +++ b/flake.nix @@ -12,16 +12,15 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nt.url = "github:cry128/nt"; - # nt.url = "/home/me/cry/mk/nt"; + nt.url = "git+https://tearforge.net/cry/nt"; cerulean = { - url = "github:cry128/Cerulean"; - # url = "/home/me/cry/mk/Cerulean"; + # url = "git+https://tearforge.net/cry/cerulean"; + url = "/home/me/cry/mk/cerulean"; inputs = { + nt.follows = "nt"; systems.follows = "systems"; nixpkgs.follows = "nixpkgs"; - nt.follows = "nt"; }; }; @@ -37,7 +36,7 @@ }; dobutterfliescry-net = { - url = "git+https://forge.dobutterfliescry.net/cry/site"; + url = "git+https://tearforge.net/cry/site"; inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable"; @@ -50,6 +49,8 @@ extra-experimental-features = "pipe-operators"; }; - outputs = inputs: - import ./snow.nix inputs; + outputs = inputs: let + inherit (inputs.cerulean) snow; + in + snow.flake inputs ./.; } diff --git a/groups/all/default.nix b/groups/all/default.nix index a636196..fac958f 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -9,13 +9,16 @@ # NOTE: mkDefault is 1000 and mkForce is 50 # NOTE: so this is like a second mkDefault - security.sudo.wheelNeedsPassword = lib.mkDefault true; + security.sudo.wheelNeedsPassword = true; networking = { networkmanager.enable = true; nftables.enable = true; - firewall.enable = lib.mkDefault true; + firewall = { + enable = lib.mkDefault true; + allowPing = lib.mkDefault true; + }; # Use CloudFlare's WARP+ 1.1.1.1 DNS service nameservers = [ @@ -28,6 +31,7 @@ enable = true; clean.enable = true; clean.extraArgs = "--keep-since 7d --keep 3"; + # TODO: move nh config to be home-manager flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you }; diff --git a/groups/cryde/default.nix b/groups/cryde/default.nix index 02c1be0..7e09671 100644 --- a/groups/cryde/default.nix +++ b/groups/cryde/default.nix @@ -1,16 +1,20 @@ { + inputs, pkgs, upkgs, config, ... }: { - imports = [ + imports = with inputs; [ ./programs.nix ../../hosts/modules/bashistrans.nix ../../hosts/modules/wm/hyprland.nix ../../hosts/modules/steam.nix ../../hosts/modules/obsidian.nix + + grub2-themes.nixosModules.default + nix-flatpak.nixosModules.nix-flatpak ]; boot.loader.grub2-theme = { diff --git a/groups/cryos/default.nix b/groups/cryos/default.nix index 82699d6..60e3cf3 100644 --- a/groups/cryos/default.nix +++ b/groups/cryos/default.nix @@ -7,22 +7,6 @@ ./programs.nix ]; - nixpkgs.config.allowUnfreePredicate = let - whitelist = with pkgs; - map lib.getName [ - discord - steam - steamcmd - steam-unwrapped - - winbox - - obsidian - gitkraken - ]; - in - pkg: builtins.elem (lib.getName pkg) whitelist; - boot.loader = { efi = { canTouchEfiVariables = true; diff --git a/groups/cryos/programs.nix b/groups/cryos/programs.nix index 3e58545..c915036 100644 --- a/groups/cryos/programs.nix +++ b/groups/cryos/programs.nix @@ -111,11 +111,12 @@ libargon2 ]; - programs = { - gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-curses; - enableSSHSupport = true; - }; - }; + # services.pcscd.enable = true; + # programs = { + # gnupg.agent = { + # enable = true; + # pinentryPackage = pkgs.pinentry-curses; + # enableSSHSupport = true; + # }; + # }; } diff --git a/groups/server/default.nix b/groups/server/default.nix index 32fe569..1f97310 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,8 +1,15 @@ -{lib, ...}: { - networking.firewall = { - allowedTCPPorts = [ - 42069 # ssh - ]; +{ + pkgs, + lib, + ... +}: { + networking = { + firewall = { + allowedTCPPorts = [ + 42069 # ssh + ]; + }; + nftables.enable = true; }; security = { @@ -42,6 +49,7 @@ services.fail2ban = { enable = true; + ignoreIP = ["192.168.0.0/16"]; maxretry = 5; bantime = "10m"; # 10 minute ban bantime-increment = { @@ -62,10 +70,15 @@ extraGroups = ["wheel"]; openssh.authorizedKeys.keys = lib.mkDefault [ (throw '' + You goofy goober :3 Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`. '') ]; }; }; }; + + environment.systemPackages = with pkgs; [ + unixtools.netstat + ]; } diff --git a/homes/ae/default.nix b/homes/cry/default.nix similarity index 100% rename from homes/ae/default.nix rename to homes/cry/default.nix diff --git a/homes/me/default.nix b/homes/me/default.nix index 169219f..73a4074 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -118,25 +118,31 @@ hostname = "dobutterfliescry.net"; user = "cry"; port = 42069; - identityFile = "~/.ssh/id_butterfly"; + identityFile = "~/keys/butterfly"; setEnv = { - TERM = "linux"; + TERM = "xterm-256color"; }; }; - clocktown = { + hyrule = { hostname = "hyrule.dobutterfliescry.net"; user = "cry"; port = 42069; - identityFile = "~/.ssh/id_hyrule"; + identityFile = "~/keys/hyrule"; setEnv = { - TERM = "linux"; + TERM = "xterm-256color"; }; }; + matcha = { + hostname = "192.168.88.250"; + user = "emile"; + port = 22; + identityFile = "~/keys/matcha"; + }; youcue = { hostname = "moss.labs.eait.uq.edu.au"; user = "s4740056"; port = 22; - identityFile = "~/.ssh/id_youcue"; + identityFile = "~/keys/other/youcue"; setEnv = { TERM = "xterm-256color"; }; diff --git a/homes/modules/fish.nix b/homes/modules/fish.nix index 69d82f3..77a2324 100755 --- a/homes/modules/fish.nix +++ b/homes/modules/fish.nix @@ -37,6 +37,10 @@ "The god of the stars rejects your offering. The ritual can only be performed at night." "You should have just died..." "Supreme Witch, Calamitas has killed every player!" + + "A broken heart beats in fractals" # Key Fairy + + "Remember our promise" # Signalis ] |> map (x: "\"${x}\"") |> builtins.concatStringsSep " "; diff --git a/hosts/butterfly/default.nix b/hosts/butterfly/default.nix index 83ff46d..feeff1f 100755 --- a/hosts/butterfly/default.nix +++ b/hosts/butterfly/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ./services ]; @@ -16,16 +16,16 @@ firewall = { allowedTCPPorts = [ + 22 # forgejo ssh 80 # nginx # 143 # IMAP4 443 # nginx # 587 # SMTPS - 2222 # forgejo ssh - 2035 # debug (for my job) + 2222 # TEMP: forgejo ssh # 3000 (INTERNAL) forgejo # 3306 (INTERNAL) forgejo sqlite3 database - 5000 # debug (for my job) # 8222 (INTERNAL) vaultwarden + 42069 # ssh 45000 # minecaft server ]; allowedUDPPorts = [ @@ -57,6 +57,18 @@ # }; }; + services.pixiecore = { + enable = false; + + port = 1234; + statusPort = 1234; + openFirewall = true; + listen = "0.0.0.0"; + + quick = "xyz"; + mode = "boot"; + }; + users.users.cry = { openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" diff --git a/hosts/butterfly/hardware-configuration.nix b/hosts/butterfly/hardware.nix similarity index 100% rename from hosts/butterfly/hardware-configuration.nix rename to hosts/butterfly/hardware.nix diff --git a/hosts/butterfly/services/default.nix b/hosts/butterfly/services/default.nix index d6f75e1..b7d96af 100644 --- a/hosts/butterfly/services/default.nix +++ b/hosts/butterfly/services/default.nix @@ -1,5 +1,7 @@ {...}: { imports = [ ./nginx.nix + ./forgejo.nix + ./vaultwarden.nix ]; } diff --git a/hosts/butterfly/services/forgejo.nix b/hosts/butterfly/services/forgejo.nix index d5d680d..d1dec7e 100644 --- a/hosts/butterfly/services/forgejo.nix +++ b/hosts/butterfly/services/forgejo.nix @@ -1,10 +1,39 @@ -{...}: { +{ + config, + lib, + ... +}: let + cfg = config.services.forgejo; +in { + # REF: https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/services/misc/forgejo.nix + # REF: forgejo doesn't create the user/group by default if its name isn't "forgejo" + users.users = lib.mkIf (cfg.user != "forgejo") { + ${cfg.user} = { + home = cfg.stateDir; + useDefaultShell = true; + group = cfg.group; + isSystemUser = true; + }; + }; + users.groups = lib.mkIf (cfg.group != "forgejo") { + ${cfg.group} = {}; + }; + # more options here: https://mynixos.com/nixpkgs/options/services.forgejo # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo # (might need me to override settings in the nixpkg) # TODO: create a custom theme for forgejo (modify the source files most likely) services.forgejo = { enable = true; + + # XXX: WARNING: XXX: WARNING: XXX: TODO: set user="git" and settings.server.SSH_PORT=22 + # XXX: WARNING: XXX: WARNING: XXX: TODO: (currently both cause errors) + # XXX: WARNING: XXX: WARNING: XXX: TODO: THE USER FAILS I THINK CAUSE THE DIRECTORY DOESNT CHANGE THE USER PERMISSIONS + + user = "git"; # user forgejo runs as + # group = "forgejo"; # group forgejo runs as + # stateDir = "/var/lib/forgejo"; + # enable support for Git Large File Storage lfs.enable = true; database = { @@ -17,9 +46,9 @@ settings = { server = { # ENABLE_ACME = true; - # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" - DOMAIN = "dobutterfliescry.net"; # should this be "imbored.dev"? - ROOT_URL = "https://forge.dobutterfliescry.net"; # full public URL of the Forgejo server + # ACME_EMAIL = "them@dobutterfliescry.net"; + DOMAIN = "tearforge.net"; + ROOT_URL = "https://tearforge.net"; # address and port to listen on HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3000; @@ -40,7 +69,7 @@ DEFAULT_PRIVATE = "private"; # last, private, public # repo/org created on push to non-existent ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = false; + ENABLE_PUSH_CREATE_ORG = true; DEFAULT_PUSH_CREATE_PRIVATE = true; MAX_CREATION_LIMIT = -1; }; @@ -67,7 +96,7 @@ "ui.meta" = { AUTHOR = "Emile Clark-Boman - emileclarkb"; DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; - KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; + KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies,cry,tearforge"; }; markdown = { @@ -119,12 +148,11 @@ # email.incoming = { ... }; # optional - # TODO: fill this in once my mail server is configured mailer = { ENABLED = false; - SMTP_ADDR = "mail.dobutterfliescry.net"; - FROM = "iforgor@dobutterfliescry.net"; - USER = "iforgor@dobutterfliescry.net"; + SMTP_ADDR = "mail.tearforge.net"; + FROM = "noreply@tearforge.net"; + USER = "noreply@tearforge.net"; }; log = { diff --git a/hosts/butterfly/services/nginx.nix b/hosts/butterfly/services/nginx.nix index 5dcb5c6..9d5bc08 100644 --- a/hosts/butterfly/services/nginx.nix +++ b/hosts/butterfly/services/nginx.nix @@ -43,16 +43,15 @@ locations."/".proxyPass = "${localhost}:8222"; } // std; - # "tearforge.net" = - # { - # forceSSL = true; - # extraConfig = '' - # client_max_body_size 512M; - # ''; - # locations."/".proxyPass = "${localhost}:3000"; - # } - # // std; - # "tearforge.net" = forge; + "tearforge.net" = + { + forceSSL = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "${localhost}:3000"; + } + // std; }; }; } diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 9690354..0adb056 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; # super duper minimum grub2 config diff --git a/hosts/hyrule/hardware-configuration.nix b/hosts/hyrule/hardware.nix similarity index 100% rename from hosts/hyrule/hardware-configuration.nix rename to hosts/hyrule/hardware.nix diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index b0d87f8..e3a1309 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; networking.hostName = "lolcathost"; diff --git a/hosts/lolcathost/hardware-configuration.nix b/hosts/lolcathost/hardware.nix similarity index 100% rename from hosts/lolcathost/hardware-configuration.nix rename to hosts/lolcathost/hardware.nix diff --git a/hosts/matcha/default.nix b/hosts/matcha/default.nix new file mode 100644 index 0000000..4d5d322 --- /dev/null +++ b/hosts/matcha/default.nix @@ -0,0 +1,26 @@ +{...}: { + imports = [ + ./hardware.nix + ./state.nix + ]; + + boot.loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + grub = { + efiSupport = true; + device = "nodev"; + }; + }; + + networking.hostName = "matcha"; + + users.users.cry = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYwbPjW26fHivB+UpxRArY7nFI09VLAD9xxOiPk/u+YPAOVR8SYTpsHj3L8kI3ENRtt3PRJb97ZfLpPaAJ0LJiZv4qzisDjbfck12FxSDseQlF2JaJZ4wrJ9llcqJbRLKd5wV4KotrDm8Ct2JSBFOdTBQBGJqtNrLOcAtDqVmDPXsWyONINegtcYHumTbJcQU1ksCABdjW5R1dhJesOuMOM8EvrUtDyftvD7sgnBlXTzybP9c1AphUuBMSR5yEz/cDl+iPtQq7tgB+iepCCuNMGQu1wZFPBCMrZtMoxq6gzmZ4oV+W6tfmGEbtdkY+ix+2j960Zngcw7Gj+aYyMY2TyVJuJmIvlzfcrlsbr1TH35Y/5oYhJA+X6aFpgomUsurJ6/QdI1wQ+ceUCnZEeg/8z+WNaq/Bp2hPzT9Y7SPWolpaotDhh9wiuyVqn5VQqwL2lELfvZM4Lu8l6vRPDeMZTemI1nc5jg3aVpJqZTPqFVcCWrWXfdCFwnfy/SdU0JAprCzVvoqkwDHsJwkxY/NcxlNGNha+8oYZgSH1CZhEp3Z7CDJCTDd5PxxCQHs90ENCWFsoGQIV01dAgwD63460En9q2kGr6gO2aRewMD5Vr8AzeGV87vsR3ARpPQVzEWLX08B076Idjwrz8aebdRYBEg7WCxRe5UVI1i/V8j/zQw== emile@deadlyserver.com" + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGEvtRs3C4hjSuvVm2lukqOvObCz5gVlFthcvpGHAqlBgZo47CNJM78WoviEQWceqtu9ZzJdRJ7qEK9ZGvTM0XTSgExkOs6YdS3J7M3i3YS1vcj9KVPinLhiE90aED/319pbYKFrRs/lRzl8XLeaPNqenNMNJBqeary8+r5u9JC6zYCeQ== me@lolcathost" + ]; + }; +} diff --git a/hosts/matcha/hardware.nix b/hosts/matcha/hardware.nix new file mode 100644 index 0000000..aadc3d1 --- /dev/null +++ b/hosts/matcha/hardware.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d54a5644-744b-4b2a-8c4b-c12836498724"; + fsType = "ext4"; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/12CE-A600"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9513ded6-662e-42f7-926e-64d198c2ae7c"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/matcha/state.nix b/hosts/matcha/state.nix new file mode 100644 index 0000000..f6f238f --- /dev/null +++ b/hosts/matcha/state.nix @@ -0,0 +1,20 @@ +{...}: { + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.11"; # Did you read the comment? +} diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index 1b397d4..28e7e05 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -5,7 +5,7 @@ ... }: { imports = [ - ./hardware-configuration.nix + ./hardware.nix ]; networking = { diff --git a/hosts/myputer/hardware-configuration.nix b/hosts/myputer/hardware.nix similarity index 100% rename from hosts/myputer/hardware-configuration.nix rename to hosts/myputer/hardware.nix diff --git a/nixpkgs.nix b/nixpkgs.nix index 816800f..fcd5db4 100644 --- a/nixpkgs.nix +++ b/nixpkgs.nix @@ -4,15 +4,11 @@ system, ... } @ args: { - nixpkgs.channels.default = rec { - default = pkgs; - # nixpkgs (stable branch) - pkgs = { - inherit system; - source = inputs.nixpkgs; + nixpkgs.channels = { + default = { overlays = [ inputs.dobutterfliescry-net.overlays.default - (import ./overlays/default.nix args) + (import ./overlays args) ]; config = { # allowUnfree = false; @@ -29,13 +25,37 @@ ]; }; }; + + # nixpkgs (stable branch) + # pkgs = { + # inherit system; + # source = inputs.nixpkgs; + # overlays = [ + # inputs.dobutterfliescry-net.overlays.default + # (import ./overlays args) + # ]; + # config = { + # # allowUnfree = false; + # allowBroken = false; + # allowUnfreePredicate = pkg: + # builtins.elem (lib.getName pkg) [ + # "discord" + # "steam" + # "steamcmd" + # "steam-unwrapped" + + # "obsidian" + # "gitkraken" + # ]; + # }; + # }; # nixpkgs-unstable upkgs = { inherit system; source = inputs.nixpkgs-unstable; overlays = [ inputs.dobutterfliescry-net.overlays.default - (import ./overlays/default.nix args) + (import ./overlays args) ]; config = { allowUnfree = false; diff --git a/overlays/default.nix b/overlays/default.nix index d18a23d..ac0af8a 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,4 +1,4 @@ -{inputs, ...}: ( +{...}: ( self: super: { angry-oxide = import ../packages/angryoxide { pkgs = super; diff --git a/snow.nix b/snow.nix index 4d3b575..7b2e878 100644 --- a/snow.nix +++ b/snow.nix @@ -1,7 +1,8 @@ -{cerulean, ...} @ inputs: -cerulean.mkNexus ./. (self: { - nexus = { - specialArgs = {inherit inputs;}; +{inputs, ...} @ args: { + nodes = { + base = inputs.nixpkgs; + args = {inherit inputs;}; + homeManager = inputs.home-manager; groups = { # wait.. that's too cold... @@ -13,36 +14,31 @@ cerulean.mkNexus ./. (self: { server = {}; }; - nodes = let - inherit - (self.nexus) - groups - ; - in { + nodes = { # my laptop <3 :3 lolcathost = { system = "x86_64-linux"; - groups = [groups.cryos.cryde]; - extraModules = with inputs; [ - grub2-themes.nixosModules.default - nix-flatpak.nixosModules.nix-flatpak - ]; + groups = groups: [groups.cryos.cryde]; + # modules = with inputs; [ + # grub2-themes.nixosModules.default + # nix-flatpak.nixosModules.nix-flatpak + # ]; }; # i be on my puter frfr myputer = { system = "x86_64-linux"; - groups = [groups.cryos.cryde]; - extraModules = with inputs; [ - grub2-themes.nixosModules.default - nix-flatpak.nixosModules.nix-flatpak - ]; + groups = groups: [groups.cryos.cryde]; + # modules = with inputs; [ + # grub2-themes.nixosModules.default + # nix-flatpak.nixosModules.nix-flatpak + # ]; }; # courtesy of aurora <3 butterfly = { system = "x86_64-linux"; - groups = [groups.server]; + groups = groups: [groups.server]; deploy.ssh = { host = "dobutterfliescry.net"; user = "cry"; @@ -53,7 +49,7 @@ cerulean.mkNexus ./. (self: { # pls dont sue me im broke hyrule = { system = "x86_64-linux"; - groups = [groups.server]; + groups = groups: [groups.server]; deploy.ssh = { host = "hyrule.dobutterfliescry.net"; user = "cry"; @@ -61,11 +57,17 @@ cerulean.mkNexus ./. (self: { }; # call me a statistician the way she spreads in my sheets - # matcha = { - # system = "x86_64-linux"; - # groups = [groups.server]; - # deploy.ssh.host = "bedroom.dobutterfliescry.net"; - # }; + matcha = { + system = "x86_64-linux"; + groups = groups: [groups.server]; + deploy = { + remoteBuild = true; + ssh = { + host = "192.168.88.250"; # <- DEBUG: TEMP: TODO: switch to `matcha.dobutterfliescry.net` + user = "emile"; + }; + }; + }; }; }; -}) +}